Aws QCM

First one :
What are the four main factors that a solutions architect should consider
when they must choose a Region?

1 / 1 point

Latency, price, service availability, and compliance

Latency, high availability, taxes, and compliance

Latency, taxes, speed, and compliance

Latency, security, high availability, and resiliency

Correct
A solutions architect should consider the following four aspects when
deciding which AWS Region to use for hosting applications and workloads:
latency, price, service availability, and compliance. For more information, see
the AWS Global Infrastructure video in week 1.

2.
Question 2
True or False: Every action a user takes in AWS is an API call.

1 / 1 point

True

False

Correct
In AWS, every action a user takes is an API call that is authenticated and
authorized. A user can make API calls through the AWS Management Console,
the AWS Command Line Interface (AWS CLI), or the AWS SDKs. For more
information, see the Interacting with AWS video.

3.
Question 3
Which statement BEST describes the relationship between Regions,
Availability Zones and data centers?
1 / 1 point

Availability Zones are clusters of Regions. Regions are clusters of data

centers.

Data centers are cluster of Availability Zones. Regions are clusters of

Availability Zones.

Regions are clusters of Availability Zones. Availability Zones are clusters of

data centers.

Data centers are clusters of Regions. Regions are clusters of Availability

Zones.

Correct
The AWS Cloud infrastructure is built around AWS Regions and Availability
Zones. An AWS Region is a physical location in the world that has multiple
Availability Zones. Availability Zones consist of one or more discrete data
centers, each with redundant power, networking, and connectivity, housed in
separate facilities. For more information, see the AWS Global Infrastructure
video in week 1.

4.
Question 4
Which of the following is a benefit of cloud computing?

1 / 1 point

Run and maintain your own data centers.

Increase time-to-market.

Overprovision for scale.

Go global in minutes.

Correct
Going global in minutes means that users can easily deploy applications in
multiple Regions around the world with a few clicks. For more information,
see the What is AWS reading.
5.
Question 5
A company wants to manage AWS services by using the command line and
automating them with scripts. What should the company use to accomplish
this goal?

1 / 1 point

AWS Management Console

AWS Command Line Interface (AWS CLI)

AWS SDKs

AWS Management Console and AWS SDKs

Correct
The AWS CLI is a unified tool that is used to manage AWS services. By
downloading and configuring the AWS CLI, the company can control multiple
AWS services from the command line and automate them with scripts. For
more information about the correct answer, see the Interacting with AWS
reading.

6.
Question 6
What is a best practice when securing the AWS account root user?

1 / 1 point

Activate AWS Identity and Access Management (IAM) access to the Billing and
Cost Management console

Use the root user for routine administrative tasks

Change account settings

Enable multi-factor authentication

Correct
It is important to not use the AWS account root user access key to sign in to
the AWS account. The access key for an AWS account root user gives full
access to all resources for all AWS services, including billing information.
Users cannot reduce the permissions that are associated with their AWS
account root user access key. Users must delete any access keys that are
associated with the root user and enable multi-factor authentication (MFA) for
the root user account. For more information, see the Protect the AWS Root
User reading.

7.
Question 7
A solutions architect is consulting for a company. When users in the company
authenticate to a corporate network, they want to be able to use AWS without
needing to sign in again. Which AWS identity should the solutions architect
recommend for this use case?

1 / 1 point

AWS account root user

AWS Identity and Access Management (IAM) user

IAM Role

IAM Group

Correct
An IAM role does not have any credentials (password or access keys) that are
associated with it. Instead of being uniquely associated with one person, a
role can be assumed by anyone who needs it. An IAM user can assume a role
to temporarily take on different permissions for a specific task. A role can be
also assigned to a federated user who signs in by using an external identity
provider (IdP) instead of IAM. For more information, see the Role Based
Access in AWS video.

8.
Question 8
Which of the following can be found in an AWS Identity and Access
Management (IAM) policy?

1 / 1 point

Effect

Action
Object

A and B

B and C

Correct
An IAM policy contains a series of elements, including a Version, Statement,
Sid, Effect, Principal, Action, Resource, and Condition. For more information,
see Introduction to Amazon Identity and Access Management.

9.
Question 9
True or False: AWS Identity and Access Management (IAM) policies can
restrict the actions of the AWS account root user.

