From 68cb908402792b305c36bf065059e7973ac68a7b Mon Sep 17 00:00:00 2001 From: Behrouz Pooladrak Date: Mon, 10 Nov 2025 22:44:27 +0100 Subject: [PATCH] update content --- .../seeds/courses/aws-cloud-practitioner.ts | 3450 ++++++++++++----- 1 file changed, 2567 insertions(+), 883 deletions(-) diff --git a/scripts/seeds/courses/aws-cloud-practitioner.ts b/scripts/seeds/courses/aws-cloud-practitioner.ts index 8a6031d..2b41049 100644 --- a/scripts/seeds/courses/aws-cloud-practitioner.ts +++ b/scripts/seeds/courses/aws-cloud-practitioner.ts @@ -11,1770 +11,3454 @@ export const awsCloudPractitionerCourse: CourseSeed = { duration: "2-3 hours", units: [ { - title: "Cloud Concepts", - description: "Learn AWS Cloud fundamentals and value proposition", + title: "Core AWS Foundations", + description: "Explore the value of the AWS Cloud, core compute patterns, and the global infrastructure that underpins every workload.", order: 1, lessons: [ { - title: "What is Cloud Computing?", + title: "Cloud Fundamentals & Value", order: 1, challenges: [ { type: "SELECT", order: 1, - question: "What is Cloud Computing?", - hint: "Contrast AWS’s ability to hand you infrastructure instantly with the effort of building out your own server room.", + question: + "AWS allows users to manage their resources using a web-based user interface. What is the name of this interface?", + hint: "Think about the point-and-click console you reach through a browser rather than a command line.", options: [ { - text: "On-demand delivery of IT resources over the internet", - correct: true, - guide: - "Correct: Cloud computing is exactly about requesting compute, storage, or databases when you need them instead of buying hardware up front.", + text: "AWS CLI", + guide: "The AWS CLI is a command-line utility, not the graphical experience referenced in the question.", }, { - text: "A physical data center you own", - guide: - "Owning a data center means you still handle power, cooling, and maintenance, which the lesson highlighted as work AWS removes for you.", + text: "AWS API", + guide: "APIs let you script calls, but the prompt highlights a visual interface for humans.", }, { - text: "Software installed on your computer", + text: "AWS SDK", + guide: "SDKs are developer toolkits, whereas the question calls out the managed web console.", + }, + { + text: "AWS Management Console", + correct: true, guide: - "Local installs serve a single machine, but the lesson focused on managed services you reach over the network from anywhere.", + "Correct: The AWS Management Console is the browser-based UI customers use to configure and monitor resources.", }, ], }, { - type: "ASSIST", + type: "SELECT", order: 2, - question: "Complete: Cloud computing provides ____ access to IT resources", - hint: "Remember how the lesson emphasized scaling up the moment demand appears instead of waiting for procurement.", + question: "What are the benefits of having infrastructure hosted in AWS? (Choose TWO)", + hint: "Revisit how AWS increases agility while sharing responsibility for physical protection.", options: [ { - text: "on-demand", + text: "Increasing speed and agility", correct: true, guide: - "Correct: “On-demand” captures the instant availability of resources that AWS advertises across its services.", + "Correct: AWS lets teams provision resources in minutes, dramatically improving speed and agility.", }, { - text: "scheduled", + text: "There is no need to worry about security", guide: - "If you have to wait for a schedule, you lose the agility the lesson highlighted, so this doesn’t fit.", + "Customers still secure their data, identities, and configurations, so security remains a shared responsibility.", }, { - text: "limited", + text: "Gaining complete control over the physical infrastructure", guide: - "Elastic capacity is a core promise of AWS, so calling the access “limited” contradicts the point of the unit.", + "In the cloud you trade physical control for managed facilities, which is why this option is inaccurate.", }, - ], - }, - { - type: "TRUE_FALSE", - order: 3, - question: "Cloud computing eliminates the need for physical data centers completely.", - hint: "Even when you stop buying servers, someone still has to run the hardware that powers the cloud.", - options: [ { - text: "True", + text: "Operating applications on behalf of customers", guide: - "AWS still operates massive facilities worldwide; the need for hardware doesn’t disappear, it just shifts away from the customer.", + "AWS manages the platform, but customers still run and operate their own applications.", }, { - text: "False", + text: "All of the physical security and most of the data/network security are taken care of for you", correct: true, guide: - "Correct: Customers no longer own the buildings, but AWS still runs the data centers that make every managed service possible.", + "Correct: AWS secures the facilities, hardware, and much of the network stack so you can focus higher up.", }, ], }, { - type: "TEXT_INPUT", - order: 4, - question: "What does AWS stand for? (Type the full name)", - correctAnswer: "Amazon Web Services", - hint: "Spell out the same Amazon-branded name you see on the console banner and in certification titles.", - }, - { - type: "IMAGE_SELECT", - order: 6, - question: "Which image represents the AWS cloud icon?", - hint: "Look for the white “AWS” letters with the orange Amazon smile swoosh underneath.", + type: "SELECT", + order: 3, + question: "Which of the following does NOT belong to the AWS Cloud Computing models?", + hint: "Recall the three standard service models that appear in every cloud fundamentals slide.", options: [ { - text: "AWS Cloud Icon", - imageSrc: "/aws-cloud-icon.png", - correct: true, + text: "Platform as a Service (PaaS)", guide: - "Correct: The Amazon wordmark plus the orange swoosh is AWS’s official branding.", + "PaaS is one of the traditional cloud service models alongside IaaS and SaaS.", + }, + { + text: "Infrastructure as a Service (IaaS)", + guide: "IaaS, such as Amazon EC2, is a core cloud model, so it belongs on the list.", }, { - text: "Microsoft Azure Icon", - imageSrc: "/azure-icon.png", - guide: "Azure’s stylized blue “A” belongs to Microsoft’s cloud, not AWS.", + text: "Software as a Service (SaaS)", + guide: "SaaS offerings sit at the top of the cloud service stack, so they are valid cloud models.", }, { - text: "Google Cloud Icon", - imageSrc: "/gcp-icon.png", + text: "Networking as a Service (NaaS)", + correct: true, guide: - "The multicolored cloud represents Google Cloud Platform, so it isn’t the AWS icon.", + "Correct: NaaS is not one of the canonical AWS cloud computing models presented in the exam outline.", }, ], }, { - type: "LISTENING", - order: 7, + type: "SELECT", + order: 4, question: - "Listen to the audio introduction about AWS compute services. Which service is being described for running virtual machines?", - audioSrc: "/audio/aws-intro.mp3", - hint: "The narration mentioned choosing instance types, AMIs, and operating systems—think about which service offers that level of control.", + "Which of the following is one of the benefits of moving infrastructure from an on-premises data center to AWS?", + hint: "Focus on how pay-as-you-go cloud models treat capital expenses.", options: [ { - text: "Amazon S3 - Simple Storage Service", - guide: - "S3 stores objects and never boots operating systems, so it can’t be the VM-focused service from the clip.", + text: "Free support for all enterprise customers", + guide: "Support tiers are selectable add-ons, so moving to AWS does not automatically grant free premium help.", }, { - text: "Amazon EC2 - Elastic Compute Cloud", - correct: true, + text: "Automatic data protection", guide: - "Correct: EC2 hands you full control of virtual machines, matching every detail in the audio description.", + "AWS offers tools for protection, but customers still configure backups and controls themselves.", }, { - text: "AWS Lambda - Serverless Computing", + text: "Reduced Capital Expenditure (CapEx)", + correct: true, guide: - "Lambda runs short-lived functions without provisioning servers, so it doesn’t align with the VM discussion.", + "Correct: Cloud shifts you from large upfront purchases to operating expenses aligned with usage.", }, { - text: "Amazon RDS - Relational Database Service", + text: "AWS holds responsibility for managing customer applications", guide: - "RDS manages database engines rather than general-purpose operating systems, so it isn’t the service highlighted.", + "Customers continue to own their applications and data, even when running them on AWS infrastructure.", }, ], }, { - type: "SPEECH_INPUT", - order: 8, - question: - "Speak the full name of the AWS compute service that provides virtual machines in the cloud:", - correctAnswer: "Amazon Elastic Compute Cloud", - hint: "Say the complete name behind the EC2 acronym that appeared throughout the compute discussion.", - }, - { - type: "VIDEO", - order: 9, - question: - "Watch this video about AWS Global Infrastructure and answer: How many Availability Zones does AWS have?", - videoSrc: - "https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/BigBuckBunny.mp4", - hint: "Listen for the narrator mentioning that AWS has grown beyond eighty Availability Zones across the globe.", + type: "SELECT", + order: 5, + question: "What are two advantages of using Cloud Computing over traditional data centers? (Choose TWO)", + hint: "Think about architectural flexibility and resilience improvements that come with AWS.", options: [ { - text: "50-100", + text: "Reserved compute capacity", + guide: + "While reservations exist, they are optional purchasing models rather than inherent cloud advantages.", + }, + { + text: "Eliminating Single Points of Failure (SPOFs)", + correct: true, guide: - "AWS surpassed fifty zones some time ago, so this range undershoots the figure given in the video.", + "Correct: The global, redundant design of AWS makes it easier to remove single points of failure.", }, { - text: "80+", + text: "Distributed infrastructure", correct: true, guide: - "Correct: The video cited a footprint just over eighty Availability Zones, matching AWS’s published number.", + "Correct: AWS gives you access to a vast distributed infrastructure without building it yourself.", }, { - text: "100-150", + text: "Virtualized compute resources", guide: - "Triple-digit counts are coming, but the narrator called out a number smaller than one hundred.", + "Virtualization also exists on-premises, so it is not a unique cloud advantage.", }, { - text: "200+", + text: "Dedicated hosting", guide: - "Two hundred zones would imply far more AWS regions than currently exist, so this exaggerates the current reach.", + "Dedicated hardware can be used in any environment, so it does not define the cloud value proposition.", }, ], }, ], }, { - title: "Benefits of AWS Cloud", + title: "Compute & Scaling Basics", order: 2, challenges: [ { type: "SELECT", order: 1, - question: "What is a key benefit of AWS Cloud?", + question: "Which of the following is an example of horizontal scaling in the AWS Cloud?", + hint: "Horizontal scaling focuses on adding more nodes of the same size instead of making one server bigger.", options: [ { - text: "Pay-as-you-go pricing", - correct: true, + text: "Replacing an existing EC2 instance with a larger, more powerful one", guide: - 'Correct: Pay-as-you-go pricing matches the Key Benefit Aws Cloud behavior highlighted in "Benefits of AWS Cloud".', + "That is vertical scaling because it grows a single instance rather than adding peers.", }, { - text: "Requires large upfront investment", + text: "Increasing the compute capacity of a single EC2 instance to address the growing demands of an application", guide: - 'This assumes Requires large upfront investment, but "Benefits of AWS Cloud" showed Key Benefit Aws Cloud behaves differently, so this isn’t the best choice.', + "Boosting one instance still counts as vertical, not horizontal, scaling.", + }, + { + text: "Adding more RAM capacity to an EC2 instance", + guide: "Memory upgrades change one server's size, so they are vertical actions.", }, { - text: "Limited scalability", + text: "Adding more EC2 instances of the same size to handle an increase in traffic", + correct: true, guide: - 'This assumes Limited scalability, but "Benefits of AWS Cloud" showed Key Benefit Aws Cloud behaves differently, so this isn’t the best choice.', + "Correct: Horizontal scaling spreads load across additional, similarly sized instances.", }, ], - hint: 'Think back to "Benefits of AWS Cloud" and how it framed Key Benefit Aws Cloud. Apply the same reasoning here.', }, { - type: "DRAG_DROP", + type: "SELECT", order: 2, - question: "Order the benefits from immediate to strategic impact:", + question: + "Adjusting compute capacity dynamically to reduce cost is an implementation of which AWS cloud best practice?", + hint: "Remember the pillar that keeps resources elastic instead of fixed.", options: [ { - text: "Elastic scalability", - order: 1, - guide: - 'This assumes Elastic scalability, but "Benefits of AWS Cloud" showed Order Benefits From Immediate behaves differently, so this isn’t the best choice.', + text: "Build security in every layer", + guide: "Security is critical, but it is not the best practice tied to dynamic capacity.", }, { - text: "Global reach", - order: 2, + text: "Parallelize tasks", guide: - 'This assumes Global reach, but "Benefits of AWS Cloud" showed Order Benefits From Immediate behaves differently, so this isn’t the best choice.', + "Parallelization improves throughput, yet the prompt is focused on scaling resources with demand.", }, { - text: "Cost optimization", - order: 3, + text: "Implement elasticity", + correct: true, guide: - 'This assumes Cost optimization, but "Benefits of AWS Cloud" showed Order Benefits From Immediate behaves differently, so this isn’t the best choice.', + "Correct: Elasticity is all about matching capacity to demand in near real time.", }, { - text: "Innovation speed", - order: 4, + text: "Adopt monolithic architecture", guide: - 'This assumes Innovation speed, but "Benefits of AWS Cloud" showed Order Benefits From Immediate behaves differently, so this isn’t the best choice.', + "Monoliths are harder to scale dynamically, so they do not reflect AWS best practices.", }, ], - hint: 'Think back to "Benefits of AWS Cloud" and how it framed Order Benefits From Immediate. Apply the same reasoning here.', }, { - type: "TRUE_FALSE", + type: "SELECT", order: 3, question: - "AWS automatically provisions capacity ahead of demand, so you never have to scale services yourself.", + "One of the most important AWS best practices is the cloud architecture principle of elasticity. How does this principle improve your architecture's design?", + hint: "Listen for wording about automatic provisioning when demand changes.", options: [ { - text: "True", + text: "By automatically scaling your on-premises resources based on changes in demand", + guide: "The statement is about AWS resources, not on-premises assets.", + }, + { + text: "By automatically scaling your AWS resources using an Elastic Load Balancer", guide: - 'This assumes True, but "Benefits of AWS Cloud" showed Aws Automatically Provisions Capacity behaves differently, so this isn’t the best choice.', + "Load Balancers distribute traffic but do not provision instances by themselves.", }, { - text: "False", + text: "By reducing interdependencies between application components wherever possible", + guide: "That describes decoupling, not elasticity.", + }, + { + text: "By automatically provisioning the required AWS resources based on changes in demand", correct: true, guide: - 'Correct: False matches the Aws Automatically Provisions Capacity behavior highlighted in "Benefits of AWS Cloud".', + "Correct: Elastic designs scale resources up or down automatically as demand shifts.", }, ], - hint: 'Think back to "Benefits of AWS Cloud" and how it framed Aws Automatically Provisions Capacity. Apply the same reasoning here.', }, { - type: "TEXT_INPUT", + type: "SELECT", order: 4, question: - "Fill in the blank: AWS allows you to trade capital expense for ______ expense.", - correctAnswer: "operational", - hint: 'Think back to "Benefits of AWS Cloud" and how it framed Blank Aws Allows You. Apply the same reasoning here.', - }, - ], - }, - { - title: "Cloud Architecture", - order: 3, - challenges: [ - { - type: "SELECT", - order: 1, - question: 'What does "elasticity" mean in cloud computing?', + "A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications automatically add or remove EC2 compute capacity to closely match demand?", + hint: "Think about the service that grows or shrinks EC2 fleets automatically.", options: [ { - text: "Ability to scale resources up or down based on demand", - correct: true, + text: "AWS Elastic Load Balancer", guide: - 'Correct: Ability to scale resources up or down based on demand matches the Elasticity Mean Cloud Computing behavior highlighted in "Cloud Architecture".', + "Load balancers distribute traffic but do not change the number of instances running.", }, { - text: "Fixed resource allocation", - guide: - 'This assumes Fixed resource allocation, but "Cloud Architecture" showed Elasticity Mean Cloud Computing behaves differently, so this isn’t the best choice.', + text: "AWS Budgets", + guide: "Budgets send alerts, whereas the question asks for automated scaling.", }, { - text: "Manual server provisioning", + text: "AWS Auto Scaling", + correct: true, guide: - 'This assumes Manual server provisioning, but "Cloud Architecture" showed Elasticity Mean Cloud Computing behaves differently, so this isn’t the best choice.', + "Correct: Auto Scaling adjusts EC2 capacity automatically in response to load.", + }, + { + text: "AWS Cost Explorer", + guide: "Cost Explorer visualizes spend but cannot start or stop instances on your behalf.", }, ], - hint: 'Use the example from "Cloud Architecture" about Elasticity Mean Cloud Computing to guide your answer.', }, { type: "SELECT", - order: 2, - question: "Which AWS service helps decouple application tiers?", + order: 5, + question: "Which of the following AWS services can be used as a compute resource? (Choose TWO)", + hint: "Look for services that run your code rather than store or monitor data.", options: [ { - text: "Amazon SQS", - correct: true, - guide: - 'Correct: Amazon SQS matches the Aws Service Helps Decouple behavior highlighted in "Cloud Architecture".', + text: "Amazon VPC", + guide: "VPC provides networking, not compute capacity.", }, { - text: "Amazon RDS", - guide: - 'This assumes Amazon RDS, but "Cloud Architecture" showed Aws Service Helps Decouple behaves differently, so this isn’t