Topic 3

Question 1

A company wants to try a third party ecommerce solution before deciding to use it long torm Which AWS
Orvice or tool will support this effort?
A. AWS Marketplace
B. AWS Partner Network (APN)
C. AWS Managed Services
D. AWS Service Catalog

Answer 1

Answer: A

Question 2

IT systems should be designed to reduce interdependencies, so that a change or failure in one component
does not cascade to other components
This is an example of which principle of cloud architecture design?
A. ScalabilityAWSCLOUD PRACTITIONER DUMPS
B. Loose coupling
C. Automation
D. Automatic scaling

Answer 2

Answer: B

Question 3

The ability to horizontally scale Amazon EC2 instances based on demand is an example of which concept in the AWSCloud value proposition?
A. Economy of scale
B. Elasticity
C. High availability
D. Agility

Answer 3

Answer: A

Question 4

When a company provisions web servers in multiple AWS Regions,what is being increased?
A. Coupling
B. Availability
C. Security
D. Durability

Answer 4

Answer: B

Question 5

Which AWS service helps users meet contractual and regulatory compliance requirements for data security
by using dedicated hardware appliances within the AWS Cloud?
A. AWS SecretsManager
B. AWS CloudHSM
C. AWS Key Management Service (AWS KMS),
D. AWS Directory Service

Answer 5

Answer: B

Question 6

Amazon Route 53 enables users to:
A. encrypt data in transit.
B. register DNS domain names
C. generate and manage SSL certificates OD.
D. establish a dedicated network connection to AWS

Answer 6

Answer: B

Question 7

How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS?
A. AWS Senior Support Engineers
B. AWSTechnical Account Managers
C. AWS Trusted Advisor
D. AWS Discussion Forums

Answer 7

Answer: C

Question 8

How can a company isolate the costs of production and non-production workloads on AWS?
A. Create identity and Access Management (IAM) roles for production and non-production workloads
B. Use different accounts for production and non-production expenses.
C. Use Amazon EC2 for non-production workloads and otherservices for production workloads.
D. Use Amazon CloudWatch to monitor the use of services

Answer 8

Answer: B

Question 9

Which AWS service or feature can be used to monitor CPU usage?
A. AWS CloudTrail
B. VPC Flow Logs
C. Amazon CloudWatch
D. AWS Config

Answer 9

Explanation:
Amazon CloudWatch is ma onitoring service for AWS cloud resources and the applications you run on
AWS. You can use Amazon CloudWatch to collect and track metrics, collect andmonitor log files, and set
alarms.

Question 10

A user is planning to migrate an application workload to the AWS Cloud Which control becomes the
responsibility of AWS once the migration is complete?
A. Patching the guest operating system
B. Maintaining physical and environmental controls
C. Protecting communications and maintaining zone security
D. Patching specific applications

Answer 10

Answer: B

Question 11

Which AWS service provides a quick and automated way to create and manage AWS accounts?
A. AWS QuickSight
B. Amazon Lightsail
C. AWSOrganizations
D. Amazon Connect

Answer 11

Answer: C

Question 12

Which AWS service can run a managedPostgreSQL database that provides online transaction processing
(OLTP)?
A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR

Answer 12

Answer: C
Explanation:
https://aws.amazon.com/blogs/big-data/join-amazon-redshift-and-amazon-rds-postgresql-with-dblink/

Question 13

Users are reporting latency when connecting to an website with a global customer base. Which AWS service will improve the customer experience by reducing latency?
A. Amazon CloudFront
B. AWS Direct Connect
C. Amazon EC2 Auto Scaling
D. AWS Transit Gateway

Answer 13

Answer: A

Question 14

Which of the following are benefits of using AWS Trusted Advisor? (Select TWO.)
A. Providing high-performance containerorchestration
B. Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment Implementing enforced tagging
across AWS resources

