CLF-C02

Question 1

A user deploys an Amazon RDS DB instance in multiple Availability Zones. This strategy involves which pillar of the AWS Well-Architected Framework?

A - Performance Efficiency
B - Reliability
C - Cost Optimization
D - Security

Answer 1

Reliability

The reliability pillar includes the ability of a workload to perform its intended function correctly and consistently when it is expected to do so. The deployment of Amazon RDS in multiple Availability Zones supports the goal of reliability because it reduces single points of failure.

Question 2

A company has an on-premises Linux-based server with an Oracle database that runs on it. The company wants to migrate the database server to run on an Amazon EC2 instance in AWS. Which service should the company use to complete the migration?

A - AWS Database Migration Service (DMS)
B - AWS Migration Hub
C - AWS Application Migration Service (MGN)
D - AWS Application Discovery Service

Answer 2

AWS Application Migration Service (MGN)

AWS MGN is an automated lift-and-shift solution. This solution can migrate physical servers and any databases or applications that run on them to EC2 instances in AWS.

Question 3

Which AWS service allows customers to purchase unused Amazon EC2 capacity at an often discounted rate?

A - Reserved Instances
B - On-Demand Instances
C - Dedicated Instances
D - Spot Instances

Answer 3

Spot Instances

With Spot Instances, you can access unused EC2 capacity. Spot Instances can be discounted.

Question 4

A company requires a relational database on AWS that records new customer orders from a website. Which AWS service or feature will meet this requirement?

A - AWS Global Accelerator
B - Amazon DynamoDB
C - Amazon Aurora
D - Amazon Elastic Block Store (EBS)

Answer 4

Amazon Aurora

Aurora is a MySQL- and PostgreSQL-compatible relational database built for the cloud. Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.

Question 5

Which of the functionalities are characteristics of Amazon S3? (Select TWO.)

A - A Global File System
B - An Object Store
C - A Local File Store
D - A Network File System
E - A Durable Storage System

Answer 5

An Object Store & A Durable Storage System

Amazon S3 is an object storage service & Amazon S3 is a durable object storage service.

Question 6

How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Select TWO.)

A - By the time it takes for the Lambda function to run
B - By the number of versions of a specific Lambda function
C - By the number of requests made for a given Lambda function
D- By the programming language that is used for the Lambda function
E - By the total number of Lambda functions in an AWS account

Answer 6

By the time it takes for the Lambda function to run & By the number of requests made for a given Lambda function

Lambda charges are dependent on the amount of time it takes to run the code & Lambda charges are dependent on the number of requests for your Lambda functions.

Question 7

A company wants to create a learning application for students. The learning application must give students the option to choose a button to have the text read out loud to them. Which AWS machine learning service will meet this requirement?

A - Amazon Transcribe
B - Amazon Polly
C - Amazon Translate
D - Amazon Textract

Answer 7

Amazon Polly

Amazon Polly is a machine learning service that converts text to speech. This service provides the ability to read text out loud.

Question 8

A company wants to establish a consistent and private connection from the company’s on-premises data center to the AWS Cloud. Which AWS service will meet these requirements?

A - AWS Client VPN
B - Amazon Connect
C - AWS Direct Connect
D - AWS Site-to-Site VPN

Answer 8

AWS Direct Connect

Direct Connect links your internal network to a Direct Connect location through a standard Ethernet fiber-optic cable. One end of the cable connects to your router. The other end of the cable connects to a Direct Connect router. AWS Direct Connect is consistent and private because your company is the only user of the cable.

Question 9

A company requires an encrypted connection between the company’s on-premises servers and AWS. The connection must use the company’s existing internet connection. Which solution will meet these requirements?

A - AWS Direct Connect
B - Amazon Connect
C - Amazon CloudFront
D - AWS Site-to-Site VPN

Answer 9

AWS Site-to-Site VPN

Site-to-Site VPN creates an encrypted network path between your on-premises network and your AWS Cloud network. This connection between your on-premises network and your AWS Cloud network uses the internet.

Question 10

A company is hosting a static website from a single Amazon S3 bucket. Which AWS service will achieve lower latency and high transfer speeds?

A - AWS Elastic Beanstalk
B - Amazon BynamoDB Accelerator (DAX)
C - Amazon Route 53
D - Amazon CloudFront

Answer 10

Amazon CloudFront

CloudFront is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. Content is cached in edge locations. Content that is repeatedly accessed can be served from the edge locations instead of the source S3 bucket.

Question 11

Which tasks are the customer’s responsibility according to the AWS shared responsibility model? (Select TWO.)

A - Patch the operating system that AWS Lambda functions use
B - Install patches on Amazon RDS DB instances
C - Control physical access to the data center that contains a customer’s VPC
D - Configure IAM users according to the principle of least privilege
E - Configure an Amazon S3 bucket to allow public access

Answer 11

**Configure IAM users according to the principle of least privilege & Configure an Amazon S3 bucket to allow public access **

AWS provides AWS Identity and Access Management (IAM) as a service. The customer defines IAM users and the access policies that apply to those users & The customer determines access permissions to S3 buckets that the customer owns.

