Which service is used introduce fault tolerance into an application architecture?

What is an availability zone composed of?
1. One or more regions
2. One or more DCs in a location
3. A collection of edge locations
4. A collection of VPCs

2. One or more DCs in a location

• A region is a geographical area
• Each region consists of 2 or more availability zones
• Availability Zones are physically separate and isolated from each other

What advantages does deploying Amazon CloudFront provide? (choose 2)
1. A private network link to the AWS cloud
2. Reduced latency
3. Automated deployment of resources
4. Improved performance for end users
5. Provides serverless compute services

2. Reduced latency
4. Improved performance for end users

• CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world

What considerations are there when choosing which region to use? (choose 2)
1. Data sovereignty
2. Available storage capacity
3. Latency
4. Pricing in local currency
5. Available compute capacity

1. Data sovereignty
3. Latency

• Available capacity is generally not a concern as AWS has a large pool of resources and does not disclose the available capacity in each region
• Pricing for AWS services is in USD

Which feature of AWS allows you to deploy a new application for which the requirements may change over time?
1. Elasticity
2. Fault tolerance
3. Disposable resources
4. High availability

1. Elasticity

• Elasticity allows you to deploy your application without worrying about whether it will need more or less resources in the future. With elasticity, the infrastructure can scale on-demand

The AWS global infrastructure is composed of? (choose 2)
1. Regions
2. Clusters
3. Fault Zones
4. Availability Zones
5. IP subnets

1. Regions
4. Availability Zones

• A Region is a physical location in the world where AWS have multiple AZs
• AZs consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities

What advantages do you get from using the AWS cloud? (choose 2)
1. Trade capital expense for variable expense
2. Stop guessing about capacity
3. Increased capital expenditure
4. Gain greater control of the infrastructure layer
5. Comply with all local security compliance programs

1. Trade capital expense for variable expense
2. Stop guessing about capacity

• The 6 advantages of cloud are:
• 1 Trade capital expense for variable expense
• 2 Benefit from massive economies of scale
• 3 Stop guessing about capacity
• 4 Increase speed and agility
• 5 Stop spending money running and maintaining data centres
• 6 Go global in minutes

What can you use to quickly connect your office securely to your Amazon VPC?
1. Route Table
2. Internet Gateway
3. Direct Connect
4. AWS managed VPN

4. AWS managed VPN

• An AWS managed VPN can be used to quickly connect from an office to an Amazon VPC
• Direct Connect provides high-bandwidth, low-latency connectivity but takes weeks to months to setup (and is much more expensive)

What is the scope of a VPC within a region?
1. Spans all Availability Zones within the region
2. Spans all Availability Zones globally
3. At least 2 subnets per region
4. At least 2 data centers per region

1. Spans all Availability Zones within the region

• VPCs do not span regions, you create VPCs in each region
• VPCs are not limited by subnets, subnets are created within AZs and you can have many subnets in an AZ

Which type of Amazon Elastic Load Balancer operates at layer 7 of the OSI model?
1. Application Load Balancer
2. Network Load Balancer
3. Classic Load Balancer
4. F5 Load Balancer

1. Application Load Balancer

• Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
• Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
• Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7

What architectural best practice aims to reduce the interdependencies between services?
1. Services, Not Servers
2. Removing Single Points of Failure
3. Automation
4. Loose Coupling

4. Loose Coupling

• As application complexity increases, a desirable attribute of an IT system is that it can be broken into smaller, loosely coupled components. This means that IT systems should be designed in a way that reduces interdependencies—a change or a failure in one component should not cascade to other components
• The concept of loose coupling includes “well-defined interfaces” which reduce interdependencies in a system by enabling interaction only through specific, technology-agnostic interfaces (e.g. RESTful APIs)

What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2)
1. Complete control of the hypervisor layer
2. Elastic web-scale computing
3. Inexpensive
4. Fault tolerance
5. High-availability with an SLA of 99.99%

2. Elastic web-scale computing
3. Inexpensive

• Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously
• Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis
• Amazon EC2 does not provide any control of the hypervisor or underlying hardware infrastructure
• EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned with SLAs of 95% for each region

Which type of Elastic Load Balancer operates at the connection layer (layer 4) and supports IP addresses as targets?
1. Application Load Balancer
2. Network Load Balancer
3. Classic Load Balancer
4. ELBs do not support IP addresses as targets

2. Network Load Balancer

• Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
• The NLB and ALB support IP addresses as targets but only the NLB operates at layer 4
• Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
• Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7

What are two ways that moving to an AWS cloud can benefit an organization? (choose 2)
1. Switch to a CAPEX model
2. Increase speed and agility
3. Stop guessing about capacity
4. Depreciate assets over a longer timeframe
5. Gain greater control of data center security

2. Increase speed and agility
3. Stop guessing about capacity

• Cloud is based on an operational expenditure (OPEX) model, not a capital expenditure (CAPEX) model
• Cloud does not provide the ability to depreciate assets over a longer timeframe as you generally do not own the assets
• Though the AWS cloud does provide significant security standards for the data center, you do not get more control as this is an AWS responsibility

