whizlab incorrect answers Flashcards
1
Q
I need to migrate millions of customers’ financial transaction data from the On-Premise Mainframe system to a non-relational database in AWS. The database should also provide good performance for data retrieval and data analytics. Which of the following Database services is the most suitable?
A. Amazon RDS
B. Amazon RedShift
C. Amazon ElastiCache
D. Amazon DynamoDB
A
D.
2
Q
A client who has adopted AWS cloud services would like to ensure that his systems always scale with increasing traffic for a great end-user experience. I have implemented the same by defining AutoScaling Scale-In & Scale-Out policies & CloudWatch alarms that trigger the AutoScaling. Which Cloud Architecture Design principles have I implemented here? Select TWO most suitable options.
A. Encryption B. Operational Excellence C. Performance Efficiency D. Cost Optimization E. Least privilege
A
B.
C.
3
Q
Which of the following may NOT be an Economic benefit to a client using AWS cloud services?
A. The Client is running a dedicated MySQL Database Server on AWS with his own CPU bound license (BOYL).
B. The Client is running Spot Instances for batch data processing workloads.
C. The client is running applications with a relatively predictable & consistent resource Demand using AWS Reserved Instances.
D. The client is using S3 Intelligent Tiering storage class while uploading objects.
E. The client is using an Active - Passive failover routing strategy of his On - Promise Data Center to AWS cloud.
A
A
4
Q
Which of the following AWS resources or the AWS features (cloud concepts) does NOT provide automation capabilities?
A. AWS Elastic Beanstalk
B. Amazon DynamoDB
C. AWS CloudFormation
D. RDS manual snapshot
A
D
5
Q
I have certain applications On-Premises that experience times within a year where infrastructure takes a heavier load impact (e.g., Christmas, Thanksgiving, etc.) than other times in the year. You do not want to decommission the on-premises infrastructure. What is the easiest and most cost-effective way in which I can handle this load?
A. By moving all my infrastructure to AWS Cloud and using On-Demand capacity
B. By creating a Private Cloud environment in my On-Premises data center that will provide me with the required elasticity
C. By using Scheduled Reserved Instances to match capacity reservation for the load
D. By provisioning Burst Capacity on the AWS Cloud for the duration of the load
A
D.
6
Q
To make programmatic calls to AWS, a user was provided an access key ID and secret access key. However, the user has now forgotten the shared credentials and cannot make the required programmatic calls.
How can an access key ID and secret access key be provided to the user?
A. Use the “Forgot Password” Option
B. Use “Create New Access Key” by logging in to AWS Management Console as the root user.
C. Credentials can not be generated
D. Raise a ticket with AWS Support
A
B
7
Q
When provisioning a security certificate from AWS Certificate Manager (ACM). which of the following statements is true? Choose TWO.
A. ACM-issued security certificate cannot be applied to an Application load balancer.
B. To verify a security certificate, a CNAME record would need to be created.
C. Third-party security certificates cannot be applied to AWS resources.
D. To verify a security certificate, the administrator would need to acknowledge a verification email sent to an address of their choice.
E. A security certificate issued in ACM can only be applied to one AWS resource.
A
B. To verify a security certificate, a CNAME record would need to be created.
D. To verify a security certificate, the administrator would need to acknowledge a verification email sent to an address of their choice.
8
Q
An administrator would like VPCs in three different AWS accounts to access on-premise resources via a VPN connection terminating on a Transit Gateway. Each of the VPCs is in distinct AWS regions. How can this be achieved?
A. Use AWS Resource Access Manager (RAM) to share the Transit Gateway resource.
B. Configure a Virtual Private Gateway (VGW) for each VPC and then extend the VPN tunnels to them.
C. Create VPC attachments from each of the VPCs to the Transit Gateway.
D. Configure VPC peering connections between the VPCs and then route traffic from on-premise through the VPN to the Transit Gateway and then to each VPC peer.