Question 12

A company is moving all of their development activities to AWS. The company wants a solution to store and manage their developers’ source code. Which AWS coding service will meet this requirement?

A - AWS CodeArtifact
B - AWS CodeBuild
C - AWS CodePipeline
D - AWS CodeCommit

Answer 12

AWS CodeCommit

CodeCommit is a source code version control service. CodeCommit helps users store and manage developers’ source code in AWS.

Question 13

What is the MINIMUM AWS Support plan that provides technical support through phone calls?

A - Enterprise
B - Business
C - Developer
D - Basic

Answer 13

Business

You can call or chat with technical support by using the Business Support plan or the Enterprise Support plan. The Business Support plan is the minimum plan that provides this feature.

Question 14

A company needs to monitor and receive alerts about AWS Management Console sign-in events that involve the AWS account root user. Which AWS service can the company use to meet these requirements?

A - Amazon CloudWatch
B - AWS Config
C - AWS Trusted Advisor
D - AWS Identity and Access Management (IAM)

Answer 14

Amazon CloudWatch

CloudWatch monitors your AWS resources and the applications that you run on AWS in real time. You can use CloudWatch with AWS CloudTrail to monitor and receive alerts about console sign-in events that involve the AWS account root user.

Question 15

Which AWS service identifies security groups that allow unrestricted access to a user’s AWS resources?

A - AWS Trusted Advisor
B - AWS Config
C - Amazon CloudWatch
D - AWS CloudTrail

Answer 15

AWS Trusted Advisor

Trusted Advisor checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity, such as hacking, denial-of-service attacks, or loss of data.

Question 16

What are the advantages of deploying an application with Amazon EC2 instances in multiple Availability Zones? (Select TWO.)

A - Preventing a single point of failure
B - Reducing the operational costs of the application
C - Allowing the application to serve cross-region users with low latency
D - Increasing the avilability of the application
E - Increasing the load of the application

Answer 16

Preventing a single point of failure & Increasing the availability of the application

The deployment of the EC2 instances in multiple Availability Zones prevents a single point of failure. Availability Zones are designed for physical redundancy and to provide resilience with uninterrupted performance & If you host all your instances in a single location that is affected by a failure, none of your instances would be available. Availability Zones are designed for physical redundancy and to provide resilience with uninterrupted performance.

Question 17

Each department within a company has its own independent AWS account and its own payment method. The company needs to centralize departmental governance and consolidate payments. How can the company achieve these objectives by using AWS services or features?

A - Use AWS Cloud Map on each departmental account.
B - Create an organization in AWS Organizations with all features enabled within one account. Invite all accounts to join the organization.
C - Use AWS Systems Manager OpsCenter.
D - Use the AWS Cost and Usage Reports page of the AWS Billing and Cost Management console.

Answer 17

Create an organization in AWS Organizations with all features enabled within one account. Invite all accounts to join the organization.

Organizations provides centralized governance and billing for an AWS environment, including multiple accounts.

Question 18

What are benefits of using the AWS Cloud for companies with customers in many countries around the world? (Select TWO.)

A - Companies can deploy applications in multiple AWS Regions to reduce latency.
B - Amazon Translate automatically translates third-party website interfaces into multiple languages.
C - Amazon CloudFront has multiple edge locations around the world to reduce latency.
D - Amazon Comprehend allows users to build applications that can respond to user requests in many languages
E - Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world, which reduces latency

Answer 18

Companies can deploy applications in multiple AWS Regions to reduce latency & Amazon CloudFront has multiple edge locations around the world to reduce latency.

The use of Regions around the world will improve an application’s global performance and reduce latency for users. CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to global customers with low latency and high transfer speeds.

Question 19

Which credential components are required to gain programmatic access to an AWS account? (Select TWO.)

A - An access key ID
B - A primary key
C - A secret access key
D - A user ID
E - A secondary key

Answer 19

An access key ID & A secret access key

Programmatic access requires an access key ID and a secret access key that can be assigned to an AWS user.

Question 20

A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3. Which AWS service can meet these requirements?

A - Amazon Inspector
B - Amazon Macie
C - Amazon GuardDuty
D - AWS Secrets Manager

Answer 20

Amazon Macie

Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Question 21

What is cloud computing?

A - Backing up files that are stored on desktop and mobile devices to prevent data loss
B - Deploying applications connected to on-premises infrastructure
C - Running code without needing to manage or provision servers
D - On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Answer 21

On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Question 22

What is another name for on-premises deployment?

A - Private cloud deployment
B - Cloud-based application
C - Hybrid deployment
D - AWS Cloud

Answer 22

Private cloud deployment

Question 23

How does the scale of cloud computing help you to save costs?

A - You do not have to invest in technology resources before using them.
B - The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
C - Accessing services on-demand helps to prevent excess or limited capacity.
D - You can quickly deploy applications to customers and provide them with low latency.

Answer 23

The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

Question 24

Which Amazon EC2 instance type is suitable for data warehousing applications?

A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized

Answer 24

Storage optimized

Question 25

Which Amazon EC2 instance type balances compute, memory, and networking resources?

A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized

Answer 25

General purpose

Question 26

Which Amazon EC2 instance type is ideal for high-performance databases?

