Cloud Practitioner Certification Review 3
Cloud Practitioner Certification Review 3
Cloud Practitioner Certification Review 3
com/courses/35053/quizzes/73356
CloudPractitionerCertificationReview3of3
Due No due date Points 100 Questions 100 Time Limit None Allowed Attempts Unlimited
Attempt History
Attempt Time Score
KEPT Attempt 3 15 minutes 98.67 out of 100
Question 1 1 / 1 pts
What’s the maximum amount of data you can store in a Redshift cluster when using dense storage
nodes?
1 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
326 TB
Correct!
2 PB
326 PB
2 TB
236 TB
Dense storage nodes can be used in a cluster to store up to 2 PB of data. Dense compute nodes can be used to store up
to 326 TB of data.
Question 2 1 / 1 pts
Correct!
AWS creates a default VPC in each Region.
2 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
By default, each default VPC is available to one AWS account.
For each account, AWS creates a default VPC in each Region. A VPC spans all Availability Zones within a Region. VPCs
Question 3 1 / 1 pts
10.0.0.0/15
10.0.0.0/8
Correct!
10.0.0.0/28
10.0.0.0/29
3 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.
Question 4 0 / 1 pts
Correct Answer
A subnet spans one Availability Zone.
Correct!
A subnet must have a CIDR that’s a subset of the CIDR of the VPC in which it resides.
A subnet exists in only one Availability Zone, and it must have a CIDR that’s a subset of CIDR of the VPC in which it
resides. There’s no requirement for a VPC to have two subnets, but it must have at least one.
4 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 5 1 / 1 pts
Correct!
It contains an outbound rule allowing access to any IP address.
When you create a security group, it contains an outbound rule that allows access to any IP address. It doesn’t contain an
inbound rule by default. Security group rules can only permit access, not deny it, so any traffic not explicitly allowed will be
denied.
Question 6 1 / 1 pts
5 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
What’s the difference between a security group and a network access control list (NACL)? (Select
TWO.)
Correct!
A security group operates at the instance level
Correct!
A network access control list operates at the subnet level.
A network access control list is a firewall that operates at the subnet level. A security group is a firewall that operates at the
instance level.
Question 7 1 / 1 pts
6 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
It’s a private connection between two VPCs.
A VPC peering connection is a private connection between only two VPCs. It uses the private AWS network, and not the
Question 8 1 / 1 pts
What are two differences between a virtual private network (VPN) connection and a Direct Connect
connection? (Select TWO.)
Correct!
A VPN connection uses the internet for transport.
Correct!
A Direct Connect connection offers predictable latency because it doesn’t traverse the internet.
7 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
A Direct Connect link uses a dedicated link rather than the internet to provide predictable latency. Direct Connect doesn’t
use encryption but provides some security by means of a private link. A VPN connection uses the internet for transport,
encrypting data with AES 128- or 256-bit encryption. A VPN connection doesn’t require proprietary hardware.
Question 9 1 / 1 pts
Which of the following are true about registering a domain name with Route 53? (Select TWO.)
Correct!
Route 53 creates a public hosted zone for the domain.
The registrar you use to register a domain name determines who will host DNS for that domain.
Correct!
You can register a domain name for a term of up to 10 years.
8 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
When you register a domain name, you can choose a term between 1 year and 10 years. If you use Route 53, it will
automatically create a public hosted zone for the domain. The registrar and DNS hosting provider don’t have to be the
Question 10 1 / 1 pts
Which of the following Route 53 routing policies can return set of randomly ordered values?
Latency
Correct!
Multivalue Answer
Failover
Simple
9 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
A Multivalue Answer routing policy can return a set of multiple values, sorted randomly. A simple record returns a single
value. A Failover routing policy always routes users to the primary resource unless it’s down, in which case it routes users
to the secondary resource. A Latency routing policy sends users to the resource in the AWS Region that provides the least
latency.
Question 11 1 / 1 pts
Which of the following Route 53 routing policies doesn’t use health checks?
Latency
Multivalue Answer
Geolocation
Correct!
Simple
All Route 53 routing policies except for Simple can use health checks.
10 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 12 1 / 1 pts
Which of the following types of Route 53 health checks works by making a test connection to a
TCP port?
Calculated
Simple
CloudWatch alarm
Correct!
Endpoint
An Endpoint health check works by connecting to the monitored endpoint via HTTP, HTTPS, or TCP. A CloudWatch alarm
health check simply reflects the status of a CloudWatch alarm. A Calculated health check derives its status from multiple
Question 13 1 / 1 pts
You have two EC2 instances hosting a web application. You want to distribute 20 percent of traffic
11 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
to one instance and 80 percent to the other. Which of the following Route 53 routing policies
should you use?
