AWS Cloud Flashcards
What is the primary storage service used by Amazon RDS database instances?
A. Amazon Glacier.
B. Amazon EBS.
C. Amazon EFS.
D. Amazon S3.
B. Amazon EBS
A company is developing a new application using a microservices framework. The new application is having performance and latency issues. Which AWS Service should be used to troubleshoot these issues?
A. AWS CodePipeline.
B. AWS X-Ray.
C. Amazon Inspector.
D. AWS CloudTrail.
B. AWS X-Ray
Which of the following AWS services is designed with native Multi-AZ fault tolerance in mind? (Choose TWO)
A. Amazon Redshift.
B. AWS Snowball.
C. Amazon Simple Storage Service.
D. Amazon EBS.
E. Amazon DynamoDB.
C, E
A developer needs to set up an SSL security certificate for a client’s eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO)
A. Amazon Route 53.
B. AWS ACM.
C. AWS Directory Service.
D. AWS Identity & Access Management.
E. AWS Data Pipeline.
A, B
Which of the following AWS services scale automatically without your intervention? (Choose TWO)
A. Amazon EC2.
B. Amazon S3.
C. AWS Lambda.
D. Amazon EMR.
E. Amazon EBS.
B, C
A company is planning to migrate an application from Amazon EC2 to AWS Lambda to use a serverless architecture. Which of the following will be the responsibility of AWS after migration? (Choose TWO)
A. Application management.
B. Capacity management.
C. Access control.
D. Operating system maintenance.
E. Data management.
B, D
How do ELBs improve the reliability of your application?
A. By distributing traffic across multiple S3 buckets.
B. By replicating data to multiple availability zones.
C. By creating database Read Replicas.
D. By ensuring that only healthy targets receive traffic.
D
A company needs to migrate their website from on-premises to AWS. Security is a major concern for them, so they need to host their website on hardware that is NOT shared with other AWS customers. Which of the following EC2 instance options meets this requirement?
A. On-demand instances.
B. Spot instances.
C. Dedicated instances.
D. Reserved instances.
C
A customer is planning to move billions of images and videos to be stored on Amazon S3. The customer has approximately 60 Petabytes of data to move. Which of the following AWS Services is the best choice to transfer the data to AWS?
A. Snowball.
B. S3 Transfer Acceleration.
C. Snowmobile.
D. Amazon VPC.
C
A company plans to migrate a large amount of archived data to AWS. The archived data must be maintained for a period of 5 years and must be retrievable within 5 hours of a request. What is the most cost-effective AWS storage service to use?
A. Amazon S3 Glacier.
B. Amazon EFS.
C. Amazon S3 Standard.
D. Amazon EBS.
A
Which AWS Service is used to manage user permissions?
A. Security Groups.
B. Amazon ECS.
C. AWS IAM.
D. AWS Support.
C
Which support plan includes AWS Support Concierge Service?
A. Premium Support.
B. Business Support.
C. Enterprise Support.
D. Standard Support.
C
A company needs to track resource changes using the API call history. Which AWS service can help the company achieve this goal?
A. AWS Config.
B. Amazon CloudWatch.
C. AWS CloudTrail.
D. AWS CloudFormation.
C
What are the benefits of using an AWS-managed service? (Choose TWO)
A. Provides complete control over the virtual infrastructure.
B. Allows customers to deliver new solutions faster.
C. Lowers operational complexity.
D. Eliminates the need to encrypt data.
E. Allows developers to control all patching related activities.
B, C
Which of the following are use cases for Amazon S3? (Choose TWO)
A. Hosting static websites.
B. Hosting websites that require sustained high CPU utilization.
C. Cost-effective database and log storage.
D. A media store for the CloudFront service.
E. Processing data streams at any scale.
A, D
What is the AWS’ recommendation regarding access keys?
A. Delete all access keys and use passwords instead.
B. Only share them with trusted people.
C. Rotate them regularly.
D. Save them within your application code.
C
What is the AWS IAM feature that provides an additional layer of security on top of user-name and password authentication?
A. Key Pair.
B. Access Keys.
C. SDK.
D. MFA.
D
A company is planning to migrate a database with high read/write activity to AWS. What is the best storage option to use?
A. AWS Storage Gateway.
B. Amazon S3.
C. Amazon EBS.
D. Amazon Glacier.
C
What is the AWS service that provides five times the performance of a standard MySQL database?
