CLF-C02 Questions Flashcards

1
Q

A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?

A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days

A

C. The transfer of data from the Snowball Edge appliance into Amazon S3

Data transfer IN to Amazon S3 is $0.00 per GB (except for small files as explained below).
Data transfer OUT of Amazon S3 is priced by region. See data transfer OUT pricing by region in the table below.
https://aws.amazon.com/snowball/pricing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?

A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty

A

B. Amazon Inspector

AWS Inspector automatically assess vulnerability and unintended network exposure. It assess based on known vulnerabilities and then notify to AWS resources owner for remediate.
https://aws.amazon.com/inspector/features/?nc=sn&loc=2&refid=3da0c7fb-0599-4e9f-a78c-2df84cba096e

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?

A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

A

B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.

AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.
https://aws.amazon.com/storagegateway/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

A. Hard code an IAM user’s secret key and access key directly in the application, and upload the file.
B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.
C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
D. Modify the S3 bucket policy so that any service can upload to it at any time.

A

C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

A. Physical security of DynamoDB
B. Patching of DynamoDB
C. Access to DynamoDB tables
D. Encryption of data at rest in DynamoDB

A

C. Access to DynamoDB tables

Under the AWS Shared Responsibility Model, the responsibility for certain aspects of a service is divided between AWS and the customer. Regarding Amazon DynamoDB:

The customer is responsible for:

C. Access to DynamoDB tables

This means that the customer is responsible for managing and controlling access to their DynamoDB tables, including setting up appropriate IAM (Identity and Access Management) permissions and policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

A. Sustainability
B. Performance efficiency
C. Governance
D. Reliability

A

C. Governance

The AWS Cloud Adoption Framework perspectives are -
- Business
- People
- Governance
- Platform
- Security
- Operations

https://aws.amazon.com/cloud-adoption-framework/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance.
Which AWS service meets these requirements?

A. AWS Lambda
B. Amazon RDS
C. AWS Fargate
D. Amazon Athena

A

C. AWS Fargate

AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances.
https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-fargate.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company wants to run a NoSQL database on Amazon EC2 instances.
Which task is the responsibility of AWS in this scenario?

A. Update the guest operating system of the EC2 instances.
B. Maintain high availability at the database layer.
C. Patch the physical infrastructure that hosts the EC2 instances.
D. Configure the security group firewall.

A

C. Patch the physical infrastructure that hosts the EC2 instances.

Responsibility of AWS: AWS manages the physical infrastructure, including patching and updates at the hardware level. Customers do not have direct control over the physical infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)

A. AWS Cost Explorer
B. AWS Billing Conductor
C. Amazon CodeGuru
D. Amazon SageMaker
E. AWS Compute Optimizer

A

A. AWS Cost Explorer

AWS Cost Explorer provides cost and usage reports, allowing you to analyze your historical costs and usage patterns. While it doesn’t directly identify rightsizing opportunities, it can help you understand your current spending and identify areas where rightsizing might be beneficial.

E. AWS Compute Optimizer

AWS Compute Optimizer is a service that recommends optimal AWS resources for your workloads. It analyzes the historical utilization of your Amazon EC2 instances and provides recommendations for rightsizing, which involves changing the instance type to a better fit based on the workload’s requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

A. Providing high-performance container orchestration
B. Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E. Implementing enforced tagging across AWS resources

A

C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment

C & D are correct.

Benefits of Trusted Advisor:
* Cost optimization - Trusted Advisor can help you save cost with actionable recommendations by analyzing usage, configuration and spend.
* Performance - Trusted Advisor can help improve the performance of your services with actionable recommendations by analyzing usage and configuration.
* Security - Trusted Advisor can help improve the security of your AWS environment by suggesting foundational security best practices curated by security experts.
* Fault tolerance - Trusted Advisor can help improve the reliability of your services.
* Service quotas - Service quotas are the maximum number of resources that you can create in an AWS account.

Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?

A. Elimination of expenses for running and maintaining data centers
B. Price discounts that are identical to discounts from hardware providers
C. Distribution of all operational controls to AWS
D. Elimination of operational expenses

A

A. Elimination of expenses for running and maintaining data centers.

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.
Which AWS service will meet this requirement?

A. AWS Resource Explorer
B. AWS Service Catalog
C. AWS Organizations
D. AWS Systems Manager

A

B. AWS Service Catalog

  • AWS Resource Explorer: Search for and discover relevant resources across AWS
  • AWS Service Catalog: Create, share, organize, and govern your curated IaC templates
  • AWS Organizations: An account management service that lets you consolidate multiple AWS accounts into an organization and centrally manage.
  • AWS Systems Manager: Manage your resources on AWS and in multicloud and hybrid environments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?

A. AWS Organizations
B. AWS Pricing Calculator
C. AWS Cost Explorer
D. AWS Service Catalog

A

C. AWS Cost Explorer: Visualizes, understands, and manages AWS spending and usage over time. Provides detailed insights, historical data, and forecasting.

A. AWS Organizations: Manages multiple AWS accounts in an organization, aiding in billing and cost allocation. Not focused on detailed spending visualization.

B. AWS Pricing Calculator: Estimates AWS service costs based on configurations. Lacks detailed historical spending and usage insights.

C. AWS Cost Explorer: Visualizes, understands, and manages AWS spending and usage over time. Provides detailed insights, historical data, and forecasting.

D. AWS Service Catalog: Manages approved IT service catalogs but doesn’t focus on detailed cost visualization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.
Which combination of AWS services should the company use to meet these requirements? (Choose two.)

A. AWS Glue
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Redshift
D. Amazon QuickSight
E. Amazon Quantum Ledger Database (Amazon QLDB)

A

A. AWS Glue
D. Amazon QuickSight

AWS Glue is a serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development.
https://aws.amazon.com/glue/

Amazon QuickSight powers data-driven organizations with unified business intelligence (BI) at hyperscale. With QuickSight, all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics, and natural language queries.
https://aws.amazon.com/quicksight/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with AWS internal best practices.
Which AWS service or resource will meet these requirements?

A. AWS Support
B. AWS Professional Services
C. AWS Launch Wizard
D. AWS Managed Services (AMS)

A

B. AWS Professional Services

The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.
https://aws.amazon.com/professional-services/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.
Which EC2 purchasing option will meet these requirements MOST cost-effectively?

A. Reserved Instances
B. Dedicated Hosts
C. Spot Instances
D. On-Demand Instances

A

D. On-Demand Instances

“On-Demand Instances are recommended for:
* Users that prefer the low cost and flexibility of EC2 without any upfront payment or long-term commitment
* Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted
* Applications being developed or tested on EC2 for the first time”

Reference: https://aws.amazon.com/ec2/pricing/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A developer wants to deploy an application quickly on AWS without manually creating the required resources.
Which AWS service will meet these requirements?

A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS CodeBuild
D. Amazon Personalize

A

B. AWS Elastic Beanstalk

With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.
Which S3 feature should the company use to meet these requirements?

A. S3 Lifecycle rules
B. S3 Versioning
C. S3 bucket policies
D. S3 server-side encryption

A

B. S3 Versioning

Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.
Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, Amazon S3 inserts a delete marker instead of removing the object permanently.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which AWS service provides the ability to manage infrastructure as code?

A. AWS CodePipeline
B. AWS CodeDeploy
C. AWS Direct Connect
D. AWS CloudFormation

A

D. AWS CloudFormation

The Correct answer is D.

AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.
https://aws.amazon.com/cloudformation/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without any disruption.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Spot Fleet

A

B. Reserved Instances

Reserved Instances (RIs) provide a significant discount (compared to On-Demand Instances) in exchange for a commitment of one or three years. They are suitable for consistent, predictable workloads. RIs offer cost-effectiveness while ensuring the EC2 instances are online and available without disruptions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which AWS service or feature allows a user to establish a dedicated network connection between a company’s on-premises data center and the AWS Cloud?

A. AWS Direct Connect
B. VPC peering
C. AWS VPN
D. Amazon Route 53

A

A. AWS Direct Connect

Create a dedicated network connection to AWS.
The AWS Direct Connect cloud service is the shortest path to your AWS resources. While in transit, your network traffic remains on the AWS global network and never touches the public internet.
https://aws.amazon.com/directconnect/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which option is a physical location of the AWS global infrastructure?

A. AWS DataSync
B. AWS Region
C. Amazon Connect
D. AWS Organizations

A

B. AWS Region

AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of a minimum of three, isolated, and physically separate AZs within a geographic area.
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?

A. Reliability
B. Security
C. Operational excellence
D. Performance efficiency

A

B. Security

Security: Focuses on protecting information, systems, and assets. It involves implementing best practices for identity and access management, data protection, and risk assessment and mitigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the purpose of having an internet gateway within a VPC?

A. To create a VPN connection to the VPC
B. To allow communication between the VPC and the internet
C. To impose bandwidth constraints on internet traffic
D. To load balance traffic from the internet across Amazon EC2 instances

A

B. To allow communication between the VPC and the internet

“An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.”

Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.
Which best practice of the AWS Well-Architected Framework is the company following with this plan?

A. Integrate functional testing as part of AWS deployment.
B. Use automation to deploy changes.
C. Deploy the application to multiple locations.
D. Implement loosely coupled dependencies.

A

D. Implement loosely coupled dependencies.

Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate behavior of a component from other components that depend on it, increasing resiliency and agility.
https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_prevent_interaction_failure_loosely_coupled_system.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes.
Which AWS service or tool will meet this requirement?

A. IAM Access Analyzer
B. AWS Artifact
C. IAM credential report
D. AWS Audit Manager

A

C. IAM credential report

You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key updates.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A company wants to receive a notification when a specific AWS cost threshold is reached.
Which AWS services or tools can the company use to meet this requirement? (Choose two.)

A. Amazon Simple Queue Service (Amazon SQS)
B. AWS Budgets
C. Cost Explorer
D. Amazon CloudWatch
E. AWS Cost and Usage Report

A

B. AWS Budgets
D. Amazon CloudWatch

B. AWS Budgets: AWS Budgets is a service that allows you to set custom cost and usage budgets for your AWS resources. You can configure a budget with a specific threshold and define actions, such as sending notifications, when that threshold is reached.

D. Amazon CloudWatch: Amazon CloudWatch is a monitoring service that can be used to collect and track metrics, logs, and events from various AWS resources. It supports setting up alarms based on cost metrics, so you can create an alarm for a specific cost threshold and configure it to send notifications when the threshold is breached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which AWS service or resource provides answers to the most frequently asked security-related questions that AWS receives from its users?

A. AWS Artifact
B. Amazon Connect
C. AWS Chatbot
D. AWS Knowledge Center

A

D. AWS Knowledge Center

The AWS Knowledge Center helps answer the questions most frequently asked by AWS Support customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)

A. Configure the AWS provided security group firewall.
B. Classify company assets in the AWS Cloud.
C. Determine which Availability Zones to use for Amazon S3 buckets.
D. Patch or upgrade Amazon DynamoDB.
E. Select Amazon EC2 instances to run AWS Lambda on.

A

A. Configure the AWS provided security group firewall.
B. Classify company assets in the AWS Cloud.

A. Configure the AWS provided security group firewall: Customers are responsible for configuring and managing security group firewalls to control inbound and outbound traffic to their AWS resources.

B. Classify company assets in the AWS Cloud: Asset classification is typically a customer responsibility as part of their data governance and security practices.

The other options are not accurate in the context of customer responsibilities:

C. Determine which Availability Zones to use for Amazon S3 buckets: This is more of a design decision and falls under the AWS management responsibilities.

D. Patch or upgrade Amazon DynamoDB: Patching or upgrading services like Amazon DynamoDB is managed by AWS. Customers are not responsible for patching or upgrading the underlying infrastructure or services provided by AWS.

E. Select Amazon EC2 instances to run AWS Lambda on: The selection of underlying infrastructure for serverless services like AWS Lambda is managed by AWS. Customers focus on writing and deploying functions without managing the underlying instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

A. Availability
B. Reliability
C. Scalability
D. Responsive design
E. Operational excellence

A

B. Reliability
E. Operational excellence

There are 6 pillars -
1. Operational excellence
2. Security
3. Reliability
4. Performance efficiency
5. Cost optimization
6. Sustainability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which AWS service or feature is used to send both text and email messages from distributed applications?

A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)

A

A. Amazon Simple Notification Service (Amazon SNS)

Amazon Simple Notification Service (Amazon SNS) sends notifications two ways, A2A and A2P. A2A provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. These applications include Amazon Simple Queue Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, and other HTTPS endpoints. A2P functionality lets you send messages to your customers with SMS texts, push notifications, and email.
https://aws.amazon.com/sns/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.
Which option will provide the user with the appropriate access?

A. Amazon Inspector
B. Access keys
C. SSH public keys
D. AWS Key Management Service (AWS KMS) keys

A

B. Access keys

“Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).”
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.
Which pricing model enables the company to optimize costs and meet these requirements?

A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Instances

A

B. Spot Instances

Spot Instances: Allow users to bid for unused EC2 capacity, potentially providing cost savings. They are suitable for workloads that are fault-tolerant and can handle interruptions. Spot Instances are a good fit for the described scenario of thousands of simultaneous simulations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What does the concept of agility mean in AWS Cloud computing? (Choose two.)

A. The speed at which AWS resources are implemented
B. The speed at which AWS creates new AWS Regions
C. The ability to experiment quickly
D. The elimination of wasted capacity
E. The low cost of entry into cloud computing

A

A. The speed at which AWS resources are implemented: Agility in AWS refers to the ability to quickly provision and implement resources, allowing users to adapt to changing requirements and scale resources as needed.

C. The ability to experiment quickly: Agility involves the capability to experiment rapidly, enabling users to innovate, test ideas, and iterate quickly in the cloud environment.

The other options are described as follows:

B. The speed at which AWS creates new AWS Regions: The creation of new AWS Regions is not typically within the control of individual AWS customers. AWS decides when and where to create new regions based on business considerations.

D. The elimination of wasted capacity: While efficiency and cost optimization are important aspects of cloud computing, the elimination of wasted capacity is not a direct aspect of the concept of agility.

E. The low cost of entry into cloud computing: While cost considerations are important, the low cost of entry is not a defining aspect of agility. Agility focuses more on speed, flexibility, and the ability to respond quickly to changing demands.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

A company needs to block SQL injection attacks.
Which AWS service or feature can meet this requirement?

A. AWS WAF
B. AWS Shield
C. Network ACLs
D. Security groups

A

A. AWS WAF

A. AWS WAF (Web Application Firewall): A web application firewall that allows users to create custom rules to filter and monitor HTTP or HTTPS requests to a web application. It helps protect against common web exploits, including SQL injection attacks, by allowing the blocking or rate-limiting of malicious requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

A. AWS Service Catalog
B. AWS Systems Manager
C. AWS IAM Access Analyzer
D. AWS Organizations

A

C. AWS IAM Access Analyzer

IAM Access Analyzer helps identify resources in your organization and accounts that are shared with an external entity.
https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud.
How can these reports be generated?

A. Contact the AWS Compliance team.
B. Download the reports from AWS Artifact.
C. Open a case with AWS Support.
D. Generate the reports with Amazon Macie.

A

B. Download the reports from AWS Artifact.

AWS Artifact is a portal that provides access to various compliance reports, including certifications, attestations, and other relevant documents. You can download these reports directly from AWS Artifact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which cost is the company’s direct responsibility?

A. Cost of application software licenses
B. Cost of the hardware infrastructure on AWS
C. Cost of power for the AWS servers
D. Cost of physical security for the AWS data center

A

A. Cost of application software licenses

A. Cost of application software licenses: In the AWS Cloud, customers are responsible for the cost of application software licenses. This includes any software licenses required to run applications on AWS services. AWS provides the underlying infrastructure, and customers are responsible for licensing their application software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

A company is setting up AWS Identity and Access Management (IAM) on an AWS account.
Which recommendation complies with IAM security best practices?

A. Use the account root user access keys for administrative tasks.
B. Grant broad permissions so that all company employees can access the resources they need.
C. Turn on multi-factor authentication (MFA) for added security during the login process.
D. Avoid rotating credentials to prevent issues in production applications.

A

C. Turn on multi-factor authentication (MFA) for added security during the login process.

C. Turn on multi-factor authentication (MFA) for added security during the login process: Enabling multi-factor authentication (MFA) is a security best practice. It adds an extra layer of protection by requiring users to provide a second form of authentication in addition to their password. This helps prevent unauthorized access even if credentials are compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Elasticity in the AWS Cloud refers to which of the following? (Choose two.)

A. How quickly an Amazon EC2 instance can be restarted
B. The ability to rightsize resources as demand shifts
C. The maximum amount of RAM an Amazon EC2 instance can use
D. The pay-as-you-go billing model
E. How easily resources can be procured when they are needed

A

B. The ability to rightsize resources as demand shifts
E. How easily resources can be procured when they are needed

B. The ability to rightsize resources as demand shifts: Elasticity involves the ability to dynamically adjust the size of resources (e.g., adding or removing instances) based on changing demand.

E. How easily resources can be procured when they are needed: Elasticity involves the ease with which resources can be provisioned or de-provisioned based on changing demand, providing flexibility and scalability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Which service enables customers to audit API calls in their AWS accounts?

A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon Inspector
D. AWS X-Ray

A

A. AWS CloudTrail

AWS CloudTrail is a service that records all API calls made on your AWS account. It provides a detailed history of events, including who made the call, what actions were performed, and from which IP address the call originated. This audit trail is valuable for security, compliance, troubleshooting, and monitoring purposes, and it helps you maintain visibility into how your AWS resources are being used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model?

A. Managing the code within the Lambda function
B. Confirming that the hardware is working in the data center
C. Patching the operating system
D. Shutting down Lambda functions when they are no longer in use

A

A. Managing the code within the Lambda function

Customers are responsible for developing, deploying, and managing the code and dependencies within the Lambda function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.
Which AWS service should the company use to run these queries in the MOST cost-effective manner?

A. Amazon Redshift
B. Amazon Athena
C. Amazon Kinesis
D. Amazon RDS

A

B. Amazon Athena

Amazon Athena is a serverless query service that allows you to analyze data directly in Amazon S3 using standard SQL queries. You don’t need to set up or manage any infrastructure; you only pay for the queries you run. It is well-suited for ad-hoc and exploratory analysis on data stored in S3 without the need for maintaining a separate database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Which AWS service can be used at no additional cost?

A. Amazon SageMaker
B. AWS Config
C. AWS Organizations
D. Amazon CloudWatch

A

C. AWS Organizations

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations is offered at no additional charge. You are charged only for AWS resources that users and roles in your member accounts use. For example, you are charged the standard fees for Amazon EC2 instances that are used by users or roles in your member accounts.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?

A. Data architecture
B. Event management
C. Cloud fluency
D. Strategic partnership

A

C. Cloud fluency

Cloud fluency belongs to the people perspective within the AWS Cloud Adoption Framework (AWS CAF).

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/people-perspective.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Choose two.)

A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Savings Plans
E. Dedicated Hosts

A

C. Reserved Instances
D. Savings Plans

C. Reserved Instances: Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing in exchange for a one-time upfront payment and/or a lower hourly rate. The more you commit, the greater the discount.

D. Savings Plans: Savings Plans offer flexible pricing and savings on your AWS usage, with discounts of up to 72% compared to On-Demand pricing. With Savings Plans, you commit to a certain amount of usage (measured in dollars per hour) for a one- or three-year term, and receive a lower rate for that usage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.
Which AWS service or resource should the company use to select its Amazon RDS deployment area?

