CLF-C02 Flashcards
A user deploys an Amazon RDS DB instance in multiple Availability Zones. This strategy involves which pillar of the AWS Well-Architected Framework?
A - Performance Efficiency
B - Reliability
C - Cost Optimization
D - Security
Reliability
The reliability pillar includes the ability of a workload to perform its intended function correctly and consistently when it is expected to do so. The deployment of Amazon RDS in multiple Availability Zones supports the goal of reliability because it reduces single points of failure.
A company has an on-premises Linux-based server with an Oracle database that runs on it. The company wants to migrate the database server to run on an Amazon EC2 instance in AWS. Which service should the company use to complete the migration?
A - AWS Database Migration Service (DMS)
B - AWS Migration Hub
C - AWS Application Migration Service (MGN)
D - AWS Application Discovery Service
AWS Application Migration Service (MGN)
AWS MGN is an automated lift-and-shift solution. This solution can migrate physical servers and any databases or applications that run on them to EC2 instances in AWS.
Which AWS service allows customers to purchase unused Amazon EC2 capacity at an often discounted rate?
A - Reserved Instances
B - On-Demand Instances
C - Dedicated Instances
D - Spot Instances
Spot Instances
With Spot Instances, you can access unused EC2 capacity. Spot Instances can be discounted.
A company requires a relational database on AWS that records new customer orders from a website. Which AWS service or feature will meet this requirement?
A - AWS Global Accelerator
B - Amazon DynamoDB
C - Amazon Aurora
D - Amazon Elastic Block Store (EBS)
Amazon Aurora
Aurora is a MySQL- and PostgreSQL-compatible relational database built for the cloud. Aurora combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases.
Which of the functionalities are characteristics of Amazon S3? (Select TWO.)
A - A Global File System
B - An Object Store
C - A Local File Store
D - A Network File System
E - A Durable Storage System
An Object Store & A Durable Storage System
Amazon S3 is an object storage service & Amazon S3 is a durable object storage service.
How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Select TWO.)
A - By the time it takes for the Lambda function to run
B - By the number of versions of a specific Lambda function
C - By the number of requests made for a given Lambda function
D- By the programming language that is used for the Lambda function
E - By the total number of Lambda functions in an AWS account
By the time it takes for the Lambda function to run & By the number of requests made for a given Lambda function
Lambda charges are dependent on the amount of time it takes to run the code & Lambda charges are dependent on the number of requests for your Lambda functions.
A company wants to create a learning application for students. The learning application must give students the option to choose a button to have the text read out loud to them. Which AWS machine learning service will meet this requirement?
A - Amazon Transcribe
B - Amazon Polly
C - Amazon Translate
D - Amazon Textract
Amazon Polly
Amazon Polly is a machine learning service that converts text to speech. This service provides the ability to read text out loud.
A company wants to establish a consistent and private connection from the company’s on-premises data center to the AWS Cloud. Which AWS service will meet these requirements?
A - AWS Client VPN
B - Amazon Connect
C - AWS Direct Connect
D - AWS Site-to-Site VPN
AWS Direct Connect
Direct Connect links your internal network to a Direct Connect location through a standard Ethernet fiber-optic cable. One end of the cable connects to your router. The other end of the cable connects to a Direct Connect router. AWS Direct Connect is consistent and private because your company is the only user of the cable.
A company requires an encrypted connection between the company’s on-premises servers and AWS. The connection must use the company’s existing internet connection. Which solution will meet these requirements?
A - AWS Direct Connect
B - Amazon Connect
C - Amazon CloudFront
D - AWS Site-to-Site VPN
AWS Site-to-Site VPN
Site-to-Site VPN creates an encrypted network path between your on-premises network and your AWS Cloud network. This connection between your on-premises network and your AWS Cloud network uses the internet.
A company is hosting a static website from a single Amazon S3 bucket. Which AWS service will achieve lower latency and high transfer speeds?
A - AWS Elastic Beanstalk
B - Amazon BynamoDB Accelerator (DAX)
C - Amazon Route 53
D - Amazon CloudFront
Amazon CloudFront
CloudFront is a web service that speeds up the distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. Content is cached in edge locations. Content that is repeatedly accessed can be served from the edge locations instead of the source S3 bucket.
Which tasks are the customer’s responsibility according to the AWS shared responsibility model? (Select TWO.)
A - Patch the operating system that AWS Lambda functions use
B - Install patches on Amazon RDS DB instances
C - Control physical access to the data center that contains a customer’s VPC
D - Configure IAM users according to the principle of least privilege
E - Configure an Amazon S3 bucket to allow public access
**Configure IAM users according to the principle of least privilege & Configure an Amazon S3 bucket to allow public access **
AWS provides AWS Identity and Access Management (IAM) as a service. The customer defines IAM users and the access policies that apply to those users & The customer determines access permissions to S3 buckets that the customer owns.