the best choice.', + text: "Amazon CloudWatch", + guide: "CloudWatch observes resources instead of executing workloads.", }, { text: "Amazon S3", - guide: - 'This assumes Amazon S3, but "Cloud Architecture" showed Aws Service Helps Decouple behaves differently, so this isn’t the best choice.', - }, - ], - hint: 'Use the example from "Cloud Architecture" about Aws Service Helps Decouple to guide your answer.', - }, - { - type: "ASSIST", - order: 3, - question: "Complete: A well-architected system is designed for ______ failures.", - options: [ - { - text: "automatic", - guide: - 'This assumes automatic, but "Cloud Architecture" showed Well Architected System Designed behaves differently, so this isn’t the best choice.', + guide: "S3 is an object store, so it is not a compute service.", }, { - text: "planned", + text: "Amazon EC2", correct: true, guide: - 'Correct: planned matches the Well Architected System Designed behavior highlighted in "Cloud Architecture".', + "Correct: EC2 supplies virtual machines that you control at the operating-system level.", }, { - text: "rare", + text: "AWS Lambda", + correct: true, guide: - 'This assumes rare, but "Cloud Architecture" showed Well Architected System Designed behaves differently, so this isn’t the best choice.', + "Correct: Lambda runs code without the need to provision servers, making it a compute option.", }, ], - hint: 'Use the example from "Cloud Architecture" about Well Architected System Designed to guide your answer.', }, ], }, { - title: "AWS Global Infrastructure", - order: 4, + title: "Global Infrastructure & Networking", + order: 3, challenges: [ { type: "SELECT", order: 1, - question: "What is an AWS Region?", + question: + "A company has developed an eCommerce web application in AWS. What should they do to ensure that the application has the highest level of availability?", + hint: "Consider how you avoid regional outages for a customer-facing workload.", options: [ { - text: "A geographical area with multiple Availability Zones", - correct: true, + text: "Deploy the application across multiple Availability Zones and Edge locations", guide: - 'Correct: A geographical area with multiple Availability Zones matches the Aws Region behavior highlighted in "AWS Global Infrastructure".', + "Edge locations accelerate content but do not replace full regional deployments.", + }, + { + text: "Deploy the application across multiple Availability Zones and subnets", + guide: "Multi-AZ helps, but staying in one region still leaves a regional single point of failure.", }, { - text: "A single data center", + text: "Deploy the application across multiple Regions and Availability Zones", + correct: true, guide: - 'This assumes A single data center, but "AWS Global Infrastructure" showed Aws Region behaves differently, so this isn’t the best choice.', + "Correct: Spreading the stack across Regions and AZs delivers the highest availability.", }, { - text: "A subnet within a VPC", + text: "Deploy the application across multiple VPC's and subnets", guide: - 'This assumes A subnet within a VPC, but "AWS Global Infrastructure" showed Aws Region behaves differently, so this isn’t the best choice.', + "Multiple VPCs in one region do not mitigate regional disruptions.", }, ], - hint: 'Think back to "AWS Global Infrastructure" and how it framed Aws Region. Apply the same reasoning here.', }, { type: "SELECT", order: 2, - question: "What is an Availability Zone?", + question: + "A Japanese company hosts applications on Amazon EC2 instances in the Tokyo Region. US users complain of high latency. What can the company do to reduce latency for the users in the US while minimizing costs?", + hint: "The quickest fix is to run the workload closer to the new audience.", options: [ { - text: "One or more discrete data centers with redundant power and networking", - correct: true, + text: "Applying the Amazon Route 53 latency-based routing policy", guide: - 'Correct: One or more discrete data centers with redundant power and networking matches the Availability Zone behavior highlighted in "AWS Global Infrastructure".', + "Latency-based routing still requires endpoints in or near the US to be effective.", }, { - text: "A region", + text: "Registering a new US domain name to serve the users in the US", + guide: "Domain names do not change where the workload runs, so latency would remain high.", + }, + { + text: "Building a new data center in the US and implementing a hybrid model", guide: - 'This assumes A region, but "AWS Global Infrastructure" showed Availability Zone behaves differently, so this isn’t the best choice.', + "Owning new facilities increases cost and contradicts the goal of minimizing expense.", }, { - text: "An edge location", + text: "Deploying new Amazon EC2 instances in a Region located in the US", + correct: true, guide: - 'This assumes An edge location, but "AWS Global Infrastructure" showed Availability Zone behaves differently, so this isn’t the best choice.', + "Correct: Running additional EC2 capacity in a US Region brings the workload closer to US users.", }, ], - hint: 'Think back to "AWS Global Infrastructure" and how it framed Availability Zone. Apply the same reasoning here.', }, { - type: "TRUE_FALSE", + type: "SELECT", order: 3, - question: "Edge locations are only used for caching static content.", + question: "What does Amazon CloudFront use to distribute content to global users with low latency?", + hint: "CloudFront's speed boost comes from where it caches content.", options: [ { - text: "True", - guide: - 'This assumes True, but "AWS Global Infrastructure" showed Edge Locations Only Used behaves differently, so this isn’t the best choice.', + text: "AWS Global Accelerator", + guide: "Global Accelerator optimizes traffic routing but is a separate service from CloudFront.", + }, + { + text: "AWS Regions", + guide: "Regions host origin services, while CloudFront relies on a different footprint for caching.", }, { - text: "False", + text: "AWS Edge Locations", correct: true, guide: - 'Correct: False matches the Edge Locations Only Used behavior highlighted in "AWS Global Infrastructure".', + "Correct: CloudFront serves content from edge locations located near end users.", + }, + { + text: "AWS Availability Zones", + guide: + "Availability Zones host your origin resources, but CloudFront caches assets at the edge.", }, ], - hint: 'Think back to "AWS Global Infrastructure" and how it framed Edge Locations Only Used. Apply the same reasoning here.', }, { - type: "DRAG_DROP", + type: "SELECT", order: 4, - question: - "Place the global infrastructure components from smallest to largest scope:", + question: "Which service provides DNS in the AWS cloud?", + hint: "Think of the managed DNS service that can also register domains and provide routing policies.", options: [ { - text: "Availability Zone", - order: 1, - guide: - 'This assumes Availability Zone, but "AWS Global Infrastructure" showed Place Global Infrastructure Components behaves differently, so this isn’t the best choice.', + text: "Route 53", + correct: true, + guide: "Correct: Amazon Route 53 is AWS's scalable DNS service.", }, { - text: "Region", - order: 2, - guide: - 'This assumes Region, but "AWS Global Infrastructure" showed Place Global Infrastructure Components behaves differently, so this isn’t the best choice.', + text: "AWS Config", + guide: "AWS Config tracks configuration changes, not DNS records.", }, { - text: "Geographic Area", - order: 3, - guide: - 'This assumes Geographic Area, but "AWS Global Infrastructure" showed Place Global Infrastructure Components behaves differently, so this isn’t the best choice.', + text: "Amazon CloudFront", + guide: "CloudFront distributes content but is not a DNS resolver.", }, { - text: "Global Network", - order: 4, - guide: - 'This assumes Global Network, but "AWS Global Infrastructure" showed Place Global Infrastructure Components behaves differently, so this isn’t the best choice.', + text: "Amazon EMR", + guide: "EMR is a big data service unrelated to DNS.", }, ], - hint: 'Think back to "AWS Global Infrastructure" and how it framed Place Global Infrastructure Components. Apply the same reasoning here.', }, - ], - }, - { - title: "Cloud Economics", - order: 5, - challenges: [ { type: "SELECT", - order: 1, + order: 5, question: - "Which pricing model provides the deepest discount for steady-state workloads?", + "What is the AWS service that provides a virtual network dedicated to your AWS account?", + hint: "You create subnets, route tables, and gateways inside this networking construct.", options: [ { - text: "Reserved Instances", - correct: true, - guide: - 'Correct: Reserved Instances matches the Pricing Model Provides Deepest behavior highlighted in "Cloud Economics".', + text: "AWS VPN", + guide: "VPN connects networks but does not define the private network itself.", }, { - text: "On-Demand Instances", - guide: - 'This assumes On-Demand Instances, but "Cloud Economics" showed Pricing Model Provides Deepest behaves differently, so this isn’t the best choice.', + text: "AWS Subnets", + guide: "Subnets are components inside a larger virtual network, not the overall service.", }, { - text: "Spot Instances", + text: "AWS Dedicated Hosts", + guide: "Dedicated Hosts are compute purchasing options, not networking constructs.", + }, + { + text: "Amazon VPC", + correct: true, guide: - 'This assumes Spot Instances, but "Cloud Economics" showed Pricing Model Provides Deepest behaves differently, so this isn’t the best choice.', + "Correct: Amazon Virtual Private Cloud lets you carve out an isolated network in AWS.", }, ], - hint: 'Remember the pattern you practiced in "Cloud Economics"—it explained how Pricing Model Provides Deepest works within AWS.', }, + ], + }, + { + title: "Storage & Data Protection", + order: 4, + challenges: [ { - type: "TRUE_FALSE", - order: 2, - question: "AWS pricing includes charges for data transfer into the cloud.", + type: "SELECT", + order: 1, + question: "What should you do in order to keep the data on EBS volumes safe? (Choose TWO)", + hint: "Combine point-in-time backups with encryption to protect block storage.", options: [ { - text: "True", + text: "Regularly update firmware on EBS devices", guide: - 'This assumes True, but "Cloud Economics" showed Aws Pricing Includes Charges behaves differently, so this isn’t the best choice.', + "You do not manage AWS-managed hardware, so firmware updates are not your responsibility.", }, { - text: "False", + text: "Create EBS snapshots", correct: true, guide: - 'Correct: False matches the Aws Pricing Includes Charges behavior highlighted in "Cloud Economics".', + "Correct: Snapshots capture point-in-time copies so you can restore data quickly.", }, - ], - hint: 'Remember the pattern you practiced in "Cloud Economics"—it explained how Aws Pricing Includes Charges works within AWS.', - }, - { - type: "ASSIST", - order: 3, - question: "Fill the blank: AWS Cost Explorer helps you understand your ____ trends.", - options: [ { - text: "budget", + text: "Ensure that EBS data is encrypted at rest", + correct: true, guide: - 'This assumes budget, but "Cloud Economics" showed Blank Aws Cost Explorer behaves differently, so this isn’t the best choice.', + "Correct: Enabling encryption protects your block data from unauthorized access.", }, { - text: "cost", - correct: true, + text: "Store a backup daily in an external drive", guide: - 'Correct: cost matches the Blank Aws Cost Explorer behavior highlighted in "Cloud Economics".', + "Copying data to on-premises drives is not required when AWS snapshots are already available.", }, { - text: "ticket", + text: "Prevent any unauthorized access to AWS data centers", guide: - 'This assumes ticket, but "Cloud Economics" showed Blank Aws Cost Explorer behaves differently, so this isn’t the best choice.', + "Physical security of data centers is handled by AWS under the shared responsibility model.", }, ], - hint: 'Remember the pattern you practiced in "Cloud Economics"—it explained how Blank Aws Cost Explorer works within AWS.', }, { - type: "TEXT_INPUT", - order: 4, - question: "Name the AWS service used to set up automatic billing alerts.", - correctAnswer: "AWS Budgets", - hint: 'Remember the pattern you practiced in "Cloud Economics"—it explained how Aws Service Used Set works within AWS.', - }, - { - type: "DRAG_DROP", - order: 5, - question: "Arrange the cost-optimization process in the recommended order:", + type: "SELECT", + order: 2, + question: + "The identification process of an online financial services company requires storing recorded interviews for long-term retention. What is the most cost-effective service to store the recorded videos?", + hint: "Pick the deep archive storage class meant for compliance data you rarely retrieve.", options: [ { - text: "Visibility and reporting", - order: 1, + text: "S3 Intelligent-Tiering", guide: - 'This assumes Visibility and reporting, but "Cloud Economics" showed Arrange Cost Optimization Process behaves differently, so this isn’t the best choice.', + "Intelligent-Tiering balances frequent and infrequent access, but deep archives are cheaper for rarely accessed files.", }, { - text: "Right-size resources", - order: 2, - guide: - 'This assumes Right-size resources, but "Cloud Economics" showed Arrange Cost Optimization Process behaves differently, so this isn’t the best choice.', + text: "AWS Marketplace", + guide: "Marketplace is a catalog of software, not a storage service.", }, { - text: "Purchase commitment", - order: 3, + text: "Amazon S3 Glacier Deep Archive", + correct: true, guide: - 'This assumes Purchase commitment, but "Cloud Economics" showed Arrange Cost Optimization Process behaves differently, so this isn’t the best choice.', + "Correct: S3 Glacier Deep Archive offers the lowest-cost object storage for long-term retention.", }, { - text: "Optimize over time", - order: 4, - guide: - 'This assumes Optimize over time, but "Cloud Economics" showed Arrange Cost Optimization Process behaves differently, so this isn’t the best choice.', + text: "Amazon EBS", + guide: "EBS is for actively used block storage and is far more expensive than archival S3 tiers.", }, ], - hint: 'Remember the pattern you practiced in "Cloud Economics"—it explained how Arrange Cost Optimization Process works within AWS.', }, - ], - }, - ], - }, - { - title: "Security & Compliance", - description: "Master AWS security and compliance concepts", - order: 2, - lessons: [ - { - title: "Shared Responsibility Model", - order: 1, - challenges: [ { type: "SELECT", - order: 1, - question: "Who is responsible for patching the guest OS on EC2?", + order: 3, + question: "Which service provides object-level storage in AWS?", + hint: "Think of the service that stores data as objects inside buckets.", options: [ { - text: "Customer", - correct: true, - guide: - 'Correct: Customer matches the Who Responsible Patching Guest behavior highlighted in "Shared Responsibility Model".', + text: "Amazon EBS", + guide: "EBS exposes block volumes, not object storage.", }, { - text: "AWS", - guide: - 'This assumes AWS, but "Shared Responsibility Model" showed Who Responsible Patching Guest behaves differently, so this isn’t the best choice.', + text: "Amazon Instance Store", + guide: "Instance Store offers ephemeral block storage attached to EC2 instances.", + }, + { + text: "Amazon EFS", + guide: "EFS is a managed file system, not an object store.", }, { - text: "Both AWS and Customer", + text: "Amazon S3", + correct: true, guide: - 'This assumes Both AWS and Customer, but "Shared Responsibility Model" showed Who Responsible Patching Guest behaves differently, so this isn’t the best choice.', + "Correct: Amazon Simple Storage Service (S3) provides object-level storage.", }, ], - hint: 'Think back to "Shared Responsibility Model" and how it framed Who Responsible Patching Guest. Apply the same reasoning here.', }, { type: "SELECT", - order: 2, - question: "What is AWS responsible for in the Shared Responsibility Model?", + order: 4, + question: "Which S3 storage class is best for data with unpredictable access patterns?", + hint: "This class automatically moves objects between tiers when access changes.", options: [ { - text: "Physical security of data centers", + text: "Amazon S3 Intelligent-Tiering", correct: true, guide: - 'Correct: Physical security of data centers matches the Aws Responsible Shared Responsibility behavior highlighted in "Shared Responsibility Model".', + "Correct: Intelligent-Tiering optimizes costs for data with unknown or changing access patterns.", + }, + { + text: "Amazon S3 Glacier Flexible Retrieval", + guide: + "Glacier tiers are optimized for archive workloads, not unpredictable daily access.", }, { - text: "Customer data encryption", + text: "Amazon S3 Standard", guide: - 'This assumes Customer data encryption, but "Shared Responsibility Model" showed Aws Responsible Shared Responsibility behaves differently, so this isn’t the best choice.', + "Standard works for frequent access but may cost more if usage drops unexpectedly.", }, { - text: "Application-level security", + text: "Amazon S3 Standard-Infrequent Access", guide: - 'This assumes Application-level security, but "Shared Responsibility Model" showed Aws Responsible Shared Responsibility behaves differently, so this isn’t the best choice.', + "S3 Standard-IA assumes you infrequently access the data; unpredictable workloads benefit from Intelligent-Tiering.", }, ], - hint: 'Think back to "Shared Responsibility Model" and how it framed Aws Responsible Shared Responsibility. Apply the same reasoning here.', }, { - type: "TRUE_FALSE", - order: 3, - question: "Customers are responsible for configuring security groups.", + type: "SELECT", + order: 5, + question: "Your company is designing a new application that will store and retrieve photos and videos. Which service should you recommend as the underlying storage mechanism?", + hint: "Choose the durable, infinitely scalable object store for media content.", options: [ { - text: "True", + text: "Amazon EBS", + guide: "EBS is best for block storage tightly coupled to EC2 instances, not large media libraries.", + }, + { + text: "Amazon SQS", + guide: "SQS is a messaging service, not storage.", + }, + { + text: "Amazon S3", correct: true, guide: - 'Correct: True matches the Customers Responsible Configuring Security behavior highlighted in "Shared Responsibility Model".', + "Correct: S3 is ideal for storing and serving massive amounts of media assets.", }, { - text: "False", + text: "Amazon Instance store", guide: - 'This assumes False, but "Shared Responsibility Model" showed Customers Responsible Configuring Security behaves differently, so this isn’t the best choice.', + "Instance