Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Cloud Practitioner Certification Review 3

Download as pdf or txt
Download as pdf or txt
You are on page 1of 87

CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.

com/courses/35053/quizzes/73356

CloudPractitionerCertificationReview3of3
Due No due date Points 100 Questions 100 Time Limit None Allowed Attempts Unlimited

Take the Quiz Again

Attempt History
Attempt Time Score
KEPT Attempt 3 15 minutes 98.67 out of 100

LATEST Attempt 3 15 minutes 98.67 out of 100

Attempt 2 21 minutes 96.67 out of 100

Attempt 1 3 minutes 14.17 out of 100

Score for this attempt: 98.67 out of 100


Submitted Feb 8 at 10:23am
This attempt took 15 minutes.

Question 1 1 / 1 pts

What’s the maximum amount of data you can store in a Redshift cluster when using dense storage
nodes?

1 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

326 TB

Correct!
2 PB

326 PB

2 TB

236 TB

Dense storage nodes can be used in a cluster to store up to 2 PB of data. Dense compute nodes can be used to store up

to 326 TB of data.

Question 2 1 / 1 pts

Which of the following are true of a default VPC? (Select TWO.)

Correct!
AWS creates a default VPC in each Region.

AWS creates a default VPC in each Availability Zone.

2 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
By default, each default VPC is available to one AWS account.

A default VPC spans multiple Regions.

For each account, AWS creates a default VPC in each Region. A VPC spans all Availability Zones within a Region. VPCs

do not span Regions.

Question 3 1 / 1 pts

Which of the following is a valid CIDR for a VPC or subnet?

10.0.0.0/15

10.0.0.0/8

Correct!
10.0.0.0/28

10.0.0.0/29

3 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

A VPC or subnet CIDR can have a size between /16 and /28 inclusive, so 10.0.0.0/28 would be the only valid CIDR.

Question 4 0 / 1 pts

Which of the following are true regarding subnets? (Select TWO.)

You Answered A subnet spans multiple Availability Zones.

A VPC must have at least two subnets.

Correct Answer
A subnet spans one Availability Zone.

Correct!
A subnet must have a CIDR that’s a subset of the CIDR of the VPC in which it resides.

A subnet exists in only one Availability Zone, and it must have a CIDR that’s a subset of CIDR of the VPC in which it

resides. There’s no requirement for a VPC to have two subnets, but it must have at least one.

4 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 5 1 / 1 pts

Which of the following is true of a new security group?

It contains an inbound rule denying access from any IP address.

It contains an outbound rule denying access to public IP addresses.

It contains an inbound rule denying access from public IP addresses.

Correct!
It contains an outbound rule allowing access to any IP address.

It contains an inbound rule allowing access from any IP address.

When you create a security group, it contains an outbound rule that allows access to any IP address. It doesn’t contain an

inbound rule by default. Security group rules can only permit access, not deny it, so any traffic not explicitly allowed will be

denied.

Question 6 1 / 1 pts

5 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

What’s the difference between a security group and a network access control list (NACL)? (Select
TWO.)

A security group operates at the subnet level.

Correct!
A security group operates at the instance level

Correct!
A network access control list operates at the subnet level.

A network access control list operates at the instance level.

A network access control list is a firewall that operates at the subnet level. A security group is a firewall that operates at the

instance level.

Question 7 1 / 1 pts

Which of the following is true of a VPC peering connection?

6 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

It’s a virtual private network (VPN) connection between two VPCs.

It’s a public connection between two VPCs.

It’s a private connection that connects more than three VPCs.

Correct!
It’s a private connection between two VPCs.

A VPC peering connection is a private connection between only two VPCs. It uses the private AWS network, and not the

public internet. A VPC peering connection is different than a VPN connection.

Question 8 1 / 1 pts

What are two differences between a virtual private network (VPN) connection and a Direct Connect
connection? (Select TWO.)

Correct!
A VPN connection uses the internet for transport.

Correct!
A Direct Connect connection offers predictable latency because it doesn’t traverse the internet.

7 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

A VPN connection requires proprietary hardware.

A Direct Connect connection uses AES 128- or 256-bit encryption.

A Direct Connect link uses a dedicated link rather than the internet to provide predictable latency. Direct Connect doesn’t

use encryption but provides some security by means of a private link. A VPN connection uses the internet for transport,

encrypting data with AES 128- or 256-bit encryption. A VPN connection doesn’t require proprietary hardware.

Question 9 1 / 1 pts

Which of the following are true about registering a domain name with Route 53? (Select TWO.)

Route 53 creates a private hosted zone for the domain.

Correct!
Route 53 creates a public hosted zone for the domain.

The registrar you use to register a domain name determines who will host DNS for that domain.

Correct!
You can register a domain name for a term of up to 10 years.

8 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

When you register a domain name, you can choose a term between 1 year and 10 years. If you use Route 53, it will

automatically create a public hosted zone for the domain. The registrar and DNS hosting provider don’t have to be the

same entity, but often are.

Question 10 1 / 1 pts

Which of the following Route 53 routing policies can return set of randomly ordered values?

Latency

Correct!
Multivalue Answer

Failover

Simple

9 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

A Multivalue Answer routing policy can return a set of multiple values, sorted randomly. A simple record returns a single

value. A Failover routing policy always routes users to the primary resource unless it’s down, in which case it routes users

to the secondary resource. A Latency routing policy sends users to the resource in the AWS Region that provides the least

latency.

Question 11 1 / 1 pts

Which of the following Route 53 routing policies doesn’t use health checks?

Latency

Multivalue Answer

Geolocation

Correct!
Simple

All Route 53 routing policies except for Simple can use health checks.

