CLF-C02 Questions Flashcards

Question

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices. Which best practice of the AWS Well-Architected Framework is the company following with this plan? A. Integrate functional testing as part of AWS deployment. B. Use automation to deploy changes. C. Deploy the application to multiple locations. D. Implement loosely coupled dependencies.

Answer 1

D. Implement loosely coupled dependencies. Dependencies such as queuing systems, streaming systems, workflows, and load balancers are loosely coupled. Loose coupling helps isolate behavior of a component from other components that depend on it, increasing resiliency and agility. https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_prevent_interaction_failure_loosely_coupled_system.html

Answer 2

C. IAM credential report You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key updates. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

Answer 3

B. AWS Budgets D. Amazon CloudWatch B. AWS Budgets: AWS Budgets is a service that allows you to set custom cost and usage budgets for your AWS resources. You can configure a budget with a specific threshold and define actions, such as sending notifications, when that threshold is reached. D. Amazon CloudWatch: Amazon CloudWatch is a monitoring service that can be used to collect and track metrics, logs, and events from various AWS resources. It supports setting up alarms based on cost metrics, so you can create an alarm for a specific cost threshold and configure it to send notifications when the threshold is breached.

Answer 4

D. AWS Knowledge Center The AWS Knowledge Center helps answer the questions most frequently asked by AWS Support customers.

Answer 5

A. Configure the AWS provided security group firewall. B. Classify company assets in the AWS Cloud. A. Configure the AWS provided security group firewall: Customers are responsible for configuring and managing security group firewalls to control inbound and outbound traffic to their AWS resources. B. Classify company assets in the AWS Cloud: Asset classification is typically a customer responsibility as part of their data governance and security practices. The other options are not accurate in the context of customer responsibilities: C. Determine which Availability Zones to use for Amazon S3 buckets: This is more of a design decision and falls under the AWS management responsibilities. D. Patch or upgrade Amazon DynamoDB: Patching or upgrading services like Amazon DynamoDB is managed by AWS. Customers are not responsible for patching or upgrading the underlying infrastructure or services provided by AWS. E. Select Amazon EC2 instances to run AWS Lambda on: The selection of underlying infrastructure for serverless services like AWS Lambda is managed by AWS. Customers focus on writing and deploying functions without managing the underlying instances.

Answer 6

B. Reliability E. Operational excellence There are 6 pillars - 1. Operational excellence 2. Security 3. Reliability 4. Performance efficiency 5. Cost optimization 6. Sustainability

Answer 7

A. Amazon Simple Notification Service (Amazon SNS) Amazon Simple Notification Service (Amazon SNS) sends notifications two ways, A2A and A2P. A2A provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. These applications include Amazon Simple Queue Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, and other HTTPS endpoints. A2P functionality lets you send messages to your customers with SMS texts, push notifications, and email. https://aws.amazon.com/sns/

Answer 8

B. Access keys "Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK)." https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Answer 9

B. Spot Instances Spot Instances: Allow users to bid for unused EC2 capacity, potentially providing cost savings. They are suitable for workloads that are fault-tolerant and can handle interruptions. Spot Instances are a good fit for the described scenario of thousands of simultaneous simulations.

Answer 10

A. The speed at which AWS resources are implemented: Agility in AWS refers to the ability to quickly provision and implement resources, allowing users to adapt to changing requirements and scale resources as needed. C. The ability to experiment quickly: Agility involves the capability to experiment rapidly, enabling users to innovate, test ideas, and iterate quickly in the cloud environment. The other options are described as follows: B. The speed at which AWS creates new AWS Regions: The creation of new AWS Regions is not typically within the control of individual AWS customers. AWS decides when and where to create new regions based on business considerations. D. The elimination of wasted capacity: While efficiency and cost optimization are important aspects of cloud computing, the elimination of wasted capacity is not a direct aspect of the concept of agility. E. The low cost of entry into cloud computing: While cost considerations are important, the low cost of entry is not a defining aspect of agility. Agility focuses more on speed, flexibility, and the ability to respond quickly to changing demands.

Answer 11

A. AWS WAF A. AWS WAF (Web Application Firewall): A web application firewall that allows users to create custom rules to filter and monitor HTTP or HTTPS requests to a web application. It helps protect against common web exploits, including SQL injection attacks, by allowing the blocking or rate-limiting of malicious requests.

Answer 12

C. AWS IAM Access Analyzer IAM Access Analyzer helps identify resources in your organization and accounts that are shared with an external entity. https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

Answer 13

B. Download the reports from AWS Artifact. AWS Artifact is a portal that provides access to various compliance reports, including certifications, attestations, and other relevant documents. You can download these reports directly from AWS Artifact.

Answer 14

A. Cost of application software licenses A. Cost of application software licenses: In the AWS Cloud, customers are responsible for the cost of application software licenses. This includes any software licenses required to run applications on AWS services. AWS provides the underlying infrastructure, and customers are responsible for licensing their application software.

Answer 15

C. Turn on multi-factor authentication (MFA) for added security during the login process. C. Turn on multi-factor authentication (MFA) for added security during the login process: Enabling multi-factor authentication (MFA) is a security best practice. It adds an extra layer of protection by requiring users to provide a second form of authentication in addition to their password. This helps prevent unauthorized access even if credentials are compromised.

Answer 16

B. The ability to rightsize resources as demand shifts E. How easily resources can be procured when they are needed B. The ability to rightsize resources as demand shifts: Elasticity involves the ability to dynamically adjust the size of resources (e.g., adding or removing instances) based on changing demand. E. How easily resources can be procured when they are needed: Elasticity involves the ease with which resources can be provisioned or de-provisioned based on changing demand, providing flexibility and scalability.

Answer 17

A. AWS CloudTrail AWS CloudTrail is a service that records all API calls made on your AWS account. It provides a detailed history of events, including who made the call, what actions were performed, and from which IP address the call originated. This audit trail is valuable for security, compliance, troubleshooting, and monitoring purposes, and it helps you maintain visibility into how your AWS resources are being used.

Answer 18

A. Managing the code within the Lambda function Customers are responsible for developing, deploying, and managing the code and dependencies within the Lambda function.

Answer 19

B. Amazon Athena Amazon Athena is a serverless query service that allows you to analyze data directly in Amazon S3 using standard SQL queries. You don't need to set up or manage any infrastructure; you only pay for the queries you run. It is well-suited for ad-hoc and exploratory analysis on data stored in S3 without the need for maintaining a separate database.

Answer 20

C. AWS Organizations AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations is offered at no additional charge. You are charged only for AWS resources that users and roles in your member accounts use. For example, you are charged the standard fees for Amazon EC2 instances that are used by users or roles in your member accounts. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html

Answer 21

C. Cloud fluency Cloud fluency belongs to the people perspective within the AWS Cloud Adoption Framework (AWS CAF). https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/people-perspective.html

Answer 22

C. Reserved Instances D. Savings Plans C. Reserved Instances: Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing in exchange for a one-time upfront payment and/or a lower hourly rate. The more you commit, the greater the discount. D. Savings Plans: Savings Plans offer flexible pricing and savings on your AWS usage, with discounts of up to 72% compared to On-Demand pricing. With Savings Plans, you commit to a certain amount of usage (measured in dollars per hour) for a one- or three-year term, and receive a lower rate for that usage.

Answer 23

C. AWS Regions AWS Regions are geographical locations where AWS data centers (Availability Zones) are situated. When deploying Amazon RDS, you can choose the AWS Region that is geographically closest to your current location to reduce latency and improve performance.

Answer 24

AWS Pricing Calculator The AWS Pricing Calculator is a tool that allows users to estimate the cost of using AWS services based on their projected usage. It provides a detailed breakdown of costs for different services and configurations.

Answer 25

A. Deliver the content through Amazon CloudFront Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of static and dynamic content, including images and videos, to users globally. It helps minimize latency by caching content at edge locations worldwide.

Answer 26

C. Lower variable costs over fixed costs This is a key benefit of economies of scale. With cloud computing, as usage increases, the cost per unit of resources tends to decrease due to the efficiency gained from large-scale operations.

Answer 27

C. AWS Cloud Development Kit (AWS CDK) AWS CDK is a software development framework that enables developers to define infrastructure as code (IaC) using familiar programming languages like TypeScript, Python, Java, C#, and more.

Answer 28

AWS Security Token Service (AWS STS) AWS STS is the correct choice for providing temporary, limited-privilege credentials. It enables you to request temporary credentials with a specific set of permissions (via roles), which can be used to authenticate with other AWS services. This is commonly used for scenarios where you need to grant temporary access to resources without exposing long-term credentials.

Answer 29

A. AWS Security Hub "AWS Security Hub is a cloud security posture management (CSPM) service that performs automated, continuous security best practice checks against your AWS resources to help you identify misconfigurations, and aggregates your security alerts (i.e. findings) in a standardized format so that you can more easily enrich, investigate, and remediate them." Reference: https://aws.amazon.com/security-hub/features/?nc=sn&loc=2

Answer 30

B. AWS Identity and Access Management (IAM) "IAM is a feature of your AWS account and is offered at no additional charge." Reference: https://aws.amazon.com/iam/getting-started/?nc=sn&loc=3

Answer 31

C. Amazon DynamoDB DynamoDB is a non-relational database which means it is a NONSQL database. Aurora and RDS are relational, as for Redshift that is for exabytes of data and complex queries.