Store is ephemeral and should not be used for durable media storage.", }, ], - hint: 'Think back to "Shared Responsibility Model" and how it framed Customers Responsible Configuring Security. Apply the same reasoning here.', - }, - { - type: "TEXT_INPUT", - order: 4, - question: - "What term describes AWS’s responsibility to protect the hardware, software, and facilities?", - correctAnswer: "Security of the cloud", - hint: 'Think back to "Shared Responsibility Model" and how it framed Term Describes Aws S. Apply the same reasoning here.', }, ], }, { - title: "IAM Basics", - order: 2, + title: "Content Delivery & Edge Acceleration", + order: 5, challenges: [ { type: "SELECT", order: 1, - question: "What does IAM stand for?", + question: "Which of the following can be described as a global content delivery network (CDN) service?", + hint: "Select the AWS service purpose-built to cache and deliver content worldwide.", options: [ { - text: "Identity and Access Management", - correct: true, - guide: - 'Correct: Identity and Access Management matches the Iam Stand behavior highlighted in "IAM Basics".', + text: "AWS VPN", + guide: "VPN provides secure connectivity, not content delivery.", }, { - text: "Internet Access Manager", - guide: - 'This assumes Internet Access Manager, but "IAM Basics" showed Iam Stand behaves differently, so this isn’t the best choice.', + text: "AWS Direct Connect", + guide: "Direct Connect creates private network links and is not a CDN.", + }, + { + text: "AWS Regions", + guide: "Regions host services but are not a CDN service themselves.", }, { - text: "Integrated Application Monitor", + text: "Amazon CloudFront", + correct: true, guide: - 'This assumes Integrated Application Monitor, but "IAM Basics" showed Iam Stand behaves differently, so this isn’t the best choice.', + "Correct: CloudFront is AWS's managed global CDN service.", }, ], - hint: 'Use the example from "IAM Basics" about Iam Stand to guide your answer.', }, { type: "SELECT", order: 2, - question: "What is the best practice for the AWS root account?", + question: + "A company is planning to host an educational website whose video courses will be streamed all around the world. Which AWS service will help achieve high transfer speeds?", + hint: "Think about the same service that caches streams close to viewers.", options: [ { - text: "Enable MFA and use it only for account setup", - correct: true, - guide: - 'Correct: Enable MFA and use it only for account setup matches the Best Practice Aws Root behavior highlighted in "IAM Basics".', + text: "Amazon SNS", + guide: "SNS is a pub/sub messaging service, not a CDN.", }, { - text: "Use it for all daily operations", - guide: - 'This assumes Use it for all daily operations, but "IAM Basics" showed Best Practice Aws Root behaves differently, so this isn’t the best choice.', + text: "Amazon Kinesis Video Streams", + guide: "Kinesis Video Streams ingests media but does not accelerate global delivery on its own.", }, { - text: "Share credentials with team members", + text: "AWS CloudFormation", + guide: "CloudFormation handles infrastructure as code, not streaming performance.", + }, + { + text: "Amazon CloudFront", + correct: true, guide: - 'This assumes Share credentials with team members, but "IAM Basics" showed Best Practice Aws Root behaves differently, so this isn’t the best choice.', + "Correct: CloudFront caches video content at edge locations to improve streaming performance.", }, ], - hint: 'Use the example from "IAM Basics" about Best Practice Aws Root to guide your answer.', }, { - type: "DRAG_DROP", + type: "SELECT", order: 3, - question: "Arrange IAM components from most general to most specific:", + question: + "AWS has created a large number of Edge Locations as part of its global infrastructure. Which of the following is NOT a benefit of using Edge Locations?", + hint: "Identify the statement that confuses CloudFront with a load balancer.", options: [ { - text: "Account", - order: 1, - guide: - 'This assumes Account, but "IAM Basics" showed Arrange Iam Components From behaves differently, so this isn’t the best choice.', + text: "Edge locations are used by CloudFront to cache the most recent responses.", + guide: "Caching responses near end users is a primary benefit of edge locations.", }, { - text: "User", - order: 2, + text: "Edge locations are used by CloudFront to improve your end users' experience when uploading files.", guide: - 'This assumes User, but "IAM Basics" showed Arrange Iam Components From behaves differently, so this isn’t the best choice.', + "Upload acceleration is another valid benefit provided through services like S3 Transfer Acceleration.", }, { - text: "Group", - order: 3, + text: "Edge locations are used by CloudFront to distribute traffic across multiple instances to reduce latency.", + correct: true, guide: - 'This assumes Group, but "IAM Basics" showed Arrange Iam Components From behaves differently, so this isn’t the best choice.', + "Correct: Traffic distribution across instances is handled by load balancers, not CloudFront edge caches.", }, { - text: "Policy", - order: 4, + text: "Edge locations are used by CloudFront to distribute content to global users with low latency.", guide: - 'This assumes Policy, but "IAM Basics" showed Arrange Iam Components From behaves differently, so this isn’t the best choice.', + "Delivering content with low latency is precisely why CloudFront relies on edge locations.", }, ], - hint: 'Use the example from "IAM Basics" about Arrange Iam Components From to guide your answer.', }, { - type: "TRUE_FALSE", + type: "SELECT", order: 4, - question: "IAM roles can be assumed by services and users.", + question: + "What is the AWS service/feature that takes advantage of Amazon CloudFront's globally distributed edge locations to transfer files to S3 with higher upload speeds?", + hint: "This feature accelerates S3 uploads by routing through the CloudFront edge network.", options: [ { - text: "True", + text: "S3 Transfer Acceleration", correct: true, guide: - 'Correct: True matches the Iam Roles Can Be behavior highlighted in "IAM Basics".', + "Correct: S3 Transfer Acceleration speeds up uploads by leveraging CloudFront edge locations.", + }, + { + text: "AWS WAF", + guide: "AWS WAF protects web applications but does not impact upload speeds.", + }, + { + text: "AWS Snowmobile", + guide: + "Snowmobile is a physical data transfer service, not an edge networking feature.", }, { - text: "False", + text: "AWS Snowball", guide: - 'This assumes False, but "IAM Basics" showed Iam Roles Can Be behaves differently, so this isn’t the best choice.', + "Snowball moves data via appliances, whereas the question asks about leveraging edge locations.", }, ], - hint: 'Use the example from "IAM Basics" about Iam Roles Can Be to guide your answer.', }, - ], - }, - { - title: "Security Services", - order: 3, - challenges: [ { type: "SELECT", - order: 1, - question: "Which service provides centralized governance across AWS accounts?", + order: 5, + question: + "Sarah deployed an application in the Northern California (us-west-1) Region, and 30% of traffic comes from Asia. What can she do to reduce latency for users in Asia?", + hint: "Look for the option that caches content closer to the new user base without re-platforming.", options: [ { - text: "AWS Organizations", - correct: true, + text: "Replicate the current resources across multiple Availability Zones within the same region", guide: - 'Correct: AWS Organizations matches the Service Provides Centralized Governance behavior highlighted in "Security Services".', + "Staying within the same region does not materially improve latency for users located across the globe.", }, { - text: "AWS Shield", - guide: - 'This assumes AWS Shield, but "Security Services" showed Service Provides Centralized Governance behaves differently, so this isn’t the best choice.', + text: "Migrate the application to a hosting provider in Asia", + guide: "Rehosting elsewhere is unnecessary when AWS already offers global acceleration services.", }, { - text: "Amazon Inspector", + text: "Recreate the website content", + guide: "Rewriting content does not address the underlying network latency issue.", + }, + { + text: "Create a CDN using CloudFront so that content is cached at edge locations close to and in Asia", + correct: true, guide: - 'This assumes Amazon Inspector, but "Security Services" showed Service Provides Centralized Governance behaves differently, so this isn’t the best choice.', + "Correct: CloudFront caches content near Asian users, dramatically reducing latency.", }, ], - hint: 'Remember the pattern you practiced in "Security Services"—it explained how Service Provides Centralized Governance works within AWS.', }, + ], + }, + ], + }, + { + title: "Security, Identity & Governance", + description: "Master AWS account security, implement least privilege, and understand how governance and compliance operate in the cloud.", + order: 2, + lessons: [ + { + title: "IAM Essentials", + order: 1, + challenges: [ { - type: "ASSIST", - order: 2, - question: "Complete: AWS WAF protects applications from ______ attacks.", + type: "SELECT", + order: 1, + question: + "An organization has a large number of technical employees who operate their AWS Cloud infrastructure. What does AWS provide to help organize them into teams and then assign the appropriate permissions for each team?", + hint: "Consider the identity construct that groups similar users to share policies.", options: [ { - text: "application layer", - correct: true, + text: "IAM roles", guide: - 'Correct: application layer matches the Aws Waf Protects Applications behavior highlighted in "Security Services".', + "Roles are assumed identities, not containers for organizing employees into teams.", }, { - text: "network layer", + text: "IAM users", guide: - 'This assumes network layer, but "Security Services" showed Aws Waf Protects Applications behaves differently, so this isn’t the best choice.', + "Users represent individual identities and do not automatically organize people into groups.", }, { - text: "hardware", + text: "IAM user groups", + correct: true, guide: - 'This assumes hardware, but "Security Services" showed Aws Waf Protects Applications behaves differently, so this isn’t the best choice.', + "Correct: User groups let you organize people and attach shared policies for each team.", }, - ], - hint: 'Remember the pattern you practiced in "Security Services"—it explained how Aws Waf Protects Applications works within AWS.', - }, + { + text: "AWS Organizations", + guide: + "AWS Organizations manages multiple accounts, whereas the question focuses on group-level permissions inside one account.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (CLI)?", + hint: "Command-line calls require long-term credentials similar to an API key pair.", + options: [ + { + text: "Access keys", + correct: true, + guide: + "Correct: The CLI signs requests with an access key ID and secret access key.", + }, + { + text: "Secret token", + guide: + "There is no generic 'secret token'; the CLI expects an AWS access key pair.", + }, + { + text: "UserID", + guide: "A user ID alone cannot authenticate programmatic requests.", + }, + { + text: "User name and password", + guide: "Console credentials work in the browser but are not used by the CLI.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "Which of the following is equivalent to a user name and password and is used to authenticate your programmatic access to AWS services and APIs?", + hint: "Look for the credential pair that grants API-level access.", + options: [ + { + text: "Instance password", + guide: "Instance passwords unlock EC2 logins and are unrelated to API authentication.", + }, + { + text: "Key pairs", + guide: "Key pairs allow SSH/RDP access, not general API calls.", + }, + { + text: "Access keys", + correct: true, + guide: + "Correct: An access key ID and secret access key act like a username/password for programmatic use.", + }, + { + text: "MFA", + guide: "MFA supplements authentication but is not itself the credential used by code.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "What are the default security credentials that are required to access the AWS Management Console for an IAM user account?", + hint: "Think about the fields you type into the console login form.", + options: [ + { + text: "MFA", + guide: + "MFA can be enabled, but it is not part of the default login requirement.", + }, + { + text: "Security tokens", + guide: "Temporary security tokens apply to programmatic sessions, not the console login form.", + }, + { + text: "A user name and password", + correct: true, + guide: + "Correct: IAM users sign in to the console with their username and password by default.", + }, + { + text: "Access keys", + guide: "Access keys are for APIs and are not accepted on the console login page.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "An organization runs many systems and uses many AWS products. Which of the following services enables them to control how each developer interacts with these products?", + hint: "Choose the foundational identity and access management service.", + options: [ + { + text: "AWS Identity and Access Management", + correct: true, + guide: + "Correct: IAM lets administrators define permissions for every user, group, and role.", + }, + { + text: "Amazon RDS", + guide: "RDS manages databases and does not control account-wide permissions.", + }, + { + text: "Network Access Control Lists", + guide: "Network ACLs filter subnet traffic and are unrelated to user permissions.", + }, + { + text: "Amazon EMR", + guide: "EMR runs big data jobs; it cannot govern who accesses AWS services.", + }, + ], + }, + ], + }, + { + title: "Shared Responsibility & Access Control", + order: 2, + challenges: [ + { + type: "SELECT", + order: 1, + question: "Which statement is true regarding the AWS Shared Responsibility Model?", + hint: "Responsibilities shift depending on whether you consume IaaS or managed services.", + options: [ + { + text: "Responsibilities vary depending on the services used", + correct: true, + guide: + "Correct: Customers inherit fewer tasks with managed services than with self-managed compute.", + }, + { + text: "Security of the IaaS services is the responsibility of AWS", + guide: + "AWS secures the infrastructure, but customers still secure operating systems and data on IaaS services.", + }, + { + text: "Patching the guest OS is always the responsibility of AWS", + guide: "For IaaS offerings like EC2, customers patch guest operating systems themselves.", + }, + { + text: "Security of the managed services is the responsibility of the customer", + guide: + "Managed services reduce the customer's operational burden, so AWS takes on more responsibility.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: "What does the 'Principle of Least Privilege' refer to?", + hint: "It is about granting only the permissions someone needs right when they need them.", + options: [ + { + text: "You should grant your users only the permissions they need when they need them and nothing more", + correct: true, + guide: + "Correct: Least privilege limits blast radius by restricting access to exactly what is required.", + }, + { + text: "All IAM users should have at least the necessary permissions to access the core AWS services", + guide: + "Blanket access to core services violates the idea of least privilege.", + }, + { + text: "All trusted IAM users should have access to any AWS service in the respective AWS account", + guide: + "Trust does not remove the need to limit permissions.", + }, + { + text: "IAM users should not be granted any permissions; to keep your account safe", + guide: + "Users need permissions to do their jobs, just not more than necessary.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: "Select TWO examples of the AWS shared controls.", + hint: "Shared controls cover areas both AWS and the customer must address in their own layers.", + options: [ + { + text: "Patch Management", + correct: true, + guide: + "Correct: AWS patches underlying services, while customers patch their guest operating systems.", + }, + { + text: "IAM Management", + guide: + "IAM configurations are the customer's responsibility rather than a shared control.", + }, + { + text: "VPC Management", + guide: "Customers fully manage their own VPC configurations.", + }, + { + text: "Configuration Management", + correct: true, + guide: + "Correct: Both AWS and the customer manage configuration layers relevant to their responsibilities.", + }, + { + text: "Data Center operations", + guide: + "AWS alone operates and secures data centers; customers are not involved.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: "In the AWS Shared Responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)", + hint: "Look for tasks tied to account configuration and data protection inside AWS.", + options: [ + { + text: "Disk disposal", + guide: + "AWS handles secure media destruction as part of its physical responsibilities.", + }, + { + text: "Controlling physical access to compute resources", + guide: + "Physical access is fully managed by AWS.", + }, + { + text: "Patching the Network infrastructure", + guide: "AWS patches networking gear within its data centers.", + }, + { + text: "Setting password complexity rules", + correct: true, + guide: + "Correct: Customers define IAM password policies inside their accounts.", + }, + { + text: "Configuring network access rules", + correct: true, + guide: + "Correct: Customers create and manage security groups, NACLs, and routing rules.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "According to the AWS Shared Responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)", + hint: "Focus on protecting data and patching items you install on top of AWS services.", + options: [ + { + text: "Managing environmental events of AWS data centers", + guide: + "Environmental controls remain AWS's duty because customers never access facilities.", + }, + { + text: "Protecting the confidentiality of data in transit in Amazon S3", + correct: true, + guide: + "Correct: Customers must encrypt or otherwise secure their data traffic to and from S3.", + }, + { + text: "Controlling physical access to AWS Regions", + guide: "AWS controls data center access, not customers.", + }, + { + text: "Ensuring that the underlying EC2 host is configured properly", + guide: "AWS operates the underlying host infrastructure.", + }, + { + text: "Patching applications installed on Amazon EC2", + correct: true, + guide: + "Correct: Once you install applications on EC2, you must keep them patched and secure.", + }, + ], + }, + ], + }, + { + title: "Security Protection Services", + order: 3, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect customers from these attacks? (Choose TWO)", + hint: "Combine the managed DDoS protection service with the web application firewall.", + options: [ + { + text: "AWS Shield", + correct: true, + guide: + "Correct: AWS Shield provides managed DDoS protection at the edge.", + }, + { + text: "AWS Config", + guide: "Config records configuration changes but does not block DDoS traffic.", + }, + { + text: "Amazon Cognito", + guide: "Cognito handles identity for apps, not network-layer protections.", + }, + { + text: "AWS WAF", + correct: true, + guide: + "Correct: AWS WAF lets you block malicious traffic patterns such as SQL injection attempts.", + }, + { + text: "AWS KMS", + guide: "KMS manages encryption keys and is unrelated to DDoS protection.