How to pass Amazon CLF-C02 exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Amazon CLF-C02 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know Amazon CLF-C02 Dumps are Worth it?
Did we mention our latest CLF-C02 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Amazon Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our AWS Certified Cloud Practitioner Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using AWS Certified Cloud Practitioner Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get CLF-C02 Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CLF-C02 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
A company has a centralized group of users with large file storage requirements that haveexceeded the space available on premises. The company wants to extend its file storagecapabilities for this group while retaining the performance benefit of sharing content locally.What is the MOST operationally efficient AWS solution for this scenario?
A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 filesystem mounting utility. B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user'sworkstation to the file gateway. C. Move each user's working environment to Amazon Workspaces. Set up an AmazonWorkDocs account for each user. D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (AmazonEBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
Answer: B
Explanation: AWS Storage Gateway is a hybrid cloud storage service that allows you to
extend your on-premises file storage capabilities to the AWS Cloud. AWS Storage
Gateway file gateway enables you to store and access your files in Amazon S3 using
industry-standard file protocols such as NFS and SMB. File gateway caches frequently
accessed files locally, providing low-latency access to your data. File gateway also
optimizes the transfer of data between your on-premises environment and AWS,
minimizing the amount of bandwidth consumed. By using file gateway, you can retain the
performance benefit of sharing content locally while leveraging the scalability, durability,
and cost-effectiveness of Amazon S3. References: AWS Storage Gateway, File Gateway
Question # 2
Which complimentary AWS service or tool creates data-driven business cases for cloudplanning?
A. Migration Evaluator B. AWS Billing Conductor C. AWS Billing Console D. Amazon Forecast
Answer: A
Explanation: Migration Evaluator is a cloud-based service that provides organizations with
a comprehensive assessment of their current IT environment and estimates the cost
savings and performance improvements that can be achieved by migrating to
AWS. Migration Evaluator helps users build a data-driven business case for AWS by discovering over-provisioned on-premises instances, providing recommendations for costeffective
AWS alternatives, and analyzing existing licenses and cost comparisons of Bring
Your Own License (BYOL) and License Included (LI) options
Question # 3
Which AWS services or features provide disaster recovery solutions for Amazon EC2instances? (Select TWO.)
A. EC2 Reserved Instances B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots D. AWS Shield E. Amazon GuardDuty
Answer: B,C
Explanation: The correct answer is B and C. EC2 Amazon Machine Images (AMIs) and
Amazon Elastic Block Store (Amazon EBS) snapshots are two AWS services that provide
disaster recovery solutions for Amazon EC2 instances.
EC2 AMIs are preconfigured templates that contain the software configuration and
data required to launch an EC2 instance. You can create AMIs from your running
EC2 instances and use them to launch new instances in the same or different
AWS Regions. This way, you can quickly recover your EC2 instances in case of a
disaster that affects your primary Region or Availability Zone1.
Amazon EBS snapshots are incremental backups of your Amazon EBS volumes.
You can create snapshots of your volumes and store them in Amazon S3, which is
a highly durable and scalable storage service. You can use snapshots to restore
your volumes to a previous point in time or to create new volumes from
snapshots. Snapshots can also be copied across AWS Regions, enabling you to
recover your data in another Region in case of a disaster2.
The other options are not directly related to disaster recovery for EC2 instances:
EC2 Reserved Instances are a pricing model that allows you to reserve EC2
capacity for a specific period of time and receive a discount on the hourly
charge. Reserved Instances do not provide any disaster recovery benefits, as they
are only a billing option3.
AWS Shield is a managed service that protects your AWS resources from
for all AWS customers at no additional charge, and advanced protection for
customers who need higher levels of detection and mitigation. AWS Shield does
not provide any disaster recovery benefits, as it is only a security service4.
Amazon GuardDuty is a threat detection service that monitors your AWS account
and workloads for malicious or unauthorized activity. Amazon GuardDuty analyzes
various data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS
logs, to identify potential threats and alert you via Amazon CloudWatch Events or
AWS Lambda. Amazon GuardDuty does not provide any disaster recovery
benefits, as it is only a monitoring service5.
Question # 4
Using AWS Identity and Access Management (IAM) to grant access only to the resourcesneeded to perform a task is a concept known as:
A. restricted access. B. as-needed access. C. least privilege access. D. token access.
Answer: C
Explanation: The concept of granting access only to the resources needed to perform a
task is known as least privilege access. This is a security best practice in IAM that helps to
reduce the risk of unauthorized or malicious actions. By applying least privilege access,
you can limit the permissions of your IAM users, groups, and roles to the minimum required
for their specific tasks. You can also use conditions, permissions boundaries, and IAM
Access Analyzer to further restrict and verify access. References: Security best practices in
IAM, Policies and permissions in IAM, Use IAM policies to grant the least privileges
required to access Amazon RDS resources, How to Design a Least Privilege Architecture
in AWS, 12 Azure & AWS IAM Security Best Practices
Question # 5
Which AWS service or feature provides log information of the inbound and outbound trafficon network interfaces in a VPC?
A. Amazon CloudWatch Logs B. AWS CloudTrail C. VPC Flow Logs D. AWS Identity and Access Management (IAM)
Answer: C
Explanation: VPC Flow Logs is a feature that enables you to capture information about the
IP traffic going to and from network interfaces in your VPC. Flow log data can be published
to the following locations: Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data
Firehose. You can use VPC Flow Logs to monitor network traffic, diagnose security issues,
troubleshoot connectivity problems, and perform network forensics1. References:
Logging IP traffic using VPC Flow Logs - Amazon Virtual Private Cloud
Question # 6
What is the best resource for a user to find compliance-related information and reportsabout AWS?
A. AWS Artifact B. AWS Marketplace C. Amazon Inspector D. Increase operational costs across data centers.
Answer: A
Explanation: AWS Artifact is a self-service portal that provides on-demand access to AWS
security and compliance reports and select online agreements. Users can download
reports such as AWS ISO certifications, PCI reports, SOC reports, and GDPR DPA, and
review and accept agreements such as BAA and NDA. AWS Artifact helps users to
understand and meet compliance requirements for various standards and regulations that
apply to AWS services and infrastructure. AWS Artifact is the best resource for a user to
find compliance-related information and reports about AWS, whereas the other options are
not
Question # 7
A company operates a petabyte-scale data warehouse to analyze its data. The companywants a solution that will not require manual hardware and software management. WhichAWS service will meet these requirements?
A. Amazon DocumentDB (with MongoDB compatibility) B. Amazon Redshift C. Amazon Neptune D. Amazon ElastiCache
Answer: B
Explanation: Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse
service that makes it simple and cost-effective to analyze all your data using your existing
business intelligence tools. You can start small with no commitments, and scale to
petabytes for less than a tenth of the cost of traditional solutions. Amazon Redshift does
not require manual hardware and software management, as AWS handles all the tasks
such as provisioning, patching, backup, recovery, failure detection, and repair12. Amazon
Redshift also offers serverless capabilities, which allow you to access and analyze data
without any configurations or capacity planning. Amazon Redshift automatically scales the
data warehouse capacity to deliver fast performance for even the most demanding and
unpredictable workloads3. Therefore, Amazon Redshift meets the requirements of the
company, compared to the other options.
The other options are not suitable for the company’s requirements, because:
Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly
available, and fully managed document database service that supports MongoDB
workloads. It is not designed for petabyte-scale data warehousing or analytics4.
Amazon Neptune is a fast, reliable, and fully managed graph database service that
makes it easy to build and run applications that work with highly connected
datasets. It is not designed for petabyte-scale data warehousing or analytics5.
Amazon ElastiCache is a fully managed in-memory data store and cache service that supports Redis and Memcached. It is not designed for petabyte-scale data
warehousing or analytics.
References:
What is Amazon Redshift? - Amazon Redshift
Amazon Redshift Features - Amazon Redshift
Amazon Redshift Serverless - Amazon Redshift
What Is Amazon DocumentDB (with MongoDB compatibility)? - Amazon
DocumentDB (with MongoDB compatibility)
What Is Amazon Neptune? - Amazon Neptune
[What Is Amazon ElastiCache for Redis? - Amazon ElastiCache for Redis]
Question # 8
A company wants to move its on-premises databases to managed cloud database servicesby using a simplified migration process. Which AWS service or tool can help the companymeet this requirement?
A. AWS Storage Gateway B. AWS Application Migration Service C. AWS DataSync D. AWS Database Migration Service (AWS DMS)
Answer: D
Explanation: AWS Database Migration Service (AWS DMS) is a cloud service that makes
it possible to migrate relational databases, data warehouses, NoSQL databases, and other
types of data stores. You can use AWS DMS to migrate your data into the AWS Cloud or
between combinations of cloud and on-premises setups. With AWS DMS, you can discover
your source data stores, convert your source schemas, and migrate your data. AWS DMS
supports migration between 20-plus database and analytics engines, such as Oracle to
Amazon Aurora MySQL-Compatible Edition, MySQL to Amazon Relational Database
(RDS) for MySQL, Microsoft SQL Server to Amazon Aurora PostgreSQL-Compatible
Edition, MongoDB to Amazon DocumentDB (with MongoDB compatibility), Oracle to Amazon Redshift, and Amazon Simple Storage Service (S3). You can perform one-time
migrations or replicate ongoing changes to keep sources and targets in sync. AWS DMS
automatically manages the deployment, management, and monitoring of all hardware and
software needed for your migration. AWS DMS is a highly resilient, secure cloud service
that provides database discovery, schema conversion, data migration, and ongoing
replication to and from a wide range of databases and analytics systems12. References:
Database Migration - AWS Database Migration Service - AWS
What is AWS Database Migration Service? - AWS Database Migration Service
Question # 9
A company wants to allow users to authenticate and authorize multiple AWS accounts byusing a single set of credentials.Which AWS service or resource will meet this requirement?
A. AWS Organizations B. IAM user C. AWS IAM Identity Center (AWS Single Sign-On) D. AWS Control Tower
Answer: C
Explanation: AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service
that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS
accounts and business applications. You can use AWS SSO to enable your users to sign in
to the AWS Management Console or the AWS Command Line Interface (AWS CLI) with
their existing corporate credentials2. You can also manage SSO access and user
permissions across all your AWS accounts in AWS Organizations3. References: AWS
Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation
Question # 10
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2instances based on CPU utilization. Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achievethis goal?
A. Amazon Simple Queue Service (Amazon SQS) B. Amazon Simple Notification Service (Amazon SNS) C. AWS Systems Manager D. Amazon CloudWatch alarm
Answer: D
Explanation: Amazon CloudWatch alarm is an AWS service or feature that can initiate an
Amazon EC2 Auto Scaling action based on CPU utilization. Amazon CloudWatch is a
monitoring and observability service that collects and tracks metrics, logs, events, and
alarms for your AWS resources and applications. Amazon CloudWatch alarms are actions
that you can configure to send notifications or automatically make changes to the
resources you are monitoring based on rules that you define67.
Amazon EC2 Auto Scaling is a service that helps you maintain application availability and
allows you to automatically add or remove EC2 instances according to definable
conditions. You can create dynamic scaling policies that track a specific CloudWatch
metric, such as CPU utilization, and define what action to take when the associated
CloudWatch alarm is in ALARM. When the policy is in effect, Amazon EC2 Auto Scaling
adjusts the group’s desired capacity up or down when the threshold of an alarm is
CloudWatch Documentation, 8: Dynamic scaling for Amazon EC2 Auto Scaling, 9: Amazon
EC2 Auto Scaling Documentation
Question # 11
A company needs to track the activity in its AWS accounts, and needs to know when anAPI call is made against its AWS resources. Which AWS tool or service can be used tomeet these requirements?
A. Amazon CloudWatch B. Amazon Inspector C. AWS CloudTrail D. AWS IAM
Answer: C
Explanation: AWS CloudTrail is the service that can be used to meet these requirements.
AWS CloudTrail is a service that records AWS API calls for your account and delivers log
files to you. The recorded information includes the identity of the API caller, the time of the
API call, the source IP address of the API caller, the request parameters, and the response
elements returned by the AWS service1. You can use CloudTrail to track the activity in your
AWS accounts, such as who made an API call, when it was made, and what resources
were affected. You can also use CloudTrail to monitor the compliance, security, and
governance of your AWS environment2. The other services are not designed to track the
activity and API calls in your AWS accounts. Amazon CloudWatch is a service that
monitors and collects metrics, logs, and events from your AWS resources and applications. You can use CloudWatch to set alarms, visualize data, and automate actions
based on predefined thresholds or rules3. Amazon Inspector is a service that helps you
improve the security and compliance of your applications running on AWS. Inspector
automatically assesses applications for exposure, vulnerabilities, and deviations from best
practices4. AWS IAM is a service that enables you to manage access to AWS services and
resources securely. IAM allows you to create and manage AWS users and groups, and use
permissions to allow and deny their access to AWS resources. References: AWS
Which AWS service enables companies to deploy an application dose to end users?
A. Amazon CloudFront B. AWS Auto Scaling C. AWS AppSync D. Amazon Route S3
Answer: A
Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers
data, videos, applications, and APIs to customers globally with low latency, high transfer
speeds, all within a developer-friendly environment. CloudFront enables companies to
deploy an application close to end users by caching the application’s content at edge
locations that are geographically closer to the users. This reduces the network latency and
improves the user experience. CloudFront also integrates with other AWS services, such
as Amazon S3, Amazon EC2, AWS Lambda, AWS Shield, and AWS WAF, to provide a
secure and scalable solution for delivering applications12. References:
What Is Amazon CloudFront? - Amazon CloudFront Amazon CloudFront Features - Amazon CloudFront
Question # 13
A company needs to perform data processing once a week that typically takes about 5hours to complete. Which AWS service should the company use for this workload?
A. AWS Lambda B. Amazon EC2 C. AWS CodeDeploy D. AWS Wavelength
Answer: B
Explanation: Amazon EC2 is the most suitable AWS service for this workload. Amazon
EC2 provides secure, resizable compute capacity in the cloud. You can launch virtual
servers, called instances, and configure them according to your needs. You can choose
from different instance types, sizes, and families, and pay only for the resources you
use. Amazon EC2 also offers features such as auto scaling, load balancing, security
groups, and placement groups to optimize your performance, availability, and
security1. Amazon EC2 is ideal for workloads that require consistent and reliable compute
power, such as data processing, web hosting, gaming, and high-performance computing2.
The other services are not suitable for this workload. AWS Lambda is a serverless compute
service that lets you run code without provisioning or managing servers. You pay only for
the compute time you consume. Lambda is best for short-lived, stateless, and event-driven
workloads that can be completed in under 15 minutes3. AWS CodeDeploy is a deployment
service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services. CodeDeploy is not a
compute service, but a tool to help you update your applications with minimal downtime4.
AWS Wavelength is a service that delivers ultra-low latency applications for 5G devices.
Wavelength embeds AWS compute and storage services at the edge of
telecommunications providers’ 5G networks. Wavelength is designed for mobile edge
computing, such as interactive gaming, video streaming, and augmented
Which AWS service or tool gives users the ability to connect with AWS and deployresources programmatically?
