1. Which type of cloud service model is most like an on-premises environment, where you configure virtual infrastructure components such as compute, network, and storage services that you can host your applications on?
   1. Software as a Service (SaaS)
   2. Platform as a Service (PaaS)
   3. Infrastructure as a Service (IaaS)
   4. Function as a Service (FaaS)
2. Your company is looking to move all its applications and services to the cloud but would like to migrate workloads in stages. This would require you to ensure that there is connectivity between the on-premises infrastructure and the applications you deploy on AWS for a while. What cloud deployment model would you need to establish?
   1. Private cloud
   2. Public cloud
   3. Hybrid cloud
   4. Multi-cloud
3. Which of the following statements are valid reasons for choosing a specific AWS Region to deploy your applications in? (Choose two)
   1. Your organization would choose a specific AWS Region that enables you to ensure that your applications are closer to your end users, thereby reducing any latency.
   2. If your organization has specific compliance or data residency laws to follow, then your choice of an AWS Region will be dictated by this requirement.
   3. Your organization would choose a Region closer to its location since your IT staff will need to visit the AWS data centers to set up servers and networking equipment.
   4. Your organization would choose a Region-based location where your business has an established legal presence. This is because you cannot access other Regions unless you have a legal establishment in that Region.
   5. Your organization would select an AWS Region that offered higher variable costs but lower upfront costs.
4. Which component of the AWS Global Infrastructure enables you to cache content (videos, images, and documents) and offer low-latency access when your users try to download them?
   1. AWS Regions
   2. Availability Zones
   3. Edge locations
   4. Local Zones
5. Which of the following AWS services can help you design a hybrid cloud architecture and enable your on-premises applications to get access to Amazon S3 cloud storage?
   1. Amazon Snowball Edge
   2. AWS Storage Gateway
   3. Amazon Elastic Block Store
   4. Amazon CloudFront
6. You are planning on using AWS services to host an application that is still under development, and you need to decide which AWS support plan you should subscribe to. You do not need production-level support currently and are happy with a 12-hour response time for any system-impaired issues. Which is the most cost-effective support plan you should subscribe to?
   1. Basic Support Plan
   2. Developer Support Plan
   3. Business Support plan
   4. Enterprise Support plan
7. Which of the following are regarded as global services on AWS? (Choose two)
   1. AWS IAM
   2. Amazon Route53
   3. Amazon EC2
   4. Amazon EFS
   5. Amazon RDS
8. Which of the following statements closely relates to the advantage of cloud computing that discusses the ability to go global in minutes?
   1. The ability to trade capital expenses for variable expenses and thus avoid huge CAPEX.
   2. The ability to provision resources just in time for when you need them using tools such as Auto Scaling.
   3. The ability to deploy your applications across multiple Regions with just a few mouse clicks.
   4. The ability to focus on experimentation and the development of your applications rather than infrastructure builds, management, and maintenance.
9. Which AWS service can you configure to send out an alert to an email address if your total expenditure crosses a predefined monthly cost?
   1. Set up a billing alarm in Amazon CloudWatch
   2. Set up a billing alarm in Amazon CloudTrail
   3. Set up a billing alarm in Amazon Config
   4. Set up a billing alarm in Amazon Trusted Advisor
10. Which of the following resource types is tied to the Availability Zone that it was launched in?
    1. Elastic Block Store (EBS)
    2. Elastic File Store (EFS)
    3. Amazon Route53 Hosted Zones
    4. Amazon DynamoDB
11. As part of enhancing the security of your AWS account, you need to ensure that all IAM users use complex passwords comprising at least one capital letter, a number, a symbol, and a minimum of 9 characters. Which AWS IAM feature can you use to configure these requirements?
    1. Password policies
    2. Permission boundaries
    3. Service Control Policies (SCPs)
    4. Resource policies
12. As a recommended best practice, what additional authentication security measure can you implement for your root user and IAM users?
    1. Implement MFA.
    2. Implement LastPass.
    3. Implement AWS WAF.
    4. Implement AWS Shield.
13. What is the easiest way to assign permissions to many IAM users who share a common job function?
    1. Create a customer-managed IAM policy and attach the same policies to all IAM users who share a common job function.
    2. Create an IAM Group, add IAM users who share the common job function to that group, and apply an IAM policy to the group with the necessary permissions.
