Topic 2

Question 1

Which service's PRIMARY purpose is softwareversion control?
A. Amazon CodeStar
B. AWS Command Line Interface (AWS CLI)
C. Amazon Cognito
D. AWS CodeCommit

Answer 1

Answer: D

Question 2

Access keys in AWS Identity and Access Management (IM1) are used to
A. log in to the AWS Management Console
B. make programmatic calls to AWS from AWS APIs
C. log in to Amazon EC2 instances
D. authenticate to AWS CodeCommit repositories

Answer 2

Answer: C

Question 3

How can a user protect against AWS service disruptions if a natural disaster affects an entire geographic
area?
A. Deploy applications across multiple Availability Zones within an AWS Region
B. Use a hybrid cloud computing deployment model within the geographic area
C. Deploy applications across multiple AWS Regions
D. Store application artifacts using AWS Artifact and replicate them across multiple AWS Regions

Answer 3

Answer: C

Question 4

Which mechanism aHows developers lo access AWS sendees from application code?
A. AWS Software Development Kit
B. AWS Management Console
C. AWSCodePipelme
D. AWS Conlig

Answer 4

Answer: A

Question 5

Which services are parts of the AWS serverless platform?
A. Amazon EC2, Amazon S3, Amazon Athena
B. Amazon Kinesis, Amazon SQS, Amazon EMR
C. AWS Step Functions, Amazon DynamoDB, Amazon SNS
D. Amazon Athena, Amazon Cognito, Amazon EC2

Answer 5

Answer: C
Explanation:
AWS provides a set of fully managed services that you can use to build and run serverless applications.
Serverless applications don’t require provisioning, maintaining, and administering servers for backend
components such as compute, databases, storage, stream processing, message queueing, and more. You
also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS
handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3,
DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and
services.

Question 6

What are the advantages of the AWS Cloud (Select TWO )
A. Fixed rate monthly cost
B. No need to guesscapacity requirements
C. Increased speed to market
D. Increased upfront capital expenditure
E. Physical access to cloud data centers

Answer 6

Answer: B D

Question 7

Which of the following BEST describe theAWS pricing model? (Select TWO )
A. Fixed-term
B. Pay-as-you-go
C. Colocation
D. Planned
E. Variable cost

Answer 7

Answer: B E

Question 8

What can AWS edgelocations be used for? (Select TWO.)
A. Hosting applications
B. Delivering content closer to users
C. Running NoSQL database caching services
D. Reducing traffic on the server by caching responses
E. Sending notification messages to end users

Answer 8

Answer: B D
Explanation:
CloudFront delivers your content through a worldwide network of data centers called edge locations. When
a user requests content that you’re serving with CloudFront, the user is routed to the edge location that
provides the lowest latency (time delay),so that content is delivered with the best possible performance

Question 9

Why is it beneficial to use Elastic Load Balancers with applications?
A. They allow for the conversion from Application Load
B. Balancers to Classic Load Balancers
C. They arecapable of handling constant changes in network traffic patterns
D. They automatically adjust capacity. They are provided at no charge to users

Answer 9

Answer: B

Question 10

How can one AWS account use Reserved Instances from anotherAWS account?
A. By using Amazon EC2 Dedicated Instances
B. By using AWS Organizations consolidated billing
C. By using the AWS Cost Explorer tool
D. By using AWS Budgets

Answer 10

Answer: B

Question 11

One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is:
A. the ability to bid for a lower hourly cost.
B. paying a daily rate regardless of time used.
C. paying onlyfor time used.
D. pre-paying for instances and paying a lower hourly rate.

Answer 11

Answer: C
Explanation:
On-Demand Capacity Reservations are priced exactly the same as their equivalent (On-Demand) instance
usage. If a Capacity Reservation is fully utilized, you only pay for instance usage and nothing towards the
Capacity Reservation. If a Capacity Reservation is partially utilized, you pay for the instance usage and for
the unused portion of the Capacity Reservation

Question 12

Which of the following is an important architectural design principle when designing cloud applications?
A. Usemultiple Availability Zones.
B. Use tightly coupled components.
C. Use open source software.
D. Provision extra capacity.

