Amazon AWS Certified Cloud Practitioner CLF-C02 Exam Practice Questions

Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud? A. Elimination of expenses for running and maintaining data centers B. Price discounts that are identical to discounts from hardware providers C. Distribution of all operational controls to AWS D. Elimination of operational expenses

A. Elimination of expenses for running and maintaining data centers Moving on-premises workloads to the AWS Cloud can eliminate the need for users to invest in and maintain their own data centers, resulting in cost savings associated with infrastructure procurement, maintenance, power, cooling, and physical security. This is a significant advantage of cloud migration, as it allows organizations to focus more on their core business activities rather than managing infrastructure.

What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model? A. Managing the code within the Lambda function B. Confirming that the hardware is working in the data center C. Patching the operating system D. Shutting down Lambda functions when they are no longer in use

A. Managing the code within the Lambda function. This includes developing, testing, and deploying the code that runs within the Lambda function. AWS manages the underlying infrastructure, scaling, and availability of the Lambda service itself, while customers are responsible for the code and its behavior.

Which task is the responsibility of AWS when using AWS services? A. Management of IAM user permissions B. Creation of security group rules for outbound access C. Maintenance of physical and environmental controls D. Application of Amazon EC2 operating system patches

"C. Maintenance of physical and environmental controls" is the responsibility of AWS. This includes managing and securing the physical infrastructure, data centers, and ensuring environmental controls such as cooling and power supply.

What is the best resource for a user to find compliance-related information and reports about AWS? A. AWS Artifact B. AWS Marketplace C. Amazon Inspector D. AWS Support

A. AWS Artifact. AWS Artifact is a portal that provides on-demand access to AWS compliance reports and other documentation related to security and compliance. It offers a range of documents, such as Service Organization Control (SOC) reports, Payment Card Industry (PCI) compliance reports, and more. ======================================================= B. AWS Marketplace:AWS Marketplace is a digital catalog that allows customers to find, buy, and deploy software and services that run on AWS. It offers a wide selection of commercial and open-source software products, as well as software as a service (SaaS) solutions, that can be easily deployed on AWS infrastructure. C. Amazon Inspector:Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It automatically assesses the security vulnerabilities and compliance of EC2 instances and their applications, providing detailed findings and recommendations. D. AWS Support:AWS Support is a subscription service that provides technical support and guidance for AWS customers. It offers a range of support plans with varying levels of access to AWS experts, support resources, and tools to help customers troubleshoot issues, optimize their AWS infrastructure, and ensure their applications run smoothly.

Which service enables customers to audit API calls in their AWS accounts? A. AWS CloudTrail B. AWS Trusted Advisor C. Amazon Inspector D. AWS X-Ray

A. AWS CloudTrail. It provides a history of API calls made within an AWS account, including details such as the identity of the caller, the time of the call, the source IP address, and more. This information is crucial for security, compliance, and troubleshooting purposes. =============================================================== B. AWS Trusted Advisor is a service provided by AWS that offers best practices and recommendations for optimizing your AWS environment across various categories, including cost optimization, performance, security, fault tolerance, and service limits. It analyzes your AWS infrastructure and usage patterns to identify opportunities for cost savings, performance improvements, and security enhancements. It provides actionable recommendations and guidance to help you implement changes that can improve the efficiency, reliability, and security of your AWS resources. C. Amazon Inspector is an automated security assessment service provided by AWS that helps you improve the security and compliance of your applications deployed on AWS. It automatically assesses the security vulnerabilities and compliance deviations of your EC2 instances and applications, providing detailed findings and recommendations to help you remediate security risks and ensure compliance with security standards. It integrates with other AWS services and provides APIs for automated security assessments as part of your continuous integration and deployment pipelines. D. AWS X-Ray is a distributed tracing service provided by AWS that helps you analyze and debug distributed applications and microservices running on AWS. It provides insights into the performance and behavior of your applications by capturing and visualizing traces of requests as they travel through your application stack.

Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.) A. AWS Cost Explorer B. AWS Billing Conductor C. Amazon CodeGuru D. Amazon SageMaker E. AWS Compute Optimizer

A. AWS Cost Explorer E. AWS Compute Optimizer AWS Cost Explorer provides cost management tools that allow you to analyze your AWS spending, including identifying potential cost-saving opportunities such as rightsizing EC2 instances. AWS Compute Optimizer analyzes your EC2 usage patterns and recommends optimal instance types and sizes to help you reduce costs and improve performance based on your specific workload requirements. ========================================================== B. AWS Billing Conductor: As of my last update, there isn't an AWS service called "AWS Billing Conductor." It may be a hypothetical or upcoming service, but it's not something currently available on the AWS platform. C. Amazon CodeGuru: Amazon CodeGuru is a developer tool provided by Amazon Web Services that helps improve code quality and identify performance issues in Java and Python applications. It includes two components: CodeGuru Reviewer, which uses machine learning to detect coding issues and provide recommendations for improvement, and CodeGuru Profiler, which analyzes application runtime behavior to identify performance bottlenecks and inefficiencies. D. Amazon SageMaker: Amazon SageMaker is a fully managed service provided by Amazon Web Services for building, training, and deploying machine learning models at scale. It provides a set of tools for every step of the machine learning workflow, including data labeling, model training, tuning, and hosting. SageMaker abstracts away the underlying infrastructure complexity, allowing data scientists and developers to focus on building and deploying machine learning models quickly and easily.

Which AWS service or feature allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud? A. AWS Direct Connect B. VPC peering C. AWS VPN D. Amazon Route 53

A. AWS Direct Connect: This is a network service provided by AWS that establishes a dedicated network connection between your on-premises data center and AWS. It enables you to bypass the public internet and establish a private, high-bandwidth connection to AWS services, improving network performance, security, and reliability for your hybrid cloud deployments. =========================================================== B. VPC peering: Virtual Private Cloud (VPC) peering allows you to connect VPCs within the same AWS region and route traffic between them using private IP addresses as if they are on the same network. This enables you to create a virtual network topology that spans multiple VPCs, facilitating communication between resources in different VPCs while keeping the traffic within the AWS network. C. AWS VPN: AWS Virtual Private Network (VPN) is a service that allows you to establish encrypted connections between your on-premises network and your AWS infrastructure. It enables secure communication over the internet, extending your corporate network into the AWS cloud securely, allowing remote users or branch offices to access AWS resources as if they were on the same network. D. Amazon Route 53: This is a scalable and highly available Domain Name System (DNS) web service provided by AWS. It enables you to route traffic to various AWS services, including EC2 instances, S3 buckets, Elastic Load Balancers, and more, based on multiple routing algorithms and health checks. Route 53 also provides domain registration services and DNS health monitoring.

Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.) A. Configure the AWS provided security group firewall. B. Classify company assets in the AWS Cloud. C. Determine which Availability Zones to use for Amazon S3 buckets. D. Patch or upgrade Amazon DynamoDB. E. Select Amazon EC2 instances to run AWS Lambda on.

A. Configure the AWS provided security group firewall. - This task falls under the responsibility of the customer. They are responsible for configuring security groups to control inbound and outbound traffic for their AWS resources. B. Classify company assets in the AWS Cloud. - This task is also a customer responsibility. Customers are responsible for properly classifying their data and assets stored in the AWS Cloud according to their own data classification policies and regulatory requirements.

A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.Which combination of AWS services should the company use to meet these requirements? (Choose two.) A. AWS Glue B. Amazon Elastic File System (Amazon EFS) C. Amazon Redshift D. Amazon QuickSight E. Amazon Quantum Ledger Database (Amazon QLDB)

A. AWS Glue: is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load data for analytics. It can discover the structure of your data, transform it into a format suitable for analysis, and make it available for querying. D. Amazon QuickSight: is a business analytics service that provides fast, cloud-powered insights into your data. It allows users to easily create and publish interactive dashboards that can be accessed from any device. QuickSight can directly connect to various data sources, including AWS Glue, to visualize data and gain insights. ========================================================== B. Amazon Elastic File System (Amazon EFS): is a scalable, fully managed file storage service provided by Amazon Web Services. It provides a simple, scalable, and highly available file system that you can mount to multiple EC2 instances simultaneously. Amazon EFS is suitable for a wide range of use cases, including web serving, content management, and data sharing. C. Amazon Redshift: is a fully managed, petabyte-scale data warehouse service provided by Amazon Web Services. It allows you to analyze large datasets using standard SQL queries and BI tools. Amazon Redshift is optimized for high-performance analysis of structured data and offers features such as automatic backups, data compression, and concurrency scaling to support analytics workloads. E. Amazon Quantum Ledger Database (Amazon QLDB): is a fully managed ledger database service provided by Amazon Web Services. It provides a transparent, immutable, and cryptographically verifiable transaction log that you can use to track changes to your application data over time. Amazon QLDB is suitable for applications that require a secure and reliable way to maintain a complete and tamper-proof history of data changes.

A company wants to manage its AWS Cloud resources through a web interface.Which AWS service will meet this requirement? A. AWS Management Console B. AWS CLI C. AWS SDK D. AWS Cloud9

A. AWS Management Console The AWS Management Console is a web-based interface provided by AWS that allows users to manage and interact with various AWS services and resources. It provides a graphical user interface (GUI) for performing tasks such as provisioning and configuring resources, monitoring service health and performance, and managing security settings. Therefore, the AWS Management Console is the appropriate choice for managing AWS Cloud resources through a web interface. ====================================================== B. AWS Command Line Interface (CLI): It's a unified tool that provides a command-line interface for managing AWS services. With the AWS CLI, you can control multiple AWS services directly from the command line and automate them through scripts. C. AWS Software Development Kit (SDK): It's a collection of tools and libraries that allow developers to create applications that interact with AWS services using programming languages like Java, Python, JavaScript, etc. The SDK provides APIs and utilities to make it easier to integrate AWS services into your applications. D. AWS Cloud9: It's a cloud-based integrated development environment (IDE) that allows you to write, run, and debug code from your browser. It provides a collaborative environment for teams to work on software development projects, with features like code collaboration, integrated debugging, and built-in support for various programming languages and frameworks.

A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.Which AWS service or tool can the company use to meet these requirements? A. AWS Pricing Calculator B. Amazon CloudWatch C. AWS Cost Explorer D. AWS Budgets

A. AWS Pricing Calculator This tool allows users to estimate their monthly AWS bill using various AWS services. It enables you to customize your usage based on factors like regions, instance types, storage, data transfer, and other resources. This can help the company plan and forecast their costs accurately before migrating to AWS. ============================================================= B. Amazon CloudWatch: Amazon CloudWatch is a monitoring and observability service that provides real-time insights into your AWS resources and applications. It collects and tracks metrics, monitors logs and events, sets alarms, and automatically reacts to changes in your AWS environment to help you troubleshoot issues and optimize performance. C. AWS Cost Explorer: AWS Cost Explorer is a built-in tool within the AWS Management Console that provides comprehensive visibility into your AWS spending. It allows you to visualize, understand, and manage your AWS costs and usage over time, with features like cost breakdowns, forecasting, and filtering. D. AWS Budgets: AWS Budgets is a service that allows you to set custom cost and usage budgets for your AWS resources. It provides alerts and notifications when your actual spending or usage exceeds or is forecasted to exceed your budgeted amounts, helping you to monitor and control your AWS costs.

Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format? A. AWS Security Hub B. AWS Trusted Advisor C. Amazon EventBridge D. Amazon GuardDuty

A. AWS Security Hub: is a service provided by AWS that provides a comprehensive view of the security state of an AWS environment. It aggregates, organizes, and prioritizes security findings from various AWS services, partner solutions, and third-party tools. Security Hub also helps users automate security checks, prioritize findings, and streamline remediation efforts to improve the security posture of AWS accounts. ============================================== B. AWS Trusted Advisor: is a service provided by AWS that offers recommendations to help users optimize their AWS infrastructure, improve security, reduce costs, and enhance performance. It examines AWS accounts and makes recommendations based on best practices in categories such as cost optimization, performance, security, fault tolerance, and service limits. C. Amazon EventBridge: is a serverless event bus service provided by AWS that simplifies the building of event-driven architectures. It enables users to connect different AWS services, SaaS applications, and custom applications through event-driven interactions. It allows users to route events from a variety of sources to one or more targets for processing, such as AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, and more. D. Amazon GuardDuty: is a threat detection service provided by AWS that continuously monitors AWS accounts and workloads for malicious activity and unauthorized behavior. It uses machine learning, anomaly detection, and integrated threat intelligence to identify threats such as compromised EC2 instances, unauthorized access, and malicious activity in AWS environments. It provides alerts and findings to help users respond to security incidents and improve the overall security posture of their AWS accounts.

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.Which cost is the company's direct responsibility? A. Cost of application software licenses B. Cost of the hardware infrastructure on AWS C. Cost of power for the AWS servers D. Cost of physical security for the AWS data center

A. Cost of application software licenses The company is responsible for acquiring and managing the licenses for the application software it uses, whether it's running on-premises or in the cloud. Option B, the cost of the hardware infrastructure on AWS, is covered by AWS as part of their services. Option C, the cost of power for the AWS servers, is also covered by AWS as part of the infrastructure. Option D, the cost of physical security for the AWS data center, is handled by AWS as well, as they manage the physical security of their data centers.

Which tool should a developer use to integrate AWS service features directly into an application? A. AWS Software Development Kit B. AWS CodeDeploy C. AWS Lambda D. AWS Batch

A. AWS Software Development Kit AWS SDKs are available for a variety of programming languages, allowing developers to interact with AWS services programmatically from within their applications. This enables seamless integration of AWS features, such as storage, compute, databases, and more, into the application's codebase. ========================================================== B. AWS CodeDeploy: AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and on-premises servers. It allows you to deploy applications with minimal downtime and ensures that deployments are consistent and repeatable. C. AWS Lambda: AWS Lambda is a serverless computing service that allows you to run code without provisioning or managing servers. You can upload your code and Lambda automatically scales and manages the compute resources needed to run it. It's commonly used for event-driven, scalable, and cost-effective application development. D. AWS Batch: AWS Batch is a fully managed batch processing service that enables you to run batch computing workloads on AWS. It dynamically provisions the optimal quantity and type of compute resources based on the volume and specific resource requirements of your batch jobs, optimizing performance and cost.

