AWS Certified Cloud Practitioner Exam Preparation Handout - Frequently Asked Questions

AWS Certified Could Practitioner Exam FAQs prepared by Udara Pathirage

Recently I faced the Amazon Cloud Practitioner Exam. I followed various courses and AWS has given video lectures and did many Labs in order to enhance my knowledge. Finally, I started to do model & past papers that have been given at the exam.

There is some key points you should look up in order to pass your exam. This is a summary and good to refer to before 1 week of your exam date.

URL: https://youtu.be/mZ5H8sn_2ZI

1.      Under the Shared Responsibility Model, which of the following are controls which a customer fully inherits from AWS? > physical controls and environmental controls

2.      Amazon EMR is used to run and Scale Apache Spark, Hadoop, HBase, Presto, Hive, and other Big Data Frameworks

3.      The Multi-AZ feature always spans two Availability Zones within a single Region.

4.      Security scales with your AWS Cloud usage. No matter the size of your business, the AWS infrastructure is designed to keep your data safe.

5.      Which of the following services allows you to run containerized applications on a cluster of EC2 instances? Amazon Elastic Container Service (Amazon ECS)

6.      A company created a solution that will help AWS customers improve their architectures on AWS. Which AWS program may support this company? Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices and proactively keep your AWS environment operationally healthy. TAM is available only for the Enterprise support plan.

7.      APN Consulting Partners are professional services firms that help customers design, architect, build, migrate, and manage their workloads and applications on AWS.

8.      Which of the following can be used to automate the management of multiple AWS services through scripts? AWS CLI

9.      AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.

10.   You have developed a microservices-based application. Which of the following should you use to make sure that each EC2 instance in the system gets the same amount of traffic?

                           i.          Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic. In our case, the microservices application receives HTTP or HTTPS traffic. Hence, the Application Load Balancer is the correct answer here.

                          ii.          Network Load Balancer is best suited for load balancing of TCP and TLS traffic.

11.   Which of the following services can be used to help decouple distributed software systems and components?

                           i.          Amazon Simple Queue Service (SQS) and

                          ii.          Amazon SNS

12.   Amazon Athena is a serverless analytics service. It is used to analyze data in Amazon S3 using standard SQL.

13.   AWS SES is a cloud-based email delivery service.

14.   EC2 instance pricing varies depending on many variables:

                           i.          The buying option (On-demand, Reserved, Spot, Dedicated)

                          ii.          - Selected AMI

                         iii.          - Selected instance type

                         iv.          - Region

                          v.          - Data Transfer in/out

                         vi.          - Storage capacity.

15.   Reserved Instances can be sell on AWS Marketplace before end it’s subscription time period. But new user cannot change the machine configurations but can change the upfront value only.

16.   Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It allows you to run complex analytic queries against petabytes of structured data.

17.   Amazon Kinesis is used to collect, process, and analyze video and data streams in real time.

18.   Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if your applications can be interrupted. For example, Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks.

19.   AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage.

20.   Some service limits are raised automatically over time as you use AWS, though most AWS services require that you request limit increases manually.

21.   Service limits are applied at the AWS account level by aggregating usage from all users in the account.

22.   SPOF – Single Point of Failures

23.   AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.

24.   AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

25.   Amazon Neptune is a graph database service.

26.   S3 - You can protect data in transit by using SSL or by using client-side encryption.

27.   Server-Side Encryption is an option of protecting data at rest in Amazon S3. The encryption is not performed automatically, you have to request it.

28.   CloudWatch is not always free. if you go over those limits you will pay.

29.   AWS CloudFormation is available at no additional charge

30.   Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources.

31.   Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?

                           i.          ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

                          ii.          The 5 Pillars of the AWS Well-Architected Framework:

                                                    i.     Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

                                                   ii.     Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

                                                  iii.     Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as  misconfigurations or transient network issues.

                                                  iv.     Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

                                                   v.     Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

32.   DynamoDB include:

                           i.          single-digit millisecond response times at any scale.

                          ii.          Serverless: DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance.

                         iii.          Availability and fault tolerance are built in

                         iv.          only have access to DynamoDB's built-in engine.

33.   Data sovereignty is a factor you should consider when choosing your AWS region NOT the database.

34.   Following are factors in determining the right database technology to use for each workload?

                           i.          The number of reads and writes per second

                          ii.          The nature of the queries

35.   Following should you consider when creating a tagging strategy for your AWS resources?

                           i.          Always use a standardized, case-sensitive format for tags, and implement it consistently across all resource types.

                          ii.          Consider tag dimensions that support the ability to manage resource access control, cost tracking, automation, and organization.

                         iii.          Implement automated tools to help manage resource tags.

                         iv.          Err on the side of using too many tags rather than too few tags.

                          v.          it is easy to modify tags to accommodate changing business requirements

                         vi.          Tags are not automatically assigned to your resources.

                       vii.           

