Concepts

Question 1

The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept?

Economy of scale
Elasticity
High availability
Agility

Answer 1

Elasticity

Question 2

The AWS shared responsibility model is included in which pillar of the AWS Well-Architected Framework?

Operational excellence
Performance efficiency
Reliability
Security

Answer 2

Security

Question 3

As part of its cloud architecture, a company wants its workloads to be resilient, perform correctly, consistently, and recover from errors in a timely manner. Which pillar of the AWS Well-Architected Framework are these requirements related to?

Security
Performance efficiency
Operational excellence
Reliability

Answer 3

Reliability

Question 4

What charges are applicable to Amazon S3 Standard storage class? (Select two)

Per GB/month storage fee
Retrieval fee
Minimum capacity charge per object
Data ingress
Data egress

Answer 4

Per GB/month storage fee
Data egress

Question 5

Which service is used for caching data?

Amazon Simple Queue Service (SQS)
Amazon DynamoDB DAX
AWS Key Management Service (KMS)
Amazon Elastic File System (EFS)

Answer 5

Amazon DynamoDB DAX

Question 6

Which service can you use to monitor, store and access log files generated by EC2 instances and on-premise servers?

AWS CloudTrail
AWS OpsWorks
Amazon CloudWatch Logs
Amazon Kinesis

Answer 6

Amazon CloudWatch Logs

Question 7

How can you configure Amazon Route 53 to monitor the health and performance of your application?

Using DNS lookups
Using Route 53 health checks
Using the Route 53 API
Using CloudWatch

Answer 7

Using Route 53 health checks

Question 8

Which type of Amazon RDS automated backup allows you to restore the database with a granularity of as little as 5 minutes?

Snapshot backup
Full backup
Incremental backup
Point-in-time recovery

Answer 8

Point-in-time recovery

Question 9

Which support plan is the lowest cost option that allows unlimited cases to be open?

Basic
Developer
Business
Enterprise

Answer 9

Developer

Question 10

What offerings are included in the Amazon Lightsail product set? (select two)

Virtual Private Server
NoSQL database
Managed MySQL database
File storage
Serverless functions

Answer 10

Virtual Private Server
Managed MySQL database

Question 11

Which of the following must be used together to gain programmatic access to an AWS account? (Select two)

An access key ID
A primary key
A secret access key
A user ID
A secondary key

Answer 11

An access key ID
A secret access key

Question 12

A company has deployed several relational databases in Amazon RDS. Every month, the database software vendor releases new security patches that need to be applied to the database. What is the most efficient way to apply the security patches?

Connect to each database instance on a monthly basis and download and apply the necessary security patches from the vendor
Enable automatic patching for the instances using Amazon RDS console
In AWS Config, configure a rule for the instances and the required patch level
Use AWS Systems Manager to automate database patching according to a schedule

Answer 12

Enable automatic patching for the instances using the Amazon RDS console

Question 13

Which AWS support plan provides email only support by Cloud Support Associates?

Basic
Developer
Business
Enterprise

Answer 13

Developer

Question 14

An Elastic IP Address can be remapped between EC2 instances across which boundaries?

Regions
Edge locations
Availability zones
DB Subnets

Answer 14

Availability zones

Question 15

What feature of Amazon S3 enables you to set rules to automatically transfer objects between different storage classes at defined time intervals?

Elastic Data Management
Object Lifecycle Management
Auto Lifecycle Scaling
S3 Archiving

Answer 15

Object Lifecycle Management

Question 16

Which AWS components aid in the construction of fault tolerant applications? (select two)

Elastic IP addresses
ARNs
AMIs
Tags
Block device mappings

Answer 16

Elastic IP addresses
AMIs

Question 17

Which AWS program can help an organization to design, build, and manage Their workloads on AWS?

APN Consulting Partners
APN Technology consultants
AWS Business Development Manager
AWS Technical Account Manager

Answer 17

APN Consulting Partners

Question 18

What are the primary benefits of using AWS Elastic Load Balancing? (select two)

High availability
Elasticity
Automation
Caching
Regional resilience

Answer 18

High availability
Elasticity

Question 19

A cloud practitioner needs to decrease application latency and increase performance for globally distributed users. Which services can assist? (Select two)

Amazon ECS
Amazon S3
Amazon AppStream 2.0
Amazon ElastiCache
Amazon CloudFront

Answer 19

Amazon S3
Amazon CloudFront

S3 bucket can be configured as an origin for the CloudFront distribution

Question 20

What advantages does the AWS Cloud provide in relation to cost? (Select two)

Fine-grained billing
One-off payments for on-demand resources
Ability to turn off resources and not pay for them
Enterprise licensing discounts
Itemized power costs

Answer 20

Fine-grained billing
Ability to turn off resources and not pay for them

Question 21

What do you need to log into the AWS console?

User name and password
Key pair
Access key and secret ID
Certificate

Answer 21

User name and password

Question 22

The AWS Cost Management tools give users the ability to do which of the following? (Select TWO.)

Terminate any AWS resource automatically if budget thresholds are exceeded

Break down AWS costs by day, service, and linked AWS account

Create budgets and receive notifications if current or forecasted usage exceeds the budgets

Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective

Move data stored in Amazon S3 to a more cost-effective storage class

Answer 22

Break down AWS costs by day, service, and linked AWS account

Create budgets and receive notifications if current or forecasted usage exceeds the budgets

Question 23

How can a company facilitate the sharing of data over private connections between two accounts they own within a region?

Create an internal ELB

Create a subnet peering connection

Create a VPC peering connection

Configure matching CIDR address ranges

Answer 23

Create a VPC peering connection

A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.

Question 24

Which AWS support plans provide 24x7 access to customer service?

Basic

Business

Developer

All plans

Answer 24

All plans

Question 25

Which AWS service or feature helps restrict the AWS service, resources, and individual API actions the users and roles in each member account can access?

Amazon Cognito

AWS Organizations

AWS Shield

AWS Firewall Manager

Answer 25

AWS Organizations

AWS Organizations offers the following policy types:

Service control policies (SCPs) offer central control over the maximum available permissions for all of the accounts in your organization.
Tag policies help you standardize tags across resources in your organization’s accounts.