1 / 1 point

True

False

Correct
The account root user has complete access to all AWS services and resources
in an account, as well as billing and personal information. Because of this, we
recommend that you securely lock away the credentials that are associated
with the root user, and not to use the root user for everyday tasks. For more
information, see the Protect the AWS Root User reading.

10.
Question 10
According to the AWS shared responsibility model, which of the following is
the responsibility of AWS?

0 / 1 point

Controlling the operating system and application platform, as well as

encrypting, protecting, and managing customer data.

Managing customer data, encrypting that data, and protecting the data
through network firewalls and backups.
Managing the hardware, software, and networking components that run AWS
services, such as the physical servers, host operating systems, virtualization
layers, and AWS networking components.

Managing customer data, encrypting that data, and protecting the data
through client-side encryption.

Incorrect
When customers use any AWS service, they are responsible for properly
configuring services and applications, and for also ensuring that their data is
secure. For more information, see Reading: Security and the AWS Shared
Responsibility model.

11.
Question 11
Which of the following is recommended if a company has a single AWS
account, and multiple people who work with AWS services in that account?

1 / 1 point

All people must use the root user to work with AWS services on a daily basis.

The company should create an AWS Identity and Access Management (IAM)
group, grant the group permissions to perform specific job functions, and
assign users to a group, or use IAM roles.

The company must create AWS Identity and Access Management (IAM) users,
and grant users the permissions to perform specific job functions.

The company must create an AWS Identity and Access Management (IAM)
user and grant the user the permissions to access all AWS resources.

Correct
With IAM, a company can create an IAM user group, grant the user group the
permissions to perform specific job functions, and assign users to a group.
This way, the company provides granular access to its employees, and people
and services have permissions to only the resources that they need. The
company could also achieve the same purpose by using IAM roles for
federated access and using granular policies that are attached to roles. For
more information, see Reading: Introduction to AWS Identity and Access
Management.

12.
Question 12
True or False: According to the AWS shared responsibility model, a customer
is responsible for security in the cloud.

1 / 1 point

True

False

Correct
A customer is responsible for security in the cloud, while AWS is responsible
for security of the cloud. For more information, see the Security and the AWS
Shared Responsibility video.

13.
Question 13
Which of the following provides temporary credentials (that expire after a
defined period of time) to AWS services?

0 / 1 point

Principle of least privilege

IAM role

Identity provider (IdP)

AWS IAM Identity Center (successor to AWS Single Sign-On)

Incorrect
An identity provider—whether it is an AWS service, such as AWS IAM Identity
Center (successor to AWS Single Sign-On) or a third-party identity provider—
helps customers create, store, and manage user identity. For more information
about the correct answer, see Reading: Role Based Access in AWS.

14.
Question 14
A user is hosting a solution on Amazon Elastic Compute Cloud (Amazon EC2).
Which networking component is needed to create a private network for their
AWS resources?

0 / 1 point
Virtual private cloud (VPC)

Instance

Tags

Amazon Machine Image (AMI)

Incorrect
An AMI is a template that contains the software configurations that are
required to launch an instance. For more information about the correct
answer, see Hosting the Employee Directory Application on AWS.

Second one :
Which information is needed to create a virtual private cloud (VPC)?

1 / 1 point

The Availability Zone that the VPC will reside in.

The subnet that the VPC will reside in.

The AWS Region that the VPC will reside in.

The group of subnets that the VPC will reside in.

Correct
When a solutions architect creates a VPC, they need to specify the AWS
Region that it will reside in, the IP range for the VPC, and the name of the
VPC. For more information, see the Introduction to Amazon VPC video.

2.
Question 2
Which of the following can a route table be attached to?

1 / 1 point

AWS Accounts

Availability Zone
Subnets

Regions

Correct
A route table contains a set of rules (which are called routes) that determine
where network traffic from a subnet or gateway is directed. Each subnet in a
virtual private cloud (VPC) must be associated with a particular route table.
For more information, see the Amazon VPC Routing video.

3.
Question 3
A company wants to allow resources in a public subnet to communicate with
the internet. Which of the following must the company do to meet this
requirement?

1 / 1 point

Create a route to a private subnet

Attach an internet gateway to their VPC

Create a route in a route table to the internet gateway

A and B

B and C

Correct
Unlike a modem at home, which can go down or go offline, an internet
gateway is highly available and scalable. After the company creates an
internet gateway, they then need to attach it to a virtual private cloud (VPC)
and create a route table to route network traffic through the internet gateway.
For more information, see the Introduction to Amazon VPC reading.