A company is moving all of their development activities to AWS. The company wants a solution to store and manage their developers’ source code. Which AWS coding service will meet this requirement?
A - AWS CodeArtifact
B - AWS CodeBuild
C - AWS CodePipeline
D - AWS CodeCommit
AWS CodeCommit
CodeCommit is a source code version control service. CodeCommit helps users store and manage developers’ source code in AWS.
What is the MINIMUM AWS Support plan that provides technical support through phone calls?
A - Enterprise
B - Business
C - Developer
D - Basic
Business
You can call or chat with technical support by using the Business Support plan or the Enterprise Support plan. The Business Support plan is the minimum plan that provides this feature.
A company needs to monitor and receive alerts about AWS Management Console sign-in events that involve the AWS account root user. Which AWS service can the company use to meet these requirements?
A - Amazon CloudWatch
B - AWS Config
C - AWS Trusted Advisor
D - AWS Identity and Access Management (IAM)
Amazon CloudWatch
CloudWatch monitors your AWS resources and the applications that you run on AWS in real time. You can use CloudWatch with AWS CloudTrail to monitor and receive alerts about console sign-in events that involve the AWS account root user.
Which AWS service identifies security groups that allow unrestricted access to a user’s AWS resources?
A - AWS Trusted Advisor
B - AWS Config
C - Amazon CloudWatch
D - AWS CloudTrail
AWS Trusted Advisor
Trusted Advisor checks security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity, such as hacking, denial-of-service attacks, or loss of data.
What are the advantages of deploying an application with Amazon EC2 instances in multiple Availability Zones? (Select TWO.)
A - Preventing a single point of failure
B - Reducing the operational costs of the application
C - Allowing the application to serve cross-region users with low latency
D - Increasing the avilability of the application
E - Increasing the load of the application
Preventing a single point of failure & Increasing the availability of the application
The deployment of the EC2 instances in multiple Availability Zones prevents a single point of failure. Availability Zones are designed for physical redundancy and to provide resilience with uninterrupted performance & If you host all your instances in a single location that is affected by a failure, none of your instances would be available. Availability Zones are designed for physical redundancy and to provide resilience with uninterrupted performance.
Each department within a company has its own independent AWS account and its own payment method. The company needs to centralize departmental governance and consolidate payments. How can the company achieve these objectives by using AWS services or features?
A - Use AWS Cloud Map on each departmental account.
B - Create an organization in AWS Organizations with all features enabled within one account. Invite all accounts to join the organization.
C - Use AWS Systems Manager OpsCenter.
D - Use the AWS Cost and Usage Reports page of the AWS Billing and Cost Management console.
Create an organization in AWS Organizations with all features enabled within one account. Invite all accounts to join the organization.
Organizations provides centralized governance and billing for an AWS environment, including multiple accounts.
What are benefits of using the AWS Cloud for companies with customers in many countries around the world? (Select TWO.)
A - Companies can deploy applications in multiple AWS Regions to reduce latency.
B - Amazon Translate automatically translates third-party website interfaces into multiple languages.
C - Amazon CloudFront has multiple edge locations around the world to reduce latency.
D - Amazon Comprehend allows users to build applications that can respond to user requests in many languages
E - Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world, which reduces latency
Companies can deploy applications in multiple AWS Regions to reduce latency & Amazon CloudFront has multiple edge locations around the world to reduce latency.
The use of Regions around the world will improve an application’s global performance and reduce latency for users. CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to global customers with low latency and high transfer speeds.
Which credential components are required to gain programmatic access to an AWS account? (Select TWO.)
A - An access key ID
B - A primary key
C - A secret access key
D - A user ID
E - A secondary key
An access key ID & A secret access key
Programmatic access requires an access key ID and a secret access key that can be assigned to an AWS user.
A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3. Which AWS service can meet these requirements?
A - Amazon Inspector
B - Amazon Macie
C - Amazon GuardDuty
D - AWS Secrets Manager
Amazon Macie
Macie is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
What is cloud computing?
A - Backing up files that are stored on desktop and mobile devices to prevent data loss
B - Deploying applications connected to on-premises infrastructure
C - Running code without needing to manage or provision servers
D - On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing
What is another name for on-premises deployment?
A - Private cloud deployment
B - Cloud-based application
C - Hybrid deployment
D - AWS Cloud
Private cloud deployment
How does the scale of cloud computing help you to save costs?
A - You do not have to invest in technology resources before using them.
B - The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
C - Accessing services on-demand helps to prevent excess or limited capacity.
D - You can quickly deploy applications to customers and provide them with low latency.
The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
Which Amazon EC2 instance type is suitable for data warehousing applications?