Question 26

How can you deploy your EC2 instances so that if a single data center fails you still have instances available?

Across regions

Across subnets

Across Availability Zones

Across VPCs

Answer 26

Across Availability Zones

An AZ spans one or more data centers and each AZ is physically isolated from other AZs and connected by high speed networking. If you want to deploy a highly available application you should spread your instances across AZs and they will be resilient to the failure of a single DC

Question 27

Which type of AWS database is ideally suited to analytics using SQL queries?

Amazon DynamoDB

Amazon RedShift

Amazon RDS

Amazon S3

Answer 27

Amazon RedShift

“Amazon RDS” is incorrect. Amazon RDS is a transactional DB, not an analytics DB.

Question 28

Which AWS Glacier data access option retrieves data from an archive in 1-5 minutes?

Standard

Express

Accelerated

Expedited

Answer 28

Expedited

“Standard” is incorrect. Standard takes 3-5 hours.
Other two are not retrieval options

Question 29

According to the AWS Shared Responsibility Model, which of the following is a shared control?

Operating system patching

Awareness and training

Protection of infrastructure

Client-side data encryption

Answer 29

Awareness and training

Shared Controls are controls which apply to both the infrastructure layer and customer layers. Examples include patch management, configuration management, and awareness and training.

“Operating system patching” is incorrect. Though patch management is a shared control, operating system patching specifically is a customer responsibility.

Question 30

You need to connect your company’s on-premise network into AWS and would like to establish an AWS managed VPN service. Which of the following configuration items needs to be setup on the Amazon VPC side of the connection?

A Virtual Private Gateway

A Customer Gateway

A Network Address Translation device

A Firewall

Answer 30

A Virtual Private Gateway

A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection.

Question 31

Which AWS Cloud design principles can help increase reliability? (Select TWO.)

Using monolithic architecture

Measuring overall efficiency

Testing recovery procedures

Adopting a consumption model

Automatically recovering from failure

Answer 31

Testing recovery procedures

Automatically recovering from failure

“Adopting a consumption model” is incorrect. A consumption model has benefits more aligned with cost and agility than reliability.

Question 32

According to the AWS Well-Architected Framework, what change management steps should be taken to achieve reliability in the AWS Cloud? (Select TWO.)

Use AWS Config to generate an inventory of AWS resources

Use service limits to prevent users from creating or making changes to AWS resources

Use AWS CloudTrail to record AWS API calls into an auditable log file

Use AWS Certificate Manager to create a catalog of approved services

Use Amazon GuardDuty to record API activity to an S3 bucket

Answer 32

Use AWS Config to generate an inventory of AWS resources

Use AWS CloudTrail to record AWS API calls into an auditable log file

AWS Config can be used to track the configuration state of your resources and how the state has changed over time. With CloudTrail you can audit who made what API calls on what resources at what time. This can help with identifying changes that cause reliability issues.

Question 33

The 6 Pillars of the AWS Well-Architected Framework

Answer 33

Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
Sustainability

Question 34

In the AWS Cloud Adoption Framework, which perspective focuses on identifying capability gaps and helping your organization align its readiness for cloud adoption?

Envision

Align

Launch

Scale

Answer 34

Align

Align is the correct answer. During the Align phase in the AWS Cloud Adoption Framework, organizations work to identify capability gaps and ensure their readiness for adopting cloud services, thereby aligning their existing processes and systems with the requirements and features offered by AWS services.

Question 35

Which AWS service makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow?

Amazon SWF

AWS Step Functions

Amazon SNS

Amazon SES

Answer 35

AWS Step Functions

“Amazon SWF” is incorrect. Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. SWF is not a visual workflow tool.

Question 36

Which feature of Amazon S3 enables you to create rules to control the transfer of objects between different storage classes?

Object sharing

Versioning

Lifecycle management

Bucket policies

Answer 36

Lifecycle management

CORRECT: “Lifecycle management” is the correct answer.

INCORRECT: “Object sharing” is incorrect. Object sharing refers to the ability to make any object publicly available via a URL.

INCORRECT: “Bucket policies” is incorrect. Bucket policies are used for controlling access to buckets, they can’t be used to move data between storage classes.

Question 37

Which of the following are NOT features of AWS IAM? (Select TWO.)

Shared access to your AWS account

Logon using local user accounts

Identity federation

PCI DSS compliance

Charged for what you use

Answer 37

Logon using local user accounts

Charged for what you use

Question 38

Which of the authentication options below can be used to authenticate using AWS APIs? (Select TWO.)

Key pairs

Access keys

Server passwords

Security groups

Server certificates

Answer 38

Access keys

Server certificates

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

Server certificates are SSL/TLS certificates that you can use to authenticate with some AWS services.

INCORRECT: “Key pairs” is incorrect. Key pairs are used for encrypting logon information when accessing EC2 instances.

Question 39

Which AWS technology enables you to group resources that share one or more tags?

Tag groups
Organization groups
Resource groups
Consolidation groups

Answer 39

Resource Groups

Question 40

A user needs to identify underutilized Amazon EC2 instances to reduce costs. Which AWS service or feature will meet this requirement?

AWS CodeBuild
AWS Trusted Advisor
AWS Cost Explorer
AWS Health DashBoard

Answer 40

AWS Trusted Advisor

Cost Explorer can be used to view itemized costs but you cannot check resource utilization

Question 41

Which of the following can an AWS customer use to launch a new ElastiCache cluster? (Select two)

AWS CloudFormation
AWS Concierge
AWS Systems Manager
AWS Management Console
AWS Data Pipeline

Answer 41

AWS CloudFormation
AWS Management Console

Question 42

How does the AWS cloud increase the speed and agility of execution for customers? (Select two)

Fast provisioning of resources
Private connections to data centers
Secured data centers
Lower cost of deployment
Scalable compute capacity

Answer 42

Fast provisioning of resources
Scalable compute capacity

Question 43

An Amazon Virtual Private Cloud can include multiple:

AWS Regions
Edge Locations
Internet gateways
Availability Zones

Answer 43

Availability Zones

Question 44

A Cloud Practitioner anticipates an increase in application traffic at a future date and time when a sales event will take place. How can the Cloud Practitioner configure Amazon EC2 Auto Scaling to ensure the right number of Amazon EC2 instances are available ahead of the event?