A. Amazon Aurora.
B. Amazon Redshift.
C. Amazon DynamoDB.
D. Amazon Neptune.
A
What does AWS Service Catalog provide?
A. It enables customers to quickly find descriptions and use cases for AWS services.
B. It enables customers to explore the different catalogs of AWS services.
C. It simplifies organizing and governing commonly deployed IT services.
D. It allows developers to deploy infrastructure on AWS using familiar programming languages.
C
For managed services like Amazon DynamoDB, which of the below is AWS responsible for? (Choose TWO)
A. Protecting credentials.
B. Logging access activity.
C. Patching the database software.
D. Operating system maintenance.
E. Creating access policies.
C, D
Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Select TWO)
A. AWS Concierge.
B. AWS CloudFormation.
C. Amazon Simple Storage Service (Amazon S3).
D. Amazon EC2 Auto Scaling.
E. AWS Management Console.
B, E
Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing?
A. One-year, No Upfront, Standard RI pricing.
B. One-year, All Upfront, Convertible RI pricing.
C. Three-year, All Upfront, Standard RI pricing.
D. Three-year, No Upfront, Convertible RI pricing.
C
Which of the following are features of Amazon CloudWatch Logs? (Select TWO)
A. Summaries by Amazon Simple Notification Service (Amazon SNS).
B. Free Amazon Elasticsearch Service analytics.
C. Provided at no charge.
D. Real-time monitoring.
E. Adjustable retention.
D, E
Which of the following is the customer’s responsibility under the AWS shared responsibility model?
A. Patching underlying infrastructure
B. Physical security
C. Patching Amazon EC2 instances
D. Patching network infrastructure
C
According to the AWS shared responsibility model who is responsible for configuration management?
A. It is solely the responsibility of the customer.
B. It is solely the responsibility of AWS.
C. It is shared between AWS and the customer.
D. It is not part of the AWS shared responsibility model.
C
Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?
A. Amazon GuardDuty.
B. Amazon Macie.
C. Amazon Inspector.
D. AWS Shield.
B
Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Select TWO)
A. Ensuring that application data is encrypted at rest.
B. Ensuring that AWS NTP servers are set to the correct time.
C. Ensuring that users have received security training in the use of AWS services.
D. Ensuring that access to data centers is restricted.
E. Ensuring that hardware is disposed of properly.
A, C
A customer is using multiple AWS accounts with separate billing. How can the customer take advantage of volume discounts with minimal impact to the AWS resources?
A. Create one global AWS account and move all AWS resources to that account.
B. Sign up for three years of Reserved Instance pricing up front.
C. Use the consolidated billing feature from AWS Organizations.
D. Sign up for the AWS Enterprise support plan to get volume discounts.
C
Which AWS services should be used for read/write of constantly changing data? (Select TWO)
A. Amazon Glacier.
B. Amazon RDS.
C. AWS Snowball.
D. Amazon Redshift.
E. Amazon EFS.
B, E
Which AWS service allows users to identify the changes made to a resource over time?
A. Amazon Inspector.
B. AWS Config.
C. AWS Service Catalog.
D. AWS IAM.
B
A user must meet compliance and software licensing requirements that state a workload must be hosted on a physical server. When Amazon EC2 instance pricing option will meet these requirements?
A. Dedicated Hosts.
B. Dedicated Instances.
C. Spot Instances.
D. Reserved Instances.
A
Which benefits are included with the AWS Business Support plan? (Select TWO)
A. 24/7 assistance by way of live chat or a telephone call.
B. Support from a dedicated AWS Technical Account Manager.
C. An unlimited number of cases and contacts.
D. 15-minute response time for production system interruption cases.
E. Annual operational reviews with AWS Solutions Architects.
A, C
You have a mission-critical application that must be globally available at all times. If this is the case, which of the below deployment mechanisms would you employ?
A. Deployment to multiple edge locations
B. Deployment to multiple Availability Zones
C. Deployment to multiple Data Centers
D. Deployment to Multiple Regions
D
Which of the following can be used to protect against DDoS attacks. (choose 2)
A. AWS Shield
B. AWS EC2
C. AWS ELB
D. AWS Shield Advanced
A, D
Which security feature can be used in a VPC subnet to protect against incoming traffic requests?
A. AWS Inspector
B. Subnet Groups
C. Security Groups
D. NACL
D
Which of the following AWS services can assist you with cost optimization?