Multivalue Answer
Failover
Correct!
Weighted
Simple
A Weighted routing policy lets you distribute traffic to endpoints according to a ratio that you define. None of the other
Question 14 1 / 1 pts
Resources in a VPC need to be able to resolve internal IP addresses for other resources in the
VPC. No one outside of the VPC should be able to resolve these addresses. Which of the following
Route 53 resources can help you achieve this?
12 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Health checks
Correct!
A private hosted zone
A private hosted zone is associated with a VPC and allows resources in the VPC to resolve private domain names. A
public hosted zone is accessible by anyone on the internet. Domain name registration is for public domain names. Health
Question 15 1 / 1 pts
You want to provide private name resolution for two VPCs using the domain name company.pri.
How many private hosted zones do you need to create?
Correct!
1
13 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Route 53 private hosted zones provide DNS resolution for a single domain name within multiple VPCs. Therefore, to
support resolution of one domain names for two VPCs, you’d need one private hosted zone.
Question 16 1 / 1 pts
Correct!
6
CloudFront has edge locations on six continents (Antarctica is a hard place to get to).
14 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 17 1 / 1 pts
Regions
Edge locations
Correct!
Origins
Distributions
A CloudFront origin is the location that a distribution sources content from. Content is stored in edge locations. A
Question 18 1 / 1 pts
15 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
RTMP
Edge
Web
Streaming
The RTMP distribution type is for delivering streaming content and requires you to provide a media player. A Web
distribution can also stream audio or video content but doesn’t require you to provide a media player. Streaming and Edge
Question 19 1 / 1 pts
You need to deliver content to users in the United States and Canada. Which of the following edge
location options will be the most cost effective for your CloudFront distribution?
Correct!
United States, Canada, and Europe
16 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
The more edge locations you use for a distribution, the more you’ll pay. Selecting the minimum number of locations will be
Question 20 1 / 1 pts
About 50
Correct!
More than 150
17 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
There are more than 150 edge locations throughout the world.
Question 21 1 / 1 pts
Which of the following are valid origins for a CloudFront distribution? (Select TWO.)
Correct!
A public S3 bucket
Correct!
EC2 instance
An origin can be an EC2 instance or a public S3 bucket. You can’t use a private S3 bucket as an origin.
18 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 22 1 / 1 pts
Correct!
It lets you create multiple separate AWS environments using a single template.
CloudFormation can create AWS resources and manages them collectively in a stack. Templates are written in the
CloudFormation language, not Python. CloudFormation can’t create resources outside of AWS. It also doesn’t prevent
Question 23 1 / 1 pts
19 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
JSON
Correct!
YAML
XML
HTML
Question 24 1 / 1 pts
Correct!
Allow customizing a stack without changing the template.
20 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Parameters let you input customizations when creating a CloudFormation stack without having to modify the underlying
template. Parameters don’t prevent stack updates or unauthorized changes. A template can be used to create multiple
Question 25 1 / 1 pts
Why would you use CloudFormation to automatically create resources for a development
environment instead of creating them using AWS CLI commands? (Select TWO.)
Correct!
CloudFormation stack updates help ensure that changes to one resource won’t break another.
Correct!
Resources CloudFormation creates are organized into stacks and can be managed as a single unit.
21 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Resources CloudFormation creates are organized into stacks. When you update a stack, CloudFormation analyzes the
relationships among resources in the stack and updates dependent resources as necessary. This does not, however,
mean that any resource you create using CloudFormation will work as you expect. Provisioning resources using
Question 26 1 / 1 pts
Correct!
Versioning
Manual deployment
Automatic deployment
Correct!
Differencing
CodeCommit is a private Git repository that offers versioning and differencing. It does not perform deployments.
22 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 27 1 / 1 pts
Correct!
Understanding what code change introduced a bug
Differencing lets you see the differences between two versions of a file, which can be useful when figuring out what change
introduced a bug. Versioning, not differencing, is what allows reverting to an older version of a file. Differencing doesn’t
identify duplicate lines of code or tell you when an application was deployed.
Question 28 1 / 1 pts
What software development practice regularly tests new code for bugs but doesn’t do anything
else?
23 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Continuous delivery
Differencing
Continuous deployment
Correct!
Continuous integration
Continuous integration is the practice of running code through a build or test process as soon as it’s checked into a
repository. Continuous delivery and continuous deployment include continuous integration but add deployment to the
process. Differencing only shows the differences between different versions of a file but doesn’t perform any testing.
