CLF-C02 Questions Flashcards
A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?
A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days
C. The transfer of data from the Snowball Edge appliance into Amazon S3
Data transfer IN to Amazon S3 is $0.00 per GB (except for small files as explained below).
Data transfer OUT of Amazon S3 is priced by region. See data transfer OUT pricing by region in the table below.
https://aws.amazon.com/snowball/pricing/
A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty
B. Amazon Inspector
AWS Inspector automatically assess vulnerability and unintended network exposure. It assess based on known vulnerabilities and then notify to AWS resources owner for remediate.
https://aws.amazon.com/inspector/features/?nc=sn&loc=2&refid=3da0c7fb-0599-4e9f-a78c-2df84cba096e
A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?
A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
AWS Storage Gateway is a set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.
https://aws.amazon.com/storagegateway/
According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?
A. Hard code an IAM user’s secret key and access key directly in the application, and upload the file.
B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.
C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
D. Modify the S3 bucket policy so that any service can upload to it at any time.
C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.
Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?
A. Physical security of DynamoDB
B. Patching of DynamoDB
C. Access to DynamoDB tables
D. Encryption of data at rest in DynamoDB
C. Access to DynamoDB tables
Under the AWS Shared Responsibility Model, the responsibility for certain aspects of a service is divided between AWS and the customer. Regarding Amazon DynamoDB:
The customer is responsible for:
C. Access to DynamoDB tables
This means that the customer is responsible for managing and controlling access to their DynamoDB tables, including setting up appropriate IAM (Identity and Access Management) permissions and policies.
Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?
A. Sustainability
B. Performance efficiency
C. Governance
D. Reliability
C. Governance
The AWS Cloud Adoption Framework perspectives are -
- Business
- People
- Governance
- Platform
- Security
- Operations
https://aws.amazon.com/cloud-adoption-framework/
A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance.
Which AWS service meets these requirements?
A. AWS Lambda
B. Amazon RDS
C. AWS Fargate
D. Amazon Athena
C. AWS Fargate
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances.
https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-fargate.html
A company wants to run a NoSQL database on Amazon EC2 instances.
Which task is the responsibility of AWS in this scenario?
A. Update the guest operating system of the EC2 instances.
B. Maintain high availability at the database layer.
C. Patch the physical infrastructure that hosts the EC2 instances.
D. Configure the security group firewall.
C. Patch the physical infrastructure that hosts the EC2 instances.
Responsibility of AWS: AWS manages the physical infrastructure, including patching and updates at the hardware level. Customers do not have direct control over the physical infrastructure.
Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)
A. AWS Cost Explorer
B. AWS Billing Conductor
C. Amazon CodeGuru
D. Amazon SageMaker
E. AWS Compute Optimizer
A. AWS Cost Explorer
AWS Cost Explorer provides cost and usage reports, allowing you to analyze your historical costs and usage patterns. While it doesn’t directly identify rightsizing opportunities, it can help you understand your current spending and identify areas where rightsizing might be beneficial.
E. AWS Compute Optimizer
AWS Compute Optimizer is a service that recommends optimal AWS resources for your workloads. It analyzes the historical utilization of your Amazon EC2 instances and provides recommendations for rightsizing, which involves changing the instance type to a better fit based on the workload’s requirements.
Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
A. Providing high-performance container orchestration
B. Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E. Implementing enforced tagging across AWS resources
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
C & D are correct.
Benefits of Trusted Advisor:
* Cost optimization - Trusted Advisor can help you save cost with actionable recommendations by analyzing usage, configuration and spend.
* Performance - Trusted Advisor can help improve the performance of your services with actionable recommendations by analyzing usage and configuration.
* Security - Trusted Advisor can help improve the security of your AWS environment by suggesting foundational security best practices curated by security experts.
* Fault tolerance - Trusted Advisor can help improve the reliability of your services.
* Service quotas - Service quotas are the maximum number of resources that you can create in an AWS account.
Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
A. Elimination of expenses for running and maintaining data centers
B. Price discounts that are identical to discounts from hardware providers
C. Distribution of all operational controls to AWS
D. Elimination of operational expenses
A. Elimination of expenses for running and maintaining data centers.
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.
Which AWS service will meet this requirement?
A. AWS Resource Explorer
B. AWS Service Catalog
C. AWS Organizations
D. AWS Systems Manager
B. AWS Service Catalog
- AWS Resource Explorer: Search for and discover relevant resources across AWS
- AWS Service Catalog: Create, share, organize, and govern your curated IaC templates
- AWS Organizations: An account management service that lets you consolidate multiple AWS accounts into an organization and centrally manage.
- AWS Systems Manager: Manage your resources on AWS and in multicloud and hybrid environments.
Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?
A. AWS Organizations
B. AWS Pricing Calculator
C. AWS Cost Explorer
D. AWS Service Catalog
C. AWS Cost Explorer: Visualizes, understands, and manages AWS spending and usage over time. Provides detailed insights, historical data, and forecasting.
A. AWS Organizations: Manages multiple AWS accounts in an organization, aiding in billing and cost allocation. Not focused on detailed spending visualization.
B. AWS Pricing Calculator: Estimates AWS service costs based on configurations. Lacks detailed historical spending and usage insights.
C. AWS Cost Explorer: Visualizes, understands, and manages AWS spending and usage over time. Provides detailed insights, historical data, and forecasting.
D. AWS Service Catalog: Manages approved IT service catalogs but doesn’t focus on detailed cost visualization.
A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.
Which combination of AWS services should the company use to meet these requirements? (Choose two.)
A. AWS Glue
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Redshift
D. Amazon QuickSight
E. Amazon Quantum Ledger Database (Amazon QLDB)
A. AWS Glue
D. Amazon QuickSight
AWS Glue is a serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development.
https://aws.amazon.com/glue/
Amazon QuickSight powers data-driven organizations with unified business intelligence (BI) at hyperscale. With QuickSight, all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics, and natural language queries.
https://aws.amazon.com/quicksight/
A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with AWS internal best practices.
Which AWS service or resource will meet these requirements?
A. AWS Support
B. AWS Professional Services
C. AWS Launch Wizard
D. AWS Managed Services (AMS)
B. AWS Professional Services
The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.
https://aws.amazon.com/professional-services/
An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.
Which EC2 purchasing option will meet these requirements MOST cost-effectively?
A. Reserved Instances
B. Dedicated Hosts
C. Spot Instances
D. On-Demand Instances
D. On-Demand Instances
“On-Demand Instances are recommended for:
* Users that prefer the low cost and flexibility of EC2 without any upfront payment or long-term commitment
* Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted
* Applications being developed or tested on EC2 for the first time”
Reference: https://aws.amazon.com/ec2/pricing/
A developer wants to deploy an application quickly on AWS without manually creating the required resources.
Which AWS service will meet these requirements?
A. Amazon EC2
B. AWS Elastic Beanstalk
C. AWS CodeBuild
D. Amazon Personalize
B. AWS Elastic Beanstalk
With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring.
A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.
Which S3 feature should the company use to meet these requirements?
A. S3 Lifecycle rules
B. S3 Versioning
C. S3 bucket policies
D. S3 server-side encryption
B. S3 Versioning
Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.
Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, Amazon S3 inserts a delete marker instead of removing the object permanently.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html
Which AWS service provides the ability to manage infrastructure as code?
A. AWS CodePipeline
B. AWS CodeDeploy
C. AWS Direct Connect
D. AWS CloudFormation
D. AWS CloudFormation
The Correct answer is D.
AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.
https://aws.amazon.com/cloudformation/
An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without any disruption.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Spot Fleet
B. Reserved Instances
Reserved Instances (RIs) provide a significant discount (compared to On-Demand Instances) in exchange for a commitment of one or three years. They are suitable for consistent, predictable workloads. RIs offer cost-effectiveness while ensuring the EC2 instances are online and available without disruptions.
Which AWS service or feature allows a user to establish a dedicated network connection between a company’s on-premises data center and the AWS Cloud?