A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized
Storage optimized
Which Amazon EC2 instance type balances compute, memory, and networking resources?
A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized
General purpose
Which Amazon EC2 instance type is ideal for high-performance databases?
A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized
Memory optimized
Which Amazon EC2 instance type offers high-performance processors?
A - Memory optimized
B - Storage optimized
C - General purpose
D - Compute optimized
Compute optimized
Which Amazon EC2 pricing option provides a discount when you specify a number of EC2 instances to run a specific OS, instance family and size, and tenancy in one Region?
A - Convertible Reserved Instances
B - EC2 Instance Savings Plans
C - Spot Instances
D - Standard Reserved Instances
**Standard Reserved Instances ** require you to specify:
- instance family and size
- platform description
- tenancy
- Region
Your specified amount of EC2 instances are covered over a 1-year or 3-year term.
Which Amazon EC2 pricing option provides a discount when you make an hourly spend commitment to an instance family and Region for a 1-year or 3-year term?
A - On-Demand
B - EC2 Instance Savings Plans
C - Spot Instances
D - Reserved Instances
EC2 Instance Savings Plans
EC2 Instance Savings Plans reduce your EC2 instance costs when you make an hourly spend commitment to an instance family and Region for a 1-year or 3-year term.
Which AWS service is the best choice for publishing messages to subscribers?
A - Amazon Simple Queue Service (Amazon SQS)
B - Amazon EC2 Auto Scaling
C - Amazon Simple Notification Service (Amazon SNS)
D - Elastic Load Balancing (ELB)
Amazon Simple Notification Service (Amazon SNS).
Amazon SNS is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.
You want to use an Amazon EC2 instance for a batch processing workload. What would be the best Amazon EC2 instance type to use?
A - General purpose
B - Memory optimized
C - Compute optimized
D - Storage optimized
Compute optimized
What are the contract length options for Amazon EC2 Reserved Instances? (Select TWO.)
A - 1 year
B - 2 year
C - 3 year
D - 4 year
E - 5 year
1 year & 3 years
Reserved Instances require a commitment of either 1 year or 3 years. The 3-year option offers a larger discount.
You have a workload that will run for a total of 6 months and can withstand interruptions. What would be the most cost-efficient Amazon EC2 purchasing option?
A - Reserved Instance
B - Spot Instances
C - Dedicated Instances
D - On-Demand Instances
Spot Instance
Which process is an example of Elastic Load Balancing?
A - Ensuring that no single Amazon EC2 instance has to carry the full workload on its own
B - Removing unneeded Amazon EC2 instances when demand is low
C - Adding a second Amazon EC2 instance during an online store’s popular sale
D - Automatically adjusting the number of Amazon EC2 instances to meet demand
Ensuring that no single Amazon EC2 instance has to carry the full workload on its own.
Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.
You want to deploy and manage containerized applications. Which service should you use?
A - AWS Lambda
B - Amazon Simple Notification Service (Amazon SNS)
C - Amazon Simple Queue Service (Amazon SQS)
D - Amazon Elastic Kubernetes Service (Amazon EKS)
Amazon Elastic Kubernetes Service (Amazon EKS).
Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.
Which statement best describes an Availability Zone?
A - A geographical area that contains AWS resources
B - A single data center or group of data centers within a Region
C - A data center that an AWS service uses to perform service-specific operations
D - A service that you can use to run AWS infrastructure within your own on-premises data center in a hybrid approach
A single data center or group of data centers within a Region.
Which statement is TRUE for the AWS global infrastructure?
A - A Region consists of a single Availability Zone.
B - An Availability Zone consists of two or more Regions.
C - A Region consists of three or more Availability Zones.
D - An Availability Zone consists of a single Region.
A Region consists of three or more Availability Zones.
For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.
Which factors should be considered when selecting a Region? (Select TWO.)
A - Compliance with data governance and legal requirements
B - Proximity to your customers
C - Access to 24/7 technical support
D - Ability to assign custom permissions to different users
E - Access to the AWS Command Line Interface (AWS CLI)
Compliance with data governance and legal requirements & Proximity to your customers
Two other factors to consider when selecting a Region are pricing and the services that are available in a Region.
Which statement best describes Amazon CloudFront?
A - A service that enables you to run infrastructure in a hybrid cloud approach
B - A serverless compute engine for containers
C - A service that enables you to send and receive messages between software components through a queue
D - A global content delivery service
A global content delivery service.
Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.
Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location?
A - Region
B - Availability Zone
C - Edge Location
D - Origin
Edge location.
Which action can you perform with AWS Outposts?
A - Automate actions for AWS services and applications through scripts.
B - Access wizards and automated workflows to perform tasks in AWS services.
C - Develop AWS applications in supported programming languages.
D - Extend AWS infrastructure and services to different locations including your on-premises data center.
