Free & Accurate Amazon AWS Certified Cloud Practitioner Practice Questions | ExamTopics
2023.01.04 - [DevOps/aws] - Amazon AWS Certified Cloud Practitioner Exam Practice Questions | aws 클라우드 프랙티셔너 문제 #1~30
2023.01.04 - [DevOps/aws] - Amazon AWS Certified Cloud Practitioner Exam Practice Questions | aws 클라우드 프랙티셔너 문제 #31~60
#91~100
91. Which AWS service is used to provide encryption for Amazon EBS?
- A. AWS Certificate Manager
- B. AWS Systems Manager
- C. AWS KMS
- D. AWS Config
=> C. AWS KMS
92. Which AWS services make use of global edge locations? (Choose two.)
- A. AWS Fargate
- B. Amazon CloudFront
- C. AWS Global Accelerator
- D. AWS Wavelength
- E. Amazon VPC
=> B,C
aws global accelerator 트래픽을 엣지 로케이션에 할당한다.
AWS 글로벌 인프라의 성능, 보안 및 가용성을 활용하여 Global Accelerator 엣지 로케이션 중 하나에 사용자 트래픽을 온보드할 수 있습니다.
93. A company is operating several factories where it builds products. The company needs the ability to process data, store data, and run applications with local system interdependencies that require low latency.
Which AWS service should the company use to meet these requirements?
- A. AWS IoT Greengrass
- B. AWS Lambda
- C. AWS Outposts
- D. AWS Snowball Edge
=> C. AWS outposts
AWS IoT Greengrass (option A) is a service that enables you to run AWS Lambda functions and keep device data in sync with the cloud, even when the devices are offline. It is not designed for use cases that require low latency and local system interdependencies.
iot grenngrass 는 디바이스의 데이터와 클라우드의 데이터를 싱크 시키는 것
94. Which of the following is a recommended design principle for AWS Cloud architecture?
- A. Design tightly coupled components.
- B. Build a single application component that can handle all the application functionality.
- C. Make large changes on fewer iterations to reduce chances of failure.
- D. Avoid monolithic architecture by segmenting workloads.
=> D.
모놀리식 방식을 피하고 마이크로 서비스 방식이 aws cloud 의 지향점이다.
95. A company is designing its AWS workloads so that components can be updated regularly and so that changes can be made in small, reversible increments.
Which pillar of the AWS Well-Architected Framework does this design support?
- A. Security
- B. Performance efficiency
- C. Operational excellence
- D. Reliability
=> C.
업데이트를 진행해도 오류가 적다. -> 운영 효율이 높아짐
96. Which of the following acts as an instance-level firewall to control inbound and outbound access?
- A. Network access control list
- B. Security groups
- C. AWS Trusted Advisor
- D. Virtual private gateways
=> B. Security groups
인스턴스 단에서의 방화벽, 보안그룹
97. A company has a workload that will run continuously for 1 year. The workload cannot tolerate service interruptions.
Which Amazon EC2 purchasing option will be MOST cost-effective?
- A. All Upfront Reserved Instances
- B. Partial Upfront Reserved Instances
- C. Dedicated Instances
- D. On-Demand Instances
-> A. All Upfront Reserved Instances
98. Which AWS service helps protect against DDoS attacks?
- A. AWS Shield
- B. Amazon Inspector
- C. Amazon GuardDuty
- D. Amazon Detective
=> A. AWS Shield
ddos 공격은 aws shield
99. Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar?
- A. Security
- B. Operational excellence
- C. Performance efficiency
- D. Cost optimization
=> A: to enable traceability, "here are seven design principles for security in the cloud:
Implement a strong identity foundation
Enable traceability
Apply security at all layers
Automate security best practices
Protect data in transit and at rest
Keep people away from data
Prepare for security events"
보안성과 추적성 traceability를 연결하자
100. Which AWS tool or feature acts as a VPC firewall at the subnet level?
- A. Security group
- B. Network ACL
- C. Traffic Mirroring
- D. Internet gateway
=> B. network acl
#101~110
101. Which AWS service can be used to decouple applications?
- A. AWS Config
- B. Amazon Simple Queue Service (Amazon SQS)
- C. AWS Batch
- D. Amazon Simple Email Service (Amazon SES)
=> B
Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS moves data between distributed application components and helps you decouple these components.
sqs 로 서비스를 격리시킨다.