A. AWS Direct Connect
B. VPC peering
C. AWS VPN
D. Amazon Route 53
A. AWS Direct Connect
Create a dedicated network connection to AWS.
The AWS Direct Connect cloud service is the shortest path to your AWS resources. While in transit, your network traffic remains on the AWS global network and never touches the public internet.
https://aws.amazon.com/directconnect/
Which option is a physical location of the AWS global infrastructure?
A. AWS DataSync
B. AWS Region
C. Amazon Connect
D. AWS Organizations
B. AWS Region
AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of a minimum of three, isolated, and physically separate AZs within a geographic area.
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?
A. Reliability
B. Security
C. Operational excellence
D. Performance efficiency
B. Security
Security: Focuses on protecting information, systems, and assets. It involves implementing best practices for identity and access management, data protection, and risk assessment and mitigation.
What is the purpose of having an internet gateway within a VPC?
A. To create a VPN connection to the VPC
B. To allow communication between the VPC and the internet
C. To impose bandwidth constraints on internet traffic
D. To load balance traffic from the internet across Amazon EC2 instances
B. To allow communication between the VPC and the internet
“An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.”
Reference: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.
Which best practice of the AWS Well-Architected Framework is the company following with this plan?
A. Integrate functional testing as part of AWS deployment.
B. Use automation to deploy changes.
C. Deploy the application to multiple locations.
D. Implement loosely coupled dependencies.
D. Implement loosely coupled dependencies.
Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate behavior of a component from other components that depend on it, increasing resiliency and agility.
https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_prevent_interaction_failure_loosely_coupled_system.html
A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes.
Which AWS service or tool will meet this requirement?
A. IAM Access Analyzer
B. AWS Artifact
C. IAM credential report
D. AWS Audit Manager
C. IAM credential report
You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key updates.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
A company wants to receive a notification when a specific AWS cost threshold is reached.
Which AWS services or tools can the company use to meet this requirement? (Choose two.)
A. Amazon Simple Queue Service (Amazon SQS)
B. AWS Budgets
C. Cost Explorer
D. Amazon CloudWatch
E. AWS Cost and Usage Report
B. AWS Budgets
D. Amazon CloudWatch
B. AWS Budgets: AWS Budgets is a service that allows you to set custom cost and usage budgets for your AWS resources. You can configure a budget with a specific threshold and define actions, such as sending notifications, when that threshold is reached.
D. Amazon CloudWatch: Amazon CloudWatch is a monitoring service that can be used to collect and track metrics, logs, and events from various AWS resources. It supports setting up alarms based on cost metrics, so you can create an alarm for a specific cost threshold and configure it to send notifications when the threshold is breached.
Which AWS service or resource provides answers to the most frequently asked security-related questions that AWS receives from its users?
A. AWS Artifact
B. Amazon Connect
C. AWS Chatbot
D. AWS Knowledge Center
D. AWS Knowledge Center
The AWS Knowledge Center helps answer the questions most frequently asked by AWS Support customers.
Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)
A. Configure the AWS provided security group firewall.
B. Classify company assets in the AWS Cloud.
C. Determine which Availability Zones to use for Amazon S3 buckets.
D. Patch or upgrade Amazon DynamoDB.
E. Select Amazon EC2 instances to run AWS Lambda on.
A. Configure the AWS provided security group firewall.
B. Classify company assets in the AWS Cloud.
A. Configure the AWS provided security group firewall: Customers are responsible for configuring and managing security group firewalls to control inbound and outbound traffic to their AWS resources.
B. Classify company assets in the AWS Cloud: Asset classification is typically a customer responsibility as part of their data governance and security practices.
The other options are not accurate in the context of customer responsibilities:
C. Determine which Availability Zones to use for Amazon S3 buckets: This is more of a design decision and falls under the AWS management responsibilities.
D. Patch or upgrade Amazon DynamoDB: Patching or upgrading services like Amazon DynamoDB is managed by AWS. Customers are not responsible for patching or upgrading the underlying infrastructure or services provided by AWS.
E. Select Amazon EC2 instances to run AWS Lambda on: The selection of underlying infrastructure for serverless services like AWS Lambda is managed by AWS. Customers focus on writing and deploying functions without managing the underlying instances.
Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)
A. Availability
B. Reliability
C. Scalability
D. Responsive design
E. Operational excellence
B. Reliability
E. Operational excellence
There are 6 pillars -
1. Operational excellence
2. Security
3. Reliability
4. Performance efficiency
5. Cost optimization
6. Sustainability
Which AWS service or feature is used to send both text and email messages from distributed applications?
A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)
A. Amazon Simple Notification Service (Amazon SNS)
Amazon Simple Notification Service (Amazon SNS) sends notifications two ways, A2A and A2P. A2A provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. These applications include Amazon Simple Queue Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, and other HTTPS endpoints. A2P functionality lets you send messages to your customers with SMS texts, push notifications, and email.
https://aws.amazon.com/sns/
A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.
Which option will provide the user with the appropriate access?
A. Amazon Inspector
B. Access keys
C. SSH public keys
D. AWS Key Management Service (AWS KMS) keys
B. Access keys
“Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).”
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.
Which pricing model enables the company to optimize costs and meet these requirements?
A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Instances
B. Spot Instances
Spot Instances: Allow users to bid for unused EC2 capacity, potentially providing cost savings. They are suitable for workloads that are fault-tolerant and can handle interruptions. Spot Instances are a good fit for the described scenario of thousands of simultaneous simulations.
What does the concept of agility mean in AWS Cloud computing? (Choose two.)
A. The speed at which AWS resources are implemented
B. The speed at which AWS creates new AWS Regions
C. The ability to experiment quickly
D. The elimination of wasted capacity
E. The low cost of entry into cloud computing
A. The speed at which AWS resources are implemented: Agility in AWS refers to the ability to quickly provision and implement resources, allowing users to adapt to changing requirements and scale resources as needed.
C. The ability to experiment quickly: Agility involves the capability to experiment rapidly, enabling users to innovate, test ideas, and iterate quickly in the cloud environment.
The other options are described as follows:
B. The speed at which AWS creates new AWS Regions: The creation of new AWS Regions is not typically within the control of individual AWS customers. AWS decides when and where to create new regions based on business considerations.
D. The elimination of wasted capacity: While efficiency and cost optimization are important aspects of cloud computing, the elimination of wasted capacity is not a direct aspect of the concept of agility.
E. The low cost of entry into cloud computing: While cost considerations are important, the low cost of entry is not a defining aspect of agility. Agility focuses more on speed, flexibility, and the ability to respond quickly to changing demands.
A company needs to block SQL injection attacks.
Which AWS service or feature can meet this requirement?
A. AWS WAF
B. AWS Shield
C. Network ACLs
D. Security groups
A. AWS WAF
A. AWS WAF (Web Application Firewall): A web application firewall that allows users to create custom rules to filter and monitor HTTP or HTTPS requests to a web application. It helps protect against common web exploits, including SQL injection attacks, by allowing the blocking or rate-limiting of malicious requests.
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?
A. AWS Service Catalog
B. AWS Systems Manager
C. AWS IAM Access Analyzer
D. AWS Organizations
C. AWS IAM Access Analyzer
IAM Access Analyzer helps identify resources in your organization and accounts that are shared with an external entity.
https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud.
How can these reports be generated?
A. Contact the AWS Compliance team.
B. Download the reports from AWS Artifact.
C. Open a case with AWS Support.
D. Generate the reports with Amazon Macie.
B. Download the reports from AWS Artifact.
AWS Artifact is a portal that provides access to various compliance reports, including certifications, attestations, and other relevant documents. You can download these reports directly from AWS Artifact.
An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which cost is the company’s direct responsibility?
A. Cost of application software licenses
B. Cost of the hardware infrastructure on AWS
C. Cost of power for the AWS servers
D. Cost of physical security for the AWS data center
A. Cost of application software licenses
A. Cost of application software licenses: In the AWS Cloud, customers are responsible for the cost of application software licenses. This includes any software licenses required to run applications on AWS services. AWS provides the underlying infrastructure, and customers are responsible for licensing their application software.