Which type of cloud deployment enables customers to leverage the benefits of the public cloud and co-existing with on-premises infrastructure?
1. Public Cloud
2. Private Cloud
3. Hybrid Cloud
4. Legacy IT Infrastructure

3. Hybrid Cloud

• A hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud. The most common method of hybrid deployment is between the cloud and existing on-premises infrastructure to extend, and grow, an organization’s infrastructure into the cloud while connecting cloud resources to the internal system

Which of the facts below are accurate in relation to AWS Regions? (choose 2)
1. Each region consists of 2 or more availability zones
2. Each region consists of a collection of VPCs
3. Each region is designed to be completely isolated from the other Amazon Regions
4. Regions have direct, low-latency, high throughput and redundant network connections between each other
5. Regions are Content Delivery Network (CDN) endpoints for CloudFront

1. Each region consists of 2 or more availability zones
3. Each region is designed to be completely isolated from the other Amazon Regions

• A region is not a collection of VPCs, it is composed of at least 2 AZs. VPCs exist within accounts on a per region basis
• Availability Zones (not regions) have direct, low-latency, high throughput and redundant network connections between each other
• Edge locations are (not regions) are Content Delivery Network (CDN) endpoints for CloudFront

Which configuration changes are associated with scaling vertically? (choose 2)
1. Adding additional EC2 instances through Auto Scaling
2. Adding additional hard drives to a storage array
3. Adding a larger capacity hard drive to a server
4. Distributed processing
5. Changing an EC2 instance to a type that has more CPU and RAM

3. Adding a larger capacity hard drive to a server
5. Changing an EC2 instance to a type that has more CPU and RAM

• Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive or a faster CPU). On Amazon EC2, this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, IO, or networking capabilities
• Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application)

Using AWS terminology, which items can be created in an Amazon S3 bucket? (choose 2)
1. Folders
2. Files
3. Tables
4. Objects
5. Queues

1. Folders
4. Objects

• You can create folders within buckets and can also upload objects
• As S3 is an object store you create objects not files
• Tables and queues cannot be created on S3

A company is planning to migrate some resources into the cloud. What factors need to be considered when determining the cost of the AWS Cloud? (choose 2)
1. The number of VPCs created
2. The number of servers migrated into EC2
3. The number of IAM users created
4. The amount of egress data per month
5. The amount of ingress data per month

2. The number of servers migrated into EC2
4. The amount of egress data per month

• AWS charge for EC2 instances and data egress. There are no charges for VPCs, IAM users or data ingress

What is an example of using loose coupling when designing an information system?
1. Synchronous replication
2. Proprietary interfaces
3. DNS name usage
4. Monolithic application architecture

3. DNS name usage

• DNS names are used for service discovery. In loose coupling disparate resources must have a way of discovering each other without prior knowledge of the network topology
• Asynchronous integration rather than synchronous replication is recommended so an interaction does not require an immediate response
• You should use standard, technology-agnostic interfaces rather than proprietary interfaces where possible
• A monolithic application architecture is not an example of loose coupling

At which layers of the OSI model do the different types of Elastic Load Balancers operate? (choose 2)
1. Network Load Balancer at layer 4
2. Classic Load Balancer at layer 3
3. Application Load Balancer at layer 7
4. Network Load Balancer at layer 3
5. Application Load Balancer at layer 4

1. Network Load Balancer at layer 4
3. Application Load Balancer at layer 7

• Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
• Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data
• Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7

Which configuration changes are associated with scaling horizontally? (choose 2)
1. Adding additional EC2 instances through Auto Scaling
2. Adding a larger capacity hard drive to a server
3. Changing the DB instance class on an RDS DB
4. Adding additional hard drives to a storage array
5. Changing an EC2 instance to a type that has more CPU and RAM

1. Adding additional EC2 instances through Auto Scaling
4. Adding additional hard drives to a storage array

• Scaling horizontally takes place through an increase in the number of resources (e.g., adding more hard drives to a storage array or adding more servers to support an application)
• Scaling vertically takes place through an increase in the specifications of an individual resource (e.g., upgrading a server with a larger hard drive or a faster CPU). On Amazon EC2, this can easily be achieved by stopping an instance and resizing it to an instance type that has more RAM, CPU, IO, or networking capabilities

Which AWS construct provides you with your own dedicated virtual network in the cloud?
1. Amazon Workspaces
2. Amazon EC2
3. Amazon IAM
4. Amazon VPC

4. Amazon VPC

• A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. A VPC is analogous to having your own DC inside AWS. It is logically isolated from other virtual networks in the AWS Cloud
• Amazon WorkSpaces is a managed desktop computing service running on the AWS cloud
• IAM is used to securely control individual and group access to AWS resources
• Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud

Which AWS network element allows you to assign a static IPv4 address to an EC2 instance?
1. Public IP
2. Elastic IP
3. Static IP
4. Dynamic IP

2. Elastic IP

• An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
• An Elastic IP is a public IP however in the AWS cloud an elastic IP is the construct used to assign a public IP to an EC2 instance
• Static IP and dynamic IP are terms used to describe IP addresses (public or private) that are either statically defined or dynamically obtained (through DHCP)

A Solutions Architect is designing an application stack that will be highly elastic. What AWS services can be used that don’t require you to make any capacity decisions upfront? (choose 2)
1. AWS Lambda
2. Amazon EC2
3. Amazon S3
4. Amazon RDS
5. DynamoDB

1. AWS Lambda
3. Amazon S3

• With Amazon S3 you don’t need to specify any capacity at any time, the service scales in both capacity and performance as required
• AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume – there is no charge when your code is not running
• With Amazon EC2 you need to select your instance sizes and number of instances
• With RDS you need to select the instance size for the DB
• With DynamoDB you need to specify the read/write capacity of the DB

What is a Resource Group?
1. A collection of resources within a VPC
2. A collection of resources that share one or more tags
3. A collection of services within a category
4. A collection of services within a region

2. A collection of resources that share one or more tags

• A resource group is a collection of resources that share one or more tags or portions of tags. To create a resource group, you simply identify the tags that contain the items that members of the group should have in common

What are the benefits of using the AWS Managed Services? (choose 2)
1. Alignment with ITIL processes
2. Managed applications so you can focus on infrastructure
3. Baseline integration with ITSM tools
4. Designed for small businesses
5. Support for all AWS services

1. Alignment with ITIL processes
3. Baseline integration with ITSM tools

• AWS Managed Services manages the daily operations of your AWS infrastructure in alignment with ITIL processes
• AWS Managed Services provides a baseline integration with IT Service Management (ITSM) tools such as the ServiceNow platform
• AWS Managed Services provides ongoing management of your AWS infrastructure so you can focus on your applications
• AWS Managed Services is designed to meet the needs of Enterprises
• AWS Managed Services currently supports the 20+ services most critical for Enterprises, and will continue to expand our list of integrated AWS services

Virtual servers such as EC2 instances are examples of services delivered under which cloud model?
1. IaaS
2. PaaS
3. DBaaS
4. SaaS

1. IaaS

• Infrastructure as a Service (IaaS) contains the basic building blocks for cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space
• Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications
• Software as a Service (SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications
• Database as a Service (DBaaS) is a type of PaaS in which a managed database is offered for consumption

Which of the options below are recommendations in the performance efficiency pillar of the well-architected framework? (choose 2)
1. Democratize advanced technologies
2. Go global in days
3. Use serverless architectures
4. Rarely experiment
5. Mechanical complexity

1. Democratize advanced technologies
3. Use serverless architectures

• The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve
• There are five design principles for performance efficiency in the cloud:
– Democratize advanced technologies
– Go global in minutes
– Use serverless architectures
– Experiment more often
– Mechanical sympathy

What are Edge locations used for?
1. They are used for terminating VPN connections
2. They host a CDN called CloudFront
3. They are the public-facing APIs for Amazon S3
4. They are used by regions for inter-region connectivity

2. They host a CDN called CloudFront

• An edge location is used by CloudFront as is the location where content is cached (separate to AWS regions/AZs). Requests are automatically routed to the nearest edge location. Edge locations are not tied to Availability Zones or regions

Which of the options below are recommendations in the cost optimization pillar of the well-architected framework? (choose 2)
1. Adopt a consumption model
2. Adopt a capital expenditure model
3. Start spending money on data center operations
4. Analyze and attribute expenditure
5. Manage your services independently

1. Adopt a consumption model
4. Analyze and attribute expenditure

• The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or suboptimal resource
• There are five design principles for cost optimization in the cloud:
– Adopt a consumption model
– Measure overall efficiency
– Stop spending money on data center operations
– Analyze and attribute expenditure
– Use managed services to reduce cost of ownership

Which statement best describes elasticity in the cloud?
1. The ability to scale resources up or down and only pay for what you use
2. The ability for a system to recover from the failure of a single component
3. A flexible model of code development that results in faster deployment times
4. A pricing model that allows upfront payments and term commitments to reduce cost

1. The ability to scale resources up or down and only pay for what you use

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/architecting-for-the-cloud/

What are the advantages of Availability Zones? (choose 2)
1. They allow regional disaster recovery
2. They provide fault isolation
3. They enable the caching of data for faster delivery to end users
4. They are connected by low-latency network connections
5. They enable you to connect your on-premises networks to AWS to form a hybrid cloud