    3. Create an SCP to restrict users who share a common job function for specific permissions.
    4. Create an IAM role with the necessary permissions and assign the role to all IAM users who share the common job function.
14. You have outsourced the development of your application to a third-party provider. This provider will require temporary access to your AWS account to set up the necessary infrastructure and deploy the application. What type of identity should you configure for the provider to use to gain access?
    1. IAM User
    2. IAM Group
    3. IAM role
    4. Root user
15. Which tool on AWS can be used to estimate your monthly costs?
    1. AWS Pricing Calculator
    2. AWS TCO Calculator
    3. AWS Free Tier Calculator
    4. AWS Monthly Calculator
16. You need to differentiate the cost of running different workloads in your AWS account by business unit and department. How you can identify your resources, as well as their owners, in the billing reports generated by AWS?
    1. Designate specific tags as cost allocation tags in the AWS Billing and Cost Management Console.
    2. Set up an SNS alert for each department.
    3. Create a billing alarm.
    4. Configure consolidated billing in AWS Organizations.
17. Which AWS tool enables you to view your Reserved Instance (RI) utilization?
    1. AWS Cost Explorer
    2. AWS Config
    3. AWS CloudTrail
    4. AWS Personal Health Dashboard
18. Which set of credentials do you need to configure for IAM users who need to access your AWS account via the command-line interface (CLI)?
    1. IAM username and password
    2. IAM access key ID and secret access key
    3. IAM MFA
    4. IAM key pairs
19. An application is to be deployed on EC2 instances that will need to access an Amazon S3 bucket to upload any artifacts that are created. Which security option is considered a best practice to grant the application running on the EC2 instances the necessary permissions to upload files to the Amazon S3 bucket?
    1. Create an IAM user account with a set of access keys and assign the required level of permissions using an IAM policy. Hardcode the application with the access keys.
    2. Create an IAM user account with a username and password and assign the required level of permissions using an IAM policy. Hardcode the application with the username and password.
    3. Create an IAM role with the required level of permissions using an IAM policy. Attach the role to the application running on the EC2 instance.
    4. Create an IAM role with the required level of permissions using an IAM policy. Attach the role to the EC2 instances that will host the application.
20. Which AWS service enables you to troubleshoot IAM policies by identifying which set of permissions are allowed and which are denied?
    1. AWS Policy Simulator
    2. AWS Policy Manager
    3. AWS CloudTrail
    4. AWS SCPs
21. As part of your regular compliance processes, you are required to regularly audit the list of your IAM users and review information such as if they have been configured with passwords and access keys, as well as if MFA has been enabled on those accounts. Which AWS IAM service enables you to produce regular reports containing the preceding information?
    1. IAM Credentials Report
    2. IAM MFA Report
    3. AWS CloudWatch
    4. AWS Config
22. Which type of AWS policy enables you to define boundaries against what an IAM user or IAM role can be permitted to do in your AWS account?
    1. IAM policies
    2. Resource-based policies
    3. SCPs
    4. Permission boundaries
23. Which type of AWS policy enables you to control the maximum set of permissions that can be defined for AWS member accounts of an organization?
    1. IAM policies
    2. Resource-based policies
    3. SCPs
    4. Permission boundaries
24. Which of the following Amazon S3 storage classes can help you reduce the cost of storage for objects that are infrequently accessed, and yet still give you instant access when you need it?
    1. Amazon S3 Standard-IA
    2. Amazon S3 Glacier
    3. Amazon S3 Glacier Deep Archive
    4. Amazon S3 Standard
25. You are hosting an Amazon S3 bucket that contains important documents, and you want to enhance security whereby IAM users who try to access the objects can only do so from within the corporate office network. How would you configure your S3 bucket to fulfill this requirement?
    1. Create a resource policy granting the necessary level of access with a condition statement that defines and specifies the corporate office IP block.
    2. Create a resource policy granting the necessary level of access with a condition statement that specifies your corporate IAM users’ accounts.
    3. Create an SCP granting access with a condition statement that specifies the corporate office IP block.
    4. Create an Amazon S3 Access Control List (ACL) with a condition statement that specifies your corporate IAM users’ accounts.
26. Which type of Amazon S3 Storage class is cost-effective when you are unsure of your access patterns for the data contained within the S3 bucket?