A company needs to block SQL injection attacks. Which AWS service or feature can meet this requirement? A. AWS WAF B. AWS Shield C. Network ACLs D. Security groups

A. AWS WAF (Web Application Firewall) AWS WAF helps protect web applications from common web exploits such as SQL injection attacks by allowing you to create rules that block or allow incoming traffic based on characteristics such as the request headers or the IP addresses that are the source of the web requests. This allows you to filter out potentially malicious requests before they reach your web applications. ======================================================== B. AWS Shield is a managed DDoS protection service provided by AWS. It helps protect web applications running on AWS against DDoS attacks by automatically detecting and mitigating malicious traffic, including volumetric, state-exhaustion, and application layer attacks. AWS Shield Standard is included at no extra cost for all AWS customers, while AWS Shield Advanced provides additional protection and support features for a fee. C. Network ACLs (Access Control Lists) are a security feature provided by Amazon VPC that act as a firewall for controlling traffic in and out of one or more subnets. Network ACLs allow you to define rules that explicitly allow or deny traffic based on IP addresses, protocols, and ports. They provide an additional layer of security at the subnet level, complementing the security groups which operate at the instance level. D. Security groups are another fundamental security feature provided by Amazon Virtual Private Cloud (VPC). They act as virtual firewalls for controlling inbound and outbound traffic to and from EC2 instances, allowing you to specify which traffic is allowed to reach your instances. Security groups operate at the instance level and enable you to define rules based on IP addresses, protocols, and ports. They are stateful, meaning they automatically allow return traffic for allowed outbound connections.

Which AWS service enables companies to deploy an application close to end users? A. Amazon CloudFront B. AWS Auto Scaling C. AWS AppSync D. Amazon Route 53

A. Amazon CloudFront. It is a content delivery network (CDN) service that helps deliver content, including web pages, videos, and other static or dynamic content, with low latency by caching it at edge locations near the end users. This reduces the latency experienced by users and improves the overall performance of the application. ============================================================ B. AWS Auto Scaling: AWS Auto Scaling is a service that automatically adjusts the number of compute resources for your applications based on demand. It helps maintain application availability and performance by dynamically scaling EC2 instances, ECS tasks, DynamoDB tables, and other AWS resources. C. AWS AppSync: AWS AppSync is a managed service that simplifies the development of scalable and secure GraphQL APIs. It allows you to securely connect and interact with data from multiple sources, such as DynamoDB, RDS, and Lambda, and automatically manages real-time data synchronization and offline capabilities for mobile and web applications. D. Amazon Route 53: Amazon Route 53 is a scalable Domain Name System (DNS) web service designed to route end users to internet applications by translating domain names into IP addresses. It also offers domain registration services and advanced DNS features such as health checks, failover routing, and traffic management.

A company is building an application that needs to deliver images and videos globally with minimal latency.Which approach can the company use to accomplish this in a cost effective manner? A. Deliver the content through Amazon CloudFront. B. Store the content on Amazon S3 and enable S3 cross-region replication. C. Implement a VPN across multiple AWS Regions. D. Deliver the content through AWS PrivateLink.

A. Deliver the content through Amazon CloudFront. Amazon CloudFront is a content delivery network (CDN) service that distributes content (such as images, videos, and web pages) to multiple edge locations worldwide. When users request content, CloudFront delivers it from the nearest edge location, reducing latency and improving the overall user experience. Additionally, CloudFront is highly scalable and integrates seamlessly with other AWS services like Amazon S3 for storing the content. This approach ensures fast and reliable content delivery while keeping costs low by minimizing data transfer fees and leveraging AWS's global infrastructure efficiently.

Which AWS service is a key-value database that provides sub-millisecond latency on a large scale? A. Amazon DynamoDB B. Amazon Aurora C. Amazon DocumentDB (with MongoDB compatibility) D. Amazon Neptune

A. Amazon DynamoDB Amazon DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). It offers fast and predictable performance with single-digit millisecond latency at any scale. It is a key-value and document database that can handle large amounts of data and high request volumes while providing low-latency access to data. Therefore, it meets the criteria of providing sub-millisecond latency on a large scale. ========================================================== B. Amazon Aurora: Aurora is a relational database engine provided by AWS that is compatible with MySQL and PostgreSQL. It's known for its high performance, reliability, and scalability. Aurora is designed to deliver up to five times the performance of standard MySQL databases and three times the performance of standard PostgreSQL databases. It's fully managed by AWS, meaning administrative tasks like patching, backups, and scaling are automated. C. Amazon DocumentDB (with MongoDB compatibility): DocumentDB is a fully managed NoSQL database service provided by AWS that is compatible with MongoDB. It's designed to store, query, and index JSON-like documents at scale. DocumentDB is highly available, durable, and scalable, making it suitable for applications that require high throughput and low latency for queries. D. Amazon Neptune: Neptune is a fully managed graph database service provided by AWS. It's optimized for storing and querying highly connected data, such as social networks, recommendation engines, and knowledge graphs. Neptune supports both property graph and RDF graph models, making it suitable for a wide range of graph database use cases.

Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets? A. Amazon Macie B. Amazon Detective C. Amazon GuardDuty D. AWS IAM Access Analyzer

A. Amazon Macie: is a security service provided by AWS that uses machine learning and pattern matching to automatically discover, classify, and protect sensitive data stored in Amazon S3. It helps users identify and remediate data security risks, such as accidental exposure of personally identifiable information (PII) or intellectual property (IP), by providing insights into data access patterns, anomaly detection, and compliance violations. ================================================ B. Amazon Detective: is a security service provided by AWS that helps users investigate and analyze security incidents and suspicious activities across their AWS resources. It automatically collects and analyzes log data from AWS services, such as VPC Flow Logs and CloudTrail logs, to create visualizations and insights into security events, trends, and relationships. Amazon Detective helps users identify the root causes of security issues and prioritize remediation efforts. C. Amazon GuardDuty: is a threat detection service provided by AWS that continuously monitors AWS accounts and workloads for malicious activity and unauthorized behavior. It uses machine learning, anomaly detection, and integrated threat intelligence to identify threats such as compromised EC2 instances, unauthorized access, and malicious activity in AWS environments. D. AWS IAM Access Analyzer: is a security service provided by Amazon Web Services AWS that helps users identify unintended resource access permissions in their AWS environments. It analyzes resource policies and IAM policies to detect any access permissions that could lead to data exposure or compliance violations. It provides actionable recommendations to help users ensure that only authorized users and applications have access to their AWS resources.

Which AWS service provides highly durable object storage? A. Amazon S3 B. Amazon Elastic File System (Amazon EFS) C. Amazon Elastic Block Store (Amazon EBS) D. Amazon FSx

A. Amazon S3 (Simple Storage Service). Amazon S3 is designed to store and retrieve any amount of data from anywhere on the web. It offers industry-leading durability by storing data redundantly across multiple facilities and servers within an AWS region, ensuring high availability and reliability of stored objects. ========================================================= B. Amazon Elastic File System (Amazon EFS): Amazon EFS is a scalable and fully managed file storage service that provides shared access to files across multiple Amazon EC2 instances. It allows you to create and configure file systems that can automatically scale in capacity and performance to accommodate growing workloads. C. Amazon Elastic Block Store (Amazon EBS): Amazon EBS is a block storage service that provides durable, high-performance storage volumes for use with Amazon EC2 instances. It allows you to create and attach persistent block storage volumes to your EC2 instances, providing reliable storage that persists independently from the life of the instance. D. Amazon FSx: Amazon FSx is a fully managed file storage service that provides file systems compatible with Windows File Server and Lustre for high-performance computing (HPC) workloads. It simplifies the deployment and management of file storage for applications that require shared file storage, such as Windows-based applications and HPC clusters.

Which AWS service or feature is used to send both text and email messages from distributed applications? A. Amazon Simple Notification Service (Amazon SNS) B. Amazon Simple Email Service (Amazon SES) C. Amazon CloudWatch alerts D. Amazon Simple Queue Service (Amazon SQS)

A. Amazon Simple Notification Service (Amazon SNS) Amazon SNS provides the capability to send messages to a variety of endpoints, including SMS text messages and emails, making it suitable for sending notifications to users across different communication channels. ========================================================== B. Amazon Simple Email Service (Amazon SES) is a scalable and cost-effective email sending service provided by Amazon Web Services (AWS). It enables businesses to send transactional, marketing, and notification emails reliably and securely. Amazon SES provides features such as dedicated IP addresses, email authentication, bounce and complaint handling, and email analytics to help businesses improve deliverability and engagement with their email communications. C. Amazon CloudWatch alerts allow you to set up and manage alarms on your AWS resources and applications. These alarms can be based on various metrics collected by Amazon CloudWatch, such as CPU utilization, storage space, or custom application metrics. When an alarm is triggered, CloudWatch can send notifications via email, SMS, or other channels, allowing you to respond to performance or operational issues in your AWS environment proactively. D. Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service provided by AWS. It enables you to decouple and scale microservices, distributed systems, and serverless applications by allowing them to communicate asynchronously through queues. Amazon SQS provides features such as message persistence, encryption, and delivery guarantees to ensure reliable and scalable message queuing. It allows you to build loosely coupled architectures and handle spikes in message traffic without losing messages or compromising performance.

Which of the following services can be used to block network traffic to an instance? (Choose two.) A. Security groups B. Amazon Virtual Private Cloud (Amazon VPC) flow logs C. Network ACLs D. Amazon CloudWatch E. AWS CloudTrail

A. Security groups C. Network ACLs Security groups are stateful firewalls that control inbound and outbound traffic at the instance level. You can configure security groups to allow or deny specific types of network traffic to and from your instances. Network ACLs (Access Control Lists) are stateless firewalls that control traffic at the subnet level. Network ACLs define rules to allow or deny traffic based on source and destination IP addresses, ports, and protocols. ============================================= B. Amazon VPC flow logs: are a feature of Amazon VPC that capture information about the IP traffic flowing in and out of network interfaces within a VPC. Flow logs provide detailed visibility into network traffic patterns, including the source and destination IP addresses, ports, protocols, and packet counts. D. Amazon CloudWatch: is a monitoring and observability service provided by AWS that collects and monitors metrics, logs, and events from AWS resources and applications. CloudWatch provides dashboards, alarms, and insights to help users monitor the performance, availability, and health of their AWS environments in real-time. It can be used for monitoring infrastructure, analyzing application logs, and troubleshooting performance issues. E. AWS CloudTrail: is a logging and auditing service provided by Amazon Web Services (AWS) that records API calls and events for AWS services within an AWS account. It provides a comprehensive history of API activity, including details such as the identity of the caller, the time of the API call, the request parameters, and the response elements. It helps users track changes, troubleshoot issues, and comply with security and compliance requirements by providing visibility into user and resource activity in AWS.

What does the concept of agility mean in AWS Cloud computing? (Choose two.) A. The speed at which AWS resources are implemented B. The speed at which AWS creates new AWS Regions C. The ability to experiment quickly D. The elimination of wasted capacity E. The low cost of entry into cloud computing

A. The speed at which AWS resources are implemented: Agility in AWS allows for the rapid provisioning and deployment of resources, enabling faster development and innovation cycles. C. The ability to experiment quickly: AWS provides a flexible environment where experimentation and testing can be conducted rapidly, allowing organizations to innovate and adapt to changing requirements efficiently.

What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) A. Volume discounts B. A minimal additional fee for use C. One bill for multiple accounts D. Installment payment options E. Custom cost and usage budget creation

A. Volume discounts: Consolidated billing allows all accounts under the consolidated billing family to be aggregated for volume discounts. This means that all the usage across the accounts contributes to reaching higher volume tiers, potentially resulting in lower costs due to discounted pricing. C. One bill for multiple accounts: Consolidated billing enables you to receive a single, combined bill for multiple AWS accounts. This simplifies the billing process, making it easier to track and manage costs across all accounts.

A company wants to receive a notification when a specific AWS cost threshold is reached.Which AWS services or tools can the company use to meet this requirement? (Choose two.) A. Amazon Simple Queue Service (Amazon SQS) B. AWS Budgets C. Cost Explorer D. Amazon CloudWatch E. AWS Cost and Usage Report

B. AWS Budgets D. Amazon CloudWatch AWS Budgets allows you to set custom cost and usage budgets that alert you when your usage or spending exceeds your budgeted amount. Amazon CloudWatch can be used to set up alarms based on metrics, such as AWS service usage or custom metrics, including AWS costs. By combining these two services, the company can effectively monitor and receive notifications when cost thresholds are reached. ========================================================= A. Amazon Simple Queue Service (Amazon SQS) is a fully managed message queuing service provided by AWS. It allows you to decouple and scale microservices, distributed systems, and serverless applications by enabling them to communicate asynchronously. SQS offers reliable and scalable message queuing with built-in features such as message persistence, encryption, and message delivery guarantees. C. Cost Explorer is a feature of the AWS Management Console that provides comprehensive insights into your AWS spending. It allows you to visualize and analyze your AWS usage and costs using customizable charts and graphs, enabling you to identify trends, anomalies, and cost optimization opportunities. Cost Explorer offers filters and grouping options to drill down into specific cost dimensions and view detailed cost and usage data. E. AWS Cost and Usage Report is a detailed data feed that provides granular information about your AWS usage and costs. It includes comprehensive data such as hourly usage and cost breakdowns by service, resource, and usage type, allowing you to analyze your AWS spending patterns, optimize resource utilization, and allocate costs accurately. The Cost and Usage Report can be customized and exported to Amazon S3 for further analysis and integration with third-party tools.