36.   Amazon SWF (Simple Workflow): coordination of application

37.   five design principles for performance efficiency in the cloud:

                           i.          Democratize advanced technologies

                          ii.          Easily deploy your system in multiple Regions around the world with just a few clicks.

                         iii.          Use serverless architectures

                         iv.          Experiment more often: With virtual and automatable resources, you can quickly carry out comparative testing

                          v.          Use the technology approach that aligns best to what you are trying to achieve.

38.   Amazon S3 storage classes:

                           i.          Amazon S3 Standard (S3 Standard)

                                                    i.     General purpose

                                                   ii.     durability of 99.999999999%

                                                  iii.     99.99% availability

                                                  iv.     SSL for data in transit and encryption of data at rest

                                                   v.     automatic migration of objects to other S3 Storage Classes

                          ii.          Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)

                                                    i.     Unknown or changing access

                                                   ii.     durability of 99.999999999%

                                                  iii.     99.9% availability

                                                  iv.     SSL for data in transit and encryption of data at rest

                                                   v.     automatic migration of objects to other S3 Storage Classes

                         iii.          Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

                                                    i.     Infrequent access

                                                   ii.     durability of 99.999999999%

                                                  iii.     99.9% availability

                         iv.          Amazon S3 Glacier (S3 Glacier)

                                                    i.     Archive

                                                   ii.     durability of 99.999999999%

                                                  iii.     Low-cost design is ideal for long-term archive

                                                  iv.     Configurable retrieval times, from minutes to hours

                                                   v.     S3 PUT API for direct uploads to S3 Glacier, a

                          v.          Amazon S3 Glacier Deep Archive (S3 Glacier Deep Archive)

                                                    i.     Archive

                                                   ii.     durability of 99.999999999%

                                                  iii.     Low-cost design is ideal for long-term archive retained for 7-10 years

                                                  iv.     Ideal alternative to magnetic tape libraries

                                                   v.     Retrieval time within 12 hours

39.   Amazon EC2 Container Registry (ECR) is a fully managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

40.   Most cost-effective option for this short period is to use On-Demand Instances.

41.   Choose Spot instances if the question clearly stated that the application can handle interruptions or if it is stated that continuous processing is not required. Usually Spot instances are used for batch processing jobs or for non-production application, such as development and test servers, where occasional downtime is acceptable.

42.   How does AWS Lambda work?

                           i.          Just upload your code and Lambda takes care of everything required to run and scale your code with high availability

43.   Amazon S3 provides a number of security features for the protection of data at rest, which you can use or not depending on your threat profile:

                           i.          Permissions:

                          ii.          Versioning:

                                                    i.     Versioning is disabled by default. Enable versioning to store a new version for every modified or deleted object from which you can restore compromised objects if necessary.

                         iii.          Replication:

                                                    i.     Amazon S3 replicates each object across all Availability Zones within the respective region.

                         iv.          Manual Backup:

                                                    i.     You can use application-level technologies to manually back up data stored in Amazon S3 to other AWS regions or to on-premises backup systems.

                          v.          Encryption

                                                    i.     server side:

1.      AWS generates a unique encryption key for each object, and then encrypts the object using AES-256.

                                                   ii.     client side:

1.      you create and manage your own encryption keys. Your applications encrypt data before submitting it to Amazon S3, and decrypt data after receiving it from Amazon S3. Data is stored in an encrypted form, with keys and algorithms only known to you.

44.   AWS recommends that you delete your root access keys because you can’t restrict permissions for the root user credentials

45.   TCO (Total Cost of Ownership) Calculator: possible realized savings when deploying AWS services.

46.   AWS Simple Monthly Calculator : estimate their monthly AWS bill more efficiently

47.   AWS Artifact: no cost, self-service portal for on-demand access to AWS’ compliance reports.

48.   Amazon PinPoint: used to engage your customers by sending them targeted and transactional email, SMS, push notifications, and voice messages.

49.   AWS Application Discovery Service: help reduce the complexity and time needed to plan your application migration to the AWS Cloud.

50.   AWS KMS is a managed service that enables you to easily encrypt your data.

51.   Amazon S3 Transfer Acceleration enables fast transfers of files over long distances between your client and an S3 bucket. takes advantage of Amazon CloudFront’s globally distributed edge locations.

52.   Amazon S3 is an excellent storage facility for your media assets

53.   AWS Professional Services created the AWS Cloud Adoption Framework (AWS CAF) to help organization design a road map to successful cloud adoption.

54.   AWS Service Catalog :create and manage catalogs of IT services that are approved for use on AWS. allows to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need.

55.   DynamoDB Global tables provide automatic multi-master replication to AWS Regions world-wide. enable you to deliver low-latency data access.

56.   Amazon Rekognition is a service that makes it easy to add image analysis to your applications. can detect objects, scenes, and faces in images.

