Show
Chris Kuo/Dr. Dataman Aug 6, 2021 25 min read If you are interested in taking the AWS exams, you probably know the benefits in your career advancement. According to the survey by Zip Recruiter in 2021, the average salary for an AWS Solution Architect Associate is $155,005/year and an AWS Solution Architect Professional is $163,525/year in North America. My post “The Guide to the AWS Certifications” walks you… AWS VPN & AWS Direct Connect In cloud computing, hybrid cloud refers to the use of both on-premises resources in addition to public cloud resources. A hybrid cloud enables an organization to migrate applications and data to the cloud, extend their datacenter capacity, utilize new cloud-native capabilities, move applications closer to customers, and create a backup and disaster recovery solution with cost-effective high availability. By working closely with enterprises, AWS has developed the industry's broadest set of hybrid capabilities across storage, networking, security, application deployment, and management tools to make it easy for you to integrate the cloud as a seamless and secure extension of your existing investments. AWS Virtual Private Network (AWS VPN) provides an internet-based Site-to-Site connection that enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). A VPC VPN Connection utilizes IPSec to establish encrypted connectivity between your network and Amazon VPC over the Internet. VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity. AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your on-premises network or branch office site and Amazon VPC. AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customer's on-premise sites to AWS. Using AWS Direct Connect, data that would have previously been transported over the Internet can now be delivered through a private network connection between AWS and your datacenter or corporate network. Companies of all sizes use AWS Direct Connect to establish private connectivity between AWS and datacenters, offices, or colocation environments. Compared to AWS VPN (Internet-based connection), AWS Direct Connect can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience. Additional information: A. Explanation The other options are incorrect: "AWS Storage Gateway" is incorrect. AWS Storage Gateway is not a caching service, it is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. "Amazon EBS volume" is incorrect. An Amazon EBS volume is a durable, block-level storage device that you can attach to a single EC2 instance. You can use EBS volumes as primary storage for data that requires frequent updates, such as the system drive for an instance or storage for a database application. You can also use them for throughput-intensive applications that perform continuous disk scans. "AWS OpsWorks" is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments. C. Explanation The other options are incorrect. "Adopt
monolithic architecture" is incorrect. AWS recommends adopting microservices architecture, not monolithic architecture. With monolithic architectures, application components are tightly coupled and run as a single service. With a microservices architecture, an application is built as loosely coupled components. "Parallelize tasks" is incorrect. An example of parallelization is when you use a load balancer to distribute the incoming requests across multiple asynchronous instances or when you use the AWS multipart upload to upload large objects in parts. Adjusting capacity up or down based on demand defines the AWS Cloud elasticity not the parallelization. "Build Security in every layer" is incorrect. This option is related to security. A & E Explanation NOTE: The other options are incorrect: "Amazon VPC" is incorrect. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment. Amazon VPC is not a managed service, you are responsible for managing almost everything when using the Amazon VPC service. "Amazon Elastic Compute Cloud" is incorrect. Amazon Elastic Compute Cloud (Amazon EC2) is a service that gives you complete control over your compute resources. Apart from patching the underlying host - which is the responsibility of AWS - you are responsible for managing almost everything in your server instances when using Amazon EC2. "AWS IAM" is incorrect. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. D & E Explanation AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization; security; fault tolerance; performance; and service limits. Like your customized cloud security expert, AWS Trusted Advisor analyzes your AWS environment and provides security recommendations to protect your AWS environment. The service improves the security of your applications by closing gaps, examining permissions, and enabling various AWS security features. The other options are incorrect: "Amazon SNS" is incorrect. Amazon SNS is a pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. "Concierge Support Team" is incorrect. The AWS Concierge Support Team is a specialized offering available only to customers having an Enterprise Support subscription. The Concierge Team assists customers with their billing and account inquiries. "Amazon CloudWatch" is incorrect. Amazon CloudWatch is used to monitor the utilization of AWS resources and services. You can use CloudWatch to visualize system metrics, take automated actions, troubleshoot performance issues, discover insights to optimize your applications, and ensure they are running smoothly. AWS Support Concierge Explanation The other options are incorrect: "AWS Support API" is incorrect. The AWS Support API provides programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. "AWS Operations Support" is incorrect. AWS Operations Support is an Enterprise support program that provides operations assessments and analysis to identify gaps across the operations lifecycle, as well as recommendations based on best practices. "AWS Personal Health Dashboard" is incorrect. AWS Personal Health Dashboard provides a personalized view of the health of AWS services, and alerts when your resources are impacted. Also includes the Health API for integration with your existing management systems. B & D Explanation Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere - web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It's a simple storage service that offers highly available, and infinitely scalable data storage infrastructure at very low costs. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. It gives customers flexibility in the way they manage data for cost optimization, access control, and compliance. S3 provides query-in-place functionality, allowing you to run powerful analytics directly on your data at rest in S3. And Amazon S3 is the most supported cloud storage service available, with integration from the largest community of third-party solutions, systems integrator partners, and other AWS services. Amazon S3 stores any number of objects, but each object does have a size limitation. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 terabytes. B Explanation The other options are incorrect. "Filtering traffic with Security Groups" is incorrect. The AWS Customer is responsible for all network and firewall configurations, including the configuration of Security Groups, Network Access Control Lists (NACLs), and Routing tables. "Client-side encryption" and "Server-side encryption" are incorrect. Data encryption is the responsibility of the customer. D Explanation The other options are incorrect: "A catalog of third-party software solutions that customers need to build solutions and run their businesses" is incorrect. AWS Marketplace is the service that provides this catalog. AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. AWS Marketplace includes software listings from categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. "A hybrid cloud storage between on-premises environments and the AWS Cloud" is incorrect. AWS Storage Gateway is the service that enables your on-premises applications to seamlessly use AWS cloud storage. "An Exabyte-scale data transfer service that allows you to move extremely large amounts of data to AWS" is incorrect. AWS Snowmobile is the exabyte-scale data migration service that allows you to move very large datasets from on-premises to AWS. A Explanation The other options are incorrect: "Amazon Inspector" is incorrect. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. "Amazon EC2 Usage report" is incorrect. The report provides a preconfigured view, based on fixed filter settings, that displays information about your usage and cost trends. "AWS Trusted Advisor" is incorrect. AWS Trusted Advisor is an online tool that provides real time guidance to help you provision your resources following AWS best practices. A Explanation The other options are incorrect: "Security of the IaaS services is the responsibility of AWS" is incorrect. AWS products that fall into the well-understood category of Infrastructure as a Service (IaaS)—such as Amazon EC2, Amazon VPC, and Amazon S3—are completely under your control and require you to perform all of the necessary security configuration and management tasks. For example, for EC2 instances, you're responsible for management of the guest OS (including updates and security patches), any application software or utilities you install on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. These are basically the same security tasks that you're used to performing no matter where your servers are located. "Security of the managed services is the responsibility of the customer" is incorrect. AWS is responsible for the security configuration of its managed services. Examples of these types of services include Amazon DynamoDB, Amazon RDS, Amazon Redshift, Amazon Elastic MapReduce, and Amazon WorkSpaces. For most of these services, all you have to do is to configure logical access controls on the resources and protect your account credentials, but overall, the security configuration work is performed by the service. "Patching the
guest OS is the responsibility of AWS for all services" is incorrect. B Explanation The use cases of Amazon CloudFront include: The other options are incorrect: "AWS CloudFormation" is incorrect. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. "Amazon Kinesis Video Streams" is incorrect. Amazon Kinesis Video Streams enables you to securely stream video from connected devices (IoT devices) to AWS for analytics, machine learning (ML), playback, and other processing. Kinesis Video Streams automatically provisions and elastically scales all the infrastructure needed to ingest streaming video data from millions of devices. It durably stores, encrypts, and indexes video data in your streams, and allows you to access your data through easy-to-use APIs. "Amazon SNS" is incorrect. Amazon Simple Notification Service (SNS) is a fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan out messages to a large number of subscriber endpoints for parallel processing, including AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email. C Explanation The other options are incorrect: AWS Config is incorrect. AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With
AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting. AWS Lambda is incorrect. AWS Lambda is a serverless compute service. D For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as one account. This means that all accounts in the organization can receive the hourly cost benefit of Reserved Instances that are purchased by any other account. For example, Suppose that Fiona and John each have an account in an organization. Fiona has five Reserved Instances of the same type, and John has none. During one particular hour, Fiona uses three instances and John uses six, for a total of nine instances on the organization's consolidated bill. AWS bills five instances as Reserved Instances, and the remaining four instances as On-demand instances. The other options are incorrect: "The purchased instances will have better performance than On-demand instances" is incorrect. There is no difference in performance between On-demand and Reserved instances of the same type. "The Reserved Instance discounts can only be shared with the master account" is incorrect. The Reserved Instance discounts can be shared with all accounts in the organization. "There are no cost benefits from using Consolidated billing; It is for informational purposes only" is incorrect. With Consolidated Billing, you can combine the usage across all accounts in the organization to share the Reserved Instance discounts, volume pricing discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts. Explanation The other options are incorrect: "AWS Direct Connect" is incorrect. AWS Direct Connect allows you to establish a dedicated network connection from your premises to AWS. "AWS Regions" is incorrect. An AWS Region is a physical location in the world where AWS have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. "AWS VPN" is incorrect. AWS Virtual Private Network (AWS VPN) allows you to establish a secure and private tunnel from your network or device to the AWS global network. A & D Explanation The other options are incorrect: "A dashboard detailing vulnerabilities in your applications" is incorrect. You can check your applications for vulnerabilities using other services such as Amazon Inspector. "Recommendations for Cost Optimization" is incorrect. You can get help about cost optimization using other services such as the AWS Trusted Advisor. "Published