AWS - Multiple Choice Questions - Set #18

1. You’ve configured CloudTrail to log all management events in all regions. How long will these logs be retained by default?

A. Indefinitely
B. 14 days
C. 15 days
D. 60 days
E. 90 days

Answer - A

Explanation - CloudTrail logs can be stored in S3 buckets or CloudWatch Logs. By default, S3 and CloudWatch Logs don’t delete any files or logs automatically. Therefore, any logs CloudTrail stores will remain indefinitely.

2. You’re storing CloudTrail logs and application logs in the same CloudWatch log group. The retention period for the log group is set to 1 year. Going forward, how can you ensure that the CloudTrail logs are retained for at least 2 years while the application logs continue to be retained for only 1 year? (Choose two.)

A. Move the application log stream to a different log group.
B. Change the log group retention period to 2 years.
C. Change the log stream retention period to 2 years for the CloudTrail logs.
D. Export the CloudTrail logs to an S3 bucket.

Answer - A, B

Explanation - Retention periods are set per log group. To have separate retention periods for different log streams, the streams have to be in different log groups. Exporting CloudTrail logs to an S3 bucket can preserve the existing logs but won’t affect retention moving forward.

3. You want to create an alarm to monitor the VolumeReadOps metric for an EBS volume. The metric is stored with a 5-minute resolution. You need the alarm to trigger as soon as the metric crosses a threshold. What period should you use?

A. 1 minute
B. 5 minutes
C. 10 minutes
D. 15 minutes

Answer - B

Explanation - The period should be greater than or equal to the resolution of the metric. In this case, you want the alarm to trigger as soon as the metric crosses a threshold, so you should set the period to 5 minutes.

4. You want to configure a CloudWatch alarm for a metric that updates every minute. You want the alarm to trigger if it crosses and remains crossing a threshold for 5 minutes. How should you configure this alarm? (Choose two.)

A. Set the period to 1 minute.
B. Set the period to 5 minutes.
C. Set the datapoints to alarm to 1 out of 5.
D. Set the datapoints to alarm to 5 out of 5.

Answer - A, D

Explanation - Setting the period to 1 minute and the datapoints to alarm to 5 out of 5 will evaluate the metric every minute and trigger the alarm if it remains crossing the threshold for 5 consecutive minutes.

5. Four hours ago, you configured a CloudWatch alarm to monitor CPU utilization on an EC2 instance, but today the alarm is in an INSUFFICIENT_DATA state. Which of the following could explain this? (Choose two.)

A. The instance was restarted.
B. The instance is stopped.
C. The CPU utilization hasn’t crossed the alarm threshold.
D. The alarm period hasn’t elapsed yet.

Answer - B, D

Explanation - The instance being stopped would preclude EC2 from sending any CPU utilization metrics. If the alarm period were set to something greater than 4 hours— such as 6 hours or a day—then that would also explain the INSUFFICIENT_DATA state.

6. You want to be alerted if the average CPU utilization of an instance exceeds 90% or if the instance is stopped for more than 5 minutes. Which of the following will achieve this with minimal effort? (Choose two.)

A. Create a single alarm to monitor the instance’s StatusCheckFailed_Instances and CPUUtilization metrics.
B. Configure the alarm to treat missing data as breaching.
C. Create a single alarm to monitor the CPUUtilization metric.
D. Create two alarms: one alarm to monitor CPU utilization and another to monitor the instance status.

Answer - B, C

Explanation - You can effectively monitor the average CPU utilization and the instance’s running status by creating a single alarm to only monitor CPU utilization as long as you treat missing data as breaching. If the instance is stopped, the evaluation period of the alarm will be missing data and treating that missing data as breaching will trigger the alarm. You can’t create a single alarm to monitor multiple metrics.

7. You need to track the size of files in an S3 bucket over time. Which of the following can you use to get this information with minimal effort?

A. AWS Config
B. CloudTrail
C. S3
D. CloudWatch

Answer - D

Explanation - Using CloudWatch to graph the BucketSizeBytes metric will give you the data with minimal effort.

8. What’s the easiest way to assess your account’s service limits for EBS IOPS?

A. The EBS service Console
B. CloudWatch
C. A request sent to AWS support
D. The EC2 service Console

Answer - D

Explanation - The EC2 service console will show you your account’s EBS service limits. CloudWatch won’t, and there is no EBS service console. Sending a request to AWS support would probably work, but it isn’t the easiest way.

