AWS Certified Cloud Practitioner Exam Preparation: Questions and Answers Dump

Welcome to AWS Certified Cloud Practitioner Exam Preparation: Definition and Objectives, Top 100 Questions and Answers Dump, White papers, Courses, Labs and Training Materials, Exam info and details, References, Jobs, Others AWS Certificates, AWS Cloud Support Engineer Job Interview Prep, Top 20 AWS Training Q&A , AWS Web Services Cheat Sheet

Download the mobile version here

What is the AWS Certified Cloud Practitioner Exam?

The AWS Certified Cloud Practitioner Exam (CLF-C01) is an introduction to AWS services and the intention is to examine the candidates ability to define what the AWS cloud is and its global infrastructure. It provides an overview of AWS core services security aspects, pricing and support services. The main objective is to provide an overall understanding about the Amazon Web Services Cloud platform. The course helps you get the conceptual understanding of the AWS and can help you know about the basics of AWS and cloud computing, including the services, cases and benefits.

To succeed with the real exam, do not memorize the answers below. It is very important that you understand why a question is right or wrong and the concepts behind it by carefully reading the reference documents in the answers.

Top

AWS Certified Cloud Practitioner Exam Prep (CLF-C01) Questions and Answers (Get the Free Mobile App Here for a better mobile experience)

AWS Certified Cloud Practitioner Exam Certification Prep Quiz App

AWS Cloud Practitioner Exam Prep
AWS Cloud Practitioner Exam Prep

AWS Cloud Practitioner Exam Prep App with Answers and mock exams (Android)

Download AWS Cloud Practitioner Exam Prep Pro App (No Ads, Full Version with Answers) for:

AWS Cloud Practitioner Exam Prep
AWS Cloud Practitioner Exam Prep Pro Quiz

Android (Google Play) –  iOS (Apple App Store)Windows 10  Amazon Android

aws cloud practitioner exam prep pro full version with answers
aws cloud practitioner exam prep pro full version with answers

Download AWS Cloud Practitioner Exam Prep Quiz App for:

All Platforms (PWA) –  Android –  iOSWindows 10 Amazon Android

AWS Cloud Practitioner Certification Exam Prep
AWS Cloud Practitioner Certification Exam Prep

Below we are providing you with:

  • aws cloud practitioner exam questions
  • aws cloud practitioner sample questions
  • aws cloud practitioner exam dumps
  • aws cloud practitioner practice questions and answers
  • aws cloud practitioner practice exam questions and references

For auditing purposes, your company now wants to monitor all API activity for all regions in your AWS environment. What can you use to fulfill this new requirement?

  • A. For each region, enable CloudTrail and send all logs to a bucket in each region.
  • B. Enable CloudTrail for all regions.
  • C. Ensure one CloudTrail is enabled for all regions.
  • D. Use AWS Config to enable the trail for all regions.

Answer:

C. Ensure one CloudTrail is enabled for all regions.
Turn on CloudTrail for all regions in your environment and CloudTrail will deliver log files from all regions to one S3 bucket.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Reference:
AWS CloudTrail

Top

What is the best solution to provide secure access to an S3 bucket not using the internet?

  • A. Use a VPN connection.
  • B. Use an Internet Gateway.
  • C. Use a VPC Endpoint to access S3.
  • D. Use a NAT Gateway.

Answer:

C. Use a VPC Endpoint to access S3.
A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network.

AWS PrivateLink simplifies the security of data shared with cloud-based applications by eliminating the exposure of data to the public Internet.

Reference:
VPC Endpoint

Top

In the AWS Shared Responsibility Model, which of the following are the responsibility of AWS?

  • A. Securing Edge Locations
  • B. Encrypting data
  • C. Password policies
  • D. Decomissioning data

Answer:

A. and D.
It is AWS responsibility to secure Edge locations and decommission the data.
AWS responsibility “Security of the Cloud” – AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

Reference:
AWS Shared Responsibility Model

Top

You have EC2 instances running at 90% utilization and you expect this to continue for at least a year. What type of EC2 instance would you choose to ensure your cost stay at a minimum?

  • A. Dedicated host instances
  • B. On-demand instances
  • C. Spot instances
  • D. Reserved instances

Answer:

D. Reserved instances:
Reserved instances are the best choice for instances with continuous usage and offer a reduced cost because you purchase the instance for the entire year.
Amazon EC2 Reserved Instances (RI) provide a significant discount (up to 75%) compared to On-Demand pricing and provide a capacity reservation when used in a specific Availability Zone.

Reference:
AWS Reserved instances.

Top

What tool would you use to get an estimated monthly cost for your environment?

  • A. TCO Calculator
  • B. Simply Monthly Calculator
  • C. Cost Explorer
  • D. Consolidated Billing

Answer:

B. Simply Monthly Calculator:
The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently. Using this tool, they can add, modify and remove services from their 'bill' and it will recalculate their estimated monthly charges automatically.

Reference:
AWS Simply Monthly Calculator

Top

How do you make sure your organization does not exceed its monthly budget?

AWS Certified Cloud Practitioner Exam Prep App
AWS Certified Cloud Practitioner Exam Prep PWA App
  • A. Sign up for the free alert under filing preferences in the AWS Management Console.
  • B. Set a schedule to regularly review the Billing an Cost Management dashboard each month.
  • C. Create an email alert in AWS Budget
  • D. In CloudWatch, create an alarm that triggers each time the limit is exceeded.

Answer:

C. Create an email alert in AWS Budget.
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

Reference:
AWS Budget.

Top

An Edge Location is a specialization AWS data centre that works with which services?

  • A. Lambda
  • B. CloudWatch
  • C. CloudFront
  • D. Route 53

Answer:

A. C. D. : Lambda, CloudFront and Route 53
Lambda@Edge lets you run Lambda functions to customize the content that CloudFront delivers, executing the functions in AWS locations closer to the viewer.
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

CloudFront speeds up the distribution of your content by routing each user request through the AWS backbone network to the edge location that can best serve your content. Typically, this is a CloudFront edge server that provides the fastest delivery to the viewer. Using the AWS network dramatically reduces the number of networks that your users' requests must pass through, which improves performance. Users get lower latency—the time it takes to load the first byte of the file—and higher data transfer rates.

You also get increased reliability and availability because copies of your files (also known as objects) are now held (or cached) in multiple edge locations around the world.

Reference:
AWS Edge Locations

Top

What is the preferred method of linking 2 AWS accounts?

  • A. AWS Organizations
  • B. Cost Explorer
  • C. VPC Peering
  • D. Consolidated billing

Answer:

A. AWS Organizations
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWSOrganizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business.

Reference:
AWS Organizations.

Top

Which of the following service is most useful when a Disaster Recovery method is triggered in AWS.

  • A. Amazon Route 53
  • B. Amazon SNS
  • C. Amazon SQS
  • D. Amazon Inspector

Answer:

A. Route 53 is a domain name system service by AWS. When a Disaster does occur , it can be easy to switch to secondary sites using the Route53 service.
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that
computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

Reference: AWS Route 53/

Top

Which of the following disaster recovery deployment mechanisms that has the highest downtime

  • A. Pilot light
  • B. Warm standby
  • C. Multi Site
  • D. Backup and Restore

Answer:

D. The below snapshot from the AWS Documentation shows the spectrum of the Disaster recovery methods. If you go to the further end of the spectrum you have the least time for downtime for the users.

AWS Certified Cloud Practitioner Exam: AWS Disaster Recovery Techniques

AWS Disaster Recovery Techniques

Reference: AWS Route 53/

Top

Your company is planning to host resources in the AWS Cloud. They want to use services which can be used to decouple resources hosted on the cloud. Which of the following services can help fulfil this requirement?

  • A. AWS EBS Volumes
  • B. AWS EBS Snapshots
  • C. AWS Glacier
  • D. AWS SQS

Answer:

D. AWS SQS: Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributed application components and helps you decouple these components.

Reference: AWS Simple Queue Service Developer Guive

Top

If you have a set of frequently accessed files that are used on a daily basis, what S3 storage class should you store them in?

  • A. Infrequent Access
  • B. Fast Access
  • C. Reduced Redundancy
  • D. Standard

Answer:

D. Standard: The Standard storage class should be used for files that you access on a daily or very frequent basis.

Reference: AWS storage-classes/

What is the availability and durability rating of S3 Standard Storage Class?

Choose the correct answer:

  • A. 99.999999999% Durability and 99.99% Availability
  • B. 99.999999999% Availability and 99.90% Durability
  • C. 99.999999999% Durability and 99.00% Availability
  • D. 99.999999999% Availability and 99.99% Durability

Answer:

A. 99.999999999% Durability and 99.99% Availability
S3 Standard Storage class has a rating of 99.999999999% durability (referred to as 11 nines) and 99.99% availability.

Reference: AWS storage classes/

Top

What AWS database is primarily used to analyze data using standard SQL formatting with compatibility for your existing business intelligence tools

  • A. Redshift
  • B. RDS
  • C. DynamoDB
  • D. ElastiCache

Answer:

A. Redshift is a database offering that is fully-managed and used for data warehousing and analytics, including compatibility with existing business intelligence tools.

Reference: AWS redshift/

Top

What are the benefits of DynamoDB?

Choose the 3 correct answers:

  • A. Single-digit millisecond latency.
  • B. Supports multiple known NoSQL database engines like MariaDB and Oracle NoSQL.
  • C. Supports both document and key-value store data models.
  • D. Automatic scaling of throughput capacity.

Answer:

A. C. D. DynamoDB does not use/support other NoSQL database engines. You only have access to use DynamoDB's built-in engine.

Reference: AWS DynamoDB

Top

Which of the following are the benefits of AWS Organizations?

Choose the 2 correct answers:

  • A. Analyze cost before migrating to AWS.
  • B. Centrally manage access polices across multiple AWS accounts.
  • C. Automate AWS account creation and management.
  • D. Provide technical help (by AWS) for issues in your AWS account.

Answer:

B. and C.:
CENTRALLY MANAGE POLICIES ACROSS MULTIPLE AWS ACCOUNTS
AUTOMATE AWS ACCOUNT CREATION AND MANAGEMENT
CONTROL ACCESS TO AWS SERVICES
CONSOLIDATE BILLING ACROSS MULTIPLE AWS ACCOUNTS

Reference: AWS organizations/

There is a requirement hosting a set of servers in the Cloud for a short period of 3 months. Which of the following types of instances should be chosen to be cost effective.

  • A. Spot Instances
  • B. On-Demand
  • C. No Upfront costs Reserved
  • D. Partial Upfront costs Reserved

Answer:

B. Since the requirement is just for 3 months, then the best cost effective option is to use On-Demand Instances.

Reference: AWS pricing on-demand/

Top

Which of the following is not a disaster recovery deployment technique.

  • A. Pilot light
  • B. Warm standby
  • C. Single Site
  • D. Multi-Site

Answer:

C. The following figure shows a spectrum for the four scenarios, arranged by how quickly a system can be available to users after a DR event.

AWS Disaster Recovery Techniques
AWS Disaster Recovery Techniques

Reference: https://aws.amazon.com/blogs/aws/new-whitepaper-use-aws-for-disaster-recovery/

Top

Which of the following are attributes to the costing for using the Simple Storage Service. Choose 2 answers from the options given below

  • A. The storage class used for the objects stored.
  • B. Number of S3 buckets.
  • C. The total size in gigabytes of all objects stored.
  • D. Using encryption in S3

Answer:

A. and C: Below is a snapshot of the costing calculator for AWS S3.

AWS Certified Cloud Practitioner Exam: S3 storage cost estimator
Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers.