4.
Question 4
What is the compute as a service (CaaS) model?

1 / 1 point
The CaaS model requires that users purchase virtual machines and manually
provision servers to run a workload.

The CaaS model offers computing resources (such as virtual machines that
run on servers in data centers) on demand, by using virtual services.

The CaaS model offers large discounts for computing resources. However,
users must run the workload from the server that is stored on-premises.

The CaaS model delivers cloud-based applications to users across the globe,
over the internet.

Correct
The CaaS model provides virtual computing resources on demand. For more
information, see the Compute as a Service on AWS video.

5.
Question 5
Which statement about the default settings of a security group is TRUE?

1 / 1 point

Allows all inbound traffic and blocks all outbound traffic by default.

Blocks all inbound traffic and allows all outbound traffic by default.

Allows all inbound and outbound traffic by default.

Blocks all inbound and outbound traffic by default.

Correct
Security groups control the traffic that is allowed to reach and leave the
resources that are associated with the security group. By default, security
groups block all incoming traffic, and allow outbound traffic. For more
information, see the Secure Your Network with Amazon VPC Security video.

6.
Question 6
What does an Amazon Elastic Compute Cloud (Amazon EC2) instance type
indicate?

0 / 1 point
Instance family and instance size

Instance placement and instance size

Instance tenancy and instance billing

Instance Amazon Machine Image (AMI) and networking speed

Incorrect
Amazon EC2 provides a wide selection of instance types that are optimized to
fit different use cases. Instance types comprise varying combinations of CPU,
memory, storage, and networking capacity. Instance types give users the
flexibility to choose the appropriate mix of resources for their applications.
Each instance type includes one or more instance sizes, which means that
users can scale resources to the requirements of their target workload. For
more information, see the Introduction to Amazon EC2 video.

7.
Question 7
What is the difference between using AWS Fargate or Amazon Elastic
Compute Cloud (Amazon EC2) as the compute platform for Amazon Elastic
Container Service (Amazon ECS)?

1 / 1 point

With AWS Fargate, AWS manages and provisions the underlying infrastructure
for hosting containers.

With Amazon ECS on Amazon EC2, AWS manages and provisions the
underlying EC2 instance for containers.

With AWS Fargate, users need to manage cluster capacity and scaling.

With Amazon ECS on Amazon EC2, users need to upload only the source code.
Amazon ECS takes care of the rest.

Correct
With Fargate, users don’t need to provision, configure, or scale clusters of
virtual machines to run containers. For more information, see Container
Services on AWS.
8.
Question 8
Which statement about serverless is TRUE?

1 / 1 point

Users must provision and manage servers.

Users must manually scale serverless resources.

Users do not pay for idle resources.

Users must manage availability and fault tolerance.

Correct
Serverless architectures only incur a charge when they are in use and
resources are being consumed. For more information, see the What is
Serverless video.

9.
Question 9
True or False: AWS Lambda is always the best solution when running
applications on AWS.

1 / 1 point

True

False

Correct
AWS Lambda is a good solution for running on-demand workloads with
runtimes of under 15 minutes, without needing to provision and manage
servers. However, it does not fit all use cases. For more information, see the
Choose the Right Compute Service video.

10.
Question 10
Which compute service does Amazon Elastic Compute Cloud (Amazon EC2)
provide?

1 / 1 point
Container services

Serverless

Virtual machines (VMs)

Analytics

Correct
Amazon EC2 is a web service that provides secure and resizable compute
capacity in the cloud. For more information, see Reading: Compute as a
Service on AWS.

11.
Question 11
Which stage of the instance lifecycle is an instance in when the account
starts to accumulate charges?

1 / 1 point

When an instance is in a pending stage

When an instance is in a running stage

When an instance is stopped

When an instance is terminated

Correct
Users start accumulating charges for instance usage when their instance is
running. For more information, see Amazon EC2 Instance Lifecycle.

12.
Question 12
Which component of the c5.4xlarge instance determines the instance family
and generation number?

1 / 1 point

4x
Large

4xlarge

c5

Correct
The c5 determines that this instance is a compute-optimized instance that
belongs to the C family with the fifth-generation number. For more information,
see Reading: Amazon EC2 Instance Lifecycle.

13.
Question 13
Which container runtime can be used to host a container on an Amazon
Elastic Compute Cloud (Amazon EC2) instance?