    1. Amazon S3 Standard storage class
    2. Amazon S3 Standard-IA storage class
    3. Amazon S3 One-Zone IA
    4. Amazon S3 Intelligent Tiering
27. Your junior colleague accidentally deleted some financial data that was stored in an Amazon S3 bucket. How can you prevent such accidental deletions of data in Amazon S3?
    1. Do not give junior administrators access to Amazon S3.
    2. Set up Amazon S3 Versioning on your S3 bucket.
    3. Set up Amazon S3 Lifecycle Management.
    4. Set up Amazon S3 Termination Protection.
28. Which feature of Amazon S3 enables you to create a secondary copy of your objects in a given S3 bucket that will be stored in a different Region for compliance purposes?
    1. Amazon S3 Cross-Region Replication (CRR)
    2. Amazon S3 Same Region Replication
    3. Amazon S3 Versioning
    4. Amazon S3 Multi-Copy
29. Company policy dictates that objects stored in Amazon S3 must be encrypted at rest. It is also mandated that your choice of encryption should offer an auditing feature that shows when your Customer Master Key (CMK) was used and by whom. Which type of Amazon S3 encryption option will you need to configure to fulfill the requirements?
    1. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
    2. Client-Side Encryption
    3. Server-Side Encryption with KMS keys stored in AWS Key Management Service (SSE-KMS) Bitlocker
30. You need to retrieve a small subset of some archive data urgently to resolve a pending investigation. The data is stored in the Amazon S3 Glacier storage class. Which retrieval option can use to access the data urgently?
    1. Standard retrieval option
    2. Expedited retrieval option
    3. Bulk retrieval option
    4. Power retrieval option
31. You have a team of remote workers who need to upload research documents and videos to your Amazon S3 bucket hosted in the us-east-1 Region. You would like to ensure that your remote staff can upload research material with low-latency access. What can you do to reduce speed variability for uploads, which are often experienced due to the architecture of the public internet?
    1. Enable Amazon S3 Transfer Acceleration (S3TA) for your bucket.
    2. Configure an IPSec site-to-site VPN connection between your remote workers and the VPC in the us-east-1 Region.
    3. Use the Amazon Storage Gateway service.
    4. Set up Amazon Express Route.
32. You need to transfer large amounts of data from your on-premises network to the Amazon S3 platform. The total data capacity is around 400 TB. You have decided to opt for the Amazon Snowball Edge service to complete the transfer. No data computation or processing is required. Which flavor of the Amazon Snowball Edge service would you recommend?
    1. Snowball Edge Compute Optimized
    2. Snowball Edge Storage Optimized
    3. Snowball Edge Data Optimized
    4. Snowball Edge Function Optimized
33. You host several Microsoft Windows applications on-premises that need low-latency access to large amounts of storage. You would like to use the Amazon Storage Gateway service to host all application-level data. Which gateway option would you recommend?
    1. Amazon S3 File Gateway
    2. Amazon FSx File Gateway
    3. Volume Gateway Cached Mode
    4. Tape Gateway
34. Following best practices, you have deployed your application servers within the private subnets of a VPC. However, these servers require internet access to download updates and security patches. Which type of resource can enable you to grant internet access to EC2 instances in private subnets without having to assign public IP addresses to those instances?
    1. Internet gateway
    2. NAT gateway
    3. Subnet
    4. Route table
35. Which of the following statements is true about security groups?
    1. Security groups are stateful and you need to configure both inbound and the corresponding outbound rules for traffic to flow bi-directionally.
    2. Security groups are stateless and you do not need to configure both inbound and the corresponding outbound rules for traffic to flow bi-directionally.
    3. Security groups can be used to explicitly deny inbound traffic from a specific IP address range.
    4. Security groups are used to limit what actions IAM users that are members of the group can perform.
36. Which feature of the AWS VPC service enables you to connect multiple VPCs so that traffic between those VPCs can be sent using private IP address space?
    1. VPC peering
    2. VPC Flow Logs
    3. Subnets
    4. VPC endpoints
37. Which service enables you to reduce the complexity associated with establishing multiple VPC peering connections?
    1. AWS Transit Gateway
    2. AWS VPC Manager
    3. AWS Direct Connect
    4. IPSec VPN Tunnel
38. Which AWS service enables you to connect your on-premises network to your AWS account using a dedicated private connection that bypasses the internet altogether?
    1. IPSec VPN
    2. Express Route
    3. Direct Connect
    4. Snowball
39. Which AWS feature can help you establish connectivity between your on-premises network and your AWS VPC using an IPSec tunnel?