Answer 12

Answer: A
Explanation:
Data Center resilience is practiced through Availability Zones across data centers that reduce the impact of
failures.
Fault isolation improvement can be made to traditional horizontal scaling by sharding (a method of grouping
instances into groups called shards, instead of sending the traffic from all users to every node like in the
traditional IT structure.)

Question 13

Which AWS service canbe used to query stored datasets directly from Amazon S3 using standard SQL?
A. AWS Glue
B. AWS Data Pipeline
C. Amazon CloudSearch
D. Amazon Athena

Answer 13

Answer: D

Question 14

Which disaster recovery scenario offers the lowest probability of down time?
A. Backup and restore
B. Pilot light
C. Warm standby
D. Multi-site active-active

Answer 14

Answer: D
Explanation:
Backup and Restore: asimple, straightforward, cost-effective method that backs up and restores data as
needed.
Keep in mind that because none of your data is on standby, this method, while cheap, can be quite
time-consuming.
Pilot Light: This method keeps critical applicationsand data at the ready so that it can be quickly retrieved if
needed.
Warm Standby: This method keeps a duplicate version of your business’ core elements running on standby
at all times, which makes for a little downtime and an almost seamless transition.
Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company’s
data/applications between two or more active locations and splits your traffic/usage between them. If a
disaster strikes, everything is simply rerouted to the unaffected area, which means you’ll suffer almost zero
downtime. However, by running two separate environments simultaneously, you will obviously incur much
higher costs.
Reference: https://cloudranger.com/best-practices-aws-disaster-recovery-planning/

Question 15

Which of the following is an AWSCloud architecture design principle?
A. Implement single points of failure.
B. Implement loose coupling.
C. Implement monolithic design.
D. Implement vertical scaling.

Answer 15

Answer: B
Explanation:
Loose coupling between services can also be done throughasynchronous integration. It involves one
component that generates events and another that consumes them. The two components do not integrate
through direct point-to-point interaction, but usually through an intermediate durable storage layer. This
approach decouples the two components and introduces additional resiliency. So, for example, if a process
that is reading messages from the queue fails, messages can still be added to the queue to be processed
when the system recovers.

Question 16

Much AWS services provide a way to extend an on-premises architecture to the AWS Cloud? (Select
TWO )
A. Amazon EBS
B. AWS Direct Connect
C. Amazon CloudFront
D. AWS Storage Gateway
E. Amazon Connect

Answer 16

Answer: B D

Question 17

Which AWS service is a managed NoSQL database?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon RDS for ManaDB

Answer 17

Answer: B

Question 18

How can acompany reduce its Total Cost of Ownership (TCO) using AWS?
A. By minimizing large capital expenditures
B. By having no responsibility for third-party license costs
C. By having no operational expenditures
D. By having AWS manage applications

Answer 18

Answer: D

Question 19

A company is planning to migrate from on-premises to the AWS Cloud
When AWS tool or service provides detailed reports on estimated cost savings after migration?
A. AWS Total Cost of Ownership (TCO)Calculator
B. Cost Explorer
C. AWS Budgets
D. AWS Migration Hub

Answer 19

Answer: C

Question 20

Whichof the following security measures protect access to an AWS account? (Select TWO.)
A. Enable AWS CloudTrail.
B. Grant least privilege access to IAM users.
C. Create one IAM user and share with many developers and users.
D. Enable Amazon CloudFront.
E. Activate multi-factor authentication (MFA) for privileged users.

Answer 20

Answer: B E
Explanation:
If you decided to create service accounts (that is, accounts used for programmatic access by applications
running outside of the AWS environment) and generate access keys forthem, you should create a
dedicated service account for each use case. This will allow you to restrict the associated policy to only the
permissions needed for the particular use case, limiting the blast radius if the credentials are compromised.
For example, if a monitoring tool and a release management tool both require access to your AWS
environment, create two separate service accounts with two separate policies that define the minimum set
of permissions for each tool.

