AWS 2

Question 1

A company wants to use the AWS Cloud to provide secure access to desktop applications that are running in a fully managed environment.Which AWS service should the company use to meet this requirement?
A. Amazon S3
B. Amazon AppStream 2.0
C. AWS AppSync
D. AWS Outposts

Answer 1

B. Amazon AppStream 2.0

Question 2

A company wants to implement threat detection on its AWS infrastructure. However, the company does not want to deploy additional software.Which AWS service should the company use to meet these requirements?
A. Amazon VPC
B. Amazon EC2
C. Amazon GuardDuty
D. AWS Direct Connect

Answer 2

C. Amazon GuardDuty

Question 3

Which AWS service uses edge locations?
A. Amazon Aurora
B. AWS Global Accelerator
C. Amazon Connect
D. AWS Outposts

Answer 3

B. AWS Global Accelerator

Question 4

A company needs to install an application in a Docker container.Which AWS service eliminates the need to provision and manage the container hosts?
A. AWS Fargate
B. Amazon FSx for Windows File Server
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon EC2

Answer 4

A. AWS Fargate

Question 5

Which AWS service or feature checks access policies and offers actionable recommendations to help users set secure and functional policies?
A. AWS Systems Manager
B. AWS IAM Access Analyzer
C. AWS Trusted Advisor
D. Amazon GuardDuty

Answer 5

B. AWS IAM Access Analyzer

Question 6

A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and move the data to AWS later.Which AWS service should the company use to meet these requirements?
A. AWS IoT Core
B. Amazon Lightsail
C. AWS Storage Gateway
D. AWS Snowball Edge

Answer 6

D. AWS Snowball Edge

Question 7

A retail company needs to build a highly available architecture for a new ecommerce platform. The company is using only AWS services that replicate data across multiple Availability Zones.Which AWS services should the company use to meet this requirement? (Choose two.)
A. Amazon EC2
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon Aurora
D. Amazon DynamoDB
E. Amazon Redshift

Answer 7

A. Amazon EC2
B. Amazon Elastic Block Store (Amazon EBS)

Question 8

Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?
A. Agility
B. Elasticity
C. Reliability
D. Durability

Answer 8

B. Elasticity

Question 9

Service control policies (SCPs) manage permissions for which of the following?
A. Availability Zones
B. AWS Regions
C. AWS Organizations
D. Edge locations

Answer 9

C. AWS Organizations

Question 10

Which AWS service can be used to encrypt data at rest?
A. Amazon GuardDuty
B. AWS Shield
C. AWS Security Hub
D. AWS Key Management Service (AWS KMS)

Answer 10

D. AWS Key Management Service (AWS KMS)

Question 11

Which characteristics are advantages of using the AWS Cloud? (Choose two.)
A. A 100% service level agreement (SLA) for all AWS services
B. Compute capacity that is adjusted on demand
C. Availability of AWS Support for code development
D. Enhanced security
E. Increases in cost and complexity

Answer 11

B. Compute capacity that is adjusted on demand
D. Enhanced security

Question 12

A user is storing objects in Amazon S3. The user needs to restrict access to the objects to meet compliance obligations.What should the user do to meet this requirement?
A. Use AWS Secrets Manager.
B. Tag the objects in the S3 bucket.
C. Use security groups.
D. Use network ACLs.

Answer 12

B. Tag the objects in the S3 bucket.

Question 13

A company wants to convert video files and audio files from their source format into a format that will play on smartphones, tablets, and web browsers.Which AWS service will meet these requirements?
A. Amazon Elastic Transcoder
B. Amazon Comprehend
C. AWS Glue
D. Amazon Rekognition

Answer 13

A. Amazon Elastic Transcoder

Question 14

Which of the following are benefits of Amazon EC2 Auto Scaling? (Choose two.)
A. Improved health and availability of applications
B. Reduced network latency
C. Optimized performance and costs
D. Automated snapshots of data
E. Cross-Region Replication

Answer 14

A. Improved health and availability of applications
C. Optimized performance and costs

Question 15

A company has several departments. Each department has its own AWS accounts for its applications. The company wants all AWS costs on a single invoice to simplify payment, but the company wants to know the costs that each department is incurring.Which AWS tool or feature will provide this functionality?
A. AWS Cost and Usage Reports
B. Consolidated billing
C. Savings Plans
D. AWS Budgets