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "A company is developing a critical web application in AWS, and security is a top priority. Which AWS service will provide infrastructure security optimization recommendations?", + hint: "Think of the trusted advisor that checks account best practices.", + options: [ + { + text: "AWS Shield", + guide: + "Shield protects against DDoS attacks but does not provide account-wide recommendations.", + }, + { + text: "AWS Management Console", + guide: "The console is just the UI and offers no proactive advice.", + }, + { + text: "AWS Secrets Manager", + guide: + "Secrets Manager stores credentials; it does not audit architectures for security.", + }, + { + text: "AWS Trusted Advisor", + correct: true, + guide: + "Correct: Trusted Advisor surfaces security recommendations tailored to your environment.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "What is the AWS feature that provides an additional level of security above the default authentication mechanism of usernames and passwords?", + hint: "It requires a one-time code in addition to basic credentials.", + options: [ + { + text: "Encrypted keys", + guide: + "Encryption keys protect data, not console sign-in flows.", + }, + { + text: "Email verification", + guide: "Email verification is unrelated to AWS console logins.", + }, + { + text: "AWS KMS", + guide: + "KMS manages keys but does not add a second authentication factor.", + }, + { + text: "AWS MFA", + correct: true, + guide: + "Correct: Multi-Factor Authentication (MFA) adds a one-time token to the login process.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "Which of the following services can help protect your web applications from SQL injection and other vulnerabilities in your application code?", + hint: "Choose the managed web application firewall service.", + options: [ + { + text: "Amazon Cognito", + guide: "Cognito handles user sign-in and federation, not traffic inspection.", + }, + { + text: "AWS IAM", + guide: "IAM governs permissions but does not inspect HTTP requests.", + }, + { + text: "Amazon Aurora", + guide: "Aurora is a database service, not a security filter.", + }, + { + text: "AWS WAF", + correct: true, + guide: + "Correct: AWS WAF filters web requests to block exploits like SQL injection.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "Which of the following AWS security features is associated with an EC2 instance and functions to filter incoming traffic requests?", + hint: "Think of the virtual firewall that you attach directly to instances.", + options: [ + { + text: "AWS X-Ray", + guide: "X-Ray traces application requests and is not a security filter.", + }, + { + text: "Network ACL", + guide: + "Network ACLs operate at the subnet level, not on individual instances.", + }, + { + text: "Security Groups", + correct: true, + guide: + "Correct: Security groups are stateful firewalls that control inbound and outbound instance traffic.", + }, + { + text: "VPC Flow logs", + guide: + "Flow logs capture traffic metadata but do not allow or deny packets.", + }, + ], + }, + ], + }, + { + title: "Monitoring & Auditing", + order: 4, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "You have noticed that several critical Amazon EC2 instances have been terminated. Which of the following AWS services would help you determine who took this action?", + hint: "You need an audit trail of API calls inside your account.", + options: [ + { + text: "Amazon Inspector", + guide: + "Inspector scans for vulnerabilities and does not log account activity.", + }, + { + text: "AWS CloudTrail", + correct: true, + guide: + "Correct: CloudTrail records every API call so you can see who terminated the instances.", + }, + { + text: "AWS Trusted Advisor", + guide: "Trusted Advisor offers recommendations but is not an audit log.", + }, + { + text: "EC2 Instance Usage Report", + guide: + "Usage reports summarize consumption and do not show who initiated actions.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "What does the AWS Health Dashboard provide? (Choose TWO)", + hint: "It offers personalized service health plus guidance when incidents occur.", + options: [ + { + text: "Detailed troubleshooting guidance to address AWS events impacting your resources", + correct: true, + guide: + "Correct: The Health Dashboard includes guidance specific to the services you use.", + }, + { + text: "Health checks for Auto Scaling instances", + guide: + "Auto Scaling performs its own health checks; the Health Dashboard reports on AWS service status.", + }, + { + text: "Recommendations for Cost Optimization", + guide: + "Cost advice comes from Trusted Advisor, not the Health Dashboard.", + }, + { + text: "A dashboard detailing vulnerabilities in your applications", + guide: "Vulnerability assessments are handled by services like Inspector.", + }, + { + text: "Personalized view of AWS service health", + correct: true, + guide: + "Correct: The dashboard tailors service health information to the regions and services you use.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "You have deployed your application on multiple Amazon EC2 instances. Customers complain that sometimes they cannot reach the application. Which AWS service allows you to monitor the performance of your EC2 instances to assist in troubleshooting these issues?", + hint: "Choose the monitoring service that collects metrics, logs, and alarms.", + options: [ + { + text: "AWS Lambda", + guide: + "Lambda runs code but does not monitor EC2 performance.", + }, + { + text: "AWS Config", + guide: + "Config records configuration changes rather than performance metrics.", + }, + { + text: "Amazon CloudWatch", + correct: true, + guide: + "Correct: CloudWatch provides metrics and alarms for EC2 instance health and performance.", + }, + { + text: "AWS CloudTrail", + guide: "CloudTrail logs API calls, not system-level performance.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "What are the change management tools that help AWS customers audit and monitor all resource changes in their AWS environment? (Choose TWO)", + hint: "Pair the API activity log with the configuration timeline service.", + options: [ + { + text: "AWS CloudTrail", + correct: true, + guide: + "Correct: CloudTrail captures every API call, enabling change tracking.", + }, + { + text: "Amazon Comprehend", + guide: "Comprehend is an NLP service unrelated to change management.", + }, + { + text: "AWS Transit Gateway", + guide: "Transit Gateway connects networks; it does not record configuration history.", + }, + { + text: "AWS X-Ray", + guide: + "X-Ray traces application requests but does not audit infrastructure changes.", + }, + { + text: "AWS Config", + correct: true, + guide: + "Correct: AWS Config tracks configuration history and alerts on changes.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "Which of the following services will help businesses ensure compliance in AWS?", + hint: "Pick the service that records who did what and when for governance reviews.", + options: [ + { + text: "CloudFront", + guide: "CloudFront handles content delivery, not compliance logging.", + }, + { + text: "CloudEndure Migration", + guide: "CloudEndure migrates workloads but does not provide compliance evidence.", + }, + { + text: "CloudWatch", + guide: "CloudWatch monitors metrics but is not a compliance tool.", + }, + { + text: "CloudTrail", + correct: true, + guide: + "Correct: CloudTrail's audit logs are essential for demonstrating compliance.", + }, + ], + }, + ], + }, + { + title: "Governance & Assurance", + order: 5, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "Which of the following services allows customers to manage their agreements with AWS?", + hint: "Look for the portal that houses compliance reports and legal documents.", + options: [ + { + text: "AWS Artifact", + correct: true, + guide: + "Correct: AWS Artifact provides on-demand access to security and compliance reports and agreements.", + }, + { + text: "AWS Certificate Manager", + guide: + "Certificate Manager provisions SSL/TLS certificates, not legal documents.", + }, + { + text: "AWS Systems Manager", + guide: "Systems Manager operates fleets but does not host agreements.", + }, + { + text: "AWS Organizations", + guide: "Organizations manages multiple accounts, not legal paperwork.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "Under the shared responsibility model, which of the following is the responsibility of AWS?", + hint: "Think about tasks performed at the infrastructure hardware layer.", + options: [ + { + text: "Client-side encryption", + guide: + "Customers decide how to encrypt data on their clients.", + }, + { + text: "Configuring infrastructure devices", + correct: true, + guide: + "Correct: AWS configures and secures the networking and hardware infrastructure.", + }, + { + text: "Server-side encryption", + guide: + "Customers choose and configure server-side encryption settings for their data.", + }, + { + text: "Filtering traffic with Security Groups", + guide: "Security groups are created and managed by customers.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?", + hint: "Customers can test their own resources as long as they follow AWS guidelines.", + options: [ + { + text: "Penetration testing is not allowed in AWS", + guide: + "AWS permits customers to test their own resources as long as they follow policy.", + }, + { + text: + "Penetration testing is performed automatically by AWS to determine vulnerabilities in your AWS infrastructure", + guide: + "AWS does not automatically pen test customer environments.", + }, + { + text: + "Penetration testing can be performed by the customer on their own instances without prior authorization from AWS", + correct: true, + guide: + "Correct: Customers may test their own instances without prior approval, provided they follow AWS guidelines.", + }, + { + text: + "The AWS customers are only allowed to perform penetration testing on services managed by AWS", + guide: + "Customers can test resources they control; managed services are handled by AWS.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "Based on the AWS Shared Responsibility Model, which of the following are the sole responsibility of AWS? (Choose TWO)", + hint: "Focus on tasks at the hardware and hypervisor layer.", + options: [ + { + text: "Monitoring network performance", + guide: "Customers monitor their own workloads' performance needs.", + }, + { + text: "Installing software on EC2 instances", + guide: "Customers install and manage their own software on EC2.", + }, + { + text: "Creating hypervisors", + correct: true, + guide: + "Correct: AWS designs and maintains the hypervisors that power virtual machines.", + }, + { + text: "Configuring Access Control Lists (ACLs)", + guide: "Customers configure ACLs inside their VPCs.", + }, + { + text: "Hardware maintenance", + correct: true, + guide: + "Correct: Only AWS staff maintain and replace the underlying hardware.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "A global company with a large number of AWS accounts is seeking a way to centrally manage billing and security policies across all accounts. Which AWS Service will assist them in meeting these goals?", + hint: "Think about the multi-account management service that enforces guardrails and consolidated billing.", + options: [ + { + text: "AWS Organizations", + correct: true, + guide: + "Correct: AWS Organizations centralizes billing and applies policies across every member account.", + }, + { + text: "AWS Trusted Advisor", + guide: + "Trusted Advisor offers best-practice checks but cannot manage policies across accounts.", + }, + { + text: "IAM User Groups", + guide: + "IAM groups organize users inside a single account rather than spanning an enterprise.", + }, + { + text: "AWS Config", + guide: + "AWS Config tracks resource changes in one account; it does not consolidate billing or policy management.", + }, + ], + }, + ], + }, + ], + }, + { + title: "Architecture & Operations", + description: "Design resilient architectures, decouple workloads with managed services, and build operational excellence on AWS.", + order: 3, + lessons: [ + { + title: "Resilient Architecture Patterns", + order: 1, + challenges: [ + { + type: "SELECT", + order: 1, + question: "Which of the below options are related to the reliability of AWS? (Choose TWO)", + hint: "Reliability depends on automatic scaling and rapid recovery from failure.", + options: [ + { + text: "Applying the principle of least privilege to all AWS resources", + guide: + "Least privilege improves security rather than the reliability pillar.", + }, + { + text: "Automatically provisioning new resources to meet demand", + correct: true, + guide: + "Correct: Auto-provisioning keeps services available even when demand spikes.", + }, + { + text: "All AWS services are considered Global Services, and this design helps customers serve their international users", + guide: + "Many services are regional, so this statement is inaccurate and not specifically about reliability.", + }, + { + text: "Providing compensation to customers if issues occur", + guide: + "Credits address the business impact but do not inherently improve reliability.", + }, + { + text: "Ability to recover quickly from failures", + correct: true, + guide: + "Correct: Rapid recovery is a core reliability objective.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "In order to implement best practices when dealing with a single point of failure, you should automate detection and reaction. Which AWS services would help? (Choose TWO)", + hint: "Combine load balancing with automatic scaling to remove manual failover.", + options: [ + { + text: "ELB", + correct: true, + guide: + "Correct: Elastic Load Balancing spreads traffic to healthy targets, masking failures.", + }, + { + text: "Auto Scaling", + correct: true, + guide: + "Correct: Auto Scaling replaces failed instances automatically to maintain capacity.", + }, + { + text: "Amazon Athena", + guide: "Athena queries data and does not detect infrastructure failures.", + }, + { + text: "Amazon ECR", + guide: "ECR stores container images rather than handling resilience.", + }, + { + text: "Amazon EC2", + guide: + "Individual EC2 instances can fail, so they are not themselves a mitigation for single points of failure.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: "The principle 'design for failure and nothing will fail' is very important when designing your AWS Cloud architecture. Which of the following would help adhere to this principle? (Choose TWO)", + hint: "Think about isolating workloads across fault domains and balancing traffic.", + options: [ + { + text: "Multi-factor authentication", + guide: + "MFA protects logins but does not address infrastructure failure.", + }, + { + text: "Availability Zones", + correct: true, + guide: + "Correct: Deploying across multiple Availability Zones removes single physical points of failure.", + }, + { + text: "Elastic Load Balancing", + correct: true, + guide: + "Correct: Load balancers shift traffic away from unhealthy targets automatically.", + }, + { + text: "Penetration testing", + guide: + "Pen testing improves security posture, not failure resilience.", + }, + { + text: "Vertical Scaling", + guide: "Scaling up a single instance can actually increase coupling to one resource.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose TWO)", + hint: "Look for services that automatically replicate data across Availability Zones.", + options: [ + { + text: "Amazon Redshift", + guide: + "Redshift is a multi-node data warehouse but does not automatically replicate across AZs by default.", + }, + { + text: "AWS Snowball", + guide: "Snowball is a data transfer appliance and does not run across AZs.", + }, + { + text: "Amazon Simple Storage Service", + correct: true, + guide: + "Correct: S3 stores data redundantly across multiple AZs within a Region.", + }, + { + text: "Amazon EBS", + guide: + "EBS volumes live in a single AZ unless you replicate them yourself.", + }, + { + text: "Amazon DynamoDB", + correct: true, + guide: + "Correct: DynamoDB replicates data across multiple AZs automatically.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "What are the Amazon RDS features that can be used to improve the availability of your database? (Choose TWO)", + hint: "Focus on deployment options that keep a standby ready and scale reads.", + options: [ + { + text: "AWS Regions", + guide: + "Simply being in a Region is not an RDS-specific availability feature.", + }, + { + text: "Multi-AZ Deployment", + correct: true, + guide: + "Correct: Multi-AZ keeps a synchronous standby instance ready in another AZ.", + }, + { + text: "Automatic patching", + guide: + "While useful, automatic patching alone is not the feature highlighted for availability.", + }, + { + text: "Read Replicas", + correct: true, + guide: + "Correct: Read replicas provide additional copies that can offload reads and be promoted during failures.", + }, + { + text: "Edge Locations", + guide: "Edge locations pertain to CloudFront, not RDS availability.", + }, + ], + }, + ], + }, + { + title: "Compute Strategies & Deployment", + order: 2, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "You want to run a questionnaire application for only one day without interruption. Which Amazon EC2 purchase option should you use?", + hint: "Pick the pricing model with no long-term commitment and immediate availability.", + options: [ + { + text: "Reserved instances", + guide: + "Reserved Instances require commitments longer than a single day.", + }, + { + text: "Spot instances", + guide: + "Spot capacity can be interrupted with little notice, so it is not ideal for uninterrupted one-day use.", + }, + { + text: "Dedicated instances", + guide: "Dedicated instances lock you to hardware and are unnecessary for a short run.", + }, + { + text: "On-demand instances", + correct: true, + guide: + "Correct: On-demand instances launch immediately and shut down whenever you are finished.