AWS Certified Cloud Practitioner — Practice Exam Questions
Are you ready to take the AWS Cloud Practitioner Certification? Test yourself with the following Solved Questions!
The AWS Cloud Practitioner Certification validates cloud fluency and foundational AWS knowledge. It’s the easiest one from Amazon Web Services, and it is intended for individuals who can effectively demonstrate an overall understanding and fluency of the AWS Cloud independent of a specific job role. One year of experience on AWS is recommended, and people with this certification get an average salary of $113.392.
Remember that you can find this exam at FullCertified. Take it now with our exam simulator!
1) Which of the following options is NOT a best practice for protecting the root user of an AWS account?
- Don’t share the root user credentials.
- Enable MFA
- Share the root user credentials with other AWS users
- Lock away the AWS root user access keys
Solution: 3. It’s best practice never to share your AWS account root user password or access keys with anyone. You should protect your root user credentials like you would your credit card numbers.
2) How can you monitor the organization’s costs in AWS?
- AWS Cost Explorer
- AWS Cost Monitor
- AWS Simple Monthly calculator
- AWS Budgets Management
Solution: 1. AWS Cost Explorer allows you to visualize, understand, and manage your AWS costs and usage over time. It provides a detailed breakdown of costs by various dimensions like day, service, and linked AWS account. Here we have an example of AWS Cost Explorer:
3) Which feature of AWS allows you to deploy a new application for which the requirements may change over time?
- Elasticity
- Fault tolerance
- Security
- High availability
Solution: 1. Elasticity is the property of a cloud to scale for CPU, memory, and storage resources to adapt to the changing demands. So if requirements may change over time, you need elasticity to scale according to them.
4) What is the main function of the Elastic Load Balancer?
- Distribute incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones.
- It offers a cache to make the application faster.
- Add/remove EC2 instances depending on the demand.
- It acts as the DNS provider for the EC2 instance.
Solution: 1. Load balancing is the method of distributing network traffic equally across a pool of resources that support an application. For an application to handle millions of users simultaneously, most applications have many resource servers with duplicate data between them. A load balancer is a device that sits between the user and the server group and acts as an invisible facilitator, ensuring that all resource servers are used equally.
For example, with Application Load Balancers, you can distribute incoming traffic by the URL of the request, as we can see in the following image:
5) Which AWS service should be used to create an alarm when a budget exceeds a threshold?
- Amazon CloudTrail
- Amazon CloudFront
- Amazon CloudFormation
- Amazon CloudWatch
Solution: 4. Amazon CloudWatch is a service that collects monitoring and operational data in the form of logs, metrics, and events. AWS Budgets uses CloudWatch to monitor your AWS usage and costs.
You can, for example, create alarms when a budget exceeds a threshold, an action highly recommended when you start using AWS.
6) What is an Edge location?
- A public endpoint for Amazon S3
- A content delivery network (CDN) endpoint for CloudFront
- A faster database where we can backup data
- A service to allow faster uploads
Solution: 2. An Edge Location is a site that CloudFront uses to cache copies of your content for faster delivery to users at any location. You can see some of them in the following picture:
7) What database is fully managed and can be scaled without incurring downtime?
- Amazon DynamoDB
- Amazon RDS
- Amazon Redshift
- Amazon S3
Solution: 1. DynamoDB is the serverless fully managed key-value NoSQL AWS database. It automatically scales tables up and down without incurring downtime. This is the correct option.
8) What are the benefits of using reserved instances? (Select TWO)
- Reduced cost
- Reserve capacity
- More flexibility
- Uses dedicated hardware
- More power
Solution: 1, 2. Reserved instances are a good choice for workloads that run continuously. They provide a significant discount (up to 75%) compared to On-Demand instance pricing; however, you commit to a 1- or 3-year contract using reserved instances.
9) How should an organization deploy an application running on multiple EC2 instances to ensure that a power failure does not cause an application outage?
- Launch the EC2 instances in separate regions
- Launch the EC2 instances into Edge Locations
- Launch the EC2 instances into different Availability Zones
- Launch the EC2 instances into different VPCs
Solution: 3. Availability Zones (AZs) in AWS are designed to provide fault isolation. Imagine that some failures, such as power outages or hardware failures, occur. They’ll be limited to a single AZ rather than affecting your entire application. By spreading your instances across multiple AZs within a region, you can protect your applications from the failure of a single location (high availability). Also, Availability Zones within a region are interconnected with high-speed and low-latency networking to provide a better user experience. Deploying your instances across different regions is not a requirement to create highly available applications, apart from introducing latency.