A
A. Use AWS Resource Access Manager (RAM) to share the Transit Gateway resource.
9
Q
During an audit process, an organization is advised by the audit committee to centrally manage all the VPC security groups and WAF rules across their AWS environment. Given that the organization has multiple AWS accounts, how can this be achieved?
A. AWS Identity & Access Management (IAM)
B. AWS Firewall Manager
C. Amazon Cloud Directory
D. AWS Security Hub
A
B. AWS Firewall Manager makes it possible to manage VPC security groups, AWS Shield Advanced and WAF rules on one platform even across multiple AWS accounts.
A. IAM does not allow for the management of VPC security groups or WAF rules.
C. Amazon Cloud Directory is a repository for developer objects. The service does not have the functionality to centrally manage all the VPC security groups or WAF rules in the AWS environment
D. AWS Security Hub is a full-view. single-look, comprehensive depiction of the security state of the customer’s AWS environment
10
Q
Which of the following statements accurately describe a function of AWS Secrets Manager? [Select Two]
A. Encrypts authentication information in code, ensuring that it is unreadable, that is, not in plain-text.
B. Replaces the need to hardcode authentication credentials in code.
C. Makes it possible to include an API call in code that retrieves authentication information from a central repository.
D. Automatically rotates and updates the code in the application build, ensuring that repositories are kept up to date.
E. Facilitates the embedding of authentication information in code during runtime.
A
B,C
11
Q
A client has decided to go for a MySQL RDS database on the AWS cloud-based on its Scalability & High Availability features. When he does so, what role does he play in making the database secure? (Select TWO)
A. He can restrict RDS database access by using a Security Group.
B. He can provide the most recent updates of his database software installed on the EC2 Instance for preventing Security attacks.
C. He can provide the most recent versions of his Operating System on the EC2 instance for preventing Security attacks.
D. He can Encrypt database data at rest by using EBS volume storage encryption.
E. He can plan for backup & recovery strategies for data that may be lost.
A
A. He can restrict RDS database access by using a Security Group.
E. He can plan for backup & recovery strategies for data that may be lost.
12
Q
I have a Mobile App that needs to access AWS resources like S3, DynamoDB. What is the best way to allow users of the mobile app access to these AWS resources?
A. Keep the Security Credentials associated with the AWS resource access within the Mobile App
B. Use Security Token Service (STS) with Identity Federation that will allow an User access to resources within a session
C. Create Users & Groups within IAM and assign IAM policies for accessing the resources
D. Have the mobile app connect to another web application running on an EC2 instance that can assume a role for accessing the AWS resources
A
B. A mobile app that becomes popular can have a large user base. The best way to provide access to AWS resources in this scenario will be to use Federated Identity access using External Identity Providers(IcIP) like Amazon, Facebook, Google etc.
13
Q
I have a compliance requirement for my application, stating that unrestricted SSH access to any EC2 instance needs to be immediately notified to an admin. Which services can I use to achieve the requirement?
A. AWS Trusted Advisor, Amazon SNS
B. AWS Inspector, Amazon SNS
C. AWS Config, Amazon SNS
D. Both B & C right
A
D. Both AWS Inspector & AWS Config can scan EC2 instances, access their network exposure, and then integrate with Amazon SNS to send notifications. Trusted Advisor also can check for overly permissive access of EC2 instances. Still, the notifications can be performed by monitoring the Trusted Advisor check results with AWS CloudWatch events that can use specific targets like Lambda. SNS etc.
14
Q
A startup is using only an AWS Basic Support plan and cannot afford a higher plan right now. They require technical assistance from AWS to better understand the behavior of their services.
Which of the following can be a source of technical assistance for this startup?
AWS Technical Account Manager
AWS Discussion Forums
AWS Trusted Advisor
AWS Concierge Support
A
AWS Discussion Forums
15
Q
Which of the following are valid use cases supported by Amazon CloudFront? (Select TWO.)