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "You are creating thumbnails of millions of images. Consistent uptime is not an issue, and continuous processing is not required. Which EC2 buying option is the most cost-effective?", + hint: "Think about the discounted capacity model that tolerates interruptions.", + options: [ + { + text: "Reserved Instances", + guide: "Reserved Instances lock in capacity for steady-state usage, not sporadic jobs.", + }, + { + text: "On-demand Instances", + guide: + "On-demand costs more per hour than the discounted option that allows interruptions.", + }, + { + text: "Dedicated Instances", + guide: "Dedicated hardware is overkill for transient batch jobs.", + }, + { + text: "Spot Instances", + correct: true, + guide: + "Correct: Spot Instances deliver steep discounts when you can handle interruptions.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "Which of the following EC2 instance purchasing options supports the Bring Your Own License (BYOL) model for almost every scenario?", + hint: "Choose the offering that gives you visibility into the underlying host hardware.", + options: [ + { + text: "Dedicated Instances", + guide: + "Dedicated instances share hardware across accounts in a tenancy model that may not meet every BYOL requirement.", + }, + { + text: "Dedicated Hosts", + correct: true, + guide: + "Correct: Dedicated Hosts give you full control over host hardware, satisfying most BYOL rules.", + }, + { + text: "On-demand Instances", + guide: "On-demand refers to pricing, not licensing visibility.", + }, + { + text: "Reserved Instances", + guide: + "Reservations discount usage but do not guarantee host-level control for licensing.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "What is the AWS service that provides you the highest level of control over the underlying virtual infrastructure?", + hint: "Consider the service where you manage the OS, runtime, and applications yourself.", + options: [ + { + text: "Amazon Redshift", + guide: "Redshift is managed and does not expose the underlying servers.", + }, + { + text: "Amazon DynamoDB", + guide: "DynamoDB is fully managed and abstracts away servers entirely.", + }, + { + text: "Amazon EC2", + correct: true, + guide: + "Correct: EC2 gives you root control of virtual machines and their operating systems.", + }, + { + text: "Amazon RDS", + guide: + "RDS manages database engines for you, so it offers less infrastructure control than EC2.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "What is the AWS serverless service that allows you to run your applications without any administrative burden?", + hint: "Pick the compute option that automatically provisions runtime environments per function invocation.", + options: [ + { + text: "Amazon LightSail", + guide: "LightSail simplifies VPS hosting but still requires server management.", + }, + { + text: "AWS Lambda", + correct: true, + guide: + "Correct: Lambda runs your code in response to events with zero server management required.", + }, + { + text: "Amazon RDS instances", + guide: + "RDS removes database administration tasks, not general-purpose compute management.", + }, + { + text: "Amazon EC2 instances", + guide: "EC2 requires you to manage servers, so it is not serverless.", + }, + ], + }, + ], + }, + { + title: "Performance & Decoupling", + order: 3, + challenges: [ + { + type: "SELECT", + order: 1, + question: "What is the advantage of the AWS-recommended practice of 'decoupling' applications?", + hint: "Decoupling prevents failures in one tier from cascading into others.", + options: [ + { + text: "Allows treating an application as a single, cohesive unit", + guide: + "Decoupling intentionally breaks applications into smaller, independent components.", + }, + { + text: "Reduces inter-dependencies so that failures do not impact other components of the application", + correct: true, + guide: + "Correct: Decoupling limits blast radius by isolating components.", + }, + { + text: "Allows updates of any monolithic application quickly and easily", + guide: + "Monoliths are the opposite of decoupled architectures.", + }, + { + text: "Allows tracking of any API call made to any AWS service", + guide: "API tracking is done through CloudTrail, not decoupling.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application's response time is optimal?", + hint: "Consider using a managed in-memory cache for hot data.", + options: [ + { + text: "AWS OpsWorks", + guide: + "OpsWorks orchestrates stacks but is not a caching layer.", + }, + { + text: "AWS Storage Gateway", + guide: + "Storage Gateway connects on-premises storage to AWS and is not used for low-latency caching.", + }, + { + text: "Amazon EBS volume", + guide: + "EBS serves block storage to a single instance and may become a bottleneck for hot shared data.", + }, + { + text: "Amazon ElastiCache", + correct: true, + guide: + "Correct: ElastiCache keeps frequently accessed data in memory for microsecond access times.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: "What does Amazon ElastiCache provide?", + hint: "This service accelerates applications by keeping data in RAM.", + options: [ + { + text: "In-memory caching for read-heavy applications", + correct: true, + guide: + "Correct: ElastiCache delivers managed Redis or Memcached clusters for low-latency reads.", + }, + { + text: "An Ehcache compatible in-memory data store", + guide: + "ElastiCache supports Redis and Memcached engines instead of Ehcache.", + }, + { + text: "An online software store that allows Customers to launch pre-configured software with just few clicks", + guide: + "That description matches AWS Marketplace, not ElastiCache.", + }, + { + text: "A domain name system in the cloud", + guide: "Route 53 handles DNS rather than ElastiCache.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "Which service is used to ensure that messages between software components are not lost if one or more components fail?", + hint: "Think of the fully managed message queue that buffers work.", + options: [ + { + text: "Amazon SQS", + correct: true, + guide: + "Correct: Amazon Simple Queue Service stores messages durably until consumers process them.", + }, + { + text: "Amazon SES", + guide: "SES sends email and is not used for decoupling components.", + }, + { + text: "AWS Direct Connect", + guide: "Direct Connect provides private network links, not message durability.", + }, + { + text: "Amazon Connect", + guide: "Amazon Connect is a contact center solution, not a queueing service.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "Which AWS service can be used to store and reliably deliver messages across distributed systems?", + hint: "This question highlights the same managed queue that guarantees delivery.", + options: [ + { + text: "Amazon Simple Queue Service", + correct: true, + guide: + "Correct: SQS guarantees message delivery between loosely coupled components.", + }, + { + text: "AWS Storage Gateway", + guide: + "Storage Gateway integrates storage, not messaging pipelines.", + }, + { + text: "Amazon Simple Email Service", + guide: "SES handles outbound email, not application messaging.", + }, + { + text: "Amazon Simple Storage Service", + guide: + "S3 stores objects but lacks the semantics of a message queue.", + }, + ], + }, + ], + }, + { + title: "Automation & Managed Services", + order: 4, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "Which of the following are examples of AWS-managed services where AWS is responsible for the operational and maintenance burdens? (Choose TWO)", + hint: "Look for services where AWS patches the fleet for you.", + options: [ + { + text: "Amazon VPC", + guide: + "You configure VPC networking yourself, so it is not fully managed in the same sense.", + }, + { + text: "Amazon DynamoDB", + correct: true, + guide: + "Correct: DynamoDB is fully managed; AWS handles scaling, patching, and operations.", + }, + { + text: "Amazon Elastic MapReduce", + correct: true, + guide: + "Correct: Amazon EMR automates provisioning and management of big data clusters.", + }, + { + text: "AWS IAM", + guide: "IAM is a control plane service, not a managed runtime for your code or data.", + }, + { + text: "Amazon Elastic Compute Cloud", + guide: + "EC2 requires customers to operate their own instances, so it is not fully managed.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "What is the AWS service that enables AWS architects to manage infrastructure as code?", + hint: "Choose the service that uses templates to provision stacks consistently.", + options: [ + { + text: "AWS CloudFormation", + correct: true, + guide: + "Correct: CloudFormation turns infrastructure definitions into repeatable stacks.", + }, + { + text: "AWS Config", + guide: "Config records resource changes, but it does not provision infrastructure.", + }, + { + text: "Amazon SES", + guide: "SES handles email, not infrastructure automation.", + }, + { + text: "Amazon EMR", + guide: "EMR runs analytics workloads and is not a general IaC service.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "What does AWS provide to deploy popular technologies such as IBM MQ on AWS with the least amount of effort and time?", + hint: "These are opinionated, automated reference deployments maintained by AWS and partners.", + options: [ + { + text: "Amazon Aurora", + guide: "Aurora is a database engine, not a deployment guide.", + }, + { + text: "Amazon CloudWatch", + guide: "CloudWatch monitors resources but does not deploy workloads.", + }, + { + text: "AWS Quick Start reference deployments", + correct: true, + guide: + "Correct: Quick Starts provide automated templates for popular technologies.", + }, + { + text: "AWS OpsWorks", + guide: + "OpsWorks manages stacks but does not provide curated third-party deployment guides.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "Which of the below is a best practice when designing solutions on AWS?", + hint: "The Well-Architected Framework encourages experimentation through automation.", + options: [ + { + text: "Invest heavily in architecting your environment, as it is not easy to change your design later", + guide: + "Cloud encourages iteration, so designs should evolve instead of remaining rigid.", + }, + { + text: "Use AWS reservations to reduce costs when testing your production environment", + guide: + "Reservations make sense for steady production workloads, not short-lived tests.", + }, + { + text: "Automate wherever possible to make architectural experimentation easier", + correct: true, + guide: + "Correct: Automation lets you test, learn, and refine architectures quickly.", + }, + { + text: "Provision a large compute capacity to handle any spikes in load", + guide: + "Over-provisioning wastes money and ignores elastic scaling options.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?", + hint: "Think of the image that captures an EC2 instance configuration.", + options: [ + { + text: "IAM", + guide: "IAM manages permissions, not server templates.", + }, + { + text: "An internet gateway", + guide: "Internet gateways provide connectivity, not instance blueprints.", + }, + { + text: "EBS Snapshot", + guide: + "Snapshots capture volume data but not the full instance configuration and metadata.", + }, + { + text: "AMI", + correct: true, + guide: + "Correct: Amazon Machine Images (AMIs) let you launch new EC2 instances from a saved template.", + }, + ], + }, + ], + }, + { + title: "Data Platforms & Analytics", + order: 5, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "Your company has a data store application that requires access to a NoSQL database. Which AWS database offering meets this requirement?", + hint: "Pick the fully managed key-value and document database service.", + options: [ + { + text: "Amazon Aurora", + guide: "Aurora is a relational database service.", + }, + { + text: "Amazon DynamoDB", + correct: true, + guide: + "Correct: DynamoDB is AWS's managed NoSQL database.", + }, + { + text: "Amazon Elastic Block Store", + guide: + "EBS provides block storage rather than a database engine.", + }, + { + text: "Amazon Redshift", + guide: "Redshift is a data warehouse, not a NoSQL store.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "A developer is planning to build a two-tier web application that has a MySQL database layer. Which AWS database service would provide automated backups for the application?", + hint: "Select the managed relational database engine compatible with MySQL.", + options: [ + { + text: "A MySQL database installed on an EC2 instance", + guide: + "Managing MySQL on EC2 leaves backups to you.", + }, + { + text: "Amazon Aurora", + correct: true, + guide: + "Correct: Aurora (MySQL-compatible) automates backups, patching, and replication.", + }, + { + text: "Amazon DynamoDB", + guide: "DynamoDB is NoSQL and not a MySQL-compatible relational engine.", + }, + { + text: "Amazon Neptune", + guide: "Neptune is a graph database, not suited for MySQL workloads.", + }, + ], + }, + { + type: "SELECT", + order: 3, + question: + "What is the AWS database service that allows you to upload data structured in key-value format?", + hint: "This is the same managed NoSQL service used for millisecond performance at any scale.", + options: [ + { + text: "Amazon DynamoDB", + correct: true, + guide: + "Correct: DynamoDB stores key-value and document data with single-digit millisecond latency.", + }, + { + text: "Amazon Aurora", + guide: + "Aurora is relational and expects SQL schemas.", + }, + { + text: "Amazon Redshift", + guide: + "Redshift is optimized for analytics using columnar SQL storage.", + }, + { + text: "Amazon RDS", + guide: + "RDS covers relational engines rather than key-value data.", + }, + ], + }, + { + type: "SELECT", + order: 4, + question: + "You work as an on-premises MySQL DBA. Database configuration, backups, patching, and DR are time-consuming. Which AWS service can help save time so you can focus on data architecture and performance?", + hint: "Choose the managed relational database service.", + options: [ + { + text: "Amazon RDS", + correct: true, + guide: + "Correct: Amazon RDS automates backups, patching, and replication for relational databases.", + }, + { + text: "Amazon Redshift", + guide: "Redshift targets analytics, not OLTP MySQL workloads.", + }, + { + text: "Amazon DynamoDB", + guide: "DynamoDB is NoSQL and would require rearchitecting the application.", + }, + { + text: "Amazon CloudWatch", + guide: + "CloudWatch monitors resources but does not manage databases.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "An organization needs to analyze and process a large number of data sets. Which AWS service should they use?", + hint: "Think of the managed Hadoop and Spark platform on AWS.", + options: [ + { + text: "Amazon EMR", + correct: true, + guide: + "Correct: Amazon EMR runs large-scale distributed data processing workloads.", + }, + { + text: "Amazon MQ", + guide: + "Amazon MQ provides managed message brokers, not analytics clusters.", + }, + { + text: "Amazon SNS", + guide: "SNS publishes notifications and does not process data sets.", + }, + { + text: "Amazon SQS", + guide: "SQS queues messages rather than analyzing data.", + }, + ], + }, + ], + }, + { + title: "Modern Operations & Observability", + order: 6, + challenges: [ + { + type: "SELECT", + order: 1, + question: + "Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?", + hint: "This pillar stresses monitoring systems and improving processes", + options: [ + { + text: "The ability of a system to recover gracefully from failure", + guide: "That description aligns with the reliability pillar instead of operational excellence.", + }, + { + text: "The efficient use of computing resources to meet requirements", + guide: "Efficient resource use speaks to performance efficiency, not operational excellence.", + }, + { + text: "The ability to monitor systems and improve supporting processes and procedures", + correct: true, + guide: + "Correct: Operational excellence is about observing workloads and continually refining operations.", + }, + { + text: "The ability to manage datacenter operations more efficiently", + guide: "AWS already runs the data centers; customers focus on their own operations in the cloud.", + }, + ], + }, + { + type: "SELECT", + order: 2, + question: + "Which of the following services allows you to run containerized applications on a cluster of EC2 instances?", + hint: "Choose the managed container orchestration service that launches tasks on EC2.", + options: [ + { + text: "Amazon ECS", + correct: true, + guide: + "Correct: Amazon Elastic Container Service schedules containers across an EC2 cluster.", + }, + { + text: "AWS Data Pipeline", + guide: "Data Pipeline orchestrates data movement, not containers.", + }, + { + text: "AWS Cloud9", + guide: "Cloud9 is a cloud IDE and does not run production containers.", + }, + { + text: "AWS Personal Health Dashboard", + guide: + "The Health Dashboard reports on service status; it does not deploy workloads.", + }, + ], + }, { - type: "TRUE_FALSE", + type: "SELECT", order: 3, question: - "Amazon GuardDuty is a log archiving service that stores CloudTrail events.", + "A company is concerned that they are spending money on underutilized compute resources in AWS. Which AWS feature will help ensure that their applications are automatically adding/removing EC2 compute capacity to closely match the required demand?", + hint: "Focus on the service that scales fleets dynamically instead of leaving instances idle.", options: [ { - text: "True", + text: "AWS Elastic Load Balancer", guide: - 'This assumes True, but "Security Services" showed Amazon Guardduty Log Archiving behaves differently, so this isn’t the best choice.', + "Load balancers distribute traffic but do not change instance counts.", }, { - text: "False", + text: "AWS Budgets", + guide: "Budgets notify you about spend but do not alter infrastructure.", + }, + { + text: "AWS Auto Scaling", correct: true, guide: - 'Correct: False matches the Amazon Guardduty Log Archiving behavior highlighted in "Security Services".', + "Correct: Auto Scaling adds or removes EC2 instances in response to demand.", + }, + { + text: "AWS Cost Explorer", + guide: "Cost Explorer visualizes spending but cannot scale resources.", }, ], - hint: 'Remember the pattern you practiced in "Security Services"—it explained how Amazon Guardduty Log Archiving works within AWS.', }, { - type: "TEXT_INPUT", + type: "SELECT", order: 4, question: - "Which AWS service helps detect unintended resource access by evaluating configuration changes?", - correctAnswer: "AWS Config", - hint: 'Remember the pattern you practiced in "Security Services"—it explained how Aws Service Helps Detect works within AWS.', + "Jessica is managing an e-commerce web application in AWS hosted on six EC2 instances. One day, three of the instances crashed, but none of her customers were affected. What has Jessica done correctly in this scenario?", + hint: "Consider the architecture quality that masks instance failures from end users.", + options: [ + { + text: "She has properly built an elastic system", + guide: + "Elasticity is about scaling capacity, while the scenario highlights resilience during failures.", + }, + { + text: "She has properly built a fault tolerant system", + correct: true, + guide: + "Correct: Fault tolerance kept the application running despite losing half the instances.", + }, + { + text: "She has properly built an encrypted system", + guide: + "Encryption protects data but does not keep services online after instance failures.", + }, + { + text: "She has properly built a scalable system", + guide: "Scalability addresses growth, not survival after failures.