A. Amazon Connect
B. AWS Wavelength
C. AWS Regions
D. AWS Direct Connect

A

C. AWS Regions

AWS Regions are geographical locations where AWS data centers (Availability Zones) are situated. When deploying Amazon RDS, you can choose the AWS Region that is geographically closest to your current location to reduce latency and improve performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned.
Which AWS service or feature can be used to estimate costs before deployment?

A. AWS Free Tier
B. AWS Pricing Calculator
C. AWS Billing and Cost Management
D. AWS Cost and Usage Report

A

AWS Pricing Calculator

The AWS Pricing Calculator is a tool that allows users to estimate the cost of using AWS services based on their projected usage. It provides a detailed breakdown of costs for different services and configurations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner?

A. Deliver the content through Amazon CloudFront.
B. Store the content on Amazon S3 and enable S3 cross-region replication.
C. Implement a VPN across multiple AWS Regions.
D. Deliver the content through AWS PrivateLink.

A

A. Deliver the content through Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of static and dynamic content, including images and videos, to users globally. It helps minimize latency by caching content at edge locations worldwide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which option is a benefit of the economies of scale based on the advantages of cloud computing?

A. The ability to trade variable expense for fixed expense
B. Increased speed and agility
C. Lower variable costs over fixed costs
D. Increased operational costs across data centers

A

C. Lower variable costs over fixed costs

This is a key benefit of economies of scale. With cloud computing, as usage increases, the cost per unit of resources tends to decrease due to the efficiency gained from large-scale operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation?

A. AWS CLI
B. AWS Developer Center
C. AWS Cloud Development Kit (AWS CDK)
D. AWS CodeStar

A

C. AWS Cloud Development Kit (AWS CDK)

AWS CDK is a software development framework that enables developers to define infrastructure as code (IaC) using familiar programming languages like TypeScript, Python, Java, C#, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?

A. Amazon API Gateway
B. IAM users
C. AWS Security Token Service (AWS STS)
D. IAM instance profiles

A

AWS Security Token Service (AWS STS)

AWS STS is the correct choice for providing temporary, limited-privilege credentials. It enables you to request temporary credentials with a specific set of permissions (via roles), which can be used to authenticate with other AWS services. This is commonly used for scenarios where you need to grant temporary access to resources without exposing long-term credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format?

A. AWS Security Hub
B. AWS Trusted Advisor
C. Amazon EventBridge
D. Amazon GuardDuty

A

A. AWS Security Hub

“AWS Security Hub is a cloud security posture management (CSPM) service that performs automated, continuous security best practice checks against your AWS resources to help you identify misconfigurations, and aggregates your security alerts (i.e. findings) in a standardized format so that you can more easily enrich, investigate, and remediate them.”

Reference: https://aws.amazon.com/security-hub/features/?nc=sn&loc=2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Which AWS service is always provided at no charge?

A. Amazon S3
B. AWS Identity and Access Management (IAM)
C. Elastic Load Balancers
D. AWS WAF

A

B. AWS Identity and Access Management (IAM)

“IAM is a feature of your AWS account and is offered at no additional charge.”

Reference: https://aws.amazon.com/iam/getting-started/?nc=sn&loc=3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

To reduce costs, a company is planning to migrate a NoSQL database to AWS.
Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?

A. Amazon Redshift
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon RDS

A

C. Amazon DynamoDB

DynamoDB is a non-relational database which means it is a NONSQL database.

Aurora and RDS are relational, as for Redshift that is for exabytes of data and complex queries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A company is using Amazon DynamoDB.
Which task is the company’s responsibility, according to the AWS shared responsibility model?

A. Patch the operating system.
B. Provision hosts.
C. Manage database access permissions.
D. Secure the operating system.

A

C. Manage database access permissions.

This is the customer’s responsibility. Customers are responsible for defining and managing access permissions to their DynamoDB tables, specifying who can perform various operations on the tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

A company has a test AWS environment. A company is planning on testing an application within AWS. The application testing can be interrupted and does not need to run continuously.
Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively?

A. On-Demand Instances
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances

A

C. Spot Instances

Spot Instances are a good fit for stateless, fault-tolerant workloads that can be interrupted without any impact on the overall job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets?

A. Amazon Macie
B. Amazon Detective
C. Amazon GuardDuty
D. AWS IAM Access Analyzer

A

A. Amazon Macie

Amazon Macie: automatically discover, classify, and protect sensitive data, such as personally identifiable information (PII), in Amazon S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Which of the following services can be used to block network traffic to an instance? (Choose two.)

A. Security groups
B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
C. Network ACLs
D. Amazon CloudWatch
E. AWS CloudTrail

A

A. Security groups
C. Network ACLs

Security groups are stateful firewalls that control inbound and outbound traffic at the instance level. You can configure security groups to allow or deny specific types of network traffic to and from your instances.

Network ACLs (Access Control Lists) are stateless firewalls that control traffic at the subnet level. Network ACLs define rules to allow or deny traffic based on source and destination IP addresses, ports, and protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which AWS service can identify when an Amazon EC2 instance was terminated?

A. AWS Identity and Access Management (IAM)
B. AWS CloudTrail
C. AWS Compute Optimizer
D. Amazon EventBridge

A

B. AWS CloudTrail

AWS CloudTrail is a service that records all API activity in your AWS account, including the termination of EC2 instances. It creates log entries for various events, providing an audit trail of actions taken on resources. By reviewing CloudTrail logs, you can identify when an EC2 instance was terminated, who initiated the termination, and other relevant details about the event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which of the following is a fully managed MySQL-compatible database?

A. Amazon S3
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon Aurora

A

D. Amazon Aurora

Amazon S3: Amazon S3 (Simple Storage Service) is an object storage service and is not a database.

Amazon DynamoDB: A fully managed NoSQL database service, but it is not MySQL-compatible.

Amazon Redshift: A fully managed data warehouse service, not a MySQL-compatible database.

Amazon Aurora: A fully managed relational database engine compatible with MySQL and PostgreSQL. It offers the performance and availability of commercial databases with the simplicity and cost-effectiveness of open-source databases.
upvoted 1 times

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-location environments, or on-premises facilities?

A. AWS Snowmobile
B. AWS Local Zones
C. AWS Outposts
D. AWS Fargate

A

C. AWS Outposts

AWS Outposts enables you to run AWS infrastructure and services on premises while seamlessly connecting to the AWS cloud. This service extends the AWS ecosystem to your on-premises locations, allowing you to take advantage of cloud benefits while addressing the requirements of data residency, low-latency applications, and specific regulatory needs in hybrid environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)?

A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR

A

C. Amazon RDS (Relational Database Service)

Amazon RDS supports various database engines, including PostgreSQL, and offers a managed database service suitable for OLTP workloads. With Amazon RDS for PostgreSQL, you can easily set up, operate, and scale a PostgreSQL database without the administrative overhead of managing the infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections.
Which AWS services can the company use to meet these requirements? (Choose two.)

A. Amazon Connect
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. AWS Site-to-Site VPN
E. Amazon Elastic Container Service (Amazon ECS)

A

B. Amazon AppStream 2.0
C. Amazon WorkSpaces

B. Amazon AppStream 2.0: Amazon AppStream 2.0 is a service that enables you to stream desktop applications to users through web browsers. You can deliver Windows applications securely to remote users without the need to provision and manage full virtual desktops.

C. Amazon WorkSpaces: Amazon WorkSpaces is a fully managed desktop-as-a-service (DaaS) solution that provides Windows desktops to users. You can configure and manage virtual desktops for remote employees using WorkSpaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?

A. AWS Trusted Advisor
B. Amazon CloudWatch
C. Amazon GuardDuty
D. AWS Health Dashboard

A

C. Amazon GuardDuty

Amazon GuardDuty is an AWS service that is designed to monitor and detect potential security threats in your AWS environment. It helps to identify unusual and unauthorized activities, including misconfigured security groups that may be allowing unrestricted access to specific ports. GuardDuty uses machine learning and threat intelligence to analyze data and generate alerts, making it an effective tool for enhancing the security of your AWS infrastructure.

While options like AWS Trusted Advisor and Amazon CloudWatch offer valuable monitoring capabilities, they do not specifically focus on detecting security group misconfigurations. Therefore, in this scenario, Amazon GuardDuty is the most appropriate choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?

A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune

A

A. Amazon DynamoDB

Amazon DynamoDB: A key-value and document database that provides single-digit millisecond latency at any scale. It is a fully managed NoSQL database service designed for applications that require consistent, single-digit millisecond latency, regardless of the volume of requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

A company is deploying a machine learning (ML) research project that will require a lot of compute power over several months. The ML processing jobs do not need to run at specific times.
Which Amazon EC2 instance purchasing option will meet these requirements at the lowest cost?

A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Instances

A

B. Spot Instances

Spot Instances are the most cost-effective option for scenarios where the workload is flexible and can be interrupted. Spot Instances allow you to use spare EC2 capacity at a significantly lower cost than On-Demand Instances. Spot Instances are suitable for workloads like batch processing, data analysis, and machine learning jobs that do not require continuous, uninterrupted operation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)

A. EC2 Reserved Instances
B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
D. AWS Shield
E. Amazon GuardDuty

A

B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots

B. EC2 Amazon Machine Images (AMIs): AMIs are used to create backups of EC2 instances, and they can be used to launch replacement instances in the event of a disaster or data loss. AMIs are essential for creating recovery points for your EC2 instances.

C. Amazon Elastic Block Store (Amazon EBS) snapshots: EBS snapshots allow you to create point-in-time backups of your EBS volumes. These snapshots can be used to restore data or create new EBS volumes, making them a key component of disaster recovery for EC2 instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which AWS service provides command line access to AWS tools and resources directly from a web browser?

A. AWS CloudHSM
B. AWS CloudShell
C. Amazon WorkSpaces
D. AWS Cloud Map

A

B. AWS CloudShell

B. AWS CloudShell: A browser-based shell provided by AWS that enables command-line access to AWS resources directly from the AWS Management Console. Users can use AWS CloudShell to run AWS CLI commands and use various AWS tools without installing any additional software. It provides a convenient and secure way to interact with AWS resources in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time.
Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?

A. VPC endpoints
B. AWS Transit Gateway
C. Amazon Route 53
D. AWS Secrets Manager

A

B. AWS Transit Gateway

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships. Transit Gateway acts as a highly scalable cloud router—each new connection is made only once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks ahead of a new product launch.
Which AWS Support plan offers guidance and support for this kind of event at no additional charge?

A. AWS Business Support
B. AWS Basic Support
C. AWS Developer Support
D. AWS Enterprise Support

A

D. AWS Enterprise Support

AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. For these events, AWS Infrastructure Event Management will help you assess operational readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The program is included in the Enterprise Support plan and is available to Business Support customers for an additional fee.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

A company wants to establish a schedule for rotating database user credentials.
Which AWS service will support this requirement with the LEAST amount of operational overhead?

A. AWS Systems Manager
B. AWS Secrets Manager
C. AWS License Manager
D. AWS Managed Services

A

B. AWS Secrets Manager

AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.

https://aws.amazon.com/secrets-manager/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload?

A. Amazon Route 53
B. Amazon Macie
C. AWS Direct Connect
D. AWS PrivateLink

A

C. AWS Direct Connect

AWS Direct Connect establishes a dedicated private connection between your on-premises infrastructure and AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which AWS service is used to provide encryption for Amazon EBS?

A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config

A

C. AWS KMS

AWS Key Management Service (AWS KMS): A fully managed service that makes it easy for you to create, control, and manage encryption keys used to encrypt your data. It integrates seamlessly with other AWS services, including Amazon EBS, for encryption purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A company wants to manage its AWS Cloud resources through a web interface.
Which AWS service will meet this requirement?

A. AWS Management Console
B. AWS CLI
C. AWS SDK
D. AWS Cloud9

A

A. AWS Management Console

AWS Management Console: A web-based interface that allows users to access and manage their AWS resources using a graphical user interface (GUI). This console provides an easy-to-use platform for various AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

Which of the following are advantages of the AWS Cloud? (Choose two.)

A. Trade variable expenses for capital expenses
B. High economies of scale
C. Launch globally in minutes
D. Focus on managing hardware infrastructure
E. Overprovision to ensure capacity

A

B. High economies of scale
C. Launch globally in minutes

B. High economies of scale: AWS Cloud leverages high economies of scale, allowing customers to benefit from cost savings due to the massive scale of AWS infrastructure. This enables cost-effective solutions for businesses.

C. Launch globally in minutes: One of the advantages of the AWS Cloud is the ability to deploy applications and resources globally in a matter of minutes. This quick global deployment facilitates flexibility and responsiveness to changing business needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?

A. Agility
B. Elasticity
C. Scalability
D. High availability

A

D. High availability

The ability of an architecture to withstand failures with minimal downtime is a characteristic of high availability. High availability ensures that your system remains operational and accessible even in the face of component failures. This is critical for maintaining a reliable and responsive application or service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.
Which AWS service should the developer use to meet these requirements?

A. AWS Ground Station
B. AWS Shield
C. AWS IoT Device Defender
D. AWS CloudFormation

A

D. AWS CloudFormation

A service that allows you to define and provision AWS infrastructure as code in a safe, predictable, and repeatable manner. It enables the developer to create and manage a collection of AWS resources by describing the infrastructure in a template. This helps in maintaining both development and production environments consistently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Which task is the customer’s responsibility, according to the AWS shared responsibility model?

A. Maintain the security of the AWS Cloud.
B. Configure firewalls and networks.
C. Patch the operating system of Amazon RDS instances.
D. Implement physical and environmental controls.

A

B. Configure firewalls and networks.

Configure firewalls and networks: This is a customer responsibility. Customers have control over configuring security groups, network access control lists (ACLs), and other network-related configurations to control traffic to and from their resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which AWS service helps deliver highly available applications with fast failover for multi-Region and Multi-AZ architectures?

A. AWS WAF
B. AWS Global Accelerator
C. AWS Shield
D. AWS Direct Connect

A

B. AWS Global Accelerator

AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your public applications. Global Accelerator provides two global static public IPs that act as a fixed entry point to your application endpoints, such as Application Load Balancers, Network Load Balancers, Amazon Elastic Compute Cloud (EC2) instances, and elastic IPs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

A company has a set of ecommerce applications. The applications need to be able to send messages to each other.
Which AWS service meets this requirement?

A. AWS Auto Scaling
B. Elastic Load Balancing
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Streams

A

C. Amazon Simple Queue Service (Amazon SQS)

SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. It allows one application to send messages to a queue, and another application to retrieve those messages from the queue. This can be helpful in scenarios where the sender and receiver are not required to interact with each other in real-time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What are the benefits of consolidated billing for AWS Cloud services? (Choose two.)

A. Volume discounts
B. A minimal additional fee for use
C. One bill for multiple accounts
D. Installment payment options
E. Custom cost and usage budget creation

A

A. Volume discounts
C. One bill for multiple accounts

Consolidated billing has the following benefits:
- ONE BILL – You get one bill for multiple accounts.
- Combined usage – You can combine the usage across all accounts in the organization to share the VOLUME PRICING DISCOUNTS, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console.
Which AWS service or resource will meet this requirement?

A. S3 Multi-Region Access Points
B. S3 Storage Lens
C. AWS IAM Identity Center (AWS Single Sign-On)
D. Access Analyzer for S3

A

Access Analyzer for S3 is an AWS service that analyzes S3 buckets for bucket policies and ACLs that allow public or restricted access. Allows users to easily identify buckets with insecure permission settings and take action to remediate them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

What is the best resource for a user to find compliance-related information and reports about AWS?

A. AWS Artifact
B. AWS Marketplace
C. Amazon Inspector
D. AWS Support

A

A. AWS Artifact

A portal that provides on-demand access to AWS compliance reports, certifications, and attestations. It is a centralized location for various compliance-related documents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Which AWS service enables companies to deploy an application close to end users?

A. Amazon CloudFront
B. AWS Auto Scaling
C. AWS AppSync
D. Amazon Route 53

A

A. Amazon CloudFront

A content delivery network (CDN) service that enables companies to deliver static and dynamic web content, including applications, to end users with low latency and high transfer speeds. It helps deploy an application close to end users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Which AWS service or feature improves network performance by sending traffic through the AWS worldwide network infrastructure?

A. Route table
B. AWS Transit Gateway
C. AWS Global Accelerator
D. Amazon VPC

A

C. AWS Global Accelerator

A service that uses the AWS global network to optimize the routing of traffic to applications. It improves the availability and performance of applications by utilizing anycast IP addresses. It specifically improves network performance globally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which AWS service provides highly durable object storage?

A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon FSx

A

A. Amazon S3

Provides highly durable object storage with 99.999999999% (11 9’s) durability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances?

A. Database backups
B. Database software patches
C. Operating system patches
D. Operating system installations

A

D. Operating system installations

AWS provides the infrastructure and services (like EC2) that include a range of Amazon Machine Images (AMIs) with pre-installed operating systems. This means AWS is responsible for ensuring that these AMIs are available and that the underlying infrastructure to run these instances is secure and reliable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Which of the following are advantages of moving to the AWS Cloud? (Choose two.)

A. The ability to turn over the responsibility for all security to AWS.
B. The ability to use the pay-as-you-go model.
C. The ability to have full control over the physical infrastructure.
D. No longer having to guess what capacity will be required.
E. No longer worrying about users access controls.

A

B. The ability to use the pay-as-you-go model.
D. No longer having to guess what capacity will be required.

B. The ability to use the pay-as-you-go model - AWS provides a flexible and cost-effective pay-as-you-go pricing model, allowing users to pay only for the resources they consume without upfront costs or long-term commitments.

D. No longer having to guess what capacity will be required - AWS offers scalable resources, enabling users to dynamically scale up or down based on their actual needs. This eliminates the need for upfront capacity planning and allows for efficient resource utilization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Which AWS service is a hybrid cloud storage service that provides on-premises users access to virtually unlimited cloud storage?

A. AWS DataSync
B. Amazon S3 Glacier
C. AWS Storage Gateway
D. Amazon Elastic Block Store (Amazon EBS)

A

C. AWS Storage Gateway

AWS Storage Gateway: A hybrid cloud storage service that enables on-premises applications to use cloud storage seamlessly. It provides file, volume, and tape gateway interfaces to integrate on-premises environments with AWS Cloud storage. This service allows on-premises users to access virtually unlimited cloud storage while maintaining a hybrid storage infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?

A. AWS Pricing Calculator
B. Amazon CloudWatch
C. AWS Cost Explorer
D. AWS Budgets

A

A. AWS Pricing Calculator

Pricing Calculator: A web-based tool that allows users to estimate the cost of using AWS services. It helps in understanding and estimating the costs associated with various AWS resources based on usage patterns, regions, and other parameters. Users can input their specific requirements to get an estimated monthly cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Which tool should a developer use to integrate AWS service features directly into an application?

A. AWS Software Development Kit
B. AWS CodeDeploy
C. AWS Lambda
D. AWS Batch

A

A. AWS Software Development Kit

AWS Software Development Kit (SDK): A set of libraries and tools that allows developers to interact with AWS services directly from their applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Which of the following is a recommended design principle of the AWS Well-Architected Framework?

A. Reduce downtime by making infrastructure changes infrequently and in large increments.
B. Invest the time to configure infrastructure manually.
C. Learn to improve from operational failures.
D. Use monolithic application design for centralization.

A

C. Learn to improve from operational failures.

Learn to improve from operational failures: This is a key principle of the AWS Well-Architected Framework. It emphasizes the importance of learning from failures and continuously improving the architecture based on operational experiences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:

A. restricted access.
B. as-needed access.
C. least privilege access.
D. token access.

A

C. least privilege access.

Least privilege access means granting users or entities the minimum level of permissions required to perform their tasks, reducing the risk of unintended or malicious actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?

