Amazon Blockhain as a service

Welcome to the FREE AWS Cloud Certification Practice Exam page.

These exams are provided solely as a courtesy for your learning pleasure.

These exams are updated monthly however we will not provide support on these. Updated 06/24/2020

If you require support on your practice exams than consider our practice exams on Udemy.

Good Luck on the exams. You may also want to review the posts I have on these exams that provide a top ten list and a deep dive on this blog site.

AWS Security Specialization Exam

2

AWS Certified Security Specialty Exam #1

FREE AWS Certified Security Specialty Practice Questions Exam 1

1 / 10

A threat assessment has identified a risk whereby an internal employee could exfiltrate sensitive data from production host running inside AWS (Account 1). The threat was documented as follows:
Threat description: A malicious actor could upload sensitive data from Server X by configuring credentials for an AWS account (Account 2) they control and uploading data to an Amazon S3 bucket
within their control. Server M has outbound internet access configured via a proxy server. Legitimate access to S3 is required so that the application can upload encrypted files to an S3 bucket. Server X is currently using an IAM
instance role. The proxy server is not able to inspect any of the server communication due to TLS
encryption. Which of the following options will mitigate the threat? (Choose two.)

2 / 10

A Systems Engineer has been tasked with configuring outbound mail through Simple Email Service (SES) and requires compliance with current TLS standards.
The mail application should be configured to connect to which of the following endpoints and corresponding ports?

3 / 10

An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located
in private subnets. How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose
two.)

4 / 10

The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this? (Select One)

5 / 10

The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done
within AWS?

6 / 10

A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory.
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?

7 / 10

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports.
The company has implemented stringent requirements concerning the security of the data at test
Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of
an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key
was used and by whom. Which steps should you take as a security expert take to satisfy the security requirements requested by the
CISO?

8 / 10

Your job is as a Solutions Architect that is designing a solution that includes a managed VPN connection. You need to monitor whether the VPN connection is up or down. What would you use to monitor availability?. Select One

9 / 10

Your company is hosting a two-tier application that consists of a publicly accessible web server that communicates with a private database. Only HTTPS port 443 traffic to the web server must be allowed from the internet.
Which of the following options would achieve these requirements? (Select Two.)

10 / 10

An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets.
How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)

Your score is


1

AWS Certified Security Specialty Exam #2

FREE AWS Certified Security Specialty Practice Questions Exam 2

1 / 2

The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this? (Select One)

2 / 2

The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done
within AWS?

Your score is


AWS Associate Cloud Architect Exam

0 votes, 0 avg
14

You have 30 Minutes to complete


Created on By holbrookjp

AWS Certified Solutions Architect – Associate SAA-C01 Practice Exam 1

FREE AWS Certified Solutions Architect – Associate Practice Exam . There are 20 questions per exam.

If you feel you need more questions please go to my Udemy page link below for discount practice exams.

1 / 20

A company has publicly hosted web applications and an internal Intranet protected by a proxy and a firewall.

Which technique will help protect against enumeration?  Select One

2 / 20

What S3 related parameters would you configure on S3 objects to ensure limits on the user base who can access S3 objects?

3 / 20

When considering the instance root volume in AWS EC2 what would be two factors to choose an EBS backed AMI over an Instance store AMI? Select Two

4 / 20

Which are the follow three items are true about AWS security groups? Select Three

5 / 20

What are two benefits of using a shared tenancy for you VMs in AWS?  Select Two

6 / 20

In the shared security model the customer and the provider (AWS) have responsibilities for securing resources.  What is a requirement that AWS does not handle for the customer? Select One

7 / 20

What object property defines the performance you will get when reading and writing to the object?

8 / 20

Shared tenancy is the default instance hosting method with EC2. True or False?

9 / 20

Your company is using AWS to host a two-tier application that consists of a publicly accessible web server that communicates with an on premises database.  Your CISO has warned you to only HTTPS port 443 traffic to the web server from the internet. Which twp options will meet these requirements? (Select Two.)

10 / 20

What EC2 instance type would you recommend to a user that needs high end graphics processing? (Select One)

11 / 20

S3 is accessed by Application Programming Interfaces (API) and you are being asked by the developer on the project your consulting about the type of API used.  What API type do you tell them?