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "A company is developing a new application using a microservices framework and is experiencing performance and latency issues. Which AWS Service should be used to troubleshoot these issues?", + hint: "Use the distributed tracing service that shows how requests flow through microservices.", + options: [ + { + text: "AWS CodePipeline", + guide: "CodePipeline automates deployments and is not a tracing tool.", + }, + { + text: "AWS X-Ray", + correct: true, + guide: + "Correct: AWS X-Ray traces requests through microservices to pinpoint latency.", + }, + { + text: "Amazon Inspector", + guide: "Inspector scans for vulnerabilities rather than tracing requests.", + }, + { + text: "AWS CloudTrail", + guide: + "CloudTrail logs API calls and does not analyze application latency.", + }, + ], }, ], }, + ], + }, + { + title: "Cost, Support & Migration", + description: "Control AWS spending, choose the right purchasing models, plan migrations, and know where to turn for help.", + order: 4, + lessons: [ { - title: "Compliance Programs", - order: 4, + title: "Billing Visibility & Consolidation", + order: 1, challenges: [ { type: "SELECT", order: 1, - question: "Which AWS artifact helps customers review compliance reports?", + question: + "You have set up consolidated billing for several AWS accounts. One account purchased a number of Reserved Instances for 3 years. Which of the following is true regarding this scenario?", + hint: "Remember how consolidated billing shares discounts across linked accounts.", options: [ { - text: "AWS Artifact", + text: "The Reserved Instance discounts can only be shared with the master account", + guide: + "Consolidated billing shares RI discounts with every linked account, not just the payer account.", + }, + { + text: "All accounts can receive the hourly cost benefit of the Reserved Instances", correct: true, guide: - 'Correct: AWS Artifact matches the Aws Artifact Helps Customers behavior highlighted in "Compliance Programs".', + "Correct: Reserved Instance discounts automatically apply to matching usage across the consolidated family.", }, { - text: "AWS Audit Manager", + text: "The purchased instances will have better performance than On-demand instances", guide: - 'This assumes AWS Audit Manager, but "Compliance Programs" showed Aws Artifact Helps Customers behaves differently, so this isn’t the best choice.', + "Reservations change pricing, not performance characteristics.", }, { - text: "AWS License Manager", + text: + "There are no cost benefits from using consolidated billing; it is for informational purposes only", guide: - 'This assumes AWS License Manager, but "Compliance Programs" showed Aws Artifact Helps Customers behaves differently, so this isn’t the best choice.', + "Consolidated billing delivers real savings through shared usage and discount benefits.", }, ], - hint: 'Use the example from "Compliance Programs" about Aws Artifact Helps Customers to guide your answer.', }, { - type: "TRUE_FALSE", + type: "SELECT", order: 2, - question: "AWS Compliance Programs cover only US-based regulations.", + question: + "Which of the following helps a customer view the Amazon EC2 billing activity for the past month?", + hint: "Look for the detailed usage report service.", options: [ { - text: "True", + text: "AWS Budgets", guide: - 'This assumes True, but "Compliance Programs" showed Aws Compliance Programs Cover behaves differently, so this isn’t the best choice.', + "Budgets alert on thresholds but do not provide detailed line-item reports.", + }, + { + text: "AWS Pricing Calculator", + guide: "The calculator estimates future costs and cannot show historical spend.", }, { - text: "False", + text: "AWS Systems Manager", + guide: "Systems Manager operates fleets and is unrelated to billing history.", + }, + { + text: "AWS Cost & Usage Reports", correct: true, guide: - 'Correct: False matches the Aws Compliance Programs Cover behavior highlighted in "Compliance Programs".', + "Correct: Cost & Usage Reports provide granular billing data for all services, including EC2.", }, ], - hint: 'Use the example from "Compliance Programs" about Aws Compliance Programs Cover to guide your answer.', }, { - type: "ASSIST", + type: "SELECT", order: 3, - question: "Complete: AWS Artifact provides on-demand access to ______ reports.", + question: + "What do you gain from setting up consolidated billing for five different AWS accounts under another master account?", + hint: "Think about volume-based pricing benefits.", options: [ { - text: "financial", + text: "AWS services' costs will be reduced to half the original price", + guide: "Discounts depend on usage tiers, not a flat 50% reduction.", + }, + { + text: "The consolidated billing feature is just for organizational purpose", guide: - 'This assumes financial, but "Compliance Programs" showed Aws Artifact Provides On behaves differently, so this isn’t the best choice.', + "It also aggregates usage for tiered discounts and RI sharing, so it is more than organizational.", }, { - text: "compliance", + text: "Each AWS account gets volume discounts", correct: true, guide: - 'Correct: compliance matches the Aws Artifact Provides On behavior highlighted in "Compliance Programs".', + "Correct: Consolidated billing combines usage so all linked accounts benefit from volume pricing.", }, { - text: "marketing", + text: "Each AWS account gets five times the free-tier services capacity", guide: - 'This assumes marketing, but "Compliance Programs" showed Aws Artifact Provides On behaves differently, so this isn’t the best choice.', + "The free tier applies per organization, not multiplied per linked account.", }, ], - hint: 'Use the example from "Compliance Programs" about Aws Artifact Provides On to guide your answer.', }, { - type: "DRAG_DROP", + type: "SELECT", order: 4, question: - "Arrange the compliance review steps organizations should follow using AWS Artifact:", + "How can you view the distribution of AWS spending in one of your AWS accounts?", + hint: "Use the visualization tool inside the Billing console.", options: [ { - text: "Identify applicable standards", - order: 1, + text: "By using Amazon VPC console", + guide: "The VPC console manages networking, not cost reports.", + }, + { + text: "By contacting the AWS Support team", + guide: "Support can help, but there is a self-service tool for this task.", + }, + { + text: "By using AWS Cost Explorer", + correct: true, guide: - 'This assumes Identify applicable standards, but "Compliance Programs" showed Arrange Compliance Review Steps behaves differently, so this isn’t the best choice.', + "Correct: Cost Explorer charts spending by service, tag, or time period.", }, { - text: "Download relevant reports", - order: 2, + text: "By contacting the AWS Finance team", guide: - 'This assumes Download relevant reports, but "Compliance Programs" showed Arrange Compliance Review Steps behaves differently, so this isn’t the best choice.', + "Finance teams may help enterprise agreements, but Cost Explorer gives you instant insight.", + }, + ], + }, + { + type: "SELECT", + order: 5, + question: + "What is the AWS service that enables you to manage all of your AWS accounts from a single master account?", + hint: "This service provides consolidated billing and policy guardrails across accounts.", + options: [ + { + text: "AWS WAF", + guide: "WAF protects web applications and does not manage multiple accounts.", + }, + { + text: "AWS Trusted Advisor", + guide: "Trusted Advisor provides recommendations but cannot organize accounts.", }, { - text: "Validate control coverage", - order: 3, + text: "AWS Organizations", + correct: true, guide: - 'This assumes Validate control coverage, but "Compliance Programs" showed Arrange Compliance Review Steps behaves differently, so this isn’t the best choice.', + "Correct: AWS Organizations lets you centrally manage and govern all linked accounts.", }, { - text: "Document evidence for auditors", - order: 4, + text: "AWS Config", guide: - 'This assumes Document evidence for auditors, but "Compliance Programs" showed Arrange Compliance Review Steps behaves differently, so this isn’t the best choice.', + "Config records resource changes within an account, but Organizations handles multi-account structures.", }, ], - hint: 'Use the example from "Compliance Programs" about Arrange Compliance Review Steps to guide your answer.', }, ], }, - ], - }, - { - title: "Core AWS Services", - description: "Explore foundational compute, storage, database, and networking services", - order: 3, - lessons: [ { - title: "Compute Services", - order: 1, + title: "Cost Controls & Savings", + order: 2, challenges: [ { type: "SELECT", order: 1, - question: "Which service is serverless and runs code without provisioning servers?", + question: + "A startup company is concerned about cost overruns. Which options can notify the company when their monthly AWS bill exceeds $2,000? (Choose TWO)", + hint: "Combine a billing alarm with a budgeting service alert.", options: [ { - text: "AWS Lambda", + text: + "Setup a CloudWatch billing alarm that triggers an SNS notification when the threshold is exceeded", correct: true, guide: - 'Correct: AWS Lambda matches the Service Serverless Runs Code behavior highlighted in "Compute Services".', + "Correct: CloudWatch billing alarms send alerts through SNS when actual spend crosses a threshold.", }, { - text: "Amazon EC2", + text: + "Configure the Amazon Simple Email Service to send billing alerts to their email address on a daily basis", guide: - 'This assumes Amazon EC2, but "Compute Services" showed Service Serverless Runs Code behaves differently, so this isn’t the best choice.', + "SES sends emails but cannot monitor billing metrics by itself.", }, { - text: "Amazon Lightsail", + text: + "Configure the AWS Budgets Service to alert the company when the threshold is exceeded", + correct: true, guide: - 'This assumes Amazon Lightsail, but "Compute Services" showed Service Serverless Runs Code behaves differently, so this isn’t the best choice.', + "Correct: AWS Budgets notifies you when forecasted or actual spend breaks your limit.", }, - ], - hint: 'Remember the pattern you practiced in "Compute Services"—it explained how Service Serverless Runs Code works within AWS.', - }, - { - type: "TRUE_FALSE", - order: 2, - question: "AWS Fargate requires you to manage EC2 instances directly.", - options: [ { - text: "True", + text: + "Configure AWS CloudTrail to automatically delete all AWS resources when the threshold is exceeded", guide: - 'This assumes True, but "Compute Services" showed Aws Fargate Requires You behaves differently, so this isn’t the best choice.', + "CloudTrail records API calls and cannot take destructive billing actions.", }, { - text: "False", - correct: true, + text: + "Configure the Amazon Connect Service to alert the company when the threshold is exceeded", guide: - 'Correct: False matches the Aws Fargate Requires You behavior highlighted in "Compute Services".', + "Amazon Connect is a contact center solution and does not monitor billing thresholds.", }, ], - hint: 'Remember the pattern you practiced in "Compute Services"—it explained how Aws Fargate Requires You works within AWS.', }, { - type: "DRAG_DROP", - order: 3, - question: "Match the compute service with its typical use case:", + type: "SELECT", + order: 2, + question: + "Which of the following procedures will help reduce your Amazon S3 costs?", + hint: "Choose the option that aligns data with the most appropriate storage class.", options: [ { - text: "EC2 - Highly customizable workloads", - order: 1, + text: "Use the Import/Export feature to move old files automatically to Amazon Glacier", guide: - 'This assumes EC2 - Highly customizable workloads, but "Compute Services" showed Match Compute Service Its behaves differently, so this isn’t the best choice.', + "Import/Export is a retired service; lifecycle policies handle archival moves now.", }, { - text: "Lambda - Event-driven functions", - order: 2, + text: "Use the right combination of storage classes based on different use cases", + correct: true, guide: - 'This assumes Lambda - Event-driven functions, but "Compute Services" showed Match Compute Service Its behaves differently, so this isn’t the best choice.', + "Correct: Matching objects to the proper storage class optimizes cost and performance.", }, { - text: "ECS - Container orchestration", - order: 3, - guide: - 'This assumes ECS - Container orchestration, but "Compute Services" showed Match Compute Service Its behaves differently, so this isn’t the best choice.', + text: "Pick the right Availability Zone for your S3 bucket", + guide: "S3 is a regional service, so you do not select individual Availability Zones.", }, { - text: "Batch - Managed batch jobs", - order: 4, + text: "Move all the data stored in S3 Standard to EBS", guide: - 'This assumes Batch - Managed batch jobs, but "Compute Services" showed Match Compute Service Its behaves differently, so this isn’t the best choice.', + "EBS is more expensive and not intended for large-scale object storage.", }, ], - hint: 'Remember the pattern you practiced in "Compute Services"—it explained how Match Compute Service Its works within AWS.', }, - ], - }, - { - title: "Storage Options", - order: 2, - challenges: [ { type: "SELECT", - order: 1, - question: "Which storage service is ideal for object storage?", + order: 3, + question: + "Which of the following activities may help reduce your AWS monthly costs?", + hint: "Think about automatic scaling instead of over-provisioning.", options: [ { - text: "Amazon S3", + text: "Enabling Amazon EC2 Auto Scaling for all of your workloads", correct: true, guide: - 'Correct: Amazon S3 matches the Storage Service Ideal Object behavior highlighted in "Storage Options".', + "Correct: Auto Scaling matches capacity to demand so you pay only for what you use.", }, { - text: "Amazon EBS", + text: + "Using the AWS Network Load Balancer (NLB) to load balance the incoming HTTP requests", guide: - 'This assumes Amazon EBS, but "Storage Options" showed Storage Service Ideal Object behaves differently, so this isn’t the best choice.', + "Load balancing improves availability but does not directly cut costs.", }, { - text: "Amazon EFS", + text: "Removing all of your Cost Allocation Tags", guide: - 'This assumes Amazon EFS, but "Storage Options" showed Storage Service Ideal Object behaves differently, so this isn’t the best choice.', + "Tags enable chargeback and cost analysis; removing them complicates cost control.", + }, + { + text: "Deploying your AWS resources across multiple Availability Zones", + guide: + "Multi-AZ improves availability but may increase, not decrease, cost.", }, ], - hint: 'Remember the pattern you practiced in "Storage Options"—it explained how Storage Service Ideal Object works within AWS.', - }, - { - type: "TEXT_INPUT", - order: 2, - question: "What S3 storage class is optimized for long-term archival?", - correctAnswer: "Glacier", - hint: 'Remember the pattern you practiced in "Storage Options"—it explained how S3 Storage Class Optimized works within AWS.', }, { - type: "ASSIST", - order: 3, + type: "SELECT", + order: 4, question: - "Complete: Amazon EFS provides ______ file storage for Linux-based workloads.", + "Which of the following describes the payment model that AWS makes available for customers that can commit to using Amazon EC2 over a one- or three-year term to reduce their total computing costs?", + hint: "This purchasing model rewards commitments with discounted rates.", options: [ { - text: "object", + text: "Pay less as AWS grows", guide: - 'This assumes object, but "Storage Options" showed Amazon Efs Provides Blank behaves differently, so this isn’t the best choice.', + "That phrase summarizes a general AWS pricing philosophy, not a specific model.", }, { - text: "shared", - correct: true, + text: "Pay as you go", + guide: "Pay as you go refers to on-demand pricing without commitments.", + }, + { + text: "Pay less by using more", guide: - 'Correct: shared matches the Amazon Efs Provides Blank behavior highlighted in "Storage Options".', + "Using more may unlock tiered discounts, but the question references committing upfront.", }, { - text: "block", + text: "Save when you reserve", + correct: true, guide: - 'This assumes block, but "Storage Options" showed Amazon Efs Provides Blank behaves differently, so this isn’t the best choice.', + "Correct: Save when you reserve highlights the Reserved Instance pricing model.", }, ], - hint: 'Remember the pattern you practiced in "Storage Options"—it explained how Amazon Efs Provides Blank works within AWS.', }, { - type: "TRUE_FALSE", - order: 4, - question: "AWS Backup can centrally manage backup policies for EFS and RDS.", + type: "SELECT", + order: 5, + question: + "A company is migrating its on-premises database to Amazon RDS. What should the company do to ensure Amazon RDS costs are kept to a minimum?", + hint: "Right-size before and after migration to avoid overpaying.", options: [ { - text: "True", + text: "Right-size before and after migration", correct: true, guide: - 'Correct: True matches the Aws Backup Can Centrally behavior highlighted in "Storage Options".', + "Correct: Measuring resource needs and adjusting instance sizes prevents unnecessary spend.", + }, + { + text: "Use a Multi-Region Active-Passive architecture", + guide: + "Multi-Region designs may increase resilience but also increase cost.", }, { - text: "False", + text: "Combine On-demand Capacity