10 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 12 1 / 1 pts

Which of the following types of Route 53 health checks works by making a test connection to a
TCP port?

Calculated

Simple

CloudWatch alarm

Correct!
Endpoint

An Endpoint health check works by connecting to the monitored endpoint via HTTP, HTTPS, or TCP. A CloudWatch alarm

health check simply reflects the status of a CloudWatch alarm. A Calculated health check derives its status from multiple

other health checks. There is no such thing as a Simple health check.

Question 13 1 / 1 pts

You have two EC2 instances hosting a web application. You want to distribute 20 percent of traffic

11 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

to one instance and 80 percent to the other. Which of the following Route 53 routing policies
should you use?

Multivalue Answer

Failover

Correct!
Weighted

Simple

A Weighted routing policy lets you distribute traffic to endpoints according to a ratio that you define. None of the other

routing policies allows this.

Question 14 1 / 1 pts

Resources in a VPC need to be able to resolve internal IP addresses for other resources in the
VPC. No one outside of the VPC should be able to resolve these addresses. Which of the following
Route 53 resources can help you achieve this?

A public hosted zone

12 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Domain name registration

Health checks

Correct!
A private hosted zone

A private hosted zone is associated with a VPC and allows resources in the VPC to resolve private domain names. A

public hosted zone is accessible by anyone on the internet. Domain name registration is for public domain names. Health

checks aren’t necessary for name resolution to work.

Question 15 1 / 1 pts

You want to provide private name resolution for two VPCs using the domain name company.pri.
How many private hosted zones do you need to create?

Correct!
1

13 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Route 53 private hosted zones provide DNS resolution for a single domain name within multiple VPCs. Therefore, to

support resolution of one domain names for two VPCs, you’d need one private hosted zone.

Question 16 1 / 1 pts

On how many continents are CloudFront edge locations distributed?

Correct!
6

CloudFront has edge locations on six continents (Antarctica is a hard place to get to).

14 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 17 1 / 1 pts

From where does CloudFront retrieve content to store for caching?

Regions

Edge locations

Correct!
Origins

Distributions

A CloudFront origin is the location that a distribution sources content from. Content is stored in edge locations. A

distribution defines the edge locations and origins to use.

Question 18 1 / 1 pts

Which CloudFront distribution type requires you to provide a media player?

15 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
RTMP

Edge

Web

Streaming

The RTMP distribution type is for delivering streaming content and requires you to provide a media player. A Web

distribution can also stream audio or video content but doesn’t require you to provide a media player. Streaming and Edge

are not distribution types.

Question 19 1 / 1 pts

You need to deliver content to users in the United States and Canada. Which of the following edge
location options will be the most cost effective for your CloudFront distribution?

United States, Canada, Europe, and Asia

Correct!
United States, Canada, and Europe

16 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

United States, Canada, Europe, Asia, and Africa

All edge locations

The more edge locations you use for a distribution, the more you’ll pay. Selecting the minimum number of locations will be

the most cost effective.

Question 20 1 / 1 pts

Approximately how many different CloudFront edge locations are there?

About 50

More than 500

Correct!
More than 150

More than 300

17 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

There are more than 150 edge locations throughout the world.

Question 21 1 / 1 pts

Which of the following are valid origins for a CloudFront distribution? (Select TWO.)

A private S3 bucket that you own

A private S3 bucket that you don’t have access to

Correct!
A public S3 bucket

Correct!
EC2 instance

An origin can be an EC2 instance or a public S3 bucket. You can’t use a private S3 bucket as an origin.

18 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 22 1 / 1 pts

Which of the following is an advantage of using CloudFormation?

It uses the popular Python programming language.

Correct!
It lets you create multiple separate AWS environments using a single template.

It prevents unauthorized manual changes to resources.

It can create resources outside of AWS.

CloudFormation can create AWS resources and manages them collectively in a stack. Templates are written in the

CloudFormation language, not Python. CloudFormation can’t create resources outside of AWS. It also doesn’t prevent

manual changes to resources in a stack.

Question 23 1 / 1 pts

What formats do CloudFormation templates support? (Select TWO.)

19 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
JSON

Correct!
YAML

XML

HTML

CloudFormation templates are written in the YAML or JSON format.

Question 24 1 / 1 pts

What’s an advantage of using parameters in a CloudFormation template?

Allow multiple stacks to be created from the same template.

Correct!
Allow customizing a stack without changing the template.

Prevent stack updates.

20 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Prevent unauthorized users from using a template.

Parameters let you input customizations when creating a CloudFormation stack without having to modify the underlying

template. Parameters don’t prevent stack updates or unauthorized changes. A template can be used to create multiple

stacks, regardless of whether it uses parameters.

Question 25 1 / 1 pts

Why would you use CloudFormation to automatically create resources for a development
environment instead of creating them using AWS CLI commands? (Select TWO.)

Correct!
CloudFormation stack updates help ensure that changes to one resource won’t break another.

CloudFormation can provision resources faster than the AWS CLI.

Resources created by CloudFormation always work as expected.

Correct!

Resources CloudFormation creates are organized into stacks and can be managed as a single unit.

21 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Resources CloudFormation creates are organized into stacks. When you update a stack, CloudFormation analyzes the

relationships among resources in the stack and updates dependent resources as necessary. This does not, however,

mean that any resource you create using CloudFormation will work as you expect. Provisioning resources using

CloudFormation is not necessarily faster than using the AWS CLI.

Question 26 1 / 1 pts

What are two features of CodeCommit? (Select TWO.)

Correct!
Versioning

Manual deployment

Automatic deployment

Correct!
Differencing

CodeCommit is a private Git repository that offers versioning and differencing. It does not perform deployments.