Answer 32

C. Manage database access permissions. This is the customer's responsibility. Customers are responsible for defining and managing access permissions to their DynamoDB tables, specifying who can perform various operations on the tables.

Answer 33

C. Spot Instances Spot Instances are a good fit for stateless, fault-tolerant workloads that can be interrupted without any impact on the overall job.

Answer 34

A. Amazon Macie Amazon Macie: automatically discover, classify, and protect sensitive data, such as personally identifiable information (PII), in Amazon S3.

Answer 35

A. Security groups C. Network ACLs Security groups are stateful firewalls that control inbound and outbound traffic at the instance level. You can configure security groups to allow or deny specific types of network traffic to and from your instances. Network ACLs (Access Control Lists) are stateless firewalls that control traffic at the subnet level. Network ACLs define rules to allow or deny traffic based on source and destination IP addresses, ports, and protocols.

Answer 36

B. AWS CloudTrail AWS CloudTrail is a service that records all API activity in your AWS account, including the termination of EC2 instances. It creates log entries for various events, providing an audit trail of actions taken on resources. By reviewing CloudTrail logs, you can identify when an EC2 instance was terminated, who initiated the termination, and other relevant details about the event.

Answer 37

D. Amazon Aurora Amazon S3: Amazon S3 (Simple Storage Service) is an object storage service and is not a database. Amazon DynamoDB: A fully managed NoSQL database service, but it is not MySQL-compatible. Amazon Redshift: A fully managed data warehouse service, not a MySQL-compatible database. Amazon Aurora: A fully managed relational database engine compatible with MySQL and PostgreSQL. It offers the performance and availability of commercial databases with the simplicity and cost-effectiveness of open-source databases. upvoted 1 times

Answer 38

C. AWS Outposts AWS Outposts enables you to run AWS infrastructure and services on premises while seamlessly connecting to the AWS cloud. This service extends the AWS ecosystem to your on-premises locations, allowing you to take advantage of cloud benefits while addressing the requirements of data residency, low-latency applications, and specific regulatory needs in hybrid environments.

Answer 39

C. Amazon RDS (Relational Database Service) Amazon RDS supports various database engines, including PostgreSQL, and offers a managed database service suitable for OLTP workloads. With Amazon RDS for PostgreSQL, you can easily set up, operate, and scale a PostgreSQL database without the administrative overhead of managing the infrastructure.

Answer 40

B. Amazon AppStream 2.0 C. Amazon WorkSpaces B. Amazon AppStream 2.0: Amazon AppStream 2.0 is a service that enables you to stream desktop applications to users through web browsers. You can deliver Windows applications securely to remote users without the need to provision and manage full virtual desktops. C. Amazon WorkSpaces: Amazon WorkSpaces is a fully managed desktop-as-a-service (DaaS) solution that provides Windows desktops to users. You can configure and manage virtual desktops for remote employees using WorkSpaces.

Answer 41

C. Amazon GuardDuty Amazon GuardDuty is an AWS service that is designed to monitor and detect potential security threats in your AWS environment. It helps to identify unusual and unauthorized activities, including misconfigured security groups that may be allowing unrestricted access to specific ports. GuardDuty uses machine learning and threat intelligence to analyze data and generate alerts, making it an effective tool for enhancing the security of your AWS infrastructure. While options like AWS Trusted Advisor and Amazon CloudWatch offer valuable monitoring capabilities, they do not specifically focus on detecting security group misconfigurations. Therefore, in this scenario, Amazon GuardDuty is the most appropriate choice.

Answer 42

A. Amazon DynamoDB Amazon DynamoDB: A key-value and document database that provides single-digit millisecond latency at any scale. It is a fully managed NoSQL database service designed for applications that require consistent, single-digit millisecond latency, regardless of the volume of requests.

Answer 43

B. Spot Instances Spot Instances are the most cost-effective option for scenarios where the workload is flexible and can be interrupted. Spot Instances allow you to use spare EC2 capacity at a significantly lower cost than On-Demand Instances. Spot Instances are suitable for workloads like batch processing, data analysis, and machine learning jobs that do not require continuous, uninterrupted operation

Answer 44

B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots B. EC2 Amazon Machine Images (AMIs): AMIs are used to create backups of EC2 instances, and they can be used to launch replacement instances in the event of a disaster or data loss. AMIs are essential for creating recovery points for your EC2 instances. C. Amazon Elastic Block Store (Amazon EBS) snapshots: EBS snapshots allow you to create point-in-time backups of your EBS volumes. These snapshots can be used to restore data or create new EBS volumes, making them a key component of disaster recovery for EC2 instances.

Answer 45

B. AWS CloudShell B. AWS CloudShell: A browser-based shell provided by AWS that enables command-line access to AWS resources directly from the AWS Management Console. Users can use AWS CloudShell to run AWS CLI commands and use various AWS tools without installing any additional software. It provides a convenient and secure way to interact with AWS resources in the cloud.

Answer 46

B. AWS Transit Gateway AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. This connection simplifies your network and puts an end to complex peering relationships. Transit Gateway acts as a highly scalable cloud router—each new connection is made only once.

Answer 47

D. AWS Enterprise Support AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. For these events, AWS Infrastructure Event Management will help you assess operational readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The program is included in the Enterprise Support plan and is available to Business Support customers for an additional fee.

Answer 48

B. AWS Secrets Manager AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. https://aws.amazon.com/secrets-manager/

Answer 49

C. AWS Direct Connect AWS Direct Connect establishes a dedicated private connection between your on-premises infrastructure and AWS.

Answer 50

C. AWS KMS AWS Key Management Service (AWS KMS): A fully managed service that makes it easy for you to create, control, and manage encryption keys used to encrypt your data. It integrates seamlessly with other AWS services, including Amazon EBS, for encryption purposes.

Answer 51

A. AWS Management Console AWS Management Console: A web-based interface that allows users to access and manage their AWS resources using a graphical user interface (GUI). This console provides an easy-to-use platform for various AWS services.

Answer 52

B. High economies of scale C. Launch globally in minutes B. High economies of scale: AWS Cloud leverages high economies of scale, allowing customers to benefit from cost savings due to the massive scale of AWS infrastructure. This enables cost-effective solutions for businesses. C. Launch globally in minutes: One of the advantages of the AWS Cloud is the ability to deploy applications and resources globally in a matter of minutes. This quick global deployment facilitates flexibility and responsiveness to changing business needs.

Answer 53

D. High availability The ability of an architecture to withstand failures with minimal downtime is a characteristic of high availability. High availability ensures that your system remains operational and accessible even in the face of component failures. This is critical for maintaining a reliable and responsive application or service.

Answer 54

D. AWS CloudFormation A service that allows you to define and provision AWS infrastructure as code in a safe, predictable, and repeatable manner. It enables the developer to create and manage a collection of AWS resources by describing the infrastructure in a template. This helps in maintaining both development and production environments consistently.

Answer 55

B. Configure firewalls and networks. Configure firewalls and networks: This is a customer responsibility. Customers have control over configuring security groups, network access control lists (ACLs), and other network-related configurations to control traffic to and from their resources.

Answer 56

B. AWS Global Accelerator AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your public applications. Global Accelerator provides two global static public IPs that act as a fixed entry point to your application endpoints, such as Application Load Balancers, Network Load Balancers, Amazon Elastic Compute Cloud (EC2) instances, and elastic IPs.

Answer 57

C. Amazon Simple Queue Service (Amazon SQS) SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. It allows one application to send messages to a queue, and another application to retrieve those messages from the queue. This can be helpful in scenarios where the sender and receiver are not required to interact with each other in real-time.

Answer 58

A. Volume discounts C. One bill for multiple accounts Consolidated billing has the following benefits: - ONE BILL – You get one bill for multiple accounts. - Combined usage – You can combine the usage across all accounts in the organization to share the VOLUME PRICING DISCOUNTS, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts.

Answer 59

Access Analyzer for S3 is an AWS service that analyzes S3 buckets for bucket policies and ACLs that allow public or restricted access. Allows users to easily identify buckets with insecure permission settings and take action to remediate them.

Answer 60

A. AWS Artifact A portal that provides on-demand access to AWS compliance reports, certifications, and attestations. It is a centralized location for various compliance-related documents.

Answer 61

A. Amazon CloudFront A content delivery network (CDN) service that enables companies to deliver static and dynamic web content, including applications, to end users with low latency and high transfer speeds. It helps deploy an application close to end users.

Answer 62

C. AWS Global Accelerator A service that uses the AWS global network to optimize the routing of traffic to applications. It improves the availability and performance of applications by utilizing anycast IP addresses. It specifically improves network performance globally.

Answer 63

A. Amazon S3 Provides highly durable object storage with 99.999999999% (11 9's) durability.

Answer 64

D. Operating system installations AWS provides the infrastructure and services (like EC2) that include a range of Amazon Machine Images (AMIs) with pre-installed operating systems. This means AWS is responsible for ensuring that these AMIs are available and that the underlying infrastructure to run these instances is secure and reliable.