Extend AWS infrastructure and services to different locations, including your on-premises data center.
Which statement best describes an AWS account’s default network access control list?
A - It is stateless and denies all inbound and outbound traffic.
B - It is stateful and allows all inbound and outbound traffic.
C - It is stateless and allows all inbound and outbound traffic.
D - It is stateful and denies all inbound and outbound traffic.
It is stateless and allows all inbound and outbound traffic.
Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.
Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.
By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.
Which statement best describes DNS resolution?
A - Launching resources in a virtual network that you define
B - Storing local copies of content at edge locations around the world
C - Connecting a VPC to the internet
D - Translating a domain name to an IP address
Translating a domain name to an IP address.
For example, if you want to visit AnyCompany’s website, you enter the domain name into your PC and this request is sent to a DNS server. Next, the DNS server asks the web server for the IP address that corresponds to AnyCompany’s website. The web server responds by providing the IP address for AnyCompany’s website, 192.0.2.0.
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?
A - Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.
B - Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
C - Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
D - Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.
A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.
Public subnets contain resources that need to be accessible by the public, such as an online store’s website.
Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.
Which component can be used to establish a private dedicated connection between your company’s data center and AWS?
A - Private subnet
B - DNS
C - AWS Direct Connect
D - Virtual Private Gateway
AWS Direct Connect
Which statement best describes security groups?
A - They are stateful and deny all inbound traffic by default.
B - They are stateful and allow all inbound traffic by default.
C - They are stateless and deny all inbound traffic by default.
D - They are stateless and allow all inbound traffic by default.
Security groups are stateful and deny all inbound traffic by default.
Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.
By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.
Which component is used to connect a VPC to the internet?
A - Public Subnet
B - Edge Location
C - Security Group
D - Internet Gateway
Internet gateway.
Which service is used to manage the DNS records for domain names?
A - Amazon Virtual Private Cloud
B - AWS Direct Connect
C - Amazon CloudFront
D - Amazon Route53
Amazon Route 53.
Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS.
Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.
Which of the following are characteristics of the Amazon EBS service? (Select TWO.)
A - Best for data that requires retention
B - Best for temporary data that is not kept long term
C - Separate drives from the host computer of an EC2 instance
D - Physically attached to the host computer of an EC2 instance
E - Data is deleted when an EC2 instance is stopped
Best for data that requires retention & Separate drives from the host computer of an EC2 instance
You want to store data that is infrequently accessed but must be immediately available when needed. Which Amazon S3 storage class should you use?
A -S3 Intelligent-Tiering
B -S3 Glacier Deep Archive
C - S3 Standard-IA
D - S3 Glacier Flexible Retrieval
S3 Standard-IA.
The S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but at a lower storage price.
What are the scenarios in which you should use Amazon Relational Database Service (Amazon RDS)? (Select TWO.)
A - Running a serverless database
B - Using SQL to organize data
C - Storing data in a key-value database
D - Scaling up to 10 trillion requests per day
E - Storing data in an Amazon Aurora database
Using SQL to organize data & Storing data in an Amazon Aurora database
The other three response options are scenarios in which you should use Amazon DynamoDB.
Which Amazon S3 storage classes are optimized for archival data? (Select TWO.)
A - Amazon S3 Standard
B - Amazon S3 Glacier Flexible Retrieval
C - Amazon S3 Intelligent-Tiering
D - Amazon S3 Standard-IA
E - Amazon S3 Glacier Deep Archive
Amazon S3 Glacier Flexible Retrieval & Amazon S3 Glacier Deep Archive
Objects stored in the Amazon S3 Glacier Flexible Retrieval storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the Amazon S3 Glacier Deep Archive storage class can be retrieved within 12 hours.
Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems?
A - EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.
B - EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone.
C - EBS volumes and Amazon EFS file systems both store data within a single Availability Zone.
D - EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.
EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.
An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.
You want to store data in an object storage service. Which AWS service is best for this type of storage?
A - Amazon Managed Blockchain
B - Amazon Elastic File System (Amazon EFS)
C - Amazon Elastic Block Store (Amazon EBS)
D - Amazon Simple Storage Service (Amazon S3)
Amazon Simple Storage Service (Amazon S3).
Which statement best describes Amazon DynamoDB?
A - A service that enables you to run relational databases in the AWS Cloud
B - A serverless key-value database service
C - A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores
D - An enterprise-class relational database
A serverless key-value database service.
Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.
Which service is used to query and analyze data across a data warehouse?
A - Amazon Redshift
B - Amazon Neptune
C - Amazon DocumentDB
D - Amazon ElastiCache
Amazon Redshift.
Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.
Which tasks are the responsibilities of customers? (Select TWO.)