Reservations with Savings Plans", guide: - 'This assumes False, but "Storage Options" showed Aws Backup Can Centrally behaves differently, so this isn’t the best choice.', + "These tools can help, but right-sizing is the primary recommendation in this scenario.", + }, + { + text: "Use a Multi-Region Active-Active architecture", + guide: + "Active-active deployments double capacity and cost compared to right-sizing.", }, ], - hint: 'Remember the pattern you practiced in "Storage Options"—it explained how Aws Backup Can Centrally works within AWS.', }, ], }, { - title: "Database Services", + title: "Optimization Guidance & Governance", order: 3, challenges: [ { type: "SELECT", order: 1, - question: "Which AWS service is a managed NoSQL database?", + question: + "Which of the below is a best-practice when designing solutions on AWS?", + hint: "Focus on the guidance that encourages rapid experimentation and learning.", options: [ { - text: "Amazon DynamoDB", - correct: true, + text: "Invest heavily in architecting your environment, as it is not easy to change your design later", guide: - 'Correct: Amazon DynamoDB matches the Aws Service Managed Nosql behavior highlighted in "Database Services".', + "Cloud designs should evolve; over-investing up front reduces agility.", }, { - text: "Amazon RDS", + text: "Use AWS reservations to reduce costs when testing your production environment", guide: - 'This assumes Amazon RDS, but "Database Services" showed Aws Service Managed Nosql behaves differently, so this isn’t the best choice.', + "Reservations are for steady production workloads rather than short-lived tests.", }, { - text: "Amazon Redshift", + text: "Automate wherever possible to make architectural experimentation easier", + correct: true, + guide: + "Correct: Automation lets you iterate quickly and safely test new architectures.", + }, + { + text: "Provision a large compute capacity to handle any spikes in load", guide: - 'This assumes Amazon Redshift, but "Database Services" showed Aws Service Managed Nosql behaves differently, so this isn’t the best choice.', + "Over-provisioning wastes money and ignores elastic scaling capabilities.", }, ], - hint: 'Use the example from "Database Services" about Aws Service Managed Nosql to guide your answer.', }, { - type: "TEXT_INPUT", + type: "SELECT", order: 2, - question: "What feature of RDS provides automatic failover to a standby instance?", - correctAnswer: "Multi-AZ", - hint: 'Use the example from "Database Services" about Feature Rds Provides Automatic to guide your answer.', - }, - { - type: "DRAG_DROP", - order: 3, - question: "Order the database deployment steps from first to last:", + question: + "An organization has decided to purchase an Amazon EC2 Reserved Instance (RI) for three years. It is possible that workloads could change during the reservation period. Which RI type allows the company to exchange the reserved instance for another with higher computing power if needed?", + hint: "Select the RI class that supports exchanging attributes.", options: [ { - text: "Choose engine", - order: 1, + text: "Elastic RI", guide: - 'This assumes Choose engine, but "Database Services" showed Order Database Deployment Steps behaves differently, so this isn’t the best choice.', + "Elastic RI is not an official purchasing option.", }, { - text: "Configure instance class", - order: 2, + text: "Premium RI", guide: - 'This assumes Configure instance class, but "Database Services" showed Order Database Deployment Steps behaves differently, so this isn’t the best choice.', + "Premium RI is not an AWS term.", }, { - text: "Set up networking", - order: 3, + text: "Standard RI", guide: - 'This assumes Set up networking, but "Database Services" showed Order Database Deployment Steps behaves differently, so this isn’t the best choice.', + "Standard RIs offer the biggest discount but cannot be freely exchanged for new instance families.", }, { - text: "Finalize backups", - order: 4, + text: "Convertible RI", + correct: true, guide: - 'This assumes Finalize backups, but "Database Services" showed Order Database Deployment Steps behaves differently, so this isn’t the best choice.', + "Correct: Convertible RIs let you exchange reservations for different instance attributes.", }, ], - hint: 'Use the example from "Database Services" about Order Database Deployment Steps to guide your answer.', }, - ], - }, - { - title: "Networking Essentials", - order: 4, - challenges: [ { type: "SELECT", - order: 1, - question: "Which service lets you define an isolated virtual network within AWS?", + order: 3, + question: + "Which of the following is NOT correct regarding Amazon EC2 On-demand instances?", + hint: "Spot the statement that contradicts the pay-as-you-go model.", options: [ { - text: "Amazon VPC", + text: "You have to pay a start-up fee when launching a new instance for the first time", correct: true, guide: - 'Correct: Amazon VPC matches the Service Lets You Define behavior highlighted in "Networking Essentials".', + "Correct: There are no upfront fees for launching on-demand instances.", }, { - text: "AWS Direct Connect", + text: "The on-demand instances follow the AWS pay-as-you-go pricing model", guide: - 'This assumes AWS Direct Connect, but "Networking Essentials" showed Service Lets You Define behaves differently, so this isn’t the best choice.', + "This statement is true; you are charged for usage by the hour or second.", }, { - text: "Amazon Route 53", + text: + "With on-demand instances, no longer-term commitments or upfront payments are needed", guide: - 'This assumes Amazon Route 53, but "Networking Essentials" showed Service Lets You Define behaves differently, so this isn’t the best choice.', + "This statement is accurate and therefore not the incorrect option.", + }, + { + text: + "When using on-demand Linux instances, you are charged per second based on an hourly rate", + guide: "Linux on-demand billing is per second, so this statement is also correct.", }, ], - hint: 'Remember the pattern you practiced in "Networking Essentials"—it explained how Service Lets You Define works within AWS.', }, { - type: "TRUE_FALSE", - order: 2, - question: "Security groups act as stateful firewalls for EC2 instances.", + type: "SELECT", + order: 4, + question: + "A company has moved to AWS recently. Which of the following AWS Services will help ensure that they have the proper security settings? (Choose TWO)", + hint: "Think about automated best-practice checks and vulnerability assessments.", options: [ { - text: "True", + text: "AWS Trusted Advisor", correct: true, guide: - 'Correct: True matches the Security Groups Act As behavior highlighted in "Networking Essentials".', + "Correct: Trusted Advisor highlights security misconfigurations across your account.", }, { - text: "False", + text: "Amazon Inspector", + correct: true, guide: - 'This assumes False, but "Networking Essentials" showed Security Groups Act As behaves differently, so this isn’t the best choice.', + "Correct: Amazon Inspector scans workloads for known vulnerabilities.", }, - ], - hint: 'Remember the pattern you practiced in "Networking Essentials"—it explained how Security Groups Act As works within AWS.', - }, - { - type: "ASSIST", - order: 3, - question: "Complete: Route 53 provides DNS and ______ balancing services.", - options: [ { - text: "database", - guide: - 'This assumes database, but "Networking Essentials" showed Route 53 Provides Dns behaves differently, so this isn’t the best choice.', + text: "Amazon SNS", + guide: "SNS distributes notifications and does not assess security settings.", }, { - text: "traffic", - correct: true, + text: "Amazon CloudWatch", guide: - 'Correct: traffic matches the Route 53 Provides Dns behavior highlighted in "Networking Essentials".', + "CloudWatch monitors metrics but does not run security checks.", }, { - text: "storage", + text: "Concierge Support Team", guide: - 'This assumes storage, but "Networking Essentials" showed Route 53 Provides Dns behaves differently, so this isn’t the best choice.', + "The concierge focuses on billing inquiries rather than security posture.", }, ], - hint: 'Remember the pattern you practiced in "Networking Essentials"—it explained how Route 53 Provides Dns works within AWS.', }, { - type: "DRAG_DROP", - order: 4, - question: "Arrange the steps to create a secure public-facing application in a VPC:", + type: "SELECT", + order: 5, + question: + "Which of the following aspects of security are managed by AWS? (Choose TWO)", + hint: "Look for responsibilities tied to the underlying facilities and hardware fleet.", options: [ { - text: "Create VPC and subnets", - order: 1, + text: "Encryption of EBS volumes", + guide: + "Customers decide whether and how to encrypt their volumes.", + }, + { + text: "VPC security", guide: - 'This assumes Create VPC and subnets, but "Networking Essentials" showed Arrange Steps Create Secure behaves differently, so this isn’t the best choice.', + "Customers configure VPC security controls like security groups and NACLs.", }, { - text: "Launch EC2 instances in public subnet", - order: 2, + text: "Access permissions", guide: - 'This assumes Launch EC2 instances in public subnet, but "Networking Essentials" showed Arrange Steps Create Secure behaves differently, so this isn’t the best choice.', + "Access control is a customer responsibility through IAM.", }, { - text: "Attach security groups and NACLs", - order: 3, + text: "Hardware patching", + correct: true, guide: - 'This assumes Attach security groups and NACLs, but "Networking Essentials" showed Arrange Steps Create Secure behaves differently, so this isn’t the best choice.', + "Correct: AWS patches and maintains all physical hosts.", }, { - text: "Configure load balancer and Route 53", - order: 4, + text: "Securing global physical infrastructure", + correct: true, guide: - 'This assumes Configure load balancer and Route 53, but "Networking Essentials" showed Arrange Steps Create Secure behaves differently, so this isn’t the best choice.', + "Correct: AWS is responsible for securing data centers, power, and environmental controls.", }, ], - hint: 'Remember the pattern you practiced in "Networking Essentials"—it explained how Arrange Steps Create Secure works within AWS.', }, ], }, - ], - }, - { - title: "Billing & Pricing", - description: "Understand AWS pricing models and cost management", - order: 4, - lessons: [ { - title: "Pricing Models", - order: 1, + title: "Migration & Hybrid Connectivity", + order: 4, challenges: [ { type: "SELECT", order: 1, - question: "Which option best describes the AWS Free Tier offering?", + question: "What does AWS Snowball provide? (Choose TWO)", + hint: "Remember that Snowball handles large secure data transfers and even edge compute.", options: [ { - text: "Free usage for new accounts on select services up to defined limits", + text: "Built-in computing capabilities that allow customers to process data locally", correct: true, guide: - 'Correct: Free usage for new accounts on select services up to defined limits matches the Option Best Describes Aws behavior highlighted in "Pricing Models".', + "Correct: Snowball Edge devices can run local compute to pre-process data before transfer.", + }, + { + text: + "A catalog of third-party software solutions that customers need to build solutions and run their businesses", + guide: + "That description matches AWS Marketplace, not Snowball.", + }, + { + text: + "A hybrid cloud storage between on-premises environments and the AWS Cloud", + guide: "Storage Gateway offers hybrid storage, not Snowball.", }, { - text: "Unlimited free usage for all services for 12 months", + text: + "An Exabyte-scale data transfer service that allows you to move extremely large amounts of data to AWS", guide: - 'This assumes Unlimited free usage for all services for 12 months, but "Pricing Models" showed Option Best Describes Aws behaves differently, so this isn’t the best choice.', + "Exabyte-scale bulk transfer is delivered by AWS Snowmobile, not Snowball.", }, { - text: "Discounts available only through enterprise support", + text: + "Secure transfer of large amounts of data into and out of the AWS", + correct: true, guide: - 'This assumes Discounts available only through enterprise support, but "Pricing Models" showed Option Best Describes Aws behaves differently, so this isn’t the best choice.', + "Correct: Snowball appliances move terabytes or petabytes securely between on-premises and AWS.", }, ], - hint: 'Use the example from "Pricing Models" about Option Best Describes Aws to guide your answer.', }, { type: "SELECT", order: 2, - question: "Which pricing model gives you the ability to bid on unused capacity?", + question: + "A company has decided to migrate its Oracle database to AWS. Which AWS service can help achieve this without negatively impacting the functionality of the source database?", + hint: "Look for the managed replication service designed for database migrations.", options: [ { - text: "Spot Instances", + text: "AWS OpsWorks", + guide: + "OpsWorks manages application stacks; it is not a database migration service.", + }, + { + text: "AWS Database Migration Service", correct: true, guide: - 'Correct: Spot Instances matches the Pricing Model Gives You behavior highlighted in "Pricing Models".', + "Correct: AWS DMS replicates data from Oracle with minimal downtime.", }, { - text: "On-Demand", + text: "AWS Server Migration Service", guide: - 'This assumes On-Demand, but "Pricing Models" showed Pricing Model Gives You behaves differently, so this isn’t the best choice.', + "SMS migrates virtual machines, not databases.", }, { - text: "Savings Plans", + text: "AWS Application Discovery Service", guide: - 'This assumes Savings Plans, but "Pricing Models" showed Pricing Model Gives You behaves differently, so this isn’t the best choice.', + "Application Discovery inventories servers but does not perform the migration.", }, ], - hint: 'Use the example from "Pricing Models" about Pricing Model Gives You to guide your answer.', }, { - type: "TRUE_FALSE", + type: "SELECT", order: 3, - question: "Savings Plans apply to both EC2 and Fargate usage when eligible.", + question: + "Which AWS Service can be used to establish a dedicated, private network connection between AWS and your datacenter?", + hint: "This service bypasses the public internet for consistent network performance.", options: [ { - text: "True", + text: "AWS Direct Connect", correct: true, guide: - 'Correct: True matches the Savings Plans Apply Both behavior highlighted in "Pricing Models".', + "Correct: Direct Connect provides private fiber connections into AWS.", }, { - text: "False", + text: "Amazon CloudFront", guide: - 'This assumes False, but "Pricing Models" showed Savings Plans Apply Both behaves differently, so this isn’t the best choice.', + "CloudFront accelerates content delivery but does not create private links to your data center.", + }, + { + text: "AWS Snowball", + guide: + "Snowball transfers data offline, not via a live private connection.", + }, + { + text: "Amazon Route 53", + guide: "Route 53 handles DNS rather than physical connectivity.", }, ], - hint: 'Use the example from "Pricing Models" about Savings Plans Apply Both to guide your answer.', }, { - type: "DRAG_DROP", + type: "SELECT", order: 4, - question: "Match the pricing model to the use case by ordering:", + question: + "You are working on two projects that require completely different network configurations. Which AWS service or feature will allow you to isolate resources and network configurations?", + hint: "Pick the networking construct that provides isolated virtual networks.", options: [ { - text: "On-Demand - Unpredictable workloads", - order: 1, + text: "Internet gateways", guide: - 'This assumes On-Demand - Unpredictable workloads, but "Pricing Models" showed Match Pricing Model Use behaves differently, so this isn’t the best choice.', + "Internet gateways merely provide connectivity; they do not isolate resources.", }, { - text: "Savings Plans - Steady usage", - order: 2, + text: "Virtual Private Cloud", + correct: true, guide: - 'This assumes Savings Plans - Steady usage, but "Pricing Models" showed Match Pricing Model Use behaves differently, so this isn’t the best choice.', + "Correct: Separate VPCs allow you to isolate projects with different network settings.", }, { - text: "Reserved - Long-term predictability", - order: 3, + text: "Security Groups", guide: - 'This assumes Reserved - Long-term predictability, but "Pricing Models" showed Match Pricing Model Use behaves differently, so this isn’t the best choice.', + "Security groups filter traffic inside a VPC and do not create isolated networks.", }, { - text: "Spot - Flexible, interruption-tolerant", - order: 4, - guide: - 'This assumes Spot - Flexible, interruption-tolerant, but "Pricing Models" showed Match Pricing Model Use behaves differently, so this isn’t the best choice.', + text: "Amazon CloudFront", + guide: "CloudFront is a CDN, not a network isolation feature.", }, ], - hint: 'Use the example from "Pricing Models" about Match Pricing Model Use to guide your answer.', }, - ], - }, - { - title: "Cost Management", - order: 2, - challenges: [ { type: "SELECT", - order: 1, - question: "Which service provides dashboards and reports for cost tracking?", + order: 5, + question: + "Which AWS services can be used to improve the performance of a global application and reduce latency for its users? (Choose TWO)", + hint: "Pair the edge network with the global accelerator service.", options: [ { - text: "AWS Cost Explorer", + text: "AWS KMS", + guide: "KMS manages encryption keys and has no effect on latency.", + }, + { + text: "AWS Global Accelerator", correct: true, guide: - 'Correct: AWS Cost Explorer matches the Service Provides Dashboards Reports behavior highlighted in "Cost Management".', + "Correct: Global Accelerator optimizes traffic routing across the AWS network.", }, { - text: "AWS Trusted Advisor", + text: "AWS Direct Connect", guide: - 'This assumes AWS Trusted Advisor, but "Cost Management" showed Service Provides Dashboards Reports behaves differently, so this isn’t the best choice.', + "Direct Connect links private networks but does not accelerate public internet users worldwide.", + }, + { + text: "AWS Glue", + guide: "Glue performs ETL, not traffic acceleration.", }, { - text: "Amazon QuickSight", + text: "Amazon CloudFront", + correct: true, guide: - 'This assumes Amazon QuickSight, but "Cost Management" showed Service Provides Dashboards Reports behaves differently, so this isn’t the best choice.', + "Correct: CloudFront caches content at edge locations to reduce latency globally.", }, ], - hint: 'Use the example from "Cost