Schema Conversion Serverless Interactive Query Live and on-demand video streaming Automated Backups Static asset caching
A
– Static asset caching
– Live & on-demand video streaming
16
Q
Which of the following services offers you the same AWS hardware infrastructure, services, APIs, and tools to build and run your applications on-premises and in the cloud?
AWS Organizations
AWS Wavelength
AWS Lambda
AWS Outposts
A
AWS Outposts
17
Q
A company plans to use an application streaming service to give its employees instant access to their desktop applications from any device.
Which of the following services fulfills this requirement?
AWS AppSync
Amazon Kinesis Data Streams
Amazon AppStream 2.0
Amazon WorkSpaces
A
Amazon AppStream 2.0
18
Q
A company plans to migrate on-premises VMs to AWS. To coordinate the large-scale migration, they must find a way to automate, schedule, and track the entire procedure.
Which of the following services should they use?
Use AWS Migration Hub to track the progress of migrations.
Use AWS Application Migration Service to migrate on-premises workloads to AWS.
Use Amazon CloudWatch to monitor the migration process.
Use AWS Database Migration Service to migrate on-premises workloads to AWS.
A
AWS Application Migration Service (MGN) is the primary migration service recommended for lift and shift migrations to AWS.
19
Q
A gaming company needs a service that uses the AWS global network to optimize users’ access speed to their applications through an anycast static IP address. Which of the following services fits this criteria?
AWS Global Accelerator
Amazon ElastiCache
Amazon CloudFront
Amazon Route 53
A
AWS Global Accelerator
Amazon ElastiCache is incorrect because it cannot route user traffic to the optimal endpoint. ElastiCache is primarily used to improve web applications’ performance by allowing you to retrieve information from a fast, managed, in-memory system, instead of relying entirely on slower disk-based databases.
Amazon CloudFront is incorrect. Although CloudFront uses the AWS global network, this is best used for HTTP use cases and securing access over your endpoints. CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint. In addition, CloudFront is not capable of providing static Anycast IP addresses.
Amazon Route 53 is incorrect because it doesn’t use a static Anycast IP address to minimize the latency for end-users. Route 53 is a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. Also, Route 53 is mainly used to translate specific domain names into their corresponding IP addresses.
20
Q
Which of the following provides you the most granular data about your AWS costs and usage and also load that information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice?
AWS Budgets
AWS Cost Explorer
Consolidated Billing
AWS Cost and Usage report
A
The Cost and Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage.
21
Q
Which type of Elastic Load Balancer supports path-based routing, host-based routing, and bi-directional communication channels using WebSockets?
Classic Load Balancer
Network Load Balancer
Application Load Balancer
Both Application Load Balancer and Network Load Balancer
A
Application Load Balancers support path-based routing, host-based routing, WebSockets and support for containerized applications
22
Q
Which of the following is the most cost-effective AWS Support Plan to use if you need access to AWS Support API for programmatic case management?
Basic
Business
Developer
Enterprise
A
Business
Both Basic and Developer support plans are incorrect since these types do not have access to the AWS Support API.
23
Q
Users from different parts of the globe are complaining about the slow performance of the newly launched photo-sharing website in loading their high-resolution images. Which combination of AWS services should you use to serve the files with lowest possible latency? (Select TWO.)
AWS Storage Gateway Amazon Glacier Amazon S3 Amazon CloudFront Amazon Elastic File System
A
– Amazon S3
– Amazon CloudFront
AWS Storage Gateway is incorrect because this is just a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage in AWS.
Amazon Elastic File System is incorrect because this is not a suitable service to use to store static content unlike S3. It is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability. In addition, you can’t directly connect it to CloudFront, unlike S3.
Amazon Glacier is incorrect because this is primarily used for data archival with usually a long data retrieval time. Like EFS, you can’t directly connect it to CloudFront too, unlike Amazon S3.
