AWS Final Exam Study UPDATED Study
Guide QUESTIONS AND CORRECT
ANSWERS
Choose the incorrect statement
Select one:
a. The benefit of using an unmanaged service is that you can have more control
over how your solution may handle changes in loads
b. Managed services require the user to configure them
c. Managed services require the user to configure them
d. Snapshots cannot be used with RDS DB instances - CORRECT ANSWERS
d. Snapshots cannot be used with RDS DB instances
How many security groups can you attach to a single instance in a VPC?
Select one:
a. None, security groups aren't attached to instances.
b. One or more
c. two or more
d. One
e. Three - CORRECT ANSWERS b. One or more
What acts like your own cloud expert in AWS, providing recommendations for
greater security based on your existing configurations?
Select one:
a. Trusted Advisor
b. Cloud Config
c. ELB
d. Config - CORRECT ANSWERS a. Trusted Advisor
,In AWS IAM, permissions are defined using
Select one:
a. Roles
b. Security Groups
c. Policies
d. Unique passwords - CORRECT ANSWERS c. Policies
At what OSI layer does a network load balancer operate?
Select one:
a. 4
b. 7
c. Both 4 and 7
d. Physical
e. TCP - CORRECT ANSWERS a. 4
Which service can identify the user that made the API call when an Amazon
Elastic Compute Cloud (Amazon EC2) instance is terminated?
Select one:
a. AWS CloudWatch
b. AWS CloudConfig
c. AWS CloudTrail
d. AWS Identity and Access Management (AWS IAM) - CORRECT
ANSWERS c. AWS CloudTrail
On which of the following does AWS Trusted Advisor not provide
recommendations?
,Select one:
a. Reducing cost
b. Improving fault tolerance
c. Improving security
d. Organizing accounts - CORRECT ANSWERS d. Organizing accounts
What's the most cost-effective way to view and search only the last 60 days of
management API events on your AWS account?
Select one:
a. Use CloudTrail event history.
b. Create a trail.
c. Stream CloudTrail logs to CloudWatch.
d. Use CloudWatch Events.
e. Use Config logs - CORRECT ANSWERS a. Use CloudTrail event
history.
You want to provide maximum protection against data in your S3 object storage
being deleted accidentally. What steps should you take? (Choose two.)
Select one or more:
a. Enable versioning on your S3 buckets.
b. Turn on MFA Delete on your S3 buckets.
c. Enable versioning in CloudWatch's S3 API.
d. Remove IAM permissions for deleting objects for all users. - CORRECT
ANSWERS a,b. Enable versioning on your S3 buckets & Turn on MFA
Delete on your S3 buckets
With how many subnets can a NACL be associated?
Select one:
a. 1
, b. 1 or more
c. A NACL is associated with instances, not subnets.
d. A NACL is associated with VPCs, not subnets. - CORRECT ANSWERS
b. 1 or more
Which of the following are SQL-based options in RDS? (Choose two.)
Select one or more:
a. Aurora
b. MariaDB
c. Redshift
d. DyanamoDB - CORRECT ANSWERS a,b. Aurora & MariaDB
In a high security environment, what should you do with privileged user
accounts?
Select one:
a. Store credentials in an S3 bucket
b. Create roles that mimic the accounts
c. Use MFA with these accounts
d. Share the access keys with other accounts that require access - CORRECT
ANSWERS c. Use MFA with these accounts
Choose the incorrect statement
Select one:
a. With AWS IAM there are two different types of access you can assign users:
Programmatic access, AWS Management Console access, or both
b. An access key consists of a public-key an a private key
Guide QUESTIONS AND CORRECT
ANSWERS
Choose the incorrect statement
Select one:
a. The benefit of using an unmanaged service is that you can have more control
over how your solution may handle changes in loads
b. Managed services require the user to configure them
c. Managed services require the user to configure them
d. Snapshots cannot be used with RDS DB instances - CORRECT ANSWERS
d. Snapshots cannot be used with RDS DB instances
How many security groups can you attach to a single instance in a VPC?
Select one:
a. None, security groups aren't attached to instances.
b. One or more
c. two or more
d. One
e. Three - CORRECT ANSWERS b. One or more
What acts like your own cloud expert in AWS, providing recommendations for
greater security based on your existing configurations?
Select one:
a. Trusted Advisor
b. Cloud Config
c. ELB
d. Config - CORRECT ANSWERS a. Trusted Advisor
,In AWS IAM, permissions are defined using
Select one:
a. Roles
b. Security Groups
c. Policies
d. Unique passwords - CORRECT ANSWERS c. Policies
At what OSI layer does a network load balancer operate?
Select one:
a. 4
b. 7
c. Both 4 and 7
d. Physical
e. TCP - CORRECT ANSWERS a. 4
Which service can identify the user that made the API call when an Amazon
Elastic Compute Cloud (Amazon EC2) instance is terminated?
Select one:
a. AWS CloudWatch
b. AWS CloudConfig
c. AWS CloudTrail
d. AWS Identity and Access Management (AWS IAM) - CORRECT
ANSWERS c. AWS CloudTrail
On which of the following does AWS Trusted Advisor not provide
recommendations?
,Select one:
a. Reducing cost
b. Improving fault tolerance
c. Improving security
d. Organizing accounts - CORRECT ANSWERS d. Organizing accounts
What's the most cost-effective way to view and search only the last 60 days of
management API events on your AWS account?
Select one:
a. Use CloudTrail event history.
b. Create a trail.
c. Stream CloudTrail logs to CloudWatch.
d. Use CloudWatch Events.
e. Use Config logs - CORRECT ANSWERS a. Use CloudTrail event
history.
You want to provide maximum protection against data in your S3 object storage
being deleted accidentally. What steps should you take? (Choose two.)
Select one or more:
a. Enable versioning on your S3 buckets.
b. Turn on MFA Delete on your S3 buckets.
c. Enable versioning in CloudWatch's S3 API.
d. Remove IAM permissions for deleting objects for all users. - CORRECT
ANSWERS a,b. Enable versioning on your S3 buckets & Turn on MFA
Delete on your S3 buckets
With how many subnets can a NACL be associated?
Select one:
a. 1
, b. 1 or more
c. A NACL is associated with instances, not subnets.
d. A NACL is associated with VPCs, not subnets. - CORRECT ANSWERS
b. 1 or more
Which of the following are SQL-based options in RDS? (Choose two.)
Select one or more:
a. Aurora
b. MariaDB
c. Redshift
d. DyanamoDB - CORRECT ANSWERS a,b. Aurora & MariaDB
In a high security environment, what should you do with privileged user
accounts?
Select one:
a. Store credentials in an S3 bucket
b. Create roles that mimic the accounts
c. Use MFA with these accounts
d. Share the access keys with other accounts that require access - CORRECT
ANSWERS c. Use MFA with these accounts
Choose the incorrect statement
Select one:
a. With AWS IAM there are two different types of access you can assign users:
Programmatic access, AWS Management Console access, or both
b. An access key consists of a public-key an a private key
