AWS-Certified-Cloud-Practitioner Free Practice Test

- (Topic 3)
A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?

1. A. Create an Amazon S3 bucket for each use
2. B. Mount each bucket by using an S3 file system mounting utility.
3. C. Configure and deploy an AWS Storage Gateway file gatewa
4. D. Connect each user's workstation to the file gateway.
5. E. Move each user's working environment to Amazon Workspace
6. F. Set up an Amazon WorkDocs account for each user.
7. G. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volum
8. H. Share the EBS volume directly with the users.

Correct Answer: B
AWS Storage Gateway is a hybrid cloud storage service that allows you to
extend your on-premises file storage capabilities to the AWS Cloud. AWS Storage Gateway file gateway enables you to store and access your files in Amazon S3 using industry-standard file protocols such as NFS and SMB. File gateway caches frequently accessed files locally, providing low-latency access to your data. File gateway also optimizes the transfer of data between your on-premises environment and AWS, minimizing the amount of bandwidth consumed. By using file gateway, you can retain the performance benefit of sharing content locally while leveraging the scalability, durability, and cost-effectiveness of Amazon S3. References: AWS Storage Gateway, File Gateway

- (Topic 1)
A company wants to deploy and manage a Docker-based application on AWS.
Which solution meets these requirements with the LEAST amount of operational overhead?

1. A. An open-source Docker orchestrator on Amazon EC2 instances
2. B. AWS AppSync
3. C. Amazon Elastic Container Registry (Amazon ECR)
4. D. Amazon Elastic Container Service (Amazon ECS)

Correct Answer: D
Amazon Elastic Container Service (Amazon ECS) is a solution that meets the requirements of deploying and managing a Docker-based application on AWS with the least amount of operational overhead. Amazon ECS is a fully managed container orchestration service that makes it easy to run, scale, and secure Docker container applications on AWS. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop container-enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles3.

- (Topic 1)
Which of the following is a characteristic of the AWS account root user?

1. A. The root user is the only user that can be configured with multi-factor authentication (MFA).
2. B. The root user is the only user that can access the AWS Management Console.
3. C. The root user is the first sign-in identity that is available when an AWS account is created.
4. D. The root user has a password that cannot be changed.

Correct Answer: C
The AWS account root user is the first sign-in identity that is available when an AWS account is created. It has complete access to all AWS services and resources in the account. The root user email address and password are the same credentials that are used to sign in to the AWS Management Console4. The root user should be used only to perform a few account and service management tasks. For day-to-day tasks, it is recommended to use AWS Identity and Access Management (IAM) users or roles instead.

- (Topic 2)
Which task can a company perform by using security groups in the AWS Cloud?

1. A. Allow access to an Amazon EC2 instance through only a specific port.
2. B. Deny access to malicious IP addresses at a subnet level.
3. C. Protect data that is cached by Amazon CloudFront.
4. D. Apply a stateless firewall to an Amazon EC2 instance.

Correct Answer: A
Security groups are virtual firewalls that control the inbound and outbound traffic for Amazon EC2 instances. They can be used to allow access to an Amazon EC2 instance through only a specific port, such as port 22 for SSH or port 80 for HTTP. Security groups cannot deny access to malicious IP addresses at a subnet level, as they only allow or deny traffic based on the rules defined by the customer. To block malicious IP addresses, customers can use network ACLs, which are stateless firewalls that can be applied to subnets. Security groups cannot protect data that is cached by Amazon CloudFront, as they only apply to EC2 instances. To protect data that is cached by Amazon CloudFront, customers can use encryption, signed URLs, or signed cookies. Security groups are not stateless firewalls, as they track the state of the traffic and automatically allow the response traffic to flow back to the source. Stateless firewalls do not track the state of the traffic and require rules for both inbound and outbound traffic.

- (Topic 3)
Which task does AWS perform automatically?

1. A. Encrypt data that is stored in Amazon DynamoDB.
2. B. Patch Amazon EC2 instances.
3. C. Encrypt user network traffic.
4. D. Create TLS certificates for users' websites.

Correct Answer: B
AWS performs some tasks automatically to help you manage and secure your AWS resources. One of these tasks is patching Amazon EC2 instances. AWS provides two options for patching your EC2 instances: managed instances and patch baselines. Managed instances are a group of EC2 instances or on-premises servers that you can manage using AWS Systems Manager. Patch baselines define the patches that AWS Systems Manager applies to your instances. You can use AWS Systems Manager to automate the process of patching your instances based on a schedule or a maintenance window.