A company is setting up AWS Identity and Access Management (IAM) on an AWS account.
Which recommendation complies with IAM security best practices?
A. Use the account root user access keys for administrative tasks.
B. Grant broad permissions so that all company employees can access the resources they need.
C. Turn on multi-factor authentication (MFA) for added security during the login process.
D. Avoid rotating credentials to prevent issues in production applications.
C. Turn on multi-factor authentication (MFA) for added security during the login process.
C. Turn on multi-factor authentication (MFA) for added security during the login process: Enabling multi-factor authentication (MFA) is a security best practice. It adds an extra layer of protection by requiring users to provide a second form of authentication in addition to their password. This helps prevent unauthorized access even if credentials are compromised.
Elasticity in the AWS Cloud refers to which of the following? (Choose two.)
A. How quickly an Amazon EC2 instance can be restarted
B. The ability to rightsize resources as demand shifts
C. The maximum amount of RAM an Amazon EC2 instance can use
D. The pay-as-you-go billing model
E. How easily resources can be procured when they are needed
B. The ability to rightsize resources as demand shifts
E. How easily resources can be procured when they are needed
B. The ability to rightsize resources as demand shifts: Elasticity involves the ability to dynamically adjust the size of resources (e.g., adding or removing instances) based on changing demand.
E. How easily resources can be procured when they are needed: Elasticity involves the ease with which resources can be provisioned or de-provisioned based on changing demand, providing flexibility and scalability.
Which service enables customers to audit API calls in their AWS accounts?
A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon Inspector
D. AWS X-Ray
A. AWS CloudTrail
AWS CloudTrail is a service that records all API calls made on your AWS account. It provides a detailed history of events, including who made the call, what actions were performed, and from which IP address the call originated. This audit trail is valuable for security, compliance, troubleshooting, and monitoring purposes, and it helps you maintain visibility into how your AWS resources are being used.
What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model?
A. Managing the code within the Lambda function
B. Confirming that the hardware is working in the data center
C. Patching the operating system
D. Shutting down Lambda functions when they are no longer in use
A. Managing the code within the Lambda function
Customers are responsible for developing, deploying, and managing the code and dependencies within the Lambda function.
A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.
Which AWS service should the company use to run these queries in the MOST cost-effective manner?
A. Amazon Redshift
B. Amazon Athena
C. Amazon Kinesis
D. Amazon RDS
B. Amazon Athena
Amazon Athena is a serverless query service that allows you to analyze data directly in Amazon S3 using standard SQL queries. You don’t need to set up or manage any infrastructure; you only pay for the queries you run. It is well-suited for ad-hoc and exploratory analysis on data stored in S3 without the need for maintaining a separate database.
Which AWS service can be used at no additional cost?
A. Amazon SageMaker
B. AWS Config
C. AWS Organizations
D. Amazon CloudWatch
C. AWS Organizations
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations is offered at no additional charge. You are charged only for AWS resources that users and roles in your member accounts use. For example, you are charged the standard fees for Amazon EC2 instances that are used by users or roles in your member accounts.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?
A. Data architecture
B. Event management
C. Cloud fluency
D. Strategic partnership
C. Cloud fluency
Cloud fluency belongs to the people perspective within the AWS Cloud Adoption Framework (AWS CAF).
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/people-perspective.html
A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Choose two.)
A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Savings Plans
E. Dedicated Hosts
C. Reserved Instances
D. Savings Plans
C. Reserved Instances: Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing in exchange for a one-time upfront payment and/or a lower hourly rate. The more you commit, the greater the discount.
D. Savings Plans: Savings Plans offer flexible pricing and savings on your AWS usage, with discounts of up to 72% compared to On-Demand pricing. With Savings Plans, you commit to a certain amount of usage (measured in dollars per hour) for a one- or three-year term, and receive a lower rate for that usage.
A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.
Which AWS service or resource should the company use to select its Amazon RDS deployment area?
A. Amazon Connect
B. AWS Wavelength
C. AWS Regions
D. AWS Direct Connect
C. AWS Regions
AWS Regions are geographical locations where AWS data centers (Availability Zones) are situated. When deploying Amazon RDS, you can choose the AWS Region that is geographically closest to your current location to reduce latency and improve performance.
A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned.
Which AWS service or feature can be used to estimate costs before deployment?
A. AWS Free Tier
B. AWS Pricing Calculator
C. AWS Billing and Cost Management
D. AWS Cost and Usage Report
AWS Pricing Calculator
The AWS Pricing Calculator is a tool that allows users to estimate the cost of using AWS services based on their projected usage. It provides a detailed breakdown of costs for different services and configurations.
A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner?
A. Deliver the content through Amazon CloudFront.
B. Store the content on Amazon S3 and enable S3 cross-region replication.
C. Implement a VPN across multiple AWS Regions.
D. Deliver the content through AWS PrivateLink.
A. Deliver the content through Amazon CloudFront
Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of static and dynamic content, including images and videos, to users globally. It helps minimize latency by caching content at edge locations worldwide.
Which option is a benefit of the economies of scale based on the advantages of cloud computing?
A. The ability to trade variable expense for fixed expense
B. Increased speed and agility
C. Lower variable costs over fixed costs
D. Increased operational costs across data centers
C. Lower variable costs over fixed costs
This is a key benefit of economies of scale. With cloud computing, as usage increases, the cost per unit of resources tends to decrease due to the efficiency gained from large-scale operations.
Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation?
A. AWS CLI
B. AWS Developer Center
C. AWS Cloud Development Kit (AWS CDK)
D. AWS CodeStar
C. AWS Cloud Development Kit (AWS CDK)
AWS CDK is a software development framework that enables developers to define infrastructure as code (IaC) using familiar programming languages like TypeScript, Python, Java, C#, and more.
A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?
A. Amazon API Gateway
B. IAM users
C. AWS Security Token Service (AWS STS)
D. IAM instance profiles
AWS Security Token Service (AWS STS)
AWS STS is the correct choice for providing temporary, limited-privilege credentials. It enables you to request temporary credentials with a specific set of permissions (via roles), which can be used to authenticate with other AWS services. This is commonly used for scenarios where you need to grant temporary access to resources without exposing long-term credentials.
Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format?
A. AWS Security Hub
B. AWS Trusted Advisor
C. Amazon EventBridge
D. Amazon GuardDuty
A. AWS Security Hub
“AWS Security Hub is a cloud security posture management (CSPM) service that performs automated, continuous security best practice checks against your AWS resources to help you identify misconfigurations, and aggregates your security alerts (i.e. findings) in a standardized format so that you can more easily enrich, investigate, and remediate them.”
Reference: https://aws.amazon.com/security-hub/features/?nc=sn&loc=2
Which AWS service is always provided at no charge?
A. Amazon S3
B. AWS Identity and Access Management (IAM)
C. Elastic Load Balancers
D. AWS WAF
B. AWS Identity and Access Management (IAM)
“IAM is a feature of your AWS account and is offered at no additional charge.”
Reference: https://aws.amazon.com/iam/getting-started/?nc=sn&loc=3
To reduce costs, a company is planning to migrate a NoSQL database to AWS.
Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?
A. Amazon Redshift
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon RDS
C. Amazon DynamoDB
DynamoDB is a non-relational database which means it is a NONSQL database.
Aurora and RDS are relational, as for Redshift that is for exabytes of data and complex queries.
A company is using Amazon DynamoDB.
Which task is the company’s responsibility, according to the AWS shared responsibility model?
A. Patch the operating system.
B. Provision hosts.
C. Manage database access permissions.
D. Secure the operating system.
C. Manage database access permissions.
This is the customer’s responsibility. Customers are responsible for defining and managing access permissions to their DynamoDB tables, specifying who can perform various operations on the tables.
A company has a test AWS environment. A company is planning on testing an application within AWS. The application testing can be interrupted and does not need to run continuously.
Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively?
A. On-Demand Instances
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances
C. Spot Instances
Spot Instances are a good fit for stateless, fault-tolerant workloads that can be interrupted without any impact on the overall job.
Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets?
