AWS Certified Cloud Practitioner Practice Questions with Answers

Question 1:
Which of the following is not a pillar of AWS Well-Architected Framework?
A. Security
B. Reliability
C. Scalability
D. Sustainability

Answer: C

Explanation
Correct Option
Scalability: The AWS Well-Architected Framework is based on the following architectural pillars: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.

Reference:
https://aws.amazon.com/architecture/well-architected/

Incorrect Options
Security
Reliability
Sustainability

These are part of the AWS Well-Architected Framework.

Reference:
https://aws.amazon.com/architecture/well-architected/

Question 2:

Which of the following design principles is related to the Operational Excellence Pillar of the AWS Well-Architected Framework?
A. Perform operations as code
B. Protect data in transit and at rest
C. Experiment more often
D. Maximize utilization

Answer: A

Explanation
Correct Option
Perform operations as code: The Operational Excellence pillar deals with the ability to run and monitor systems to provide business value. The pillar also talks about continually improving supporting processes and procedures. You can apply this engineering discipline to develop the entire application code in your cloud environment.

You can define your entire workload, for example, applications, and infrastructure, as code and also update them with code. You can also implement your operations procedures as code and automate their execution by triggering them in response to events.

The Operational Excellence pillar has the following design principles:
• Perform operations as code
• Make a frequent small, reversible change
• Refine operations procedures frequently
• Anticipate failure
• Learn from all operational failures

Incorrect Options
Protect data in transit and at rest: This is one of the design principles of the Security Pillar.
Experiment more often: This is one of the design principles of the Performance Efficiency Pillar.
Maximize utilization: This is one of the design principles of the Sustainability Pillar.

Reference:
https://aws.amazon.com/architecture/well-architected/

Question 3:

What is the advantage of a flexible pricing model in cloud computing?
A. The flexible pricing model helps customers to get unlimited bandwidth.
B. The flexible pricing model enables customers to pay for what they use.
C. The flexible pricing model enables customers to get storage free but will be changed for virtual servers.
D. The flexible pricing model enables customers to dynamically add resources when the resources are needed without any extra charge.

Answer: B

Explanation
Correct Option
The flexible pricing model enables customers to pay for what they use:

Screenshot from:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Screenshot from:
https://aws.amazon.com/what-is-cloud-computing/

Incorrect Options
All the other options are incorrect.

Reference:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Question 4:

Which of the following options is not offered by the IaaS type of cloud computing?
A. Virtual Server over the Internet
B. Virtual Storage over the Internet
C. Virtual Network over the Internet
D. Software over the Internet

Answer: D

Explanation
Correct Option
Software over the Internet: this is offered in the SaaS type of cloud computing.

Screenshot From: https://aws.amazon.com/types-of-cloud-computing/

Incorrect Options
Virtual Server over the Internet: this is offered in the IaaS type of cloud computing.
Virtual Storage over the Internet: this is offered in the IaaS type of cloud computing.
Virtual Network over the Internet: this is offered in the IaaS type of cloud computing.

Reference:
https://aws.amazon.com/types-of-cloud-computing/

Question 5:

Which of the following statements are true about AWS Shared Responsibility Model? (Select two)

A. AWS is responsible for maintaining the infrastructure, but customers are responsible for maintaining such as patching guest OS and applications
B. For managed services, AWS operates the infrastructure layer, the operating system, platforms, encryption options, and appropriate permissions
C. AWS maintains all the configuration of its infrastructures such as configuring the guest operating systems, databases, and applications
D. AWS trains AWS employees, but training a customer's employees is the responsibility of the customer itself.
E. Amazon EC2 provides an Infrastructure as a Service (IaaS) type of cloud computing service model. That's the reason AWS will perform all of the necessary security configurations for EC2 Instances.

Answer: A, D

Explanation
Correct Options

AWS is responsible for maintaining the infrastructure, but customers are responsible for maintaining such as patching guest OS and applications

AWS trains AWS employees, but the training of a customer's employees is the responsibility of the customer itself.

AWS is responsible for “Security of the cloud.” What it means is that AWS is responsible for the infrastructure that runs the Cloud. The infrastructure includes physical hardware, software, network, and physical facilities that host infrastructure and run Cloud services. Based on the AWS Responsibility Model, AWS is responsible for AWS's global infrastructure, which means the hardware and software of AWS Regions, AWS Availability Zones, and Edge Locations. AWS is responsible for computing, storage, databases, and networking infrastructure along with physical facilities hosting data centers for the AWS global infrastructure.