information about the current status and availability of all AWS services" is incorrect. You can get information about the current status and availability of the AWS services any time using the AWS Service Health Dashboard that is available at this link: https://status.aws.amazon.com/ B. Explanation Vertical Scaling: Additional information: The other options are incorrect: All other options are examples of Vertical Scaling. C. The other options are incorrect: Amazon EMR is incorrect. EMR is used to process vast amounts of data easily and securely. Use cases include: big data,log analysis, web indexing, data transformations (ETL), machine learning, financial analysis, scientific simulation, and bioinformatics. AWS Config is incorrect. AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Amazon CloudFront is incorrect. Amazon CloudFront gives businesses and web application developers an easy and cost effective way to distribute content globally with low latency and high data transfer speeds. B. Explanation The other options are incorrect: "S3 Intelligent-Tiering" is incorrect. S3 Intelligent-Tiering is ideal for data with unknown or changing access patterns. "AWS Marketplace" is incorrect. AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage third-party software and services that customers need to build solutions and run their businesses. AWS Marketplace includes thousands of software listings from popular categories such as security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple deployment methods. Customers can quickly launch pre-configured software with just a few clicks, and choose software solutions in AMI and SaaS formats, as well as other formats. Flexible pricing options include free trial, hourly, monthly, annual, multi-year, and BYOL, and get billed from one source, AWS. "Amazon EBS" is incorrect. Amazon EBS is a block level storage that provides storage volumes for use with Amazon EC2 and Amazon RDS. Amazon EBS is not a cost-effective choice here. C & E Explanation "Increase speed and agility" is also a correct answer because in a cloud computing environment, new IT resources are only a click away, which means it requires less time to make those resources available to developers - from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower. The other options are incorrect: "Gaining complete control over the physical infrastructure" is incorrect. The Physical infrastructure is a responsibility of AWS, not the customer. Competitive upfront costs" is incorrect. In AWS, most of the services are available with no upfront costs as it follows the pay-as-you-go pricing. "There is no need to worry about security" is incorrect. As mentioned above, security is a shared responsibility between AWS and the customer. For example, the customer has to manage who can access and use AWS resources using the IAM service. D. Explanation The other options are incorrect: "AWS OpsWorks" is incorrect. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. "AWS Server Migration Service" is incorrect. AWS Server Migration Service (SMS) is used to migrate your on-premises workloads to AWS. "AWS Application Discovery Service" is incorrect. AWS Application Discovery Service helps enterprise customers plan migration projects by gathering information about their on-premises data centers. C. Explanation The other options are incorrect: "Provision a large compute capacity to handle any spikes in load" is incorrect. Instead of provisioning a large compute capacity to handle the spikes in load, it is recommended to use the AWS Auto Scaling service to add or remove instances based on demand. The AWS Auto Scaling service allows you to automatically provision new resources to meet demand and maintain performance. When demand drops, AWS Auto Scaling will automatically remove any excess resource capacity, so you avoid overspending. "Use AWS reservations to reduce costs when testing your production environment" is incorrect. Reservations in AWS are not an appropriate choice when you need to test your production environment, AWS reservations have a minimum term of one year. "Invest heavily in architecting your environment, as it is not easy to change your design later" is incorrect. In AWS, you can test and provision your resources on-demand and pay only for what you use with no long-term contracts. This enables you to make any changes you want in your architecture design at any time without any risks. B. Explanation The other options are incorrect: "IAM role" is incorrect. An IAM role is an IAM identity that you can create in your account that has specific permissions. IAM roles allow you to delegate access (for a limited time) to users or
services that normally don't have access to your organization's AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to interact with specific AWS resources. "IAM users" is incorrect. An IAM user is an entity that you create in AWS to represent the person or application that uses it to directly interact with AWS. A primary use for IAM users is to give people the ability to sign in to the AWS Management Console for interactive tasks and to make programmatic requests to AWS services using the API or CLI. A user in AWS consists of a name, a password to sign into the AWS Management Console, and up to two access keys that can be used with the API or CLI. When you create an IAM user, you grant it permissions by making it a member of a group that has appropriate permission policies attached (recommended), or by directly attaching policies to the user. Additional information: "AWS Organizations" is incorrect. AWS Organization helps you to centrally manage billing; control access, compliance, and security; and share resources across multiple AWS accounts. Which AWS service enables users to consolidated billing across multiple accounts?AWS Organizations provides consolidated billing so you can track the combined costs of all the linked accounts in your organization. The master account receives the consolidated bill. With consolidated billing, you can combine service usage from multiple accounts into a single invoice.
Which AWS service will enable customers that have multiple AWS accounts to simplify and consolidate their billing process?Consolidated billing enables consolidating payments from multiple AWS accounts (Linked or Member Accounts) within the organization to a single account by designating it to be the Management or Payer Account.
Which AWS service or feature enables users to get one bill?Consolidated billing has the following benefits: One bill – You get one bill for multiple accounts. Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
Which AWS services can be used to gather information about AWS account activity?AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
|