Configure predictive scaling.
Configure a target tracking scaling policy.
Configure a scheduled scaling policy.
Configure a step scaling policy.

Answer 44

Configure a scheduled scaling policy.

INCORRECT: “Configure predictive scaling” is incorrect. Predictive scaling uses daily and weekly trends to determine when to scale. In this case the Cloud Practitioner knows about the event that will require more resources.

INCORRECT: “Configure a target tracking scaling policy” is incorrect. This policy will cause the ASG to attempt to keep resource utilization at the target value.

INCORRECT: “Configure a step scaling policy” is incorrect. Step scaling will launch resources in response to demand, this will not ensure the resource are ready at the right time as there will be a delay.

Question 45

An individual IAM user must be granted access to an Amazon S3 bucket using a bucket policy. Which element in the S3 bucket policy should be updated to define the user account for which access will be granted?

Action
Principal
Resource
Condition

Answer 45

Principal

Question 46

Which of the following will help a user determine if they need to request an Amazon EC2 service limit increase?

AWS Health Dashboard

AWS Cost Explorer

AWS Trusted Advisor

Amazon RDS

Answer 46

AWS Trusted Advisor

“AWS Health Dashboard” is incorrect. The AWS Health dashboard shows issues or upcoming events that may impact your resources. It does not notify of service limit breaches.

Question 47

A company plans to deploy a relational database on AWS. The IT department will perform database administration. Which service should the company use?

Amazon EC2

Amazon RedShift

Amazon ElastiCache

Amazon DynamoDB

Answer 47

Amazon EC2

Question 48

A company is designing a new a service that must align with the operational excellence pillar of the AWS Well-Architected Framework.
Which design principles should the company follow? (Select TWO.)

Anticipate failure.

Make large-scale changes.

Perform operations as code.

Perform manual operations.

Create static operational procedures.

Answer 48

Anticipate failure.
Perform operations as code.

Question 49

A corporation with multiple departments each having their own AWS accounts wants to implement a solution to customize billing data to match their specific showback or chargeback business logic. They wish to group accounts with similar financial owners and generate a distinct Cost and Usage Report (CUR) for each group.

Which AWS service should they use to meet these requirements?

AWS Budgets

AWS Cost Explorer

AWS Billing and Cost Management

AWS Billing Conductor

Answer 49

AWS Billing Conductor

AWS Billing Conductor is the correct answer because it is a customizable billing service that allows the organization to define billing groups, set pricing rules, create custom line items, and generate a unique Cost and Usage Report (CUR) for each billing group. This service would help the corporation to streamline and customize their billing data efficiently according to different business logics.

INCORRECT: “AWS Budgets” is incorrect. AWS Budgets is incorrect because, while it allows organizations to set custom cost and usage budgets, it does not offer the extensive customization and grouping features that are central to the scenario described.

INCORRECT: “AWS Cost Explorer” is incorrect. AWS Cost Explorer is incorrect because, although it helps in visualizing and managing AWS spending and usage over time, it doesn’t offer functionalities to create billing groups and set pricing rules at a granular level as described in the scenario

INCORRECT: “AWS Billing and Cost Management” is incorrect. This answer is incorrect because, while it is a tool to track your AWS usage and expenditures, it doesn’t offer the specialized functionalities for creating billing groups and defining custom billing parameters as provided by AWS Billing Conductor.

Question 50

A newly founded tech startup is looking for a program that offers AWS credits, training, technical support, and other resources to help them build their business.

Which AWS program would be the best fit for them?

AWS Educate

AWS Activate for Startups

AWS Marketplace

AWS Partner Network

Answer 50

AWS Activate for Startups

INCORRECT: “AWS Educate” is incorrect because this program is primarily targeted at the educational sector, providing students and educators with the resources needed to accelerate cloud-related learning.

INCORRECT: “AWS Partner Network” is incorrect because it is aimed at helping APN Partners to build successful AWS-based businesses or solutions by providing business, technical, marketing, and go-to-market support. It is more suited for established companies or businesses that are partnering with AWS, rather than startups looking to build their business.

Question 51

A Cloud Practitioner requires a simple method to identify if unrestricted access to resources has been allowed by security groups. Which service can the Cloud Practitioner use?

AWS Trusted Advisor

Amazon CloudWatch

VPC Flow Logs

AWS CloudTrail

Answer 51

AWS Trusted Advisor

AWS Trusted Advisor checks security groups for rules that allow unrestricted access (0.0.0.0/0) to specific ports. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). The ports with highest risk are flagged red, and those with less risk are flagged yellow. Ports flagged green are typically used by applications that require unrestricted access, such as HTTP and SMTP.

Question 52

A Cloud Practitioner noticed that IP addresses that are owned by AWS are being used to attempt to flood ports on some of the company’s systems.

To whom should the issue be reported?

AWS Professional Services

AWS Partner Network (APN)

AWS Trust & Safety team

AWS Technical Account Manager (TAM)

Answer 52

AWS Trust & Safety team

Question 53

Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?

AWS Service Health Dashboard

AWS Personal Health Dashboard

AWS Trusted Advisor dashboard

Amazon CloudWatch dashboard

Amazon CloudWatch dashboard

Answer 53

AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources.

NCORRECT: “AWS Service Health Dashboard” is incorrect. This shows the current status of services across regions. However, it does not provide proactive notifications of scheduled activities or guidance of any kind.

Question 54

To gain greater discounts, which services can be reserved? (Select TWO.)

Amazon RedShift

Amazon S3

AWS Lambda

Amazon DynamoDB

Amazon CloudWatch

Answer 54

Amazon RedShift

Amazon DynamoDB

Reservations provide you with greater discounts, up to 75%, by paying for capacity ahead of time. Some of the services you can reserve include: EC2, DynamoDB, ElastiCache, RDS, and RedShift.