Answer 65

B. The ability to use the pay-as-you-go model. D. No longer having to guess what capacity will be required. B. The ability to use the pay-as-you-go model - AWS provides a flexible and cost-effective pay-as-you-go pricing model, allowing users to pay only for the resources they consume without upfront costs or long-term commitments. D. No longer having to guess what capacity will be required - AWS offers scalable resources, enabling users to dynamically scale up or down based on their actual needs. This eliminates the need for upfront capacity planning and allows for efficient resource utilization.

Answer 66

C. AWS Storage Gateway AWS Storage Gateway: A hybrid cloud storage service that enables on-premises applications to use cloud storage seamlessly. It provides file, volume, and tape gateway interfaces to integrate on-premises environments with AWS Cloud storage. This service allows on-premises users to access virtually unlimited cloud storage while maintaining a hybrid storage infrastructure.

Answer 67

A. AWS Pricing Calculator Pricing Calculator: A web-based tool that allows users to estimate the cost of using AWS services. It helps in understanding and estimating the costs associated with various AWS resources based on usage patterns, regions, and other parameters. Users can input their specific requirements to get an estimated monthly cost.

Answer 68

A. AWS Software Development Kit AWS Software Development Kit (SDK): A set of libraries and tools that allows developers to interact with AWS services directly from their applications.

Answer 69

C. Learn to improve from operational failures. Learn to improve from operational failures: This is a key principle of the AWS Well-Architected Framework. It emphasizes the importance of learning from failures and continuously improving the architecture based on operational experiences.

Answer 70

C. least privilege access. Least privilege access means granting users or entities the minimum level of permissions required to perform their tasks, reducing the risk of unintended or malicious actions.

Answer 71

D. Network ACL ACL = subnet, Security Groups = instances

Answer 72

B. Amazon Redshift Serverless B. Amazon Redshift: A fully managed, petabyte-scale data warehouse service in the cloud. It is specifically designed for analytics and data warehousing, offering fast query performance using SQL queries and integration with various business intelligence tools.

Answer 73

B. AWS enables capacity to be adjusted on demand. E. AWS eliminates many of the costs of building and maintaining on-premises data centers. B. AWS enables capacity to be adjusted on demand: AWS provides the flexibility to scale resources up or down based on demand. This allows businesses to optimize costs by only paying for the resources they actually use, avoiding unnecessary expenses during periods of lower demand. E. AWS eliminates many of the costs of building and maintaining on-premises data centers: With AWS, businesses can leverage cloud infrastructure without the need to invest in and maintain physical data centers. This eliminates upfront capital expenses, ongoing maintenance costs, and the need to overprovision resources for future growth, leading to significant cost savings.

Answer 74

B. IAM role IAM role: Are used to delegate permissions to users, applications, or services. In the context of cross-account access, you can create an IAM role in the target account and define policies that grant access to the necessary resources. Users in the source account can assume the role to access resources in the target account. IAM roles are commonly used for cross-account access scenarios.

Answer 75

C. Maintenance of physical and environmental controls Maintenance of physical and environmental controls: This task is the responsibility of AWS. AWS manages the physical infrastructure, including data center security, environmental controls (such as cooling and power), and other aspects related to the underlying infrastructure.

Answer 76

D. AWS CloudFormation AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.

Answer 77

A. Data architecture The correct answer is A, the clue is "Platform perspective capabilities" and only "Data Architecture" include in the list. ref: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/platform-perspective.html

Answer 78

B. Rightsizing Right sizing is the process of matching instance types and sizes to your workload performance and capacity requirements at the lowest possible cost. Ref link: https://aws.amazon.com/aws-cost-management/aws-cost-optimization/right-sizing/#:~:text=Right%20sizing%20is%20the%20process,at%20the%20lowest%20possible%20cost.

Answer 79

B. AWS Storage Gateway AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.

Answer 80

B. AWS Budgets AWS Budgets is the tool that provides users with the ability to plan their service usage, service costs, and instance reservations.

Answer 81

B. Perform client-side data encryption. C. Configure IAM credentials. https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 82

A. Grant the developer access to only the AWS resources needed to perform the job. E. Ensure the account password policy requires a minimum length. A. Grant the developer access to only the AWS resources needed to perform the job: Following the principle of least privilege, it is advisable to provide the developer with access only to the specific AWS resources necessary for their job role. This minimizes the potential impact of security incidents and limits the scope of actions the developer can perform. E. Ensure the account password policy requires a minimum length: Implementing a password policy that requires a minimum length is a good security practice. It helps enhance the strength of passwords and contributes to better overall account security. Longer passwords are generally more resistant to brute-force attacks.

Answer 83

B. Consolidated billing Consolidated billing allows you to combine multiple AWS accounts and aggregate the usage and spending across those accounts. This simplifies billing and enables you to take advantage of volume discounts, which can lead to cost savings

Answer 84

C. IAM roles IAM (Identity and Access Management) roles provide a secure way to grant permissions to AWS services and resources. In this scenario, you can create an IAM role with the necessary permissions for the EC2 instance to access other AWS services. Then, you can associate the IAM role with the EC2 instance.

Answer 85

A. Amazon FSx Amazon FSx: A fully managed file storage service that is compatible with Windows file servers. It is designed to provide shared file storage for Windows-based applications, making it a suitable choice for the company's requirement of a fully managed Windows file server.

Answer 86

D. Amazon S3 File Gateway Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data files and backup images as durable objects in Amazon S3 cloud storage. Amazon S3 File Gateway offers SMB or NFS-based access to data in Amazon S3 with local caching. It can be used for on-premises data-intensive Amazon EC2-based applications that need file protocol access to S3 object storage. https://aws.amazon.com/es/storagegateway/file/s3/

Answer 87

C. AWS CloudTrail "CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions." Reference: https://aws.amazon.com/cloudtrail/faqs/

Answer 88

C. Savings Plans

Answer 89

B. Amazon Personalize Amazon Personalize accelerates your digital transformation with ML, making it easier to integrate personalized recommendations into existing websites, applications, email marketing systems, and more.

Answer 90

B. Align "Align phase focuses on identifying capability gaps across the six AWS CAF perspectives, identifying cross-organizational dependencies, and surfacing stakeholder concerns and challenges." Reference: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

Answer 91

B. AWS WAF AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting." References: https://aws.amazon.com/waf/faqs/

Answer 92

A. EC2 Image Builder EC2 Image Builder is a fully-managed AWS service that makes it easier to automate the creation, management, and deployment of customized, secure, and up-to-date “golden” server images that are pre-installed and pre-configured with software and settings to meet specific IT standards.

Answer 93

B. Amazon Inspector "Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2), AWS Lambda functions, and container workloads for software vulnerabilities and unintended network exposure." Reference: https://aws.amazon.com/inspector/faqs/

Answer 94

B. Amazon EC2 AWS Lambda is a serverless computing service that runs your code without provisioning or managing servers. However, Lambda functions have a maximum execution time of 15 minutes. Therefore, Lambda is not suitable for workloads that need to run for longer than 15 minutes.

Answer 95

C. VPC Flow Logs VPC flow logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. https://aws.amazon.com/vpc/faqs/#:~:text=VPC%20flow%20logs%20is%20a,network%20interfaces%20in%20your%20VPC

Answer 96

AWS Systems Manager Parameter Store AWS Secrets Manager is specifically designed for managing sensitive information such as passwords, database credentials, and API keys securely. (FYI so is AWS Secrets Manager - but that service costs $1 per secret).

Answer 97

C. Amazon EC2 "For full control over your compute environment, choose to run your containers on Amazon Elastic Compute Cloud (EC2)" https://aws.amazon.com/containers/

Answer 98

D. AWS Organizations AWS Organizations is the service that provides the features you mentioned for managing multiple AWS accounts within an organization.

Answer 99

C. Amazon S3 File Gateway Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data files and backup images as durable objects in Amazon S3 cloud storage. https://aws.amazon.com/storagegateway/file/s3/

Answer 100

A. AWS WAF "AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting." References: https://aws.amazon.com/waf/faqs/

Answer 101

A. AWS CLI "The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts." Reference: https://aws.amazon.com/cli/

Answer 102

C. AWS Trusted Advisor AWS Trusted Advisor is a service that helps users secure and optimize their AWS environments. Trusted Advisor offers a range of recommendations in five categories:

Answer 103

B. Operations AWS CAF Operations perspective capabilities * Observability * Event management (AIOps) * Incident and problem management * Change and release management * Performance and capacity management * Configuration management * Patch management * Availability and continuity management * Application management Reference: https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/operations-perspective.html

Answer 104

B. Reserved Instances D. Saving Plans For a steady, predictable, and uninterruptible compute workload, the most cost-effective Amazon EC2 instance purchasing options would typically be: B. Reserved Instances: Reserved Instances provide a significant discount compared to On-Demand Instances in exchange for a commitment to a one- or three-year term. Since the workload is steady and predictable, you can forecast your usage and purchase Reserved Instances accordingly, optimizing costs over time. D. Saving Plans: Similar to Reserved Instances, Savings Plans offer significant discounts on usage in exchange for committing to a specific amount of compute usage (measured in dollars per hour) over a one- or three-year term. Savings Plans provide flexibility across a wider range of instance types and regions compared to Reserved Instances.

