AWS Certified Cloud Practitioner Practice Exam (3)

Question 1

​ Which AWS Service is used to manage user permissions?

A.Security Groups
B.Amazon ECS
C.AWS IAM
D.AWS Support

Answer 1

C.AWS IAM

Explanation:
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow or deny their access to AWS resources.

The other options are incorrect:

“Amazon ECS” is incorrect. Amazon ECS is used to run containerized applications on AWS.

“Security Groups” is incorrect. Security Groups is not an AWS service. Security Groups is a networking feature that allows customers to control instance traffic.

“AWS Support” is incorrect. AWS Support is not an AWS service. The AWS Support team cannot modify user permissions on customer’s behalf. It is the responsibility of the customer to manage all access permissions.

Question 2

Which support plan includes AWS Support Concierge Service?

A.Business Support
B.Standard Support
C.Enterprise Support
D.Premium Support

Answer 2

C.Enterprise Support

Explanation:
Explanation
The AWS Support Concierge Service is available only for the Enterprise plan subscribers.

Question 3

​ When running a workload in AWS, the customer is NOT responsible for: (Select TWO)

A.Reserving capacity
B.Data center operations
C.Infrastructure security
D.Running penetration tests
E.Auditing and regulatory compliance

Answer 3

B.Data center operations
C.Infrastructure security

Explanation
AWS is responsible for the infrastructure security and all data center operations such as racking, stacking, and powering servers, so customers can focus on revenue generating activities rather than on IT infrastructure.

The other options are incorrect:

“Reserving capacity” is incorrect. Amazon does not perform reservations for a customer; capacity reservation is a customer action.

“Running penetration tests” is incorrect. Penetration testing is the practice of testing a network or web application to find security vulnerabilities that an attacker could exploit. Penetration testing is the responsibility of the customer.

“Auditing and regulatory compliance” is incorrect. There are many services on AWS to use for auditing and compliance such as AWS CloudTrail, AWS Config and Amazon Inspector. However, these services must be configured by the customer, not by AWS.

Question 4

Why would an organization decide to use AWS over an on-premises data center? (Choose TWO)
A.Elastic resources
B.Cost savings
C.On-site visits for auditing
D.Free commercial software licenses
E.Free technical support

Answer 4

A.Elastic resources
B.Cost savings

Explanation:
AWS continues to lower the cost of cloud computing for its customers. AWS recently lowered prices again for compute, storage, caching, and database services for all customers, making everything from web apps to big data on AWS even more cost-effective and widening the TCO gap with traditional infrastructure.

           Elasticity is a system’s ability to monitor user demand and automatically increase and decrease deployed resources accordingly. Elasticity is one of the most important advantages of AWS. The purpose of elasticity is to match the resources allocated with actual amount of resources needed at any given point in time. This ensures that you are only paying for the resources you actually need. 

The other options are incorrect:

“Free technical support” is incorrect. Technical support is not free in AWS. Technical Support requires subscription to an AWS Support Plan.

“On-site visits for auditing” is incorrect. AWS does not allow on-site visits to its datacenters under any circumstances.

“Free commercial software licenses” is incorrect. Neither AWS nor on-premises datacenters provide free commercial software licenses. However, AWS allows you to pay for these licenses as-you-go. For example, using license included windows instances allows you access to fully compliant Microsoft software licenses bundled with Amazon EC2 or Amazon RDS instances and pay for them as you go with no upfront costs or long-term investments.

Question 5

What is one benefit and one drawback of buying a reserved EC2 instance? (Select TWO)

A.Reserved instances require at least a one-year pricing commitment
B.There is no additional charge for using dedicated instances
C.Reserved Instances are best suited for periodic workloads
D.Instances can be shut down by AWS at any time with no notification
E.Reserved instances provide a significant discount compared to on-demand instances

Answer 5

A.Reserved instances require at least a one-year pricing commitment
E.Reserved instances provide a significant discount compared to on-demand instances

Explanation:
Amazon EC2 Reserved Instances (RI) provide a significant discount (up to 75%) compared to On-Demand pricing. Reserved instances can be purchased for a 1-year or 3-year term so you are committing to pay for them throughout this time period even if you don’t use them.

The other options are incorrect:

“Reserved instances are best suited for periodic workloads” is incorrect. Reserved instances are not suitable for periodic workloads. You should use On-Demand instances instead.

“There is no additional charge for using dedicated instances” is incorrect. Dedicated instances are a different EC2 option.

“​Instances can be shut down by AWS at any time with no notification” is incorrect. AWS can interrupt Spot Instances ;not reserved instances. Spot Instances can be shut down by AWS when the Spot price exceeds the maximum price, when the demand for Spot Instances rises, or when the supply of Spot Instances decreases.

Question 6

TYMO Cloud Corp is looking forward to migrating their entire on-premises data center to AWS. What tool can they use to perform a cost-benefit analysis of moving to the AWS Cloud?

A.AWS TCO Calculator
B.AWS Budgets
C.AWS Simply Monthly Calculator
D.AWS Cost Explorer

Answer 6

A.AWS TCO Calculator

Explanation:
The AWS TCO (Total Cost of Ownership) Calculator is a free tool that provides directional guidance on possible realized savings when deploying AWS. This tool is built on an underlying calculation model, that generates a fair assessment of value that a customer may achieve given the data provided by the user which includes the number of servers migrated to AWS, the server type, the number of processors and so on.

The other options are incorrect:

“AWS Simple Monthly Calculator” is incorrect. The AWS Simple Monthly Calculator helps customers estimate their monthly AWS bill based on their expected usage.

“AWS Cost Explorer” is incorrect. Cost Explorer is a tool that enables you to view and analyze your current AWS costs and usage.

“AWS Budgets” is incorrect. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Question 7

What are the benefits of implementing a tagging strategy for AWS resources? (Choose TWO)

A.Track API calls in your AWS account
B.Quickly identify deleted resources and their metadata
C.Quickly identify software solutions on AWS
D.Track AWS spending across multiple resources
E.Quickly identify resources that belong to a specific project

Answer 7

D.Track AWS spending across multiple resources
E.Quickly identify resources that belong to a specific project

Explanation
Amazon Web Services (AWS) allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, environment, or other criteria. An effective tagging strategy will give you improved visibility and monitoring, help you create accurate chargeback/showback models, and get more granular and precise insights into usage and spend by applications and teams.

The other options are incorrect:

“Track API calls in your AWS account” is incorrect. AWS CloudTrail is the service that can be used to track API calls in your AWS account.

“Quickly identify deleted resources and their metadata” is incorrect. You cannot use tags to find deleted resources. Also, once you delete a resource, all its metadata will be deleted with it.

“Quickly identify software solutions on AWS” is incorrect. The AWS marketplace is the service that allows you to search for software solutions on AWS.

Question 8

​ Which AWS Service creates a virtual network in AWS?

A.AWS VPN
B.Amazon VPS
C.Amazon VPC
D.AWS Direct Connect

Answer 8

C.Amazon VPC

Explanation:
Amazon Virtual Private Cloud (Amazon VPC) is the service that allows a customer to create a virtual network for their resources in an isolated section of the AWS cloud.

The other options are incorrect:

“AWS VPN” is incorrect. Amazon Virtual Private Network (AWS VPN) allows you to establish a secure and private tunnel from your network or device to the AWS global network.

“AWS Direct Connect” is incorrect. AWS Direct Connect allows you to establish a dedicated network connection from your premises to AWS.

“Amazon VPS” is incorrect. A virtual private server (VPS) is a Lightsail instance that lives in the AWS Cloud. You can use your Lightsail instances to store data, run code, and build web-based applications or websites.

Question 9

What does AWS Service Catalog provide?
A.It enables customers to explore the different catalogs of AWS services
B.It simplifies organizing and governing commonly deployed IT services
C.It enables customers to quickly find descriptions and use cases for AWS services
D.It allows provisioning of cloud infrastructure using code

Answer 9

B.It simplifies organizing and governing commonly deployed IT services

Explanation:
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need.

The other options are incorrect:

“It enables customers to explore the different catalogs of AWS services” is incorrect. AWS Service Catalog doesn’t contain catalogs by default. Each customer creates their own service catalog.

“It enables customers to quickly find descriptions and use cases for AWS services” is incorrect. You can find description and use cases for any service by visiting the landing page of the service (or the related documentation).

“It allows provisioning of cloud infrastructure using code” is incorrect. AWS CloudFormation is the service that allows you to use code to model and provision all your cloud infrastructure resources.

Question 10

What is the minimum level of AWS support that provides 24x7 access to technical support engineers via phone and chat?

A.Business Support
B.Enterprise Support
C.Basic Support
D.Developer Support

Answer 10

A.Business Support

Explanation:
Each of the Business and Enterprise support plans provide 24x7 access to technical support engineers via phone, email, and chat. The Business Support Plan is less expensive than the Enterprise Support Plan. Therefore, the correct answer is Business.

The other options are incorrect:

“Basic Support” is incorrect. The technical support is not available for the Basic support plan.

“Developer Support” is incorrect. Developer support plan provides business hours access to technical support associates via email only.

Question 11

Which of the following are use cases for Amazon S3? (Choose TWO)
A.A media store for the CloudFront service
B.Processing data streams at any scale
C.Cost-effective database and log storage
D.Hosting websites that require sustained high CPU utilization
E.Hosting static websites

Answer 11

A.A media store for the CloudFront service
E.Hosting static websites

Explanation:
You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. To host a static website, you configure an Amazon S3 bucket for website hosting, allow public read access, and then upload your website content to the bucket. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting. Amazon Web Services (AWS) also has resources for hosting dynamic websites such as Amazon EC2.