12 / 20

What is “bootstrapping” in the world of AWS EC2 instances considered? Select One

13 / 20

Your installing a new software and it has a constraint to use a dedicated host in AWS? What type of software would this be?

14 / 20

You have been advised your enterprise must now meet strict compliance standards. This means that the company must have encrypted archival data storage and will be audited. Data will be
accessed infrequently and may be recovered. The company requires that the storage be secure, durable and provided at the most cost effective solution on AWS available.
What type of storage should be specified? Select One

15 / 20

A future AWS certified solutions architect is currently designing a solution that can monitor memory and disk space utilization of all EC2 instances running Amazon Linux and Windows. Which solution would meet the requirement?

16 / 20

Your company runs a legacy application with a single-tier architecture on an Amazon EC2 Instance. The application profile is that it requires low disk performance with occasional spikes during business hours. After business hours you can shut the EC2 instance down. Which storage option is MOST appropriate for this workload?

17 / 20

What is the maximum number of security groups we assign to an EC2 instance?

18 / 20

You just created a new S3 bucket and added objects. Your NAS administrator is a bit confused and cant understand why there is no obvious hierarchy.  What can you do to create a folder like view? Select One.

19 / 20

How many tags can an AWS S3 object have assigned to it?

20 / 20

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at test
Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key
was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?

Your score is

The average score is 44%

0%


0%
0 votes, 0 avg
4

You have 90 Minutes to complete the exam.


Created on By holbrookjp

AWS Certified Solutions Architect – Associate SAA-C01 Practice Exam 2

FREE AWS Certified Solutions Architect – Associate Practice Exam . There is 50 questions in this exam

If you feel you need more questions please go to my Udemy page link below for discount practice exams.

1 / 50

You would like to understand why your AWS monthly spending is continuing to grow so you can explain where the money is being wasted to your CIO.  What tool would provide insight into this challenge?

2 / 50

Your CIO has summoned you into the office on a Friday afternoon since he received the AWS cloud spend bill for last month. He wants to setup an alert that goes to him when a threshold has been exceeded.   What tool could you use to enable this request?

3 / 50

Which of the following routing policies chooses a route for a user based on the latency of the available region to which traffic can be directed?

4 / 50

How can you control access to S3 buckets and objects?  Select Three

5 / 50

How does the cost of standard reserved instances compare with the cost of on-demand instances?

6 / 50

Your customer has compared prices between spot instances and reserved instances. The customer would like to know why they should NOT use spot instances. What are two reasons. (Select Two)

7 / 50

Which of the following statements are true about edge and region locations? (Choose two.)

8 / 50

You are an architect working on adding scalability to an application based on EC2 instances within a public-facing VPC. You want the maximum amount of flexibility in weighting and load balancing options, as you plan to experiment with various routing types to see which handles load most evenly. Which type of load balancer should you use?

9 / 50

An internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are
deployed evenly across two Availably Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2 instances and database resources to access the Internet. These
instances are not assigned with public IP addresses.
Which component poses a potential single point of failure in this architecture?

10 / 50

A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPS are high and fluctuate significantly when the database is under load.
How should the database environment be re-designed to resolve the IOPS fluctuation?

11 / 50

Your CTO has asked about how AWS charges for use of it services.  He would like to understand actions that incur costs within AWS. (Choose two.)

12 / 50

You have decided to create peering configuration for two VPCs.  What are the two terms used to describe both the initiator and the receiver of the request in AWS?

13 / 50

Which of the following are valid reasons for using Multipart Upload for uploading objects to S3? (Choose two.)

14 / 50

Your customer has stated they need to transfer 30 TB of data into S3 and want to avoid lengthy network exchanges and network saturation. What option would provide your customer with inexpensive data transfer at a large scale?

15 / 50

What EC2 instance type would you recommend to a user that needs high end graphics processing? (Select One)

16 / 50

How long does a typical Glacier data retrieval take?

17 / 50

Which of the following protocols is not commonly used in VPNs? Select One

18 / 50

You are working on increasing performance for an application that routinely sees traffic spikes between 8am and 10am every day.  However, even with Auto Scaling policies, load increases so quickly that response times impact the user experience. Without knowing anything more than this about what the traffic surge represents, how could you most easily and efficiently ensure that your application can respond to these surges?