A - Maintaining network infrastructure
B - Patching software on Amazon EC2 instances
C - Implementing physical security controls at data centers
D - Setting permissions for Amazon S3 objects
E - Maintaining servers that run Amazon EC2 instances
Patching software on Amazon EC2 instances & Setting permissions for Amazon S3 objects
The other three response options are tasks that are the responsibility of AWS.
You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)
A - IAM users
B - IAM groups
C - An individual member account
D - IAM roles
E - An organizational unit (OU)
An individual member account & An organizational unit (OU)
In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user.
You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user.
Which tasks can you complete in AWS Artifact? (Select TWO.)
A - Access AWS compliance reports on-demand.
B - Consolidate and manage multiple AWS accounts within a central location.
C - Create users to enable people and applications to interact with AWS services and resources.
D - Set permissions for accounts by configuring service control policies (SCPs).
E - Review, accept, and manage agreements with AWS.
Access AWS compliance reports on-demand. & Review, accept, and manage agreements with AWS.
Which statement best describes an IAM policy?
A - An authentication process that provides an extra layer of protection for your AWS account
B - A document that grants or denies permissions to AWS services and resources
C - An identity that you can assume to gain temporary access to permissions
D - The identity that is established when you first create an AWS account
A document that grants or denies permissions to AWS services and resources.
IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.
An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?
A - AWS account root user
B - IAM group
C - IAM role
D - Service control policy (SCP)
IAM role.
An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.
Which statement best describes the principle of least privilege?
A - Adding an IAM user into at least one IAM group
B - Checking a packet’s permissions against an access control list
C - Granting only the permissions that are needed to perform specific tasks
D - Performing a denial of service attack that originates from at least one device
Granting only the permissions that are needed to perform specific job tasks.
When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.
Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?
A - Amazon GuardDuty
B - Amazon Inspector
C - AWS Artifact
D - AWS Shield
AWS Shield.
As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.
Which task can AWS Key Management Service (AWS KMS) perform?
A - Configure multi-factor authentication (MFA).
B - Update the AWS account root user password.
C - Create cryptographic keys.
D - Assign permissions to users and groups.
Create cryptographic keys.
AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.
Which tasks can you perform using AWS CloudTrail? (Select TWO.)
A - Monitor your AWS infrastructure and resources in real time
B - Track user activities and API requests throughout your AWS infrastructure
C - View metrics and graphs to monitor the performance of resources
D - Filter logs to assist with operational analysis and troubleshooting
E - Configure automatic actions and alerts in response to metrics
Track user activities and API requests throughout your AWS infrastructure & Filter logs to assist with operational analysis and troubleshooting
The other response options are tasks that you can perform in Amazon CloudWatch.
Which actions can you perform using Amazon CloudWatch? (Select TWO.)
A - Monitor your resources’ utilization and performance
B - Receive real-time guidance for improving your AWS environment
C - Compare your infrastructure to AWS best practices in five categories
D - Access metrics from a single dashboard
E - Automatically detect unusual account activity
Monitor your resources’ utilization and performance & Access metrics from a single dashboard
Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?
A - Amazon CloudWatch
B - AWS CloudTrail
C - AWS Trusted Advisor
D - Amazon GuardDuty
AWS Trusted Advisor.
AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.
Which categories are included in the AWS Trusted Advisor dashboard? (Select TWO.)
A - Reliability
B - Performance
C - Scalability
D - Elasticity
E - Fault tolerance
Performance & Fault tolerance
AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.
The AWS Free Tier includes offers that are available to new AWS customers for a certain period of time following their AWS sign-up date. What is the duration of this period?
A - 3 months
B - 6 months
C - 9 months
D - 12 months
12 months.
The AWS Free Tier consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.
For 12 months after you first sign up for an AWS account, you can take advantage of offers in the 12 Months Free category. Examples of offers in this category include specific amounts of Amazon S3 Standard Storage, thresholds for monthly hours of Amazon EC2 compute time, and amounts of Amazon CloudFront data transfer out.
Which Support plan includes all AWS Trusted Advisor checks at the lowest cost?
A - Basic
B - Developer
C - Business
D - Enterprise
Business.
Only the Business, Enterprise On-Ramp, and Enterprise Support plans include all AWS Trusted Advisor checks. Of these three Support plans, the Business Support plan has a lower cost.
Which action can you perform with consolidated billing?
A - Review how much cost your predicted AWS usage will incur by the end of the month.
B - Create an estimate for the cost of your use cases on AWS.
C - Combine usage across accounts to receive volume pricing discounts.
D - Visualize and manage your AWS costs and usage over time.
Combine usage across accounts to receive volume pricing discounts.
Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time?
A - AWS Pricing Calculator
B - AWS Budgets
C - AWS Cost Explorer
D - AWS Free Tier
AWS Cost Explorer.
AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.
Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined?
