AWS Cloud Practitioner Certification

Exam Tip

1. Read the Question working carefully. (eg not incorrect=correct)

Proceed by elimination
• Most questions are going to be high-level “pick-a-service” questions
• For all the questions, rule out answers that you know for sure are wrong
• For the remaining answers, understand which one makes the most sense
• There are very few trick questions
• Don’t over-think it
• If a solution seems feasible but highly complicated, it’s probably wrong

Wareshoues solution – ketyspace ,EMR?

Test1(50%)

Test2(50%)

Test3-75%

1. Tets-4 Check(50%)

1. Q-3,Data warehouse-Redshift
2. 6(saliure of sod=ftware), -EAstic IP
3. 9(which one more costlier convertible or standard),
   • Reserved Standard Instance is up to 70% cheaper and Reserved Convertible Instance is up to 54% cheaper
4. 10(why would need to store sinec eprovided – S3 not secure),-Need to ab=nswer as per WUes reuirement- No trickey Question
5. 12 (patch magmt control category),—
6. 16-BItol payper session(EMR?quick sight)
7. Security -Well artictect point -cram!
8. q20 Security Best Practiecs
9. 21 – multiple Cmanage CENTRALLY
10. q25 when IAM role assigned
11. 35
12. Full form MSK .EMR
13. 57
14. 58
15. 60

Tests-5 Check (70%marks)

1. Cloud-front pricing model (Discounting? free tier on-demand> BUT not 1 year contract)
2. In transit data protection- CLoudFront, ELB
3. Data at rest protection- KMS
4. AWS Service catalouge – a self-service portal for your employees to quickly access and use approved AWS services or AWS Marketplace software
5. AWS Trusted advisor – (based on 5 pillar of archic=techture advice s) -Appropriate implementation of AWS Identity and Access Management as per the best practices
6. How can you get your current and previous Bills in AWS? AWS Billing and Cost Management – To view your AWS bill, open the Bills pane of the Billing and Cost Management console, and then choose the month you want to view from the drop-down menu.
7.  AWS services automatically route traffic around failed endpoints without disrupting clients in case of multi-region failure? – AWS Global Acceleration – AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users. AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%
8. Q- RI has been classified as Standard, Convertible and Scheduled – Scheduled is not a class of RI Instance
9. AWS Budget – You can create up to 20,000 budgets per standalone account or AWS Organizations master account. Your first 62 budget days are free of charge each month
10. option helps S3 to delete expired object-object Lifecycle Management

Test-6 Check

1. Q3- Regional Edge location (site )vs individuals edge location(cloudFront)
   1. Stores content for a longer period than individual edge locations – Amazon CloudFront has added several regional edge cache locations globally, at close proximity to your viewers
   2. Larger cache width than individual edge locations – Regional Edge Caches have a larger cache width than any individual edge location, so objects remain in the cache longer at the nearest regional edge caches
2. 5- “Think parallel” concepts -(ELB)
3. q6 – Storage Gateway type
   1. Tape Storage gateway – AWS Storage Gateway offers IT organizations a seamless way to transfer backup jobs from tape or Virtual Tape Library systems to the cloud – while keeping trusted backup tools and processes in place
   2. Volume Storage gateway -You can configure the AWS Storage Gateway service as a Volume Gateway to present cloud-based iSCSI block storage volumes to your on-premises applications. The Volume Gateway provides either a local cache or full volumes on-premises while also storing full copies of your volumes in the AWS cloud
   3. File Storage gateway -AWS Storage Gateway’s file interface, or file gateway, offers you a seamless way to connect to the cloud in order to store application data files and backup images as durable objects on Amazon S3 cloud storage. File gateway offers SMB or NFS-based access to data in Amazon S3 with local caching
   4. Disk (NOT A STORAGE GATEWAY TYpes)
4. q-8 , LINUX pricing after 1 in -per second? (does 1st minuter ignored or counted even for 1 sec usage)
   • (minimum of 60 seconds) so irrespective of 1 sec or 2 sec uage need to pay 1 min
5. Q12- Snowball(migration) vs storage gateway(?connection so concurrently used>)
   • Storage Volume Gateway -AWS block storage resides on-premise and helps customers to take on-premise data backup into the AWS cloud
6. 13 services helps customers to understand security configuration issues in AWS accounts?
   1. Inspector
   2. Guard-duty(continuously monitor for unauthorised access)
7. q-17 Group vs Role
   • There is always a default Group but there is no default Role – No default Group or Role is available
   • Group is a collection of IAM users and Role is IAM identity that has specific permissions – An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users.
   • An IAM role is an IAM identity that you can create in your account that has specific permissions. Instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it