19 / 50

A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand end the company is considering a move to the cloud.
Which solution should a Solutions Architect recommend as me MOST scalable and cost- effective solution to meet these needs?

20 / 50

Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence.
The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance, you recently added a single-node Memcached ElastiCache Cluster to cache
frequent DB query results. In the next weeks the overall workload is expected to grow by 30%. Do you need to change anything in the architecture to maintain the high availability or the application
with the anticipated additional load? Why?

21 / 50

Which of the following are SQL-based options in RDS? (Choose two.)

22 / 50

Which of the following are available to use as an EBS boot volume? (Choose two.)

23 / 50

What is the default visibility of a newly created S3 bucket?

24 / 50

Your currently designing a new AWS configuration and would like to interconnect your VPCs and your on premises You want to connect multiple VPC and want to manage as one connection.  What would be the AWS service you could select that would meet these requirements?

25 / 50

Which of the following statements are true about RDS? Select Two

26 / 50

Which of the following S3 storage classes has the highest availability?

27 / 50

What is the smallest file size that can be stored on standard class S3?

28 / 50

Your company runs a legacy application with a single-tier architecture on an Amazon EC2 Instance. The application profile is that it requires low disk performance with occasional spikes during business hours. After business hours you can shut the EC2 instance down. Which storage option is MOST appropriate for this workload?

29 / 50

Which of the following provide ways to automate the backup of your RDS database? (Choose two.)

30 / 50

Your company is storing data on Amazon Simple Storage Service (S3) and your CIO is mandating that data is encrypted at rest. How can this be achieved? Select Three

31 / 50

Which of the following statements regarding EBS volumes and EC2 instances would not be correct?

32 / 50

By default, how long do edge locations cache objects?

33 / 50

Your company needs a storage solution that can support millions of customers accessing billing data. The data should be instantly accessible for users, but individual bills are not accessed that often. What is the most cost-efficient storage for this use case?

34 / 50

Which of the following does a Multi-AZ RDS setup address? (Choose two.)

35 / 50

What type of replication occurs in a read replica RDS setup?

36 / 50

Which of the following selections will provide performance improvements in an RDS instance that is currently overloaded? (Choose two.)

37 / 50

A future AWS certified solutions architect is currently designing a solution that can monitor memory and disk space utilization of all EC2 instances running Amazon Linux and Windows. Which solution would meet the requirement?

38 / 50

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. (Choose Two)

39 / 50

You would like to more features in Trusted Adviser. Currently, you have developer support and need to upgrade to the next level of support to unlock more features of Trusted Adviser.  What level is above Developer?

40 / 50

There appears to be an issue an RDS. You would like to access an RDS instance to troubleshoot operating system problems? What do you use?

41 / 50

Which instance type is ideal for an application that suffers numerous spikes in usage at unpredictable times?

42 / 50

Each EC2 instance in the VPC has an interface.  What is this interface called?

43 / 50

When considering the instance root volume in AWS EC2 what would be two factors to choose an EBS backed AMI over an Instance store AMI? Select Two

44 / 50

Which of the following need to be considered across all regions in your account? (Choose two.)

45 / 50

Which of the following are valid domain names for S3 buckets? (Choose two.)

46 / 50

An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must
be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

47 / 50

A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key
drivers for this system include high availability is not required. What is the MOST cost-effective way to purchase compute for this platform?

48 / 50

You customer has a heavy load on an RDS data instance. You want to avoid the overhead and cost of upgrading the instance to a larger instance size. What other options should you consider? (Choose two.)

49 / 50

What are the two types of VPNs that would be used in AWS? (Select Two)

50 / 50

You are deploying this new application in AWS and would like to ensure the workload can perform extremely well and consistently? What EBS volume would you select?

Your score is

The average score is 69%

0%


AWS Class Final Practice Exam

0%
0 votes, 0 avg
11

You have two hours to complete the exam. Good Luck


Created on By holbrookjp

AWS Certified SysOps Administrator – Associate

AWS Certified SysOps Administrator – Associate There are 65 questions in this exam

 

1 / 65

Which are the follow three items are true about AWS security groups? Select Three

2 / 65

Which of the following routing policies chooses a route for a user based on the latency of the available region to which traffic can be directed?