         Amazon S3 is an excellent storage facility for your media assets. It is infinitely scalable, has built-in redundancy, and is available to you on a pay-as-you-go basis. For example, if you want to deliver or stream video files to your global users, all you need to do is to put your content in an S3 bucket and create a CloudFront distribution that points to the bucket. Your user’s video player will use CloudFront URLs to request the video file. The request will be directed to the best edge location, based on the user’s location. The Amazon Cloudfront Content Delivery Network (CDN) will serve the video from its cache, fetching it from the S3 bucket if it has not already been cached. The CDN caches content at the edge locations for consistent, low-latency, high-throughput video delivery.

The other options are incorrect:

“Cost-effective database and log storage” is incorrect. Amazon S3 can be used to store log files, images, videos (or any static content), but not databases. Databases and dynamic websites require block-level storage (such as EBS). S3 is an object-level storage, not Block-level storage. Object-level storage has limited I/O and is therefore ill-suited for use as a database store.

“Hosting websites that require sustained high CPU utilization” is incorrect. S3 can only be used to host static websites.

“Processing data streams at any scale” is incorrect. S3 is not a compute service

Question 12

Which of the below are responsibilities of the customer when using Amazon EC2? (Choose TWO)

A.Setup and operation of managed databases
B.Protecting sensitive data
C.Installing and configuring third-party software
D.Maintaining consistent hardware components
E.Patching of the underlying infrastructure

Answer 12

B.Protecting sensitive data
C.Installing and configuring third-party software

Explanation
Amazon EC2 requires the customer to perform all of the necessary security configuration and management tasks. When customers deploy Amazon EC2 instances, they are responsible for management of custom Amazon Machine Images, management of the guest operating systems (including updates and security patches), securing application access and data, installing and configuring third-party applications or utilities, and the configuration of the AWS-provided firewall (called a security group) on each instance.

The other options are incorrect:

“Patching of the underlying infrastructure” is incorrect. AWS is responsible for patching the underlying infrastructure. The customer is responsible for patching the operating system and any software or application run on EC2.

“Setup and operation of managed databases” is incorrect.

AWS customers have two options to host their databases on AWS:

1- Using a managed database:

AWS Customers can use managed databases such as Amazon RDS and Amazon DynamoDB to host their databases. In this case, AWS is responsible for performing all database management tasks such as hardware provisioning, patching, setup, configuration, backups, or recovery.

2- Installing a database software on Amazon EC2:

Instead of using a managed database, AWS customers can install any database software they want on Amazon EC2 and host their databases. In this case, AWS customers are responsible for performing all of the necessary configuration and management tasks.

“Maintaining consistent hardware components” is incorrect. AWS is responsible for maintaining consistency of all hardware components.

Question 13

What is AWS Lambda?
A.An AWS Service that deploys containerized applications
B.A fully managed non-relational database service
C.An AWS Service that allows customers to run code without provisioning or managing servers
D.An AWS Service that provides object storage

Answer 13

C.An AWS Service that allows customers to run code without provisioning or managing servers

Explanation:
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code and Lambda takes care of everything required to run and scale your code with high availability.

“An AWS Service that provides object storage” is incorrect. Amazon S3 is the service that provides object storage.

“An AWS Service that deploys containerized applications to Amazon EC2 instances” is incorrect. This statement describes the Amazon Elastic Container Service (ECS) service. Amazon ECS is a container management service that allows customers to easily run containerized applications on a managed cluster of Amazon EC2 instances.

“A fully managed non-relational database service” is incorrect. Amazon DynamoDB is the AWS fully managed non-relational database service.

Question 14

AWS recommends some practices to help organizations avoid unexpected charges on their bill. Which of the following is NOT one of these practices?

A.Releasing unused Elastic IPs after terminating an EC2 instance
B.Deleting unused Elastic Load Balancers
C.Deleting unused EBS volumes after terminating an EC2 instance
D.Deleting unused AutoScaling launch configuration

Answer 14

D.Deleting unused AutoScaling launch configuration

Explanation:
“Deleting unused AutoScaling launch configuration” will not help, and thus is the correct choice. The AutoScaling launch configuration does not incur any charges. Thus, it will not make any difference whether it is deleted or not.

       AWS will charge the user once the AWS resource is allocated (even if it is not used). Thus, it is advised that once the user's work is completed they should:

1- Delete all Elastic Load Balancers.

2- Terminate all unused EC2 instances.

3- Delete the attached EBS volumes that they don’t need.

4- Release any unused Elastic IPs.

Additional information:

Some services automatically restart resources after terminating them without notifying you, and as a result, you get unexpected charges on your bill.

Examples of these services:

1- Elastic Beanstalk:

Elastic Beanstalk is designed to ensure that all the resources that you need are running, which means that it automatically relaunches any service that you stop. If you need to permanently delete those resources you must terminate your Elastic Beanstalk environment before you terminate resources that Elastic Beanstalk has created.

2- AWS OpsWorks:

If you use the AWS OpsWorks environment to create AWS resources, you must use AWS OpsWorks to terminate those resources or AWS OpsWorks will restart them. For example, if you use AWS OpsWorks to create an Amazon EC2 instance, but then stop it by using the Amazon EC2 console, the AWS OpsWorks auto-healing feature categorizes the instance as failed and restarts it.

Question 15

​ Which design principles relate to performance efficiency in AWS? (Choose TWO)

A.Build multi-region architectures to better serve global customers
B.Enable audit logging
C.Use serverless architectures
D.Implement strong Identity and Access Controls
E.Apply security at all layers

Answer 15

A.Build multi-region architectures to better serve global customers
C.Use serverless architectures

Explanation:
There are five design principles for performance efficiency in the cloud:

1- Democratize advanced technologies: Technologies that are difficult to implement can become easier to consume by pushing that knowledge and complexity into the cloud vendor’s domain. Rather than having your IT team learns how to host and run a new technology, they can simply consume it as a service. For example, NoSQL databases, media transcoding, and machine learning are all technologies that require expertise that is not evenly dispersed across the technical community. In the cloud, these technologies become services that your team can consume while focusing on product development rather than resource provisioning and management.

2- Go global in minutes: Easily deploy your system in multiple Regions around the world with just a few clicks. This allows you to provide lower latency and a better experience for your customers at minimal cost.

3- Use serverless architectures: In the cloud, serverless architectures remove the need for you to run and maintain servers to carry out traditional compute activities. For example, storage services can act as static websites, removing the need for web servers, and event services can host your code for you. This not only removes the operational burden of managing these servers, but also can lower transactional costs because these managed services operate at cloud scale.

4- Experiment more often: With virtual and automatable resources, you can quickly carry out comparative testing using different types of instances, storage, or configurations.

5- Mechanical sympathy: Use the technology approach that aligns best to what you are trying to achieve. For example, consider data access patterns when selecting database or storage approaches.

Other options presented are related to security not performance.

Question 16

Why do many startup companies prefer AWS over traditional on-premises solutions? (Choose TWO)

A.Using AWS, they can reduce time-to-market by focusing on business activities rather than on building and managing data centers
B.Using AWS allows companies to replace large capital expenditures with low variable costs
C.AWS allows them to pay later when their business succeed
D.AWS removes the need to invest in operational expenditures
E.AWS can build complete data centers faster than other Cloud provider

Answer 16

A.Using AWS, they can reduce time-to-market by focusing on business activities rather than on building and managing data centers
B.Using AWS allows companies to replace large capital expenditures with low variable costs

Explanation
Instead of building and managing data centers, AWS provides startups, enterprises, and government agencies all the services they need to quickly build their business and grow faster. AWS has significantly more services, and more features within those services, than any other cloud provider – from infrastructure technologies like compute, storage, and databases –to emerging technologies, such as machine learning and artificial intelligence, data lakes and analytics, and Internet of Things. This makes it faster, easier, and more cost effective to build nearly anything they can imagine.

    Capital expenditures (CapEx) are a company's major, long-term expenses. Examples of CAPEX include physical assets such as buildings, equipment, and machinery.

     Instead of having to invest heavily in these Capital expenditures (e.g. physical data centers and servers) before it is known they will be used, companies can pay only when consuming AWS resources, and pay only for how much they consume. In brief, AWS replaces their investments in large capital expenditures (CAPEX) with low variable "pay-as-you-go" costs.

The other options are incorrect:

“AWS can build complete data centers faster than any other Cloud provider” is incorrect. AWS does not build out physical data centers for customers, only for itself. AWS is a Cloud Computing provider.

“AWS removes the need to invest in operational expenditure” is incorrect. Operating expenses (OpEx) are a company’s day-to-day expenses. Examples of OPEX include employee salaries, rent, utilities, and property taxes. With AWS, Startups can reduce (not remove) their day to day operating expense (OpEx) costs.

“AWS allows them to pay later when their business succeed” is incorrect. AWS does not offer a “pay later” option for its customers. AWS provides three payment models: “Pay-as-you-go”, “Save when you reserve” and “Pay less by using more”.

Question 17

Which of the following AWS Services helps with planning application migration to the AWS Cloud?

A.AWS Application Discovery Service
B.AWS DMS
C.AWS Snowball Migration Service
D.AWS Migration Hub

Answer 17

A.AWS Application Discovery Service

Explanation:
AWS Application Discovery Service helps systems integrators quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centers, their associated dependencies, and their performance profiles. Planning data center migrations can involve thousands of workloads that are often deeply interdependent. Application discovery and dependency mapping are important early first steps in the migration process, but these tasks are difficult to perform at scale due to the lack of automated tools. AWS Application Discovery Service automatically collects configuration and usage data from servers, storage, and networking equipment to develop a list of applications, how they perform, and how they are interdependent. This information helps reduce the complexity and time in planning your cloud migration.

The other options are incorrect:

“AWS Migration Hub” is incorrect. AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions.