102. Which disaster recovery option is the LEAST expensive?
- A. Warm standby
- B. Multisite
- C. Backup and restore
- D. Pilot light
=> C. Backup and restore
백업이 가장 저렴하다.
103. Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?
- A. Amazon Elastic Block Store (Amazon EBS)
- B. Amazon EC2 instance store
- C. Amazon Elastic File System (Amazon EFS)
- D. Amazon S3
=> B. Amazon EC2 instance store
인스턴스 스토어는 인스터스를 종료하면 꺼진다.
ephemeral : 일시적인
104. Which of the following is a characteristic of the AWS account root user?
- A. The root user is the only user that can be configured with multi-factor authentication (MFA).
- B. The root user is the only user that can access the AWS Management Console.
- C. The root user is the first sign-in identity that is available when an AWS account is created.
- D. The root user has a password that cannot be changed.
= > C. The root user is the first sign-in identity that is available when an AWS account is created.
루트계정은 처음 생성되는 계정
105. A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon
DynamoDB.
What is the MOST operationally efficient solution to delegate permissions?
- A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
- B. Create an IAM user and use its access key and secret access key in the application.
- C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
- D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user.
=> a.
iam role 부여하는거 관련해서 찾아봐야겟다.
106. Which of the following is a component of the AWS Global Infrastructure?
- A. Amazon Alexa
- B. AWS Regions
- C. Amazon Lightsail
- D. AWS Organizations
=> B
107. What is the purpose of having an internet gateway within a VPC?
- A. To create a VPN connection to the VPC
- B. To allow communication between the VPC and the internet
- C. To impose bandwidth constraints on internet traffic
- D. To load balance traffic from the internet across Amazon EC2 instances
=> B
인터넷 게이트웨이 인터넷과 vpc 연결
108. Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand?
- A. Amazon GuardDuty
- B. AWS Security Hub
- C. AWS Artifact
- D. AWS Shield
=> c.
109. A pharmaceutical company operates its infrastructure in a single AWS Region. The company has thousands of VPCs in a various AWS accounts that it wants to interconnect.
Which AWS service or feature should the company use to help simplify management and reduce operational costs?
- A. VPC endpoint
- B. AWS Direct Connect
- C. AWS Transit Gateway
- D. VPC peering
=> C.AWS Transit Gateway
110. A company is planning an infrastructure deployment to the AWS Cloud. Before the deployment, the company wants a cost estimate for running the infrastructure.
Which AWS service or feature can provide this information?
- A. Cost Explorer
- B. AWS Trusted Advisor
- C. AWS Cost and Usage Report
- D. AWS Pricing Calculator
=> D. AWS Pricing Calculator
#111~120
111. Which AWS service of tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?
- A. AWS Identity and Access Management (IAM)
- B. AWS Organizations
- C. Cost Explorer
- D. AWS Budgets
=> B. AWS Organizations
중앙에서 결제 관리
AWS Organizations
112. Which of the following are Amazon Virtual Private Cloud (Amazon VPC) resources?
- A. Objects; access control lists (ACLs)
- B. Subnets; internet gateways
- C. Access policies; buckets
- D. Groups; roles
=> B. Subnets; internet gateways
113. A company needs to identify the last time that a specific user accessed the AWS Management Console.
Which AWS service will provide this information?
- A. Amazon Cognito
- B. AWS CloudTrail
- C. Amazon Inspector
- D. Amazon GuardDuty
=> B. AWS CloudTrail
114. A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon Machine Image (AMI).
Which actions can a system administrator take to connect to the EC2 instance? (Choose two.)
