AWS CLOUD CERTIFICATION EXAM QUESTIONS
AND 100% CORRECT ANSWERS
Which AWS offering enables customers to find, buy, and immediately start using software solutions in
their AWS environment?
A. AWS Config
B. AWS OpsWorks
C. AWS SDK
D. AWS Marketplace
D
Which AWS networking service enables a company to create a virtual network within AWS?
A. AWS Config
B. Amazon Route 53
C. AWS Direct Connect
D. Amazon Virtual Private Cloud (Amazon VPC)
D
Which of the following is AWS's responsibility under the AWS shared responsibility model?
A. Configuring third-party applications
B. Maintaining physical hardware
C. Securing application access and data
D. Managing custom Amazon Machine Images (AMIs)
B
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency
delivery?
A. AWS Regions
B. AWS edge locations
C. AWS Availability Zones
D. Amazon Virtual Private Cloud (Amazon VPC)
B
How would a system administrator add an additional layer of login security to a user's AWS
Management Console?
A. Use AWS Cloud Directory
,B. Audit AWS Identity and Access Management (IAM) roles
C. Enable Multi-Factor Authentication
D. Enable AWS CloudTrail
C
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud
(Amazon EC2) instance is terminated?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS X-Ray
D. AWS Identity and Access Management (AWS IAM)
B
Which service would you use to send alerts based on Amazon CloudWatch alarms?
A. Amazon Simple Notification Service (Amazon SNS)
B. AWS CloudTrail
C. AWS Trusted Advisor
D. Amazon Route 53
A
Where can a customer find information about prohibited actions on AWS infrastructure?
A. AWS Trusted Advisor
B. AWS Identity and Access Management (IAM)
C. AWS Billing Console
D. AWS Acceptable Use Policy
D
Which of the following best describes EBS?
A. A managed database service
B. A NoSQL database service
C. A bitcoin-mining service
D. A virtual hard-disk in the cloud
D
Which of the following best describes Availability Zones?
A. Two zones containing compute resources that are designed to automatically maintain synchronized
copies of each other's data.
, B. A Content Distribution Network used to deliver content to users.
C. Distinct locations from within an AWS region that are engineered to be isolated from failures.
D. Restricted areas designed specifically for the creation of Virtual Private Clouds.
C
There are at least _______ Availability Zones per AWS Region.
A. 3
B. 4
C. 2
D. 1
C
IAM policies are written using ________.
A. SGML
B. XML
C. SAML
D. JSON
D
True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website)
public.
A. False
B. True
A
True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to
an individual object, you use object policies.
A. False
B. True
A
Which of the following are types of cloud computing deployments? (Choose 3)
A. Hybrid cloud
B. Mixed cloud
C. Public cloud
D. Private cloud A, C, D
AND 100% CORRECT ANSWERS
Which AWS offering enables customers to find, buy, and immediately start using software solutions in
their AWS environment?
A. AWS Config
B. AWS OpsWorks
C. AWS SDK
D. AWS Marketplace
D
Which AWS networking service enables a company to create a virtual network within AWS?
A. AWS Config
B. Amazon Route 53
C. AWS Direct Connect
D. Amazon Virtual Private Cloud (Amazon VPC)
D
Which of the following is AWS's responsibility under the AWS shared responsibility model?
A. Configuring third-party applications
B. Maintaining physical hardware
C. Securing application access and data
D. Managing custom Amazon Machine Images (AMIs)
B
Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency
delivery?
A. AWS Regions
B. AWS edge locations
C. AWS Availability Zones
D. Amazon Virtual Private Cloud (Amazon VPC)
B
How would a system administrator add an additional layer of login security to a user's AWS
Management Console?
A. Use AWS Cloud Directory
,B. Audit AWS Identity and Access Management (IAM) roles
C. Enable Multi-Factor Authentication
D. Enable AWS CloudTrail
C
Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud
(Amazon EC2) instance is terminated?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS X-Ray
D. AWS Identity and Access Management (AWS IAM)
B
Which service would you use to send alerts based on Amazon CloudWatch alarms?
A. Amazon Simple Notification Service (Amazon SNS)
B. AWS CloudTrail
C. AWS Trusted Advisor
D. Amazon Route 53
A
Where can a customer find information about prohibited actions on AWS infrastructure?
A. AWS Trusted Advisor
B. AWS Identity and Access Management (IAM)
C. AWS Billing Console
D. AWS Acceptable Use Policy
D
Which of the following best describes EBS?
A. A managed database service
B. A NoSQL database service
C. A bitcoin-mining service
D. A virtual hard-disk in the cloud
D
Which of the following best describes Availability Zones?
A. Two zones containing compute resources that are designed to automatically maintain synchronized
copies of each other's data.
, B. A Content Distribution Network used to deliver content to users.
C. Distinct locations from within an AWS region that are engineered to be isolated from failures.
D. Restricted areas designed specifically for the creation of Virtual Private Clouds.
C
There are at least _______ Availability Zones per AWS Region.
A. 3
B. 4
C. 2
D. 1
C
IAM policies are written using ________.
A. SGML
B. XML
C. SAML
D. JSON
D
True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website)
public.
A. False
B. True
A
True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to
an individual object, you use object policies.
A. False
B. True
A
Which of the following are types of cloud computing deployments? (Choose 3)
A. Hybrid cloud
B. Mixed cloud
C. Public cloud
D. Private cloud A, C, D