“AWS Snowball Migration Service” is incorrect. Snowball is a petabyte-scale data transport solution that uses secure devices to transfer large amounts of data into and out of the AWS Cloud.

“AWS DMS” is incorrect. AWS Database Migration Service (DMS) is used to migrate your data to and from most widely used commercial and open-source databases. AWS DMS supports homogeneous migrations such as Oracle to Oracle, as well as heterogeneous migrations between different database platforms, such as Oracle or Microsoft SQL Server to Amazon Aurora.

Question 18

A developer needs to set up an SSL security certificate for a client’s eCommerce website in order to use the HTTPS protocol. Which of the following AWS services can be used to deploy the required SSL server certificates? (Choose TWO)

A.AWS Directory Service
B.Amazon Route 53
C.AWS ACM
D.AWS Identity & Access management
E.AWS Data Pipeline

Answer 18

C.AWS ACM
D.AWS Identity & Access management

Explanation
To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. You can use a server certificate provided by AWS Certificate Manager (ACM) or one that you obtained from an external provider. You can use ACM or IAM to store and deploy server certificates. Use IAM as a certificate manager only when you must support HTTPS connections in a region that is not supported by ACM. IAM supports deploying server certificates in all regions, but you must obtain your certificate from an external provider for use with AWS. Amazon Route 53 is used to register domain names or use your own domain name to route your end users to Internet applications. Route 53 is not responsible for creating SSL certifications.

The other options are incorrect:

AWS Directory Service is incorrect. AWS Directory Service is a managed Microsoft Active Directory in the AWS Cloud. Customers can use it to manage users and groups, provide single sign-on (SSO) to applications and services, as well as create and apply group policies.

Note: What is Single sign-on (SSO)? Single sign-on (SSO) enables a company’s employees to sign in to AWS using their existing corporate Microsoft Active Directory credentials.

Amazon Route 53 is incorrect. Amazon Route 53 can be used for registering domain names, routing end users to Internet applications, configuring DNS health checks to route traffic to healthy endpoints, managing traffic globally through a variety of routing types etc.

AWS Data Pipeline is incorrect. AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources. AWS Data Pipeline integrates with on-premise and cloud-based storage systems to allow developers to use their data when they need it, where they want it, and in the required format.

Question 19

App development companies move their business to AWS to reduce time-to-market and improve customer satisfaction, what are the AWS automation tools that help them deploy their applications faster? (Choose TWO)
A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.Amazon Macie
D.AWS Migration Hub
E.AWS IAM

Answer 19

A.AWS CloudFormation
B.AWS Elastic Beanstalk

Explanation:
AWS Elastic Beanstalk makes it easier for developers to quickly deploy and manage applications in the AWS Cloud. Developers simply upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

      AWS CloudFormation automates and simplifies the task of repeatedly and predictably creating groups of related resources that power your applications. Creating and interconnecting all resources your application needs to run is now as simple as creating a single EC2 or RDS instance.

The other options are incorrect.

“Amazon Macie” is incorrect. Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.

“AWS IAM” is incorrect. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

“AWS Migration Hub” is incorrect. AWS Migration Hub is used to track the progress of application migrations to AWS.

Question 20

A company has a large amount of data to be archived. What is the most cost-effective AWS storage service to use?

A.Amazon EDS
B.Amazon EBS
C.Amazon S3 Standard
D.Amazon Glacier

Answer 20

D.Amazon Glacier

Explanation:
Amazon Glacier is a secure, durable, and extremely low-cost cloud storage service for data archiving and long-term backup. It is designed to deliver 99.999999999% durability, and provides comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements.

The other options are incorrect:

Amazon EFS is incorrect. Amazon Elastic File System (Amazon EFS) is not a cost effective solution for data archiving. Amazon EFS is a file level storage service that is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistently low latencies.

Amazon EBS is incorrect. Amazon EBS is not a cost-effective solution for data archiving. Amazon EBS provides block level storage volumes for use with Amazon EC2 and RDS instances.

Amazon S3 Standard is incorrect. Amazon S3 Standard is not a cost-effective solution for data archiving. Amazon S3 Standard offers high durability, availability, and performance object storage for frequently accessed data. S3 Standard use cases include: cloud applications, dynamic websites, content distribution, mobile and gaming applications, and big data analytics.

Additional information:

In S3, we can only host static websites, or static assets of a dynamic website (such as images, audio files, video files…etc).

A dynamic website relies on server-side processing and it uses server-side scripts such as PHP, JSP, or ASP.NET. Amazon S3 does not support server-side scripting and cannot be used to host dynamic websites. AWS has computing resources for hosting dynamic websites such as Amazon EC2 or Lambda.

Question 21

Which of the following statements describes the AWS Cloud’s agility?

A.AWS allows you to host your applications in multiple regions around the world
B.AWS allows you to provision resources in minutes
C.AWS allows you to pay upfront to reduce costs
D.WS provides customizable hardware at the lowest possible cost

Answer 21

B.AWS allows you to provision resources in minutes

Explanation:
In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks (or months in some cases) to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

       In other words, instead of waiting weeks or months for hardware, you can instantly deploy new applications. Also, whether you need one virtual server or thousands, whether you need them for a few hours or 24/7, you still only pay for what you use.

The other options are incorrect:

“AWS provides customizable hardware at the lowest possible cost” is incorrect. AWS doesn’t provide customizable hardware. AWS offers cloud computing services.

“AWS allows you to pay upfront to reduce costs” is incorrect. This statement is much more related to AWS reservations, not agility.

“AWS allows you to host your applications in multiple regions around the world” is incorrect. It is true that AWS provides global infrastructure, but this statement doesn’t describe AWS’ agility.

Question 22

Which of the following allows you to create new RDS instances? (Choose TWO)
.AWS DMS
B.AWS CodeDeploy
C.AWS CloudFormation
D.AWS QuickStarts
E.AWS Management Console

Answer 22

C.AWS CloudFormation
E.AWS Management Console

Explanation
The AWS Management Console lets you create new RDS instances through a web-based user interface.

You can also use AWS CloudFormation to create new RDS instances using the CloudFormation template language.

The other options are incorrect:

AWS DMS is incorrect. AWS DMS is used to migrate databases to AWS.

AWS Quick Starts is incorrect. Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.

AWS CodeDeploy is incorrect. AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers.

Question 23

A customer is planning to move billions of images and videos to be stored on Amazon S3. The customer has approximately one Exabyte of data to move. Which of the following AWS Services is the best choice to transfer the data to AWS?

A.S3 Transfer Acceleration
B.Snowmobile
C.Amazon VPC
D.Snowball

Answer 23

B.Snowmobile

Explanation:
AWS Snowmobile is an Exabyte-scale data transfer service used to move extremely large amounts of data to AWS. You can transfer up to 100 Petabytes (PB) per Snowmobile, a 45-foot long ruggedized shipping container, pulled by a semi-trailer truck. Snowmobile makes it easy to move massive volumes of data to the cloud, including video libraries, image repositories, or even a complete data center migration. At exabyte scale, transferring data with Snowmobile is more secure, fast and cost effective.

The other options are incorrect:

Amazon VPC is incorrect. Amazon VPC is used to create virtual networks in the cloud.

Snowball is incorrect. AWS Snowball is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using storage devices designed to be secure for physical transport. Customers can transfer up to 80 Terabytes per Snowball. In our case, the customer needs to move 1 Exabyte of data (or 1000,000 Terabytes), so it is better to use the AWS Snowmobile service.

S3 Transfer Acceleration is incorrect. Amazon S3 Transfer Acceleration is not a migration solution. Amazon S3 Transfer Acceleration enables fast transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Question 24

​ What are AWS shared controls?

A.Controls that the customer and AWS collaborate together upon to secure the infrastructure
B.Controls that are solely the responsibility of the customer based on the application they are deploying within AWS services
C.Controls that a customer inherits from AWS
D.Controls that apply to both the infrastructure layer and customer layers

Answer 24

D.Controls that apply to both the infrastructure layer and customer layers

Explanation:
Shared Controls are controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include:

** Patch Management – AWS is responsible for patching the underlying hosts and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications.

** Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

** Awareness & Training - AWS trains AWS employees, but a customer must train their own employees.

The other options are incorrect:

“Controls that are solely the responsibility of the customer based on the application they are deploying within AWS services” is incorrect because it refers to “Customer-Specific” controls.

“Controls that a customer inherits from AWS” is incorrect because it refers to “Inherited Controls”.

“Controls that the customer and AWS collaborate together upon to secure the infrastructure” is incorrect. Securing the infrastructure is the responsibility of AWS, not the customer.

Question 25

​ Which AWS Service can be used to register a new domain name?

A.AWS KMS
B.AWS Config
C.Amazon Route 53
D.Amazon ECR

Answer 25

C.Amazon Route 53
Amazon Route 53 can be used for:

● Registering domain names

● DNS routing

● Configuring health checks to route traffic only to healthy endpoints

● Managing global application traffic (cross-regions) through a variety of routing types.

      Amazon Route53 allows for registration of new domain names in AWS. Amazon Route 53 is a global service that provides a highly available and scalable Domain Name System (DNS) in the Cloud. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.

 Amazon Route 53 also offers health checks to monitor the health and performance of your application, as well as your web servers and other resources. Route 53 can be configured to route traffic only to the healthy endpoints to achieve greater levels of fault tolerance in your applications.

 Amazon Route 53 provides many routing types to help AWS Customers improve their application’s performance for a global audience. For example, Amazon Route 53 latency-based policy routes user requests to the closest AWS Region, which reduces latency and improves application performance.

 Amazon Route 53 also simplifies the hybrid Cloud by providing recursive DNS for your Amazon VPC and on-premises networks over AWS Direct Connect or AWS VPN.