Management" about Service Provides Dashboards Reports to guide your answer.', }, + ], + }, + { + title: "Support & Incident Response", + order: 5, + challenges: [ { - type: "TEXT_INPUT", - order: 2, + type: "SELECT", + order: 1, question: - "What AWS service can send notifications when spending exceeds a threshold?", - correctAnswer: "AWS Budgets", - hint: 'Use the example from "Cost Management" about Aws Service Can Send to guide your answer.', - }, - { - type: "TRUE_FALSE", - order: 3, - question: "AWS Cost and Usage Reports can be delivered to an S3 bucket.", + "A company has an AWS Enterprise Support plan and wants quick and efficient guidance with their billing and account inquiries. Which AWS resource should the company use?", + hint: "Enterprise customers receive a dedicated team focused on billing questions.", options: [ { - text: "True", + text: "AWS Health Dashboard", + guide: + "The Health Dashboard surfaces service events but does not answer billing questions.", + }, + { + text: "AWS Support Concierge", correct: true, guide: - 'Correct: True matches the Aws Cost Usage Reports behavior highlighted in "Cost Management".', + "Correct: The Support Concierge is the Enterprise team's first stop for billing and account inquiries.", }, { - text: "False", + text: "AWS Customer Service", guide: - 'This assumes False, but "Cost Management" showed Aws Cost Usage Reports behaves differently, so this isn’t the best choice.', + "Customer service is available to all customers but lacks the tailored focus of the concierge.", + }, + { + text: "AWS Operations Support", + guide: + "Operations support handles infrastructure events, not billing issues.", }, ], - hint: 'Use the example from "Cost Management" about Aws Cost Usage Reports to guide your answer.', }, { - type: "ASSIST", - order: 4, + type: "SELECT", + order: 2, question: - "Complete: AWS Trusted Advisor provides real-time guidance for ____ optimization.", + "A company has an AWS Enterprise Support plan and is introducing a new product that is expected to surge in traffic. As part of their plan, which of the following provides architectural and scaling guidance?", + hint: "Enterprise Support customers can engage AWS experts for event planning.", options: [ { - text: "resource", + text: "AWS Knowledge Center", + guide: + "The Knowledge Center is a documentation site and does not provide hands-on guidance.", + }, + { + text: "AWS Health Dashboard", guide: - 'This assumes resource, but "Cost Management" showed Aws Trusted Advisor Provides behaves differently, so this isn’t the best choice.', + "The Health Dashboard reports service status but does not give architectural advice.", }, { - text: "cost", + text: "Infrastructure Event Management", correct: true, guide: - 'Correct: cost matches the Aws Trusted Advisor Provides behavior highlighted in "Cost Management".', + "Correct: Infrastructure Event Management (IEM) offers prescriptive scaling guidance for major launches.", }, { - text: "ticket", + text: "AWS Support Concierge Service", guide: - 'This assumes ticket, but "Cost Management" showed Aws Trusted Advisor Provides behaves differently, so this isn’t the best choice.', + "The concierge focuses on billing, not architecture.", }, ], - hint: 'Use the example from "Cost Management" about Aws Trusted Advisor Provides to guide your answer.', }, { - type: "DRAG_DROP", - order: 5, - question: "Arrange the lifecycle of cost governance from first to last:", + type: "SELECT", + order: 3, + question: + "As part of the Enterprise support plan, who is the primary point of contact for ongoing support needs?", + hint: "Enterprise customers receive a named advocate.", options: [ { - text: "Set budgets", - order: 1, + text: "AWS Identity and Access Management (IAM) user", guide: - 'This assumes Set budgets, but "Cost Management" showed Arrange Lifecycle Cost Governance behaves differently, so this isn’t the best choice.', + "IAM users are identities, not support contacts.", }, { - text: "Monitor usage", - order: 2, - guide: - 'This assumes Monitor usage, but "Cost Management" showed Arrange Lifecycle Cost Governance behaves differently, so this isn’t the best choice.', + text: "Infrastructure Event Management (IEM) engineer", + guide: "IEMs are engaged for specific events, not ongoing support.", }, { - text: "Analyze variance", - order: 3, - guide: - 'This assumes Analyze variance, but "Cost Management" showed Arrange Lifecycle Cost Governance behaves differently, so this isn’t the best choice.', + text: "AWS Consulting Partners", + guide: "Partners can assist, but they are not part of the AWS Support plan.", }, { - text: "Take action", - order: 4, + text: "Technical Account Manager (TAM)", + correct: true, guide: - 'This assumes Take action, but "Cost Management" showed Arrange Lifecycle Cost Governance behaves differently, so this isn’t the best choice.', + "Correct: The TAM is your primary contact for proactive guidance under Enterprise Support.", }, ], - hint: 'Use the example from "Cost Management" about Arrange Lifecycle Cost Governance to guide your answer.', }, - ], - }, - { - title: "Hands-on Cost Optimization", - order: 3, - challenges: [ { - type: "VIDEO", - order: 1, + type: "SELECT", + order: 4, question: - "Watch the AWS re:Invent recap and identify the tool recommended for automated rightsizing.", - videoSrc: - "https://commondatastorage.googleapis.com/gtv-videos-bucket/sample/ElephantsDream.mp4", + "You have AWS Basic support, and some AWS resources are being used maliciously. What should you do?", + hint: "Report abuse directly to the dedicated AWS team.", options: [ { - text: "AWS Compute Optimizer", - correct: true, + text: "Contact the AWS Customer Service team", guide: - 'Correct: AWS Compute Optimizer matches the Watch Aws Re Invent behavior highlighted in "Hands-on Cost Optimization".', + "Customer service handles billing and account issues, not abuse reports.", }, { - text: "AWS Savings Plans", + text: "Contact the AWS Abuse team", + correct: true, guide: - 'This assumes AWS Savings Plans, but "Hands-on Cost Optimization" showed Watch Aws Re Invent behaves differently, so this isn’t the best choice.', + "Correct: The AWS Abuse team investigates malicious activity originating from AWS resources.", }, { - text: "AWS Launch Wizard", + text: "Contact the AWS Concierge team", guide: - 'This assumes AWS Launch Wizard, but "Hands-on Cost Optimization" showed Watch Aws Re Invent behaves differently, so this isn’t the best choice.', + "The concierge is available only on Enterprise plans and focuses on billing.", }, { - text: "AWS Step Functions", + text: "Contact the AWS Security team", guide: - 'This assumes AWS Step Functions, but "Hands-on Cost Optimization" showed Watch Aws Re Invent behaves differently, so this isn’t the best choice.', + "Security responds to broader platform issues; abuse reports go to the dedicated abuse alias first.", }, ], - hint: 'Think back to "Hands-on Cost Optimization" and how it framed Watch Aws Re Invent. Apply the same reasoning here.', }, { - type: "LISTENING", - order: 2, + type: "SELECT", + order: 5, question: - "Listen to the finance lead describing monthly review steps. Which action happens last?", - audioSrc: "/audio/aws-cost-optimization.mp3", + "A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?", + hint: "Think about the AWS Partner Network category for technology offerings.", options: [ { - text: "Aggregate costs by tag", + text: "APN Consulting Partners", guide: - 'This assumes Aggregate costs by tag, but "Hands-on Cost Optimization" showed Listen Finance Lead Describing behaves differently, so this isn’t the best choice.', + "Consulting partners provide professional services rather than software products.", }, { - text: "Share reports with stakeholders", + text: "AWS TAM", guide: - 'This assumes Share reports with stakeholders, but "Hands-on Cost Optimization" showed Listen Finance Lead Describing behaves differently, so this isn’t the best choice.', + "A Technical Account Manager supports Enterprise customers, not partner solutions.", }, { - text: "Discuss optimization backlog", + text: "APN Technology Partners", correct: true, guide: - 'Correct: Discuss optimization backlog matches the Listen Finance Lead Describing behavior highlighted in "Hands-on Cost Optimization".', + "Correct: APN Technology Partners build solutions on AWS and receive program support.", }, { - text: "Export blended rates", + text: "AWS Professional Services", guide: - 'This assumes Export blended rates, but "Hands-on Cost Optimization" showed Listen Finance Lead Describing behaves differently, so this isn’t the best choice.', + "AWS Professional Services helps customers directly rather than supporting partner-built products.", }, ], - hint: 'Think back to "Hands-on Cost Optimization" and how it framed Listen Finance Lead Describing. Apply the same reasoning here.', - }, - { - type: "TEXT_INPUT", - order: 3, - question: "Name the AWS service used to forecast spend using machine learning.", - correctAnswer: "AWS Cost Explorer", - hint: 'Think back to "Hands-on Cost Optimization" and how it framed Aws Service Used Forecast. Apply the same reasoning here.', }, ], }, - ], - }, - { - title: "Real-World Application Lab", - description: - "Apply AWS Cloud Practitioner skills to architecture, operations, and optimization scenarios.", - order: 5, - lessons: [ { - title: "Architecture Decision Review", - order: 1, + title: "Database Operations & Storage Decisions", + order: 6, challenges: [ { type: "SELECT", order: 1, question: - "Which AWS service best coordinates loosely coupled workloads in an event-driven architecture?", + "Which of the following is not a benefit of Amazon S3? (Choose TWO)", + hint: "Identify the statements that confuse S3's capabilities with running compute workloads.", options: [ { - text: "Amazon EventBridge", - correct: true, + text: "Amazon S3 provides unlimited storage for any type of data", guide: - 'Correct: Amazon EventBridge matches the Aws Service Best Coordinates behavior highlighted in "Architecture Decision Review".', + "S3 effectively scales without limit, so this statement is a true benefit.", }, { - text: "AWS Lambda", + text: "Amazon S3 can run any type of application or backend system", + correct: true, guide: - 'This assumes AWS Lambda, but "Architecture Decision Review" showed Aws Service Best Coordinates behaves differently, so this isn’t the best choice.', + "Correct: S3 is storage only and cannot run application code.", }, { - text: "Amazon CloudWatch", + text: + "Amazon S3 stores any number of objects, but with object size limits", guide: - 'This assumes Amazon CloudWatch, but "Architecture Decision Review" showed Aws Service Best Coordinates behaves differently, so this isn’t the best choice.', + "This statement is accurate, so it is not the incorrect option.", }, - ], - hint: 'Use the example from "Architecture Decision Review" about Aws Service Best Coordinates to guide your answer.', - }, - { - type: "TRUE_FALSE", - order: 2, - question: - "Designing for multi-zone redundancy reduces blast radius for regulated workloads.", - options: [ { - text: "True", + text: + "Amazon S3 can be scaled manually to store and retrieve any amount of data from anywhere", correct: true, guide: - 'Correct: True matches the Designing Multi Zone Redundancy behavior highlighted in "Architecture Decision Review".', + "Correct: S3 scales automatically; you do not manually scale the service.", }, { - text: "False", + text: + "Amazon S3 provides 99.999999999% (11 9's) of data durability", guide: - 'This assumes False, but "Architecture Decision Review" showed Designing Multi Zone Redundancy behaves differently, so this isn’t the best choice.', + "High durability is a true benefit, so it is not a correct answer here.", }, ], - hint: 'Use the example from "Architecture Decision Review" about Designing Multi Zone Redundancy to guide your answer.', }, { - type: "DRAG_DROP", - order: 3, + type: "SELECT", + order: 2, question: - "Arrange the recommended steps when reviewing a critical workload architecture:", + "Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO)", + hint: "Even in managed services you still design schemas and tune settings.", options: [ { - text: "Capture business requirements", - order: 1, + text: "Building the relational database schema", + correct: true, guide: - 'This assumes Capture business requirements, but "Architecture Decision Review" showed Arrange Recommended Steps Reviewing behaves differently, so this isn’t the best choice.', + "Correct: Customers model their data and create schemas inside RDS.", }, { - text: "Map managed services to requirements", - order: 2, + text: "Performing backups", guide: - 'This assumes Map managed services to requirements, but "Architecture Decision Review" showed Arrange Recommended Steps Reviewing behaves differently, so this isn’t the best choice.', + "RDS automates backups when enabled, relieving customers of that task.", }, { - text: "Design for failure and resiliency", - order: 3, + text: "Managing the database settings", + correct: true, guide: - 'This assumes Design for failure and resiliency, but "Architecture Decision Review" showed Arrange Recommended Steps Reviewing behaves differently, so this isn’t the best choice.', + "Correct: Customers configure parameters such as max connections and query timeouts.", }, { - text: "Validate with the Well-Architected/framework review", - order: 4, + text: "Patching the database software", guide: - 'This assumes Validate with the Well-Architected/framework review, but "Architecture Decision Review" showed Arrange Recommended Steps Reviewing behaves differently, so this isn’t the best choice.', + "RDS patches the database engine when you schedule maintenance windows.", + }, + { + text: "Installing the database software", + guide: "AWS installs and maintains the database binaries for you.", }, ], - hint: 'Use the example from "Architecture Decision Review" about Arrange Recommended Steps Reviewing to guide your answer.', }, - ], - }, - { - title: "Operations & Optimization Review", - order: 2, - challenges: [ { type: "SELECT", - order: 1, + order: 3, question: - "Which tool surfaces rightsizing and cost-efficiency recommendations for AWS workloads?", + "A company has a large amount of structured data stored on-premises and plans to migrate it to AWS. What is the most appropriate AWS database option?", + hint: "Structured relational data maps cleanly to a managed relational database service.", options: [ { - text: "AWS Compute Optimizer", - correct: true, - guide: - 'Correct: AWS Compute Optimizer matches the Tool Surfaces Rightsizing Cost behavior highlighted in "Operations & Optimization Review".', + text: "Amazon DynamoDB", + guide: "DynamoDB is NoSQL and better suited for key-value workloads.", }, { - text: "Amazon CloudWatch", + text: "Amazon SNS", + guide: "SNS is a messaging service, not a database.", + }, + { + text: "Amazon RDS", + correct: true, guide: - 'This assumes Amazon CloudWatch, but "Operations & Optimization Review" showed Tool Surfaces Rightsizing Cost behaves differently, so this isn’t the best choice.', + "Correct: Amazon RDS manages relational databases ideal for structured data.", }, { - text: "AWS Lambda", + text: "Amazon ElastiCache", guide: - 'This assumes AWS Lambda, but "Operations & Optimization Review" showed Tool Surfaces Rightsizing Cost behaves differently, so this isn’t the best choice.', + "ElastiCache is an in-memory cache rather than a durable relational store.", }, ], - hint: 'Remember the pattern you practiced in "Operations & Optimization Review"—it explained how Tool Surfaces Rightsizing Cost works within AWS.', }, { - type: "ASSIST", - order: 2, - question: - "Complete: Effective observability runbooks should include ______ triggers for automation.", + type: "SELECT", + order: 4, + question: "Where can you store files in AWS? (Choose TWO)", + hint: "Think of the managed file and block storage services.", options: [ { - text: "manual", + text: "Amazon EFS", + correct: true, guide: - 'This assumes manual, but "Operations & Optimization Review" showed Effective Observability Runbooks Should behaves differently, so this isn’t the best choice.', + "Correct: Amazon Elastic File System stores shared files for Linux-based workloads.", }, { - text: "event-driven", + text: "Amazon SNS", + guide: "SNS sends notifications and cannot store files.", + }, + { + text: "Amazon EBS", correct: true, guide: - 'Correct: event-driven matches the Effective Observability Runbooks Should behavior highlighted in "Operations & Optimization Review".', + "Correct: Amazon Elastic Block Store provides block volumes for EC2 instances.", }, { - text: "quarterly", - guide: - 'This assumes quarterly, but "Operations & Optimization Review" showed Effective Observability Runbooks Should behaves differently, so this isn’t the best choice.', + text: "Amazon ECS", + guide: "ECS orchestrates containers and does not store data.", + }, + { + text: "Amazon EMR", + guide: "EMR is an analytics platform, not primary storage.", }, ], - hint: 'Remember the pattern you practiced in "Operations & Optimization Review"—it explained how Effective Observability Runbooks Should works within AWS.', }, { type: "SELECT", - order: 3, + order: 5, question: - "Which AWS service centralizes audit and delivery of operational logs for compliance teams?", + "What is the primary storage service used by Amazon RDS database instances?", + hint: "RDS uses persistent block storage under the hood.", options: [ { - text: "AWS CloudTrail", + text: "Amazon Glacier", + guide: "Glacier is archival storage, not suitable for database blocks.", + }, + { + text: "Amazon EBS", correct: true, guide: - 'Correct: AWS CloudTrail matches the Aws Service Centralizes Audit behavior highlighted in "Operations & Optimization Review".', + "Correct: RDS databases run on Amazon EBS volumes provisioned by the service.", }, { - text: "AWS Systems Manager Automation", - guide: - 'This assumes AWS Systems Manager Automation, but "Operations & Optimization Review" showed Aws Service Centralizes Audit behaves differently, so this isn’t the best choice.', + text: "Amazon EFS", + guide: "EFS is a file system mounted over NFS, not the block storage used by RDS.", }, { - text: "Amazon EventBridge", - guide: - 'This assumes Amazon EventBridge, but "Operations & Optimization Review" showed Aws Service Centralizes Audit behaves differently, so this isn’t the best choice.', + text: "Amazon S3", + guide: "S3 is object storage and not attached directly to RDS instances.", }, ], - hint: 'Remember the pattern you practiced in "Operations & Optimization Review"—it explained how Aws Service Centralizes Audit works within AWS.', }, ], },