A. Security group
B. AWS WAF
C. AWS Firewall Manager
D. Network ACL

A

D. Network ACL

ACL = subnet, Security Groups = instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

A company wants to operate a data warehouse to analyze data without managing the data warehouse infrastructure.
Which AWS service will meet this requirement?

A. Amazon Aurora
B. Amazon Redshift Serverless
C. AWS Lambda
D. Amazon RDS

A

B. Amazon Redshift Serverless

B. Amazon Redshift: A fully managed, petabyte-scale data warehouse service in the cloud. It is specifically designed for analytics and data warehousing, offering fast query performance using SQL queries and integration with various business intelligence tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

How does AWS Cloud computing help businesses reduce costs? (Choose two.)

A. AWS charges the same prices for services in every AWS Region.
B. AWS enables capacity to be adjusted on demand.
C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week.
D. AWS does not charge for data sent from the AWS Cloud to the internet.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.

A

B. AWS enables capacity to be adjusted on demand.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.

B. AWS enables capacity to be adjusted on demand: AWS provides the flexibility to scale resources up or down based on demand. This allows businesses to optimize costs by only paying for the resources they actually use, avoiding unnecessary expenses during periods of lower demand.

E. AWS eliminates many of the costs of building and maintaining on-premises data centers: With AWS, businesses can leverage cloud infrastructure without the need to invest in and maintain physical data centers. This eliminates upfront capital expenses, ongoing maintenance costs, and the need to overprovision resources for future growth, leading to significant cost savings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.
Which AWS service will meet this requirement?

A. IAM group
B. IAM role
C. IAM tag
D. IAM Access Analyzer

A

B. IAM role

IAM role: Are used to delegate permissions to users, applications, or services. In the context of cross-account access, you can create an IAM role in the target account and define policies that grant access to the necessary resources. Users in the source account can assume the role to access resources in the target account. IAM roles are commonly used for cross-account access scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

Which task is the responsibility of AWS when using AWS services?

A. Management of IAM user permissions
B. Creation of security group rules for outbound access
C. Maintenance of physical and environmental controls
D. Application of Amazon EC2 operating system patches

A

C. Maintenance of physical and environmental controls

Maintenance of physical and environmental controls: This task is the responsibility of AWS. AWS manages the physical infrastructure, including data center security, environmental controls (such as cooling and power), and other aspects related to the underlying infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

A company wants to automate infrastructure deployment by using infrastructure as code (IaC). The company wants to scale production stacks so the stacks can be deployed in multiple AWS Regions.
Which AWS service will meet these requirements?

A. Amazon CloudWatch
B. AWS Config
C. AWS Trusted Advisor
D. AWS CloudFormation

A

D. AWS CloudFormation

AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Which option is an AWS Cloud Adoption Framework (AWS CAF) platform perspective capability?

A. Data architecture
B. Data protection
C. Data governance
D. Data science

A

A. Data architecture

The correct answer is A, the clue is “Platform perspective capabilities” and only “Data Architecture” include in the list.

ref: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/platform-perspective.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

A company is running a workload in the AWS Cloud.
Which AWS best practice ensures the MOST cost-effective architecture for the workload?

A. Loose coupling
B. Rightsizing
C. Caching
D. Redundancy

A

B. Rightsizing

Right sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost.

Ref link: https://aws.amazon.com/aws-cost-management/aws-cost-optimization/right-sizing/#:~:text=Right%20sizing%20is%20the%20process,at%20the%20lowest%20possible%20cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing backup workflows.
Which AWS service should the company use to meet these requirements?

A. Amazon Elastic Block Store (Amazon EBS)
B. AWS Storage Gateway
C. Amazon Elastic Container Service (Amazon ECS)
D. AWS Lambda

A

B. AWS Storage Gateway

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Which AWS tool gives users the ability to plan their service usage, service costs, and instance reservations, and also allows them to set custom alerts when their costs or usage exceed established thresholds?

A. Cost Explorer
B. AWS Budgets
C. AWS Cost and Usage Report
D. Reserved Instance reporting

A

B. AWS Budgets

AWS Budgets is the tool that provides users with the ability to plan their service usage, service costs, and instance reservations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

Which tasks are the customer’s responsibility, according to the AWS shared responsibility model? (Choose two.)

A. Establish the global infrastructure.
B. Perform client-side data encryption.
C. Configure IAM credentials.
D. Secure edge locations.
E. Patch Amazon RDS DB instances.

A

B. Perform client-side data encryption.
C. Configure IAM credentials.

https://aws.amazon.com/compliance/shared-responsibility-model/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.)

A. Grant the developer access to only the AWS resources needed to perform the job.
B. Share the AWS account root user credentials with the developer.
C. Add the developer to the administrator’s group in AWS IAM.
D. Configure a password policy that ensures the developer’s password cannot be changed.
E. Ensure the account password policy requires a minimum length.

A

A. Grant the developer access to only the AWS resources needed to perform the job.
E. Ensure the account password policy requires a minimum length.

A. Grant the developer access to only the AWS resources needed to perform the job: Following the principle of least privilege, it is advisable to provide the developer with access only to the specific AWS resources necessary for their job role. This minimizes the potential impact of security incidents and limits the scope of actions the developer can perform.

E. Ensure the account password policy requires a minimum length: Implementing a password policy that requires a minimum length is a good security practice. It helps enhance the strength of passwords and contributes to better overall account security. Longer passwords are generally more resistant to brute-force attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

A company has multiple AWS accounts that include compute workloads that cannot be interrupted. The company wants to obtain billing discounts that are based on the company’s use of AWS services.
Which AWS feature or purchasing option will meet these requirements?

A. Resource tagging
B. Consolidated billing
C. Pay-as-you-go pricing
D. Spot Instances

A

B. Consolidated billing

Consolidated billing allows you to combine multiple AWS accounts and aggregate the usage and spending across those accounts. This simplifies billing and enables you to take advantage of volume discounts, which can lead to cost savings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure.
Which AWS service or feature should be used?

A. Security groups
B. AWS Firewall Manager
C. IAM roles
D. IAM user SSH keys

A

C. IAM roles

IAM (Identity and Access Management) roles provide a secure way to grant permissions to AWS services and resources. In this scenario, you can create an IAM role with the necessary permissions for the EC2 instance to access other AWS services. Then, you can associate the IAM role with the EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

A company wants a fully managed Windows file server for its Windows-based applications.
Which AWS service will meet this requirement?

A. Amazon FSx
B. Amazon Elastic Kubernetes Service (Amazon EKS)
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon EMR

A

A. Amazon FSx

Amazon FSx: A fully managed file storage service that is compatible with Windows file servers. It is designed to provide shared file storage for Windows-based applications, making it a suitable choice for the company’s requirement of a fully managed Windows file server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

A company wants to migrate its NFS on-premises workload to AWS.
Which AWS Storage Gateway type should the company use to meet this requirement?

A. Tape Gateway
B. Volume Gateway
C. Amazon FSx File Gateway
D. Amazon S3 File Gateway

A

D. Amazon S3 File Gateway

Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data files and backup images as durable objects in Amazon S3 cloud storage. Amazon S3 File Gateway offers SMB or NFS-based access to data in Amazon S3 with local caching. It can be used for on-premises data-intensive Amazon EC2-based applications that need file protocol access to S3 object storage.
https://aws.amazon.com/es/storagegateway/file/s3/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

A company needs to track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources.
Which AWS tool or service can be used to meet these requirements?

A. Amazon CloudWatch
B. Amazon Inspector
C. AWS CloudTrail
D. AWS IAM

A

C. AWS CloudTrail

“CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.”

Reference: https://aws.amazon.com/cloudtrail/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to continue to grow for years.
What is the MOST cost-effective EC2 instance purchasing model to meet these requirements?

A. Spot Instances
B. On-Demand Instances
C. Savings Plans
D. Dedicated Hosts

A

C. Savings Plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

A company wants an AWS service to provide product recommendations based on its customer data.
Which AWS service will meet this requirement?

A. Amazon Polly
B. Amazon Personalize
C. Amazon Comprehend
D. Amazon Rekognition

A

B. Amazon Personalize

Amazon Personalize accelerates your digital transformation with ML, making it easier to integrate personalized recommendations into existing websites, applications, email marketing systems, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

A company is planning its migration to the AWS Cloud. The company is identifying its capability gaps by using the AWS Cloud Adoption Framework (AWS CAF) perspectives.
Which phase of the cloud transformation journey includes these identification activities?

A. Envision
B. Align
C. Scale
D. Launch

A

B. Align

“Align phase focuses on identifying capability gaps across the six AWS CAF perspectives, identifying cross-organizational dependencies, and surfacing stakeholder concerns and challenges.”

Reference: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

A social media company wants to protect its web application from common web exploits such as SQL injections and cross-site scripting.
Which AWS service will meet these requirements?

A. Amazon Inspector
B. AWS WAF
C. Amazon GuardDuty
D. Amazon CloudWatch

A

B. AWS WAF

AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.”

References: https://aws.amazon.com/waf/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC2 images?

A. EC2 Image Builder
B. Amazon Machine Image (AMI)
C. AWS Launch Wizard
D. AWS Elastic Beanstalk

A

A. EC2 Image Builder

EC2 Image Builder is a fully-managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date “golden” server images that are pre-installed and pre-configured with software and settings to meet specific IT standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities.
Which AWS service will meet these requirements?

A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Detective
D. Amazon Cognito

A

B. Amazon Inspector

“Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), AWS Lambda functions, and container workloads for software vulnerabilities and unintended network exposure.”

Reference: https://aws.amazon.com/inspector/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

A company needs to perform data processing once a week that typically takes about 5 hours to complete.
Which AWS service should the company use for this workload?

A. AWS Lambda
B. Amazon EC2
C. AWS CodeDeploy
D. AWS Wavelength

A

B. Amazon EC2

AWS Lambda is a serverless computing service that runs your code without provisioning or managing servers. However, Lambda functions have a maximum execution time of 15 minutes. Therefore, Lambda is not suitable for workloads that need to run for longer than 15 minutes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

Which AWS service or feature provides log information of the inbound and outbound traffic on network interfaces in a VPC?

A. Amazon CloudWatch Logs
B. AWS CloudTrail
C. VPC Flow Logs
D. AWS Identity and Access Management (IAM)

A

C. VPC Flow Logs

VPC flow logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

https://aws.amazon.com/vpc/faqs/#:~:text=VPC%20flow%20logs%20is%20a,network%20interfaces%20in%20your%20VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

A company wants to design a centralized storage system to manage the configuration data and passwords for its critical business applications.
Which AWS service or capability will meet these requirements MOST cost-effectively?

A. AWS Systems Manager Parameter Store
B. AWS Secrets Manager
C. AWS Config
D. Amazon S3

A

AWS Systems Manager Parameter Store

AWS Secrets Manager is specifically designed for managing sensitive information such as passwords, database credentials, and API keys securely. (FYI so is AWS Secrets Manager - but that service costs $1 per secret).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

A company plans to deploy containers on AWS. The company wants full control of the compute resources that host the containers. Which AWS service will meet these requirements?

A. Amazon Elastic Kubernetes Service (Amazon EKS)
B. AWS Fargate
C. Amazon EC2
D. Amazon Elastic Container Service (Amazon ECS)

A

C. Amazon EC2

“For full control over your compute environment, choose to run your containers on Amazon Elastic Compute Cloud (EC2)”

https://aws.amazon.com/containers/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts?

A. AWS Identity and Access Management (IAM)
B. AWS Trusted Advisor
C. AWS CloudFormation
D. AWS Organizations

A

D. AWS Organizations

AWS Organizations is the service that provides the features you mentioned for managing multiple AWS accounts within an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

A company wants to store and retrieve files in Amazon S3 for its existing on-premises applications by using industry-standard file system protocols.
Which AWS service will meet these requirements?

A. AWS DataSync
B. AWS Snowball Edge
C. Amazon S3 File Gateway
D. AWS Transfer Family

A

C. Amazon S3 File Gateway

Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data files and backup images as durable objects in Amazon S3 cloud storage.

https://aws.amazon.com/storagegateway/file/s3/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

A company wants to block SQL injection attacks.
Which AWS service or feature should the company use to meet this requirement?

A. AWS WAF
B. Network ACLs
C. Security groups
D. AWS Certificate Manager (ACM)

A

A. AWS WAF

“AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.”

References: https://aws.amazon.com/waf/faqs/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

A company wants a unified tool to provide a consistent method to interact with AWS services.
Which AWS service or tool will meet this requirement?

A. AWS CLI
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS Cloud9
D. AWS Virtual Private Network (AWS VPN)

A

A. AWS CLI

“The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.”

Reference: https://aws.amazon.com/cli/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

A company needs to evaluate its AWS environment and provide best practice recommendations in five categories: cost, performance, service limits, fault tolerance and security.
Which AWS service can the company use to meet these requirements?

A. AWS Shield
B. AWS WAF
C. AWS Trusted Advisor
D. AWS Service Catalog

A

C. AWS Trusted Advisor

AWS Trusted Advisor is a service that helps users secure and optimize their AWS environments. Trusted Advisor offers a range of recommendations in five categories:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes capabilities for configuration management and patch management?

A. Platform
B. Operations
C. Security
D. Governance

A

B. Operations

AWS CAF Operations perspective capabilities
* Observability
* Event management (AIOps)
* Incident and problem management
* Change and release management
* Performance and capacity management
* Configuration management
* Patch management
* Availability and continuity management
* Application management

Reference: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/operations-perspective.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

A company has a compute workload that is steady, predictable, and uninterruptible.
Which Amazon EC2 instance purchasing options meet these requirements MOST cost-effectively? (Choose two.)

A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Saving Plans
E. Dedicated Hosts

A

B. Reserved Instances
D. Saving Plans

For a steady, predictable, and uninterruptible compute workload, the most cost-effective Amazon EC2 instance purchasing options would typically be:

B. Reserved Instances: Reserved Instances provide a significant discount compared to On-Demand Instances in exchange for a commitment to a one- or three-year term. Since the workload is steady and predictable, you can forecast your usage and purchase Reserved Instances accordingly, optimizing costs over time.

D. Saving Plans: Similar to Reserved Instances, Savings Plans offer significant discounts on usage in exchange for committing to a specific amount of compute usage (measured in dollars per hour) over a one- or three-year term. Savings Plans provide flexibility across a wider range of instance types and regions compared to Reserved Instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours?

A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances

A

A. On-Demand Instances

*On-Demand Instances – short workload, predictable pricing, pay by second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility model?

A. Configuration of Amazon EC2 instance operating systems
B. Application file system server-side encryption
C. Patch management
D. Security of the physical infrastructure

A

C. Patch management

“AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.”

Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

A company wants to migrate its on-premises workloads to the AWS Cloud. The company wants to separate workloads for chargeback to different departments.
Which AWS services or features will meet these requirements? (Choose two.)

A. Placement groups
B. Consolidated billing
C. Edge locations
D. AWS Config
E. Multiple AWS accounts

A

B. Consolidated billing
E. Multiple AWS accounts

Consolidated billing is a feature of AWS Organizations that allows you to combine billing for multiple AWS accounts.
Creating multiple AWS accounts, one for each department, is an effective way to segregate resources, manage permissions, and track costs separately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

Which task is a responsibility of AWS, according to the AWS shared responsibility model?

A. Enable client-side encryption for objects that are stored in Amazon S3.
B. Configure IAM security policies to comply with the principle of least privilege.
C. Patch the guest operating system on an Amazon EC2 instance.
D. Apply updates to the Nitro Hypervisor.

A

D. Apply updates to the Nitro Hypervisor.

The Nitro Hypervisor is a component of the underlying infrastructure managed by AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Which option is a benefit of using AWS for cloud computing?

A. Trade variable expense for fixed expense
B. Pay-as-you-go pricing
C. Decreased speed and agility
D. Spending money running and maintaining data centers

A

B. Pay-as-you-go pricing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

Which option is an AWS Cloud Adoption Framework (AWS CAF) business perspective capability?

A. Culture evolution
B. Event management
C. Data monetization
D. Platform architecture

A

C. Data monetization

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

A company is assessing its AWS Business Support plan to determine if the plan still meets the company’s needs. The company is considering switching to AWS Enterprise Support.
Which additional benefit will the company receive with AWS Enterprise Support?

A. A full set of AWS Trusted Advisor checks
B. Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week
C. A designated technical account manager (TAM) to assist in monitoring and optimization
D. A consultative review and architecture guidance for the company’s applications

A

D. A consultative review and architecture guidance for the company’s applications

Designated Technical Account Manager (TAM) to provide consultative architectural and operational guidance delivered in the context of your applications and use-cases to help you achieve the greatest value from AWS
https://aws.amazon.com/premiumsupport/plans/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?

A. On-Demand Instances
B. Standard Reserved Instances
C. Spot Instances
D. Convertible Reserved Instances

A

C. Spot Instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)

A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity

A

C. Incident response
D. Infrastructure protection

Infrastructure protection – Validate that systems and services within your workload are protected against unintended and unauthorized access and potential vulnerabilities

Incident response – Reduce potential harm by effectively responding to security incidents. Quick, effective, and consistent responses to security incidents will help you reduce potential harm

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

A company wants to run its workload on Amazon EC2 instances for more than 1 year. This workload will run continuously.

Which option offers a discounted hourly rate compared to the hourly rate of On-Demand Instances?

A. AWS Graviton processor
B. Dedicated Hosts
C. EC2 Instance Savings Plans
D. Amazon EC2 Auto Scaling instances

A

C. EC2 Instance Savings Plans

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?

A. Agility
B. Elasticity
C. Reliability
D. Durability

A

B. Elasticity

The characteristic of the AWS Cloud that helps users eliminate underutilized CPU capacity is elasticity. Elasticity allows users to scale their computing resources up or down based on their needs, which helps to eliminate underutilized CPU capacity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

Which AWS services can a company use to achieve a loosely coupled architecture? (Choose two.)

A. Amazon WorkSpaces
B. Amazon Simple Queue Service (Amazon SQS)
C. Amazon Connect
D. AWS Trusted Advisor
E. AWS Step Functions

A

B. Amazon Simple Queue Service (Amazon SQS)
E. AWS Step Functions

Amazon Simple Queue Service (Amazon SQS): SQS is a fully managed message queuing service that allows components of a distributed application to communicate asynchronously. It helps decouple the sender and receiver components, providing flexibility and fault tolerance.

AWS Step Functions: AWS Step Functions allow you to coordinate and sequence AWS services, including Lambda functions, in a serverless workflow. It helps in creating workflows that are scalable, resilient, and loosely coupled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded?

A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost Allocation Tags
D. AWS Organizations

A

A. AWS Budgets

AWS Budgets is the AWS Cloud service that allows users to set custom spending thresholds and receive alerts when those thresholds are exceeded. It helps users to keep track of their AWS spending by providing notifications based on their budget limits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

A company plans to migrate to the AWS Cloud. The company wants to use the AWS Cloud Adoption Framework (AWS CAF) to define and track business outcomes as part of its cloud transformation journey.

Which AWS CAF governance perspective capability will meet these requirements?

A. Benefits management
B. Risk management
C. Application portfolio management
D. Cloud financial management

A

Benefits management – Ensure that the business benefits associated with your cloud investments are realized and sustained. The success of your transformation is determined by the resulting business benefits.

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/governance-perspective.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

A company needs to quickly and securely move files over long distances between its client and an Amazon S3 bucket.

Which S3 feature will meet this requirement?

A. S3 Versioning
B. S3 Transfer Acceleration
C. S3ACLs
D. S3 Intelligent-Tiering

A

B. S3 Transfer Acceleration

S3 Transfer Acceleration is a feature that utilizes Amazon CloudFront’s globally distributed edge locations to accelerate the upload of objects to an S3 bucket.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

A company needs to continuously run an experimental workload on an Amazon EC2 instance and stop the instance after 12 hours.