A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized

Answer 26

Memory optimized

Question 27

Which Amazon EC2 instance type offers high-performance processors?

A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized

Answer 27

Compute optimized

Question 28

Which Amazon EC2 pricing option provides a discount when you specify a number of EC2 instances to run a specific OS, instance family and size, and tenancy in one Region?

A - Convertible Reserved Instances
B - EC2 Instance Savings Plans
C - Spot Instances
D - Standard Reserved Instances

Answer 28

**Standard Reserved Instances ** require you to specify:

• instance family and size
• platform description
• tenancy
• Region

Your specified amount of EC2 instances are covered over a 1-year or 3-year term.

Question 29

Which Amazon EC2 pricing option provides a discount when you make an hourly spend commitment to an instance family and Region for a 1-year or 3-year term?

A - On-Demand
B - EC2 Instance Savings Plans
C - Spot Instances
D - Reserved Instances

Answer 29

EC2 Instance Savings Plans

EC2 Instance Savings Plans reduce your EC2 instance costs when you make an hourly spend commitment to an instance family and Region for a 1-year or 3-year term.

Question 30

Which AWS service is the best choice for publishing messages to subscribers?

A - Amazon Simple Queue Service (Amazon SQS)
B - Amazon EC2 Auto Scaling
C - Amazon Simple Notification Service (Amazon SNS)
D - Elastic Load Balancing (ELB)

Answer 30

Amazon Simple Notification Service (Amazon SNS).

Amazon SNS is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.

Question 31

You want to use an Amazon EC2 instance for a batch processing workload. What would be the best Amazon EC2 instance type to use?

A - General purpose
B - Memory optimized
C - Compute optimized
D - Storage optimized

Answer 31

Compute optimized

Question 32

What are the contract length options for Amazon EC2 Reserved Instances? (Select TWO.)

A - 1 year
B - 2 year
C - 3 year
D - 4 year
E - 5 year

Answer 32

1 year & 3 years

Reserved Instances require a commitment of either 1 year or 3 years. The 3-year option offers a larger discount.

Question 33

You have a workload that will run for a total of 6 months and can withstand interruptions. What would be the most cost-efficient Amazon EC2 purchasing option?

A - Reserved Instance
B - Spot Instances
C - Dedicated Instances
D - On-Demand Instances

Answer 33

Spot Instance

Question 34

Which process is an example of Elastic Load Balancing?

A - Ensuring that no single Amazon EC2 instance has to carry the full workload on its own
B - Removing unneeded Amazon EC2 instances when demand is low
C - Adding a second Amazon EC2 instance during an online store’s popular sale
D - Automatically adjusting the number of Amazon EC2 instances to meet demand

Answer 34

Ensuring that no single Amazon EC2 instance has to carry the full workload on its own.

Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.

Question 35

You want to deploy and manage containerized applications. Which service should you use?

A - AWS Lambda
B - Amazon Simple Notification Service (Amazon SNS)
C - Amazon Simple Queue Service (Amazon SQS)
D - Amazon Elastic Kubernetes Service (Amazon EKS)

Answer 35

Amazon Elastic Kubernetes Service (Amazon EKS).

Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Question 36

Which statement best describes an Availability Zone?

A - A geographical area that contains AWS resources
B - A single data center or group of data centers within a Region
C - A data center that an AWS service uses to perform service-specific operations
D - A service that you can use to run AWS infrastructure within your own on-premises data center in a hybrid approach

Answer 36

A single data center or group of data centers within a Region.

Question 37

Which statement is TRUE for the AWS global infrastructure?

A - A Region consists of a single Availability Zone.
B - An Availability Zone consists of two or more Regions.
C - A Region consists of three or more Availability Zones.
D - An Availability Zone consists of a single Region.

Answer 37

A Region consists of three or more Availability Zones.

For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.

Question 38

Which factors should be considered when selecting a Region? (Select TWO.)

A - Compliance with data governance and legal requirements
B - Proximity to your customers
C - Access to 24/7 technical support
D - Ability to assign custom permissions to different users
E - Access to the AWS Command Line Interface (AWS CLI)

Answer 38

Compliance with data governance and legal requirements & Proximity to your customers

Two other factors to consider when selecting a Region are pricing and the services that are available in a Region.

Question 39

Which statement best describes Amazon CloudFront?

A - A service that enables you to run infrastructure in a hybrid cloud approach
B - A serverless compute engine for containers
C - A service that enables you to send and receive messages between software components through a queue
D - A global content delivery service

Answer 39

A global content delivery service.

Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Question 40

Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location?

A - Region
B - Availability Zone
C - Edge Location
D - Origin

Answer 40

Edge location.

Question 41

Which action can you perform with AWS Outposts?

A - Automate actions for AWS services and applications through scripts.
B - Access wizards and automated workflows to perform tasks in AWS services.
C - Develop AWS applications in supported programming languages.
D - Extend AWS infrastructure and services to different locations including your on-premises data center.

Answer 41

Extend AWS infrastructure and services to different locations, including your on-premises data center.

Question 42

Which statement best describes an AWS account’s default network access control list?

