AWS - Cloud Practitioner

Question 1

Under the shared responsibility model which of the following is the customer responsible for?
A. Ensuring that disk drives are wiped after use.
B. Ensuring that firmware is updated on hardware devices.
C. Ensuring that data is encrypted at rest.
D. Ensuring that network cables are category six or higher.,

Answer 1

Answer: C

Question 2

2
The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?
A. Cost allocation tags
B. Consolidated billing
C. AWS Budgets
D. AWS Marketplace

Answer 2

Answer: C

Question 3

3
Which service stores objects provides real-time access to those objects and offers versioning and lifecycle capabilities?
A. Amazon Glacier
B. AWS Storage Gateway
C. Amazon S3
D. Amazon EBS

Answer 3

Answer: C

Question 4

4
What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas?
A. AWS Enterprise Support
B. AWS Solutions Architects
C. AWS Professional Services
D. AWS Account Managers

Answer 4

Answer: C

Question 5

5
A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house. Which of the following AWS programs can a customer take advantage of to achieve that outcome?
A. AWS Partner Network Technology Partners
B. AWS Marketplace
C. AWS Partner Network Consulting Partners
D. AWS Service Catalog

Answer 5

Answer: C

Question 6

6
Distributing workloads across multiple Availability Zones supports which cloud architecture design principle?
A. Implement automation.
B. Design for agility.
C. Design for failure.
D. Implement elasticity.

Answer 6

Answer: C

Question 7

7
Which AWS services can host a Microsoft SQL Server database? (Choose two.)
A. Amazon EC2
B. Amazon Relational Database Service (Amazon RDS)
C. Amazon Aurora
D. Amazon Redshift
E. Amazon S3

Answer 7

Answer: AB

Question 8

8
Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance?
A. AWS Cost Explorer
B. AWS Trusted Advisor
C. Consolidated billing
D. Detailed billing

Answer 8

Answer: B

Question 9

9
Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses?
A. Spot Instances
B. Reserved Instances
C. Dedicated Hosts
D. On-Demand Instances

Answer 9

Answer: C

Question 10

10
Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Choose two.)
A. High availability
B. Shared security model
C. Elasticity
D. Pay-as-you-go pricing
E. Reliability

Answer 10

Answer: CD

Question 11

11
Which service enables risk auditing by continuously monitoring and logging account activity including user actions in the AWS Management Console and AWS SDKs?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Config
D. AWS Health

Answer 11

Answer: B

Question 12

12
Which of the following are characteristics of Amazon S3? (Choose two.)
A. A global file system
B. An object store
C. A local file store
D. A network file system
E. A durable storage system

Answer 12

Answer: BE

Question 13

13
Which services can be used across hybrid AWS Cloud architectures? (Choose two.)
A. Amazon Route 53
B. Virtual Private Gateway
C. Classic Load Balancer
D. Auto Scaling
E. Amazon CloudWatch default metrics

Answer 13

Answer: AB

Question 14

14
What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO?
A. Project management
B. Antivirus software licensing
C. Data center security
D. Software development

Answer 14

Answer: C

Question 15

15
A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes. Which service should the company use?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store
D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)

Answer 15

Answer: D

Question 16

16
Which of the following is a correct relationship between regions Availability Zones and edge locations?
A. Data centers contain regions.
B. Regions contain Availability Zones.
C. Availability Zones contain edge locations.
D. Edge locations contain regions.

Answer 16

Answer: B

Question 17

17
Which AWS tools assist with estimating costs? (Choose three.)
A. Detailed billing report
B. Cost allocation tags
C. AWS Simple Monthly Calculator
D. AWS Total Cost of Ownership (TCO) Calculator
E. Cost Estimator

Answer 17

Answer: BCD

Question 18

18
Which of the following are advantages of AWS consolidated billing? (Choose two.)
A. The ability to receive one bill for multiple accounts
B. Service limits increasing by default in all accounts
C. A fixed discount on the monthly bill
D. Potential volume discounts as usage in all accounts is combined
E. The automatic extension of the master account�s AWS support plan to all accounts

Answer 18

Answer: AD

Question 19

19
Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing?
A. One-year No Upfront Standard RI pricing
B. One-year All Upfront Convertible RI pricing
C. Three-year All Upfront Standard RI pricing
D. Three-year No Upfront Convertible RI pricing

Answer 19

Answer: C

Question 20

20
Compared with costs in traditional and virtualized data centers AWS has:
A. greater variable costs and greater upfront costs.
B. fixed usage costs and lower upfront costs.
C. lower variable costs and greater upfront costs.
D. lower variable costs and lower upfront costs.

Answer 20

Answer: D

Question 21

21
A characteristic of edge locations is that they:
A. host Amazon EC2 instances closer to users.
B. help lower latency and improve performance for users.
C. cache frequently changing data without reaching the origin server.
D. refresh data changes daily.

Answer 21

Answer: C

Question 22

22
Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users?
A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups

Answer 22

Answer: C

Question 23

23
Which of the following security-related actions are available at no cost?
A. Calling AWS Support
B. Contacting AWS Professional Services to request a workshop
C. Accessing forums blogs and whitepapers
D. Attending AWS classes at a local university

Answer 23

Answer: C

Question 24

24
Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value?
A. Dedicated RIs
B. Scheduled RIs
C. Convertible RIs
D. Standard RIs

Answer 24

Answer: C

Question 25

25
Which AWS feature will reduce the customer�s total cost of ownership (TCO)?
A. Shared responsibility security model
B. Single tenancy
C. Elastic computing
D. Encryption

Answer 25

Answer: C

Question 26

26
Which of the following services will automatically scale with an expected increase in web traffic?
A. AWS CodePipeline
B. Elastic Load Balancing
C. Amazon EBS
D. AWS Direct Connect

Answer 26

Answer: B

Question 27

27
Where are AWS compliance documents such as an SOC 1 report located?
A. Amazon Inspector
B. AWS CloudTrail
C. AWS Artifact
D. AWS Certificate Manager

Answer 27

Answer: C

Question 28

28
Under the AWS shared responsibility model which of the following activities are the customer�s responsibility? (Choose two.)
A. Patching operating system components for Amazon Relational Database Server (Amazon RDS)
B. Encrypting data on the client-side
C. Training the data center staff
D. Configuring Network Access Control Lists (ACL)
E. Maintaining environmental controls within a data center

Answer 28

Answer: BD

Question 29

29
Which is a recommended pattern for designing a highly available architecture on AWS?
A. Ensure that components have low-latency network connectivity.
B. Run enough Amazon EC2 instances to operate at peak load.
C. Ensure that the application is designed to accommodate failure of any single component.
D. Use a monolithic application that handles all operations.

Answer 29

Answer: C

Question 30

30
According to best practices how should an application be designed to run in the AWS Cloud?
A. Use tightly coupled components.
B. Use loosely coupled components.
C. Use infrequently coupled components.
D. Use frequently coupled components.

Answer 30

Answer: B

Question 31

31
AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Choose two.)
A. Implementing Amazon Rekognition
B. Using AWS Shield-protected resources
C. Blocking access with Security Groups
D. Using Multi-Factor Authentication (MFA)
E. Enforcing password strength and expiration

Answer 31

Answer: DE

Question 32

32
Which AWS services should be used for read/write of constantly changing data? (Choose two.) 
A. Amazon Glacier
B. Amazon RDS
C. AWS Snowball
D. Amazon Redshift
E. Amazon EFS

Answer 32

Answer: BE

Question 33

33
What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)?
A. It simplifies relational database administration tasks.
B. It provides 99.99999999999% reliability and durability.
C. It automatically scales databases for loads.
D. It enabled users to dynamically adjust CPU and RAM resources.

Answer 33

Answer: A

Question 34

34
A customer needs to run a MySQL database that easily scales. Which AWS service should they use?
A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon ElastiCache

Answer 34

Answer: A

Question 35

35
Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links?
A. Availability Zone
B. Edge location
C. Region
D. Private networking

Answer 35

Answer: A

Question 36

36
Which of the following is a shared control between the customer and AWS?
A. Providing a key for Amazon S3 client-side encryption
B. Configuration of an Amazon EC2 instance
C. Environmental controls of physical AWS data centers
D. Awareness and training

Answer 36

Answer: D

Question 37

37
How many Availability Zones should compute resources be provisioned across to achieve high availability?
A. A minimum of one
B. A minimum of two
C. A minimum of three
D. A minimum of four or more

Answer 37

Answer: B

Question 38

38
One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is:
A. it allows the business to eliminate IT bills.
B. it allows the business to put a server in each customer�s data center.
C. it allows the business to focus on business activities.
D. it allows the business to leave servers unpatched.

Answer 38

Answer: C

Question 39

39
What is the lowest-cost durable storage option for retaining database backups for immediate retrieval?
A. Amazon S3
B. Amazon Glacier
C. Amazon EBS
D. Amazon EC2 Instance Store

Answer 39

Answer: A

Question 40

40
Which AWS IAM feature allows developers to access AWS services through the AWS CLI?
A. API keys
B. Access keys
C. User names/Passwords
D. SSH keys

Answer 40

Answer: B

Question 41

41
Which of the following is a fast and reliable NoSQL database service? 
A. Amazon Redshift 
B. Amazon RDS 
C. Amazon DynamoDB
D. Amazon S3

Answer 41

Answer: C

Question 42

42
What is an example of agility in the AWS Cloud?
A. Access to multiple instance types
B. Access to managed services
C. Using Consolidated Billing to produce one bill
D. Decreased acquisition time for new compute resources

Answer 42

Answer: D

Question 43

43
Which service should a customer use to consolidate and centrally manage multiple AWS accounts?
A. AWS IAM
B. AWS Organizations
C. AWS Schema Conversion Tool
D. AWS Config

Answer 43

Answer: B

Question 44

44
What approach to transcoding a large number of individual video files adheres to AWS architecture principles?
A. Using many instances in parallel
B. Using a single large instance during off-peak hours
C. Using dedicated hardware
D. Using a large GPU instance type

Answer 44

Answer: A

Question 45

45
For which auditing process does AWS have sole responsibility?
A. AWS IAM policies
B. Physical security
C. Amazon S3 bucket policies
D. AWS CloudTrail Logs

Answer 45

Answer: B

Question 46

46
Which feature of the AWS Cloud will support an international company�s requirement for low latency to all of its customers?
A. Fault tolerance
B. Global reach
C. Pay-as-you-go pricing
D. High availability

Answer 46

Answer: B

Question 47

47
Which of the following is the customers responsibility under the AWS shared responsibility model? 
A. Patching underlying infrastructure 
B. Physical security 
C. Patching Amazon EC2 instances
D. Patching network infrastructure

Answer 47

Answer: C

Question 48

48
A customer is using multiple AWS accounts with separate billing. How can the customer take advantage of volume discounts with minimal impact to the AWS resources?
A. Create one global AWS acount and move all AWS resources to tha account.
B. Sign up for three years of Reserved Instance pricing up front.
C. Use the consolidated billing feature from AWS Organizations.
D. Sign up for the AWS Enterprise support plan to get volume discounts.

Answer 48

Answer: C

Question 49

49
Which of the following are features of Amazon CloudWatch Logs? (Choose two.)
A. Summaries by Amazon Simple Notification Service (Amazon SNS)
B. Free Amazon Elasticsearch Service analytics
C. Provided at no charge
D. Real-time monitoring
E. Adjustable retention

Answer 49

Answer: DE

Question 50

50
Which of the following is an AWS managed Domain Name System (DNS) web service?
A. Amazon Route 53
B. Amazon Neptune
C. Amazon SageMaker
D. Amazon Lightsail

Answer 50

Answer: A

Question 51

51
A customer is deploying a new application and needs to choose an AWS Region. Which of the following factors could influence the customer�s decision? (Choose two.)
A. Reduced latency to users
B. The application�s presentation in the local language
C. Data sovereignty compliance
D. Cooling costs in hotter climates
E. Proximity to the customer�s office for on-site visits

Answer 51

Answer: AC

Question 52

52
Which storage service can be used as a low-cost option for hosting static websites?
A. Amazon Glacier
B. Amazon DynamoDB
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Simple Storage Service (Amazon S3)

Answer 52

Answer: D

Question 53

53
Which Amazon EC2 instance pricing model can provide discounts of up to 90%?
A. Reserved Instances
B. On-Demand
C. Dedicated Hosts
D. Spot Instances

Answer 53

Answer: D

Question 54

54
What is the AWS customer responsible for according to the AWS shared responsibility model?
A. Physical access controls
B. Data encryption
C. Secure disposal of storage devices
D. Environmental risk management

Answer 54

Answer: B

Question 55

55
Which of the following AWS Cloud services can be used to run a customer-managed relational database?
A. Amazon EC2
B. Amazon Route 53
C. Amazon ElastiCache
D. Amazon DynamoDB

Answer 55

Answer: A

Question 56

56
A company is looking for a scalable data warehouse solution. Which of the following AWS solutions would meet the company�s needs?
A. Amazon Simple Storage Service (Amazon S3)
B. Amazon DynamoDB
C. Amazon Kinesis
D. Amazon Redshift

Answer 56

Answer: D

Question 57

57
Which statement best describes Elastic Load Balancing?
A. It translates a domain name into an IP address using DNS.
B. It distributes incoming application traffic across one or more Amazon EC2 instances.
C. It collects metrics on connected Amazon EC2 instances.
D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic.

Answer 57

Answer: B

Question 58

58
Which of the following are valid ways for a customer to interact with AWS services? (Choose two.)
A. Command line interface
B. On-premises
C. Software Development Kits
D. Software-as-a-service
E. Hybrid

Answer 58

Answer: AC

Question 59

59
The AWS Cloud�s multiple Regions are an example of:
A. agility.
B. global infrastructure.
C. elasticity.
D. pay-as-you-go pricing.

Answer 59

Answer: B

Question 60

60
Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Choose two.)
A. AWS Storage Gateway
B. Amazon S3
C. Amazon Elastic File System (EFS)
D. Amazon Glacier
E. Amazom CloudFront

Answer 60

Answer: BE

Question 61

61
Web servers running on Amazon EC2 access a legacy application running in a corporate data center. What term would describe this model?
A. Cloud-native
B. Partner network
C. Hybrid architecture
D. Infrastructure as a service

Answer 61

Answer: C

Question 62

62
What is the benefit of using AWS managed services such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)?
A. They require the customer to monitor and replace failing instances.
B. They have better performance than customer-managed services.
C. They simplify patching and updating underlying OSs.
D. They do not require the customer to optimize instance type or size selections.