Reference: http://calculator.s3.amazonaws.com/index.html ; S3 storage classes

What endpoints are possible to send messages to with Simple Notification Service?

Choose the 3 correct answers:

  • A. SQS
  • B. SMS
  • C. FTP
  • D. Lambda

Answer:

Top

What service helps you to aggregate logs from your EC2 instance? Choose one answer from the options below:

  • A. SQS
  • B. S3
  • C. Cloudtrail
  • D. Cloudwatch Logs

Answer:

D. You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, and other sources. You can then retrieve the associated log data from CloudWatch Log.

Reference: AWS CloudWatch Logs

Top

A company is deploying a new two-tier web application in AWS. The company wants to store their most frequently used data so that the response time for the application is improved. Which AWS service provides the solution for the company’s requirements?

  • A. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone
  • B. Amazon RDS for MySQL with Multi-AZ
  • C. Amazon ElastiCache
  • D. Amazon DynamoDB

Answer:

C. Amazon ElastiCache is a web service that makes it easy to deploy, operate, and scale an in-memory data store or cache in the cloud. The service improves the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.

Reference: AWS elasticache/

Top

You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 Instances. The application is designed to recover gracefully from Amazon EC2 instance failures. You are required to accomplish this task in the most cost-effective way. Which of the following will meet
your requirements?

  • A. Spot Instances
  • B. Reserved Instances
  • C. Dedicated Instances

On-Demand Instances

Answer:

A. When you think of cost effectiveness, you can either have to choose Spot or Reserved instances. Now when you have a regular processing job, the best is to use spot instances and since your application is designed recover gracefully from Amazon EC2 instance failures, then even if you lose the Spot instance , there is no issue because your application can recover.

Reference: AWS EC2 spot instances

Top

Which of the following features is associated with a Subnet in a VPC to protect against Incoming traffic requests?

  • A. AWS Inspector
  • B. Subnet Groups
  • C. Security Groups
  • D. NACL

Answer:

D. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

Reference: AWS VPC ACLs

Top

A company is deploying a two-tier, highly available web application to AWS. Which service provides durable storage for static content while utilizing Overall CPU resources for the web tier?

  • A. Amazon EBC volume.
  • B. Amazon S3
  • C. Amazon EC2 instance store
  • D. Amazon RDS instance

Answer:

B. Amazon S3 is the default storage service that should be considered for companies. It provides durable storage for all static content.

Reference: S3 faqs

Top

What are characteristics of Amazon S3?
Choose 2 answers from the options given below.

  • A. S3 allows you to store objects of virtually unlimited size.
  • B. S3 allows you to store unlimited amounts of data.
  • C. S3 should be used to host relational database.
  • D. Objects are directly accessible via a URL.

Answer:

B. and D.: Each object does have a limitation in S3, but you can store virtually unlimited amounts of data. Also each object gets a directly accessible URL

Reference: AWS s3 faqs

Top

When working on the costing for on-demand EC2 instances , which are the following are attributes which determine the costing of the EC2 Instance. Choose 3 answers from the options given below

  • A. Instance Type
  • B. AMI Type
  • C. Region
  • D. Edge location

Answer:

A. B. C. : See components making up the pricing below.

AWS AMI Pricing
AWS AMI Pricing

Reference: AWS ec2 pricing on-demand/

Top

You have a mission-critical application which must be globally available at all times. If this is the case, which of the below deployment mechanisms would you employ

  • A. Deployment to multiple edge locations
  • B. Deployment to multiple Availability Zones
  • D. Deployment to multiple Data Centers
  • D. Deployment to multiple Regions

Answer:

D. Regions represent different geographic locations and it is best to host your application across multiple regions for disaster recovery.

Reference: AWS regions availability zones

Top

Which of the following are right principles when designing cloud based systems. Choose 2 answers from the options below

  • A. Build Tightly-coupled components
  • B. Build loosely-coupled components
  • C. Assume everything will fail
  • D. Use as many services as possible

Answer:

B. and C. Always build components which are loosely coupled. This is so that even if one component does fail, the entire system does not fail. Also if you build with the assumption that everything will fail, then you will ensure that the right measures are taken to build a highly available and fault tolerant system.

Reference: AWS Well architected networks

Top

You have 2 accounts in your AWS account. One for the Dev and the other for QA. All are part of
consolidated billing. The master account has purchase 3 reserved instances. The Dev department is currently using 2 reserved instances. The QA team is planning on using 3 instances which of the same instance type. What is the pricing tier of the instances that can be used by the QA Team?

  • A. No Reserved and 3 on-demand
  • B. One Reserved and 2 on-demand
  • C. Two Reserved and 1 on-demand
  • D. Three Reserved and no on-demand

Answer:

B. Since all are a part of consolidating billing, the pricing of reserved instances can be shared by All. And since 2 are already used by the Dev team , another one can be used by the QA team. The rest of the instances can be on-demand instances.

Reference: AWS ec2 pricing reserved instances/

Top

Which one of the following features is normally present in all of AWS Support plans

  • A. 24/7 access to Customer Service
  • B. Access to all features in the Trusted Advisor
  • C. A technical Account Manager
  • D. A dedicated support person

Answer:

A.

AWS Support plans
AWS Support plans

Reference: AWS premium support compare plans

Top

Which of the following storage mechanisms can be used to store messages effectively which can be used across distributed systems?

  • A. Amazon Glacier
  • B. Amazon EBS Volumes
  • C. Amazon EBS Snapshots
  • D. Amazon SQS

Answer:

D. Amazon Simple Queue Service (Amazon SQS) offers a reliable, highly-scalable hosted queue for storing messages as they travel between applications or microservices. It moves data between distributed application components and helps you decouple these components.

Reference: AWS Simple Queue Service

Top

You are exploring what services AWS has off-hand. You have a large number of data sets that need to be processed. Which of the following services can help fulfil this requirement.

  • A. EMR
  • B. S3
  • C. Glacier
  • D. Storage Gateway

Answer:

A. Amazon EMR helps you analyze and process vast amounts of data by distributing the computational work across a cluster of virtual servers running in the AWS Cloud. The cluster is managed using an open-source framework called Hadoop. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming setup, management, and tuning of Hadoop clusters or the compute capacity they rely on.

Reference: AWS Emr

Top

Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities

  • A. AWS Trusted Advisor
  • B. AWS Inspector
  • C. AWS WAF
  • D. AWS Shield

Answer:

B. Amazon Inspector enables you to analyze the behaviour of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security
assessment run of this target.

Reference: AWS inspector introduction

Top

Your company is planning to offload some of the batch processing workloads on to AWS. These jobs can be interrupted and resumed at any time. Which of the following instance types would be the most cost effective to use for this purpose.

  • A. On-Demand
  • B. Spot
  • C. Full Upfront Reserved
  • D. Partial Upfront Reserved

Answer:

B. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks

Reference: AWS Spot Instances

Top

Which of the following is not a category recommendation given by the AWS Trusted Advisor?

  • A. Security
  • B. High Availability
  • C. Performance
  • D. Fault tolerance

Answer:

B.

AWS Trusted advisor

Reference: AWS Trust Advisor

Top

Which of the below cannot be used to get data onto Amazon Glacier.

  • A. AWS Glacier API
  • B. AWS Console
  • C. AWS Glacier SDK
  • D. AWS S3 Lifecycle policies

Answer:

B. Note that the AWS Console cannot be used to upload data onto Glacier. The console can only be used to create a Glacier vault which can be used to upload the data.

Reference: Uploading an archive in AWS

Top

Which of the following from AWS can be used to transfer petabytes of data from on-premise locations to the AWS Cloud.

  • A. AWS Import/Export
  • B. AWS EC2
  • C. AWS Snowball
  • D. AWS Transfer

Answer:

C. Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data& into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. Transferring data with Snowball is simple, fast, secure, and can be as little as one-fifth the cost of high-speed Internet.

Reference: AWS snowball

Top

Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities

  • A. AWS Trusted Advisor
  • B. AWS Inspector
  • C. AWS WAF
  • D. AWS Shield

Answer:

B. Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security
assessment run of this target.

Reference: AWS Inspector

Top

Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move.

  • A. AWS Database Migration Service
  • B. AWS VM Migration Service
  • C. AWS Inspector
  • D. AWS Trusted Advisor

Answer:

A. AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from most widely used commercial and open source databases.

Reference: AWS dms

Top

Which of the following features of AWS RDS allows for offloading reads of the database.

  • A. Cross region replication
  • B. Creating Read Replica’s
  • C. Using snapshots
  • D. Using Multi-AZ feature

Answer:

B. You can reduce the load on your source DB Instance by routing read queries from your applications to the read replica. Read replicas allow you to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

Reference: AWS read replicas

Top

Which of the following does AWS perform on its behalf for EBS volumes to make it less prone to failure?

  • A. Replication of the volume across Availability Zones
  • B. Replication of the volume in the same Availability Zone
  • C. Replication of the volume across Regions
  • D. Replication of the volume across Edge locations

Answer:

B. When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to failure of any single hardware component

Reference: AWS EBS Volumes

Top

Your company is planning to host a large e-commerce application on the AWS Cloud. One of their major concerns is Internet attacks such as DDos attacks. Which of the following services can help mitigate this concern. Choose 2 answers from the options given below

  • A. A. Cloudfront
  • B. AWS Shield
  • C. C. AWS EC2
  • D. AWS Config

Answer:

A. and B. : One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts. In some cases, you can do this by placing your computation resources behind Content Distribution
Networks (CDNs), Load Balancers and restricting direct Internet traffic to certain parts of your infrastructure
like your database servers. In other cases, you can use firewalls or Access Control Lists (ACLs) to control what traffic reaches your applications.

Reference: ddos attack protection/

Top

Which of the following are 2 ways that AWS allows to link accounts

  • A. Consolidating billing
  • B. AWS Organizations
  • C. Cost Explorer
  • D. IAM

Answer:

A. and B. : You can use the consolidated billing feature in AWS Organizations to consolidate payment for multiple AWS accounts or multiple AISPL accounts. With consolidated billing, you can see a combined view of AWS charges incurred by all of your accounts. You also can get a cost report for each member account that is associated with your master account. Consolidated billing is offered at no additional charge.

Reference: AWS Consolidated billing

Top

Which of the following helps in DDos protection. Choose 2 answers from the options given below

  • A. Cloudfront
  • B. AWS Shield
  • C. AWS EC2
  • D. AWS Config

Answer:

A. and B. : One of the first techniques to mitigate DDoS attacks is to minimize the surface area that can be attacked thereby limiting the options for attackers and allowing you to build protections in a single place. We want to ensure that we do not expose our application or resources to ports, protocols or applications from where they do not expect any communication. Thus, minimizing the possible points of attack and letting us concentrate our mitigation efforts. In some cases, you can do this by placing your computation resources behind; Content Distribution Networks (CDNs), Load Balancers and restricting direct Internet traffic to certain parts of your infrastructure like your database servers. In other cases, you can use firewalls or Access Control Lists (ACLs) to control what traffic reaches your applications.