A - It is stateless and denies all inbound and outbound traffic.
B - It is stateful and allows all inbound and outbound traffic.
C - It is stateless and allows all inbound and outbound traffic.
D - It is stateful and denies all inbound and outbound traffic.

Answer 42

It is stateless and allows all inbound and outbound traffic.

Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.

Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.

By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.

Question 43

Which statement best describes DNS resolution?

A - Launching resources in a virtual network that you define
B - Storing local copies of content at edge locations around the world
C - Connecting a VPC to the internet
D - Translating a domain name to an IP address

Answer 43

Translating a domain name to an IP address.

For example, if you want to visit AnyCompany’s website, you enter the domain name into your PC and this request is sent to a DNS server. Next, the DNS server asks the web server for the IP address that corresponds to AnyCompany’s website. The web server responds by providing the IP address for AnyCompany’s website, 192.0.2.0.

Question 44

Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?

A - Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.
B - Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
C - Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
D - Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.

Answer 44

Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.

A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.

Public subnets contain resources that need to be accessible by the public, such as an online store’s website.

Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

Question 45

Which component can be used to establish a private dedicated connection between your company’s data center and AWS?

A - Private subnet
B - DNS
C - AWS Direct Connect
D - Virtual Private Gateway

Answer 45

AWS Direct Connect

Question 46

Which statement best describes security groups?

A - They are stateful and deny all inbound traffic by default.
B - They are stateful and allow all inbound traffic by default.
C - They are stateless and deny all inbound traffic by default.
D - They are stateless and allow all inbound traffic by default.

Answer 46

Security groups are stateful and deny all inbound traffic by default.

Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.

By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

Question 47

Which component is used to connect a VPC to the internet?

A - Public Subnet
B - Edge Location
C - Security Group
D - Internet Gateway

Answer 47

Internet gateway.

Question 48

Which service is used to manage the DNS records for domain names?

A - Amazon Virtual Private Cloud
B - AWS Direct Connect
C - Amazon CloudFront
D - Amazon Route53

Answer 48

Amazon Route 53.

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS.

Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.

Question 49

Which of the following are characteristics of the Amazon EBS service? (Select TWO.)

A - Best for data that requires retention
B - Best for temporary data that is not kept long term
C - Separate drives from the host computer of an EC2 instance
D - Physically attached to the host computer of an EC2 instance
E - Data is deleted when an EC2 instance is stopped

Answer 49

Best for data that requires retention & Separate drives from the host computer of an EC2 instance

Question 50

You want to store data that is infrequently accessed but must be immediately available when needed. Which Amazon S3 storage class should you use?

A -S3 Intelligent-Tiering
B -S3 Glacier Deep Archive
C - S3 Standard-IA
D - S3 Glacier Flexible Retrieval

Answer 50

S3 Standard-IA.

The S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but at a lower storage price.

Question 51

What are the scenarios in which you should use Amazon Relational Database Service (Amazon RDS)? (Select TWO.)

A - Running a serverless database
B - Using SQL to organize data
C - Storing data in a key-value database
D - Scaling up to 10 trillion requests per day
E - Storing data in an Amazon Aurora database

Answer 51

Using SQL to organize data & Storing data in an Amazon Aurora database

The other three response options are scenarios in which you should use Amazon DynamoDB.

Question 52

Which Amazon S3 storage classes are optimized for archival data? (Select TWO.)

A - Amazon S3 Standard
B - Amazon S3 Glacier Flexible Retrieval
C - Amazon S3 Intelligent-Tiering
D - Amazon S3 Standard-IA
E - Amazon S3 Glacier Deep Archive

Answer 52

Amazon S3 Glacier Flexible Retrieval & Amazon S3 Glacier Deep Archive

Objects stored in the Amazon S3 Glacier Flexible Retrieval storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the Amazon S3 Glacier Deep Archive storage class can be retrieved within 12 hours.

Question 53

Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems?

A - EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.
B - EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone.
C - EBS volumes and Amazon EFS file systems both store data within a single Availability Zone.
D - EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.

Answer 53

EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.

An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.

Question 54

You want to store data in an object storage service. Which AWS service is best for this type of storage?

A - Amazon Managed Blockchain
B - Amazon Elastic File System (Amazon EFS)
C - Amazon Elastic Block Store (Amazon EBS)
D - Amazon Simple Storage Service (Amazon S3)

Answer 54

Amazon Simple Storage Service (Amazon S3).

Question 55

Which statement best describes Amazon DynamoDB?

A - A service that enables you to run relational databases in the AWS Cloud
B - A serverless key-value database service
C - A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores
D - An enterprise-class relational database

Answer 55

A serverless key-value database service.

Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.

Question 56

Which service is used to query and analyze data across a data warehouse?

A - Amazon Redshift
B - Amazon Neptune
C - Amazon DocumentDB
D - Amazon ElastiCache

Answer 56

Amazon Redshift.

Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

Question 57

Which tasks are the responsibilities of customers? (Select TWO.)

A - Maintaining network infrastructure
B - Patching software on Amazon EC2 instances
C - Implementing physical security controls at data centers
D - Setting permissions for Amazon S3 objects
E - Maintaining servers that run Amazon EC2 instances

Answer 57

Patching software on Amazon EC2 instances & Setting permissions for Amazon S3 objects

The other three response options are tasks that are the responsibility of AWS.