A. Amazon quickSight B. AWS PrivateLink C. AWS Direct Connect D. AWS SDKs
Answer: D
Explanation: AWS SDKs are a set of tools that allow users to connect with AWS and
deploy resources programmatically. AWS SDKs provide libraries, code samples,
documentation, and other resources to help users write code that interacts with AWS APIs.
AWS SDKs support various programming languages, such as Java, Python, Ruby, .NET,
Node.js, Go, and more. AWS SDKs make it easier for users to access AWS services, such
as Amazon S3, Amazon EC2, Amazon DynamoDB, AWS Lambda, and more, from their
applications. AWS SDKs also handle tasks such as authentication, error handling, retries,
and data serialization, so users can focus on their application logic .
The other options are not AWS services or tools that give users the ability to connect with
AWS and deploy resources programmatically. Amazon QuickSight is a business
intelligence service that lets users create and share interactive dashboards and
visualizations1. AWS PrivateLink is a service that enables users to securely access
services hosted on AWS in a scalable and cost-effective manner2. AWS Direct Connect is
a service that establishes a dedicated network connection between a user’s premises and
AWS3.
Question # 15
Which AWS Cloud service can send alerts to customers if custom spending thresholds areexceeded?
A. AWS Budgets B. AWS Cost Explorer C. AWS Cost Allocation Tags D. AWS Organizations
Answer: A
Explanation: AWS Budgets is a service that allows you to set custom budgets for your
AWS costs and usage, and receive alerts via email or Amazon SNS notifications if you
exceed or are forecasted to exceed your budgeted amount1. You can create budgets
based on different dimensions, such as service, linked account, tag, or purchase option,
and define various types of alerts, such as actual, forecasted, or RI utilization alerts2. You
can also configure custom actions to automatically execute remediation tasks or workflows
when a budget threshold is breached3. AWS Budgets is the only service among the
options that can send alerts to customers if custom spending thresholds are exceeded. The
other options are not AWS services that provide this functionality.
Question # 16
Which AWS feature provides a no-cost platform for AWS users to join community groups,ask questions, find answers, and read community-generated articles about best practices?
A. AWS Knowledge Center B. AWS re:Post C. AWS 10 D. AWS Enterprise Support
Answer: B
Explanation: AWS re:Post is a no-cost platform for AWS users to join community groups,
ask questions, find answers, and read community-generated articles about best practices.
AWS re:Post is a social media platform that connects AWS users with each other and with
AWS experts. Users can create posts, comment on posts, follow topics, and join groups
related to AWS services, solutions, and use cases. AWS re:Post also features live event
feeds, community stories, and AWS Hero profiles. AWS re:Post is a great way to learn from
the AWS community, share your knowledge, and get inspired. References:
AWS re:Post
Join the Conversation
Question # 17
Which AWS service provides command line access to AWS tools and resources directly(torn a web browser?
A. AWS CIoudHSM B. AWS CloudShell C. Amazon Workspaces D. AWS Cloud Map
Answer: B
Explanation: AWS CloudShell is the service that provides command line access to AWS
tools and resources directly from a web browser. AWS CloudShell is a browser-based shell
that makes it easy to securely manage, explore, and interact with your AWS resources. It
comes pre-authenticated with your console credentials and common development and
administration tools are pre-installed, so no local installation or configuration is required.
You can open AWS CloudShell from the AWS Management Console with a single click and
start running commands and scripts using the AWS Command Line Interface (AWS CLI),
Git, or SDKs. AWS CloudShell also provides persistent home directories with 1 GB of
storage per AWS Region12. The other services do not provide command line access to
AWS tools and resources directly from a web browser. AWS CloudHSM is a service that
helps you meet corporate, contractual and regulatory compliance requirements for data
security by using dedicated Hardware Security Module (HSM) appliances within the AWS
Cloud3. Amazon WorkSpaces is a service that provides a fully managed, secure Desktopas-
a-Service (DaaS) solution that runs on AWS4. AWS Cloud Map is a service that makes
it easy for your applications to discover and connect to each other using logical names and
attributes5. References: AWS CloudShell, AWS CloudShell – Command-Line Access to
Which AWS service can run a managed PostgreSQL database that provides onlinetransaction processing (OLTP)?
A. Amazon DynamoDB B. Amazon Athena C. Amazon RDS D. Amazon EMR
Answer: C
Explanation: Amazon RDS is a fully managed relational database service that supports several database engines, including PostgreSQL. Amazon RDS can run a managed
PostgreSQL database that provides online transaction processing (OLTP), which is a type
of database workload that handles frequent read and write operations on small amounts of
data. Amazon RDS for PostgreSQL offers high performance, availability, scalability,
security, and compatibility with the PostgreSQL community edition. Amazon RDS also
provides automated backups, point-in-time recovery, encryption, monitoring, and
maintenance for PostgreSQL databases. References:
Hosted PostgreSQL - Amazon RDS for PostgreSQL
OLTP Database, MySQL And PostgreSQL Managed Database - Amazon Aurora
PostgreSQL options on AWS: Self- managed, managed, and serverless
Question # 19
Which responsibility belongs to AWS when a company hosts its databases on AmazonEC2 instances?
A. Database backups B. Database software patches C. Operating system patches D. Operating system installations
Answer: C
Explanation: When a company hosts its databases on Amazon EC2 instances, AWS and
the customer share the responsibility for the security and management of the database
environment. According to the AWS shared responsibility model, AWS is responsible for
the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS is responsible for protecting the infrastructure that runs the EC2
instances, such as the hardware, software, networking, and facilities. The customer is
responsible for properly configuring the security of the provided service, such as the guest
operating system, the database software, the data, and the network traffic12.
One of the tasks that belongs to AWS when a company hosts its databases on Amazon
EC2 instances is operating system patches. AWS provides regular updates and patches to
the operating system of the EC2 instances, which are applied automatically by default. The
customer can also choose to manually apply the patches or schedule them for a specific
time window3. Operating system patches are important for maintaining the security and
performance of the EC2 instances and the databases running on them.
The other tasks that belong to AWS when a company hosts its databases on Amazon EC2
instances are:
Operating system installations: AWS provides a variety of operating system
options for the EC2 instances, such as Linux, Windows, and Amazon Linux. The
customer can choose the operating system that best suits their database needs
and AWS will install it on the EC2 instances4.
Server maintenance: AWS performs regular maintenance and repairs on the
physical servers that host the EC2 instances, ensuring that they are in optimal condition and have adequate power, cooling, and network connectivity5.
Hardware lifecycle: AWS manages the lifecycle of the hardware that supports the
EC2 instances, such as replacing faulty components, upgrading equipment, and
decommissioning old servers.
The tasks that do not belong to AWS when a company hosts its databases on Amazon
EC2 instances are:
Database backups: The customer is responsible for backing up their data and
databases on the EC2 instances, using tools such as Amazon S3, Amazon EBS
snapshots, or AWS Backup. Database backups are essential for data protection
and recovery in case of failures or disasters.
Database software patches: The customer is responsible for applying patches and
updates to the database software on the EC2 instances, such as MySQL,
PostgreSQL, Oracle, or SQL Server. Database software patches are important for
fixing bugs, improving features, and addressing security vulnerabilities.
Database software install: The customer is responsible for installing the database
software on the EC2 instances, choosing the version and configuration that meets
their requirements. AWS provides some preconfigured AMIs (Amazon Machine
Images) that include common database software, or the customer can use their
own custom AMIs.
References:
Shared Responsibility Model - Amazon Web Services (AWS)
Shared responsibility model - Amazon Web Services: Risk and Compliance
Patching Amazon EC2 instances - AWS Systems Manager
Amazon EC2 FAQs - Amazon Web Services
Maintenance and Retirements - Amazon Elastic Compute Cloud
[Hardware Lifecycle - Amazon Web Services (AWS)]
[Backing Up Your Data - Amazon Web Services (AWS)]
[Database Patching - Amazon Web Services (AWS)]
[Installing Database Software on Amazon EC2 Instances - Amazon Web Services
(AWS)]
Question # 20
A developer needs to maintain a development environment infrastructure and a productionenvironment infrastructure in a repeatable fashion Which AWS service should thedeveloper use to meet these requirements?
A. AWS Ground Station B. AWS Shield C. AWS loT Device Defender D. AWS CloudFormation
Answer: D
Explanation: AWS CloudFormation is a service that allows developers to model and
provision their AWS infrastructure in a repeatable and declarative way, using code and
templates. AWS CloudFormation enables developers to define the resources they need for
their development and production environments, such as compute, storage, network, and
application services, and automate their creation and configuration. AWS CloudFormation
also provides features such as change sets, nested stacks, and rollback triggers to help
developers manage and update their infrastructure safely and efficiently12. References: AWS CloudFormation
What is AWS CloudFormation?
Question # 21
Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptibleworkload that runs once a year for 24 hours?
A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Dedicated Instances
Answer: A
Explanation:
On-Demand Instances are the most cost-efficient pricing model for an uninterruptible
workload that runs once a year for 24 hours. On-Demand Instances let you pay for
compute capacity by the hour or second, depending on which instances you run. No longterm
commitments or up-front payments are required. You can increase or decrease your
compute capacity to meet the demands of your application and only pay the specified
hourly rates for the instance you use1. This model is suitable for developing/testing
applications with short-term or unpredictable workloads2. The other pricing models are not
cost-efficient for this use case. Reserved Instances and Savings Plans require a
commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3
years. They provide significant discounts compared to On-Demand Instances, but they are
not flexible or scalable for workloads that run only once a year12. Spot Instances are the
cheapest option, but they are not suitable for uninterruptible workloads, as they can be
reclaimed by AWS at any time. They are recommended for applications that have flexible
start and end times, or that are only feasible at very low compute prices12. Dedicated
Instances are designed for compliance and licensing requirements, not for cost
optimization. They are more expensive than the other options, as they run on single-tenant
A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to6 months on AWS. Which pricing model will meet these requirements?
A. Use Savings Plans for a 3-year term. B. Use Dedicated Hosts. C. Buy Reserved Instances. D. Use On-Demand Instances.
Answer: D
Explanation:
On-Demand Instances are the most flexible and cost-effective pricing model for short-term,
experimental, or unpredictable workloads on AWS. On-Demand Instances let you pay only
for the resources you use, without any long-term commitments or upfront fees. You can
easily start and stop instances as needed, and scale up or down depending on your
demand.
Savings Plans, Reserved Instances, and Dedicated Hosts are all pricing models that
require a commitment for a certain amount of usage or capacity for a one- or three-year
term. These pricing models offer lower prices than On-Demand Instances, but they are not
suitable for workloads that only run for 3 to 6 months or have variable usage patterns.
Savings Plans and Reserved Instances also offer flexibility to change instance types, sizes,
or regions within the same family or pool, while Dedicated Hosts are physical servers that
can only run specific instance types.
Question # 23
A user wants to allow applications running on an Amazon EC2 instance to make calls toother AWS services. The access granted must be secure. Which AWS service or featureshould be used?
A. Security groups B. AWS Firewall Manager C. IAM roles D. IAM user SSH keys
Answer: C
Explanation: IAM roles are a secure way to grant permissions to applications running on
an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that
have specific permissions policies attached to them. You can create an IAM role and
associate it with an EC2 instance when you launch it or later. The applications on the
instance can then use the temporary credentials provided by the role to access AWS
resources that the role allows. This way, you do not have to store any long-term credentials
or access keys on the instance, which reduces the risk of compromise or misuse12.
The other options are not correct, because:
Security groups are virtual firewalls that control the inbound and outbound traffic
for your EC2 instances. Security groups do not grant permissions to access other
AWS services, but rather filter the network traffic based on rules that you define3.
AWS Firewall Manager is a service that helps you centrally configure and manage
firewall rules across your accounts and resources. AWS Firewall Manager works
with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups. AWS
Firewall Manager does not grant permissions to access other AWS services, but
rather helps you enforce consistent security policies across your AWS
infrastructure4.
IAM user SSH keys are credentials that allow you to connect to your EC2 instance
using SSH. SSH keys do not grant permissions to access other AWS services, but
rather authenticate your identity when you log in to your instance5.
References:
Using an IAM role to grant permissions to applications running on Amazon EC2
instances - AWS Identity and Access Management
IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud
Security groups for your VPC - Amazon Virtual Private Cloud
What is AWS Firewall Manager? - AWS Firewall Manager
Connecting to your Linux instance using SSH - Amazon Elastic Compute Cloud
Question # 24
Which AWS service or feature will search for and identify AWS resources that are sharedexternally?
A. Amazon OpenSearch Service B. AWS Control Tower C. AWS IAM Access Analyzer D. AWS Fargate
Answer: C
Explanation: AWS IAM Access Analyzer is an AWS service that helps customers identify
and review the resources in their AWS account that are shared with an external entity, such
as another AWS account, a root user, an organization, or a public entity. AWS IAM Access
Analyzer uses automated reasoning, a form of mathematical logic and inference, to
analyze the resource-based policies in the account and generate comprehensive findings
that show the access level, the source of the access, the affected resource, and the
condition under which the access applies. Customers can use AWS IAM Access Analyzer
to audit their shared resources, validate their access policies, and monitor any changes to
the resource sharing status. References: AWS IAM Access Analyzer, Identify and review
resources shared with external entities, How AWS IAM Access Analyzer works
Question # 25
Which AWS service or feature improves network performance by sending traffic throughthe AWS worldwide network infrastructure?
A. Route table B. AWS Transit Gateway C. AWS Global Accelerator D. Amazon VPC
Answer: C
Explanation: AWS Global Accelerator is a service that improves network performance by sending traffic
through the AWS worldwide network infrastructure. It uses the AWS global network to
direct TCP or UDP traffic to a healthy application endpoint in the closest AWS Region to
the client. This provides improvements in terms of latency, throughput, and jitter. Global
Accelerator also introduces features such as TCP termination at the edge, jumbo frame
support, and large receive side window and TCP buffers to optimize data transfer12. Route
table, AWS Transit Gateway, and Amazon VPC are not services or features that improve
network performance by sending traffic through the AWS worldwide network
infrastructure. Route table is a resource that defines how traffic is routed within a
VPC3. AWS Transit Gateway is a service that enables you to connect your VPCs and onpremises
networks to a single gateway4. Amazon VPC is a service that lets you provision a
logically isolated section of the AWS Cloud where you can launch AWS resources in a
virtual network that you define5. References: Achieve up to 60% better performance for
internet traffic with AWS Global Accelerator, Improving Performance on AWS and Hybrid
A company wants to establish a schedule for rotating database user credentials.Which AWS service will support this requirement with the LEAST amount of operationaloverhead?
A. AWS Systems Manager B. AWS Secrets Manager C. AWS License Manager D. AWS Managed Services
Answer: B
Explanation: AWS Secrets Manager is a service that helps you protect access to your
applications, services, and IT resources. This service enables you to easily rotate, manage,
and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the
need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation
with built-in integration for Amazon RDS, Amazon Redshift, Amazon DocumentDB, and
other AWS services1. You can also extend Secrets Manager to rotate other types of
secrets, such as credentials for Oracle, SQL Server, or MongoDB databases, by using
custom AWS Lambda functions2. Secrets Manager enables you to control access to
secrets using fine-grained permissions and audit secret rotation centrally for resources in
the AWS Cloud, third-party services, and on-premises3. Therefore, AWS Secrets Manager
supports the requirement of rotating database user credentials with the least amount of
operational overhead, compared to the other options. References:
What Is AWS Secrets Manager? - AWS Secrets Manager
Rotating Your AWS Secrets Manager Secrets - AWS Secrets Manager
AWS Secrets Manager Features - AWS Secrets Manager
Question # 27
A company wants to provide managed Windows virtual desktops and applications to itsremote employees over secure network connections. Which AWS services can thecompany use to meet these requirements? (Select TWO.)