Question 21

What can users access from AWS Artifact?
A. AWS security and compliance documents
B. A download of configuration management details for all AWS resources
C. Training materials for AWS services
D. A security assessment of the applications deployed in the AWS Cloud

Answer 21

Answer: B

Question 22

A company’s web application currently has light dependencies on underlyingcomponents so when one
component fails the entire web application fails
Applying which AWS Cloud design principle will address the current design issue?
A. Implementing elasticity enabling the application to scale up or scale down as demand changes
B. Enabling several EC2 instances to run in parallel to achieve better performance
C. Focusing on decoupling components by isolating them and ensuring individual components can function
when other components
D. Doubling EC2 computing resources to increase systemfault tolerance

Answer 22

Answer: C

Question 23

Which of the following is a cloud architectural design principle?
A. Scale up not out
B. Loosely couple components
C. Build monolithic systems
D. Use commercial database software

Answer 23

Answer: B

Question 24

Which Amazon EC2 pricing model offers the MOST significant discount when compared to OnDemand
Instances?
A. A Partial Upfront Reserved Instances for a 1-year term
B. All Upfront Reserved instances for a 1 year form
C. All Upfront Reserved Instances for a 3 year term
D. No Upfront Reserved Instances for a 3 year term

Answer 24

Answer: C

Question 25

What can assist in evaluating anapplication for migration to the cloud? (Select TWO )
A. AWS Trusted Advisor
B. AWS Professional Services
C. AWS Systems Manager
D. AWS Partner Network (APN)
E. AWS Secrets Manager

Answer 25

Answer: B D

Question 26

If each department within a company has itsown AWS account, what is one way to enable consolidated
billing?
A. Use AWS Budgets on each account to pay only to budget.
B. Contact AWS Support for a monthly bill.
C. Create an AWS Organization from the payer account and invite the other accounts to join.
D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into Amazon
Redshift, and then run a billing report.

Answer 26

Answer: C

Question 27

Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific
users?
A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups

Answer 27

Answer: C
Explanation:
To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must
explicitly grant those user-level permissions. You can grant user-level permissions on either an AWS
Identity and Access Management (IAM) policy or another statement in the bucket policy.

Question 28

How does AWS shorten the time to provision IT resources?
A. It supplies an online IT ticketing platform for resource requests.
B. Itsupports automatic code validation services.
C. It provides the ability to programmatically provision existing resources.
D. It automates the resource request process from a company’s IT vendor list.

Answer 28

Answer: C

Question 29

Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO )
A. Multiple Availability Zones
B. Performance efficiency
C. Security
D. Encryption usage
E. High availability

Answer 29

Answer: B C

Question 30

What time-savings advantage is offered with the use of Amazon Rekognition?
A. Amazon Rekognition provides automatic watermarking of images
B. Amazon Rekognition provides automatic detection of objects appeanng m pictures
C. Amazon Recognition provides the ability to resize millions of images automatically
D. Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection jobs

Answer 30

Answer: B

Question 31

A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with
which cloud architecture principle?
A. Think parallel
B. Implement elasticity
C. Decouple your components
D. Design for failure

Answer 31

Answer: B

Question 32

Which of the following will enhance the security of access to the AWS Management Console’? (Select TWO )
A. AWS Secrets Manager
B. AWS Certificate Manager
C. AWS Multi-Factor Authentication (AWS MFA)
D. Securitygroups
E. Password policies

Answer 32

Answer: C E

Question 33

Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional
database management?
A. AWS manages the data stored in Amazon RDS tables.
B. AWS manages themaintenance of the operating system.
C. AWS automatically scales up instance types on demand.
D. AWS manages the database type.

Answer 33

Answer: C
Explanation:
RDS lowers administrative burden through automatic software patching and maintenance of the
underlyingoperating system and secondly, you still have to manually upgrade the underlying instance type
of your database cluster in order to scale it up.

Question 34

Which AWS services provide a wayto extend an on-premises architecture to the aws cloud?
A. Amazon EBS
B. Amazon Connect
C. AWS Storage GatewayAWS CLOUD PRACTITIONER DUMPS
D. Amazon CloudFront
E. AWS Direct Connect

Answer 34

Answer: B D

Question 35

Which AWS services can be used to gather information about AWS account activity? (Select TWO.)
A. Amazon CloudFront
B. AWS Cloud9
C. AWS CloudTrail
D. AWS CloudHSM
E. Amazon CloudWatch

Answer 35

Answer: C E
Explanation:
AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and
stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. Metrics are
calculated for create, modify, anddelete API calls for more than 60 supported AWS services. The solution
also features a dashboard that visualizes your account activity in real-time.