22 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 27 1 / 1 pts

In the context of CodeCommit, what can differencing accomplish?

Deleting duplicate lines of code

Correct!
Understanding what code change introduced a bug

Allowing reverting to an older version of a file

Seeing when an application was last deployed

Differencing lets you see the differences between two versions of a file, which can be useful when figuring out what change

introduced a bug. Versioning, not differencing, is what allows reverting to an older version of a file. Differencing doesn’t

identify duplicate lines of code or tell you when an application was deployed.

Question 28 1 / 1 pts

What software development practice regularly tests new code for bugs but doesn’t do anything
else?

23 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Continuous delivery

Differencing

Continuous deployment

Correct!
Continuous integration

Continuous integration is the practice of running code through a build or test process as soon as it’s checked into a

repository. Continuous delivery and continuous deployment include continuous integration but add deployment to the

process. Differencing only shows the differences between different versions of a file but doesn’t perform any testing.

Question 29 1 / 1 pts

Which CodeBuild build environment compute types support Windows operating systems? (Select
TWO.)

build.general1.small

Correct!
build.general1.large

24 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
build.general1.medium

build.windows1.small

build.general2.large

Build.general1.medium and build.general1.large support Windows and Linux operating systems. Build.general1.small

supports Linux only. The other compute types don’t exist.

Question 30 1 / 1 pts

What does a CodeBuild environment always contain? (Select TWO.)

.NET Core

The PHP programming language

Correct!
A Docker image

The Python programming language

25 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
An operating system

A CodeBuild build environment always contains an operating system and a Docker image. It may contain the other

components but doesn’t have to.

Question 31 1 / 1 pts

Which of the following can CodeDeploy do? (Select THREE.)

Deploy an application to an Android smartphone.

Correct!
Upgrade an application on an EC2 instance running Red Hat Enterprise Linux

Correct!
Deploy a Docker container to the Elastic Container Service.

Correct!
Deploy an application to an on-premises Windows instance.

Deploy a website to an S3 bucket.

26 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

CodeDeploy can deploy application files to Linux or Windows EC2 instances and Docker containers to ECS. It can’t deploy

an application to smartphones, and it can’t deploy files to an S3 bucket.

Question 32 1 / 1 pts

What is the minimum number of actions in a CodePipeline pipeline?

Correct!
2

At the very least, a CodePipeline must consist of a source stage and a deploy stage.

27 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 33 1 / 1 pts

You want to predefine the configuration of EC2 instances that you plan to launch manually and
using Auto Scaling. What resource must you use?

Instance role

CloudFormation template

Correct!
Launch template

Launch configuration

A launch template can be used to launch instances manually and with EC2 Auto Scaling. A launch configuration can’t be

used to launch instances manually. An instance role is used to grant permissions to applications running on an instance.

Auto Scaling can’t provision instances using a CloudFormation template.

Question 34 1 / 1 pts

What Auto Scaling group parameters set the limit for the number of instances that Auto Scaling

28 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

creates? (Select TWO.)

Correct!
Maximum

Group size

Correct!
Minimum

Desired capacity

The maximum and minimum group size values limit the number of instances in an Auto Scaling group. The desired

capacity (also known as the group size) is the number of instances that Auto Scaling will generally maintain, but Auto

Scaling can launch or terminate instances if dynamic scaling calls for it.

Question 35 1 / 1 pts

An Auto Scaling group has a desired capacity of 7 and a maximum size of 7. What will Auto
Scaling do if someone manually terminates one of these instances?

Correct!
It will launch one new instance.

29 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

It will change the desired capacity to 6.

It will not launch any new instances.

It will terminate one instance

Auto Scaling will use self-healing to replace the failed instance to maintain the desired capacity of 7. Terminating an

instance or failing to replace the failed one will result in 6 instances. Auto Scaling won’t ever change the desired capacity in

response to a failed instance.

Question 36 1 / 1 pts

30 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

What Auto Scaling feature creates a scaling schedule based on past usage

Correct!
Predictive scaling

Scheduled scaling

Pattern scaling

Dynamic scaling

Predictive scaling creates a scheduled scaling action based on past usage patterns. Scheduled scaling and dynamic

scaling do not create scheduled scaling actions. There is no such thing as pattern scaling.

Question 37 1 / 1 pts

What type of AWS Systems Manager document can run Bash or PowerShell scripts on an EC2
instance?

Correct!
Command document

31 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Automation document

Run document

Script document

A Command document can execute commands on an EC2 instance. An Automation document can perform administrative

tasks on AWS, such as starting or stopping an instance. There is no such thing as a Script document or a Run document.

Question 38 1 / 1 pts

What type of AWS Systems Manager document can take a snapshot of an EC2 instance?

Script document

Correct!
Automation document

Run document

Command document

32 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

An Automation document can perform administrative tasks on AWS, such as starting or stopping an instance. A Command

document can execute commands on an EC2 instance. There is no such thing as a Script document or a Run document.

Question 39 1 / 1 pts

Which of the following OpsWorks services uses Chef recipes?

AWS OpsWorks Layers

Correct!
AWS OpsWorks Stacks

AWS OpsWorks for Automation

AWS OpsWorks for Puppet Enterprise

AWS OpsWorks Stacks uses Chef recipes, while AWS OpsWorks for Puppet Enterprise uses Puppet modules. There is no

service called AWS OpsWorks Layers or AWS OpsWorks for Automation.

33 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 40 1 / 1 pts

What configuration management platforms does OpsWorks support? (Select TWO.)

CFEngine

Correct!
Puppet Enterprise

SaltStack

Ansible

Correct!
Chef

OpsWorks supports the Puppet Enterprise and Chef configuration management platforms. It doesn’t support SaltStack,

Ansible, or CFEngine.