Question 58

You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)

A - IAM users
B - IAM groups
C - An individual member account
D - IAM roles
E - An organizational unit (OU)

Answer 58

An individual member account & An organizational unit (OU)

In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user.

You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user.

Question 59

Which tasks can you complete in AWS Artifact? (Select TWO.)

A - Access AWS compliance reports on-demand.
B - Consolidate and manage multiple AWS accounts within a central location.
C - Create users to enable people and applications to interact with AWS services and resources.
D - Set permissions for accounts by configuring service control policies (SCPs).
E - Review, accept, and manage agreements with AWS.

Answer 59

Access AWS compliance reports on-demand. & Review, accept, and manage agreements with AWS.

Question 60

Which statement best describes an IAM policy?

A - An authentication process that provides an extra layer of protection for your AWS account
B - A document that grants or denies permissions to AWS services and resources
C - An identity that you can assume to gain temporary access to permissions
D - The identity that is established when you first create an AWS account

Answer 60

A document that grants or denies permissions to AWS services and resources.

IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.

Question 61

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?

A - AWS account root user
B - IAM group
C - IAM role
D - Service control policy (SCP)

Answer 61

IAM role.

An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.

Question 62

Which statement best describes the principle of least privilege?

A - Adding an IAM user into at least one IAM group
B - Checking a packet’s permissions against an access control list
C - Granting only the permissions that are needed to perform specific tasks
D - Performing a denial of service attack that originates from at least one device

Answer 62

Granting only the permissions that are needed to perform specific job tasks.

When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.

Question 63

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?

A - Amazon GuardDuty
B - Amazon Inspector
C - AWS Artifact
D - AWS Shield

Answer 63

AWS Shield.

As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.

Question 64

Which task can AWS Key Management Service (AWS KMS) perform?

A - Configure multi-factor authentication (MFA).
B - Update the AWS account root user password.
C - Create cryptographic keys.
D - Assign permissions to users and groups.

Answer 64

Create cryptographic keys.

AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Question 65

Which tasks can you perform using AWS CloudTrail? (Select TWO.)

A - Monitor your AWS infrastructure and resources in real time
B - Track user activities and API requests throughout your AWS infrastructure
C - View metrics and graphs to monitor the performance of resources
D - Filter logs to assist with operational analysis and troubleshooting
E - Configure automatic actions and alerts in response to metrics

Answer 65

Track user activities and API requests throughout your AWS infrastructure & Filter logs to assist with operational analysis and troubleshooting

The other response options are tasks that you can perform in Amazon CloudWatch.

Question 66

Which actions can you perform using Amazon CloudWatch? (Select TWO.)

A - Monitor your resources’ utilization and performance
B - Receive real-time guidance for improving your AWS environment
C - Compare your infrastructure to AWS best practices in five categories
D - Access metrics from a single dashboard
E - Automatically detect unusual account activity

Answer 66

Monitor your resources’ utilization and performance & Access metrics from a single dashboard

Question 67

Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?

A - Amazon CloudWatch
B - AWS CloudTrail
C - AWS Trusted Advisor
D - Amazon GuardDuty

Answer 67

AWS Trusted Advisor.

AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.

Question 68

Which categories are included in the AWS Trusted Advisor dashboard? (Select TWO.)

A - Reliability
B - Performance
C - Scalability
D - Elasticity
E - Fault tolerance

Answer 68

Performance & Fault tolerance

AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.

Question 69

The AWS Free Tier includes offers that are available to new AWS customers for a certain period of time following their AWS sign-up date. What is the duration of this period?

A - 3 months
B - 6 months
C - 9 months
D - 12 months

Answer 69

12 months.

The AWS Free Tier consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.

For 12 months after you first sign up for an AWS account, you can take advantage of offers in the 12 Months Free category. Examples of offers in this category include specific amounts of Amazon S3 Standard Storage, thresholds for monthly hours of Amazon EC2 compute time, and amounts of Amazon CloudFront data transfer out.

Question 70

Which Support plan includes all AWS Trusted Advisor checks at the lowest cost?

A - Basic
B - Developer
C - Business
D - Enterprise

Answer 70

Business.

Only the Business, Enterprise On-Ramp, and Enterprise Support plans include all AWS Trusted Advisor checks. Of these three Support plans, the Business Support plan has a lower cost.

Question 71

Which action can you perform with consolidated billing?

A - Review how much cost your predicted AWS usage will incur by the end of the month.
B - Create an estimate for the cost of your use cases on AWS.
C - Combine usage across accounts to receive volume pricing discounts.
D - Visualize and manage your AWS costs and usage over time.

Answer 71

Combine usage across accounts to receive volume pricing discounts.

Question 72

Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time?

A - AWS Pricing Calculator
B - AWS Budgets
C - AWS Cost Explorer
D - AWS Free Tier

Answer 72

AWS Cost Explorer.

AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

Question 73

Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined?

A - Billing dashboard in the AWS Management Console
B - AWS Budgets
C - AWS Free Tier
D - AWS Cost Explorer

Answer 73

AWS Budgets.