The other options are incorrect:

“AWS KMS” is incorrect. AWS KMS is a managed service that enables you to easily encrypt your data. AWS KMS provides a highly available key storage, management, and auditing solution for you to encrypt data within your own applications and control the encryption of stored data across AWS services.

“Amazon ECR” is incorrect. Amazon Elastic Container Registry (ECR) is a Docker container registry.

“AWS Config” is incorrect. AWS Config provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.

Question 26

A company has hundreds of VPCs in multiple AWS Regions worldwide. What service does AWS offer to simplify the connection management among the VPCs?

A.AWS Transit Gateway
B.VPC Peering
C.Security Groups
D.Amazon Connect

Answer 26

A.AWS Transit Gateway

Explanation
AWS Transit Gateway is a network transit hub that simplifies how customers interconnect all of their VPCs, across thousands of AWS accounts and into their on-premises networks. Customers can easily and quickly connect into a single centrally-managed gateway, and rapidly growing the size of their network. Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes. This hub and spoke model significantly simplifies management and reduces operational costs because each network only has to connect to the Transit Gateway and not to every other network. Any new VPC is simply connected to the Transit Gateway and is then automatically available to every other network that is connected to the Transit Gateway. This ease of connectivity makes it easy to scale networks as business grow.

The other options are incorrect:

“VPC Peering” is incorrect. A VPC peering connection is a networking connection between two VPCs that enables customers to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. Using VPC peering to connect hundreds of VPCs is very complex and time consuming because customers need to peer each Amazon VPC to each other manually.

With AWS Transit Gateway, each VPC only has to connect to the Transit Gateway and not to every other VPC. Customers simply connect each Amazon VPC to the AWS Transit Gateway, and the Gateway will route traffic to and from each VPC.

“Amazon Connect” is incorrect. Amazon Connect is a cloud-based contact center service that makes it easy for businesses to deliver customer service at low cost.

“Security Groups” is incorrect. Security Groups are not used to connect Amazon VPCs. Security Groups are an Amazon VPC networking feature that allows customers to control instance traffic.

Question 27

Which AWS Service enables customers to set up an AWS billing alarm to inform them when their spending exceeds a certain threshold?

A.Consolidated Billing
B.Amazon Inspector
C.Amazon CloudWatch
D.AWS Cost Explorer

Answer 27

C.Amazon CloudWatch

Explanation
Amazon CloudWatch is the AWS service that allows you to monitor the usage of your AWS resources. CloudWatch collects metrics, and allows you to create alarms based on those metrics. You can use CloudWatch to monitor your estimated AWS charges. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. Billing metric data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges. The alarm triggers when your account billing exceeds the threshold you specify.

Additional information:

AWS Budgets is another AWS service that can be used in this scenario. AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. The difference between AWS Budgets and Amazon CloudWatch billing alarms is that Amazon CloudWatch billing alarms alert you when your actual cost exceeds a certain threshold, while AWS Budgets can be configured to alert you when the actual or forecasted cost exceeds a certain threshold.

The other options are incorrect:

“AWS Cost Explorer” is incorrect. AWS Cost Explorer is used to view and analyze your costs and usage. You can explore your usage and costs using graphs and the Cost Explorer cost and usage reports.

“Consolidated Billing” is incorrect. The consolidated billing is a feature in AWS Organizations that enables you to consolidate billing and payment for multiple AWS accounts.

“Amazon Inspector” is incorrect. Amazon Inspector is an automated security assessment service to help improve the security and compliance of applications deployed on AWS

`

Question 28

​ What is the benefit of using an API to access AWS Services?

A.It improves the performance of AWS resources
B.It allows for programmatic management of AWS resources
C.It reduces the number of developers necessary
D.It reduces the time needed to provision AWS resources

Answer 28

B.It allows for programmatic management of AWS resources
Explanation
The AWS Application Programming Interface (API) allows customers to work with various AWS services programmatically.

The other options are incorrect:

“It improves the performance of AWS resources” is incorrect. There is no difference in performance when you provision resources using the console or using the AWS API. In fact, if you access AWS through the AWS Management Console or through the command line tools, you are actually using tools that make calls to the AWS API.

“It reduces the time needed to provision AWS resources” is incorrect. Since AWS Console and AWS CLI both provision resources by making AWS API calls, then there will be no difference in the time needed to provision these resources using either of them.

“​It reduces the number of developers necessary” is incorrect. Depending on the use case, using the AWS API may actually require more developers to manage AWS resources programmatically.

Question 29

Which of the following is NOT a characteristic of Amazon Elastic Compute Cloud (Amazon EC2)?

A.Amazon EC2 is considered a Serverless Web Service
B.Amazon EC2 eliminates the need to invest in hardware upfront
C.Amazon EC2 can launch as many or as few virtual servers as needed
D.Amazon EC2 offers scalable computing

Answer 29

A.Amazon EC2 is considered a Serverless Web Service

Explanation
“Amazon EC2 is considered a Serverless Web Service” is not a characteristic of Amazon EC2 and thus is the correct choice. Serverless allows customers to shift more operational responsibilities to AWS. Serverless allows customers to build and run applications and services without thinking about servers. Serverless eliminates infrastructure management tasks such as server or cluster provisioning, patching, operating system maintenance, and capacity provisioning.

      Amazon EC2 is not a serverless service. EC2 instances are virtual servers in the cloud. Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to invest in hardware upfront, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.

Question 30

​ A customer spent a lot of time configuring a newly deployed Amazon EC2 instance. After the workload increases, the customer decides to provision another EC2 instance with an identical configuration. How can the customer achieve this?

A.By creating an AWS Config template from the old instance and launching a new instance from it
B.By creating an EBS snapshot of the old instance
C.By creating an AMI from the old instance and launching a new instance from it
D.By installing Aurora on EC2 and launching a new instance from it

Answer 30

C.By creating an AMI from the old instance and launching a new instance from it

Explanation:
An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You must specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

The other options are incorrect:

“By installing Aurora on EC2 and launching a new instance from it” is incorrect. Amazon Aurora is a database service. You cannot use it to launch EC2 instances. Also, you cannot install Aurora on EC2. Aurora is a managed service that is already installed on the AWS Cloud. You can launch Amazon Aurora using the Amazon RDS Management Console.

“By creating an EBS Snapshot of the old instance” is incorrect. Amazon EBS Snapshots are just backups for EBS volumes.

“By creating an AWS Config template from the old instance and launching a new instance from it” is incorrect. AWS Config is used to record and evaluate configurations of your AWS resources, and is not used to launch new instances

Question 31

What is the framework created by AWS Professional Services that helps organizations design a road map to successful cloud adoption?

A.AWS Secrets Manager
B.AWS WAF
C.AWS CAF
D.Amazon EFS

Answer 31

C.AWS CAF

Explanation:
AWS Professional Services created the AWS Cloud Adoption Framework (AWS CAF) to help organizations design and travel an accelerated path to successful cloud adoption. The guidance and best practices provided by the framework help you build a comprehensive approach to cloud computing across your organization, and throughout your IT lifecycle. Using the AWS CAF helps you realize measurable business benefits from cloud adoption faster and with less risk.

The other options are incorrect:

“AWS Secrets Manager” is incorrect. AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

“Amaozn EFS” is incorrect. Amazon Elastic File System (Amazon EFS) Amazon EFS is a fully-managed service that makes it easy to set up, scale, and cost-optimize file storage in the Amazon Cloud. Amazon EFS file systems can automatically scale from gigabytes to petabytes of data without needing to provision storage. Tens, hundreds, or even thousands of Amazon EC2 instances can access an Amazon EFS file system at the same time, and Amazon EFS provides consistent performance to each Amazon EC2 instance.

“AWS WAF” is incorrect. AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define.

Question 32

What are the benefits of using DynamoDB? (Choose TWO)

A.Supports both relational and non-relational data models
B.Automatically scales to meet required throughput capacity
C.Offers extremely low (single-digit millisecond) latency
D.Provides resizable instances to match the current demand
E.Supports the most popular NoSQL database engines such as CouchDB and MongoDB

Answer 32

B.Automatically scales to meet required throughput capacity
C.Offers extremely low (single-digit millisecond) latency

Explanation
Benefits of DynamoDB include:

1- Performance at scale:

DynamoDB supports some of the world’s largest scale applications by providing consistent, single-digit millisecond response times at any scale. You can build applications with virtually unlimited throughput and storage.

2- Serverless:

With DynamoDB, there are no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance.

3- Highly available:

Availability and fault tolerance are built in, eliminating the need to architect your applications for these capabilities.

The other options are incorrect:

“Supports the most popular NoSQL database engines such as CouchDB and MongoDB” is incorrect. DynamoDB does not use or support any other NoSQL database engines. You only have access to DynamoDB’s built-in engine.

“Supports both relational and non-relational data models” is incorrect. DynamoDB only supports the non-relational data model.

“Provides resizable instances to match the current demand” is incorrect. DynamoDB does not provide instances (servers). DynamoDB is serverless with no servers to provision, patch, or manage and no software to install, maintain, or operate. DynamoDB automatically scales tables up and down to adjust for capacity and maintain performance.

q

Question 33

What AWS tools can be used to call AWS Services from different programming languages?

A.AWS Command Line Interface
B.AWS Software Development Kit
C.AWS COdeDeploy
D.AWS Management COnsole

Answer 33

B.AWS Software Development Kit

Explanation
The AWS Software Development Kit (AWS SDK) can simplify using AWS services in your applications with an API tailored to your programming language or platform. Programming languages supported include Java, .NET, Node.js, PHP, Python, Ruby, Go, and C++.

The other options are incorrect:

“AWS CodeDeploy” is incorrect. AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services.