Answer 62

Answer: C

Question 63

63
Which service provides a virtually unlimited amount of online highly durable object storage?
A. Amazon Redshift
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon S3

Answer 63

Answer: D

Question 64

64
Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS Command Line Interface (AWS CLI)?
A. IAM group
B. IAM user
C. IAM role
D. IAM policy

Answer 64

Answer: B

Question 65

65
Which of the following security-related services does AWS offer? (Choose two.)
A. Multi-factor authentication physical tokens
B. AWS Trusted Advisor security checks
C. Data encryption
D. Automated penetration testing
E. Amazon S3 copyrighted content detection

Answer 65

Answer: BC

Question 66

66
Which AWS managed service is used to host databases?
A. AWS Batch
B. AWS Artifact
C. AWS Data Pipeline
D. Amazon RDS

Answer 66

Answer: D

Question 67

67
Which AWS service provides a simple and scalable shared file storage solution for use with Linuxbased AWS and on-premises servers?
A. Amazon S3
B. Amazon Glacier
C. Amazon EBS
D. Amazon EFS

Answer 67

Answer: D

Question 68

68
When architecting cloud applications which of the following are a key design principle?
A. Use the largest instance possible
B. Provision capacity for peak load
C. Use the Scrum development process
D. Implement elasticity

Answer 68

Answer: D

Question 69

69
Which AWS service should be used for long-term low-cost storage of data backups?
A. Amazon RDS
B. Amazon Glacier
C. AWS Snowball
D. AWS EBS

Answer 69

Answer: B

Question 70

70
Under the shared responsibility model which of the following is a shared control between a customer and AWS?
A. Physical controls
B. Patch management
C. Zone security
D. Data center auditing

Answer 70

Answer: B

Question 71

71
Which AWS service allows companies to connect an Amazon VPC to an on-premises data center?
A. AWS VPN
B. Amazon Redshift
C. API Gateway
D. Amazon Direct Connect

Answer 71

Answer: D

Question 72

72
A company wants to reduce the physical compute footprint that developers use to run code. Which service would meet that need by enabling serverless architectures?
A. Amazon Elastic Compute Cloud (Amazon EC2)
B. AWS Lambda
C. Amazon DynamoDB
D. AWS CodeCommit

Answer 72

Answer: B

Question 73

73
Which AWS service provides alerts when an AWS event may impact a company�s AWS resources?
A. AWS Personal Health Dashboard
B. AWS Service Health Dashboard
C. AWS Trusted Advisor
D. AWS Infrastructure Event Management

Answer 73

Answer: A

Question 74

74
Which of the following are categories of AWS Trusted Advisor? (Choose two.)
A. Fault Tolerance
B. Instance Usage
C. Infrastructure
D. Performance
E. Storage Capacity

Answer 74

Answer: AD

Question 75

75
Which task is AWS responsible for in the shared responsibility model for security and compliance?
A. Granting access to individuals and services
B. Encrypting data in transit
C. Updating Amazon EC2 host firmware
D. Updating operating systems

Answer 75

Answer: C

Question 76

76
Where should a company go to search software listings from independent software vendors to find test buy and deploy software that runs on AWS?
A. AWS Marketplace
B. Amazon Lumberyard
C. AWS Artifact
D. Amazon CloudSearch

Answer 76

Answer: A

Question 77

77
Which of the following is a benefit of using the AWS Cloud?
A. Permissive security removes the administrative burden.
B. Ability to focus on revenue-generating activities.
C. Control over cloud network hardware.
D. Choice of specific cloud hardware vendors.

Answer 77

Answer: B

Question 78

78
When performing a cost analysis that supports physical isolation of a customer workload which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)?
A. Dedicated Hosts
B. Reserved Instances
C. On-Demand Instances
D. No Upfront Reserved Instances

Answer 78

Answer: A

Question 79

79
Which AWS service provides the ability to manage infrastructure as code?
A. AWS CodePipeline
B. AWS CodeDeploy
C. AWS Direct Connect
D. AWS CloudFormation

Answer 79

Answer: D

Question 80

80
If a customer needs to audit the change management of AWS resources which of the following AWS services should the customer use?
A. AWS Config
B. AWS Trusted Advisor
C. Amazon CloudWatch
D. Amazon Inspector

Answer 80

Answer: A

Question 81

81
What is Amazon CloudWatch?
A. A code repository with customizable build and team commit features.
B. A metrics repository with customizable notification thresholds and channels.
C. A security configuration repository with threat analytics.
D. A rule repository of a web application firewall with automated vulnerability prevention features.

Answer 81

Answer: B

Question 82

82
Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts?
A. AWS Server Migration Service
B. AWS Organizations
C. AWS Budgets
D. AWS Trusted Advisor

Answer 82

Answer: B

Question 83

83
Which of the following services could be used to deploy an application to servers running onpremises? (Choose two.)
A. AWS Elastic Beanstalk
B. AWS OpsWorks
C. AWS CodeDeploy
D. AWS Batch
E. AWS X-Ray

Answer 83

Answer: BC

Question 84

84
Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Convertible Reserved Instances

Answer 84

Answer: C

Question 85

85
Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Choose two.)
A. Use manual monitoring.
B. Use fixed servers.
C. Implement loose coupling.
D. Rely on individual components.
E. Design for scalability.

Answer 85

Answer: CE

Question 86

86
Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases?
A. Enterprise
B. Business
C. Developer
D. Basic

Answer 86

Answer: B

Question 87

87
Where can AWS compliance and certification reports be downloaded?
A. AWS Artifact
B. AWS Concierge
C. AWS Certificate Manager
D. AWS Trusted Advisor

Answer 87

Answer: A

Question 88

88
Which AWS service provides a customized view of the health of specific AWS services that power a customer�s workloads running on AWS?
A. AWS Service Health Dashboard
B. AWS X-Ray
C. AWS Personal Health Dashboard
D. Amazon CloudWatch

Answer 88

Answer: C

Question 89

89
Which of the following is an advantage of consolidated billing on AWS?
A. Volume pricing qualification
B. Shared access permissions
C. Multiple bills per account
D. Eliminates the need for tagging

Answer 89

Answer: A

Question 90

90
Which of the following steps should be taken by a customer when conducting penetration testing on AWS?
A. Conduct penetration testing using Amazon Inspector and then notify AWS support.
B. Request and wait for approval from the customer�s internal security team and then conduct testing.
C. Notify AWS support and then conduct testing immediately.
D. Request and wait for approval from AWS support and then conduct testing.

Answer 90

Answer: D

Question 91

91
Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon Machine Image
C. Amazon EC2 Systems Manager
D. Amazon AppStream 2.0

Answer 91

Answer: B

Question 92

92
How would an AWS customer easily apply common access controls to a large set of users?
A. Apply an IAM policy to an IAM group.
B. Apply an IAM policy to an IAM role.
C. Apply the same IAM policy to all IAM users with access to the same workload.
D. Apply an IAM policy to an Amazon Cognito user pool.

Answer 92

Answer: A

Question 93

93
What technology enables compute capacity to adjust as loads change?
A. Load balancing
B. Automatic failover
C. Round robin
D. Auto Scaling

Answer 93

Answer: D

Question 94

94
Which AWS services are defined as global instead of regional? (Choose two.)
A. Amazon Route 53
B. Amazon EC2
C. Amazon S3
D. Amazon CloudFront
E. Amazon DynamoDB

Answer 94

Answer: AD

Question 95

95
Which AWS service would you use to obtain compliance reports and certificates?
A. AWS Artifact
B. AWS Lambda
C. Amazon Inspector
D. AWS Certificate Manager

Answer 95

Answer: A

Question 96

96
Under the shared responsibility model which of the following tasks are the responsibility of the AWS customer? (Choose two.)
A. Ensuring that application data is encrypted at rest
B. Ensuring that AWS NTP servers are set to the correct time
C. Ensuring that users have received security training in the use of AWS services
D. Ensuring that access to data centers is restricted
E. Ensuring that hardware is disposed of properly

Answer 96

Answer: AC

Question 97

97
Which AWS service can be used to manually launch instances based on resource requirements?
A. Amazon EBS
B. Amazon S3
C. Amazon EC2
D. Amazon ECS

Answer 97

Answer: C

Question 98

98
A company is migrating an application that is running non-interruptible workloads for a three-year time frame. Which pricing construct would provide the MOST cost-effective solution?
A. Amazon EC2 Spot Instances
B. Amazon EC2 Dedicated Instances
C. Amazon EC2 On-Demand Instances
D. Amazon EC2 Reserved Instances

Answer 98

Answer: D

Question 99

99
The financial benefits of using AWS are: (Choose two.)
A. reduced Total Cost of Ownership (TCO).
B. increased capital expenditure (capex).
C. reduced operational expenditure (opex).
D. deferred payment plans for startups.
E. business credit lines for stratups.

Answer 99

Answer: AC

Question 100

100
Which AWS Cost Management tool allows you to view the most granular data about your AWS bill?
A. AWS Cost Explorer
B. AWS Budgets
C. AWS Cost and Usage report
D. AWS Billing dashboard

Answer 100

Answer: C

Question 101

101
Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? Choose 2
A. AWS Concierge
B. AWS CloudFormation
C. Amazon Simple Storage Service (Amazon S3)
D. Amazon EC2 Auto Scaling
E. AWS Management Console

Answer 101

Answer: BE

Question 102

102
Which of the following is an AWS Cloud architecture design principle?
A. Implement single points of failure.
B. Implement loose coupling.
C. Implement monolithic design.
D. Implement vertical scaling.

Answer 102

Answer: B

Question 103

103
Which of the following security measures protect access to an AWS account? (Choose two.)
A. Enable AWS CloudTrail.
B. Grant least privilege access to IAM users.
C. Create one IAM user and share with many developers and users.
D. Enable Amazon CloudFront.
E. Activate multi-factor authentication (MFA) for privileged users.

Answer 103

Answer: BE

Question 104

104
Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage?
A. Amazon Glacier
B. AWS Snowball
C. AWS Storage Gateway
D. Amazon Elastic Block Storage (Amazon EBS)

Answer 104

Answer: C

Question 105

105
Which of the following services falls under the responsibility of the customer to maintain operating system configuration security patching and networking?
A. Amazon RDS
B. Amazon EC2
C. Amazon ElastiCache
D. AWS Fargate

Answer 105

Answer: B

Question 106

106
Which of the following is an important architectural design principle when designing cloud applications?
A. Use multiple Availability Zones.
B. Use tightly coupled components.
C. Use open source software.
D. Provision extra capacity.

Answer 106

Answer: A

Question 107

107
Which AWS support plan includes a dedicated Technical Account Manager?
A. Developer
B. Enterprise
C. Business
D. Basic

Answer 107

Answer: B

Question 108

108
Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management?
A. AWS manages the data stored in Amazon RDS tables.
B. AWS manages the maintenance of the operating system.
C. AWS automatically scales up instance types on demand.
D. AWS manages the database type.

Answer 108

Answer: B

Question 109

109
Which service is best for storing common database query results which helps to alleviate database access load?
A. Amazon Machine Learning
B. Amazon SQS
C. Amazon ElastiCache
D. Amazon EC2 Instance Store

Answer 109

Answer: C

Question 110

110
Which of the following is a component of the shared responsibility model managed entirely by AWS?
A. Patching operating system software
B. Encrypting data
C. Enforcing multi-factor authentication
D. Auditing physical data center assets

Answer 110

Answer: D

Question 111

111
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Choose two.)
A. AWS Trusted Advisor
B. AWS Online Tech Talks
C. AWS Blog
D. AWS Forums
E. AWS Classroom Training

Answer 111

Answer: BE

Question 112

112
Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Choose two.)
A. Amazon CloudFront distributions
B. Amazon Route 53
C. Security Groups
D. Subnets
E. Elastic Load Balancing

Answer 112

Answer: CD

Question 113

113
If each department within a company has its own AWS account what is one way to enable consolidated billing? A.
Use AWS Budgets on each account to pay only to budget. B.
Contact AWS Support for a monthly bill. C.
Create an AWS Organization from the payer account and invite the other accounts to join. D.
Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket load data into Amazon Redshift and then run a billing report.

Answer 113

Answer: C

Question 114

114
How do customers benefit from Amazon�s massive economies of scale?
A. Periodic price reductions as the result of Amazon�s operational efficiencies
B. New Amazon EC2 instance types providing the latest hardware
C. The ability to scale up and down when needed
D. Increased reliability in the underlying hardware of Amazon EC2 instances

Answer 114

Answer: A

Question 115

115
Which AWS services can be used to gather information about AWS account activity? (Choose two.)
A. Amazon CloudFront
B. AWS Cloud9
C. AWS CloudTrail
D. AWS CloudHSM
E. Amazon CloudWatch

Answer 115

Answer: CE

Question 116

116
Which of the following common IT tasks can AWS cover to free up company IT resources? (Choose two.)
A. Patching databases software
B. Testing application releases
C. Backing up databases
D. Creating database schema
E. Running penetration tests

Answer 116

Answer: AC

Question 117

117
In which scenario should Amazon EC2 Spot Instances be used?
A. A company wants to move its main website to AWS from an on-premises web server.
B. A company has a number of application services whose Service Level Agreement (SLA) requires
99.999% uptime.
C. A companys heavily used legacy database is currently running on-premises.
D. A company has a number of infrequent interruptible jobs that are currently using On-Demand Instances.

Answer 117

Answer: D

Question 118

118
Which AWS feature should a customer leverage to achieve high availability of an application?
A. AWS Direct Connect
B. Availability Zones
C. Data centers
D. Amazon Virtual Private Cloud (Amazon VPC)

Answer 118

Answer: B

Question 119

119
Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs?
A. Enterprise
B. Business
C. Developer
D. Basic

Answer 119

Answer: A

Question 120

120
Which AWS service can serve a static website?
A. Amazon S3
B. Amazon Route 53
C. Amazon QuickSight
D. AWS X-Ray

Answer 120

Answer: A

Question 121

121
How does AWS shorten the time to provision IT resources?
A. It supplies an online IT ticketing platform for resource requests.
B. It supports automatic code validation services.
C. It provides the ability to programmatically provision existing resources.
D. It automates the resource request process from a company�s IT vendor list.

Answer 121

Answer: C

Question 122

122
What can AWS edge locations be used for? (Choose two.)
A. Hosting applications
B. Delivering content closer to users
C. Running NoSQL database caching services
D. Reducing traffic on the server by caching responses
E. Sending notification messages to end users

Answer 122

Answer: BD

Question 123

123
Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users?
A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups

Answer 123

Answer: C

Question 124

124
A solution that is able to support growth in users traffic or data size with no drop in performance aligns with which cloud architecture principle?
A. Think parallel
B. Implement elasticity
C. Decouple your components
D. Design for failure

Answer 124

Answer: B

Question 125

125
A company will be moving from an on-premises data center to the AWS Cloud. What would be one financial difference after the move?
A.
Moving from variable operational expense (opex) to upfront capital expense (capex).
B.
Moving from upfront capital expense (capex) to variable capital expense (capex).
C.
Moving from upfront capital expense (capex) to variable operational expense (opex).
D.
Elimination of upfront capital expense (capex) and elimination of variable operational expense (opex).

Answer 125

Answer: C

Question 126

126
How should a customer forecast the future costs for running a new web application?
A. Amazon Aurora Backtrack
B. Amazon CloudWatch Billing Alarms
C. AWS Simple Monthly Calculator
D. AWS Cost and Usage report

Answer 126

Answer: C

Question 127

127
Which is the MINIMUM AWS Support plan that provides technical support through phone calls?
A. Enterprise
B. Business
C. Developer
D. Basic

Answer 127

Answer: B

Question 128

128
Which of the following tasks is the responsibility of AWS?
A. Encrypting client-side data
B. Configuring AWS Identity and Access Management (IAM) roles
C. Securing the Amazon EC2 hypervisor
D. Setting user password policies

Answer 128

Answer: C

Question 129

129
One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is:
A. the ability to bid for a lower hourly cost.
B. paying a daily rate regardless of time used.
C. paying only for time used.
D. pre-paying for instances and paying a lower hourly rate.

Answer 129

Answer: C

Question 130

130
An administrator needs to rapidly deploy a popular IT solution and start using it immediately. Where can the administrator find assistance?
A. AWS Well-Architected Framework documentation
B. Amazon CloudFront
C. AWS CodeCommit
D. AWS Quick Start reference deployments

Answer 130

Answer: D

Question 131

131
Which of the following services is in the category of AWS serverless platform?
A. Amazon EMR
B. Elastic Load Balancing
C. AWS Lambda
D. AWS Mobile Hub

Answer 131

Answer: C

Question 132

132
Which services are parts of the AWS serverless platform?
A. Amazon EC2 Amazon S3 Amazon Athena
B. Amazon Kinesis Amazon SQS Amazon EMR
C. AWS Step Functions Amazon DynamoDB Amazon SNS
D. Amazon Athena Amazon Cognito Amazon EC2

Answer 132

Answer: C

Question 133

133
According to the AWS shared responsibility model what is the sole responsibility of AWS?
A. Application security
B. Edge location management
C. Patch management
D. Client-side data

Answer 133

Answer: B

Question 134

134
Which AWS IAM feature is used to associate a set of permissions with multiple users?
A. Multi-factor authentication
B. Groups
C. Password policies
D. Access keys

Answer 134

Answer: B

Question 135

135
Which of the following are benefits of the AWS Cloud? (Choose two.)
A. Unlimited uptime
B. Elasticity
C. Agility
D. Colocation
E. Capital expenses

Answer 135

Answer: BC

Question 136

136
Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?
A. Amazon Connect
B. AWS Directory Service
C. Amazon Pinpoint
D. Amazon Rekognition

Answer 136

Answer: B

Question 137

137
What are the multiple isolated locations within an AWS Region that are connected by low-latency networks called? A.
AWS Direct Connects B.
Amazon VPCs C.
Edge locations D.
Amazon AWS Certified Cloud Practitioner Exam Availability Zones

Answer 137

Answer: D

Question 138

138
Which of the following benefits does the AWS Compliance program provide to AWS customers? (Choose two.)
A. It verifies that hosted workloads are automatically compliant with the controls of supported compliance frameworks.
B. AWS is responsible for the maintenance of common compliance framework documentation.
C. It assures customers that AWS is maintaining physical security and data protection.
D. It ensures the use of compliance frameworks that are being used by other cloud providers.
E. It will adopt new compliance frameworks as they become relevant to customer workloads.

