-
[AWS CCP] QUIZ 정리 -2자격증/AWS CCP 2026. 3. 27. 19:13
* 본 글은 https://simuladoclf.s3.amazonaws.com/english.html 사이트 내 문제를 참조하였습니다.
#1. A cloud professional is analyzing the performance and usage of Amazon EC2 instances to deliver recommendations for potential cost savings.
=> Right Sizing
EC2 비용 최적화 관련 개념 중 하나
리소스 사용량에 맞게 인스턴스 유형이나 용량 조정 -> 성능은 유지하면서 불필요한 비용 절감
Right Sizing is the process of optimizing the performance and cost of your AWS resources by selecting the most appropriate instance type, size, and configuration based on the workload requirements and usage patterns. This can help reduce the over-provisioning or under-utilization of resources.
#2. Which AWS service offers a global CDN for secure delivery of content with high speed and low latency?
=> Amazon CloudFront
CDN(Content Delivery Network) 서비스
전세계 사용자에게 콘텐츠를 빠르게 전달
(특징)
글로벌 네트워크 > 지연 최소화
보안 기능 > HTTPS 지원
빠른 콘텐츠 전송
자동 캐싱
Amazon CloudFront is a global CDN service for secure and fast delivery of content.
#3. Which AWS service or feature gives users the ability to provision a dedicated private network connection from their internal network to AWS?
=> AWS Direct Connect
AWS와 내부네트워크 연결하는 전용 네트워크
전용 회선을 통해 내부(on-prem) 네트워크와 AWS 연결
인터넷 거치지않고 직접 연결 > 더 안정적이고 빠른 네트워크 경험 제공
(특징)
전용 네트워크, 높은 대역폭, 지연 감소, 하이브리드 클라우드 구성에 적합(온프렘 데이터센터 > AWS 리소스에 연결)
AWS Direct Connect allows users to establish a dedicated private network connection from their internal networks to AWS, providing a more consistent network experience with higher bandwidth.
#4. To deploy monitoring applications closest to factory machines with the least latency, which AWS solution should be used?
=> AWS Outposts
AWS 서비스를 기업 자체 데이터센터에 설치하여 클라우드 환경을 구현, 격리된 환경에서 실행 가능
AWS 장치를 회사 내부에 설치하는 서비스
aws 인프라를 온프레미스에 설치(로컬에서 설치 > 지연 최소화)
인터넷 끊겨도 일부 작업 가능
AWS Outposts allows deploying AWS services closer to on-premises facilities, reducing latency
#5. Which AWS service or tool provides on-demand access to AWS security and compliance reports?
=> AWS Artifact
AWS Artifact provides on-demand access to AWS security and compliance reports and agreements.
#6. Which AWS services or tools are designed to protect a workload from SQL injection, cross-site scripting, and DDoS attacks? (Select TWO.)
=> AWS Sheid Standard : DDoS 공격 방어(네트워크 공격 방어)
=> AWS WAF : SQL Injection, XSS 등 웹 애플리케이션 공격 방어
AWS Shield Standard and AWS WAF are services designed to protect workloads against SQL injection, cross-site scripting, and DDoS attacks.
#7.(★) Which AWS service should a cloud professional use to receive real-time guidance for provisioning resources, based on AWS best practices related to security, cost optimization, and service limits?
=> AWS Trusted Advisor
AWS 환경 실시간으로 분석하고, 모범사례에 기반한 권장 사항 제공(AWS 전용 컨설턴트)
- cost optimization
- performance
- security
- fault tolerance
- service limits
#8. A company needs a repository that stores source code. The company needs a way to update running software when the code changes. Which combination of AWS services meets these requirements? (Select TWO.)
=> AWS CodeCommit, AWS CodeDeploy
(AWS CodeCommit)
소스 코드 저장소
완전 관리형 Git 리포지토리 서비스
소스코드, 바이너리, 설정 파일 등 저장 가능
(AWS CodeDeploy)
코드변경 시 자동 배포(deploy) 서비스
ec2, lambda, 온프렘 서버까지 배포 가능
코드를 서버에 자동으로 업데이트해주는 서비스
=> 개발자가 코드 올리면(codecommit) -> 코드변경 감지 후 자동으로 서버/인스턴스에 배포(codedeploy)
AWS CodeCommit and AWS CodeDeploy are correct because AWS CodeCommit is a service that provides a fully managed source control service that hosts secure Git repositories, and AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and on-premises servers.
#9. For a shopping application that requires a managed database service for data storage, which AWS service should be used?