3 / 65

Which of the following take the place of a traditional firewall appliance in AWS? (Select Two)

4 / 65

You have been tasked with setting up storage for an application that loads large photos from an existing RDS. These photos are then processed by a Lambda function and have metadata added, along with additional filters. The Lambda code is inexpensive and can easily be rerun if needed. You need to decide on where to store the photos once they have been processed. Each photo will likely be accessed between 1 and 5 times over the course of a month and should be quickly accessible. The chief driver for the application and your decision should be cost and user experience. What S3 storage class would you select?

5 / 65

When considering the instance root volume in AWS EC2 what would be two factors to choose an EBS backed AMI over an Instance store AMI? Select Two

6 / 65

You are currently being asked by your CIO to ensure that his emails can not be deleted. However, he also asks you to ensure that if they are accidentally deleted that there are audits that can identify this.  What are two options you can impose? Select Two

7 / 65

Your customer has called on a Friday afternoon before you leave for home and is asking how why they can not provision more Elastic IPs in a region.  What do you tell them?

8 / 65

Shared tenancy is the default instance hosting method with EC2. True or False?

9 / 65

What EC2 instance type would you recommend to a user that needs high end graphics processing? (Select One)

10 / 65

Which of the following are valid S3 request headers? (Choose two.)

11 / 65

Which of the following provide ways to automate the backup of your RDS database? (Choose two.)

12 / 65

What are the two types of VPNs that would be used in AWS? (Select Two)

13 / 65

Which of the following are valid reasons to use read replication in RDS? (Choose two.)

14 / 65

Your application is using an ELB in front of an Auto Scaling group of web/application servers deployed across two AZs and a Multi-AZ RDS Instance for data persistence.
The database CPU is often above 80% usage and 90% of I/O operations on the database are reads. To improve performance, you recently added a single-node Memcached ElastiCache Cluster to cache
frequent DB query results. In the next weeks the overall workload is expected to grow by 30%. Do you need to change anything in the architecture to maintain the high availability or the application
with the anticipated additional load? Why?

15 / 65

You are responsible for building out an application that serves user bases in the USA, Canada, Brazil, Singapore and India.  You want to ensure that the company users receive localized content in their own area. Which of the following routing policies should you consider for this application in Route53?

16 / 65

What type of media distribution on CloudFront should you use for video media streaming?

17 / 65

Your company is using AWS to host a two-tier application that consists of a publicly accessible web server that communicates with an on premises database.  Your CISO has warned you to only HTTPS port 443 traffic to the web server from the internet. Which twp options will meet these requirements? (Select Two.)

18 / 65

Which of the following need to be considered across all regions in your account? (Choose two.)

19 / 65

Reffering to the graphic…… If all of the following inbound rules existed on a custom NACL, would SSH traffic be allowed?

 

Question Image

20 / 65

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application must have a highly available architecture. (Choose Two)

21 / 65

Each EC2 instance in the VPC has an interface.  What is this interface called?

22 / 65

In the shared security model the customer and the provider (AWS) have responsibilities for securing resources.  What is a requirement that AWS does not handle for the customer? Select One

23 / 65

What is the maximum number of security groups we assign to an EC2 instance?

24 / 65

What are two benefits of using a shared tenancy for you VMs in AWS?  Select Two

25 / 65

Your customer has asked about CloudFront and would like to have a short training on the subject. They would also like you to identify the pros and cons of using CloudFront.  What are two main advantages of using CloudFront?

26 / 65

Which of the following are valid domain names for S3 buckets? (Choose two.)

27 / 65

You are deploying this new application in AWS and would like to ensure the workload can perform extremely well and consistently? What EBS volume would you select?

28 / 65

How can you control access to S3 buckets and objects?  Select Three

29 / 65

You just created a website called ipassedmyawsexam.com. You also would like to add other domains that are similiar such as ipassedmyawsexam.org as well so you’ve recently purchased the additional domains. What DNS record set would you use to point all the domains to the same domain (forward)?

30 / 65

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at test
Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key
was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?

31 / 65

What technology can you use to provide single sign-on to the AWS management console?