Which AWS service provides command line access to AWS tools and resources directly from a web browser? A. AWS CloudHSM B. AWS CloudShell C. Amazon WorkSpaces D. AWS Cloud Map

B. AWS CloudShell AWS CloudShell is a browser-based shell that provides access to AWS tools and resources directly from the AWS Management Console. It comes pre-configured with common command-line tools and programming languages, allowing you to interact with your AWS environment using familiar command-line interfaces (CLIs) such as AWS CLI, AWS SDKs, and other utilities. ========================================================== A. AWS CloudHSM: AWS CloudHSM (Hardware Security Module) is a cloud-based hardware security module (HSM) that enables you to generate and use encryption keys securely in the AWS cloud. CloudHSM provides dedicated cryptographic hardware for sensitive cryptographic operations, such as key generation, storage, and management, ensuring that your keys never leave the HSM boundary. It helps you meet compliance requirements and protect your data with strong encryption. C. Amazon WorkSpaces: Amazon WorkSpaces is a managed desktop-as-a-service (DaaS) solution provided by AWS. It allows you to provision cloud-based virtual desktops for your users, providing access to Windows or Linux desktop environments from any supported device. WorkSpaces handles tasks such as hardware provisioning, software installation, and security updates, making it easy to deploy and manage virtual desktops at scale. D. AWS Cloud Map: AWS Cloud Map is a managed service discovery service provided by AWS. It allows you to create and maintain a map of your application's cloud resources, such as microservices, containers, and instances, making it easy for your applications to discover and connect to each other. Cloud Map provides dynamic registration and resolution of service endpoints, ensuring that your applications can adapt to changes in your cloud environment automatically.

Which AWS service can identify when an Amazon EC2 instance was terminated? A. AWS Identity and Access Management (IAM) B. AWS CloudTrail C. AWS Compute Optimizer D. Amazon EventBridge

B. AWS CloudTrail: is a logging and auditing service provided by AWS that records API calls and events for AWS services within an AWS account. It provides a comprehensive history of API activity, including details such as the identity of the caller, the time of the API call, the request parameters, and the response elements. It helps users track changes, troubleshoot issues, and comply with security and compliance requirements by providing visibility into user and resource activity in AWS. =================================================== A. AWS Identity and Access Management (IAM): is a web service provided by AWS that enables users to securely control access to AWS resources. IAM allows users to create and manage IAM users, groups, roles, and policies to define and enforce permissions for accessing AWS services and resources. It provides fine-grained access control, MFA identity federation, and auditing capabilities to help users manage security and compliance in their AWS environments. C. AWS Compute Optimizer: is a service provided by AWS that analyzes the utilization of compute resources, such as EC2 instances and Auto Scaling groups, and provides recommendations to optimize performance and reduce costs. It uses ML algorithms to analyze historical usage data and identify opportunities for right-sizing instances, improving resource utilization, and selecting appropriate instance types based on workload characteristics. D. Amazon EventBridge: is a serverless event bus service provided by AWS that simplifies the building of event-driven architectures. It enables users to connect different AWS services, SaaS applications, and custom applications through event-driven interactions.

A developer wants to deploy an application quickly on AWS without manually creating the required resources.Which AWS service will meet these requirements? A. Amazon EC2 B. AWS Elastic Beanstalk C. AWS CodeBuild D. Amazon Personalize

B. AWS Elastic Beanstalk AWS Elastic Beanstalk is a Platform as a Service (PaaS) offering that enables developers to deploy and manage applications quickly and easily without worrying about the underlying infrastructure. With Elastic Beanstalk, developers can simply upload their application code, and Elastic Beanstalk automatically handles the deployment, provisioning, load balancing, scaling, and monitoring of the application. This allows developers to focus on writing code and building their applications without the need to manage the infrastructure manually. ============================================================ A. Amazon EC2 (Elastic Compute Cloud) is a web service offered by Amazon Web Services (AWS) that provides resizable compute capacity in the cloud. It allows users to quickly scale up or down their virtual server capacity to meet changing demand, paying only for the resources they use. EC2 instances can run a wide variety of operating systems and applications. C. AWS CodeBuild is a fully managed continuous integration service provided by AWS. It compiles source code, runs tests, and produces deployable software packages. CodeBuild scales automatically and provides preconfigured build environments for popular programming languages and build tools. D. Amazon Personalize is a machine learning service offered by AWS that enables developers to create individualized recommendations for their users. It uses machine learning algorithms to analyze user behavior and preferences, allowing businesses to deliver personalized experiences such as product recommendations, content suggestions, and targeted marketing campaigns.

Which AWS service helps deliver highly available applications with fast failover for multi-Region and Multi-AZ architectures? A. AWS WAF B. AWS Global Accelerator C. AWS Shield D. AWS Direct Connect

B. AWS Global Accelerator AWS Global Accelerator is a networking service that improves the availability and performance of your applications by directing traffic to the optimal AWS endpoint based on geographic location, health checks, and routing policies. It provides automatic failover across AWS Regions and Availability Zones (AZs), ensuring continuous availability and minimal downtime for your applications in the event of failures. Therefore, AWS Global Accelerator is the correct choice for delivering highly available applications with fast failover for multi-Region and Multi-AZ architectures. =========================================================== A. AWS WAF: is a web application firewall that helps protect web applications from common web exploits and security vulnerabilities. It allows you to control which traffic to allow or block to your web applications by defining customizable web security rules. C. AWS Shield: is a managed DDoS protection service that safeguards web applications running on AWS. It helps protect your applications against the most common and sophisticated DDoS attacks by monitoring traffic and automatically mitigating attacks. D. AWS Direct Connect: is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. It can be used to establish a private, high-bandwidth, and low-latency connection to AWS, bypassing the internet.

Which AWS service is always provided at no charge? A. Amazon S3 B. AWS Identity and Access Management (IAM) C. Elastic Load Balancers D. AWS WAF

B. AWS Identity and Access Management (IAM). IAM enables you to manage access to AWS services and resources securely. There is no additional cost for using IAM itself; you only pay for the AWS resources that you use within your account. ======================================== A. Amazon S3: Amazon Simple Storage Service (S3) is a scalable object storage service provided by Amazon Web Services (AWS). It allows users to store and retrieve any amount of data from anywhere on the web, making it suitable for a wide range of use cases such as data backup, archival, content distribution, and application data storage. S3 provides high availability, durability, security, and scalability, with features such as versioning, encryption, access control, and lifecycle management. C. Elastic Load Balancers: Elastic Load Balancing (ELB) is a service provided by Amazon Web Services that automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses, to ensure high availability and fault tolerance for applications. ELB helps distribute traffic evenly, handle sudden spikes in traffic, and automatically scale resources based on demand, improving the performance, reliability, and availability of applications hosted on AWS. D. AWS WAF: AWS Web Application Firewall (WAF) is a managed web application firewall service provided by Amazon Web Services that helps protect web applications from common web exploits and vulnerabilities. WAF allows users to define customizable security rules, such as IP blacklisting, rate limiting, and cross-site scripting (XSS) protection, to filter and monitor HTTP and HTTPS requests to their applications. It helps users protect their applications from attacks, manage traffic, and maintain compliance with security standards.

A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned.Which AWS service or feature can be used to estimate costs before deployment? A. AWS Free Tier B. AWS Pricing Calculator C. AWS Billing and Cost Management D. AWS Cost and Usage Report

B. AWS Pricing Calculator. The AWS Pricing Calculator allows users to estimate the cost of using AWS services before actually deploying them. It provides a detailed breakdown of pricing for various AWS services based on factors such as region, instance type, storage, data transfer, and more. This tool helps companies plan their budgets accurately and make informed decisions about their infrastructure requirements. ====================================================== A. AWS Free Tier: The AWS Free Tier is a program that allows new AWS customers to explore and try out various AWS services for free, up to certain usage limits, for the first 12 months after signing up for an AWS account. It includes a range of AWS services with limited usage amounts, enabling users to experiment with cloud computing without incurring costs. C. AWS Billing and Cost Management: AWS Billing and Cost Management is a set of tools and services provided by Amazon Web Services to help users monitor, manage, and optimize their AWS spending. It includes features such as cost allocation tags, budgeting tools, cost explorer, and detailed billing reports to give users visibility into their AWS usage and spending. D. AWS Cost and Usage Report: The AWS Cost and Usage Report is a detailed CSV file that provides comprehensive information about a user's AWS usage and associated costs. It includes data on usage of AWS services, resource utilization, pricing information, and more. Users can use this report to analyze their AWS spending, optimize costs, and track usage trends over time.

A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with AWS internal best practices.Which AWS service or resource will meet these requirements? A. AWS Support B. AWS Professional Services C. AWS Launch Wizard D. AWS Managed Services (AMS)

B. AWS Professional Services AWS Professional Services offers a global team of experts who specialize in helping customers design, architect, migrate, and optimize workloads on AWS. They provide guidance, best practices, and hands-on assistance throughout the migration process to ensure a fast and reliable transition to the AWS Cloud. This service is particularly well-suited for enterprises seeking expert assistance in adopting AWS services while adhering to industry best practices. ========================================================== A. AWS Support is a service provided by Amazon Web Services (AWS) to help customers with technical issues, account management, and general inquiries related to their use of AWS products and services. It offers various support plans with different levels of features and response times to meet the needs of different businesses. C. AWS Launch Wizard is a service that helps users deploy applications on AWS by providing a guided configuration process. It simplifies the setup of infrastructure and resources required for specific applications, such as databases or web servers, by offering predefined deployment options and best practices. D. AWS Managed Services (AMS) is a fully managed service that helps customers operate their AWS infrastructure efficiently and securely. It provides ongoing management, monitoring, and automation of infrastructure tasks, allowing businesses to focus on their core activities while AWS manages their cloud environment.

Which option is a physical location of the AWS global infrastructure? A. AWS DataSync B. AWS Region C. Amazon Connect D. AWS Organizations

B. AWS Region. AWS Regions are physical locations around the world where AWS clusters data centers. Each region is a separate geographic area, completely independent of the other regions, and is composed of multiple Availability Zones. ========================================================== A. AWS DataSync is a data transfer service provided by Amazon Web Services (AWS) that simplifies and accelerates moving large amounts of data between on-premises storage systems and AWS services. It can be used to transfer data to and from Amazon S3, Amazon EFS, and Amazon FSx for Windows File Server, enabling you to migrate data to the cloud, replicate data for disaster recovery, or transfer data for data processing and analytics. C. Amazon Connect is a cloud-based contact center service provided by AWS that enables businesses to set up and manage a contact center in the cloud. It provides tools for building personalized customer experiences, including self-service interactive voice response (IVR) systems, intelligent routing of calls to agents, and real-time analytics to monitor performance and customer satisfaction. D. AWS Organizations is a service provided by AWS that allows you to centrally manage and govern multiple AWS accounts within your organization. It provides features for creating and organizing accounts into hierarchical groupings, applying policies to control access and usage of AWS services, and automating account management tasks to simplify administration and ensure compliance with organizational standards.

A company wants to establish a schedule for rotating database user credentials.Which AWS service will support this requirement with the LEAST amount of operational overhead? A. AWS Systems Manager B. AWS Secrets Manager C. AWS License Manager D. AWS Managed Services

B. AWS Secrets Manager is specifically designed to help you rotate, manage, and retrieve secrets such as database credentials, API keys, and other sensitive information. It provides automated rotation of secrets, which can be scheduled to occur at regular intervals, reducing the operational overhead associated with manual credential rotation. With AWS Secrets Manager, you can easily configure rotation policies for database credentials and ensure that they are regularly updated without requiring significant manual intervention. ================================================== A. AWS Systems Manager is a management service that helps you automate operational tasks across your AWS resources. It provides a unified user interface and API to manage operational tasks across multiple AWS services and resources. It enables you to automate tasks such as patch management, instance configuration, resource inventory, and software inventory, as well as run commands across your fleet of instances. C. AWS License Manager is a service that helps you manage software licenses from vendors such as Microsoft, Oracle, IBM, and SAP in the AWS cloud. It enables you to track and enforce license usage to ensure compliance with vendor agreements and optimize license costs. D. AWS Managed Services is a managed service offered by AWS that helps you operate your AWS infrastructure and applications following AWS best practices and operational excellence principles. It provides a set of managed services and tools to automate common tasks such as provisioning, monitoring, patching, backup, and disaster recovery, allowing you to focus on building and innovating your applications while AWS manages the underlying infrastructure.

A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.Which AWS service will meet this requirement? A. AWS Resource Explorer B. AWS Service Catalog C. AWS Organizations D. AWS Systems Manager

B. AWS Service Catalog. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. It enables administrators to centrally manage commonly deployed IT services, achieve consistent governance, and meet compliance requirements. Additionally, it allows for the creation of portfolios of IT services, which can include infrastructure as code templates for consistent and repeatable deployments. =========================================================== A. AWS Resource Explorer: As of my last update, there isn't an AWS service called "AWS Resource Explorer." It may be a hypothetical or upcoming service, but it's not something currently available on the AWS platform. C. AWS Organizations: AWS Organizations is a service provided by Amazon Web Services that allows you to centrally manage and govern multiple AWS accounts. It helps you automate account creation, manage policies for access control and compliance, and simplify billing by consolidating multiple accounts into a single bill. AWS Organizations provides a hierarchical structure for organizing accounts into organizational units (OUs) and applying policies at different levels of the hierarchy. D. AWS Systems Manager: AWS Systems Manager is a management service provided by Amazon Web Services that helps you automate administrative tasks, manage and configure AWS resources, and maintain operational compliance. It provides a unified user interface for managing EC2 instances, on-premises servers, and other AWS resources, allowing you to perform tasks such as patch management, software inventory, and configuration management at scale.

A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time.Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number? A. VPC endpoints B. AWS Transit Gateway C. Amazon Route 53 D. AWS Secrets Manager

B. AWS Transit Gateway: is designed to simplify network connectivity for multiple VPCs and on-premises networks. It acts as a hub that enables you to connect your VPCs and on-premises networks to a single gateway. This simplifies management and reduces the number of connections required, making it ideal for scenarios where the number of VPCs is expected to increase over time. You can centrally manage connectivity, implement consistent security policies, and scale your network as your organization grows, making it the most suitable option for this hybrid cloud architecture scenario. ======================================================= A. VPC Endpoints: enable you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink, without requiring an internet gateway, NAT device, VPN connection, or direct peering connection. This allows you to access AWS services privately from your VPC without exposing your traffic to the public internet, enhancing security and reducing data transfer costs. C. Amazon Route 53 is a scalable DNS web service provided by AWS. It's designed to route end-user requests to internet applications by translating human-readable domain names into IP addresses. It offers features such as domain registration, DNS routing, health checking, and traffic management, making it suitable for managing DNS for both simple and complex applications. D. AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources without the upfront investment and ongoing maintenance costs of operating your infrastructure. You can use this to securely store, retrieve, and manage sensitive information such as database credentials, API keys, and other secrets.