Answer 105

A. On-Demand Instances *On-Demand Instances – short workload, predictable pricing, pay by second

Answer 106

C. Patch management "AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications." Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 107

B. Consolidated billing E. Multiple AWS accounts Consolidated billing is a feature of AWS Organizations that allows you to combine billing for multiple AWS accounts. Creating multiple AWS accounts, one for each department, is an effective way to segregate resources, manage permissions, and track costs separately.

Answer 108

D. Apply updates to the Nitro Hypervisor. The Nitro Hypervisor is a component of the underlying infrastructure managed by AWS.

Answer 109

B. Pay-as-you-go pricing

Answer 110

C. Data monetization https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

Answer 111

D. A consultative review and architecture guidance for the company’s applications Designated Technical Account Manager (TAM) to provide consultative architectural and operational guidance delivered in the context of your applications and use-cases to help you achieve the greatest value from AWS https://aws.amazon.com/premiumsupport/plans/

Answer 112

C. Spot Instances

Answer 113

C. Incident response D. Infrastructure protection Infrastructure protection – Validate that systems and services within your workload are protected against unintended and unauthorized access and potential vulnerabilities Incident response – Reduce potential harm by effectively responding to security incidents. Quick, effective, and consistent responses to security incidents will help you reduce potential harm https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html

Answer 114

C. EC2 Instance Savings Plans

Answer 115

B. Elasticity The characteristic of the AWS Cloud that helps users eliminate underutilized CPU capacity is elasticity. Elasticity allows users to scale their computing resources up or down based on their needs, which helps to eliminate underutilized CPU capacity.

Answer 116

B. Amazon Simple Queue Service (Amazon SQS) E. AWS Step Functions Amazon Simple Queue Service (Amazon SQS): SQS is a fully managed message queuing service that allows components of a distributed application to communicate asynchronously. It helps decouple the sender and receiver components, providing flexibility and fault tolerance. AWS Step Functions: AWS Step Functions allow you to coordinate and sequence AWS services, including Lambda functions, in a serverless workflow. It helps in creating workflows that are scalable, resilient, and loosely coupled.

Answer 117

A. AWS Budgets AWS Budgets is the AWS Cloud service that allows users to set custom spending thresholds and receive alerts when those thresholds are exceeded. It helps users to keep track of their AWS spending by providing notifications based on their budget limits.

Answer 118

Benefits management – Ensure that the business benefits associated with your cloud investments are realized and sustained. The success of your transformation is determined by the resulting business benefits. https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/governance-perspective.html

Answer 119

B. S3 Transfer Acceleration S3 Transfer Acceleration is a feature that utilizes Amazon CloudFront's globally distributed edge locations to accelerate the upload of objects to an S3 bucket.

Answer 120

A. On-Demand Instances

Answer 121

B. Envision Identify and prioritize transformation opportunities in line with your strategic objectives. Associating your transformation initiatives with key stakeholders and measurable business outcomes will help you demonstrate value as you progress through your transformation journey. https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

Answer 122

B. Application data security

Answer 123

A. Use EC2 instances in multiple AWS Regions.

Answer 124

D. Refactor

Answer 125

C. To access the AWS account through a CLI Use Access Keys for Programmatic Access (CLI / SDK)

Answer 126

B. Availability Zone An availability zone consists of multiple data centers, which are all equipped with independent power, cooling and networking infrastructure all housed in separate facilities.

Answer 127

A. AWS Snowmobile AWS Snowmobile is the appropriate choice for migrating 50 petabytes of file storage data to AWS with the least possible operational overhead.

Answer 128

A. Amazon AppStream 2.0 Amazon AppStream 2.0 is a cloud-based desktop streaming service that allows companies to deploy applications and desktops to any device, including lightweight laptops.

Answer 129

D. Amazon S3 For cost-effective storage and querying of large volumes of data, especially log data, Amazon S3 (Simple Storage Service) is the most suitable option.

Answer 130

D. Avoid monolithic architecture by segmenting workloads. Monolithic architectures can become unwieldy, difficult to maintain, and prone to failures. Segmenting workloads into smaller, more manageable components allows for greater scalability, resilience, and flexibility in the cloud.

Answer 131

A. AWS CloudTrail With AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for your account, including API calls made by using the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services.

Answer 132

A. Management of the guest operating systems

Answer 133

D. Amazon EC2 Auto Scaling

Answer 134

C. AWS Secrets Manager AWS Secrets Manager helps in the secure storage, rotation, and retrieval of sensitive credentials such as API keys, database passwords, and other secrets used by applications.

Answer 135

B. Amazon Macie Amazon Macie is a data security service that discovers sensitive data using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.

Answer 136

C. Enable multi-factor authentication (MFA) on the root user. D. Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user.

Answer 137

D. Modify the DB instance to be a Multi-AZ deployment. In an Amazon RDS Multi-AZ deployment, Amazon RDS automatically creates a primary database (DB) instance and synchronously replicates the data to an instance in a different AZ. When it detects a failure, Amazon RDS automatically fails over to a standby instance without manual intervention.

Answer 138

A. Reserved Instances Reserved Instances are well-suited for applications with steady, predictable workloads over a term commitment, such as one year

Answer 139

A. The company Networking and traffic protection are a customer responsibility.

Answer 140

B. Reliability The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands. Key topics include distributed system design, recovery planning, and adapting to changing requirements.

Answer 141

D. IAM Access Analyzer IAM Access Analyzer external access analyzers help identify resources in your organization and accounts that are shared with an external entity. https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

Answer 142

C. Amazon QuickSight Amazon QuickSight is the AWS service that gives users the ability to create interactive business intelligence (BI) dashboards that can include machine learning insights. https://docs.aws.amazon.com/quicksight/

Answer 143

B. Resource elasticity Elasticity - The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically.

Answer 144

B. Use IAM roles for applications that require access to the S3 bucket. Use IAM roles for applications and AWS services that require Amazon S3 access. https://docs.aws.amazon.com/AmazonS3/latest/userguide/security-best-practices.html

Answer 145

D. The ability to provision and deprovision resources quickly with minimal effort The agility provided by AWS is closely tied to the ability to provision and deprovision resources rapidly. AWS allows users to scale their infrastructure up or down based on demand, enabling them to quickly deploy new resources when needed and release them when no longer necessary.

Answer 146

B. Amazon Cognito Amazon Cognito supports authentication with identity providers (IdPs) through Security Assertion Markup Language 2.0 (SAML 2.0). You can use an IdP that supports SAML with Amazon Cognito to provide a simple onboarding flow for your users. https://docs.aws.amazon.com/cognito/latest/developerguide/saml-identity-provider.html

Answer 147

D. AWS Health Dashboard The AWS Health Dashboard is a centralized location where users can find information about the availability and operation of AWS services. It provides an overview of the current status of AWS services, including planned and unplanned events. Users can also search for specific services to get more detailed information.

Answer 148

A. VPC Flow Logs https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

Answer 149

C. Customer data Customers are always responsible for managing their own customer data. https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 150

B. AWS Artifact

Answer 151

C. Amazon Inspector Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure. https://aws.amazon.com/inspector/

Answer 152

C. AWS Application Discovery Service AWS Application Discovery Service collects both server and database configuration information. Server information includes hostnames, IP addresses, MAC addresses, as well as the resource allocation and utilization details of key resources such as CPU, network, memory, and disk.

Answer 153

C. Rotate access keys on a reoccurring basis. Credentials should be rotated or changed on a periodic time frame. For this reason it is considered a security best practice to rotate access keys.

Answer 154

A. AWS Cloud Adoption Framework (AWS CAF) AWS migration readiness assessment (MRA) is an AWS process of gaining insights about your enterprise's current cloud readiness and building an action plan to close identified gaps, using the AWS Cloud Adoption Framework (AWS CAF).

Answer 155

B. Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

Answer 156

C. Pay-as-you-go pricing

Answer 157

A. AWS VPN C. AWS Direct Connect

Answer 158

B. Amazon DynamoDB Redshift is a data warehouse service, while RDS and Aurora is a relational database service. So Amazon DynamoDB is the answer.

Answer 159

B. Base the selection of Amazon EC2 instance types on past utilization patterns. C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers. Only answers that actually address cloud costs.

Answer 160

B. Security groups Security groups is the only answer that applies to EC2 level.

Answer 161

C. Automatically scale to meet demand. E. Automatically recover from failure. A. Perform operations as code --> Operational Excellence B. Enable traceability --> Security C. Automatically scale to meet demand --> Reliability D. Deploy resources globally to improve response time --> Performance Efficiency E. Automatically recover from failure --> Reliability https://aws.amazon.com/blogs/apn/the-6-pillars-of-the-aws-well-architected-framework/

Answer 162

C. AWS CloudFormation AWS CloudFormation enables you to use a template file to create and delete a collection of resources together as a single unit (a stack).

Answer 163

A. Inbound data transfer from the internet There is no charge for inbound data transfer across all services in all Regions. Data transfer from AWS to the internet is charged per service, with rates specific to the originating Region. https://aws.amazon.com/blogs/architecture/overview-of-data-transfer-costs-for-common-architectures/ https://aws.amazon.com/ec2/pricing/on-demand/

Answer 164

D. Amazon Simple Queue Service (Amazon SQS) Amazon SQS FIFO queues preserve the order in which messages are sent and received, and avoid that a message is processed more than once. This ensures that the messages are processed in first-in, first-out (FIFO) order1.