1 / 1 point

Docker

Container

Amazon Simple Storage Service (Amazon S3)

Amazon EC2

Correct
Docker is a software platform used to create, package, deploy, and run
containers. For more information, see Reading: Container Services on AWS.

14.
Question 14
What is an example of an event that invokes an AWS Lambda function?

1 / 1 point

An AWS API call that is made by an AWS Identity and Access Management
(IAM) role
An upload of a file to the Amazon Simple Storage Service (Amazon S3) source
bucket

An incoming HTTP request to a website that is hosted on Amazon Elastic

Compute Cloud (Amazon EC2)

A simple WordPress website that has no API integration

Correct
An upload of a file to the S3 source bucket can invoke a Lambda function. For
more information, see Introduction to AWS Lambda.

15.
Question 15
True or False: With serverless, users do not need to provision and manage
servers.

1 / 1 point

True

False

Correct
A serverless architecture is a way to build and run applications and services
without needing to manage infrastructure. For more information, see Reading:
Serverless and AWS Lambda.

16.
Question 16
True or False: All AWS services require users to configure a virtual private
cloud (VPC).

1 / 1 point

True

False

Correct
With serverless services, AWS does not require a VPC for networking
purposes. For more information, see Networking on AWS.

17.
Question 17
An engineer is working with networks in the AWS Cloud. What should the
engineer use to configure the size of their network?

1 / 1 point

Classless Inter-Domain Routing (CIDR) notation

IPv6 notation

IPv4 notation

IP addresses

Correct
In AWS, users choose their network size by using CIDR notation. For more
information, see Reading: Networking on AWS.

18.
Question 18
What is the difference between network access control lists (ACLs) and
security groups?

1 / 1 point

By default, network ACLs allow incoming traffic and block outgoing traffic
from a subnet. Users can change these settings to provide an additional layer
of security. However, the default configurations of security groups block all
traffic.

By default, network ACLs block all traffic from a subnet. However, the default
configurations of security groups allow all inbound and outbound traffic. Users
can change these settings to provide an additional layer of security.

By default, network ACLs block incoming traffic and allow outgoing traffic.
The default configurations of security groups block all traffic. Users can
change these settings when they configure networking for their instance.

By default, network ACLs allow incoming and outgoing traffic from a subnet.
Users can change these settings to provide an additional layer of security.
However, the default configurations of security groups block all inbound
traffic and allow all outbound traffic.
Correct
Network ACLs are considered stateless. By default, they allow all traffic in
and out of the subnet. However, users can restrict data at the subnet level by
including both the inbound and outbound ports that are used for the protocol.
If users include the incoming port, but do not include the outbound range,
their server would respond. However, the traffic would never leave the subnet.
In contrast, security groups are stateful. The default configuration of a
security group blocks all inbound traffic and allows all outbound traffic. If
users open inbound ports, security groups will remember if a connection is
originally initiated by the Amazon Elastic Compute Cloud (Amazon EC2)
instance or from the internet, and will allow all outbound traffic. For more
information, see Reading: Amazon VPC routing and security.

Third one :
What is a typical use case for Amazon Simple Storage Service (Amazon S3)?

1 / 1 point

Object storage for media hosting

Object storage for a boot drive

Block storage for an Amazon Elastic Compute Cloud (Amazon EC2) instance

File storage for multiple Amazon Elastic Compute Cloud (Amazon EC2)
instances

Correct
Amazon S3 is an object storage service that is designed for large objects,
such as media files. Because users can store unlimited objects, and the size
of each individual object can be up to 5 TB, Amazon S3 is a good location to
host video, photo, or music uploads. For more information, see the Object
Storage with Amazon S3 video.

2.
Question 2
A company needs a storage layer for a high-transaction relational database on
an Amazon Elastic Compute Cloud (Amazon EC2) instance. Which service
should the company use?

1 / 1 point

Amazon EC2 Instance Store

Amazon Elastic Block Store (Amazon EBS)

Amazon Simple Storage Service (Amazon S3)

Amazon Elastic File System (Amazon EFS)

Correct
Amazon EBS works well for a high-transaction database storage layer. For
more information, see the Amazon EC2 Instance Storage and Amazon Elastic
Block Store video.