Question 55

How can an organization track resource inventory and configuration history for the purpose of security and regulatory compliance?

Configure AWS Config with the resource types

Create an Amazon CloudTrail trail

Implement Amazon GuardDuty

Run a report with AWS Artifact

Answer 55

Configure AWS Config with the resource types

Question 56

Which AWS service supports an in-memory data structure store, compatible with Redis, that delivers sub-millisecond latency for use cases such as caching, session stores, and real-time analytics?

Amazon DynamoDB

Amazon RDS

Amazon MemoryDB

Amazon Redshift

Answer 56

Amazon MemoryDB

Question 57

Which AWS tools can be used for automation? (Select TWO.)

AWS Elastic Beanstalk

Elastic Load Balancing

AWS CloudFormation

AWS Lambda

Answer 57

AWS Elastic Beanstalk

AWS CloudFormation

Question 58

How can a user block a suspicious IP address from connecting to an Amazon EC2 instance?

Block the IP on the inbound rule of a network ACL.

Block the IP on the outbound rule of a security group.

Block the IP on the inbound rule of a security group and network ACL.

Block the IP on the outbound rule of a security group and network ACL.

Answer 58

Block the IP on the inbound rule of a network ACL.

Security group - supports allow rules only

Network ACL - supports allow and deny rules

Question 59

Which AWS services facilitate building secure and scalable mobile and web applications, offering features such as real-time updates and offline functionalities? (Select TWO.)

AWS Lambda

AWS AppSync

AWS Amplify

AWS CodeDeploy

Amazon API Gateway

Answer 59

AWS AppSync

AWS Amplify

AWS AppSync and AWS Amplify are the correct answers as both services facilitate the building of secure and scalable mobile and web applications. AWS AppSync enables the creation of flexible APIs, including options for real-time updates and offline functionalities. AWS Amplify is a set of tools and services that can be used to build scalable full-stack apps powered by AWS, also supporting real-time functionalities and offline operations.

Question 60

Are there any AWS services or features that will identify and search for externally shared AWS resources?

Amazon OpenSearch Service (Amazon Elasticsearch Service).

AWS Control Tower.

AWS IAM Access Analyzer.

AWS Fargate.

Answer 60

AWS IAM Access Analyzer.

Question 61

Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?

Amazon Macie

AWS Organizations

AWS Shield

AWS IAM

Answer 61

AWS Organizations

AWS IAM is used for assigning permissions but SCPs in AWS Organizations are used to control which API actions are allowed in an account. You need to be granted permission in IAM and have the API allowed to be able to use the API successfully.

Question 62

Which IAM entity is associated with an access key ID and secret access key?

IAM Group

IAM Role

IAM Policy

IAM User

Answer 62

IAM User

Question 63

Which AWS services are associated with Edge Locations? (Select TWO.)

Amazon CloudFront

AWS Direct Connect

AWS Shield

Amazon EBS

AWS Config

Answer 63

Amazon CloudFront

AWS Shield

AWS Shield which protects against Distributed Denial of Service (DDoS) attacks is available globally on Amazon CloudFront Edge Locations.

Question 64

What is a specific benefit of an Enterprise Support plan?

Included Technical Support Manager

Included AWS Solutions Architect

Included Cloud Support Associate

Included Technical Account Manager

Answer 64

Included Technical Account Manager

Cloud Support Associates are provided in the Developer plan.

Question 65

A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS.
Which AWS service will meet these requirements?

AWS Control Tower

Amazon CloudWatch

AWS CloudTrail

AWS Config

Answer 65

Amazon CloudWatch

Amazon CloudWatch is a performance monitoring tool that receives metrics from AWS services. This data can be used for monitoring the operational health of resources as well as being used to optimize costs through ensuring systems are right-sized and just enough capacity is provisioned.

Question 66

Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?

AWS Config

AWS OpsWorks

AWS Systems Manager

Amazon CloudWatch

Answer 66

AWS Systems Manager

AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources.

Question 67

Which IAM entity can be used to delegate permissions

Role
User
Group
Policy

Answer 67

Role

You cannot delegate using a policy.

You delegate using a role and you define permissions to the role through a policy.

Question 68

Which storage device is physically attached to the Amazon EC2 host servers?

Instance Store volume

Amazon Elastic Block Store (EBS) volume

Amazon Machine Image (AMI)

Elastic Network Adapter

Answer 68

Instance Store volume

Question 69

What does Elastic Load Balancing use to ensure instances are available?

Health checks

EC2 Status Checks

CloudWatch metrics

Scaling plans

Answer 69

Health checks

ELB does not receive CloudWatch metrics to tell it if an instance is healthy.

Question 70

Which services does Amazon Route 53 provide?

Health checking, DNS, domain registration

Domain registration, DNS, firewall protection

Amazon Route 53 does not provide firewall protection.

Health checking, DNS, IP routing

Domain registration, DNS, content distribution

Answer 70

Health checking, DNS, domain registration

Question 71

What type of template is used by Amazon EC2 Auto Scaling to define instance family, AMI key pair, and security groups?

Launch Configuration

Scaling Plan

Scaling Policy

Auto Scaling Group

Answer 71

Launch Configuration

Question 72

In Amazon Route,53 what is the name for the configuration item that holds a collection of records belonging to a domain?

Hosting Zone

DNS Record

Alias

Routing policy

Answer 72

Hosting Zone

Question 73

Which type of Elastic Load Balancer can direct traffic based on the domain name?

Application Load Balancer

Classic Load Balancer

Network load balancer

Amazon EC2 Load Balancer

Answer 73

Application Load Balancer

Question 74

Which type of Elastic Load Balancer routes connections based on IP protocol data at layer 4 only?

Network Load Balancer

Classic load balancer

Application load balancer

Layer 4-7 load balancer

Answer 74

Network Load Balancer

Question 75

Which of the following AWS services are compute services? (Select TWO.)

AWS Batch

AWS CloudTrail

AWS Elastic Beanstalk

Amazon EFS

Amazon Inspector

Answer 75

AWS Batch

AWS Elastic Beanstalk

Question 76

Which of the following statements best describes the concept of agility in relation to cloud computing on AWS? (Select TWO.)