Answer 138

Answer: BC

Question 139

139
Which of the following services provides on-demand access to AWS compliance reports?
A. AWS IAM
B. AWS Artifact
C. Amazon GuardDuty
D. AWS KMS

Answer 139

Answer: B

Question 140

140
As part of the AWS shared responsibility model which of the following operational controls do users fully inherit from AWS?
A. Security management of data center
B. Patch management
C. Configuration management
D. User and access management

Answer 140

Answer: A

Question 141

141
When comparing AWS Cloud with on-premises Total Cost of Ownership which expenses must be considered? (Choose two.)
A. Software development
B. Project management
C. Storage hardware
D. Physical servers
E. Antivirus software license

Answer 141

Answer: CD

Question 142

142
Under the shared responsibility model which of the following tasks are the responsibility of the customer? (Choose two.)
A. Maintaining the underlying Amazon EC2 hardware.
B. Amazon AWS Certified Cloud Practitioner Exam Managing the VPC network access control lists.
C. Encrypting data in transit and at rest.
D. Replacing failed hard disk drives.
E. Deploying hardware in different Availability Zones.

Answer 142

Answer: BC

Question 143

143
Which scenarios represent the concept of elasticity on AWS? (Choose two.)
A. Scaling the number of Amazon EC2 instances based on traffic.
B. Resizing Amazon RDS instances as business needs change.
C. Automatically directing traffic to less-utilized Amazon EC2 instances.
D. Using AWS compliance documents to accelerate the compliance process.
E. Having the ability to create and govern environments using code.

Answer 143

Answer: AB

Question 144

144
When is it beneficial for a company to use a Spot Instance?
A. When there is flexibility in when an application needs to run.
B. When there are mission-critical workloads.
C. When dedicated capacity is needed.
D. When an instance should not be stopped.

Answer 144

Answer: A

Question 145

145
A company is considering moving its on-premises data center to AWS. What factors should be included in doing a Total Cost of Ownership (TCO) analysis? (Choose two.)
A. Amazon EC2 instance availability
B. Power consumption of the data center
C. Labor costs to replace old servers
D. Application developer time
E. Database engine capacity

Answer 145

Answer: BC

Question 146

146
How does AWS charge for AWS Lambda?
A. Users bid on the maximum price they are willing to pay per hour.
B. Users choose a 1- 3- or 5-year upfront payment term.
C. Users pay for the required permanent storage on a file system or in a database.
D. Users pay based on the number of requests and consumed compute resources.

Answer 146

Answer: D

Question 147

147
What function do security groups serve related to Amazon Elastic Compute Cloud (Amazon EC2) instance security?
A. Act as a virtual firewall for the Amazon EC2 instance.
B. Secure AWS user accounts with AWS Identity and Access Management (IAM) policies.
C. Provide DDoS protection with AWS Shield.
D. Use Amazon CloudFront to protect the Amazon EC2 instance.

Answer 147

Answer: A

Question 148

148
Which disaster recovery scenario offers the lowest probability of down time?
A. Backup and restore
B. Pilot light
C. Warm standby
D. Multi-site active-active

Answer 148

Answer: D

Question 149

149
What will help a company perform a cost benefit analysis of migrating to the AWS Cloud?
A. Cost Explorer
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Simple Monthly Calculator
D. AWS Trusted Advisor

Answer 149

Answer: B

Question 150

150
Which of the following provides the ability to share the cost benefits of Reserved Instances across AWS accounts?
A. AWS Cost Explorer between AWS accounts
B. Linked accounts and consolidated billing
C. Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report
D. Amazon EC2 Instance Usage Report between AWS accounts

Answer 150

Answer: B

Question 151

151
A company has multiple AWS accounts and wants to simplify and consolidate its billing process. Which AWS service will achieve this?
A. AWS Cost and Usage Reports
B. AWS Organizations
C. AWS Cost Explorer
D. AWS Budgets

Answer 151

Answer: B

Question 152

152
A company is designing an application hosted in a single AWS Region serving end-users spread across the world. The company wants to provide the end-users low latency access to the
application data. Which of the following services will help fulfill this requirement?
A. Amazon CloudFront
B. AWS Direct Connect
C. Amazon Route 53 global DNS
D. Amazon Simple Storage Service (Amazon S3) transfer acceleration

Answer 152

Answer: A

Question 153

153
Which of the following deployment models enables customers to fully trade their capital IT expenses for operational expenses?
A. On-premises
B. Hybrid
C. Cloud
D. Platform as a service

Answer 153

Answer: C

Question 154

154
How is asset management on AWS easier than asset management in a physical data center?
A.
AWS provides a Configuration Management Database that users can maintain.
B.
AWS performs infrastructure discovery scans on the customer�s behalf.
C.
Amazon EC2 automatically generates an asset report and places it in the customer�s specified Amazon S3 bucket.
D. Users can gather asset metadata reliably with a few API calls.

Answer 154

Answer: B

Question 155

155
What feature of Amazon RDS helps to create globally redundant databases?
A. Snapshots
B. Automatic patching and updating
C. Cross-Region read replicas
D. Provisioned IOPS

Answer 155

Answer: C

Question 156

156
Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:
A. restricted access.
B. as-needed access.
C. least privilege access.
D. token access.

Answer 156

Answer: C

Question 157

157
Which methods can be used to identify AWS costs by departments? (Choose two.)
A. Enable multi-factor authentication for the AWS account root user.
B. Create separate accounts for each department.
C. Use Reserved Instances whenever possible.
D. Use tags to associate each instance with a particular department.
E. Pay bills using purchase orders.

Answer 157

Answer: BD

Question 158

158
Under the AWS shared responsibility model customer responsibilities include which one of the following?
A. Securing the hardware software facilities and networks that run all products and services.
B. Providing certificates reports and other documentation directly to AWS customers under NDA.
C. Configuring the operating system network and firewall.
D. Obtaining industry certifications and independent third-party attestations.

Answer 158

Answer: C

Question 159

159
Which managed AWS service provides real-time guidance on AWS security best practices?
A. AWS X-Ray
B. AWS Trusted Advisor
C. Amazon CloudWatch
D. AWS Systems Manager

Answer 159

Answer: B

Question 160

160
Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads?
A. Resource groups
B. Lifecycle policies
C. Application Load Balancer
D. Amazon EC2 Auto Scaling

Answer 160

Answer: D

Question 161

161
Under the AWS shared responsibility model customers are responsible for which aspects of security in the cloud? (Choose two.)
A. Virtualization Management
B. Hardware management
C. Encryption management
D. Facilities management
E. Firewall management

Answer 161

Answer: CE

Question 162

162
Which AWS hybrid storage service enables your on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols?
A. AWS Direct Connect
B. AWS Snowball
C. AWS Storage Gateway
D. AWS Snowball Edge

Answer 162

Answer: C

Question 163

163
What is a responsibility of AWS in the shared responsibility model?
A. Updating the network ACLs to block traffic to vulnerable ports.
B. Patching operating systems running on Amazon EC2 instances.
C. Updating the firmware on the underlying EC2 hosts.
D. Updating the security group rules to block traffic to the vulnerable ports.

Answer 163

Answer: C

Question 164

164
Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode?
A. Implement loose coupling.
B. Design for failure.
C. Automate everything that can be automated.
D. Use services not servers.

Answer 164

Answer: B

Question 165

165
What does it mean to grant least privilege to AWS IAM users?
A. It is granting permissions to a single user only.
B. It is granting permissions using AWS IAM policies only.
C. It is granting AdministratorAccess policy permissions to trustworthy users.
D. It is granting only the permissions required to perform a given task.

Answer 165

Answer: D

Question 166

166
What is a benefit of loose coupling as a principle of cloud architecture design?
A. It facilitates low-latency request handling.
B. It allows applications to have dependent workflows.
C. It prevents cascading failures between different components.
D. It allows companies to focus on their physical data center operations.

Answer 166

Answer: C

Question 167

167
A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet. Which service will facilitate private hybrid connectivity?
A. Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway
B. AWS Direct Connect
C. Amazon Simple Storage Service (Amazon S3) Transfer Acceleration
D. AWS Web Application Firewall (AWS WAF)

Answer 167

Answer: B

Question 168

168
A company�s web application currently has tight dependencies on underlying components so when one component fails the entire web application fails. Applying which AWS Cloud design principle will address the current design issue?
A. Implementing elasticity enabling the application to scale up or scale down as demand changes.
B. Enabling several EC2 instances to run in parallel to achieve better performance.
C. Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail.
D. Doubling EC2 computing resources to increase system fault tolerance.

Answer 168

Answer: C

Question 169

169
How can a customer increase security to AWS account logons? (Choose two.)
A. Configure AWS Certificate Manager
B. Enable Multi-Factor Authentication (MFA)
C. Use Amazon Cognito to manage access
D. Configure a strong password policy
E. Enable AWS Organizations

Answer 169

Answer: BC

Question 170

170
What AWS service would be used to centrally manage AWS access across multiple accounts?
A. AWS Service Catalog
B. AWS Config
C. AWS Trusted Advisor
D. AWS Organizations

Answer 170

Answer: D

Question 171

171
Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount?
A. AWS Cost and Usage reports
B. AWS Budgets
C. AWS Cost Explorer
D. AWS Trusted Advisor

Answer 171

Answer: B

Question 172

172
What can users access from AWS Artifact?
A. AWS security and compliance documents
B. A download of configuration management details for all AWS resources
C. Training materials for AWS services
D. A security assessment of the applications deployed in the AWS Cloud

Answer 172

Answer: A

Question 173

173
What is the MINIMUM AWS Support plan that provides designated Technical Account Managers?
A. Enterprise
B. Business
C. Developer
D. Basic

Answer 173

Answer: A

Question 174

174
Which of the following is an AWS Well-Architected Framework design principle related to reliability?
A. Deployment to a single Availability Zone
B. Ability to recover from failure
C. Design for cost optimization
D. Perform operations as code

Answer 174

Answer: B

Question 175

175
Which type of AWS storage is ephemeral and is deleted when an instance is stopped or terminated?
A. Amazon EBS
B. Amazon EC2 instance store
C. Amazon EFS
D. Amazon S3

Answer 175

Answer: B

Question 176

176
What is an advantage of using the AWS Cloud over a traditional on-premises solution?
A. Users do not have to guess about future capacity needs.
B. Users can utilize existing hardware contracts for purchases.
C. Users can fix costs no matter what their traffic is.
D. Users can avoid audits by using reports from AWS.

Answer 176

Answer: A

Question 177

177
Which of the following is an AWS-managed compute service?
A. Amazon SWF
B. Amazon EC2
C. AWS Lambda
D. Amazon Aurora

Answer 177

Answer: B

Question 178

178
Which of the following is an important architectural principle when designing cloud applications?
A. Store data and backups in the same region.
B. Design tightly coupled system components.
C. Avoid multi-threading.
D. Design for failure.

Answer 178

Answer: D

Question 179

179
Which mechanism allows developers to access AWS services from application code?
A. AWS Software Development Kit
B. AWS Management Console
C. AWS CodePipeline
D. AWS Config

Answer 179

Answer: A

Question 180

180
Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances

Answer 180

Answer: A

Question 181

181
Which of the following services is a MySQL-compatible database that automatically grows storage as needed?

A. Amazon Elastic Compute Cloud (Amazon EC2)
B. Amazon Relational Database Service (Amazon RDS) for MySQL
C. Amazon Lightsail
D. Amazon Aurora

Answer 181

Answer: D

Question 182

182
Which Amazon Virtual Private Cloud (Amazon VPC) feature enables users to connect two VPCs together?
A. Amazon VPC endpoints
B. Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink
C. Amazon VPC peering
D. AWS Direct Connect

Answer 182

Answer: C

Question 183

183
Which service�s PRIMARY purpose is software version control?
A. Amazon CodeStar
B. AWS Command Line Interface (AWS CLI)
C. Amazon Cognito
D. AWS CodeCommit

Answer 183

Answer: D

Question 184

184
A company is considering migrating its applications to AWS. The company wants to compare the cost of running the workload on-premises to running the equivalent workload on the AWS platform. Which tool can be used to perform this comparison?
A. AWS Simple Monthly Calculator
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Billing and Cost Management console
D. Cost Explorer

Answer 184

Answer: B

Question 185

185
Which AWS service provides a secure fast and cost-effective way to migrate or transport exabyte-scale datasets into AWS?
A. AWS Batch
B. AWS Snowball
C. AWS Migration Hub
D. AWS Snowmobile

Answer 185

Answer: D

Question 186

186
Which of the following BEST describe the AWS pricing model? (Choose two.)
A. Fixed-term
B. Pay-as-you-go
C. Colocation
D. Planned
E. Variable cost

Answer 186

Answer: BE

Question 187

187
Which load balancer types are available with Elastic Load Balancing (ELB)? (Choose two.)
A. Public load balancers with AWS Application Auto Scaling capabilities
B. F5 Big-IP and Citrix NetScaler load balancers
C. Classic Load Balancers
D. Cross-zone load balancers with public and private IPs
E. Application Load Balancers

Answer 187

Answer: CE

Question 188

188
Why should a company choose AWS instead of a traditional data center?
A. AWS provides users with full control over the underlying resources.
B. AWS does not require long-term contracts and provides a pay-as-you-go model.
C. AWS offers edge locations in every country supporting global reach.
D. AWS has no limits on the number of resources that can be created.

Answer 188

Answer: B

Question 189

189
Which solution provides the FASTEST application response times to frequently accessed data to users in multiple AWS Regions?
A. AWS CloudTrail across multiple Availability Zones
B. Amazon CloudFront to edge locations
C. AWS CloudFormation in multiple regions
D. A virtual private gateway over AWS Direct Connect

Answer 189

Answer: B

Question 190

190
Which AWS service provides a self-service portal for on-demand access to AWS compliance reports?
A. AWS Config
B. AWS Certificate Manager
C. Amazon Inspector
D. AWS Artifact

Answer 190

Answer: D

Question 191

191
Which of the following AWS services can be used to run a self-managed database?
A. Amazon Route 53
B. AWS X-Ray
C. AWS Snowmobile
D. Amazon Elastic Compute Cloud (Amazon EC2)

Answer 191

Answer: D

Question 192

192
What exclusive benefit is provided to users with Enterprise Support?
A. Access to a Technical Project Manager
B. Access to a Technical Account Manager
C. Access to a Cloud Support Engineer
D. Access to a Solutions Architect

Answer 192

Answer: B

Question 193

193
How can a user protect against AWS service disruptions if a natural disaster affects an entire geographic area?
A. Deploy applications across multiple Availability Zones within an AWS Region.
B. Use a hybrid cloud computing deployment model within the geographic area.
C. Deploy applications across multiple AWS Regions.
D. Store application artifacts using AWS Artifact and replicate them across multiple AWS Regions.

Answer 193

Answer: C

Question 194

194
How does AWS MOST effectively reduce computing costs for a growing start-up company?
A. It provides on-demand resources for peak usage.
B. It automates the provisioning of individual developer environments.
C. It automates customer relationship management.
D. It implements a fixed monthly computing budget.