In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.

Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.

Question 74

Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose?

A - Developer
B - Enterprise
C - Basic
D - Business

Answer 74

Enterprise.

A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Question 75

Which service or resource is used to find third-party software that runs on AWS?

A - AWS Marketplace
B - AWS Free Tier
C - AWS Support
D - Billing dashboard in the AWS Management Console

Answer 75

AWS Marketplace.

AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Question 76

Which Perspective of the AWS Cloud Adoption Framework helps you design, implement, and optimize your AWS infrastructure based on your business goals and perspectives?

A - Business Perspective
B - Platform Perspective
C - Operations Perspective
D - People Perspective

Answer 76

Platform Perspective.

The Platform Perspective of the AWS Cloud Adoption Framework also includes principles for implementing new solutions and migrating on-premises workloads to the cloud.

Question 77

Which migration strategy involves moving to a different product?

A - Refactoring
B - Retiring
C - Replatforming
D - Repurchasing

Answer 77

Repurchasing.

Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.

Question 78

What is the storage capacity of Snowball Edge Storage Optimized?

A - 40 TB
B - 60 TB
C - 80 TB
D - 100 TB

Answer 78

80 TB.

Snowball Edge Storage Optimized is a device that enables you to transfer large amounts of data into and out of AWS. It provides 80 TB of usable HDD storage.

Question 79

Which service helps you to quickly build, train, and deploy machine learning models?

A - Amazon Textract
B - Amazon Lex
C - AWS DeepRacer
D - Amazon SageMaker

Answer 79

Amazon SageMaker.

With Amazon SageMaker, you can quickly and easily begin working on machine learning projects. You do not need to follow the traditional process of manually bringing together separate tools and workflows.

Question 80

Which Perspective of the AWS Cloud Adoption Framework helps you structure the selection and implementation of permissions?

A - Governance Perspective
B - Security Perspective
C - Operations Perspective
D - Business Perspective

Answer 80

Security Perspective.

The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas on non-compliance and plan ongoing security initiatives.

Question 81

Which strategies are included in the six strategies for application migration? (Select TWO.)

A - Revisiting
B - Retaining
C - Remembering
D - Redeveloping
E - Rehosting

Answer 81

Retaining & Rehosting

The application migration strategies are rehosting, replatforming, refactoring/re-architecting, repurchasing, retaining, and retiring.

Question 82

What is the storage capacity of AWS Snowmobile?

A - 40 PB
B - 60 PB
C - 80 PB
D - 100 PB

Answer 82

100 PB.

AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi trailer truck.

Question 83

Which statement best describes Amazon Lex?

A - A service that enables you to build conversational interfaces using voice and text
B - A machine learning service that automatically extracts text and data from scanned documents
C - A document database service that supports MongoDB workloads
D - A service that enables you to identify potentially fraudulent online activities

Answer 83

Amazon Lex.

In Amazon Lex, you can quickly build, test, and deploy conversational chatbots to use in your applications.

Question 84

Which pillar of the AWS Well-Architected Framework focuses on the ability of a workload to consistently and correctly perform its intended functions?

A - Operational Excellence
B - Performance Efficiency
C - Security
D - Reliability

Answer 84

Reliability.

Question 85

Which process is an example of benefiting from massive economies of scale?

A - Deploying an application in multiple Regions around the world
B - Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services
C - Paying for compute time as you use it instead of investing upfront costs in data centers
D - Scaling your infrastructure capacity in and out to meet demand

Answer 85

Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services.

Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale. The economies of scale translate into lower pay-as-you-go prices.

Question 86

Which pillar of the AWS Well-Architected Framework includes the ability to run workloads effectively and gain insights into their operations?

A - Cost Optimization
B - Operational Excellence
C - Performance Efficiency
D - Reliability

Answer 86

Operational Excellence.

Question 87

What are the benefits of cloud computing? (Select TWO.)

A - Increase speed and agility.
B - Benefit from smaller economies of scale.
C - Trade variable expense for upfront expense.
D - Maintain infrastructure capacity.
E - Stop spending money running and maintaining data centers.

Answer 87

Increase speed and agility. & Stop spending money running and maintaining data centers.

The six advantages of cloud computing are:

• Trade upfront expense for variable expense.
• Benefit from massive economies of scale.
• Stop guessing capacity.
• Increase speed and agility.
• Stop spending money running and maintaining data centers.
• Go global in minutes.

Question 88

Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features?

A - Rehosting
B - Replatforming
C - Refactoring
D - Repurchasing

Answer 88

Refactoring.

Question 89

Which service provides the capability to quickly deploy and scale applications on AWS?

A - AWS Outposts
B - AWS Elastic Beanstalk
C - Amazon CloudFront
D - AWS Snowball

Answer 89

AWS Elastic Beanstalk.

Businesses upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

Question 90

Which virtual private cloud (VPC) component controls inbound and outbound traffic for Amazon EC2 instances?

A - Security group
B - Subnet
C - Network access control list
D - Internet gateway

Answer 90

Security group.

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied.

Question 91

Which statement best describes an Availability Zone?