57.   With the immutable infrastructure pattern, if a problem happens with a server (EC2 instance), rather than updating, it is replaced with a new server containing the latest patches and configuration.

58.   **Bootstrapping: launch Amazon EC2 instance or Amazon Relational Database instance with a default configuration. then execute automated bootstrapping actions. That is, scripts that install software or copy data to bring that resource to a particular state. You can parameterize configuration details that vary between different environments (e.g.,production, test, etc.) so same scripts can be reused.

59.   **Golden Images: a snapshot of a particular state of that resource.

60.   No additional charge for AWS Elastic Beanstalk. only pay for what you use, as you use it.

61.   perform the following tasks If you suspect that your account has been compromised;

                           i.          Change your AWS root account password and the passwords of any IAM users.

                          ii.          Delete or rotate all root and AWS Identity and Access Management (IAM) access keys.

                         iii.          Delete any resources you didn’t create.

                         iv.          Respond to any notifications received from AWS Support via AWS Support Center.

62.   Placement group is groupings or clusters of instances within a single Availability Zone.

63.   Amazon CloudSearch

                           i.          Set up, manage, and scale a search solution for your website or application.

                          ii.          Automatically configure your domain's indexing options.

64.   Tiered pricing? Means that pay less when use more. Eg: S3 storage and data transfer OUT from EC2.

65.   Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts.

66.   Amazon Cognito control access to backend resources from mobile apps.

67.   IAM HTTPS API: to access IAM and AWS programmatically.

68.   factors you have to consider when choosing the most suitable AWS region;

                           i.          Proximity to your end users,

                          ii.          compliance,

                         iii.          data residency constraints,

                         iv.          cost

69.   Security bulletins - notify customers about the latest security and privacy events within AWS services.

70.   Concierge Team is AWS billing and account experts to implement billing and account best practices.

71.   Cloud Adoption Readiness Assessment perform by the AWS Professional Services

72.   Amazon AppStream to deliver desktop applications to any user whatever the OS they are using.

73.   AWS Lambda can support any programming language using an API.

74.   Route 53 offers health checks to monitor the health and performance of your application.

75.   Cost factors of the Cloud Front?

                           i.          varies across geographic regions,

                          ii.          the edge location through which your content is served.  

                         iii.          The number and type of requests (HTTP or HTTPS)

                         iv.          amount of data transferred out

76.   CloudEndure - migrate running machine images into Amazon EC2 with their data.

77.   key design principles of the AWS Cloud include scalability, disposable resources, automation, loose coupling, managed services instead of servers, and flexible data storage options

78.   Amazon Connect is a cloud-based contact center solution.

79.   Amazon WorkMail is a secure business email and calendar service.

80.   Amazon MQ is a managed message broker service for Apache ActiveMQ.

81.   AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

82.   AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

83.   Amazon EC2 Dedicated instances that run in a VPC on hardware that's dedicated to a single customer.

84.   Greatest impact on cost include: Compute, Storage & Data Transfer Out.

85.   “Economies of scale” mean AWS will continuously lower costs as it grows.

86.   AWS tiered pricing > Save more when you consume more.

87.   Resource Groups > manage different stages such as development, testing, and production to view and manage your resources easily.

88.   Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers performance improvements from milliseconds to microseconds.

89.   benefits of using AWS CloudFormation include:

                           i.          allows you to model your entire infrastructure in a text file

                          ii.          provisions your resources in a safe, repeatable manner, allowing you to build and rebuild your infrastructure and applications.

                         iii.          Codifying your infrastructure allows you to treat your infrastructure as just code

                         iv.          allows you to model and provision, in an automated and secure manner, all the resources needed for your applications.

90.   AWS Fargate is a compute engine for deploying and managing containers.

91.   Amazon EMR uses Amazon EC2.

92.   Amazon EMR use cases;

                           i.          log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics.

93.   S3 pricing is based

                           i.          storage class

                          ii.          total amount of data (in GB) you’ve stored

                         iii.          Data Transfer Out

                         iv.          Number of Requests

94.   Instance Store can only be used to store temporary data such as buffers, caches, scratch data in the instance lost if the instance stops, terminates

95.   Snowball appliances come in two sizes: 50 TB and 80 TB.

96.   Snowball is a petabyte-scale data transport solution. not economical choice  to transfer less than 10 TB.

97.   Snowmobile is an Exabyte-scale data transfer service. (PetaBytes < Exabyte). semi-trailer truck.

98.   Amazon EBS pricing factors:

                           i.          Volume storage

                          ii.          Snapshots

                         iii.          Data transfer

99.   AWS X-Ray helps you identify performance bottlenecks.

100.                    Elastic IP address doesn’t incur charges;

                           i.          Elastic IP address is associated with an EC2 instance.

