change its elastic IP address.TrueFalse6 True/false: You can use a Quick Start Amazon Machine Image (AMI) to create any instance type.TrueFalse
7 Which S3 encryption option does not require AWS persistently storing the encryption keys it uses to decrypt data?Client‐side encryptionSSE‐KMSSSE‐S3SSE‐C
8 True/false: Durability measures the percentage of likelihood that a given object will not be inadvertently lost by AWS over the course of a year.TrueFalse
9 True/false: After uploading a new object to S3, there will be a slight delay (one to two seconds) before the object is available.TrueFalse
10 You created a Virtual Private Cloud (VPC) using the Classless Inter‐Domain Routing (CIDR) block 10.0.0.0/24. You need to connect to this VPC from your internal network, but the IP addresses in use on your internal network overlap with the CIDR. Which of the following is a valid way to address this problem?Remove the CIDR and use IPv6 instead.Change the VPC's CIDR.Create a new VPC with a different CIDR.Create a secondary CIDR for the VPC.
11 True/false: An EC2 instance must be in a public subnet to access the Internet.TrueFalse
12 True/false: The route table for a public subnet must have a default route pointing to an Internet gateway as a target.TrueFalse
13 Which of the following use cases is well suited for DynamoDB?Running a MongoDB database on AWSStoring large binary files exceeding 1 GB in sizeStoring JSON documents that have a consistent structureStoring image assets for a website
14 True/false: You can create a DynamoDB global secondary index for an existing table at any time.TrueFalse
15 True/false: Enabling point‐in‐time RDS snapshots is sufficient to give you a recovery point objective (RPO) of less than 10 minutes.TrueFalse
16 Which of the following steps does the most to protect your AWS account?Deleting unused Identity and Access Management (IAM) policiesRevoking unnecessary access for IAM usersRotating root access keysRestricting access to S3 bucketsRotating Secure Shell (SSH) key pairs
17 Which of the following can be used to encrypt the operating system of an EC2 instance?AWS Secrets ManagerCloudHSMAWS Key Management Service (KMS)AWS Security Token Service (STS)
18 What is a difference between a token generated by the AWS Security Token Service (STS) and an IAM access key?The token generated by STS can't be used by an IAM principal.An IAM access key is unique.The token generated by STS can be used only once.The token generated by STS expires.
19 True/false: EC2 sends instance memory utilization metrics to CloudWatch every five minutes.TrueFalse
20 You configured a CloudWatch alarm to monitor CPU utilization for an EC2 instance. The alarm began in the INSUFFICIENT_DATA state and then entered the ALARM state. What can you conclude from this?The instance recently rebooted.CPU utilization is too high.The CPU utilization metric crossed the alarm threshold.The instance is stopped.
21 Where do AWS Config and CloudTrail store their logs?S3 bucketsCloudWatch LogsCloudTrail EventsDynamoDBAmazon Athena
22 True/false: An EC2 instance in a private subnet can resolve an “A” resource record for a public hosted zone hosted in Route 53.TrueFalse
23 You want to use Route 53 to send users to the application load balancer closest to them. Which of the following routing policies lets you do this with the least effort?Latency routingGeolocation routingGeoproximity routingEdge routing
24 True/false: You can use an existing domain name with Route 53 without switching its registration to AWS.TrueFalse
25 You're designing an application that takes multiple image files and combines them into a video file that users on the Internet can download. Which of the following can help you quickly implement your application in the fastest, most highly available, and most cost‐effective manner?EC2 spot fleetLambdaRelational Database Service (RDS)Auto Scaling
26 You're using EC2 Auto Scaling and want to implement a scaling policy that adds one extra instance only when the average CPU utilization of each instance exceeds 90 percent. However, you don't want it to add more than one instance every five minutes. Which of the following scaling policies should you use?SimpleStepTarget trackingPercentChangeInCapacity
27 True/false: EC2 Auto Scaling automatically replaces group instances directly terminated by the root user.TrueFalse
28 Which ElastiCache engine can persistently store data?MySQLMemcached MongoDBRedis
29 Which of the following is not an AWS service?CloudFormationPuppetOpsWorksSnowball
30 True/false: S3 cross‐region replication uses transfer acceleration.TrueFalse
31 Which of the following services can you deactivate on your account?Security Token Service (STS)CloudWatchVirtual Private Cloud (VPC)Lambda
32 Which of the following services can alert you to malware on an EC2 instance?AWS GuardDutyAWS InspectorAWS ShieldAWS Web Application Firewall
33 True/false: If versioning is enabled on an S3 bucket, applying encryption to an unencrypted object in that bucket will create a new, encrypted version of that object.TrueFalse
34 Which instance type will, if left running, continue to incur costs?SpotStandard reservedOn‐demandConvertible reserved
35 True/false: The EBS Lifecycle Manager can take snapshots of volumes that were once attached to terminated instances.TrueFalse
36 Which of the following lets you spin up new web servers the quickest?LambdaAuto ScalingElastic Container ServiceCloudFront
37 True/false: CloudFormation stack names are case‐sensitive.TrueFalse
38 Where might CodeDeploy look for the appspec.yml file? (Choose two.)GitHubCodeCommitS3CloudFormation
39 True/false: You can use either CodeDeploy or an AWS Systems Manager command document to deploy a Lambda application.TrueFalse
Answers to Assessment Test
1 B. The Business plan offers access to a support API, but the Developer plan does not. See Chapter 1 for more information.
2 B. Customers are responsible for managing the network configuration of EC2 instances. AWS is responsible for the physical network infrastructure. See Chapter 1 for more information.
3 C. Simple Queue Service (SQS) allows for event‐driven messaging within distributed systems that can decouple while coordinating the discrete steps of a larger process. See Chapter 1 for more information.
4 A.The dedicated host option lets you see the number of physical CPU sockets and cores on a host. See Chapter 2 for more information.
5 B. An elastic IP address will not change. A public IP address attached to an instance will change if the instance is stopped, as would happen when changing the instance type. See Chapter 2 for more information.