Answer 14

Answer: C

Question 15

TheAWS Trusted Advisor checks include recommendations regarding which of the following? (Select
TWO.)
A. Information on Amazon S3 bucket permissions
B. AWS service outages
C. Multi-factor authentication enabled on the AWS account root user
D. Available software patches
E. Number of users in the account

Answer 15

Answer: A D

Question 16

Which of the following can be used a second factor within the AWS Management Console for AWS
Multi-Factor Authentication (AWS MFA)?
A. AWS IAM password
B. AWS Certificate Manager certificate
C. U2F security key token
D. Access key or secret key

Answer 16

Answer: C

Question 17

Which AWS service helps identifymalicious or unauthorized activities in AWS accounts and workloads?
A. Amazon Rekognition
B. AWS Trusted Advisor
C. Amazon GuardDuty
D. Amazon CloudWatch

Answer 17

Answer: C

Question 18

Which AWS Support plan offers access to self-paced labs?
A. Business Support
B. Enterprise Support
C. Basic Support
D. Developer Support

Answer 18

Answer: B

Question 19

A company’s application running on Amazon EC2 is designed to use an Auto Scaling group to dynamically
add or remove instances as demand increases or decreases. This is an example of
which AWS Cloud architectural principle?
A. Loose coupling
B. Elasticity
C. Design for failure
D. Parallelism

Answer 19

Answer: B

Question 20

What are the multiple, isolated locations within an AWS Region that are connected by low-latency networks
called?
A. AWS Direct Connects
B. Amazon VPCs
C. Edge locations
D. Availability Zones

Answer 20

Answer: D
Explanation:
Each Region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a
Region are connected through low-latency links. A Local Zone is an AWS infrastructure deployment that
places select services closer to your end users. A Local Zone is an extension of a Region that is in a
different location from your Region. It provides a high-bandwidth backbone to the AWS infrastructure and is
ideal for latency-sensitive applications, for example machine learning.
e:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Question 21

Which AWS dashboard displays relevant and timely information to help users manage events in progress,
and provides proactive notifications to help plan for scheduled activities?
A. AWS Service Health Dashboard
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor dashboard
D. Amazon CloudWatch dashboard

Answer 21

Answer: B
Explanation:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
AWS Personal Health Dashboard AWS Personal HealthDashboard provides alerts and remediation
guidance when AWS is experiencing events that might affect you. While the Service Health Dashboard
displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. The dashboard
displays relevant and timely information to help you manage events in progress, and provides proactive
notification to help you plan for scheduled activities. With Personal Health Dashboard, alerts are
automatically triggered by changes in the health of AWS resources, giving you event visibility and guidance
to help quickly diagnose and resolve issues.

Question 22

When building a cloud Total Cost of Ownership (TCO) model, which costelements should be considered for
workloads running on AWS? (Select THREE.)
A. Compute costs
B. Facilities costs
C. Storage costs
D. Data transfer costs
E. Network infrastructure costs
F. Hardware lifecycle costs

Answer 22

Answer: A E

Question 23

A company operating in the AWS Cloud requires separate invoices for specific environments, such as
development, testing, and production How can this be achieved? OA. Use multiple AWS accounts.
A. Use resource tagging
B. Use multiple VPCs.
C. Use Cost Explorer

Answer 23

Answer: A

Question 24

Where can users find a catalog of AWS-recognized providers of third-party security solutions?
A. AWS Service Catalog
B. AWS Marketplace
C. AWS Quick Start OD
D. AWS CodeDeploy

Answer 24

Answer: A Creo que realmente debería ser Marketplace

Question 25

Within the AWS Shared responsibility model, who is responsible for security and compliance?
A. The customer is responsible
B. AWS is responsible
C. AWS and the customer share responsibility
D. AWS shares responsibility with the relevant governing body

Answer 25

Answer: C

Question 26

Which AWS services can be used as infrastructure automation tools? (Select TWO.)
A. AWS CloudFormation
B. Amazon CloudFront
C. AWS Batch
D. AWS OpsWorks
E. Amazon QuickSight