A - Billing dashboard in the AWS Management Console
B - AWS Budgets
C - AWS Free Tier
D - AWS Cost Explorer
AWS Budgets.
In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.
Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.
Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose?
A - Developer
B - Enterprise
C - Basic
D - Business
Enterprise.
A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.
Which service or resource is used to find third-party software that runs on AWS?
A - AWS Marketplace
B - AWS Free Tier
C - AWS Support
D - Billing dashboard in the AWS Management Console
AWS Marketplace.
AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.
Which Perspective of the AWS Cloud Adoption Framework helps you design, implement, and optimize your AWS infrastructure based on your business goals and perspectives?
A - Business Perspective
B - Platform Perspective
C - Operations Perspective
D - People Perspective
Platform Perspective.
The Platform Perspective of the AWS Cloud Adoption Framework also includes principles for implementing new solutions and migrating on-premises workloads to the cloud.
Which migration strategy involves moving to a different product?
A - Refactoring
B - Retiring
C - Replatforming
D - Repurchasing
Repurchasing.
Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.
What is the storage capacity of Snowball Edge Storage Optimized?
A - 40 TB
B - 60 TB
C - 80 TB
D - 100 TB
80 TB.
Snowball Edge Storage Optimized is a device that enables you to transfer large amounts of data into and out of AWS. It provides 80 TB of usable HDD storage.
Which service helps you to quickly build, train, and deploy machine learning models?
A - Amazon Textract
B - Amazon Lex
C - AWS DeepRacer
D - Amazon SageMaker
Amazon SageMaker.
With Amazon SageMaker, you can quickly and easily begin working on machine learning projects. You do not need to follow the traditional process of manually bringing together separate tools and workflows.
Which Perspective of the AWS Cloud Adoption Framework helps you structure the selection and implementation of permissions?
A - Governance Perspective
B - Security Perspective
C - Operations Perspective
D - Business Perspective
Security Perspective.
The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas on non-compliance and plan ongoing security initiatives.
Which strategies are included in the six strategies for application migration? (Select TWO.)
A - Revisiting
B - Retaining
C - Remembering
D - Redeveloping
E - Rehosting
Retaining & Rehosting
The application migration strategies are rehosting, replatforming, refactoring/re-architecting, repurchasing, retaining, and retiring.
What is the storage capacity of AWS Snowmobile?
A - 40 PB
B - 60 PB
C - 80 PB
D - 100 PB
100 PB.
AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi trailer truck.
Which statement best describes Amazon Lex?
A - A service that enables you to build conversational interfaces using voice and text
B - A machine learning service that automatically extracts text and data from scanned documents
C - A document database service that supports MongoDB workloads
D - A service that enables you to identify potentially fraudulent online activities
Amazon Lex.
In Amazon Lex, you can quickly build, test, and deploy conversational chatbots to use in your applications.
Which pillar of the AWS Well-Architected Framework focuses on the ability of a workload to consistently and correctly perform its intended functions?
A - Operational Excellence
B - Performance Efficiency
C - Security
D - Reliability
Reliability.
Which process is an example of benefiting from massive economies of scale?
A - Deploying an application in multiple Regions around the world
B - Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services
C - Paying for compute time as you use it instead of investing upfront costs in data centers
D - Scaling your infrastructure capacity in and out to meet demand
Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services.
Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale. The economies of scale translate into lower pay-as-you-go prices.
Which pillar of the AWS Well-Architected Framework includes the ability to run workloads effectively and gain insights into their operations?
A - Cost Optimization
B - Operational Excellence
C - Performance Efficiency
D - Reliability
Operational Excellence.
What are the benefits of cloud computing? (Select TWO.)
A - Increase speed and agility.
B - Benefit from smaller economies of scale.
C - Trade variable expense for upfront expense.
D - Maintain infrastructure capacity.
E - Stop spending money running and maintaining data centers.
Increase speed and agility. & Stop spending money running and maintaining data centers.
The six advantages of cloud computing are:
- Trade upfront expense for variable expense.
- Benefit from massive economies of scale.
- Stop guessing capacity.
- Increase speed and agility.
- Stop spending money running and maintaining data centers.
- Go global in minutes.
Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features?
A - Rehosting
B - Replatforming
C - Refactoring
D - Repurchasing
Refactoring.
Which service provides the capability to quickly deploy and scale applications on AWS?
A - AWS Outposts
B - AWS Elastic Beanstalk
C - Amazon CloudFront
D - AWS Snowball
AWS Elastic Beanstalk.
Businesses upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.
Which virtual private cloud (VPC) component controls inbound and outbound traffic for Amazon EC2 instances?
A - Security group
B - Subnet
C - Network access control list
D - Internet gateway
Security group.
A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied.
Which statement best describes an Availability Zone?