Answer 15

B. Consolidated billing

Question 16

A company runs its workloads on premises. The company wants to forecast the cost of running a large application on AWS.Which AWS service or tool can the company use to obtain this information?
A. AWS Pricing Calculator
B. AWS Budgets
C. AWS Trusted Advisor
D. Cost Explorer

Answer 16

A. AWS Pricing Calculator

Question 17

A company wants to eliminate the need to guess infrastructure capacity before deployments. The company also wants to spend its budget on cloud resources only as the company uses the resources.Which advantage of the AWS Cloud matches the company’s requirements?
A. Reliability
B. Global reach
C. Economies of scale
D. Pay-as-you-go pricing

Answer 17

D. Pay-as-you-go pricing

Question 18

Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co- location environments, or on-premises facilities?
A. AWS Snowmobile
B. AWS Local Zones
C. AWS Outposts
D. AWS Fargate

Answer 18

C. AWS Outposts

Question 19

A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library’s capacity to the AWS Cloud.Which AWS service should the company use to meet this requirement?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon S3
C. Amazon Elastic File System (Amazon EFS)
D. AWS Storage Gateway

Answer 19

D. AWS Storage Gateway

Question 20

An online retail company has seasonal sales spikes several times a year, primarily around holidays. Demand is lower at other times. The company finds it difficult to predict the increasing infrastructure demand for each season.Which advantages of moving to the AWS Cloud would MOST benefit the company? (Choose two.)
A. Global footprint
B. Elasticity
C. AWS service quotas
D. AWS shared responsibility model
E. Pay-as-you-go pricing

Answer 20

B. Elasticity
E. Pay-as-you-go pricing

Question 21

Which AWS service can be used to turn text into lifelike speech?
A. Amazon Polly
B. Amazon Kendra
C. Amazon Rekognition
D. Amazon Connect

Answer 21

A. Amazon Polly

Question 22

Which AWS service or tool can be used to capture information about inbound and outbound traffic in an Amazon VPC?
A. VPC Flow Logs
B. Amazon Inspector
C. VPC endpoint services
D. NAT gateway

Answer 22

A. VPC Flow Logs

Question 23

A company wants to ensure that two Amazon EC2 instances are in separate data centers with minimal communication latency between the data centers.How can the company meet this requirement?
A. Place the EC2 instances in two separate AWS Regions connected with a VPC peering connection.
B. Place the EC2 instances in two separate Availability Zones within the same AWS Region.
C. Place one EC2 instance on premises and the other in an AWS Region. Then connect them by using an AWS VPN connection.
D. Place both EC2 instances in a placement group for dedicated bandwidth.

Answer 23

B. Place the EC2 instances in two separate Availability Zones within the same AWS Region.

Question 24

In which situations should a company create an IAM user instead of an IAM role? (Choose two.)
A. When an application that runs on Amazon EC2 instances requires access to other AWS services
B. When the company creates AWS access credentials for individuals
C. When the company creates an application that runs on a mobile phone that makes requests to AWS
D. When the company needs to add users to IAM groups
E. When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time

Answer 24

B. When the company creates AWS access credentials for individuals
D. When the company needs to add users to IAM groups

Question 25

Which AWS services should a company use to read and write data that changes frequently? (Choose two.)
A. Amazon S3 Glacier
B. Amazon RDS
C. AWS Snowball
D. Amazon Redshift
E. Amazon Elastic File System (Amazon EFS)

Answer 25

B. Amazon RDS
E. Amazon Elastic File System (Amazon EFS)

Question 26

Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config

Answer 26

C. AWS KMS

Question 27

Which AWS services make use of global edge locations? (Choose two.)
A. AWS Fargate
B. Amazon CloudFront
C. AWS Global Accelerator
D. AWS Wavelength
E. Amazon VPC

Answer 27

B. Amazon CloudFront
C. AWS Global Accelerator

Question 28

A company is operating several factories where it builds products. The company needs the ability to process data, store data, and run applications with local system interdependencies that require low latency.Which AWS service should the company use to meet these requirements?
A. AWS IoT Greengrass
B. AWS Lambda
C. AWS Outposts
D. AWS Snowball Edge

Answer 28

C. AWS Outposts

Question 29

Which of the following is a recommended design principle for AWS Cloud architecture?
A. Design tightly coupled components.
B. Build a single application component that can handle all the application functionality.
C. Make large changes on fewer iterations to reduce chances of failure.
D. Avoid monolithic architecture by segmenting workloads.