3.
Question 3
True or False: Amazon Elastic Block Store (Amazon EBS) volumes are
considered ephemeral storage.

1 / 1 point

True

False

Correct
Amazon EBS provides persistent storage. If the Amazon Elastic Compute
Cloud (Amazon EC2) instance is stopped or terminated, data that is attached
to the EC2 instance will remain on an associated EBS volume permanently.
For more information, see the Amazon EC2 Instance Storage and Amazon
Elastic Block Store reading.

4.
Question 4
A solutions architect is working for a healthcare facility, and they are tasked
with storing 7 years of patient information that is rarely accessed. The
facility’s IT manager asks the solutions architect to consider one of the
Amazon Simple Storage Service (Amazon S3) storage tiers to store the patient
information. Which storage tier should the solutions architect suggest?

1 / 1 point

Amazon S3 Standard

Amazon S3 Glacier Deep Archive

Amazon S3 Standard-Infrequent Access

Amazon S3 Intelligent-Tiering

Correct
Amazon S3 Glacier Deep Archive is the lowest-cost storage class in Amazon
S3. This storage class supports long-term retention and digital preservation
for data that might be accessed once or twice in a year. It is designed for
customers—particularly those in highly regulated industries, such as financial
services, healthcare, and the public sector—that retain data sets for 7 to 10
years (or longer) to meet regulatory compliance requirements. For more
information, see the Object storage with Amazon S3 reading.

5.
Question 5
True or False: Object storage is the best storage solution for applications that
need to frequently update specific small sections of a file.

1 / 1 point

True

False

Correct
User can update only the entire file in object storage. To update specific
sections of a file, we recommend using block storage. For more information,
see Storage Types on AWS.

6.
Question 6
True or False: A Multi-AZ deployment is beneficial when users want to
increase the availability of their database.

1 / 1 point

True

False

Correct
Placing a workload across multiple Availability Zones increases the
availability of resources. For example, say that an environmental hazard in an
Availability Zone causes an Amazon Aurora database to stop working. In this
case, a read-replica of the Aurora database instance that is in an unaffected
Availability Zone will automatically be promoted to a primary database
instance. For more information, see Amazon Relational Database Service.

7.
Question 7
Which task of running and operating the database are users responsible for
when they use Amazon Relational Database Service (Amazon RDS)?

1 / 1 point

Optimizing the database

Provisioning and managing the underlying infrastructure

Installing the relational database management system on the database

instance

Installing patches to the operating system for the database instance

Correct
With Amazon RDS, users are no longer responsible for the underlying
environment that the database runs on. Instead, users can focus on optimizing
the database because Amazon RDS has components that AWS manages. For
more information, see Explore Databases on AWS.

8.
Question 8
Which of the following are common use cases for file storage? (Choose TWO.)

1 / 1 point

User home directories

Correct
User home directories are an example of file storage that uses a hierarchical
system to store and organize data. For more information, see Reading: Storage
types on AWS.

Backup files that are stored in Amazon Simple Storage Service (Amazon S3)

Relational or non-relational databases

Large content repositories

Correct
Large content repositories are an example of file storage. They use a
hierarchical system to store and organize data. For more information, see
Reading: Storage types on AWS.

Big data analytics

9.
Question 9
True or False: The IT department in a company can attach Amazon Elastic
Block Store (Amazon EBS) volumes to Amazon Simple Storage Service
(Amazon S3) to store data in a bucket.

1 / 1 point

True

False

Correct
The IT department cannot attach EBS volumes to Amazon S3. Instead,
Amazon EBS can only be attached to Amazon Elastic Compute Cloud (Amazon
EC2) instances. For more information, see Choose the right storage service.

10.
Question 10
Which of the following instance families does Amazon Relational Database
Service (Amazon RDS) support? (Choose TWO.)

1 / 1 point

Storage optimized

General purpose

Correct
Amazon RDS supports general-purpose instances. For more information, see
Reading: Amazon Relational Database Service.

Compute optimized
Memory optimized

Correct
Amazon RDS is optimized for memory-intensive applications. For more
information, see Reading: Amazon Relational Database Service.

Accelerated computing

11.
Question 11
A solutions architect is working for a small business. The business is looking
for a storage service that temporarily stores frequently changing and non-
persistent data. This type of data can be deleted during instance stops or
terminations. Which service should the solutions architect recommend for this
use case?

1 / 1 point

Amazon Elastic Block Store (Amazon EBS)

Amazon Simple Storage Service (Amazon S3)

Amazon Elastic Compute Cloud (Amazon EC2) Instance Store

Amazon Elastic File System (Amazon EFS)

Correct
Amazon EC2 Instance Store provides ephemeral block storage that is well
suited for the temporary storage of information, such as buffers, caches, and
scratch data. For more information, see Reading: Choose the right storage
service.