=> Amazon RDS
AWS가 관리해주는 관리형 관계형 데이터베이스 서비스
개발자는 유지보수 걱정없이 데이터 사용 가능
(특징)
- MySQL, PostgreSQL, MariaDB, Oracle, SQL Server, Aurora 등 지원
- 데이터베이스 인프라 관리(서버, 패치, 백업) 자동화
- 고가용성(멀티-AZ), 확장성, 보안 제공
Amazon RDS is suitable for applications that require managed relational database services
+ Amazon DynamoDB
NoSQL 데이터베이스 서비스
키+값 또는 문서 형태 저장
서버리스 구조 -> 자동 확장, 관리 부담 없음
밀리초 단위 지연 보장
+ Amazon Aurora
RDS 호환, RDS보다 빠르고 확장성 좋은 고성능 관계형 DB
MySQL / PostgreSQL 호환 > 기존 앱 마이그레이션 용이
RDS 대비 5배 빠른 성능
#10. Which of the following are customer responsibilities according to the AWS Shared Responsibility Model? (Select TWO.)
=> Security group configuration, Encryption of customer data on AWS
The AWS Shared Responsibility Model outlines how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is responsible for the security of the cloud, which includes the physical security of AWS facilities, infrastructure, hardware, software, and networking that run AWS services. The customer is responsible for security in the cloud, which includes security group configuration, encryption of customer data on AWS, AWS Lambda infrastructure management, and network bandwidth management of each AWS Region.
#11.(★) A developer wants to quickly deploy an application on AWS without manually creating the necessary resources. Which AWS service will meet these requirements?
=> AWS Elastic Beanstalk (★)
애플리케이션 배포와 관리 자동화하는 서비스
(특징)
EC2로드밸런서, 보안그룹, DB 등 필요 리소스를 자동으로 생성 및 구성
애플리케이션 배포, 확장, 모니터링, 업데이트까지 지원 -> 개발자는 코드 업로드만 하면 됨
-> 코드만 올리면 AWS가 서버 세팅까지 다해주는 서비스
AWS가 EC2 관리
AWS Elastic Beanstalk is a service that allows you to deploy and manage applications on AWS without creating and configuring the necessary resources manually, such as EC2 instances, load balancers, security groups, databases, and more. AWS Elastic Beanstalk automatically handles the provisioning, scaling, load balancing, health monitoring, and updating of your application while giving you full control over the underlying AWS resources if needed
+ AWS Lambda와 비교
(Elastic Beanstalk)
애플리케이션 배포하고 관리하는 플랫폼 제공
항상 ec2 서버에서 앱이 실행
서버 기반 앱을 자동 관리 환경에서 실행
(Lambda)
코드(함수)단위로 실행, 서버리스라서 서버관리 필요 없음
요청이 들어올때만 코드 실행 > 사용한 만큼만 비용 발생
개발자 책임 : 코드 작성
서버 없이 함수 실행
장점 : 서버 관리 필요없음, 이벤트 기반으로 빠른 실행, 비용효율적(on-demand)
#12. Which AWS cloud design principle is followed when using AWS CloudTrail?
=> Ensure traceability
추적 가능성 보장
(CloudTrail)
AWS계정 내 모든 API 호출과 이벤트 기록 서비스어떤 사용자가, 어떤 리소스에, 언제, 어떤 행동 했는지 모두 기록
Using AWS CloudTrail aligns with the design principle of ensuring traceability by logging API calls and events
#13.(★) For cloud-compatible in-memory data store, which AWS service should be used?
=> Amazon ElastiCache
인메모리 데이터 스토어 관리 서비스 (인메모리 + 클라우드 + 관리형)
클라우드에서 빠른 성능의 인메모리 데이터 저장 제공하는 관리형 서비스
빠른 속도의 데이터 액세스를 위해 메모리에 데이터 저장
Amazon ElastiCache offers scalable in-memory data store solutions, compatible with open-source engines.
+ EBS(Elastic Block Store)
EC2 인스턴스에 연결해서 사용하는 영구적 블록 스토리지 > EC2 전용 하드디스크
디스크처럼 사용 가능
EC2와 1:1 연결 가능
Snapshot(스냅샷) 기능으로 백업 가능
고성능 SSD/HDD 제공
+ DynamoDB
NoSQL 데이터베이스 서비스 (Serverless)
빠르고 유연한 키-값 또는 문서 데이터 저장소
서버리스방식으로 서버 관리 필요없음 -> 완전관리형(백업, 복제, 보안 자동 관리)
#13. Which AWS service or feature is used for troubleshooting network connectivity between Amazon EC2 instances?
=> VPC Flow Logs
VPC의 내부 IP 트래픽을 기록해 EC2간 네트워크 연결 문제를 디버깅하는 서비스
EC2 간 연결 문제
주요 기능 : 트래픽 모니터링(EC2, NAT Gateway, ELB), 문제 해결, 보안 감사
VPC Flow Logs enables users to capture information about the IP traffic flowing to and from network interfaces in their VPC, aiding in troubleshooting network connectivity between Amazon EC2 instances.