The speed at which AWS rolls out new features.

The ability to experiment quickly.

The elimination of wasted capacity.

The ability to automatically scale capacity.

The speed at which AWS resources can be created.

Answer 76

The ability to experiment quickly.

The speed at which AWS resources can be created.

Question 77

An application uses a PostgreSQL database running on a single Amazon EC2 instance. A Cloud Practitioner has been asked to increase the availability of the database so there is automatic recovery in the case of a failure.

Which tasks can the Cloud Practitioner take to meet this requirement?

Migrate the database to Amazon RDS and enable the Multi-AZ feature.

Configure an Elastic Load Balancer in front of the EC2 instance.

Configure EC2 Auto Recovery to move the instance to another Region.

Set the DeleteOnTermination value to false for the EBS root volume.

Answer 77

Migrate the database to Amazon RDS and enable the Multi-AZ feature.

INCORRECT: “Configure EC2 Auto Recovery to move the instance to another Region” is incorrect. The auto recovery feature of EC2 automatically moves the instance to another host, not to another Region.

Question 78

Which of the following can an AWS customer use to launch a new ElastiCache cluster? (Select TWO.)

AWS CloudFormation

AWS Concierge

AWS Systems Manager

AWS Management Console

AWS Data Pipeline

Answer 78

AWS CloudFormation

AWS Management Console

There are several ways to launch resources in AWS. You can use the AWS Management Console or Command Line Interface (CLI) or you can automate the process by using tools such as AWS CloudFormation.

With AWS CloudFormation you can deploy infrastructure such as Amazon ElastiCache clusters by defining your desired configuration state in code using a template file written in JSON or YAML. CloudFormation will then deploy the resources by creating a Stack according to the template file.

Question 79

There are several ways to launch resources in AWS. You can use the AWS Management Console or Command Line Interface (CLI) or you can automate the process by using tools such as AWS CloudFormation.

With AWS CloudFormation you can deploy infrastructure such as Amazon ElastiCache clusters by defining your desired configuration state in code using a template file written in JSON or YAML. CloudFormation will then deploy the resources by creating a Stack according to the template file.

Which cloud computing model will the company use for this operation?

Platform as a Service (PaaS)

Infrastructure as a Service (IaaS)

Function as a Service (FaaS)

Software as a Service (SaaS)

Answer 79

Infrastructure as a Service (IaaS)

Question 80

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC.

Which service should be used to deploy the application?

AWS CloudFormation

AWS Elastic Beanstalk

Amazon EC2

Amazon LightSail

Answer 80

AWS Elastic Beanstalk

INCORRECT: “Amazon LightSail” is incorrect. LightSail is a good service to use when you don’t have good knowledge of AWS. However, you cannot deploy a scalable node.js application into a VPC.

Question 81

A company needs to optimize costs and resource usage through monitoring of operational health for all resources running on AWS.

Which AWS service will meet these requirements?

AWS Control Tower

Amazon CloudWatch

AWS CloudTrail

AWS Config

Answer 81

Amazon CloudWatch

Amazon CloudWatch is a performance monitoring tool that receives metrics from AWS services. This data can be used for monitoring the operational health of resources as well as being used to optimize costs through ensuring systems are right-sized and just enough capacity is provisioned.

Question 82

Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?

Amazon Macie

AWS Organizations

AWS Shield

AWS IAM

Answer 82

AWS Organizations

Question 83

Which service allows an organization to view operational data from multiple AWS services through a unified user interface and automate operational tasks?

AWS Config

AWS OpsWorks

AWS Systems Manager

Amazon CloudWatch

Answer 83

AWS Systems Manager

Question 84

Which AWS tools can be used for automation? (Select TWO.)

AWS Elastic Beanstalk

Elastic Load Balancing

AWS CloudFormation

Amazon Elastic File System (EFS)

AWS Lambda

Answer 84

AWS Elastic Beanstalk

AWS CloudFormation

AWS Elastic Beanstalk and AWS CloudFormation are both examples of automation. Beanstalk is a platform service that leverages the automation capabilities of CloudFormation to build out application architectures.

Question 85

Which AWS service should be used to create a billing alarm?

AWS Trusted Advisor

AWS CloudTrail

Amazon CloudWatch

Amazon QuickSight

Answer 85

Amazon CloudWatch

You can monitor your estimated AWS charges by using Amazon CloudWatch. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data.

Question 86

A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption.
Which action should the user take?

Contact the dedicated Technical Account Manager

Contact the dedicated AWS Concierge Support team

Open a business-critical system down support case

Open a production system down support case

Answer 86

Open a production system down support case

Question 87

What can be assigned to an IAM user? (Select TWO.)

An access key ID and secret access key

A password for logging into Linux

A password for access to the management console

A key pair

An SSL/TLS certificate

Answer 87

An access key ID and secret access key

A password for access to the management console

Question 88

Which feature of AWS IAM enables you to identify unnecessary permissions that have been assigned to users?

Role Advisor

Access Advisor

Permissions Advisor

Group Advisor

Answer 88

Access Advisor

Question 89

Which of the following security related activities are AWS customers responsible for? (Select TWO.)

Installing patches on network devices

Implementing data center access controls

Implementing IAM password policies

Installing patches on Windows operating systems

Secure disposal of faulty disk drives

Answer 89

Implementing IAM password policies

Installing patches on Windows operating systems

Question 90

Which storage type can be mounted using the NFS protocol to many EC2 instances simultaneously?

Amazon EBS

Amazon Instance Store

Amazon S3

Amazon EFS

Answer 90

Amazon EFS

Question 91

Which team is available to support AWS customers on an Enterprise support plan with account issues?

AWS Technical Account Manager

AWS Concierge

AWS Billing and Accounts

AWS Technical Support

Answer 91

AWS Concierge

Included as part of the Enterprise Support plan, the Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts.

INCORRECT: “AWS Technical Account Manager” is incorrect. The Technical Account Manager provides expert monitoring and optimization for your environment and coordinates access to other programs and experts.