A. Amazon Connect B. Amazon AppStream 2.0 C. Amazon Workspaces D. AWS Site-to-Site VPN E. Amazon Elastic Container Service (Amazon ECS)
Answer: B,C
Explanation: Amazon AppStream 2.0 and Amazon WorkSpaces are AWS services that
can be used to provide managed Windows virtual desktops and applications to remote
employees over secure network connections. Amazon AppStream 2.0 is a fully managed
application streaming service that allows users to access Windows desktop applications
from any device, without installing or managing any software. Amazon AppStream 2.0
delivers applications over an encrypted connection and isolates them from the underlying
infrastructure, ensuring security and compliance1. Amazon WorkSpaces is a fully managed
desktop virtualization service that allows users to access Windows or Linux desktops from
any device, with a consistent user experience. Amazon WorkSpaces provides persistent,
cloud-based virtual desktops that can be customized and scaled according to the user’s
needs. Amazon WorkSpaces also offers encryption, backup, and monitoring features to
ensure security and reliability2. References:
Amazon AppStream 2.0
Amazon WorkSpaces
Question # 28
Which option is a customer responsibility when using Amazon DynamoDB under the AWSShared Responsibility Model?
A. Physical security of DynamoDB B. Patching of DynamoDB C. Access to DynamoDB tables D. Encryption of data at rest in DynamoDB
Answer: C
Explanation: According to the AWS Shared Responsibility Model, AWS is responsible for
the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS is responsible for protecting the infrastructure that runs AWS
services, such as DynamoDB, while the customer is responsible for properly configuring
the security of the provided service. For abstracted services, such as DynamoDB, the
customer is primarily responsible for managing their data, classifying their assets, and
using IAM tools to apply the appropriate permissions12. Therefore, the customer is
responsible for controlling the access to DynamoDB tables, such as by creating IAM
policies, roles, and users, and using encryption and authentication
mechanisms3. References:
Shared Responsibility Model - Amazon Web Services (AWS)
Security and compliance in Amazon DynamoDB - Amazon DynamoDB
What is Shared Responsibility Model? - Check Point Software
Question # 29
A social media company wants to protect its web application from common web exploitssuch as SQL injections and cross-site scripting. Which AWS service will meet theserequirements?
A. Amazon Inspector B. AWS WAF C. Amazon GuardDuty D. Amazon CloudWatch
Answer: B
Explanation: AWS WAF is a web application firewall service that helps protect web
applications from common web exploits that could affect availability, compromise security,
or consume excessive resources. AWS WAF gives you control over which traffic to allow or
block to your web applications by defining customizable web security rules. You can use
AWS WAF to create rules that block common attack patterns, such as SQL injection or
cross-site scripting, and rules that filter out specific traffic patterns you define1. AWS WAF
also integrates with other AWS services, such as Amazon CloudFront, Amazon API
Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense
against web attacks2. Therefore, AWS WAF meets the requirements of the social media
company, compared to the other options.
The other options are not suitable for the social media company’s requirements, because:
Amazon Inspector is an automated security assessment service that helps
improve the security and compliance of applications deployed on AWS. Amazon
Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. However, Amazon Inspector does not provide a
web application firewall service that can block malicious web requests3.
Amazon GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior to protect your AWS accounts,
workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and
processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs,
and DNS logs. However, Amazon GuardDuty does not provide a web application
firewall service that can block malicious web requests4.
Amazon CloudWatch is a monitoring and observability service that provides data
and actionable insights to monitor your applications, respond to system-wide
performance changes, optimize resource utilization, and get a unified view of
operational health. Amazon CloudWatch collects monitoring and operational data
in the form of logs, metrics, and events, and visualizes it using automated
dashboards, alarms, and notifications. However, Amazon CloudWatch does not
provide a web application firewall service that can block malicious web requests.
References:
What Is AWS WAF? - AWS WAF, AWS Firewall Manager, and AWS Shield
Advanced
AWS WAF Features - AWS WAF, AWS Firewall Manager, and AWS Shield
Advanced
What Is Amazon Inspector? - Amazon Inspector
What Is Amazon GuardDuty? - Amazon GuardDuty
[What Is Amazon CloudWatch? - Amazon CloudWatch]
Question # 30
Which AWS service or feature allows users to create new AWS accounts, group multipleaccounts to organize workflows, and apply policies to groups of accounts?
A. AWS Identity and Access Management (1AM) B. AWS Trusted Advisor C. AWS CloudFormation D. AWS Organizations
Answer: D
Explanation: AWS Organizations is the AWS service or feature that allows users to create
new AWS accounts, group multiple accounts to organize workflows, and apply policies to
groups of accounts. AWS Organizations enables users to centrally manage and govern
their AWS environment across multiple accounts. Users can create organizational units
(OUs) to group accounts based on their business needs, such as by function, project, or
region. Users can also apply service control policies (SCPs) to OUs or individual accounts
to define the permissions and restrictions for the AWS services and resources that they can
access. AWS Organizations also offers features such as consolidated billing, account
creation automation, and trusted access12. References:
AWS Organizations
What is AWS Organizations?
Question # 31
Which option is a benefit of the economies of scale based on the advantages of cloudcomputing?
A. The ability to trade variable expense for fixed expense B. Increased speed and agility C. Lower variable costs over fixed costs D. Increased operational costs across data centers
Answer: B
Explanation: Economies of scale are the cost advantages that result from increasing the
scale of production or operation. In cloud computing, economies of scale are achieved by
pooling resources and sharing them among multiple users, which reduces the unit cost of
computing and storage. One of the benefits of economies of scale in cloud computing is
increased speed and agility, which means the ability to deploy applications faster and
respond to changing business needs more quickly. Cloud computing allows users to
access computing resources on demand, without having to invest in expensive
infrastructure or wait for lengthy provisioning processes. This enables users to scale up or
down as needed, experiment with new ideas, and deliver value to customers
faster123. References: Economics of Cloud Computing - GeeksforGeeks
What is Cloud Economics? | VMware Glossary
ECONOMIES OF SCALE WITH CLOUD COMPUTING & SERVICES PRACTICE -
IDC-Online
Question # 32
A company wants to migrate its applications to the AWS Cloud. The company plans toidentity and prioritize any business transformation opportunities and evaluate its AWSCloud readiness. Which AWS service or tool should the company use to meet theserequirements?
A. AWS Cloud Adoption Framework (AWS CAF) B. AWS Managed Services (AMS) C. AWS Well-Architected Framework D. AWS Migration Hub
Answer: A
Explanation: AWS Cloud Adoption Framework (AWS CAF) is a set of best practices, tools,
and guidance that helps organizations get started with cloud technologies. AWS CAF helps
organizations identify and prioritize transformation opportunities, evaluate and improve their
cloud readiness, and iteratively evolve their transformation roadmap. AWS CAF groups its
capabilities in six perspectives: Business, People, Governance, Platform, Security, and
Operations. Each perspective comprises a set of capabilities that functionally related
stakeholders own or manage in the cloud transformation journey1
AWS Managed Services (AMS) is a service that operates AWS infrastructure on behalf of
customers, providing a secure AWS Landing Zone, features that help meet various
compliance program requirements, a proven enterprise operating model, on-going cost
optimization, and day-to-day infrastructure management. AMS does not help customers
identify and prioritize business transformation opportunities or evaluate their cloud
readiness2
AWS Well-Architected Framework is a set of six pillars and lenses that help cloud
architects design and run workloads in the cloud. It provides a consistent approach for
customers and AWS Partners to evaluate and implement designs that scale with their
needs. AWS Well-Architected Framework helps customers understand the pros and cons
of decisions they make while building systems on AWS, but it does not help them identify
and prioritize business transformation opportunities3
AWS Migration Hub is a tool that lets customers discover, plan, and track their existing
servers and applications for migration to AWS. It offers journey templates, cross-team
collaboration, application and server discovery, strategy recommendations, orchestration
and simple dashboard. AWS Migration Hub simplifies the migration and modernization
process, but it does not help customers identify and prioritize business transformation
A company has deployed applications on Amazon EC2 instances. The company needs toassess application vulnerabilities and must identify infrastructure deployments that do notmeet best practices. Which AWS service can the company use to meet theserequirements?
A. AWS Trusted Advisor B. Amazon Inspector C. AWSConfig D. Amazon GuardDuty
Answer: B
Explanation: Amazon Inspector is a service that provides automated security assessment
and management for AWS resources, such as Amazon EC2 instances. Amazon Inspector
can scan applications for common vulnerabilities, such as SQL injection, cross-site
scripting, and remote code execution. Amazon Inspector can also check the configuration
of AWS resources against security best practices, such as the CIS Benchmarks and the
AWS Security Best Practices. Amazon Inspector can help customers identify and
remediate security issues, comply with security standards, and improve the security
posture of their AWS environment12. References:
Amazon Inspector
Improved, Automated Vulnerability Management for Cloud Workloads with a New
Amazon Inspector | AWS News Blog
Question # 34
Which AWS service or feature can be used to create a private connection between an onpremisesworkload and an AWS Cloud workload?
A. Amazon Route 53 B. Amazon Macie C. AWS Direct Connect D. AWS PrivaleLink
Answer: C
Explanation: AWS Direct Connect is a service that establishes a dedicated network
connection between your on-premises network and one or more AWS Regions. AWS
Direct Connect can be used to create a private connection between an on-premises
workload and an AWS Cloud workload, bypassing the public internet and reducing network
costs, latency, and bandwidth issues. AWS Direct Connect can also provide increased
security and reliability for your hybrid cloud applications and data transfers. References:
AWS Direct Connect
What is AWS Direct Connect?
AWS Direct Connect User Guide
Question # 35
Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager B. AWS Systems Manager C. AWS KMS D. AWS Config
Answer: C
Explanation: AWS KMS is the service that is used to provide encryption for Amazon EBS.
AWS KMS is a managed service that enables you to easily create and control the
encryption keys used to encrypt your data. Amazon EBS uses AWS KMS to encrypt and
decrypt your EBS volumes and snapshots. You can choose to use either the default AWS
managed CMK or your own customer managed CMK for encryption. AWS KMS also
provides features such as key rotation, audit logging, and access control policies to help
you manage your encryption keys and protect your data12. The other services are not used
to provide encryption for Amazon EBS. AWS Certificate Manager is a service that lets you
provision, manage, and deploy public and private SSL/TLS certificates for use with AWS
services and your internal connected resources3. AWS Systems Manager is a service that
provides a unified user interface to view and manage your AWS resources, automate
common operational tasks, and apply compliance policies4. AWS Config is a service that
enables you to assess, audit, and evaluate the configurations of your AWS
A company has a compute workload that is steady, predictable, and uninterruptible.Which Amazon EC2 instance purchasing options meet these requirements MOST costeffectively?(Select TWO.)
A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Saving Plans E. Dedicated Hosts
Answer: B,D
Explanation:
Reserved Instances and Savings Plans are the most cost-effective purchasing options for a
compute workload that is steady, predictable, and uninterruptible. Reserved Instances
provide a significant discount compared to On-Demand Instances, and Savings Plans offer
flexible and consistent savings on EC2 usage. Both options require a commitment to a
consistent amount of usage, in USD per hour, for a term of 1 or 3 years. On-Demand
Instances are suitable for short-term, irregular, or unpredictable workloads, but they are
more expensive than Reserved Instances or Savings Plans. Spot Instances are the
cheapest option, but they are not suitable for uninterruptible workloads, as they can be
reclaimed by AWS at any time. Dedicated Hosts and Dedicated Instances are designed for
compliance and licensing requirements, not for cost optimization. They are more expensive
than the other options, as they run on single-tenant hardware. References: Instance
Which tool should a developer use lo integrate AWS service features directly into anapplication?
A. AWS Software Development Kit B. AWS CodeDeploy C. AWS Lambda D. AWS Batch
Answer: A
Explanation:
AWS Software Development Kit (SDK) is a set of platform-specific tools for developers that
let them integrate AWS service features directly into their applications. AWS SDKs provide
libraries, code samples, documentation, and other resources to help developers write code
that interacts with AWS APIs. AWS SDKs support various programming languages, such
as Java, Python, Ruby, .NET, Node.js, Go, and more. AWS SDKs make it easier for
developers to access AWS services, such as Amazon S3, Amazon EC2, Amazon
DynamoDB, AWS Lambda, and more, from their applications. AWS SDKs also handle
tasks such as authentication, error handling, retries, and data serialization, so developers
can focus on their application logic.
Question # 38
Which AWS service or tool can be used to set up a firewall to control traffic going into andcoming out of an Amazon VPC subnet?
A. Security group B. AWS WAF C. AWS Firewall Manager D. Network ACL
Answer: D
Explanation: A network ACL (NACL) is an optional layer of security for your VPC that acts
as a firewall for controlling traffic in and out of one or more subnets. You can create a
network ACL and associate it with a subnet to apply rules that allow or deny traffic to or
from the subnet. Network ACLs are stateless, meaning that they evaluate the source and
destination IP addresses for both inbound and outbound traffic. You can also use network ACLs to block IP address ranges that are known to be malicious12.
The other options are not AWS services or tools that can be used to set up a firewall to
control traffic going into and coming out of an Amazon VPC subnet. Security groups are
another layer of security for your VPC that act as a firewall for your EC2 instances. Security
groups are stateful, meaning that they automatically allow return traffic for allowed inbound
traffic. Security groups can only filter traffic based on protocols, ports, and source or
destination IP addresses, not on IP ranges3. AWS WAF is a web application firewall that
helps protect your web applications from common web exploits. AWS WAF can filter web
requests based on rules that you define, such as IP addresses, HTTP headers, HTTP
body, or URI strings. AWS WAF does not apply to non-web traffic or to traffic within a
VPC4. AWS Firewall Manager is a service that helps you centrally configure and manage
firewall rules across your accounts and resources in AWS Organizations. You can use
Firewall Manager to apply AWS WAF rules, AWS Network Firewall policies, and Amazon
VPC security groups across your AWS accounts. AWS Firewall Manager does not provide
a firewall service itself, but rather helps you manage other firewall services
Question # 39
Which of the following is a managed AWS service that is used specifically for extract,transform, and load (ETL) data?
A. Amazon Athena B. AWS Glue C. Amazon S3 D. AWS Snowball Edge
Answer: B
Explanation: AWS Glue is a serverless data integration service that makes it easy to
discover, prepare, move, and integrate data from multiple sources for analytics, machine
learning, and application development. You can use various data integration engines, such
as ETL, ELT, batch, and streaming, and manage your data in a centralized data
catalog. AWS Glue is designed specifically for extract, transform, and load (ETL) data, whereas the other options are not.
Question # 40
A company has a set of ecommerce applications. The applications need to be able to sendmessages to each other. Which AWS service meets this requirement?