A. Amazon Macie
B. Amazon Detective
C. Amazon GuardDuty
D. AWS IAM Access Analyzer
A. Amazon Macie
Amazon Macie: automatically discover, classify, and protect sensitive data, such as personally identifiable information (PII), in Amazon S3.
Which of the following services can be used to block network traffic to an instance? (Choose two.)
A. Security groups
B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
C. Network ACLs
D. Amazon CloudWatch
E. AWS CloudTrail
A. Security groups
C. Network ACLs
Security groups are stateful firewalls that control inbound and outbound traffic at the instance level. You can configure security groups to allow or deny specific types of network traffic to and from your instances.
Network ACLs (Access Control Lists) are stateless firewalls that control traffic at the subnet level. Network ACLs define rules to allow or deny traffic based on source and destination IP addresses, ports, and protocols.
Which AWS service can identify when an Amazon EC2 instance was terminated?
A. AWS Identity and Access Management (IAM)
B. AWS CloudTrail
C. AWS Compute Optimizer
D. Amazon EventBridge
B. AWS CloudTrail
AWS CloudTrail is a service that records all API activity in your AWS account, including the termination of EC2 instances. It creates log entries for various events, providing an audit trail of actions taken on resources. By reviewing CloudTrail logs, you can identify when an EC2 instance was terminated, who initiated the termination, and other relevant details about the event.
Which of the following is a fully managed MySQL-compatible database?
A. Amazon S3
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon Aurora
D. Amazon Aurora
Amazon S3: Amazon S3 (Simple Storage Service) is an object storage service and is not a database.
Amazon DynamoDB: A fully managed NoSQL database service, but it is not MySQL-compatible.
Amazon Redshift: A fully managed data warehouse service, not a MySQL-compatible database.
Amazon Aurora: A fully managed relational database engine compatible with MySQL and PostgreSQL. It offers the performance and availability of commercial databases with the simplicity and cost-effectiveness of open-source databases.
upvoted 1 times
Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-location environments, or on-premises facilities?
A. AWS Snowmobile
B. AWS Local Zones
C. AWS Outposts
D. AWS Fargate
C. AWS Outposts
AWS Outposts enables you to run AWS infrastructure and services on premises while seamlessly connecting to the AWS cloud. This service extends the AWS ecosystem to your on-premises locations, allowing you to take advantage of cloud benefits while addressing the requirements of data residency, low-latency applications, and specific regulatory needs in hybrid environments.
Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)?
A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR
C. Amazon RDS (Relational Database Service)
Amazon RDS supports various database engines, including PostgreSQL, and offers a managed database service suitable for OLTP workloads. With Amazon RDS for PostgreSQL, you can easily set up, operate, and scale a PostgreSQL database without the administrative overhead of managing the infrastructure.
A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections.
Which AWS services can the company use to meet these requirements? (Choose two.)
A. Amazon Connect
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. AWS Site-to-Site VPN
E. Amazon Elastic Container Service (Amazon ECS)
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
B. Amazon AppStream 2.0: Amazon AppStream 2.0 is a service that enables you to stream desktop applications to users through web browsers. You can deliver Windows applications securely to remote users without the need to provision and manage full virtual desktops.
C. Amazon WorkSpaces: Amazon WorkSpaces is a fully managed desktop-as-a-service (DaaS) solution that provides Windows desktops to users. You can configure and manage virtual desktops for remote employees using WorkSpaces.
A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?
A. AWS Trusted Advisor
B. Amazon CloudWatch
C. Amazon GuardDuty
D. AWS Health Dashboard
C. Amazon GuardDuty
Amazon GuardDuty is an AWS service that is designed to monitor and detect potential security threats in your AWS environment. It helps to identify unusual and unauthorized activities, including misconfigured security groups that may be allowing unrestricted access to specific ports. GuardDuty uses machine learning and threat intelligence to analyze data and generate alerts, making it an effective tool for enhancing the security of your AWS infrastructure.
While options like AWS Trusted Advisor and Amazon CloudWatch offer valuable monitoring capabilities, they do not specifically focus on detecting security group misconfigurations. Therefore, in this scenario, Amazon GuardDuty is the most appropriate choice.
Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?
A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune
A. Amazon DynamoDB
Amazon DynamoDB: A key-value and document database that provides single-digit millisecond latency at any scale. It is a fully managed NoSQL database service designed for applications that require consistent, single-digit millisecond latency, regardless of the volume of requests.
A company is deploying a machine learning (ML) research project that will require a lot of compute power over several months. The ML processing jobs do not need to run at specific times.
Which Amazon EC2 instance purchasing option will meet these requirements at the lowest cost?
A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Instances
B. Spot Instances
Spot Instances are the most cost-effective option for scenarios where the workload is flexible and can be interrupted. Spot Instances allow you to use spare EC2 capacity at a significantly lower cost than On-Demand Instances. Spot Instances are suitable for workloads like batch processing, data analysis, and machine learning jobs that do not require continuous, uninterrupted operation
Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)
A. EC2 Reserved Instances
B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
D. AWS Shield
E. Amazon GuardDuty
B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
B. EC2 Amazon Machine Images (AMIs): AMIs are used to create backups of EC2 instances, and they can be used to launch replacement instances in the event of a disaster or data loss. AMIs are essential for creating recovery points for your EC2 instances.
C. Amazon Elastic Block Store (Amazon EBS) snapshots: EBS snapshots allow you to create point-in-time backups of your EBS volumes. These snapshots can be used to restore data or create new EBS volumes, making them a key component of disaster recovery for EC2 instances.
Which AWS service provides command line access to AWS tools and resources directly from a web browser?
A. AWS CloudHSM
B. AWS CloudShell
C. Amazon WorkSpaces
D. AWS Cloud Map
B. AWS CloudShell
B. AWS CloudShell: A browser-based shell provided by AWS that enables command-line access to AWS resources directly from the AWS Management Console. Users can use AWS CloudShell to run AWS CLI commands and use various AWS tools without installing any additional software. It provides a convenient and secure way to interact with AWS resources in the cloud.
A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time.
Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?
A. VPC endpoints
B. AWS Transit Gateway
C. Amazon Route 53
D. AWS Secrets Manager
B. AWS Transit Gateway
AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships. Transit Gateway acts as a highly scalable cloud router—each new connection is made only once.
A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks ahead of a new product launch.
Which AWS Support plan offers guidance and support for this kind of event at no additional charge?
A. AWS Business Support
B. AWS Basic Support
C. AWS Developer Support
D. AWS Enterprise Support
D. AWS Enterprise Support
AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. For these events, AWS Infrastructure Event Management will help you assess operational readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The program is included in the Enterprise Support plan and is available to Business Support customers for an additional fee.
A company wants to establish a schedule for rotating database user credentials.
Which AWS service will support this requirement with the LEAST amount of operational overhead?
A. AWS Systems Manager
B. AWS Secrets Manager
C. AWS License Manager
D. AWS Managed Services
B. AWS Secrets Manager
AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles.
https://aws.amazon.com/secrets-manager/
Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload?
A. Amazon Route 53
B. Amazon Macie
C. AWS Direct Connect
D. AWS PrivateLink
C. AWS Direct Connect
AWS Direct Connect establishes a dedicated private connection between your on-premises infrastructure and AWS.
Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config
C. AWS KMS
AWS Key Management Service (AWS KMS): A fully managed service that makes it easy for you to create, control, and manage encryption keys used to encrypt your data. It integrates seamlessly with other AWS services, including Amazon EBS, for encryption purposes.
A company wants to manage its AWS Cloud resources through a web interface.
Which AWS service will meet this requirement?
A. AWS Management Console
B. AWS CLI
C. AWS SDK
D. AWS Cloud9
A. AWS Management Console
AWS Management Console: A web-based interface that allows users to access and manage their AWS resources using a graphical user interface (GUI). This console provides an easy-to-use platform for various AWS services.
Which of the following are advantages of the AWS Cloud? (Choose two.)