12.
Question 12
Which database is a non-relational database that stores data in key-value
pairs, and is a good fit for hosting simple lookup tables?

1 / 1 point

Amazon DynamoDB
Amazon DocumentDB

Amazon Neptune

Amazon Relational Database Service (Amazon RDS)

Correct
DynamoDB is a database that uses the key-value data model for storing simple
data. For more information about the correct question, see Purpose Built
Databases on AWS.

13.
Question 13
Which core component of Amazon DynamoDB corresponds to a column in a
relational database table?

1 / 1 point

Table

Item

Attribute

Database

Correct
In DynamoDB, an attribute is a fundamental data element. It is something that
does not need to be broken down any further. For more information, see
Reading: Introduction to Amazon DynamoDB.

14.
Question 14
Which AWS database service is best suited for use cases such as social
networking or recommendation engines?

1 / 1 point

Amazon DynamoDB

Amazon Aurora
Amazon Redshift

Amazon Neptune

Correct
Amazon Neptune is a fast, reliable, fully managed graph database service that
is designed for fraud detection, social networking, recommendation engines,
and more. For more information, see Reading: Choose the right AWS database
service.

Fourth one
What are the three components of Amazon EC2 Auto Scaling?

1 / 1 point

Scaling policies, security group, EC2 Auto Scaling group

Launch template, scaling policies, EC2 Auto Scaling group

Security group, instance type, key pair

Amazon Machine Image (AMI) ID, instance type, storage

Correct
Amazon EC2 Auto Scaling requires users to specify three main components: a
configuration template for the Amazon Elastic Compute Cloud (Amazon EC2)
instances (either a launch template or a launch configuration); an EC2 Auto
Scaling group to list minimum, maximum, and desired capacity of instances;
and scaling policies that scale an instance based on the occurrence of
specified conditions or on a schedule. For more information, see Amazon EC2
Auto Scaling.

2.
Question 2
Which of the following features are included in Elastic Load Balancing (ELB)?

1 / 1 point

Automatic scaling
Integration with Amazon Relational Database Service RDS

Integration with Amazon EC2 Auto Scaling

A and B

A and C

Correct
ELB automatically distributes incoming traffic across multiple targets—such
as Amazon Elastic Compute Cloud (Amazon EC2) instances, containers, and IP
addresses—in one or more Availability Zones. ELB automatically scales its
capacity in response to changes in incoming traffic. In addition, if users
enable Auto Scaling with Elastic Load Balancing, instances that are launched
by Auto Scaling are automatically registered with the load balancer. For more
information, see Route Traffic with Amazon Elastic Load Balancing.

3.
Question 3
True or False: When a user uses Elastic Load Balancing (ELB) with an Auto
Scaling group, it is not necessary to manually register individual Amazon
Elastic Compute Cloud (Amazon EC2) instances with the load balancer.

1 / 1 point

True

False

Correct
The load balancer automatically registers new instances. For more
information, see Amazon EC2 Auto Scaling.

4.
Question 4
An application must choose target groups by using a rule that is based on the
path of a URL. Which Elastic Load Balancing (ELB) type should be used for this
use case?

1 / 1 point

Classic Load Balancer

Application Load Balancer

Network Load Balancer

Target Load Balancer

Correct
Application Load Balancer is a layer 7 load balancer that routes HTTP and
HTTPs traffic, with support for rules. For more information, see Route Traffic
with Amazon Elastic Load Balancing.

5.
Question 5
What are the two ways that an application can be scaled?

1 / 1 point

Vertically and horizontally

Diagonally and vertically

Horizontally and diagonally

Independently and vertically

Correct
An application can be scaled vertically by adding more power to an existing
machine, or it can be scaled horizontally by adding more machines to a pool of
resources. For more information, see Optimizing Solutions on AWS.

6.
Question 6
Which elements in Amazon CloudWatch dashboards can be used to view and
analyze metrics?

1 / 1 point

Widgets

Metrics
Icons

Components

Correct
Widgets are the elements that can be added to a dashboard. For more
information, see the Introduction to Amazon CloudWatch video.