    1. Direct Connect
    2. Virtual Private Network (VPN)
    3. AWS Outposts
    4. Amazon SNS
40. You are about to publish your web application using an Application Load Balancer (ALB) and would like to use a friendly domain name to advertise the site to your users rather than the ALB’s DNS name. Which AWS service can you use to configure the alias’s name so that when users type in the friendly domain name into the browser, they are directed to the ALB’s DNS URL?
    1. Amazon Route53
    2. Amazon CloudFront
    3. Amazon S3
    4. Amazon Direct Connect
41. Which AWS service enables you to purchase and register new domain names that can be used to publish your website on the internet?
    1. Route53
    2. VPC
    3. RDS
    4. Elastic Beanstalk
42. You have developed a web application that you want to offer redundancy and resilience. Which feature of the Amazon Route53 service can help you design your web application with a primary site where all users’ traffic is directed, by default, if the primary site is offline, then users are redirected to a secondary site located in a different Region.
    1. Simple routing policy
    2. Weighted routing policy
    3. Failover routing policy
    4. Geolocation routing policy
43. You plan to host a new Amazon S3 static website through which you will offer free recipe guides. The site is going to be accessed by users across the globe. The site contains lots of videos and images about the recipes you offer. Which AWS service can help you cache your digital assets locally to where users are located and thus reduce latency when your users access content on your website?
    1. Amazon Route53
    2. Amazon VPC
    3. Amazon CloudFront
    4. Amazon Cloud9
44. You have created an EC2 AMI that contains the base operating system and all necessary corporate settings/configurations. Your colleagues in another Region are trying to launch new EC2 instances but they are unable to access your AMI. What do you need to do so that your colleagues can use the new image?
    1. Copy the AMI to other Regions.
    2. Set up a VPC endpoint between the Regions to allow your colleagues to download the AMI.
    3. Copy the AMI to an S3 bucket.
    4. Use the Amazon Snowball service to send a copy of the AMI to your colleagues.
45. Which EC2 instance type is designed for floating-point number calculations, graphics processing, or data pattern matching?
    1. General Purpose
    2. Memory-Optimized
    3. Compute Optimized
    4. Accelerated Computing
46. You need to deploy a certain third-party application on an EC2 instance where the licensing term is based on a per-CPU core/socket basis. Which EC2 pricing option do you need to use for this requirement?
    1. On-Demand
    2. Reserved Instance
    3. Spot Instance
    4. Dedicated Host
47. You are currently running a test phase for a new application that is being developed in-house. Your UAT testers will need to access test servers for 3 hours a day, three times a week. The test phase is supposed to last 5 weeks. You cannot afford any interruptions to the application while the tests are being run. Which EC2 pricing option will be the most cost-effective?
    1. On-Demand
    2. Reserved
    3. Spot
    4. Dedicated Host
48. Which EBS volume type is designed for critical, I/O-intensive databases and application workloads?
    1. gp2
    2. st1
    3. sc1
    4. io1
49. Which of the following payment options will help you achieve the maximum discount for your RIs?
    1. A 1-year commitment with payment made using the Partial Upfront option.
    2. A 1-year commitment with payment made using the All Upfront option.
    3. A 1-year commitment with payment made using the No Upfront option.
    4. A 3-year commitment with payment made using the All Upfront option.
50. Which AWS service enables you to quickly deploy a Virtual Private Server (VPS) that comes preconfigured with common application stacks, SSD storage, and fixed IP addresses for a fixed monthly fee based on the configuration of the server?
    1. Amazon EC2
    2. Amazon Lightsail
    3. Amazon ECS
    4. Amazon ECR
51. You are planning on deploying a Docker application on AWS. You wish to deploy your Docker image without having to manage EC2 instances such as provisioning and scaling clusters, or patching and updating virtual servers yourself. Which service enables you to fulfill this requirement?
    1. Amazon ECS deployed using the EC2 Launch Type
    2. Amazon ECS deployed using the Fargate Launch Type
    3. Amazon ECS deployed using ECR
    4. Amazon ECS deployed with Lambda functions to manage your servers
52. Which of the following services is part of the AWS serverless offering that allows you to run code in response to a trigger or event?
    1. Amazon ECS
    2. AWS Lambda
    3. Amazon EC2
    4. AWS CloudFront
53. Which AWS storage option is designed to offer file-sharing capabilities for Windows-aware applications and offers options for integration with Microsoft Active Directory?
