AWS Certified Cloud Practitioner — Practice Questions Part 2

Below is the list of few practice questions for AWS Certified Cloud Practitioner. All questions have answers and detailed explanation with references. Follow us to stay updated with new questions:

Question:

How would an AWS customer easily apply common access controls to a large set of users?

1. Apply an IAM policy to an IAM group.
2. Apply an IAM policy to an IAM role.
3. Apply the same IAM policy to all IAM users with access to the same workload.
4. Apply an IAM policy to an Amazon Cognito user pool.

Answer:

1) Apply an IAM policy to an IAM group

Explanation:

Instead of defining permissions for individual IAM users, it’s usually more convenient to:

— create IAM groups that relate to job functions (administrators, developers, accounting, etc.).

— Next, define the relevant permissions for each group.

— Assign IAM users to those groups.

— All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place.

— As people move around in your company, you can simply change what IAM group their IAM user belongs to.

Notes:

— User: Permanent named operator (human or machine)

— Group: Collection of users

— Role: Authentication method, not permissions. A role is an operator (human or machine). Credentials are temporary

— Policy docs: Permissions attached to any of the previous 3. Lists specific APIs that are allowed.

Reference:

Security best practices in IAM

Question:

What technology enables compute capacity to adjust as loads change?

1. Load balancing
2. Automatic failover
3. Round-robin
4. Auto Scaling

Answer:

4) Auto Scaling

Explanation:

Load balancers distribute workloads across several instances, it only distributes to instances available (it doesn’t add or change) but with auto-scaling when the traffic gets too high it automatically adds more instances to handle the traffic and vice versa”

Load Balancing — Distributes workloads across multiple compute resources.

Auto Scaling — Automatically increase and decrease the number of instances based on the application requirement.

Keyword here is compute capacity and compute capacity refers to EC2 which refers to instances

Reference:

AWS Auto Scaling

Question:

Which AWS services are defined as global instead of regional? (Choose two.)

1. Amazon Route 53
2. Amazon EC2
3. Amazon S3
4. Amazon CloudFront
5. Amazon DynamoDB

Answer:

1. Amazon Route 53

4. Amazon CloudFront

Explanation:

— 1) —

“Using a global any cast network of DNS servers around the world, Amazon Route 53 is designed to automatically route your users to the optimal location depending on network conditions. As a result, the service offers low query latency for your end users, as well as low update latency for your DNS record management needs.”

— 4) —

“Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.”

Incorrect answers:

S3 — Has a global reach, but data is stored regionally. S3 buckets are created within the selected region. Objects stored are replicated across Availability Zones to provide high durability, but are not cross region replicated unless done explicitly.

Reference:

Global Infrastructure

Question:

Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Choose two.)

1. Amazon CloudFront distributions
2. Amazon Route 53
3. Security Groups
4. Subnets
5. Elastic Load Balancing

Answer:

3. Security Groups

4. Subnets

Explanation:

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

Reference:

Logically Isolated Virtual Private Cloud-Amazon VPC - Amazon Web Services

Question:

How do customers benefit from Amazon’s massive economies of scale?

1. Periodic price reductions as the result of Amazon’s operational efficiencies
2. New Amazon EC2 instance types providing the latest hardware
3. The ability to scale up and down when needed
4. Increased reliability in the underlying hardware of Amazon EC2 instances

Answer:

1) Periodic price reductions as the result of Amazon’s operational efficiencies

Explanation:

Benefit from massive economies of scale — By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale, which translates into lower pay as-you-go prices.

Reference:

Six Advantages of Cloud Computing

Question:

Which AWS services can be used to gather information about AWS account activity?(Choose two.)

1. Amazon CloudFront
2. AWS Cloud9
3. AWS CloudTrail
4. AWS CloudHSM
5. Amazon CloudWatch

Answer:

3) AWS CloudTrail

5) Amazon CloudWatch

Explanation:

— 3) —

“AWS Cloudtrail — track user activity and API usage. Helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.”

— 5) —

“You can use CloudWatch queries to search API history beyond the last 90 days.”

Note: You must have a trail created and configured to log to Amazon CloudWatch Logs. For more information, see Creating a trail.

Open the CloudWatch console, and then choose Logs.

— In Log Groups, choose your log group.

— Choose Search Log Group.

— In Filter events, enter a query similar to the following ({ $.userIdentity.userName = “Alice” }) to search logs for a user’s API calls, and then choose the refresh icon.