7.
Question 7
What are the possible states of a metric alarm in Amazon CloudWatch?

1 / 1 point

OK, ALARM, NOT_AVAILABLE

OK, ALERT, INSUFFICIENT_DATA

OK, ALARM, INSUFFICIENT_DATA

OK, ALERT, NOT_AVAILABLE

Correct
A metric alarm in CloudWatch has the following possible states. OK: The
metric or expression is within the defined threshold. ALARM: The metric or
expression is outside of the defined threshold. INSUFFICIENT_DATA: For this
state, the alarm has just started, the metric is not available, or not enough
data is available for the metric to determine the alarm state. For more
information, see the Introduction to Amazon CloudWatch video.

8.
Question 8
What kind of data can a company collect with VPC Flow Logs?

1 / 1 point

Data about network traffic that comes into and out of a virtual private cloud
(VPC)

Malicious activity and unauthorized behavior

Configurations of AWS resources

Compliance-related information

Correct
With VPC Flow Logs, a company can collect data about network traffic that
comes into and out of their VPC. For more information, see Monitoring on AWS.

9.
Question 9
What is a benefit of monitoring on AWS?

0 / 1 point

Monitoring creates operation overhead.

Monitoring recognizes security threats and events.

Monitoring decreases the performance and reliability of resources.

Monitoring increases speed and agility

Incorrect
Through monitoring, companies can view resources that are being
underutilized and rightsize resources to their usage. This can help companies
optimize cost and help them make sure that they are not spending more
money than necessary. For more information about the correct answer, see
Reading: Monitoring on AWS.

10.
Question 10
True or False: When a company redesigns an application by using a serverless
service on AWS, they might not need to configure networking components,
such as a virtual private cloud (VPC), subnets, and security groups.

1 / 1 point

True

False
Correct
By default, AWS Lambda runs functions in a secure VPC with access to AWS
services and the internet. For more information, see Redesigning the
Employee Directory Application.

Quiz fin de cours :

What are the four main factors that a solutions architect should consider
when they must choose a Region?

1 / 1 point

Latency, price, service availability, and compliance

Latency, high availability, taxes, and compliance.

Latency, taxes, speed, and compliance

Latency, security, high availability, and resiliency

Correct
A solutions architect should consider the following four aspects when
deciding which AWS Region to use for hosting applications and workloads:
latency, price, service availability, and compliance. For more information, see
the AWS Global Infrastructure video in week 1.

2.
Question 2
Which statement BEST describes the relationship between Regions,
Availability Zones and data centers?

1 / 1 point

Availability Zones are clusters of Regions. Regions are clusters of data

centers.

Data centers are cluster of Availability Zones. Regions are clusters of

Availability Zones.

Regions are clusters of Availability Zones. Availability Zones are clusters of

data centers.
Data centers are clusters of Regions. Regions are clusters of Availability
Zones.

Correct
The AWS Cloud infrastructure is built around AWS Regions and Availability
Zones. An AWS Region is a physical location in the world that has multiple
Availability Zones. Availability Zones consist of one or more discrete data
centers, each with redundant power, networking, and connectivity, housed in
separate facilities. For more information, see the AWS Global Infrastructure
video in week 1.

3.
Question 3
Which of the following can be found in an AWS Identity and Access
Management (IAM) policy?

0 / 1 point

Effect

Action

Object

A and B

B and C

Incorrect
At AWS, policies define permissions for identities and resources. The
information in a policy statement contains a series of elements, such as a
Version, Statement, Sid, Effect, Principal, Action, Resource, and Condition. For
more information, see Introduction to Amazon Identity and Access
Management.

4.
Question 4
A solutions architect is consulting for a company. When users in the company
authenticate to a corporate network, they want to be able to use AWS without
needing to sign in again. Which AWS identity should the solutions architect
recommend for this use case?

1 / 1 point
AWS account root user

AWS Identity and Access Management (IAM) user

IAM Role

IAM Group

Correct
An IAM role does not have any credentials (password or access keys) that are
associated with it. Instead of being uniquely associated with one person, a
role can be assumed by anyone who needs it. An IAM user can assume a role
to temporarily take on different permissions for a specific task. A role can be
also assigned to a federated user who signs in by using an external identity
provider (IdP) instead of IAM. For more information, see the Role Based
Access in AWS video.

5.
Question 5
A company wants to allow resources in a public subnet to communicate with
the internet. Which of the following must the company do to meet this
requirement?