A. Trade variable expenses for capital expenses
B. High economies of scale
C. Launch globally in minutes
D. Focus on managing hardware infrastructure
E. Overprovision to ensure capacity
B. High economies of scale
C. Launch globally in minutes
B. High economies of scale: AWS Cloud leverages high economies of scale, allowing customers to benefit from cost savings due to the massive scale of AWS infrastructure. This enables cost-effective solutions for businesses.
C. Launch globally in minutes: One of the advantages of the AWS Cloud is the ability to deploy applications and resources globally in a matter of minutes. This quick global deployment facilitates flexibility and responsiveness to changing business needs.
Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?
A. Agility
B. Elasticity
C. Scalability
D. High availability
D. High availability
The ability of an architecture to withstand failures with minimal downtime is a characteristic of high availability. High availability ensures that your system remains operational and accessible even in the face of component failures. This is critical for maintaining a reliable and responsive application or service.
A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.
Which AWS service should the developer use to meet these requirements?
A. AWS Ground Station
B. AWS Shield
C. AWS IoT Device Defender
D. AWS CloudFormation
D. AWS CloudFormation
A service that allows you to define and provision AWS infrastructure as code in a safe, predictable, and repeatable manner. It enables the developer to create and manage a collection of AWS resources by describing the infrastructure in a template. This helps in maintaining both development and production environments consistently.
Which task is the customer’s responsibility, according to the AWS shared responsibility model?
A. Maintain the security of the AWS Cloud.
B. Configure firewalls and networks.
C. Patch the operating system of Amazon RDS instances.
D. Implement physical and environmental controls.
B. Configure firewalls and networks.
Configure firewalls and networks: This is a customer responsibility. Customers have control over configuring security groups, network access control lists (ACLs), and other network-related configurations to control traffic to and from their resources.
Which AWS service helps deliver highly available applications with fast failover for multi-Region and Multi-AZ architectures?
A. AWS WAF
B. AWS Global Accelerator
C. AWS Shield
D. AWS Direct Connect
B. AWS Global Accelerator
AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your public applications. Global Accelerator provides two global static public IPs that act as a fixed entry point to your application endpoints, such as Application Load Balancers, Network Load Balancers, Amazon Elastic Compute Cloud (EC2) instances, and elastic IPs.
A company has a set of ecommerce applications. The applications need to be able to send messages to each other.
Which AWS service meets this requirement?
A. AWS Auto Scaling
B. Elastic Load Balancing
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Streams
C. Amazon Simple Queue Service (Amazon SQS)
SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. It allows one application to send messages to a queue, and another application to retrieve those messages from the queue. This can be helpful in scenarios where the sender and receiver are not required to interact with each other in real-time.
What are the benefits of consolidated billing for AWS Cloud services? (Choose two.)
A. Volume discounts
B. A minimal additional fee for use
C. One bill for multiple accounts
D. Installment payment options
E. Custom cost and usage budget creation
A. Volume discounts
C. One bill for multiple accounts
Consolidated billing has the following benefits:
- ONE BILL – You get one bill for multiple accounts.
- Combined usage – You can combine the usage across all accounts in the organization to share the VOLUME PRICING DISCOUNTS, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.
A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console.
Which AWS service or resource will meet this requirement?
A. S3 Multi-Region Access Points
B. S3 Storage Lens
C. AWS IAM Identity Center (AWS Single Sign-On)
D. Access Analyzer for S3
Access Analyzer for S3 is an AWS service that analyzes S3 buckets for bucket policies and ACLs that allow public or restricted access. Allows users to easily identify buckets with insecure permission settings and take action to remediate them.
What is the best resource for a user to find compliance-related information and reports about AWS?
A. AWS Artifact
B. AWS Marketplace
C. Amazon Inspector
D. AWS Support
A. AWS Artifact
A portal that provides on-demand access to AWS compliance reports, certifications, and attestations. It is a centralized location for various compliance-related documents.
Which AWS service enables companies to deploy an application close to end users?
A. Amazon CloudFront
B. AWS Auto Scaling
C. AWS AppSync
D. Amazon Route 53
A. Amazon CloudFront
A content delivery network (CDN) service that enables companies to deliver static and dynamic web content, including applications, to end users with low latency and high transfer speeds. It helps deploy an application close to end users.
Which AWS service or feature improves network performance by sending traffic through the AWS worldwide network infrastructure?
A. Route table
B. AWS Transit Gateway
C. AWS Global Accelerator
D. Amazon VPC
C. AWS Global Accelerator
A service that uses the AWS global network to optimize the routing of traffic to applications. It improves the availability and performance of applications by utilizing anycast IP addresses. It specifically improves network performance globally.
Which AWS service provides highly durable object storage?
A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon FSx
A. Amazon S3
Provides highly durable object storage with 99.999999999% (11 9’s) durability.
Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances?
A. Database backups
B. Database software patches
C. Operating system patches
D. Operating system installations
D. Operating system installations
AWS provides the infrastructure and services (like EC2) that include a range of Amazon Machine Images (AMIs) with pre-installed operating systems. This means AWS is responsible for ensuring that these AMIs are available and that the underlying infrastructure to run these instances is secure and reliable.
Which of the following are advantages of moving to the AWS Cloud? (Choose two.)
A. The ability to turn over the responsibility for all security to AWS.
B. The ability to use the pay-as-you-go model.
C. The ability to have full control over the physical infrastructure.
D. No longer having to guess what capacity will be required.
E. No longer worrying about users access controls.
B. The ability to use the pay-as-you-go model.
D. No longer having to guess what capacity will be required.
B. The ability to use the pay-as-you-go model - AWS provides a flexible and cost-effective pay-as-you-go pricing model, allowing users to pay only for the resources they consume without upfront costs or long-term commitments.
D. No longer having to guess what capacity will be required - AWS offers scalable resources, enabling users to dynamically scale up or down based on their actual needs. This eliminates the need for upfront capacity planning and allows for efficient resource utilization.
Which AWS service is a hybrid cloud storage service that provides on-premises users access to virtually unlimited cloud storage?
A. AWS DataSync
B. Amazon S3 Glacier
C. AWS Storage Gateway
D. Amazon Elastic Block Store (Amazon EBS)
C. AWS Storage Gateway
AWS Storage Gateway: A hybrid cloud storage service that enables on-premises applications to use cloud storage seamlessly. It provides file, volume, and tape gateway interfaces to integrate on-premises environments with AWS Cloud storage. This service allows on-premises users to access virtually unlimited cloud storage while maintaining a hybrid storage infrastructure.
A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?
A. AWS Pricing Calculator
B. Amazon CloudWatch
C. AWS Cost Explorer
D. AWS Budgets
A. AWS Pricing Calculator
Pricing Calculator: A web-based tool that allows users to estimate the cost of using AWS services. It helps in understanding and estimating the costs associated with various AWS resources based on usage patterns, regions, and other parameters. Users can input their specific requirements to get an estimated monthly cost.
Which tool should a developer use to integrate AWS service features directly into an application?
A. AWS Software Development Kit
B. AWS CodeDeploy
C. AWS Lambda
D. AWS Batch
A. AWS Software Development Kit
AWS Software Development Kit (SDK): A set of libraries and tools that allows developers to interact with AWS services directly from their applications.
Which of the following is a recommended design principle of the AWS Well-Architected Framework?
A. Reduce downtime by making infrastructure changes infrequently and in large increments.
B. Invest the time to configure infrastructure manually.
C. Learn to improve from operational failures.
D. Use monolithic application design for centralization.
C. Learn to improve from operational failures.
Learn to improve from operational failures: This is a key principle of the AWS Well-Architected Framework. It emphasizes the importance of learning from failures and continuously improving the architecture based on operational experiences.
Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:
A. restricted access.
B. as-needed access.
C. least privilege access.
D. token access.
C. least privilege access.
Least privilege access means granting users or entities the minimum level of permissions required to perform their tasks, reducing the risk of unintended or malicious actions.
Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?
A. Security group
B. AWS WAF
C. AWS Firewall Manager
D. Network ACL
D. Network ACL
ACL = subnet, Security Groups = instances
A company wants to operate a data warehouse to analyze data without managing the data warehouse infrastructure.