Answer 165

D. AWS CloudShell AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the AWS Management Console. https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html

Answer 166

B. Amazon RDS E. Amazon Aurora Amazon Aurora PostgreSQL is a fully managed, PostgreSQL–compatible. https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.AuroraPostgreSQL.html In addition to the benefits of Aurora, Aurora PostgreSQL offers a convenient migration pathway from Amazon RDS into Aurora, with push-button migration tools that convert your existing RDS for PostgreSQL applications to Aurora PostgreSQL.

Answer 167

D. AWS Snowball Edge AWS Snowball Edge is a type of Snowball device with on-board storage and compute power for select AWS capabilities. Snowball Edge can do local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud.

Answer 168

B. IAM roles IAM provides fine-grained access control across all of AWS. You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

Answer 169

B. AWS Elastic Beanstalk AWS Elastic Beanstalk - deploying and scaling web applications and services developed with Java, . NET, PHP, Node. js, Python, Ruby. Deploy scalable web applications in minutes without the complexity of provisioning and managing underlying infrastructure. https://aws.amazon.com/elasticbeanstalk/

Answer 170

A. Amazon CloudFront Amazon CloudFront is a content delivery network (CDN) service built for high performance, security, and developer convenience. https://aws.amazon.com/cloudfront/

Answer 171

D. AWS Marketplace AWS Marketplace is a curated digital catalog that customers can use to find, buy, deploy, and manage third-party software, data, and services to build solutions and run their businesses. https://docs.aws.amazon.com/marketplace/latest/userguide/what-is-marketplace.html

Answer 172

C. Amazon FSx for Windows File Server Amazon FSx for Windows File Server provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. Amazon FSx has native support for Windows file system features and for the industry-standard Server Message Block (SMB) protocol to access file storage over a network.

Answer 173

A. AWS Firewall Manager AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. Firewall Manager is particularly useful when you want to protect your entire organization rather than a small number of specific accounts and resources, or if you frequently add new resources that you want to protect. https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html

Answer 174

D. Maintain the physical hardware of the infrastructure. https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 175

B. NAT gateway You can use a public NAT gateway to enable instances in a private subnet to send outbound traffic to the internet, while preventing the internet from establishing connections to the instances. https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-scenarios.html

Answer 176

A. Securing the virtualization layer D. Patching the operating system on Amazon RDS instances https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 177

B. S3 Glacier Flexible Retrieval S3 Glacier Flexible Retrieval for archiving data that might infrequently need to be restored, once or twice per year, within a few hours https://docs.aws.amazon.com/prescriptive-guidance/latest/backup-recovery/amazon-s3-glacier.html

Answer 178

D. AWS Identity and Access Management Access Analyzer IAM Access Analyzer is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in IAM Access Analyzer. https://docs.aws.amazon.com/IAM/latest/UserGuide/logging-using-cloudtrail.html

Answer 179

D. AWS Partner Network (APN) The AWS Partner Network (APN) is designed to help companies find qualified third-party consultants, software vendors, and managed service providers who are specialized in working with AWS services. APN Partners offer various levels of support and expertise to assist with maintaining and optimizing AWS environments based on specific business needs.

Answer 180

C. AWS Cost and Usage Report After you create a Cost and Usage Report, AWS sends your report to the Amazon S3 bucket that you specify. AWS updates your report at least once a day until your charges are finalized. Your report files consist of a .csv file or a collection of .csv files and a manifest file. You can choose to configure your report data for integration with Amazon Athena, Amazon Redshift, or Amazon QuickSight. https://docs.aws.amazon.com/cur/latest/userguide/what-is-cur.html

Answer 181

A. AWS Storage Gateway AWS Storage Gateway connects on-premises environments with cloud storage through cached volumes, stored volumes and tape-based backup. https://aws.amazon.com/storagegateway/

Answer 182

B. Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level. Business Tags - Cost Center/Business Unit – Identify the cost center or business unit associated with a resource, typically for cost allocation and tracking. https://docs.aws.amazon.com/tag-editor/latest/userguide/tagging.html

Answer 183

D. AWS Batch AWS Batch is a fully managed service that enables you to run large-scale compute workloads in the cloud without provisioning resources or managing schedulers. https://docs.aws.amazon.com/wellarchitected/latest/high-performance-computing-lens/batch-based-architecture.html

Answer 184

A. Amazon Route 53 D. AWS Global Accelerator Amazon Route 53 provides a global DNS service that can be used as a public or private endpoint for RTC clients to register and connect with media applications. With Amazon Route 53, DNS health checks can be configured to route traffic to healthy endpoints or to independently monitor the health of your application. AWS Global Accelerator continually monitors the health of your application endpoints, and automatically redirects traffic to the nearest healthy endpoints in the event of current endpoints turning unhealthy.

Answer 185

A. Scale the number of EC2 instances in or out automatically, based on demand. You can use scaling policies to increase or decrease the number of instances in your group dynamically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group, between the minimum and maximum capacity values that you specify, and launches or terminates the instances as needed. https://docs.aws.amazon.com/autoscaling/ec2/userguide/auto-scaling-groups.html

Answer 186

B. Deploy globally in minutes. D. Take advantage of economies of scale.

Answer 187

D. AWS Shield AWS provides two levels of protection against DDoS attacks: AWS Shield Standard and AWS Shield Advanced. https://docs.aws.amazon.com/shield/

Answer 188

A. AWS CloudFormation AWS Cloud Development Kit (AWS CDK) accelerates cloud development using common programming languages to model your applications. https://aws.amazon.com/cdk/

Answer 189

D. Spot Instances Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud and are available at up to a 90% discount compared to On-Demand prices.

Answer 190

B. Security groups Security Groups operate at the instance level

Answer 191

D. Increase speed and agility Quickly = Agility/Speed

Answer 192

A. IAM user groups An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a user group called Admins and give that user group typical administrator permissions. Any user in that user group automatically has Admins group permissions. If a new user joins your organization and needs administrator privileges you can assign the appropriate permissions by adding the user to the Admins user group. If a person changes jobs in your organization, instead of editing that user's permissions you can remove them from the old user groups and add them to the appropriate new user groups. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html

Answer 193

B. AWS Secrets Manager https://aws.amazon.com/secrets-manager/

Answer 194

C. AWS Artifact AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI) reports, and Service Organization Control (SOC) reports. You can submit the security and compliance documents (also known as audit artifacts) to your auditors or regulators to demonstrate the security and compliance of the AWS infrastructure and services that you use. https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html

Answer 195

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS) Amazon S3 now applies server-side encryption with Amazon S3 managed keys (SSE-S3) as the base level of encryption for every bucket in Amazon S3. Starting January 5, 2023, all new object uploads to Amazon S3 are automatically encrypted at no additional cost and with no impact on performance. T Unless you specify otherwise, buckets use SSE-S3 by default to encrypt objects. However, you can choose to configure buckets to use server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) instead. https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html

Answer 196

C. Amazon Cognito With Amazon Cognito, you can add user sign-up and sign-in features and control access to your web and mobile applications. https://aws.amazon.com/cognito/

Answer 197

B. AWS Config AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. https://aws.amazon.com/config/

Answer 198

C. 3 hours, 6 minutes On-Demand Instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. https://aws.amazon.com/about-aws/whats-new/2017/10/announcing-amazon-ec2-per-second-billing/ The customer will be billed for 3 hours and 6 minutes because the 6 seconds are rounded up to the next minute.

Answer 199

C. AWS Shield Maximize application availability and responsiveness with managed DDoS protection https://aws.amazon.com/shield/

Answer 200

D. Migration Evaluator Starting today, customers considering AWS for running on-premises workloads can request a business case from Migration Evaluator (Formerly TSO Logic) at no cost. The results captured are used to generate a transparent business case which aligns business and technology stakeholders to provide a prescriptive next step in your migration journey. https://aws.amazon.com/about-aws/whats-new/2020/07/introducing-migration-evaluator-fast-track-business-case-aws/

Answer 201

A. AWS Personal Health Dashboard D. AWS Service Health Dashboard AWS Personal Health Dashboard provides a personalized view into the performance and availability of the AWS services you are using, as well as alerts that are automatically triggered by changes in the health of those services. You can use the AWS Health Dashboard – Service health to view the health of all AWS services. https://aws.amazon.com/about-aws/whats-new/2016/12/introducing-aws-personal-health-dashboard/ https://docs.aws.amazon.com/health/latest/ug/aws-health-dashboard-status.html

Answer 202

C. AWS Database Migration Service (AWS DMS) AWS Database Migration Service (AWS DMS) is a managed migration and replication service that helps you move your databases and analytics workloads to AWS quickly and securely.

Answer 203

B. Rightsizing Rightsize workloads according to your workload preferences through artificial intelligence and machine learning-based analytics to reduce costs by up to 25%. https://aws.amazon.com/compute-optimizer/

Answer 204

B. Amazon Macie Discover and protect your sensitive data at scale https://aws.amazon.com/macie/

Answer 205

B. Reserved Instances Reserved Instances provide a significant discount compared to On-Demand Instances while offering a commitment to a specific instance type in a particular region for a term of 1 or 3 years.