“Security in the Cloud” is the responsibility of the customer. AWS Customer responsibilities depend on the AWS services. For example, the customer has more responsibility and control when the customer is using EC2. In the case of EC2, the customer is responsible for securing the instance by configuring Security Groups and Network ACLs, along with applying updates and security patches. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.

Looking at the screenshot above, the AWS customer is responsible for encrypting client-side and server-side data, guest operating system, network, and firewall configuration, software and applications, management of access permissions, and customer data.
As part of Awareness & Training, as per shared control responsibility of the AWS Shared Responsibility Model, AWS trains AWS employees, but customers must train their employees.
AWS Shared Responsibility Model

Screenshot from:
https://aws.amazon.com/compliance/shared-responsibility-model/

Incorrect Options
For managed services, AWS operates the infrastructure layer, the operating system, platforms, encryption options, and appropriate permissions: AWS operates and manages the infrastructure layer, the operating system, and platforms for managed services, such as Amazon S3, Amazon DynamoDB, AWS Lambda, and other managed services. Customers, however, access the endpoints to store and retrieve data. The customer's responsibility is to manage their data, including encryption options, and apply IAM tools for the appropriate permissions.
AWS maintains the configuration of its infrastructure devices and is responsible for configuring the guest operating systems, databases, and applications: As part of Configuration Management of the AWS Shared Responsibility Model, AWS maintains the configuration of its infrastructure devices. It is the responsibility of customers to configure their own guest operating systems, databases, and applications.
Amazon EC2 provides an Infrastructure as a Service (IaaS) type of cloud computing service model. That's the reason AWS will perform all of the necessary security configurations for EC2 Instances: Services such as Amazon EC2 are categorized as Infrastructure as a Service (IaaS) and require the customer to perform all necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for managing the guest operating system, including updates and security patches. The customer is also responsible for any application software or utilities installed by the customer on the EC2 instances. The customer is also responsible for the configuration of the security group on each of its launched EC2 instances.

Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/
 

Question 6:
Which is the best selection choice with regards to cloud computing security?
A. A private cloud is a better option than a public cloud if you need tight control over sensitive data.
B. Cloud computing is not for multitenant applications.
C. It doesn't matter if you choose public or private cloud with regards to the security of data.
D. A community cloud is more secure than a private cloud.

Answer: A

Explanation
Correct Option
A private cloud is a better option than a public cloud if you need tight control over sensitive data: Just because of the nature of a private cloud, it is a better option than a public cloud if you need tight control over sensitive data. Though you can put different mechanisms on the public cloud to have tight control on data in a public cloud, it would not come free.

Incorrect Options
Cloud computing is not for multitenant applications: Cloud computing is the preferred architecture choice in building multitenant applications, for example, Software-as-a-Service.
It doesn't matter if you choose public or private cloud with regards to the security of data: When it comes to the security of data, the choice of cloud computing matters. For example, a private cloud is relatively much secure.
A community cloud is more secure than a private cloud: A private cloud is relatively much secure.

Reference:
https://aws.amazon.com/types-of-cloud-computing/
https://aws.amazon.com/what-is-cloud-computing/

Question 7:
To save costs to avoid buying and maintaining expensive servers, a start-up software organization would like to test and deploy its software solutions on the cloud platform. Therefore, the company is looking for a cloud provider which offers virtual server provisioning and on-demand storage services. Which of the following cloud computing delivery models is the start-up company looking for?
A. Software-as-a-Service
B. Platform-as-a-Service
C. Application-as-a-Service
D. Infrastructure-as-a-Service

Answer: D

Explanation
Correct Option
Infrastructure-as-a-Service: The Infrastructure-as-a-Service (IaaS) cloud computing delivery model provides virtual servers, virtual storage, and access to networking features.

Screenshot From: https://aws.amazon.com/types-of-cloud-computing/

The cloud computing types are also known as different other terms such as cloud computing service models, and cloud computing delivery models. If you notice in the picture it is titled Cloud Computing Models.
Incorrect Options
Software-as-a-Service: The Software-as-a-Service (SaaS) cloud computing delivery model offers applications over the Internet such as SalesForce, and Office 365.
Platform-as-a-Service: The Platform-as-a-Service (PaaS) cloud computing delivery model offers tools and software to help you in the deployment and management of applications. For example, AWS Elastic Beanstalk is used to deploy a web application on the AWS Cloud, AWS Lambda which takes a zip file and deploys and runs your function.
Application-as-a-Service: This is a distraction; there is no Application-as-a-Service.