“AWS Management Console” is incorrect. AWS management Console allows you to manage AWS services through a web-based user interface.

“AWS Command Line Interface” is incorrect. AWS Command Line Interface (AWS CLI) allows you to control multiple AWS services from the command line and automate them through scripts NOT from programming languages.

Question 34

A company is trying to analyze the costs applied to their AWS account recently. Which of the following provides them the most granular data about their AWS costs and usage?

A.AWS Cost Explorer
B.Amazon Machine Image
C.AWS Cost & Usage Report
D.Amazon CloudWatch

Answer 34

C.AWS Cost & Usage Report

Explanation
The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)). The AWS Cost and Usage Report tracks your AWS usage and provides information about your use of AWS resources and estimated costs for that usage. You can configure this report to present the data hourly or daily. It is updated at least once a day until it is finalized at the end of the billing period. The AWS Cost and Usage Report gives you the most granular insight possible into your costs and usage, and it is the source of truth for the billing pipeline. It can be used to develop advanced custom metrics using business intelligence, data analytics, and third-party cost optimization tools.

“Amazon CloudWatch” is incorrect. Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly.

“Amazon Machine Image” is incorrect. An Amazon Machine Image is used to launch Amazon EC2 instances.

“AWS Cost Explorer” is incorrect. AWS Cost Explorer helps you visualize, understand, and manage your AWS costs and usage over time. This is done via an intuitive interface that enables you to quickly create custom reports that include charts and tabular data. You can analyze your cost and usage data in aggregate (such as total costs and usage across all accounts) down to granular details (for example, m2.2xlarge costs within the Dev account tagged “project: Blackthorn”). This option is incorrect because the AWS Cost & Usage Report provides more granular data about your AWS costs and usage than what the AWS Cost Explorer provides. The AWS Cost & Usage Report is your one-stop shop for accessing the most detailed information available about your AWS costs and usage.

Question 35

How do ELBs improve the reliability of your application?

A.By replicating data to multiple availability zones
B.By distributed traffic across multiple S3 Buckets
C.By ensuring that only healthy targets receive traffic
D.By creating database Read Replicas

Answer 35

C.By ensuring that only healthy targets receive traffic

Explanation:
The reliability term encompasses the ability of a system to recover from infrastructure or service disruptions, and dynamically acquire computing resources to meet demand. ELBs continuously perform health checks on the registered targets (such as Amazon EC2 instances) and only routes traffic to the healthy ones. This increases the fault tolerance of your application and makes it more reliable.

The other options are incorrect:

“By replicating data to multiple availability zones” is incorrect. ELBs are not responsible for replicating data.

“By creating database Read Replicas” is incorrect. Read Replicas are special types of database instances that are part of Amazon RDS NOT ELB. The purpose of Read Replicas on Amazon RDS is to enhance database performance and increase database availability.

“By distributing traffic across multiple S3 buckets” is incorrect. There is no need to create multiple S3 buckets and distribute traffic between them; One S3 bucket can handle any amount of traffic without any intervention. Amazon S3 was designed from the ground up to handle traffic for any Internet application. Amazon S3’s massive scale allows to spread load evenly, so that no individual application is affected by traffic spikes.

Question 36

Which of the following is a benefit of running an application in multiple Availability Zones?
A.Reduces application response time between servers and global users
B.Increase avaiable compute capacity
C.Allows you to exceed AWS service limits
D.Increases the availability of your application

Answer 36

D.Increases the availability of your application

Explanation:’
Placing instances that run your application in multiple Availability Zones improves the fault tolerance of your application. If one Availability Zone experiences an outage, traffic is routed to another Availability Zone, and this will increase the availability of your application.

The other options are incorrect:

“Increases available compute capacity” is incorrect. You can provision virtually unlimited compute capacity regardless of the number of Availability Zones.

“Reduces application response time between servers and global users” is incorrect. The question didn’t mention whether these Availability Zones exists within a single region or multiple regions. Application response time for global users can only be improved if you deploy to multiple regions around the world.

“Allows you to exceed AWS service limits” is incorrect. AWS service limits are region-specific NOT AZ-specific.

Question 37

Data security is one of the top priorities of AWS. How does AWS deal with old storage devices that have reached the end of their useful life?
A.AWS destrosy the old devices in accordance with industry-standard practices
B.AWS sends the old devices for remanufacturing
C.AWS Stores the old devices in a secure place
D.AWS sells the old devices to other hosting providers

Answer 37

A.AWS destrosy the old devices in accordance with industry-standard practices

Explanation:
When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that is designed to prevent customer data from being exposed to unauthorized individuals. AWS uses specific techniques to destroy data as part of the decommissioning process. All decommissioned magnetic storage devices are degaussed and physically destroyed in accordance with industry-standard practices.

Question 38

Which statement best describes the operational excellence pillar of the AWS Well-Architected Framework?
A.The ability of a system to recover gracefully from failure
B.The ability to monitor systems and improve supporting processes and procedures
C.The efficient use of computing resources to meet requirements
D.The abillity to manage datacenter operations more efficiently

Answer 38

B.The ability to monitor systems and improve supporting processes and procedures
Explanation

The 5 Pillars of the AWS Well-Architected Framework:

1- Operational Excellence: The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures.

2- Security: The security pillar includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

3- Reliability: The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

4- Performance Efficiency: The performance efficiency pillar includes the ability to use computing resources efficiently to meet system requirements. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.

5- Cost Optimization: The cost optimization pillar includes the ability to avoid or eliminate unneeded cost or sub-optimal resources.

Additional information:

Creating a software system is a lot like constructing a building. If the foundation is not solid, structural problems can undermine the integrity and function of the building. When architecting technology solutions on Amazon Web Services (AWS), if you neglect the five pillars of operational excellence, security, reliability, performance efficiency, and cost optimization, it can become challenging to build a system that delivers on your expectations and requirements. Incorporating these pillars into your architecture helps produce stable and efficient systems. This allows you to focus on the other aspects of design, such as functional requirements. The AWS Well-Architected Framework helps cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications.

The other options are incorrect:

“The ability of a system to recover gracefully from failure” is incorrect. This statement is much more related to the Reliability pillar.

“The efficient use of computing resources to meet requirements” is incorrect. This statement is much more related to the Performance Efficiency pillar.

“The ability to manage datacenter operations more efficiently” is incorrect. Managing datacenter operations is not related to any pillar. It is something that AWS is responsible for NOT the customer

Question 39

What are the connectivity options that can be used to build hybrid cloud architectures? (Choose TWO)
A.AWS Cloud9
B.AWS Direct Connect
C.AWS Artifact
D.AWS CloudTrail
E.AWS VPN

Answer 39

B.AWS Direct Connect
E.AWS VPN

Explanation

         In cloud computing, hybrid cloud refers to the use of both on-premises resources in addition to public cloud resources. A hybrid cloud enables an organization to migrate applications and data to the cloud, extend their datacenter capacity, utilize new cloud-native capabilities, move applications closer to customers, and create a backup and disaster recovery solution with cost-effective high availability. By working closely with enterprises, AWS has developed the industry’s broadest set of hybrid capabilities across storage, networking, security, application deployment, and management tools to make it easy for you to integrate the cloud as a seamless and secure extension of your existing investments.

       AWS Virtual Private Network (AWS VPN) provides an internet-based Site-to-Site connection that enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). A VPC VPN Connection utilizes IPSec to establish encrypted connectivity between your network and Amazon VPC over the Internet. VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.

       AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your on-premises network or branch office site and Amazon VPC. AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customer's on-premise sites to AWS. Using AWS Direct Connect, data that would have previously been transported over the Internet can now be delivered through a private network connection between AWS and your datacenter or corporate network. Companies of all sizes use AWS Direct Connect to establish private connectivity between AWS and datacenters, offices, or colocation environments. Compared to AWS VPN (Internet-based connection), AWS Direct Connect can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience.

Additional information:

         Besides the connectivity options that AWS provides, AWS provides many features to support building more efficient hybrid cloud architectures. For example, AWS Identity and Access Management (IAM) can grant your employees and applications access to the AWS Management Console and AWS service APIs using your existing corporate identity systems. AWS IAM supports federation from corporate systems like Microsoft Active Directory, as well as external Web Identity Providers like Google and Facebook.

The other options are incorrect:

AWS Cloud9 is incorrect. AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal. Cloud9 comes prepackaged with essential tools for popular programming languages, including JavaScript, Python, PHP, and more, so you don’t need to install files or configure your development machine to start new projects.

AWS Artifact is incorrect. AWS Artifact provides on-demand access to AWS’ compliance reports.

AWS CloudTrail is incorrect. AWS CloudTrail is a web service that tracks and records all user interactions with AWS services.

Question 40

Which statement is correct with regards to AWS service limits? (Choose TWO)
A.There are no service limits on AWS
B.You can use the AWS Trusted Advisor to monitor your service limits
C.Each IAM user has the same services limits
D.The Amazon SImple EMail Service is responsible for sending email notifications when usage approaches a service limit
E.You can contact AWS support to increase the service limits

Answer 40

B.You can use the AWS Trusted Advisor to monitor your service limits
E.You can contact AWS support to increase the service limits

Explanation:
Understanding your service limits (and how close you are to them) is an important part of managing your AWS deployments – continuous monitoring allows you to request limit increases or shut down resources before the limit is reached. One of the easiest ways to do this is via AWS Trusted Advisor’s Service Limit Dashboard.

      AWS maintains service limits for each account to help guarantee the availability of AWS resources, as well as to minimize billing risks for new customers. Some service limits are raised automatically over time as you use AWS, though most AWS services require that you request limit increases manually. Most service limit increases can be requested through the AWS Support Center by choosing Create Case and then choosing Service Limit Increase.