Answer 29

D. Avoid monolithic architecture by segmenting workloads.

Question 30

A company is designing its AWS workloads so that components can be updated regularly and so that changes can be made in small, reversible increments.Which pillar of the AWS Well-Architected Framework does this design support?
A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Answer 30

C. Operational excellence

Question 31

Which of the following acts as an instance-level firewall to control inbound and outbound access?
A. Network access control list
B. Security groups
C. AWS Trusted Advisor
D. Virtual private gateways

Answer 31

B. Security groups

Question 32

A company has a workload that will run continuously for 1 year. The workload cannot tolerate service interruptions.Which Amazon EC2 purchasing option will be MOST cost-effective?
A. All Upfront Reserved Instances
B. Partial Upfront Reserved Instances
C. Dedicated Instances
D. On-Demand Instances

Answer 32

A. All Upfront Reserved Instances

Question 33

Which AWS service helps protect against DDoS attacks?
A. AWS Shield
B. Amazon Inspector
C. Amazon GuardDuty
D. Amazon Detective

Answer 33

A. AWS Shield

Question 34

Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar?
A. Security
B. Operational excellence
C. Performance efficiency
D. Cost optimization

Answer 34

A. Security

Question 35

Which AWS tool or feature acts as a VPC firewall at the subnet level?
A. Security group
B. Network ACL
C. Traffic Mirroring
D. Internet gateway

Answer 35

B. Network ACL

Question 36

Which AWS service can be used to decouple applications?
A. AWS Config
B. Amazon Simple Queue Service (Amazon SQS)
C. AWS Batch
D. Amazon Simple Email Service (Amazon SES)

Answer 36

B. Amazon Simple Queue Service (Amazon SQS)

Question 37

Which disaster recovery option is the LEAST expensive?
A. Warm standby
B. Multisite
C. Backup and restore
D. Pilot light

Answer 37

C. Backup and restore

Question 38

Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon EC2 instance store
C. Amazon Elastic File System (Amazon EFS)
D. Amazon S3

Answer 38

B. Amazon EC2 instance store

Question 39

Which of the following is a characteristic of the AWS account root user?
A. The root user is the only user that can be configured with multi-factor authentication (MFA).
B. The root user is the only user that can access the AWS Management Console.
C. The root user is the first sign-in identity that is available when an AWS account is created.
D. The root user has a password that cannot be changed.

Answer 39

C. The root user is the first sign-in identity that is available when an AWS account is created.

Question 40

A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and AmazonDynamoDB.What is the MOST operationally efficient solution to delegate permissions?
A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
B. Create an IAM user and use its access key and secret access key in the application.
C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user.

Answer 40

A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.

Question 41

Which of the following is a component of the AWS Global Infrastructure?
A. Amazon Alexa
B. AWS Regions
C. Amazon Lightsail
D. AWS Organizations

Answer 41

B. AWS Regions

Question 42

What is the purpose of having an internet gateway within a VPC?
A. To create a VPN connection to the VPC
B. To allow communication between the VPC and the internet
C. To impose bandwidth constraints on internet traffic
D. To load balance traffic from the internet across Amazon EC2 instances

Answer 42

B. To allow communication between the VPC and the internet

Question 43

Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand?
A. Amazon GuardDuty
B. AWS Security Hub
C. AWS Artifact
D. AWS Shield

Answer 43

C. AWS Artifact

Question 44

A pharmaceutical company operates its infrastructure in a single AWS Region. The company has thousands of VPCs in a various AWS accounts that it wants to interconnect.Which AWS service or feature should the company use to help simplify management and reduce operational costs?
A. VPC endpoint
B. AWS Direct Connect
C. AWS Transit Gateway
D. VPC peering

Answer 44

C. AWS Transit Gateway

Question 45

A company is planning an infrastructure deployment to the AWS Cloud. Before the deployment, the company wants a cost estimate for running the infrastructure.Which AWS service or feature can provide this information?
A. Cost Explorer
B. AWS Trusted Advisor
C. AWS Cost and Usage Report
D. AWS Pricing Calculator