- A. Use Amazon EC2 Instance Connect.
- B. Use a Remote Desktop Protocol (RDP) connection.
- C. Use AWS Batch
- D. Use AWS Systems Manager Session Manager.
- E. Use Amazon Connect
=> A,D
EC2 Instance Connect를 사용한 연결 - Amazon Elastic Compute Cloud
EC2 Instance Connect를 사용한 연결 - Amazon Elastic Compute Cloud
-i를 사용하는 경우 가 지원되지 않습니다.mssh mssh 명령을 사용하여 인스턴스에 연결할 때는 Instance Connect에서 키 페어를 관리하므로 어떤 종류의 ID 파일도 지정할 필요가 없습니다.
docs.aws.amazon.com
다음 지침에서는 EC2 Instance Connect를 사용하여 Linux 인스턴스에 연결하는 방법을 설명합니다.
AWS Systems Manager Session Manager, EC2 인스턴스 쉘 접근을 위한 신규 기능 | Amazon Web Services 한국 블로그
AWS에서는 이미 AWS Systems Manager Run Command를 통해 셸 수준의 액세스에 대한 필요성을 어느 정도 해결한 바 있습니다.
With Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and virtual machines (VMs)
115. A company wants to perform sentiment analysis on customer service email messages that it receives. The company wants to identify whether the customer service engagement was positive or negative.
Which AWS service should the company use to perform this analysis?
- A. Amazon Textract
- B. Amazon Translate
- C. Amazon Comprehend
- D. Amazon Rekognition
=> C. Amazon Comprehend
Amazon Comprehend uses natural language processing (NLP) to extract insights about the content of documents.
amazon comprehend 를 통해서 자연어 분석을 할 수 있다.
116. What is the total amount of storage offered by Amazon S3?
- A. 100MB
- B. 5 GB
- C. 5 TB
- D. Unlimited
=> D. unlimited
객체 하나 최대의 크기가 5tb
117. A company is migrating to Amazon S3. The company needs to transfer 60 TB of data from an on-premises data center to AWS within 10 days.
Which AWS service should the company use to accomplish this migration?
- A. Amazon S3 Glacier
- B. AWS Database Migration Service (AWS DMS)
- C. AWS Snowball
- D. AWS Direct Connect
=> C. AWS Snowball
118. What type of database is Amazon DynamoDB?
- A. In-memory
- B. Relational
- C. Key-value
- D. Graph
=> C. key-value
119. A large organization has a single AWS account.
What are the advantages of reconfiguring the single account into multiple AWS accounts? (Choose two.)
- A. It allows for administrative isolation between different workloads.
- B. Discounts can be applied on a quarterly basis by submitting cases in the AWS Management Console.
- C. Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS accounts will be less expensive.
- D. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account.
- E. Amazon QuickSight offers access to a cost tool that provides application-specific recommendations for environments running in multiple accounts.
=> A,D
It allows for administrative isolation between different workloads.
관리자가 워크로드를 독립 시킴
Having multiple accounts reduces the risks associated with malicious activity targeted at a single account.
단일 계정의 리스크를 줄임.
120. A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an
Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
- A. Security groups
- B. AWS WAF
- C. Network ACLs
- D. AWS Shield
=> B. AWS WAF
SQL 주입 공격 규칙 문 - AWS WAF, AWS Firewall Manager, 및 AWS Shield Advanced (amazon.com)
SQL 주입 공격 규칙 문 - AWS WAF, AWS Firewall Manager, 및 AWS Shield Advanced
이 페이지에 작업이 필요하다는 점을 알려 주셔서 감사합니다. 실망시켜 드려 죄송합니다. 잠깐 시간을 내어 설명서를 향상시킬 수 있는 방법에 대해 말씀해 주십시오.
docs.aws.amazon.com
WAF를 통해 SQL 인젝션을 막을수 있다.