A - A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location
B - A separate geographical location with multiple locations that are isolated from each other
C - The server from which Amazon CloudFront gets files
D - A fully isolated portion of the AWS global infrastructure
A fully isolated portion of the AWS global infrastructure.
An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.
A cloud engineer wants to store data in a volume that is attached to an Amazon EC2 instance. Which service should they use?
A - AWS Lambda
B - Amazon Elastic Block Store (Amazon EBS)
C - Amazon ElastiCache
D - Amazon Simple Storage Service (Amazon S3)
Amazon Elastic Block Store (Amazon EBS).
Amazon EBS provides block-level storage volumes for Amazon EC2 instances. If a person stops or terminates an Amazon EC2 instance, all the data on the attached EBS volume remains available.
Which service runs containerized applications on AWS?
A - Amazon Aurora
B - Amazon Elastic Kubernetes Service (Amazon EKS)
C - Amazon Redshift
D - Amazon SageMaker
Amazon Elastic Kubernetes Service (Amazon EKS).
Amazon EKS is a fully managed service that runs Kubernetes on AWS. Kubernetes is open-source software that deploys and manages containerized applications at scale.
Containers provide a standard way to package an application’s code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.
Which AWS Trusted Advisor category includes checks for high-utilization EC2 instances?
A - Performance
B - Fault Tolerance
C - Cost Optimization
D - Security
Performance.
In this category, AWS Trusted Advisor also helps improve the performance of services by providing recommendations for how to take advantage of provisioned throughput.
Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements?
A - Security
B - Reliability
C - Operational Excellence
D - Performance Efficiency
Performance Efficiency.
The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
Which actions can a person perform in Amazon Route 53? (Select TWO.)
A - Connect user requests to infrastructure in AWS and outside of AWS.
B - Access AWS security and compliance reports and select online agreements.
C - Monitor applications and respond to system-wide performance changes.
D - Automate the deployment of workloads into an AWS environment.
E - Manage DNS records for domain names.
Connect user requests to infrastructure in AWS and outside of AWS. & Manage DNS records for domain names
Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS.
Additionally, businesses can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.
Which statement best describes AWS Marketplace?
A - A resource that can answer questions about best practices and assist with troubleshooting issues
B - A resource that provides guidance, architectural reviews, and ongoing communication with companies as they plan, deploy, and optimize their applications
C - An online tool that inspects an AWS environment and provides real-time guidance in accordance with AWS best practices
D - A digital catalog that includes thousands of software listings from independent software vendors
A digital catalog that includes thousands of listings from independent software vendors.
Businesses can use AWS Marketplace to find, test, and buy software that runs on AWS.
Which statement is TRUE for AWS Lambda?
A - Businesses pay only for compute time while their code is running.
B - The first step in using AWS Lambda is provisioning a server.
C - To use AWS Lambda, businesses must configure the servers that run their code.
D - Before using AWS Lambda, a business must prepay for their estimated compute time.
Businesses pay only for compute time while their code is running.
AWS Lambda is a service that runs code without needing to provision or manage servers.
A cloud engineer is running an Amazon EC2 instance and wants to store data in an attached resource. Their data is temporary and will not be kept long term. Which resource should they use?
A - Amazon Elastic Block Store (Amazon EBS) volume
B - Instance store
C - Amazon S3 bucket
D - Subnet
Instance store.
Instance stores are ideal for temporary data that does not need to be kept long term.
When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.
Which statement best describes Elastic Load Balancing?
A - A service that provides the capability to create, manage, and scale a distributed in-memory or cache environment in the cloud
B - A service that monitors applications and automatically adds or removes capacity from resource groups in response to changing demand
C - A service that provides data for monitoring applications, optimize resource utilization, and respond to system-wide performance changes
D - A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances
A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances.
A load balancer acts as a single point of contact for all incoming web traffic to an Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.
Which tool provides automation actions for AWS services and applications through scripts?
A - AWS Snowball
B - AWS Command Line Interface
C - Amazon QLDB
D - Amazon Redshift
AWS Command Line Interface.
The AWS Command Line Interface (AWS CLI) provides the capability to control multiple AWS services directly from the command line within one tool. For example, a person can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.
Which service consolidates and manages multiple AWS accounts from a central location?
A - AWS Artifact
B - AWS Organizations
C - AWS Key Management Service (AWS KMS)
D - AWS Identity and Access Management (IAM)
AWS Organizations.
In AWS Organizations, businesses centrally control permissions for their accounts by using service control policies (SCPs). Additionally, businesses can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.
Which Amazon EC2 pricing option reduces costs when a business makes an hourly spend commitment to an instance family and Region for a 1-year or 3-year term?
A - Spot Instances
B - Dedicated Hosts
C - EC2 Instance Savings Plans
D - Reserved Instances
EC2 Instance Savings Plans.