Question 41 1 / 1 pts

34 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Which of the following OpsWorks Stacks layers contains at least one EC2 instance?

Relational Database Service (RDS) layer

Elastic Load Balancing (ELB) layer

Correct!
OpsWorks layer

EC2 Auto Scaling layer

Elastic Container Service (ECS) cluster layer

Only an OpsWorks layer contains at least one EC2 instance. There’s no such thing as an EC2 Auto Scaling layer.

Question 42 1 / 1 pts

Which of the following is not one of the pillars of the Well-Architected Framework?

Performance efficiency

35 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Resiliency

Cost optimization

Security

Reliability

The five pillars of the Well-Architected Framework are reliability, performance efficiency, security, cost optimization, and

operational excellence. Resiliency is not one of them.

Question 43 1 / 1 pts

Which of the following are examples of applying the principles of the least privilege or maximum
security?

Creating a security group rule to deny access to unused ports

Correct!
Enabling S3 versioning

36 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Granting each AWS user their own IAM username and password

Deleting an empty S3 bucket

Security is about protecting the confidentiality, integrity, and availability of data. Granting each AWS user their own IAM

username and password makes it possible to ensure the confidentiality of data. Enabling S3 versioning protects the

integrity of data by maintaining a backup of an object. Deleting an empty S3 bucket doesn’t help with any of these. It’s not

possible to create a security group rule that denies access to unused ports since security groups deny any traffic that’s not

explicitly allowed.

Question 44 1 / 1 pts

You’re hosting a web application on two EC2 instances in an Auto Scaling group. The performance
of the application is consistently acceptable. Which of the following can help maintain or improve
performance efficiency? (Select TWO.)

Correct!
Using CloudFront

Monitoring for unauthorized access

Correct!

37 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Implementing policies to prevent the accidental termination of EC2 instances in the same Auto Scaling
group

Doubling the number of instances in the Auto Scaling group

Preventing the accidental termination of an EC2 instance in the Auto Scaling group can avoid overburdening and causing

performance issues on the remaining instance, especially during busy times. Using CloudFront can help improve

performance for end users by caching the content in an edge location close to them. Doubling the number of instances

might improve performance, but because performance is already acceptable, doing this would be inefficient. Monitoring for

unauthorized access alone won’t improve performance or performance efficiency.

Question 45 1 / 1 pts

Which of the following can help achieve cost optimization? (Select TWO.)

Deleting empty S3 buckets

Correct!
Deleting unused application load balancers

Correct!
Deleting unused S3 objects

38 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Deleting unused VPCs

Deleting unused S3 objects and unused application load balancers can reduce costs since you’re charged for both.

Deleting unused VPCs and empty S3 buckets won’t reduce costs since they don’t cost anything.

Question 46 1 / 1 pts

Which of the following is a key component of operational excellence?

Making people work longer hours

Correct!
Automating manual processes

Adding more security personnel

Making minor improvements to bad processes

39 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Operational excellence is concerned with strengthening the other four pillars of reliability, performance efficiency, security,

and cost optimization; automation is the key to achieving each of these. Improving bad processes and making people work

longer hours run counter to achieving operational excellence. Adding more security personnel may be a good idea, but it

isn’t a key component of operational excellence.

Question 47 1 / 1 pts

Your default VPC in the us-west-1 Region has three default subnets. How many Availability Zones
are in this Region?

Correct!
3

40 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

In a default VPC, AWS creates a subnet for each Availability Zone in the Region. Hence, if there are three subnets in the

default VPC, there must be three Availability Zones.

Question 48 1 / 1 pts

Your organization is building a database-backed web application that will sit behind an application
load balancer. You add an inbound security group rule to allow HTTP traffic on TCP port 80.
Where should you apply this security group to allow users to access the application?

None of these

The subnets where the instances reside

The database instance

Correct!
The application load balancer listener

41 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Application load balancer listeners use security groups to control inbound access, so you need to apply a security group

that has an inbound rule allowing HTTP access. Applying the security group rule to the database instance won’t help, since

users don’t connect directly to the database instance. You can’t apply a security group to a subnet, only a network access

control list.

Question 49 1 / 1 pts

How does an application load balancer enable reliability?

By routing traffic to the least busy instances

Correct!
By routing traffic away from failed instances

By caching frequently accessed content

By replacing failed instances

42 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

An application load balancer can use health checks to identify failed instances and remove them from load balancing. This

can prevent a user from ever reaching a failed instance. A load balancer can’t replace a failed instance, but Auto Scaling

can. An application load balancer distributes traffic to instances using a round-robin algorithm, not based on how busy

those instances are. An application load balancer doesn’t cache content.

Question 50 1 / 1 pts

Which of the following contains the configuration information for instances in an Auto Scaling
group?

Launch directive

Dynamic scaling policy

CloudFormation template

Correct!
Launch template

43 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

A launch template tells Auto Scaling how to configure the instances it provisions. A dynamic scaling policy controls how

Auto Scaling scales in and out based on CloudWatch metrics. There’s no such thing as a launch directive. Auto Scaling

does not reference a CloudFormation template, but you can use a CloudFormation template to create a stack that contains

a launch template.

Question 51 1 / 1 pts

You’ve created a target tracking policy for an Auto Scaling group. You want to ensure that the
number of instances in the group never exceeds 5. How can you accomplish this?

Set the group size to 5.

Set the minimum group size to 5.

Delete the target tracking policy.

Correct!
Set the maximum group size to 5.

44 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

The maximum group size limits the number of instances in the group. Setting the group size (also known as the desired

capacity) or minimum group size to 5 would increase the number of instances to 5 but would not stop Auto Scaling from

subsequently adding more instances. Deleting the target tracking policy would not necessarily prevent the number of

instances in the group from growing, as another process such as a scheduled scaling policy could add more instances to

the group.