9. You’re running an application on an EC2 instance. The application is licensed for two CPU cores. What do you need to do to determine whether you’re within your licensing agreement?

A. Disable hyperthreading.
B. View the number of vCPUs and make sure it’s not more than two.
C. Reconfigure the instance as a dedicated instance.
D. Move the instance to a dedicated host.

Answer - D

Explanation - If you run an instance on a dedicated host, you can see how many physical sockets and cores the host has. You can’t do this if the instance is a dedicated instance.

10. You have an account limit of 10,000 customer master KMS keys. How many files can you store using SSEKMS encryption before having to request a limit increase?

A. 1,000
B. 10,000
C. 100,000
D. Unlimited

Answer - D

Explanation - There is no practical limit to the number of files you can store in S3. The KMS key limit applies to the number of customer master keys, but you can use the same key to encrypt each file in S3.

11. You’ve created a VPC subnet with a CIDR of 10.0.0.0/24. How many IP addresses do you have available for use?

A. 255
B. 254
C. 251
D. 240

Answer - C

Explanation - AWS reserves the first 4 addresses and last IP address of a subnet. That leaves you with 251 usable addresses.

12. You’re configuring a DynamoDB table for an application. Which of the following will ensure the application gets the most up-to-date data when reading from the table?

A. Enable strongly consistent writes.
B. Enable strongly consistent reads.
C. Enable eventually consistent reads.
D. Enable eventually consistent writes.
E. Use provisioned throughput.

Answer - B

Explanation - Strongly consistent reads deliver the most up-todate data from a table. There is no such thing as a strongly consistent write. Provisioned throughput has to do with performance, not with the contents of the data being read.

13. One DynamoDB read capacity unit (RCU) will allow you to read, per second, one item up to what size? (Choose two.)

A. Anything between 1 and 8 KB using a strongly or eventually consistent read
B. 2 KB using a strongly consistent read
C. 4 KB using a strongly consistent read
D. 8 KB using an eventually consistent read

Answer - B, D

Explanation - One RCU gets you a strongly consistent read per second of an item up to 4 KB in size, or two weakly consistent reads per second of 4 KB each.

14. How many writes per second does 100 DynamoDB write capacity units (WCUs) give you for items each up to 1 KB in size?

A. 1
B. 10
C. 40
D. 100

Answer - D

Explanation - 100 WCUs will let you write 100 items that are up to 1 KB each every second.

15. Approximately how many in-flight messages can you have in a standard SQS queue?

A. 1000
B. 20,000
C. 120,000
D. 1,200,000

Answer - C

Explanation - You can have up to approximately 120,000 in-flight messages in a standard SQS queue.

16. Approximately how many in-flight messages can you have in a FIFO SQS queue?

A. 1000
B. 20,000
C. 120,000
D. 1,200,000

Answer - B

Explanation - You can have up to 20,000 in-flight messages in a FIFO queue.

17. Which of the following storage options provides the lowest storage rates per GB?

A. EBS gp2
B. Glacier
C. S3 Standard
D. S3 Standard-Infrequent Access

Answer - B

Explanation - Glacier offers the lowest storage cost per GB. EBS gp2 storage is the most expensive per GB.

18. Which of the following offers the lowest priced transfer up to 1 GB per month?

A. They are all the same.
B. S3 Standard
C. S3 One Zone-Infrequent Access
D. S3 Standard-Infrequent Access

Answer - B

Explanation - S3 standard charges nothing for data transfer up to 1 GB per month. S3 One Zone-IA and Standard-IA charge. US$0.01 per GB.

19. Which is best for seeing how your AWS bill has changed over time?

A. Cost and Usage Reports
B. Cost Explorer
C. Budgets
D. Trusted Advisor

Answer - B

Explanation - Cost Explorer lets you analyze your costs and usage for the preceding 13 months.

20. Which of the following costs money to access via the API but is free using its web-based user interface?

A. Cost and Usage Reports
B. Budgets
C. Cost Explorer
D. Reserved Instance Reports

Answer - C

Explanation - You can access the query engine that powers Cost Explorer via the API for a cost of US$0.01 per request.