A. AWS Auto Scaling B. Elastic Load Balancing C. Amazon Simple Queue Service (Amazon SOS) D. Amazon Kinesis Data Streams
Answer: C
Explanation: Amazon Simple Queue Service (Amazon SQS) is a fully managed message
queuing service that lets you send, store, and receive messages between software
components at any volume, without losing messages or requiring other services to be
available1. Amazon SQS is designed to provide a simple and reliable way for customers to
decouple and connect components (microservices) together using queues2. Queues are
an important mechanism for providing fault tolerance and scalability in distributed systems,
and help decouple different parts of your application3. The other options are not AWS
services that are used specifically for sending messages between applications
Question # 41
Which pricing model will interrupt a running Amazon EC2 instance if capacity becomestemporarily unavailable?
A. On-Demand Instances B. Standard Reserved Instances C. Spot Instances D. Convertible Reserved Instances
Answer: C
Explanation: Spot Instances are a type of EC2 instance that let you bid on unused compute capacity, which AWS offers at a discount of up to 90% compared to On-Demand
prices1. Spot Instances are suitable for fault-tolerant, stateless, or flexible applications that
can handle interruptions2. Spot Instances can be interrupted with a two-minute warning
when EC2 needs the capacity back3. The other options are not pricing models that will
interrupt a running EC2 instance if capacity becomes temporarily unavailable
Question # 42
Which tasks are the customer's responsibility, according to the AWS shared responsibilitymodel? (Select TWO.)
A. Establish the global infrastructure. B. Perform client-side data encryption. C. Configure 1AM credentials. D. Secure edge locations. E. Patch Amazon RDS DB instances.
Answer: B,C
Explanation: According to the AWS shared responsibility model, AWS is responsible for
the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS is responsible for protecting the infrastructure that runs all of the
services offered in the AWS Cloud, such as the global network, the hardware, the software,
and the facilities. The customer is responsible for properly configuring the security of the
provided service, such as the guest operating system, the application software, the data,
and the network traffic. For abstracted services, such as Amazon RDS, AWS operates the
infrastructure layer, the operating system, and the database software, while the customer is
responsible for managing their data, classifying their assets, and using IAM tools to apply
the appropriate permissions12.
Therefore, the tasks that are the customer’s responsibility are:
Perform client-side data encryption: The customer is responsible for encrypting
their data before sending it to AWS, and decrypting it after receiving it from AWS. This ensures that the data is protected in transit and at rest. AWS provides various
encryption options, such as AWS Key Management Service (AWS KMS), AWS
CloudHSM, and AWS Certificate Manager (ACM)3.
Configure IAM credentials: The customer is responsible for creating and managing
IAM users, groups, roles, and policies that control the access to AWS resources
and services. IAM credentials include user names, passwords, access keys, and
permissions4.
The tasks that are not the customer’s responsibility are:
Establish the global infrastructure: AWS is responsible for building and maintaining
the global network of regions, availability zones, and edge locations that provide
low latency, high availability, and fault tolerance for the AWS Cloud5.
Secure edge locations: AWS is responsible for protecting the physical security of
the edge locations, which are sites that deliver cached content to end users with
improved performance6.
Patch Amazon RDS DB instances: AWS is responsible for applying patches and
updates to the operating system and the database software of the Amazon RDS
DB instances, which are managed relational database service for MySQL,
PostgreSQL, Oracle, SQL Server, and Amazon Aurora. References:
Shared Responsibility Model - Amazon Web Services (AWS)
Shared responsibility model - Amazon Web Services: Risk and Compliance
Encryption - Amazon Web Services (AWS)
What Is IAM? - AWS Identity and Access Management
Global Infrastructure - Amazon Web Services (AWS)
Amazon CloudFront Features - Content Delivery Network (CDN)
[What Is Amazon Relational Database Service (Amazon RDS)? - Amazon
Relational Database Service]
Question # 43
Which AWS Cloud benefit gives a company the ability to quickly deploy cloud resources toaccess compute, storage, and database infrastructures in a matter of minutes?
A. Elasticity B. Cost savings C. Agility D. Reliability
Answer: C
Explanation: Agility is the AWS Cloud benefit that gives a company the ability to quickly
deploy cloud resources to access compute, storage, and database infrastructures in a
matter of minutes. Agility means that you can reduce the time to make IT resources
available to your developers from weeks to just minutes, resulting in a dramatic increase in
innovation and responsiveness1. AWS provides a range of services and tools that enable
you to launch, scale, and manage your cloud applications with ease and speed, such as
AWS CloudFormation, AWS Elastic Beanstalk, AWS CodeDeploy, and AWS Quick
Starts2345. References:
Six advantages of cloud computing - Overview of Amazon Web Services
[AWS CloudFormation]
[AWS Elastic Beanstalk]
[AWS CodeDeploy]
AWS Quick Starts
Question # 44
A network engineer needs to build a hybrid cloud architecture connecting on-premisesnetworks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in asingle AWS Region and expects to increase the number of VPCs to hundreds over time.Which AWS service or feature should the engineer use to simplify and scale thisconnectivity as the VPCs increase in number?
A. VPC endpoints B. AWS Transit Gateway C. Amazon Route 53 D. AWS Secrets Manager
Answer: B
Explanation: AWS Transit Gateway is a network transit hub that you can use to
interconnect your VPCs and on-premises networks through a central gateway. AWS
Transit Gateway simplifies and scales the connectivity between your on-premises networks
and AWS, as you only need to create and manage a single connection from the central
gateway to each on-premises network, rather than individual connections to each
VPC. You can also use AWS Transit Gateway to connect to other AWS services, such as
thousands of VPCs per gateway, and enables you to peer Transit Gateways across AWS
Regions3.
The other options are not AWS services or features that can simplify and scale the
connectivity between on-premises networks and hundreds of VPCs using AWS Direct Connect. VPC endpoints enable private connectivity between your VPCs and supported
AWS services, but do not support on-premises networks4. Amazon Route 53 is a DNS
service that helps you route internet traffic to your resources, but does not provide network
connectivity5. AWS Secrets Manager is a service that helps you securely store and
manage secrets, such as database credentials and API keys, but does not relate to
network connectivity
Question # 45
A company needs to evaluate its AWS environment and provide best practicerecommendations in five categories: cost, performance, service limits, fault tolerance, andsecurity. Which AWS service can the company use to meet these requirements
A. AWS Shield B. AWS WAF C. AWS Trusted Advisor D. AWS Service Catalog
Answer: C
Explanation: AWS Trusted Advisor is the service that can meet these requirements. AWS
Trusted Advisor is a service that helps you optimize your AWS environment by providing
recommendations based on AWS best practices. Trusted Advisor continuously evaluates
your AWS resources and services across five categories: cost optimization, performance,
service limits, fault tolerance, and security. You can view the recommendations on the Trusted Advisor console or access them programmatically using the Trusted Advisor API.
You can also set up notifications and alerts for any changes in the status of your
checks. Trusted Advisor can help you improve your AWS environment by reducing costs,
enhancing performance, increasing security, and ensuring reliability12. The other services
are not designed to provide best practice recommendations in five categories. AWS Shield
is a service that protects your AWS resources from distributed denial-of-service (DDoS)
attacks. AWS WAF is a service that helps you protect your web applications from common
web exploits. AWS Service Catalog is a service that enables you to create and manage
catalogs of IT services that are approved for use on AWS34 . References: AWS Trusted
A company wants a customized assessment of its current on-premises environment. Thecompany wants to understand its projected running costs in the AWS Cloud.Which AWS service or tool will meet these requirements?
A. AWS Trusted Advisor B. Amazon Inspector C. AWS Control Tower D. Migration Evaluator
Answer: D
Explanation: Migration Evaluator is an AWS service that provides a customized
assessment of your current on-premises environment and helps you build a data-driven
business case for migration to AWS. Migration Evaluator collects and analyzes data from
your on-premises servers, such as CPU, memory, disk, network, and utilization metrics,
and compares them with the most cost-effective AWS alternatives. Migration Evaluator also
helps you understand your existing software licenses and running costs, and provides
recommendations for Bring Your Own License (BYOL) and License Included (LI) options in
AWS. Migration Evaluator generates a detailed report that shows your projected running
costs in the AWS Cloud, along with potential savings and benefits. You can use this report
to support your decision-making and planning for cloud migration. References: Cloud
Business Case & Migration Plan - Amazon Migration Evaluator - AWS, Getting started with
Migration Evaluator
Question # 47
Which AWS service provides the ability to manage infrastructure as code?
A. AWS CodePipeline B. AWS CodeDeploy C. AWS Direct Connect D. AWS CloudFormation
Answer: D
Explanation: The AWS service that provides the ability to manage infrastructure as code is
AWS CloudFormation. Infrastructure as code is a process of defining and provisioning
AWS resources using code or templates, rather than manual actions or scripts. AWS
CloudFormation allows you to create and update stacks of AWS resources based on
predefined templates that describe the desired state and configuration of the resources.
AWS CloudFormation automates and simplifies the deployment and management of AWS
resources, and ensures consistency and repeatability across different environments and
regions. AWS CloudFormation also supports rollback, change sets, drift detection, and
nested stacks features that help you to monitor and control the changes to your infrastructure1.
Question # 48
A company wants to manage its AWS Cloud resources through a web interface.Which AWS service will meet this requirement?
A. AWS Management Console B. AWS CLI C. AWS SDK D. AWS Cloud
Answer: A
Explanation: AWS Management Console is a web application that allows you to manage
and monitor your AWS Cloud resources through a user-friendly interface. You can use the
AWS Management Console to access and experiment with over 150 AWS services, view
and modify your account and billing information, get in-console help from AWS Support,
and customize your dashboard with widgets that display key metrics and information for
your applications567. You can also use the AWS Management Console to launch and
configure AWS resources using wizards and templates, without writing any
CloudFront Documentation, 4: AWS Global Accelerator - Amazon Web Services, 5: AWS
Global Accelerator Documentation
Question # 50
A company is running and managing its own Docker environment on Amazon EC2instances. The company wants an alternative to help manage cluster size, scheduling, andenvironment maintenance.Which AWS service meets these requirements?
A. AWS Lambda B. Amazon RDS C. AWS Fargate D. Amazon Athena
Answer: C
Explanation: AWS Fargate is a serverless compute engine for containers that works with
both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes
Service (Amazon EKS). AWS Fargate allows you to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you only pay for
the compute resources you use to run your containers, and you don’t need to worry about
scaling, patching, securing, or maintaining the underlying infrastructure. AWS Fargate
simplifies the deployment and management of containerized applications, and enables you
to focus on building and running your applications instead of managing the
infrastructure. References: AWS Fargate, What is AWS Fargate?
Question # 51
Which AWS services or features give users the ability to create a network connectionbetween two VPCs? (Select TWO.)
A. VPC endpoints B. Amazon Route 53 C. VPC peering D. AWS Direct Connect E. AWS Transit Gateway
Answer: C,E
Explanation: VPC peering and AWS Transit Gateway are two AWS services or features
that give users the ability to create a network connection between two VPCs. VPC peering
is a networking connection between two VPCs that enables you to route traffic between
them privately. You can create a VPC peering connection between your own VPCs, with a
VPC in another AWS account, or with a VPC in a different AWS Region. Traffic between
peered VPCs never traverses the public internet. VPC peering does not support transitive
peering relationships, which means that if VPC A is peered with VPC B, and VPC B is
peered with VPC C, then VPC A and VPC C are not automatically peered789. AWS Transit
Gateway is a networking service that acts as a regional router for your VPCs and onpremises
networks. You can attach up to 5,000 VPCs and VPN connections to a single
transit gateway and route traffic between them. AWS Transit Gateway simplifies the
management and scalability of your network architecture, as you only need to create and
manage a single connection from the central transit gateway to each connected
network. AWS Transit Gateway supports transitive routing, which means that any network
that is attached to the transit gateway can communicate with any other network that is
attached to the same transit gateway . References: 7: VPC peering - Amazon Virtual
According to security best practices, how should an Amazon EC2 instance be given accessto an Amazon S3 bucket?
A. Hard code an IAM user's secret key and access key directly in the application, andupload the file. B. Store the IAM user's secret key and access key in a text file on the EC2 instance, readthe keys, then upload the file. C. Have the EC2 instance assume a role to obtain the privileges to upload the file. D. Modify the S3 bucket policy so that any service can upload to it at any time.
Answer: C
Explanation: According to security best practices, the best way to give an Amazon EC2
instance access to an Amazon S3 bucket is to have the EC2 instance assume a role to
obtain the privileges to upload the file. A role is an AWS Identity and Access Management
(IAM) entity that defines a set of permissions for making AWS service requests. You can
use roles to delegate access to users, applications, or services that don’t normally have
access to your AWS resources. For example, you can create a role that allows EC2
instances to access S3 buckets, and then attach the role to the EC2 instance. This way,
the EC2 instance can assume the role and obtain temporary security credentials to access
the S3 bucket. This method is more secure and scalable than storing or hardcoding IAM
user credentials on the EC2 instance, as it avoids the risk of exposing or compromising the
credentials. It also allows you to manage the permissions centrally and dynamically, and to
audit the access using AWS CloudTrail. For more information on how to create and use
roles for EC2 instances, see Using an IAM role to grant permissions to applications running
on Amazon EC2 instances1
The other options are not recommended for security reasons. Hardcoding or storing IAM
user credentials on the EC2 instance is a bad practice, as it exposes the credentials to
potential attackers or unauthorized users who can access the instance or the application
code. It also makes it difficult to rotate or revoke the credentials, and to track the usage of
the credentials. Modifying the S3 bucket policy to allow any service to upload to it at any
time is also a bad practice, as it opens the bucket to potential data breaches, data loss, or
data corruption. It also violates the principle of least privilege, which states that you should
grant only the minimum permissions necessary for a task.
References: Using an IAM role to grant permissions to applications running on Amazon
EC2 instances
Question # 53
Which of the following is an AWS Well-Architected Framework design principle foroperational excellence in the AWS Cloud?
A. Go global in minutes B. Make frequent, small, reversible changes C. Implement a strong foundation of identity and access management D. Stop spending money on hardware infrastructure for data center operations
Answer: B
Explanation: Making frequent, small, reversible changes is one of the design principles for
operational excellence in the AWS Cloud, as defined by the AWS Well-Architected
Framework. This principle means that you should design your workloads to allow for rapid
and safe changes, such as deploying updates, rolling back failures, and experimenting with
new features. By making small and reversible changes, you can reduce the risk of errors,
minimize the impact of failures, and increase the speed of recovery2. References: 2: AWS
A user has a stateful workload that will run on Amazon EC2 for the next 3 years.What is the MOST cost-effective pricing model for this workload?
A. On-Demand Instances B. Reserved Instances C. Dedicated Instances D. Spot Instances
Answer: B
Explanation: Reserved Instances are a pricing model that offers significant discounts on
Amazon EC2 usage compared to On-Demand Instances. Reserved Instances are suitable
for stateful workloads that have predictable and consistent usage patterns for a long-term
period. By committing to a one-year or three-year term, customers can reduce their total
cost of ownership and optimize their cloud spend. Reserved Instances also provide
capacity reservation, ensuring that customers have access to the EC2 instances they need
when they need them. References: AWS Pricing Calculator, Amazon EC2 Pricing, [AWS
Cloud Practitioner Essentials: Module 3 - Compute in the Cloud]
Question # 55
A company wants to integrate its online shopping website with social media logincredentials.Which AWS service can the company use to make this integration?