1 / 1 point

Create a route to a private subnet

Attach an internet gateway to their VPC

Create a route in a route table to the internet gateway

A and B

B and C

Correct
Unlike a modem at home, which can go down or go offline, an internet
gateway is highly available and scalable. After the company creates an
internet gateway, they then need to attach it to a virtual private cloud (VPC)
and create a route table to route network traffic through the internet gateway.
For more information, see the Introduction to Amazon VPC reading.

6.
Question 6
What does an Amazon Elastic Compute Cloud (Amazon EC2) instance type
indicate?

1 / 1 point

Instance family and instance size

Instance placement and instance size

Instance tenancy and instance billing

Instance Amazon Machine Image (AMI) and networking speed

Correct
Instance types are named based on instance generation, family, additional
capabilities, and size. For more information, see the Introduction to Amazon
EC2 video.

7.
Question 7
What is a typical use case for Amazon Simple Storage Service (Amazon S3)?

1 / 1 point

Object storage for media hosting

Object storage for a boot drive

Block storage for an EC2 instance

File storage for multiple EC2 instances

Correct
Amazon S3 is an object storage service that is designed for large objects,
such as media files. Because users can store unlimited objects, and the size
of each individual object can be up to 5 TB, Amazon S3 is a good location to
host video, photo, or music uploads. For more information, see the Object
Storage with Amazon S3 video.

8.
Question 8
A solutions architect is working for a healthcare facility, and they are tasked
with storing 7 years of patient information that is rarely accessed. The
facility’s IT manager asks the solutions architect to consider one of the
Amazon Simple Storage Service (Amazon S3) storage tiers to store the patient
information. Which storage tier should the solutions architect suggest?

1 / 1 point

Amazon S3 Standard

Amazon S3 Glacier Deep Archive

Amazon S3 Standard-Infrequent Access

Amazon S3 Intelligent-Tiering

Correct
Amazon S3 Glacier Deep Archive is the lowest-cost storage class in Amazon
S3. This storage class supports long-term retention and digital preservation
for data that might be accessed once or twice in a year. It is designed for
customers—particularly those in highly regulated industries, such as financial
services, healthcare, and the public sector—that retain data sets for 7 to 10
years (or longer) to meet regulatory compliance requirements. For more
information, see the Object storage with Amazon S3 reading.

9.
Question 9
Which task of running and operating the database are users responsible for
when they use Amazon Relational Database Service (Amazon RDS)?

1 / 1 point

Optimizing the database

Provisioning and managing the underlying infrastructure

Installing the relational database management system on the database

instance
Installing patches to the operating system for the database instance

Correct
With Amazon RDS, users are no longer responsible for the underlying
environment that the database runs on. Instead, users can focus on optimizing
the database because Amazon RDS has components that AWS manages. For
more information, see Explore Databases on AWS.

10.
Question 10
True or false: A Multi-AZ deployment is beneficial when users want to increase
the availability of their database.

1 / 1 point

True

False

Correct
Placing a workload across multiple Availability Zones increases the
availability of resources. For example, say that an environmental hazard in an
Availability Zone causes an Amazon Aurora database to stop working. In this
case, a read-replica of the Aurora database instance that is in an unaffected
Availability Zone will automatically be promoted to a primary database
instance. For more information, see Amazon Relational Database Service.

11.
Question 11
What are the three components of Amazon EC2 Auto Scaling?

1 / 1 point

Scaling policies, security group, EC2 Auto Scaling group

Launch template, scaling policies, EC2 Auto Scaling group

Security group, instance type, key pair

Amazon Machine Image (AMI) ID, instance type, storage

Correct
Amazon EC2 Auto Scaling requires users to specify three main components: a
configuration template for the Amazon Elastic Compute Cloud (Amazon EC2)
instances (either a launch template or a launch configuration); an EC2 Auto
Scaling group to list minimum, maximum, and desired capacity of instances;
and scaling policies that scale an instance based on the occurrence of
specified conditions or on a schedule. For more information, see Amazon EC2
Auto Scaling.

12.
Question 12
An application must choose target groups by using a rule that is based on the
path of a URL. Which Elastic Load Balancing (ELB) type should be used for this
use case?

1 / 1 point

Classic Load Balancer

Application Load Balancer

Network Load Balancer

Gateway Load Balancer

Correct
Application Load Balancer is a layer 7 load balancer that routes HTTP and
HTTPs traffic, with support for rules. For more information, see Route Traffic
with Amazon Elastic Load Balancing.