Answer 206

B. AWS customers The answer is B. The customer has to select AWS KMS. If the customer does not explicit select it then nothing will be encrypted.

Answer 207

B. Record API calls made to AWS services. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. It records API calls made on your account, including who made the call, the services used, the actions performed, and when they occurred.

Answer 208

C. Amazon EC2 Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches) https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 209

C. AWS IAM Access Analyzer AWS IAM Access Analyzer is a service that helps you identify and manage access permissions in your AWS environment.

Answer 210

B. Amazon EC2 Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches) https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 211

D. Enterprise Support Users receive access to a support concierge at the Enterprise Support level. With AWS Enterprise Support, customers have access to a support concierge who can help with case management, provide guidance on best practices, and assist with various AWS-related inquiries. https://aws.amazon.com/premiumsupport/plans/

Answer 212

C. AWS Application Composer AWS Application Composer helps you visually compose and configure AWS services into serverless applications backed by infrastructure as code. AWS Application Composer - Visually design and build modern applications quickly https://aws.amazon.com/application-composer/

Answer 213

D. AWS Marketplace AWS Marketplace is the service that provides access to third-party solutions for AWS.

Answer 214

C. Configuration of infrastructure devices AWS is responsible for the underlying infrastructure of the EC2 hosts. https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 215

D. Amazon Aurora Serverless If cost is not a concern and you want the least management overhead, Amazon Aurora Serverless would be the best option. Amazon Aurora Serverless provides the highest level of automation and scalability as it is a serverless database solution. You don't have to worry about managing database instances, scaling, or maintenance. The database automatically scales up and down to meet your application's requirements, and you only pay for the resources you actually use.

Answer 216

D. Provide public endpoints to store and retrieve data. E. Manage the infrastructure layer and the operating system. AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

Answer 217

C. Amazon Route 53 Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. https://docs.aws.amazon.com/route53/

Answer 218

D. Amazon EC2 updates and security patches Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches) https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 219

D. AWS CloudTrail AWS CloudTrail: o Records or logs transactions. o You can use API calls to provision, manage, and configure your AWS resources. With CloudTrail, you can view a complete history of user activity and API calls for your applications and resources (API caller, timeframe, Source IP, etc.).

Answer 220

D. Use On-Demand Instances. The company requires short-term but continuous computing resources. All other options require upfront payment and longer than 6 months contractual obligations.

Answer 221

B. Use AWS Infrastructure Event Management (IEM) support. AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events

Answer 222

A. Use AWS Organizations and create one account for each business unit. Using AWS Organizations allows you to centrally manage and govern multiple AWS accounts. By creating separate accounts for each business unit, you can easily isolate and track costs for each unit without mixing them up. This approach provides a clear separation of resources and costs, simplifying cost management and tracking. Additionally, AWS provides consolidated billing and cost allocation features within Organizations, making it easier to manage billing and costs across multiple accounts.

Answer 223

B. Amazon Timestream Amazon Timestream is a fast, scalable, and serverless time-series database service that makes it easier to store and analyze trillions of events per day up to 1,000 times faster.

Answer 224

A. Configuration management Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. https://aws.amazon.com/compliance/shared-responsibility-model

Answer 225

A. Spot Instances Spot Instances are recommended for stateless, fault-tolerant, flexible applications. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html

Answer 226

D. S3 One Zone-Infrequent Access (S3 One Zone-IA) For a scenario where data is rarely accessed, and the company can regenerate the data if needed, the most cost-effective storage class would be S3 One Zone-Infrequent Access (S3 One Zone-IA). This storage class stores data in a single availability zone, providing cost savings compared to storage classes that store data redundantly across multiple availability zones. https://aws.amazon.com/about-aws/whats-new/2018/04/announcing-s3-one-zone-infrequent-access-a-new-amazon-s3-storage-class/

Answer 227

C. AWS Managed Services (AMS) AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely. https://aws.amazon.com/managed-services/

Answer 228

D. AWS Cloud Development Kit (AWS CDK) The AWS CDK supports TypeScript, JavaScript, Python, Java, C#/.Net, and Go. Developers can use one of these supported programming languages to define reusable cloud components. https://docs.aws.amazon.com/cdk/v2/guide/home.html

Answer 229

D. Standard Reserved Instances The question says that the server is already "right-sized" - so it will not be changing. It will also only be needed for 1 year. Therefore, standard (right-sized) reserved (1 year commitment) instance is the correct answer here.

Answer 230

D. AWS Storage Gateway AWS Storage Gateway connects an on-premises software appliance with cloud-based storage to provide seamless integration with data security features between your on-premises IT environment and the AWS storage infrastructure.

Answer 231

A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage. When your free usage term expires or if your application use exceeds the tiers, you simply pay standard, pay-as-you-go service rates. https://aws.amazon.com/free/?all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=*all&awsf.Free%20Tier%20Categories=*all

Answer 232

D. Operations The Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business. https://aws.amazon.com/cloud-adoption-framework/

Answer 233

A. AWS Cloud Adoption Framework (AWS CAF) Use the AWS CAF to identify and prioritize transformation opportunities, evaluate and improve your cloud readiness, and iteratively evolve your transformation roadmap. https://aws.amazon.com/cloud-adoption-framework/

Answer 234

D. Migration Evaluator Analyze your current state, define your target state, and develop a migration readiness plan with projected cloud costs to reach your financial business objectives faster. https://aws.amazon.com/migration-evaluator/

Answer 235

B. AWS Organizations AWS Organizations is the service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

Answer 236

C. Reliability The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands. https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc&wa-guidance-whitepapers.sort-by=item.additionalFields.sortDate&wa-guidance-whitepapers.sort-order=desc

Answer 237

B. AWS Glue AWS Glue consolidates major data integration capabilities into a single service. These include data discovery, modern ETL, cleansing, transforming, and centralized cataloging. It's also serverless, which means there's no infrastructure to manage. https://docs.aws.amazon.com/glue/latest/dg/what-is-glue.html

Answer 238

C. AWS Snowmobile AWS Snowmobile moves extremely large amounts of data to AWS. Transfer up to 100 PB per Snowmobile, a 45-foot-long ruggedized shipping container pulled by a semi-trailer truck.

Answer 239

C. AWS Budgets You can set up optional notifications that warn you if you exceed, or are forecasted to exceed, your budgeted amount for cost or usage budgets. https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-managing-costs.html

Answer 240

C. Answering billing and account inquiries Billing Assistance - White-glove (Concierge) access to billing issues for Enterprise On-Ramp customers. https://aws.amazon.com/premiumsupport/plans/

Answer 241

B. Reserved Instances A Reserved Instance offers cost savings of up to 72% over On-Demand price. In addition, Reserved Instance three-year terms offer much greater savings over one-year terms. https://aws.amazon.com/compare/the-difference-between-on-demand-instances-and-reserved-instances/#:~:text=A%20Reserved%20Instance%20offers%20cost,savings%20over%20one%2Dyear%20terms.

Answer 242

C. Savings Plans Savings Plans provide significant savings over On-Demand pricing, in exchange for a commitment to a consistent amount of usage (measured in $/hr) for a 1 or 3 year period.

Answer 243

B. Performance efficiency C. Cost optimization https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc&wa-guidance-whitepapers.sort-by=item.additionalFields.sortDate&wa-guidance-whitepapers.sort-order=desc

Answer 244

C. Use Amazon CloudFront with the EC2 instances configured as the source. Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of your websites, APIs, video content, or other web assets. In this scenario, using Amazon CloudFront is the most suitable option to minimize latency for users all over the world.

Answer 245

C. AWS Snow Family Purpose-built devices to cost effectively move petabytes of data, offline. Lease a Snow device to move your data to the cloud. https://aws.amazon.com/snow/

Answer 246

D. AWS offers high availability. E. AWS provides economies of scale.

Answer 247

A. Spot Instances

Answer 248

B. Cost optimization recommendations D. Security checks Trusted Advisor inspects your AWS environment, and then makes recommendations when opportunities exist to save money, improve system availability and performance, or help close security gaps. https://docs.aws.amazon.com/awssupport/latest/user/trusted-advisor.html

Answer 249

B. S3 Lifecycle With S3 Lifecycle configuration rules, you can tell Amazon S3 to transition objects to less-expensive storage classes, or archive or delete them. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html

Answer 250

D. Global reach Deploying applications across multiple AWS Regions allows companies to provide low-latency access to their services for users in different geographical locations, thereby improving global reach and availability.

Answer 251

D. AWS Snowball Edge AWS Snowball Edge is a type of Snowball device with on-board storage and compute power for select AWS capabilities. Snowball Edge can do local processing and edge-computing workloads in addition to transferring data between your local environment and the AWS Cloud.

Answer 252

B. Make frequent, small, reversible changes. https://docs.aws.amazon.com/wellarchitected/latest/framework/oe-design-principles.html

Answer 253

D. Management of infrastructure is offloaded to AWS. With serverless computing, developers can focus on writing code without worrying about server provisioning, scaling, or maintenance. AWS takes care of the underlying infrastructure, allowing developers to concentrate on building and deploying applications.