A - A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location
B - A separate geographical location with multiple locations that are isolated from each other
C - The server from which Amazon CloudFront gets files
D - A fully isolated portion of the AWS global infrastructure

Answer 91

A fully isolated portion of the AWS global infrastructure.

An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

Question 92

A cloud engineer wants to store data in a volume that is attached to an Amazon EC2 instance. Which service should they use?

A - AWS Lambda
B - Amazon Elastic Block Store (Amazon EBS)
C - Amazon ElastiCache
D - Amazon Simple Storage Service (Amazon S3)

Answer 92

Amazon Elastic Block Store (Amazon EBS).

Amazon EBS provides block-level storage volumes for Amazon EC2 instances. If a person stops or terminates an Amazon EC2 instance, all the data on the attached EBS volume remains available.

Question 93

Which service runs containerized applications on AWS?

A - Amazon Aurora
B - Amazon Elastic Kubernetes Service (Amazon EKS)
C - Amazon Redshift
D - Amazon SageMaker

Answer 93

Amazon Elastic Kubernetes Service (Amazon EKS).

Amazon EKS is a fully managed service that runs Kubernetes on AWS. Kubernetes is open-source software that deploys and manages containerized applications at scale.

Containers provide a standard way to package an application’s code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.

Question 94

Which AWS Trusted Advisor category includes checks for high-utilization EC2 instances?

A - Performance
B - Fault Tolerance
C - Cost Optimization
D - Security

Answer 94

Performance.

In this category, AWS Trusted Advisor also helps improve the performance of services by providing recommendations for how to take advantage of provisioned throughput.

Question 95

Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements?

A - Security
B - Reliability
C - Operational Excellence
D - Performance Efficiency

Answer 95

Performance Efficiency.

The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Question 96

Which actions can a person perform in Amazon Route 53? (Select TWO.)

A - Connect user requests to infrastructure in AWS and outside of AWS.
B - Access AWS security and compliance reports and select online agreements.
C - Monitor applications and respond to system-wide performance changes.
D - Automate the deployment of workloads into an AWS environment.
E - Manage DNS records for domain names.

Answer 96

Connect user requests to infrastructure in AWS and outside of AWS. & Manage DNS records for domain names

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS.

Additionally, businesses can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.

Question 97

Which statement best describes AWS Marketplace?

A - A resource that can answer questions about best practices and assist with troubleshooting issues
B - A resource that provides guidance, architectural reviews, and ongoing communication with companies as they plan, deploy, and optimize their applications
C - An online tool that inspects an AWS environment and provides real-time guidance in accordance with AWS best practices
D - A digital catalog that includes thousands of software listings from independent software vendors

Answer 97

A digital catalog that includes thousands of listings from independent software vendors.

Businesses can use AWS Marketplace to find, test, and buy software that runs on AWS.

Question 98

Which statement is TRUE for AWS Lambda?

A - Businesses pay only for compute time while their code is running.
B - The first step in using AWS Lambda is provisioning a server.
C - To use AWS Lambda, businesses must configure the servers that run their code.
D - Before using AWS Lambda, a business must prepay for their estimated compute time.

Answer 98

Businesses pay only for compute time while their code is running.

AWS Lambda is a service that runs code without needing to provision or manage servers.

Question 99

A cloud engineer is running an Amazon EC2 instance and wants to store data in an attached resource. Their data is temporary and will not be kept long term. Which resource should they use?

A - Amazon Elastic Block Store (Amazon EBS) volume
B - Instance store
C - Amazon S3 bucket
D - Subnet

Answer 99

Instance store.

Instance stores are ideal for temporary data that does not need to be kept long term.

When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

Question 100

Which statement best describes Elastic Load Balancing?

A - A service that provides the capability to create, manage, and scale a distributed in-memory or cache environment in the cloud

B - A service that monitors applications and automatically adds or removes capacity from resource groups in response to changing demand

C - A service that provides data for monitoring applications, optimize resource utilization, and respond to system-wide performance changes

D - A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances

Answer 100

A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances.

A load balancer acts as a single point of contact for all incoming web traffic to an Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.

Question 101

Which tool provides automation actions for AWS services and applications through scripts?

A - AWS Snowball
B - AWS Command Line Interface
C - Amazon QLDB
D - Amazon Redshift

Answer 101

AWS Command Line Interface.

The AWS Command Line Interface (AWS CLI) provides the capability to control multiple AWS services directly from the command line within one tool. For example, a person can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.

Question 102

Which service consolidates and manages multiple AWS accounts from a central location?

A - AWS Artifact
B - AWS Organizations
C - AWS Key Management Service (AWS KMS)
D - AWS Identity and Access Management (IAM)

Answer 102

AWS Organizations.

In AWS Organizations, businesses centrally control permissions for their accounts by using service control policies (SCPs). Additionally, businesses can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.

Question 103

Which Amazon EC2 pricing option reduces costs when a business makes an hourly spend commitment to an instance family and Region for a 1-year or 3-year term?

A - Spot Instances
B - Dedicated Hosts
C - EC2 Instance Savings Plans
D - Reserved Instances

Answer 103

EC2 Instance Savings Plans.