                          ii.          instance associated with the Elastic IP address is running.

                         iii.          instance has only one Elastic IP address attached to it.

101.  Amazon ElastiCache for Redis is a fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications.

102.  AWS Server Migration Service (SMS) is faster service to migrate thousands of on-premises workloads to AWS.

103.  AWS Application Discovery Service is used to discover on-premises server inventory and behavior.

104.  AWS account root user, don't create one unless you absolutely need to. If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly.

105.  AWS Global Accelerator is a networking service that improves the availability and performance of the applications that you offer to your global users.

106.  AWS IAM console or the AWS CLI to enable a virtual MFA device for an IAM user in your account.

107.  pay only for the compute time you consume is Lambda.

108.  Server-based services include: Amazon EC2, Amazon RDS, Amazon Redshift and Amazon EMR.

109.  Serverless services include: AWS Lambda, AWS Fargate and Amazon DynamoDB.

110.  In computer science, ACID (Atomicity, Consistency, Isolation, and Durability) is a set of properties of database transactions intended to guarantee validity even in the event of errors, power failures, etc.

111.  To protect your AWS infrastructure;

                           i.          Change the user name and the password of the root user account and all of the IAM accounts that the administrator has access to

                          ii.          Rotate (change) all access keys for those accounts

                         iii.          Enable MFA on those accounts.

                         iv.          Put IP restriction on all Users' accounts.

112.  AWS Systems Manager - gives visibility and control of the infrastructure on AWS.

113.  AWS support plans provides access to only the 7 core Trusted Advisor checks;

                           i.          Basic

                          ii.          Developer

114.  Cost factors of Amazon EBS;

                           i.          Volume types

                          ii.          Input/output operations per second(IOPS)

                         iii.          Snapshots

                         iv.          Data Transfer

115.  AWS S3 storage class that has the lowest availability rating?

                           i.          S3 One Zone-IA -             99.5%

                          ii.          Infrequent Access             99.9%.

                         iii.          Standard -                          99.99%.

                         iv.          Glacier                                99.99%

116.  You must terminate your Elastic Beanstalk environment before you terminate resources that Elastic Beanstalk has created.

117.  Which of the following could you use to find a paid AMI?

                           i.          Amazon EC2 console

                          ii.          AWS CLI

118.  AWS has unique set of services to build fault-tolerant applications in cloud than using the traditional servers.

119.  Which of the following security resources are available for free?

                           i.          AWS Security Blog,

                          ii.          Provable Security,

                         iii.          Whitepapers,

                         iv.          Advanced Innovation,

                          v.          Developer Documents,

                         vi.          Articles and Tutorials,

                       vii.          Training,

                      viii.          Security Bulletins,

                         ix.          Compliance Resources

                          x.          Testimonials.

120.  AWS Organizations has five main benefits:

                           i.          Centrally manage access polices across multiple AWS accounts.

                          ii.          Automate AWS account creation and management.

                         iii.          Control access to AWS services.

                         iv.          Consolidate billing across multiple AWS accounts.

                          v.          Configure AWS services across multiple accounts.

121.  AWS Service Catalog - create and manage catalogs of IT services.

122.  Although Availability Zones are insulated from failures in other Availability Zones,  they are connected through private, low-latency links to other Availability Zones in the same region.

123.  AWS Lambda runs in parallel and processes each trigger individually, scaling precisely with the size of the workload, not scaling the computer power.

124.  Which feature enables users to sign in to their AWS accounts with their existing corporate   credentials? Federation

125.  seven design principles for security

                           i.          Implement a strong identity foundation.

                          ii.          Enable traceability

                         iii.          Apply security at all layers

                         iv.          Automate security best practices

                          v.          Protect data in transit and at rest

                         vi.          Keep people away from data

                       vii.          Prepare for security events

126.  Which of the following services enables you to easily generate and use your own encryption keys in the AWS Cloud? AWS CloudHSM

127.  Amazon Glacier access options;

                           i.          Expedited : 1–5 minutes

                          ii.          Standard : 3–5 hours

                         iii.          Bulk : 5–12 hours

128.  AWS is responsible for setting up the software licenses used in their platform.

129.  DynamoDB does not support complex relational queries such as joins or complex transactions.

130.  Which of the following requires an access key and a security access key to get programmatic access to AWS resources?

                           i.          IAM User

                          ii.          AWS Account root user

131.  Can create IAM user access keys with the IAM console, AWS CLI,or AWS API. BUT must use the AWS Management Console to create access keys to the ROOT user.

132.  Durability refers to the ability of a system to assure data is stored and data remains consistent in the system as long as it is not changed by legitimate access.

GOOD LUCK FOR THE EXAM,

                           i.          If you think this tutorial helped you, its my pleasure at most level, feel free to thanks me via udara86@gmail.com which will motivates me to do more like this…

Download this as PDF