1. q20
   1. support team can help you with architecture and operations review
      • Infrastructure Event Management – Contextual guidance on how services fit together to meet your specific use-case, workload, or application
      • AWS Support Concierge – The Concierge Team is AWS billing and account experts that specialize in working with enterprise accounts
2. Q21- limitation for Scheduled Instance
   1. The required term is 365 days (one year) – It’s a true limitation for Scheduled Instances
   2. The minimum required utilization is 1,200 hours per year – It’s a true limitation for Scheduled Instances
   3. You can purchase a Scheduled Instance up to three months in advance – It’s a true limitation for Scheduled Instances
   4. The instance has to be up and running at least once in 24 hours(Incorrect) – Scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term
3. 23-s3 file TRANSFER (in/out) over sftp and FTPs .Throught-process not migrate (so assumed EFS SINCE IT’S nfs uses -SFTP?)Explanatoins-
   1. AWS Transfer Family – The AWS Transfer Family provides fully managed support for file transfers directly into and out of Amazon S3. It supports Secure File Transfer Protocol (SFTP), File Transfer Protocol over SSL (FTPS), and File Transfer Protocol (FTP), the AWS Transfer Family
   2. AWS Elastic File System – Elastic File Storage is a storage service that supports NFS, which is useful for building connectivity with on-premise services
   3. AWS S3 Transfer Acceleration – Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path
   4. AWS Migration Hub – AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions
4. 24-bLOACK STORAGE?
   1. EBS
   2. Instance Storage
5. 26- best [practice for usage of on-demand EC2?(stop not terminate)
   1. Stop the unused instances – AWS does not charge for unused on-demand instances and when required you can immediately start the instance without spending time on configuring a new instance
   2. (wrong)Terminate the unused instances – Existing data will be lost if you terminate without taking a snapshot and also in the future if require you have to conjure a new server again
   3. (wrong)Unused instances need to be up and running at least for an hour – There is no restriction of running the server for any minimum time, even you can run it for a few seconds as well
6. 28-Vertical scaling services
   1. Amazon EC2 – User can change the EC2 configurations like RAM, CPU, storage to scale up or scale down the same instance
   2. Amazon RDS – User can change the instance size RDS MySQL, PostgreSQL, MariaDB, Oracle, Microsoft SQL Server or Aurora
7. 30 IAM entity
   1. AWS Resource Access Manager – AWS Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization
8. 32-individual object limit IN S3
   1. 5 Terabyte – The total volume of data and the number of objects you can store areunlimited. But individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes.
9. 33-ELB types
   1. Application ELB
   2. Nework
   3. classic(yes)/standard(no such thing.)
10. As part of best practive- Serverless services
    • AWS Lambda
    • Amazon Athena
11. 51(ELB AND Instance store are unstructured. s3- probably key-value among the options ) ,correct thought process
    • Elastic Block Storage – Key-Value pair concept is applicable for Object storage and EBS is block storage. SO it’s not applicable
12. 52- BOYL (Dedicated instance/host) belongs to both?Refer question for use case – options explanation
    1. They can use their existing instances in Dedicated Host – Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses. When you bring your own license, you are responsible for managing your own licenses. However, Amazon EC2 has features that help you maintain license compliance
    2. They can use their existing instances in Dedicated Instances – It does not support BYOL(verify this?)
13. 54- build a search engine based on IMDb?which servie
    1. Amazon Data Exchange – AWS customers can find, subscribe to, and use over a thousand products containing data sets from more than 80 qualified data providers including Reuters, Foursquare, TransUnion, Change Healthcare, Virtusa, Pitney Bowes, TP ICAP, Vortex, IMDb, Epsilon, Enigma, TruFactor, ADP, Dun & Bradstreet, Compagnie Financière Tradition, Verisk, Crux Informatics, TSX Inc., Acxiom
    2. Amazon CloudSearch – Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application
    3. Amazon Elasticsearch(not valid for usecase) – Elasticsearch has quickly become the most popular search engine and is commonly used for log analytics, full-text search, security intelligence, business analytics, and operational intelligence use cases
14. options helps to implement AWS best practices?(cram best practices)
    1. Upload EBS snapshot automatically – Utilize Amazon EBS and set up cron jobs so that incremental snapshots are automatically uploaded to Amazon S3 and data is persisted independent of your instances.
15. responsibility of EBT?Elastice bean stack
    • Upload Code – The customer is a responsible for uploading zip file of the application code
    • EBT is responsible for Provisioning, Load Balancing, Auto Scaling, Application health Monitoring,
16. 48Plan practices and difference (cram)
    1. Concierge[care take of bloack or hotel] Support Team – the Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts. Only Enterprise plan provides this support
    2. Infrastructure Event Management – Included access to Well-Architected Reviews, Operations Reviews, and Infrastructure Event Management. Only Enterprise support plans provide this. The business plan provides this with additional cost
17. 62 – How AWS Fully managed service can be beneficial over deploying third-party software in EC2?(managed service(e.g RDS) vs 3rfd party software deploed on EC2 ) options explanation –
    1. Accelerate Migration – AWS Managed Services provides an enterprise-ready, proven operating environment, enabling you to migrate production workloads in days versus months
    2. Greater control – In managed services (like RDS, DynamoDB) even you will have less control over infrastructure
    3. High availability – This is applicable for both EC2 deployment and any Managed services
    4. Cost reduction – There is a separate cost for individual managed services
18. 64 -q option guessed on cloud formation. Options explanation
    1. Allows to create a complete replica of an infrastructure –
    2. It converts infrastructure details in programing language
    3. (wrong)It’s a perfect example of serverless computing – It’s not the server, rather entire infrastructure details including server, storage etc written in a programing language
    4. (wrong)AWS charge as per the size of the infrastructure – This service is completely free of cost
    5. (wrong)It protects the infrastructure from DDoS attacks – It’s a replica of infrastructure in the programming language. It has no other infrastructure level functionality