A. AWS Shield
B. AWS Inspector
C. AWS WAF
D. AWS Trusted Advisor
D
There is a requirement to move a 10 TB data warehouse to the AWS cloud. Which of the following is an ideal service which can be used to move this amount of data to the AWS Cloud?
A. Amazon Direct Connect
B. Amazon S3 MultiPart Upload
C. Amazon S3 Connector
D. AWS Snowcone HDD
B.
What AWS service has built-in DDoS mitigation?
A. AWS CloudTrail
B. Amazon EC2
C. AWS CloudWatch
D. AWS CloudFront
D.
What is the service provided by AWS that allows developers to easily deploy and manage applications on the cloud?
A. CloudFormation
B. Opswork
C. Container service
D. Elastic Beanstalk
D.
Which of the following is not a supported database engine in the AWS Relation Database Service?
A. SQLite
B. MariaDB
C. MySQL
D. DB2
A.
A company wants to standardize the deployment of its infrastructure by using predefined templates. Which AWS service is best suited for this purpose?
A. Amazon Simple Workflow Service
B. AWS Elastic Beanstalk
C. Amazon EMR
D. AWS CloudFormation
D.
Which of the following options of AWS RDS allows for AWS to failover to a secondary database in case the primary one fails?
A. AWS Failover
B. AWS Secondary
C. AWS Standby
D. AWS Multi-AZ
D
What are the four levels of AWS Premium Support?
A. Basic, Startup, Business, Enterprise
B. Developer, Business, Free, Basic
C. All support is free
D. Developer, Business, Enterprise On-Ramp, Enterprise
D
A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?
A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days
C
A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?
A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
B
A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty
B
Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?
A. Physical security of DynamoDB
B. Patching of DynamoDB
C. Access to DynamoDB tables
D. Encryption of data at rest in DynamoDB
C
Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)
A. AWS Cost Explorer
B. AWS Billing Conductor
C. Amazon CodeGuru
D. Amazon SageMaker
E. AWS Compute Optimizer
A, E
Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
A. Providing high-performance container orchestration
B. Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E. Implementing enforced tagging across AWS resources
C, D
Which of the following services could be used to deploy an application to servers running on-premises? (Select TWO)
A. AWS Elastic Beanstalk.
B. AWS OpsWorks.
C. AWS CodeDeploy.
D. AWS Batch.
E. AWS X-Ray.
B, C
Which of the following services have Distributed Denial of Service (DDoS) mitigation features? (Select TWO)
A. AWS WAF.
B. Amazon DynamoDB.
C. Amazon EC2.
D. Amazon CloudFront.
E. Amazon Inspector.
A, D
What can assist in evaluating an application for migration to the cloud? (Select TWO)
A. AWS Trusted Advisor.
B. AWS Professional Services.
C. AWS Systems Manager.
D. AWS Partner Network (APN).
E. AWS Secrets Manager.
B, D
The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?
A. Cost allocation tags
B. Consolidated billing
C. AWS Budgets
D. AWS Marketplace
A
What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice area ?
A. AWS Enterprise Support
B. AWS Solutions Architects
C. AWS Professional Services
D. AWS Account Managers
C
A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house.
Which of the following AWS programs can a customer take advantage of to achieve that outcome?
A. AWS Partner Network Technology Partners
B. AWS Marketplace
C. AWS Partner Network Consulting Partners
D. AWS Service Catalog
C
Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software license ?
A. Spot Instances
B. Reserved Instances
C. Dedicated Hosts
D. On-Demand Instances
C
Which services can be used across hybrid AWS Cloud architectures? (Select TWO.)
A. Amazon Route 53
B. Virtual Private Gateway
C. Classic Load Balancer
D. Auto Scaling
E. Amazon CloudWatch default metrics
A, B
A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes.
Which service should the company use?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store
D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)
D
What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO?
A. Project management
B. Antivirus software licensing
C. Data center security
D. Software development
C
Which AWS tools assist with estimating costs? (Select three.)
A. Detailed billing report
B. Cost allocation tags
C. AWS Simple Monthly Calculator
D. AWS Total Cost of Ownership (TCO) Calculator
E. Cost Eliminator
B, C, D
Which of the following are advantages of AWS consolidated billing? (Select TWO.)
