You cannot use AMIs to add your IP addresses. IP addresses are added to an instance as you create it.
Question 162
EBS Volumes CANNOT be attached to multiple EC2 instances at a time.
True
False
Answer is True
EBS Volumes can be attached to only one EC2 Instance at a time, but EC2 Instances can have multiple EBS Volumes attached to them.
Question 163
Which AWS service can identify the person who made the API request when an Amazon EC2 instance is terminated?
Amazon CloudWatch
AWS CloudTrail
AWS X-Ray
AWS Identity and Access Management (IAM)
Answer is AWS CloudTrail
Capture and consolidate user activity and API usage across AWS Regions and accounts on a single, centrally controlled platform.
CloudTrail tracks user mods and actions on resources and instances.
CloudWatch provides the data and actionable insights to monitor applications and resources.
X-Ray is a dev tool that analyzes an app to check for its dependencies and other links to other apps or resources.
Which of the following AWS services should a client utilize to audit the change management of AWS resources?
AWS Config
AWS Trusted Advisor
Amazon CloudWatch
Amazon Inspector
Answer is AWS Config
AWS Config : auditing of changes to configurations, correct.
AWS Trusted Advisor : best practice assessments, wrong.
Amazon CloudWatch : performance monitoring, wrong.
Amazon Inspector : automated security assessments, wrong.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.
Which AWS services and/or features increase availability and mitigate the effect of failures while constructing a typical three-tier web application? (Select two.)
AWS Auto Scaling for Amazon EC2 instances
Amazon VPC subnet ACLs to check the health of a service
Distributed resources across multiple Availability Zones
AWS Server Migration Service (AWS SMS) to move Amazon EC2 instances into a different Region
Distributed resources across multiple AWS points of presence
Answers are;
A. AWS Auto Scaling for Amazon EC2 instances
C. Distributed resources across multiple Availability Zones
Point of Presence consists of Edge Locations and Regional Edge Cache and are used by CloudFront for CDN purpose
Question 168
Which AWS serverless platform services are included?
Amazon EC2, Amazon S3, Amazon Athena
Amazon Kinesis, Amazon SQS, Amazon EMR
AWS Step Functions, Amazon DynamoDB, Amazon SNS
Amazon Athena, Amazon Cognito, Amazon EC2
Answer is AWS Step Functions, Amazon DynamoDB, Amazon SNS
AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you.
Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services.
Which change management actions, according to the AWS Well-Architected Framework, should be followed to ensure AWS Cloud reliability? (Select two.)
Use AWS Config to generate an inventory of AWS resources
Use service limits to prevent users from creating or making changes to AWS resources
Use AWS CloudTrail to record AWS API calls into an auditable log file
Use AWS Certificate Manager to whitelist approved AWS resources and services
Use Amazon GuardDuty to validate configuration changes made to AWS resources
Answers are;
A. Use AWS Config to generate an inventory of AWS resources
C. Use AWS CloudTrail to record AWS API calls into an auditable log file
AWS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. So cannot be D
service limits is about resource quantity so B is wrong
GuardDuty is about threat protection so E is wrong
Can only be and A and C