Question 29 1 / 1 pts
Which CodeBuild build environment compute types support Windows operating systems? (Select
TWO.)
build.general1.small
Correct!
build.general1.large
24 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
build.general1.medium
build.windows1.small
build.general2.large
Build.general1.medium and build.general1.large support Windows and Linux operating systems. Build.general1.small
Question 30 1 / 1 pts
.NET Core
Correct!
A Docker image
25 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
An operating system
A CodeBuild build environment always contains an operating system and a Docker image. It may contain the other
Question 31 1 / 1 pts
Correct!
Upgrade an application on an EC2 instance running Red Hat Enterprise Linux
Correct!
Deploy a Docker container to the Elastic Container Service.
Correct!
Deploy an application to an on-premises Windows instance.
26 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
CodeDeploy can deploy application files to Linux or Windows EC2 instances and Docker containers to ECS. It can’t deploy
Question 32 1 / 1 pts
Correct!
2
At the very least, a CodePipeline must consist of a source stage and a deploy stage.
27 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 33 1 / 1 pts
You want to predefine the configuration of EC2 instances that you plan to launch manually and
using Auto Scaling. What resource must you use?
Instance role
CloudFormation template
Correct!
Launch template
Launch configuration
A launch template can be used to launch instances manually and with EC2 Auto Scaling. A launch configuration can’t be
used to launch instances manually. An instance role is used to grant permissions to applications running on an instance.
Question 34 1 / 1 pts
What Auto Scaling group parameters set the limit for the number of instances that Auto Scaling
28 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Maximum
Group size
Correct!
Minimum
Desired capacity
The maximum and minimum group size values limit the number of instances in an Auto Scaling group. The desired
capacity (also known as the group size) is the number of instances that Auto Scaling will generally maintain, but Auto
Scaling can launch or terminate instances if dynamic scaling calls for it.
Question 35 1 / 1 pts
An Auto Scaling group has a desired capacity of 7 and a maximum size of 7. What will Auto
Scaling do if someone manually terminates one of these instances?
Correct!
It will launch one new instance.
29 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Auto Scaling will use self-healing to replace the failed instance to maintain the desired capacity of 7. Terminating an
instance or failing to replace the failed one will result in 6 instances. Auto Scaling won’t ever change the desired capacity in
Question 36 1 / 1 pts
30 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
What Auto Scaling feature creates a scaling schedule based on past usage
Correct!
Predictive scaling
Scheduled scaling
Pattern scaling
Dynamic scaling
Predictive scaling creates a scheduled scaling action based on past usage patterns. Scheduled scaling and dynamic
scaling do not create scheduled scaling actions. There is no such thing as pattern scaling.
Question 37 1 / 1 pts
What type of AWS Systems Manager document can run Bash or PowerShell scripts on an EC2
instance?
Correct!
Command document
31 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Automation document
Run document
Script document
A Command document can execute commands on an EC2 instance. An Automation document can perform administrative
tasks on AWS, such as starting or stopping an instance. There is no such thing as a Script document or a Run document.
Question 38 1 / 1 pts
What type of AWS Systems Manager document can take a snapshot of an EC2 instance?
Script document
Correct!
Automation document
Run document
Command document
32 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
An Automation document can perform administrative tasks on AWS, such as starting or stopping an instance. A Command
document can execute commands on an EC2 instance. There is no such thing as a Script document or a Run document.
Question 39 1 / 1 pts
Correct!
AWS OpsWorks Stacks
AWS OpsWorks Stacks uses Chef recipes, while AWS OpsWorks for Puppet Enterprise uses Puppet modules. There is no
33 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 40 1 / 1 pts
CFEngine
Correct!
Puppet Enterprise
SaltStack
Ansible
Correct!
Chef
OpsWorks supports the Puppet Enterprise and Chef configuration management platforms. It doesn’t support SaltStack,
Ansible, or CFEngine.
Question 41 1 / 1 pts
34 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Which of the following OpsWorks Stacks layers contains at least one EC2 instance?
Correct!
OpsWorks layer
Only an OpsWorks layer contains at least one EC2 instance. There’s no such thing as an EC2 Auto Scaling layer.
Question 42 1 / 1 pts
Which of the following is not one of the pillars of the Well-Architected Framework?
Performance efficiency
35 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Resiliency
Cost optimization
Security
Reliability
The five pillars of the Well-Architected Framework are reliability, performance efficiency, security, cost optimization, and
Question 43 1 / 1 pts
Which of the following are examples of applying the principles of the least privilege or maximum
security?