A. The ability to receive one bill for multiple accounts
B. Service limits increasing by default in all accounts
C. A fixed discount on the monthly bill
D. Potential volume discounts, as usage in all accounts is combined
E. The automatic extension of the master account’s AWS support plan to all accounts
A, D
What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)?
A. They require the customer to monitor and replace failing instances.
B. They have better performance than customer-managed services.
C. They simplify patching and updating underlying OSs.
D. They do not require the customer to optimize instance type or size selections.
C
Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases?
A. Enterprise
B. Business
C. Developer
D. Basic
B
Which of the following steps should be taken by a customer when conducting penetration testing on AWS?
A. Conduct penetration testing using Amazon Inspector, and then notify AWS support.
B. Request and wait for approval from the customer’s internal security team, and then conduct testing.
C. Notify AWS support, and then conduct testing immediately.
D. Request and wait for approval from AWS support, and then conduct testing.
D
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)
A. AWS Trusted Advisor
B. AWS Online Tech Talks
C. AWS Blog
D. AWS Forums
E. AWS Classroom Training
B, E
Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Select TWO.)
A. Amazon CloudFront distributions
B. Amazon Route 53
C. Security Groups
D. Subnets
E. Elastic Load Balancing
C, D
If each department within a company has its own AWS account, what is one way to enable consolidated billing?
A. Use AWS Budgets on each account to pay only to budget.
B. Contact AWS Support for a monthly bill.
C. Create an AWS Organization from the payer account and invite the other accounts to join.
D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into Amazon Redshift, and then run a
C
How do customers benefit from Amazon’s massive economies of scale?
A. Periodic price reductions as the result of Amazon’s operational efficiencies
B. New Amazon EC2 instance types providing the latest hardware
C. The ability to scale up and down when needed
D. Increased reliability in the underlying hardware of Amazon EC2 instances
A
Which AWS services can be used to gather information about AWS account activity? (Select TWO.)
A. Amazon CloudFront
B. AWS Cloud9
C. AWS CloudTrail
D. AWS CloudHSM
E. Amazon CloudWatch
C, E
Which of the following common IT tasks can AWS cover to free up company IT resources? (Select TWO.)
A. Patching databases software
B. Testing application releases
C. Backing up databases
D. Creating database schema
E. Running penetration tests
A, C
In which scenario should Amazon EC2 Spot Instances be used?
A. A company wants to move its main website to AWS from an on-premises web server.
B. A company has a number of application services whose Service Level Agreement (SLA) requires 99.999% uptime.
C. A company’s heavily used legacy database is currently running on-premises.
D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances.
D
Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs?
A. Enterprise
B. Business
C. Developer
D. Basic
A
Which AWS service can serve a static website?
A. Amazon S3
B. Amazon Route 53
C. Amazon QuickSight
D. AWS X-Ray
A
How does AWS shorten the time to provision IT resources?
A. It supplies an online IT ticketing platform for resource requests.
B. It supports automatic code validation services.
C. It provides the ability to programmatically provision existing resources.
D. It automates the resource request process from a company’s IT vendor list.
C
What can AWS edge locations be used for? (Select TWO.)
A. Hosting applications
B. Delivering content closer to users
C. Running NoSQL database caching services
D. Reducing traffic on the server by caching responses
E. Sending notification messages to end users
B, D
Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users?
A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups
C
What will help a company perform a cost benefit analysis of migrating to the AWS Cloud?
A. Cost Explorer
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Simple Monthly Calculator
D. AWS Trusted Advisor
B
What does AWS Snowball provide? (Choose TWO)
A. Built-in computing capabilities that allow customers to process data locally.
B. A catalog of third-party software solutions that customers need to build solutions and run their businesses.
C. A hybrid cloud storage between on-premises environments and the AWS Cloud.
D. An Exabyte-scale data transfer service that allows you to move extremely large amounts of data to AWS.
E. Secure transfer of large amounts of data into and out of the AWS.
A, E
A company has an AWS Enterprise Support plan. They want quick and efficient guidance with their billing and account inquiries. Which of the following should the company use?