Which AWS service will meet this requirement?
A. Amazon Aurora
B. Amazon Redshift Serverless
C. AWS Lambda
D. Amazon RDS
B. Amazon Redshift Serverless
B. Amazon Redshift: A fully managed, petabyte-scale data warehouse service in the cloud. It is specifically designed for analytics and data warehousing, offering fast query performance using SQL queries and integration with various business intelligence tools.
How does AWS Cloud computing help businesses reduce costs? (Choose two.)
A. AWS charges the same prices for services in every AWS Region.
B. AWS enables capacity to be adjusted on demand.
C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week.
D. AWS does not charge for data sent from the AWS Cloud to the internet.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.
B. AWS enables capacity to be adjusted on demand.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.
B. AWS enables capacity to be adjusted on demand: AWS provides the flexibility to scale resources up or down based on demand. This allows businesses to optimize costs by only paying for the resources they actually use, avoiding unnecessary expenses during periods of lower demand.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers: With AWS, businesses can leverage cloud infrastructure without the need to invest in and maintain physical data centers. This eliminates upfront capital expenses, ongoing maintenance costs, and the need to overprovision resources for future growth, leading to significant cost savings.
A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.
Which AWS service will meet this requirement?
A. IAM group
B. IAM role
C. IAM tag
D. IAM Access Analyzer
B. IAM role
IAM role: Are used to delegate permissions to users, applications, or services. In the context of cross-account access, you can create an IAM role in the target account and define policies that grant access to the necessary resources. Users in the source account can assume the role to access resources in the target account. IAM roles are commonly used for cross-account access scenarios.
Which task is the responsibility of AWS when using AWS services?
A. Management of IAM user permissions
B. Creation of security group rules for outbound access
C. Maintenance of physical and environmental controls
D. Application of Amazon EC2 operating system patches
C. Maintenance of physical and environmental controls
Maintenance of physical and environmental controls: This task is the responsibility of AWS. AWS manages the physical infrastructure, including data center security, environmental controls (such as cooling and power), and other aspects related to the underlying infrastructure.
A company wants to automate infrastructure deployment by using infrastructure as code (IaC). The company wants to scale production stacks so the stacks can be deployed in multiple AWS Regions.
Which AWS service will meet these requirements?
A. Amazon CloudWatch
B. AWS Config
C. AWS Trusted Advisor
D. AWS CloudFormation
D. AWS CloudFormation
AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.
Which option is an AWS Cloud Adoption Framework (AWS CAF) platform perspective capability?
A. Data architecture
B. Data protection
C. Data governance
D. Data science
A. Data architecture
The correct answer is A, the clue is “Platform perspective capabilities” and only “Data Architecture” include in the list.
ref: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/platform-perspective.html
A company is running a workload in the AWS Cloud.
Which AWS best practice ensures the MOST cost-effective architecture for the workload?
A. Loose coupling
B. Rightsizing
C. Caching
D. Redundancy
B. Rightsizing
Right sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost.
Ref link: https://aws.amazon.com/aws-cost-management/aws-cost-optimization/right-sizing/#:~:text=Right%20sizing%20is%20the%20process,at%20the%20lowest%20possible%20cost.
A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing backup workflows.
Which AWS service should the company use to meet these requirements?
A. Amazon Elastic Block Store (Amazon EBS)
B. AWS Storage Gateway
C. Amazon Elastic Container Service (Amazon ECS)
D. AWS Lambda
B. AWS Storage Gateway
AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
Which AWS tool gives users the ability to plan their service usage, service costs, and instance reservations, and also allows them to set custom alerts when their costs or usage exceed established thresholds?
A. Cost Explorer
B. AWS Budgets
C. AWS Cost and Usage Report
D. Reserved Instance reporting
B. AWS Budgets
AWS Budgets is the tool that provides users with the ability to plan their service usage, service costs, and instance reservations.
Which tasks are the customer’s responsibility, according to the AWS shared responsibility model? (Choose two.)
A. Establish the global infrastructure.
B. Perform client-side data encryption.
C. Configure IAM credentials.
D. Secure edge locations.
E. Patch Amazon RDS DB instances.
B. Perform client-side data encryption.
C. Configure IAM credentials.
https://aws.amazon.com/compliance/shared-responsibility-model/
A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.)
A. Grant the developer access to only the AWS resources needed to perform the job.
B. Share the AWS account root user credentials with the developer.
C. Add the developer to the administrator’s group in AWS IAM.
D. Configure a password policy that ensures the developer’s password cannot be changed.
E. Ensure the account password policy requires a minimum length.
A. Grant the developer access to only the AWS resources needed to perform the job.
E. Ensure the account password policy requires a minimum length.
A. Grant the developer access to only the AWS resources needed to perform the job: Following the principle of least privilege, it is advisable to provide the developer with access only to the specific AWS resources necessary for their job role. This minimizes the potential impact of security incidents and limits the scope of actions the developer can perform.
E. Ensure the account password policy requires a minimum length: Implementing a password policy that requires a minimum length is a good security practice. It helps enhance the strength of passwords and contributes to better overall account security. Longer passwords are generally more resistant to brute-force attacks.
A company has multiple AWS accounts that include compute workloads that cannot be interrupted. The company wants to obtain billing discounts that are based on the company’s use of AWS services.
Which AWS feature or purchasing option will meet these requirements?
A. Resource tagging
B. Consolidated billing
C. Pay-as-you-go pricing
D. Spot Instances
B. Consolidated billing
Consolidated billing allows you to combine multiple AWS accounts and aggregate the usage and spending across those accounts. This simplifies billing and enables you to take advantage of volume discounts, which can lead to cost savings
A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure.
Which AWS service or feature should be used?
A. Security groups
B. AWS Firewall Manager
C. IAM roles
D. IAM user SSH keys
C. IAM roles
IAM (Identity and Access Management) roles provide a secure way to grant permissions to AWS services and resources. In this scenario, you can create an IAM role with the necessary permissions for the EC2 instance to access other AWS services. Then, you can associate the IAM role with the EC2 instance.
A company wants a fully managed Windows file server for its Windows-based applications.
Which AWS service will meet this requirement?
A. Amazon FSx
B. Amazon Elastic Kubernetes Service (Amazon EKS)
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon EMR
A. Amazon FSx
Amazon FSx: A fully managed file storage service that is compatible with Windows file servers. It is designed to provide shared file storage for Windows-based applications, making it a suitable choice for the company’s requirement of a fully managed Windows file server.
A company wants to migrate its NFS on-premises workload to AWS.
Which AWS Storage Gateway type should the company use to meet this requirement?
A. Tape Gateway
B. Volume Gateway
C. Amazon FSx File Gateway
D. Amazon S3 File Gateway
D. Amazon S3 File Gateway
Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data files and backup images as durable objects in Amazon S3 cloud storage. Amazon S3 File Gateway offers SMB or NFS-based access to data in Amazon S3 with local caching. It can be used for on-premises data-intensive Amazon EC2-based applications that need file protocol access to S3 object storage.
https://aws.amazon.com/es/storagegateway/file/s3/
A company needs to track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources.
Which AWS tool or service can be used to meet these requirements?
A. Amazon CloudWatch
B. Amazon Inspector
C. AWS CloudTrail
D. AWS IAM
C. AWS CloudTrail
“CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.”
Reference: https://aws.amazon.com/cloudtrail/faqs/
A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to continue to grow for years.
What is the MOST cost-effective EC2 instance purchasing model to meet these requirements?
A. Spot Instances
B. On-Demand Instances
C. Savings Plans
D. Dedicated Hosts
C. Savings Plans
A company wants an AWS service to provide product recommendations based on its customer data.
Which AWS service will meet this requirement?
A. Amazon Polly
B. Amazon Personalize
C. Amazon Comprehend
D. Amazon Rekognition
B. Amazon Personalize
Amazon Personalize accelerates your digital transformation with ML, making it easier to integrate personalized recommendations into existing websites, applications, email marketing systems, and more.
A company is planning its migration to the AWS Cloud. The company is identifying its capability gaps by using the AWS Cloud Adoption Framework (AWS CAF) perspectives.