Correct!
Enabling S3 versioning
36 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Granting each AWS user their own IAM username and password
Security is about protecting the confidentiality, integrity, and availability of data. Granting each AWS user their own IAM
username and password makes it possible to ensure the confidentiality of data. Enabling S3 versioning protects the
integrity of data by maintaining a backup of an object. Deleting an empty S3 bucket doesn’t help with any of these. It’s not
possible to create a security group rule that denies access to unused ports since security groups deny any traffic that’s not
explicitly allowed.
Question 44 1 / 1 pts
You’re hosting a web application on two EC2 instances in an Auto Scaling group. The performance
of the application is consistently acceptable. Which of the following can help maintain or improve
performance efficiency? (Select TWO.)
Correct!
Using CloudFront
Correct!
37 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Implementing policies to prevent the accidental termination of EC2 instances in the same Auto Scaling
group
Preventing the accidental termination of an EC2 instance in the Auto Scaling group can avoid overburdening and causing
performance issues on the remaining instance, especially during busy times. Using CloudFront can help improve
performance for end users by caching the content in an edge location close to them. Doubling the number of instances
might improve performance, but because performance is already acceptable, doing this would be inefficient. Monitoring for
Question 45 1 / 1 pts
Which of the following can help achieve cost optimization? (Select TWO.)
Correct!
Deleting unused application load balancers
Correct!
Deleting unused S3 objects
38 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Deleting unused S3 objects and unused application load balancers can reduce costs since you’re charged for both.
Deleting unused VPCs and empty S3 buckets won’t reduce costs since they don’t cost anything.
Question 46 1 / 1 pts
Correct!
Automating manual processes
39 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Operational excellence is concerned with strengthening the other four pillars of reliability, performance efficiency, security,
and cost optimization; automation is the key to achieving each of these. Improving bad processes and making people work
longer hours run counter to achieving operational excellence. Adding more security personnel may be a good idea, but it
Question 47 1 / 1 pts
Your default VPC in the us-west-1 Region has three default subnets. How many Availability Zones
are in this Region?
Correct!
3
40 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
In a default VPC, AWS creates a subnet for each Availability Zone in the Region. Hence, if there are three subnets in the
Question 48 1 / 1 pts
Your organization is building a database-backed web application that will sit behind an application
load balancer. You add an inbound security group rule to allow HTTP traffic on TCP port 80.
Where should you apply this security group to allow users to access the application?
None of these
Correct!
The application load balancer listener
41 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Application load balancer listeners use security groups to control inbound access, so you need to apply a security group
that has an inbound rule allowing HTTP access. Applying the security group rule to the database instance won’t help, since
users don’t connect directly to the database instance. You can’t apply a security group to a subnet, only a network access
control list.
Question 49 1 / 1 pts
Correct!
By routing traffic away from failed instances
42 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
An application load balancer can use health checks to identify failed instances and remove them from load balancing. This
can prevent a user from ever reaching a failed instance. A load balancer can’t replace a failed instance, but Auto Scaling
can. An application load balancer distributes traffic to instances using a round-robin algorithm, not based on how busy
Question 50 1 / 1 pts
Which of the following contains the configuration information for instances in an Auto Scaling
group?
Launch directive
CloudFormation template
Correct!
Launch template
43 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
A launch template tells Auto Scaling how to configure the instances it provisions. A dynamic scaling policy controls how
Auto Scaling scales in and out based on CloudWatch metrics. There’s no such thing as a launch directive. Auto Scaling
does not reference a CloudFormation template, but you can use a CloudFormation template to create a stack that contains
a launch template.
Question 51 1 / 1 pts
You’ve created a target tracking policy for an Auto Scaling group. You want to ensure that the
number of instances in the group never exceeds 5. How can you accomplish this?
Correct!
Set the maximum group size to 5.
44 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
The maximum group size limits the number of instances in the group. Setting the group size (also known as the desired
capacity) or minimum group size to 5 would increase the number of instances to 5 but would not stop Auto Scaling from
subsequently adding more instances. Deleting the target tracking policy would not necessarily prevent the number of
instances in the group from growing, as another process such as a scheduled scaling policy could add more instances to
the group.
Question 52 1 / 1 pts
A WordPress blog
Correct!
A website hosted on S3
45 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
A static website serves content just as it’s stored without changing the content on the fly. A WordPress blog, a social media
website, and a web-based email application all compile content from a database and mix it in with static content before
Question 53 1 / 1 pts
Which of the following features of S3 improve the security of data you store in an S3 bucket?