EC2 Instance Savings Plans reduces compute costs by committing to a consistent hourly spend for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any EC2 usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any EC2 usage beyond the commitment is charged at regular On-Demand Instance rates.

Question 104

Which service provides review details for user activities and API calls that have occurred within an AWS environment?

A - Amazon Inspector
B - AWS Trusted Advisor
C - Amazon CloudWatch
D - AWS CloudTrail

Answer 104

AWS CloudTrail.

With CloudTrail, a person can view a complete history of user activity and API calls for their applications and resources.

Events are typically updated in CloudTrail within 15 minutes after an API call was made. A person can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.

Question 105

An application developer wants to store data in a key-value database. Which service should they use?

A - Amazon DynamoDB
B - Amazon Aurora
C - Amazon RDS
D - Amazon DocumentDB

Answer 105

Amazon DynamoDB.

Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”.

In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.

Question 106

An application developer wants to send and receive messages between distributed application components. Which service should they use?

A - Amazon Simple Queue Service (Amazon SQS)
B - Amazon Route 53
C - AWS Snowball
D - Amazon ElastiCache

Answer 106

Amazon Simple Queue Service (Amazon SQS).

Amazon SQS is a message queuing service. Using Amazon SQS, an application developer can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.

In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

Question 107

Which statement best describes Amazon GuardDuty?

A - A service that monitors network requests for web applications
B - A service that helps protect applications against distributed denial-of-service (DDoS) attacks
C - A service that provides intelligent threat detection for AWS infrastructure and resources
D - A service that checks applications for security vulnerabilities and deviations from security best practices

Answer 107

A service that provides intelligent threat detection for your AWS infrastructure and resources.

AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within an AWS environment.

Question 108

A cloud architect wants Amazon S3 to monitor object access patterns. Which storage class should they use?

A - Amazon S3 Intelligent-Tiering
B - Amazon S3 Glacier Flexible Retrieval
C - Amazon S3 Standard-IA
D - Amazon S3 One Zone-IA

Answer 108

Amazon S3 Intelligent-Tiering.

In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors object access patterns. If an object has not been accessed for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.

Question 109

Which service is used to transfer up to 100 PB of data to AWS?

A - AWS DeepRacer
B - Amazon Neptune
C - AWS Snowmobile
D - Amazon CloudFront

Answer 109

AWS Snowmobile.

AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck.

Question 110

Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of business stakeholders?

A - Operations Perspective
B - Governance Perspective
C - People Perspective
D - Business Perspective

Answer 110

Operations Perspective.

The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.

Question 111

Which tool provides the capability to visualize, understand, and manage AWS costs and usage over time?

A - AWS Pricing Calculator
B - AWS Budgets
C - AWS Artifact
D - AWS Cost Explorer

Answer 111

AWS Cost Explorer.

With AWS Cost Explorer, businesses can quickly create custom reports to analyze their AWS cost and usage data.

Question 112

Which action can a person perform in Amazon CloudFront?

A - Deliver content to customers through a global network of edge locations.
B - Run infrastructure in a hybrid cloud approach.
C - Provision an isolated section of the AWS Cloud to launch resources in a virtual network that a person defines.
D - Provision resources by using programming languages or a text file.

Answer 112

Deliver content to customers through a global network of edge locations.

Amazon CloudFront is a content delivery service.

It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Question 113

Which tasks are the responsibilities of AWS? (Select TWO.)

A - Creating IAM users and groups
B - Maintaining virtualization infrastructure
C - Configuring security groups on Amazon EC2 instances
D - Configuring AWS infrastructure devices
E - Training company employees on how to use AWS services

Answer 113

**Maintaining virtualization infrastructure & Configuring AWS infrastructure devices **

The other three response options are tasks that are the responsibilities of customers.

Question 114

Which component or service establishes a dedicated private connection between an on-premises data center and virtual private cloud (VPC)?

A - AWS Direct Connect
B - Amazon CloudFront
C - Virtual private gateway
D - Internet gateway

Answer 114

AWS Direct Connect.

AWS Direct Connect is a service that establishes a dedicated private connection between an on-premises data center and VPC.

The private connection that AWS Direct Connect provides helps reduce network costs and increase the amount of bandwidth that can travel through a network.

Question 115

In the S3 Intelligent-Tiering storage class, Amazon S3 moves objects between a frequent access tier and an infrequent access tier. Which storage classes are used for these tiers? (Select TWO.)

A - S3 Glacier Flexible Retrieval
B - S3 Glacier Deep Archive
C - S3 Standard-IA
D - S3 Standard
E - S3 One Zone-IA

Answer 115

**S3 Standard & S3 Standard-IA **

In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects access patterns. If an object has not accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.

Question 116

Which service builds the workflows that are required for human review of machine learning predictions?

A - Amazon Augmented AI
B - Amazon Aurora
C - Amazon Textract
D - Amazon Lex

Answer 116

Amazon Augmented AI.

Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, a person can also create their own workflows for machine learning models built on Amazon SageMaker or any other tools.

Question 117

Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.)

A - Business
B - Enterprise
C - AWS Free Tier
D - Basic
E - Developer

Answer 117

Enterprise & Business