— You can also query for specific API actions. This example query searches for the API action DescribeInstances — { ($.eventName = “DescribeInstances”) && ($.requestParameters.userName = “Alice” ) }”

Reference:

Real-Time Insights on Account Activity | Implementations | AWS Solutions

Question :

Which of the following common IT tasks can AWS cover to free up company IT resources? (Choose two.)

1. Patching databases software
2. Testing application releases
3. Backing up databases
4. Creating database schema
5. Running penetration tests

Answer:

1) Patching databases software

3) Backing up databases

Explanation:

If taking RDS as example, both patching and backups are covered.

RDS makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications, so you can give them the fast performance, high availability, security and compatibility they need.

Incorrect answers:

Pen testing is performed by the customer on 8 main services without need to alert Amazon. Other than those 8 though, the customer must submit an application to proceed with testing and wait for a response from AWS.

Reference:

https://aws.amazon.com/choosing-a-cloud-platform/

Question:

Which AWS feature should a customer leverage to achieve high availability of an application?

1. AWS Direct Connect
2. Availability Zones
3. Data centers
4. Amazon Virtual Private Cloud (Amazon VPC)

Answer:

2) Availability Zones

Explanation:

This is to achieve High Availability for any web application deployed in AWS. The following features will be present:

• High availability across multiple instances/multiple availability zones.
• Auto Scaling of instances (scale up and scale down) based on number of requests coming in
• Additional Security to the instances/database that are in production
• No impact to end users during newer version of code deployment
• No Impact during patching the instances

Reference:

https://betsol.com/2018/01/how-to-make-high-availability-web-applications-on-amazon-web-services/

Question:

Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs?

1. Enterprise
2. Business
3. Developer
4. Basic

Answer:

1) Enterprise

Explanation:

Enterprise support: Infrastructure Event Management included as standard.

Incorrect answers:

— Business support: Access to Infrastructure Event Management for additional fee.

Reference:

Compare Support Plans | Developer, Business, Enterprise | AWS Support

Question :

Which AWS service can serve a static website?

1. Amazon S3
2. Amazon Route 53
3. Amazon QuickSight
4. AWS X-Ray

Answer:

1) Amazon S3

Explanation:

You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting.

Reference:

Hosting a static website using Amazon S3

Question:

How does AWS shorten the time to provision IT resources?

1. It supplies an online IT ticketing platform for resource requests.
2. It supports automatic code validation services.
3. It provides the ability to programmatically provision existing resources.
4. It automates the resource request process from a company’s IT vendor, list.

Answer:

3) It provides the ability to programmatically provision existing resources

Explanation:

AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources, provision them quickly and consistently, and manage them throughout their lifecycles, by treating infrastructure as code. A CloudFormation template describes your desired resources and their dependencies, so you can launch and configure them together as a stack. You can use a template to create, update, and delete an entire stack as a single unit, as often as you need to, instead of managing resources individually. You can manage and provision stacks across multiple AWS accounts and AWS Regions.

In this same regard, AWS Lambda can fulfil this same requirement

Question :

What can AWS edge locations be used for? (Choose two.)

1. Hosting applications
2. Delivering content closer to users
3. Running NoSQL database caching services
4. Reducing traffic on the server by caching responses
5. Sending notification messages to end users

Answer:

2) Delivering content closer to users

4) Reducing traffic on the server by caching responses

Explanation:

Edge Locations are endpoints used for caching content. They are located in most of the major cities around the world and are specifically used by CloudFront to distribute AWS content closer to end-users to reduce latency.

Incorrect answers:

3) is not correct because the NoSQL database caching services (most likely this is hinting at Elasticache) do not run at edge locations.

• Elasticache simply uses redis and memcached to improve the performance of web applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases.
• These are not at edge locations and instead will be at the original content location.

Reference:

What is Amazon CloudFront?

Question:

Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users?

1. A public and private key-pair
2. Amazon Inspector
3. AWS Identity and Access Management (IAM) policies
4. Security Groups

Answer:

3) AWS Identity and Access Management (IAM) policies

Explanation:

To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly grant those user-level permissions. You can grant user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy.

Reference:

Limit Amazon S3 bucket access to certain VPCs or IP addresses

Thanks for reading

Hope you find this useful. Let me know your thoughts in the comment section and don’t forget to clap if you found the article helpful. We will be releasing more questions every week. To get notified, follow us on medium.

Get access to 4 practice papers (250+ Questions) on AWS Certified Cloud Practitioner with answers and explanation. These papers will help you in clearing AWS Certification, concepts and in interviews. Please visit below link to access these papers:

Home | Tech Interviews