Reference:
https://aws.amazon.com/types-of-cloud-computing/

Question 8:
In which distribution model of cloud computing a software application is hosted on the cloud platform, and users can access the software using a web browser?
A. Software-as-a-Service
B. Platform-as-a-Service
C. Infrastructure-as-a-Service
D. Function-as-a-Service

Answer: A

Explanation
Correct Option
Software-as-a-Service: In the Software-as-a-Service (SaaS) cloud computing delivery model a software application — for example, SalesForce, Office 365 — is hosted on a cloud platform and users can access the software using a web browser.

Screenshot From: https://aws.amazon.com/types-of-cloud-computing/

The cloud computing types are also known as different other terms such as cloud computing service models, and cloud computing delivery models. If you notice in the picture it is titled Cloud Computing Models.

Incorrect Options
Platform-as-a-Service: The Platform-as-a-Service (PaaS) cloud computing delivery model offers tools and software to help you in the deployment and management of applications. For example, AWS Elastic Beanstalk is used to deploy a web application on the AWS Cloud, AWS Lambda, which takes a zip file and deploys and runs your function.
Infrastructure-as-a-Service: The Infrastructure-as-a-Service (IaaS) cloud computing delivery model provides virtual servers, virtual storage, and access to networking features.
Function-as-a-Service: Function-as-a-Service (FaaS) cloud computing enables serverless computing by executing code as required to run, for example, in response to an event. Function-as-a-Service (FaaS) cloud computing paradigm frees the developer from managing infrastructure and enables the developer to focus on writing code about implementing business functionality.

Reference:
https://aws.amazon.com/types-of-cloud-computing/
https://aws.amazon.com/lambda/

Question 9:
A startup is considering focusing on the deployment and management of its applications to bring its product in the market sooner as opposed to managing the underlying infrastructure. Which of the following types of cloud computing does this use case represent?
A. Software-as-a-Service (SaaS)
B. Platform-as-a-Service (PaaS)
C. Infrastructure-as-a-Service (IaaS)
D. On-premises

Answer: B

Explanation
Correct Option
Platform-as-a-Service (PaaS): There are three main types of cloud computing: (Infrastructure-as-a-Service) IaaS, Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).

Platform-as-a-Service (PaaS) provides deployment and management-related tools and services. For example, AWS Elastic Beanstalk is used to deploy a web application on the AWS Cloud, AWS Lambda, which takes a zip file and deploys and runs your function. The cloud computing pyramid diagram comes after IaaS, about virtual infrastructure. PaaS deals with the management of underlying infrastructures such as hardware and operating system so that you can focus on deployment and management and building on software applications. You don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or other undifferentiated heavy lifting involved in running your application.
Please review cloud computing types

Screenshot from:
https://aws.amazon.com/types-of-cloud-computing/

Incorrect Options
Software-as-a-Service (SaaS): SaaS type of cloud computing that provides software applications over the Internet. The SaaS provides you with a complete product that is run and managed by the service provider. For example, SalesForce, Office 365 is hosted on a cloud platform, and users can access the software using a web browser. With a SaaS offering, you don’t have to think about how the service is maintained or managed by the underlying infrastructure. You only need to know how you will use that software. Salesforce, Gmail, Office 365, and AWS Rekognition are examples of SaaS.

Infrastructure-as-a-Service (IaaS): Infrastructure-as-a-Service (IaaS) cloud computing delivery model that deals with providing infrastructures such as virtual servers, virtual storage, and virtual network over the Internet. Infrastructure-as-a-Service (IaaS) contains the basic building blocks for cloud IT infrastructure. IaaS gives the highest level of flexibility and management control over IT resources. For example, EC2 and EBS can be classified as IaaS types.

On-premises: When an organization decides on an on-premises data center for its IT infrastructure, it needs to set up, upgrade, and scale the on-premises IT infrastructure. The organization needs to do that by investing in hardware, software, and other services needed to manage and secure data centers and IT infrastructure. Also, the business needs to deploy dedicated IT staff to continuously keep up and manage the on-premises infrastructure.