Reference: AWS shield – ddos attack protection/

Top

Which of the following can be used to call AWS services from programming languages

  • A. AWS SDK
  • B. AWS Console
  • C. AWS CLI
  • D. AWS IAM

Answer:

AWS SDK can be plugged in for various programming languages. Using the SDK you can then call the required AWS services.

Reference: AWS tools

A company wants to host a self-managed database in AWS. How would you ideally implement this solution?

  • A. Using the AWS DynamoDB service
  • B. Using the AWS RDS service
  • C. Hosting a database on an EC2 Instance
  • D. Using the Amazon Aurora service

Answer:

C. If you want a self-managed database, that means you want complete control over the database engine and the underlying infrastructure. In such a case you need to host the database on an EC2 Instance

Reference: AWS ec2

Top

When creating security groups, which of the following is a responsibility of the customer. Choose 2 answers from the options given below.

  • A. Giving a name and description for the security group
  • B. Defining the rules as per the customer requirements.
  • C. Ensure the rules are applied immediately
  • D. Ensure the security groups are linked to the Elastic Network interface

Answer:

A. and B. : When you define security rules for EC2 Instances, you give a name, description and write the rules for the security group

Reference: AWS using Network Security Groups

Top

There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost?

  • A. Spot Instances
  • B. On-Demand
  • C. No Upfront costs Reserved
  • D. Partial Upfront costs Reserved

Answer:

D. : If the database is going to be used for a minimum of one year at least , then it is better to get Reserved Instances. You can save on costs , and if you use a partial upfront options , you can get a better discount

Reference: AWS Reserved Instances

Top

which of the below can be used to import data into Amazon Glacier?
Choose 3 answers from the options given below:

  • A. AWS Glacier API
  • B. AWS Console
  • C. AWS Glacier SDK
  • D. AWS S3 Lifecycle policies

Answer:

A. C. and D. : The AWS Console cannot be used to upload data onto Glacier. The console can only be used to create a Glacier vault which can be used to upload the data.

Reference: Uploading an archive in AWS

Top

Which of the following can be used to secure EC2 Instances hosted in AWS. Choose 2 answers

  • A. Usage of Security Groups
  • B. Usage of AMI’s
  • C. Usage of Network Access Control Lists
  • D. Usage of the Internet gateway

Answer:

A and C: Security groups acts as a virtual firewall for your instance to control inbound and outbound traffic. Network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for
controlling traffic in and out of one or more subnets.

Reference: VPC Security Groups and Network Access Control List

Top

Which of the following can be used to host virtual servers on AWS

  • A. AWS IAM
  • B. AWS Server
  • C. AWS EC2
  • D. AWS Regions

Answer:

C. AWS EC2

Reference: AWS ec2

Top

You plan to deploy an application on AWS. This application needs to be PCI Compliant. Which of the below steps are needed to ensure the compliance? Choose 2 answers from the below list:

  • A. Choose AWS services which are PCI Compliant
  • B. Ensure the right steps are taken during application development for PCI Compliance
  • C. Encure the AWS Services are made PCI Compliant
  • D. Do an audit after the deployment of the application for PCI Compliance.

Answer:

A. and B.

Reference: pci dss level-1 faqs/

Top

Top

Which tool can you use to forecast your AWS spending?

  • A. AWS organizations
  • B. Amazon Dev pay
  • C. AWS Trusted Advisor
  • D. AWS Cost explorer

Answer:

D. AWS Cost Explorer lets you dive deeper into your cost and usage data to identify trends, pinpoint cost drivers, and detect anomalies.

Reference: AWS Cost Explorer Docs

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

  • A. Security, fault tolerance, high availability, performance and Service Limits
  • B. Security, access control, high availability, performance and Service Limits
  • C. Performance, cost optimization, Security, fault tolerance and Service Limits
  • D. Performance, cost optimization, Access Control, Connectivity, and Service Limits

Answer:

C. Performance, cost optimization, Security, fault tolerance and Service Limits

Reference: AWS trusted advisor

Top

As per the AWS Acceptable Use Policy, penetration testing of EC2 instances

  • A. May be performed by AWS, and will be performed by AWS upon customer request
  • B. May be performed by AWS, and is periodically performed by AWS
  • C. Are expressly prohibited under all circumtances
  • D. May be performed by the customer on their own instances with prior authorization from AWS
  • E. May be performed by the customer on their own instances, only if performed from EC2 instances

Answer:

D. You need to take authorization from AWS before doing a penetration test on EC2 instances.

Reference: AWS pen testing

Top

What is the AWS feature that enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket

  • A. File Transfer
  • B. HTTP Transfer
  • C. Transfer Acceleration
  • D. S3 Acceleration

Answer:

C. Transfer Acceleration

Reference: AWS transfer acceleration examples

Top

What best describes an AWS region?

Choose the correct answer:

  • A. The physical networking connections between Availability Zones.
  • B. A specific location where an AWS data center is located.
  • C. A collection of DNS servers.
  • D. An isolated collection of AWS Availability Zones, of which there are many placed all around the world.

Answer:

D: An AWS region is an isolated geographical area that is is comprised of three or more AWS Availability Zones.

Reference:Concepts Regions And AvailabilityZones

Top

Question: Which of the following is a factor when calculating Total Cost of Ownership (TCO) for the AWS Cloud?

  • A. The number of servers migrated to AWS
  • B. The number of users migrated to AWS
  • C. The number of passwords migrated to AWS
  • D. The number of keys migrated to AWS

Answer:

A. Running servers will incur costs. The number of running servers is one factor of Server Costs; a key component of AWS's Total Cost of Ownership (TCO). Reference: AWS cost calculator

Top

Which AWS Services can be used to store files? Choose 2 answers from the options given below:

  • A. Amazon CloudWatch
  • B. Amazon Simple Storage Service (Amazon S3)
  • C. Amazon Elastic Block Store (Amazon EBS)
  • D. AWS COnfig
  • D. AWS Amazon Athena

Answer:

B. and C. Amazon S3 is a Object storage built to store and retrieve any amount of data from anywhere. Amazon Elastic Block Store is a Persistent block storage for Amazon EC2.

Reference: AWS s3 and AWS EBS

Question: What best describes Amazon Web Services (AWS)?

Choose the correct answer:

  • A. AWS is the cloud.
  • B. AWS only provides compute and storage services.
  • C. AWS is a cloud services provider.
  • D. None of the above.

Answer:

C: AWS is defined as a cloud services provider. They provide hundreds of services of which compute and storage are included (not not limited to).
Reference: AWS

Question: Which AWS service can be used as a global content delivery network (CDN) service?

  • A. Amazon SES
  • B. Amazon CouldTrail
  • C. Amazon CloudFront
  • D. Amazon S3

Answer:

C: Amazon CloudFront is a web service that gives businesses and web application developers an easy
and cost effective way to distribute content with low latency and high data transfer speeds. Like other AWS services, Amazon CloudFront is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees. With CloudFront, your files are delivered to end-users using a global network of edge locations.Reference: AWS cloudfront

Top

What best describes the concept of fault tolerance?

Choose the correct answer:

  • A. The ability for a system to withstand a certain amount of failure and still remain functional.
  • B. The ability for a system to grow in size, capacity, and/or scope.
  • C. The ability for a system to be accessible when you attempt to access it.
  • D. The ability for a system to grow and shrink based on demand.

Answer:

A: Fault tolerance describes the concept of a system (in our case a web application) to have failure in some of its components and still remain accessible (highly available). Fault tolerant web applications will have at least two web servers (in case one fails).

Reference:Designing fault tolerant applications/

Question: The firm you work for is considering migrating to AWS. They are concerned about cost and the initial investment needed. Which of the following features of AWS pricing helps lower the initial investment amount needed? Choose 2 answers from the options given below:

  • A. The ability to choose the lowest cost vendor.
  • B. The ability to pay as you go
  • C. No upfront costs
  • D. Discounts for upfront payments

Answer:

B and C: The best features of moving to the AWS Cloud is: No upfront cost and The ability to pay as you go where the customer only pays for the resources needed. Reference: AWS pricing

Top

What best describes the concept of elasticity?

Choose the correct answer:

  • A. The ability for a system to grow in size, capacity, and/or scope.
  • B. The ability for a system to grow and shrink based on demand.
  • C. The ability for a system to withstand a certain amount of failure and still remain functional.
  • D. ability for a system to be accessible when you attempt to access it.

Answer:

B: Elasticity (think of a rubber band) defines a system that can easily (and cost-effectively) grow and shrink based on required demand.

Reference:Cost optimization automating elasticity

Question: Your company has
started using AWS. Your IT Security team is concerned with the
security of hosting resources in the Cloud. Which AWS service provides security optimization recommendations that could help the IT Security team secure resources using AWS?

  • A. AWS API Gateway
  • B. Reserved Instances
  • C. AWS Trusted Advisor
  • D. AWS Spot Instances

Answer:

C: An online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment, Trusted Advisor provides real time guidance to help you provision your resources following AWS best practices. Reference: AWS trusted advisor

What is the relationship between AWS global infrastructure and the concept of high availability?

Choose the correct answer:

  • A. AWS is centrally located in one location and is subject to widespread outages if something happens at that one location.
  • B. AWS regions and Availability Zones allow for redundant architecture to be placed in isolated parts of the world.
  • C. Each AWS region handles a different AWS services, and you must use all regions to fully use AWS.
  • D. None of the above

Answer

B: As an AWS user, you can create your applications infrastructure and duplicate it. By placing duplicate infrastructure in multiple regions, high availability is created because if one region fails you have a backup (in a another region) to use.

Reference:RDS Concepts MultiAZ

Question: You are hosting a number of EC2 Instances on AWS. You are looking to monitor CPU Utilization on the Instance. Which service would you use to collect and track performance metrics for AWS services?

  • A. Amazon CloudFront
  • B. Amazon CloudSearch
  • C. Amazon CloudWatch
  • D. AWS Managed Services

Top

Answer:

C: Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Reference: AWS cloudwatch/

Question: Which of the following support plans give access to all the checks in the Trusted Advisor service. Choose 2 answers from the options given below:

  • A. Basic
  • B. Business
  • C. Enterprise

Answer:

Question: Which of the following in AWS maps to a separate geographic location?

  • A. AWS Region
  • B. AWS Data Centers
  • C. AWS Availability Zone

Answer:

A: Amazon cloud computing resources are hosted in multiple locations world-wide. These locations are composed of AWS Regions and Availability Zones. Each AWS Region is a separate geographic area. Reference: AWS Regions And Availability Zone

Top

What best describes the concept of scalability?

Choose the correct answer:

  • A. The ability for a system to grow and shrink based on demand.
  • B. The ability for a system to grow in size, capacity, and/or scope.
  • C. The ability for a system be be accessible when you attempt to access it.
  • D. The ability for a system to withstand a certain amount of failure and still remain functional.

Answer

B: Scalability refers to the concept of a system being able to easily (and cost-effectively) scale UP. For web applications, this means the ability to easily add server capacity when demand requires.

Reference:AWS autoscaling

Question: If you wanted to monitor all events in your AWS account, which of the below services would you use?

  • A. AWS CloudWatch
  • B. AWS CloudWatch logs
  • C. AWS Config
  • D. AWS CloudTrail

Answer:

D: AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk
auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. Reference: Cloudtrail

Top

What are the four primary benefits of using the cloud/AWS?