A. AWS Directory Service B. AWS Identity and Access Management (IAM) C. Amazon Cognito D. AWS IAM Identity Center (AWS Single Sign-On)
Answer: C
Explanation: Amazon Cognito is a service that enables you to add user sign-up and signin
features to your web and mobile applications. Amazon Cognito also supports social and enterprise identity federation, which means you can allow your users to sign in with their
existing credentials from identity providers such as Google, Facebook, Apple, and Amazon.
Amazon Cognito integrates with OpenID Connect (OIDC) and Security Assertion Markup
Language (SAML) 2.0 protocols to facilitate the authentication and authorization process.
Amazon Cognito also provides advanced security features, such as adaptive
authentication, user verification, and multi-factor authentication
(MFA). References: Amazon Cognito, What is Amazon Cognito?
Question # 56
Which maintenance task is the customer's responsibility, according to the AWS sharedresponsibility model?
A. Physical connectivity among Availability Zones B. Network switch maintenance C. Hardware updates and firmware patches D. Amazon EC2 updates and security patches
Answer: D
Explanation: According to the AWS shared responsibility model, customers are
responsible for managing their data, applications, operating systems, security groups, and
other aspects of their AWS environment. This includes installing updates and security
patches of the guest operating system and any application software or utilities installed by
the customer on the instances. AWS is responsible for protecting the infrastructure that
runs all of the services offered in the AWS Cloud, such as data centers, hardware,
software, networking, and facilities. This includes the physical connectivity among
Availability Zones, the network switch maintenance, and the hardware updates and
Question # 57
A company is using Amazon DynamoDB for its application database.Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)
A. Classify data. B. Configure access permissions. C. Manage encryption options. D. Provide public endpoints to store and retrieve data. E. Manage the infrastructure layer and the operating system.
Answer: D,E
Explanation: According to the AWS shared responsibility model, AWS is responsible for
security of the cloud, while customers are responsible for security in the cloud. This means
that AWS is responsible for protecting the infrastructure that runs AWS services, such as
hardware, software, networking, and facilities. Customers are responsible for managing
their data, classifying their assets, and using IAM tools to apply the appropriate
permissions. For abstracted services, such as Amazon DynamoDB, AWS operates the
infrastructure layer, the operating system, and platforms, and provides customers with
public endpoints to store and retrieve data. Customers are responsible for classifying their
data, managing their encryption options, and configuring their access
permissions. References: Shared Responsibility Model, Security and compliance in
Amazon DynamoDB, [AWS Cloud Practitioner Essentials: Module 2 - Security in the Cloud]
Question # 58
A development team wants to deploy multiple test environments for an application in a fastrepeatable manner.Which AWS service should the team use?
A. Amazon EC2 B. AWS CloudFormation C. Amazon QuickSight D. Amazon Elastic Container Service (Amazon ECS)
Answer: B
Explanation: AWS CloudFormation is a service that allows you to model and provision
your AWS resources using templates. You can define your infrastructure as code and
automate the creation and update of your resources. AWS CloudFormation also supports
nested stacks, change sets, and rollback features to help you manage complex and
dynamic environments34. References:
AWS CloudFormation
AWS Certified Cloud Practitioner Exam Guide
Question # 59
Which of the following services can be used to block network traffic to an instance? (Select TWO.)
A. Amazon OpenSearch Service B. AWS Control Tower C. AWS IAM Access Analyzer D. AWS Fargate
Answer: C
Explanation: AWS IAM Access Analyzer is an AWS service that helps customers identify
and review the resources in their AWS account that are shared with an external entity, such
as another AWS account, a root user, an organization, or a public entity. AWS IAM Access
Analyzer uses automated reasoning, a form of mathematical logic and inference, to
analyze the resource-based policies in the account and generate comprehensive findings
that show the access level, the source of the access, the affected resource, and the
condition under which the access applies. Customers can use AWS IAM Access Analyzer to audit their shared resources, validate their access policies, and monitor any changes to
the resource sharing status. References: AWS IAM Access Analyzer, Identify and review
resources shared with external entities, How AWS IAM Access Analyzer works
Question # 60
Which of the following services can be used to block network traffic to an instance? (SelectTWO.)
A. Security groups B. Amazon Virtual Private Cloud (Amazon VPC) flow logs C. Network ACLs D. Amazon CloudWatch E. AWS CloudTrail
Answer: A,C
Explanation: Security groups and network ACLs are two AWS services that can be used
to block network traffic to an instance. Security groups are virtual firewalls that control the
inbound and outbound traffic for your instances at the instance level. You can specify which
protocols, ports, and source or destination IP addresses are allowed or denied for each
instance. Security groups are stateful, which means that they automatically allow return
traffic for any allowed inbound or outbound traffic123. Network ACLs are virtual firewalls
that control the inbound and outbound traffic for your subnets at the subnet level. You can
create rules to allow or deny traffic based on protocols, ports, and source or destination IP
addresses. Network ACLs are stateless, which means that you have to explicitly allow
return traffic for any allowed inbound or outbound traffic456. References: 1: Security
groups for your VPC - Amazon Virtual Private Cloud, 2: Security Groups for Your VPC -
Amazon Elastic Compute Cloud, 3: AWS Security Groups: Everything You Need to
Know, 4: Network ACLs - Amazon Virtual Private Cloud, 5: Control traffic to subnets using
A company wants to migrate its PostgreSQL database to AWS. The company does not usethe database frequently.Which AWS service or resource will meet these requirements with the LEAST managementoverhead?
A. PostgreSQL on Amazon EC2 B. Amazon RDS for PostgreSQL C. Amazon Aurora PostgreSQL-Compatible Edition D. Amazon Aurora Serverless
Answer: D
Explanation: Amazon Aurora Serverless is an on-demand, auto-scaling configuration for
Amazon Aurora PostgreSQL-Compatible Edition. It is a fully managed service that
automatically scales up and down based on the application’s actual needs. Amazon Aurora
Serverless is suitable for applications that have infrequent, intermittent, or unpredictable
database workloads, and that do not require the full power and range of options provided
by provisioned Aurora clusters. Amazon Aurora Serverless eliminates the need to provision
and manage database instances, and reduces the management overhead associated with
database administration tasks such as scaling, patching, backup, and
recovery. References: Amazon Aurora Serverless, Choosing between Aurora Serverless
and provisioned Aurora DB clusters, [AWS Cloud Practitioner Essentials: Module 4 -
Databases in the Cloud]
Question # 63
Which of the following actions are controlled with AWS Identity and Access Management(IAM)? (Select TWO.)
A. Control access to AWS service APIs and to other specific resources. B. Provide intelligent threat detection and continuous monitoring. C. Protect the AWS environment using multi-factor authentication (MFA). D. Grant users access to AWS data centers. E. Provide firewall protection for applications from common web attacks.
Answer: A,C
Explanation: AWS Identity and Access Management (IAM) is a service that enables you
to manage access to AWS services and resources securely. You can use IAM to perform
the following actions:
Control access to AWS service APIs and to other specific resources: You can
create users, groups, roles, and policies that define who can access which AWS
resources and how. You can also use IAM to grant temporary access to users or
applications that need to perform certain tasks on your behalf3
Protect the AWS environment using multi-factor authentication (MFA): You can
enable MFA for your IAM users and root user to add an extra layer of security to
your AWS account. MFA requires users to provide a unique authentication code
from an approved device or SMS text message, in addition to their user name and
password, when they sign in to AWS4
Question # 64
Which mechanism allows developers to access AWS services from application code?
A. AWS Software Development Kit B. AWS Management Console C. AWS CodePipeline D. AWS Config
Answer: A
Explanation: AWS Software Development Kit (SDK) is a set of platform-specific building
tools for developers. It allows developers to access AWS services from application code
using familiar programming languages. It provides pre-built components and libraries that
can be incorporated into applications, as well as tools to debug, monitor, and optimize
performance2. References: What is SDK? - SDK Explained - AWS
Question # 65
A company has a physical tape library to store data backups. The tape library is runningout of space. The company needs to extend the tape library's capacity to the AWS Cloud.Which AWS service should the company use to meet this requirement?
A. Amazon Elastic File System (Amazon EFS) B. Amazon Elastic Block Store (Amazon EBS) C. Amazon S3 D. AWS Storage Gateway
Answer: D
Explanation: AWS Storage Gateway is a hybrid cloud storage service that provides onpremises
access to virtually unlimited cloud storage. You can use AWS Storage Gateway
to simplify storage management and reduce costs for key hybrid cloud storage use cases.
One of these use cases is tape-based backup, which allows you to store data backups on
virtual tapes in the AWS Cloud. You can use the Tape Gateway feature of AWS Storage
Gateway to extend your existing physical tape library to the AWS Cloud. Tape Gateway
provides a virtual tape infrastructure that scales seamlessly with your backup needs and
eliminates the operational burden of provisioning, scaling, and maintaining a physical tape
Balancer, 5: Which characteristic of the AWS Cloud helps users eliminate …
Question # 67
What is a customer responsibility when using AWS Lambda according to the AWS sharedresponsibility model?
A. Managing the code within the Lambda function B. Confirming that the hardware is working in the data center C. Patching the operating system D. Shutting down Lambda functions when they are no longer in use
Answer: A
Explanation: According to the AWS shared responsibility model, AWS is responsible for
the security of the cloud, while customers are responsible for the security in the cloud. This
means that AWS is responsible for the physical servers, networking, and operating system
that run Lambda functions, while customers are responsible for the security of their code
and AWS IAM to the Lambda service and within their function1. Customers need to
manage the code within the Lambda function, such as writing, testing, debugging,
deploying, and updating the code, as well as ensuring that the code does not contain any
vulnerabilities or malicious code that could compromise the security or performance of the
A company that has multiple business units wants to centrally manage and govern its AWSCloud environments. The company wants to automate the creation of AWS accounts, applyservice control policies (SCPs), and simplify billing processes.Which AWS service or tool should the company use to meet these requirements?
A. AWS Organizations B. Cost Explorer C. AWS Budgets D. AWS Trusted Advisor
Answer: A
Explanation: AWS Organizations is an AWS service that enables you to centrally manage
and govern your AWS Cloud environments across multiple business units. AWS
Organizations allows you to create an organization that consists of AWS accounts that you
create or invite to join. You can group your accounts into organizational units (OUs) and
apply service control policies (SCPs) to them. SCPs are a type of policy that specify the
maximum permissions for the accounts in your organization, and can help you enforce
compliance and security requirements. AWS Organizations also simplifies billing processes
by enabling you to consolidate and pay for all member accounts with a single payment
method. You can also use AWS Organizations to automate the creation of AWS accounts
by using APIs or AWS CloudFormation templates. References: What is AWS
A company is building an application that needs to deliver images and videos globally withminimal latency.Which approach can the company use to accomplish this in a cost effective manner?
A. Deliver the content through Amazon CloudFront. B. Store the content on Amazon S3 and enable S3 cross-region replication. C. Implement a VPN across multiple AWS Regions. D. Deliver the content through AWS PrivateLink.
Answer: A
Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers
data, videos, applications, and APIs to customers globally with low latency, high transfer
speeds, all within a developer-friendly environment. It works seamlessly with services
including AWS Shield for DDoS mitigation, Amazon S3, Elastic Load Balancing or Amazon
EC2 as origins for your applications, and Lambda@Edge to run custom code closer to
customers’ users and to customize the user experience. By using CloudFront, you can
cache your content at the edge locations that are closest to your end users, reducing the
network latency and improving the performance of your application. CloudFront also offers
a pay-as-you-go pricing model, so you only pay for the data transfer and requests that you
use.
Question # 71
A company wants to allow users to authenticate and authorize multiple AWS accounts byusing a single set of credentials.Which AWS service or resource will meet this requirem
A. AWS Organizations B. IAM user C. AWS IAM Identity Center (AWS Single Sign-On) D. AWS Control Tower
Answer: C
Explanation: AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service
that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS
accounts and business applications. You can use AWS SSO to enable your users to sign in
to the AWS Management Console or the AWS Command Line Interface (AWS CLI) with
their existing corporate credentials2. You can also manage SSO access and user
permissions across all your AWS accounts in AWS Organizations3. References: AWS
Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation
Question # 72
Which AWS service or feature allows a user to establish a dedicated network connectionbetween a company's on-premises data center and the AWS Cloud?
A. AWS Direct Connect B. VPC peering C. AWS VPN D. Amazon Route 53
Answer: A
Explanation: AWS Direct Connect is an AWS service that allows users to establish a
dedicated network connection between their on-premises data center and the AWS Cloud.
This connection bypasses the public internet and provides more predictable network
performance, reduced bandwidth costs, and increased security. Users can choose from
different port speeds and connection types, and use AWS Direct Connect to access AWS
services in any AWS Region globally. Users can also use AWS Direct Connect in
conjunction with AWS VPN to create a hybrid network architecture that combines the
benefits of both private and public connectivity. References: AWS Direct Connect, [AWS
Cloud Practitioner Essentials: Module 3 - Compute in the Cloud]
Question # 73
A company has deployed an application in the AWS Cloud. The company wants to ensurethat the application is highly resilient.Which component of AWS infrastructure can the company use to meet this requirement?
A. Content delivery network (CDN) B. Edge locations C. Wavelength Zones D. Availability Zones
Answer: D
Explanation: Availability Zones are components of AWS infrastructure that can help the
company ensure that the application is highly resilient. Availability Zones are multiple,
isolated locations within each AWS Region. Each Availability Zone has independent power,
cooling, and physical security, and is connected to the other Availability Zones in the same
Region via low-latency, high-throughput, and highly redundant networking. Availability
Zones allow you to operate production applications and databases that are more highly
available, fault tolerant, and scalable than would be possible from a single data center.
Question # 74
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role hasbeen shared with an external entity?
A. AWS Service Catalog B. AWS Systems Manager C. AWS IAM Access Analyzer D. AWS Organizations
Answer: C
Explanation: AWS IAM Access Analyzer is a service that helps you identify the resources
in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are
shared with an external entity. This lets you identify unintended access to your resources
and data, which is a security risk. IAM Access Analyzer uses logic-based reasoning to
analyze the resource-based policies in your AWS environment. For each instance of a
resource shared outside of your account, IAM Access Analyzer generates a
finding. Findings include information about the access and the external principal granted to
it345. References: 3: Using AWS Identity and Access Management Access
Analyzer, 4: IAM Access Analyzer - Amazon Web Services (AWS), 5: Welcome - IAM
Access Analyzer
Question # 75
What can a cloud practitioner use to retrieve AWS security and compliance documents andsubmit them as evidence to an auditor or regulator?
A. AWS Certificate Manager B. AWS Systems Manager C. AWS Artifact D. Amazon Inspector
Answer: C
Explanation: AWS Artifact is a service that provides on-demand access to AWS security
and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI)
reports, and Service Organization Control (SOC) reports. You can download these
documents and submit them as evidence to your auditors or regulators to demonstrate the
security and compliance of the AWS infrastructure and services that you use. AWS Artifact
also allows you to review, accept, and manage AWS agreements, such as the Business
Associate Addendum (BAA) for customers who are subject to the Health Insurance
Portability and Accountability Act (HIPAA). References: AWS Artifact, What is AWS
Artifact?