Question 36

What are the benefits of developing and running a new application in the AWS Cloud compared to
on-premises? (Select TWO )
A. AWS automatically distributes the data globally for higher durability
B. AWS will take care of operating the application
C. AWS makes it easy to architect for high availability
D. AWS can easilyaccommodate application demand changes
E. AWS takes care of application security patching

Answer 36

Answer: C D

Question 37

Which of the following are main components of the AWS global infrastructure? (Select TWO)
A. Resourcegroups
B. Availability Zones
C. Security groups
D. Regions
E. Amazon Machine Images (AMIS)

Answer 37

Answer: B E

Question 38

Which of the following can an AWS customer use to launch a new Amazon Relational Database Service
(Amazon RDS) cluster? (Select TWO.)
A. AWS Concierge
B. AWS CloudFormation
C. Amazon Simple Storage Service (Amazon S3)
D. Amazon EC2 Auto Scaling
E. AWS Management Console

Answer 38

Answer: B E

Question 39

Which AWS service is used to track record, and audit configuration changes made to AWS resources?
A. AWS Shield
B. AWS Config
C. AWS 1AM
D. Amazon Inspector

Answer 39

Answer: B

Question 40

Which of the following is acomponent of the shared responsibility model managed entirely by AWS?
A. Patching operating system software
B. Encrypting data
C. Enforcing multi-factor authentication
D. Auditing physical data center assets

Answer 40

Answer: D
Explanation:
Of course, Amazon is responsible for auditing physical data center assets and resources since it is the
property of Amazon Inc. Customers have no access to physical sites, hence they are not responsible for
maintaining physical data center assets.

Question 41

How doAmazon EC2 Auto Scaling groups help achieve high availability for a web application?
A. They automatically add more instances across multiple AWS Regions based on global demand of the
application
B. They automatically add or replace instances across multiple Availability Zones when the application
needs it
C. They enable the application’s stalk: content to reside closer to end users
D. They are able to distribute incoming requests across a tier of web server instances

Answer 41

Answer: B

Question 42

A company wants to focus on business activities instead of managingcompute and capacity
Which AWS service can be used to automatically add or remove Amazon EC2 instances based on
demand)
A. Elastic Load Balancer
B. Amazon EC2 Auto Scaling
C. Amazon Route 53
D. Amazon CloudFront

Answer 42

Answer: B

Question 43

Which element of the AWS global infrastructure consists of one or more discrete data centers each with
redundant power networking and connectivity which are housed in separate facilities?
A. AWS Regions
B. Availability Zones
C. Edge locations
D. Amazon CloudFront

Answer 43

Answer: B

Question 44

A user is planning to launch two additional Amazon EC2 instances to increase availability. Which action
should theuser take?
A. Launch the instances across multiple Availability Zones in a single AWS Region
B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability
Zone
C. Launch the instances in multiple AWS Regions but in thesame Availability Zone
D. Launch the instances as EC2 Spot Instances in the same AWS Region but in different Availability Zones

Answer 44

Answer: B

Question 45

What is a value proposition of the AWS Cloud?
A. AWS is responsible for security in the AWS Cloud
B. No long-term contract is required
C. Provision new servers in days
D. AWS manages user applications in the AWS Cloud

Answer 45

Answer: D

Question 46

A. Easy and fast deployment of applications in multiple Regions around the world
B. Security of the AWS Cloud
C. Elasticity of the AWS Cloud
D. Lower variable costs due to massive economies of scale

Answer 46

Answer: A

Question 47

How canthe AWS Cloud increase user workforce productivity after migration from an on-premises data
center?
A. Users do not have to wait for infrastructure provisioning
B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure
C. AWS takes over application configuration management on behalf of users
D. Users do not need to address security and compliance issues