2. They provide fault isolation
4. They are connected by low-latency network connections

• Each AWS region contains multiple distinct locations called Availability Zones (AZs). Each AZ is engineered to be isolated from failures in other AZs. An AZ is a data center, and in some cases, an AZ consists of multiple data centers. AZs within a region provide inexpensive, low-latency network connectivity to other zones in the same region. This allows you to replicate your data across data centers in a synchronous manner so that failover can be automated and be transparent for your users
• An AZ enables fault tolerance and high availability for your applications within a region not across regions
• CloudFront is the technology that is used to enable caching of data for faster delivery to end users
• Direct Connect is the technology that is used to connect your on-premises network to AWS to form a hybrid cloud

Which descriptions are correct regarding cloud deployment models? (choose 2)
1. With the public cloud the consumer organization typically owns and manages the infrastructure
2. With the private cloud the consumer organization typically incurs OPEX costs for usage
3. With the hybrid cloud, multiple private clouds are connected
4. With the public cloud the consumer organization typically incurs OPEX costs for usage
5. With the private cloud the consumer organization typically owns and manages the infrastructure

4. With the public cloud the consumer organization typically incurs OPEX costs for usage
5. With the private cloud the consumer organization typically owns and manages the infrastructure

• With public cloud the consumer organization typically incurs OPEX costs as they do not own the infrastructure and just pay usage costs
• With the private cloud the consumer organization typically owns the infrastructure and will often manage it themselves or use a third-party organization to manage it for them. This model is largely CAPEX driven
• Hybrid clouds are created when you connect private and public clouds together

Which of the following statements are correct regarding Elastic Network Interfaces (ENIs)? (choose 2)
1. Additional ENIs can be detached from an instance and attached to another instance
2. The primary ENI is identified as “eth0”
3. The primary ENI can be detached from an instance and attached to another instance
4. The attributes of an ENI do not follow it when moved between instances
5. The primary ENI is identified as “eth2”

1. Additional ENIs can be detached from an instance and attached to another instance
2. The primary ENI is identified as “eth0”

• An elastic network interface (referred to as anetwork interface in this documentation) is a logical networking component in a VPC that represents a virtual network card
• You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow it as it’s attached or detached from an instance and reattached to another instance. When you move a network interface from one instance to another, network traffic is redirected to the new instance
• Every instance in a VPC has a default network interface, called theprimary network interface (eth0). You cannot detach a primary network interface from an instance. You can create and attach additional network interfaces

Which of the options below are recommendations in the reliability pillar of the well-architected framework? (choose 2)
1. Use ad-hoc recovery procedures
2. Automatically recover from failure
3. Scale vertically to increase aggregate system availability
4. Attempt to accurately estimate capacity requirements
5. Manage change in automation

2. Automatically recover from failure
5. Manage change in automation

• The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues
• There are five design principles for reliability in the cloud:
– Test recovery procedures
– Automatically recover from failure
– Scale horizontally to increase aggregate system availability
– Stop guessing capacity
– Manage change in automation

Which of the following represent economic advantages of moving to the AWS cloud? (choose 2)
1. Reduce the need to manage applications
2. Increase efficiencies through automation
3. Reduce the rate of change
4. Reduce the need to manage infrastructure
5. Increase time to market for new applications

2. Increase efficiencies through automation
4. Reduce the need to manage infrastructure

• With the AWS Cloud you can increase efficiency through the use of automation and reduce the need to manage infrastructure, allowing you to concentrate on managing applications instead
• You do not reduce the need to manage applications in most cases.
• Reducing the rate of change is not something organization’s strive for in the cloud (usually faster development cycles are preferred) so it does not represent a valid economic advantage
• You want to reduce not increase time to market for new applications

At what level is an Internet Gateway attached in the AWS infrastructure?
1. Availability Zone
2. Subnet
3. VPC
4. Region

3. VPC

• Internet Gateways are attached at the VPC level and then referenced in route tables that are associated with subnets

Under the AWS shared responsibility model what is AWS responsible for? (choose 2)
1. Physical security of the data center
2. Replacement and disposal of disk drives
3. Configuration of security groups
4. Patch management of operating systems
5. Encryption of customer data

1. Physical security of the data center
2. Replacement and disposal of disk drives

• AWS are responsible for “Security of the Cloud”
• Customers are responsible for “Security in the Cloud”
• AWS are responsible for items such as the physical security of the DC, replacement of old disk drives, and patch management of the infrastructure
• Customers are responsible for items such as configuring security groups, network ACLs, patching their operating systems and encrypting their data

Which of the options below are recommendations in the security pillar of the well-architected framework? (choose 2)
1. Enable traceability
2. Apply security at the application layer
3. Automate security best practices
4. Protect data when it is at rest only
5. Expect to be secure

1. Enable traceability
3. Automate security best practices

• The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies
• There are six design principles for security in the cloud:
– Implement a strong identity foundation
– Enable traceability
– Apply security at all layers
– Automate security best practices
– Protect data in transit and at rest
– Prepare for security events

Which of the advantages of cloud listed below is most closely addressed by the capabilities of AWS Auto Scaling?
1. Benefit from massive economies of scale
2. Stop guessing about capacity
3. Stop spending money running and maintaining data centers
4. Go global in minutes