Reference:
https://aws.amazon.com/types-of-cloud-computing

Question 10:
Which of the following options is considered to be part of the general design principles of AWS Well-Architected Framework when architecting your applications for the Cloud?
A. Build a monolithic application
B. Focus on Automation
C. Security at last
D. Tightly coupled components

Answer: B

Explanation
Correct Option

Focus on Automation:

Screenshot from:
https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html

Incorrect Options
Build a monolithic application: in cloud computing, the typical architecture of deployed applications is loosely coupled microservices.
Security at last: security, at last, is never considered to be good practice in any enterprise application.
Tightly coupled components: in cloud computing, the typical architecture of deployed applications is loosely coupled microservices.

Reference:
https://wa.aws.amazon.com/wellarchitected/2020-07-02T19-33-23/wat.design_principles.wa-dp.en.html

Question 11:

A startup company's DevOps team has implemented a scalable application on the AWS platform. The application maintains its performance as the load increases. The DevOps engineers have implemented Auto-Scaling with Scale-In & Scale-Out features using CloudWatch. The CloudWatch manages the trigger of Scale-In when the load on the application decreases & Scale-Out when the load on the application increases. Which AWS Well-Architected Framework Pillar has been implemented by the DevOps team? (Select Two)
A. Security Pillar
B. Operation Excellence Pillar
C. Cost Optimization Pillar
D. Performance Efficiency Pillar
E. Sustainability Pillar

Answer: B, D

Explanation

Correct Options
Operation Excellence Pillar
Performance Efficiency Pillar

The DevOps team implemented a performant system that maintains the performance even when the load on the application increases. The application utilizes load balancing and auto-scaling with CloudWatch services to launch new instances when the load on the system increases. That way, it controls the overutilization of memory and CPU on any machine. CloudWatch monitors the application and how the load is spread on the different applications and helps trigger new instances and terminate the instances if utilization of CPU & memory (depends on configuration) goes above the configured threshold on the CloudWatch. The scenario implements Operation Excellence (automating monitoring) and Performance Efficiency design principles based on the explanation.

Operation Excellence Pillar: This is CORRECT as CloudWatch service is used in the scenario to monitor different metrics such as CPU and memory utilization — implements anticipating failure design principle – to launch additional instances or terminate instances. Anticipating Failure design principle qualifies the scenario to implement the Operation Excellence Pillar of Well-Architected Framework.

Performance Efficiency Pillar: This is CORRECT as it focuses on the Performance Efficiency Pillar of Well-Architected Framework to maintain the desired performance by monitoring different metrics using CloudWatch to launch additional instances when required to maintain the desired performance.

Incorrect Options
Security Pillar: This is incorrect as the scenario doesn't mention anything related to security.
Cost Optimization Pillar: This is incorrect as the scenario mainly deals with the Operational Excellence and Performance Efficiency Pillar.
Performance Efficiency Pillar: This is incorrect as the scenario mainly deals with Operational Excellence and Performance Efficiency Pillar.

Reference:
https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html

Question 12:
Which of the following AWS services can be used as foundations part of the Reliability pillar of the AWS Well-Architected Framework? (Select Two)
A. AWS CloudTrail
B. AWS Service Quotas
C. Amazon CloudWatch
D. AWS CloudFormation
E. AWS Trusted Advisor

Answer: B, E

Explanation
Correct Options

AWS Service Quotas
AWS Trusted Advisor

Foundations are part of the Reliability pillar of the AWS Well-Architected Framework. AWS states that foundational requirements that influence reliability should be in place before architecting any system. The foundations' services are Amazon VPC, AWS Trusted Advisor, and AWS Service Quotas.

AWS Trusted Advisor analyzes and evaluates your AWS account using checks and provides best practice recommendations. These checks help identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. AWS Trusted Advisor provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, and Service Limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor regularly to help keep your solutions provisioned optimally.

Service Quotas enable you to view and manage your quotas for AWS services from a central location. Quotas, also referred to as limits in AWS, are the maximum values for the resources, actions, and items in your AWS account. Each AWS service defines its quotas and establishes default values for those quotas.