Answer 26

Answer: A D

Question 27

Which AWS services can be used to provide network connectivity between an on-premises network and a
VPC? (Select TWO.)
A. Amazon Route 53
B. AWS Direct Connect
C. AWS Data Pipeline AWS VPN
D. Amazon Connect

Answer 27

Answer: B

Question 28

An ecommerce company anticipates a huge increasein web traffic for two very popular upcoming shopping
holidays
Which AWS service or feature can be configured to dynamically adjust resources to meet this change in
demand?
A. AWS Cloud Trail
B. Amazon EC2 Auto Scaling
C. Amazon Forecast
D. AWS Config

Answer 28

Answer: B

Question 29

Why is it beneficial to use Elastic Load Balancers with applications?
A. They allow for the conversion from Application Load Balancers toClassic Load Balancers.
B. They are capable of handling constant changes in network traffic patterns.
C. They automatically adjust capacity
D. They are provided at no charge to

Answer 29

Answer: B

Question 30

What is an Availability Zone in AWS?
A. One or more physical data centers
B. A completely isolated geographic location
C. One or more edge locations based around the world
D. A data center location with a single source of power and networking

Answer 30

Answer: A

Question 31

How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Select TWO)
A. By the time it takes for the Lambda function to execute.
B. By the number of versions of a specific Lambda function. C. By the number of requests made for a given Lambda function.
D. By the programming language that is used for the Lambda function
E. By the total number of Lambda functions in an AWS account

Answer 31

Answer: A C

Question 32

A company is running an ecommerce application hosted inEurope. To decrease latency for users who
access the website from other parts of the world, the company would like to cache frequently accessed
static content closer to the users
Which AWS service will support these requirements?
A. Amazon ElastiCache
B. Amazon CloudFront
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Elastic Block Store (Amazon EBS)

Answer 32

Answer: C

Question 33

Under the AWS shared responsibility model, which of the following is a customer responsibility?
A. Installing security patches for the Xen and KVMhypervisors
B. Installing operating system patches for Amazon DynamoDB
C. Installing operating system security patches for Amazon EC2 database
D. instances Installing operating system security patches for Amazon RDS database instances

Answer 33

Answer: C

Question 34

What is a characteristic of Amazon S3 cross-region replication?
A. Both source and destination S3 buckets must have versioning disabled
B. The source and destination S3 buckets cannot be in different AWS Regions
C. S3 buckets configured for cross-region replication canbe owned by a single AWS account or by different
accounts
D. The source S3 bucket owner must have the source and destination AWS Regions disabled for their
account

Answer 34

Answer: C

Question 35

A Cloud Practitioner must determine if any security groups in an AW account have been provisioned to
allow unrestricted access for specific ports
What is the SIMPLEST way to do this?
A. Review the inbound rules for each security group in the Amazon EC2 management console to check for
port 0.0.0.0/0.
B. Run AWS Trusted Advisor and review the findings
C. Open the AWS IAM console and check the inbound rule filters for open access
D. In AWS Config, create a custom rule that invokes an AWS Lambdafunction to review firewall rules for
inbound access

Answer 35

Answer: B

Question 36

Which AWS services provide a user with connectivity between the AWS Cloud and onpremises resources?
(Select TWO)
A. AWS VPN
B. Amazon Connect
C. Amazon Cognito
D. AWS Direct Connect
E. AWS Managed Services

Answer 36

Answer: A D

Question 37

Under the shared responsibility model, which of thefollowing tasks are the responsibility of the customer?
(Choose two.)
A. Maintaining the underlying Amazon EC2 hardware.
B. Managing the VPC network access control lists.
C. Encrypting data in transit and at rest.
D. Replacing failed hard disk drives.
E. Deploying hardware in different Availability Zones

Answer 37

Answer: B C
Explanation:
The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is
something a customer has to do himself to secure the applications. Encrypting data in transit and at rest is a
shared responsibility in which AWS plays a part. All hardware related jobs have nothing to do with the
customer.
Reference: https://dzone.com/articles/aws-shared-responsibility-model-cloud-security