---

Stephen test series Test1 -80%

1. Q4-Services that support reservation discount (EC2 ..Another?RDS[thought process-Odd man out] )
   • Ans -RDS[AURORA
   • DynamoDB
   • EC2
2. q5-aws shield advaced proctects which of the servies

• Amazon Route 53
• AWS Global Accelerator

AWS Shield Standard is activated for all AWS customers, by default. For higher levels of protection against attacks, you can subscribe to AWS Shield Advanced. With Shield Advanced, you also have exclusive access to advanced, real-time metrics and reports for extensive visibility into attacks on your AWS resources. With the assistance of the DRT (DDoS response team), AWS Shield Advanced includes intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer (layer 4) attacks but also for application layer (layer 7) attacks.

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on the following resources: Amazon Elastic Compute Cloud, Elastic Load Balancing (ELB), Amazon CloudFront, Amazon Route 53, AWS Global Accelerator.

1. 8-verifiy whAt to trade FOR in CAPEX OPEX
   1. Trade capital expense for variable expense(donot pay second i.e variable)
2. 12verify why PLAN provides self-paced traing
   • ONly ENtrerprise
3. 16 which security service of AWS is enabled for all AWS customers, by default, at no additional cost
   • AWS Shield Standard (charged for-WAS,Shield advaced etc)
4. 17- Account removal from organisation process/restriction
   • The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations
     • You can remove an account from your organization only if the account has the information that is required for it to operate as a standalone account. For each account that you want to make standalone, you must accept the AWS Customer Agreement, choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not AWS Free Tier) AWS activity that occurs while the account isn’t attached to an organization
5. 23 – who can help with data migration from on-prem to aws
   1. Leverage AWS Professional Services to accelerate the infrastructure migration
   2. Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
6. 24 PLANS that support interoperability of 3rd party software
   1. Business/Enterprise
7. 29 Layers WAF Protects
   1. Only 7