(Select TWO.)
Correct!
By default, S3 removes ACLs that allow public read access to objects.
Correct!
Objects in S3 are not public by default
46 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Objects you upload to an S3 bucket are not public by default, nor are they accessible to all AWS users. Even if you try to
make an object public using an ACL, S3 will immediately remove the ACL, but you can disable this behavior. S3 never
Question 54 1 / 1 pts
Correct!
Enable bucket hosting in the S3 service console
47 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
To have S3 host your static website, you need to enable bucket hosting in the S3 service console. It’s not necessary to
disable or enable default encryption or object versioning. There’s also no need to make all objects in the bucket public, but
Question 55 1 / 1 pts
You’ve created a static website hosted on S3 and given potential customers the URL that consists
of words and numbers. They’re complaining that it’s too hard to type in. How can you come up with
a friendlier URL?
Correct!
Use a custom domain name.
48 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Purchasing and using a custom domain name is the best option for a friendly URL. You need to name the bucket the same
as the domain name. Creating a bucket name with only words is unlikely to work, regardless of Region, as bucket names
Question 56 1 / 1 pts
Correct!
The content served is not encrypted in transit.
49 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Websites hosted in S3 are served using unencrypted HTTP, not secure HTTPS. The content is publicly readable, but that
doesn’t mean the public can modify it. You don’t have to use a custom domain name, as S3 provides an endpoint URL for
you. A website hosted in S3 is stored in a bucket, and a bucket exists in only one Region.
Question 57 1 / 1 pts
Which of the following can impact the reliability of a web application running on EC2 instances?
Correct!
Not replacing a misconfigured resource that the application depends on.
50 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
The reliability of an application can be impacted by the failure of resources the application depends on. One way a
resource can fail is if it’s misconfigured. Taking EBS snapshots of an instance or provisioning more instances than you
need won’t impact reliability. The user interface being difficult to use might be an annoyance for the user but doesn’t affect
Question 58 1 / 1 pts
You have a public web application running on EC2 instances. Which of the following factors
affecting the performance of your application might be out of your control?
Compute
Storage
Database
Correct!
Network
51 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
You may have control over your VPC, but the rest of the network between your application and users on the internet is not
under your control. Compute, storage, and any database your application uses are, or at least theoretically could be, under
your control.
Question 59 1 / 1 pts
An Auto Scaling group can use an EC2 system health check to determine whether an instance is
healthy. What other type of health check can it use?
SNS
VPC
Correct!
ELB
S3
52 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
An Auto Scaling group can use an ELB health check to determine whether an instance is healthy. There is no such thing
Question 60 1 / 1 pts
You’re hosting a static website on S3. Your web assets are stored under the Standard storage
class. Which of the following is true regarding your site?
You’re charged for any compute power used to host the site.
Correct!
You’re responsible for S3 charges.
53 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
You’re responsible for S3 charges related to your static website. You’re not charged for compute with S3. No one may
modify the content of your site unless you give them permission. The S3 Standard storage class keeps objects in multiple
Question 61 1 / 1 pts
You’re hosting a static website on S3. Your web assets are stored in the US East 1 Region in the
bucket named mygreatwebsite. What is the URL of the website?
http://mygreatwebsite.s3-website-us-east.amazonaws.com
http://mygreatwebsite.s3-us-east-1.amazonaws.com
http://mygreatwebsite.s3.amazonaws.com
Correct!
http://mygreatwebsite.s3-website-us-east-1.amazonaws.com
The format of the URL is the bucket name, followed by s3-website-, the Region identifier, and then amazonaws.com.
54 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 62 1 / 1 pts
What are some key benefits often available for applications run on a large cloud platform like
AWS? (Select TWO.)
Correct!
Improved data security
Correct!
Improved infrastructure reliability
Amazon’s size and scale allow it to implement best security and reliability practices. Its size alone is, however, unlikely to
Question 63 1 / 1 pts
55 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Maintaining copies of application data across multiple physical locations
Your assets are redundant when they’re replicated in a way that ensures they’ll survive the failure of one set. Increasing
the number of deployed resources is known as horizontal scaling. Increasing the size of deployed resources is known as
Question 64 1 / 1 pts
Correct!
Increasing the number of deployed resources to meet growing user demand
56 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
One “scales” the resources serving an application either up or down to meet changing user demand. Maintaining copies is
a redundant practice. Securing network access is not a function of scalability. Resizability is better described as elasticity.