Answer 47

Answer: D

Question 48

A user must meet compliance andsoftware licensing requirements that state a workload must be hosted on
a physical server. When Amazon EC2 instance pricing option will meet these requirements?
A. Dedicated Hosts
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances

Answer 48

Answer: A

Question 49

In which scenario should Amazon EC2 Spot Instances be used?
A. A company wants to move its main website to AWS from an on-premises web server.
B. A company has a number of application services whose Service Level Agreement (SLA) requires
99.999% uptime.
C. A company’s heavily used legacy database is currently runningon-premises.
D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances

Answer 49

Answer: D

Question 50

According to the AWS shared responsibility model what is the sole responsibility of AWS?
A. Application security
B. Edge location management
C. Patch management
D. Client-side data

Answer 50

Answer: C

Question 51

Which of the following tasks is the responsibility of AWS?
A. Encrypting client-side data
B. Configuring AWS Identity and Access Management (IAM) roles
C. Securing the Amazon EC2 hypervisor
D. Setting user password policies

Answer 51

Explanation:
In EC2, the AWSIaaS offering, everything from the hypervisor layer down is AWS’s responsibility. A
customer’s poorly coded applications, misconfigured operating systems, or insecure firewall settings will
not affect the hypervisor, it will only affect the customer’s virtual machines running on that hypervisor.

Question 52

A user wantsguidance on possible savings when migrating from on-premises to AWS Which tool is suitable
for this scenario?
A. AWS Budgets
B. Cost Explorer
C. AWS Total Cost of Ownership (TCO) Calculator
D. AWS Well-Architected Tool

Answer 52

Answer: C

Question 53

Which AWS support plan includes a dedicated Technical Account Manager?
A. Developer
B. Enterprise
C. Business
D. Basic

Answer 53

Answer: B
Explanation:
The enterprise support plans supports technical account manager. Developer and business support plans
are devoid ofthis facility.

Question 54

Which serviceprovides a hybrid storage service that enables on-premises applications to seamlessly use
cloud storage?
A. Amazon Glacier
B. AWS Snowball
C. AWS Storage Gateway
D. Amazon Elastic Block Storage (Amazon EBS)

Answer 54

Answer: C
Explanation:
AWS Storage Gateway is ahybrid cloud storage service that gives you on-premises access to virtually
unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce
costs for key hybrid cloud storage use cases. These include moving tape backups tothe cloud, reducing
on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for
on-premises applications, as well as various migration, archiving, processing, and disaster recovery use
cases.

Question 55

According to the AWS shared responsibility model who ts responsible for configuration management?
A. It is solely the responsibility of the customer
B. It is solely the responsibility of AWS
C. It is shared between AWS and the customer
D. It is not part of the AWS shared responsibility model

Answer 55

Answer: C

Question 56

Which of the following services is in the category of AWS serverless platform?
A. Amazon EMR
B. Elastic Load Balancing
C. AWS Lambda
D. AWS Mobile Hub

Answer 56

Answer: C
Explanation:
AWS provides a set of fully managed services that you can use to build and run serverless applications.
Serverless applications don’t require provisioning, maintaining, and administering servers for backend
components such as compute, databases, storage, stream processing, message queueing, and more. You
also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS
handles all of these capabilities for you. Serverless platform includes: AWS lambda, AmazonS3,
DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and
services.

Question 57

Which of the following is an AWS-managed compute service?
A. Amazon SWF
B. Amazon EC2
C. AWS Lambda
D. Amazon Aurora

Answer 57

Answer: B

Question 58

Under the shared responsibility model which ofthe following areas are the customer’s responsibility?
(Select TWO )
A. Firmware upgrades of network infrastructure
B. Patching of operating systems
C. Patching of the underlying hypervisor
D. Physical security of data centers
E. Configuration of the security group

Answer 58

Answer: B C

Question 59

Which service is best for storing common database query results, which helps to alleviate database access
load?
A. Amazon Machine Learning
B. Amazon SQS
C. Amazon ElastiCache
D. Amazon EC2 Instance Store

Answer 59

Answer: C
Explanation:
Amazon ElastiCache for Redis is a great choice for implementing a highly available, distributed, and secure
in-memory cache to decrease access latency, increase throughput, and ease the load off your relational or
NoSQL databases and applications. ElastiCache can serve frequently requested items at sub-millisecond
response times, and enables you to easily scale for higher loads without growing the costlier backend
databases. Database query results caching, persistent session caching, and full-page caching are all
popular examples of caching with ElastiCache for Redis.