    1. AWS FSx for Lustre
    2. Amazon FSx for Windows File Server
    3. AWS Elastic File System
    4. AWS instance store volumes
54. You are planning on deploying 10 EC2 instances across two Availability Zones that will host the new line of business applications. All the servers will need to share common files and will run the Amazon Linux 2 operating system. Which storage architecture would you recommend to host the shared files for your application servers?
    1. Amazon Elastic File System (EFS)
    2. Amazon FSx Lustre
    3. Amazon S3
    4. Amazon EBS
55. You have just launched a Windows EC2 instance. How can you obtain the Windows local administrator password?
    1. Raise a support request with Amazon to obtain the password.
    2. The password is sent to you automatically via email.
    3. The password is sent to you via an SMS text message to your registered mobile.
    4. Use the key pair to decrypt the password.
56. Which AWS service enables you to configure a hybrid solution by extending AWS Infrastructure so that EC2 and EBS services can be hosted in your on-premise data center?
    1. AWS RDS
    2. AWS Direct Connect
    3. AWS Outposts
    4. AWS Route53
57. Your company provides spread betting services. You wish to run an end-of-day analysis against the day’s transaction costs and carry out the necessary market analysis. Which AWS service dynamically provisions the necessary compute services that will scale based on the volume and resource requirements of your submitted jobs?
    1. AWS Batch
    2. AWS CloudFront
    3. AWS Lambda
    4. AWS Blockchain
58. Which AWS service can help you deploy, manage, and scale containerized applications using Kubernetes on AWS?
    1. Amazon ECS
    2. Amazon EKS
    3. Amazon MFA
    4. Amazon EC2
59. Which of the following statements is an example of an advantage of using Amazon RDS over databases installed on EC2 instances?
    1. Amazon RDS is a fully managed database where AWS manages the underlying compute and storage architecture, as well as patching and updates.
    2. Amazon RDS grants you access to the operating system, allowing you to fine-tune the database for the operating system it is running.
    3. Amazon RDS is faster than running the Microsoft SQL Server database on EC2 instances.
    4. Amazon RDS automatically enables encryption of the data in Amazon RDS.
60. Which feature of Amazon RDS enables you to create a standby copy of the database and offer failover capabilities if the master copy fails?
    1. Read Replicas
    2. Multi-AZ
    3. Failover policy
    4. Snapshots
61. Your company is planning to migrate its on-premises MySQL database to Amazon RDS. Which service will enable you to perform the migration?
    1. Amazon Server Migration Service (SMS)
    2. Amazon Database Migration Service (DMS)
    3. Amazon VM Import Export
    4. Amazon Redshift Migration Utility
62. Which feature of AWS Redshift allows you to perform SQL queries against data stored directly on Amazon S3 buckets?
    1. Redshift leader node
    2. Redshift Spectrum
    3. Redshift Copy
    4. Redshift Streams
63. Which Amazon RDS engine offers high resilience with copies of the database placed across a minimum of three Availability Zones?
    1. MySQL
    2. PostgreSQL
    3. Microsoft SQL Server
    4. Amazon Aurora
64. Which AWS-managed database service enables you to store data using complex structures with options for nested attributes, such as a JSON-style document?
    1. Amazon RDS
    2. Amazon Redshift
    3. Amazon DynamoDB
    4. Amazon Aurora
65. Which AWS database service is designed to store sensitive data that is immutable and where the transactional logs are cryptographically verifiable?
    1. AWS QLDB
    2. Amazon Neptune
    3. Amazon Aurora
    4. Amazon RDS

CLOUD PRACTITIONER EXAMS ANSWERS

1. A
2. C
3. A & B
4. C
5. B
6. B
7. A&B
8. C
9. A
10. A
11. A
12. A
13. B
14. C
15. A
16. A
17. A
18. B
19. D
20. A
21. A
22. D
23. C
24. A
25. A
26. D
27. B
28. A
29. C
30. B
31. A
32. B
33. B
34. B
35. B
36. A
37. A
38. C
39. B
40. A
41. A
42. C
43. C
44. A
45. D
46. D
47. A
48. D
49. D
50. B
51. B
52. B
53. B
54. A
55. D
56. C
57. A
58. B
59. A
60. B
61. B
62. B
63. D
64. C
65. A