Question # 76
A company wants to run its workload on Amazon EC2 instances for more than 1 year. Thisworkload will run continuously.Which option offers a discounted hourly rate compared to the hourly rate of On-DemandInstances?
A. AWS Graviton processor B. Dedicated Hosts C. EC2 Instance Savings Plans D. Amazon EC2 Auto Scaling instances
Answer: C
Explanation: EC2 Instance Savings Plans are a flexible pricing model that offer discounted
hourly rates on Amazon EC2 instance usage for a 1 or 3 year term. EC2 Instance Savings
Plans provide savings up to 72% off On-Demand rates, in exchange for a commitment to a
specific instance family in a chosen AWS Region (for example, M5 in Virginia). These plans
automatically apply to usage regardless of size (for example, m5.xlarge, m5.2xlarge, etc.),
OS (for example, Windows, Linux, etc.), and tenancy (Host, Dedicated, Default) within the
specified family in a Region. With an EC2 Instance Savings Plan, you can change your
instance size within the instance family (for example, from c5.xlarge to c5.2xlarge) or the
operating system (for example, from Windows to Linux), or move from Dedicated tenancy
to Default and continue to receive the discounted rate provided by your EC2 Instance
Savings Plan4567. References: 4: Compute Savings Plans – Amazon Web
Services, 5: What are Savings Plans? - Savings Plans, 6: How To Cut Your AWS Bill With
Savings Plans
Question # 77
A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS.Which AWS service or tool should the company use to meet this requirement?
A. Cloud Adoption Readiness Tool B. AWS Migration Hub C. AWS Database Migration Service (AWS DMS) D. AWS Application Migration Service
Answer: C
Explanation: AWS Database Migration Service (AWS DMS) is a managed and automated
service that helps you migrate your databases from your on-premises or cloud environment
to AWS, either as a one-time migration or as a continuous replication. AWS DMS supports
migration between 20-plus database and analytics engines, such as PostgreSQL, Oracle, MySQL, SQL Server, MongoDB, Amazon Aurora, Amazon RDS, Amazon Redshift, and
Amazon S3. AWS DMS also provides schema conversion and validation tools, as well as
monitoring and security features. AWS DMS is a cost-effective and reliable solution for
database migration, as you only pay for the compute resources and additional log storage
used during the migration process, and you can minimize the downtime and data loss with
Multi-AZ and ongoing replication12
To migrate a PostgreSQL database from on-premises to Amazon RDS using AWS DMS,
you need to perform the following steps:
Create an AWS DMS replication instance in the same AWS Region as your target
Amazon RDS PostgreSQL DB instance. The replication instance is a server that
runs the AWS DMS replication software and connects to your source and target
endpoints. You can choose the instance type, storage, and network settings based
on your migration requirements3
Create a source endpoint that points to your on-premises PostgreSQL database.
You need to provide the connection details, such as the server name, port,
database name, user name, and password. You also need to specify the engine
name as postgres and the SSL mode as required4
Create a target endpoint that points to your Amazon RDS PostgreSQL DB
instance. You need to provide the connection details, such as the server name,
port, database name, user name, and password. You also need to specify the
engine name as postgres and the SSL mode as verify-full.
Create a migration task that defines the migration settings and options, such as
the replication instance, the source and target endpoints, the migration type (full
load, full load and change data capture, or change data capture only), the table
mappings, the task settings, and the task monitoring role. You can also use the
AWS Schema Conversion Tool (AWS SCT) to convert your source schema to the
target schema and apply it to the target endpoint before or after creating the
migration task.
Start the migration task and monitor its progress and status using the AWS DMS
console, the AWS CLI, or the AWS DMS API. You can also use AWS
CloudFormation to automate the creation and execution of the migration task.
The other options are not suitable for migrating a PostgreSQL database from on-premises
to Amazon RDS. Cloud Adoption Readiness Tool is a tool that helps you assess your
readiness for cloud adoption based on six dimensions: business, people, process, platform,
operations, and security. It does not perform any database migration tasks. AWS Migration
Hub is a service that helps you track and manage the progress of your application
migrations across multiple AWS and partner services, such as AWS DMS, AWS
Application Migration Service, AWS Server Migration Service, and CloudEndure Migration.
It does not perform any database migration tasks itself, but rather integrates with other
migration services. AWS Application Migration Service is a service that helps you migrate
your applications from your on-premises or cloud environment to AWS without making any
changes to the applications, their architecture, or the migrated servers. It does not support
database migration, but rather replicates your servers as Amazon Machine Images (AMIs)
and launches them as EC2 instances on AWS.
References: AWS Database Migration Service, What is AWS Database Migration
Service?, Working with an AWS DMS replication instance, Creating source and target
endpoints for PostgreSQL, [Creating a target endpoint for Amazon RDS for PostgreSQL], [Creating a migration task for AWS DMS], [AWS Schema Conversion Tool], [Starting a
At what support level do users receive access to a support concierge?
A. Basic Support B. Developer Support C. Business Support D. Enterprise Support
Answer: D
Explanation: Users receive access to a support concierge at the Enterprise Support level.
A support concierge is a team of AWS billing and account experts that specialize in working
with enterprise accounts. They can help users with billing and account inquiries, cost
optimization, FinOps support, cost analysis, and prioritized answers to billing questions.
The support concierge is included as part of the Enterprise Support plan, which also
provides access to a Technical Account Manager (TAM), Infrastructure Event
Management, AWS Trusted Advisor, and 24/7 technical support. References: AWS
Support Plan Comparison, AWS Enterprise Support Plan, AWS Support Concierge
Question # 79
Which AWS service is always provided at no charge?
A. Amazon S3 B. AWS Identity and Access Management (IAM) C. Elastic Load Balancers D. AWS WAF
Answer: B
Explanation: AWS Identity and Access Management (IAM) is a web service that helps you
securely control access to AWS resources. You can use IAM to create and manage AWS
users and groups, and use permissions to allow and deny their access to AWS
resources. IAM is always provided at no charge12. References: 1: AWS Identity and
Access Management (IAM) - Amazon Web Services (AWS), 2: Which aws service is
always provided at no charge? - Brainly.in
Question # 80
A company must be able to develop, test, and launch an application in the AWS Cloudquickly.Which advantage of cloud computing will meet these requirements?
A. Stop guessing capacity B. Trade fixed expense for variable expense C. Achieve economies of scale D. Increase speed and agility
Answer: D
Explanation: One of the benefits of cloud computing is that it enables customers to
increase speed and agility in developing, testing, and launching applications. Cloud
computing provides on-demand access to a variety of IT resources, such as compute,
storage, networking, databases, and analytics, without requiring upfront investments or
long-term commitments. Customers can provision and release resources in minutes, scale
up and down as needed, and experiment with new technologies and features. This allows
customers to accelerate their innovation cycles, deliver faster time-to-market, and respond
to changing customer needs and demands
Question # 81
A company wants to run a NoSQL database on Amazon EC2 instances.Which task is the responsibility of AWS in this scenario"?
A. Update the guest operating system of the EC2 instances B. Maintain high availability at the database layer C. Patch the physical infrastructure that hosts the EC2 instances D. Configure the security group firewall
Answer: C
Explanation: When you run a NoSQL database on Amazon EC2 instances, you are
responsible for managing the database layer and the guest operating system of the
instances. This means that you need to perform tasks such as updating the operating
system, maintaining high availability, and configuring the security group firewall. AWS is
responsible for managing the physical infrastructure that hosts the EC2 instances. This
means that AWS ensures that the hardware and firmware of the servers, routers, switches,
and other devices are updated and secure. AWS also handles the power, cooling,
networking, and security of the data centers12. References: CLF-C02: Which task is
responsibility of AWS to run NoSQL database on …, Best Practices for Hosting NoSQL
Databases on Amazon EC2
Question # 82
Which service enables customers to audit API calls in their AWS accounts'?
A. AWS CloudTrail B. AWS Trusted Advisor C. Amazon Inspector D. AWS X-Ray
Answer: A
Explanation: AWS CloudTrail is a service that provides a record of actions taken by a
user, role, or an AWS service in your AWS account. CloudTrail captures all API calls for
AWS services as events, including calls from the AWS Management Console, AWS SDKs,
command line tools, and higher-level AWS services. You can use CloudTrail to monitor,
audit, and troubleshoot your AWS account activity34. AWS Trusted Advisor is a service
that provides best practices recommendations for cost optimization, performance, security,
and fault tolerance in your AWS account5. Amazon Inspector is a service that helps you
improve the security and compliance of your applications deployed on AWS by
automatically assessing them for vulnerabilities and deviations from best practices6. AWS
X-Ray is a service that helps you analyze and debug your applications by collecting data
about the requests that your application serves, and providing tools to view, filter, and gain
insights into that data7. References: Logging AWS Audit Manager API calls with
CloudTrail, Logging AWS Account Management API calls using AWS CloudTrail, Review
API calls in your AWS account using CloudTrail, Monitor the usage of AWS API calls using
Amazon CloudWatch, Which service enables customers to audit API calls in their AWS …
Question # 83
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspectivecapabilities? (Select TWO.)
A. Observability B. Incident and problem management C. Incident response D. Infrastructure protection E. Availability and continuity
the confidentiality, integrity, and availability of their data and cloud workloads. It comprises
nine capabilities that are grouped into three categories: preventive, detective, and
responsive. Incident response and infrastructure protection are two of the capabilities in the
responsive and preventive categories, respectively. Incident response helps users prepare
for and respond to security incidents in a timely and effective manner, using tools and
processes that leverage AWS features and services. Infrastructure protection helps users
implement security controls and mechanisms to protect their cloud resources, such as
network, compute, storage, and database, from unauthorized access or malicious
attacks. References: Security perspective: compliance and assurance, AWS Cloud
Adoption Framework
Question # 84
A company is migrating its applications from on-premises to the AWS Cloud. The companywants to ensure that the applications are assigned only the minimum permissions that areneeded to perform all operations.Which AWS service will meet these requirements'?
A. AWS Identity and Access Management (IAM) B. Amazon CloudWatch C. Amazon Macie D. Amazon GuardDuty
Answer: A
Explanation: AWS Identity and Access Management (IAM) is a service that helps you
securely control access to AWS resources for your users. You use IAM to control who can
use your AWS resources (authentication) and what resources they can use and in what
ways (authorization). IAM also enables you to follow the principle of least privilege, which
means granting only the permissions that are necessary to perform a
A company needs to block SQL injection attacks. Which AWS service or feature can meet this requirement?
A. AWS WAF B. AWS Shield C. Network ACLs D. Security groups
Answer: A
Explanation: AWS WAF is a web application firewall that helps protect web applications
from common web exploits, such as SQL injection attacks. It allows customers to create
custom rules that block malicious requests. AWS Shield is a managed service that protects
against distributed denial of service (DDoS) attacks, not SQL injection attacks. Network
ACLs and security groups are network-level security features that filter traffic based on IP
addresses and ports, not web requests or SQL queries. References: [AWS WAF], [AWS
Shield], [Network ACLs], [Security groups]
Question # 87
A company wants durable storage for static content and infinitely scalable data storageinfrastructure at the lowest cost.Which AWS service should the company choose?
A. Amazon Elastic Block Store (Amazon EBS) B. Amazon S3 C. AWS Storage Gateway D. Amazon Elastic File System (Amazon EFS)
Answer: B
Explanation: Amazon S3 is a service that provides durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost. Amazon S3 is an object
storage service that allows you to store and retrieve any amount of data from anywhere on
the internet. Amazon S3 offers industry-leading scalability, availability, and performance, as
well as 99.999999999% (11 9s) of durability and multi-AZ resilience. Amazon S3 also
provides various storage classes that offer different levels of performance and cost
optimization, such as S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access
(S3 Standard-IA), S3 One Zone-Infrequent Access (S3 One Zone-IA), and S3
Glacier456. Amazon S3 is ideal for storing static content, such as images, videos,
documents, and web pages, as well as building data lakes, backup and archive solutions,
big data analytics, and machine learning applications456. References: 4: Cloud Storage on
A company wants to migrate its on-premises relational databases to the AWS Cloud. Thecompany wants to use infrastructure as close to its current geographical location aspossible.Which AWS service or resource should the company use to select its Amazon RDSdeployment area?
A. Amazon Connect B. AWS Wavelength C. AWS Regions D. AWS Direct Connect
Answer: C
Explanation:
AWS Regions are the AWS service or resource that the company should use to select its
Amazon RDS deployment area. AWS Regions are separate geographic areas where AWS
clusters its data centers. Each AWS Region consists of multiple, isolated, and physically
separate Availability Zones within a geographic area. Each AWS Region is designed to be
isolated from the other AWS Regions to achieve the highest possible fault tolerance and
stability. AWS provides a more extensive global footprint than any other cloud provider, and
to support its global footprint and ensure customers are served across the world, AWS
opens new Regions rapidly. AWS maintains multiple geographic Regions, including
Regions in North America, South America, Europe, China, Asia Pacific, South Africa, and
the Middle East. Amazon RDS is available in several AWS Regions worldwide. To create
or work with an Amazon RDS DB instance in a specific AWS Region, you must use the
corresponding regional service endpoint. You can choose the AWS Region that meets your
latency or legal requirements. You can also use multiple AWS Regions to design a disaster
recovery solution or to distribute your read workload. References: Global Infrastructure
Regions & AZs - aws.amazon.com, Regions, Availability Zones, and Local Zones - Amazon
Relational Database Service
Question # 89
What does the concept of agility mean in AWS Cloud computing? (Select TWO.)
A. The speed at which AWS resources are implemented B. The speed at which AWS creates new AWS Regions C. The ability to experiment quickly D. The elimination of wasted capacity E. The low cost of entry into cloud computing
Answer: A,C
Explanation: Agility in AWS Cloud computing means the ability to rapidly provision and
deprovision AWS resources as needed, and the ability to experiment quickly with new
ideas and solutions. Agility helps businesses to respond to changing customer demands,
market opportunities, and competitive threats, and to innovate faster and cheaper. Agility
also reduces the risk of failure, as businesses can test and validate their assumptions
before committing to large-scale deployments. Some of the benefits of agility in AWS Cloud
computing are:
The speed at which AWS resources are implemented: AWS provides a variety of
services and tools that allow you to create, configure, and launch AWS resources
in minutes, using the AWS Management Console, the AWS Command Line
Interface (AWS CLI), the AWS Software Development Kits (AWS SDKs), or the
AWS CloudFormation templates. You can also use the AWS Cloud Development
Kit (AWS CDK) to define your AWS resources as code using familiar programming
languages, and synthesize them into AWS CloudFormation templates. You can
also use the AWS Service Catalog to create and manage standardized portfolios
of AWS resources that meet your organizational policies and best practices. AWS
also offers on-demand, pay-as-you-go pricing models, so you only pay for the
resources you use, and you can scale them up or down as your needs
change12345
The ability to experiment quickly: AWS enables you to experiment quickly with new
ideas and solutions, without having to invest in upfront capital or long-term
commitments. You can use AWS to create and test multiple prototypes,
hypotheses, and minimum viable products (MVPs) in parallel, and measure their
performance and feedback. You can also use AWS to leverage existing services
and solutions, such as AWS Marketplace, AWS Solutions, and AWS Quick Starts,
that can help you accelerate your innovation process. AWS also supports a culture
of experimentation and learning, by providing tools and resources for continuous
integration and delivery (CI/CD), testing, monitoring, and analytics.