A. AWS Health Dashboard.
B. AWS Support Concierge.
C. AWS Customer Service.
D. AWS Operations Support.
B
What should you do in order to keep the data on EBS volumes safe? (Choose TWO)
A. Regularly update firmware on EBS devices.
B. Create EBS snapshots.
C. Ensure that EBS data is encrypted at rest.
D. Store a backup daily in an external drive.
E. Prevent any unauthorized access to AWS data centers.
B, C
A startup company is operating on limited funds and is extremely concerned about cost overruns. Which of the below options can be used to notify the company when their monthly AWS bill exceeds $2000? (Choose TWO)
A. Setup a CloudWatch billing alarm that triggers an SNS notification when the threshold is exceeded.
B. Configure the Amazon Simple Email Service to send billing alerts to their email address on a daily basis.
C. Configure the AWS Budgets Service to alert the company when the threshold is exceeded.
D. Configure AWS CloudTrail to automatically delete all AWS resources when the threshold is exceeded.
E. Configure the Amazon Connect Service to alert the company when the threshold is exceeded.
A, C
Hundreds of thousands of DDoS attacks are recorded every month worldwide. What service does AWS provide to help protect AWS Customers from these attacks? (Choose TWO)
A. AWS Shield.
B. AWS Config.
C. Amazon Cognito.
D. AWS WAF.
E. AWS KMS.
A, D
Which of the following services allows customers to manage their agreements with AWS?
A. AWS Artifact.
B. AWS Certificate Manager.
C. AWS Systems Manager.
D. AWS Organizations.
A
Which of the following are examples of AWS-Managed Services, where AWS is responsible for the operational and maintenance burdens of running the service? (Choose TWO)
A. Amazon VPC.
B. Amazon DynamoDB.
C. Amazon Elastic MapReduce.
D. AWS IAM.
E. Amazon Elastic Compute Cloud.
B, C
Which of the following must an IAM user provide to interact with AWS services using the AWS Command Line Interface (AWS CLI)?
A. Access keys.
B. Secret token.
C. UserID.
D. User name and password.
A
Select TWO examples of the AWS shared controls.
A. Patch Management.
B. IAM Management.
C. VPC Management.
D. Configuration Management.
E. Data Center operations.
A, D
In order to implement best practices when dealing with a “Single Point of Failure,” you should attempt to build as much automation as possible in both detecting and reacting to failure. Which of the following AWS services would help? (Choose TWO)
A. ELB.
B. Auto Scaling.
C. Amazon Athen.
D. ECR.
E. Amazon EC2.
A, B
A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups for the application?
A. A MySQL database installed on an EC2 instance.
B. Amazon Aurora.
C. Amazon DynamoDB.
D. Amazon Neptune.
B
Under the shared responsibility model, which of the following is the responsibility of AWS?
A. Client-side encryption.
B. Configuring infrastructure devices.
C. Server-side encryption.
D. Filtering traffic with Security Groups.
B
What does the AWS Health Dashboard provide? (Choose TWO)
A. Detailed troubleshooting guidance to address AWS events impacting your resources.
B. Health checks for Auto Scaling instances.
C. Recommendations for Cost Optimization.
D. A dashboard detailing vulnerabilities in your applications.
E. Personalized view of AWS service health.
A, E
In the AWS Shared responsibility Model, which of the following are the responsibility of the customer? (Choose TWO)
A. Disk disposal.
B. Controlling physical access to compute resources.
C. Patching the Network infrastructure.
D. Setting password complexity rules.
E. Configuring network access rules.
D, E
What does AWS provide to deploy popular technologies such as IBM MQ on AWS with the least amount of effort and time?
A. Amazon Aurora.
B. Amazon CloudWatch.
C. AWS Quick Start reference deployments.
D. AWS OpsWorks.
C
An organization has decided to purchase an Amazon EC2 Reserved Instance (RI) for three years in order to reduce costs. It is possible that the application workloads could change during the reservation period. What is the EC2 Reserved Instance (RI) type that will allow the company to exchange the purchased reserved instance for another reserved instance with higher computing power if they need to?
A. Elastic RI.
B. Premium RI.
C. Standard RI.
D. Convertible RI.
D
Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Select TWO)
A. AWS Concierge.
B. AWS CloudFormation.
C. Amazon Simple Storage Service (Amazon S3).
D. Amazon EC2 Auto Scaling.
E. AWS Management Console.
B, E
When should a company consider using Amazon EC2 Spot Instances? (Select TWO)
A. For non-production applications.
B. For stateful workloads.
C. For applications that cannot have interruptions.
D. For fault-tolerant flexible applications.
E. For sensitive database applications.
A, D
Access keys in AWS Identity and Access Management (IM1) are used to:
A. Log in to the AWS Management Console.
B. Make programmatic calls to AWS from AWS APIs.
C. Log in to Amazon EC2 instances.
D. Authenticate to AWS CodeCommit repositories.
B
Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL?