Answer 194

Answer: A

Question 195

195
A startup is working on a new application that needs to go to market quickly. The application requirements may need to be adjusted in the near future. Which of the following is a characteristic of the AWS Cloud that would meet this specific need?
A. Elasticity
B. Reliability
C. Performance
D. Agility

Answer 195

Answer: D

Question 196

196
Which AWS Support plan provides a full set of AWS Trusted Advisor checks?
A. Business and Developer Support
B. Business and Basic Support
C. Enterprise and Developer Support
D. Enterprise and Business Support

Answer 196

Answer: D

Question 197

197
Which of the following services have Distributed Denial of Service (DDoS) mitigation features? (Choose two.)
A. AWS WAF
B. Amazon DynamoDB
C. Amazon EC2
D. Amazon CloudFront
E. Amazon Inspector

Answer 197

Answer: AD

Question 198

198
When building a cloud Total Cost of Ownership (TCO) model which cost elements should be considered for workloads running on AWS? (Choose three.)
A. Compute costs
B. Facilities costs
C. Storage costs
D. Data transfer costs
E. Network infrastructure costs
F. Hardware lifecycle costs

Answer 198

Answer: ACE

Question 199

199
What time-savings advantage is offered with the use of Amazon Rekognition?

A.
Amazon Rekognition provides automatic watermarking of images.
B.
Amazon Rekognition provides automatic detection of objects appearing in pictures.
C.
Amazon Rekognition provides the ability to resize millions of images automatically.
D.
Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection jobs.

Answer 199

Answer: B

Question 200

200
When comparing AWS with on-premises Total Cost of Ownership (TCO) what costs are included?
A. Data center security
B. Business analysis
C. Project management
D. Operating system administration

Answer 200

Answer: A

Question 201

201
According to the AWS shared responsibility model what is AWS responsible for?
A. Configuring Amazon VPC
B. Managing application code
C. Maintaining application traffic
D. Managing the network infrastructure

Answer 201

Answer: D

Question 202

202
Which service should be used to estimate the costs of running a new project on AWS?
A. AWS TCO Calculator
B. AWS Simple Monthly Calculator
C. AWS Cost Explorer API
D. AWS Budgets

Answer 202

Answer: B

Question 203

203
Which AWS tool will identify security groups that grant unrestricted Internet access to a limited list of ports? A.
AWS Organizations B.
AWS Trusted Advisor C.
AWS Usage Report D.
Amazon AWS Certified Cloud Practitioner Exam Amazon EC2 dashboard

Answer 203

Answer: B

Question 204

204
Which AWS service can be used to generate alerts based on an estimated monthly bill?
A. AWS Config
B. Amazon CloudWatch
C. AWS X-Ray
D. AWS CloudTrail

Answer 204

Answer: B

Question 205

205
Which Amazon EC2 pricing model offers the MOST significant discount when compared to On- Demand Instances?
A. Partial Upfront Reserved Instances for a 1-year term
B. All Upfront Reserved Instances for a 1-year term
C. All Upfront Reserved Instances for a 3-year term
D. No Upfront Reserved Instances for a 3-year term

Answer 205

Answer: C

Question 206

206
Which of the following is the responsibility of AWS?
A. Setting up AWS Identity and Access Management (IAM) users and groups
B. Physically destroying storage media at end of life
C. Patching guest operating systems
D. Configuring security settings on Amazon EC2 instances

Answer 206

Answer: B

Question 207

207
Which of the following is an advantage of using AWS?
A. AWS audits user data.
B. Data is automatically secure.
C. There is no guessing on capacity needs.
D. AWS manages compliance needs.

Answer 207

Answer: C

Question 208

208
Which AWS service would a customer use with a static website to achieve lower latency and high transfer speeds?
A. AWS Lambda
B. Amazon DynamoDB Accelerator
C. Amazon Route 53
D. Amazon CloudFront

Answer 208

Answer: D

Question 209

209
Which services manage and automate application deployments on AWS? (Choose two.)
A. AWS Elastic Beanstalk
B. AWS CodeCommit
C. AWS Data Pipeline
D. AWS CloudFormation
E. AWS Config

Answer 209

Answer: AD

Question 210

210
A user wants guidance on possible savings when migrating from on-premises to AWS. Which tool is suitable for this scenario?
A. AWS Budgets
B. Cost Explorer
C. AWS Total Cost of Ownership (TCO) Calculator
D. AWS Well-Architected Tool

Answer 210

Answer: C

Question 211

211
Which principles are used to architect applications for reliability on the AWS Cloud? (Choose two.)
A. Design for automated failure recovery
B. Use multiple Availability Zones
C. Manage changes via documented processes
D. Test for moderate demand to ensure reliability
E. Backup recovery to an on-premises environment

Answer 211

Answer: AB

Question 212

212
What tasks should a customer perform when that customer suspects an AWS account has been compromised? (Choose two.)
A. Rotate passwords and access keys.
B. Remove MFA tokens.
C. Move resources to a different AWS Region.
D. Delete AWS CloudTrail Resources.
E. Contact AWS Support.

Answer 212

Answer: AE

Question 213

213
What is an example of high availability in the AWS Cloud?
A. Consulting AWS technical support at any time day or night
B. Ensuring an application remains accessible even if a resource fails
C. Making any AWS service available for use by paying on demand
D. Deploying in any part of the world using AWS Regions

Answer 213

Answer: B

Question 214

214
Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations?
A. Amazon Inspector
B. AWS Web Application Firewall (AWS WAF)
C. Elastic Load Balancing (ELB)
D. AWS Shield

Answer 214

Answer: D

Question 215

215
A company wants to monitor the CPU usage of its Amazon EC2 resources. Which AWS service should the company use?
A. AWS CloudTrail
B. Amazon CloudWatch
C. AWS Cost and Usage report
D. Amazon Simple Notification Service (Amazon SNS)

Answer 215

Answer: B

Question 216

216
What is an AWS Identity and Access Management (IAM) role?
A. A user associated with an AWS resource
B. A group associated with an AWS resource
C. An entity that defines a set of permissions for use with an AWS resource
D. An authentication credential associated with a multi-factor authentication (MFA) token

Answer 216

Answer: C

Question 217

217
What are the advantages of Reserved Instances? (Choose two.)
A. They provide a discount over on-demand pricing.
B. They provide access to additional instance types.
C. They provide additional networking capability.
D. Customers can upgrade instances as new types become available.
E. Customers can reserve capacity in an Availability Zone.

Answer 217

Answer: AE

Question 218

218
How do Amazon EC2 Auto Scaling groups help achieve high availability for a web application? A. They automatically add more instances across multiple AWS Regions based on global demand of
the application. B.
They automatically add or replace instances across multiple Availability Zones when the application needs it.
C. They enable the application’s static content to reside closer to end users.
D. They are able to distribute incoming requests across a tier of web server instances.

Answer 218

Answer: B

Question 219

219
How can one AWS account use Reserved Instances from another AWS account?
A. By using Amazon EC2 Dedicated Instances
B. By using AWS Organizations consolidated billing
C. By using the AWS Cost Explorer tool
D. By using AWS Budgets

Answer 219

Answer: B

Question 220

220
A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours 5 minutes and 6 seconds. For how much time will the customer be billed?
A. 3 hours 5 minutes
B. 3 hours 5 minutes and 6 seconds
C. 3 hours 6 minutes
D. 4 hours

Answer 220

Answer: B

Question 221

221
Which of the following AWS services provide compute resources? (Choose two.)
A. Amazon AWS Certified Cloud Practitioner Exam AWS Lambda
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS CodeDeploy
D. Amazon Glacier
E. AWS Organizations

Answer 221

Answer: AB

Question 222

222
Which AWS service enables users to deploy infrastructure as code by automating the process of provisioning resources?
A. Amazon GameLift
B. AWS CloudFormation
C. AWS Data Pipeline
D. AWS Glue

Answer 222

Answer: B

Question 223

223
Which AWS services provide a way to extend an on-premises architecture to the AWS Cloud? (Choose two.)
A. Amazon EBS
B. AWS Direct Connect
C. Amazon CloudFront
D. AWS Storage Gateway
E. Amazon Connect

Answer 223

Answer: BD

Question 224

224
Which of the following allows users to provision a dedicated network connection from their internal network to AWS?
A. AWS CloudHSM
B. AWS Direct Connect
C. AWS VPN
D. Amazon Connect

Answer 224

Answer: B

Question 225

225
Which services use AWS edge locations? (Choose two.)
A. Amazon CloudFront
B. AWS Shield
C. Amazon EC2
D. Amazon RDS
E. Amazon ElastiCache

Answer 225

Answer: AB

Question 226

226
Which service would provide network connectivity in a hybrid architecture that includes the AWS Cloud?
A. Amazon VPC
B. AWS Direct Connect
C. AWS Directory Service
D. Amazon API Gateway

Answer 226

Answer: B

Question 227

227
Which tool can be used to compare the costs of running a web application in a traditional hosting environment to running it on AWS?
A. AWS Cost Explorer
B. AWS Budgets
C. AWS Cost and Usage report
D. AWS Total Cost of Ownership (TCO) Calculator

Answer 227

Answer: D

Question 228

228
What is the value of using third-party software from AWS Marketplace instead of installing thirdparty software on Amazon EC2? (Choose two.)
A. Users pay for software by the hour or month depending on licensing.
B. AWS Marketplace enables the user to launch applications with 1-Click.
C. AWS Marketplace data encryption is managed by a third-party vendor.
D. AWS Marketplace eliminates the need to upgrade to newer software versions.
E. Users can deploy third-party software without testing.

Answer 228

Answer: AB

Question 229

229
Which of the following is a cloud architectural design principle?
A. Scale up not out.
B. Loosely couple components.
C. Build monolithic systems.
D. Use commercial database software.

Answer 229

Answer: B

Question 230

230
Under the shared responsibility model; which of the following areas are the customer’s responsibility? (Choose two.)
A. Firmware upgrades of network infrastructure
B. Patching of operating systems
C. Patching of the underlying hypervisor
D. Physical security of data centers
E. Configuration of the security group

Answer 230

Answer: BE

Question 231

231
Which service enables customers to audit and monitor changes in AWS resources?
A. AWS Trusted Advisor
B. Amazon GuardDuty
C. Amazon Inspector
D. AWS Config

Answer 231

Answer: D

Question 232

232
Which AWS service identifies security groups that allow unrestricted access to a user�s AWS resources?
A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon CloudWatch
D. Amazon Inspector

Answer 232

Answer: B

Question 233

233
According to the AWS shared responsibility model who is responsible for configuration management?
A. It is solely the responsibility of the customer.
B. It is solely the responsibility of AWS.
C. It is shared between AWS and the customer.
D. It is not part of the AWS shared responsibility model.

Answer 233

Answer: C

Question 234

234
Which AWS service is a content delivery network that securely delivers data video and applications to users globally with low latency and high speeds?
A. AWS CloudFormation
B. AWS Direct Connect
C. Amazon CloudFront
D. Amazon Pinpoint

Answer 234

Answer: C

Question 235

235
Which benefit of the AWS Cloud supports matching the supply of resources with changing workload demands?
A. Security
B. Reliability
C. Elasticity
D. High availability

Answer 235

Answer: C

Question 236

236
A user is running an application on AWS and notices that one or more AWS-owned IP addresses is involved in a distributed denial-of-service (DDoS) attack. Who should the user contact FIRST about this situation?
A. AWS Premium Support
B. AWS Technical Account Manager
C. AWS Solutions Architect
D. AWS Abuse team

Answer 236

Answer: D

Question 237

237
Which of the following are benefits of hosting infrastructure in the AWS Cloud? (Choose two.)
A. There are no upfront commitments.
B. AWS manages all security in the cloud.
C. Users have the ability to provision resources on demand.
D. Users have access to free and unlimited storage.
E. Users have control over the physical infrastructure.

Answer 237

Answer: AC

Question 238

238
Access keys in AWS Identity and Access Management (IAM) are used to:
A. log in to the AWS Management Console.
B. make programmatic calls to AWS from AWS APIs.
C. log in to Amazon EC2 instances.
D. authenticate to AWS CodeCommit repositories.

Answer 238

Answer: B

Question 239

239
What is AWS Trusted Advisor?
A. It is an AWS staff member who provides recommendations and best practices on how to use AWS.
B. It is a network of AWS partners who provide recommendations and best practices on how to use AWS.
C. It is an online tool with a set of automated checks that provides recommendations on cost
optimization performance and security.
D. It is another name for AWS Technical Account Managers who provide recommendations on cost optimization performance and security.

Answer 239

Answer: C

Question 240

240
Which AWS service or feature allows a company to visualize understand and manage AWS costs and usage over time?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Organizations
D. Consolidated billing

Answer 240

Answer: B

Question 241

241
Which AWS service offers on-demand access to AWS security and compliance reports?
A. AWS CloudTrail
B. AWS Artifact
C. AWS Health
D. Amazon CloudWatch

Answer 241

Answer: B

Question 242

242
What are the benefits of using the AWS Cloud for companies with customers in many countries around the world? (Choose two.)
A. Companies can deploy applications in multiple AWS Regions to reduce latency.
B. Amazon Translate automatically translates third-party website interfaces into multiple languages.
C. Amazon CloudFront has multiple edge locations around the world to reduce latency.
D. Amazon Comprehend allows users to build applications that can respond to user requests in many languages.
E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world which reduces latency.

Answer 242

Answer: AC

Question 243

243
Which AWS service handles the deployment details of capacity provisioning load balancing Auto Scaling and application health monitoring?
A. AWS Config
B. AWS Elastic Beanstalk
C. Amazon Route 53
D. Amazon CloudFront

Answer 243

Answer: B

Question 244

244
Which AWS service provides inbound and outbound network ACLs to harden external connectivity to Amazon EC2?
A. AWS IAM
B. Amazon Connect
C. Amazon VPC
D. Amazon API Gateway

Answer 244

Answer: C

Question 245

245
When a company provisions web servers in multiple AWS Regions what is being increased?
A. Coupling
B. Availability
C. Security
D. Durability

Answer 245

Answer: B

Question 246

246
The pay-as-you-go pricing model for AWS services:
A. reduces capital expenditures.
B. requires payment up front for AWS services.
C. is relevant only for Amazon EC2 Amazon S3 and Amazon RDS.
D. reduces operational expenditures.

Answer 246

Answer: A

Question 247

247
Under the AWS shared responsibility model AWS is responsible for which security-related task?
A. Lifecycle management of IAM credentials
B. Physical security of global infrastructure
C. Encryption of Amazon EBS volumes
D. Firewall configuration

Answer 247

Answer: B

Question 248

248
Which AWS service enables users to consolidate billing across multiple accounts?
A. Amazon QuickSight
B. AWS Organizations
C. AWS Budgets
D. Amazon Forecast

Answer 248

Answer: B

Question 249

249
Under the AWS shared responsibility model which of the following is an example of security in the AWS Cloud? A.
Managing edge locations B.
Physical security C.
Firewall configuration D.
Amazon AWS Certified Cloud Practitioner Exam Global infrastructure

Answer 249

Answer: B

Question 250

250
How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS?
A. AWS Senior Support Engineers
B. AWS Technical Account Managers
C. AWS Trusted Advisor
D. AWS Discussion Forums

Answer 250

Answer: D

Question 251

251
Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)
A. Multiple Availability Zones
B. Performance efficiency
C. Security
D. Encryption usage
E. High availability

Answer 251

Answer: BC

Question 252

252
After selecting an Amazon EC2 Dedicated Host reservation which pricing option would provide the largest discount?
A. No upfront payment
B. Hourly on-demand payment
C. Partial upfront payment
D. All upfront payment

Answer 252

Answer: D

Question 253

253
What is an advantage of deploying an application across multiple Availability Zones?
A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS Region.
B.
Amazon AWS Certified Cloud Practitioner Exam The application will have higher availability because it can withstand a service disruption in one Availability Zone.
C.
There will be better coverage as Availability Zones are geographically distant and can serve a wider area.
D. There will be decreased application latency that will improve the user experience.

Answer 253

Answer: B

Question 254

254
A Cloud Practitioner is asked how to estimate the cost of using a new application on AWS. What is the MOST appropriate response?
A. Inform the user that AWS pricing allows for on-demand pricing.
B. Direct the user to the AWS Simple Monthly Calculator for an estimate.
C. Use Amazon QuickSight to analyze current spending on-premises.
D. Use Amazon AppStream 2.0 for real-time pricing analytics.