21. What’s the maximum number of AWS Budgets custom budgets you can create for free?

A. None
B. One
C. Two
D. Four

Answer - C

Explanation - You can create up to two AWS Budgets custom budgets for free. Every subsequent custom budget costs US$0.02 daily.

22. You’re running a set of applications in a single AWS region. You want to expand these applications to an additional region but need to determine how much it will cost. Which of the following can help you?

A. Total Cost of Ownership (TCO) calculator
B. Simple Monthly Calculator
C. AWS Budgets
D. Cost Explorer

Answer - B

Explanation - The Simple Monthly Calculator lets you specify the exact resources you plan to run in a region and gives you an estimated monthly cost.

23. Which of the following are not appropriate for running a long-running process? (Choose two.)

A. Reserved instance
B. On-demand instance
C. Spot Instance
D. Lambda

Answer - C, D

Explanation - Spot Instances can be terminated by AWS, and Lambda functions have a timeout of 15 minutes, so they’re not appropriate for a long-running process.

24. The number of on-demand EC2 instances you can run simultaneously in a region is limited by what?

A. The memory limit
B. The number of network interfaces
C. The running on-demand EC2 instances limit
D. The instance family’s vCPU limit

Answer - D

Explanation - Each instance family is limited to a certain number of vCPUs per region. You can run as many on-demand instances as you want until you reach the vCPU limit. There is no memory limit.

25. A t2.small instance uses 1 vCPU. Your account has a per-region vCPU limit of 2400 vCPU for all standard instances. How many on-demand instances can you run simultaneously in a region?

A. 24
B. 25
C. 120
D. 1200
E. 2400

Answer - E

Explanation - If you have a 2400 vCPU limit for standard instances, you can simultaneously run 2400 t2.small instances on demand.

26. You’re running a SQL-backed Linux web application on several EC2 instances. Which of the following will allow you to run the application with minimal changes and at minimal cost?

A. Lambda
B. Auto Scaling
C. ECS
D. DynamoDB

Answer - C

Explanation - ECS will let you run the application in Docker containers at a lower cost than on EC2 instances. Auto Scaling can help reduce costs by scaling in and out based on demand, but the real cost savings will be in using containers rather than multiple EC2 instances. Lambda can’t run Linux applications. Since the application is SQL-backed, DynamoDB can’t help since it’s not a SQL database.

27. You’re running an application on a fleet of EC2 instances. As the application usage has grown, each instance is nearing its memory capacity. Which of the following can you do to minimize your operational costs while ensuring each instance doesn’t run out of memory?

A. Use a dedicated host.
B. Use dedicated instances.
C. Purchase non-convertible reserved instances.
D. Purchase convertible reserved instances.

Answer - D

Explanation - Convertible reserved instances will give you a lower cost, and you can exchange them later if you ever need to switch to a different instance type.

28. Which of the following is not a payment option for a reserved instance?

A. All upfront
B. Partial upfront
C. On demand
D. No upfront

Answer - C

Explanation - All upfront, partial upfront, and no upfront are your only payment options for an instance reservation. On demand isn’t a reserved instance payment option.

29. You’re using almost the full bandwidth of your 1 Gbps Internet connection. You’re using this connection to access AWS resources. Which of the following Direct Connect options will give you at least 1 Gbps of bandwidth to AWS at the lowest cost?

A. VPN
B. Dedicated connection
C. Hosted VIF
D. Hosted connection

Answer - B

Explanation - For a 1 Gbps connection, a dedicated connection is actually cheaper than a hosted VIF. A hosted connection is only for sub-1Gbps connections. There is no such thing as a VPN Direct Connect connection.

30. Which of the following can you not track using AWS Budgets?

A. EC2 CPU utilization
B. Reserved instance coverage
C. EC2 running hours
D. Unused elastic IP addresses

Answer - A

Explanation - You can create a budget to track all of these things except EC2 CPU utilization.

31. You’ve created cost allocation tags, but they don’t show up in the Billing and Cost Management Console. Which of the following could explain why?

A. You’re not using AWS Organizations.
B. Cost allocation tags are not retroactive.
C. Cost allocation tags take up to 24 hours to show up in the Billing and Cost Management Console.
D. You haven’t activated the AWS-generated cost allocation tags.