24
Q
A company has enlisted the help of TDojo Consulting Co. to assist them in designing an AWS disaster recovery solution for their on-premises bare metal servers and SQL databases. The implementation has to be robust, fast, and simple to use. It should also prevent any type of data loss from occurring. The company would like to keep track of the status of the migration.
Which tool should the team adopt for the DR solution?
AWS Migration Hub
CloudEndure
AWS Database Migration Service
AWS Server Migration Service
A
CloudEndure Disaster Recovery is a tool that minimizes downtime and data loss by providing fast, reliable recovery of physical, virtual, and cloud-based servers into AWS Cloud.
AWS Server Migration Service is incorrect because this service cannot migrate bare metal servers. It is also not the best solution for this scenario, since we are not performing a migration.
AWS Database Migration Service is incorrect because this service cannot migrate bare metal servers. It is also not the best solution for this scenario, since we are not performing a migration.
AWS Migration Hub is incorrect because this service is for monitoring the state of your migrations. It does not handle disaster recovery.
25
Which of the following are the things that Amazon CloudWatch Logs can accomplish? (Select TWO.)
Create alarms that automatically stop, terminate, reboot, or recover your EC2 instances.
Record AWS Management Console actions and API calls.
Adjust the retention policy for each log group.
Store your log data at absolutely no charge.
Monitor application logs from Amazon EC2 Instances.
Monitor application logs from Amazon EC2 Instances.
Adjust the retention policy for each log group.
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources.
The option that says: record AWS Management Console actions and API calls is incorrect because this refers to CloudTrail and not CloudWatch Logs.
The option that says: create alarms that automatically stop, terminate, reboot, or recover your EC2 instances is incorrect because this is actually a task that can be accomplished by CloudWatch Alarms.
The option that says: store your log data at absolutely no charge is incorrect because this service is not entirely free and you still have to pay for your usage.
26
Which AWS services should you use to store rapidly changing data with low read and write latencies? (Select TWO.)
```
Amazon RDS
Amazon AppStream 2.0
AWS Snowball
Amazon EBS
Amazon S3
```
Amazon EBS and Amazon RDS
27
Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images?
Amazon SageMaker
Amazon CloudSearch
Amazon Rekognition
Amazon Macie
Amazon Rekognition.
Amazon Macie is incorrect because it is a security service and not suitable for visual analysis. It uses machine learning to automatically discover, classify, and protect sensitive data in AWS.
Amazon SageMaker is incorrect because this is a service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly in AWS.
Amazon CloudSearch is incorrect because this service is used to set up, manage, and scale a search solution for your website or application in AWS.
28
Which service allows you to add powerful visual analysis feature to your applications that enables you to search, verify, and organize millions of images?
Amazon SageMaker
Amazon CloudSearch
Amazon Rekognition
Amazon Macie
Amazon Rekognition.
Amazon Macie is incorrect because it is a security service and not suitable for visual analysis. It uses machine learning to automatically discover, classify, and protect sensitive data in AWS.
Amazon SageMaker is incorrect because this is a service that provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly in AWS.
Amazon CloudSearch is incorrect because this service is used to set up, manage, and scale a search solution for your website or application in AWS.
29
A new AWS customer needs to deploy up to 100 t3a.large EC2 instances on their recently launched VPC, which is way beyond the default service limit. What should they do so they can launch their additional instances?
Use AWS Trusted Advisor to increase the default service limits for EC2 instances.
Do nothing. You can directly launch 100 t3a.large EC2 instances at the same time since AWS will automatically increase your service limit for you.
Create a case in the AWS Support Center page and request a service limit increase.
Enable Enhanced Networking.
Create a case in the AWS Support Center page and request a service limit increase.
29
A new AWS customer needs to deploy up to 100 t3a.large EC2 instances on their recently launched VPC, which is way beyond the default service limit. What should they do so they can launch their additional instances?
Use AWS Trusted Advisor to increase the default service limits for EC2 instances.