Answer 254

Answer: B

Question 255

255
A company wants to migrate its applications to a VPC on AWS. These applications will need to access on-premises resources. What combination of actions will enable the company to accomplish this goal? (Choose two.)
A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated.
B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC.
C. Use Amazon Athena to query data from the on-premises database servers.
D. Connect the company�s on-premises data center to AWS using AWS Direct Connect.
E. Leverage Amazon CloudFront to restrict access to static web content provided through the company�s on-premises web servers.

Answer 255

Answer: BD

Question 256

256
A web application running on AWS has been spammed with malicious requests from a recurring set of IP addresses. Which AWS service can help secure the application and block the malicious traffic?
A. AWS IAM
B. Amazon GuardDuty
C. Amazon Simple Notification Service (Amazon SNS)
D. AWS WAF

Answer 256

Answer: D

Question 257

257
Treating infrastructure as code in the AWS Cloud allows users to:
A. automate migration of on-premises hardware to AWS data centers.
B. let a third party automate an audit of the AWS infrastructure.
C. turn over application code to AWS so it can run on the AWS infrastructure.
D. automate the infrastructure provisioning process.

Answer 257

Answer: D

Question 258

258
A company requires a dedicated network connection between its on-premises servers and the AWS Cloud. Which AWS service should be used?
A. AWS VPN
B. AWS Direct Connect
C. Amazon API Gateway
D. Amazon Connect

Answer 258

Answer: B

Question 259

259
Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL?
A. AWS Glue
B. AWS Data Pipeline
C. Amazon CloudSearch
D. Amazon Athena

Answer 259

Answer: D

Question 260

260
AWS CloudFormation is designed to help the user:
A. model and provision resources.
B. update application code.
C. set up data lakes.
D. create reports for billing.

Answer 260

Answer: A

Question 261

261
Which of the following is an AWS database service?
A. Amazon Redshift
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3 Glacier
D. AWS Snowball

Answer 261

Answer: A

Question 262

262
A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports.
What is the SIMPLEST way to do this?
A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0.
B. Run AWS Trusted Advisor and review the findings.
C. Open the AWS IAM console and check the inbound rule filters for open access.
D. In AWS Config create a custom rule that invokes an AWS Lambda function to review rules for inbound access.

Answer 262

Answer: B

Question 263

263
What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Choose two.)
A. AWS automatically distributes the data globally for higher durability.
B. AWS will take care of operating the application.
C. AWS makes it easy to architect for high availability.
D. AWS can easily accommodate application demand changes.
E. AWS takes care application security patching.

Answer 263

Answer: CD

Question 264

264
A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report?
A. EC2 security groups
B. AWS Config
C. Amazon Macie
D. Amazon Inspector

Answer 264

Answer: D

Question 265

265
How can a company isolate the costs of production and non-production workloads on AWS?
A. Create Identity and Access Management (IAM) roles for production and non-production workloads.
B. Use different accounts for production and non-production expenses.
C. Use Amazon EC2 for non-production workloads and other services for production workloads.
D. Use Amazon CloudWatch to monitor the use of services.

Answer 265

Answer: B

Question 266

266
Where can users find a catalog of AWS-recognized providers of third-party security solutions?
A. AWS Service Catalog
B. AWS Marketplace
C. AWS Quick Start
D. AWS CodeDeploy

Answer 266

Answer: A

Question 267

267
A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements. Which AWS service will meet this requirement at the LOWEST cost?
A. Amazon S3
B. AWS Snowball
C. Amazon Redshift
D. Amazon S3 Glacier

Answer 267

Answer: D

Question 268

268
What are the immediate benefits of using the AWS Cloud? (Choose two.)
A. Increased IT staff.
B. Capital expenses are replaced with variable expenses.
C. User control of infrastructure.
D. Increased agility.
E. AWS holds responsibility for security in the cloud.

Answer 268

Answer: BD

Question 269

269
Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?
A. Amazon GuardDuty
B. Amazon Macie
C. Amazon Inspector
D. AWS Shield

Answer 269

Answer: B

Question 270

270
What is the purpose of AWS Storage Gateway?
A. It ensures on-premises data storage is 99.999999999% durable.
B. It transports petabytes of data to and from AWS.
C. It connects to multiple Amazon EC2 instances.
D. It connects on-premises data storage to the AWS Cloud.

Answer 270

Answer: D

Question 271

271
What should users do if they want to install an application in geographically isolated locations?
A. Install the application using multiple internet gateways.
B. Deploy the application to an Amazon VPC.
C. Deploy the application to multiple AWS Regions.
D. Configure the application using multiple NAT gateways.

Answer 271

Answer: C

Question 272

272
A system in the AWS Cloud is designed to withstand the failure of one or more components. What is this an example of?
A. Elasticity
B. High Availability
C. Scalability
D. Agility

Answer 272

Answer: B

Question 273

273
A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system. Which AWS service can fulfill this requirement?
A. AWS Direct Connect
B. AWS VPN
C. Amazon Connect
D. AWS Data Pipeline

Answer 273

Answer: A

Question 274

274
Within the AWS shared responsibility model who is responsible for security and compliance?
A. The customer is responsible.
B. AWS is responsible.
C. AWS and the customer share responsibility.
D. AWS shares responsibility with the relevant governing body.

Answer 274

Answer: C

Question 275

275
To use the AWS CLI users are required to generate: A.
a password policy. B.
an access/secret key. C.
a managed policy. D.
Amazon AWS Certified Cloud Practitioner Exam an API key.

Answer 275

Answer: B

Question 276

276
Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config

Answer 276

Answer: C

Question 277

277
How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Choose two.)
A. By the time it takes for the Lambda function to execute.
B. By the number of versions of a specific Lambda function.
C. By the number of requests made for a given Lambda function.
D. By the programming language that is used for the Lambda function.
E. By the total number of Lambda functions in an AWS account.

Answer 277

Answer: AC

Question 278

278
Which of the following describes the relationships among AWS Regions Availability Zones and edge locations? (Choose two.)
A. There are more AWS Regions than Availability Zones.
B. There are more edge locations than AWS Regions.
C. An edge location is an Availability Zone.
D. There are more AWS Regions than edge locations.
E. There are more Availability Zones than AWS Regions.

Answer 278

Answer: BE

Question 279

279
What does AWS Shield Standard provide?
A. WAF rules
B. DDoS protection
C. Identity and Access Management (IAM) permissions and access to resources
D. Data encryption

Answer 279

Answer: B

Question 280

280
A company wants to build its new application workloads in the AWS Cloud instead of using onpremises resources. What expense can be reduced using the AWS Cloud?
A. The cost of writing custom-built Java or Node .js code
B. Penetration testing for security
C. hardware required to support new applications
D. Writing specific test cases for third-party applications.

Answer 280

Answer: C

Question 281

281
What does AWS Marketplace allow users to do? (Choose two.)
A. Sell unused Amazon EC2 Spot Instances.
B. Sell solutions to other AWS users.
C. Buy third-party software that runs on AWS.
D. Purchase AWS security and compliance documents.
E. Order AWS Snowball.

Answer 281

Answer: BC

Question 282

282
What does it mean if a user deploys a hybrid cloud architecture on AWS?
A. All resources run using on-premises infrastructure.
B. Some resources run on-premises and some run in a colocation center.
C. All resources run in the AWS Cloud.
D. Some resources run on-premises and some run in the AWS Cloud.

Answer 282

Answer: D

Question 283

283
Which AWS service allows users to identify the changes made to a resource over time?
A. Amazon Inspector
B. AWS Config
C. AWS Service Catalog
D. AWS IAM

Answer 283

Answer: B

Question 284

284
How can a company reduce its Total Cost of Ownership (TCO) using AWS?
A. By minimizing large capital expenditures
B. By having no responsibility for third-party license costs
C. By having no operational expenditures
D. By having AWS manage applications

Answer 284

Answer: A

Question 285

285
Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?
A. Ensuring network connectivity from AWS to the internet
B. Patching and fixing flaws within the AWS Cloud infrastructure
C. Ensuring the physical security of cloud data centers
D. Ensuring Amazon EBS volumes are backed up

Answer 285

Answer: D

Question 286

286
What are the advantages of the AWS Cloud? (Choose two.)
A. Fixed rate monthly cost
B. No need to guess capacity requirements
C. Increased speed to market
D. Increased upfront capital expenditure
E. Physical access to cloud data centers

Answer 286

Answer: BC

Question 287

287
When comparing the total cost of ownership (TCO) of an on-premises infrastructure to a cloud architecture what costs should be considered? (Choose two.)
A. The credit card processing fees for application transactions in the cloud.
B. The cost of purchasing and installing server hardware in the on-premises data.
C. The cost of administering the infrastructure including operating system and software installations patches backups and recovering from failures.
D. The costs of third-party penetration testing.
E. The advertising costs associated with an ongoing enterprise-wide campaign.

Answer 287

Answer: BC

Question 288

288
Which AWS feature allows a company to take advantage of usage tiers for services across multiple member accounts?
A. Service control policies (SCPs)
B. Consolidated billing
C. All Upfront Reserved Instances
D. AWS Cost Explorer

Answer 288

Answer: B

Question 289

289
What is one of the customer�s responsibilities according to the AWS shared responsibility model?
A. Virtualization infrastructure
B. Network infrastructure
C. Application security
D. Physical security of hardware

Answer 289

Answer: C

Question 290

290
What helps a company provide a lower latency experience to its users globally?
A. Using an AWS Region that is central to all users
B. Using a second Availability Zone in the AWS Region that is using used
C. Enabling caching in the AWS Region that is being used
D. Using edge locations to put content closer to all users

Answer 290

Answer: D

Question 291

291
How can the AWS Cloud increase user workforce productivity after migration from an on-premises data center?
A. Users do not have to wait for infrastructure provisioning.
B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure.
C. AWS takes over application configuration management on behalf of users.
D. Users do not need to address security and compliance issues.

Answer 291

Answer: A

Question 292

292
Which AWS service provides a quick and automated way to create and manage AWS accounts? A.
Amazon AWS Certified Cloud Practitioner Exam AWS QuickSight
B. Amazon Lightsail
C. AWS Organizations
D. Amazon Connect

Answer 292

Answer: C

Question 293

293
Which Amazon RDS feature can be used to achieve high availability?
A. Multiple Availability Zones
B. Amazon Reserved Instances
C. Provisioned IOPS storage
D. Enhanced monitoring

Answer 293

Answer: A

Question 294

294
Where should users report that AWS resources are being used for malicious purposes?
A. AWS Abuse team
B. AWS Shield
C. AWS Support
D. AWS Developer Forums

Answer 294

Answer: A

Question 295

295
Which AWS service needs to be enabled to track all user account changes within the AWS Management Console?
A. AWS CloudTrail
B. Amazon Simple Notification Service (Amazon SNS)
C. VPC Flow Logs
D. AWS CloudHSM

Answer 295

Answer: A

Question 296

296
What is an AWS Cloud design best practice?
A. Tight coupling of components
B. Single point of failure
C. High availability
D. Overprovisioning of resources

Answer 296

Answer: C

Question 297

297
Which of the following is an example of how moving to the AWS Cloud reduces upfront cost?
A. By replacing large variable costs with lower capital investments
B. By replacing large capital investments with lower variable costs
C. By allowing the provisioning of compute and storage at a fixed level to meet peak demand
D. By replacing the repeated scaling of virtual servers with a simpler fixed-scale model

Answer 297

Answer: B

Question 298

298
When designing a typical three-tier web application which AWS services and/or features improve availability and reduce the impact failures? (Choose two.)
A. AWS Auto Scaling for Amazon EC2 instances
B. Amazon VPC subnet ACLs to check the health of a service
C. Distributed resources across multiple Availability Zones
D. AWS Server Migration Service (AWS SMS) to move Amazon EC2 instances into a different Region
E. Distributed resources across multiple AWS points of presence

Answer 298

Answer: AC

Question 299

299
Which cloud design principle aligns with AWS Cloud best practices?
A. Create fixed dependencies among application components
B. Aggregate services on a single instance
C. Deploy applications in a single Availability Zone
D. Distribute the compute load across multiple resources

Answer 299

Answer: D

Question 300

300
Which of the following are recommended practices for managing IAM users? (Choose two.)
A. Require IAM users to change their passwords after a specified period of time
B. Prevent IAM users from reusing previous passwords
C. Recommend that the same password be used on AWS and other sites
D. Require IAM users to store their passwords in raw text
E. Amazon AWS Certified Cloud Practitioner Exam

Answer 300

Answer: AB

Question 301

301
A company is migrating from on-premises data centers to the AWS Cloud and is looking for hands-on help with the project. How can the company get this support? (Choose two.)
A. Ask for a quote from the AWS Marketplace team to perform a migration into the company�s AWS account.
B. Contact AWS Support and open a case for assistance
C. Use AWS Professional Services to provide guidance and to set up an AWS Landing Zone in the company�s AWS account
D. Select a partner from the AWS Partner Network (APN) to assist with the migration
E. Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in migrating to the AWS Cloud.

Answer 301

Answer: CD

Question 302

302
How does the AWS Enterprise Support Concierge team help users?
A. Supporting application development
B. Providing architecture guidance
C. Answering billing and account inquires
D. Answering questions regarding technical support cases

Answer 302

Answer: C

Question 303

303
An application designed to span multiple Availability Zones is described as:
A. being highly available
B. having global reach
C. using an economy of scale
D. having elasticity

Answer 303

Answer: A

Question 304

304
A new service using AWS must be highly available. Yet due to regulatory requirements all of its Amazon EC2 instances must be located in a single geographic area.
According to best practices to meet these requirements the EC2 instances must be placed in at least two:
A. AWS Regions
B. Availability Zones
C. subnets
D. placement groups

Answer 304

Answer: B

Question 305

305
Which AWS tool is used to compare the cost of running an application on-premises to running the application in the AWS Cloud?
A. AWS Trusted Advisor
B. AWS Simple Monthly Calculator
C. AWS Total Cost of Ownership (TCO) Calculator
D. Cost Explorer

Answer 305

Answer: C

Question 306

306
A company has multiple AWS accounts within AWS Organizations and wants to apply the Amazon EC2 Reserved Instances benefit to a single account only. Which action should be taken?
A. Purchase the Reserved Instances from master payer account and turn off Reserved Instance sharing.
B. Enable billing alerts in the AWS Billing and Cost Management console.
C. Purchase the Reserved Instances in individual linked accounts and turn off Reserved Instance sharing from the payer level.
D. Enable Reserved Instance sharing in the AWS Billing and Cost Management console.