Question 38

Which of the following allows an application running on an Amazon EC2 instance to securely write data to
an Amazon S3 bucketwithout using long term credentials?
A. Amazon Cognito
B. AWS Shield
C. AWS IAM role
D. AWS IAM user access key

Answer 38

Answer: C

Question 39

Which service is an AWS-managed Hadoop framework that makes it easy, fast, and cost effective to process large amounts of data across dynamically scalable Amazon EC2 instances?
A. Amazon EMR
B. Amazon EC2
C. AWS Elastic Beanstalk
D. Amazon Redshift

Answer 39

Answer: A

Question 40

Acompany is planning to launch an ecommerce site in a single AWS Region to a worldwide user base
Which AWS services will allow the company to reach users and provide low latency and high transfer
speeds? (Select TWO)
A. Application Load Balancer
B. AWS Global Accelerator
C. AWS Direct Connect
D. Amazon CloudFront
E. AWS Lambda

Answer 40

Answer: D E creo que en lugar de lambda deberia ser cloud front, revisar

Question 41

Which of thefollowing acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or
more instances?
A. Access keys
B. Virtual private gateways
C. Security groups
D. Access Control Lists (ACL)

Answer 41

Answer: C

Question 42

A company must store critical business data in Amazon S3 with a backup to another AWS Region
How can this be achieved?
A. Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally
B. Set upAmazon S3 cross-region replication to another AWS Region
C. Configure the AWS Backup service to back up the data to another AWS Region
D. Take Amazon S3 bucket snapshots and copy that data to another AWS Region

Answer 42

Answer: B

Question 43

When is itbeneficial for a company to use a Spot Instance?
A. When there is flexibility in when an application needs to run.
B. When there are mission-critical workloads.
C. When dedicated capacity is needed.
D. When an instance should not be stopped.

Answer 43

Answer: A
Explanation:
The key to understanding spot instances is to look at the way that cloud service providers such as Amazon
Web Services (AWS) operate. Cloud service providers invest in hardware resources and then release
those resources (often on a per-hour basis) to subscribers. One of the problems with this business model,
however, is that at any given time, there are likely to be compute resources that are not being utilized.
These resources represent hardware capacity that AWS has paid for but are sitting idle, and notmaking
AWS any money at the moment.
Rather than allowing these computing resources to go to waste, AWS offers them at a substantially
discounted rate, with the understanding that if someone needs those resources for running a normal EC2
instance, that instance will take priority over spot instances that are using the hardware resources at a
discounted rate. In fact, spot instances will be stopped if the resources are needed elsewhere.
Reference: https://awsinsider.net/articles/2017/09/25/aws-spot-instances-primer.aspx

Question 44

What does the Amazon S3 Intelligent-Tiering storage class offer?
A. Paymentflexibility by reserving storage capacity
B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon
EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure,durable, and lowest cost storage for data archival

Answer 44

Answer: C

Question 45

What is the total amount of storage offered by Amazon S3 A. 100 MB
B. 5 GB OC
C. 5 TB
D. Unlimited

Answer 45

Answer: C

Question 46

Which scenarios represent the concept of elasticity on AWS? (Choose two.)
A. Scaling the number of Amazon EC2 instances based on traffic.
B. Resizing Amazon RDS instances as business needs change.
C. Automatically directing traffic to less-utilized Amazon EC2 instances.
D. Using AWS compliance documents to accelerate the compliance process.
E. Having the ability to create and govern environments using code.