How does AWS Cloud computing help businesses reduce costs? (Choose two.) A. AWS charges the same prices for services in every AWS Region. B. AWS enables capacity to be adjusted on demand. C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week. D. AWS does not charge for data sent from the AWS Cloud to the internet. E. AWS eliminates many of the costs of building and maintaining on-premises data centers.

B. AWS enables capacity to be adjusted on demand. E. AWS eliminates many of the costs of building and maintaining on-premises data centers. With AWS, businesses can scale their resources up or down based on demand, which helps optimize costs by only paying for what they use. Additionally, AWS removes the need for investing in and managing on-premises infrastructure, reducing costs associated with maintaining data centers.

A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.Which option will provide the user with the appropriate access? A. Amazon Inspector B. Access keys C. SSH public keys D. AWS Key Management Service (AWS KMS) keys

B. Access keys Access keys consist of an access key ID and a secret access key, which can be used to authenticate and authorize API requests made through the AWS CLI, SDKs, or other tools. These keys are associated with an IAM user and are commonly used for programmatic access. ========================================================== A. Amazon Inspector is an automated security assessment service provided by Amazon Web Services (AWS). It helps you improve the security and compliance of your applications deployed on AWS by automatically assessing vulnerabilities, deviations from best practices, and potential security issues. Amazon Inspector analyzes the behavior of your AWS resources and provides detailed findings and recommendations to help you remediate security risks and ensure compliance with security standards. C. SSH public keys are cryptographic keys used for secure authentication and communication over SSH (Secure Shell) connections. SSH public keys are associated with SSH user accounts and are used to verify the identity of users or hosts connecting to a system. When a user attempts to connect to a system using SSH, their SSH public key is compared to the public keys stored on the system to authenticate the user's identity. D. AWS Key Management Service (AWS KMS) keys are cryptographic keys used to encrypt and decrypt data stored in AWS services and applications. AWS KMS keys are managed and protected by AWS KMS, which provides features such as key rotation, access control, and auditing to ensure the security and integrity of your encryption keys. AWS KMS keys can be used to encrypt data stored in Amazon S3, Amazon EBS, Amazon RDS, and other AWS services, as well as to encrypt data in transit using AWS services such as AWS Key Management Service (AWS KMS) keys.

A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections.Which AWS services can the company use to meet these requirements? (Choose two.) A. Amazon Connect B. Amazon AppStream 2.0 C. Amazon WorkSpaces D. AWS Site-to-Site VPN E. Amazon Elastic Container Service (Amazon ECS)

B. Amazon AppStream 2.0 - This service allows you to stream desktop applications securely to any device running a web browser, enabling access to Windows applications from various devices. C. Amazon WorkSpaces - This service provides managed desktop-as-a-service (DaaS) solutions, allowing you to provision and manage Windows-based desktops for remote employees securely. ============================================================ A. Amazon Connect: Amazon Connect is a cloud-based contact center service provided by AWS. It allows businesses to set up a fully functional contact center in the cloud within minutes. Amazon Connect is highly scalable and provides features such as intelligent routing, real-time analytics, and integration with other AWS services. D. AWS Site-to-Site VPN: Site-to-Site VPN is a networking service provided by AWS that allows you to establish secure connections between your on-premises network and your AWS infrastructure. It enables you to extend your on-premises network to the cloud securely, allowing resources in AWS to communicate with resources in your on-premises data center over encrypted connections. E. Amazon Elastic Container Service (Amazon ECS): ECS is a fully managed container orchestration service provided by AWS. It allows you to run, stop, and manage Docker containers on a cluster of virtual machines provided by AWS. ECS simplifies the process of deploying, managing, and scaling containerized applications by abstracting away the underlying infrastructure complexity.

A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.Which AWS service should the company use to run these queries in the MOST cost-effective manner? A. Amazon Redshift B. Amazon Athena C. Amazon Kinesis D. Amazon RDS

B. Amazon Athena. Amazon Athena allows you to run ad-hoc SQL queries directly against data stored in Amazon S3 without the need for any infrastructure management. You only pay for the queries you run, making it a cost-effective solution, especially for occasional analysis tasks. With Athena, there are no upfront costs and no need to manage servers or data warehouses. ============================================================ A. Amazon Redshift is a fully managed data warehousing service provided by Amazon Web Services (AWS). It is designed for large-scale data warehousing and analytics, enabling businesses to analyze vast amounts of data using SQL queries. C. Amazon Kinesis is a platform provided by AWS for collecting, processing, and analyzing real-time streaming data. It offers various services like Kinesis Data Streams for real-time data ingestion, Kinesis Data Analytics for processing and analyzing streaming data with SQL, and Kinesis Data Firehose for loading streaming data into data lakes or analytics services. D. Amazon RDS (Relational Database Service) is a managed relational database service offered by AWS. It supports several database engines such as MySQL, PostgreSQL, MariaDB, Oracle, and Microsoft SQL Server, making it easier to set up, operate, and scale databases in the cloud.

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices. Which AWS service can the company use to meet these requirements? A. AWS Trusted Advisor B. Amazon Inspector C. AWS Config D. Amazon GuardDuty

B. Amazon Inspector Amazon Inspector is the AWS service designed specifically to assess the security and compliance of applications deployed on Amazon EC2 instances. It helps identify vulnerabilities and deviations from best practices. It analyzes the network, file system, and process activities of your EC2 instances to identify potential security issues. Therefore, it's the most suitable option for the scenario described. =========================================================== A. AWS Trusted Advisor: is a service that provides real-time guidance to help you provision your resources following AWS best practices. It analyzes your AWS environment and provides recommendations in areas such as cost optimization, security, performance, and fault tolerance. Trusted Advisor checks can help you improve security by identifying security vulnerabilities, such as exposed access keys or security groups with overly permissive rules. C. AWS Config: is a service that provides a detailed inventory of your AWS resources and captures configuration changes over time. It continuously monitors resource configurations and relationships, allowing you to assess the impact of changes, troubleshoot configuration issues, and maintain compliance with organizational policies. AWS Config can help improve security by providing visibility into resource configurations and detecting unauthorized changes. D. Amazon GuardDuty: is a threat detection service that continuously monitors your AWS environment for malicious activity and unauthorized behavior. It analyzes logs from AWS CloudTrail, VPC Flow Logs, and DNS logs to detect threats such as compromised EC2 instances, unauthorized access attempts, and unusual network activity. GuardDuty helps improve security by providing real-time threat detection and automated response capabilities.

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario? A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility. B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user's workstation to the file gateway. C. Move each user's working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user. D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user's workstation to the file gateway. By using an AWS Storage Gateway file gateway, the company can extend its file storage capabilities while retaining the performance benefits of sharing content locally. The file gateway provides on-premises applications with file-based, cached access to virtually unlimited cloud storage. Users can continue to access files as if they were stored locally while the data is seamlessly transferred to and from Amazon S3. This solution eliminates the need for managing individual S3 buckets per user (option A) or deploying and managing additional infrastructure like EC2 instances (option D). Options C doesn't address the need for large file storage requirements directly.

Which task is the customer's responsibility, according to the AWS shared responsibility model? A. Maintain the security of the AWS Cloud. B. Configure firewalls and networks. C. Patch the operating system of Amazon RDS instances. D. Implement physical and environmental controls.

B. Configure firewalls and networks. The customer is responsible for configuring security groups, network access control lists (ACLs), and other network-related settings to control access to their AWS resources. This includes configuring firewalls to restrict inbound and outbound traffic and setting up network configurations to ensure secure communication between resources. AWS is responsible for providing the underlying infrastructure and ensuring the security "of" the cloud, while customers are responsible for configuring and managing their resources "in" the cloud, such as setting up network security measures.

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud.How can these reports be generated? A. Contact the AWS Compliance team. B. Download the reports from AWS Artifact. C. Open a case with AWS Support. D. Generate the reports with Amazon Macie.

B. Download the reports from AWS Artifact. AWS Artifact provides on-demand access to AWS' compliance documentation and agreements. You can access various reports and documents related to compliance, including certifications, audit reports, and other compliance-related materials, which can be helpful for understanding AWS's compliance posture and ensuring alignment with your organization's requirements.

Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.) A. EC2 Reserved Instances B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots D. AWS Shield E. Amazon GuardDuty

B. EC2 Amazon Machine Images (AMIs): AMIs are snapshots of EC2 instances that include the operating system, applications, and data. You can use AMIs to create backups of your EC2 instances, and in the event of a disaster, you can launch new instances from these AMIs to restore your applications and data. C. Amazon Elastic Block Store (Amazon EBS) snapshots: EBS snapshots are point-in-time backups of EBS volumes. You can create snapshots of your EBS volumes, which are stored in Amazon S3, to protect your data. In the event of a disaster, you can use these snapshots to restore your volumes and recover your data. ============================================================== A. EC2 Reserved Instances: are a purchasing option for Amazon Elastic Compute Cloud (EC2) instances, where you commit to a specific instance type in a particular region for a 1- or 3-year term in exchange for a significant discount compared to On-Demand pricing. They are suitable for predictable workloads with steady-state usage, offering substantial cost savings over On-Demand pricing. D. AWS Shield: is a managed DDoS)protection service provided by AWS. It helps protect web applications running on AWS against DDoS attacks by automatically detecting and mitigating large-scale attacks in real-time. It is available in two tiers: Standard, which provides protection against most common DDoS attacks, and Advanced, which provides additional protections and DDoS cost protection. E. Amazon GuardDuty: is a threat detection service provided by AWS that continuously monitors for malicious activity and unauthorized behavior in your AWS accounts and workloads. It analyzes data from AWS CloudTrail logs, VPC Flow Logs, and DNS logs to identify potential security threats, such as compromised instances, unauthorized access, and malicious IP addresses.

Which of the following are advantages of the AWS Cloud? (Choose two.) A. Trade variable expenses for capital expenses B. High economies of scale C. Launch globally in minutes D. Focus on managing hardware infrastructure E. Overprovision to ensure capacity

B. High economies of scale: AWS operates at a massive scale, which enables it to provide services at lower costs compared to traditional on-premises solutions. This results in cost savings for customers due to economies of scale. C. Launch globally in minutes: AWS provides a global infrastructure with data centers located in multiple regions around the world. This allows users to deploy their applications and services globally in minutes, enabling them to reach customers and end-users worldwide with low latency and high availability.

Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.) A. Availability B. Reliability C. Scalability D. Responsive design E. Operational excellence

B. Reliability E. Operational excellence ======================================== The AWS Well-Architected Framework is based on five pillars: -Operational Excellence: This pillar focuses on running and monitoring systems to deliver business value and continually improving processes and procedures. -Security: Security in the cloud is paramount. This pillar ensures that data, systems, and assets are protected and that security best practices are implemented at every level of the architecture. -Reliability: Systems should be able to recover from failures and automatically scale to meet demand. This pillar ensures that a system can recover from failures and continue to function as expected. -Performance Efficiency: This pillar focuses on using computing resources efficiently to meet system requirements and maintaining efficiency as demand changes and technologies evolve. -Cost Optimization: Cost optimization is about avoiding unnecessary costs and optimizing spending to meet business needs. This pillar ensures that resources are used efficiently and cost-effectively.

An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without any disruption.Which EC2 instance purchasing option will meet these requirements MOST cost-effectively? A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Spot Fleet

B. Reserved Instances Reserved Instances offer significant cost savings compared to On-Demand instances for a one-year commitment. They provide a billing discount in exchange for committing to a specific instance configuration and term length. Since the web traffic is consistent and predictable, the company can forecast its resource needs accurately and commit to Reserved Instances, thus optimizing costs while ensuring continuous availability of EC2 instances without disruption. ========================================================= A. On-Demand Instances: These are virtual servers that are provisioned and billed for on an hourly or per-second basis, with no long-term commitments or upfront payments. This purchasing option provides maximum flexibility but typically comes with higher costs compared to other purchasing options. C. Spot Instances: Spot Instances are a purchasing option in AWS that allows customers to bid on unused EC2 capacity, often resulting in significantly lower costs compared to On-Demand pricing. However, these instances can be terminated by AWS with short notice if the current Spot price exceeds the bid price or if capacity becomes constrained. D. Spot Fleet: Spot Fleet is a feature in AWS that allows you to provision and manage a collection of Spot Instances and optionally On-Demand Instances to meet a specified target capacity and maintain availability. Spot Fleet simplifies the process of managing Spot Instances by automatically requesting Spot capacity based on your defined parameters.

A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.Which S3 feature should the company use to meet these requirements? A. S3 Lifecycle rules B. S3 Versioning C. S3 bucket policies D. S3 server-side encryption

B. S3 Versioning S3 Versioning is a feature that allows you to keep multiple versions of an object in the same bucket. When versioning is enabled for a bucket, every object that is stored in the bucket will have multiple versions. This helps protect against accidental deletion or overwriting because even if an object is deleted or overwritten, previous versions of the object can still be retrieved.By enabling versioning, any overwrite or delete operation on an object will not permanently remove the object but will instead create a new version of it. This ensures that sensitive data can be recovered if necessary and provides an extra layer of protection against accidental data loss or modification. =========================================================== A. S3 Lifecycle rules allow you to automate the management of objects stored in Amazon S3 buckets. You can define actions to be taken on objects based on their age or other criteria. These actions can include transitioning objects to different storage classes, such as moving from standard storage to Glacier for archiving, or deleting objects after a certain period. C. S3 bucket policies are JSON-based access policies that define permissions for Amazon S3 buckets and the objects within them. Bucket policies allow you to control who can access your buckets and what actions they can perform on the objects within those buckets. You can define policies to grant access to specific AWS accounts, IAM users, or even make objects publicly accessible. D. S3 server-side encryption is a feature of Amazon S3 that automatically encrypts data stored in S3 buckets at rest. S3 encrypts each object using encryption keys managed by AWS Key Management Service (KMS) or using Amazon S3-managed keys. This helps protect sensitive data stored in S3 from unauthorized access.