• Layer 7
  • AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer. HTTP and HTTPS requests are part of the Application layer, which is layer 7.
• Incorrect options:
  • Layer 3 – Layer 3 is the Network layer and this layer decides which physical path data will take when it moves on the network. AWS Shield offers protection at this layer. WAF does not offer protection at this layer.
  • Layer 4 – Layer 4 is the Transport layer and this layer data transmission occurs using TCP or UDP protocols. AWS Shield offers protection at this layer. WAF does not offer protection at this layer.
  • Layer 4 and 7 – This option has been added as a distractor.

1. 30 Verify ML tool for speech-input to speech-output
   1. Polly also help text to speech conversion
2. 31 server less technologies
   1. Step-function,DynamoDB, Lambda,RDS
3. 35 entities applies patches to the underlying OS for AWS Aurora?
   • The AWS Product Team automatically
4. 43 architectural guidance contextual to your specific use-cases?
   • Business
5. 46 Use-case for choice of RDS if deployed in single AZ
   • Configure the database in RDS Multi-AZ deployment with automatic failover to the standby
6. 48 AWS services has encryption enabled by default?(thought process ebs and EFS same category so out,, S3 is suitable..confusion one of the service has option to encrption [guess s3] but not enabled by default)
   1. CloudTrail Logs(since it has user details)
7. 54use a storage service which would be accessed by hundreds of EC2 instances simultaneousl (EFS choose as it’s the only difference btw the EBS anEFS)
   1. EFS
8. 55 dATA MIGRATION CHARGES WITHIN AWS SERVICE ec2 to s3
   1. The company would not be charged for this data transfer
      • There are three fundamental drivers of cost with AWS: compute, storage, and outbound data transfer. In most cases, there is no charge for inbound data transfer or data transfer between other AWS services within the same region. Outbound data transfer is aggregated across services and then charged at the outbound data transfer rate.
      • Per AWS pricing, data transfer between S3 and EC2 instances within the same region is not charged, so there would be no data transfer charge for moving 500 GB of data from an EC2 instance to an S3 bucket in the same region.
9. services part of reliability pillarof well-architected solution
   • AWS Config/Clowdwatch /cloudtrail
     • There are three best practice areas for Reliability in the cloud – Foundations, Change Management, Failure Management. Being aware of how change affects a system (change management) allows you to plan proactively, and monitoring allows you to quickly identify trends that could lead to capacity issues or SLA breaches.
10. 65 Costing options of EC2 instances

• Exam Alert:
• You may see use-cases asking you to select one of CloudWatch vs CloudTrail vs Config. Just remember this thumb rule –
• Think resource performance monitoring, events, and alerts; think CloudWatch.
• Think account-specific activity and audit; think CloudTrail.
• Think resource-specific change history, audit, and compliance; think Config.

Stephen test series Test2

• Q7- AWS Compute Optimiser delivers recommendations for which of the following AWS resources
  • Thought process (compute services but non-compute servives were al;so listed)
  • Amazon EC2 instances, Amazon EC2 Auto Scaling groups
  • Amazon EBS volumes, AWS Lambda functions
• Q8-Services for the Reliability pillar of the Well-Architected Framework in AWS Cloud? 
  • AWS Trusted Advisor
  • AWS Service Quotas
  • Foundations are part of the Reliability pillar of the AWS Well-Architect ed Framework. The services that are part of foundations are: Amazon VPC, AWS Trusted Advisor, AWS Service Quotas (earlier known as AWS Service Limits).
• PLAN
  • The Concierge Support Team, Technical Account Manager (TAM) is only available for the Enterprise Support plan.
• q32- Auto-scaling use-cases
  • You can automatically deploy AWS Shield when a DDoS attack is detected
• Q35-sPAN OF VPC and a subnet in region (limited to 1 AV or throughout Region)
  • A VPC spans all of the Availability Zones in the Region whereas a subnet spans only one Availability Zone in the Region 
• Q48 Pricing of In-demand vs Dedicated host
  • On-Demand< Dedicated Host