Answer 46

Answer: A B
Explanation:
Reference: https://wa.aws.amazon.com/wat.concept.elasticity.en.html

Question 47

A company is planning to launch a new steady-state workload on AWS that must be accessible 24 hours a
day, 7 days a week.
What is the MOST cost-effective Amazon EC2 pricing option?
A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Hosts

Answer 47

Answer: A Suena a que debería de ser Reserved Instances

Question 48

Which of the following automatically distributes application traffic across multiple targets, such as Amazon
EC2 instances or containers?
A. AWS Application Discovery Service
B. AWS Resource Groups
C. AWS Auto Scaling
D. Elastic LoadBalancing

Answer 48

Answer: D

Question 49

Where can users find a catalog of AWS-recognized providers of third-party security solutions?
A. AWS Service Catalog
B. AWS Marketplace
C. AWS Quick Start
D. AWS CodeDeploy

Answer 49

Answer: B

Question 50

A company must ensure that its endpoint for a database instance remains the same after a
single Availability Zone service interruption The application needs to resume database operations without
the need for manual administrative intervention How can these requirements be met?
A. Use multiple Amazon Route 53 routes to thestandby database instance endpoint hosted on AWS
Storage Gateway
B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby
C. Add multiple Application Load Balancers and deploy the database instance with AWS ElasticBeanstalk.
D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront
origins

Answer 50

Answer: B

Question 51

Which AWS service handles the deployment details of capacity provisioning, load balancing, Auto Scaling,
and application health monitoring?
A. AWS Config
B. Amazon Route 53
C. Amazon CloudFront

Answer 51

Answer: B. Suena a que realmente es AWS config

Question 52

What should users do if they want to install an application ingeographically isolated locations?
A. Install the application using multiple internet gateways.
B. Deploy the application to an Amazon VPC.
C. Deploy the application to multiple AWS Regions
D. Configure the application using multiple NAT gateways

Answer 52

Answer: C

Question 53

What does the AWS Simple Monthly Calculator do?
A. Compares on-premises costs to colocation environments
B. Estimates monthly billing based on projected usage
C. Estimates power consumption at existing data centers
D. Estimates CPU utilization

Answer 53

Answer: B

Question 54

Which AWS service or feature provides an additional layer of protection for user name and password
authentication to the AWS Management Console?
A. Amazon Cloud Directory
B. AWS KMS AWS Multi-Factor
C. Authentication(AWS MEA)
D. Amazon Cognito

Answer 54

Answer: C

Question 55

A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot
connect to it. Who should the developercontact for this level of support?
A. AWS Support using a support case
B. AWS Professional Services
C. AWS Technical Account Manager AWS consulting partners

Answer 55

Answer: A

Question 56

A company has multiple AWS accounts within AWS Organizations and wants to apply the Amazon EC2
Reserved instances benefit to a single account only
Which action should be taken?
A. Purchase the Reserved Instances from master payer account and turn off Reserved Instance sharing.
B. Enable billing alerts in the AWS Billing and Cost Management console
C. Purchase the Reserved instances in individuallinked accounts and turn off Reserved Instance sharing
from the payer level
D. Enable Reserved Instance sharing in the AWS Billing and Cost Management console

Answer 56

Answer: C

Question 57

The pay-as-you-go pricing model for AWS services:
A. reduces capital expenditures.
B. requires payment up front for AWS services
C. is relevant only for Amazon EC2, Amazon S3, and Amazon RDS.
D. reduces operational expenditures.

Answer 57

Answer: D

Question 58

As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS?
A. Security management of data center
B. Patch management
C. Configuration management
D. User and access management

Answer 58

Answer: D
Explanation:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Question 59

Which of the following describes the relationships among AWS Regions, Availability Zones, and edge
locations? (Select TWO)
A. There are more AWS Regions than Availability Zones
B. There are more edge locations than AWS Regions
C. An edge location is an Availability Zone
D. There are more AWS Regions than edge locations
E. There are moreAvailability Zones than AWS Regions

Answer 59

Answer: B E

Question 60

A company is releasing a business-critical application Before the release the company needs strategic
planning assistance from AWS. During the release, it needs infrastructure event management and real-time
Support
How can these requirements be met?
A. Access AWS Trusted Advisor
B. Contact the AWS Partner Network (APN).
C. Sign up for AWS Enterprise Support
D. Contact AWS Professional Services

Answer 60

Answer: D

Question 61

Which of the following benefits doesthe AWS Compliance program provide to AWS customers? (Choose
two.)
A. It verifies that hosted workloads are automatically compliant with the controls of supported compliance
frameworks.
B. AWS is responsible for the maintenance of common compliance framework documentation.
C. It assures customers that AWS is maintaining physical security and data protection.
D. It ensures the use of compliance frameworks that are being used by other cloud providers.
E. It will adopt new compliance frameworks as they become relevant to customer workloads.