A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.Which pillar of the AWS Well-Architected Framework is supported by these goals? A. Reliability B. Security C. Operational excellence D. Performance efficiency

B. Security The goals of protecting AWS Cloud information, systems, and assets, along with performing risk assessment and mitigation tasks, primarily align with the Security pillar of the AWS Well-Architected Framework. ============================================================== A. Reliability refers to the ability of a system to perform its intended functions consistently and predictably over time. In the context of cloud computing, reliability involves designing systems and architectures that minimize downtime, ensure high availability, and maintain data integrity. This includes implementing redundancy, fault tolerance, and disaster recovery mechanisms to mitigate the impact of failures and disruptions. C. Operational excellence refers to the ability to efficiently and effectively operate and manage systems and processes to deliver business value. It involves adopting best practices, automation, and continuous improvement to streamline operations, reduce costs, and increase productivity. In the context of cloud computing, operational excellence includes optimizing workflows, monitoring performance, and managing resources to achieve desired outcomes while minimizing risks and disruptions. D. Performance efficiency refers to the ability of a system to deliver optimal performance in terms of speed, throughput, and resource utilization while minimizing latency and maximizing scalability. In the context of cloud computing, performance efficiency involves optimizing resource allocation, designing scalable architectures, and leveraging caching and content delivery networks (CDNs) to deliver responsive and high-performance applications and services to users.

A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.Which pricing model enables the company to optimize costs and meet these requirements? A. Reserved Instances B. Spot Instances C. On-Demand Instances D. Dedicated Instances

B. Spot Instances Spot Instances allow you to bid for unused EC2 capacity, often at significantly lower prices than On-Demand instances. Since the simulations are stateless and fault-tolerant, they can be interrupted if the Spot price rises above the bid price. This enables you to take advantage of cost savings while meeting the workload requirements. =========================================================== Certainly! Here's an overview of each: A. Reserved Instances (RIs): Reserved Instances allow customers to reserve Amazon EC2 computing capacity for a specific period (typically 1 or 3 years) in exchange for a significant discount compared to On-Demand Instance pricing. RIs provide a way to reduce costs for predictable workloads with steady usage. C. On-Demand Instances: On-Demand Instances are virtual servers that are provisioned and billed for on an hourly or per-second basis, with no long-term commitments or upfront payments. This purchasing option provides maximum flexibility but typically comes with higher costs compared to Reserved Instances or Spot Instances. D. Dedicated Instances: Dedicated Instances are EC2 instances that run on physical servers dedicated to a single customer's use in the AWS cloud. This provides additional isolation and control over the underlying hardware compared to shared infrastructure. Dedicated Instances are suitable for workloads with strict compliance, security, or performance requirements.

A company is deploying a machine learning (ML) research project that will require a lot of compute power over several months. The ML processing jobs do not need to run at specific times.Which Amazon EC2 instance purchasing option will meet these requirements at the lowest cost? A. On-Demand Instances B. Spot Instances C. Reserved Instances D. Dedicated Instances

B. Spot Instances Spot Instances allow you to bid on unused EC2 capacity, often providing significant cost savings compared to On-Demand Instances. Since the ML processing jobs do not have specific time constraints, you can take advantage of Spot Instances when the spot price is below your bid price. However, keep in mind that Spot Instances can be interrupted if the spot price rises above your bid price, so it's important to architect your application to handle interruptions gracefully, such as by checkpointing progress or using Spot Fleet to diversify across multiple instance types and Availability Zones. ======================================================== A. **On-Demand Instances**: On-Demand Instances are virtual servers that you can rent from a cloud service provider, such as AWS, without any long-term commitment. You pay for the compute capacity by the hour or by the second, depending on the cloud provider's pricing model. On-Demand Instances are suitable for workloads with unpredictable usage patterns or short-term computing needs. C. **Reserved Instances**: Reserved Instances are a purchasing option offered by cloud service providers, such as AWS, that allow you to reserve compute capacity for a fixed term (typically one or three years) in exchange for a discounted hourly rate compared to On-Demand Instances. Reserved Instances are suitable for predictable workloads with steady-state usage, providing significant cost savings over On-Demand pricing. D. **Dedicated Instances**: Dedicated Instances are virtual servers that run on hardware that is dedicated to a single customer. This means that the underlying physical server is not shared with other AWS accounts. Dedicated Instances can provide additional isolation and compliance benefits for workloads that require dedicated hardware.

Elasticity in the AWS Cloud refers to which of the following? (Choose two.) A. How quickly an Amazon EC2 instance can be restarted B. The ability to rightsize resources as demand shifts C. The maximum amount of RAM an Amazon EC2 instance can use D. The pay-as-you-go billing model E. How easily resources can be procured when they are needed

B. The ability to rightsize resources as demand shifts: Elasticity allows you to automatically scale your resources up or down in response to changing demand, ensuring that you have the right amount of resources available at all times. E. How easily resources can be procured when they are needed: Elasticity also refers to the ease with which you can provision additional resources as needed, allowing you to quickly scale your infrastructure to meet changing requirements. Options A, C, and D are not directly related to the concept of elasticity: A. How quickly an Amazon EC2 instance can be restarted: This refers to the speed of restarting an EC2 instance, which is more related to resilience and availability rather than elasticity. C. The maximum amount of RAM an Amazon EC2 instance can use: This refers to the memory capacity of an EC2 instance type, which is a fixed attribute and not related to elasticity. D. The pay-as-you-go billing model: While the pay-as-you-go model is a characteristic of AWS, it's not specifically about elasticity, which is more about the ability to scale resources dynamically.

Which of the following are advantages of moving to the AWS Cloud? (Choose two.) A. The ability to turn over the responsibility for all security to AWS. B. The ability to use the pay-as-you-go model. C. The ability to have full control over the physical infrastructure. D. No longer having to guess what capacity will be required. E. No longer worrying about users access controls.

B. The ability to use the pay-as-you-go model: AWS offers a flexible pricing model where customers pay only for the resources they use, allowing for cost savings and scalability. D. No longer having to guess what capacity will be required: AWS provides scalability, allowing businesses to easily scale up or down based on demand, eliminating the need for upfront infrastructure investments and the guesswork of capacity planning. ============================================== Option A is incorrect because while AWS provides robust security measures, security is a shared responsibility between AWS and the customer. Option C is incorrect because while AWS provides access to a wide range of cloud services, customers do not have control over the physical infrastructure. Option E is incorrect because customers are responsible for implementing and managing access controls for their own resources on AWS.

What is the purpose of having an internet gateway within a VPC? A. To create a VPN connection to the VPC B. To allow communication between the VPC and the internet C. To impose bandwidth constraints on internet traffic D. To load balance traffic from the internet across Amazon EC2 instances

B. To allow communication between the VPC and the internet Internet gateways serve as a crucial component for instances within the VPC to access the internet and for the internet to communicate with those instances. They do not create VPN connections (A), impose bandwidth constraints (C), or handle load balancing across EC2 instances (D).

Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation? A. AWS CLI B. AWS Developer Center C. AWS Cloud Development Kit (AWS CDK) D. AWS CodeStar

C. AWS Cloud Development Kit (AWS CDK). The AWS Cloud Development Kit (CDK) is an open-source software development framework provided by Amazon Web Services for defining cloud infrastructure in code. It allows developers to define AWS resources using familiar programming languages such as TypeScript, Python, Java, and C#, enabling them to provision and manage infrastructure as code using software development best practices. ==========================================++ A. AWS CLI: The AWS Command Line Interface (CLI) is a unified tool provided by Amazon Web Services that enables users to interact with various AWS services directly from the command line. It provides commands for managing AWS resources, configuring AWS settings, and automating tasks across different AWS services. B. AWS Developer Center: The AWS Developer Center is a hub provided by Amazon Web Services for developers to access resources, tools, documentation, and support related to AWS development. It includes guides, tutorials, SDKs, and other resources to help developers build, deploy, and manage applications on AWS. D. AWS CodeStar: AWS CodeStar is a cloud-based service provided by Amazon Web Services for developing, building, and deploying applications on AWS. It provides project templates, code repositories, build pipelines, and deployment automation to streamline the development process and enable collaboration among team members. CodeStar supports various programming languages and development platforms, making it easier for teams to get started with AWS development projects.

Which AWS service or tool helps users visualize, understand, and manage spending and usage over time? A. AWS Organizations B. AWS Pricing Calculator C. AWS Cost Explorer D. AWS Service Catalog

C. AWS Cost Explorer. AWS Cost Explorer provides comprehensive cost management and analysis tools that allow users to visualize, understand, and manage their AWS spending and usage over time. It offers features such as cost and usage reports, budgeting tools, and forecasting capabilities, enabling users to track and optimize their AWS costs effectively. ============================================================ A. AWS Organizations: AWS Organizations is a service provided by Amazon Web Services that allows you to centrally manage and govern multiple AWS accounts. It helps you automate account creation, manage policies for access control and compliance, and simplify billing by consolidating multiple accounts into a single bill. AWS Organizations provides a hierarchical structure for organizing accounts into organizational units (OUs) and applying policies at different levels of the hierarchy. B. AWS Pricing Calculator: The AWS Pricing Calculator is a tool provided by Amazon Web Services that allows users to estimate their monthly AWS bill based on their usage and configuration preferences. It helps users to understand the cost implications of different AWS services and configurations before they deploy resources, enabling them to make informed decisions about resource provisioning and optimization. D. AWS Service Catalog: AWS Service Catalog is a service provided by Amazon Web Services that allows organizations to create and manage catalogs of approved IT services, including virtual machine images, servers, software, and databases. It enables administrators to define and enforce compliance, governance, and security policies while allowing users to quickly deploy approved resources via a self-service portal.

Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload? A. Amazon Route 53 B. Amazon Macie C. AWS Direct Connect D. AWS PrivateLink

C. AWS Direct Connect AWS Direct Connect establishes a private network connection between your on-premises data center or network and one of the AWS Direct Connect locations. This private connection can then be used to access AWS services and resources securely without traversing the public internet. It provides consistent network performance, reduced bandwidth costs, and enhanced security compared to internet-based connections. While AWS PrivateLink is also a valid option for creating private connections within the AWS Cloud, it doesn't directly facilitate connectivity between on-premises and AWS workloads. Therefore, in this scenario, AWS Direct Connect is the appropriate choice. ========================================================== A. Amazon Route 53: It's a scalable Domain Name System (DNS) web service designed to route end users to internet applications by translating domain names like www.example.com into IP addresses. B. Amazon Macie: It's a security service that uses machine learning to automatically discover, classify, and protect sensitive data stored in AWS. Macie helps identify and secure personal data and intellectual property. D. AWS PrivateLink: It's a service that enables you to privately access services hosted on AWS in a highly available and scalable manner, without using public IPs and without going over the internet. It's particularly useful for securely connecting services across different VPCs or with on-premises networks.

A company wants to establish a private network connection between AWS and its corporate network.Which AWS service or feature will meet this requirement? A. Amazon Connect B. Amazon Route 53 C. AWS Direct Connect D. VPC peering

C. AWS Direct Connect.

A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements? A. AWS Lambda B. Amazon RDS C. AWS Fargate D. Amazon Athena

C. AWS Fargate. AWS Fargate is a compute engine for Amazon ECS (Elastic Container Service) that allows you to run containers without having to manage the underlying infrastructure. It abstracts away the management of EC2 instances, thus handling tasks like cluster size, scheduling, and environment maintenance automatically. This can help simplify container management, making it an ideal solution for companies looking to offload the operational overhead associated with managing Docker environments on EC2 instances. ========================================================== A. AWS Lambda: AWS Lambda is a serverless compute service provided by Amazon Web Services. It allows you to run code without provisioning or managing servers. With Lambda, you can upload your code and AWS Lambda takes care of automatically scaling and managing the underlying infrastructure to run your code in response to events, such as changes to data in an Amazon S3 bucket or updates to an Amazon DynamoDB table. B. Amazon RDS: Amazon RDS (Relational Database Service) is a managed relational database service provided by Amazon Web Services. It allows you to set up, operate, and scale relational databases in the cloud. With Amazon RDS, you can choose from several popular database engines, such as MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server, and AWS handles routine database administration tasks such as backups, patching, and monitoring. D. Amazon Athena: Amazon Athena is an interactive query service provided by Amazon Web Services that allows you to analyze data stored in Amazon S3 using standard SQL. With Amazon Athena, you can run ad-hoc SQL queries on data in S3 without having to set up or manage any infrastructure. It is particularly useful for analyzing large datasets stored in S3 using a serverless and pay-per-query model.

Which AWS service or feature improves network performance by sending traffic through the AWS worldwide network infrastructure? A. Route table B. AWS Transit Gateway C. AWS Global Accelerator D. Amazon VPC

C. AWS Global Accelerator. AWS Global Accelerator utilizes the AWS global network infrastructure to optimize the path from your users to your applications, improving availability and performance. It intelligently routes traffic to the nearest endpoint location, reducing latency and providing better user experiences. ======================================================= A. Route Table: In the context of networking, a route table is a set of rules, called routes, that determine where network traffic should be directed. Each route specifies a destination network and the next hop for traffic destined for that network. Route tables are commonly used in virtual private clouds (VPCs) to control the routing of traffic between subnets and to external networks. B. AWS Transit Gateway: AWS Transit Gateway is a service that simplifies network connectivity between VPCs, on-premises networks, and remote networks. It acts as a hub that allows you to centrally manage and scale connectivity across multiple virtual private clouds (VPCs) and VPN connections. D. Amazon VPC (Virtual Private Cloud): Amazon VPC is a service that allows you to provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define. It gives you control over your virtual networking environment, including IP address ranges, subnets, routing tables, and network gateways.

Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity? A. AWS Service Catalog B. AWS Systems Manager C. AWS IAM Access Analyzer D. AWS Organizations

C. AWS IAM Access Analyzer IAM Access Analyzer can help you identify resources that are shared with an external entity. It continuously monitors resource policies for Amazon S3 buckets, IAM roles, KMS keys, Lambda functions, and SQS queues. It analyzes permissions granted using policies and generates findings to help you identify unintended access to your resources from external principals. ============================================================= Certainly! Here's an overview of each: A. AWS Service Catalog is a service provided by AWS that enables organizations to create and manage catalogs of approved IT services, such as virtual machine images, databases, and applications. It allows administrators to define and publish standardized templates and configurations for these services, which can then be easily provisioned by end-users through a self-service portal. It helps organizations enforce compliance, control costs, and improve governance over their IT resources. B. AWS Systems Manager is a management service provided by AWS that helps you automate and manage operational tasks across your AWS infrastructure. It provides a unified interface for managing tasks such as patch management, configuration management, resource inventory, and automation workflows. It helps you maintain the security, compliance, and performance of your infrastructure while reducing the overhead of manual administrative tasks. D. AWS Organizations is a service provided by AWS that enables you to centrally manage and govern multiple AWS accounts within your organization. It provides features for creating and organizing accounts into hierarchical groupings, applying policies to control access and usage of AWS services, and automating account management tasks to simplify administration and ensure compliance with organizational standards.

Which AWS service is used to provide encryption for Amazon EBS? A. AWS Certificate Manager B. AWS Systems Manager C. AWS KMS D. AWS Config

C. AWS Key Management Service (KMS) AWS KMS allows you to create and control encryption keys used to encrypt your data. When you enable encryption for Amazon EBS volumes, you can choose to use AWS-managed keys (default) or customer-managed keys (CMKs) stored in AWS KMS. This encryption helps protect your data at rest on the EBS volumes. You can manage and audit access to your encryption keys and configure additional security features such as key rotation and usage logging through AWS KMS. =========================================================== A. AWS Certificate Manager (ACM): It's a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources. B. AWS Systems Manager: It's a management service that helps you automatically collect software inventory, apply system patches, create system images, and configure operating systems. It simplifies resource and application management, shortening the time to detect and resolve operational issues. D. AWS Config: It's a service that provides you with detailed information about the configuration of your AWS resources. It continuously monitors and records configurations changes, allowing you to assess, audit, and evaluate the configurations of your AWS resources over time to ensure compliance with best practices and organizational policies.

Which AWS service can be used at no additional cost? A. Amazon SageMaker B. AWS Config C. AWS Organizations D. Amazon CloudWatch

C. AWS Organizations AWS Organizations is a service that enables you to centrally manage and govern multiple AWS accounts. There is no additional charge for using AWS Organizations; you only pay for the AWS resources that you use within your accounts. The other options (Amazon SageMaker, AWS Config, and Amazon CloudWatch) may incur costs based on usage, but AWS Organizations itself does not add any additional charges. ============================================================= A. Amazon SageMaker is a fully managed service provided by Amazon Web Services (AWS) that enables developers and data scientists to build, train, and deploy machine learning models at scale. It provides a complete set of tools for every step of the machine learning workflow, including data labeling, model training, tuning, and deployment, all within a unified environment. B. AWS Config is a service offered by AWS that enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records configuration changes to your AWS resources and provides a detailed view of the configuration history, allowing you to track resource changes, maintain compliance, and troubleshoot issues. D. Amazon CloudWatch is a monitoring and observability service offered by AWS that provides real-time monitoring of AWS resources and applications. It collects and tracks metrics, logs, and events from various AWS services and resources, allowing you to gain insights into the performance, health, and security of your applications and infrastructure. Additionally, CloudWatch offers alarms, dashboards, and automated actions to help you respond to operational events and optimize resource utilization.

Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-location environments, or on-premises facilities? A. AWS Snowmobile B. AWS Local Zones C. AWS Outposts D. AWS Fargate

C. AWS Outposts. AWS Outposts allow you to run AWS infrastructure and services on-premises for a truly hybrid experience. It extends the AWS infrastructure, services, APIs, and tools to your data centers or co-location spaces, enabling you to seamlessly integrate on-premises resources with AWS services. ======================================================== A. AWS Snowmobile: It's an exabyte-scale data transfer service used to transfer large amounts of data into and out of AWS using a secure shipping container that's transported by a semi-trailer truck. It's primarily used for moving extremely large datasets to the cloud in a secure and efficient manner. B. AWS Local Zones: Local Zones are an extension of AWS infrastructure that allows you to deploy applications requiring single-digit millisecond latency closer to end-users or specific locations. They provide a subset of AWS services and are typically located in metropolitan areas. D. AWS Fargate: AWS Fargate is a serverless compute engine for containers that allows you to run containers without managing the underlying infrastructure. With Fargate, you specify the resources you need, and AWS manages the scaling, infrastructure, and availability. It's part of the Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS) offerings.

A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.Which AWS service or resource should the company use to select its Amazon RDS deployment area? A. Amazon Connect B. AWS Wavelength C. AWS Regions D. AWS Direct Connect

C. AWS Regions. AWS Regions are separate geographic areas, each with multiple, isolated locations called Availability Zones. By selecting the appropriate AWS Region, the company can deploy their Amazon RDS (Relational Database Service) instances in infrastructure geographically close to their current location, ensuring low latency and compliance with data residency requirements. ==================================================== A. Amazon Connect: This is a cloud-based contact center service offered by Amazon Web Services (AWS). It enables businesses to set up and manage a customer contact center in the cloud without requiring significant upfront investment in infrastructure. Amazon Connect provides features for voice and chat interactions, as well as tools for managing contacts, agents, and analytics. B. AWS Wavelength: AWS Wavelength is a service that brings AWS compute and storage services to the edge of 5G networks. It allows developers to deploy applications that require ultra-low latency to mobile and connected devices by running them on infrastructure located at the edge of the 5G network. This enables use cases such as real-time gaming, augmented reality (AR), and video analytics. D. AWS Direct Connect: AWS Direct Connect is a service that allows users to establish a dedicated network connection between their on-premises data center or office and AWS. It enables users to bypass the public internet and establish a private, high-bandwidth, low-latency connection to AWS services, which can improve security, performance, and reliability for hybrid cloud deployments.

A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.Which AWS service or feature should the company use to meet these authentication requirements? A. Amazon API Gateway B. IAM users C. AWS Security Token Service (AWS STS) D. IAM instance profiles

C. AWS Security Token Service (AWS STS). AWS STS provides temporary security credentials for users or services to access AWS resources. These temporary credentials can be limited in scope and privilege and are often used in scenarios where applications need to authenticate with other AWS services without long-term access keys. ========================================================= A. Amazon API Gateway: Amazon API Gateway is a fully managed service provided by Amazon Web Services that enables developers to create, publish, maintain, monitor, and secure APIs (Application Programming Interfaces) at any scale. It allows users to expose backend services such as AWS Lambda functions or HTTP endpoints as APIs with features like authentication, authorization, throttling, caching, and monitoring. B. IAM users: IAM (Identity and Access Management) users are entities within AWS accounts that represent individual users or applications requiring access to AWS resources. IAM users have unique credentials (username and password or access keys) and can be assigned permissions using IAM policies to control their access to specific AWS services and resources. D. IAM instance profiles: IAM instance profiles, also known as EC2 instance profiles, are a feature of AWS Identity and Access Management (IAM) that allows EC2 instances to securely access other AWS services without requiring access keys to be stored on the instances themselves. An instance profile is associated with an IAM role, and when an EC2 instance is launched with a specific instance profile, it can automatically assume the associated IAM role and access AWS services according to the permissions granted to that role. This mechanism enhances security by reducing the exposure of access credentials and simplifies the management of access permissions for EC2 instances.

Which AWS service is a hybrid cloud storage service that provides on-premises users access to virtually unlimited cloud storage? A. AWS DataSync B. Amazon S3 Glacier C. AWS Storage Gateway D. Amazon Elastic Block Store (Amazon EBS)

C. AWS Storage Gateway AWS Storage Gateway is a hybrid cloud storage service that provides seamless integration between on-premises environments and AWS storage services. It enables on-premises applications to access cloud storage as if they were local storage resources. Storage Gateway supports different storage protocols, such as NFS, SMB, and iSCSI, allowing applications to use cloud storage without modification. This service provides options for file, volume, and tape gateway configurations, enabling customers to choose the most suitable setup for their hybrid cloud storage needs. ========================================================= A. AWS DataSync: AWS DataSync is a data transfer service that simplifies and accelerates moving large amounts of data between on-premises storage systems and AWS storage services like Amazon S3, Amazon EFS, and Amazon FSx. It automates data transfer tasks, handles encryption and compression, and optimizes network utilization to minimize transfer times. B. Amazon S3 Glacier: Amazon S3 Glacier is a low-cost storage service designed for long-term data archiving and backup. It offers durable and secure storage for data that is accessed infrequently and requires long-term retention. S3 Glacier provides three retrieval options: Expedited, Standard, and Bulk, with varying retrieval times and costs. D. Amazon Elastic Block Store (Amazon EBS): Amazon EBS is a block storage service that provides durable and high-performance storage volumes for use with Amazon EC2 instances. It allows you to create and attach persistent block storage volumes to your EC2 instances, providing reliable storage that persists independently from the life of the instance.

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model? A. Physical security of DynamoDB B. Patching of DynamoDB C. Access to DynamoDB tables D. Encryption of data at rest in DynamoDB

C. Access to DynamoDB tables Under the AWS Shared Responsibility Model, Amazon DynamoDB is a fully managed service. This means that AWS is responsible for the security of the cloud infrastructure that runs DynamoDB, including the physical security of the servers, patching the underlying infrastructure, and ensuring encryption of data at rest. However, customers are responsible for managing access to their DynamoDB tables. This includes setting up appropriate IAM policies, controlling who can access the tables, and managing permissions for users and applications.

To reduce costs, a company is planning to migrate a NoSQL database to AWS.Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands? A. Amazon Redshift B. Amazon Aurora C. Amazon DynamoDB D. Amazon RDS

C. Amazon DynamoDB. It is a fully managed NoSQL database service provided by AWS. DynamoDB can automatically scale throughput capacity to meet the demands of your database workload, allowing you to handle varying levels of traffic without manual intervention. This scalability feature helps in reducing costs by ensuring that you only pay for the resources you use. ============================================ A. Amazon Redshift: Amazon Redshift is a fully managed data warehousing service provided by Amazon Web Services (AWS). It allows users to analyze large datasets using SQL queries and provides high-performance querying capabilities, scalability, and reliability for data warehousing and analytics workloads. Redshift is designed to handle petabyte-scale datasets across multiple nodes and offers features such as columnar storage, compression, automatic backups, and integration with other AWS services. B. Amazon Aurora: Amazon Aurora is a fully managed relational database engine provided by Amazon Web Services (AWS). It is compatible with MySQL and PostgreSQL, offering the performance and availability of commercial databases with the cost-effectiveness and simplicity of open-source databases. Aurora provides features such as high availability, automatic scaling, fault tolerance, and replication, making it suitable for a wide range of relational database workloads. D. Amazon RDS: is a fully managed relational database service provided by AWS. It supports multiple database engines such as MySQL, PostgreSQL, MariaDB, Oracle, and Microsoft SQL Server, allowing users to easily set up, operate, and scale relational databases in the cloud. RDS handles routine database tasks such as provisioning, patching, backup, recovery, and scaling, enabling users to focus on building applications rather than managing infrastructure.

A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports. Which AWS service will meet this requirement? A. AWS Trusted Advisor B. Amazon CloudWatch C. Amazon GuardDuty D. AWS Health Dashboard

C. Amazon GuardDuty. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads. While it primarily focuses on threat detection, it can also help identify misconfigured security groups allowing unrestricted access to specific ports by analyzing network traffic and anomalies. Therefore, it would be the most suitable option for monitoring misconfigured security groups in this scenario. ========================= While AWS Trusted Advisor (option A) provides recommendations for optimizing security, cost, performance, and fault tolerance of AWS resources, it does not specifically focus on monitoring misconfigured security groups. Amazon GuardDuty (option C), on the other hand, is a threat detection service that continuously monitors for malicious activities and unauthorized behavior within your AWS environment, including detecting potential security group misconfigurations.

Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)? A. Amazon DynamoDB B. Amazon Athena C. Amazon RDS D. Amazon EMR

C. Amazon RDS (Relational Database Service). It offers managed database services, including PostgreSQL, for online transaction processing (OLTP) workloads. With Amazon RDS, you can easily set up, operate, and scale a PostgreSQL database in the cloud without worrying about the underlying infrastructure management tasks. ==================================================== A. Amazon DynamoDB: DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). It offers fast and predictable performance with seamless scalability. DynamoDB is designed to handle large amounts of traffic and can automatically scale tables up or down based on demand. B. Amazon Athena: Athena is an interactive query service provided by AWS that allows you to analyze data directly in Amazon Simple Storage Service (S3) using standard SQL. It's serverless, meaning there's no infrastructure to manage, and you only pay for the queries you run. Athena is particularly useful for ad-hoc querying of large datasets stored in S3. D. Amazon EMR (Elastic MapReduce): EMR is a cloud-based big data platform provided by AWS for processing large amounts of data using open-source tools such as Apache Spark, Apache Hadoop, Apache Hive, Apache HBase, and others. EMR simplifies the process of setting up, managing, and scaling clusters for big data processing tasks.