Question 52 1 / 1 pts

Which of the following is an example of a static website?

A popular social media website

A WordPress blog

A web-based email application

Correct!
A website hosted on S3

45 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

A static website serves content just as it’s stored without changing the content on the fly. A WordPress blog, a social media

website, and a web-based email application all compile content from a database and mix it in with static content before

serving it up to the user.

Question 53 1 / 1 pts

Which of the following features of S3 improve the security of data you store in an S3 bucket?
(Select TWO.)

Correct!
By default, S3 removes ACLs that allow public read access to objects.

S3 removes public objects by default.

All objects are readable by all AWS users by default.

Correct!
Objects in S3 are not public by default

46 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Objects you upload to an S3 bucket are not public by default, nor are they accessible to all AWS users. Even if you try to

make an object public using an ACL, S3 will immediately remove the ACL, but you can disable this behavior. S3 never

removes objects by default.

Question 54 1 / 1 pts

Which of the following is required to enable S3 static website hosting on a bucket?

Disable object versioning.

Enable object versioning.

Make all objects in the bucket public.

Correct!
Enable bucket hosting in the S3 service console

Disable default encryption.

47 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

To have S3 host your static website, you need to enable bucket hosting in the S3 service console. It’s not necessary to

disable or enable default encryption or object versioning. There’s also no need to make all objects in the bucket public, but

only those that you want S3 to serve up.

Question 55 1 / 1 pts

You’ve created a static website hosted on S3 and given potential customers the URL that consists
of words and numbers. They’re complaining that it’s too hard to type in. How can you come up with
a friendlier URL?

Re-create the bucket using only numbers in the name.

Re-create the bucket in a different Region.

Re-create the bucket using only words in the name.

Correct!
Use a custom domain name.

48 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Purchasing and using a custom domain name is the best option for a friendly URL. You need to name the bucket the same

as the domain name. Creating a bucket name with only words is unlikely to work, regardless of Region, as bucket names

must be globally unique. A bucket name can’t start with a number.

Question 56 1 / 1 pts

Which of the following is true regarding static websites hosted in S3?

A website hosted on S3 is stored in multiple Regions.

You must use a custom domain name.

Correct!
The content served is not encrypted in transit.

Anyone can modify the content.

49 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Websites hosted in S3 are served using unencrypted HTTP, not secure HTTPS. The content is publicly readable, but that

doesn’t mean the public can modify it. You don’t have to use a custom domain name, as S3 provides an endpoint URL for

you. A website hosted in S3 is stored in a bucket, and a bucket exists in only one Region.

Question 57 1 / 1 pts

Which of the following can impact the reliability of a web application running on EC2 instances?

Correct!
Not replacing a misconfigured resource that the application depends on.

Provisioning too many instances.

The user interface is too difficult to use.

Taking EBS snapshots of the instances.

50 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

The reliability of an application can be impacted by the failure of resources the application depends on. One way a

resource can fail is if it’s misconfigured. Taking EBS snapshots of an instance or provisioning more instances than you

need won’t impact reliability. The user interface being difficult to use might be an annoyance for the user but doesn’t affect

the actual reliability of the application.

Question 58 1 / 1 pts

You have a public web application running on EC2 instances. Which of the following factors
affecting the performance of your application might be out of your control?

Compute

Storage

Database

Correct!
Network

51 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

You may have control over your VPC, but the rest of the network between your application and users on the internet is not

under your control. Compute, storage, and any database your application uses are, or at least theoretically could be, under

your control.

Question 59 1 / 1 pts

An Auto Scaling group can use an EC2 system health check to determine whether an instance is
healthy. What other type of health check can it use?

SNS

VPC

Correct!
ELB

S3

52 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

An Auto Scaling group can use an ELB health check to determine whether an instance is healthy. There is no such thing

as an S3 health check, a VPC health check, or an SNS health check.

Question 60 1 / 1 pts

You’re hosting a static website on S3. Your web assets are stored under the Standard storage
class. Which of the following is true regarding your site?

You’re charged for any compute power used to host the site.

An Availability Zone outage may bring down the site.

Someone may modify the content of your site without authorization.

Correct!
You’re responsible for S3 charges.

53 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

You’re responsible for S3 charges related to your static website. You’re not charged for compute with S3. No one may

modify the content of your site unless you give them permission. The S3 Standard storage class keeps objects in multiple

Availability Zones, so the outage of one won’t affect the site.

Question 61 1 / 1 pts

You’re hosting a static website on S3. Your web assets are stored in the US East 1 Region in the
bucket named mygreatwebsite. What is the URL of the website?

http://mygreatwebsite.s3-website-us-east.amazonaws.com

http://mygreatwebsite.s3-us-east-1.amazonaws.com

http://mygreatwebsite.s3.amazonaws.com

Correct!
http://mygreatwebsite.s3-website-us-east-1.amazonaws.com

The format of the URL is the bucket name, followed by s3-website-, the Region identifier, and then amazonaws.com.

54 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 62 1 / 1 pts

What are some key benefits often available for applications run on a large cloud platform like
AWS? (Select TWO.)

Improved turnaround for new application code releases

Correct!
Improved data security

Improved developer-admin communications

Correct!
Improved infrastructure reliability

Amazon’s size and scale allow it to implement best security and reliability practices. Its size alone is, however, unlikely to

directly impact your team’s code commit or communication processes.

Question 63 1 / 1 pts

Which of the following best describes infrastructure redundancy?