The other options are incorrect:

“There are no service limits on AWS” is incorrect. Each AWS account has default limits, for each AWS service.

“The Amazon Simple Email Service is responsible for sending email notifications when usage approaches a service limit” is incorrect. Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails.

Additional information:

You can configure the AWS Limit Monitor to send email notification when usage approaches a service limit.

“Each IAM user has the same service limits” is incorrect. Service limits are applied at the AWS account level by aggregating usage from all users in the account.

Note: “service limits” and “service quotas” are the exact same thing. Please note that you may encounter both terms being used interchangeably.

Question 41

Which of the following will impact the price paid for an EC2 instance? (Choose TWO)
A.Load Balancing
B.The availability zone where the instance is provisioned
C.Number of private IPs
D.Number of buckets
E.Instance type

Answer 41

A.Load Balancing
E.Instance type

Explanation:
EC2 instance pricing varies depending on many variables:

• The buying option (On-demand, Savings Plans, Reserved, Spot, Dedicated)
• Selected instance type
• Selected Region
• Number of instances
• Load balancing
• Allocated Elastic IP Addresses

Load balancing: The number of hours the Elastic Load Balancer runs and the amount of data it processes contribute to the EC2 monthly cost.

Instance type: Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity.

The other options are incorrect:

“The Availability Zone where the instance is provisioned” is incorrect. Prices of the Amazon EC2 instances may vary depending on the Region where the instances are provisioned. Amazon EC2 instances provisioned in different Availability Zones within the same Region have the same price.

“Number of private IPs” is incorrect. There is no charge for private IPs.

Additional information:

The number of allocated Elastic IPs is the factor that may affect Amazon EC2 charges. You can have only one Elastic IP (EIP) address associated with a running instance at no charge.

“Number of buckets” is incorrect. A bucket is an Amazon S3 resource, NOT an Amazon EC2 resource.

Additional information:

To upload your data (photos, videos, documents, etc.) to Amazon S3, you must first create an S3 bucket (which is similar to a file folder) in one of the AWS Regions. You can then upload any number of objects to the bucket. The customer is charged based on the total size of the objects (in GB) stored in their S3 bucket, not for the bucket itself

Question 42

Amazon Glacier is an Amazon S3 storage class that is suitable for storing \_\_\_\_\_\_\_\_\_\_\_\_ & \_\_\_\_\_\_\_\_\_\_\_\_\_\_. (Choose TWO)
A.Long-term analytic data
B.Active archives
C.Active databases
D.Dynamic websites assets
E.Cached data

Answer 42

A.Long-term analytic data
B.Active archives

Explanation

                Amazon S3 Glacier provides three retrieval options to fit your use case. Expedited retrievals typically return data in 1-5 minutes, and are best used for Active Archive use cases. Standard retrievals typically complete between 3-5 hours work, and work well for less time-sensitive needs like backup data, media editing, or long-term analytics. Bulk retrievals are the lowest-cost retrieval option, returning large amounts of data within 5-12 hours.

The other options are incorrect:

“Active databases” is incorrect. Active databases require consistent and low-latency storage performance. For example, DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage.

“Cached data” is incorrect. A cache is a high-speed data storage layer which stores a subset of data, typically transient in nature, so that future requests for that data are served up faster than is possible by accessing the data’s primary storage location. Caching allows you to efficiently reuse previously retrieved or computed data. The data in a cache is generally stored in fast access hardware such as RAM (Random-access memory) and may also be used in correlation with a software component. A cache’s primary purpose is to increase data retrieval performance by reducing the need to access the underlying slower storage layer.

“Dynamic websites’ assets” is incorrect. Dynamic websites usually require immediate retrieval, which is not available in Glacier.

Question 43

Jessica is managing an e-commerce web application in AWS. The application is hosted on six EC2 instances. One day, three of the instances crashed; but none of her customers were affected. What has Jessica done correctly in this scenario?
A.She has properly built an elastic system
B.She has properly built a sclabale system
C.She has properly built a fault tolerant system
D.She has properly built an encrypted system

Answer 43

C.She has properly built a fault tolerant system

Eplanation:
Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of some (one or more faults within) of its components. Visitors to a website expect the website to be available irrespective of when they visit. For example, when someone wants to visit Jessica’s website to purchase a product, whether it is at 9:00 AM on a Monday or 3:00 PM on holiday, he\she expects that the website will be available and ready to accept his\her purchase. Failing to meet these expectations can cause loss of business and contribute to the development of a negative reputation for the website owner, resulting in lost revenue.

The other options are incorrect:

“She has properly built an elastic system” is incorrect. Elasticity is the ability of a system to scale the resources needed to cope with load dynamically. So that when the load increases you scale by adding more resources and when demand wanes you shrink back and remove unneeded resources.

“She has properly built a scalable system” is incorrect. Scalability is the ability of a system to accommodate larger loads just by adding resources, either making hardware larger (scaling vertically) or adding additional nodes (scaling horizontally).

“She has properly built an encrypted system” is incorrect. Encryption is much more related to data protection, not fault-tolerance.

Question 44

Where can you store files in AWS?  (Choose TWO) 
A.Amazon EFS
B.Amazon EMR
C.Amazon EBS
D.Amazon SNS
E.Amazon ECS

Answer 44

A.Amazon EFS
C.Amazon EBS

Explanation:
** Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. It is designed to provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing data redundantly across multiple Availability Zones.

** Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

The other options are incorrect:

Amazon SNS is incorrect. Amazon Simple Notification Service (SNS) is a pub/sub messaging service.

Amazon ECS is incorrect. Amazon Elastic Container Service (ECS) is a compute service that is used to run containerized applications on AWS.

Amazon EMR is incorrect. Amazon Elastic MapReduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data across dynamically scalable Amazon EC2 instances.

Question 45

What is the primary storage service used by Amazon RDS database instances?
A.Amazon Glacier
B.Amazon S3
C.Amazon EFS
D.Amazon EBS

Answer 45

D.Amazon EBS

Explanation:
DB instances for Amazon RDS for MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server use Amazon Elastic Block Store (Amazon EBS) volumes for database and log storage.

Additional information:

    EBS volumes are performant for your most demanding workloads, including mission-critical applications such as SAP, Oracle, and Microsoft products. Amazon EBS scales with your performance needs, whether you are supporting millions of gaming customers or billions of e-commerce transactions. A broad range of workloads, such as relational databases (including Amazon RDS databases) and non-relational databases (including Cassandra and MongoDB), enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

The other options are incorrect:

Amazon S3 is incorrect. Amazon S3 refers to the simple storage service. Amazon S3 is an object level storage that cannot be used to store running operating systems or live databases.

Amazon EFS is incorrect. Amazon EFS refers to the Amazon Elastic File System. Amazon EFS is a file level storage that provides a scalable, elastic file system for Linux-based workloads for use with AWS Cloud services and on-premises resources. Amazon RDS does not use Amazon EFS to store databases.

Amazon Glacier is incorrect. Amazon Glacier is used for storing backups and long-term data.

Question 46

Which AWS service can be used to store and reliably deliver messages across distributed systems?
A.Amazon Simple Storage Service
B.AWS Storage Gateway
C.Amzon Simple Queue Service
D.Amzaon Simple Email Service

Answer 46

C.Amzon Simple Queue Service
Explanation

            Amazon SQS is a highly reliable, scalable message queuing service that enables asynchronous message-based communication between distributed components of an application. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

The other options are incorrect:

“Amazon Simple Storage Service” is incorrect. Amazon Simple Storage Service (Amazon S3) is an object storage service.

“Amazon Simple Email Service” is incorrect. Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails.

“AWS Storage Gateway” is incorrect. AWS Storage Gateway is a hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage. The gateway connects to AWS storage services - such as Amazon S3 and Amazon EBS - and provides storage for files, volumes, snapshots, and virtual tapes in AWS.

Question 47

​ What is the AWS service that performs automated network assessments of Amazon EC2 instances to check for vulnerabilities?
A.Amazon Kinesis
B.Security Groups
C.Amazon Inspector
D.AWS Network Access Control Lists

Answer 47

C.Amazon Inspector

Explanation

            Amazon Inspector is an automated security assessment service that helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances. Amazon Inspector allows you to create assessment templates to automate security vulnerability assessments throughout your development and deployment pipelines or for static production systems.

The other options are incorrect:

“Security groups” is incorrect. Security groups can be used to check the network accessibility of your Amazon EC2 instances -at the instance level- but this is not done automatically.

“Amazon Kinesis” is incorrect. Amazon Kinesis allows you to collect, process, and analyze video and data streams in real time.

“AWS Network Access Control Lists” is incorrect. AWS Network Access Control Lists can be used to check the network accessibility of your Amazon EC2 instances -at the subnet level- but this is not done automatically.

Question 48

A company needs to host a database in Amazon RDS for at least three years. Which of the following options would be the most cost-effective solution?
A.Reserved Instances - Partial upfront
B.Spot Instances
C.On-Demand Instances
D.Reserved instances - No Upfront

Answer 48

A.Reserved Instances - Partial upfront

Explanation

       Since the database server will be hosted for a period of at least three years, then it is better to use the RDS Reserved Instances as it provides you with a significant discount compared to the On-Demand Instance pricing for the DB instance.

      With the Partial Upfront option, you make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term. The Partial Upfront option is more cost-effective than the No upfront option (The more you spend upfront the more you save).

The other options are incorrect:

“Spot Instances” is incorrect. Spot Instances is an option for EC2; there is no Spot option for RDS.

“Reserved instances - No Upfront” is incorrect. The No Upfront option does not require any upfront payment and provides a discounted hourly rate for the duration of the term. The Partial Upfront option provides more discounts than the No Upfront option because you spend more upfront.