Choose the correct answer:

  • A. Fault tolerance, scalability, elasticity, and high availability.
  • B. Elasticity, scalability, easy access, limited storage.
  • C. Fault tolerance, scalability, sometimes available, unlimited storage
  • D. Unlimited storage, limited compute capacity, fault tolerance, and high availability.

Answer:

A: Fault tolerance, scalability, elasticity, and high availability are the four primary benefits of AWS/the cloud.

What best describes a simplified definition of the “cloud”?

Choose the correct answer:

  • A. All the computers in your local home network.
  • B. Your internet service provider
  • C. A computer located somewhere else that you are utilizing in some capacity.
  • D. An on-premise data center that your company owns.

Answer

D: The simplest definition of the cloud is a computer that is located somewhere else that you are utilizing in some capacity. AWS is a cloud services provider, as the provide access to computers they own (located at AWS data centers), that you use for various purposes.

Top

Question: Your development team is planning to host a development environment on the cloud. This consists of EC2 and RDS instances. This environment will probably only be required for 2 months. Which types of instances would you use for this purpose?

  • A. On-Demand
  • B. Spot
  • C. Reserved
  • D. Dedicated

Answer:

A: The best and cost effective option would be to use On-Demand Instances. The AWS documentation gives the following additional information on On-Demand EC2 Instances. With On-Demand instances you only pay for
EC2 instances you use. The use of On-Demand instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. Reference: AWS ec2 pricing on-demand

Question: Which of the following can be used to secure EC2 Instances?

  • A. Security Groups
  • B. EC2 Lists
  • C. AWS Configs
  • D. AWS CloudWatch

Answer:

A: security group< acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC. Reference: VPC Security Groups

Exam Topics:

The AWS Cloud Practitioner exam is broken down into 4 domains

  • Cloud Concepts
  • Security
  • Technology
  • Billing and Pricing.

What is the purpose of a DNS server?

Choose the correct answer:

  • A. To act as an internet search engine.
  • B. To protect you from hacking attacks.
  • C. To convert common language domain names to IP addresses.
  • D. To serve web application content.

Answer:

C: Domain name system servers act as a “third party” that provides the service of converting common language domain names to IP addresses (which are required for a web browser to properly make a request for web content).

Top

What best describes the concept of high availability?

Choose the correct answer:

  • A. The ability for a system to grow in size, capacity, and/or scope.
  • B. The ability for a system to withstand a certain amount of failure and still remain functional.
  • C. The ability for a system to grow and shrink based on demand.
  • D. The ability for a system to be accessible when you attempt to access it.

Answer:

D: High availability refers to the concept that something will be accessible when you try to access it. An object or web application is “highly available” when it is accessible a vast majority of the time.

Top

What is the major difference between AWS’s RDS and DynamoDB database services?

Choose the correct answer:

  • A. RDS offers NoSQL database options, and DynamoDB offers SQL database options.
  • B. RDS offers one SQL database option, and DynamoDB offers many NoSQL database options.
  • C. RDS offers SQL database options, and DynamoDB offers a NoSQL database option.
  • D. None of the above

Answer:

C. RDS is a SQL database service (that offers several database engine options), and DynamoDB is a NoSQL database option that only offers one NoSQL engine.

Reference:

What are two open source in-memory engines supported by ElastiCache?

Choose the 2 correct answers:

  • A. CacheIt
  • B. Aurora
  • C. MemcacheD
  • D. Redis

Answer:

C. and D. Redis, MemcacheD

Reference: AWS Elasticache/

Top

What AWS database service is used for data warehousing of petabytes of data?

Choose the correct answer:

  • A. RDS
  • B. Elasticache
  • C. Redshift
  • D. DynamoDB

Answer:

C. Redshift is a fully-managed data warehouse that is perfect for storing petabytes worth of data.

Reference: AWS Redshift

Which AWS service uses a combination of publishers and subscribers?

Choose the correct answer:

  • A. Lambda
  • B. RDS
  • C. EC2
  • D. SNS

Answer:

D. In SNS, there are two types of clients: publishers and subscribers. Publishers send the message, and subscribers receive the message.

Reference: AWS SNS

What SQL database engine options are available in RDS?

Choose the 3 correct answers:

  • A. MySQL
  • B. MongoDB
  • C. PostgreSQL
  • D. MariaDB

Answer:

A. C. and D. RDS offers the following SQL options: Aurora MySQL MariaDB PostgreSQL Oracle Microsoft SQLServer

Reference:

What is the name of AWS’s RDS SQL database engine?

Choose the correct answer:

  • A. Lightsail
  • B. Aurora
  • C. MySQL
  • D. SNS

Answer:

B. AWS created their own custom SQL database engine, which is called Aurora.

Reference: AWS Aurora

Under what circumstances would you choose to use the AWS service CloudTrail?

Choose the correct answer:

  • A. When you want to log what actions various IAM users are taking in your AWS account.
  • B. When you want a serverless compute platform.
  • C. When you want to collect and view resource metrics.
  • D. When you want to send SMS notifications based on events that occur in your account.

Answer:

A. When you want to log what actions various IAM users are taking in your AWS account.

Reference: AWS Cloudtrail

If you want to monitor the average CPU usage of your EC2 instances, which AWS service should you use?

Choose the correct answer:

  • A. CloudMonitor
  • B. CloudTrail
  • C. CloudWatch
  • D. None of the above

Answer:

C. CloudWatch is used to collect, view, and track metrics for resources (such as EC2 instances) in your AWS account.

Reference: AWS CloudWatch

What is AWS’s relational database service?

Choose the correct answer:

  • A. ElastiCache
  • B. DymamoDB
  • C. RDS
  • D. Redshift

Answer:

C. RDS offers SQL database options – otherwise known as relational databases.

Reference: AWS RDS

Top

If you want to have SMS or email notifications sent to various members of your department with status updates on resources in your AWS account, what service should you choose?

Choose the correct answer:

  • A. SNS
  • B. GetSMS
  • C. RDS
  • D. STS

Answer:

A. Simple Notification Service (SNS) is what publishes messages to SMS and/or email endpoints.

Reference: AWS SNS

AWS Certified Cloud Practitioner Exam Whitepapers:

AWS has provided whitepapers to help you understand the technical concepts. Below are the recommended whitepapers.

Top

Online Training and Labs for AWS Cloud Certified Practitioner Exam

Top

AWS Cloud Practitioners Jobs

Top

AWS Certified Cloud Practitioner Exam info and details, How To:

The AWS Certified Cloud Practitioner Exam is a multiple choice, multiple answer exam. Here is the Exam Overview:

Top

Additional Information for reference

Below are some useful reference links that would help you to learn about AWS Practitioner Exam.

Other Relevant and Recommended AWS Certifications

AWS Certification Exams Roadmap
AWS Certification Exams Roadmap
aws certified solution architect exam prep
aws certified solution architect exam prep

AWS Certified Cloud Practitioner

AWS Certified Solutions Architect – Associate

AWS Certified Solution Architect Exam Prep App: Free

AAWS Certified Developer – Associate

AWS Certified SysOps Administrator – Associate

AWS Certified Solutions Architect – Professional

AWS Certified DevOps Engineer – Professional

AWS Certified Big Data Specialty

AWS Certified Advanced Networking.

AWS Certified Security – Specialty

Other AWS Certification Exams Questions and Answers Dumps:

Top 20 AWS Certified Associate SysOps Administrator Practice Quiz – Questions and Answers Dumps

Big Data and Data Analytics 101 – Top 20 AWS Certified Data Analytics – Specialty Questions and Answers Dumps

CyberSecurity 101 and Top 25 AWS Certified Security Specialty Questions and Answers Dumps

Networking 101 and Top 20 AWS Certified Advanced Networking Specialty Questions and Answers Dumps

Top

Other AWS Facts and Summaries and Questions/Answers Dump

Below is a listing of AWS certification exam quiz apps for all platforms:

AWS Certified Cloud practitioner Exam Prep FREE version: CCP, CLF-C01

Online Training and Labs for AWS Certified Solution Architect Associate Exam

Top

AWS Certified Solution Architect Associate Jobs

AWS Certification and Training Apps for all platforms:

AWS Cloud practitioner FREE version:

AWS Certified Cloud practitioner for the web:pwa

AWS Certified Cloud practitioner Exam Prep App for iOS

AWS Certified Cloud practitioner Exam Prep App for Microsoft/Windows10

AWS Certified Cloud practitioner Exam Prep App for Android (Google Play Store)

AWS Certified Cloud practitioner Exam Prep App for Android (Amazon App Store)

AWS Certified Cloud practitioner Exam Prep App for Android (Huawei App Gallery)

AWS Solution Architect FREE version:

AWS Certified Solution Architect Associate Exam Prep App for iOS: https://apps.apple.com/ca/app/solution-architect-assoc-quiz/id1501225766

Solution Architect Associate for Android Google Play

AWS Certified Solution Architect Associate Exam Prep App :Pwa

AWS Certified Solution Architect Associate Exam Prep App for Amazon android

AWS Certified Cloud practitioner Exam Prep App for Microsoft/Windows10

AWS Certified Cloud practitioner Exam Prep App for Huawei App Gallery

AWS Cloud Practitioner PRO Versions:

AWS Certified Cloud practitioner PRO Exam Prep App for iOS

AWS Certified Cloud Practitioner PRO Associate Exam Prep App for android google

AWS Certified Cloud practitioner Exam Prep App for Amazon android

AWS Certified Cloud practitioner Exam Prep App for Windows 10

AWS Certified Cloud practitioner Exam Prep PRO App for Android (Huawei App Gallery)

AWS Solution Architect PRO

AWS Certified Solution Architect Associate PRO versions for iOS

AWS Certified Solution Architect Associate PRO Exam Prep App for Android google

AWS Certified Solution Architect Associate PRO Exam Prep App for Windows10

AWS Certified Solution Architect Associate PRO Exam Prep App for Amazon android

Huawei App Gallery: Coming soon

AWS Certified Developer Associates Free version:

AWS Certified Developer Associates for Android (Google Play)

AWS Certified Developer Associates Web/PWA

AWS Certified Developer Associates for iOs

AWS Certified Developer Associates for Android (Huawei App Gallery)

AWS Certified Developer Associates for windows 10 (Microsoft App store)

Amazon App Store: Coming soon

AWS Developer Associates PRO version

PRO version with mock exam for android (Google Play)

PRO version with mock exam ios

AWS Certified Developer Associates PRO for Android (Microsoft App Store)

AWS Certified Developer Associates PRO for Android (Huawei App Gallery): Coming soon

 

Latest Cloud AWS Cloud Training Questions and Answers from around the Web:

How do AWS step functions communicate with lambda functions which are in a VPC?

 

When a Lambda “is in a VPC”, it really means that its attached Elastic Network Interface is the customer’s VPC and not the hidden VPC that AWS manages for Lambda.

The ENI is not related to the AWS Lambda management system that does the invocation (the data plane mentioned here). The AWS Step Function system can go ahead and invoke the Lambda through the API, and the network request for that can pass through the underlying VPC and host infrastructure.

Those Lambdas in turn can invoke other Lambda directly through the API, or more commonly by decoupling them, such as through Amazon SQS used as a trigger. Read more ….

5. How do I invoke an AWS Lambda function programmatically?

public InvokeResult invoke(InvokeRequest request)

Invokes a Lambda function. You can invoke a function synchronously (and wait for the response), or asynchronously. To invoke a function asynchronously, set InvocationType to Event.