55 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Maintaining copies of application data across multiple physical locations

Increasing the number of deployed resources to meet changing user demand

Increasing the size of deployed resources to meet changing user demand

Maintaining secure network connections to control incoming access

Your assets are redundant when they’re replicated in a way that ensures they’ll survive the failure of one set. Increasing

the number of deployed resources is known as horizontal scaling. Increasing the size of deployed resources is known as

vertical scaling. Controlling network access is not a function of redundancy.

Question 64 1 / 1 pts

Which of the following best describes infrastructure scalability?

Maintaining copies of application data across multiple physical locations

Correct!
Increasing the number of deployed resources to meet growing user demand

Configuring applications to be easily resizable without manual intervention

56 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Maintaining secure network connections to control incoming access

One “scales” the resources serving an application either up or down to meet changing user demand. Maintaining copies is

a redundant practice. Securing network access is not a function of scalability. Resizability is better described as elasticity.

Question 65 1 / 1 pts

Which of the following best describes infrastructure elasticity?

Maintaining copies of application data across multiple physical locations

Correct!
Configuring applications to be easily resizable without manual intervention

The presence of automated, pay-as-you-go access to new resources

Manually setting the number of deployed resources to meet changing user demand

57 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Automation is a key characteristic of elasticity. Maintaining multiple copies is redundancy. Pay-as-you-go access to

resources is a contributing element of elasticity, but it’s not its best description.

Question 66 1 / 1 pts

Process automation is a key element of successful cloud deployments. Which of these contribute
the most to Amazon’s cloud automation? (Select TWO.)

Correct!
Metered service payments

Server virtualization

Correct!
AWS Command Line Interface (CLI) access

Elasticity

Metered payments and scripted (CLI) access are direct drivers of the efficiencies of automation. Elasticity and virtualization

can be important pieces of the automation puzzle, but their contribution isn’t as direct.

58 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 67 1 / 1 pts

What is the main benefit of server virtualization for cloud computing customers?

Virtualization allows cloud customers access to a wider range of software choices.

Virtualization allows cloud customers greater server security.

Virtualization allows cloud customers more effective utilization of hardware resources.

Correct!
Virtualization allows cloud customers direct access to a wide range of compute choices.

It’s true that virtualized environments can sometimes allow for enhanced hardware utilization and security, but that’s not

primarily a benefit that’s specific to the cloud. Virtualization has very little to do with enhanced software choices.

Question 68 1 / 1 pts

Which of the following contribute the most to Amazon’s ability to provide its cloud services at rates
often below what they would cost locally? (Select TWO.)

59 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Automation

Enhanced security

Distributed infrastructure

Correct!
Virtualization

Amazon’s distributed infrastructure and enhanced security are powerful but have little or no impact on lower customer

costs. Virtualization and automation both permit greater usage of AWS physical hardware and, thus, drive costs down.

Question 69 1 / 1 pts

Which of the following best describes Amazon’s Elastic Beanstalk service?

Infrastructure as a service

Correct!
Platform as a service

Serverless workloads

60 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Software as a service

Because AWS manages all underlying infrastructure invisibly, Elastic Beanstalk is considered a platform-as- a-service

(PaaS) environment. IaaS leaves most infrastructure administration in your hands. SaaS doesn’t allow the level of

customization you find in Beanstalk, and a serverless tool (like Lambda) doesn’t provision a dedicated instance for your

code the way Beanstalk does.

Question 70 1 / 1 pts

Which of the following best describes the Free Tier?

Full instances from core AWS services available for free through an account’s first 12 months

Correct!
Light versions of most AWS services available for free through an account’s first 12 months

Free enterprise support setup service available for free through an account’s first 30 days

Light versions of most AWS services available for free through an account’s first 30 days

61 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

While some services provide a lightweight Free Tier indefinitely, for the most part, the tier is intended to help you spend 12

months getting to know the inner workings of as many services as possible.

Question 71 1 / 1 pts

What happens if your use of an AWS service goes over the Free Tier threshold?

You will receive an email alert, warning you that you might soon incur actual costs.

Your AWS account will be temporarily suspended until you contact customer support.

Correct!
Your registered credit card will automatically be billed for any usage above the Free Tier limit.

Nothing. AWS has a “mercy” rule that permits up to 75 percent over-usage on the Free Tier limit.

Going over your Free Tier limit is in no way a breach of AWS rules; on the contrary, it’s a normal and expected practice.

Therefore, your account would not be suspended. By default, you will be sent a warning email before your usage goes past

the Free Tier limit, not after. There is no “mercy” rule.

62 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 72 1 / 1 pts

Which of the following would be possible to run during your AWS account’s first year without
incurring any charges?

Correct!
An EC2 t2.micro instance and two 10 GB EBS volumes running 24/7 for 12 months

A static website consuming 8 GB of S3 storage

900 MB worth of Docker container images stored on the Amazon Elastic Container Registry (ECR)

An EC2 t2.micro instance and one 25 GB EBS volume running 24/7 for 12 months

Two 10 GB EBS volumes are within the Free Tier limit of 20 GB. The Free Tier only allows 5 GB of S3 storage and 500 MB

of images in ECR.

Question 73 1 / 1 pts

What is the purpose of the AWS Total Cost of Ownership (TCO) Calculator?

63 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!

To enable apples-to-apples comparisons of the costs of complex local versus AWS- based deployments

To enable quick and accurate estimates of the costs of running any application stack on AWS resources

To provide real-time pricing data for selected AWS services

To provide reports on your actual account spending trends

The TCO Calculator provides cost estimates comparing AWS versus local deployments. You should not consider the

actual AWS service prices to be 100 percent current, and the report will not reflect any real-time costs related to your

account. Use the Simple Monthly Calculator for quick and accurate estimates of the costs of running any application stack.