Question 65 1 / 1 pts
Correct!
Configuring applications to be easily resizable without manual intervention
Manually setting the number of deployed resources to meet changing user demand
57 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Automation is a key characteristic of elasticity. Maintaining multiple copies is redundancy. Pay-as-you-go access to
resources is a contributing element of elasticity, but it’s not its best description.
Question 66 1 / 1 pts
Process automation is a key element of successful cloud deployments. Which of these contribute
the most to Amazon’s cloud automation? (Select TWO.)
Correct!
Metered service payments
Server virtualization
Correct!
AWS Command Line Interface (CLI) access
Elasticity
Metered payments and scripted (CLI) access are direct drivers of the efficiencies of automation. Elasticity and virtualization
can be important pieces of the automation puzzle, but their contribution isn’t as direct.
58 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 67 1 / 1 pts
What is the main benefit of server virtualization for cloud computing customers?
Correct!
Virtualization allows cloud customers direct access to a wide range of compute choices.
It’s true that virtualized environments can sometimes allow for enhanced hardware utilization and security, but that’s not
primarily a benefit that’s specific to the cloud. Virtualization has very little to do with enhanced software choices.
Question 68 1 / 1 pts
Which of the following contribute the most to Amazon’s ability to provide its cloud services at rates
often below what they would cost locally? (Select TWO.)
59 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Automation
Enhanced security
Distributed infrastructure
Correct!
Virtualization
Amazon’s distributed infrastructure and enhanced security are powerful but have little or no impact on lower customer
costs. Virtualization and automation both permit greater usage of AWS physical hardware and, thus, drive costs down.
Question 69 1 / 1 pts
Infrastructure as a service
Correct!
Platform as a service
Serverless workloads
60 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Software as a service
Because AWS manages all underlying infrastructure invisibly, Elastic Beanstalk is considered a platform-as- a-service
(PaaS) environment. IaaS leaves most infrastructure administration in your hands. SaaS doesn’t allow the level of
customization you find in Beanstalk, and a serverless tool (like Lambda) doesn’t provision a dedicated instance for your
Question 70 1 / 1 pts
Full instances from core AWS services available for free through an account’s first 12 months
Correct!
Light versions of most AWS services available for free through an account’s first 12 months
Free enterprise support setup service available for free through an account’s first 30 days
Light versions of most AWS services available for free through an account’s first 30 days
61 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
While some services provide a lightweight Free Tier indefinitely, for the most part, the tier is intended to help you spend 12
Question 71 1 / 1 pts
What happens if your use of an AWS service goes over the Free Tier threshold?
You will receive an email alert, warning you that you might soon incur actual costs.
Your AWS account will be temporarily suspended until you contact customer support.
Correct!
Your registered credit card will automatically be billed for any usage above the Free Tier limit.
Nothing. AWS has a “mercy” rule that permits up to 75 percent over-usage on the Free Tier limit.
Going over your Free Tier limit is in no way a breach of AWS rules; on the contrary, it’s a normal and expected practice.
Therefore, your account would not be suspended. By default, you will be sent a warning email before your usage goes past
62 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 72 1 / 1 pts
Which of the following would be possible to run during your AWS account’s first year without
incurring any charges?
Correct!
An EC2 t2.micro instance and two 10 GB EBS volumes running 24/7 for 12 months
900 MB worth of Docker container images stored on the Amazon Elastic Container Registry (ECR)
An EC2 t2.micro instance and one 25 GB EBS volume running 24/7 for 12 months
Two 10 GB EBS volumes are within the Free Tier limit of 20 GB. The Free Tier only allows 5 GB of S3 storage and 500 MB
of images in ECR.
Question 73 1 / 1 pts
What is the purpose of the AWS Total Cost of Ownership (TCO) Calculator?
63 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
To enable apples-to-apples comparisons of the costs of complex local versus AWS- based deployments
To enable quick and accurate estimates of the costs of running any application stack on AWS resources
The TCO Calculator provides cost estimates comparing AWS versus local deployments. You should not consider the
actual AWS service prices to be 100 percent current, and the report will not reflect any real-time costs related to your
account. Use the Simple Monthly Calculator for quick and accurate estimates of the costs of running any application stack.
Question 74 1 / 1 pts
Which of the following are ways to share results you’ve generated in the AWS Simple Monthly
Calculator with remote friends and colleagues? (Select TWO.)
64 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Clicking the Export to CSV button
Correct!