For synchronous invocation, details about the function response, including errors, are included in the response body and headers. For either invocation type, you can find more information in the execution log and trace.

When an error occurs, your function may be invoked multiple times. Retry behavior varies by error type, client, event source, and invocation type. For example, if you invoke a function asynchronously and it returns an error, Lambda executes the function up to two more times. For more information, see Retry Behavior.

For asynchronous invocation, Lambda adds events to a queue before sending them to your function. If your function does not have enough capacity to keep up with the queue, events may be lost. Occasionally, your function may receive the same event multiple times, even if no error occurs. To retain events that were not processed, configure your function with a dead-letter queue.

The status code in the API response doesn’t reflect function errors. Error codes are reserved for errors that prevent your function from executing, such as permissions errors, limit errors, or issues with your function’s code and configuration. For example, Lambda returns TooManyRequestsException if executing the function would cause you to exceed a concurrency limit at either the account level ( ConcurrentInvocationLimitExceeded) or function level ( ReservedFunctionConcurrentInvocationLimitExceeded).

For functions with a long timeout, your client might be disconnected during synchronous invocation while it waits for a response. Configure your HTTP client, SDK, firewall, proxy, or operating system to allow for long connections with timeout or keep-alive settings.

This operation requires permission for the lambda:InvokeFunction action. Read more…

6. How bad would it be to configure one AWS VPC for all my environments (dev, stg, prod) while creating 2 subnets (priv, pub) for each environment?  It depends highly on the budget. However, for my systems I always set different environments up in different VPCs. Why? Because they’re guaranteed to be isolated from one another, and VPCs are very easy to create and manage if you’ve automated. The flip side is you do pay a bit more for edge services like NAT Gateway and ALB, since you’ll have at least one per VPC.

 

Within a single VPC, the subnets’ route tables need to point to each other. This will already work without additional routes because VPC sets up the local target to point to the VPC subnet.

Security groups are not used here since they are attached to instances, and not networks.

See: Amazon Virtual Private Cloud

The NAT EC2 instance (server), or AWS-provided NAT gateway is necessary only if the private subnet internal addresses need to make outbound connections. The NAT will translate the private subnet internal addresses to the public subnet internal addresses, and the AWS VPC Internet Gateway will translate these to external IP addresses, which can then go out to the Internet. Read more here ….

12. What are the applications (or workloads) that cannot be migrated on to cloud (AWS or Azure or GCP)?

A good example of workloads that currently are not in public clouds are mobile and fixed core telecom networks for tier 1 service providers. This is despite the fact that these core networks are increasingly software based and have largely been decoupled from the hardware. There are a number of reasons for this such as the public cloud providers such as Azure and AWS do not offer the guaranteed availability required by telecom networks. These networks require 99.999% availability and is typically referred to as telecom grade.

The regulatory environment frequently restricts hosting of subscriber data outside the of the operators data centers or in another country and key network functions such as lawful interception cannot contractually be hosted off-prem. Read more here….

13. How many CIDRs can we add to my own created VPC?

You can add up to 5 IPv4 CIDR blocks, or 1 IPv6 block per VPC. You can further segment the network by utilizing up to 200 subnets per VPC. Amazon VPC Limits. Read more …

14. Why can’t a subnet’s CIDR be changed once it has been assigned?

Sure it can, but you’ll need to coordinate with the neigbours. You can merge two /25’s into a single /24 quite effortlessly if you control the entire range it covers. In practice you’ll see many tiny allocations in public IPv4 space, like /29’s and even smaller. Those are all assigned to different people. If you want to do a big shuffle there, you have a lot of coordinating to do.. or accept the fallout from the breakage you cause. Read more…

15. Can one VPC talk to another VPC?

Yes, but a Virtual Private Cloud is usually built for the express purpose of being isolated from unwanted external traffic. I can think of several good reasons to encourage that sort of communication, so the idea is not without merit. Read more..

16. What questions to expect in cloud support engineer deployment roles at AWS? 

Cloud Support Engineer (CSE) is a role which requires the following abilities:

  • Wide range of technical skills
  • Good communication and time management
  • Good knowledge about the AWS services, and how to leverage them to solve simple to complex problems.

As your question is related to the deployment Pod, you will probably be asked about deployment methods (A/B testing like blue-green deployment) as well as pipelining strategies. You might be asked during this interview to reason about a simple task and to code it (like parsing a log file). Also review the TCP/IP stack in-depth as well as the tools to troubleshoot it for the networking round. You will eventually have some Linux questions, the range of questions can vary from common CLI tools to Linux internals like signals / syscalls / file descriptors and so on.

Last but not least the Leadership principles, I can only suggest you to prepare a story for each of them. You will quickly find what LP they are looking for and would be able to give the right signal to your interviewer.

Finally, remember that theres a debrief after the (usually 5) stages of your on site interview, and more senior and convincing interviewers tend to defend their vote so don’t screw up with them.

Be natural, focus on the question details and ask for confirmation, be cool but not too much. At the end of the day, remember that your job will be to understand customer issues and provide a solution, so treat your interviewers as if they were customers and they will see a successful CSE in you, be reassured and give you the job. 

Expect questions on cloudformations, Teraform, Aws ec2/rds and stack related questions.

Its a high tech call center. You are expected to take calls, chats of customers and give them technical advice. You will not be doing any of the cool stuff you did earlier (if you are coming from engineering job or DBA). You will surely gain a very good knowledge of multiple AWS services and the one that you will be hired in, however most of the knowledge will be theoretical and nothing practical in day-to-day life.

It also depends on the support team you are being hired for. Networking or compute teams (Ec2) have different interview patterns vs database or big data support.

In any case, basics of OS, networking are critical to the interview. If you have a phone screen, we will be looking for basic/semi advance skills of these and your speciality. For example if you mention Oracle in your resume and you are interviewing for the database team, expect a flurry of those questions.

Other important aspect is the Amazon leadership principles. Half of your interview is based on LPs. If you fail to have scenarios where you do not demonstrate our LPs, you cannot expect to work here even though your technical skills are above average (Having extraordinary skills is a different thing).

The overall interview itself will have 1 phone screen if you are interviewing in the US and 1–2 if outside US. The onsite loop will be 4 rounds , 2 of which are technical (again divided into OS and networking and the specific speciality of the team you are interviewing for ) and 2 of them are leadership principles where we test your soft skills and management skills as they are very important in this job. You need to have a strong view point, disagree if it seems valid to do so, empathy and be a team player while showing the ability to pull off things individually as well. These skills will be critical for cracking LP interviews.

You will NOT be asked to code or write queries as its not part of the job, so you can concentrate on the theoretical part of the subject and also your resume. We will grill you on topics mentioned on your resume to start with.

17. Traditional monolithic architectures are hard to scale: TRUE

Monolithic architecture is something that build from single piece of material, historically from rock. Monolith term normally use for object made from single large piece of material.” – Non-Technical Definition. “Monolithic application has single code base with multiple modules.

Large Monolithic code-base (often spaghetti code) puts immense cognitive complexity on the developer’s head. As a result, the development velocity is poor. Granular scaling (i.e., scaling part of the application) is not possible. Polyglot programming or polyglot database is challenging.

Drawbacks of Monolithic Architecture

This simple approach has a limitation in size and complexity. Application is too large and complex to fully understand and made changes fast and correctly. The size of the application can slow down the start-up time. You must redeploy the entire application on each update.

18. Sticky Sessions help increase your application’s scability: FALSE

Sticky sessions, also known as session affinity, allow you to route a site user to the particular web server that is managing that individual user’s session. The session’s validity can be determined by a number of methods, including a client-side cookies or via configurable duration parameters that can be set at the load balancer which routes requests to the web servers.

Some advantages with utilizing sticky sessions are that it’s cost effective due to the fact you are storing sessions on the same web servers running your applications and that retrieval of those sessions is generally fast because it eliminates network latency. A drawback for using storing sessions on an individual node is that in the event of a failure, you are likely to lose the sessions that were resident on the failed node. In addition, in the event the number of your web servers change, for example a scale-up scenario, it’s possible that the traffic may be unequally spread across the web servers as active sessions may exist on particular servers. If not mitigated properly, this can hinder the scalability of your applications. Read more here … 

19. AWS recommends replicating across Availability Zones for resiliency: TRUE

If you need to replicate your data or applications in an AWS Local Zone, AWS recommends that you use one of the following zones as the failover zone:

  • Another Local Zone

  • An Availability Zone in the Region that is not the parent zone. You can use the describe-availability-zones command to view the parent zone.

For more information about AWS Regions and Availability Zones, see AWS Global Infrastructure.

20. What are the benefits of AWS Cloud Computing?

  • Trade Capital expenses for variable expenses
  • Increase speed and agility
  • Benefit from massive economies at scale
  • Stop spending money on running and maintaining data centers
  • Stop guessing capacity
  • Go global in minutes

21. What is the default behavior for an EC2 instance when terminated?

After you terminate an instance, it remains visible in the console for a short while, and then the entry is automatically deleted. You cannot delete the terminated instance entry yourself. After an instance is terminated, resources such as tags and volumes are gradually disassociated from the instance, therefore may no longer be visible on the terminated instance after a short while.

When an instance terminates, the data on any instance store volumes associated with that instance is deleted.

By default, Amazon EBS root device volumes are automatically deleted when the instance terminates. However, by default, any additional EBS volumes that you attach at launch, or any EBS volumes that you attach to an existing instance persist even after the instance terminates. This behavior is controlled by the volume’s DeleteOnTermination attribute, which you can modify

For more information, please visit: Terminate Your Instance

22. How do Amazon EC2 EBS burst credits work?

The documentation on General Purpose SSD (gp2) EBS volumes can be found at this page: New SSD-Backed Elastic Block Storage 

When you first launch an instance with gp2 volumes attached, you get an initial burst credit allowing for up to 30 minutes of 3,000 iops/sec.

After the first 30 minutes, your volume will accrue credits as follows (taken directly from AWS documentation):

Within the General Purpose (SSD) implementation is a Token Bucket model that works as follows

  • Each token represents an “I/O credit” that pays for one read or one write.
  • A bucket is associated with each General Purpose (SSD) volume, and can hold up to 5.4 million tokens.
  • Tokens accumulate at a rate of 3 per configured GB per second, up to the capacity of the bucket.
  • Tokens can be spent at up to 3000 per second per volume.
  • The baseline performance of the volume is equal to the rate at which tokens are accumulated — 3 IOPS per GB per second.

In addition to this, gp2 volumes provide baseline performance of 3 iops per Gb, up to 1Tb (3000 iops). Volumes larger than 1Tb no longer work on the credit system, as they already provide a baseline of 3000 iops. Gp2 volumes have a cap of 10,000 iops regardless of the volume size (so the iops max out for volumes larger than 3.3Tb)

23. Is elastic IP service free if we associate it with any VM (EC2 server)?

Elastic IP addresses are free when you have them assigned to an instance, feel free to use one! Elastic IPs get disassociated when you stop an instance, so you will get charged in the mean time. The benefit is that you get to keep that IP allocated to your account though, instead of losing it like any other. Once you start the instance you just re-associate it back and you have your old IP again.