Which instance purchasing option will meet this requirement MOST cost-effectively?

A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances

A

A. On-Demand Instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

Which cloud transformation journey phase of the AWS Cloud Adoption Framework (AWS CAF) focuses on demonstrating how the cloud helps accelerate business outcomes?

A. Scale
B. Envision
C. Align
D. Launch

A

B. Envision

Identify and prioritize transformation opportunities in line with your strategic objectives. Associating your transformation initiatives with key stakeholders and measurable business outcomes will help you demonstrate value as you progress through your transformation journey.

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

Which option is a customer responsibility under the AWS shared responsibility model?

A. Maintenance of underlying hardware of Amazon EC2 instances
B. Application data security
C. Physical security of data centers
D. Maintenance of VPC components

A

B. Application data security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

A company wants its Amazon EC2 instances to operate in a highly available environment, even if there is a natural disaster in a particular geographic area.

Which approach will achieve this goal?

A. Use EC2 instances in multiple AWS Regions.
B. Use EC2 instances in multiple Amazon CloudFront locations.
C. Use EC2 instances in multiple edge locations.
D. Use EC2 instances in AWS Local Zones.

A

A. Use EC2 instances in multiple AWS Regions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

A company wants to modernize and convert a monolithic application into microservices. The company wants to move the application to AWS.

Which migration strategy should the company use?

A. Rehost
B. Replatform
C. Repurchase
D. Refactor

A

D. Refactor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

A systems administrator created a new IAM user for a developer and assigned the user an access key instead of a user name and password. What is the access key used for?

A. To access the AWS account as the AWS account root user
B. To access the AWS account through the AWS Management Console
C. To access the AWS account through a CLI
D. To access all of a company’s AWS accounts

A

C. To access the AWS account through a CLI

Use Access Keys for Programmatic Access (CLI / SDK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

Which option is an environment that consists of one or more data centers?

A. Amazon CloudFront
B. Availability Zone
C. VPC
D. AWS Outposts

A

B. Availability Zone

An availability zone consists of multiple data centers, which are all equipped with independent power, cooling and networking infrastructure all housed in separate facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

A company is moving an on-premises data center to the AWS Cloud. The company must migrate 50 petabytes of file storage data to AWS with the least possible operational overhead.

Which AWS service or resource should the company use to meet these requirements?

A. AWS Snowmobile
B. AWS Snowball Edge
C. AWS Data Exchange
D. AWS Database Migration Service (AWS DMS)

A

A. AWS Snowmobile

AWS Snowmobile is the appropriate choice for migrating 50 petabytes of file storage data to AWS with the least possible operational overhead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.

Which AWS service will help the company deploy the application without investing in backend infrastructure or high-end client hardware?

A. Amazon AppStream 2.0
B. AWS AppSync
C. Amazon WorkLink
D. AWS Elastic Beanstalk

A

A. Amazon AppStream 2.0

Amazon AppStream 2.0 is a cloud-based desktop streaming service that allows companies to deploy applications and desktops to any device, including lightweight laptops.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

A company wants to query its server logs to gain insights about its customers’ experiences.

Which AWS service will store this data MOST cost-effectively?

A. Amazon Aurora
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon S3

A

D. Amazon S3

For cost-effective storage and querying of large volumes of data, especially log data, Amazon S3 (Simple Storage Service) is the most suitable option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

Which of the following is a recommended design principle for AWS Cloud architecture?

A. Design tightly coupled components.
B. Build a single application component that can handle all the application functionality.
C. Make large changes on fewer iterations to reduce chances of failure.
D. Avoid monolithic architecture by segmenting workloads.

A

D. Avoid monolithic architecture by segmenting workloads.

Monolithic architectures can become unwieldy, difficult to maintain, and prone to failures. Segmenting workloads into smaller, more manageable components allows for greater scalability, resilience, and flexibility in the cloud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

Which AWS service helps users audit API activity across their AWS account?

A. AWS CloudTrail
B. Amazon Inspector
C. AWS WAF
D. AWS Config

A

A. AWS CloudTrail

With AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made by using the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

Which task is a customer’s responsibility, according to the AWS shared responsibility model?

A. Management of the guest operating systems
B. Maintenance of the configuration of infrastructure devices
C. Management of the host operating systems and virtualization
D. Maintenance of the software that powers Availability Zones

A

A. Management of the guest operating systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynamically.

Which service or feature will meet these requirements?

A. Amazon DynamoDB
B. Amazon EC2 Spot Instances
C. AWS Snow Family
D. Amazon EC2 Auto Scaling

A

D. Amazon EC2 Auto Scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

A user wants to securely automate the management and rotation of credentials that are shared between applications, while spending the least amount of time on managing tasks.

Which AWS service or feature can be used to accomplish this?

A. AWS CloudHSM
B. AWS Key Management Service (AWS KMS)
C. AWS Secrets Manager
D. Server-side encryption

A

C. AWS Secrets Manager

AWS Secrets Manager helps in the secure storage, rotation, and retrieval of sensitive credentials such as API keys, database passwords, and other secrets used by applications.

159
Q

Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?

A. Amazon GuardDuty
B. Amazon Macie
C. Amazon Inspector
D. AWS Shield

A

B. Amazon Macie

Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.

160
Q

Which actions are best practices for an AWS account root user? (Choose two.)

A. Share root user credentials with team members.
B. Create multiple root users for the account, separated by environment.
C. Enable multi-factor authentication (MFA) on the root user.
D. Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user.
E. Use programmatic access instead of the root user and password.

A

C. Enable multi-factor authentication (MFA) on the root user.
D. Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user.

161
Q

A company is running a critical workload on an Amazon RDS DB instance. The company needs the DB instance to be highly available with a recovery time of less than 5 minutes.

Which solution will meet these requirements?

A. Create a read replica of the DB instance.
B. Create a template of the DB instance by using AWS CloudFormation.
C. Take frequent snapshots of the DB instance. Store the snapshots in Amazon S3.
D. Modify the DB instance to be a Multi-AZ deployment.

A

D. Modify the DB instance to be a Multi-AZ deployment.

In an Amazon RDS Multi-AZ deployment, Amazon RDS automatically creates a primary database (DB) instance and synchronously replicates the data to an instance in a different AZ. When it detects a failure, Amazon RDS automatically fails over to a standby instance without manual intervention.

162
Q

A company plans to migrate its application to AWS and run the application on Amazon EC2 instances. The application will have continuous usage for 1 year.

Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Hosts

A

A. Reserved Instances

Reserved Instances are well-suited for applications with steady, predictable workloads over a term commitment, such as one year

163
Q

A company needs to transfer data between an Amazon S3 bucket and an on-premises application.

Who is responsible for the security of this data, according to the AWS shared responsibility model?

A. The company
B. AWS
C. Firewall vendor
D. AWS Marketplace partner

A

A. The company

Networking and traffic protection are a customer responsibility.

164
Q

Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?

A. Security
B. Reliability
C. Performance efficiency
D. Cost optimization

A

B. Reliability

The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands. Key topics include distributed system design, recovery planning, and adapting to changing requirements.

165
Q

A company wants to identify Amazon S3 buckets that are shared with another AWS account.

Which AWS service or feature will meet these requirements?

A. AWS Lake Formation
B. IAM credential report
C. Amazon CloudWatch
D. IAM Access Analyzer

A

D. IAM Access Analyzer

IAM Access Analyzer external access analyzers help identify resources in your organization and accounts that are shared with an external entity.

https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

166
Q

Which AWS service gives users the ability to build interactive business intelligence dashboards that include machine learning insights?

A. Amazon Athena
B. Amazon Kendra
C. Amazon QuickSight
D. Amazon Redshift

A

C. Amazon QuickSight

Amazon QuickSight is the AWS service that gives users the ability to create interactive business intelligence (BI) dashboards that can include machine learning insights.

https://docs.aws.amazon.com/quicksight/

167
Q

Which of the following is an AWS value proposition that describes a user’s ability to scale infrastructure based on demand?

A. Speed of innovation
B. Resource elasticity
C. Decoupled architecture
D. Global deployment

A

B. Resource elasticity

Elasticity - The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically.

168
Q

Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket?

A. Enable S3 Cross-Region Replication (CRR) on the S3 bucket.
B. Use IAM roles for applications that require access to the S3 bucket.
C. Configure AWS WAF to prevent unauthorized access to the S3 bucket.
D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.

A

B. Use IAM roles for applications that require access to the S3 bucket.

Use IAM roles for applications and AWS services that require Amazon S3 access.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

169
Q

A company wants to know more about the benefits offered by cloud computing. The company wants to understand the operational advantage of agility. How does AWS provide agility for users?

A. The ability the ensure high availability by deploying workloads to multiple regions
B. A pay-as-you-go model for many services and resources
C. The ability to transfer infrastructure management to the AWS Cloud
D. The ability to provision and deprovision resources quickly with minimal effort

A

D. The ability to provision and deprovision resources quickly with minimal effort

The agility provided by AWS is closely tied to the ability to provision and deprovision resources rapidly. AWS allows users to scale their infrastructure up or down based on demand, enabling them to quickly deploy new resources when needed and release them when no longer necessary.

170
Q

A company needs a central user portal so that users can log in to third-party business applications that support Security Assertion Markup Language (SAML) 2.0.

Which AWS service will meet this requirement?

A. AWS Identity and Access Management (IAM)
B. Amazon Cognito
C. AWS IAM Identity Center (AWS Single Sign-On)
D. AWS CLI

A

B. Amazon Cognito

Amazon Cognito supports authentication with identity providers (IdPs) through Security Assertion Markup Language 2.0 (SAML 2.0). You can use an IdP that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users.

https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html

171
Q

Which AWS service should users use to learn about AWS service availability and operations?

A. Amazon EventBridge
B. AWS Service Catalog
C. AWS Control Tower
D. AWS Health Dashboard

A

D. AWS Health Dashboard

The AWS Health Dashboard is a centralized location where users can find information about the availability and operation of AWS services. It provides an overview of the current status of AWS services, including planned and unplanned events. Users can also search for specific services to get more detailed information.

172
Q

Which AWS service or tool can be used to capture information about inbound and outbound traffic in an Amazon VPC?

A. VPC Flow Logs
B. Amazon Inspector
C. VPC endpoint services
D. NAT gateway

A

A. VPC Flow Logs

https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

173
Q

What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility model?

A. Software licenses
B. Networking
C. Customer data
D. Encryption keys

A

C. Customer data

Customers are always responsible for managing their own customer data.

https://aws.amazon.com/compliance/shared-responsibility-model/

174
Q

Which AWS service can be used to retrieve compliance reports on demand?

A. AWS Secrets Manager
B. AWS Artifact
C. AWS Security Hub
D. AWS Certificate Manager

A

B. AWS Artifact

175
Q

Which AWS service enables users to check for vulnerabilities on Amazon EC2 instances by using predefined assessment templates?

A. AWS WAF
B. AWS Trusted Advisor
C. Amazon Inspector
D. AWS Shield

A

C. Amazon Inspector

Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.
https://aws.amazon.com/inspector/

176
Q

A company plans to migrate to the AWS Cloud. The company is gathering information about its on-premises infrastructure and requires information such as the hostname, IP address, and MAC address.

Which AWS service will meet these requirements?

A. AWS DataSync
B. AWS Application Migration Service
C. AWS Application Discovery Service
D. AWS Database Migration Service (AWS DMS)

A

C. AWS Application Discovery Service

AWS Application Discovery Service collects both server and database configuration information. Server information includes hostnames, IP addresses, MAC addresses, as well as the resource allocation and utilization details of key resources such as CPU, network, memory, and disk.

177
Q

Which action will help increase security in the AWS Cloud?

A. Enable programmatic access for all IAM users.
B. Use IAM users instead of IAM roles to delegate permissions.
C. Rotate access keys on a reoccurring basis.
D. Use inline policies instead of customer managed policies.

A

C. Rotate access keys on a reoccurring basis.

Credentials should be rotated or changed on a periodic time frame. For this reason it is considered a security best practice to rotate access keys.

178
Q

A company is planning to migrate its application to the AWS Cloud.

Which AWS tool or set of resources should the company use to analyze and assess its readiness for migration?

A. AWS Cloud Adoption Framework (AWS CAF)
B. AWS Pricing Calculator
C. AWS Well-Architected Framework
D. AWS Budgets

A

A. AWS Cloud Adoption Framework (AWS CAF)

AWS migration readiness assessment (MRA) is an AWS process of gaining insights about your enterprise’s current cloud readiness and building an action plan to close identified gaps, using the AWS Cloud Adoption Framework (AWS CAF).

179
Q

Which of the following describes some of the core functionality of Amazon S3?

A. Amazon S3 is a high-performance block storage service that is designed for use with Amazon EC2.
B. Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability.
C. Amazon S3 is a fully managed, highly reliable, and scalable file storage system that is accessible over the industry-standard SMB protocol.
D. Amazon S3 is a scalable, fully managed elastic NFS for use with AWS Cloud services and on-premises resources.

A

B. Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability.

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

180
Q

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

A. High availability
B. Economies of scale
C. Pay-as-you-go pricing
D. Global reach

A

C. Pay-as-you-go pricing

181
Q

Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.)

A. AWS VPN
B. Elastic Load Balancing
C. AWS Direct Connect
D. VPC peering
E. Amazon CloudFront

A

A. AWS VPN
C. AWS Direct Connect

182
Q

A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the underlying hardware or the database software.

Which AWS service can be used to accomplish this?

A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Redshift

A

B. Amazon DynamoDB

Redshift is a data warehouse service, while RDS and Aurora is a relational database service. So Amazon DynamoDB is the answer.

183
Q

Which actions are examples of a company’s effort to rightsize its AWS resources to control cloud costs? (Choose two.)

A. Switch from Amazon RDS to Amazon DynamoDB to accommodate NoSQL datasets.
B. Base the selection of Amazon EC2 instance types on past utilization patterns.
C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers.
D. Use Multi-AZ deployments for Amazon RDS.
E. Replace existing Amazon EC2 instances with AWS Elastic Beanstalk.

A

B. Base the selection of Amazon EC2 instance types on past utilization patterns.
C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers.

Only answers that actually address cloud costs.

184
Q

Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instances?

A. Network ACLs
B. Security groups
C. AWS Trusted Advisor
D. AWS WAF

A

B. Security groups

Security groups is the only answer that applies to EC2 level.

185
Q

Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Choose two.)

A. Perform operations as code.
B. Enable traceability.
C. Automatically scale to meet demand.
D. Deploy resources globally to improve response time.
E. Automatically recover from failure.

A

C. Automatically scale to meet demand.
E. Automatically recover from failure.

A. Perform operations as code –> Operational Excellence
B. Enable traceability –> Security
C. Automatically scale to meet demand –> Reliability
D. Deploy resources globally to improve response time –> Performance Efficiency
E. Automatically recover from failure –> Reliability

https://aws.amazon.com/blogs/apn/the-6-pillars-of-the-aws-well-architected-framework/

186
Q

A company wants to create templates that the company can reuse to deploy multiple AWS resources.

Which AWS service or feature can the company use to meet this requirement?

A. AWS Marketplace
B. Amazon Machine Image (AMI)
C. AWS CloudFormation
D. AWS OpsWorks

A

C. AWS CloudFormation

AWS CloudFormation enables you to use a template file to create and delete a collection of resources together as a single unit (a stack).

187
Q

A company that uses AWS needs to transfer 2 TB of data.

Which type of transfer of that data would result in no cost for the company?

A. Inbound data transfer from the internet
B. Outbound data transfer to the internet
C. Data transfer between AWS Regions
D. Data transfer between Availability Zones

A

A. Inbound data transfer from the internet

There is no charge for inbound data transfer across all services in all Regions. Data transfer from AWS to the internet is charged per service, with rates specific to the originating Region.

https://aws.amazon.com/blogs/architecture/overview-of-data-transfer-costs-for-common-architectures/
https://aws.amazon.com/ec2/pricing/on-demand/

188
Q

A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messages in first-in, first-out (FIFO) order.

Which AWS service should the company use?

A. AWS Step Functions
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon Kinesis Data Streams
D. Amazon Simple Queue Service (Amazon SQS)

A

D. Amazon Simple Queue Service (Amazon SQS)

Amazon SQS FIFO queues preserve the order in which messages are sent and received, and avoid that a message is processed more than once. This ensures that the messages are processed in first-in, first-out (FIFO) order1.

189
Q

Which AWS service or feature is a browser-based, pre-authenticated service that can be launched directly from the AWS Management Console?

A. AWS API
B. AWS Lightsail
C. AWS Cloud9
D. AWS CloudShell

A

D. AWS CloudShell

AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the AWS Management Console.
https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html

190
Q

A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.

Which AWS services will meet these requirements? (Choose two.)

A. Amazon Athena
B. Amazon RDS
C. Amazon EC2
D. Amazon DynamoDB
E. Amazon Aurora

A

B. Amazon RDS
E. Amazon Aurora

Amazon Aurora PostgreSQL is a fully managed, PostgreSQL–compatible.
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraPostgreSQL.html
In addition to the benefits of Aurora, Aurora PostgreSQL offers a convenient migration pathway from Amazon RDS into Aurora, with push-button migration tools that convert your existing RDS for PostgreSQL applications to Aurora PostgreSQL.

191
Q

A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and move the data to AWS later.

Which AWS service should the company use to meet these requirements?

A. AWS IoT Core
B. Amazon Lightsail
C. AWS Storage Gateway
D. AWS Snowball Edge

A

D. AWS Snowball Edge

AWS Snowball Edge is a type of Snowball device with on-board storage and compute power for select AWS capabilities. Snowball Edge can do local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud.

192
Q

A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages.

Which AWS service or feature will give the application permission to access required AWS services?

A. AWS Certificate Manager (ACM)
B. IAM roles
C. AWS Security Hub
D. Amazon GuardDuty

A

B. IAM roles

IAM provides fine-grained access control across all of AWS. You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

193
Q

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud.

Which service should be used to deploy the application?

A. AWS CloudFormation
B. AWS Elastic Beanstalk
C. Amazon EC2
D. AWS OpsWorks

A

B. AWS Elastic Beanstalk

AWS Elastic Beanstalk - deploying and scaling web applications and services developed with Java, . NET, PHP, Node. js, Python, Ruby.

Deploy scalable web applications in minutes without the complexity of provisioning and managing underlying infrastructure.
https://aws.amazon.com/elasticbeanstalk/

194
Q

A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds.

Which AWS service meets these requirements?

A. Amazon CloudFront
B. Elastic Load Balancing
C. Amazon S3
D. Amazon Elastic Transcoder

A

A. Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service built for high performance, security, and developer convenience.
https://aws.amazon.com/cloudfront/

195
Q

A company needs to use third-party software for its workload on AWS.

Which AWS service or feature can the company use to purchase the software?

A. AWS Resource Access Manager
B. AWS Managed Services
C. AWS License Manager
D. AWS Marketplace

A

D. AWS Marketplace

AWS Marketplace is a curated digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services to build solutions and run their businesses.
https://docs.aws.amazon.com/marketplace/latest/userguide/what-is-marketplace.html

196
Q

A company needs fully managed, highly reliable, and scalable file storage that is accessible over the Server Message Block (SMB) protocol.

Which AWS service will meet these requirements?

A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
C. Amazon FSx for Windows File Server
D. Amazon Elastic Block Store (Amazon EBS)

A

C. Amazon FSx for Windows File Server

Amazon FSx for Windows File Server provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. Amazon FSx has native support for Windows file system features and for the industry-standard Server Message Block (SMB) protocol to access file storage over a network.