Question 60

Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC)
Dashboard? (Select TWO.)
A. Amazon CloudFront distributions
B. Amazon Route 53
C. Security Groups
D. Subnets
E. Elastic Load Balancing

Answer 60

Answer: C D
Explanation:
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete
control over your virtual networking environment, including selection of your own IP address range, creation
of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in
your VPC for secure and easy access to resources and applications.
You can easily customize the network configuration for your Amazon VPC. For example, you can create a
public-facing subnet for your web servers that has access to the Internet, and place your backend systems
such as databases or application servers in a private-facing subnet with no Internet access. You can
leverage multiple layers of security, including security groups and network access control lists, to help
control access to Amazon EC2 instances in each subnet.

Question 61

How does AWS Trusted Advisor provide guidance to users of the AWS Cloud? (Select TWO )
A. It identifies software vulnerabilities inapplications running on AWS
B. It provides a list of cost optimization recommendations based on current AWS usage
C. It detects potential security vulnerabilities caused by permissions settings on account resources
D. It automatically corrects potential security issues caused by permissions settings on account resources
E. It provides proactive alerting whenever an Amazon EC2 instance has been compromised

Answer 61

Answer: B C

Question 62

Which AWS service can serve a static website?
A. Amazon S3
B. Amazon Route 53
C. Amazon QuickSight
D. AWS X-Ray

Answer 62

Answer: A
Explanation:
Youcan host a static website on Amazon Simple Storage Service (Amazon S3). On a static website,
individual webpages include static content. They might also contain client-side scripts. By contrast, a
dynamic website relies on server-side processing, includingserver-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting.

Question 63

Which AWSservice of feature can be used to monitor CPU usage?
A. AWS CloudTrail
B. VPC Flow Logs
C. Amazon CloudWatch
D. AWSConfig

Answer 63

Answer: C

Question 64

Which type of AWS storage is ephemeral and is deleted when an instance is stopped Of terminated?
A. Amazon EBS
B. Amazon EC2 instance store
C. Amazon EFS
D. Amazon S3

Answer 64

Answer: B

Question 65

Which AWSservice identifies security groups that allow unrestricted access to a user's AWS resources?
A. AWS Trusted Advisor
B. Amazon Inspector
C. Amazon CloudWatch
D. AWS CloudTrail

Answer 65

Answer: A

Question 66

Which of the following services falls under the responsibility of the customer to maintain operating system
configuration, security patching, and networking?
A. Amazon RDS
B. Amazon EC2
C. Amazon ElastiCache
D. AWS Fargate

Answer 66

Answer: B
Explanation:
The customer is responsible for managing, support, patching and control of the guest operating system and
AWS services provided like EC2.

Question 67

How do customers benefit from Amazon’s massive economies of scale?
A. Periodic price reductions as the result of Amazon’s operational efficiencies
B. New Amazon EC2 instance types providing the latest hardware
C. The ability to scale up and down when needed
D. Increased reliability in the underlying hardware of Amazon EC2 instances

Answer 67

Answer: C
Explanation:
By using cloud computing, you can achieve a lower variable cost than you can get on your own. Because
usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can
achieve higher economies of scale, which translates into lower pay as-you-go prices.

Question 68

Which AWS feature allows a company to take advantage of usage tiers for services across multiple
member accounts?
A. Service control policies (SCPs)
B. Consolidated billing
C. All Upfront Reserved Instances
D. AWS Cost Explorer

Answer 68

Answer: B

Question 69

Which AWS feature should a customer leverage to achieve high availability of an application?
A. AWSDirect Connect
B. Availability Zones
C. Data centers
D. Amazon Virtual Private Cloud (Amazon VPC)

Answer 69

Answer: B
Explanation:
This is to achieve High Availability for any web application (in this case SwiftCode) deployed in AWS. The
following features will bepresent:

Question 70

Which AWS service would a customer use with a static website to achieve tower latency and high transfer
speeds?
A. AWS Lambda
B. Amazon DynamoDB Accelerator
C. Amazon Route 53
D. Amazon CloudFront

Answer 70

Answer: D

Question 71

Which benefits are included with the AWS Business Support plan? (Select TWO )
A. 24/7assistance by way of live chat or a telephone call
B. Support from a dedicated AWS Technical Account Manager
C. An unlimited number of cases and contacts
D. 15-minute response time for production system interruption cases
E. Annual operational reviews with AWS Solutions Architects

Answer 71

Answer: A C

Question 72

A company will be moving from an on-premises data center to the AWS Cloud. What would be one financialdifference after the move?
A. Moving from variable operational expense (opex) to upfront capital expense (capex).
B. Moving from upfront capital expense (capex) to variable capital expense (capex).
C. Moving from upfront capital expense (capex) tovariable operational expense (opex).
D. Elimination of upfront capital expense (capex) and elimination of variable operational expense (opex)

Answer 72

Answer: C

Question 73

Which of the following services have Distributed Denial of Service (DDoS) mitigation features? (Select
TWO)
A. AWS WAF
B. Amazon DynamoDB
C. Amazon EC2
D. Amazon CloudFront
E. Amazon Inspector

Answer 73

Answer: A D

Question 74

Which is the MINIMUM AWS Support plan that provides technical support through phone calls?
A. Enterprise
B. Business
C. Developer
D. Basic

Answer 74

Answer: B

Question 75

Which of the following common IT tasks can AWS cover to free up company IT resources? (Select TWO.)
A. Patching databases software
B. Testing application releases
C. Backing up databases
D. Creating database schema
E. Running penetration tests

Answer 75

Answer: A C

Question 76

Which AWS service delivers data, videos, applications, and APIs to users globally with low latency and high
transfer speeds?
A. Amazon Route 53
B. Amazon Connect
C. Amazon CloudFront
D. Amazon EC2

Answer 76

Answer: B

Question 77

Which AWS service can be used to automatically scale an application up and down without making
capacity planning decisions?
A. Amazon EBS
B. Amazon Redshift
C. AWS CloudTrail
D. AWS Lambda

Answer 77

Answer: D

Question 78

What is an advantage of deploying an application across multiple Availability Zones?
A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS
Region
B. The application will have higher availability because it can withstand a service disruption in one
Availability Zone
C. There will be better coverage as Availability Zones are geographical^ distant and can serve a wider area
D. There will be decreased application latency that will improve the user experience

Answer 78

Answer: B

Question 79

A company needs 24/7 phone email and chat access with a response time of less than 1 hour if a
production system has a service interruption
Which AWS Support plan meets these requirements at the LOWEST cost?
A. Basic
B. Developer
C. Business
D. Enterprise

Answer 79

Answer: D

Question 80

AWS Enterprise Support users have access towhich service or feature that is not available to users with
other AWS Support plans?
A. AWS Trusted Advisor
B. AWS Support case
C. Concierge team
D. Amazon Connect

Answer 80

Answer: D

Question 81

Which of the following is a component of the AWS Global Infrastructure?
A. Amazon Alexa
B. AWS Regions
C. Amazon Lightsail
D. AWS Organizations

Answer 81

Answer: B

Question 82

Which AWS security service protects applications from distributed denial of service attacks with always-on
detection and automatic inline mitigations?
A. AmazonInspector
B. AWS Web Application Firewall (AWS WAF)
C. Elastic Load Balancing (ELB)
D. AWS Shield

Answer 82

Answer: B

Question 83

What credential components are required to gain programmatic access to an AWS account? (Select TWO )
A. An access key ID
B. A primary key
C. A secret access key
D. A user ID
E. A secondary key

Answer 83

Answer: A C

Question 84

A company wants to migrate its applications to a VPC on AWS These applications will need to access
on-premises resources What combination of actions will enable the company to accomplish this
goals?(Select TWO )
A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated
B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC
C. Use Amazon Athena to query data fromthe on-premises database servers
D. Connect the company’s on-premises data center to AWS using AWS Direct Connect
E. Leverage Amazon CloudFront to restrict access to static web content provided through the company’s
on-premises web servers