Question 74 1 / 1 pts

Which of the following are ways to share results you’ve generated in the AWS Simple Monthly
Calculator with remote friends and colleagues? (Select TWO.)

Clicking the Estimate tab

64 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Clicking the Export to CSV button

Clicking the Save to PDF button

Correct!
Clicking the Save and Share button

The Estimate tab will display your results, but they will be visible only from your browser session. There is no direct way to

save the results to PDF. You can save the results to the Comma Separated Values (CSV) spreadsheet format and send

the file to colleagues, or you can click Save and Share to get a unique URL through which others can access your results.

Question 75 1 / 1 pts

65 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

What is the value of an “AWS Budgets” Usage budget?

Monitor the behavior of IAM users associated with your account.

Monitor account costs.

Monitor reservation status.

Correct!
Monitor resource consumption.

The Cost budget monitors account costs. The Reservation budget gives you status reports for your reservations (assuming

there are any). Monitoring IAM users is outside the scope of AWS Budgets.

Question 76 1 / 1 pts

What is the purpose of cost allocation tags?

To help you organize the way data is displayed in the Cost Explorer

66 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

To help you quickly identify accounts within AWS Organizations

To make identifying resources running in your AWS account easier

Correct!
To make tracking the billing impact of running resources easier

Unlike resource tags (which are meant to help you identify running resources within many contexts), cost allocation tags

focus exclusively on the costs incurred by resources.

Question 77 1 / 1 pts

Which of the following best describes AWS Organizations?

A tool that permits resource collaboration between separate accounts

A tool for configuring your AWS Support preferences

A tool to automate control over your account billing

Correct!
A tool to centralize the administration of multiple AWS accounts

67 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

AWS Organizations let you centralize the administration of multiple AWS accounts owned or controlled by a single

company. It allows you to consolidate your billing operations, but it isn’t focused on billing automation, support settings, or

resource collaboration.

Question 78 1 / 1 pts

Your company is experimenting with a number of complicated AWS deployment stacks to assess
which will work best for your applications. Which support plan makes the most sense for the
company at this point?

Business

Enterprise

Basic

Correct!
Developer

68 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Since you’re not running anything in production, you’re not likely to need the 24/7 support offered by Business and

Enterprise support levels just yet, but it would be helpful having the advice of AWS cloud support associates when

necessary.

Question 79 1 / 1 pts

Which of the following would represent the approximate monthly AWS Business support tier cost
for a company spending $40,000/month on AWS infrastructure?

$15,000

$100

$4,000

Correct!
$2,800

69 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

The Business support tier is billed at 7 percent when costs fall between $10,000 and $80,000. A company using the

Enterprise support tier would pay the monthly minimum of $15,000 for a spend of $40,000.

Question 80 1 / 1 pts

Which of the following services are available for accounts subscribed to the Basic support plan?
(Select TWO.)

Correct!
Access to AWS white papers

Full access to Trusted Advisor

Correct!
Limited access to Trusted Advisor

Business hours access to an AWS cloud support associate

Basic-level subscribers get access to only partial access to Trusted Advisor and all publicly available AWS documentation

(including white papers). They do not get to speak with AWS cloud support associates.

70 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 81 1 / 1 pts

Which of the following is available only for Enterprise support plan subscribers?

General guidance within 24 hours

Correct!
Access to a dedicated Technical Account Manager (TAM)

Support for troubleshooting interoperability between AWS resources and third-party software and
operating systems

24/7 access to senior cloud support engineers within 10 minutes

General guidance within 24 hours is also available at the Developer and Business levels. Troubleshooting support is also

available for Business customers. 24/7 access to engineers is available to Enterprise customers, but only within 15

minutes.

Question 82 1 / 1 pts

71 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

What word included in the URL of an AWS documentation web page would indicate that the page
you’re reading is the most recent version available?

Current

Accurate

Recent

Correct!
Latest

AWS documentation web pages will include the word latest in the URL if they’re the most recent version.

Question 83 1 / 1 pts

Which documentation collection is most likely to contain comprehensive, curated solutions to


common AWS deployment problems?

The AWS discussion forums

72 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
The AWS Knowledge Center

The official AWS FAQ

AWS service documentation pages

Service documentation pages don’t focus on solutions to problems. The solutions in the forum aren’t necessarily

comprehensive or curated. There is no “official AWS FAQ.”

Question 84 1 / 1 pts

73 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Which of these Trusted Advisor alert categories will identify resources in your account that are
unnecessarily vulnerable to service disruptions?

Service Limits

Performance

Correct!
Fault Tolerance

Security

The Performance category identifies configuration settings that might be blocking performance improvements. The Service

Limits category identifies resource usage that’s approaching AWS Region or service limits. The Security category identifies

any failures to use security best-practice configurations.

Question 85 1 / 1 pts

Which of these Trusted Advisor alert categories are available only for accounts subscribed to
Business or Enterprise support tiers? (Select TWO.)

74 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Cost Optimization

Security

Correct!
Fault Tolerance

Service Limits

The Service Limits category and many Security alerts are available for all AWS customers.

Question 86 1 / 1 pts

Why is it important to be aware of the particular AWS Region within which you’re working? (Select
TWO.)

Launching resources in the wrong Region can potentially result in service reliability degradation.

Launching resources in the wrong Region can have a major unintended impact on costs incurred by
your account.

Correct!
Launching resources in the wrong Region can negatively impact connectivity and access.

75 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Launching resources in the wrong Region can negatively impact the performance experienced by users
in certain geographical areas.

Using the wrong AWS Region will normally have no major impact on either costs or reliability.

Question 87 1 / 1 pts

Which of the following AWS services are considered global rather than bound to a single AWS
Region? (Select TWO.)

