AWS Cloud Practitioner Practice Test (CLF-C02)

The media company should use Amazon S3 Intelligent-Tiering, as this storage class is designed for data with unknown or changing access patterns. It automatically moves data to the most cost-effective access tier without performance impact or operational overhead. This will help them save on storage costs after the first month when the images are less likely to be accessed, while still providing immediate access when needed. The other options are not as cost-effective for this use case. Amazon S3 Standard is better for data that is frequently accessed throughout its lifetime. Amazon S3 One Zone-Infrequent Access offers lower storage costs but should be used for data that does not require multiple Availability Zone resilience. Amazon S3 Glacier is used for archival purposes and would not provide the immediate access required by the company during the first month.

With Amazon RDS, the cloud service provider is responsible for the installation, patching, and management of the database software. Managed services like RDS reduce the operational load on the customer by handling routine database maintenance tasks. However, with instances like EC2, the customer is tasked with the complete setup and maintenance of the software stack on the server. Similarly, AWS Lambda abstracts the servers, but the customer is in charge of managing the function's code. Amazon S3 is used for storage and does not involve software management responsibilities.

In the AWS shared responsibility model, AWS is responsible for the security of the cloud, including the infrastructure that runs all the services offered in the AWS Cloud. The customer is responsible for security in the cloud, which includes managing the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS provided firewall (security groups) on each instance. Therefore, applying OS patches and securing the server against unauthorized access are responsibilities of the customer.

Amazon Relational Database Service (Amazon RDS) is the correct answer as it provides a managed service that allows users to operate and scale a relational database in the cloud with ease. It handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair. Amazon Aurora, while also a managed relational database, is a specific type of RDS with a focus on performance and compatibility with MySQL and PostgreSQL. Amazon Redshift is a data warehousing service, Amazon DocumentDB is a document database service that supports MongoDB workloads, and Amazon DynamoDB is a NoSQL database service. Amazon EC2 does not automate database management tasks as it is a service for providing resizable compute capacity in the cloud.

Reserved Instances provide a significant discount compared to On-Demand pricing in exchange for committing to a specific usage (1-year or 3-year term), making them ideal for workloads with predictable usage and the need for reserved capacity. Savings Plans also offer discounts but with more flexibility in usage. Spot Instances are unsuitable for essential, steady workloads due to the possibility of being outbid and terminated. On-Demand Instances are the most flexible but also the most expensive option for long-term, consistent workloads.

DynamoDB does not permit changes to an item's primary key with UpdateItem or any other in-place operation. The correct way to 'rename' a key is to delete the original item (DeleteItem) and then recreate it (PutItem or BatchWriteItem) with the new key value. Primary key immutability applies regardless of whether the table uses a simple partition key or a composite partition-and-sort key. Local and global secondary indexes also cannot be used to alter the underlying key of an item; they merely provide additional query paths. SQL-style ALTER TABLE statements are not supported in DynamoDB.

The correct service for physically transporting large amounts of data is Snowball, which is designed to move data into and out of the cloud using secure appliances, speeding up the migration process for large data sets and circumventing high network costs. DataSync would be less viable for the initial bulk transfer due to networking constraints, Database Migration Service is a continuous replication tool for database workloads, and Direct Connect establishes a dedicated network connection but does not provide a physical data transfer solution.

Automatically recovering from failure means a workload continuously monitors key performance indicators and initiates self-healing actions-such as restarting instances or shifting traffic-whenever thresholds are breached. This minimizes downtime and maintains availability. The other choices are also Well-Architected principles, but they address capacity planning, change management, or security rather than automatic fault recovery.

With a managed service like Amazon RDS, AWS is responsible for the 'security of the cloud'. This includes managing the underlying hardware, the host operating system, and applying patches to the database software. The customer is responsible for 'security in the cloud', which includes tasks like configuring network access controls (such as security groups), managing database user permissions, and defining the data schema. In this scenario, applying security patches to the database software is a key responsibility that AWS manages for the customer, relieving them of operational burden.

AWS Shield is specifically designed to protect against DDoS attacks. It offers two tiers: AWS Shield Standard, which provides automatic protections, and AWS Shield Advanced, which includes additional features for mitigating larger and more sophisticated attacks. Other services like Amazon Inspector and AWS Security Hub are focused on finding vulnerabilities and aggregating security alerts, respectively, but do not provide direct protection against DDoS attacks.