A. AWS Glue.
B. AWS Data Pipeline.
C. Amazon CloudSearch.
D. Amazon Athena.
D
What approach to transcoding a large number of individual video files adheres to AWS architecture principles?
A. Using many instances in parallel.
B. Using a single large instance during off-peak hours.
C. Using dedicated hardware.
D. Using a large GPU instance type.
A
The user is fully responsible for which action when running workloads on AWS?
A. Patching the infrastructure components.
B. Maintaining the underlying infrastructure components.
C. Maintaining physical and environmental controls.
D. Implementing controls to route application traffic.
D
Which AWS support plan includes a dedicated Technical Account Manager?
A. Developer.
B. Enterprise.
C. Business.
D. Basic.
B
What time-savings advantage is offered with the use of Amazon Rekognition?
A. Amazon Rekognition provides automatic watermarking of images.
B. Amazon Rekognition provides automatic detection of objects appearing in pictures.
C. Amazon Recognition provides the ability to resize millions of images automatically.
D. Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection jobs.
B
Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management?
A. AWS manages the data stored in Amazon RDS tables.
B. AWS manages the maintenance of the operating system.
C. AWS automatically scales up instance types on demand.
D. AWS manages the database type.
B
Which AWS service is used to automate configuration management using Chef and Puppet?
A. AWS Config
B. AWS OpsWorks
C. AWS CloudFormation
D. AWS Systems Manager
B
Which AWS services can be used to provide network connectivity between an on-premises network and a VPC? (Choose two.)
A. Amazon Route 53
B. AWS Direct Connect
C. AWS Data Pipeline
D. AWS VPN
E. Amazon Connect
B, D
Under the AWS shared responsibility model, which of the following are customer responsibilities? (Choose two.)
A. Setting up server-side encryption on an Amazon S3 bucket
B. Amazon RDS instance patching
C. Network and firewall configurations
D. Physical security of data center facilities
E. Compute capacity availability
A, C
What is the MINIMUM AWS Support plan level that will provide users with access to the AWS Support API?
A. Developer
B. Enterprise
C. Business
D. Basic
C
A company has deployed several relational databases on Amazon EC2 instances. Every month, the database software vendor releases new security patches that need to be applied to the databases.
What is the MOST efficient way to apply the security patches?
A. Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor.
B. Enable automatic patching for the instances using the Amazon RDS console.
C. In AWS Config, configure a rule for the instances and the required patch level.
D. Use AWS Systems Manager to automate database patching according to a schedule.
D
A company has an application with users in both Australia and Brazil. All the company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in Australia, and Brazilian users are experiencing high latency.
What should the company do to reduce latency?
A. Implement AWS Direct Connect for users in Brazil
B. Provision resources in the South America (São Paulo) Region in Brazil.
C. Use AWS Transit Gateway to quickly route users from Brazil to the application
D. Launch additional Amazon EC2 instances in Sydney to handle the demand
B
What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?
A. Use AWS Direct Connect
B. Use AWS VPN
C. Use AWS Client VPN
D. Use an AWS Transit Gateway
D
Which AWS Support plan provides access to architectural and operational reviews, as well as 24/7 access to Senior Cloud Support Engineers through email, online chat, and phone?
A. Basic
B. Business
C. Developer
D. Enterprise
D
Which AWS services can be used as infrastructure automation tools? (Choose two.)
A. AWS CloudFormation
B. Amazon CloudFront
C. AWS Batch
D. AWS OpsWorks
E. Amazon QuickSight
A, D
Which AWS service enables users to create copies of resources across AWS Regions?
A. Amazon ElastiCache
B. AWS CloudFormation
C. AWS CloudTrail
D. AWS Systems Manager
B
A user would like to encrypt data that is received, stored, and managed by AWS CloudTrail.
Which AWS service will provide this capability?
A. AWS Secrets Manager
B. AWS Systems Manager
C. AWS Key Management Service (AWS KMS)
D. AWS Certificate Manager
C
Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Shield
C
Which tool can be used to monitor AWS service limits?
A. AWS Total Cost of Ownership (TCO) Calculator
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Cost and Usage report
B
What can be used to automate and manage secure, well-architected, multi-account AWS environments?