Here are the changes associated with the use of Elastic IP addresses

No cost for Elastic IP addresses while in use

* $0.01 per non-attached Elastic IP address per complete hour

* $0.00 per Elastic IP address remap – first 100 remaps / month

* $0.10 per Elastic IP address remap – additional remap / month over 100

If you require any additional information about pricing please reference the link below

Amazon EC2 Pricing – Amazon Web Services

The other cost are as outlined in the paragraph you have quoted.

24. How do I reduce my AWS EC2 cost? My AWS EC2 expenditure comprises 80% of my AWS bill.

The short answer to reducing your AWS EC2 costs – turn off your instances when you don’t need them.

Your AWS bill is just like any other utility bill, you get charged for however much you used that month. Don’t make the mistake of leaving your instances on 24/7 if you’re only using them during certain days and times (ex. Monday – Friday, 9 to 5).

To automatically start and stop your instances, AWS offers an “EC2 scheduler” solution. A better option would be a cloud cost management tool that not only stops and starts your instances automatically, but also tracks your usage and makes sizing recommendations to optimize your cloud costs and maximize your time and savings.

You could potentially save money using Reserved Instances. But, in non-production environments such as dev, test, QA, and training, Reserved Instances are not your best bet. Why is this the case? These environments are less predictable; you may not know how many instances you need and when you will need them, so it’s better to not waste spend on these usage charges. Instead, schedule such instances (preferably using ParkMyCloud). Scheduling instances to be only up 12 hours per day on weekdays will save you 65% – better than all but the most restrictive 3-year RIs!

You can also save money with:

  • Spot Instances
  • AWS Dedicated Hosts & Dedicated Instances
  • Auto Scaling Groups
  • Rightsizing

25. What is the difference between an Instance, AMI and Snaphots in AWS? What are they used for?

Well AWS is a web service provider which offers a set of services related to compute, storage, database, network and more to help the business scale and grow

All your concerns are related to AWS EC2 instance, so let me start with an instance

Instance:

  • An EC2 instance is similar to a server where you can host your websites or applications to make it available Globally
  • It is highly scalable and works on the pay-as-you-go model
  • You can increase or decrease the capacity of these instances as per the requirement

AMI:

  • AMI provides the information required to launch the EC2 instance
  • AMI includes the pre-configured templates of the operating system that runs on the AWS
  • Users can launch multiple instances with the same configuration from a single AMI

Snapshot:

  • Snapshots are the incremental backups for the Amazon EBS
  • Data in the EBS are stored in S3 by taking point-to-time snapshots
  • Unique data are only deleted when a snapshot is deleted
  • Multiple EBS can be created using these snapshots

26. What are the main differences between a VPNs, VPS and VPC?

They are definitely all chalk and cheese to one another.

A VPN (Virtual Private Network) is essentially an encrypted “channel” connecting two networks, or a machine to a network, generally over the public internet.

A VPS (Virtual Private Server) is a rented virtual machine running on someone else’s hardware. AWS EC2 can be thought of as a VPS, but the term is usually used to describe low-cost products offered by lots of other hosting companies.

A VPC (Virtual Private Cloud) is a virtual network in AWS (Amazon Web Services). It can be divided into private and public subnets, have custom routing rules, have internal connections to other VPCs, etc. EC2 instances and other resources are placed in VPCs similarly to how physical data centers have operated for a very long time.

27. What is the use of elastic IP in AWS?

Elastic IP address is basically the static IP (IPv4) address that you can allocate to your resources.

Now, in case that you allocate IP to the resource (and the resource is running), you are not charged anything. On the other hand, if you create Elastic IP, but you do not allocate it to the resource (or the resource is not running), then you are charged some amount (should be around $0.005 per hour if I remember correctly)

Additional info about these:

You are limited to 5 Elastic IP addresses per region. If you require more than that, you can contact AWS support with a request for additional addresses. You need to have a good reason in order to be approved because IPv4 addresses are becoming a scarce resource.

In general, you should be good without Elastic IPs for most of the use-cases (as every EC2 instance has its own public IP, and you can use load balancers, as well as map most of the resources via Route 53).

One of the use-cases that I’ve seen where my client is using Elastic IP is to make it easier for him to access specific EC2 instance via RDP, as well as do deployment through Visual Studio, as he targets the Elastic IP, and thus does not have to watch for any changes in public IP (in case of stopping or rebooting).

28. Why would you choose not to use AWS Transit Gateway instead of VPC peering?

At this time, AWS Transit Gateway does not support inter region attachments. The transit gateway and the attached VPCs must be in the same region. VPC peering supports inter region peering.

29. Difference between AWS Workspace and AWS Ec2 VM?

  • The EC2 instance is server instance whilst a Workspace is windows desktop instance
  • Both Windows Server and Windows workstation editions have desktops. Windows Server Core doesn’t not (and AWS doesn’t have an AMI for Windows Server Core that I could find).

  • It is possible to SSH into a Windows instance – this is done on port 22. You would not see a desktop when using SSH if you had enabled it. It is not enabled by default.

  • If you are seeing a desktop, I believe you’re “RDPing” to the Windows instance. This is done with the RDP protocol on port 3389.

  • Two different protocols and two different ports.
  • Workspaces doesn’t allow terminal or ssh services by default. You need to use Workspace client. You still can enable RDP or/and SSH but this is not recommended.
  • Workspaces is a managed desktop service. AWS is taking care of pre-build AMIs, software licenses, joining to domain, scaling etc.
  • What is Amazon EC2? Scalable, pay-as-you-go compute capacity in the cloud. Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.
  • What is Amazon WorkSpaces? Easily provision cloud-based desktops that allow end-users to access applications and resources. With a few clicks in the AWS Management Console, customers can provision a high-quality desktop experience for any number of users at a cost that is highly competitive with traditional desktops and half the cost of most virtual desktop infrastructure (VDI) solutions. End-users can access the documents, applications and resources they need with the device of their choice, including laptops, iPad, Kindle Fire, or Android tablets.
  • Amazon EC2 can be classified as a tool in the “Cloud Hosting” category, while Amazon WorkSpaces is grouped under “Virtual Desktop”.
  • Some of the features offered by Amazon EC2 are:

    • Elastic – Amazon EC2 enables you to increase or decrease capacity within minutes, not hours or days. You can commission one, hundreds or even thousands of server instances simultaneously.
    • Completely Controlled – You have complete control of your instances. You have root access to each one, and you can interact with them as you would any machine.
    • Flexible – You have the choice of multiple instance types, operating systems, and software packages. Amazon EC2 allows you to select a configuration of memory, CPU, instance storage, and the boot partition size that is optimal for your choice of operating system and application.

    On the other hand, Amazon WorkSpaces provides the following key features:

    • Support Multiple Devices- Users can access their Amazon WorkSpaces using their choice of device, such as a laptop computer (Mac OS or Windows), iPad, Kindle Fire, or Android tablet.
    • Keep Your Data Secure and Available- Amazon WorkSpaces provides each user with access to persistent storage in the AWS cloud. When users access their desktops using Amazon WorkSpaces, you control whether your corporate data is stored on multiple client devices, helping you keep your data secure.
    • Choose the Hardware and Software you need- Amazon WorkSpaces offers a choice of bundles providing different amounts of CPU, memory, and storage so you can match your Amazon WorkSpaces to your requirements. Amazon WorkSpaces offers preinstalled applications (including Microsoft Office) or you can bring your own licensed software.

AWS Services Cheat Sheet:

Comp­ute

Cate­gory Serv­ice Desc­rip­tion
Inst­ances (Virtual machin­es) EC2 Provides secure, resizable compute capacity in the cloud. It makes web-scale cloud computing easier for develo­pers. EC2
  EC2 Spot Run fault-­tol­erant workloads for up to 90% off. EC2Spot
  EC2 Autosc­aling Automa­tically add or remove compute capacity to meet changes in demand. EC2_AustoScaling
  Lightsail Designed to be the easiest way to launch & manage a virtual private server with AWS. An easy-t­o-use cloud platform that offers everything need to build an applic­ation or website. Lightsail
  Batch Enables develo­pers, scient­ists, & engineers to easily & effici­ently run hundreds of thousands of batch computing jobs on AWS. Fully managed batch processing at any scale. Batch
Cont­ain­ers Elastic Container Service (ECS) Highly secure, reliable, & scalable way to run contai­ners. ECS
  Elastic Container Registry (ECR) Easily store, manage, & deploy container images. ECR
  Elastic Kubernetes Service (EKS) Fully managed Kubernetes service. EKS
  Fargate Serverless compute for contai­ners. Fargate
Serv­erl­ess Lambda Run code without thinking about servers. Pay only for the compute time you consume. Lamda
Edge and hybrid Outposts Run AWS infras­tru­cture & services on premises for a truly consistent hybrid experi­ence. Outposts
  Snow Family Collect and process data in rugged or discon­nected edge enviro­nments. SnowFamily
  Wavelength Deliver ultra-low latency applic­ation for 5G devices. Wavelenth
  VMware Cloud on AWS Innovate faster, rapidly transition to the cloud, & work securely from any location. VMware_On_AWS
  Local Zones Run latency sensitive applic­ations closer to end-users. LocalZones

Netw­orking & Content Delivery

Use cases Func­tio­nal­ity Serv­ice Desc­rip­tion
Build a cloud network Define and provision a logically isolated network for your AWS resources VPC VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. VPC
  Connect VPCs and on-pre­mises networks through a central hub Transit Gateway Transit Gateway connects VPCs & on-pre­mises networks through a central hub. This simplifies network & puts an end to complex peering relati­ons­hips. TransitGateway
  Provide private connec­tivity between VPCs, services, and on-pre­mises applic­ations Privat­eLink Privat­eLink provides private connec­tivity between VPCs & services hosted on AWS or on-pre­mises, securely on the Amazon network. PrivateLink
  Route users to Internet applic­ations with a managed DNS service Route 53 Route 53 is a highly available & scalable cloud DNS web service. Route53
Scale your network design Automa­tically distribute traffic across a pool of resources, such as instances, contai­ners, IP addresses, and Lambda functions Elastic Load Balancing Elastic Load Balancing automa­tically distri­butes incoming applic­ation traffic across multiple targets, such as EC2’s, contai­ners, IP addresses, & Lambda functions. ElasticLoadBalancing
  Direct traffic through the AWS Global network to improve global applic­ation perfor­mance Global Accele­rator Global Accele­rator is a networking service that sends user’s traffic through AWS’s global network infras­tru­cture, improving internet user perfor­mance by up to 60%. GlobalAccelerator
Secure your network traffic Safeguard applic­ations running on AWS against DDoS attacks Shield Shield is a managed Distri­buted Denial of Service (DDoS) protection service that safeguards applic­ations running on AWS. Shield
  Protect your web applic­ations from common web exploits WAF WAF is a web applic­ation firewall that helps protect your web applic­ations or APIs against common web exploits that may affect availa­bility, compromise security, or consume excessive resources. WAF
  Centrally configure and manage firewall rules Firewall Manager Firewall Manager is a security management service which allows to centrally configure & manage firewall rules across accounts & apps in AWS Organi­zation. link text
Build a hybrid IT network Connect your users to AWS or on-pre­mises resources using a Virtual Private Network (VPN) – Client VPN solutions establish secure connec­tions between on-pre­mises networks, remote offices, client devices, & the AWS global network. VPN
  Create an encrypted connection between your network and your Amazon VPCs or AWS Transit Gateways (VPN) – Site to Site Site-t­o-Site VPN creates a secure connection between data center or branch office & AWS cloud resources. site_to_site
  Establish a private, dedicated connection between AWS and your datace­nter, office, or colocation enviro­nment Direct Connect Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. DirectConnect
Content delivery networks Securely deliver data, videos, applic­ations, and APIs to customers globally with low latency, and high transfer speeds CloudFront CloudFront expedites distri­bution of static & dynamic web content. CloudFront
Build a network for micros­ervices archit­ect­ures Provide applic­ati­on-­level networking for containers and micros­ervices App Mesh App Mesh makes it accessible to guide & control micros­ervices operating on AWS. AppMesh
  Create, maintain, and secure APIs at any scale API Gateway API Gateway allows the user to design & expand their own REST and WebSocket APIs at any scale. APIGateway
  Discover AWS services connected to your applic­ations Cloud Map Cloud Map permits the name & handles the cloud resources. CloudMap