Answer 306

Answer: A

Question 307

307
Which situation should be reported to the AWS Abuse team?
A. In Availability Zone has a service disruption
B. An intrusion attempt is made from an AWS IP address
C. A user has trouble accessing an Amazon S3 bucket from an AWS IP address
D. A user needs to change payment methods due to a compromise

Answer 307

Answer: B

Question 308

308
A company is planning to launch an ecommerce site in a single AWS Region to a worldwide user base. Which AWS services will allow the company to reach users and provide low latency and high transfer speeds? (Choose two.)
A. Application Load Balancer
B. AWS Global Accelerator
C. AWS Direct Connect
D. Amazon CloudFront
E. AWS Lambda

Answer 308

Answer: BD

Question 309

309
Which AWS service or resource is serverless?
A. AWS Lambda
B. Amazon EC2 instances
C. Amazon Lightsail
D. Amazon ElastiCache

Answer 309

Answer: A

Question 310

310
Which of the following are components of Amazon VPC? (Choose two.)
A. Objects
B. Subnets
C. Buckets
D. Internet gateways
E. Access key

Answer 310

Answer: BD

Question 311

311
AWS Budgets can be used to: A.
Amazon AWS Certified Cloud Practitioner Exam prevent a given user from creating a resource
B. send an alert when the utilization of Reserved Instances drops below a certain percentage
C. set resource limits in AWS accounts to prevent overspending
D. split an AWS bill across multiple forms of payment

Answer 311

Answer: B

Question 312

312
Which of the following will enhance the security of access to the AWS Management Console? (Choose two.)
A. AWS Secrets Manager
B. AWS Certificate Manager
C. AWS Multi-Factor Authentication (AWS MFA)
D. Security groups
E. Password policies

Answer 312

Answer: CE

Question 313

313
The AWS Trusted Advisor checks include recommendations regarding which of the following? (Choose two.)
A. Information on Amazon S3 bucket permissions
B. AWS service outages
C. Multi-factor authentication enabled on the AWS account root user
D. Available software patches
E. Number of users in the account

Answer 313

Answer: AC

Question 314

314
Which functions can users perform using AWS KMS?
A. Create and manage AWS access keys for the AWS account root user
B. Create and manage AWS access keys for an AWS account IAM user
C. Create and manage keys for encryption and decryption of data
D. Create and manage keys for multi-factor authentication

Answer 314

Answer: C

Question 315

315
How does AWS Trusted Advisor provide guidance to users of the AWS Cloud? (Choose two.)
A. It identifies software vulnerabilities in applications running on AWS
B. It provides a list of cost optimization recommendations based on current AWS usage
C. It detects potential security vulnerabilities caused by permissions settings on account resources
D. auto correct potential security issues caused by permission settings on account resources
E. It provides proactive alerting whenever an Amazon EC2 instance has been compromised

Answer 315

Answer: BC

Question 316

316
Which of the following are advantages of the AWS Cloud? (Choose two.)
A. AWS manages the maintenance of the cloud infrastructure
B. AWS manages the security of applications built on AWS
C. AWS manages capacity planning for physical servers
D. AWS manages the development of applications on AWS
E. AWS manages cost planning for virtual servers

Answer 316

Answer: AC

Question 317

317
A user deploys an Amazon RDS DB instance in multiple Availability Zones. This strategy involves which pillar of the AWS Well-Architected Framework?
A. Performance efficiency
B. Reliability
C. Cost optimization
D. Security

Answer 317

Answer: B

Question 318

318
Which AWS services provide a user with connectivity between the AWS Cloud and on-premises resources? (Choose two.)
A. AWS VPN
B. Amazon Connect
C. Amazon Cognito
D. AWS Direct Connect
E. AWS Managed Services

Answer 318

Answer: AD

Question 319

319
Which AWS service is used to pay AWS bills and monitor usage and budget costs?
A. AWS Billing and Cost Management
B. Consolidated billing
C. Amazon CloudWatch
D. Amazon QuickSight

Answer 319

Answer: A

Question 320

320
Which element of the AWS global infrastructure consists of one or more discrete data centers each with redundant power networking and connectivity which are housed in separate facilities? A.
Amazon AWS Certified Cloud Practitioner Exam AWS Regions
B. Availability Zones
C. Edge locations
D. Amazon CloudFront

Answer 320

Answer: B

Question 321

321
Which Amazon VPC feature enables users to capture information about the IP traffic that reaches Amazon EC2 instances?
A. Security groups
B. Elastic network interfaces
C. Network ACLs
D. VPC Flow Logs

Answer 321

Answer: D

Question 322

322
Which AWS service can be used to automatically scale an application up and down without making capacity planning decisions?
A. Amazon AutoScaling
B. Amazon Redshift
C. AWS CloudTrail
D. AWS Lambda

Answer 322

Answer: D

Question 323

323
AWS Enterprise Support users have access to which service or feature that is not available to users with other AWS Support plans?
A. AWS Trusted Advisor
B. AWS Support case
C. Concierge team
D. Amazon Connect

Answer 323

Answer: C

Question 324

324
A company wants to migrate a MySQL database to AWS but does not have the budget for Database Administrators to handle routine tasks including provisioning patching and performing
backups. Which AWS service will support this use case?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon DocumentDB
D. Amazon ElastiCache

Answer 324

Answer: A

Question 325

325
A company wants to expand from one AWS Region into a second AWS Region. What does the company need to do to start supporting the new Region?
A. Contact an AWS Account Manager to sign a new contract
B. Move an Availability Zone to the new Region
C. Begin deploying resources in the second Region
D. Download the AWS Management Console for the new Region

Answer 325

Answer: C

Question 326

326
A user must meet compliance and software licensing requirements that state a workload must be hosted on a physical server. Which Amazon EC2 instance pricing option will meet these requirements?
A. Dedicated Hosts
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances

Answer 326

Answer: A

Question 327

327
Which AWS service will provide a way to generate encryption keys that can be used to encrypt data? (Choose two.)
A. Amazon Macie
B. AWS Certificate Manager
C. AWS Key Management Service (AWS KMS)
D. AWS Secrets Manager
E. AWS CloudHSM

Answer 327

Answer: CE

Question 328

328
A company is planning to migrate from on-premises to the AWS Cloud. Which AWS tool or service provides detailed reports on estimated cost savings after migration?
A. AWS Total Cost of Ownership (TCO) Calculator
B. Cost Explorer
C. AWS Budgets
D. AWS Migration Hub

Answer 328

Answer: A

Question 329

329
What can assist in evaluating an application for migration to the cloud? (Choose two.)
A. AWS Trusted Advisor
B. AWS Professional Services
C. AWS Systems Manager
D. AWS Partner Network (APN)
E. AWS Secrets Manager

Answer 329

Answer: BD

Question 330

330
Which AWS service helps users meet contractual and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud?
A. AWS Secrets Manager
B. AWS CloudHSM
C. AWS Key Management Service (AWS KMS)
D. AWS Directory Service

Answer 330

Answer: B

Question 331

331
Under the AWS shared responsibility model the customer manages which of the following? (Choose two.)
A. Decommissioning of physical storage devices
B. Security group and ACL configuration
C. Patch management of an Amazon RDS instance operating system
D. Controlling physical access to data centers
E. Patch management of an Amazon EC2 instance operating system

Answer 331

Answer: BE

Question 332

332
Which AWS service is suitable for an event-driven workload?
A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS Lambda
D. Amazon Lumberyard

Answer 332

Answer: C

Question 333

333
What is a value proposition of the AWS Cloud? A.
AWS is responsible for security in the AWS Cloud B.
No long-term contract is required C.
Provision new servers in days D.
Amazon AWS Certified Cloud Practitioner Exam AWS manages user applications in the AWS Cloud

Answer 333

Answer: B

Question 334

334
What is a characteristic of Amazon S3 cross-region replication? A. Both source and destination S3 buckets must have versioning disabled
B. The source and destination S3 buckets cannot be in different AWS Regions
C. S3 buckets configured for cross-region replication can be owned by a single AWS account or by
different accounts D.
The source S3 bucket owner must have the source and destination AWS Regions disabled for their account

Answer 334

Answer: C

Question 335

335
What is a user responsible for when running an application in the AWS Cloud?
A. Managing physical hardware
B. Updating the underlying hypervisor
C. Providing a list of users approved for data center access
D. Managing application software updates

Answer 335

Answer: D

Question 336

336
A company that does business online needs to quickly deliver new functionality in an iterative manner minimizing the time to market. Which AWS Cloud feature can provide this?
A. Elasticity
B. High availability
C. Agility
D. Reliability

Answer 336

Answer: C

Question 337

337
Which features or services can be used to monitor costs and expenses for an AWS account? (Choose two.)
A. AWS Cost and Usage report
B. AWS product pages
C. AWS Simple Monthly Calculator
D. Billing alerts and Amazon CloudWatch alarms
E. AWS Price List API

Answer 337

Answer: AD

Question 338

338
Amazon Route 53 enables users to:
A. encrypt data in transit
B. register DNS domain names
C. generate and manage SSL certificates
D. establish a dedicated network connection to AWS

Answer 338

Answer: B

Question 339

339
Which AWS service helps identify malicious or unauthorized activities in AWS accounts and workloads?
A. Amazon Rekognition
B. AWS Trusted Advisor
C. Amazon GuardDuty
D. Amazon CloudWatch

Answer 339

Answer: C

Question 340

340
A company wants to try a third-party ecommerce solution before deciding to use it long term. Which AWS service or tool will support this effort?
A. AWS Marketplace
B. AWS Partner Network (APN)
C. AWS Managed Services
D. AWS Service Catalog

Answer 340

Answer: A

Question 341

341
Which AWS service is a managed NoSQL database?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon RDS for MariaDB

Answer 341

Answer: B

Question 342

342
Which AWS service should be used to create a billing alarm?
A. AWS Trusted Advisor
B. AWS CloudTrail
C. Amazon CloudWatch
D. Amazon QuickSight

Answer 342

Answer: C

Question 343

343
A company is hosting a web application in a Docker container on Amazon EC2. AWS is responsible for which of the following tasks?
A. Scaling the web application and services developed with Docker
B. Provisioning or scheduling containers to run on clusters and maintain their availability
C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud
D. Managing the guest operating system including updates and security patches

Answer 343

Answer: C

Question 344

344
Users are reporting latency when connecting to a website with a global customer base. Which AWS service will improve the customer experience by reducing latency?
A. Amazon CloudFront
B. AWS Direct Connect
C. Amazon EC2 Auto Scaling
D. AWS Transit Gateway

Answer 344

Answer: A

Question 345

345
Which actions represent best practices for using AWS IAM? (Choose two.)
A. Configure a strong password policy
B. Share the security credentials among users of AWS accounts who are in the same Region
C. Use access keys to log in to the AWS Management Console
D. Rotate access keys on a regular basis
E. Avoid using IAM roles to delegate permissions

Answer 345

Answer: AD

Question 346

346
Which AWS feature or service can be used to capture information about incoming and outgoing traffic in an AWS VPC infrastructure?
A. AWS Config
B. VPC Flow Logs
C. AWS Trusted Advisor
D. AWS CloudTrail

Answer 346

Answer: B

Question 347

347
A company wants to use an AWS service to monitor the health of application endpoints with the ability to route traffic to healthy regional endpoints to improve application availability. Which service will support these requirements?
A. Amazon Inspector
B. Amazon CloudWatch
C. AWS Global Accelerator
D. Amazon CloudFront

Answer 347

Answer: C

Question 348

348
According to the AWS Well-Architected Framework what change management steps should be taken to achieve reliability in the AWS Cloud? (Choose two.)
A. Use AWS Config to generate an inventory of AWS resources
B. Use service limits to prevent users from creating or making changes to AWS resources
C. Use AWS CloudTrail to record AWS API calls into an auditable log file
D. Use AWS Certificate Manager to whitelist approved AWS resources and services
E. Use Amazon GuardDuty to validate configuration changes made to AWS resources

Answer 348

Answer: AC

Question 349

349
Which service can be used to monitor and receive alerts for AWS account root user AWS Management Console sign-in events?
A. Amazon CloudWatch
B. AWS Config
C. AWS Trusted Advisor
D. AWS IAM

Answer 349

Answer: A

Question 350

350
Which design principle should be considered when architecting in the AWS Cloud?
A. Think of servers as non-disposable resources
B. Use synchronous integration of services
C. Design loosely coupled components
D. Implement the least permissive rules for security groups

Answer 350

Answer: C

Question 351

351
Which AWS services can be used to move data from on-premises data centers to AWS? (Choose two.)
A. AWS Snowball
B. AWS Lambda
C. Amazon ElastiCache
D. AWS Database Migration Service (AWS DMS)
E. Amazon API Gateway

Answer 351

Answer: AD

Question 352

352
A batch workload takes 5 hours to finish on an Amazon EC2 instance. The amount of data to be processed doubles monthly and the processing time is proportional. What is the best cloud architecture to address this consistently growing demand?
A. Run the application on a bigger EC2 instance size.
B. Switch to an EC2 instance family that better matches batch requirements.
C. Distribute the application across multiple EC2 instances and run the workload in parallel.
D. Run the application on a bare metal EC2 instance.

Answer 352

Answer: C

Question 353

353
Each department within a company has its own independent AWS account and its own payment method. New company leadership wants to centralize departmental governance and consolidate payments. How can this be achieved using AWS services or features?
A. Forward monthly invoices for each account. Then create IAM roles to allow cross-account access.
B. Create a new AWS account. Then configure AWS Organizations and invite all existing accounts to join.
C. Configure AWS Organizations in each of the existing accounts. Then link all accounts together.
D. Use Cost Explorer to combine costs from all accounts. Then replicate IAM policies across accounts.

Answer 353

Answer: B

Question 354

354
The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept in the AWS Cloud value proposition?
A. Economy of scale
B. Elasticity
C. High availability
D. Agility

Answer 354

Answer: B

Question 355

355
An ecommerce company anticipates a huge increase in web traffic for two very popular upcoming shopping holidays. Which AWS service or feature can be configured to dynamically adjust resources to meet this change in demand?
A. AWS CloudTrail
B. Amazon AWS Certified Cloud Practitioner Exam Amazon EC2 Auto Scaling
C. Amazon Forecast
D. AWS Config

Answer 355

Answer: B

Question 356

356
Which AWS service enables users to securely connect to AWS resources over the public internet?
A. Amazon VPC peering
B. AWS Direct Connect
C. AWS VPN
D. Amazon Pinpoint

Answer 356

Answer: C

Question 357

357
Which tool is used to forecast AWS spending? A.
AWS Trusted Advisor B.
Amazon AWS Certified Cloud Practitioner Exam AWS Organizations
C. Cost Explorer
D. Amazon Inspector

Answer 357

Answer: C

Question 358

358
A company is running an ecommerce application hosted in Europe. To decrease latency for users who access the website from other parts of the world the company would like to cache frequently
accessed static content closer to the users. Which AWS service will support these requirements?
A. Amazon ElastiCache
B. Amazon CloudFront
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Elastic Block Store (Amazon EBS)

Answer 358

Answer: B

Question 359

359
Which of the following is a component of the AWS Global Infrastructure?
A. Amazon Alexa
B. AWS Regions
C. Amazon Lightsail
D. AWS Organizations

Answer 359

Answer: B

Question 360

360
Which AWS service will help users determine if an application running on an Amazon EC2 instance has sufficient CPU capacity?
A. Amazon CloudWatch
B. AWS Config
C. AWS CloudTrail
D. Amazon Inspector

Answer 360

Answer: A

Question 361

361
Why is it beneficial to use Elastic Load Balancers with applications?
A. They allow for the conversion from Application Load Balancers to Classic Load Balancers.
B. They are capable of handling constant changes in network traffic patterns.
C. They automatically adjust capacity.
D. They are provided at no charge to users.

Answer 361

Answer: B

Question 362

362
Which tasks are the customer�s responsibility in the AWS shared responsibility model? (Choose two.)
A. Infrastructure facilities access management
B. Cloud infrastructure hardware lifecycle management
C. Configuration management of user�s applications
D. Networking infrastructure protection
E. Security groups configuration

Answer 362

Answer: CE

Question 363

363
IT systems should be designed to reduce interdependencies so that a change or failure in one component does not cascade to other components. This is an example of which principle of cloud architecture design?
A. Scalability
B. Loose coupling
C. Automation
D. Automatic scaling

Answer 363

Answer: B

Question 364

364
Which AWS service or feature can enhance network security by blocking requests from a particular network for a web application on AWS? (Choose two.)
A. AWS WAF
B. AWS Trusted Advisor
C. AWS Direct Connect
D. AWS Organizations
E. Network ACLs

Answer 364

Answer: AE

Question 365

365
An application runs on multiple Amazon EC2 instances that access a shared file system simultaneously. Which AWS storage service should be used?
A. Amazon EBS
B. Amazon EFS
C. Amazon S3
D. AWS Artifact

Answer 365

Answer: B

Question 366

366
A web application is hosted on AWS using an Elastic Load Balancer multiple Amazon EC2 instances and Amazon RDS. Which security measures fall under the responsibility of AWS? (Choose two.)
A. Running a virus scan on EC2 instances
B. Protecting against IP spoofing and packet sniffing
C. Installing the latest security patches on the RDS instance
D. Encrypting communication between the EC2 instances and the Elastic Load Balancer
E. Configuring a security group and a network access control list (NACL) for EC2 instances

Answer 366

Answer: BC

Question 367

367
What is the benefit of elasticity in the AWS Cloud?
A. Ensure web traffic is automatically spread across multiple AWS Regions.
B. Minimize storage costs by automatically archiving log data.
C. Enable AWS to automatically select the most cost-effective services.
D. Automatically adjust the required compute capacity to maintain consistent performance.