Answer 84

Answer: A B

Question 85

A company has deployed several relational databases on Amazon EC2 instances Every month the
database software vendor releases new security patches that need to be applied to the databases
What is the MOST efficient way toapply the security patches?
A. Connect to each database instance on a monthly basis and download and apply the necessary security
patches from the vendor
B. Enable automate patching for the instances using the Amazon RDS console
C. In AWS Config. configurea rule for the instances and the required patch level
D. Use AWS Systems Manager to automate database patching according to a schedule

Answer 85

Answer: D

Question 86

How can a customer increase security to AWS account logons? (Select TWO )
A. Configure AWS Certificate Manager
B. Enable Multi-Factor Authentication (MFA)
C. UseAmazon Cognito to manage access
D. Configure a strong password policy
E. Enable AWS Organizations

Answer 86

Answer: B D

Question 87

Which AWS service allows users to identify the changes made to a resource over time?
A. Amazon Inspector
B. AWS Config
C. AWS Service Catalog
D. AWS 1AM

Answer 87

Answer: B

Question 88

Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional
costs?
A. Enterprise
B. Business
C. Developer
D. Basic

Answer 88

Answer: A
Explanation:
https://aws.amazon.com/premiumsupport/plans

Question 89

What are the benefits of using the AWS Cloud for companies with customers in many countries around the
world (SelectTWO)
A. Companies can deploy applications in multiple AWS Regions to reduce latency
B. Amazon Translate automatically translates third-party website interfaces into multiple languages
C. Amazon CloudFront has multiple edge locations around the world to reduce latency
D. Amazon Comprehend allows users to build applications that can respond to user requests in many
languages
E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world
which reduces latency

Answer 89

Answer: A C

Question 90

Which options does AWS make available for customers who want to learn about security in the cloud in an
instructor-led setting? (Select TWO.)
A. AWS Trusted Advisor
B. AWS Online Tech Talks
C. AWS Blog
D. AWS Forums
E. AWS Classroom Training

Answer 90

Answer: B E

Question 91

When should a company consider using Amazon EC2 Spot Instances? (Select TWO )
A. For non-production applications
B. For stateful workloads
C. For applications that cannot have interruptions
D. For fault-tolerant flexible applications
E. For sensitive database applications

Answer 91

Answer: A D

Question 92

The user is fully responsible for which action when running workloads on aws?
A. Patching the infrastructure components
B. Maintaining the underlying infrastructure components
C. Maintaining physical and environmental controls
D. Implementing controls to route application traffic

Answer 92

Answer: B

Question 93

Which AWS service is used to pay AWS bills, and monitor usage and budget costs?
A. AWS Billing and Cost Management
B. Consolidated billing
C. Amazon CloudWatch
D. Amazon GuickStght

Answer 93

Answer: B

Question 94

An administrator needs to rapidly deploy a popular IT solution and start using it immediately. Where can the
administrator find assistance?
A. AWS Well-Architected Framework documentation
B. Amazon CloudFront
C. AWS CodeCommit
D. AWS Quick Start reference deployments

Answer 94

Answer: D
Explanation:
Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on
AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds
of manual procedures into just a few steps, so you canbuild your production environment quickly and start
using it immediately.

Question 95

How should a customer forecast the future costs for running a new web application?
A. Amazon Aurora Backtrack
B. Amazon CloudWatch Billing Alarms
C. AWS Simple Monthly Calculator
D. AWS Cost and Usage report

Answer 95

Answer: C
Explanation:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html

Question 96

Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility
model?
A. Ensuring network connectivity from AWS to the internet
B. Patching and fixing flaws within the AWS Cloud infrastructure
C. Ensuring the Answer: Dphysical security of cloud data centers
D. Ensuring Amazon EBS volumes are backed up

Answer 96

Answer: D

Question 97

Which AWS service or feature can enhance network security by blocking requests from a particular network for a web application on AWS? (Select TWO)
A. AWSWAF
B. AWS Trusted Advisor
C. AWS Direct Connect
D. AWS Organizations
E. Network ACLs

Answer 97

Answer: A E