197
Q

A company needs to centrally configure and manage Amazon VPC security groups across multiple AWS accounts within an organization in AWS Organizations.

Which AWS service should the company use to meet these requirements?

A. AWS Firewall Manager
B. Amazon GuardDuty
C. Amazon Detective
D. AWS WAF

A

A. AWS Firewall Manager

AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall.

Firewall Manager is particularly useful when you want to protect your entire organization rather than a small number of specific accounts and resources, or if you frequently add new resources that you want to protect.

https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html

198
Q

Which task is a responsibility of AWS, according to the AWS shared responsibility model?

A. Configure identity and access management for applications.
B. Manage encryption options for data that is stored on AWS.
C. Configure security groups for Amazon EC2 instances.
D. Maintain the physical hardware of the infrastructure.

A

D. Maintain the physical hardware of the infrastructure.

https://aws.amazon.com/compliance/shared-responsibility-model/

199
Q

A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the internet from accessing the EC2 instance.

Which AWS managed service allows this?

A. VPC endpoint
B. NAT gateway
C. Amazon PrivateLink
D. VPC peering

A

B. NAT gateway

You can use a public NAT gateway to enable instances in a private subnet to send outbound traffic to the internet, while preventing the internet from establishing connections to the instances.
https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html

200
Q

Which actions are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)

A. Securing the virtualization layer
B. Patching the operating system on Amazon EC2 instances
C. Enforcing a strict password policy for IAM users
D. Patching the operating system on Amazon RDS instances
E. Configuring security groups and network ACLs

A

A. Securing the virtualization layer
D. Patching the operating system on Amazon RDS instances

https://aws.amazon.com/compliance/shared-responsibility-model/

201
Q

A company is storing data that will not be frequently accessed in the AWS Cloud. If the company needs to access the data, the data needs to be retrieved within 12 hours. The company wants a solution that is cost-effective for storage costs for each gigabyte.

Which Amazon S3 storage class will meet these requirements?

A. S3 Standard
B. S3 Glacier Flexible Retrieval
C. S3 One Zone-Infrequent Access (S3 One Zone-IA)
D. S3 Standard-Infrequent Access (S3 Standard-IA)

A

B. S3 Glacier Flexible Retrieval

S3 Glacier Flexible Retrieval for archiving data that might infrequently need to be restored, once or twice per year, within a few hours

https://docs.aws.amazon.com/prescriptive-guidance/latest/backup-recovery/amazon-s3-glacier.html

202
Q

Which AWS service or resource can be used to identify services that have been used by a user within a specified date range?

A. Amazon S3 access control lists (ACLs)
B. AWS Certificate Manager (ACM)
C. Network Access Analyzer
D. AWS Identity and Access Management Access Analyzer

A

D. AWS Identity and Access Management Access Analyzer

IAM Access Analyzer is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in IAM Access Analyzer.
https://docs.aws.amazon.com/IAM/latest/UserGuide/logging-using-cloudtrail.html

203
Q

A company needs to engage third-party consultants to help maintain and support its AWS environment and the company’s business needs.

Which AWS service or resource will meet these requirements?

A. AWS Support
B. AWS Organizations
C. AWS Service Catalog
D. AWS Partner Network (APN)

A

D. AWS Partner Network (APN)

The AWS Partner Network (APN) is designed to help companies find qualified third-party consultants, software vendors, and managed service providers who are specialized in working with AWS services. APN Partners offer various levels of support and expertise to assist with maintaining and optimizing AWS environments based on specific business needs.

204
Q

A company wants to create Amazon QuickSight dashboards every week by using its billing data.

Which AWS feature or tool can the company use to meet these requirements?

A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost and Usage Report
D. AWS Cost Anomaly Detection

A

C. AWS Cost and Usage Report

After you create a Cost and Usage Report, AWS sends your report to the Amazon S3 bucket that you specify. AWS updates your report at least once a day until your charges are finalized.

Your report files consist of a .csv file or a collection of .csv files and a manifest file. You can choose to configure your report data for integration with Amazon Athena, Amazon Redshift, or Amazon QuickSight.

https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html

205
Q

A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises storage with storage that is cloud-based but locally cached.

Which AWS service meets these requirements?

A. AWS Storage Gateway
B. AWS Snowcone
C. AWS Backup
D. Amazon Elastic File System (Amazon EFS)

A

A. AWS Storage Gateway

AWS Storage Gateway connects on-premises environments with cloud storage through cached volumes, stored volumes and tape-based backup.

https://aws.amazon.com/storagegateway/

206
Q

A company needs to organize its resources and track AWS costs on a detailed level. The company needs to categorize costs by business department, environment, and application.

Which solution will meet these requirements?

A. Access the AWS Cost Management console to organize resources, set an AWS budget, and receive notifications of unintentional usage.
B. Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level.
C. Create Amazon CloudWatch dashboards to visually organize and track costs individually.
D. Access the AWS Billing and Cost Management dashboard to organize and track resource consumption on a detailed level.

A

B. Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level.

Business Tags - Cost Center/Business Unit – Identify the cost center or business unit associated with a resource, typically for cost allocation and tracking.

https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html

207
Q

A company needs to plan, schedule, and run hundreds of thousands of computing jobs on AWS.

Which AWS service can the company use to meet this requirement?

A. AWS Step Functions
B. AWS Service Catalog
C. Amazon Simple Queue Service (Amazon SQS)
D. AWS Batch

A

D. AWS Batch

AWS Batch is a fully managed service that enables you to run large-scale compute workloads in the cloud without provisioning resources or managing schedulers.

https://docs.aws.amazon.com/wellarchitected/latest/high-performance-computing-lens/batch-based-architecture.html

208
Q

Which AWS services or features provide high availability and low latency by enabling failover across different AWS Regions? (Choose two.)

A. Amazon Route 53
B. Network Load Balancer
C. Amazon S3 Transfer Acceleration
D. AWS Global Accelerator
E. Application Load Balancer

A

A. Amazon Route 53
D. AWS Global Accelerator

Amazon Route 53 provides a global DNS service that can be used as a public or private endpoint for RTC clients to register and connect with media applications. With Amazon Route 53, DNS health checks can be configured to route traffic to healthy endpoints or to independently monitor the health of your application.

AWS Global Accelerator continually monitors the health of your application endpoints, and automatically redirects traffic to the nearest healthy endpoints in the event of current endpoints turning unhealthy.

209
Q

Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS Cloud?

A. Scale the number of EC2 instances in or out automatically, based on demand.
B. Use serverless EC2 instances.
C. Scale the size of EC2 instances up or down automatically, based on demand.
D. Transfer unused CPU resources between EC2 instances.

A

A. Scale the number of EC2 instances in or out automatically, based on demand.

You can use scaling policies to increase or decrease the number of instances in your group dynamically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group, between the minimum and maximum capacity values that you specify, and launches or terminates the instances as needed.
https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-groups.html

210
Q

Which abilities are benefits of the AWS Cloud? (Choose two.)

A. Trade variable expenses for capital expenses.
B. Deploy globally in minutes.
C. Plan capacity in advance of deployments.
D. Take advantage of economies of scale.
E. Reduce dependencies on network connectivity.

A

B. Deploy globally in minutes.
D. Take advantage of economies of scale.

211
Q

Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations?

A. Amazon Inspector
B. AWS Web Application Firewall (AWS WAF)
C. Elastic Load Balancing (ELB)
D. AWS Shield

A

D. AWS Shield

AWS provides two levels of protection against DDoS attacks: AWS Shield Standard and AWS Shield Advanced.
https://docs.aws.amazon.com/shield/

212
Q

Which AWS service allows users to model and provision AWS resources using common programming languages?

A. AWS CloudFormation
B. AWS CodePipeline
C. AWS Cloud Development Kit (AWS CDK)
D. AWS Systems Manager

A

A. AWS CloudFormation

AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications.
https://aws.amazon.com/cdk/

213
Q

Which Amazon EC2 instance pricing model can provide discounts of up to 90%?

A. Reserved Instances
B. On-Demand
C. Dedicated Hosts
D. Spot Instances

A

D. Spot Instances

Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud and are available at up to a 90% discount compared to On-Demand prices.

214
Q

Which of the following acts as an instance-level firewall to control inbound and outbound access?

A. Network access control list
B. Security groups
C. AWS Trusted Advisor
D. Virtual private gateways

A

B. Security groups

Security Groups operate at the instance level

215
Q

A company must be able to develop, test, and launch an application in the AWS Cloud quickly.

Which advantage of cloud computing will meet these requirements?

A. Stop guessing capacity
B. Trade fixed expense for variable expense
C. Achieve economies of scale
D. Increase speed and agility

A

D. Increase speed and agility

Quickly = Agility/Speed

216
Q

A company has teams that have different job roles and responsibilities. The company’s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.

Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

A. IAM user groups
B. IAM roles
C. IAM instance profiles
D. IAM policies for individual users

A

A. IAM user groups

An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a user group called Admins and give that user group typical administrator permissions. Any user in that user group automatically has Admins group permissions. If a new user joins your organization and needs administrator privileges you can assign the appropriate permissions by adding the user to the Admins user group. If a person changes jobs in your organization, instead of editing that user’s permissions you can remove them from the old user groups and add them to the appropriate new user groups.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

217
Q

Which AWS service can a company use to securely store and encrypt passwords for a database?

A. AWS Shield
B. AWS Secrets Manager
C. AWS Identity and Access Management (IAM)
D. Amazon Cognito

A

B. AWS Secrets Manager

https://aws.amazon.com/secrets-manager/

218
Q

What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them as evidence to an auditor or regulator?

A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS Artifact
D. Amazon Inspector

A

C. AWS Artifact

AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI) reports, and Service Organization Control (SOC) reports. You can submit the security and compliance documents (also known as audit artifacts) to your auditors or regulators to demonstrate the security and compliance of the AWS infrastructure and services that you use.

https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html

219
Q

Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
C. TLS
D. SSL
E. Transparent Data Encryption (TDE)

A

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)

Amazon S3 now applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket in Amazon S3. Starting January 5, 2023, all new object uploads to Amazon S3 are automatically encrypted at no additional cost and with no impact on performance. T

Unless you specify otherwise, buckets use SSE-S3 by default to encrypt objects. However, you can choose to configure buckets to use server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) instead.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html

220
Q

A company wants to integrate its online shopping website with social media login credentials.

Which AWS service can the company use to make this integration?

A. AWS Directory Service
B. AWS Identity and Access Management (IAM)
C. Amazon Cognito
D. AWS IAM Identity Center (AWS Single Sign-On)

A

C. Amazon Cognito

With Amazon Cognito, you can add user sign-up and sign-in features and control access to your web and mobile applications.

https://aws.amazon.com/cognito/

221
Q

Which AWS service is used to track, record, and audit configuration changes made to AWS resources?

A. AWS Shield
B. AWS Config
C. AWS IAM
D. Amazon Inspector

A

B. AWS Config

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

https://aws.amazon.com/config/

222
Q

A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.

For how much time will the customer be billed?

A. 3 hours, 5 minutes
B. 3 hours, 5 minutes, and 6 seconds
C. 3 hours, 6 minutes
D. 4 hours

A

C. 3 hours, 6 minutes

On-Demand Instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments.

https://aws.amazon.com/about-aws/whats-new/2017/10/announcing-amazon-ec2-per-second-billing/

The customer will be billed for 3 hours and 6 minutes because the 6 seconds are rounded up to the next minute.

223
Q

A company website is experiencing DDoS attacks.

Which AWS service can help protect the company website against these attacks?

A. AWS Resource Access Manager
B. AWS Amplify
C. AWS Shield
D. Amazon GuardDuty

A

C. AWS Shield

Maximize application availability and responsiveness with managed DDoS protection
https://aws.amazon.com/shield/

224
Q

A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the AWS Cloud.

Which AWS service or tool will meet these requirements?

A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Control Tower
D. Migration Evaluator

A

D. Migration Evaluator

Starting today, customers considering AWS for running on-premises workloads can request a business case from Migration Evaluator (Formerly TSO Logic) at no cost.

The results captured are used to generate a transparent business case which aligns business and technology stakeholders to provide a prescriptive next step in your migration journey.

https://aws.amazon.com/about-aws/whats-new/2020/07/introducing-migration-evaluator-fast-track-business-case-aws/

225
Q

A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify billing processes.

Which AWS service or tool should the company use to meet these requirements?

A. AWS Organizations
B. Cost Explorer
C. AWS Budgets
D. AWS Trusted Advisor

A
226
Q

A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services and general AWS infrastructure are operating normally.

Which combination of AWS services can the company use to gather the required information? (Choose two.)

A. AWS Personal Health Dashboard
B. AWS Systems Manager
C. AWS Trusted Advisor
D. AWS Service Health Dashboard
E. AWS Service Catalog

A

A. AWS Personal Health Dashboard
D. AWS Service Health Dashboard

AWS Personal Health Dashboard provides a personalized view into the performance and availability of the AWS services you are using, as well as alerts that are automatically triggered by changes in the health of those services.

You can use the AWS Health Dashboard – Service health to view the health of all AWS services.

https://aws.amazon.com/about-aws/whats-new/2016/12/introducing-aws-personal-health-dashboard/

https://docs.aws.amazon.com/health/latest/ug/aws-health-dashboard-status.html

227
Q

A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS.

Which AWS service or tool should the company use to meet this requirement?

A. Cloud Adoption Readiness Tool
B. AWS Migration Hub
C. AWS Database Migration Service (AWS DMS)
D. AWS Application Migration Service

A

C. AWS Database Migration Service (AWS DMS)

AWS Database Migration Service (AWS DMS) is a managed migration and replication service that helps you move your databases and analytics workloads to AWS quickly and securely.

228
Q

Which cloud concept is demonstrated by using AWS Compute Optimizer?

A. Security validation
B. Rightsizing
C. Elasticity
D. Global reach

A

B. Rightsizing

Rightsize workloads according to your workload preferences through artificial intelligence and machine learning-based analytics to reduce costs by up to 25%.

https://aws.amazon.com/compute-optimizer/

229
Q

A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered sensitive.

Which AWS service will meet the requirement?

A. Amazon Inspector
B. Amazon Macie
C. AWS Identity and Access Management (IAM)
D. Amazon CloudWatch

A

B. Amazon Macie

Discover and protect your sensitive data at scale

https://aws.amazon.com/macie/

230
Q

A user has a stateful workload that will run on Amazon EC2 for the next 3 years.

What is the MOST cost-effective pricing model for this workload?

A. On-Demand Instances
B. Reserved Instances
C. Dedicated Instances
D. Spot Instances

A

B. Reserved Instances

Reserved Instances provide a significant discount compared to On-Demand Instances while offering a commitment to a specific instance type in a particular region for a term of 1 or 3 years.

231
Q

Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?

A. AWS Support
B. AWS customers
C. AWS Key Management Service (AWS KMS)
D. AWS Trusted Advisor

A

B. AWS customers

The answer is B. The customer has to select AWS KMS. If the customer does not explicit select it then nothing will be encrypted.

232
Q

What can a user accomplish using AWS CloudTrail?

A. Generate an IAM user credentials report.
B. Record API calls made to AWS services.
C. Assess the compliance of AWS resource configurations with policies and guidelines.
D. Ensure that Amazon EC2 instances are patched with the latest security updates.

A

B. Record API calls made to AWS services.

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records API calls made on your account, including who made the call, the services used, the actions performed, and when they occurred.

233
Q

A company is planning to host its workloads on AWS.

Which AWS service requires the company to update and patch the guest operating system?

A. Amazon DynamoDB
B. Amazon S3
C. Amazon EC2
D. Amazon Aurora

A

C. Amazon EC2

Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches)
https://aws.amazon.com/compliance/shared-responsibility-model/

234
Q

Which AWS service or feature will search for and identify AWS resources that are shared externally?

A. Amazon OpenSearch Service
B. AWS Control Tower
C. AWS IAM Access Analyzer
D. AWS Fargate

A

C. AWS IAM Access Analyzer

AWS IAM Access Analyzer is a service that helps you identify and manage access permissions in your AWS environment.

235
Q

A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its applications.

Which AWS service should the company use to meet these requirements?

A. Amazon DynamoDB
B. Amazon EC2
C. AWS Lambda
D. Amazon RDS

A

B. Amazon EC2

Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches)
https://aws.amazon.com/compliance/shared-responsibility-model/

236
Q

At what support level do users receive access to a support concierge?

A. Basic Support
B. Developer Support
C. Business Support
D. Enterprise Support

A

D. Enterprise Support

Users receive access to a support concierge at the Enterprise Support level. With AWS Enterprise Support, customers have access to a support concierge who can help with case management, provide guidance on best practices, and assist with various AWS-related inquiries.

https://aws.amazon.com/premiumsupport/plans/

237
Q

Which AWS service can a company use to visually design and build serverless applications?

A. AWS Lambda
B. AWS Batch
C. AWS Application Composer
D. AWS App Runner

A

C. AWS Application Composer

AWS Application Composer helps you visually compose and configure AWS services into serverless applications backed by infrastructure as code.

AWS Application Composer - Visually design and build modern applications quickly

https://aws.amazon.com/application-composer/

238
Q

A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS.

Where can the company purchase the security solution?

A. AWS Partner Solutions Finder
B. AWS Support Center
C. AWS Management Console
D. AWS Marketplace

A

D. AWS Marketplace

AWS Marketplace is the service that provides access to third-party solutions for AWS.

239
Q

A company has deployed an Amazon EC2 instance.

Which option is an AWS responsibility under the AWS shared responsibility model?

A. Managing and encrypting application data
B. Installing updates and security patches of guest operating system
C. Configuration of infrastructure devices
D. Configuration of security groups on each instance

A

C. Configuration of infrastructure devices

AWS is responsible for the underlying infrastructure of the EC2 hosts.

https://aws.amazon.com/compliance/shared-responsibility-model/

240
Q

A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.

Which AWS service or resource will meet these requirements with the LEAST management overhead?

A. PostgreSQL on Amazon EC2
B. Amazon RDS for PostgreSQL
C. Amazon Aurora PostgreSQL-Compatible Edition
D. Amazon Aurora Serverless

A

D. Amazon Aurora Serverless

If cost is not a concern and you want the least management overhead, Amazon Aurora Serverless would be the best option. Amazon Aurora Serverless provides the highest level of automation and scalability as it is a serverless database solution. You don’t have to worry about managing database instances, scaling, or maintenance. The database automatically scales up and down to meet your application’s requirements, and you only pay for the resources you actually use.

241
Q

A company is using Amazon DynamoDB for its application database.

Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)

A. Classify data.
B. Configure access permissions.
C. Manage encryption options.
D. Provide public endpoints to store and retrieve data.
E. Manage the infrastructure layer and the operating system.

A

D. Provide public endpoints to store and retrieve data.
E. Manage the infrastructure layer and the operating system.

AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

242
Q

A company wants to create a globally accessible ecommerce platform for its customers. The company wants to use a highly available and scalable DNS web service to connect users to the platform.

Which AWS service will meet these requirements?

A. Amazon EC2
B. Amazon VPC
C. Amazon Route 53
D. Amazon RDS

A

C. Amazon Route 53

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
https://docs.aws.amazon.com/route53/

243
Q

Which maintenance task is the customer’s responsibility, according to the AWS shared responsibility model?

A. Physical connectivity among Availability Zones
B. Network switch maintenance
C. Hardware updates and firmware patches
D. Amazon EC2 updates and security patches

A

D. Amazon EC2 updates and security patches

Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches)
https://aws.amazon.com/compliance/shared-responsibility-model/

244
Q

A company wants to improve its security posture by reviewing user activity through API calls.

Which AWS service will meet this requirement?