Storage

Serv­ice Desc­rip­tion
AWS S3 S3 is the storehouse for the internet i.e. object storage built to store & retrieve any amount of data from anywhere S3
AWS Backup AWS Backup is an extern­all­y-a­cce­ssible backup provider that makes it easier to align & optimize the backup of data across AWS services in the cloud. AWS_Backup
Amazon EBS Amazon Elastic Block Store is a web service that provides block-­level storage volumes. EBS
Amazon EFS Storage EFS offers file storage for the user’s Amazon EC2 instances. It’s kind of blob Storage. EFS
Amazon FSx FSx supply fully managed 3rd-party file systems with the native compat­ibility & charac­ter­istic sets for workloads. It’s available as FSx for Windows server (Fully managed file storage built on Windows Server) & Lustre (Fully managed high-p­erf­ormance file system integrated with S3). FSx_Windows FSx_Lustre
AWS Storage Gateway Storage Gateway is a service which connects an on-pre­mises software appliance with cloud-­based storage. Storage_Gateway
AWS DataSync DataSync makes it simple & fast to move large amounts of data online between on-pre­mises storage & S3, EFS, or FSx for Windows File Server. DataSync
AWS Transfer Family The Transfer Family provides fully managed support for file transfers directly into & out of S3. Transfer_Family
AWS Snow Family Highly­-se­cure, portable devices to collect & process data at the edge, and migrate data into and out of AWS. Snow_Family

Clas­sif­ica­tion:
Object storageS3
File storage servic­esElastic File System, FSx for Windows Servers & FSx for Lustre
Block storageEBS
Back­upAWS Backup
Data transf­er:
Storage gateway –> 3 types: Tape, File, Volume.
Transfer Family –> SFTP, FTPS, FTP.
Edge computing and storage and Snow Family –> Snowcone, Snowball, Snowmobile

Data­bases

Database type Use cases Serv­ice Desc­rip­tion
Rela­tio­nal Tradit­ional applic­ations, ERP, CRM, e-commerce Aurora, RDS, Redshift RDS is a web service that makes it easier to set up, control, and scale a relational database in the cloud. Aurora RDS Redshift
Key-­value High-t­raffic web apps, e-commerce systems, gaming applic­ations DynamoDB DynamoDB is a fully admini­stered NoSQL database service that offers quick and reliable perfor­mance with integrated scalab­ility. DynamoDB
In-m­emory Caching, session manage­ment, gaming leader­boards, geospatial applic­ations Elasti­Cache for Memcached & Redis Elasti­Cache helps in setting up, managing, and scaling in-memory cache condit­ions. Memcached Redis
Docu­ment Content manage­ment, catalogs, user profiles DocumentDB DocumentDB (with MongoDB compat­ibi­lity) is a quick, depend­able, and fully-­managed database service that makes it easy for you to set up, operate, and scale MongoD­B-c­omp­atible databases.DocumentDB
Wide column High scale industrial apps for equipment mainte­nance, fleet manage­ment, and route optimi­zation Keyspaces (for Apache Cassandra) Keyspaces is a scalable, highly available, and managed Apache Cassan­dra­–co­mpa­tible database service. Keyspaces
Graph Fraud detection, social networ­king, recomm­end­ation engines Neptune Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applic­ations that work with highly connected datasets. Neptune
Time series IoT applic­ations, DevOps, industrial telemetry Timestream Timestream is a fast, scalable, and serverless time series database service for IoT and operat­ional applic­ations that makes it easy to store and analyze trillions of events per day. Timestream
Ledger Systems of record, supply chain, regist­rat­ions, banking transa­ctions Quantum Ledger Database (QLDB) QLDB is a fully managed ledger database that provides a transp­arent, immutable, and crypto­gra­phi­cally verifiable transa­ction log ‎owned by a central trusted authority. QLDB

Deve­loper Tools

Serv­ice Desc­rip­tion
Cloud9 Cloud9 is a cloud-­based IDE that enables the user to write, run, and debug code. Cloud9
CodeAr­tifact CodeAr­tifact is a fully managed artifact repository service that makes it easy for organi­zations of any size to securely store, publish, & share software packages used in their software develo­pment process. CodeArtifact
CodeBuild CodeBuild is a fully managed service that assembles source code, runs unit tests, & also generates artefacts ready to deploy. CodeBuild
CodeGuru CodeGuru is a developer tool powered by machine learning that provides intell­igent recomm­end­ations for improving code quality & identi­fying an applic­ation’s most expensive lines of code. CodeGuru
Cloud Develo­pment Kit Cloud Develo­pment Kit (AWS CDK) is an open source software develo­pment framework to define cloud applic­ation resources using familiar progra­mming languages. CDK
CodeCommit CodeCommit is a version control service that enables the user to personally store & manage Git archives in the AWS cloud. CodeCommit
CodeDeploy CodeDeploy is a fully managed deployment service that automates software deploy­ments to a variety of compute services such as EC2, Fargate, Lambda, & on-pre­mises servers. CodeDeploy
CodePi­peline CodePi­peline is a fully managed continuous delivery service that helps automate release pipelines for fast & reliable app & infra updates. CodePipeline
CodeStar CodeStar enables to quickly develop, build, & deploy applic­ations on AWS. CodeStar
CLI AWS CLI is a unified tool to manage AWS services & control multiple services from the command line & automate them through scripts. CLI
X-Ray X-Ray helps developers analyze & debug produc­tion, distri­buted applic­ations, such as those built using a micros­ervices archit­ecture. X-Ray

Migration & Transfer services

Serv­ice Desc­rip­tion
Migration Evaluator Build a data-d­riven business case for AWS. ME
Migration Hub Migration Hub provides a single location to track the progress of app migrations across multiple AWS & partner solutions. MigrationHub
Applic­ation Discovery Service Applic­ation Discovery Service helps enterprise customers plan migration projects by gathering inform­ation about their on-pre­mises data centers. ADS
Server Migration Service (SMS) SMS is an agentless service which makes it easier & faster to migrate thousands of on-pre­mises workloads to AWS. SMS
Database Migration Service (DMS) DMS helps migrate databases to AWS quickly & securely. DMS
CloudE­ndure Migration CloudE­ndure Migration simpli­fies, expedites, & reduces the cost of cloud migration by offering a highly automated lift-&-shift solution. CloudEndure
VMware Cloud on AWS Refer compute section.
DataSync Refer storage section.
Transfer Family Refer storage section.
Snow Family Refer storage section.

SDKs & Toolkits

Serv­ice Desc­rip­tion
CDK CDK uses the famili­arity & expressive power of progra­mming languages for modeling apps. CDK
Corretto Corretto is a no-cost, multip­lat­form, produc­tio­n-ready distri­bution of the OpenJDK. Corretto
Crypto Tools Crypto­graphy is hard to do safely & correctly. The AWS Crypto Tools libraries are designed to help everyone do crypto­graphy right, even without special expertise. Crypto Tools
Serverless Applic­ation Model (SAM) SAM is an open-s­ource framework for building serverless applic­ations. It provides shorthand syntax to express functions, APIs, databases, & event source mappings. SAM
Tools for developing and managing applic­ations on AWS

Security, Identity, & Compliance

Cate­gory Use cases Serv­ice Desc­rip­tion
Identity & access manage­ment Securely manage access to services and resources Identity & Access Management (IAM) IAM is a web service for safely contro­lling access to AWS services. IAM
  Securely manage access to services and resources Single Sign-On SSO helps in simpli­fying, managing SSO access to AWS accounts & business applic­ations. SSO
  Identity management for apps Cognito Cognito lets you add user sign-up, sign-in, & access control to web & mobile apps quickly and easily. Cognito
  Managed Microsoft Active Directory Directory Service AWS Managed Microsoft Active Directory (AD) enables your direct­ory­-aware workloads & AWS resources to use managed Active Directory (AD) in AWS. DirectoryService
  Simple, secure service to share AWS resources Resource Access Manager Resource Access Manager (RAM) is a service that enables you to easily & securely share AWS resources with any AWS account or within AWS Organi­zation. RAM
  Central governance and management across AWS accounts Organi­zations Organi­zations helps you centrally govern your enviro­nment as you grow and scale your workloads on AWS. Orgs
Dete­ction Unified security and compliance center Security Hub Security Hub gives a compre­hensive view of security alerts & security posture across AWS accounts. SecurityHub
  Managed threat detection service GuardDuty GuardDuty is a threat detection service that contin­uously monitors for malicious activity & unauth­orized behavior to protect AWS accounts, workloads, & data stored in S3. GuardDuty
  Analyze applic­ation security Inspector Inspector is a security vulner­ability assessment service improves the security & compliance of the AWS resources. Inspector
  Record and evaluate config­ura­tions of your AWS resources Config Config is a service that enables to assess, audit, & evaluate the config­ura­tions of AWS resources. Config
  Track user activity and API usage CloudTrail CloudTrail is a service that enables govern­ance, compli­ance, operat­ional auditing, & risk auditing of AWS account. CloudTrail
  Security management for IoT devices IoT Device Defender IoT Device Defender is a fully managed service that helps secure fleet of IoT devices. IoTDD
Infr­ast­ructure protec­tion DDoS protection Shield Shield is a managed DDoS protection service that safeguards apps running. It provides always-on detection & automatic inline mitiga­tions that minimize applic­ation downtime & latency. Shield
  Filter malicious web traffic Web Applic­ation Firewall (WAF) WAF is a web applic­ation firewall that helps protect web apps or APIs against common web exploits that may affect availa­bility, compromise security, or consume excessive resources. WAF
  Central management of firewall rules Firewall Manager Firewall Manager eases the user AWS WAF admini­str­ation & mainte­nance activities over multiple accounts & resources. FirewallManager
Data protec­tion Discover and protect your sensitive data at scale Macie Macie is a fully managed data (security & privacy) service that uses ML & pattern matching to discover & protect sensitive data. Macie
  Key storage and management Key Management Service (KMS) KMS makes it easy for to create & manage crypto­graphic keys & control their use across a wide range of AWS services & in your applic­ations. KMS
  Hardware based key storage for regulatory compliance CloudHSM CloudHSM is a cloud-­based hardware security module (HSM) that enables you to easily generate & use your own encryption keys. CloudHSM
  Provision, manage, and deploy public and private SSL/TLS certif­icates Certif­icate Manager Certif­icate Manager is a service that easily provision, manage, & deploy public and private SSL/TLS certs for use with AWS services & internal connected resources. ACM
  Rotate, manage, and retrieve secrets Secrets Manager Secrets Manager assist the user to safely encode, store, & recover creden­tials for any user’s database & other services. SecretsManager
Incident response Invest­igate potential security issues Detective Detective makes it easy to analyze, invest­igate, & quickly identify the root cause of potential security issues or suspicious activi­ties. Detective
  Fast, automated, cost- effective disaster recovery CloudE­ndure Disaster Recovery Provides scalable, cost-e­ffe­ctive business continuity for physical, virtual, & cloud servers. CloudEndure
Comp­lia­nce No cost, self-s­ervice portal for on-demand access to AWS’ compliance reports Artifact Artifact is a web service that enables the user to download AWS security & compliance records. Artifact