Do nothing. You can directly launch 100 t3a.large EC2 instances at the same time since AWS will automatically increase your service limit for you.
Create a case in the AWS Support Center page and request a service limit increase.
Enable Enhanced Networking.
Create a case in the AWS Support Center page and request a service limit increase.
30
You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO.)
```
AWS Security Token Service (STS)
Amazon Aurora
Amazon RDS
Amazon S3
AWS Identity and Access Management (IAM)
```
– Amazon RDS
– Amazon Aurora
31
You are permitted to conduct security assessments and penetration testing without prior approval against which AWS resources? (Select TWO.)
```
AWS Security Token Service (STS)
Amazon Aurora
Amazon RDS
Amazon S3
AWS Identity and Access Management (IAM)
```
– Amazon RDS
– Amazon Aurora
32
Which service does AWS use to notify you when AWS is experiencing events that may impact you?
AWS Personal Health Dashboard
AWS Service Health Dashboard
Amazon SNS
AWS Support Center
AWS Personal Health Dashboard
33
A company needs to troubleshoot an issue on their serverless application which is composed of an API Gateway, Lambda function, and a DynamoDB database. Which service should they use to trace user requests as they travel through their entire application?
AWS CloudTrail
Amazon CloudWatch
Amazon Inspector
AWS X-Ray
AWS X-Ray.
Amazon CloudWatch is incorrect. Although you can troubleshoot the issue by checking the logs, it is still better to use AWS X-Ray as it enables you to analyze and debug your serverless application more effectively.
Amazon Inspector is incorrect because this is primarily used for EC2 and not for Lambda.
AWS CloudTrail is incorrect because this will only enable you to track all API calls to your Lambda, DynamoDB, and SNS. It is still better to use AWS X-Ray to debug your application.
34
Which of the following cloud best practices reinforces the use of the Service-Oriented Architecture (SOA) design principle?
Implement elasticity.
Think parallel.
Design for failure.
Decouple your components.
Decouple your components
35
A customer currently has a Basic support plan and they are planning to use the Infrastructure Event Management, Well-Architected Reviews and Operations Reviews features in AWS. What should they do in order to access these features in the most cost-effective manner?
None since these features are already included in their Basic support plan.
Upgrade to Developer support plan.
Upgrade to Business support plan.
Upgrade to Enterprise support plan.
Upgrade to Enterprise support plan.
36
Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?
Amazon Cognito User Pool
Amazon Cognito Sync
Amazon Cognito Identity Pool
AWS Single Sign-On
Amazon Cognito Identity Pool.
Amazon Cognito User Pool is incorrect because a user pool is a user directory in Amazon Cognito. In addition, it doesn’t enable access to unauthenticated identities. You have to use an Identity Pool instead.
Amazon Cognito Sync is incorrect because this is a client library that enables cross-device syncing of application-related user data.
AWS Single Sign-On is incorrect because this service lets you centrally manage SSO access to multiple AWS accounts. It also does not allow any “guest” or unauthenticated access, unlike Amazon Cognito.
37
Which of the following should you use if you need to provide temporary AWS credentials for users who have been authenticated via their social media logins as well as for guest users who do not require any authentication?
Amazon Cognito User Pool
Amazon Cognito Sync
Amazon Cognito Identity Pool
AWS Single Sign-On
Amazon Cognito Identity Pool.
Amazon Cognito User Pool is incorrect because a user pool is a user directory in Amazon Cognito. In addition, it doesn’t enable access to unauthenticated identities. You have to use an Identity Pool instead.
Amazon Cognito Sync is incorrect because this is a client library that enables cross-device syncing of application-related user data.
AWS Single Sign-On is incorrect because this service lets you centrally manage SSO access to multiple AWS accounts. It also does not allow any “guest” or unauthenticated access, unlike Amazon Cognito.
38
Which of the following is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads?
AWS Shield
Amazon GuardDuty
Amazon Macie
AWS WAF
Amazon GuardDuty
39
There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?