Answer - C

Explanation - Cost allocation tags can take up to 24 hours to appear in the console. You don’t need to be using AWS Organizations, and you don’t have to activate AWSgenerated cost allocation tags. Cost allocation tags are retroactive.

32. What’s the most cost-effective way to move 500 TB of data from your datacenter to S3?

A. Get a Direct Connect connection and copy the data to S3.
B. Use multiple AWS Snowball appliances.
C. Use multiple AWS Snowball Edge appliances.
D. Use a single AWS Snowball appliance.

Answer - C

Explanation - Each Snowball Edge appliance offers about 100 TB of storage. A Snowball appliance costs more and offers up to about 80 TB of storage. A Direct Connect connection is the costliest option.

33. Some files in an S3 bucket are usually accessed once every six months but occasionally are accessed more frequently. Other files in the bucket are accessed daily. How can you minimize S3 storage costs while keeping these infrequently accessed files available for immediate access?

A. Move the files to the S3 Intelligent-Tiering storage class.
B. Move the files to the Standard-Infrequent Access storage class.
C. Create a lifecycle policy to move files older than six months to the Standard-Infrequent Access storage class.
D. Enable versioning on the bucket.

Answer - B

Explanation - Standard-IA storage is the lowest cost option. Creating a lifecycle policy to transition files to Standard-IA will leave a 6-month gap before the files are moved to the lower-cost storage. Versioning will store more data, increasing costs. S3 Intelligent-Tiering incurs a monthly monitoring and fee per object.

34. You’re running a web application on four EC2 instances in two availability zones. Every year during the Christmas season, your application experiences triple the amount of traffic. Which of the following is the most cost-effective approach to dealing with this seasonal spike?

A. Purchase instance reservations.
B. Use dynamic Auto Scaling.
C. Use scheduled Auto Scaling.
D. Use a step Auto Scaling policy.

Answer - C

Explanation - Scheduled Auto Scaling is the cheapest option since it will add more instances only during the Christmas season. Dynamic Auto Scaling (of which a step scaling policy is an option) could add more instances outside of the busy season, thus incurring more costs. Instance reservations are good for a contiguous period of time such as six months or a short time interval such as a certain day of the month. With reservations, you pay regardless of whether you launch any instances.

35. Which of the following is the top cost-saving benefit of using ECS instead of EC2?

A. Simplified configuration
B. Faster launch times
C. Better memory utilization
D. Better CPU utilization

Answer - C

Explanation - Containers offer better memory utilization than , instances. Although containers launch faster than instances, this doesn’t lead to significant cost savings. Containers don’t offer better CPU utilization. Containers are more complex to configure than instances.

36. Which of the following are the most cost-effective uses of an instance reservation? (Choose two.)

A. A Windows application that must run continuously Monday through Friday
B. A Lambda function that launches an instance daily for batch processing
C. An instance that processes batch jobs on files stored in S3
D. ECS containers running a highly available Ruby application

Answer - A, D

Explanation - A Windows application that must run continuously every weekday is a good reason to purchase an instance reservation. Running a highly available application in containers on an EC2 instance (using ECS) is also a good candidate for an instance reservation. Spot Instances are most cost-effective for batch jobs.

37. Which of the following are valid Spot InstanceInstance durations? (Choose two.)

A. 1 hour
B. 4 hours
C. 8 hours
D. 24 hours

Answer - A, B

Explanation - You can select a Spot Instance duration of 1, 2, 3, 4, 5, or 6 hours. After that, the instance terminates.

38. Your Ruby application needs to run a daily batch job that takes approximately 4 hours. Which of the following is the lowest cost option?

A. Instance reservation
B. Scheduled Spot Instance request
C. Persistent Spot Instance request
D. One-time Spot Instance request

Answer - B

Explanation - A scheduled Spot Instance request can automatically generate a Spot Instance request daily for a specified duration, such as 4 hours. A persistent Spot Instance request will create a new Spot Instance request as soon as the instance from the previous request terminates. A one-time Spot Instance request will launch an instance only once, not daily. An instance reservation will cost more than using Spot Instance requests.

39. You have two VPCs in different regions, and each VPC has three subnets. You want to connect your two datacenters to each of these subnets. The datacenters are not connected to each other. How many Direct Connect connections do you need?

A. One
B. Two
C. Three
D. Six

Answer - B

Explanation - You only need two Direct Connect connections, one per datacenter. These can connect you to all subnets in all regions.