#14.(★) Which AWS service or tool helps "centrally manage billing" and enable controlled access to resources across AWS accounts?
=> AWS Organizations
여러개 계정을 하나의 조직으로 묶어서 관리하는 서비스
핵심 기능 : 통합 결제, 계정 중앙 관리, 비용 절감 효과
키워드 : consolidate billing / multiple accounts / centrally
AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations allows you to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access across accounts. AWS Organizations also allows you to use consolidated billing, which combines the usage and charges across all accounts in your organization into a single bill.
+ AWS Budgets
예산을 정하고, 초과하면 알려주는 서비스
사용자가 비용과 사용량에 대한 예산(budget) 설정 가능 > 예산 초과 시 알림(alert) 전송
+ AWS Cost Explorer
AWS 사용량과 비용을 시각화(그래프, 차트)하고 분석할 수 있는 도구
-> 비용과 사용량을 분석하고 시각화하는 도구
#15. A company wants to design a reliable web application hosted on Amazon EC2. Which approach will achieve this goal?
=> Spread EC2 instances across more than one Availability Zone
#16. A company has set up a VPC in its AWS account and created a subnet in the VPC. The company wants to make the subnet public. Which AWS resources should the company use to meet this requirement? (Select TWO.)
=> Amazon VPC internet gateway, Amazon VPC route tables
To make a subnet public, the company needs to use an Amazon VPC internet gateway and configure appropriate route tables.
#16. What does AWS Lambda allow developers to do?
=> Run code in response to triggers
(Lambda)
서버를 직접 관리하지 않고 코드 실행할 수 있는 서버리스 컴퓨팅 서비스
특정 이벤트(트리거) 발생하면 자동으로 코드 실행
코드(함수)단위로 실행, 서버리스라서 서버관리 필요 없음
요청이 들어올때만 코드 실행 > 사용한 만큼만 비용 발생(pay per use)
개발자 책임 : 코드 작성
서버 없이 함수 실행
장점 : 서버 관리 필요없음, 이벤트 기반으로 빠른 실행, 비용효율적(on-demand)
AWS Lambda allows developers to run code in response to triggers such as data changes or user requests, without provisioning or managing servers.
#17.(★) Which tasks are customer responsibilities, according to the AWS Shared Responsibility Model? (Select TWO.)(고객책임인건?)
=> Configure the AWS-provided security group firewall / Classify the company's assets on the AWS cloud
According to the AWS Shared Responsibility Model, the customer is responsible for security in the cloud, which includes the tasks of configuring the AWS-provided security group firewall and classifying the company's assets on the AWS cloud.=> patch or update amazon dynamoDB : AWS 책임
#18. A company wants to establish a security layer in their VPC that will act as a firewall to control subnet traffic.
=> Security Group
VPC 내에서 트래픽 제어 (VPC 인스턴스 레벨 방화벽)
인스턴스 수준 방화벽(Stateful : 들어오는 트래픽 허용하면 나가는 응답 트래픽은 자동 허용)
EC2, RDS 등 각 인스턴스에 연결 가능
인바운드, 아웃바운드 트래픽 허용
규칙 기반 : IP주소, 포트, 프로토콜 단위 허용/차단
Security groups are stateful firewalls that control inbound and outbound traffic at the instance level. You can associate them with each instance in a VPC and specify rules to allow or deny traffic. Routing tables direct traffic, network ACLs are stateless firewalls at the subnet level, and Amazon GuardDuty is a threat detection service.
+ Network ACL(NACL)
서브넷 수준 방화벽
Stateless : 들어오는/나가는 트래픽 각각 규칙 필요
+ Route table : 단순 트래픽 경로 지정
#19. A cloud engineer wants to know the percentage of allocated compute units that are in use for a specific Amazon EC2 instance. Which AWS service can provide this information?
=> Amazon CloudWatch
AWS 리소스(EC2, RDS, Lambda 등) 모니터링 및 지표 수집
CPU 가동률, 디스크 I/O, 네트워크 트래픽 등 제공
CPU, 리소스 사용률, 모니터링 -> CloudWatch
Amazon CloudWatch can provide detailed metrics about Amazon EC2 instance utilization, including the percentage of allocated compute units in use, allowing users to monitor and optimize performance.
#20. Which of the following is a recommended design principle of the AWS Well-Architected Framework?
=> Learn to improve from operational failures.
#22. A company has an Amazon S3 bucket containing images of scanned financial invoices. The company is building an AI-based application on AWS to identify and read the total balance values on the invoices. Which AWS service will meet these requirements?