A. AWS WAF
B. Amazon Detective
C. Amazon CloudWatch
D. AWS CloudTrail

A

D. AWS CloudTrail

AWS CloudTrail:
o Records or logs transactions.
o You can use API calls to provision, manage, and configure your AWS resources. With CloudTrail, you can view a complete history of user activity and API calls for your applications and resources (API caller, timeframe, Source IP, etc.).

245
Q

A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to 6 months on AWS.

Which pricing model will meet these requirements?

A. Use Savings Plans for a 3-year term.
B. Use Dedicated Hosts.
C. Buy Reserved Instances.
D. Use On-Demand Instances.

A

D. Use On-Demand Instances.

The company requires short-term but continuous computing resources. All other options require upfront payment and longer than 6 months contractual obligations.

246
Q

A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instances.

Which action should the company take to assess its readiness to scale for this launch?

A. Replace the EC2 instances with AWS Lambda functions.
B. Use AWS Infrastructure Event Management (IEM) support.
C. Submit a request on AWS Marketplace to monitor the event.
D. Review the coverage reports in the AWS Cost Management console.

A

B. Use AWS Infrastructure Event Management (IEM) support.

AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events

247
Q

A company wants to launch multiple workloads on AWS. Each workload is related to a different business unit. The company wants to separate and track costs for each business unit.

Which solution will meet these requirements with the LEAST operational overhead?

A. Use AWS Organizations and create one account for each business unit.
B. Use a spreadsheet to control the owners and cost of each resource.
C. Use an Amazon DynamoDB table to record costs for each business unit.
D. Use the AWS Billing console to assign owners to resources and track costs.

A

A. Use AWS Organizations and create one account for each business unit.

Using AWS Organizations allows you to centrally manage and govern multiple AWS accounts. By creating separate accounts for each business unit, you can easily isolate and track costs for each unit without mixing them up. This approach provides a clear separation of resources and costs, simplifying cost management and tracking. Additionally, AWS provides consolidated billing and cost allocation features within Organizations, making it easier to manage billing and costs across multiple accounts.

248
Q

A company wants a time-series database service that makes it easier to store and analyze trillions of events each day.

Which AWS service will meet this requirement?

A. Amazon Neptune
B. Amazon Timestream
C. Amazon Forecast
D. Amazon DocumentDB (with MongoDB compatibility)

A

B. Amazon Timestream

Amazon Timestream is a fast, scalable, and serverless time-series database service that makes it easier to store and analyze trillions of events per day up to 1,000 times faster.

249
Q

Which option is a shared control between AWS and the customer, according to the AWS shared responsibility model?

A. Configuration management
B. Physical and environmental controls
C. Data integrity authentication
D. Identity and access management

A

A. Configuration management

Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

https://aws.amazon.com/compliance/shared-responsibility-model

250
Q

A company often does not use all of its current Amazon EC2 capacity to run stateless workloads. The company wants to optimize its EC2 costs.

Which EC2 instance type will meet these requirements?

A. Spot Instances
B. Dedicated Instances
C. Reserved Instances
D. On-Demand Instances

A

A. Spot Instances

Spot Instances are recommended for stateless, fault-tolerant, flexible applications.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html

251
Q

A company wants to store data in Amazon S3. The company rarely access the data, and the data can be regenerated if necessary. The company wants to store the data in the most cost-effective storage class.

Which S3 storage class will meet this requirement?

A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Standard-Infrequent Access (S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

A

D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

For a scenario where data is rarely accessed, and the company can regenerate the data if needed, the most cost-effective storage class would be S3 One Zone-Infrequent Access (S3 One Zone-IA). This storage class stores data in a single availability zone, providing cost savings compared to storage classes that store data redundantly across multiple availability zones.

https://aws.amazon.com/about-aws/whats-new/2018/04/announcing-s3-one-zone-infrequent-access-a-new-amazon-s3-storage-class/

252
Q

A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely. Which AWS service or framework should the company use for operational support?

A. AWS Support
B. AWS Cloud Adoption Framework (AWS CAF)
C. AWS Managed Services (AMS)
D. AWS Well-Architected Framework

A

C. AWS Managed Services (AMS)

AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely.

https://aws.amazon.com/managed-services/

253
Q

A company wants to provision and manage its AWS infrastructure by using the common programming languages Typescript, Python, Java, and .NET.

Which AWS service will meet this requirement?

A. AWS CodeBuild
B. AWS CloudFormation
C. AWS CLI
D. AWS Cloud Development Kit (AWS CDK)

A

D. AWS Cloud Development Kit (AWS CDK)

The AWS CDK supports TypeScript, JavaScript, Python, Java, C#/.Net, and Go. Developers can use one of these supported programming languages to define reusable cloud components.

https://docs.aws.amazon.com/cdk/v2/guide/home.html

254
Q

Which Amazon EC2 pricing model provides the MOST cost savings for an always-up, right-sized database server running for a project that will last 1 year?

A. On-Demand Instances
B. Convertible Reserved Instances
C. Spot Instances
D. Standard Reserved Instances

A

D. Standard Reserved Instances

The question says that the server is already “right-sized” - so it will not be changing. It will also only be needed for 1 year. Therefore, standard (right-sized) reserved (1 year commitment) instance is the correct answer here.

255
Q

A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library’s capacity to the AWS Cloud.

Which AWS service should the company use to meet this requirement?

A. Amazon Elastic File System (Amazon EFS)
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3
D. AWS Storage Gateway

A

D. AWS Storage Gateway

AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure.

256
Q

A company is using the AWS Free Tier for several AWS services for an application.

What will happen if the Free Tier usage period expires or if the application use exceeds the Free Tier usage limits?

A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage.
B. AWS Support will contact the company to set up standard service charges.
C. The company will be charged for the services it consumed during the Free Tier period, plus additional charges for service consumption after the Free Tier period.
D. The company’s AWS account will be frozen and can be restarted after a payment plan is established.

A

A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage.

When your free usage term expires or if your application use exceeds the tiers, you simply pay standard, pay-as-you-go service rates.
https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=all&awsf.Free%20Tier%20Categories=all

257
Q

A company wants to monitor its workload performance. The company wants to ensure that the cloud services are delivered at a level that meets its business needs.

Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?

A. Business
B. Governance
C. Platform
D. Operations

A

D. Operations

The Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business.
https://aws.amazon.com/cloud-adoption-framework/

258
Q

A company wants to migrate its applications to the AWS Cloud. The company plans to identify and prioritize any business transformation opportunities and evaluate its AWS Cloud readiness.

Which AWS service or tool should the company use to meet these requirements?

A. AWS Cloud Adoption Framework (AWS CAF)
B. AWS Managed Services (AMS)
C. AWS Well-Architected Framework
D. AWS Migration Hub

A

A. AWS Cloud Adoption Framework (AWS CAF)

Use the AWS CAF to identify and prioritize transformation opportunities, evaluate and improve your cloud readiness, and iteratively evolve your transformation roadmap.
https://aws.amazon.com/cloud-adoption-framework/

259
Q

A company need an AWS service that provides a clear baseline of what the company runs in its on-premises data centers. The company needs the projected cost to run its on-premises workloads in the AWS Cloud.

What AWS service or tool will meet these requirements?

A. AWS Compute Optimizer
B. AWS Cost Explorer
C. AWS Systems Manager Agent (SSM Agent)
D. Migration Evaluator

A

D. Migration Evaluator

Analyze your current state, define your target state, and develop a migration readiness plan with projected cloud costs to reach your financial business objectives faster.

https://aws.amazon.com/migration-evaluator/

260
Q

A company acquired another corporation. The company now has two AWS accounts.

Which AWS service or tool can the company use to consolidate the billing for these two accounts?

A. AWS Systems Manager
B. AWS Organizations
C. AWS License Manager
D. Cost Explorer

A

B. AWS Organizations

AWS Organizations is the service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

261
Q

A company wants to set up its workloads to perform their intended functions and recover quickly from failure.

Which pillar of the AWS Well-Architected Framework aligns with these goals?

A. Performance efficiency
B. Sustainability
C. Reliability
D. Security

A

C. Reliability

The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands.
https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc&wa-guidance-whitepapers.sort-by=item.additionalFields.sortDate&wa-guidance-whitepapers.sort-order=desc

262
Q

Which of the following is a managed AWS service that is used specifically for extract, transform, and load (ETL) data?

A. Amazon Athena
B. AWS Glue
C. Amazon S3
D. AWS Snowball Edge

A

B. AWS Glue

AWS Glue consolidates major data integration capabilities into a single service. These include data discovery, modern ETL, cleansing, transforming, and centralized cataloging. It’s also serverless, which means there’s no infrastructure to manage.

https://docs.aws.amazon.com/glue/latest/dg/what-is-glue.html

263
Q

A company wants to migrate petabytes of data from its on-premises data center to AWS. The company does not want to use an internet connection to perform the migration.

Which AWS service will meet these requirements?

A. AWS DataSync
B. Amazon Connect
C. AWS Snowmobile
D. AWS Direct Connect

A

C. AWS Snowmobile

AWS Snowmobile moves extremely large amounts of data to AWS. Transfer up to 100 PB per Snowmobile, a 45-foot-long ruggedized shipping container pulled by a semi-trailer truck.

264
Q

A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.

Which AWS offering will meet these requirements?

A. Amazon EventBridge
B. Compute Savings Plans
C. AWS Budgets
D. Migration Evaluator

A

C. AWS Budgets

You can set up optional notifications that warn you if you exceed, or are forecasted to exceed, your budgeted amount for cost or usage budgets.

https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html

265
Q

How does the AWS Enterprise Support Concierge team help users?

A. Supporting application development
B. Providing architecture guidance
C. Answering billing and account inquiries
D. Answering questions regarding technical support cases

A

C. Answering billing and account inquiries

Billing Assistance - White-glove (Concierge) access to billing issues for Enterprise On-Ramp customers.

https://aws.amazon.com/premiumsupport/plans/

266
Q

A company wants to run a simulation for 3 years without interruptions.

Which Amazon EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A. Spot Instances
B. Reserved Instances
C. Dedicated Hosts
D. On-Demand Instances

A

B. Reserved Instances

A Reserved Instance offers cost savings of up to 72% over On-Demand price. In addition, Reserved Instance three-year terms offer much greater savings over one-year terms.

https://aws.amazon.com/compare/the-difference-between-on-demand-instances-and-reserved-instances/#:~:text=A%20Reserved%20Instance%20offers%20cost,savings%20over%20one%2Dyear%20terms.

267
Q

Which AWS service or resource can provide discounts on some AWS service costs in exchange for a spending commitment?

A. Amazon Detective
B. AWS Pricing Calculator
C. Savings Plans
D. Basic Support

A

C. Savings Plans

Savings Plans provide significant savings over On-Demand pricing, in exchange for a commitment to a consistent amount of usage (measured in $/hr) for a 1 or 3 year period.

268
Q

Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

A. High availability
B. Performance efficiency
C. Cost optimization
D. Going global in minutes
E. Continuous development

A

B. Performance efficiency
C. Cost optimization

https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc&wa-guidance-whitepapers.sort-by=item.additionalFields.sortDate&wa-guidance-whitepapers.sort-order=desc

269
Q

A company wants to use Amazon EC2 instances to provide a static website to users all over the world. The company needs to minimize latency for the users.

Which solution meets these requirements?

A. Use EC2 instances in multiple edge locations.
B. Use EC2 instances in the same Availability Zone but in different AWS Regions.
C. Use Amazon CloudFront with the EC2 instances configured as the source.
D. Use EC2 instances in the same Availability Zone but in different AWS accounts.

A

C. Use Amazon CloudFront with the EC2 instances configured as the source.

Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of your websites, APIs, video content, or other web assets. In this scenario, using Amazon CloudFront is the most suitable option to minimize latency for users all over the world.

270
Q

A team of researchers is going to collect data at remote locations around the world. Many locations do not have internet connectivity. The team needs to capture the data in the field, and transfer it to the AWS Cloud later.

Which AWS service will support these requirements?

A. AWS Outposts
B. AWS Transfer Family
C. AWS Snow Family
D. AWS Migration Hub

A

C. AWS Snow Family

Purpose-built devices to cost effectively move petabytes of data, offline. Lease a Snow device to move your data to the cloud.
https://aws.amazon.com/snow/

271
Q

Which of the following are benefits that a company receives when it moves an on-premises production workload to AWS? (Choose two.)

A. AWS trains the company’s staff on the use of all the AWS services.
B. AWS manages all security in the cloud.
C. AWS offers free support from technical account managers (TAMs).
D. AWS offers high availability.
E. AWS provides economies of scale.

A

D. AWS offers high availability.
E. AWS provides economies of scale.

272
Q

A company has decided to adopt Amazon EC2 infrastructure and wants to scale various stateless services for short-term usage.

Which EC2 pricing model is MOST cost-efficient to meet these requirements?

A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Dedicated Hosts

A

A. Spot Instances

273
Q

Which of the following are benefits of AWS Trusted Advisor? (Choose two.)

A. Access to Amazon Simple Queue Service (Amazon SQS)
B. Cost optimization recommendations
C. Hourly refresh of the service limit checks
D. Security checks
E. AWS Identity and Access Management (IAM) approval management

A

B. Cost optimization recommendations
D. Security checks

Trusted Advisor inspects your AWS environment, and then makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps.

https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html

274
Q

A company wants to save costs by archiving data that is no longer frequently accessed by end users.

Which Amazon S3 feature will meet this requirement?

A. S3 Versioning
B. S3 Lifecycle
C. S3 Object Lock
D. S3 Inventory

A

B. S3 Lifecycle

With S3 Lifecycle configuration rules, you can tell Amazon S3 to transition objects to less-expensive storage classes, or archive or delete them.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html

275
Q

Which cloud computing advantage is a company applying when it uses AWS Regions to increase application availability to users in different countries?

A. Pay-as-you-go pricing
B. Capacity forecasting
C. Economies of scale
D. Global reach

A

D. Global reach

Deploying applications across multiple AWS Regions allows companies to provide low-latency access to their services for users in different geographical locations, thereby improving global reach and availability.

276
Q

A company wants an AWS service to collect and process 10 TB of data locally and transfer the data to AWS. The company has intermittent connectivity.

Which AWS service will meet these requirements?

A. AWS Database Migration Service (AWS DMS)
B. AWS DataSync
C. AWS Backup
D. AWS Snowball Edge

A

D. AWS Snowball Edge

AWS Snowball Edge is a type of Snowball device with on-board storage and compute power for select AWS capabilities. Snowball Edge can do local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud.

277
Q

Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?

A. Go global in minutes.
B. Make frequent, small, reversible changes.
C. Implement a strong foundation of identity and access management
D. Stop spending money on hardware infrastructure for data center operations.

A

B. Make frequent, small, reversible changes.

https://docs.aws.amazon.com/wellarchitected/latest/framework/oe-design-principles.html

278
Q

What is a benefit of using AWS serverless computing?

A. Application deployment and management are not required.
B. Application security will be fully managed by AWS.
C. Monitoring and logging are not needed.
D. Management of infrastructure is offloaded to AWS.

A

D. Management of infrastructure is offloaded to AWS.

With serverless computing, developers can focus on writing code without worrying about server provisioning, scaling, or maintenance. AWS takes care of the underlying infrastructure, allowing developers to concentrate on building and deploying applications.

279
Q

A developer wants AWS users to access AWS services by using temporary security credentials.

Which AWS service or feature should the developer use to provide these credentials?

A. IAM policies
B. IAM user groups
C. AWS Security Token Service (AWS STS)
D. AWS IAM Identity Center (AWS Single Sign-On)

A

C. AWS Security Token Service (AWS STS)

AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for users.

280
Q

A global company wants to use a managed security service for protection from SQL injection attacks. The service also must provide detailed logging information about access to the company’s ecommerce applications.

Which AWS service will meet these requirements?

A. AWS Network Firewall
B. Amazon RDS for SQL Server
C. Amazon GuardDuty
D. AWS WAF

A

D. AWS WAF

AWS WAF (Web Application Firewall) is a web application firewall service that helps protect web applications from common web exploits and attacks, including SQL injection attacks.

https://aws.amazon.com/waf/

281
Q

A company is migrating its on-premises server to an Amazon EC2 instance. The server must stay active at all times for the next 12 months.

Which EC2 pricing option is the MOST cost-effective for the company’s workload?

A. On-Demand
B. Dedicated Hosts
C. Spot Instances
D. Reserved Instances

A

D. Reserved Instances

282
Q

Which of the following is the customer’s responsibility under the AWS shared responsibility model? (Choose two.)

A. Maintain the configuration of infrastructure devices.
B. Maintain patching and updates within the hardware infrastructure.
C. Maintain the configuration of guest operating systems and applications.
D. Manage decisions involving encryption options.
E. Maintain infrastructure hardware.

A

C. Maintain the configuration of guest operating systems and applications.
D. Manage decisions involving encryption options.

https://aws.amazon.com/compliance/shared-responsibility-model/

283
Q

A company wants to verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts.

Which AWS service or resource will meet this requirement?

A. AWS Cost and Usage Report
B. IAM credential reports
C. AWS Artifact
D. Amazon CloudFront reports

A

B. IAM credential reports

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
IAM credential reports are delivered in CSV format. “mfa_active” is one of many columns of this report. When a MFA device is enabled for the user, value of this column is TRUE.

284
Q

A company uses AWS security services and tools. The company needs a service to help manage the security alerts and must organize the alerts into a single dashboard.

Which AWS service should the company use to meet these requirements?

A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Security Hub

A

D. AWS Security Hub

AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation.

AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices.

Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.

285
Q

A company wants to run its workloads in the AWS Cloud effectively, reduce management overhead, and improve processes.

Which AWS Well-Architected Framework pillar represents these requirements?

A. Reliability
B. Operational excellence
C. Performance efficiency
D. Cost optimization

A

B. Operational excellence

The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value.

286
Q

A company uses Amazon S3 to store records that can contain personally identifiable information (PII). The company wants a solution that can monitor all S3 buckets for PII and immediately alert staff about vulnerabilities.

Which AWS service will meet these requirements?

A. Amazon GuardDuty
B. Amazon Detective
C. Amazon Macie
D. AWS Shield

A

C. Amazon Macie

287
Q

Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand?

A. Amazon GuardDuty
B. AWS Security Hub
C. AWS Artifact
D. AWS Shield

A

C. AWS Artifact

288
Q

An external auditor has requested that a company provide a list of all its IAM users, including the status of users’ credentials and access keys.

What is the SIMPLEST way to provide this information?

A. Create an IAM user account for the auditor, granting the auditor administrator permissions.
B. Take a screenshot of each user’s page in the AWS Management Console, then provide the screenshots to the auditor.
C. Download the IAM credential report, then provide the report to the auditor.
D. Download the AWS Trusted Advisor report, then provide the report to the auditor.

A

C. Download the IAM credential report, then provide the report to the auditor.

You can use the AWS Management Console to download a credential report as a comma-separated values (CSV) file.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

289
Q

Which task can a company perform by using security groups in the AWS Cloud?

A. Allow access to an Amazon EC2 instance through only a specific port.
B. Deny access to malicious IP addresses at a subnet level.
C. Protect data that is cached by Amazon CloudFront.
D. Apply a stateless firewall to an Amazon EC2 instance.

A

A. Allow access to an Amazon EC2 instance through only a specific port.

You can specify the source, port range, and protocol for each inbound rule. You can specify the destination, port range, and protocol for each outbound rule.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html

290
Q

A company plans to run a compute-intensive workload that uses graphics processing units (GPUs).

Which Amazon EC2 instance type should the company use?

A. Accelerated computing
B. Compute optimized
C. Storage optimized
D. General purpose

A

A. Accelerated computing

Accelerated computing instances are made to work with graphic intensive workloads.