Set your S3 buckets to private so that objects are not publicly readable/writable
Configure MFA delete on the S3 bucket.
Create access control policies so that only you can perform S3-related actions
Set up stricter IAM policies that will prevent users from deleting S3 objects
Configure MFA delete on the S3 bucket.
The option that says: Set up stricter IAM policies that will prevent users from deleting S3 objects is incorrect because you can prevent unwanted deletion by removing the permission from IAM Users. However, in this case, the issue is caused by unauthorized access to the account which had the capability of deleting objects. This will totally restrict the authorized users from deleting necessary objects.
The option that says: Create access control policies so that only you can perform S3-related actions is incorrect because this will not prevent unauthorized access to AWS accounts.
The option that says: Set your S3 buckets to private so that objects are not publicly readable/writable is incorrect because this is unrelated to the issue in this case.
40
There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?
Set your S3 buckets to private so that objects are not publicly readable/writable
Configure MFA delete on the S3 bucket.
Create access control policies so that only you can perform S3-related actions
Set up stricter IAM policies that will prevent users from deleting S3 objects
Configure MFA delete on the S3 bucket.
The option that says: Set up stricter IAM policies that will prevent users from deleting S3 objects is incorrect because you can prevent unwanted deletion by removing the permission from IAM Users. However, in this case, the issue is caused by unauthorized access to the account which had the capability of deleting objects. This will totally restrict the authorized users from deleting necessary objects.
The option that says: Create access control policies so that only you can perform S3-related actions is incorrect because this will not prevent unauthorized access to AWS accounts.
The option that says: Set your S3 buckets to private so that objects are not publicly readable/writable is incorrect because this is unrelated to the issue in this case.
41
Which of the following tasks fall under the sole responsibility of AWS based on the shared responsibility model?
Implementing IAM policies
Patch Management
Physical and environmental controls
Applying Amazon S3 bucket policies
Physical and environmental controls.
Implementing IAM policies and Applying Amazon S3 bucket policies are both incorrect because these are the responsibilities of the customer and not AWS.
Patch Management is incorrect because this is actually a shared control between AWS and the customer.
42
Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO.)
Grant most privilege.
Lock away your AWS account root user access keys.
Grant least privilege.
Use Bastion Hosts.
Use Inline Policies instead of Customer Managed Policies.
– Grant Least Privilege
– Lock away your AWS account root user access keys
43
Which of the following are the best practices that can help secure your AWS resources using the AWS Identity and Access Management (IAM) service? (Select TWO.)
Grant most privilege.
Lock away your AWS account root user access keys.
Grant least privilege.
Use Bastion Hosts.
Use Inline Policies instead of Customer Managed Policies.
– Grant Least Privilege
– Lock away your AWS account root user access keys
44
Which of the following policies grant the necessary permissions required to access your Amazon S3 resources? (Select TWO.)
```
Bucket policies
Network access control policies
Object policies
Routing policies
User policies
```
– Bucket policies
– User policies
45
A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?
Enable Cross-Origin Resource Sharing (CORS)
Use the Multipart upload API
Upload the images and videos using the BatchWriteItem API
Shift to S3 Intelligent-Tiering storage class
Use the Multipart Upload API.
The option that says: Use the BatchWriteItem API is incorrect because this is a DynamoDB API action and not S3.
The option that says: Shift to S3 Intelligent-Tiering storage class is incorrect because this is primarily used to optimize your storage costs automatically based on your data access patterns without performance impact or operational overhead.
The option that says: Enable Cross-Origin Resource Sharing (CORS) is incorrect because this is only applicable for client web applications that are loaded in one domain to interact with resources in a different domain.
45
A space agency is using Amazon S3 to store their high-resolution satellite images and videos everyday. Which of the following should they do to minimize the upload time?
Enable Cross-Origin Resource Sharing (CORS)
Use the Multipart upload API
Upload the images and videos using the BatchWriteItem API
Shift to S3 Intelligent-Tiering storage class
Use the Multipart Upload API.