Answer 61

Answer: A B
Explanation:
Reference:
https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf

Question 62

Which AWS IAM feature is used to associate a set of permissions with multiple users?
A. Multi-factor authentication
B. Groups
C. Password policies
D. Access keys

Answer 62

Answer: B
Explanation:
An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of
users, which can make those permissions easier to manage for those users. For example, you could have a
group called Admins and give that group the types of permissions that administrators typically need.
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

Question 63

AWS CloudFormation is designed to help the user:
A. model and provision resources
B. update application code,
C. set up data lakes
D. create reports for billing

Answer 63

Answer: A

Question 64

Which of the following services provides on-demand access to AWS compliancereports?
A. AWS IAM
B. AWS Artifact
C. Amazon GuardDuty
D. AWS KMS

Answer 64

Answer: B
Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It
provides on-demand access to AWS’ security and compliance reports and select online agreements.
Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card
Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance
verticals that validate the implementation and operating effectiveness of AWS security controls.
Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the
Nondisclosure Agreement (NDA).
Reference: https://aws.amazon.com/artifact/

Question 65

which AWS toolsautomatically forecast future AWS costs?
A. AWS Support Center
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Simple Monthly Calculator
D. Cost Explorer

Answer 65

Answer: C

Question 66

Which Amazon S3storage class is optimized to provide access to data with lower resiliency requirements,
but rapid access when needed, such as duplicate backups?
A. Amazon S3 Standard
B. Amazon S3 Glacier Deep Archive
C. Amazon S3 One Zone Infrequent Access
D. Amazon S3 Glacier

Answer 66

Answer: A

Question 67

What are the benefits of using theAWS Cloud for companies with customers in many countries around the
world? (Select TWO.)
A. Companies can deploy applications in multiple AWS Regions to reduce latency.
B. Amazon Translate automatically translates third-party website interfaces into multiple languages
C. Amazon CloudFront has multiple edge locations around the world to reduce latency
D. Amazon Comprehend allows users to build applications that can respond to user requests in many
languages.
E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world,
which reduces latency

Answer 67

Answer: A C

Question 68

A company wants to expand its content delivery network infrastructure Which AWS service should be
used?
A. Amazon S3
B. Amazon CloudFront
C. AWS Global Accelerator
D. Amazon Route 53

Answer 68

Answer: B

Question 69

Which components are required to build a successful site-to-site VPN connection on AWS? (Select TWO.)
A. Internet gateway
B. NAT gateway
C. Customer gateway
D. Transit gateway
E. Virtualprivate gateway

Answer 69

Answer: C E

Question 70

A company needs an Amazon S3 bucket that cannot have any public objects due tocompliance
requirements How can this be accomplished?
A. Enable S3 Block Public Access from the AWS Management Console
B. Hold a team meeting to discuss the importance of only uploading private S3 objects
C. Require all S3 objects to be manually approved before uploading
D. Create a service to monitor all S3 uploads and remove any public uploads

Answer 70

Answer: A

71.