2. Stop guessing about capacity

• AWS Auto Scaling helps you to adapt to the demand for you application and scale up and down as needed. This means you don’t have to guess capacity upfront as you can provision what you need and allows Auto Scaling to manage the scaling

Which statement is correct in relation to the AWS Shared Responsibility Model?
1. Customers are responsible for security of the cloud
2. AWS are responsible for encrypting customer data
3. Customers are responsible for patching storage systems
4. AWS are responsible for the security of regions and availability zones

4. AWS are responsible for the security of regions and availability zones

• AWS are responsible for “Security of the Cloud”. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services, and this includes regions, availability zones and edge locations
• Customers are responsible for “Security in the Cloud”. This includes encrypting customer data, patching operating systems but not patching or maintaining the underlying infrastructure

Which of the options below are recommendations in the reliability pillar of the well-architected framework? (choose 2)
1. Test recovery procedures
2. Manually recover from failure
3. Scale vertically using big systems
4. Stop guessing about capacity
5. Manage change in manual processes

1. Test recovery procedures
4. Stop guessing about capacity

• The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues
• There are five design principles for reliability in the cloud:
– Test recovery procedures
– Automatically recover from failure
– Scale horizontally to increase aggregate system availability
– Stop guessing capacity
– Manage change in automation

What is the scope of an Amazon Virtual Private Cloud (VPC)?
1. It spans multiple subnets
2. It spans a single CIDR block
3. It spans all Availability Zones in all regions
4. It spans all Availability Zones within a region

4. It spans all Availability Zones within a region

• A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. A VPC spans all the Availability Zones in the region
• You can have multiple CIDR blocks in a VPC
• A VPC spans AZs, subnets are created within AZs

What are two components of Amazon S3? (choose 2)
1. Buckets
2. Directories
3. Objects
4. File systems
5. Block devices

1. Buckets
3. Objects

• Amazon S3 is an object-based storage system that is accessed using a RESTful API over HTTP(S). It consists of buckets, which are root level folders, and objects, which are the files, images etc. that you upload
• The terms directory, file system and block device do not apply to S3

Which type of connection should be used to connect an on-premises data center with the AWS cloud that is high speed, low latency and does not use the Internet?
1. AWS Managed VPN
2. VPC Endpoints
3. Direct Connect
4. IPSec VPN

3. Direct Connect

• AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network. Direct Connect is high bandwidth, and low latency
• The AWS Managed VPN (which is a type of IPSec VPN) is fast to setup but uses the public Internet and therefore latency is not as good and is unpredictable
• VPC endpoint enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies

What are two examples of the advantages of cloud computing? (choose 2)
1. Trade operating costs for capital costs
2. Benefit from massive economies of scale
3. Increase speed and agility
4. Trade variable expense for capital expense
5. Secure data centers

2. Benefit from massive economies of scale
3. Increase speed and agility

• The 6 advantages of cloud AWS discuss are:
– Trade capital expense for variable expense
– Benefit from massive economies of scale
– Stop guessing about capacity
– Increase speed and agility
– Stop spending money running and maintaining data centers
– Go global in minutes
• Secure data centers are not a reason to move to the cloud. Your on-premises data centers should also be secure

Which Amazon EC2 feature provides a static IPv4 public IP address that does not change when the instance is rebooted?
1. Elastic IP
2. Dynamic IP
3. Elastic Network
4. Static IP

1. Elastic IP

• An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. Elastic IP addresses do not change when the instance is rebooted and can be moved between instances as required
• All other answers are bogus

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

Your organization is looking to expand into the cloud for their web presence and development and test environments. Production systems will remain on-premises. What cloud computing model will best suit the organization?
1. Private
2. Public
3. Hybrid
4. PaaS

3. Hybrid

• A hybrid cloud computing model includes services deployed in private clouds and public clouds. This model suits the businesses requirements
• Platform as a Service (PaaS) is a type service offering rather than a cloud computing model

Which of the following is an advantage of cloud computing compared to deploying your own infrastructure on-premise?
1. Flexibility to choose your own hardware
2. Ability to choose bespoke infrastructure configurations
3. Paying only for what you use
4. Spend using a CAPEX model

3. Paying only for what you use

• With AWS you only pay for what you use. However, you cannot choose your own hardware/infrastructure and the payment model is operational (OPEX) not capital (CAPEX)

What team is available to support AWS customers on an Enterprise support plan?
1. AWS Technical Account Manager
2. AWS Concierge
3. AWS Billing and Accounts
4. AWS Technical Support

2. AWS Concierge

• Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-billing-and-pricing/
• https://aws.amazon.com/premiumsupport/features/

What are the primary benefits of using AWS Elastic Load Balancing? (choose 2)
1. High availability
2. Elasticity
3. Automation
4. Caching
5. Regional resilience