If you require high processing capability, you’ll benefit from using accelerated computing instances, which provide access to hardware-based compute accelerators such as Graphics Processing Units (GPUs), Field Programmable Gate Arrays (FPGAs), or AWS Inferentia.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/accelerated-computing-instances.html

291
Q

Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.)

A. They are stateless.
B. They are stateful.
C. They evaluate all rules before allowing traffic.
D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.
E. They operate at the instance level.

A

A. They are stateless.
D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.

NACLs are stateless, which means that information about previously sent or received traffic is not saved.

Each rule has a number from 1 to 32766. We evaluate the rules in order, starting with the lowest numbered rule, when deciding whether allow or deny traffic.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

292
Q

Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Choose two.)

A. Performance and capacity management
B. Data engineering
C. Continuous integration and continuous delivery (CI/CD)
D. Infrastructure protection
E. Change and release management

A

B. Data engineering
C. Continuous integration and continuous delivery (CI/CD)

293
Q

According to the AWS shared responsibility model, the customer is responsible for applying the latest security updates and patches for which of the following?

A. Amazon DynamoDB
B. Amazon EC2 instances
C. Amazon RDS instances
D. Amazon S3

A

B. Amazon EC2 instances

The customer is responsible for applying the latest security updates and patches to Amazon EC2 instances.

294
Q

Which Amazon S3 storage class is MOST cost-effective for unknown access patterns?

A. S3 Standard
B. S3 Standard-Infrequent Access (S3 Standard-IA)
C. S3 One Zone-Infrequent Access (S3 One Zone-IA)
D. S3 Intelligent-Tiering

A

D. S3 Intelligent-Tiering

S3 Intelligent-Tiering is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period.
https://aws.amazon.com/s3/storage-classes/intelligent-tiering/

295
Q

Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)

A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity

A

C. Incident response
D. Infrastructure protection

296
Q

A company has a managed IAM policy that does not grant the necessary permissions for users to accomplish required tasks.

How can this be resolved?

A. Enable AWS Shield Advanced.
B. Create a custom IAM policy.
C. Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace.
D. Use AWS Key Management Service (AWS KMS) to create a customer-managed key.

A

B. Create a custom IAM policy.

An AWS managed policy is a standalone policy that is created and administered by AWS.

https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html

297
Q

Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model?

A. IAM access and secret keys are static, so there is no need to rotate them.
B. The customer is responsible for rotating keys.
C. AWS will rotate the keys whenever required.
D. The AWS Support team will rotate keys when requested by the customer.

A

B. The customer is responsible for rotating keys.

298
Q

A company needs to run a pre-installed third-party firewall on an Amazon EC2 instance.

Which AWS service or feature can provide this solution?

A. Network ACLs
B. Security groups
C. AWS Marketplace
D. AWS Trusted Advisor

A

C. AWS Marketplace

AWS Marketplace allows you to find, purchase, and deploy a wide range of pre-configured third-party software, including firewall solutions, on your Amazon EC2 instances.

299
Q

Which AWS Cloud benefit gives a company the ability to quickly deploy cloud resources to access compute, storage, and database infrastructures in a matter of minutes?

A. Elasticity
B. Cost savings
C. Agility
D. Reliability

A

C. Agility

Agility in cloud computing refers to the ability to quickly develop, test, and launch applications that the business needs.

300
Q

Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?

A. Security awareness and training
B. Development of an IAM password policy
C. Patching of the guest operating system
D. Physical and environmental controls

A

D. Physical and environmental controls

301
Q

Which of the following is a characteristic of the AWS account root user?

A. The root user is the only user that can be configured with multi-factor authentication (MFA).
B. The root user is the only user that can access the AWS Management Console.
C. The root user is the first sign-in identity that is available when an AWS account is created.
D. The root user has a password that cannot be changed.

A

C. The root user is the first sign-in identity that is available when an AWS account is created.

302
Q

An Amazon EC2 instance previously used for development is inaccessible and no longer appears in the AWS Management Console.

Which AWS service should be used to determine what action made this EC2 instance inaccessible?

A. Amazon CloudWatch Logs
B. AWS Security Hub
C. Amazon Inspector
D. AWS CloudTraiI

A

D. AWS CloudTraiI

AWS CloudTrail is the service that records API calls and related events made on your AWS account.

303
Q

A company’s application developers need to quickly provision and manage AWS services by using scripts.

Which AWS offering should the developers use to meet these requirements?

A. AWS CLI
B. AWS CodeBuild
C. AWS Cloud Adoption Framework (AWS CAF)
D. AWS Systems Manager Session Manager

A

A. AWS CLI

The AWS CLI is a command-line tool provided by AWS that allows developers and administrators to interact with AWS services directly from the command line.

304
Q

A company wants to migrate unstructured data to AWS. The data needs to be securely moved with inflight encryption and end-to-end data validation.

Which AWS service will meet these requirements?

A. AWS Application Migration Service
B. Amazon Elastic File System (Amazon EFS)
C. AWS DataSync
D. AWS Migration Hub

A

C. AWS DataSync

AWS DataSync is a service designed for securely transferring large amounts of data between on-premises storage and Amazon S3, Amazon EFS, or Amazon FSx for Windows File Server.

305
Q

A development team wants to deploy multiple test environments for an application in a fast, repeatable manner.

Which AWS service should the team use?

A. Amazon EC2
B. AWS CloudFormation
C. Amazon QuickSight
D. Amazon Elastic Container Service (Amazon ECS)

A

B. AWS CloudFormation

CloudFormation will allow you to use infrastructure as code and allow you to repeat deployments fast and always be the same.

306
Q

A company wants to quickly implement a continuous integration/continuous delivery (CI/CD) pipeline.

Which AWS service will meet this requirement?

A. AWS Config
B. Amazon Cognito
C. AWS DataSync
D. AWS CodeStar

A

D. AWS CodeStar

AWS CodeStar is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project.

https://docs.aws.amazon.com/cloud9/latest/user-guide/codestar-projects.html

307
Q

Which AWS Cloud deployment model uses AWS Outposts as part of the application deployment infrastructure?

A. On-premises
B. Serverless
C. Cloud-native
D. Hybrid

A

D. Hybrid

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience.

https://aws.amazon.com/outposts/

308
Q

Which of the following is a fully managed graph database service on AWS?

A. Amazon Aurora
B. Amazon FSx
C. Amazon DynamoDB
D. Amazon Neptune

A

D. Amazon Neptune

Amazon Neptune is a fully managed graph database service that scales to handle billions of relationships and lets you query them with milliseconds latency, at a low cost for that kind of capacity.

https://docs.aws.amazon.com/neptune/latest/userguide/graph-get-started.html

309
Q

Which AWS service could an administrator use to provide desktop environments for several employees?

A. AWS Organizations
B. AWS Fargate
C. AWS WAF
D. AWS WorkSpaces

A

D. AWS WorkSpaces

Amazon WorkSpaces offers an easy way to provide a cloud-based desktop experience to your end users
https://docs.aws.amazon.com/workspaces/

310
Q

Which AWS service or feature gives users the ability to capture information about network traffic in a VPC?

A. VPC Flow Logs
B. Amazon Inspector
C. VPC route tables
D. AWS CloudTrail

A

A. VPC Flow Logs

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

311
Q

Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?

A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon EC2 instance store
C. Amazon Elastic File System (Amazon EFS)
D. Amazon S3

A

B. Amazon EC2 instance store

An instance store provides temporary block-level storage for your instance.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

312
Q

A company wants to provide access to Windows file shares in AWS from its on-premises workloads. The company does not want to provision any additional infrastructure or applications in its data center.

Which AWS service will meet these requirements?

A. Amazon FSx File Gateway
B. AWS DataSync
C. Amazon S3
D. AWS Snow Family

A

A. Amazon FSx File Gateway

Amazon FSx File Gateway optimizes on-premises access to fully managed, highly reliable file shares in Amazon FSx for Windows File Server.
https://aws.amazon.com/storagegateway/file/fsx/

313
Q

A company wants durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost.

Which AWS service should the company choose?

A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon S3
C. AWS Storage Gateway
D. Amazon Elastic File System (Amazon EFS)

A

B. Amazon S3

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere. S3 is a simple storage service that offers industry leading durability, availability, performance, security, and virtually unlimited scalability at very low costs.

314
Q

An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2 instances based on CPU utilization.

Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?

A. Amazon Simple Queue Service (Amazon SQS)
B. Amazon Simple Notification Service (Amazon SNS)
C. AWS Systems Manager
D. Amazon CloudWatch alarm

A

D. Amazon CloudWatch alarm

Amazon CloudWatch is a monitoring service that provides data and actionable insights for AWS resources. You can set up CloudWatch alarms to monitor metrics, such as CPU utilization, and trigger Auto Scaling actions based on defined thresholds.

315
Q

A company wants to transform its workforce by attracting and developing a digitally fluent high-performance workforce. The company wants to attract a diverse and inclusive workforce with appropriate mix of technical and non-technical skills.

Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?

A. Business
B. People
C. Platform
D. Operations

A

B. People

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/people-perspective.html

316
Q

A company wants to move its on-premises databases to managed cloud database services by using a simplified migration process.

Which AWS service or tool can help the company meet this requirement?

A. AWS Storage Gateway
B. AWS Application Migration Service
C. AWS DataSync
D. AWS Database Migration Service (AWS DMS)

A

D. AWS Database Migration Service (AWS DMS)

AWS Database Migration Service (DMS) is the service designed to help migrate on-premises databases to managed cloud database services in a simplified manner. It supports various database engines and provides a reliable and efficient way to migrate data with minimal downtime.

317
Q

A company needs a fully managed file server that natively supports Microsoft workloads and file systems. The file server must also support the SMB protocol.

Which AWS service should the company use to meet these requirements?

A. Amazon Elastic File System (Amazon EFS)
B. Amazon FSx for Lustre
C. Amazon FSx for Windows File Server
D. Amazon Elastic Block Store (Amazon EBS)

A

C. Amazon FSx for Windows File Server

Provide highly available, high performance storage to your Windows applications with full SMB support.

https://aws.amazon.com/fsx/windows/

318
Q

A company has been storing monthly reports in an Amazon S3 bucket. The company exports the report data into comma-separated values (.csv) files. A developer wants to write a simple query that can read all of these files and generate a summary report.

Which AWS service or feature should the developer use to meet these requirements with the LEAST amount of operational overhead?

A. Amazon S3 Select
B. Amazon Athena
C. Amazon Redshift
D. Amazon EC2

A

B. Amazon Athena

Amazon Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats.

319
Q

Which AWS feature provides a no-cost platform for AWS users to join community groups, ask questions, find answers, and read community-generated articles about best practices?

A. AWS Knowledge Center
B. AWS re:Post
C. AWS IQ
D. AWS Enterprise Support

A

B. AWS re:Post

re:Post provides access to curated knowledge and a vibrant community that helps you become even more successful on AWS.

https://repost.aws/

320
Q

A company needs to search for text in documents that are stored in Amazon S3.

Which AWS service will meet these requirements?

A. Amazon Kendra
B. Amazon Rekognition
C. Amazon Polly
D. Amazon Lex

A

A. Amazon Kendra

Amazon Kendra is an intelligent search service that uses natural language processing and advanced machine learning algorithms to return specific answers to search questions from your data.

https://docs.aws.amazon.com/kendra/latest/dg/what-is-kendra.html

321
Q

Which AWS services make use of global edge locations? (Choose two.)

A. AWS Fargate
B. Amazon CloudFront
C. AWS Global Accelerator
D. AWS Wavelength
E. Amazon VPC

A

B. Amazon CloudFront
C. AWS Global Accelerator

CloudFront is a content delivery network (CDN) service that uses a global network of edge locations to deliver content, such as web pages, videos, and images, to users with low latency and high transfer speeds.

Global Accelerator is a service that uses a network of AWS edge locations to route traffic over the AWS global network, improving the availability and performance of applications.

322
Q

A user needs a relational database but does not have the resources to manage the hardware, resiliency, and replication.

Which AWS service option meets the user’s requirements?

A. Run MySQL on Amazon Elastic Container Service (Amazon ECS).
B. Run MySQL on Amazon EC2.
C. Choose Amazon RDS for MySQL.
D. Choose Amazon ElastiCache for Redis.

A

C. Choose Amazon RDS for MySQL.

Amazon RDS (Relational Database Service) is a fully managed relational database service that takes care of tasks such as hardware provisioning, database setup, patching, and backups.

323
Q

A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to minimize the complexity that is related to the management of AWS resources.

Which AWS service should the company use to meet these requirements?

A. AWS Config
B. AWS Elastic Beanstalk
C. Amazon EC2
D. Amazon Personalize

A

B. AWS Elastic Beanstalk

Deploy scalable web applications in minutes without the complexity of provisioning and managing underlying infrastructure.

324
Q

Which mechanism allows developers to access AWS services from application code?

A. AWS Software Development Kit
B. AWS Management Console
C. AWS CodePipeline
D. AWS Config

A

A. AWS Software Development Kit

The AWS Software Development Kit (SDK) is the mechanism that allows developers to access AWS services from application code. The SDK provides libraries and APIs that developers can use to interact with AWS services programmatically.

325
Q

A company is migrating to the AWS Cloud. The company wants to understand and identify potential security misconfigurations or unexpected behaviors. The company wants to prioritize any protective controls it might need.

Which AWS Cloud Adoption Framework (AWS CAF) security perspective capability will meet these requirements?

A. Identity and access management
B. Threat detection
C. Platform engineering
D. Availability and continuity management

A

B. Threat detection

Understand and identify potential security misconfigurations, threats, or unexpected behaviors. A better understanding of security threats will enable you to prioritize protective controls.

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html

326
Q

A company wants to establish a private network connection between AWS and its corporate network.

Which AWS service or feature will meet this requirement?

A. Amazon Connect
B. Amazon Route 53
C. AWS Direct Connect
D. VPC peering

A

C. AWS Direct Connect

AWS Direct Connect is the service that allows a company to establish a private network connection between its corporate network and an Amazon Virtual Private Cloud (Amazon VPC).

327
Q

Which AWS services or features give users the ability to create a network connection between two VPCs? (Choose two.)

A. VPC endpoints
B. Amazon Route 53
C. VPC peering
D. AWS Direct Connect
E. AWS Transit Gateway

A

C. VPC peering
E. AWS Transit Gateway

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately.

You can configure your transit gateway as multiple isolated routers - which can route traffic between VPC’s.

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-peering.html

https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-isolated.html

328
Q

Which AWS service converts text to lifelike voices?

A. Amazon Transcribe
B. Amazon Rekognition
C. Amazon Polly
D. Amazon Textract

A

C. Amazon Polly

Deploy high-quality, natural-sounding human voices in dozens of languages

https://aws.amazon.com/polly/

329
Q

A company wants to use application stacks to run a workload in the AWS Cloud. The company wants to use pre-configured instances.

Which AWS service will meet these requirements?

A. Amazon Lightsail
B. Amazon Athena
C. AWS Outposts
D. Amazon EC2

A

A. Amazon Lightsail

LightSail gets you started quickly with preconfigured Linux and Windows application stacks and an intuitive management console.

https://aws.amazon.com/lightsail/

330
Q

Which AWS services are supported by Savings Plans? (Choose two.)

A. Amazon EC2
B. Amazon RDS
C. Amazon SageMaker
D. Amazon Redshift
E. Amazon DynamoDB

A

A. Amazon EC2
C. Amazon SageMaker

Savings Plan are available for:
- Compute Savings Plans
- EC2 Instance Savings Plans
- SageMaker Savings Plans

https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html

331
Q

Which AWS service or tool can provide rightsizing recommendations for Amazon EC2 resources at no additional cost?

A. AWS Well-Architected Tool
B. Amazon CloudWatch
C. AWS Cost Explorer
D. Amazon S3 analytics

A

C. AWS Cost Explorer

The rightsizing recommendations feature in Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating instances in Amazon Elastic Compute Cloud (Amazon EC2).

https://docs.aws.amazon.com/cost-management/latest/userguide/ce-rightsizing.html

332
Q

A company operates a petabyte-scale data warehouse to analyze its data. The company wants a solution that will not require manual hardware and software management.

Which AWS service will meet these requirements?

A. Amazon DocumentDB (with MongoDB compatibility)
B. Amazon Redshift
C. Amazon Neptune
D. Amazon ElastiCache

A

B. Amazon Redshift

Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to efficiently analyze all your data using your existing business intelligence tools.

https://docs.aws.amazon.com/redshift/

333
Q

A library wants to automate the classification of electronic books based on the contents of the books.

Which AWS service should the library use to meet this requirement?

A. Amazon Redshift
B. Amazon CloudSearch
C. Amazon Comprehend
D. Amazon Aurora

A

C. Amazon Comprehend

Uncover valuable insights from text in documents, customer support tickets, product reviews, emails, social media feeds, and more.

Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover valuable insights and connections in text.

334
Q

Which task is a responsibility of AWS, according to the AWS shared responsibility model?

A. Encryption of application data
B. Authentication of application users
C. Protection of physical network infrastructure
D. Configuration of firewalls

A

C. Protection of physical network infrastructure

335
Q

Which options are AWS Cloud Adoption Framework (AWS CAF) cloud transformation journey recommendations? (Choose two.)

A. Envision phase
B. Align phase
C. Assess phase
D. Mobilize phase
E. Migrate and modernize phase

A

A. Envision phase
B. Align phase

https://aws.amazon.com/cloud-adoption-framework/

336
Q

A company wants to generate a list of IAM users. The company also wants to view the status of various credentials that are associated with the users, such as password, access keys, and multi-factor authentication (MFA) devices.

Which AWS service or feature will meet these requirements?

A. IAM credential report
B. AWS IAM Identity Center (AWS Single Sign-On)
C. AWS Identity and Access Management Access Analyzer
D. AWS Cost and Usage Report

A

A. IAM credential report

You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

337
Q

A company is designing its AWS workloads so that components can be updated regularly and so that changes can be made in small, reversible increments.

Which pillar of the AWS Well-Architected Framework does this design support?

A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

A

C. Operational excellence

https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/operational-excellence.html

338
Q

A company wants to track tags, buckets, and prefixes for its Amazon S3 objects.

Which S3 feature will meet this requirement?

A. S3 Inventory report
B. S3 Lifecycle
C. S3 Versioning
D. S3 ACLs

A

A. S3 Inventory report

https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html

339
Q

A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of credentials.

Which AWS service or resource will meet this requirement?

A. AWS Organizations
B. IAM user
C. AWS IAM Identity Center (AWS Single Sign-On)
D. AWS Control Tower

A

C. AWS IAM Identity Center (AWS Single Sign-On)

AWS Single Sign-On (SSO) enables centralized authentication and authorization across multiple AWS accounts and other business applications. It allows users to sign in once and access resources in various accounts without the need for separate credentials for each account.

340
Q

A company created an Amazon EC2 instance. The company wants to control the incoming and outgoing network traffic at the instance level.

Which AWS resource or service will meet this requirement?

A. AWS Shield
B. Security groups
C. Network Access Analyzer
D. VPC endpoints

A

B. Security groups

Security groups act as virtual firewalls for your Amazon EC2 instances, controlling inbound and outbound traffic.

341
Q

A company wants to use the AWS Cloud to deploy an application globally.

Which architecture deployment model should the company use to meet this requirement?

A. Multi-Region
B. Single-Region
C. Multi-AZ
D. Single-AZ

A

A. Multi-Region

Using a Multi-Region architecture allows you to distribute your application across different AWS regions, providing redundancy and minimizing the impact of potential regional failures.

342
Q

A company wants a web application to interact with various AWS services.

Which AWS service or resource will meet this requirement?

