AWS Cloud Practitioner Practice Test (CLF-C02)

Managed database services, like the offering for relational databases, provide a higher level of managed service by AWS, including tasks such as database setup, patching, and backups, thus offloading these responsibilities from the customer. In contrast, compute services where customers launch their own virtual servers demand the customers to manage operating systems, any installed applications, and potential databases on those virtual servers, which means a higher level of responsibility compared to managed database services.

Amazon Kinesis is the appropriate service for dealing with high-velocity data streams, like customer transactions in real-time. It provides the ability to process and analyze data immediately, which is essential for real-time insights and pattern detection. Amazon Athena is used for querying data stored on Amazon S3 with SQL, which is not ideal for real-time analytics. AWS Glue is a fully managed ETL service that prepares and transforms data for analytics but is not designed for real-time processing. Amazon QuickSight focuses on business intelligence and visualization and does not specialize in data ingestion or real-time analysis.

The best service for meeting the requirements of automated, consistent deployment across multiple environments using codified templates is the Infrastructure as Code service provided by the cloud vendor. This service enables the definition of infrastructure in code format, which can then be used to create and manage cloud resources automatically. It ensures consistency and reduces the chance of human error associated with manual setups. The console, while user-friendly for manual operations, is not designed for automated, templated provisioning. The Command Line Interface facilitates scripting for automation but does not inherently provide templating or state management like the Infrastructure as Code service. Auto Scaling service is primarily used for adjusting resource capacity in response to traffic demands and does not cater to the requirement of environment setup through codification.

Amazon DynamoDB is a NoSQL database that is fully managed, scalable, and designed for high availability and reliability. It can handle millions of read and write requests per second, making it ideal for applications with massive data throughput requirements. While Amazon RDS is also a managed database service, it is more suitable for relational databases rather than NoSQL databases. Amazon ECS and Amazon EKS are container services and not primarily database solutions. This makes Amazon DynamoDB the best choice among the options provided.

AWS Site-to-Site VPN uses two IPsec tunnels over the public internet to connect your on-premises network to AWS Resources. Because it rides on your current internet circuit, you do not have to provision or lease dedicated network hardware or circuits. AWS Direct Connect, in contrast, requires a dedicated physical link. Amazon Kinesis Data Streams and AWS Snowmobile address data-streaming and bulk-data-transfer use cases and do not provide network connectivity between on-premises sites and VPCs.

AWS Lambda is the best fit for these requirements as it is a fully-managed, event-driven compute service that allows functions to be executed in response to HTTP requests through Amazon API Gateway or other trigger sources. Lambda is designed for short-duration, stateless functions, making it ideal for the scenario described. Other services like AWS Fargate and Amazon ECS also support serverless compute strategies, but they are container management services that are more suited for long-running and potentially stateful applications rather than the event-driven, short-lived functions described in the scenario.

AWS Savings Plans offer significant cost savings compared to On-Demand pricing for a commitment of 1 or 3 years, while providing flexibility to switch instance families, sizes, regions, and OS, unlike Reserved Instances which are more restrictive. This makes Savings Plans ideal for long-term steady-state workloads where some level of resource flexibility is needed.

AWS Migration Hub is the best resource for helping a company develop a comprehensive strategy for migrating applications, workloads, and databases to the cloud because it offers a single location to track the progress of application migrations across multiple AWS and partner solutions. While the Well-Architected Tool, Cost Explorer, and Managed Services offer valuable benefits, they do not focus specifically on migration strategy and progress tracking. The Well-Architected Tool helps evaluate and improve workloads but does not track migration progress. Cost Explorer helps with cost management, and Managed Services can manage AWS infrastructure, but neither is designed to develop migration strategies.

The best practice for protecting data stored on the cloud is to use server-side encryption, where the storage service itself encrypts the data before it writes it to disk. For securing data during transfer, the standard approach is to enforce the use of Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols, which is generally achieved by allowing only HTTPS connections to the storage service. This combination will meet the compliance requirements for both data at rest and data in transit encryption.

Using Reserved Instances (RIs) for a steady, predictable application workload is typically the most cost-effective option because it offers significant discounts compared to On-Demand Instances when you commit to a one or three-year term. On-Demand Instances are better suited for unpredictable workloads, and Spot Instances are ideal for flexible workloads that can handle interruptions. Dedicated Hosts are used when you need physical server isolation, which is not necessary for most steady workloads.

To allow instances in a private subnet to initiate outbound traffic to the internet without allowing inbound traffic from the internet, a NAT gateway or a NAT instance can be used. The NAT gateway is a managed service that provides better availability and bandwidth compared to a NAT instance, which is self-managed and runs on a specific EC2 instance type. Internet Gateways are used to provide a target in route tables to allow instances to connect to the internet, but since they allow bidirectional internet access, using them alone would not meet the requirement of keeping instances private. Similarly, a Virtual Private Gateway is used to connect a VPC to an on-premises network via a VPN connection and doesn't facilitate private instances accessing the internet.

In the AWS shared responsibility model, the customer is responsible for the security 'in' the cloud, which includes aspects such as configuring security settings, managing guest OS, and securing applications.

AWS Artifact is AWS's audit-artifact portal. It lets customers download official compliance reports-such as SOC, ISO, and PCI certifications-and manage certain agreements (for example, HIPAA Business Associate Addendum) for a single account or an entire AWS Organizations structure. AWS Trusted Advisor focuses on cost, performance, and security best-practice checks; AWS Security Hub aggregates security findings; and AWS Config records and evaluates configuration changes, but none of these services provide the compliance documentation and agreement management functions of AWS Artifact.

The correct answer is Amazon S3 Standard-Infrequent Access (S3 Standard-IA) because it provides a balance between availability, durability, and cost. It is designed for data that is less frequently accessed but requires rapid access when needed. Since the company frequently accesses the data only within the first 30 days, S3 Standard-IA is cost-effective for long-term storage with infrequent access. Amazon S3 Glacier and Amazon S3 Glacier Deep Archive, while cheaper, are designed for archival purposes and would not provide the rapid access required for the first 30 days. Amazon S3 Standard is designed for frequently accessed data and would be more expensive for the long-term storage where data is rarely accessed after the initial period.

Elasticity is the core characteristic that allows the system to automatically scale resources up to handle viral spikes and scale down to save costs during quiet periods. High availability complements this by ensuring the application is resilient and remains operational even if underlying components fail, thus preventing service interruptions. Together, they provide a robust solution for unpredictable traffic. Durability relates to long-term data protection, not real-time traffic handling. Fixed resource allocation is the opposite of the required flexibility. Global reach addresses user latency through geographic distribution, which is different from handling load variations.