Incorrect Options
AWS CloudTrail: AWS CloudTrail provides auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions. In addition, CloudTrail provides the event history of your AWS account activity, including actions taken through AWS Management.
Amazon CloudWatch: Amazon CloudWatch is an AWS monitoring and observability service. AWS CloudWatch service helps you monitor your applications and resource optimizations, respond to system-wide performance changes and provide a unified view of operation health by providing data and actionable insights. There are many components or features of the CloudWatch service. Amazon CloudWatch is an excellent service for building Resilient systems. If you are looking for resource performance monitoring, events, and alerts – CloudWatch is a go-to service. For example, you can configure a CloudWatch alarm that sends an email message using Amazon SNS when CPU utilization crosses the threshold of 80%.
AWS CloudFormation: AWS CloudFormation enables you to use programming languages or a simple text file to model and provision AWS resources needed for your applications across all Regions and accounts in an automated and secure manner. CloudFormation is a building block service that lets you provision and manages almost any AWS resource using domain-specific language and doesn’t provide out-of-the-box application functionality such as deployments.
• Looking for account-specific activity and audit; think CloudTrail.
• Looking for resource performance monitoring, events, and alerts; think CloudWatch.
• Looking for infrastructure as code; think CloudFormation.

Reference:
https://wa.aws.amazon.com/wat.pillar.reliability.en.html

Question 13:

According to the AWS Shared Responsibility Model, which of the following options is the responsibility of an AWS customer?
A. Physical security of AWS data centers
B. Maintaining AWS global infrastructure servers’ hardware
C. Encryption of objects on S3 buckets
D. Applying patches on RDS OS instances

Answer: C

Explanation
Correct Option
Encryption of objects on S3 buckets: Based on the AWS Shared Responsibility Model, client-side and server-side data encryption are the responsibilities of AWS customers. That being the case, the customer is responsible for the encryption of objects on S3 buckets.

Incorrect Options
Physical security of AWS data centers: Based on the AWS Shared Responsibility Model, the physical security of AWS data centers is the responsibility of AWS.
Maintaining AWS global infrastructure servers’ hardware: Based on AWS Shared Responsibility Model, AWS is responsible for the hardware/global infrastructure.
Applying patches on RDS OS instances: Since RDS is a collection of managed services, in managed services AWS is responsible for managing and maintaining server infrastructure and related software.

Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/

Question 14:
According to the Shared Responsibility Model, which of the followings are both the responsibility of AWS and the customer? (Select Two)
A. Data center security
B. Disposal of disk drives
C. Configuration management
D. Operating system configuration
E. Customer data

Answer: C, D

Explanation
Correct Option

Configuration management
Configuration Management is shared control. Configuration management control applies to both the infrastructure and customer layers but in entirely different contexts. AWS maintains the configuration of devices in its infrastructure. However, the customer is responsible for configuring their own guest operating systems, databases, and applications.

Operating system configuration
The customers are responsible for “Security IN the cloud.” It includes customer data, as well as the guest operating system configuration. OS configuration as a whole is a shared responsibility but be careful: the host OS configuration is the responsibility of AWS, and the guest OS configuration is the responsibility of the customer.

Please review the Shared Responsibility Model in detail as there can be multiple questions on the topic in the exam.

Incorrect Options
Datacenter security: AWS is responsible for “Security of the cloud.” It includes the infrastructure composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Disposal of disk drives: AWS is responsible for “Security of the cloud.” It includes the infrastructure composed of the hardware, software, networking, and facilities that run AWS Cloud services. It also includes the disposal and replacement of disk drives.
Customer data: The customer is responsible for its data.

Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/

 
Question 15:
Which design principles are related to the Security pillar of the Well-Architected framework?
A. Perform operations as code
B. Stop guessing capacity
C. Implement a strong identity foundation
D. Anticipate failure

Answer: C

Explanation
Correct Option

Implement a strong identity foundation:

The Security Pillar of the AWS Well-Architected Framework has the following design principles:
• Implement a strong identity foundation
• Enable traceability
• Apply security best practices
• Protect data in transit and at rest
• Keep people away from data
• Prepare for security events

The Reliability Pillar of the AWS Well-Architected Framework has the following design principles:

• Automatically recover from failure
• Test recover procedures
• Scale horizontally to increase aggregate workload availability
• Stop guessing capacity
• Manage change in automation

The Operational Excellence Pillar of the AWS Well-Architected Framework has the following design principles:

• Perform operations as code
• Make frequent small, reversible change
• Refine operations procedures frequently
• Anticipate failure
• Learn from all operational failures

Incorrect Options
Perform Operation as Code: Perform Operation as Code is the design principle relating to the Operation Excellence pillar.
Stop guessing capacity: Stop guessing capacity is the design principle relating to relating to the Reliability Pillar.
Anticipate Failure: Anticipate Failure is the design principle relating to the Operation Excellence pillar.

References:
https://aws.amazon.com/blogs/apn/the-6-pillars-of-the-aws-well-architected-framework/