10) Which service can be used to improve performance for users around the world
- Amazon CloudTrail
- Amazon CloudFront
- Amazon CloudWatch
- Amazon ElastiCache
Solution: 2. The correct answer is CloudFront, the Content Delivery Network from AWS that caches files at Edge Locations worldwide. Amazon CloudWatch and Amazon CloudTrail are services used for monitoring, and ElastiCache indeed improves the read performance for database queries. Still, it’s not a global service that enhances users’ performance worldwide.
11) Under the AWS shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO)
- Physical and environmental security
- Storage device decommissioning
- Configuration of security groups
- Patch management of infrastructure
- Encryption of customer data
Solution: 3, 5. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. The Customer is responsible for the AWS Cloud Services that they use. For this reason, AWS is responsible for the security “of” the cloud, and customers are responsible for security “in” the cloud. You can check more about the AWS Shared Responsibility model at the following link.
12) What is an example of scaling vertically?
- Add more CPU/RAM to existing instances as demand increases
- Add more instances as demand increases
- AWS Auto Scaling adding more EC2 instances
- Adding read replicas to an Amazon RDS database
Solution: 1. Scaling vertically, also known as “scaling up”, means increasing the capacity of existing hardware or software by adding resources. In the context of an AWS EC2 instance, scaling vertically would involve increasing the CPU, RAM, or disk resources of the instance. Adding more instances will be Scaling horizontally, also known as “scaling out”.
13) Which of the following are examples of horizontal scaling? (Select TWO)
- Add more CPU/RAM to existing instances as demand increases
- Add more instances as demand increases
- Requires a restart to scale up or down
- AWS Auto Scaling adding more EC2 instances
- Automatic, using services such as AWS Artifact
Solution: 2, 4.
14) Which AWS services can we use to generate encryption keys to encrypt data? (Select TWO)
- Amazon S3 encryption
- AWS Certificate Manager
- AWS Key Management Service (AWS KMS)
- AWS CIoudHSM
- AWS Secrets Manager
Solution: 3, 4. AWS Key Management Service (AWS KMS) is a key management system scaled for the cloud, and we can use it to encrypt your data.
AWS CloudHSM is a cloud-based hardware security module that lets you quickly generate and use your encryption keys on the AWS Cloud. It ensures the highest level of security by storing keys within a hardware security module designed to meet stringent regulatory and compliance requirements. You have to be careful about CloudHSM, as Amazon cannot access your data because it’s a Hardware module, so you cannot recover your data if you lose it. It’s like KMS using Hardware. You should choose this option in the exam when they ask about an encryption service that uses a hardware security module.
You can create SSL/TLS certificates by using AWS Certificate Manager, but not encryption keys for data. Also, you can store your secrets using AWS Secrets Manager, for example, database credentials or API keys. However, it is not used to generate encryption keys.
15) Which of these elements is not part of the AWS Global Cloud Infrastructure?
- Regions
- Edge Locations
- Availability Zones
- IP subnets
Solution: 4. IP subnets are not part of the AWS Global Cloud Infrastructure; rather, they’re part of the infrastructure that you set up within an AWS environment, specifically within an Amazon Virtual Private Cloud (VPC). The AWS Global Cloud Infrastructure spans 99 Availability Zones within 31 geographic regions, including more than 400 Edge Locations (June 2023). In green, you can see the different AWS regions that are currently available, whereas in red, you can see the AWS regions that are coming soon:
More Questions?
That’s all for now! Do you want more questions? FullCertified is the perfect resource for you if you want more practice!
- You can find more than 500 AWS practice exam questions, including detailed explanations.
- Access to a real exam simulator to thoroughly prepare for the exam.
- You can download all of them on PDF.
- Download the ultimate cheat sheet for the AWS Cloud Practitioner exam!
Visit FullCertified today and get the most out of your certification preparation!
Thanks for Reading!
If you like my work and want to support me…
- You can follow me on Medium here.
- Feel free to clap if this post is helpful for you! :)