32 / 65

By default, how long do edge locations cache objects?

33 / 65

What is “bootstrapping” in the world of AWS EC2 instances considered? Select One

34 / 65

You would like deploy a centralized management of users in AWS for your companies cloud resources in AWS.  What are the two options to accomplish this?

35 / 65

Which of the following AWS-defined IAM policies offer read and write access to the S3 and EC2 services? (Select Two)

36 / 65

You are auditing the EBS volumes of a number of EC2 instances running three web-facing data-intensive applications. You notice that a number of the volumes are configured as throughput optimized HDDs rather than general-purpose SSD or provisioned IOPS SSD. Why might this decision be appropriate? (Choose two.)

37 / 65

Your company runs a legacy application with a single-tier architecture on an Amazon EC2 Instance. The application profile is that it requires low disk performance with occasional spikes during business hours. After business hours you can shut the EC2 instance down. Which storage option is MOST appropriate for this workload?

38 / 65

You must improve the performance of your existing DynamoDB database. Currently, you believe that CPU utilization is the biggest concern, although you are attempting to proactively provision additional resources rather than reacting to an existing load problem. Which of the following might be your approach?

39 / 65

Which of the following does a Multi-AZ RDS setup address? (Choose two.)

40 / 65

Which of the following S3 storage classes has the highest availability?

41 / 65

How many availability zones (AZ) can a subnet span?

42 / 65

Reference the graphic for this question.

You just showed up a new cloud job and your being asked to evaluate the spreadsheet from the user. What report is this?

Question Image

43 / 65

Which of the following selections will provide performance improvements in an RDS instance that is currently overloaded? (Choose two.)

44 / 65

Your customer launched an EC2 instance that has two volumes attached which are

  1. Root
  2. An additional volume    (Both created with default settings)      What would happen to each volume when terminated?

45 / 65

Which of the following are available to use as an EBS boot volume? (Choose two.)

46 / 65

How many domain names can you manage using Route53?

47 / 65

Your installing a new software and it has a constraint to use a dedicated host in AWS? What type of software would this be?

48 / 65

Where is data stored when placed into S3-IA? (Choose two.)

49 / 65

You have been advised your enterprise must now meet strict compliance standards. This means that the company must have encrypted archival data storage and will be audited. Data will be
accessed infrequently and may be recovered. The company requires that the storage be secure, durable and provided at the most cost effective solution on AWS available.
What type of storage should be specified? Select One

50 / 65

Which of the following is a valid routing policies for Route 53?

51 / 65

You have decided to create peering configuration for two VPCs.  What are the two terms used to describe both the initiator and the receiver of the request in AWS?

52 / 65

An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must
be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago. What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

53 / 65

How long does a typical Glacier data retrieval take?

54 / 65

Which of the following statements are true about RDS? Select Two

55 / 65

A future AWS certified solutions architect is currently designing a solution that can monitor memory and disk space utilization of all EC2 instances running Amazon Linux and Windows. Which solution would meet the requirement?

56 / 65

Which of the following are a collection of permissions in IAM?

57 / 65

Your currently considering using CloudFormation for templating your resources in AWS.   What are the two supported formats for templates?

58 / 65

What type of replication occurs in a read replica RDS setup?

59 / 65

Your company is storing data on Amazon Simple Storage Service (S3) and your CIO is mandating that data is encrypted at rest. How can this be achieved? Select Three

60 / 65

Which of the following statements are true about edge and region locations? (Choose two.)

61 / 65

What is the default visibility of a newly created S3 bucket?

62 / 65

Which of the following are valid reasons for using Multipart Upload for uploading objects to S3? (Choose two.)

63 / 65

Referring to the network diagram please specify the result for the customer if the following happened.  (Select Two)

1. Customer added a bastion host

2.  Customer accidentally removed the NAT Gateway

Question Image

64 / 65

Which of the following are SQL-based options in RDS? (Choose two.)

65 / 65

Which of the following protocols is not commonly used in VPNs? Select One

Your score is

The average score is 52%

0%


AWS Related Blog Posts

AWS Cloud Practitioner Exam Coming Soon

AWS Cloud Practitioner Exam Coming Soon

AWS Cloud Practitioner Exam