Question 71

Which AWS tool is used to compare the cost of running an application on-premises to running the
application in the AWS Cloud?
A. AWS Trusted Advisor
B. AWS Simple Monthly Calculator
C. AWS Total Cost of Ownership (TCO)Calculator
D. Cost Explorer

Answer 71

Answer: C

Question 72

Which service can be used to monitor and receive alerts for AWS account root user AWS Management
Console sign-in events?
A. AmazonCloudWatch
B. AWS Config
C. AWS Trusted Advisor
D. AWS IAM

Answer 72

Answer: A

Question 73

A user needs to launch a workload in multiple AWS environments Each copy of the workload must have the
same configuration
What is the MOST efficient way to accomplish this task?
A. Launch the resources using the AWS Management Console
B. Use AWS CloudFormation to launch a stack.
C. Execute a custom PowerShell script to launch the workloads.
D. Use AWS OpsWorks to provision the workloads

Answer 73

Answer: D

Question 74

Under the AWS shared responsibility model, AWS is responsible for what combination of the following?
(Select TWO)
A. Configuring network ACLS
B. Managing physical access to AWS data centers
C. Setting and maintaining Amazon S3 access permissions.
D. Updating Amazon EC2 security groups
E. Maintaining the hardware that constitutes the cloud

Answer 74

Answer: B E

Question 75

When comparing AWS Cloud with on-premises Total Cost of Ownership, which expenses must be
considered? (Choose two.)
A. Software development
B. Projectmanagement
C. Storage hardware
D. Physical servers
E. Antivirus software license

Answer 75

Answer: C D
Explanation:
Reference: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

Question 76

A company has a 500 TB image repository that needs to be transported to AWS for processing.
Which AWS service can import this data MOST cost-effectively?
A. AWS Snowball
B. AWS Direct Connect
C. AWS VPN
D. Amazon S3

Answer 76

Answer: A

Question 77

Which method helps to optimize costs for users moving to the AWS Cloud?
A. Paying only for what is used
B. Purchasing hardware before it is needed
C. Manually provisioning cloud resources
D. Purchasing for the maximum possible load

Answer 77

Answer: A

Question 78

A company wants to integrate conversational natural language chatbots into its existing application using
voice and text.
Which managed AWS service can be used for this use case?
A. Amazon Lex
B. Amazon Polly
C. AmazonTextract
D. Amazon Comprehend

Answer 78

Answer: C

Question 79

Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?
A. Amazon Connect
B. AWS Directory Service
C. Amazon Pinpoint
D. Amazon Rekognition

Answer 79

Answer: B
Explanation:
Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. It
cannot be used on computers that are not joined to the directory.
Reference: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_single_sign_on.html

Question 80

Which AWSservice provides on demand downloads of AWS security and compliance documentation?
A. AWS Directory Service
B. AWS Artifact
C. AWS Trusted Advisor
D. Amazon Inspector

Answer 80

Answer: B

Question 81

Which AWS service is used to provide encryption for Amazon EBS?
A. A AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config

Answer 81

Answer: C

Question 82

Which AWS service offers persistent storage for a file system?
A. Amazon S3
B. Amazon EC2 instance store
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon ElastiCache

Answer 82

Answer: C

Question 83

After migrating a workload to AWS, which associated costs must a user still manage?
364 of 65 Flag for Review
A. Staff to manage the hardware assets
B. Physical access control
C. Software licenses
D. Power and cooling

Answer 83

Answer: A

Question 84

Which AWS service makes it easy to create and manage AWS users and groups, and provide them with
secure access toAWS resources at no charge?
A. AWS Direct Connect
B. Amazon Connect
C. AWS Identity and Access Management (IAM)
D. AWS Firewall Manager

Answer 84

Answer: C

Question 85

Which AWS services can be used to move data from on-premises data centers to AWS? (Select TWO.)
A. AWS Snowball
B. AWS Lambda
C. Amazon ElastiCache
D. AWS Database Migration Service (AWS DMS)
E. Amazon API Gateway

Answer 85

Answer: A C esta mal elsticache sirve para acelear web pages con in memory db, deberia ser DMS

Question 86

What is the purpose of AWSStorage Gateway?
A. it ensures on-premises data storage is 99.999999999% durable.
B. It transports petabytes of data to and from AWS.
C. It connects to multiple Amazon EC2 instances.
D. it connects on-premises data storage to the AWS Cloud