Question 92

An organization is migrating its application from on-premises SQL Server to AWS. As part of the migration, the company wants to reduce operational overhead, but lacks the resources to refactor the application.

Which database service would MOST effectively support these requirements?

Amazon DynamoDB

Amazon Redshift

Microsoft SQL Server on Amazon EC2

Amazon RDS for SQL Server

Answer 92

Amazon RDS for SQL Server

Amazon RDS for SQL Server is a fully managed SQL database service which you can migrate your on-premises database into. You do not need to refactor or change your on-premises database and you can perform homogeneous migrations with ease.

INCORRECT: “Amazon Redshift” is incorrect. RedShift is a data warehousing solution which would not accept a migration using SQL Server.

Question 93

There is a need to perform queries and to search and analyze logs interactively within an organization.
Which AWS service or feature will meet this requirement?

Amazon EventBridge (Amazon CloudWatch Events).

Amazon CloudWatch anomaly detection.

Amazon CloudWatch Logs Insights.

Amazon CloudWatch Logs streams.

Answer 93

Amazon CloudWatch Logs Insights.

Question 94

AWS Business Support customers have access to which of the following?

AWS Support concierge

AWS DDoS Response Team (DRT)

AWS technical account manager (TAM)

AWS Health API

Answer 94

AWS Health API

The AWS Health API is available to all Business, Enterprise On-Ramp, or Enterprise Support customers. You can use the API operations to get information about events that might affect your AWS services and resources.

INCORRECT: “AWS technical account manager (TAM)” is incorrect. You get a dedicated AWS TAM when you have Enterprise Support, and you get access to a pool of TAMs when you are using Enterprise On-Ramp.

INCORRECT: “AWS Support concierge” is incorrect. This is only available to Enterprise Support customers.

Question 95

Remote employees need access to managed Windows virtual desktops and applications over secure networks.

Which AWS services can the company use to meet these requirements? (Select TWO.)

Amazon Connect

Amazon AppStream 2.0

Amazon Workspaces

AWS Site-to-Site VPN

Amazon Elastic Container Service (Amazon ECS)

Answer 95

Amazon Workspaces

AWS Site-to-Site VPN

To secure your network you would use the AWS Site-to-Site VPN. AWS Site-to-Site VPN allows you to encrypt traffic across your networks.

INCORRECT: “Amazon AppStream 2.0” is incorrect. Amazon AppStream is a non-persistent desktop and application service for remotely accessing your work. The non-persistent feature of this service would make the product unsuitable.

Question 96

In AWS IAM, what are the characteristics of users and groups? (Select TWO.)

Groups can be nested and can contain other groups.

A user can be a member of multiple groups.

Groups can contain users only and cannot be nested.

A user can only be a member of a single group at one time.

All new users are automatically added to a default group.

Answer 96

A user can be a member of multiple groups.

Groups can contain users only and cannot be nested.

Question 97

An organization is migrating to AWS Cloud. During the migration, the company needs consulting and guidance on its applications. Upon completion of the migration, the company requires a response within 30 minutes in the event of a business-critical system failure.
Which AWS Support plans meet these requirements? (Select TWO.)

AWS Enterprise Support

AWS Enterprise On-Ramp Support

AWS Developer Support

AWS Basic Support

AWS Business Support

Answer 97

AWS Enterprise Support

AWS Enterprise On-Ramp Support

Question 98

Which of the following statements is correct about Amazon S3 cross-region replication?

Both source and destination S3 buckets must have versioning disabled

The source and destination S3 buckets cannot be in different AWS Regions

S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts

The source S3 bucket owner must have the source and destination AWS Regions disabled for their account

Answer 98

S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts

Question 99

Which AWS services form the app-facing services of the AWS serverless infrastructure? (Select TWO.)

AWS Step Functions

AWS Lambda

Amazon API Gateway

Amazon DynamoDB

Amazon EFS

Answer 99

AWS Lambda

Amazon API Gateway

AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure

Question 100

What is the relationship between subnets and availability zones?

You can create one or more subnets within each availability zone

Subnets span across multiple availability zones

You can create one subnet per availability zone

Subnets contain one or more availability zones

Answer 100

You can create one or more subnets within each availability zone

Question 101

Which of the following descriptions is incorrect in relation to the design of Availability Zones?

AZ’s have direct, low-latency, high throughput and redundant network connections between each other

Each AZ is designed as an independent failure zone

AZs are physically separated within a typical metropolitan region and are located in lower risk flood plains

Each subnet in a VPC is mapped to all AZs in the region

Answer 101

Each subnet in a VPC is mapped to all AZs in the region

Question 102

What are the benefits of using IAM roles for applications that run on EC2 instances? (Select TWO.)

Easier to configure than using storing access keys within the EC2 instance

More secure than storing access keys within applications

Can apply multiple roles to a single instance

It is easier to manage IAM roles

Role credentials are permanent

Answer 102

More secure than storing access keys within applications

It is easier to manage IAM roles

INCORRECT: “Easier to configure than using storing access keys within the EC2 instance” is incorrect. It is not easier to configure as there are extra steps that need to be completed.

Question 103

Which type of storage stores objects comprised of key, value pairs?

Amazon DynamoDB

Amazon EBS

Amazon EFS

Amazon S3

Answer 103

Amazon S3

INCORRECT: “Amazon DynamoDB” is incorrect. Amazon DynamoDB stores items, not objects, based on key, value pairs.

Question 104

Benefits of using the Cloud Adoption Framework include the following:

It increases high availability and agility.

It reduces business risk and grows revenue.

It increases operational efficiency and improves ESG.

It has elasticity and durability.

Answer 104

It reduces business risk and grows revenue.

It increases operational efficiency and improves ESG.

Question 105

You have been tasked with implementing encryption on your Elastic Block Store volumes. What services provides encryption for those volumes?

AWS CloudTrail

Amazon EBS

Amazon S3

AWS KMS

Answer 105

Amazon EBS

AWS KMS

Elastic Block Store (EBS) can be configured to encrypt volumes as you create them, as a rule in your account, or when you copy an existing volume.