Data Lakes & Analytics

Cate­gory Use cases Serv­ice Desc­rip­tion
Anal­ytics Intera­ctive analytics Athena Athena is an intera­ctive query service that makes it easy to analyze data in S3 using standard SQL. Athena
  Big data processing EMR EMR is the indust­ry-­leading cloud big data platform for processing vast amounts of data using open source tools such as Apache Spark, Hive, HBase,­Flink, Hudi, & Presto. EMR
  Data wareho­using Redshift The most popular & fastest cloud data warehouse. Redshift
  Real-time analytics Kinesis Kinesis makes it easy to collect, process, & analyze real-time, streaming data so one can get timely insights. Kinesis
  Operat­ional analytics Elasti­csearch Service Elasti­csearch Service is a fully managed service that makes it easy to deploy, secure, & run Elasti­csearch cost effect­ively at scale. ES
  Dashboards & visual­iza­tions Quicksight QuickSight is a fast, cloud-­powered business intell­igence service that makes it easy to deliver insights to everyone in organi­zation. QuickSight
Data movement Real-time data movement 1) Amazon Managed Streaming for Apache Kafka (MSK) 2) Kinesis Data Streams 3) Kinesis Data Firehose 4) Kinesis Data Analytics 5) Kinesis Video Streams 6) Glue MSK is a fully managed service that makes it easy to build & run applic­ations that use Apache Kafka to process streaming data. MSK KDS KDF KDA KVS Glue
Data lake Object storage 1) S3 2) Lake Formation Lake Formation is a service that makes it easy to set up a secure data lake in days. A data lake is a centra­lized, curated, & secured repository that stores all data, both in its original form & prepared for analysis. S3 LakeFormation
  Backup & archive 1) S3 Glacier 2) Backup S3 Glacier & S3 Glacier Deep Archive are a secure, durable, & extremely low-cost S3 cloud storage classes for data archiving & long-term backup. S3Glacier
  Data catalog 1) Glue 2)) Lake Formation Refer as above.
  Third-­party data Data Exchange Data Exchange makes it easy to find, subscribe to, & use third-­party data in the cloud. DataExchange
Pred­ictive analytics && machine learning Frameworks & interfaces Deep Learning AMIs Deep Learning AMIs provide machine learning practi­tioners & resear­chers with the infras­tru­cture & tools to accelerate deep learning in the cloud, at any scale. DeepLearningAMIs
  Platform services SageMaker SageMaker is a fully managed service that provides every developer & data scientist with the ability to build, train, & deploy machine learning (ML) models quickly. SageMaker

Containers

Use cases Serv­ice Desc­rip­tion
Store, encrypt, and manage container images ECR Refer compute section
Run contai­nerized applic­ations or build micros­ervices ECS Refer compute section
Manage containers with Kubernetes EKS Refer compute section
Run containers without managing servers Fargate Fargate is a serverless compute engine for containers that works with both ECS & EKS. Fargate
Run containers with server­-level control EC2 Refer compute section
Contai­nerize and migrate existing applic­ations App2Co­ntainer App2Co­ntainer (A2C) is a comman­d-line tool for modern­izing .NET & Java applic­ations into contai­nerized applic­ations. App2Container
Quickly launch and manage contai­nerized applic­ations Copilot Copilot is a command line interface (CLI) that enables customers to quickly launch & easily manage contai­nerized applic­ations on AWS. Copilot

Serverless

Cate­gory Serv­ice Desc­rip­tion
Comp­ute Lambda Lambda lets you run code without provis­ioning or managing servers. You pay only for the compute time you consume.
  Lambda@Edge Lambda­@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your applic­ation, which improves perfor­mance & reduces latency.
  Fargate Refer containers section
Stor­age S3 Refer storage section
  EFS Refer storage section
Data stores DynamoDB DynamoDB is a key-value & document database that delivers single­-digit millis­econd perfor­mance at any scale.
  Aurora Serverless Aurora Serverless is an on-demand, auto-s­caling config­uration for Amazon Aurora (MySQL & Postgr­eSQ­L-c­omp­atible editions), where the database will automa­tically start up, shut down, & scale capacity up or down based on your applic­ation’s needs.
  RDS Proxy RDS Proxy is a fully managed, highly available database proxy for RDS that makes applic­ations more scalable, resilient to database failures, & more secure.
API Proxy API Gateway API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, & secure APIs at any scale.
Appl­ication integr­ation SNS SNS is a fully managed messaging service for both system­-to­-system & app-to­-person (A2P) commun­ica­tion.
  SQS SQS is a fully managed message queuing service that enables to decouple & scale micros­erv­ices, distri­buted systems, & serverless applic­ations.
  AppSync AppSync is a fully managed service that makes it easy to develop GraphQL APIs by handling the heavy lifting of securely connecting to data sources like AWS DynamoDB, Lambda.
  EventBridge EventB­ridge is a serverless event bus that makes it easy to connect applic­ations together using data from apps, integrated SaaS apps, & AWS services.
Orch­est­rat­ion Step Functions Step Functions is a serverless function orches­trator that makes it easy to sequence Lambda functions & multiple AWS services into busine­ss-­cri­tical applic­ations.
Anal­ytics Kinesis Kinesis makes it easy to collect, process, & analyze real-time, streaming data so one can get timely insights.
  Athena Athena is an intera­ctive query service that makes it easy to analyze data in Amazon S3 using standard SQL.

Applic­ation Integr­ation

Cate­gory Serv­ice Desc­rip­tion
Mess­aging SNS Reliable high throughput pub/sub, SMS, email, and mobile push notifi­cations
  SQS Message queue that sends, stores, and receives messages between applic­ation components at any volume
  MQ Message broker for Apache ActiveMQ that makes migration easy and enables hybrid archit­ectures
Work­flows Step Functions Coordinate multiple AWS services into serverless workflows so you can build and update apps quickly
API manage­ment API Gateway Create, publish, maintain, monitor, & secure APIs at any scale for serverless workloads & web apps
  AppSync Create a flexible API to securely access, manipu­late, & combine data from one or more data sources
Event bus EventBridge Build an event-­driven archit­ecture that connects applic­ation data from your own apps, SaaS, & AWS services
  AppFlow Automate the flow of data between SaaS applic­ations & AWS services at nearly any scale, without code.

Management & Governance

Cate­gory Serv­ice Desc­rip­tion
Enable Control Tower The easiest way to set up and govern a new, secure multi-­account AWS enviro­nment. ControlTower
  Organi­zations Organi­zations helps centrally govern enviro­nment as you grow & scale workloads on AWS Organizations
  Well-A­rch­itected Tool Well-A­rch­itected Tool helps review the state of workloads & compares them to the latest AWS archit­ectural best practices. WATool
  Budgets Budgets allows to set custom budgets to track cost & usage from the simplest to the most complex use cases. Budgets
  License Manager License Manager makes it easier to manage software licenses from software vendors such as Microsoft, SAP, Oracle, & IBM across AWS & on-pre­mises enviro­nments. LicenseManager
Prov­ision CloudF­orm­ation CloudF­orm­ation enables the user to design & provision AWS infras­tru­cture deploy­ments predic­tably & repeat­edly. CloudFormation
  Service Catalog Service Catalog allows organi­zations to create & manage catalogs of IT services that are approved for use on AWS. ServiceCatalog
  OpsWorks OpsWorks presents a simple and flexible way to create and maintain stacks and applic­ations. OpsWorks
  Market­place Market­place is a digital catalog with thousands of software listings from indepe­ndent software vendors that make it easy to find, test, buy, & deploy software that runs on AWS. Marketplace
Oper­ate CloudWatch CloudWatch offers a reliable, scalable, & flexible monitoring solution that can easily start. CloudWatch
  CloudTrail CloudTrail is a service that enables govern­ance, compli­ance, operat­ional auditing, & risk auditing of AWS account. CloudTrail
  Config Config
  Systems Manager Systems Manager to plan, proctor, & automate admini­str­ation tasks on the AWS resources. SystemsManager
  Cost & usage report Refer cost management section
  Cost explorer Refer cost management section
  Managed Services Operate your AWS infras­tru­cture on your behalf. ManagedServices
  X Ray X-Ray

AWS Recommended security best practices

Turn on multif­actor authen­tic­ation for the “root” account
Turn on CloudTrail log file valida­tion.
Enable CloudTrail multi-­region logging.
Integrate CloudTrail with CloudW­atch.
Enable access logging for CloudTrail S3 buckets.
Enable access logging for Elastic Load Balancer (ELB).
Enable Redshift audit logging.
Enable Virtual Private Cloud (VPC) flow logging.
Require multif­actor authen­tic­ation (MFA) to delete CloudTrail buckets
Enable CloudTrail logging across all AWS.
Turn on multi-­factor authen­tic­ation for IAM users.
Enable IAM users for multi-mode access.
Attach IAM policies to groups or roles
Rotate IAM access keys regularly, and standa­rdize on the selected number of days
Set up a strict password policy.
Set the password expiration period to 90 days and prevent reuseC­ustomer Visual­force pages with standard headers
Don’t use expired SSL/TLS certif­icates
User HTTPS for CloudFront distri­butions
Restrict access to CloudTrail bucket.
Encrypt CloudTrail log files at rest
Encrypt Elastic Block Store (EBS) database.
Provision access to resources using IAM roles.
Ensure EC2 security groups don’t have large ranges of ports open
Configure EC2 security groups to restrict inbound access to EC2.
Avoid using root user accounts.
Use secure SSL ciphers when connecting between the client and ELB.
Use secure SSL versions when connecting between client and ELB.
Use a standard naming (tagging) convention for EC2.
Encrypt RDS.
Ensure access keys are not being used with root accounts.
Use secure CloudFront SSL versions.
Enable the requir­e_ssl parameter in all Redshift clusters.
Rotate SSH keys period­ically.
Minimize the number of discrete security groups.
Reduce number of IAM groups.
Terminate unused access keys
Disable access for inactive or unused IAM users
Remove unused IAM access keys
Delete unused SSH Public Keys
Restrict access to AMIs.
Restrict access to EC2 security groups.
Restrict access to RDS instances.
Restrict access to Redshift clusters.
Restrict outbound access.
Disallow unrest­ricted ingress access on uncommon ports.
Restrict access to well-known ports such as CIFS, FTP, ICMP, SMTP, SSH, Remote desktop
Inventory & categorize all existing custom apps by the types of data stored, compliance requir­ements & possible threats they face.
Involve IT security throughout the develo­pment process.
Grant the fewest privileges as possible for applic­ation users
Enforce a single set of data loss prevention policies across custom applic­ations and all other cloud services.
Encrypt highly sensitive data such as protected health inform­ation (PHI) or personally identi­fiable inform­ation (PII).









taimienphi.vn