Answer 45

D. AWS Pricing Calculator

Question 46

Which AWS service of tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?
A. AWS Identity and Access Management (IAM)
B. AWS Organizations
C. Cost Explorer
D. AWS Budgets

Answer 46

B. AWS Organizations

Question 47

Which of the following are Amazon Virtual Private Cloud (Amazon VPC) resources?
A. Objects; access control lists (ACLs)
B. Subnets; internet gateways
C. Access policies; buckets
D. Groups; roles

Answer 47

B. Subnets; internet gateways

Question 48

A company needs to identify the last time that a specific user accessed the AWS Management Console.Which AWS service will provide this information?
A. Amazon Cognito
B. AWS CloudTrail
C. Amazon Inspector
D. Amazon GuardDuty

Answer 48

B. AWS CloudTrail

Question 49

A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon Machine Image (AMI).Which actions can a system administrator take to connect to the EC2 instance? (Choose two.)
A. Use Amazon EC2 Instance Connect.
B. Use a Remote Desktop Protocol (RDP) connection.
C. Use AWS Batch
D. Use AWS Systems Manager Session Manager.
E. Use Amazon Connect

Answer 49

A. Use Amazon EC2 Instance Connect.
D. Use AWS Systems Manager Session Manager.

Question 50

A company wants to perform sentiment analysis on customer service email messages that it receives. The company wants to identify whether the customer service engagement was positive or negative.Which AWS service should the company use to perform this analysis?
A. Amazon Textract
B. Amazon Translate
C. Amazon Comprehend
D. Amazon Rekognition

Answer 50

C. Amazon Comprehend

Question 51

What is the total amount of storage offered by Amazon S3?
A. 100MB
B. 5 GB
C. 5 TB
D. Unlimited

Answer 51

D. Unlimited

Question 52

A company is migrating to Amazon S3. The company needs to transfer 60 TB of data from an on-premises data center to AWS within 10 days.Which AWS service should the company use to accomplish this migration?
A. Amazon S3 Glacier
B. AWS Database Migration Service (AWS DMS)
C. AWS Snowball
D. AWS Direct Connect

Answer 52

C. AWS Snowball

Question 53

What type of database is Amazon DynamoDB?
A. In-memory
B. Relational
C. Key-value
D. Graph

Answer 53

C. Key-value

Question 54

A large organization has a single AWS account.What are the advantages of reconfiguring the single account into multiple AWS accounts? (Choose two.)
A. It allows for administrative isolation between different workloads.
B. Discounts can be applied on a quarterly basis by submitting cases in the AWS Management Console.
C. Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS accounts will be less expensive.
D. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account.
E. Amazon QuickSight offers access to a cost tool that provides application-specific recommendations for environments running in multiple accounts.

Answer 54

A. It allows for administrative isolation between different workloads.
D. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account.

Question 55

A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses anApplication Load Balancer to distribute traffic to multiple Amazon EC2 instances.Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
A. Security groups
B. AWS WAF
C. Network ACLs
D. AWS Shield

Answer 55

B. AWS WAF

Question 56

Which AWS service provides a feature that can be used to proactively monitor and plan for the service quotas of AWS resources?
A. AWS CloudTrail
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor
D. Amazon CloudWatch

Answer 56

D. Amazon CloudWatch

Question 57

Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
A. Elimination of expenses for running and maintaining data centers
B. Price discounts that are identical to discounts from hardware providers
C. Distribution of all operational controls to AWS
D. Elimination of operational expenses

Answer 57

A. Elimination of expenses for running and maintaining data centers

Question 58

Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework?
A. Create annotated documentation.
B. Anticipate failure.
C. Ensure performance efficiency.
D. Optimize costs.

