- (Topic 1)
Which AWS service can a company use to perform complex analytical queries?
Correct Answer:
C
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers. Amazon Redshift is designed for complex analytical queries that often involve aggregations and joins across very large tables. Amazon Redshift supports standard SQL and integrates with many existing business intelligence tools1.
- (Topic 1)
A company is designing a web application that will run on Amazon EC2 instances.
Which AWS services and features will improve availability and reduce the impact of failures for this application?
(Select TWO.)
Correct Answer:
AC
The correct answers are A and C because Amazon EC2 Auto Scaling and resources that are distributed across multiple Availability Zones are AWS services and features that will improve availability and reduce the impact of failures for the web application. Amazon EC2 Auto Scaling is a service that enables users to automatically adjust the number of Amazon EC2 instances in response to changes in demand or performance. Amazon EC2 Auto Scaling helps users to maintain optimal availability and performance of their applications by adding or removing instances as needed. Resources that are distributed across multiple Availability Zones are AWS features that enable users to increase the fault tolerance and resilience of their applications. Availability Zones are isolated locations within an AWS Region that have independent power, cooling, and networking. Users can launch their resources, such as Amazon EC2 instances, in multiple Availability Zones to protect their applications from the failure of a single location. The other options are incorrect because they are not AWS services and features that will improve availability and reduce the impact of failures for the web application. VPC subnet ACLs are AWS features that enable users to control the inbound and outbound traffic to and from their subnets within a VPC. VPC subnet ACLs do not check the health of a service, but rather filter the network traffic based on rules. Configuration of AWS Server Migration Service (AWS SMS) is an AWS service that enables users to migrate their on-premises servers to AWS. Configuration of AWS SMS does not help to move the Amazon EC2 instances to a different AWS Region, but rather to migrate the servers from the source environment to AWS. Resources that are distributed across multiple AWS points of presence are AWS features that enable users to deliver content to their end users with low latency and high performance. AWS points of presence are edge locations that are part of the AWS Global Infrastructure. Users can use services such as Amazon CloudFront and AWS Global Accelerator to distribute their content across multiple AWS points of presence. Reference: Amazon EC2 Auto Scaling, [Regions, Availability Zones, and Local Zones]
- (Topic 2)
What does "security of the cloud" refer to in the AWS shared responsibility model?
Correct Answer:
B
Security of the cloud refers to the security of the cloud infrastructure that runs all the AWS services. This includes the hardware, software, networking, and facilities that AWS operates and manages. AWS is responsible for protecting the security of the cloud as part of the AWS shared responsibility model. Availability of AWS services such as Amazon EC2 refers to the ability of the services to be up and running and to meet the expected performance. Availability is part of the reliability pillar of the AWS Well-Architected Framework and is a shared responsibility between AWS and the customer . Implementation of password policies for IAM users refers to the security of the customer data and applications in the cloud. This includes the configuration and management of IAM user permissions, encryption keys, security group rules, network ACLs, and other aspects of access management. The customer is responsible for protecting the security in the cloud as part of the AWS shared responsibility model. Security of customer environments by using AWS Network Firewall partners refers to the security of the customer data and applications in the cloud. AWS Network Firewall is a managed service that provides network protection for Amazon VPCs. It allows customers to use AWS Marketplace partners to implement firewall rules and policies. The customer is responsible for protecting the security in the cloud as part of the AWS shared responsibility model .
- (Topic 3)
A company wants a time-series database service that makes it easier to store and analyze trillions of events each day.
Which AWS service will meet this requirement?
Correct Answer:
B
Amazon Timestream is a fast, scalable, and serverless time-series database service for IoT and other operational applications that makes it easy to store and analyze trillions of events per day up to 1,000 times faster and at as little as 1/10th the cost of relational databases1. Amazon Timestream saves you time and cost in managing the lifecycle of time series data, and its purpose-built query engine lets you access and analyze recent and historical data together with a single query1. Amazon Timestream has built-in time series analytics functions, helping you identify trends and patterns in near real time1. The other options are not suitable for storing and analyzing trillions of events per day. Amazon Neptune is a graph database service that supports highly connected data sets. Amazon Forecast is a machine learning service that generates accurate forecasts based on historical data. Amazon DocumentDB (with MongoDB compatibility) is a document database service that supports MongoDB workloads.
References:
✑ 1: Time Series Database – Amazon Timestream – Amazon Web Services
- (Topic 3)
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Select TWO.)
Correct Answer:
CD
The AWS Cloud Adoption Framework (AWS CAF) security perspective helps users achieve the confidentiality, integrity, and availability of their data and cloud workloads. It comprises nine capabilities that are grouped into three categories: preventive, detective, and responsive. Incident response and infrastructure protection are two of the capabilities in the responsive and preventive categories, respectively. Incident response helps users prepare for and respond to security incidents in a timely and effective manner, using tools and processes that leverage AWS features and services. Infrastructure protection helps users implement security controls and mechanisms to protect their cloud resources, such as network, compute, storage, and database, from unauthorized access or malicious attacks. References: Security perspective: compliance and assurance, AWS Cloud Adoption Framework