A. AWS shared responsibility model
B. AWS Control Tower
C. AWS Security Hub
D. AWS Well-Architected Tool
B
Which AWS service or feature allows a user to easily scale connectivity among thousands of VPCs?
A. VPC peering
B. AWS Transit Gateway
C. AWS Direct Connect
D. AWS Global Accelerator
B
A company needs protection from expanded distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements?
A. AWS Shield Advanced
B. AWS Firewall Manager
C. AWS WAF
D. Amazon GuardDuty
A
Under the AWS shared responsibility model, what are the customer’s responsibilities? (Choose two.)
A. Physical and environmental security
B. Physical network devices including firewalls
C. Storage device decommissioning
D. Security of data in transit
E. Data integrity authentication
D, E
Which AWS container service will help a user install, operate, and scale the cluster management infrastructure?
A. Amazon Elastic Container Registry (Amazon ECR)
B. AWS Elastic Beanstalk
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon Elastic Block Store (Amazon EBS)
C
Which of the following allows an application running on an Amazon EC2 instance to securely write data to an Amazon S3 bucket without using long term credentials?
A. Amazon Cognito
B. AWS Shield
C. AWS IAM role
D. AWS IAM user access key
C
A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot connect to it.
Who should the developer contact for this level of support?
A. AWS Support using a support case
B. AWS Professional Services
C. AWS technical account manager
D. AWS consulting partners
A
A company must ensure that its endpoint for a database instance remains the same after a single Availability Zone service interruption. The application needs to resume database operations without the need for manual administrative intervention.
How can these requirements be met?
A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS Storage Gateway.
B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby.
C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic Beanstalk.
D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront origins.
B
AWS Trusted Advisor provides recommendations on which of the following? (Choose two.)
A. Cost optimization
B. Auditing
C. Serverless architecture
D. Performance
E. Scalability
A, D
Which of the following tasks can only be performed after signing in with AWS account root user credentials? (Choose two.)
A. Closing an AWS account
B. Creating a new IAM policy
C. Changing AWS Support plans
D. Attaching a role to an Amazon EC2 instance
E. Generating access keys for IAM users
A, C
A company operating in the AWS Cloud requires separate invoices for specific environments, such as development, testing, and production.
How can this be achieved?
A. Use multiple AWS accounts
B. Use resource tagging
C. Use multiple VPCs
D. Use Cost Explorer
A
Which AWS service can be used in the application deployment process?
A. AWS AppSync
B. AWS Batch
C. AWS CodePipeline
D. AWS DataSync
C
What can be used to reduce the cost of running Amazon EC2 instances? (Choose two.)
A. Spot Instances for stateless and flexible workloads
B. Memory optimized instances for high-compute workloads
C. On-Demand Instances for high-cost and sustained workloads
D. Reserved Instances for sustained workloads
E. Spend limits set using AWS Budgets
A, D
Which AWS service or feature allows the user to manage cross-region application traffic?
A. Amazon AppStream 2.0
B. Amazon VPC
C. Elastic Load Balancer
D. Amazon Route 53
D
A user needs to regularly audit and evaluate the setup of all AWS resources, identify non-compliant accounts, and be notified when a resource changes.
Which AWS service can be used to meet these requirements?
A. AWS Trusted Advisor
B. AWS Config
C. AWS Resource Access Manager
D. AWS Systems Manager
B
A company must store critical business data in Amazon S3 with a backup to another AWS Region.
How can this be achieved?
A. Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally
B. Set up Amazon S3 cross-region replication to another AWS Region
C. Configure the AWS Backup service to back up to the data to another AWS Region
D. Take Amazon S3 bucket snapshots and copy that data to another AWS Region
B
What is the recommended method to request penetration testing on AWS resources?
A. Open a support case
B. Fill out the Penetration Testing Request Form
C. Request a penetration test from your technical account manager
D. Contact your AWS sales representative
B
Which components are required to build a successful site-to-site VPN connection on AWS? (Choose two.)
A. Internet gateway
B. NAT gateway
C. Customer gateway
D. Transit gateway
E. Virtual private gateway
C, E
Performing operations as code is a design principle that supports which pillar of the AWS Well-Architected Framework?
A. Performance efficiency
B. Operational excellence
C. Reliability
D. Security
B
Which AWS service can be used to track resource changes and establish compliance?
A. Amazon CloudWatch
B. AWS Config
C. AWS CloudTrail
D. AWS Trusted Advisor
B