Answer 58

B. Anticipate failure.

Question 59

Which AWS services offer gateway VPC endpoints that can be used to avoid sending traffic over the internet? (Choose two.)
A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon Simple Queue Service (Amazon SQS)
C. AWS CodeBuild
D. Amazon S3
E. Amazon DynamoDB

Answer 59

D. Amazon S3
E. Amazon DynamoDB

Question 60

Which of the following is the customer responsible for updating and patching, according to the AWS shared responsibility model?
A. Amazon FSx for Windows File Server
B. Amazon WorkSpaces virtual Windows desktop
C. AWS Directory Service for Microsoft Active Directory
D. Amazon RDS for Microsoft SQL Server

Answer 60

B. Amazon WorkSpaces virtual Windows desktop

Question 61

Who has the responsibility to patch the host operating system of an Amazon EC2 instance, according to the AWS shared responsibility model?
A. Both AWS and the customer
B. The customer only
C. The EC2 hardware manufacturer
D. AWS only

Answer 61

D. AWS only

Question 62

A company is using an Amazon RDS DB instance for an application that is deployed in the AWS Cloud. The company needs regular patching of the operating system of the server where the DB instance runs.What is the company’s responsibility in this situation, according to the AWS shared responsibility model?
A. Open a support case to obtain administrative access to the server so that the company can patch the DB instance operating system.
B. Open a support case and request that AWS patch the DB instance operating system.
C. Use administrative access to the server, and apply the operating system patches during the regular maintenance window that is defined for the DB instance.
D. Establish a regular maintenance window that tells AWS when to patch the DB instance operating system.

Answer 62

D. Establish a regular maintenance window that tells AWS when to patch the DB instance operating system.

Question 63

Why is an AWS Well-Architected review a critical part of the cloud design process?
A. A Well-Architected review is mandatory before a workload can run on AWS.
B. A Well-Architected review helps identify design gaps and helps evaluate design decisions and related documents.
C. A Well-Architected review is an audit mechanism that is a part of requirements for service level agreements.
D. A Well-Architected review eliminates the need for ongoing auditing and compliance tests.

Answer 63

B. A Well-Architected review helps identify design gaps and helps evaluate design decisions and related documents.

Question 64

A company implements an Amazon EC2 Auto Scaling policy along with an Application Load Balancer to automatically recover unhealthy applications that run onAmazon EC2 instances.Which pillar of the AWS Well-Architected Framework does this action cover?
A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Answer 64

D. Reliability

Question 65

Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?
A. Agility
B. Elasticity
C. Scalability
D. High availability

Answer 65

D. High availability

Question 66

Under the AWS shared responsibility model, which task is the customer’s responsibility when managing AWS Lambda functions?
A. Creating versions of Lambda functions
B. Maintaining server and operating systems
C. Scaling Lambda resources according to demand
D. Updating the Lambda runtime environment

Answer 66

A. Creating versions of Lambda functions

Question 67

What does the AWS Concierge Support team provide?
A. A technical expert dedicated to the user
B. A primary point of contact for AWS Billing and AWS Support
C. A partner to help provide scaling guidance for an event launch
D. A dedicated AWS staff member who reviews the user’s application architecture

Answer 67

B. A primary point of contact for AWS Billing and AWS Support

Question 68

A company needs to generate reports that can break down cloud costs by product, by company-defined tags, and by hour, day, and month.Which AWS tool should the company use to meet these requirements?
A. Reserved Instance utilization and coverage reports
B. Savings Plans utilization reports
C. AWS Budgets reports
D. AWS Cost and Usage Reports

Answer 68

D. AWS Cost and Usage Reports

Question 69

A company has a serverless application that includes an Amazon API Gateway API, an AWS Lambda function, and an Amazon DynamoDB database.Which AWS service can the company use to trace user requests as they move through the application’s components?
A. AWS CloudTrail
B. Amazon CloudWatch
C. Amazon Inspector
D. AWS X-Ray

Answer 69

D. AWS X-Ray

Question 70

A company needs to set up a petabyte-scale data warehouse in the AWS Cloud.Which AWS service will meet this requirement?
A. Amazon DynamoDB
B. Amazon RDS
C. Amazon Redshift
D. Amazon ElastiCache

Answer 70

C. Amazon Redshift

Question 71

Which AWS service is always provided at no charge?
A. Amazon S3
B. AWS Identity and Access Management (IAM)
C. Elastic Load Balancers
D. AWS WAF

Answer 71

B. AWS Identity and Access Management (IAM)

Question 72

A company needs to design an AWS disaster recovery plan to cover multiple geographic areas.Which action will meet this requirement?
A. Configure multiple AWS accounts.
B. Configure the architecture across multiple Availability Zones in an AWS Region.
C. Configure the architecture across multiple AWS Regions.
D. Configure the architecture among many edge locations.

Answer 72

C. Configure the architecture across multiple AWS Regions.