1. High availability
2. Elasticity

• High availability – ELB automatically distributes traffic across multiple EC2 instances in different AZs within a region
• Elasticity – ELB is capable of handling rapid changes in network traffic patterns
• An ELB can distribute incoming traffic across your Amazon EC2 instances in a single Availability Zone or multiple Availability Zones, but not across regions (for regional resilience)
• Automation is not a primary benefit of ELB
• Caching is not a benefit of ELB

Under the AWS Shared Responsibility Model, which of the following is the customer NOT responsible for?
1. Adding firewall rules to security groups and network ACLs
2. Applying encryption to data stored on an EBS volume
3. Applying bucket policies to share Amazon S3 data
4. Installing firmware updates on host servers

4. Installing firmware updates on host servers

• AWS customers are not responsible for installing firmware updates on the underlying infrastructure
• AWS customers must protect their AWS services through policies, encryption, and firewall rules

Which of the following constitute the five pillars for the AWS Well-Architected Framework? (choose 2)
1. Operational excellence, security, and reliability
2. Operational excellence, elasticity and scalability
3. Cost prioritization, and cost optimization
4. Data consistency, and cost optimization
5. Performance efficiency, and cost optimization

1. Operational excellence, security, and reliability
5. Performance efficiency, and cost optimization

• The five pillars of the AWS Well-Architected Framework are operational excellence, security, reliability, performance efficiency, and cost optimization

What is the relationship between subnets and availability zones?
1. You can create one or more subnets within each availability zone
2. Subnets span across multiple availability zones
3. You can create one subnet per availability zone
4. Subnets contain one or more availability zones

1. You can create one or more subnets within each availability zone

• You can create one or more subnets within each availability zone but subnets cannot span across availability zones

What is an Edge location?
1. A public endpoint for Amazon S3
2. A content delivery network (CDN) endpoint for CloudFront
3. A virtual private gateway for VPN
4. A VPC peering connection endpoint

2. A content delivery network (CDN) endpoint for CloudFront

• Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. There are many more edge locations than regions

Which AWS services have a global (rather than regional) scope? (choose 2)
1. Amazon S3
2. AWS WAF
3. AWS Lambda
4. AWS CloudFront
5. Amazon EFS

2. AWS WAF
4. AWS CloudFront

• AWS WAF and AWS CloudFront are both services that are global in scope. When you configure these services in the AWS management console you will see that the scope is set to “Global”
• All other services listed are regional in scope. When you configure these through the AWS management console you will need to select a region and will see the name of the region listed instead of “Global”
• NOTE: S3 uses a global namespace, meaning that bucket names must be unique globally. However, you still create buckets within a region

What are two benefits of using AWS Lambda? (choose 2)
1. No servers to manage
2. Integrated snapshots
3. Continuous scaling (scale out)
4. Flexible operating system choices
5. Open source software

1. No servers to manage
3. Continuous scaling (scale out)

• With AWS Lambda you don’t have any servers to manage (serverless). Lambda functions scale out rather than up by creating additional functions
• You do not have integrated snapshots (or any persistent storage) with Lambda
• You do not manage the operating system on which the functions run so have no choice of software
• Lambda is AWS proprietary not open source

Why would a company choose a NAT Gateway over a NAT instance? (choose 2)
1. They can be additionally used as bastion hosts
2. You can use security groups to assign firewall rules to them
3. They are managed by AWS, not by you
4. Can be used for port forwarding
5. They are elastically scalable

3. They are managed by AWS, not by you
5. They are elastically scalable

• NAT Gateways are elastically scalable, managed by AWS, and provide automatic HA.
• You cannot assign a NAT Gateway to a security group, use them as bastion hosts, or configure port forwarding

Which cloud model should a company use for an application that has a requirement for a bespoke, specialized hardware configuration?
1. Private
2. Public
3. Hybrid
4. SaaS

1. Private

• You cannot choose the hardware stack in the public cloud so if you have an application that requires access to bespoke, specialized hardware you need to build it on-premise in a private cloud
• Hybrid could be an option if other components of the application, such as a web front-end, can run in a public cloud
• Software as a Service (SaaS) is a type of cloud service that delivers a managed application

At which layer of the OSI model does a Classic Load Balancer operate at?
1. Layer 3
2. Layer 4
3. Layer 7
4. Layer 4 & 7

4. Layer 4 & 7

• Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7
• Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request
• Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data

In Amazon EC2, which types of Placement Groups are available? (choose 2)
1. Cluster
2. Affinity
3. Proximity
4. Spread
5. Zone

1. Cluster
4. Spread

• Placement groups are a logical grouping of instances in one of the following configurations:
– A cluster placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both, and if the majority of the network traffic is between the instances in the group
– A spread placement group is a group of instances that are each placed on distinct underlying hardware. Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other

How can a company connect from their on-premises network to VPCs in multiple regions using private connections?
1. AWS Managed VPN
2. AWS Direct Connect Gateway
3. Amazon CloudFront
4. Inter-Region VPC Peering