Clicking the Save and Share button
The Estimate tab will display your results, but they will be visible only from your browser session. There is no direct way to
save the results to PDF. You can save the results to the Comma Separated Values (CSV) spreadsheet format and send
the file to colleagues, or you can click Save and Share to get a unique URL through which others can access your results.
Question 75 1 / 1 pts
65 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Monitor resource consumption.
The Cost budget monitors account costs. The Reservation budget gives you status reports for your reservations (assuming
there are any). Monitoring IAM users is outside the scope of AWS Budgets.
Question 76 1 / 1 pts
To help you organize the way data is displayed in the Cost Explorer
66 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
To make tracking the billing impact of running resources easier
Unlike resource tags (which are meant to help you identify running resources within many contexts), cost allocation tags
Question 77 1 / 1 pts
Correct!
A tool to centralize the administration of multiple AWS accounts
67 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
AWS Organizations let you centralize the administration of multiple AWS accounts owned or controlled by a single
company. It allows you to consolidate your billing operations, but it isn’t focused on billing automation, support settings, or
resource collaboration.
Question 78 1 / 1 pts
Your company is experimenting with a number of complicated AWS deployment stacks to assess
which will work best for your applications. Which support plan makes the most sense for the
company at this point?
Business
Enterprise
Basic
Correct!
Developer
68 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Since you’re not running anything in production, you’re not likely to need the 24/7 support offered by Business and
Enterprise support levels just yet, but it would be helpful having the advice of AWS cloud support associates when
necessary.
Question 79 1 / 1 pts
Which of the following would represent the approximate monthly AWS Business support tier cost
for a company spending $40,000/month on AWS infrastructure?
$15,000
$100
$4,000
Correct!
$2,800
69 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
The Business support tier is billed at 7 percent when costs fall between $10,000 and $80,000. A company using the
Enterprise support tier would pay the monthly minimum of $15,000 for a spend of $40,000.
Question 80 1 / 1 pts
Which of the following services are available for accounts subscribed to the Basic support plan?
(Select TWO.)
Correct!
Access to AWS white papers
Correct!
Limited access to Trusted Advisor
Basic-level subscribers get access to only partial access to Trusted Advisor and all publicly available AWS documentation
(including white papers). They do not get to speak with AWS cloud support associates.
70 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 81 1 / 1 pts
Which of the following is available only for Enterprise support plan subscribers?
Correct!
Access to a dedicated Technical Account Manager (TAM)
Support for troubleshooting interoperability between AWS resources and third-party software and
operating systems
General guidance within 24 hours is also available at the Developer and Business levels. Troubleshooting support is also
available for Business customers. 24/7 access to engineers is available to Enterprise customers, but only within 15
minutes.
Question 82 1 / 1 pts
71 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
What word included in the URL of an AWS documentation web page would indicate that the page
you’re reading is the most recent version available?
Current
Accurate
Recent
Correct!
Latest
AWS documentation web pages will include the word latest in the URL if they’re the most recent version.
Question 83 1 / 1 pts
72 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
The AWS Knowledge Center
Service documentation pages don’t focus on solutions to problems. The solutions in the forum aren’t necessarily
Question 84 1 / 1 pts
73 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Which of these Trusted Advisor alert categories will identify resources in your account that are
unnecessarily vulnerable to service disruptions?
Service Limits
Performance
Correct!
Fault Tolerance
Security
The Performance category identifies configuration settings that might be blocking performance improvements. The Service
Limits category identifies resource usage that’s approaching AWS Region or service limits. The Security category identifies
Question 85 1 / 1 pts
Which of these Trusted Advisor alert categories are available only for accounts subscribed to
Business or Enterprise support tiers? (Select TWO.)
74 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Cost Optimization
Security
Correct!
Fault Tolerance
Service Limits
The Service Limits category and many Security alerts are available for all AWS customers.
Question 86 1 / 1 pts
Why is it important to be aware of the particular AWS Region within which you’re working? (Select
TWO.)
Launching resources in the wrong Region can potentially result in service reliability degradation.
Launching resources in the wrong Region can have a major unintended impact on costs incurred by
your account.
Correct!
Launching resources in the wrong Region can negatively impact connectivity and access.
75 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Launching resources in the wrong Region can negatively impact the performance experienced by users
in certain geographical areas.
Using the wrong AWS Region will normally have no major impact on either costs or reliability.
Question 87 1 / 1 pts
Which of the following AWS services are considered global rather than bound to a single AWS
Region? (Select TWO.)
RDS
EC2
Correct!
IAM
Correct!