Key Management Service (KMS) generates the keys used to encrypt the EBS volumes.

Question 106

Your company is migrating into the cloud and wants to take advantage of the scalability and cost-effectiveness of the cloud. Their only requirement is that costs must remain below a certain threshold. Which of the following options meets their needs?

They will need to use an AWS Virtual Private Network connection.

They will need to configure a billing alarm for the estimated charges.

They will use AWS Direct Connect.

They will use a public cloud deployment model.

They will use a hybrid cloud deployment model.

Answer 106

They will need to configure a billing alarm for the estimated charges.

They will use a public cloud deployment model.

Your company does not require any on-premises hardware, so the hybrid model does not fit their needs.

Question 107

A medical company needs to migrate 100 TB of data to AWS. Which AWS service can perform this type of migration cost effectively while meeting HIPAA compliance

Snowmonster

Snowball Edge

Snowcone

Snowmobile

Answer 107

Snowball Edge.

Question 108

By default, what can a private subnet communicate with?

Other private subnets in the same VPC

Public subnets in the same VPC

Private subnets in a different VPC

Public subnets in a different VPC

Answer 108

Other private subnets in the same VPC

Public subnets in the same VPC

Question 109

You are using several in demand EC2 instances to run your development environment. What is the best way to reduce your charges when these instances are not in use?

You cannot minimize charges for this type of instances

Terminating the instances

Deleting all EBS volumes attached to the instances

Stopping the instances

Answer 109

Stopping the instances

If you terminate the instances without taking an AMI of them, you will lose their data

Question 110

What can you use to assign permissions to an IAM user?

IAM policy
IAM identity
IAM group
IAM role

Answer 110

IAM policy

Question 111

Which of the following is NOT a factor when estimating the cost of Amazon CloudFront?

The number of requests (HTTP or HTTPS) made

The edge location through which your content is served

Data Transfer Out

Inbound traffic

Answer 111

Inbound traffic

There is no charge for data transferred from AWS services su ch as Amazon S3 or ELB

Question 112

You have a real time IoT application that requires sub millisecond latency. Which of the following services would you use?

Amazon ElastiCache for Redis

Amazon IoT caching

Amazon Redshift

Amazon IoT Accelerator

Answer 112

Amazon ElastiCache for Redis

Question 113

Which of the following is not an AWS reservation model?

Redshift reserved nodes

ElastiCache reserved nodes

DynamoDB reserved capacity

S3 reserved capacity

Answer 113

S3 reserved capacity

Question 114

Which of the following services gives you access to all AWS auditor issued reports?

AWS Audit

AWS CloudWatch

AWS Artifact

Amazon SNS

Answer 114

AWS Artifact

Question 115

AWS changes the way you pay for servers compared to other traditional hosting providers. What purchasing option does Amazon EC2 make available so you pay lower prices for computer instances?

The ability to pay only for the compute time you use

The ability to bid to get the lowest possible prices when purchasing compute instances

The ability to pay upfront to get lower hourly costs

The ability to pay lower hourly costs when using more compute capacity

Answer 115

The ability to pay upfront to get lower hourly costs

EC2 allows you to pay for only the instances you allocate. Once you provision an EC2 instance, you will pay for every hour the instance is in the running state. This is regardless of whether you are using the instance or not.

Compare to Lambda

Question 116

For each EC2 instance in a free tier account, which of the following is true regarding its Elastic IP addresses?

Elastic IP addresses are not free

You can have one Elastic IP address free of charge

You can have three Elastic IP addresses free of charge

You can have any number of Elastic IP addresses free of charge

Answer 116

You can have one Elastic IP address free of charge

Question 117

You need to run a number of Amazon EC2 instances that are physically isolated at the host hardware level from instances that belong to any other AWS account. How can you meet this requirement in a cost effective way?

Use EC2 reserved instances

Use EC2 spot instances

Use EC2 dedicated hosts

Use EC2 dedicated instances

Answer 117

Use EC2 dedicated instances

Dedicated instances are physically isolated at the host hardware level from instances that belong to other AWS accounts.
Cheaper than dedicated host

Question 118

Which service can a non AWS customer use to estimate the cost of migrating to the AWS cloud?

AWS simple monthly calculator

AWS TCO calculator

AWS budgets

AWS cost explorer

Answer 118

AWS TCO calculator

Monthly calculator helps customers and prospects estimate their monthly AWS bill more efficiently

Question 119

Select the services that are server based: (choose two)

AWS Fargate

AWS Lambda

Amazon RDS

Amazon EMR

Amazon DynamoDB

Answer 119

Amazon RDS

Amazon EMR

Question 120

Which of the following are use cases for Amazon EMR?

Backup and restore

Disaster recovery

Financial analysis

Extract transform load (ETL)

Answer 120

Financial analysis
Extract transform load (ETL)

Question 121

Which of the following is an AWS Well-Architected Framework design principle related to operational excellence?

Scale horizontally for resilience.

Deploy smaller, reversible changes.

Use serverless architectures first.

Assign only the least privileges required.

Answer 121

Deploy smaller, reversible changes.

Scale horizontally for resilience.
This design principle is part of the Reliability pillar.

Question 122

AWS VPC is a component of which of the following overall service categories?

Compute

Management Tools

Database

Migration Services

Storage

Networking and Content Delivery

Answer 122

Networking and Content Delivery

Question 123

A customer would like to store secondary backup copies of on-premises data to the cloud. The customer is not concerned about an extra level of protection by geographic redundancy but requires rapid access to the data when it is needed. Which Amazon S3 storage class should be used as the lowest cost option with rapid access?

S3 Standard

S3 Standard-Infrequent Access

S3 Glacier Deep Archive

S3 One Zone-Infrequent Access

Answer 123

S3 One Zone-Infrequent Access

S3 One Zone-Infrequent Access is designed for customers who want a lower cost option for infrequently accessed data but do not require the multiple Availability Zone data resilience model of the S3 Standard or S3 Standard-Infrequent Access storage classes. S3 One Zone-Infrequent Access provides millisecond access when the data is needed.