Answer 367

Answer: D

Question 368

368
The continual reduction of AWS Cloud pricing is due to:
A. pay-as-you go pricing
B. the AWS global infrastructure
C. economies of scale
D. reserved storage pricing

Answer 368

Answer: C

Question 369

369
A company needs an Amazon S3 bucket that cannot have any public objects due to compliance requirements. How can this be accomplished?
A. Enable S3 Block Public Access from the AWS Management Console.
B. Hold a team meeting to discuss the importance if only uploading private S3 objects.
C. Require all S3 objects to be manually approved before uploading.
D. Create a service to monitor all S3 uploads and remove any public uploads.

Answer 369

Answer: A

Question 370

370
A Cloud Practitioner identifies a billing issue after examining the AWS Cost and Usage report in the AWS Management Console. Which action can be taken to resolve this?
A. Open a detailed case related to billing and submit it to AWS Support for help.
B. Upload data describing the issue to a new object in a private Amazon S3 bucket.
C. Create a pricing application and deploy it to a right-sized Amazon EC2 instance for more information.
D. Proceed with creating a new dashboard in Amazon QuickSight.

Answer 370

Answer: A

Question 371

371
What does the AWS Simple Monthly Calculator do?
A. Compares on-premises costs to colocation environments
B. Estimates monthly billing based on projected usage
C. Estimates power consumption at existing data centers
D. Estimates CPU utilization

Answer 371

Answer: B

Question 372

372
Who is responsible for patching the guest operating system for Amazon RDS?
A. The AWS Product team
B. The customer Database Administrator
C. Managed partners
D. AWS Support

Answer 372

Answer: A

Question 373

373
Which AWS services may be scaled using AWS Auto Scaling? (Choose two.)
A. Amazon EC2
B. Amazon DynamoDB
C. Amazon S3
D. Amazon Route 53
E. Amazon Redshift

Answer 373

Answer: AB

Question 374

374
Which of the following are benefits of AWS Global Accelerator? (Choose two.)
A. Reduced cost to run services on AWS
B. Improved availability of applications deployed on AWS
C. Higher durability of data stored on AWS
D. Decreased latency to reach applications deployed on AWS
E. Higher security of data stored on AWS

Answer 374

Answer: BD

Question 375

375
A user who wants to get help with billing and reactivate a suspended account should submit an account and billing request to:
A. the AWS Support forum
B. AWS Abuse
C. an AWS Solutions Architect
D. AWS Support

Answer 375

Answer: D

Question 376

376
Which AWS Cloud best practice uses the elasticity and agility of cloud computing?
A. Provision capacity based on past usage and theoretical peaks
B. Dynamically and predictively scale to meet usage demands
C. Build the application and infrastructure in a data center that grants physical access
D. Break apart the application into loosely coupled components

Answer 376

Answer: B

Question 377

377
Which method helps to optimize costs of users moving to the AWS Cloud?
A. Paying only for what is used
B. Purchasing hardware before it is needed
C. Manually provisioning cloud resources
D. Purchasing for the maximum possible load

Answer 377

Answer: A

Question 378

378
Under the AWS shared responsibility model which of the following is a customer responsibility?
A. Installing security patches for the Xen and KVM hypervisors
B. Installing operating system patches for Amazon DynamoDB
C. Installing operating system security patches for Amazon EC2 database instances
D. Installing operating system security patches for Amazon RDS database instances

Answer 378

Answer: C

Question 379

379
The AWS Cost Management tools give users the ability to do which of the following? (Choose two.)
A. Terminate all AWS resources automatically if budget thresholds are exceeded.
B. Break down AWS costs by day service and linked AWS account.
C. Create budgets and receive notifications if current of forecasted usage exceeds the budgets.
D. Switch automatically to Reserved Instances or Spot Instances whichever is most cost-effective.
E. Move data stored in Amazon S3 to a more cost-effective storage class.

Answer 379

Answer: BC

Question 380

380
Under the AWS shared responsibility model the security and patching of the guest operating system is the responsibility of:
A. AWS Support
B. the customer
C. AWS Systems Manager
D. AWS Config

Answer 380

Answer: B

Question 381

381
Which AWS service makes it easy to create and manage AWS users and groups and provide them with secure access to AWS resources at no charge?
A. AWS Direct Connect
B. Amazon Connect
C. AWS Identity and Access Management (IAM)
D. AWS Firewall Manager

Answer 381

Answer: C

Question 382

382
Which AWS service provides on-demand of AWS security and compliance documentation?
A. AWS Directory Service
B. AWS Artifact
C. AWS Trusted Advisor
D. Amazon Inspector

Answer 382

Answer: B

Question 383

383
Which AWS service can be used to turn text into life-like speech?
A. Amazon Polly
B. Amazon Transcribe
C. Amazon Rekognition
D. Amazon Lex

Answer 383

Answer: A

Question 384

384
What is one of the core principles to follow when designing a highly available application in the AWS Cloud?
A. Design using a serverless architecture
B. Assume that all components within an application can fail
C. Design AWS Auto Scaling into every application
D. Design all components using open-source code

Answer 384

Answer: B

Question 385

385
A user needs to generate a report that outlines the status of key security checks in an AWS account. The report must include:
The status of Amazon S3 bucket permissions. Whether multi-factor authentication is enabled for the AWS account root user. If any security groups are configured to allow unrestricted access. Where can all this information be found in one location?
A. Amazon QuickSight dashboard
B. AWS CloudTrail trails
C. AWS Trusted Advisor report
D. IAM credential report

Answer 385

Answer: C

Question 386

386
Which Amazon EC2 pricing model should be used to comply with per-core software license requirements? A.
Dedicated Hosts B.
On-Demand Instances C.
Spot Instances D.
Amazon AWS Certified Cloud Practitioner Exam Reserved Instances

Answer 386

Answer: A

Question 387

387
Which of the AWS global infrastructure is used to cache copies of content for faster delivery to users across the globe?
A. AWS Regions
B. Availability Zones
C. Edge locations
D. Data centers

Answer 387

Answer: C

Question 388

388
Using AWS Config to record audit and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar?
A. Security
B. Operational excellence
C. Performance efficiency
D. Cost optimization

Answer 388

Answer: A

Question 389

389
A user needs to quickly deploy a non-relational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service can be used to accomplish this?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Redshift

Answer 389

Answer: B

Question 390

390
A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic areas. Which of the following meets these requirements?
A. AWS Accounts
B. AWS Regions
C. Availability Zones
D. Edge locations

Answer 390

Answer: B

Question 391

391
Which features and benefits does the AWS Organizations service provide? (Choose two.)
A. Establishing real-time communications between members of an internal team
B. Facilitating the use of NoSQL databases
C. Providing automated security checks
D. Implementing consolidated billing
E. Enforcing the governance of AWS accounts

Answer 391

Answer: DE

Question 392

392
Which AWS service is used to automate configuration management using Chef and Puppet?
A. AWS Config
B. AWS OpsWorks
C. AWS CloudFormation
D. AWS Systems Manager

Answer 392

Answer: B

Question 393

393
Which tool is best suited for combining the billing of AWS accounts that were previously independent from one another?
A. Detailed billing report
B. Consolidated billing
C. AWS Cost and Usage report
D. Cost allocation report

Answer 393

Answer: B

Question 394

394
The AWS Total Cost of Ownership (TCO) Calculator is used to:
A. receive reports that break down AWS Cloud compute costs by duration resource or tags
B. estimate savings when comparing the AWS Cloud to an on-premises environment
C. estimate a monthly bill for the AWS Cloud resources that will be used
D. enable billing alerts to monitor actual AWS costs compared to estimated costs

Answer 394

Answer: B

Question 395

395
Which AWS services can be used to provide network connectivity between an on-premises network and a VPC? (Choose two.)
A. Amazon Route 53
B. AWS Direct Connect
C. AWS Data Pipeline
D. AWS VPN
E. Amazon Connect

Answer 395

Answer: BD

Question 396

396
Under the AWS shared responsibility model which of the following are customer responsibilities? (Choose two.)
A. Setting up server-side encryption on an Amazon S3 bucket
B. Amazon RDS instance patching
C. Network and firewall configurations
D. Physical security of data center facilities
E. Compute capacity availability

Answer 396

Answer: AC

Question 397

397
What is the MINIMUM AWS Support plan level that will provide users with access to the AWS Support API?
A. Developer
B. Enterprise
C. Business
D. Basic

Answer 397

Answer: C

Question 398

398
A company has deployed several relational databases on Amazon EC2 instances. Every month the database software vendor releases new security patches that need to be applied to the databases. What is the MOST efficient way to apply the security patches?
A. Connect to each database instance on a monthly basis and download and apply the necessary security patches from the vendor.
B. Enable automatic patching for the instances using the Amazon RDS console.
C. In AWS Config configure a rule for the instances and the required patch level.
D. Use AWS Systems Manager to automate database patching according to a schedule.

Answer 398

Answer: D

Question 399

399
A company wants to use Amazon Elastic Compute Cloud (Amazon EC2) to deploy a global commercial application. The deployment solution should be built with the highest redundancy and
fault tolerance. Based on this situation the Amazon EC2 instances should be deployed:
A. in a single Availability Zone in one AWS Region
B. with multiple Elastic Network Interfaces belonging to different subnets
C. across multiple Availability Zones in one AWS Region
D. across multiple Availability Zones in two AWS Regions

Answer 399

Answer: D

Question 400

400
A company has an application with users in both Australia and Brazil. All the company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in Australia and
Brazilian users are experiencing high latency. What should the company do to reduce latency?
A. Implement AWS Direct Connect for users in Brazil
B. Provision resources in the South America (S�o Paulo) Region in Brazil
C. Use AWS Transit Gateway to quickly route users from Brazil to the application
D. Launch additional Amazon EC2 instances in Sydney to handle the demand

Answer 400

Answer: B

Question 401

401
An Amazon EC2 instance runs only when needed yet must remain active for the duration of the process. What is the most appropriate purchasing option?
A. Dedicated Instances
B. Spot Instances
C. On-Demand Instances
D. Reserved Instances

Answer 401

Answer: C

Question 402

402
Which AWS dashboard displays relevant and timely information to help users manage events in progress and provides proactive notifications to help plan for scheduled activities?
A. AWS Service Health Dashboard
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor dashboard
D. Amazon CloudWatch dashboard

Answer 402

Answer: B

Question 403

403
Which AWS hybrid storage service enables a user�s on-premises applications to seamlessly use AWS Cloud storage?
A. AWS Backup
B. Amazon Connect
C. AWS Direct Connect
D. AWS Storage Gateway

Answer 403

Answer: D

Question 404

404
Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances?
A. Access keys
B. Virtual private gateways
C. Security groups
D. Access Control Lists (ACL)

Answer 404

Answer: C

Question 405

405
What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?
A. Use AWS Direct Connect
B. Use AWS VPN
C. Use AWS Client VPN
D. Use an AWS Transit Gateway

Answer 405

Answer: D

Question 406

406
Which AWS Support plan provides access to architectural and operational reviews as well as 24/7 access to Senior Cloud Support Engineers through email online chat and phone? A.
Amazon AWS Certified Cloud Practitioner Exam Basic
B. Business
C. Developer
D. Enterprise

Answer 406

Answer: D

Question 407

407
Which AWS service or feature helps restrict the AWS services resources and individual API actions the users and roles in each member account can access?
A. Amazon Cognito
B. AWS Organizations
C. AWS Shield
D. AWS Firewall Manager

Answer 407

Answer: B

Question 408

408
What is the best resource for a user to find compliance-related information and reports about AWS?
A. AWS Artifact
B. AWS Marketplace
C. Amazon Inspector
D. AWS Support

Answer 408

Answer: A

Question 409

409
Which Amazon S3 storage class is optimized to provide access to data with lower resiliency requirements but rapid access when needed such as duplicate backups?
A. Amazon S3 Standard
B. Amazon S3 Glacier Deep Archive
C. Amazon S3 One Zone-Infrequent Access
D. Amazon S3 Glacier

Answer 409

Answer: C

Question 410

410
What is an Availability Zone in AWS?
A. One or more physical data centers
B. A completely isolated geographic location
C. One or more edge locations based around the world
D. A data center location with a single source of power and networking

Answer 410

Answer: A

Question 411

411
Which AWS services can be used as infrastructure automation tools? (Choose two.)
A. AWS CloudFormation
B. Amazon CloudFront
C. AWS Batch
D. AWS OpsWorks
E. Amazon QuickSight

Answer 411

Answer: AD

Question 412

412
Which AWS service enables users to create copies of resources across AWS Regions?
A. Amazon ElastiCache
B. AWS CloudFormation
C. AWS CloudTrail
D. AWS Systems Manager

Answer 412

Answer: B

Question 413

413
A user would like to encrypt data that is received stored and managed by AWS CloudTrail. Which AWS service will provide this capability?
A. AWS Secrets Manager
B. AWS Systems Manager
C. AWS Key Management Service (AWS KMS)
D. AWS Certificate Manager

Answer 413

Answer: C

Question 414

414
Which AWS Cloud benefit eliminates the need for users to try estimating future infrastructure usage?
A. Easy and fast deployment of applications in multiple Regions around the world
B. Security of the AWS Cloud
C. Elasticity of the AWS Cloud
D. Lower variable costs due to massive economies of scale

Answer 414

Answer: C

Question 415

415
What credential components are required to gain programmatic access to an AWS account? (Choose two.)
A. An access key ID
B. A primary key
C. A secret access key
D. A user ID
E. A secondary key

Answer 415

Answer: AC

Question 416

416
Which of the following are AWS compute services? (Select two.)
A. Amazon Lightsail
B. AWS Systems Manager
C. AWS CloudFormation
D. AWS Batch
E. Amazon Inspector

Answer 416

Answer: AD

Question 417

417
How can a company separate costs for network traffic Amazon EC2 Amazon S3 and other AWS services by department? A.
Add department-specific tags to each resource B.
Create a separate VPC for each department C.
Create a separate AWS account for each department D.
Amazon AWS Certified Cloud Practitioner Exam Use AWS Organizations

Answer 417

Answer: C

Question 418

418
What is a benefit of consolidated billing for AWS accounts?
A. Access to AWS Personal Health Dashboard
B. Combined usage volume discounts
C. Improved account security
D. Centralized AWS IAM

Answer 418

Answer: B

Question 419

419
Which AWS service will allow a user to set custom cost and usage limits and will alert when the thresholds are exceeded? A.
AWS Organizations B.
AWS Budgets C.
Cost Explorer D.
Amazon AWS Certified Cloud Practitioner Exam AWS Trusted Advisor

Answer 419

Answer: B

Question 420

420
Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Shield

Answer 420

Answer: C

Question 421

421
Which tool can be used to monitor AWS service limits?
A. AWS Total Cost of Ownership (TCO) Calculator
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Cost and Usage report

Answer 421

Answer: B

Question 422

422
A company has distributed its workload on both the AWS Cloud and some on-premises servers. What type of architecture is this?
A. Virtual private network
B. Virtual private cloud
C. Hybrid cloud
D. Private cloud

Answer 422

Answer: C

Question 423

423
Which of the following describes a security best practice that can be implemented using AWS IAM? A.
Disable AWS Management Console access for all users B.
Amazon AWS Certified Cloud Practitioner Exam Generate secret keys for every IAM user
C. Grant permissions to users who are required to perform a given task only
D. Store AWS credentials within Amazon EC2 instances

Answer 423

Answer: C

Question 424

424
What can be used to automate and manage secure well-architected multi-account AWS environments?
A. AWS shared responsibility model
B. AWS Control Tower
C. AWS Security Hub
D. AWS Well-Architected Tool

Answer 424

Answer: B

Question 425

425
Which AWS service or feature allows a user to easily scale connectivity among thousands of VPCs?
A. VPC peering
B. AWS Transit Gateway
C. AWS Direct Connect
D. AWS Global Accelerator

Answer 425

Answer: B

Question 426

426
A company needs protection from expanded distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events. Which AWS managed service will meet these requirements?
A. AWS Shield Advanced
B. AWS Firewall Manager
C. AWS WAF
D. Amazon GuardDuty

Answer 426

Answer: A

Question 427

427
A company�s application has flexible start and end times. Which Amazon EC2 pricing model will be the MOST cost-effective?
A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Hosts

Answer 427

Answer: B

Question 428

428
Under the AWS shared responsibility model what are the customer�s responsibilities? (Choose two.)
A. Physical and environmental security
B. Physical network devices including firewalls
C. Storage device decommissioning
D. Security of data in transit
E. Data integrity authentication

Answer 428

Answer: DE

Question 429

429
A cloud practitioner has a data analysis workload that is infrequently executed and can be interrupted without harm. To optimize for cost which Amazon EC2 purchasing option should be used?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Hosts

Answer 429

Answer: C

Question 430

430
Which AWS container service will help a user install operate and scale the cluster management infrastructure?
A. Amazon Elastic Container Registry (Amazon ECR)
B. AWS Elastic Beanstalk
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon Elastic Block Store (Amazon EBS)

Answer 430

Answer: C

Question 431

431
Which of the following allows an application running on an Amazon EC2 instance to securely write data to an Amazon S3 bucket without using long term credentials?
A. Amazon Cognito
B. AWS Shield
C. AWS IAM role
D. AWS IAM user access key

Answer 431

Answer: C

Question 432

432
A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot connect to it. Who should the developer contact for this level of support?
A. AWS Support using a support case
B. AWS Professional Services
C. AWS technical account manager
D. AWS consulting partners

Answer 432

Answer: A

Question 433

433
What is the purpose of having an internet gateway within a VPC?
A. To create a VPN connection to the VPC
B. To allow communication between the VPC and the Internet
C. To impose bandwidth constraints on internet traffic
D. To load balance traffic from the Internet across Amazon EC2 instances

Answer 433

Answer: B

Question 434

434
A company must ensure that its endpoint for a database instance remains the same after a single Availability Zone service interruption. The application needs to resume database operations without the need for manual administrative intervention. How can these requirements be met?
A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS Storage Gateway.
B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby.
C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic Beanstalk.
D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront origins.