References: Six advantages of cloud computing - Overview of Amazon Web
Services, AWS Cloud Development Kit (AWS CDK), AWS Service Catalog, AWS
Pricing, AWS CloudFormation, [Experimentation and Testing - AWS Well-Architected
A company wants to migrate to AWS and use the same security software it uses onpremises. The security software vendor offers its security software as a service on AWS.Where can the company purchase the security solution?
A. AWS Partner Solutions Finder B. AWS Support Center C. AWS Management Console D. AWS Marketplace
Answer: D
Explanation: AWS Marketplace is an online store that helps customers find, buy, and
immediately start using the software and services that run on AWS. Customers can choose
from a wide range of software products in popular categories such as security, networking,
storage, machine learning, business intelligence, database, and DevOps. Customers can
also use AWS Marketplace to purchase software as a service (SaaS) solutions that are
integrated with AWS. Customers can benefit from simplified procurement, billing, and
deployment processes, as well as flexible pricing options and free trials. Customers can
also leverage AWS Marketplace to discover and subscribe to solutions offered by AWS
Partners, such as the security software vendor mentioned in the
question. References: AWS Marketplace, [AWS Marketplace: Software as a Service
Which AWS service can a company use to visually design and build serverlessapplications?
A. AWS Lambda B. AWS Batch C. AWS Application Composer D. AWS App Runner
Answer: C
Explanation: AWS Application Composer is a service that allows users to visually design
and build serverless applications. Users can drag and drop components, such as AWS
Lambda functions, Amazon API Gateway endpoints, Amazon DynamoDB tables, and
Amazon S3 buckets, to create a serverless application architecture. Users can also
configure the properties, permissions, and dependencies of each component, and deploy
the application to their AWS account with a few clicks. AWS Application Composer simplifies the design and configuration of serverless applications, and reduces the need to
write code or use AWS CloudFormation templates. References: AWS Application
Composer, AWS releases Application Composer to make serverless ‘easier’ but initial
scope is limited
Question # 92
A company is hosting an application in the AWS Cloud. The company wants to verify thatunderlying AWS services and general AWS infrastructure are operating normally.Which combination of AWS services can the company use to gather the requiredinformation? (Select TWO.)
A. AWS Personal Health Dashboard B. AWS Systems Manager C. AWS Trusted Advisor D. AWS Service Health Dashboard E. AWS Service Catalog
Answer: A,D
Explanation:
AWS Personal Health Dashboard and AWS Service Health Dashboard are two AWS
services that can help the company to verify that underlying AWS services and general
AWS infrastructure are operating normally. AWS Personal Health Dashboard provides a
personalized view into the performance and availability of the AWS services you are using,
as well as alerts that are automatically triggered by changes in the health of those services.
In addition to event-based alerts, Personal Health Dashboard provides proactive
notifications of scheduled activities, such as any changes to the infrastructure powering
Question # 93
A company wants to migrate its on_premises workloads to the AWS Cloud. The companywants to separate workloads for chargeback to different departments.Which AWS services or features will meet these requirements? (Select TWO.)
A. Placement groups B. Consolidated billing C. Edge locations D. AWS Config E. Multiple AWS accounts
Answer: B,E
Explanation: Consolidated billing is a feature of AWS Organizations that enables
customers to consolidate billing and payment for multiple AWS accounts. With consolidated
billing, customers can group multiple AWS accounts under one payer account, making it
easier to manage billing and track costs across multiple accounts. Consolidated billing also
offers benefits such as volume discounts, Reserved Instance discounts, and Savings Plans
discounts. Consolidated billing is offered at no additional cost.
Multiple AWS accounts is a feature of AWS Organizations that enables customers to create
and manage multiple AWS accounts from a central location. With multiple AWS accounts,
customers can isolate workloads for different departments, projects, or environments, and
apply granular access controls and policies to each account. Multiple AWS accounts also
helps customers improve security, compliance, and governance of their AWS
resources56. References: 5: Consolidated billing for AWS Organizations - AWS
Service, 6: Working with AWS Neptune. Neptune is a fully-managed graph … - Medium
Question # 98
To reduce costs, a company is planning to migrate a NoSQL database to AWS.Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?
A. Amazon Redshift B. Amazon Aurora C. Amazon DynamoDB D. Amazon RDS
Answer: C
Explanation: Amazon DynamoDB is a fully managed, serverless, key-value NoSQL
database service that can deliver consistent, single-digit millisecond performance at any
scale. DynamoDB can automatically scale throughput capacity to meet the demands of the
database workload, without requiring any manual intervention. DynamoDB is ideal for
NoSQL applications that need high performance, availability, and scalability. DynamoDB
also offers features such as encryption at rest, point-in-time recovery, global tables, and inmemory
caching. References: What is NoSQL?, Amazon DynamoDB, [AWS Cloud
Practitioner Essentials: Module 4 - Databases in the Cloud]
Question # 99
A company is planning to host its workloads on AWS.Which AWS service requires the company to update and patch the guest operatingsystem?
A. Amazon DynamoDB B. Amazon S3 C. Amazon EC2 D. Amazon Aurora
Answer: C
Explanation: Amazon EC2 is an AWS service that provides scalable, secure, and
resizable compute capacity in the cloud. Amazon EC2 allows customers to launch and
manage virtual servers, called instances, that run a variety of operating systems and
applications. Customers have full control over the configuration and management of their
instances, including the guest operating system. Therefore, customers are responsible for
updating and patching the guest operating system on their EC2 instances, as well as any
other software or utilities installed on the instances. AWS provides tools and services, such
as AWS Systems Manager and AWS OpsWorks, to help customers automate and simplify
the patching process. References: Shared Responsibility Model, Shared responsibility
model, [Amazon EC2]
Question # 100
A company wants to quickly implement a continuous integration/continuous delivery(CI/CD) pipeline.Which AWS service will meet this requirement?
A. AWS Config B. Amazon Cognito C. AWS DataSync D. AWS CodeStar
Answer: D
Explanation: AWS CodeStar is a service that enables you to quickly develop, build, and
deploy applications on AWS. It provides a unified user interface for managing your
application lifecycle, including code repositories, build pipelines, deployments, and project
dashboards. AWS CodeStar also integrates with other AWS services, such as AWS
CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline, to create a
complete CI/CD pipeline for your application12. References:
AWS CodeStar
AWS Certified Cloud Practitioner Exam Guide
Question # 101
A developer wants to deploy an application quickly on AWS without manually creating therequired resources. Which AWS service will meet these requirements?
A. Amazon EC2 B. AWS Elastic Beanstalk C. AWS CodeBuild D. Amazon Personalize
Answer: B
Explanation: AWS Elastic Beanstalk is a service that allows you to deploy and manage
applications on AWS without manually creating and configuring the required resources,
such as EC2 instances, load balancers, security groups, databases, and more. AWS
Elastic Beanstalk automatically handles the provisioning, scaling, load balancing, health
monitoring, and updating of your application, while giving you full control over the
underlying AWS resources if needed. AWS Elastic Beanstalk supports a variety of
platforms and languages, such as Java, .NET, PHP, Node.js, Python, Ruby, Go, and
Docker. You can use the AWS Management Console, the AWS CLI, the AWS SDKs, or the
AWS Elastic Beanstalk API to create and manage your applications. You can also use
AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS
CodePipeline to integrate AWS Elastic Beanstalk with your development and deployment
workflows12
Question # 102
A company website is experiencing DDoS attacks.Which AWS service can help protect the company website against these attacks?
A. AWS Resource Access Manager B. AWS Amplify C. AWS Shield D. Amazon GuardDuty
Answer: C
Explanation:
AWS Shield is a managed DDoS protection service that safeguards applications running on
AWS from distributed denial of service (DDoS) attacks. DDoS attacks are malicious
attempts to disrupt the normal functioning of a website or application by overwhelming it
with a large volume of traffic from multiple sources. AWS Shield provides two tiers of
protection: Standard and Advanced. AWS Shield Standard is automatically enabled for all
AWS customers at no additional cost. It protects your AWS resources, such as Amazon
CloudFront, AWS Global Accelerator, and Amazon Route 53, from the most common and
frequently occurring network and transport layer DDoS attacks. AWS Shield Advanced is
an optional paid service that provides additional protection for your AWS resources and
applications, such as Amazon Elastic Compute Cloud (Amazon EC2), Elastic Load Balancing (ELB), Amazon Simple Storage Service (Amazon S3), Amazon Relational
Database Service (Amazon RDS), and AWS Elastic Beanstalk. AWS Shield Advanced
offers enhanced detection and mitigation capabilities, 24/7 access to the AWS DDoS
Response Team (DRT), real-time visibility and reporting, and cost protection against
DDoS-related spikes in your AWS bill12
References: AWS Shield, What is a DDOS Attack & How to Protect Your Site Against One
Question # 103
A company wants to generate a list of IAM users. The company also wants to view thestatus of various credentials that are associated with the users, such as password, accesskeys: and multi-factor authentication (MFA) devicesWhich AWS service or feature will meet these requirements?
A. IAM credential report B. AWS IAM Identity Center (AWS Single Sign-On) C. AWS Identity and Access Management Access Analyzer D. AWS Cost and Usage Report
Answer: A
Explanation: An IAM credential report is a feature of AWS Identity and Access
Management (IAM) that allows you to view and download a report that lists all IAM users in
your account and the status of their various credentials, such as passwords, access keys,
and MFA devices. You can use this report to audit the security status of your IAM users
and ensure that they follow the best practices for credential
management1. References: 1: AWS Documentation - IAM User Guide - Getting credential
reports for your AWS account
Question # 104
Which AWS service supports a hybrid architecture that gives users the ability to extendAWS infrastructure, AWS services, APIs, and tools to data centers, co-locationenvironments, or on-premises facilities?
A. AWS Snowmobile B. AWS Local Zones C. AWS Outposts D. AWS Fargate
Answer: C
Explanation: AWS Outposts is a service that delivers AWS infrastructure and services to
virtually any on-premises or edge location for a truly consistent hybrid experience. AWS
Outposts allows you to extend and run native AWS services on premises, and is available
in a variety of form factors, from 1U and 2U Outposts servers to 42U Outposts racks, and
multiple rack deployments. With AWS Outposts, you can run some AWS services locally
and connect to a broad range of services available in the local AWS Region. Run
applications and workloads on premises using familiar AWS services, tools, and APIs2.
AWS Outposts is the only AWS service that supports a hybrid architecture that gives users
the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, colocation
environments, or on-premises facilities. References: On-Premises Infrastructure -
AWS Outposts Family
Question # 105
Which cloud concept is demonstrated by using AWS Compute Optimizer?
A. Security validation B. Rightsizing C. Elasticity D. Global reach
Answer: B
Explanation: Rightsizing is the cloud concept that is demonstrated by using AWS
Compute Optimizer. Rightsizing is the process of adjusting the type and size of your cloud
resources to match the optimal performance and cost for your workloads. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of your AWS
resources, such as Amazon EC2 instances, Amazon EBS volumes, AWS Lambda
functions, and Amazon ECS services on AWS Fargate. It reports whether your resources
are optimal, and generates optimization recommendations to reduce the cost and improve
the performance of your workloads. AWS Compute Optimizer uses machine learning to
analyze your historical utilization data and compare it with the most cost-effective AWS
alternatives. You can use the recommendations to evaluate the trade-offs between cost
and performance, and decide when to move or resize your resources to achieve the best
results. References: Workload Rightsizing - AWS Compute Optimizer - AWS, What is AWS
Compute Optimizer? - AWS Compute Optimizer
Question # 106
Which AWS service or resource provides answers to the most frequently asked securityrelatedquestions that AWS receives from its users'?
A. AWS Artifact B. Amazon Connect C. AWS Chatbot D. AWS Knowledge Center
Answer: A
Explanation: AWS Artifact is your go-to, central resource for compliance-related
information that matters to you. It provides on-demand access to AWS’s security and
compliance reports and select online agreements. Reports available in AWS Artifact
include our Service Organization Control (SOC) reports, Payment Card Industry (PCI)
attestation of compliance, and certifications from accreditation bodies across geographies
and compliance verticals that validate the implementation and operating effectiveness of
AWS security controls. Agreements available in AWS Artifact include the Business
Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). AWS Artifact helps
you answer the most frequently asked security and compliance questions that AWS
receives from its users. References: Compliance FAQ, Compliance Solutions Guide
Question # 107
A company wants to receive a notification when a specific AWS cost threshold is reached.Which AWS services or tools can the company use to meet this requirement? (SelectTWO.)
A. Amazon Simple Queue Service (Amazon SQS) B. AWS Budgets C. Cost Explorer D. Amazon CloudWatch E. AWS Cost and Usage Report
Answer: B,D
Explanation:
AWS Budgets and Amazon CloudWatch are two AWS services or tools that the company
can use to receive a notification when a specific AWS cost threshold is reached. AWS
Budgets allows users to set custom budgets to track their costs and usage, and respond
quickly to alerts received from email or Amazon Simple Notification Service (Amazon SNS)
notifications if they exceed their threshold. Users can create cost budgets with fixed or
variable target amounts, and configure their notifications for actual or forecasted spend.
Users can also set up custom actions to run automatically or through an approval process
when a budget target is exceeded. For example, users could automatically apply a custom
IAM policy that denies them the ability to provision additional resources within an account.
Amazon CloudWatch is a service that monitors applications, responds to performance
changes, optimizes resource use, and provides insights into operational health. Users can
use CloudWatch to collect and track metrics, which are variables they can measure for
their resources and applications. Users can create alarms that watch metrics and send
notifications or automatically make changes to the resources they are monitoring when a
threshold is breached. Users can use CloudWatch to monitor their AWS costs and usage
by creating billing alarms that send notifications when their estimated charges exceed a
specified threshold amount. Users can also use CloudWatch to monitor their Reserved
Instance (RI) or Savings Plans utilization and coverage, and receive notifications when they
fall below a certain level.
References: Cloud Cost And Usage Budgets - AWS Budgets, What is Amazon
CloudWatch?, Creating a billing alarm - Amazon CloudWatch
Question # 108
Which AWS service is a cloud security posture management (CSPM) service thataggregates alerts from various AWS services and partner products in a standardizedformat?
A. AWS Security Hub B. AWS Trusted Advisor C. Amazon EventBndge D. Amazon GuardDuty
Answer: A
Explanation: AWS Security Hub is a cloud security posture management (CSPM) service
that performs security best practice checks, aggregates alerts, and enables automated
remediation. Security Hub collects findings from the security services enabled across your
AWS accounts, such as intrusion detection findings from Amazon GuardDuty, vulnerability
scans from Amazon Inspector, and sensitive data identification findings from Amazon
Macie. Security Hub also collects findings from partner security products using a
standardized AWS Security Finding Format, eliminating the need for time-consuming data
parsing and normalization efforts. Customers can designate an administrator account that
can access all findings across their accounts. References: AWS Security Hub
Overview, AWS Security Hub FAQs
Question # 109
A company is migrating its workloads to the AWS Cloud. The company must retain fullcontrol of patch management for the guest operating systems that host its applications.Which AWS service should the company use to meet these requirements?