The correct service is Amazon EKS (Elastic Kubernetes Service), as it allows for the deployment, management, and scaling of containerized applications using Kubernetes on AWS without the need for the user to manage the Kubernetes control plane themselves. Amazon ECS (Elastic Container Service) also provides a managed container service but is not specifically tailored for Kubernetes, which is hinted at by the mention of open-source orchestration in the question. AWS Lambda is designed for serverless workloads, not for managing containerized applications with Kubernetes, and launching EC2 instances would require manual setup and management of Kubernetes, contrary to the 'fully managed' aspect mentioned in the question.

Spot Instances are the most suitable option for a workload with variable start times that can be interrupted and seeks to minimize costs, especially in a non-production environment. Spot Instances allow customers to take advantage of unused EC2 capacity at a reduced cost, up to 90% off the On-Demand price, with the caveat that the instances can be reclaimed by AWS with little notice if the capacity is needed elsewhere. This makes them ideal for flexible, interruptible workloads like development and testing. On-Demand Instances are better for workloads requiring immediate and uninterrupted capacity. Reserved Instances and Savings Plans provide cost savings for predictable, steady-state usage, but they come with a commitment, and they aren't typically the best fit for unpredictable, sporadic workloads that can tolerate interruptions.

The best choice for unpredictable and variable traffic with spikes is a compute service that scales automatically without requiring manual intervention for provisioning or managing servers. This is where serverless computing shines, as it abstracts the servers away and automatically adjusts to the traffic. Lambda fits the bill as it automatically manages the underlying compute resources. While EC2 instances can scale, this process is not as immediate or seamless as with Lambda. Fargate provides a serverless container experience, but it still requires some configuration for scaling and does not scale as responsively as Lambda for sudden spikes. ECS on EC2 instances also provides scalability but requires more hands-on management compared to the automatic scaling provided by Lambda.

Infrastructure as code (IaC) is the correct option because it allows for the automated provisioning and management of cloud resources through code, which can be version-controlled and reused. This is beneficial for maintaining consistency across multiple environments. Using the AWS Management Console is not ideal for tasks that need to be replicated or version-controlled, as it is a graphical interface designed for manual operations. Although programmatic access via APIs, SDKs, or CLI can also be automated, they do not inherently provide the same benefits of version control and reusability that are core to IaC.

Amazon S3 (Simple Storage Service) is designed to provide scalable object storage for various purposes including data backup, archiving, and analytics. It offers different storage classes for cost and performance optimization. Amazon EFS (Elastic File System) is suitable for file storage, Amazon FSx for Windows File Server is optimized for Windows-based workloads, and Amazon RDS (Relational Database Service) is not a storage service but rather a managed database solution.

When using Amazon EC2, AWS is responsible for the infrastructure that runs all of the services offered in the AWS Cloud. This includes the hardware, the software that runs the virtualization environment, and the physical security of the data centers. However, the customer is responsible for the security in the cloud, which includes the operating system, applications, and data on the EC2 instances. Therefore, it falls to the customer to ensure that the operating system patches are kept up to date.

The service designed for building conversational agents capable of voice and text interactions is Lex. It uses advanced deep learning to offer automatic speech recognition (ASR) and natural language understanding (NLU), allowing the creation of applications with highly interactive user experiences. SageMaker is more suited to general machine learning model development and training; Kendra provides enterprise search powered by machine learning, and DeepLens is a deep learning-enabled video camera for developing and deploying machine learning models.

The correct service to use is AWS Artifact because it grants on-demand access to the necessary compliance documentation, such as reports for various certifications and third-party attestations that auditors frequently request. This dedicated portal is specifically designed for obtaining AWS-related compliance information. The other options are related to different aspects of cloud services, such as managing accounts or security, but they do not serve as repositories for compliance reports and certifications. While the AWS Compliance Solutions webpage might have relevant information, AWS Artifact is the go-to service for accessing and downloading the actual reports and agreements required for demonstrating compliance.

Amazon Route 53 is the service used to manage domain name system (DNS) traffic in the cloud. It translates domain names into IP addresses, directing user requests to the appropriate resources. CloudFront is a content delivery network (CDN) service, VPC (Virtual Private Cloud) is used for network isolation, and Direct Connect is used for establishing dedicated network connections between the cloud and on-premises environments.

The Performance Efficiency pillar of the AWS Well-Architected Framework is the most relevant to this requirement. This pillar focuses on the efficient use of computing resources to meet system requirements and the ability to maintain that efficiency as demand changes and technologies evolve. Performance efficiency involves selecting appropriate resource types and using features such as auto scaling to adjust capacity up or down in response to load, ensuring the application maintains consistent performance. While the Reliability pillar includes best practices for scaling to prevent availability issues, its primary concern is resiliency. Operational Excellence and Security address different aspects such as operational insights and protecting workloads, respectively.