Answer 434

Answer: B

Question 435

435
Which AWS managed service can be used to distribute traffic between one or more Amazon EC2 instances?
A. NAT gateway
B. Elastic Load Balancing
C. Amazon Athena
D. AWS PrivateLink

Answer 435

Answer: B

Question 436

436
AWS Trusted Advisor provides recommendations on which of the following? (Choose two.)
A. Cost optimization
B. Auditing
C. Serverless architecture
D. Performance
E. Scalability

Answer 436

Answer: AD

Question 437

437
Which of the following tasks can only be performed after signing in with AWS account root user credentials? (Choose two.)
A. Closing an AWS account
B. Creating a new IAM policy
C. Changing AWS Support plans
D. Attaching a role to an Amazon EC2 instance
E. Generating access keys for IAM users

Answer 437

Answer: AC

Question 438

438
Fault tolerance refers to:
A. the ability of an application to accommodate growth without changing design
B. how well and how quickly an application�s environment can have lost data restored
C. how secure your application is
D. the built-in redundancy of an application�s components

Answer 438

Answer: B

Question 439

439
A company operating in the AWS Cloud requires separate invoices for specific environments such as development testing and production. How can this be achieved?
A. Use multiple AWS accounts
B. Use resource tagging
C. Use multiple VPCs
D. Use Cost Explorer

Answer 439

Answer: B

Question 440

440
Which AWS service can be used in the application deployment process?
A. AWS AppSync
B. AWS Batch
C. AWS CodePipeline
D. AWS DataSync

Answer 440

Answer: C

Question 441

441
What can be used to reduce the cost of running Amazon EC2 instances? (Choose two.)
A. Spot Instances for stateless and flexible workloads
B. Memory optimized instances for high-compute workloads
C. On-Demand Instances for high-cost and sustained workloads
D. Reserved Instances for sustained workloads
E. Spend limits set using AWS Budgets

Answer 441

Answer: AD

Question 442

442
A company is launching an e-commerce site that will store and process credit card data. The company requires information about AWS compliance reports and AWS agreements. Which AWS service provides on-demand access to these items?
A. AWS Certificate Manager
B. AWS Config
C. AWS Artifact
D. AWS CloudTrail

Answer 442

Answer: C

Question 443

443
Which AWS service or feature allows the user to manager cross-region application traffic?
A. Amazon AppStream 2.0
B. Amazon VPC
C. Elastic Load Balancer
D. Amazon Route 53

Answer 443

Answer: A

Question 444

444
Which AWS service can be used to track unauthorized API calls?
A. AWS Config
B. AWS CloudTrail
C. AWS Trusted Advisor
D. Amazon Inspector

Answer 444

Answer: B

Question 445

445
A user needs to regularly audit and evaluate the setup of all AWS resources identify noncompliant accounts and be notified when a resource changes. Which AWS service can be used to meet these requirements?
A. AWS Trusted Advisor
B. AWS Config
C. AWS Resource Access Manager
D. AWS Systems Manager

Answer 445

Answer: B

Question 446

446
A user is planning to launch two additional Amazon EC2 instances to increase availability. Which action should the user take?
A. Launch the instances across multiple Availability Zones in a single AWS Region.
B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability Zone.
C. Launch the instances in multiple AWS Regions but in the same Availability Zone.
D. Launch the instances as EC2 Spot Instances in the same AWS Region but in different Availability Zones.

Answer 446

Answer: A

Question 447

447
A company must store critical business data in Amazon S3 with a backup to another AWS Region. How can this be achieved? A.
Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally B.
Set up Amazon S3 cross-region replication to another AWS Region C.
Amazon AWS Certified Cloud Practitioner Exam Configure the AWS Backup service to back up to the data to another AWS Region
D. Take Amazon S3 bucket snapshots and copy that data to another AWS Region

Answer 447

Answer: B

Question 448

448
Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost Allocation Tags
D. AWS Organizations

Answer 448

Answer: A

Question 449

449
What is the recommended method to request penetration testing on AWS resources?
A. Open a support case
B. Fill out the Penetration Testing Request Form
C. Request a penetration test from your technical account manager
D. Contact your AWS sales representative

Answer 449

Answer: B

Question 450

450
A user needs to automatically discover classify and protect sensitive data stored in Amazon S3. Which AWS service can meet these requirements?
A. Amazon Inspector
B. Amazon Macie
C. Amazon GuardDuty
D. AWS Secrets Manager

Answer 450

Answer: B

Question 451

451
Which components are required to build a successful site-to-site VPN connection on AWS? (Choose two.)
A. Internet gateway
B. NAT gateway
C. Customer gateway
D. Transit gateway
E. Virtual private gateway

Answer 451

Answer: CD

Question 452

452
Which Amazon EC2 pricing option is best suited for applications with short-term spiky or unpredictable workloads that cannot be interrupted?
A. Spot Instances
B. Dedicated Hosts
C. On-Demand Instances
D. Reserved Instances

Answer 452

Answer: C

Question 453

453
Which AWS cloud architecture principle states that systems should reduce interdependencies?
A. Scalability
B. Services not servers
C. Removing single points of failure
D. Loose coupling

Answer 453

Answer: D

Question 454

454
What is the MOST effective resource for staying up to date on AWS security announcements?
A. AWS Personal Health Dashboard
B. AWS Secrets Manager
C. AWS Security Bulletins
D. Amazon Inspector

Answer 454

Answer: C

Question 455

455
Which AWS service offers persistent storage for a file system?
A. Amazon S3
B. Amazon EC2 instance store
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon ElastiCache

Answer 455

Answer: C

Question 456

456
Which of the following allows AWS users to manage cost allocations for billing?
A. Tagging resources
B. Limiting who can create resources
C. Adding a secondary payment method
D. Running all operations on a single AWS account

Answer 456

Answer: A

Question 457

457
Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand? A.
Amazon GuardDuty B.
AWS Security Hub C.
AWS Artifact D.
Amazon AWS Certified Cloud Practitioner Exam AWS Shield

Answer 457

Answer: C

Question 458

458
Which of the following AWS services are serverless? (Choose two.)
A. AWS Lambda
B. Amazon Elasticsearch Service
C. AWS Elastic Beanstalk
D. Amazon DynamoDB
E. Amazon Redshift

Answer 458

Answer: AD

Question 459

459
Which AWS managed services can be used to extend an on-premises data center to the AWS network? (Choose two.)
A. AWS VPN
B. NAT gateway
C. AWS Direct Connect
D. Amazon Connect
E. Amazon Route 53

Answer 459

Answer: AC

Question 460

460
Which requirement must be met for a member account to be unlinked from an AWS Organizations account?
A. The linked account must be actively compliant with AWS System and Organization Controls (SOC).
B. The payer and the linked account must both create AWS Support cases to request that the member account be unlinked from the organization.
C. The member account must meet the requirements of a standalone account.
D. The payer account must be used to remove the linked account from the organization.

Answer 460

Answer: D

Question 461

461
What AWS benefit refers to a customer�s ability to deploy applications that scale up and down the meet variable demand?
A. Elasticity
B. Agility
C. Security
D. Scalability

Answer 461

Answer: D

Question 462

462
During a compliance review one of the auditors requires a copy of the AWS SOC 2 report. Which service should be used to submit this request?
A. AWS Personal Health Dashboard
B. AWS Trusted Advisor
C. AWS Artifact
D. Amazon S3

Answer 462

Answer: C

Question 463

463
A company wants to set up a highly available workload in AWS with a disaster recovery plan that will allow the company to recover in case of a regional service interruption. Which configuration will meet these requirements?
A. Run on two Availability Zones in one AWS Region using the additional Availability Zones in the AWS Region for the disaster recovery site.
B. Run on two Availability Zones in one AWS Region using another AWS Region for the disaster recovery site.
C. Run on two Availability Zones in one AWS Region using a local AWS Region for the disaster recovery site.
D. Run across two AWS Regions using a third AWS Region for the disaster recovery site.

Answer 463

Answer: A

Question 464

464
A company has a 500 TB image repository that needs to be transported to AWS for processing. Which AWS service can import this data MOST cost-effectively?
A. AWS Snowball
B. AWS Direct Connect
C. AWS VPN
D. Amazon S3

Answer 464

Answer: D

Question 465

465
Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)?
A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR

Answer 465

Answer: C

Question 466

466
Which of the following assist in identifying costs by department? (Choose two.)
A. Using tags on resources
B. Using multiple AWS accounts
C. Using an account manager
D. Using AWS Trusted Advisor
E. Using Consolidated Billing

Answer 466

Answer: BE

Question 467

467
A company wants to allow full access to an Amazon S3 bucket for a particular user. Which element in the S3 bucket policy holds the user details that describe who needs access to the S3 bucket?
A. Principal
B. Action
C. Resource
D. Statement

Answer 467

Answer: C

Question 468

468
Which AWS service allows for effective cost management of multiple AWS accounts?
A. AWS Organizations
B. AWS Trusted Advisor
C. AWS Direct Connect
D. Amazon Connect

Answer 468

Answer: A

Question 469

469
A company is piloting a new customer-facing application on Amazon Elastic Compute Cloud (Amazon EC2) for one month. What pricing model is appropriate?
A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Hosts

Answer 469

Answer: C

Question 470

470
Which AWS tools automatically forecast future AWS costs?
A. AWS Support Center
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Simple Monthly Calculator
D. Cost Explorer

Answer 470

Answer: D

Question 471

471
Under the AWS shared responsibility model which of the following is a responsibility of AWS?
A. Enabling server-side encryption for objects stored in S3
B. Applying AWS IAM security policies
C. Patching the operating system on an Amazon EC2 instance
D. Applying updates to the hypervisor

Answer 471

Answer: D

Question 472

472
A user is able to set up a master payer account to view consolidated billing reports through:
A. AWS Budgets.
B. Amazon Macie.
C. Amazon QuickSight.
D. AWS Organizations.

Answer 472

Answer: D

Question 473

473
Performing operations as code is a design principle that supports which pillar of the AWS Well- Architected Framework?
A. Performance efficiency
B. Operational excellence
C. Reliability
D. Security

Answer 473

Answer: B

Question 474

474
Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework?
A. Vertical scaling
B. Manual failure recovery
C. Testing recovery procedures
D. Changing infrastructure manually

Answer 474

Answer: C

Question 475

475
What is a characteristic of Convertible Reserved Instances (RIs)?
A. Users can exchange Convertible RIs for other Convertible RIs from a different instance family.
B. Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.
C. Users can sell and buy Convertible RIs on the AWS Marketplace.
D. Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs.

Answer 475

Answer: A

Question 476

476
The user is fully responsible for which action when running workloads on AWS?
A. Patching the infrastructure components
B. Implementing controls to route application traffic
C. Maintaining physical and environmental controls
D. Maintaining the underlying infrastructure components

Answer 476

Answer: B

Question 477

477
An architecture design includes Amazon EC2 an Elastic Load Balancer and Amazon RDS. What is the BEST way to get a monthly cost estimation for this architecture? A.
Open an AWS Support case provide the architecture proposal and ask for a monthly cost estimation.
B. Collect the published prices of the AWS services and calculate the monthly estimate.
C. Use the AWS Simple Monthly Calculator to estimate the monthly cost.
D. Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.

Answer 477

Answer: C

Question 478

478
Which are benefits of using Amazon RDS over Amazon EC2 when running relational databases on AWS? (Choose two.)
A. Automated backups
B. Schema management
C. Indexing of tables
D. Software patching
E. Extract transform and load (ETL) management

Answer 478

Answer: AD

Question 479

479
What does the Amazon S3 Intelligent-Tiering storage class offer? A.
Payment flexibility by reserving storage capacity B.
Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure durable and lowest cost storage for data archival

Answer 479

Answer: C

Question 480

480
A company has multiple data sources across the organization and wants to consolidate data into one data warehouse. Which AWS service can be used to meet this requirement?
A. Amazon DynamoDB
B. Amazon Redshift
C. Amazon Athena
D. Amazon QuickSight

Answer 480

Answer: B

Question 481

481
Which AWS service can be used to track resource changes and establish compliance?
A. Amazon CloudWatch
B. AWS Config
C. AWS CloudTrail
D. AWS Trusted Advisor

Answer 481

Answer: B

Question 482

482
A user has underutilized on-premises resources. Which AWS Cloud concept can BEST address this issue?
A. High availability
B. Elasticity
C. Security
D. Loose coupling

Answer 482

Answer: B

Question 483

483
A user has a stateful workload that will run on Amazon EC2 for the next 3 years. What is the MOST cost-effective pricing model for this workload?
A. On-Demand Instances
B. Reserved Instances
C. Dedicated Instances
D. Spot Instances

Answer 483

Answer: B

Question 484

484
A cloud practitioner needs an Amazon EC2 instance to launch and run for 7 hours without interruptions. What is the most suitable and cost-effective option for this task?
A. On-Demand Instance
B. Reserved Instance
C. Dedicated Host
D. Spot Instance

Answer 484

Answer: A

Question 485

485
Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
A. Providing high-performance container orchestration
B. Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E. Implementing enforced tagging across AWS resources

Answer 485

Answer: CD

Question 486

486
A developer has been hired by a large company and needs AWS credentials. Which are security best practices that should be followed? (Choose two.)
A. Grant the developer access to only the AWS resources needed to perform the job.
B. Share the AWS account root user credentials with the developer.
C. Add the developer to the administrator’s group in AWS IAM.
D. Configure a password policy that ensures the developer’s password cannot be changed.
E. Ensure the account password policy requires a minimum length.

Answer 486

Answer: AE

Question 487

487
Which AWS storage service is designed to transfer petabytes of data in and out of the cloud?
A. AWS Storage Gateway
B. Amazon S3 Glacier Deep Archive
C. Amazon Lightsail
D. AWS Snowball

Answer 487

Answer: D

Question 488

488
Which service provides a user the ability to warehouse data in the AWS Cloud?
A. Amazon EFS
B. Amazon Redshift
C. Amazon RDS
D. Amazon VPC

Answer 488

Answer: B

Question 489

489
A user is planning to migrate an application workload to the AWS Cloud. Which control becomes the responsibility of AWS once the migration is complete?
A. Patching the guest operating system
B. Maintaining physical and environmental controls
C. Protecting communications and maintaining zone security
D. Patching specific applications

Answer 489

Answer: B