The option that says: Use the BatchWriteItem API is incorrect because this is a DynamoDB API action and not S3.
The option that says: Shift to S3 Intelligent-Tiering storage class is incorrect because this is primarily used to optimize your storage costs automatically based on your data access patterns without performance impact or operational overhead.
The option that says: Enable Cross-Origin Resource Sharing (CORS) is incorrect because this is only applicable for client web applications that are loaded in one domain to interact with resources in a different domain.
46
Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?
AWS Snowcone
Lambda@Edge
AWS Snowball Edge
AWS Snowmobile
AWS Snowball Edge.
AWS Snowmobile is incorrect because this is primarily used to migrate tens of petabytes to exabytes of data in batches to the cloud.
AWS Snowcone is incorrect. Although it is a data transport solution like Snowball Edge, it is not suitable for moving terabytes to petabytes of data. Take note that the usable storage for Snowcone is only 8 TB.
Lambda@Edge is incorrect because this is just a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency
47
Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?
AWS Snowcone
Lambda@Edge
AWS Snowball Edge
AWS Snowmobile
AWS Snowball Edge.
AWS Snowmobile is incorrect because this is primarily used to migrate tens of petabytes to exabytes of data in batches to the cloud.
AWS Snowcone is incorrect. Although it is a data transport solution like Snowball Edge, it is not suitable for moving terabytes to petabytes of data. Take note that the usable storage for Snowcone is only 8 TB.
Lambda@Edge is incorrect because this is just a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency
48
What is the most secure way to provide applications temporary access to your AWS resources?
Create an IAM policy that allows the application to access the resources, and attach the policy to the application
Create an IAM role and have the application assume the role
Create an IAM group that has access to the resources, and add the application there
Create an IAM user with access keys and assign it to the application
Create an IAM role and have the application assume the role.
The option that says: Create an IAM user with access keys and assign it to the application is incorrect because an IAM User is primarily used for long-term credentials, not for temporary access.
The option that says: Create an IAM group that has access to the resources, and add the application there is incorrect because an IAM Group does not provide temporary access credentials.
The option that says: Create an IAM policy that allows the application to access the resources, and attach the policy to the application is incorrect because IAM policies are not entities that have credentials in AWS.
49
Which of the following actions will AWS charge you for?
Network charges for the transfer of data from your data center to S3 through a VPN
Provisioning elastic IPs and attaching them to running EC2 instances
Setting up additional VPCs in your account
Transfer of EC2 files between two AWS Regions
Transfer of EC2 files between two AWS Regions.
The option that says: Network charges for the transfer of data from your data center to S3 through a VPN is incorrect because the data coming in from your data center to AWS does not incur you charges.
The option that says: Provisioning Elastic IPs and attaching them to running EC2 instances is incorrect because Elastic IPs are only charged if they are not attached to running instances.
The option that says: Setting up additional VPCs in your account is incorrect because VPCs are free to use in AWS.
50
Which of the following actions will AWS charge you for?
Network charges for the transfer of data from your data center to S3 through a VPN
Provisioning elastic IPs and attaching them to running EC2 instances
Setting up additional VPCs in your account
Transfer of EC2 files between two AWS Regions
Transfer of EC2 files between two AWS Regions.
The option that says: Network charges for the transfer of data from your data center to S3 through a VPN is incorrect because the data coming in from your data center to AWS does not incur you charges.
The option that says: Provisioning Elastic IPs and attaching them to running EC2 instances is incorrect because Elastic IPs are only charged if they are not attached to running instances.
The option that says: Setting up additional VPCs in your account is incorrect because VPCs are free to use in AWS.
51
A company wants to launch a Microsoft SQL Server database in AWS. The database instance should only be managed by the company’s DBA and must be accessible via RDP. A standard license for SQL Server is required but the company is not yet sure how much CPU and memory to allocate to the database.