=> Amazon Textract
스캔된 문서, 이미지, PDF 등에서 텍스트와 데이터 자동으로 추출하는 AI기반 서비스
Amazon Textract is capable of extracting text and data from scanned documents, ideal for reading values on invoices
#23. What is a cost efficiency principle related to the AWS cloud?
=> Properly size services based on capacity needs (AWS 자원을 필요한 만큼만 사용)
One of the cost efficiency principles related to the AWS cloud is to properly size services based on capacity needs. This means choosing the most appropriate type and size of AWS resources to meet the performance and scalability requirements of applications, avoiding over-provisioning or under-provisioning.=>
#24. A company is running applications on Amazon EC2 instances in the same AWS account for several different projects. The company wants to track infrastructure costs for each of the projects separately. The company must perform this tracking with the least possible impact on existing infrastructure and at no additional cost.
=> Use cost allocation tags with values specific to each project
The correct answer is D because cost allocation tags are a way to track infrastructure costs for each of the projects separately. Cost allocation tags are key-value pairs that can be attached to AWS resources, such as EC2 instances, and used to categorize and group them for billing purposes. The other options are incorrect because they do not meet the requirements of the question. Using a different Amazon EC2 instance type for each project does not help track the costs of each project and may impact the performance and compatibility of the applications. Publishing project-specific Amazon CloudWatch custom metrics for each application does not help track the costs of each project and may incur additional costs for using CloudWatch. Deploying EC2 instances for each project in a separate AWS account helps track the costs of each project but impacts the existing infrastructure and incurs additional costs for using multiple accounts.
#25. A development team wants to deploy multiple test environments for an application quickly and in a repeatable way. Which AWS service should the team use?
=> AWS CloudFormation
코드로 AWS 인프라를 생성하고 관리하는 서비스
목적 : Proivision and manage AWS resources AWS CloudFormation is a service that allows you to model and provision your AWS resources using templates. You can define your infrastructure as code and automate the creation and updating of your resources. AWS CloudFormation also supports nested stacks, change sets, and rollback features to help you manage complex and dynamic environments.
+ Amazon QuickSight
데이터 시각화하고 대시보드와 리포트 만들 수 있는 서비스(시각화&보고서)
클라우드 기반 BI 도구
서버관리 불필요, 자동 스케일링 지원
주요 기능 : 데이터 시각화, 자동화 분석, 대시보드 공유 등
#26. Which AWS service requires the customer to update the guest operating system?
=> Amazon EC2
Customers are responsible for updating and patching the guest operating system on Amazon EC2 instances.
#27. To migrate Microsoft SQL Server from on-premises to the AWS cloud with reduced management overhead, which AWS service should be used?
=> Amazon RDS
관리형 DB(Managed Service)(AWS가 대신 관리하는 서비스)
MySQL과 호환성
고가용성(Multi-AZ 구성 가능)
+ Amazon Athena
S3에 있는 데이터를 바로 SQL로 조회하고 싶은 경우
+ Amazon RedShift
완전 관리형 데이터 Warehouse
대규모 데이터 분석/보고
OLAP(온라인 분석 처리)에 최적
+ Amazon ECS(Elastic Container Service)
AWS에서 제공하는 완전관리형 컨테이너 오케스트레이션 서비스
Docker 컨테이너를 aws에서 쉽게 배포, 관리, 확장할 수 있게 도와주는 서비스
#28. Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework?
=> Create annotated documentation ?? 납득안됨
Create annotated documentation supports operational excellence by improving understanding and management of workloads.
#29. Which pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value?
=>Operational Excellence
The Operational Excellence pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value. This principle states that you should monitor and measure key performance indicators (KPIs) and set goals and limits that align with your business objectives. You should also use feedback loops to continuously improve your processes and procedures
#30. Which AWS service should a cloud engineer use to visualize API calls to AWS services?
=> CloudTrail
+ AWS CloudTrail
AWS 계정에서 발생한 모든 API 호출 기록(AWS 계정 활동 CCTV)
-> API 단어 나오면? CloudTrail
누가, 언제, 어떤 액션 했는지 추적 가능
+ AWS Config
리소스 구성(Configuration) 추적
AWS 리소스 등의 설정 상태 기록
리소스 변경 내역과 히스토리 확인 가능
'자격증 > AWS CCP' 카테고리의 다른 글
[AWS CCP] CLF-C02 합격 후기(+시험 후기, 공부 방법) (1) 2026.03.30 [AWS CCP] QUIZ 정리 -3 (0) 2026.03.27 [AWS CCP] QUIZ 정리 -1 (1) 2026.03.27 [AWS CCP] Dump 정리 -2 (1) 2026.03.27 [AWS CCP] Dump 정리 -1 (1) 2026.03.26