Answer 254

C. AWS Security Token Service (AWS STS) AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for users.

Answer 255

D. AWS WAF AWS WAF (Web Application Firewall) is a web application firewall service that helps protect web applications from common web exploits and attacks, including SQL injection attacks. https://aws.amazon.com/waf/

Answer 256

D. Reserved Instances

Answer 257

C. Maintain the configuration of guest operating systems and applications. D. Manage decisions involving encryption options. https://aws.amazon.com/compliance/shared-responsibility-model/

Answer 258

B. IAM credential reports https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html IAM credential reports are delivered in CSV format. "mfa_active" is one of many columns of this report. When a MFA device is enabled for the user, value of this column is TRUE.

Answer 259

D. AWS Security Hub AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation. AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices. Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.

Answer 260

B. Operational excellence The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value.

Answer 261

C. Amazon Macie

Answer 262

C. AWS Artifact

Answer 263

C. Download the IAM credential report, then provide the report to the auditor. You can use the AWS Management Console to download a credential report as a comma-separated values (CSV) file. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

Answer 264

A. Allow access to an Amazon EC2 instance through only a specific port. You can specify the source, port range, and protocol for each inbound rule. You can specify the destination, port range, and protocol for each outbound rule. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html

Answer 265

A. Accelerated computing Accelerated computing instances are made to work with graphic intensive workloads. If you require high processing capability, you'll benefit from using accelerated computing instances, which provide access to hardware-based compute accelerators such as Graphics Processing Units (GPUs), Field Programmable Gate Arrays (FPGAs), or AWS Inferentia. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/accelerated-computing-instances.html

Answer 266

A. They are stateless. D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic. NACLs are stateless, which means that information about previously sent or received traffic is not saved. Each rule has a number from 1 to 32766. We evaluate the rules in order, starting with the lowest numbered rule, when deciding whether allow or deny traffic. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

Answer 267

B. Data engineering C. Continuous integration and continuous delivery (CI/CD)

Answer 268

B. Amazon EC2 instances The customer is responsible for applying the latest security updates and patches to Amazon EC2 instances.

Answer 269

D. S3 Intelligent-Tiering S3 Intelligent-Tiering is the ideal storage class for data with unknown, changing, or unpredictable access patterns, independent of object size or retention period. https://aws.amazon.com/s3/storage-classes/intelligent-tiering/

Answer 270

C. Incident response D. Infrastructure protection

Answer 271

B. Create a custom IAM policy. An AWS managed policy is a standalone policy that is created and administered by AWS. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html

Answer 272

B. The customer is responsible for rotating keys.

Answer 273

C. AWS Marketplace AWS Marketplace allows you to find, purchase, and deploy a wide range of pre-configured third-party software, including firewall solutions, on your Amazon EC2 instances.

Answer 274

C. Agility Agility in cloud computing refers to the ability to quickly develop, test, and launch applications that the business needs.

Answer 275

D. Physical and environmental controls

Answer 276

C. The root user is the first sign-in identity that is available when an AWS account is created.

Answer 277

D. AWS CloudTraiI AWS CloudTrail is the service that records API calls and related events made on your AWS account.

Answer 278

A. AWS CLI The AWS CLI is a command-line tool provided by AWS that allows developers and administrators to interact with AWS services directly from the command line.

Answer 279

C. AWS DataSync AWS DataSync is a service designed for securely transferring large amounts of data between on-premises storage and Amazon S3, Amazon EFS, or Amazon FSx for Windows File Server.

Answer 280

B. AWS CloudFormation CloudFormation will allow you to use infrastructure as code and allow you to repeat deployments fast and always be the same.

Answer 281

D. AWS CodeStar AWS CodeStar is a cloud-based service for creating, managing, and working with software development projects on AWS. You can quickly develop, build, and deploy applications on AWS with an AWS CodeStar project. https://docs.aws.amazon.com/cloud9/latest/user-guide/codestar-projects.html

Answer 282

D. Hybrid AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience. https://aws.amazon.com/outposts/

Answer 283

D. Amazon Neptune Amazon Neptune is a fully managed graph database service that scales to handle billions of relationships and lets you query them with milliseconds latency, at a low cost for that kind of capacity. https://docs.aws.amazon.com/neptune/latest/userguide/graph-get-started.html

Answer 284

D. AWS WorkSpaces Amazon WorkSpaces offers an easy way to provide a cloud-based desktop experience to your end users https://docs.aws.amazon.com/workspaces/

Answer 285

A. VPC Flow Logs VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html

Answer 286

B. Amazon EC2 instance store An instance store provides temporary block-level storage for your instance. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Answer 287

A. Amazon FSx File Gateway Amazon FSx File Gateway optimizes on-premises access to fully managed, highly reliable file shares in Amazon FSx for Windows File Server. https://aws.amazon.com/storagegateway/file/fsx/

Answer 288

B. Amazon S3 Amazon S3 is object storage built to store and retrieve any amount of data from anywhere. S3 is a simple storage service that offers industry leading durability, availability, performance, security, and virtually unlimited scalability at very low costs.

Answer 289

D. Amazon CloudWatch alarm Amazon CloudWatch is a monitoring service that provides data and actionable insights for AWS resources. You can set up CloudWatch alarms to monitor metrics, such as CPU utilization, and trigger Auto Scaling actions based on defined thresholds.

Answer 290

B. People https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/people-perspective.html

Answer 291

D. AWS Database Migration Service (AWS DMS) AWS Database Migration Service (DMS) is the service designed to help migrate on-premises databases to managed cloud database services in a simplified manner. It supports various database engines and provides a reliable and efficient way to migrate data with minimal downtime.

Answer 292

C. Amazon FSx for Windows File Server Provide highly available, high performance storage to your Windows applications with full SMB support. https://aws.amazon.com/fsx/windows/

Answer 293

B. Amazon Athena Amazon Athena is a serverless, interactive analytics service built on open-source frameworks, supporting open-table and file formats.

Answer 294

B. AWS re:Post re:Post provides access to curated knowledge and a vibrant community that helps you become even more successful on AWS. https://repost.aws/

Answer 295

A. Amazon Kendra Amazon Kendra is an intelligent search service that uses natural language processing and advanced machine learning algorithms to return specific answers to search questions from your data. https://docs.aws.amazon.com/kendra/latest/dg/what-is-kendra.html

Answer 296

B. Amazon CloudFront C. AWS Global Accelerator CloudFront is a content delivery network (CDN) service that uses a global network of edge locations to deliver content, such as web pages, videos, and images, to users with low latency and high transfer speeds. Global Accelerator is a service that uses a network of AWS edge locations to route traffic over the AWS global network, improving the availability and performance of applications.

Answer 297

C. Choose Amazon RDS for MySQL. Amazon RDS (Relational Database Service) is a fully managed relational database service that takes care of tasks such as hardware provisioning, database setup, patching, and backups.

Answer 298

B. AWS Elastic Beanstalk Deploy scalable web applications in minutes without the complexity of provisioning and managing underlying infrastructure.

Answer 299

A. AWS Software Development Kit The AWS Software Development Kit (SDK) is the mechanism that allows developers to access AWS services from application code. The SDK provides libraries and APIs that developers can use to interact with AWS services programmatically.

Answer 300

B. Threat detection Understand and identify potential security misconfigurations, threats, or unexpected behaviors. A better understanding of security threats will enable you to prioritize protective controls. https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-perspective.html

Answer 301

C. AWS Direct Connect AWS Direct Connect is the service that allows a company to establish a private network connection between its corporate network and an Amazon Virtual Private Cloud (Amazon VPC).

Answer 302

C. VPC peering E. AWS Transit Gateway A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them privately. You can configure your transit gateway as multiple isolated routers - which can route traffic between VPC's. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-peering.html https://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-isolated.html

Answer 303

C. Amazon Polly Deploy high-quality, natural-sounding human voices in dozens of languages https://aws.amazon.com/polly/

Answer 304

A. Amazon Lightsail LightSail gets you started quickly with preconfigured Linux and Windows application stacks and an intuitive management console. https://aws.amazon.com/lightsail/

Answer 305

A. Amazon EC2 C. Amazon SageMaker Savings Plan are available for: - Compute Savings Plans - EC2 Instance Savings Plans - SageMaker Savings Plans https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html

Answer 306

C. AWS Cost Explorer The rightsizing recommendations feature in Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating instances in Amazon Elastic Compute Cloud (Amazon EC2). https://docs.aws.amazon.com/cost-management/latest/userguide/ce-rightsizing.html

Answer 307

B. Amazon Redshift Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to efficiently analyze all your data using your existing business intelligence tools. https://docs.aws.amazon.com/redshift/

Answer 308

C. Amazon Comprehend Uncover valuable insights from text in documents, customer support tickets, product reviews, emails, social media feeds, and more. Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover valuable insights and connections in text.

Answer 309

C. Protection of physical network infrastructure

Answer 310

A. Envision phase B. Align phase https://aws.amazon.com/cloud-adoption-framework/

Answer 311

A. IAM credential report You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

Answer 312

C. Operational excellence https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/operational-excellence.html

Answer 313

A. S3 Inventory report https://docs.aws.amazon.com/AmazonS3/latest/userguide/storage-inventory.html

Answer 314

C. AWS IAM Identity Center (AWS Single Sign-On) AWS Single Sign-On (SSO) enables centralized authentication and authorization across multiple AWS accounts and other business applications. It allows users to sign in once and access resources in various accounts without the need for separate credentials for each account.