“On-Demand instances” is incorrect. On-Demand is not a cost-effective solution.

Question 49

According to the AWS Shared responsibility model, which of the following are the responsibility of the customer? (Choose TWO)
A.Managing environment events of AWS data centers
B.Protecting the confidentiality of data in transit in Amazon S3
C.Ensuring that the underlying EC2 host is configured properly
D.Patching the applications installed on Amazon EC2
E.Controlling physical access to AWS Regions

Answer 49

B.Protecting the confidentiality of data in transit in Amazon S3
D.Patching the applications installed on Amazon EC2

Explanation:
Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in AWS data centers). The AWS customer is responsible for protecting their data either at rest or in transit for all services (including S3).

      Patch management is a shared control between AWS and the customer. AWS is responsible for patching the underlying hosts, updating the firmware, and fixing flaws within the infrastructure, but customers are responsible for patching their guest operating system and applications.

The other options are incorrect:

“Ensuring that the underlying EC2 host is configured properly” is incorrect. Configuration management is a shared control between AWS and the customer. AWS maintains the configuration of the underlying hosts and its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications.

“Managing environmental events of AWS data centers” is incorrect. It is the sole responsibility of AWS to manage these environmental events.

“Controlling physical access to AWS regions” is incorrect. It is the sole responsibility of AWS to control physical access to its data centers.

Question 50

Using Amazon RDS falls under the shared responsibility model. Which of the following are customer responsibilities? (Choose TWO)
A.Managing the databse settings
B.Performing backups
C.Patching the database software
D.Installing the database software
E.Building the relational database schema

Answer 50

A.Managing the databse settings
E.Building the relational database schema

Explanation:
Amazon RDS manages the work involved in setting up a relational database, from provisioning the infrastructure capacity you request to installing the database software. Once your database is up and running, Amazon RDS automates common administrative tasks such as performing backups and patching the software that powers your database. With optional Multi-AZ deployments, Amazon RDS also manages synchronous data replication across Availability Zones with automatic failover. Since Amazon RDS provides native database access, you interact with the relational database software as you normally would. This means you’re still responsible for managing the database settings that are specific to your application. You’ll need to build the relational schema that best fits your use case and are responsible for any performance tuning to optimize your database for your application’s workflow.

The other options are incorrect:

“Installing the database software” is incorrect. Installing the database software is AWS’ responsibility.

“Performing backups” is incorrect. Performing backups is AWS’ responsibility.

“Patching the database software” is incorrect. Patching the database software is AWS’ responsibility.

Question 51

In your on-premises environment, you can create as many virtual servers as you need from a single template. What can you use to perform the same in AWS?
A.IAM
B.An Internet Gateway
C.EBS Snapshot
D.AMI

Answer 51

D.AMI

Explanation:
An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). This pre-configured template save time and avoid errors when configuring settings to create new instances. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

The other options are incorrect:

“IAM” is incorrect. IAM refers to the AWS Identity and Access Management.

“EBS Snapshot” is incorrect. An EBS snapshot is a point-in-time copy of your Amazon EBS volume.

“An internet gateway” is incorrect. An internet gateway is a VPC component that allows communication between instances in your VPC and the internet.

Question 52

Which of the following can help protect your EC2 instances from DDoS attacks? (Choose TWO)
A.Security Groups
B.Network Access Controls Lists (Network ACLs)
C.AWS CloudHSM
D.AWS IAM
E.AWS Batch

Answer 52

A.Security Groups
B.Network Access Controls Lists (Network ACLs)

Explanation:
Malicious actors sometimes use distributed denial of service (DDoS) attacks in an attempt to flood a network, system, or application with more traffic, connections, or requests than it can handle.

When dealing with DDoS attacks, it is important to minimize the opportunities an attacker has to target your applications. This means restricting the type of traffic that can reach your applications. Configuring security groups and network ACLs in Amazon VPC is an effective tool to help filter traffic, and reduce the attack surface of your applications.

Security groups allow you to control inbound and outbound traffic to your Amazon EC2 instances by specifically allowing communication only on the ports and protocols required for your applications. Access to any other port or protocol is automatically denied.

Network ACLs provide an additional layer of defense for your VPC by allowing you to create allow and deny rules that are processed in numeric order, much like a traditional firewall. This is useful for allowing or denying traffic at a subnet level, as opposed to security groups that filter traffic at an EC2 instance level. For example, if you have identified Internet IP addresses or ranges that are unwanted or potentially abusive, you can block them from reaching your application with a Network ACL deny rule.

Additional information:

 AWS does not configure security groups or Network ACLs to protect you from DDoS attacks. It is the responsibility of the customer to set the appropriate Network ACL and security group rules to protect from these attacks and secure their network.

 In addition to Security Groups and Network ACLs, AWS provides flexible infrastructure and services that help customers implement strong DDoS mitigations and create highly available application architectures that follow AWS Best Practices for DDoS Resiliency. These include services such as Amazon Route 53, Amazon CloudFront, Elastic Load Balancing, and AWS WAF to control and absorb traffic, and deflect unwanted requests. These services integrate with AWS Shield, a managed DDoS protection service that provides always-on detection and automatic inline mitigations to safeguard web applications running on AWS.

The other options are incorrect:

“AWS CloudHSM” is incorrect. AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

“AWS IAM” is incorrect. AWS IAM enables you to manage access to AWS services and resources securely.

“AWS Batch” is incorrect. AWS Batch is a compute service that allows you to run hundreds of thousands of batch computing jobs on AWS.

Question 53

A company has created a solution that helps AWS customers improve their architectures on AWS. Which AWS program may support this company?
A.AWS TAM
B.APN Technology Partners
C.APN Consulting Partners
D.AWS Professional Services

Answer 53

C.APN Consulting Partners

Explanation:
APN Consulting Partners are professional services firms that help customers design, architect, build, migrate, and manage their workloads and applications on AWS. Consulting Partners include System Integrators, Strategic Consultancies, Agencies, Managed Service Providers, and Value-Added Resellers. AWS supports the APN Consulting Partners by providing a wide range of resources and training to support their customers.

The other options are incorrect:

“APN Technology Partners” is incorrect. APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. APN Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, Developer Tools, Management and Security Vendors.

“AWS Professional Services” is incorrect. AWS Professional Services shares a collection of offerings to help you achieve specific outcomes related to enterprise cloud adoption. AWS Professional Services also trains your team with specialized skills and provides global specialty practices to support your efforts in focused areas of enterprise cloud computing.

“AWS TAM” is incorrect. A Technical Account Manager (TAM) is your designated technical point of contact who provides advocacy and guidance to help plan and build solutions using best practices and proactively keep your AWS environment operationally healthy. TAM is available only for the Enterprise support plan.

Question 54

What is the AWS serverless service that allows you to run your applications without any administrative burden?
A.Amazon EC2 Instances
B.AWS Lambda
C.Amazon RDS Instances
D.Amazon LightSail

Answer 54

B.AWS Lambda

Explanation:
AWS Lambda is an AWS-managed compute service. It lets you run code without provisioning or managing servers. With Lambda, you can run code for virtually any type of application or backend service - all with zero administration. Just upload your code, and Lambda takes care of everything required to run and scale your code with high availability. You pay only for the compute time you consume - there is no charge when your code is not running.

The other options are incorrect:

“Amazon EC2 instances” is incorrect. Amazon Elastic Compute Cloud (Amazon EC2) is a server-based compute service. Amazon EC2 is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary configurations and management tasks.

“Amazon Lightsail” is incorrect. Amazon Lightsail is a new offering from AWS to create a VPS (Virtual Private Server) on the cloud.

“Amazon RDS instances” is incorrect. Amazon RDS is a server-based database service that makes it easy to run a relational database in the cloud.

Question 55

Which AWS service uses Edge Locations to cache content?
A.Amazon Glacier
B.Amazon CloudFront
C.AWS Direct Connect
D.AWS KMS

Answer 55

B.Amazon CloudFront

Explanation:
Amazon CloudFront is a content caching service provided by AWS that uses Edge Locations (which are AWS data centers located all around the world) to reduce network latency when delivering content to end users.

The other options are incorrect:

“Amazon Glacier” is incorrect. Amazon Glacier is an Amazon S3 storage class.

“AWS KMS” is incorrect. AWS KMS is a key management service that makes it easy for you to create and manage encryption keys and control their use across a wide range of AWS services and in your applications.

“AWS Direct Connect” is incorrect. AWS Direct Connect is a cloud service solution that is used to establish a dedicated network connection from your premises to AWS.

Question 56

Which of the following should be considered when performing a TCO analysis to compare the costs of running an application on AWS instead of on-premises?
A.Market Research
B.Application Development
C.Physical Hardware
D.Business Analysis

Answer 56

C.Physical Hardware

Explanation:
Weighing the financial considerations of owning and operating a data center facility versus employing a cloud infrastructure requires detailed and careful analysis. The Total Cost of Ownership (TCO) is often the financial metric used to estimate and compare costs of a product or a service. When comparing AWS with on-premises TCO, customers should consider all costs of owning and operating a data center. Examples of these costs include facilities, physical servers, storage devices, networking equipment, cooling and power consumption, data center space, and Labor IT cost.

The other options are incorrect.

“Application development” is incorrect. Application development is the process of creating a program or a set of programs to perform the different tasks that a business requires. Application development is a separate process that customers need to perform regardless of whether they will be using AWS or an on-premises data center. Application development is not part of the total cost of owning and operating a data center (TCO), and thus is an incorrect answer.

“Market Research” is incorrect. Market research is an organized effort to gather information about target audience and customers to determine how viable a product or service might be. Market research is a separate process that customers need to perform regardless of whether they will be using AWS or an on-premises data center.