CloudFront
76 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
The Relational Database Service (RDS) and Elastic Compute Cloud (EC2) both provide instances in a single Region
Question 88 1 / 1 pts
Which of the following would be a correct endpoint for an Elastic Compute Cloud instance running
in the Europe Region based in London?
rds.eu-west-1.amazonaws.com
Correct!
ec2.eu-west-2.amazonaws.com
ec.eu-west-1.amazonaws.com
ec2.eu-central-1.amazonaws.com
The correct designation for Elastic Compute Cloud resources is ec2, the London Region is known as eu-west-2, and all
77 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 89 1 / 1 pts
The virtual compute, storage, and network resources used by at least three physical data centers
Correct!
The infrastructure resources of one of at least two physical data centers within a single AWS Region
The Network settings defining permitted external access to your AWS resources
There is no special term used to describe all the resources of an AWS Region. Availability Zones are made up of at least
two data centers, not three. Network access to resources is controlled by security groups, IAM policies, or access control
Question 90 1 / 1 pts
What kind of AWS object would you need to create to provide you with an isolated network
78 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Data center
Correct!
Subnet
Network instance
ACLs can be used to control access to a subnet but don’t define the environment itself. A data center is a collection of
physical infrastructure resources. There’s no such thing as a network instance in the AWS world.
Question 91 1 / 1 pts
Which of the following would correctly designate an Availability Zone in the US East (Ohio)
Region?
us-east-2
us-east-c
79 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
us-east-c2
Correct!
us-east-2c
Availability Zones use the full designation of the parent Region (us-east2, in this case) and a letter for the specific zone.
Question 92 1 / 1 pts
Which of the following are design approaches that can directly increase the performance reliability
of your applications? (Select TWO.)
Correct!
Run redundant resources in multiple Availability Zones
Correct!
Incorporate Auto Scaling into your design.
Use a content distribution network (CDN) like CloudFront to cache your content.
80 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
While geolocation and a good CDN can improve performance, they won’t have a direct impact on reliability.
Question 93 1 / 1 pts
Which of the following AWS services provides Domain Name Services (DNS)?
Lambda Edge
Correct!
Route 53
Shield
CloudFront
Lambda Edge is part of Amazon’s serverless platform. CloudFront is a content distribution system. Shield provides firewall
81 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 94 1 / 1 pts
Which of the following fall under the administration responsibility of Amazon rather than you (the
customer)? (Select TWO.)
Correct!
The infrastructure powering AWS managed services
Correct!
Physical access to AWS data centers
It’s the responsibility of the customer (you) to properly back up and protect the data you use for your applications. AWS is
responsible only for “the cloud” rather than “what’s in the cloud.”
Question 95 1 / 1 pts
Which of the following AWS services would require the customer (i.e., you) to assume the least
responsibility for administration? (Select TWO.)
82 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Route 53
Correct!
Elastic Beanstalk
While RDS is a managed service, it’s not as fully managed as Beanstalk. EC2 gives you control over nearly the entire
Question 96 1 / 1 pts
Which of the following authentication tools is most commonly used for programmatic or automated
access to AWS resources?
Passwords
Multifactor authentication
83 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Correct!
Access keys
MFA and passwords are most commonly used for manual, direct logins to the AWS Management Console. SSH key pairs
are used for SSH login sessions to EC2 instances. Access keys are generally incorporated into AWS CLI or coded access
Which of the following steps should ideally be taken on behalf of an AWS account’s root user?
(Select THREE.)
Correct!
Set a complex password.
Correct!
Delete associated access keys.
Correct Answer
Apply multifactor authentication (MFA).
84 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Question 98 1 / 1 pts
An identity assumed by multiple users logging in (using passwords) to access one or more AWS
resources
Correct!
An identity used by a process to perform an action against an AWS resource
An identity assumed when a person uses a password to log in to access one or more AWS resources
An identity assigned the owner of an AWS account when the account is created
Identities used by one or more logged-in users are either “user” or “group” identities. The account owner identity is known
as the root user. Roles are generally assumed by processes, not users.
Question 99 1 / 1 pts
Which of the following describes managing user authentication through third-party authentication
85 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
services?
Single sign-on
IAM roles
MFA
Correct!
Federation
Single sign-on defines a user’s authorization status after authentication. IAM roles define the access allowed to a process.
Which of the following tools should be used regularly to provide insight into who has access to your
account resources?
Federation
Correct!
Credential report
86 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356
Encryption
Single sign-on
Encryption protects your data from unauthorized use. Federation and single sign-on are used to control account access.
The credential report provides insight into who has access to your account resources.
87 of 87 08/02/2023, 10:24 AM