2. AWS Direct Connect Gateway

• You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different Regions
• AWS Managed VPN uses the public Internet and is therefore not a private connection
• Amazon CloudFront is a content delivery network used for caching data
• Inter-Region VPC peering does not help you to connect from an on-premise network

Which AWS components aid in the construction of fault-tolerant applications? (choose 2)
1. Elastic IP addresses
2. ARNs
3. AMIs
4. Tags
5. Block device mappings

1. Elastic IP addresses
3. AMIs

• Elastic IP addresses can be easily remapped between EC2 instances in the event of a failure. Amazon Machine Images (AMIs) can be used to quickly launch replacement instances when there is a failure
• Amazon Resource Names (ARNs), tags and block device mappings don’t really help with fault tolerance

Which of the following are advantages of using the AWS cloud computing over legacy IT? (choose 2)
1. You are able to pass responsibility for the availability of your application to AWS
2. You don’t need to worry about over provisioning as you can elastically scale
3. You don’t need to patch your operating systems
4. You can bring new applications to market faster
5. You can bring services closer to your end users

2. You don’t need to worry about over provisioning as you can elastically scale
4. You can bring new applications to market faster

• With cloud computing you no longer need to guess about capacity as you can elastically scale. This means you don’t end up overprovisioning but instead react to the load on your servers. You can also be faster and more agile with development and release of applications
• You do not pass responsibility for your application to AWS. AWS runs the infrastructure but you still manage the application
• You still need to patch your own operating systems
• The cloud is centralized so you won’t necessarily bring services closer to your end users

How can a company connect their EC2 instances in one region with EC2 instances in another region using private IP addresses?
1. Inter-Region VPC Peering
2. AWS Direct Connect
3. AWS Managed VPN
4. VPC Peering

1. Inter-Region VPC Peering

• Amazon EC2 now allows peering relationships to be established between Virtual Private Clouds (VPCs) across different AWS regions. Inter-Region VPC Peering allows VPC resources like EC2 instances, RDS databases and Lambda functions running in different AWS regions to communicate with each other using private IP addresses, without requiring gateways, VPN connections or separate network appliances
• VPC Peering is used to peer VPCs within the same region
• AWS Direct Connect is a private connection from an on-premise network to an AWS region, it does not enable connectivity between regions (unless you use Direct Connect Gateway)

Which of the following descriptions is incorrect in relation to the design of Availability Zones?
1. AZ’s have direct, low-latency, high throughput and redundant network connections between each other
2. Each AZ is designed as an independent failure zone
3. AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains
4. Each subnet in a VPC is mapped to all AZs in the region

4. Each subnet in a VPC is mapped to all AZs in the region

• Subnets are created within a single AZ and do not get mapped to multiple AZs

When designing a VPC, what is the purpose of an Internet Gateway?
1. Provides Internet access for EC2 instances in private subnets
2. Enables Internet communications for instances in public subnets
3. It’s a bastion host for inbound management connections
4. It’s used for making VPN connections to a VPC

2. Enables Internet communications for instances in public subnets

• An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic
• An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses
• You cannot use an Internet Gateway as a bastion host, deploy an EC2 instance in a public subnet for this purpose
• You cannot connect instances in a private subnet to the Internet using an Internet Gateway, you need a NAT Gateway or NAT Instance for this purpose
• You cannot use the Internet Gateway for making VPN connections to a VPC, you need a Virtual Private Gateway for this purpose

How can a company protect their Amazon S3 data from a regional disaster?
1. Archive to Amazon Glacier
2. Use Cross-Region Replication (CRR) to copy to another region
3. Use lifecycle actions to move to another S3 storage class
4. Enable Multi-Factor Authentication (MFA) delete

2. Use Cross-Region Replication (CRR) to copy to another region

• The only option here that will help is to use CRR to copy the data to another region. This will provide disaster recovery
• Moving to Glacier or another S3 storage class does not copy the data out of the region
• Enabling MFA delete will not protect the data from a regional disaster

Which AWS service is part of the suite of “serverless” services and runs code as functions?
1. Amazon ECS
2. Amazon EKS
3. AWS Lambda
4. AWS CodeCommit

3. AWS Lambda

• AWS Lambda is aserverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function”
• Amazon ECS and EKS are both used for running software containers such as Docker containers
• AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories

What type of cloud computing service type do AWS Elastic Beanstalk and Amazon RDS correspond to?
1. IaaS
2. PaaS
3. SaaS
4. Hybrid

2. PaaS

• Both Elastic Beanstalk and RDS are services that are managed at the platform level meaning you don’t need to manage the infrastructure level yourself. Therefore, tasks like OS management and patching are performed for you
• IaaS is a model where the underlying hardware platform and hypervisor are managed for you and you are delivered tools and interfaces for working with operating system instances
• SaaS is a model where the whole stack is managed for you right up to the application and you are delivered working software that you can customize and populate with data
• Hybrid is a type of cloud delivery model in which you consume both public and private cloud and connect the two together