“Business analysis” is incorrect. Business analysis is a multistage process aimed at identifying business needs and determining solutions to business problems. Business analysis is a separate process that customers need to perform regardless of whether they will be using AWS or an on-premises data center.

Question 57

Which of the following AWS services can be used as a compute resource? (Choose TWO)
A.Amazon CloudWatchj
B.Amazon S3
C.AWS Lambda
D.Amazon EC2
E.Amazon VPC

Answer 57

C.AWS Lambda
D.Amazon EC2

Explanation:
AWS Lambda is a Serverless computing service. Serverless computing allows you to build and run applications and services without thinking about servers. With serverless computing, your application still runs on servers, but all the server management is done by AWS.

 Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, and resizable compute capacity in the cloud. Unlike AWS Lambda, Amazon EC2 is a server-based computing service, the Customer is responsible for performing all server configurations and management tasks.

The other options are incorrect:

Amazon S3 is incorrect. Amazon S3 is a storage service.

Amazon VPC is incorrect. Amazon VPC is a networking service.

Amazon CloudWatch is incorrect. Amazon CloudWatch is a monitoring service.

Question 58

A company has a large amount of structured data stored in their on-premises data center. They are planning to migrate all the data to AWS, what is the most appropriate AWS database option?
A.Amazon DynamoDB
B.Amazon RDS
C.Amazon ElastiCache
D.Amazon SNS

Answer 58

B.Amazon RDS

Explanation:
Since the data is structured, then it is best to use a relational database service such as Amazon RDS.

The other options are incorrect:

Amazon ElastiCache is incorrect. ElastiCache is an in-memory data store and cache service.

Amazon DynamoDB is incorrect. DynamoDB is a NoSQL database service. NoSQL is designed for unstructured data.

Amazon SNS is incorrect. Amazon Simple Notification Service (SNS) is not a database service. Amazon SNS is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.

Question 59

Which of the following are important design principles you should adopt when designing systems on AWS? (Choose TWO)
A.Always use Global Services in your architecture rather than Regional Services
B.Treat servers as fixed resources
C.Automate wherever possible
D.Always choose to pay as you go
E.Remove single points of failure

Answer 59

C.Automate wherever possible
E.Remove single points of failure

Explanation:
A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire system from working. You can remove single points of failure by assuming everything will fail and designing your architecture to automatically detect and react to failures. For example, configuring and deploying an auto-scaling group of EC2 instances will ensure that if one or more of the instances crashes, Auto-scaling will automatically replace them with new instances. You should also introduce redundancy to remove single points of failure, by deploying your application across multiple Availability Zones. If one Availability Zone goes down for any reason, the other Availability Zones can serve requests.

           AWS helps you use automation so you can build faster and more efficiently. Using AWS services, you can automate manual tasks or processes such as deployments, development & test workflows, container management, and configuration management.

The other options are incorrect:

“Always choose to pay as you go” is incorrect. AWS has other payment models that can save you more costs depending on your use case. For example, If your application if your application has a steady state usage, you can use reservations for the Amazon RDS and Amazon EC2 instances to reduce your overall costs significantly.

“Treat servers as fixed resources” is incorrect. AWS enables you to treat your servers as disposable resources not fixed resources. This means that if any issue occurred with a server, you can simply replace it with a new one (rather trying to fix it).

“Always use Global services in your architecture rather than Regional services” is incorrect. AWS services\resources are either Global, Regional or specific to an Availability Zone. Among all the services\resources that AWS offers, only a few of them are considered global services. Examples of AWS global services include Amazon CloudFront, AWS Identity and Access Management, Amazon Route 53 and AWS WAF. There is no way you can build your AWS environment without using Regional services such as Amazon VPC, Amazon RDS, AWS Lambda and Amazon EFS OR Zonal resources (specific to an Availability Zone) such as Amazon EC2 instances or Amazon EBS volumes.

Question 60

What are the AWS services\features that can help you maintain a highly available and fault-tolerant architecture in AWS? (Choose TWO)
A.Elastic Load Balancer
B.AWS Direct Connect
C.Amazon EC2 Auto Scaling
D.CloudFormation
E.Network ACLs

Answer 60

A.Elastic Load Balancer
C.Amazon EC2 Auto Scaling

Explanation:
Amazon EC2 Auto Scaling is a fully managed service designed to launch or terminate Amazon EC2 instances automatically to help ensure you have the correct number of Amazon EC2 instances available to handle the load for your application. Amazon EC2 Auto Scaling helps you maintain application availability and fault tolerance through fleet management for EC2 instances, which detects and replaces unhealthy instances, and by scaling your Amazon EC2 capacity automatically according to conditions you define. You can use Amazon EC2 Auto Scaling to automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs.

       Elastic Load Balancing provides an effective way to increase the availability and fault tolerance of a system. First ELB tries to discover the availability of your EC2 instances, it periodically sends pings, attempts connections, or sends requests to test the EC2 instances. These tests are called health checks. The load balancer routes user requests only to the healthy instances. When the load balancer determines that an instance is unhealthy, it stops routing requests to that instance. The load balancer resumes routing requests to the instance when it has been restored to a healthy state.

The other options are incorrect:

“CloudFormation” is incorrect. AWS CloudFormation automates and simplifies the task of creating groups of related resources that power your applications. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

“Network ACLs” is incorrect. Network ACLs is used to control traffic at the subnet level.

“AWS Direct Connect” is incorrect. AWS Direct Connect allows you to establish a dedicated network connection from your on-premises to AWS.

Question 61

Using Amazon EC2 falls under which of the following cloud computing models?
A.IaaS & SaaS
B.IaaS
C.PaaS
D.SaaS

Answer 61

B.IaaS

Explanation:
Infrastructure as a Service (IaaS) contains the basic building blocks for Cloud IT and typically provide access to networking features, computers (virtual or on dedicated hardware), and data storage space. Infrastructure as a Service provides you with the highest level of flexibility and management control over your IT resources and is most similar to existing IT resources that many IT departments and developers are familiar with today.

     For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and requires the customer to perform all of the configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance.

The other options are incorrect:

1- Platform as a Service (PaaS) removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application. A common example of a PaaS platform is the AWS Elastic Beanstalk service. Developers simply upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

2- Software as a Service(SaaS) provides you with a completed product that is run and managed by the service provider. In most cases, people referring to Software as a Service are referring to end-user applications. With a SaaS offering you do not have to think about how the service is maintained or how the underlying infrastructure is managed; you only need to think about how you will use that particular piece software. A common example of a SaaS application is web-based email where you can send and receive email without having to manage feature additions to the email product or maintaining the servers and operating systems that the email program is running on.

Question 62

What is the AWS tool that enables you to use scripts to manage all AWS services and resources?
A.AWS Service Catalog
B.AWS OpsWorks
C.AWS CLI
D.AWS Console

Answer 62

C.AWS CLI

Explanation:
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

The other options are incorrect:

“AWS Service Catalog” is incorrect. AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

“AWS OpsWorks” is incorrect. AWS OpsWorks can be used to automate one service which is EC2. AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

“AWS Console” is incorrect. AWS Console lets you access and manage Amazon Web Services through a web-based user interface.

Question 63

An organization needs to analyze and process a large number of data sets. Which AWS service should they use?
A.Amazon MQ
B.Amazon SQS
C.Amazon EMR
D.Amazon SNS

Answer 63

C.Amazon EMR

Explanation:
Amazon EMR helps you analyze and process vast amounts of data by distributing the computational work across a cluster of virtual servers running in the AWS Cloud. The cluster is managed using an open-source framework called Hadoop. Amazon EMR lets you focus on crunching or analyzing your data without having to worry about time-consuming setup, management, and tuning of Hadoop clusters or the compute capacity they rely on.

All other options are AWS messaging services.

Question 64

A company has deployed a new web application on multiple Amazon EC2 instances. Which of the following should they use to ensure that the incoming HTTP traffic is distributed evenly across the instances?
A.AWS Auto Scaling
B.AWS Network Load Balancer
C.AWS Application Load Balancer
D.AWS EC2 Auto Recovery

Answer 64

C.AWS Application Load Balancer

Explanation:
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. Elastic Load Balancing offers four types of load balancers: 1- Application Load Balancer. 2- Network Load Balancer. 3- Gateway Load Balancer. 4- Classic Load Balancer. Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic. In our case, the application receives HTTP traffic. Hence, the Application Load Balancer is the correct answer here.

The other options are incorrect:

“AWS Network Load Balancer” is incorrect. The traffic comes to the instances through HTTP. Network Load Balancer is best suited for load balancing of TCP and TLS traffic.

“AWS Auto Scaling” is incorrect. AWS Auto Scaling is not for distributing traffic. AWS Auto Scaling monitors your applications and automatically adjusts capacity (up or down) to maintain steady, predictable performance at the lowest possible cost.

“AWS EC2 Auto Recovery” is incorrect. Auto Recovery is an Amazon EC2 feature that is designed to increase instance availability. Auto Recovery can be configured to automatically recover EC2 Instances when a system or hardware impairment is detected.

Question 65

Which AWS Service can be used to establish a dedicated, private network connection between AWS and your datacenter?
A. AWS Snowball 
B.Amazon CloudFront
C.AWS Direct Connect
D.Amazon Route 53

Answer 65

C.AWS Direct Connect

Explanation:
AWS Direct Connect is used to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your data center, office, or co-location environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

The other options are incorrect:

“AWS Snowball” is incorrect. AWS Snowball is used to physically migrate petabyte-scale data sets into and out of AWS.

“Amazon CloudFront” is incorrect. Amazon CloudFront is a content delivery network that provides faster response times for your global users.

“Amazon Route 53” is incorrect. Amazon Route 53 is a global service that provides a highly available and scalable Domain Name System (DNS) in the Cloud.