EC2 Instance Savings Plans reduces compute costs by committing to a consistent hourly spend for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any EC2 usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any EC2 usage beyond the commitment is charged at regular On-Demand Instance rates.
Which service provides review details for user activities and API calls that have occurred within an AWS environment?
A - Amazon Inspector
B - AWS Trusted Advisor
C - Amazon CloudWatch
D - AWS CloudTrail
AWS CloudTrail.
With CloudTrail, a person can view a complete history of user activity and API calls for their applications and resources.
Events are typically updated in CloudTrail within 15 minutes after an API call was made. A person can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.
An application developer wants to store data in a key-value database. Which service should they use?
A - Amazon DynamoDB
B - Amazon Aurora
C - Amazon RDS
D - Amazon DocumentDB
Amazon DynamoDB.
Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”.
In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.
An application developer wants to send and receive messages between distributed application components. Which service should they use?
A - Amazon Simple Queue Service (Amazon SQS)
B - Amazon Route 53
C - AWS Snowball
D - Amazon ElastiCache
Amazon Simple Queue Service (Amazon SQS).
Amazon SQS is a message queuing service. Using Amazon SQS, an application developer can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.
In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.
Which statement best describes Amazon GuardDuty?
A - A service that monitors network requests for web applications
B - A service that helps protect applications against distributed denial-of-service (DDoS) attacks
C - A service that provides intelligent threat detection for AWS infrastructure and resources
D - A service that checks applications for security vulnerabilities and deviations from security best practices
A service that provides intelligent threat detection for your AWS infrastructure and resources.
AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within an AWS environment.
A cloud architect wants Amazon S3 to monitor object access patterns. Which storage class should they use?
A - Amazon S3 Intelligent-Tiering
B - Amazon S3 Glacier Flexible Retrieval
C - Amazon S3 Standard-IA
D - Amazon S3 One Zone-IA
Amazon S3 Intelligent-Tiering.
In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors object access patterns. If an object has not been accessed for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.
Which service is used to transfer up to 100 PB of data to AWS?
A - AWS DeepRacer
B - Amazon Neptune
C - AWS Snowmobile
D - Amazon CloudFront
AWS Snowmobile.
AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck.
Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of business stakeholders?
A - Operations Perspective
B - Governance Perspective
C - People Perspective
D - Business Perspective
Operations Perspective.
The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.
Which tool provides the capability to visualize, understand, and manage AWS costs and usage over time?
A - AWS Pricing Calculator
B - AWS Budgets
C - AWS Artifact
D - AWS Cost Explorer
AWS Cost Explorer.
With AWS Cost Explorer, businesses can quickly create custom reports to analyze their AWS cost and usage data.
Which action can a person perform in Amazon CloudFront?
A - Deliver content to customers through a global network of edge locations.
B - Run infrastructure in a hybrid cloud approach.
C - Provision an isolated section of the AWS Cloud to launch resources in a virtual network that a person defines.
D - Provision resources by using programming languages or a text file.
Deliver content to customers through a global network of edge locations.
Amazon CloudFront is a content delivery service.
It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.
Which tasks are the responsibilities of AWS? (Select TWO.)
A - Creating IAM users and groups
B - Maintaining virtualization infrastructure
C - Configuring security groups on Amazon EC2 instances
D - Configuring AWS infrastructure devices
E - Training company employees on how to use AWS services
**Maintaining virtualization infrastructure & Configuring AWS infrastructure devices **
The other three response options are tasks that are the responsibilities of customers.
Which component or service establishes a dedicated private connection between an on-premises data center and virtual private cloud (VPC)?
A - AWS Direct Connect
B - Amazon CloudFront
C - Virtual private gateway
D - Internet gateway
AWS Direct Connect.
AWS Direct Connect is a service that establishes a dedicated private connection between an on-premises data center and VPC.
The private connection that AWS Direct Connect provides helps reduce network costs and increase the amount of bandwidth that can travel through a network.
In the S3 Intelligent-Tiering storage class, Amazon S3 moves objects between a frequent access tier and an infrequent access tier. Which storage classes are used for these tiers? (Select TWO.)
A - S3 Glacier Flexible Retrieval
B - S3 Glacier Deep Archive
C - S3 Standard-IA
D - S3 Standard
E - S3 One Zone-IA
**S3 Standard & S3 Standard-IA **
In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects access patterns. If an object has not accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.
Which service builds the workflows that are required for human review of machine learning predictions?
A - Amazon Augmented AI
B - Amazon Aurora
C - Amazon Textract
D - Amazon Lex
Amazon Augmented AI.
Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, a person can also create their own workflows for machine learning models built on Amazon SageMaker or any other tools.
Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.)
A - Business
B - Enterprise
C - AWS Free Tier
D - Basic
E - Developer
Enterprise & Business