What is an example of scaling vertically?
1. AWS Auto Scaling adding more EC2 instances
2. AWS Lambda adding concurrently executing functions
3. Increasing the instance size with Amazon RDS
4. Adding read replicas to an Amazon RDS database

3. Increasing the instance size with Amazon RDS

• A good example of vertical scaling is changing the instance size of an EC2 instance or RDS database to one with more CPU and RAM
• All of the other options are examples of scaling horizontally

You are evaluating AWS services that can assist with creating scalable application environments. Which of the statements below best describes the Elastic Load Balancer service?
1. Helps you ensure that you have the correct number of Amazon EC2 instances available to handle the load for your application
2. A highly available and scalable Domain Name System (DNS) service
3. Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
4. A network service that provides an alternative to using the Internet to connect customers’ on-premise sites to AWS

3. Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses

• Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses
• Elastic Load Balancing provides fault tolerance for applications by automatically balancing traffic across targets – Amazon EC2 instances, containers and IP addresses – and Availability Zones while ensuring only healthy targets receive traffic

What are two of the core concepts related to Amazon SNS? (choose 2)
1. Topics
2. Conversations
3. Subscriptions
4. Templates
5. Tables

1. Topics
3. Subscriptions

• The core concepts of SNS are:
– Topics – how you label and group different endpoints that you send messages to
– Subscriptions – the endpoints that a topic sends messages to
– Publishers – the person/alarm/event that gives SNS the message that needs to be sent

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/notification-services/

A Solutions Architect needs to design a cloud-native application architecture using AWS services. What is a typical use case for Amazon Simple Queue Service (SQS)?
1. Providing fault tolerance for EC2 instances
2. Co-ordination of work items between different human and non-human workers
3. Decoupling application components to ensure that there is no dependency on the availability of a single component
4. Running serverless processes as functions

3. Decoupling application components to ensure that there is no dependency on the availability of a single component

• Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications

• https://digitalcloud.training/certification-training/aws-solutions-architect-associate/application-integration/amazon-sqs/

Which of the statements below does not characterize cloud computing?
1. Cloud computing is the on-demand delivery of compute power
2. With cloud computing you get to benefit from massive economies of scale
3. Cloud computing allows you to swap variable expense for capital expense
4. With cloud computing you can increase your speed and agility

3. Cloud computing allows you to swap variable expense for capital expense

• Cloud computing is not a one-off capital expense, it is an ongoing operating expense. The caveat to this is that if you purchase reserved capacity you have an option to partially or fully pay upfront. however, it is still an operating cost as you do not own and depreciate the assets

What are the advantages of running a database service such as Amazon RDS in the cloud versus deploying on-premise? (choose 2)
1. You have full control of the operating system and can install your own operational tools
2. Scalability is improved as it is quicker to implement and there is an abundance of capacity
3. You can use any database software you like, allowing greater flexibility
4. High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ
5. There are no costs for replicating data between DBs in different data centers or regions

2. Scalability is improved as it is quicker to implement and there is an abundance of capacity
4. High availability is easier to implement due to built-in functionality for deploying read replicas and multi-AZ

• The advantages of using Amazon RDS include being able to easily scale by increasing your instance type without having to go through a long procurement cycle for getting new hardware or worrying about whether capacity exists on your existing private cloud infrastructure. You can also implement fault tolerance and scalability features through multi-AZ and read replicas easily
• With Amazon RDS you do not have control of the operating system and you cannot use any database software you like as you are restricted to a list of several engines. There are costs for replicating data between AZs and regions so this must be taken into account in any cost analysis

Which of the following are pillars from the five pillars of the AWS Well-Architected Framework? (Choose 2)
1. Resilience
2. Operational excellence
3. Confidentiality
4. Economics
5. Performance efficiency

2. Operational excellence
5. Performance efficiency

• The five pillars of the AWS Well-Architected Framework are operation excellence, security, reliability, performance efficiency, and cost optimization

Under the AWS Shared Responsibility Model, who is responsible for what? (choose 2)
1. Customers are responsible for compute infrastructure
2. AWS are responsible for network and firewall configuration
3. Customers are responsible for networking traffic protection
4. AWS are responsible for networking infrastructure
5. Customers are responsible for edge locations

3. Customers are responsible for networking traffic protection
4. AWS are responsible for networking infrastructure

• Customers are responsible for networking traffic protection
• AWS are responsible for networking infrastructure
• AWS are responsible for compute infrastructure
• Customers are responsible for network and firewall configuration
• AWS are responsible for edge locations

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-shared-responsibility-model/

Which type of scaling does AWS Auto Scaling provide?
1. Vertical
2. Linear
3. Horizontal
4. Incremental

3. Horizontal

• AWS Auto Scaling scales horizontally by adding additional compute instances

• https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/architecting-for-the-cloud/