A. AWS CloudShell
B. AWS Marketplace
C. AWS Management Console
D. AWS CLI

A

C. AWS Management Console

The Management Console provides a number of organized and human-friendly ways to review, monitor, and interact with resources that you have created
https://aws.amazon.com/console/features/

343
Q

A company is migrating its applications from on-premises to the AWS Cloud. The company wants to ensure that the applications are assigned only the minimum permissions that are needed to perform all operations.

Which AWS service will meet these requirements?

A. AWS Identity and Access Management (IAM)
B. Amazon CloudWatch
C. Amazon Macie
D. Amazon GuardDuty

A

A. AWS Identity and Access Management (IAM)

AWS IAM is the service specifically designed for managing access to AWS services and resources.

344
Q

Which options are AWS Cloud Adoption Framework (AWS CAF) governance perspective capabilities? (Choose two.)

A. Identity and access management
B. Cloud financial management
C. Application portfolio management
D. Innovation management
E. Product management

A

B. Cloud financial management
C. Application portfolio management

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/governance-perspective.html

345
Q

Which AWS service provides a single location to track the progress of application migrations?

A. AWS Application Discovery Service
B. AWS Application Migration Service
C. AWS Service Catalog
D. AWS Migration Hub

A

D. AWS Migration Hub

AWS Migration Hub (Migration Hub) provides a single place to discover your existing servers, plan migrations, and track the status of each application migration.

346
Q

A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon Machine Image (AMI).

Which actions can a system administrator take to connect to the EC2 instance? (Choose two.)

A. Use Amazon EC2 Instance Connect.
B. Use a Remote Desktop Protocol (RDP) connection.
C. Use AWS Batch.
D. Use AWS Systems Manager Session Manager.
E. Use Amazon Connect.

A

A. Use Amazon EC2 Instance Connect.
D. Use AWS Systems Manager Session Manager.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-to-linux-instance.html

347
Q

Which architecture concept describes the ability to deploy resources on demand and release resources when they are no longer needed?

A. High availability
B. Decoupled architecture
C. Resilience
D. Elasticity

A

D. Elasticity

348
Q

Which task requires a user to sign in as the AWS account root user?

A. The deletion of IAM users
B. The deletion of an AWS account
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances

A

B. The deletion of an AWS account.

https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-tasks.html

349
Q

What does the Amazon S3 Intelligent-Tiering storage class offer?

A. Payment flexibility by reserving storage capacity
B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure, durable, and lowest cost storage for data archival

A

C. Automatic cost savings by moving objects between tiers based on access pattern changes

Amazon S3 Intelligent-Tiering is the only cloud storage class that delivers automatic storage cost savings when data access patterns change, without performance impact or operational overhead.
https://aws.amazon.com/s3/storage-classes/intelligent-tiering/

350
Q

A company needs Amazon EC2 instances for a workload that can tolerate interruptions.

Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-Demand prices?

A. Spot Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Dedicated Hosts

A

A. Spot Instances

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

351
Q

A company is planning to migrate to the AWS Cloud. The company wants to identify measurable business outcomes that will explain the value of the company’s decision to migrate.

Which phase of the cloud transformation journey includes these activities?

A. Envision
B. Align
C. Scale
D. Launch

A

A. Envision

Envision phase focuses on demonstrating how cloud will help accelerate your business outcomes.

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

352
Q

Which AWS service or component allows inbound traffic from the internet to access a VPC?

A. Internet gateway
B. NAT gateway
C. AWS WAF
D. VPC peering

A

A. Internet gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

353
Q

Which AWS service can companies use to create infrastructure from code?

A. Amazon Elastic Kubernetes Service (Amazon EKS)
B. AWS Outposts
C. AWS CodePipeline
D. AWS CloudFormation

A

D. AWS CloudFormation

For AWS cloud development, the built-in choice for infrastructure as code is AWS CloudFormation.

354
Q

Which guideline is a well-architected design principle for building cloud applications?

A. Keep static data closer to compute resources.
B. Provision resources for peak capacity.
C. Design for automated recovery from failure.
D. Use tightly coupled components.

A

C. Design for automated recovery from failure.

From a design principle standpoint, its more important to recover from failure than to plan ahead for peak capacity.

355
Q

A company needs to move 75 petabytes of data from its on-premises data centers to AWS.

Which AWS service should the company use to meet these requirements MOST cost-effectively?

A. AWS Snowball Edge Storage Optimized
B. AWS Snowmobile
C. AWS Direct Connect
D. AWS Storage Gateway

A

B. AWS Snowmobile

AWS Snowmobile moves extremely large amounts of data to AWS. Transfer up to 100 PB per Snowmobile, a 45-foot-long ruggedized shipping container pulled by a semi-trailer truck.

https://aws.amazon.com/snowmobile/

356
Q

Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

A. Resource scalability
B. Performance efficiency
C. System elasticity
D. Agile development
E. Operational excellence

A

B. Performance efficiency
E. Operational excellence

https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html

357
Q

A company needs to connect its on-premises data center to the AWS Cloud. The company needs a dedicated, low-latency connection with consistent network performance.

Which AWS service will meet these requirements?

A. AWS Global Accelerator
B. Amazon CloudFront
C. AWS Direct Connect
D. AWS Managed VPN

A

C. AWS Direct Connect

https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

358
Q

Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Choose two.)

A. Maximize utilization of Amazon EC2 instances.
B. Minimize utilization of Amazon EC2 instances.
C. Minimize usage of managed services.
D. Force frequent application reinstallations by users.
E. Reduce the need for users to reinstall applications.

A

A. Maximize utilization of Amazon EC2 instances.
E. Reduce the need for users to reinstall applications.

https://docs.aws.amazon.com/wellarchitected/latest/sustainability-pillar/design-principles-for-sustainability-in-the-cloud.html

359
Q

In which ways does the AWS Cloud offer lower total cost of ownership (TCO) of computing resources than on-premises data centers? (Choose two.)

A. AWS replaces upfront capital expenditures with pay-as-you-go costs.
B. AWS is designed for high availability, which eliminates user downtime.
C. AWS eliminates the need for on-premises IT staff.
D. AWS uses economies of scale to continually reduce prices.
E. AWS offers a single pricing model for Amazon EC2 instances.

A

A. AWS replaces upfront capital expenditures with pay-as-you-go costs.
D. AWS uses economies of scale to continually reduce prices.

https://aws.amazon.com/blogs/publicsector/tco-cost-optimization-best-practices-for-managing-usage/

360
Q

A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data must remain local and on premises. There must be low latency between AWS and the company resources.

Which AWS service or feature can be used to meet these requirements?

A. AWS Local Zones
B. Availability Zones
C. AWS Outposts
D. AWS Wavelength Zones

A

C. AWS Outposts

AWS Outposts allows you to deploy AWS-designed infrastructure on-premises, providing a consistent hybrid experience. With AWS Outposts, you can run compute and storage workloads locally on your premises while seamlessly connecting to the rest of AWS’s broad array of services in the cloud.

https://docs.aws.amazon.com/outposts/latest/userguide/what-is-outposts.html

361
Q

Which of the following AWS services are serverless? (Choose two.)

A. AWS Outposts
B. Amazon EC2
C. Amazon Elastic Kubernetes Service (Amazon EKS)
D. AWS Fargate
E. AWS Lambda

A

D. AWS Fargate
E. AWS Lambda

AWS Fargate is a serverless compute engine for containers that allows you to run containers without managing the underlying infrastructure.

AWS Lambda is a fully serverless compute service that allows you to run code without provisioning or managing servers. It automatically scales your applications in response to incoming traffic.

362
Q

When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS, which Amazon EC2 instance type is required?

A. Spot Instances
B. Dedicated Instances
C. Dedicated Hosts
D. Reserved Instances

A

C. Dedicated Hosts

Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses

https://aws.amazon.com/ec2/dedicated-hosts/

363
Q

A solutions architect needs to maintain a fleet of Amazon EC2 instances so that any impaired instances are replaced with new ones.

Which AWS service should the solutions architect use?

A. Amazon Elastic Container Service (Amazon ECS)
B. Amazon GuardDuty
C. AWS Shield
D. AWS Auto Scaling

A

D. AWS Auto Scaling

If there are issues that cause Amazon EC2 to consider the instances in your Auto Scaling group impaired, Amazon EC2 Auto Scaling automatically replaces the impaired instances as part of its health check.

https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html

364
Q

Which AWS service provides on-premises applications with low-latency access to data that is stored in the AWS Cloud?

A. Amazon CloudFront
B. AWS Storage Gateway
C. AWS Backup
D. AWS DataSync

A

B. AWS Storage Gateway

Provide on-premises applications with access to virtually unlimited cloud storage.

https://aws.amazon.com/storagegateway/

365
Q

What does Amazon CloudFront provide?

A. Automatic scaling for all resources to power an application from a single unified interface
B. Secure delivery of data, videos, applications, and APIs to users globally with low latency
C. Ability to directly manage traffic globally through a variety of routing types, including latency-based routing, geo DNS, geoproximity, and weighted round robin
D. Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and AWS Lambda functions

A

B. Secure delivery of data, videos, applications, and APIs to users globally with low latency

Amazon CloudFront is a content delivery network (CDN) service that helps you distribute your static and dynamic content quickly and reliably with high speed

https://aws.amazon.com/cloudfront/

366
Q

Which AWS service supports the deployment and management of applications in the AWS Cloud?

A. Amazon CodeGuru
B. AWS Fargate
C. AWS CodeCommit
D. AWS Elastic Beanstalk

A

D. AWS Elastic Beanstalk

AWS Elastic Beanstalk helps you deploy and manage web applications with capacity provisioning, app health monitoring, and more.

https://aws.amazon.com/elasticbeanstalk/

367
Q

A company wants to integrate natural language processing (NLP) into business intelligence (BI) dashboards. The company wants to ask questions and receive answers with relevant visualizations.

Which AWS service or tool will meet these requirements?

A. Amazon Macie
B. Amazon Rekognition
C. Amazon QuickSight Q
D. Amazon Lex

A

C. Amazon QuickSight Q

With the Generative business intelligence (BI) capabilities of Amazon Q in QuickSight, BI users can build, discover, and share actionable insights and narratives in seconds using intuitive natural language experiences.

https://aws.amazon.com/quicksight/q/

368
Q

Which Amazon S3 feature or storage class uses the AWS backbone network and edge locations to reduce latencies from the end user to Amazon S3?

A. S3 Cross-Region Replication
B. S3 Transfer Acceleration
C. S3 Event Notifications
D. S3 Standard-Infrequent Access (S3 Standard-IA)

A

B. S3 Transfer Acceleration

S3TA improves transfer performance by routing traffic through Amazon CloudFront’s globally distributed Edge Locations and over AWS backbone networks, and by using network protocol optimizations.

https://aws.amazon.com/s3/transfer-acceleration/

369
Q

Which AWS service provides the ability to host a NoSQL database in the AWS Cloud?

A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift

A

B. Amazon DynamoDB

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

370
Q

Which AWS service is a relational database compatible with MySQL and PostgreSQL?

A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Neptune

A

C. Amazon Aurora

Amazon Aurora is a global-scale relational database service built for the cloud with full MySQL and PostgreSQL compatibility.

https://aws.amazon.com/rds/aurora/

371
Q

Which architecture design principle describes the need to isolate failures between dependent components in the AWS Cloud?

A. Use a monolithic design.
B. Design for automation.
C. Design for single points of failure.
D. Loosely couple components.

A

D. Loosely couple components.

Loosely couple components (microservices) are conceptually small pieces of “monolithic” application created/implemented to isolate failures between dependent components in the AWS Cloud

372
Q

Which benefit of cloud computing gives a company the ability to deploy applications to users all over the world through a network of AWS Regions, Availability Zones, and edge locations?

A. Economy of scale
B. Global reach
C. Agility
D. High availability

A

B. Global reach

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Go Global in minutes = Global Reach

373
Q

Which AWS service makes it easier to monitor and troubleshoot application logs and cloud resources?

A. Amazon EC2
B. AWS Identity and Access Management (IAM)
C. Amazon CloudWatch
D. AWS CloudTrail

A

C. Amazon CloudWatch

Amazon CloudWatch is an AWS monitoring service for cloud resources and the applications that you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms.

https://docs.aws.amazon.com/prescriptive-guidance/latest/logging-monitoring-for-application-owners/aws-services-logging-monitoring.html

374
Q

Which AWS service uses AWS Compute Optimizer to provide sizing recommendations based on workload metrics?

A. Amazon EC2
B. Amazon RDS
C. Amazon Lightsail
D. AWS Step Functions

A

A. Amazon EC2

AWS Compute Optimizer helps avoid overprovisioning and underprovisioning four types of AWS resources—Amazon Elastic Compute Cloud (EC2) instance types, Amazon Elastic Block Store (EBS) volumes, Amazon Elastic Container Service (ECS) services on AWS Fargate, and AWS Lambda functions—based on your utilization data.

https://aws.amazon.com/compute-optimizer/

375
Q

Which AWS service will help a company plan a migration to AWS by collecting the configuration, usage, and behavior data of on-premises data centers?

A. AWS Resource Groups
B. AWS Application Discovery Service
C. AWS Service Catalog
D. AWS Systems Manager

A

B. AWS Application Discovery Service

AWS Application Discovery Service helps you plan your migration to the AWS cloud by collecting usage and configuration data about your on-premises servers and databases. Application Discovery Service is integrated with AWS Migration Hub and AWS Database Migration Service Fleet Advisor.

https://docs.aws.amazon.com/application-discovery/latest/userguide/what-is-appdiscovery.html

376
Q

Which AWS service uses a combination of publishers and subscribers?

A. AWS Lambda
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon CloudWatch
D. AWS CloudFormation

A

B. Amazon Simple Notification Service (Amazon SNS)

Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers).

https://docs.aws.amazon.com/sns/latest/dg/welcome.html

377
Q

A company is in the early stages of planning a migration to AWS. The company wants to obtain the monthly predicted total AWS cost of ownership for future Amazon EC2 instances and associated storage.

Which AWS service or tool should the company use to meet these requirements?

A. AWS Pricing Calculator
B. AWS Compute Optimizer
C. AWS Trusted Advisor
D. AWS Application Migration Service

A

A. AWS Pricing Calculator

AWS Pricing Calculator is a free web-based planning tool that you can use to create cost estimates for using AWS services.

https://docs.aws.amazon.com/pricing-calculator/latest/userguide/what-is-pricing-calculator.html

378
Q

Which options are AWS Cloud Adoption Framework (AWS CAF) people perspective capabilities? (Choose two.)

A. Organizational alignment
B. Portfolio management
C. Organization design
D. Risk management
E. Modern application development

A

A. Organizational alignment
C. Organization design

A and C are correct.
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

379
Q

Which AWS Cloud Adoption Framework (AWS CAF) capabilities belong to the governance perspective? (Choose two.)

A. Program and project management
B. Product management
C. Portfolio management
D. Risk management
E. Event management

A

A. Program and project management
D. Risk management

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

380
Q

A company wants to use AWS Managed Services (AMS) for operational support and wants to understand the scope of AMS.

Which AMS feature will meet these requirements?

A. Landing zone and network management
B. Customer application development
C. DevSecOps pipeline configuration
D. Application log monitoring

A

A. Landing zone and network management

The customer must configure the rest of the options.

381
Q

A company wants to define a central data protection policy that works across AWS services for compute, storage, and database resources.

Which AWS service will meet this requirement?

A. AWS Batch
B. AWS Elastic Disaster Recovery
C. AWS Backup
D. Amazon FSx

A

C. AWS Backup

AWS Backup provides a centralized backup console, a set of backup APIs, and the AWS Command Line Interface (AWS CLI) to manage backups across the AWS services that your applications use.

https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html

382
Q

Which AWS Well-Architected Framework pillar focuses on structured and streamlined allocation of computing resources?

A. Reliability
B. Operational excellence
C. Performance efficiency
D. Sustainability

A

C. Performance efficiency

383
Q

A company needs to categorize and track AWS usage cost based on business categories.

Which AWS service or feature should the company use to meet these requirements?

A. Cost allocation tags
B. AWS Organizations
C. AWS Security Hub
D. AWS Cost and Usage Report

A

A. Cost allocation tags

Cost allocation tags enable you to categorize and track your AWS costs. When you apply tags to your AWS resources (such as EC2 instances or S3 buckets), AWS generates a Cost and Usage Report that includes usage and costs aggregated by tags.

384
Q

A company wants to use machine learning capabilities to analyze log data from its Amazon EC2 instances and efficiently conduct security investigations.

Which AWS service will meet these requirements?

A. Amazon Inspector
B. Amazon QuickSight
C. Amazon Detective
D Amazon GuardDuty

A

C. Amazon Detective

Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of security issues or suspicious activities. It automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct investigations.

385
Q

A company is launching a mobile app in the AWS Cloud. The company wants the app’s users to sign in through social media identity providers (IdPs).

Which AWS service will meet this requirement?

A. AWS Lambda
B. Amazon Cognito
C. AWS Secrets Manager
D. Amazon CloudFront

A

B. Amazon Cognito

Amazon Cognito provides authentication, authorization, and user management for web and mobile apps. Users can sign in directly with a user name and password, or through third-party identity providers such as Facebook, Google, and Amazon, as well as through enterprise identity providers via SAML 2.0.

386
Q

A company wants to deploy a non-containerized Java-based web application on AWS. The company wants to use a managed service to quickly deploy the application. The company wants the service to automatically provision capacity, load balance, scale, and monitor application health.

Which AWS service will meet these requirements?

A. Amazon Elastic Container Service (Amazon ECS)
B. AWS Lambda
C. Amazon Elastic Kubernetes Service (Amazon EKS)
D. AWS Elastic Beanstalk

A

D. AWS Elastic Beanstalk

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

386
Q

Which AWS service or tool gives users the ability to connect with AWS and deploy resources programmatically?

A. Amazon QuickSight
B. AWS PrivateLink
C. AWS Direct Connect
D. AWS SDKs

A

D. AWS SDKs

WS SDKs provide a set of tools for developers to integrate with and manage AWS services programmatically. These SDKs support multiple programming languages, including Java, Python, .NET, Node.js, PHP, Ruby, and Go, among others, enabling developers to use the language they are most comfortable with to interact with AWS services

387
Q

Which complimentary AWS service or tool creates data-driven business cases for cloud planning?

A. Migration Evaluator
B. AWS Billing Conductor
C. AWS Billing Console
D. Amazon Forecast

A

A. Migration Evaluator

The complimentary AWS service that helps create data-driven business cases for cloud planning is AWS Migration Evaluator, formerly known as TSO Logic. AWS Migration Evaluator assists organizations in understanding the cost-benefits of moving to AWS by analyzing their current on-premises IT infrastructure usage and costs.

387
Q

Which option is a responsibility of AWS under the AWS shared responsibility model?

A. Application data security
B. Patch management for applications that run on Amazon EC2 instances
C. Patch management of the underlying infrastructure for managed services
D. Application identity and access management

A

C. Patch management of the underlying infrastructure for managed services

388
Q

A company needs a bridge between technology and business to help evolve to a culture of continuous growth and learning.

Which perspective in the AWS Cloud Adoption Framework (AWS CAF) serves as this bridge?

A. People
B. Governance
C. Operations
D. Security

A

A. People

389
Q

Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture?

A. Security
B. Governance
C. Operations
D. Platform

A

D. Platform

https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

390
Q

Which AWS resource can help a company reduce its costs in exchange for a usage commitment when using Amazon EC2 instances?

A. Compute Savings Plans
B. Auto Scaling group
C. On-Demand Instance
D. EC2 instance store

A

A. Compute Savings Plans

391
Q

Which AWS service or tool will monitor AWS resources and applications in real time?

A. AWS Trusted Advisor
B. Amazon CloudWatch
C. AWS CloudTrail
D. AWS Cost Explorer

A

B. Amazon CloudWatch