Which phase of the cloud transformation journey includes these identification activities?
A. Envision
B. Align
C. Scale
D. Launch
B. Align
“Align phase focuses on identifying capability gaps across the six AWS CAF perspectives, identifying cross-organizational dependencies, and surfacing stakeholder concerns and challenges.”
Reference: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html
A social media company wants to protect its web application from common web exploits such as SQL injections and cross-site scripting.
Which AWS service will meet these requirements?
A. Amazon Inspector
B. AWS WAF
C. Amazon GuardDuty
D. Amazon CloudWatch
B. AWS WAF
AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.”
References: https://aws.amazon.com/waf/faqs/
Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC2 images?
A. EC2 Image Builder
B. Amazon Machine Image (AMI)
C. AWS Launch Wizard
D. AWS Elastic Beanstalk
A. EC2 Image Builder
EC2 Image Builder is a fully-managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date “golden” server images that are pre-installed and pre-configured with software and settings to meet specific IT standards.
A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Detective
D. Amazon Cognito
B. Amazon Inspector
“Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), AWS Lambda functions, and container workloads for software vulnerabilities and unintended network exposure.”
Reference: https://aws.amazon.com/inspector/faqs/
A company needs to perform data processing once a week that typically takes about 5 hours to complete.
Which AWS service should the company use for this workload?
A. AWS Lambda
B. Amazon EC2
C. AWS CodeDeploy
D. AWS Wavelength
B. Amazon EC2
AWS Lambda is a serverless computing service that runs your code without provisioning or managing servers. However, Lambda functions have a maximum execution time of 15 minutes. Therefore, Lambda is not suitable for workloads that need to run for longer than 15 minutes.
Which AWS service or feature provides log information of the inbound and outbound traffic on network interfaces in a VPC?
A. Amazon CloudWatch Logs
B. AWS CloudTrail
C. VPC Flow Logs
D. AWS Identity and Access Management (IAM)
C. VPC Flow Logs
VPC flow logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.
https://aws.amazon.com/vpc/faqs/#:~:text=VPC%20flow%20logs%20is%20a,network%20interfaces%20in%20your%20VPC
A company wants to design a centralized storage system to manage the configuration data and passwords for its critical business applications.
Which AWS service or capability will meet these requirements MOST cost-effectively?
A. AWS Systems Manager Parameter Store
B. AWS Secrets Manager
C. AWS Config
D. Amazon S3
AWS Systems Manager Parameter Store
AWS Secrets Manager is specifically designed for managing sensitive information such as passwords, database credentials, and API keys securely. (FYI so is AWS Secrets Manager - but that service costs $1 per secret).
A company plans to deploy containers on AWS. The company wants full control of the compute resources that host the containers. Which AWS service will meet these requirements?
A. Amazon Elastic Kubernetes Service (Amazon EKS)
B. AWS Fargate
C. Amazon EC2
D. Amazon Elastic Container Service (Amazon ECS)
C. Amazon EC2
“For full control over your compute environment, choose to run your containers on Amazon Elastic Compute Cloud (EC2)”
https://aws.amazon.com/containers/
Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts?
A. AWS Identity and Access Management (IAM)
B. AWS Trusted Advisor
C. AWS CloudFormation
D. AWS Organizations
D. AWS Organizations
AWS Organizations is the service that provides the features you mentioned for managing multiple AWS accounts within an organization.
A company wants to store and retrieve files in Amazon S3 for its existing on-premises applications by using industry-standard file system protocols.
Which AWS service will meet these requirements?
A. AWS DataSync
B. AWS Snowball Edge
C. Amazon S3 File Gateway
D. AWS Transfer Family
C. Amazon S3 File Gateway
Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data files and backup images as durable objects in Amazon S3 cloud storage.
https://aws.amazon.com/storagegateway/file/s3/
A company wants to block SQL injection attacks.
Which AWS service or feature should the company use to meet this requirement?
A. AWS WAF
B. Network ACLs
C. Security groups
D. AWS Certificate Manager (ACM)
A. AWS WAF
“AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.”
References: https://aws.amazon.com/waf/faqs/
A company wants a unified tool to provide a consistent method to interact with AWS services.
Which AWS service or tool will meet this requirement?
A. AWS CLI
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS Cloud9
D. AWS Virtual Private Network (AWS VPN)
A. AWS CLI
“The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.”
Reference: https://aws.amazon.com/cli/
A company needs to evaluate its AWS environment and provide best practice recommendations in five categories: cost, performance, service limits, fault tolerance and security.
Which AWS service can the company use to meet these requirements?
A. AWS Shield
B. AWS WAF
C. AWS Trusted Advisor
D. AWS Service Catalog
C. AWS Trusted Advisor
AWS Trusted Advisor is a service that helps users secure and optimize their AWS environments. Trusted Advisor offers a range of recommendations in five categories:
Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes capabilities for configuration management and patch management?
A. Platform
B. Operations
C. Security
D. Governance
B. Operations
AWS CAF Operations perspective capabilities
* Observability
* Event management (AIOps)
* Incident and problem management
* Change and release management
* Performance and capacity management
* Configuration management
* Patch management
* Availability and continuity management
* Application management
Reference: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/operations-perspective.html
A company has a compute workload that is steady, predictable, and uninterruptible.
Which Amazon EC2 instance purchasing options meet these requirements MOST cost-effectively? (Choose two.)
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Saving Plans
E. Dedicated Hosts
B. Reserved Instances
D. Saving Plans
For a steady, predictable, and uninterruptible compute workload, the most cost-effective Amazon EC2 instance purchasing options would typically be:
B. Reserved Instances: Reserved Instances provide a significant discount compared to On-Demand Instances in exchange for a commitment to a one- or three-year term. Since the workload is steady and predictable, you can forecast your usage and purchase Reserved Instances accordingly, optimizing costs over time.
D. Saving Plans: Similar to Reserved Instances, Savings Plans offer significant discounts on usage in exchange for committing to a specific amount of compute usage (measured in dollars per hour) over a one- or three-year term. Savings Plans provide flexibility across a wider range of instance types and regions compared to Reserved Instances.
Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances
A. On-Demand Instances
*On-Demand Instances – short workload, predictable pricing, pay by second
Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility model?
A. Configuration of Amazon EC2 instance operating systems
B. Application file system server-side encryption
C. Patch management
D. Security of the physical infrastructure
C. Patch management
“AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.”
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/
A company wants to migrate its on-premises workloads to the AWS Cloud. The company wants to separate workloads for chargeback to different departments.
Which AWS services or features will meet these requirements? (Choose two.)
A. Placement groups
B. Consolidated billing
C. Edge locations
D. AWS Config
E. Multiple AWS accounts
B. Consolidated billing
E. Multiple AWS accounts
Consolidated billing is a feature of AWS Organizations that allows you to combine billing for multiple AWS accounts.
Creating multiple AWS accounts, one for each department, is an effective way to segregate resources, manage permissions, and track costs separately.
Which task is a responsibility of AWS, according to the AWS shared responsibility model?
A. Enable client-side encryption for objects that are stored in Amazon S3.
B. Configure IAM security policies to comply with the principle of least privilege.
C. Patch the guest operating system on an Amazon EC2 instance.
D. Apply updates to the Nitro Hypervisor.
D. Apply updates to the Nitro Hypervisor.
The Nitro Hypervisor is a component of the underlying infrastructure managed by AWS.
Which option is a benefit of using AWS for cloud computing?
A. Trade variable expense for fixed expense
B. Pay-as-you-go pricing
C. Decreased speed and agility
D. Spending money running and maintaining data centers
B. Pay-as-you-go pricing
Which option is an AWS Cloud Adoption Framework (AWS CAF) business perspective capability?
A. Culture evolution
B. Event management
C. Data monetization
D. Platform architecture
C. Data monetization
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html
A company is assessing its AWS Business Support plan to determine if the plan still meets the company’s needs. The company is considering switching to AWS Enterprise Support.
Which additional benefit will the company receive with AWS Enterprise Support?