Answer 315

B. Security groups Security groups act as virtual firewalls for your Amazon EC2 instances, controlling inbound and outbound traffic.

Answer 316

A. Multi-Region Using a Multi-Region architecture allows you to distribute your application across different AWS regions, providing redundancy and minimizing the impact of potential regional failures.

Answer 317

C. AWS Management Console The Management Console provides a number of organized and human-friendly ways to review, monitor, and interact with resources that you have created https://aws.amazon.com/console/features/

Answer 318

A. AWS Identity and Access Management (IAM) AWS IAM is the service specifically designed for managing access to AWS services and resources.

Answer 319

B. Cloud financial management C. Application portfolio management https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/governance-perspective.html

Answer 320

D. AWS Migration Hub AWS Migration Hub (Migration Hub) provides a single place to discover your existing servers, plan migrations, and track the status of each application migration.

Answer 321

A. Use Amazon EC2 Instance Connect. D. Use AWS Systems Manager Session Manager. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-to-linux-instance.html

Answer 322

D. Elasticity

Answer 323

B. The deletion of an AWS account. https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-tasks.html

Answer 324

C. Automatic cost savings by moving objects between tiers based on access pattern changes Amazon S3 Intelligent-Tiering is the only cloud storage class that delivers automatic storage cost savings when data access patterns change, without performance impact or operational overhead. https://aws.amazon.com/s3/storage-classes/intelligent-tiering/

Answer 325

A. Spot Instances https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html

Answer 326

A. Envision Envision phase focuses on demonstrating how cloud will help accelerate your business outcomes. https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-transformation-journey.html

Answer 327

A. Internet gateway An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html

Answer 328

D. AWS CloudFormation For AWS cloud development, the built-in choice for infrastructure as code is AWS CloudFormation.

Answer 329

C. Design for automated recovery from failure. From a design principle standpoint, its more important to recover from failure than to plan ahead for peak capacity.

Answer 330

B. AWS Snowmobile AWS Snowmobile moves extremely large amounts of data to AWS. Transfer up to 100 PB per Snowmobile, a 45-foot-long ruggedized shipping container pulled by a semi-trailer truck. https://aws.amazon.com/snowmobile/

Answer 331

B. Performance efficiency E. Operational excellence https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html

Answer 332

C. AWS Direct Connect https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Answer 333

A. Maximize utilization of Amazon EC2 instances. E. Reduce the need for users to reinstall applications. https://docs.aws.amazon.com/wellarchitected/latest/sustainability-pillar/design-principles-for-sustainability-in-the-cloud.html

Answer 334

A. AWS replaces upfront capital expenditures with pay-as-you-go costs. D. AWS uses economies of scale to continually reduce prices. https://aws.amazon.com/blogs/publicsector/tco-cost-optimization-best-practices-for-managing-usage/

Answer 335

C. AWS Outposts AWS Outposts allows you to deploy AWS-designed infrastructure on-premises, providing a consistent hybrid experience. With AWS Outposts, you can run compute and storage workloads locally on your premises while seamlessly connecting to the rest of AWS's broad array of services in the cloud. https://docs.aws.amazon.com/outposts/latest/userguide/what-is-outposts.html

Answer 336

D. AWS Fargate E. AWS Lambda AWS Fargate is a serverless compute engine for containers that allows you to run containers without managing the underlying infrastructure. AWS Lambda is a fully serverless compute service that allows you to run code without provisioning or managing servers. It automatically scales your applications in response to incoming traffic.

Answer 337

C. Dedicated Hosts Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses https://aws.amazon.com/ec2/dedicated-hosts/

Answer 338

D. AWS Auto Scaling If there are issues that cause Amazon EC2 to consider the instances in your Auto Scaling group impaired, Amazon EC2 Auto Scaling automatically replaces the impaired instances as part of its health check. https://docs.aws.amazon.com/autoscaling/ec2/userguide/ts-as-healthchecks.html

Answer 339

B. AWS Storage Gateway Provide on-premises applications with access to virtually unlimited cloud storage. https://aws.amazon.com/storagegateway/

Answer 340

B. Secure delivery of data, videos, applications, and APIs to users globally with low latency Amazon CloudFront is a content delivery network (CDN) service that helps you distribute your static and dynamic content quickly and reliably with high speed https://aws.amazon.com/cloudfront/

Answer 341

D. AWS Elastic Beanstalk AWS Elastic Beanstalk helps you deploy and manage web applications with capacity provisioning, app health monitoring, and more. https://aws.amazon.com/elasticbeanstalk/

Answer 342

C. Amazon QuickSight Q With the Generative business intelligence (BI) capabilities of Amazon Q in QuickSight, BI users can build, discover, and share actionable insights and narratives in seconds using intuitive natural language experiences. https://aws.amazon.com/quicksight/q/

Answer 343

B. S3 Transfer Acceleration S3TA improves transfer performance by routing traffic through Amazon CloudFront’s globally distributed Edge Locations and over AWS backbone networks, and by using network protocol optimizations. https://aws.amazon.com/s3/transfer-acceleration/

Answer 344

B. Amazon DynamoDB Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html

Answer 345

C. Amazon Aurora Amazon Aurora is a global-scale relational database service built for the cloud with full MySQL and PostgreSQL compatibility. https://aws.amazon.com/rds/aurora/

Answer 346

D. Loosely couple components. Loosely couple components (microservices) are conceptually small pieces of "monolithic" application created/implemented to isolate failures between dependent components in the AWS Cloud

Answer 347

B. Global reach https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html Go Global in minutes = Global Reach

Answer 348

C. Amazon CloudWatch Amazon CloudWatch is an AWS monitoring service for cloud resources and the applications that you run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. https://docs.aws.amazon.com/prescriptive-guidance/latest/logging-monitoring-for-application-owners/aws-services-logging-monitoring.html

Answer 349

A. Amazon EC2 AWS Compute Optimizer helps avoid overprovisioning and underprovisioning four types of AWS resources—Amazon Elastic Compute Cloud (EC2) instance types, Amazon Elastic Block Store (EBS) volumes, Amazon Elastic Container Service (ECS) services on AWS Fargate, and AWS Lambda functions—based on your utilization data. https://aws.amazon.com/compute-optimizer/

Answer 350

B. AWS Application Discovery Service AWS Application Discovery Service helps you plan your migration to the AWS cloud by collecting usage and configuration data about your on-premises servers and databases. Application Discovery Service is integrated with AWS Migration Hub and AWS Database Migration Service Fleet Advisor. https://docs.aws.amazon.com/application-discovery/latest/userguide/what-is-appdiscovery.html

Answer 351

B. Amazon Simple Notification Service (Amazon SNS) Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers (also known as producers and consumers). https://docs.aws.amazon.com/sns/latest/dg/welcome.html

Answer 352

A. AWS Pricing Calculator AWS Pricing Calculator is a free web-based planning tool that you can use to create cost estimates for using AWS services. https://docs.aws.amazon.com/pricing-calculator/latest/userguide/what-is-pricing-calculator.html

Answer 353

A. Organizational alignment C. Organization design A and C are correct. https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

Answer 354

A. Program and project management D. Risk management https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

Answer 355

A. Landing zone and network management The customer must configure the rest of the options.

Answer 356

C. AWS Backup AWS Backup provides a centralized backup console, a set of backup APIs, and the AWS Command Line Interface (AWS CLI) to manage backups across the AWS services that your applications use. https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html

Answer 357

C. Performance efficiency

Answer 358

A. Cost allocation tags Cost allocation tags enable you to categorize and track your AWS costs. When you apply tags to your AWS resources (such as EC2 instances or S3 buckets), AWS generates a Cost and Usage Report that includes usage and costs aggregated by tags.

Answer 359

C. Amazon Detective Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of security issues or suspicious activities. It automatically collects log data from your AWS resources and uses machine learning, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct investigations.

Answer 360

B. Amazon Cognito Amazon Cognito provides authentication, authorization, and user management for web and mobile apps. Users can sign in directly with a user name and password, or through third-party identity providers such as Facebook, Google, and Amazon, as well as through enterprise identity providers via SAML 2.0.

Answer 361

D. AWS Elastic Beanstalk AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

Answer 362

D. AWS SDKs WS SDKs provide a set of tools for developers to integrate with and manage AWS services programmatically. These SDKs support multiple programming languages, including Java, Python, .NET, Node.js, PHP, Ruby, and Go, among others, enabling developers to use the language they are most comfortable with to interact with AWS services

Answer 363

A. Migration Evaluator The complimentary AWS service that helps create data-driven business cases for cloud planning is AWS Migration Evaluator, formerly known as TSO Logic. AWS Migration Evaluator assists organizations in understanding the cost-benefits of moving to AWS by analyzing their current on-premises IT infrastructure usage and costs.

Answer 364

C. Patch management of the underlying infrastructure for managed services

Answer 365

D. Platform https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/foundational-capabilities.html

Answer 366

A. Compute Savings Plans

Answer 367

B. Amazon CloudWatch

CLF-C02 Questions Flashcards

(393 cards)