RDS

EC2

Correct!
IAM

Correct!
CloudFront

76 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

The Relational Database Service (RDS) and Elastic Compute Cloud (EC2) both provide instances in a single Region

—unlike IAM and CloudFront, which are Region-independent.

Question 88 1 / 1 pts

Which of the following would be a correct endpoint for an Elastic Compute Cloud instance running
in the Europe Region based in London?

rds.eu-west-1.amazonaws.com

Correct!
ec2.eu-west-2.amazonaws.com

ec.eu-west-1.amazonaws.com

ec2.eu-central-1.amazonaws.com

The correct designation for Elastic Compute Cloud resources is ec2, the London Region is known as eu-west-2, and all

endpoints have an amazonaws.com suffix.

77 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 89 1 / 1 pts

Which of the following most accurately describes an AWS Availability Zone?

The virtual compute, storage, and network resources used by at least three physical data centers

Correct!

The infrastructure resources of one of at least two physical data centers within a single AWS Region

The Network settings defining permitted external access to your AWS resources

The full set of infrastructure resources used by an AWS Region

There is no special term used to describe all the resources of an AWS Region. Availability Zones are made up of at least

two data centers, not three. Network access to resources is controlled by security groups, IAM policies, or access control

groups, not by “Availability Zones.”

Question 90 1 / 1 pts

What kind of AWS object would you need to create to provide you with an isolated network

78 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

environment within an Availability Zone?

Access control list (ACL)

Data center

Correct!
Subnet

Network instance

ACLs can be used to control access to a subnet but don’t define the environment itself. A data center is a collection of

physical infrastructure resources. There’s no such thing as a network instance in the AWS world.

Question 91 1 / 1 pts

Which of the following would correctly designate an Availability Zone in the US East (Ohio)
Region?

us-east-2

us-east-c

79 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

us-east-c2

Correct!
us-east-2c

Availability Zones use the full designation of the parent Region (us-east2, in this case) and a letter for the specific zone.

Question 92 1 / 1 pts

Which of the following are design approaches that can directly increase the performance reliability
of your applications? (Select TWO.)

Correct!
Run redundant resources in multiple Availability Zones

Correct!
Incorporate Auto Scaling into your design.

Use a content distribution network (CDN) like CloudFront to cache your content.

Locate resources geographically close to your users.

80 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

While geolocation and a good CDN can improve performance, they won’t have a direct impact on reliability.

Question 93 1 / 1 pts

Which of the following AWS services provides Domain Name Services (DNS)?

Lambda Edge

Correct!
Route 53

Shield

CloudFront

Lambda Edge is part of Amazon’s serverless platform. CloudFront is a content distribution system. Shield provides firewall

protection to your resources.

81 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 94 1 / 1 pts

Which of the following fall under the administration responsibility of Amazon rather than you (the
customer)? (Select TWO.)

Correct!
The infrastructure powering AWS managed services

Correct!
Physical access to AWS data centers

Data lost through malicious penetration of an application’s defenses

Data stored in customer accounts on AWS

It’s the responsibility of the customer (you) to properly back up and protect the data you use for your applications. AWS is

responsible only for “the cloud” rather than “what’s in the cloud.”

Question 95 1 / 1 pts

Which of the following AWS services would require the customer (i.e., you) to assume the least
responsibility for administration? (Select TWO.)

82 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Route 53

Relational Database Service

Elastic Compute Cloud

Correct!
Elastic Beanstalk

While RDS is a managed service, it’s not as fully managed as Beanstalk. EC2 gives you control over nearly the entire

infrastructure powering your instance.

Question 96 1 / 1 pts

Which of the following authentication tools is most commonly used for programmatic or automated
access to AWS resources?

Passwords

SSH key pairs

Multifactor authentication

83 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Correct!
Access keys

MFA and passwords are most commonly used for manual, direct logins to the AWS Management Console. SSH key pairs

are used for SSH login sessions to EC2 instances. Access keys are generally incorporated into AWS CLI or coded access

via an AWS API.

Question 97 0.67 / 1 pts

Which of the following steps should ideally be taken on behalf of an AWS account’s root user?
(Select THREE.)

Correct!
Set a complex password.

Correct!
Delete associated access keys.

Create access keys.

Correct Answer
Apply multifactor authentication (MFA).

84 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Question 98 1 / 1 pts

Which of the following describes an IAM role?

An identity assumed by multiple users logging in (using passwords) to access one or more AWS
resources

Correct!
An identity used by a process to perform an action against an AWS resource

An identity assumed when a person uses a password to log in to access one or more AWS resources

An identity assigned the owner of an AWS account when the account is created

Identities used by one or more logged-in users are either “user” or “group” identities. The account owner identity is known

as the root user. Roles are generally assumed by processes, not users.

Question 99 1 / 1 pts

Which of the following describes managing user authentication through third-party authentication

85 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

services?

Single sign-on

IAM roles

MFA

Correct!
Federation

Single sign-on defines a user’s authorization status after authentication. IAM roles define the access allowed to a process.

MFA is an authentication method.

Question 100 1 / 1 pts

Which of the following tools should be used regularly to provide insight into who has access to your
account resources?

Federation

Correct!
Credential report

86 of 87 08/02/2023, 10:24 AM
CloudPractitionerCertificationReview3of3 : AWS Academy Cloud Foundations [35053] https://awsacademy.instructure.com/courses/35053/quizzes/73356

Encryption

Single sign-on

Encryption protects your data from unauthorized use. Federation and single sign-on are used to control account access.

The credential report provides insight into who has access to your account resources.

Quiz Score: 98.67 out of 100

87 of 87 08/02/2023, 10:24 AM

You might also like