Question 124

A financial company needs to migrate large amounts of data, at a petabyte scale, to AWS. Which AWS service can perform this type of migration?

AWS Data Pipeline

DataSync

AWS Snowball

Database Migration Service

Answer 124

AWS Snowball

Database Migration Service

It would not be practical to use this service for such a large migration. Additionally, it has not been specified that this data is all contained within a database.

Question 125

A company is considering migrating its applications to AWS. Which costs should the company consider when comparing its on-premises total cost of ownership (TCO) to the TCO when running on AWS? (SELECT THREE)

Software license costs

Help desk support costs

Software development

Data center cooling, power, and space requirements

Hardware and infrastructure

Answer 125

Software license costs

Data center cooling, power, and space requirements

Hardware and infrastructure

Question 126

How can a customer with the Enterprise Support plan get help with billing and account questions?

Use the AWS Support API to programmatically open a case with AWS Support.

Technical Account Manager (TAM)

AWS Community Forums

AWS Online Tech Talks

Contact the Support Concierge team.

Answer 126

Use the AWS Support API to programmatically open a case with AWS Support.

Contact the Support Concierge team.

Question 127

A customer wants access to the full set of Trusted Advisor checks. What’s the minimum support plan they need to have access to?

Developer Support

Business Support

Enterprise Support

Basic Support

Answer 127

Business Support

Question 128

A company would like someone to help them coordinate access to AWS subject matter experts when they need help. Which support plan do they need to have?

Basic Support

Enterprise

Developer Support

Business

Answer 128

Enterprise

Enterprise Support provides access to a Technical Account Manager (TAM) who helps coordinate access to subject matter experts among other things.

Question 129

You need to visualize, understand, and identify trends for future charges, as well as manage your AWS costs and usage over time. Which AWS tool would you use?

AWS Cost Explorer

AWS Cost and Usage Report

Trusted Advisor

Amazon CloudWatch

Answer 129

AWS Cost Explorer

Cost Explorer allows you to visualize and forecast your costs and usage over time.

INCORRECTLY
AWS Cost and Usage Report

The Cost and Usage Report contains the most comprehensive set of cost and usage data.

Question 130

A customer is on the Enterprise Support plan, and they’ve reported a business-critical system down support case. What is the guaranteed response time from AWS Support?

Less than 24 hours

Less than 1 hour

Less than 5 minutes

Less than 15 minutes

Answer 130

Less than 15 minutes

Question 131

You have upgraded your AWS Support plan to the Business Support level. What is true of the Business Support plan?

< 24 hours response time support when your production system goes down.

< 15 minutes response time support if your business-critical system goes down.

< 1 hour response time support when your production system goes down.

< 15 minutes response time support when your production system goes down.

Answer 131

< 1 hour response time support when your production system goes down.

Question 132

What is the easiest way to launch and manage a virtual private server in AWS?

Using Amazon Virtual Private Cloud

Using Amazon Lightsail

Using AWS Virtual Private Network

Using Amazon Route 53

Answer 132

Using Amazon Lightsail

Question 133

What is the AWS S3 storage class that has the lowest availability rating?

Standard
S3 One Zone-IA
S3 Standard-IA
Glacier

Answer 133

S3 One Zone-IA

Question 134

If you want to run an ever changing database in an Amazon EC2 instance, what is the most recommended Amazon storage option?

Amazon Instance Storage
Amazon EBS
You can’t run a database inside an Amazon EC2 instance
Amazon DB storage

Answer 134

Amazon EBS

Question 135

What factors determine how you are charged when using AWS Lambda? (Choose two)

Compute capacity consumed
Compute time consumed
Storage time consumed
Number of requests to your functions

Answer 135

Compute time consumed
Number of requests to your functions

No compute capacity bc serverless

Question 136

Which of the following services allows you to store your application assets, like images and libraries, along with your code?

AWS CodePipeline
AWS X-Ray
AWS CodeCommit
None of the above

Answer 136

AWS CodeCommit

Question 137

Each AWS Region is composed of multiple Availability Zones. Which of the following best describes what an Availability Zone is?

It is a collection of data centers distributed in multiple countries

It is a logically isolated network of the AWS Cloud

It is a distinct location within a region that is insulated from failures in other Availability Zones

It is a data center designed to be completely isolated from other data centers in the same region

Answer 137

It is a distinct location within a region that is insulated from failures in other Availability Zones

Question 138

Which of the following is NOT a benefit of using AWS Lambda?

AWS Lambda runs code without provisioning or managing servers?

There is no charge when your AWS Lambda code is not running

AWS Lambda provides resizable compute capacity in the Cloud

AWS Lambda can be called directly from any mobile app

Answer 138

AWS Lambda provides resizable compute capacity in the Cloud

Question 139

Which feature enables users to sign in to their AWS accounts with their existing corporate credentials?

Amazon Cognito

Federation

IAM Permissions

Access keys

Answer 139

Federation

Question 140

A company needs to host a big data application on AWS. Which of the following AWS storage services would they choose to automatically get high throughput to multiple compute nodes?

Amazon EBS
S3
Amazon EFS
AWS storage gateway

Answer 140

Amazon EFS

High levels of aggregate throughput and IOPS that scales as a file system grows

EBS volume cannot be attached to multiple compute resources at a time

S3 cannot be attached to compute resources

Question 141

Amazon EBS volumes are automatically replicated within TB r same availability zone. What is the benefit of this?

Elasticity

Durability

Traceability

Accessibility

Answer 141

Durability

Question 142

What are the benefits of AWS Organizations? (Choose two)

Help organizations achieve their desired business outcomes with AWS

Help organizations design and travel an accelerated path to successful cloud adoption

Consolidate billing across multiple AWS accounts

Manage your organization’s payment methods

Control access to AWS services

Answer 142

Consolidate billing across multiple AWS accounts

Control access to AWS services

Billing and cost management is used to manage organizations payment methods

Question 143

Where can AWS customers find their historical billing information?

AWS Billing History

AWS TCO

Billing and Cost Management console

AWS Simple monthly calculator

Answer 143

Billing and Cost Management console

Billing history is not real