A. Amazon DynamoDB B. Amazon EC2 C. AWS Lambda D. Amazon RDS
Answer: B
Explanation: Amazon EC2 is the AWS service that the company should use to meet its
requirements of retaining full control of patch management for the guest operating systems
that host its applications. Amazon EC2 is a service that provides secure, resizable compute
capacity in the cloud. Users can launch virtual servers, called instances, that run various
operating systems, such as Linux, Windows, macOS, and more. Users have full
administrative access to their instances and can install and configure any software,
including patches and updates, on their instances. Users are responsible for managing the
security and maintenance of their instances, including patching the guest operating system
and applications. Users can also use AWS Systems Manager to automate and simplify the
patching process for their EC2 instances. AWS Systems Manager is a service that helps
users manage their AWS and on-premises resources at scale. Users can use AWS
Systems Manager Patch Manager to scan their instances for missing patches, define patch
baselines and maintenance windows, and apply patches automatically or manually across
their instances. Users can also use AWS Systems Manager to monitor the patch
compliance status and patching history of their instances. References: What is Amazon
EC2?, AWS Systems Manager Patch Manager
Question # 110
A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6seconds.For how much time will the customer be billed?
A. 3 hours, 5 minutes B. 3 hours, 5 minutes, and 6 seconds C. 3 hours, 6 minutes D. 4 hours
Answer: C
Explanation: Amazon EC2 usage is calculated by either the hour or the second based on
the size of the instance, operating system, and the AWS Region where the instances are
launched. Pricing is per instance-hour consumed for each instance, from the time an
instance is launched until it’s terminated or stopped. Each partial instance-hour consumed
is billed per-second for Linux instances and as a full hour for all other instance types1.
Therefore, the customer will be billed for 3 hours and 6 minutes for running an On-Demand
Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds. References: Understand Amazon EC2 instance-hours billing
Question # 111
Which Amazon EC2 instance pricing model can provide discounts of up to 90%?
A. AWS Trusted Advisor B. AWS Consulting Partners C. AWS Artifacts D. AWS Managed Services
Answer: D
Explanation: AWS Managed Services is a service that provides operational management
for AWS infrastructure and applications. It helps users migrate their workloads to AWS and
provides ongoing support, security, compliance, and automation. AWS Trusted Advisor is a
service that provides best practices and recommendations for cost optimization,
performance, security, and fault tolerance. AWS Consulting Partners are professional
services firms that help customers design, architect, build, migrate, and manage their
workloads and applications on AWS. AWS Artifacts is a service that provides on-demand access to AWS compliance reports and select online agreements.
Question # 112
Which Amazon EC2 instance pricing model can provide discounts of up to 90%?
A. Reserved Instances B. On-Demand C. Dedicated Hosts D. Spot Instances
Answer: D
Explanation: Spot Instances are Amazon EC2 instances that are available at a discounted
price compared to On-Demand pricing. Spot Instances use spare EC2 capacity that is not
being used by other customers, and the price fluctuates based on supply and demand.
Customers can request Spot Instances for their applications and specify the maximum
price they are willing to pay per hour. If the Spot price is lower than the customer’s bid, the
Spot Instance is launched and the customer pays the current Spot price. However, if the
Spot price rises above the customer’s bid, the Spot Instance is terminated by AWS and the
customer is charged for the partial hour of usage. Therefore, Spot Instances can provide
discounts of up to 90% or more, but they are not suitable for applications that require
continuous or predictable availability. Spot Instances are recommended for applications
that are flexible, fault-tolerant, or have low priority, such as batch processing, data analysis,
or testing and development.
Question # 113
A company has deployed an Amazon EC2 instance.Which option is an AWS responsibility under the AWS shared responsibility model?
A. Managing and encrypting application data B. Installing updates and security patches of guest operating system C. Configuration of infrastructure devices D. Configuration of security groups on each instance
Answer: C
Explanation: According to the AWS shared responsibility model, AWS is responsible for
protecting the infrastructure that runs all of the services offered in the AWS Cloud, such as
data centers, hardware, software, networking, and facilities1. This includes the
configuration of infrastructure devices, such as routers, switches, firewalls, and load
balancers2. Customers are responsible for managing their data, applications, operating
systems, security groups, and other aspects of their AWS environment1. Therefore, options
A, B, and D are customer responsibilities, not AWS responsibilities. References: 1: AWS
Well-Architected Framework - Elasticity; 2: Reactive Systems on AWS - Elastic
Question # 114
An ecommerce company has migrated its IT infrastructure from an on-premises data centerto the AWS Cloud. Which cost is the company's direct responsibility?
A. Cost of application software licenses B. Cost of the hardware infrastructure on AWS C. Cost of power for the AWS servers D. Cost of physical security for the AWS data center
Answer: A
Explanation: The cost of application software licenses is the company’s direct
responsibility when it migrates its IT infrastructure from an on-premises data center to the
AWS Cloud. Application software licenses are the agreements that grant users the right to
use specific software products, such as operating systems, databases, or applications.
Depending on the type and terms of the license, users may need to pay a fee to the
Question # 115
A company needs a fully managed file server that natively supports Microsoft workloadsand file systems The file server must also support the SMB protocol.Which AWS service should the company use to meet these requirements?
A. Amazon Elastic File System (Amazon EFS) B. Amazon FSx for Lustre C. Amazon FSx for Windows File Server D. Amazon Elastic Block Store (Amazon EBS)
Answer: C
Explanation: Amazon FSx for Windows File Server is a fully managed file server that
supports Microsoft workloads and file systems, including the SMB protocol. It provides
features such as user quotas, end-user file restore, and Microsoft Active Directory
integration. Amazon EFS is a fully managed file system that supports the NFS protocol, not
SMB. Amazon FSx for Lustre is a fully managed file system that supports highperformance
computing workloads, not Microsoft workloads. Amazon EBS is a block
storage service that does not provide a file system or SMB support. References: Amazon
FSx for Windows File Server, Amazon FSx for Lustre, Amazon EFS, Amazon EBS
Question # 116
A company plans to migrate to the AWS Cloud. The company is gathering informationabout its on-premises infrastructure and requires information such as the hostname, IPaddress, and MAC address.Which AWS service will meet these requirements?
A. AWS DataSync B. AWS Application Migration Service C. AWS Application Discovery Service D. AWS Database Migration Service (AWS DMS)
Answer: C
Explanation: AWS Application Discovery Service is a service that helps you plan your
migration to the AWS Cloud by collecting usage and configuration data about your onpremises
servers and databases. This data includes information such as the hostname, IP
address, and MAC address of each server, as well as the performance metrics, network
connections, and processes running on them. You can use AWS Application Discovery
Service to discover your on-premises inventory, map the dependencies between servers
and applications, and estimate the cost and effort of migrating to AWS. You can also export
the data to other AWS services, such as AWS Migration Hub and AWS Database Migration
Service, to support your migration tasks. AWS Application Discovery Service offers two
ways of performing discovery: agentless discovery and agent-based discovery. Agentless
discovery uses a virtual appliance that you deploy on your VMware vCenter to collect data
from your virtual machines and hosts. Agent-based discovery uses an agent that you install
on each of your physical or virtual servers to collect data. You can choose the method that
best suits your environment and needs. AWS DataSync is a service that helps you transfer
data between your on-premises storage and AWS storage services, such as Amazon S3,
Amazon EFS, and Amazon FSx for Windows File Server. AWS DataSync does not collect
information about your on-premises infrastructure, but rather focuses on optimizing the
data transfer speed, security, and reliability. AWS Application Migration Service is a service that helps you migrate your applications from your on-premises or cloud environment to
AWS without making any changes to the applications, their architecture, or the migrated
servers. AWS Application Migration Service does not collect information about your onpremises
infrastructure, but rather uses a lightweight agent to replicate your servers as
Amazon Machine Images (AMIs) and launch them as EC2 instances on AWS. AWS
Database Migration Service is a service that helps you migrate your databases from your
on-premises or cloud environment to AWS, either as a one-time migration or as a
continuous replication. AWS Database Migration Service does not collect information about
your on-premises infrastructure, but rather uses a source and a target endpoint to connect
to your databases and transfer the data. References: AWS Application Discovery
A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.Which AWS service will meet this requirement?
A. IAM group B. IAM role C. IAM tag D. IAM Access Analyzer
Answer: B
Explanation: IAM roles are a way to delegate access to resources in different AWS
accounts. IAM roles allow users to assume a set of permissions for a limited time without
having to create or share long-term credentials. IAM roles can be used to grant crossaccount
access by creating a trust relationship between the accounts and specifying the
permissions that the role can perform. Users can then switch to the role and access the
resources in the other account using temporary security credentials provided by the
role. References: Cross account resource access in IAM, IAM tutorial: Delegate access
across AWS accounts using IAM roles, How to Enable Cross-Account Access to the AWS
Management Console
Question # 118
A company is storing sensitive customer data in an Amazon S3 bucket. The companywants to protect the data from accidental deletion or overwriting.Which S3 feature should the company use to meet these requirements?
A. S3 Lifecycle rules B. S3 Versioning C. S3 bucket policies D. S3 server-side encryption
Answer: B
Explanation: S3 Versioning is a feature that allows you to keep multiple versions of an
object in the same bucket. You can use S3 Versioning to protect your data from accidental
deletion or overwriting by enabling it on a bucket or a specific object. S3 Versioning also
allows you to restore previous versions of an object if needed. S3 Lifecycle rules are used
to automate the transition of objects between storage classes or to expire objects after a
certain period of time. S3 bucket policies are used to control access to the objects in a
bucket. S3 server-side encryption is used to encrypt the data at rest in S3. References: S3
Which cloud computing advantage is a company applying when it uses AWS Regions toincrease application availability to users in different countries?
A. Pay-as-you-go pricing B. Capacity forecasting C. Economies of scale D. Global reach
Answer: D
Explanation: Global reach is a cloud computing advantage that a company can apply
when it uses AWS Regions to increase application availability to users in different
countries. Global reach refers to the ability to deploy applications and services in multiple
geographic locations around the world, and to serve customers with low latency and high
performance. AWS has the largest and most reliable global infrastructure of any cloud
provider, with 25 Regions and 81 Availability Zones across the Americas, Europe, Asia
Pacific, Africa, and the Middle East123. By using AWS Regions, a company can choose
the best location for its application based on customer proximity, compliance requirements,
and disaster recovery strategies23. References: 1: AWS Global Infrastructure - Amazon
Web Services (AWS), 2: Regions and Availability Zones - Amazon Elastic Compute
Cloud, 3: AWS Infrastructure: Regions and Availability Zones Explained
Question # 120
A user needs a relational database but does not have the resources to manage thehardware, resiliency, and replication.Which AWS service option meets the user's requirements'?
A. Run MySQL on Amazon Elastic Container Service (Amazon ECS) B. Run MySQL on Amazon EC2 C. Choose Amazon RDS for MySQL D. Choose Amazon ElastiCache for Redis
Answer: C
Explanation: Amazon RDS for MySQL is a fully managed, open-source cloud database
service that allows you to easily operate and scale your relational database of choice,
including MySQL. With Amazon RDS for MySQL, you don’t have to worry about the
hardware, resiliency, and replication of your database, as Amazon RDS handles these
tasks for you. Amazon RDS for MySQL also provides features such as automated backups,
multi-AZ deployments, read replicas, encryption, monitoring, and more. Amazon RDS for
MySQL is compatible with the MySQL Community Edition versions 5.7 and 8.0, which
means that you can use the same code, applications, and tools that you already use with
MySQL4567. References: 4: Hosted MySQL - Amazon RDS for MySQL - AWS, 5: Amazon
RDS for MySQL - Amazon Relational Database Service, 6: Amazon RDS for MySQL —
Elasticity in the AWS Cloud refers to which of the following? (Select TWO.)
A. How quickly an Amazon EC2 instance can be restarted B. The ability to rightsized resources as demand shifts C. The maximum amount of RAM an Amazon EC2 instance can use D. The pay-as-you-go billing model E. How easily resources can be procured when they are needed
Answer: B,E
Explanation:
Elasticity in the AWS Cloud refers to the ability to acquire resources as you need them and
release resources when you no longer need them. In the cloud, you want to do this
automatically1. This means that you can rightsized resources as demand shifts, and you
can easily procure resources when they are needed. Elasticity is not related to how quickly
an Amazon EC2 instance can be restarted, the maximum amount of RAM an Amazon EC2
instance can use, or the pay-as-you-go billing model. These are aspects of scalability,
performance, and cost, respectively2.
For more information on elasticity, you can refer to the following sources:
Elasticity - AWS Well-Architected Framework
Elastic - Reactive Systems on AWS
What is the difference between scalability and elasticity?
Question # 123
A company wants to automatically add and remove Amazon EC2 instances. The companywants the EC2 instances to adjust to varying workloads dynamically.Which service or feature will meet these requirements?
A. Amazon DynamoDB B. Amazon EC2 Spot Instances C. AWS Snow Family D. Amazon EC2 Auto Scaling
Answer: D
Explanation: Amazon EC2 Auto Scaling is a service that helps you maintain application
availability and allows you to automatically add or remove EC2 instances according to
definable conditions. You can create collections of EC2 instances, called Auto Scaling
groups, and specify the minimum and maximum number of instances in each group. You
can also define scaling policies that adjust the number of instances based on the demand
on your application. Amazon EC2 Auto Scaling helps you improve the performance,
reliability, and cost-efficiency of your EC2 workloads123. References: 1: VDI Desktops -
Amazon WorkSpaces Family - AWS, 2: What is Amazon EC2 Auto Scaling? - Amazon EC2
Auto Scaling, 3: Discover Amazon EC2 Auto Scaling Unit | Salesforce Trailhead
Question # 124
A company wants to create a globally accessible ecommerce platform for its customers.The company wants to use a highly available and scalable DNS web service to connectusers to the platform.Which AWS service will meet these requirements?
A. Amazon EC2 B. Amazon VPC C. Amazon Route 53 D. Amazon RDS
Answer: C
Explanation: Amazon Route 53 is a highly available and scalable Domain Name System
(DNS) web service that can route internet traffic to the company’s ecommerce
platform1. Route 53 can also register domain names, check the health of resources, and
provide global DNS features2. Route 53 can connect users to the platform by translating
human-readable names like www.example.com into the numeric IP addresses that
computers use to communicate with each other2. References: 1: Amazon Route 53 | DNS
Service | AWS; 2: What is Amazon Route 53? - Amazon Route 53
Question # 125
A company needs a bridge between technology and business to help evolve to a culture ofcontinuous growth and learning.Which perspective in the AWS Cloud Adoption Framework (AWS CAF) serves as thisbridge?
A. People B. Governance C. Operations D. Security
Answer: A
Explanation: The People perspective in the AWS Cloud Adoption Framework (AWS CAF)
serves as a bridge between technology and business, accelerating the cloud journey to
help organizations more rapidly evolve to a culture of continuous growth, learning, and
where change becomes business-as-normal, with focus on culture, organizational
structure, leadership, and workforce1. References: People Perspective - AWS Cloud
Leave a comment
Your email address will not be published. Required fields are marked *