A company has a set of ecommerce applications. The applications need to be able to send messages to each other.Which AWS service meets this requirement? A. AWS Auto Scaling B. Elastic Load Balancing C. Amazon Simple Queue Service (Amazon SQS) D. Amazon Kinesis Data Streams

C. Amazon Simple Queue Service (Amazon SQS) Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. It allows applications to send messages to each other asynchronously, providing reliable message delivery and ensuring that messages are processed in a timely manner. With SQS, you can build highly scalable and fault-tolerant architectures where applications can communicate efficiently without directly interacting with each other. Therefore, Amazon SQS meets the requirement of enabling communication between the ecommerce applications in a scalable and reliable manner. ========================================================== AWS Auto Scaling: AWS Auto Scaling automatically adjusts the number of resources for your application based on demand. It helps maintain application availability and performance at a consistent level by dynamically scaling EC2 instances, ECS tasks, DynamoDB tables, and other AWS resources. B. Elastic Load Balancing (ELB): Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in multiple availability zones. It helps improve the availability and fault tolerance of your applications by distributing traffic and automatically scaling resources. D. Amazon Kinesis Data Streams: Amazon Kinesis Data Streams is a scalable and durable real-time data streaming service that allows you to ingest and process large streams of data in real time. It enables you to build custom applications for processing and analyzing streaming data, such as IoT device telemetry, application logs, and clickstreams.

Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective? A. Data architecture B. Event management C. Cloud fluency D. Strategic partnership

C. Cloud fluency Cloud fluency refers to the knowledge, skills, and expertise required to effectively utilize cloud computing technologies and services. It encompasses understanding the principles, architectures, and best practices associated with cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Cloud fluency involves proficiency in cloud service providers' offerings, deployment models, security, scalability, and cost management. ============================================================== A. Data architecture refers to the design, structure, and organization of data within an information system or across multiple systems. It involves defining how data is collected, stored, processed, and managed to meet the needs of an organization. Data architecture encompasses aspects such as data models, data integration, data storage, data governance, and data security. B. Event management involves the planning, coordination, and execution of events or activities to achieve specific objectives or outcomes. In the context of IT or business operations, event management often refers to the monitoring, detection, and response to events or incidents that occur within an organization's systems or processes. This includes activities such as event logging, alerting, escalation, and resolution to ensure the continuity and reliability of services. D. Strategic partnership refers to a collaborative relationship between two or more organizations aimed at achieving mutual goals or objectives.

Which of the following are benefits of using AWS Trusted Advisor? (Choose two.) A. Providing high-performance container orchestration B. Creating and rotating encryption keys C. Detecting underutilized resources to save costs D. Improving security by proactively monitoring the AWS environment E. Implementing enforced tagging across AWS resources

C. Detecting underutilized resources to save costs: AWS Trusted Advisor analyzes your AWS environment to identify resources that are not optimized or underutilized, helping you save costs by eliminating unnecessary expenses. D. Improving security by proactively monitoring the AWS environment: AWS Trusted Advisor monitors your AWS environment for security best practices, identifying potential security vulnerabilities or misconfigurations and providing recommendations to enhance security posture.

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? A. Sustainability B. Performance efficiency C. Governance D. Reliability

C. Governance The AWS Cloud Adoption Framework (AWS CAF) provides guidance for organizations to structure their cloud adoption journey. It includes several perspectives or areas of focus, one of which is governance. Governance encompasses establishing policies, roles, and responsibilities to ensure that cloud resources are used efficiently, securely, and in compliance with organizational requirements and standards. ========================================================== A. Sustainability: This term refers to the environmental impact of cloud computing. Cloud providers like AWS are increasingly investing in sustainable practices to minimize energy consumption, reduce carbon emissions, and promote renewable energy usage in their data centers. B. Performance efficiency: Performance efficiency in cloud computing refers to the ability of a system to provide adequate performance while optimizing resource utilization. It involves designing systems to scale efficiently, handle variable workloads, and minimize latency to deliver a high level of performance to users. D. Reliability: Reliability in cloud computing refers to the ability of a system to consistently perform its intended functions without failure or downtime. It involves designing systems with fault tolerance, redundancy, and automated recovery mechanisms to ensure high availability and minimize service disruptions for users.

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket? A. Hard code an IAM user's secret key and access key directly in the application, and upload the file. B. Store the IAM user's secret key and access key in a text file on the EC2 instance, read the keys, then upload the file. C. Have the EC2 instance assume a role to obtain the privileges to upload the file. D. Modify the S3 bucket policy so that any service can upload to it at any time.

C. Have the EC2 instance assume a role to obtain the privileges to upload the file. Using IAM roles is the recommended approach for granting permissions to AWS resources like EC2 instances to access other AWS services like S3 securely. By assigning an IAM role to the EC2 instance with the necessary permissions to access the S3 bucket, you can avoid hard coding access keys or storing them in files on the instance, which could lead to security vulnerabilities. This method follows the principle of least privilege and helps maintain better security posture.

A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes.Which AWS service or tool will meet this requirement? A. IAM Access Analyzer B. AWS Artifact C. IAM credential report D. AWS Audit Manager

C. IAM credential report The IAM credential report provides comprehensive information about the IAM users and their associated access keys, passwords, and various other credential-related details. This report can be regularly generated and analyzed to ensure compliance with password and access key rotation policies. =========================================================== A. IAM Access Analyzer is a tool provided by AWS Identity and Access Management (IAM) that helps you identify unintended access to your AWS resources. It continuously monitors your resource policies to detect any potential security risks, such as overly permissive access permissions, and provides recommendations for remediation. B. AWS Artifact is a service provided by AWS that provides on-demand access to AWS compliance reports and other documentation. It offers a centralized repository of audit and compliance-related documents, including SOC reports, PCI DSS reports, and AWS security and compliance whitepapers, which customers can use to demonstrate compliance with various regulatory requirements. D. AWS Audit Manager is a service provided by AWS that helps you automate and streamline the process of conducting audits of your AWS resources and compliance with regulatory standards. It provides pre-built frameworks for common regulatory standards, such as SOC 2 and PCI DSS, as well as customizable assessment templates, automated evidence collection, and built-in reporting tools to simplify the audit process and ensure compliance.

Which of the following is a recommended design principle of the AWS Well-Architected Framework? A. Reduce downtime by making infrastructure changes infrequently and in large increments. B. Invest the time to configure infrastructure manually. C. Learn to improve from operational failures. D. Use monolithic application design for centralization.

C. Learn to improve from operational failures. This principle emphasizes the importance of embracing failures as learning opportunities to continuously improve the architecture and operations of your AWS workload. It encourages practices such as post-incident reviews, root cause analysis, and implementing mechanisms for automation and resilience to prevent similar failures in the future.

Which option is a benefit of the economies of scale based on the advantages of cloud computing? A. The ability to trade variable expense for fixed expense B. Increased speed and agility C. Lower variable costs over fixed costs D. Increased operational costs across data centers

C. Lower variable costs over fixed costs Cloud computing allows businesses to benefit from economies of scale by lowering variable costs over fixed costs. Instead of investing heavily in on-premises infrastructure, which often requires significant upfront capital expenditure (fixed costs), businesses can leverage cloud services where they pay only for the resources they use (variable costs). This pay-as-you-go model allows companies to scale their infrastructure up or down as needed, avoiding over-provisioning and reducing the total cost of ownership.

A company is using Amazon DynamoDB. Which task is the company's responsibility, according to the AWS shared responsibility model? A. Patch the operating system. B. Provision hosts. C. Manage database access permissions. D. Secure the operating system.

C. Manage database access permissions.

Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances? A. Database backups B. Database software patches C. Operating system patches D. Operating system installations

C. Operating system patches. ================================= A. Database backups: While AWS provides tools and services for creating backups, the responsibility for configuring and managing backups usually falls on the customer. AWS offers services like Amazon RDS (Relational Database Service) or Amazon Aurora that provide managed database solutions with automated backups, but if the company opts for EC2 instances for database hosting, they typically manage backups themselves. B. Database software patches: This responsibility generally falls on the customer. AWS manages the underlying infrastructure, but the customer is typically responsible for managing the software stack, including database software patches. C. Operating system patches: AWS is responsible for managing the underlying infrastructure, including the virtualization layer and the physical security of the data centers. However, the customer is generally responsible for managing the operating system, including applying patches and updates. D. Operating system installations: The responsibility for installing and configuring the operating system typically falls on the customer. AWS provides the virtual machines (EC2 instances), but the customer decides which operating system to install and how to configure it. Therefore, when a company hosts its databases on Amazon EC2 instances, the responsibility that primarily belongs to AWS is the management of the underlying infrastructure, including the virtualization layer and physical security, which covers option: C. Operating system patches.

A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario? A. Update the guest operating system of the EC2 instances. B. Maintain high availability at the database layer. C. Patch the physical infrastructure that hosts the EC2 instances. D. Configure the security group firewall.

C. Patch the physical infrastructure that hosts the EC2 instances. AWS manages the physical infrastructure, including performing maintenance tasks such as patching the underlying hardware to ensure security and reliability. This allows the company to focus on managing their NoSQL database and application logic without worrying about the physical infrastructure's maintenance.

A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.Which pricing options meet these requirements with the LOWEST cost? (Choose two.) A. Spot Instances B. On-Demand Instances C. Reserved Instances D. Savings Plans E. Dedicated Hosts

C. Reserved Instances D. Savings Plans. -Reserved Instances (RI) allow you to make an upfront commitment to a specific instance type in a particular region for a one- or three-year term. In exchange for this commitment, you receive a significant discount compared to On-Demand instance pricing. -Savings Plans provide similar flexibility to Reserved Instances but with broader applicability across various instance types, regions, and services. They offer significant discounts in exchange for a commitment to a consistent amount of usage (measured in dollars per hour) over a one- or three-year term. Both Reserved Instances and Savings Plans offer substantial cost savings compared to On-Demand instances when there is a predictable workload and a willingness to make an upfront commitment. ========================================================= A. Spot Instances: These are a purchasing option offered by Amazon Web Services (AWS) where users can bid for unused EC2 (Elastic Compute Cloud) capacity. Spot Instances can significantly reduce costs compared to On-Demand pricing but can be terminated by AWS with little notice if the current spot price exceeds the bid. B. On-Demand Instances: These are virtual servers that are available for immediate use and can be purchased on a pay-as-you-go basis. Users pay for the compute capacity by the hour or second depending on the instance type without any upfront commitment. E. Dedicated Hosts: These are physical servers with EC2 instance capacity that are dedicated to a single user. With Dedicated Hosts, users have more control over the placement of their instances and can ensure compliance requirements are met. They can also bring their existing server-bound software licenses to reduce costs.

A company has a test AWS environment. A company is planning on testing an application within AWS. The application testing can be interrupted and does not need to run continuously. Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively? A. On-Demand Instances B. Dedicated Instances C. Spot Instances D. Reserved Instances

C. Spot Instances Given that the application testing can be interrupted and doesn't require continuous running, the most cost-effective option would be to use Spot Instances. Spot Instances allow you to bid on spare Amazon EC2 computing capacity, often at significantly lower prices than On-Demand instances. However, it's important to note that Spot Instances can be interrupted by AWS if the current spot price exceeds your bid price, so they might not be suitable for applications that require uninterrupted operation. =================================================== A. On-Demand Instances: On-Demand Instances are virtual servers that are available for immediate use and can be purchased on a pay-as-you-go basis. Users pay for the compute capacity by the hour or second depending on the instance type without any upfront commitment. On-Demand Instances provide flexibility and scalability as users can launch instances whenever needed and terminate them when no longer required. B. Dedicated Instances: Dedicated Instances are EC2 instances that run on hardware dedicated to a single AWS account. They provide additional isolation for compliance and regulatory requirements by ensuring that the underlying physical hardware is not shared with instances from other AWS accounts. Dedicated Instances can be purchased on an On-Demand or Reserved basis. D. Reserved Instances: Reserved Instances are a purchasing option provided by AWS where users can reserve EC2 capacity for a specified period, typically one to three years, in exchange for a significant discount compared to On-Demand pricing. Reserved Instances require an upfront payment or a lower hourly rate in exchange for the commitment. Reserved Instances are suitable for predictable workloads with steady-state usage where cost optimization is a priority.

A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.Which activities related to a Snowball Edge device are available to the company at no cost? A. Use of the Snowball Edge appliance for a 10-day period B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance C. The transfer of data from the Snowball Edge appliance into Amazon S3 D. Daily use of the Snowball Edge appliance after 10 days

C. The transfer of data from the Snowball Edge appliance into Amazon S3 When you use a Snowball Edge device to transfer data into Amazon S3, there's no additional cost associated with that data transfer. However, there are charges for importing data into the Snowball Edge device and for the device itself, but transferring data from the Snowball Edge appliance into Amazon S3 is typically free of charge.

A company is setting up AWS Identity and Access Management (IAM) on an AWS account.Which recommendation complies with IAM security best practices? A. Use the account root user access keys for administrative tasks. B. Grant broad permissions so that all company employees can access the resources they need. C. Turn on multi-factor authentication (MFA) for added security during the login process. D. Avoid rotating credentials to prevent issues in production applications.

C. Turn on multi-factor authentication (MFA) for added security during the login process. Enabling multi-factor authentication (MFA) adds an extra layer of security to the IAM user login process. It requires users to provide an additional authentication factor beyond just a username and password, typically a temporary code generated by a hardware token, software token, or mobile app. This significantly enhances the security of the AWS account by reducing the risk of unauthorized access, even if credentials are compromised. Options A, B, and D are not best practices for IAM security: A. Using the account root user access keys for administrative tasks is not recommended because it increases the risk of unauthorized access and compromises the security of the AWS account. B. Granting broad permissions to all company employees can lead to excessive permissions and increase the attack surface, making the AWS account more vulnerable to security threats. D. Avoiding credential rotation can lead to security vulnerabilities as credentials become stale or compromised over time. Rotation of credentials is a recommended security practice to mitigate the risk of unauthorized access.

Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as: A. restricted access. B. as-needed access. C. least privilege access. D. token access.