40. You have a branch office connected to a VPC via a VPN. You also have a datacenter connected to the same VPC via Direct Connect. You need to pass traffic between the branch office and the data center. How can you do this at the lowest cost?

A. Configure a transit gateway.
B. Configure VPN CloudHub to use the VPC for transit.
C. Add a Direct Connect connection to the branch office.
D. Add a private line between the datacenter and branch office.

Answer - B

Explanation - VPN CloudHub allows you to use a VPC for transit between two connected sites. A transit gateway lets you route traffic between VPCs and a VPN. The other options are feasible but cost more.

41. Which of the following results in a Spot Instance terminating?

A. Increasing the target capacity
B. The spot request is cancelled.
C. The instance’s workload completes.
D. The spot price rises above your maximum price.

Answer - D

Explanation - When the spot price rises above your maximum price, the instance terminates. The instance’s workload completing or canceling the request won’t necessarily terminate the instance. Increasing the target capacity won’t do it either.

42. Which of the following is the best way to minimize your costs when using Spot Instances?

A. Use on-demand instances alongside Spot Instances.
B. Reduce total target capacity.
C. Set an overall target cost per hour.
D. Stop instances instead of terminating them when interrupted.

Answer - C

Explanation - Setting an overall target cost per hour lets you control your absolute cost for Spot Instances. Reducing total target capacity can reduce costs, but if you don’t specify a maximum cost per hour, you can’t control your overall cost. Using on-demand instances is always more expensive than using Spot Instances. Stopping instances instead of terminating them when interrupted costs more because there’s a cost associated with storing an instance’s EBS volume(s).

43. How are you billed for DynamoDB usage in provisioned capacity mode?

A. Kilobytes read and written
B. Tables created
C. Read and write capacity units provisioned
D. Items read and written

Answer - C

Explanation - In provisioned capacity mode, DynamoDB charges you based on the read and write capacity units provisioned.

44. How are you billed for DynamoDB usage in on-demand capacity mode?

A. Kilobytes read and written
B. Tables created
C. Read and write capacity units provisioned
D. Read and write request units used

Answer - D

Explanation - In on-demand capacity mode, DynamoDB charges you based on the read and write request units used.

45. You have a DynamoDB table in the us-east-1 region. You plan to use the global tables feature to replicate this table to US West 1 for high availability. How will this impact your cost?

A. It will be reduced because you’ll receive discounted pricing.
B. It will stay the same.
C. It will increase by approximately 50%.
D. It will approximately double.

Answer - D

Explanation - Replicating reads and write to another region doubles the amount of reads and writes, thus doubling your cost.

46. Which of the following S3 operations costs nothing?

A. DELETE
B. LIST
C. GET
D. Lifecycle transition requests into a non-Glacier storage tier

Answer - A

Explanation - The DELETE operation costs nothing. The rest incur a nominal cost.

47. Which of the following cost nothing for inbound data transfers to AWS? (Choose two.)

A. Direct Connect
B. Elastic load balancer
C. NAT gateway
D. RDS

Answer - A, D

Explanation - Inbound data transfers to RDS or S3 and via Direct Connect cost nothing. Inbound data transfers through an elastic load balancer or NAT gateway factor into the total cost.

48. What’s the cheapest option for storing one week of VPC flow logs?

A. S3
B. CloudWatch Metrics
C. CloudTrail logs
D. CloudWatch Events

Answer - A

Explanation - You can store VPC flow logs in S3 or CloudWatch Logs, but S3 is the cheapest option.

49. What’s the most cost-effective way to enable searching the last 180 days of API calls on a single account? (Choose two.)

A. S3 Select
B. Streaming CloudTrail logs to CloudWatch Logs
C. Delivering CloudTrail logs to S3
D. CloudTrail event history
E. CloudWatch Logs Insights

Answer - A, C

Explanation - Sending CloudTrail logs to S3 and using S3 Select to search them is cheaper than using CloudWatch Logs. CloudTrail event history stores only 90 days of events.

50. Which of the following is the cheapest?

A. Application load balancer
B. NAT gateway
C. RDS instance
D. Nginx web proxy running on a t3.large ondemand instance

Answer - A

Explanation - All things being equal, the application load balancer is the cheapest resource.

Amazon Web Services (AWS) - Set #18