A. A full set of AWS Trusted Advisor checks
B. Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week
C. A designated technical account manager (TAM) to assist in monitoring and optimization
D. A consultative review and architecture guidance for the company’s applications
D. A consultative review and architecture guidance for the company’s applications
Designated Technical Account Manager (TAM) to provide consultative architectural and operational guidance delivered in the context of your applications and use-cases to help you achieve the greatest value from AWS
https://aws.amazon.com/premiumsupport/plans/
Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?
A. On-Demand Instances
B. Standard Reserved Instances
C. Spot Instances
D. Convertible Reserved Instances
C. Spot Instances
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity
C. Incident response
D. Infrastructure protection
Infrastructure protection – Validate that systems and services within your workload are protected against unintended and unauthorized access and potential vulnerabilities
Incident response – Reduce potential harm by effectively responding to security incidents. Quick, effective, and consistent responses to security incidents will help you reduce potential harm
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html
A company wants to run its workload on Amazon EC2 instances for more than 1 year. This workload will run continuously.
Which option offers a discounted hourly rate compared to the hourly rate of On-Demand Instances?
A. AWS Graviton processor
B. Dedicated Hosts
C. EC2 Instance Savings Plans
D. Amazon EC2 Auto Scaling instances
C. EC2 Instance Savings Plans
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?
A. Agility
B. Elasticity
C. Reliability
D. Durability
B. Elasticity
The characteristic of the AWS Cloud that helps users eliminate underutilized CPU capacity is elasticity. Elasticity allows users to scale their computing resources up or down based on their needs, which helps to eliminate underutilized CPU capacity.
Which AWS services can a company use to achieve a loosely coupled architecture? (Choose two.)
A. Amazon WorkSpaces
B. Amazon Simple Queue Service (Amazon SQS)
C. Amazon Connect
D. AWS Trusted Advisor
E. AWS Step Functions
B. Amazon Simple Queue Service (Amazon SQS)
E. AWS Step Functions
Amazon Simple Queue Service (Amazon SQS): SQS is a fully managed message queuing service that allows components of a distributed application to communicate asynchronously. It helps decouple the sender and receiver components, providing flexibility and fault tolerance.
AWS Step Functions: AWS Step Functions allow you to coordinate and sequence AWS services, including Lambda functions, in a serverless workflow. It helps in creating workflows that are scalable, resilient, and loosely coupled.
Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost Allocation Tags
D. AWS Organizations
A. AWS Budgets
AWS Budgets is the AWS Cloud service that allows users to set custom spending thresholds and receive alerts when those thresholds are exceeded. It helps users to keep track of their AWS spending by providing notifications based on their budget limits.
A company plans to migrate to the AWS Cloud. The company wants to use the AWS Cloud Adoption Framework (AWS CAF) to define and track business outcomes as part of its cloud transformation journey.
Which AWS CAF governance perspective capability will meet these requirements?
A. Benefits management
B. Risk management
C. Application portfolio management
D. Cloud financial management
Benefits management – Ensure that the business benefits associated with your cloud investments are realized and sustained. The success of your transformation is determined by the resulting business benefits.
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/governance-perspective.html
A company needs to quickly and securely move files over long distances between its client and an Amazon S3 bucket.
Which S3 feature will meet this requirement?
A. S3 Versioning
B. S3 Transfer Acceleration
C. S3ACLs
D. S3 Intelligent-Tiering
B. S3 Transfer Acceleration
S3 Transfer Acceleration is a feature that utilizes Amazon CloudFront’s globally distributed edge locations to accelerate the upload of objects to an S3 bucket.
A company needs to continuously run an experimental workload on an Amazon EC2 instance and stop the instance after 12 hours.
Which instance purchasing option will meet this requirement MOST cost-effectively?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Instances
A. On-Demand Instances
Which cloud transformation journey phase of the AWS Cloud Adoption Framework (AWS CAF) focuses on demonstrating how the cloud helps accelerate business outcomes?
A. Scale
B. Envision
C. Align
D. Launch
B. Envision
Identify and prioritize transformation opportunities in line with your strategic objectives. Associating your transformation initiatives with key stakeholders and measurable business outcomes will help you demonstrate value as you progress through your transformation journey.
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html
Which option is a customer responsibility under the AWS shared responsibility model?
A. Maintenance of underlying hardware of Amazon EC2 instances
B. Application data security
C. Physical security of data centers
D. Maintenance of VPC components
B. Application data security
A company wants its Amazon EC2 instances to operate in a highly available environment, even if there is a natural disaster in a particular geographic area.
Which approach will achieve this goal?
A. Use EC2 instances in multiple AWS Regions.
B. Use EC2 instances in multiple Amazon CloudFront locations.
C. Use EC2 instances in multiple edge locations.
D. Use EC2 instances in AWS Local Zones.
A. Use EC2 instances in multiple AWS Regions.
A company wants to modernize and convert a monolithic application into microservices. The company wants to move the application to AWS.
Which migration strategy should the company use?
A. Rehost
B. Replatform
C. Repurchase
D. Refactor
D. Refactor
A systems administrator created a new IAM user for a developer and assigned the user an access key instead of a user name and password. What is the access key used for?
A. To access the AWS account as the AWS account root user
B. To access the AWS account through the AWS Management Console
C. To access the AWS account through a CLI
D. To access all of a company’s AWS accounts
C. To access the AWS account through a CLI
Use Access Keys for Programmatic Access (CLI / SDK)
Which option is an environment that consists of one or more data centers?
A. Amazon CloudFront
B. Availability Zone
C. VPC
D. AWS Outposts
B. Availability Zone
An availability zone consists of multiple data centers, which are all equipped with independent power, cooling and networking infrastructure all housed in separate facilities.
A company is moving an on-premises data center to the AWS Cloud. The company must migrate 50 petabytes of file storage data to AWS with the least possible operational overhead.
Which AWS service or resource should the company use to meet these requirements?
A. AWS Snowmobile
B. AWS Snowball Edge
C. AWS Data Exchange
D. AWS Database Migration Service (AWS DMS)
A. AWS Snowmobile
AWS Snowmobile is the appropriate choice for migrating 50 petabytes of file storage data to AWS with the least possible operational overhead.
A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high-end client hardware?
A. Amazon AppStream 2.0
B. AWS AppSync
C. Amazon WorkLink
D. AWS Elastic Beanstalk
A. Amazon AppStream 2.0
Amazon AppStream 2.0 is a cloud-based desktop streaming service that allows companies to deploy applications and desktops to any device, including lightweight laptops.
A company wants to query its server logs to gain insights about its customers’ experiences.
Which AWS service will store this data MOST cost-effectively?
A. Amazon Aurora
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon S3
D. Amazon S3
For cost-effective storage and querying of large volumes of data, especially log data, Amazon S3 (Simple Storage Service) is the most suitable option.
Which of the following is a recommended design principle for AWS Cloud architecture?
A. Design tightly coupled components.
B. Build a single application component that can handle all the application functionality.
C. Make large changes on fewer iterations to reduce chances of failure.
D. Avoid monolithic architecture by segmenting workloads.
D. Avoid monolithic architecture by segmenting workloads.
Monolithic architectures can become unwieldy, difficult to maintain, and prone to failures. Segmenting workloads into smaller, more manageable components allows for greater scalability, resilience, and flexibility in the cloud.
Which AWS service helps users audit API activity across their AWS account?
A. AWS CloudTrail
B. Amazon Inspector
C. AWS WAF
D. AWS Config
A. AWS CloudTrail
With AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made by using the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services.
Which task is a customer’s responsibility, according to the AWS shared responsibility model?
A. Management of the guest operating systems
B. Maintenance of the configuration of infrastructure devices
C. Management of the host operating systems and virtualization
D. Maintenance of the software that powers Availability Zones
A. Management of the guest operating systems
A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynamically.
Which service or feature will meet these requirements?
A. Amazon DynamoDB
B. Amazon EC2 Spot Instances
C. AWS Snow Family
D. Amazon EC2 Auto Scaling
D. Amazon EC2 Auto Scaling