C. least privilege access.

Which AWS service provides the ability to manage infrastructure as code? A. AWS CodePipeline B. AWS CodeDeploy C. AWS Direct Connect D. AWS CloudFormation

D. AWS CloudFormation AWS CloudFormation is a service that allows you to define and provision AWS infrastructure and resources in a declarative template format called a CloudFormation template. With CloudFormation, you can create templates that describe the resources needed for your application stack, including EC2 instances, S3 buckets, databases, and more. These templates can be version controlled, reused, and shared, providing a consistent and automated way to manage and provision infrastructure resources. =========================================================== A. AWS CodePipeline is a continuous integration and continuous delivery (CI/CD) service provided by Amazon Web Services (AWS). It automates the build, test, and deployment phases of your release process, allowing you to quickly and reliably deliver new features and updates to your applications. B. AWS CodeDeploy is a deployment service offered by AWS that automates the process of deploying applications to a variety of compute services, including Amazon EC2 instances, AWS Lambda functions, and on-premises servers. It allows you to deploy your application code from sources such as Amazon S3 buckets or GitHub repositories with ease and provides features for monitoring and tracking deployment progress. C. AWS Direct Connect is a network service provided by AWS that establishes a dedicated network connection between your on-premises data center and AWS. It enables you to bypass the public internet and establish a private, high-bandwidth connection to AWS services, improving network performance, security, and reliability for your hybrid cloud deployments.

A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.Which AWS service should the developer use to meet these requirements? A. AWS Ground Station B. AWS Shield C. AWS IoT Device Defender D. AWS CloudFormation

D. AWS CloudFormation AWS CloudFormation is a service that allows you to define your infrastructure in code using templates. With CloudFormation, you can create, update, and delete AWS resources in a controlled and automated manner. By defining your development and production environment infrastructures as CloudFormation templates, you can ensure consistency and repeatability across environments. This makes it easier to manage and maintain infrastructure configurations, deploy updates, and replicate environments as needed. ========================================================== A. AWS Ground Station: AWS Ground Station is a fully managed service that allows you to control satellite communications, downlink and process satellite data, and scale your satellite operations quickly, easily, and cost-effectively without having to manage your own ground station infrastructure. B. AWS Shield: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. It helps protect your applications against the most common and sophisticated DDoS attacks by monitoring traffic and automatically mitigating attacks. C. AWS IoT Device Defender: AWS IoT Device Defender is a fully managed service that helps you secure your IoT devices. It continuously audits your IoT configurations to make sure they aren't deviating from security best practices, and it alerts you if any potential security issues are detected.

A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks ahead of a new product launch. Which AWS Support plan offers guidance and support for this kind of event at no additional charge? A. AWS Business Support B. AWS Basic Support C. AWS Developer Support D. AWS Enterprise Support

D. AWS Enterprise Support AWS Enterprise Support includes access to AWS Trusted Advisor, which provides guidance on operational best practices, security, reliability, performance efficiency, and cost optimization. Trusted Advisor can assist in assessing operational readiness and identifying potential risks before a new product launch. Additionally, AWS Enterprise Support offers personalized guidance and assistance from AWS Support Engineers to help address any operational concerns or challenges. ====================================================== A. AWS Business Support is a paid support plan provided by AWS that offers technical support to AWS customers. It includes features such as 24/7 access to Cloud Support Engineers via email, chat, or phone, as well as assistance with best practices, architectural guidance, and service limits. Business Support also provides access to AWS Trusted Advisor, which offers recommendations for optimizing your AWS infrastructure. B. AWS Basic Support is the default level of support provided to all AWS customers at no additional cost. It includes features such as access to documentation, whitepapers, and support forums, as well as the ability to submit support cases with AWS Support. Basic Support provides assistance with general account and billing inquiries, service health notifications, and limited access to AWS Trusted Advisor. C: AWS Developer Support is a paid support plan provided by AWS that is tailored for developers and organizations building and deploying applications on AWS. It offers technical support during business hours via email, with a response time of up to 12 hours. Developer Support includes assistance with development and testing of AWS applications, as well as access to AWS Trusted Advisor and the AWS Knowledge Center.

Which AWS service or resource provides answers to the most frequently asked security-related questions that AWS receives from its users? A. AWS Artifact B. Amazon Connect C. AWS Chatbot D. AWS Knowledge Center

D. AWS Knowledge Center AWS Knowledge Center offers a repository of frequently asked questions, best practices, troubleshooting guides, and other resources related to AWS services and features, including security-related inquiries. It serves as a valuable resource for users seeking information and guidance on various aspects of AWS, including security practices and recommendations. ============================================================= A. AWS Artifact is a service provided by AWS that provides on-demand access to AWS compliance reports and other documentation. It offers a centralized repository of audit and compliance-related documents, including SOC reports, PCI DSS reports, ISO certifications, and AWS security and compliance whitepapers. B. Amazon Connect is a cloud-based contact center service provided by AWS. It enables businesses to set up and manage a contact center in the cloud without the need for complex infrastructure or upfront costs. It offers features such as interactive voice response (IVR), automatic call distribution (ACD), real-time metrics and analytics, and integration with other AWS services and third-party applications. It allows businesses to deliver personalized customer experiences and improve customer engagement while reducing operational costs. C. AWS Chatbot is a service provided by AWS that enables you to integrate AWS services with chat platforms such as Slack and Amazon Chime. It allows you to receive notifications, run commands, and automate workflows directly from your preferred chat interface. It provides pre-built integrations with AWS services, including Amazon CloudWatch, AWS CodePipeline, AWS Health, and AWS Security Hub, allowing you to monitor and manage your AWS resources more efficiently using familiar chat-based interfaces.

A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console.Which AWS service or resource will meet this requirement? A. S3 Multi-Region Access Points B. S3 Storage Lens C. AWS IAM Identity Center (AWS Single Sign-On) D. Access Analyzer for S3

D. Access Analyzer for S3 Access Analyzer for S3 provides visibility into the access controls applied to S3 buckets. It identifies buckets that are accessible from outside the account or organization based on their access control lists (ACLs) and bucket policies. This service helps users to review and manage access permissions for S3 buckets, ensuring they are appropriately configured for security and compliance requirements. =========================================================== A. S3 Multi-Region Access Points: is a feature of Amazon S3 (Simple Storage Service) that simplifies managing data access across multiple AWS regions. It allows you to create a single access point to automatically route requests to the optimal regional endpoint based on your location and availability. B. S3 Storage Lens: is a feature of Amazon S3 that provides visibility into your object storage usage and activity across multiple AWS accounts and regions. It helps you analyze, understand, and optimize your storage usage and costs, as well as identify trends and anomalies in your data access patterns. C. AWS IAM Identity Center (AWS Single Sign-On): AWS IAM Identity Center, previously known as AWS Single Sign-On (SSO), is a service that simplifies user access management across multiple AWS accounts and business applications. It allows users to sign in once using their existing corporate credentials and access all their assigned accounts and applications without needing to sign in again.

Which of the following is a fully managed MySQL-compatible database? A. Amazon S3 B. Amazon DynamoDB C. Amazon Redshift D. Amazon Aurora

D. Amazon Aurora. It's a fully managed relational database service offered by Amazon Web Services (AWS) that is compatible with MySQL and PostgreSQL, providing high performance and availability with compatibility. =========================================================== A. Amazon S3 (Simple Storage Service): It's a scalable object storage service offered by Amazon Web Services (AWS) designed for large-scale web applications and data storage. It's highly durable and offers high availability. B. Amazon DynamoDB: This is a fully managed NoSQL database service provided by AWS. It's designed to deliver low-latency performance at any scale. DynamoDB is known for its fast and predictable performance with seamless scalability. C. Amazon Redshift: Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. It's designed to analyze large datasets using SQL queries. Redshift is optimized for high-performance analysis and is compatible with existing SQL-based tools and business intelligence applications.

Which AWS Cloud benefit is shown by an architecture's ability to withstand failures with minimal downtime? A. Agility B. Elasticity C. Scalability D. High availability

D. High availability High availability refers to the ability of a system or architecture to remain operational and accessible even in the event of failures or disruptions. By designing architectures with redundancy, fault tolerance, and failover mechanisms, AWS enables customers to achieve high availability for their applications and services. This ensures that users can access their resources consistently with minimal downtime, even during unexpected events or failures. ====================================================== A. Agility: Agility refers to the ability of a system or organization to quickly adapt and respond to changes in its environment. In the context of cloud computing, agility often relates to the ability to rapidly deploy, scale, and manage resources to meet changing business needs. B. Elasticity: Elasticity refers to the ability of a system or infrastructure to automatically and dynamically scale resources up or down based on demand. In the context of cloud computing, elasticity allows resources to be provisioned and released in response to fluctuations in workload, ensuring optimal performance and cost efficiency. C. Scalability: Scalability refers to the ability of a system to handle increasing amounts of work or traffic by adding resources or nodes to the system. It involves designing systems in a way that allows them to grow seamlessly without compromising performance. In the context of cloud computing, scalability is a key factor in ensuring that applications can handle varying levels of demand efficiently.

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.Which best practice of the AWS Well-Architected Framework is the company following with this plan? A. Integrate functional testing as part of AWS deployment. B. Use automation to deploy changes. C. Deploy the application to multiple locations. D. Implement loosely coupled dependencies.

D. Implement loosely coupled dependencies. Breaking down a monolithic application into microservices inherently involves creating loosely coupled dependencies between different parts of the application. Each microservice operates independently and communicates with others through well-defined interfaces, which promotes flexibility, scalability, and easier maintenance.

Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet? A. Security group B. AWS WAF C. AWS Firewall Manager D. Network ACL

D. Network ACL Network ACLs act as a firewall for controlling traffic in and out of a subnet in Amazon Virtual Private Cloud (VPC). They operate at the subnet level and evaluate traffic based on rules defined for inbound and outbound traffic. ============================================================ A. Security Group: In AWS, a security group acts as a virtual firewall for your EC2 instances to control inbound and outbound traffic. It allows you to specify which traffic is allowed to reach your instances based on rules that you define. Security groups are stateful, meaning any traffic allowed in is automatically allowed out, and vice versa. B. AWS WAF (Web Application Firewall): AWS WAF is a web application firewall service that helps protect your web applications from common web exploits and security vulnerabilities. It allows you to create customizable rules to filter and monitor HTTP and HTTPS traffic to your web applications, providing protection against various types of attacks. C. AWS Firewall Manager: AWS Firewall Manager is a security management service that makes it easier to centrally configure and manage firewall rules across multiple AWS accounts and resources. It allows you to create and apply security policies to your VPCs, AWS WAF web ACLs, and AWS Shield Advanced protections.

An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.Which EC2 purchasing option will meet these requirements MOST cost-effectively? A. Reserved Instances B. Dedicated Hosts C. Spot Instances D. On-Demand Instances

D. On-Demand Instances On-Demand Instances provide the flexibility to run instances without any long-term commitments or upfront payments. You only pay for the compute capacity you use by the hour or by the second, with no minimum usage commitments. This is ideal for short-term projects or applications that are only needed periodically, such as your e-learning platform application that runs for two months each year. While On-Demand Instances may not offer the same level of cost savings as Reserved Instances or Spot Instances, they provide the necessary reliability and availability without any risk of downtime. Therefore, they meet your requirement for avoiding application downtime while also being cost-effective for your usage pattern. ========================================================= A. Reserved Instances (RIs) are a purchasing option offered by Amazon Web Services (AWS) that allows customers to reserve Amazon EC2 computing capacity for a specific period (typically 1 or 3 years) in exchange for a significant discount compared to On-Demand Instance pricing. RIs provide a way to reduce costs for predictable workloads with steady usage. B. Dedicated Hosts are physical servers that are dedicated to a single customer's use in the AWS cloud. With Dedicated Hosts, customers have more control over the placement of their instances and can address compliance and regulatory requirements that may require dedicated hardware. C. Spot Instances are a purchasing option in AWS that allows customers to bid on unused EC2 capacity, often resulting in significantly lower costs compared to On-Demand pricing. However, these instances can be terminated by AWS with short notice if the current Spot price exceeds the bid price or if capacity becomes constrained.

A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources. Which AWS service will meet this requirement? A. IAM group B. IAM role C. IAM tag D. IAM Access Analyzer

To grant users in one AWS account access to resources in another AWS account, you can use IAM roles. IAM roles allow you to define who can assume the role and what permissions they have when they do so. By setting up cross-account IAM roles, you can establish trust between AWS accounts and grant the necessary permissions to users in one account to access resources in another account securely. Therefore, the correct answer is: B. IAM role ============================================================ A. IAM Group: An IAM (Identity and Access Management) group is a collection of IAM users. You can use groups to specify permissions for multiple users, which can make it easier to manage permissions for those users. Instead of defining permissions for individual users, you can define permissions for a group, and then any users that you add to that group automatically inherit those permissions. C. IAM Tag: IAM tags are key-value pairs that you can attach to IAM users, groups, roles, and policies to help manage, identify, and control access to AWS resources. Tags can be used for various purposes, such as organizing resources, applying security policies, or tracking costs. You can use tags to categorize IAM entities and apply permissions based on those tags. D. IAM Access Analyzer: IAM Access Analyzer is a tool that analyzes resource policies to help you identify resources that can be accessed from outside of your AWS account or organization. It continuously monitors and evaluates resource policies, such as S3 bucket policies or IAM role trust policies, and provides findings to help you identify and remediate unintended access.

A company wants to operate a data warehouse to analyze data without managing the data warehouse infrastructure.Which AWS service will meet this requirement? A. Amazon Aurora B. Amazon Redshift Serverless C. AWS Lambda D. Amazon RDS

To operate a data warehouse without managing the infrastructure, the appropriate AWS service is Amazon Redshift Serverless, where AWS manages the underlying infrastructure, allowing the company to focus solely on data analysis. Therefore, the correct answer is: B. Amazon Redshift Serverless ============================================================ A. Amazon Aurora: Amazon Aurora is a fully managed relational database service that is compatible with MySQL and PostgreSQL. It is designed for high performance, scalability, and durability, with features such as automatic failover, continuous backups, and read replicas. Aurora offers the performance and availability of commercial databases at a fraction of the cost. C. AWS Lambda: AWS Lambda is a serverless compute service that allows you to run code without provisioning or managing servers. You can upload your code and Lambda automatically scales and manages the compute resources needed to run it. It's commonly used for event-driven, scalable, and cost-effective application development. D. Amazon RDS (Relational Database Service): Amazon RDS is a managed relational database service that supports multiple database engines such as MySQL, PostgreSQL, Oracle, SQL Server, and MariaDB. It automates routine database tasks such as provisioning, patching, backup, and recovery, allowing you to focus on your application development.