Answer 86

Answer: D

Question 87

To use the AWS CLI, users are required to generate:
A. a password policy.
B. an access/secret key.
C. a managed policy.
D. an API key

Answer 87

Answer: B

Question 88

An application runs on multiple Amazon EC2 instances that access a shared file system simultaneously
Which AWS storage service should be used?
A. Amazon EBS
B. Amazon EFS
C. Amazon S3
D. AWS Artifact

Answer 88

Answer: B

Question 89

Which AWS service provides inbound and outbound network ACLs to harden external connectivity to
Amazon EC2?
A. AWS IAM
B. Amazon Connect
C. Amazon VPC
D. Amazon API Gateway

Answer 89

Answer: C

Question 90

Which AWS service or feature allows the user to manage cross-region application traffic?
A. Amazon AppStream 2.0
B. Amazon VPC
C. Elastic Load Balancer
D. AmazonRoute 53

Answer 90

Answer: B

Question 91

Which security service automatically recognizes and classifies sensitive data or intellectual property on
AWS?
A. Amazon GuardDuty
B. Amazon Macie
C. Amazon Inspector
D. AWSShield

Answer 91

Answer: C

Question 92

Which of the following are benefits of the AWS Cloud? (Choose two.)
A. Unlimited uptime
B. Elasticity
C. Agility
D. Colocation
E. Capital expenses

Answer 92

Answer: B C
Explanation:
The most celebrated benefit of AWS cloud is elasticity since you canexpand the services when you
experience more traffic.
Agile developments in AWS Cloud through strategies are day by day becoming more established within the
enterprises across the world. With so much improvement and call for optimization in the cloud, it is
necessary that these strategies get established from the ground up within the organizations. It is highly
important as already enterprises have a lot of bequest, politics and hierarchies which act as barriers in their
businesses.
Reference: https://www.botmetric.com/blog/evolution-agile-enterprises-aws-cloud/

Question 93

Which AWS service allows users to download security and compliance reports about the AWS
infrastructure on demand?
A. AmazonGuardDuty
B. AWS Security Hub
C. AWS Artifact
D. AWS Shield

Answer 93

Answer: B

Question 94

Which of the following are benefits of AWS Global Accelerator? (SelectTWO)
A. Reduced cost to run services on AWS
B. Improved availability of applications deployed on AWS
C. Higher durability of data stored on AWS
D. Decreased latency to reach applications deployed on AWS
E. Higher security of data stored on AWS

Answer 94

Answer: B D

Question 95

What is the MOST cost-effective instance type for an application with a steady, consistent workload that is
hosted on an Amazon EC2 instance, which needs to operate for at least one year?
A. Spot Instances
B. Reserved Instances
C. On-Demand Instances
D. Dedicated Host

Answer 95

Answer: B

Question 96

Which AWS tools or services can be used to list all AWS Lambda functions running in an account? (Select
TWO)
A. AWS CLI
B. AWS CloudFormation
C. AWS CloudTrail
D. Amazon Cloud Directory

Answer 96

Answer: A C

Question 97

A company has different AWS accounts for production and development resources
Which AWS service provides billing for all AWS accounts consolidated into a single payment method?
A. Amazon Connect
B. Cost Explorer
C. AWS Trusted Advisor
D. AWS Organizations

Answer 97

Answer: D
Explanation:
https://aws.amazon.com/answers/account-management/aws-multi-account-billing-strategy/

Question 98

What is the purpose of a policy in AWS Identity Access Management (IAM)?
A. To define the run schedule of an Amazon EC2 instance
B. To assign permissions to a role, group, or user
C. To manage ports within a VPN
D. To manage the access keys for an IAM user

Answer 98

Answer: B

Question 99

A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on
premises system
Which AWS service can fulfill this requirement?
A. AWS Direct Connect
B. AWSVPN
C. Amazon Connect
D. AWS Data Pipeline

Answer 99

Answer: C Esta mal debería ser Direct Connect