Which option gives the most convenience and flexibility to determine the best database size while still being cost-effective?
Launch an Amazon Aurora database that runs MS SQL Server. Buy a Standard MSSQL license from the AWS License Manager service.
Use a Windows Server with SQL Server Standard bundled AMI so you won’t need to buy and manage your own license.
Launch an RDS instance that runs MS SQL Server Standard. Purchase a Standard MSSQL license and store it in the AWS Managed Services (AMS).
Launch an EC2 instance and install MS SQL Server. Purchase a Standard MSSQL license from Microsoft and apply it to the database you installed.
Use a Windows Server with SQL Server Standard bundled AMI so you won’t need to buy and manage your own license.
The option that says: Launch an EC2 instance and install MS SQL Server. Purchase a Standard MSSQL license from Microsoft and apply it to the database you installed is incorrect since this is not the most convenient method of launching an MS SQL Server in AWS. You typically use this solution if you already have a SQL Server license and you prefer to BYOL (bring your own license).
The option that says: Launch an RDS instance that runs MS SQL Server Standard. Purchase a Standard MSSQL license and store it in the AWS Managed Services (AMS) is incorrect. It is explicitly stated in the scenario that the database instance should only be managed by the company’s DBA and must be accessible via RDP. You cannot directly establish an RDS connection to an Amazon RDS database. In addition, Amazon RDS costs more than Amazon EC2 because the infrastructure is managed by AWS.
The option that says: Launch an Amazon Aurora database that runs MS SQL Server. Buy a Standard MSSQL license from the AWS License Manager service is incorrect since Amazon Aurora does not support MS SQL Server. Moreover, you cannot directly buy software licenses from the AWS License Manager service. This is just used to easily manage your software licenses from various vendors such as Microsoft, SAP, Oracle, and IBM across AWS and on-premises environments.
52
Which of the following is true regarding the Business support plan in AWS?
Provides a 1-hour response time support if your production system got impaired
Provides a 15-minute response time support if your business-critical system goes down
Provides a 15-minute response time support if your production system goes down
Provides a 1-hour response time support if your production system goes down
Provides a 1-hour response time support if your production system goes down.
The option that says: Provides a 15-minute response time support if your production system goes down is incorrect because the Business support plan only provides a 1-hour response time and not 15 minutes.
The option that says: Provides a 15-minute response time support if your business-critical system goes down is incorrect because this high level of support is only available for Enterprise support plan.
The option that says: Provides a 1-hour response time support if your production system got impaired is incorrect because the Business support plan only gives you a 4-hour response time and not an hour in the event that your production system got impaired.
53
Agility is one of the benefits of using cloud computing that provides customer with what advantage?
Allows you to trade capital expense for variable expense.
Avoid overprovisioning of your infrastructure to ensure you have enough capacity to handle your business operations at the peak level of activity.
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
Easily deploy your application in multiple physical locations around the world with just a few clicks.
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
53
Agility is one of the benefits of using cloud computing that provides customer with what advantage?
Allows you to trade capital expense for variable expense.
Avoid overprovisioning of your infrastructure to ensure you have enough capacity to handle your business operations at the peak level of activity.
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
Easily deploy your application in multiple physical locations around the world with just a few clicks.
Focus your valuable IT resources on developing applications that differentiate your business rather than managing infrastructure and data centers.
54
Which of the following statements is true for AWS CloudTrail?
CloudTrail is disabled by default for newly created AWS accounts
When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default
CloudTrail charges you for every management event trail created
CloudTrail is able to capture application error logs from your EC2 instances
When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default.
The option that says: CloudTrail is disabled by default for newly created AWS accounts is incorrect because AWS CloudTrail is now enabled by default for ALL CUSTOMERS and will provide visibility into the past seven days of account activity without the need for you to configure a trail in the service to get started.
The option that says: CloudTrail is able to capture application error logs from your EC2 is incorrect because CloudTrail actually does not capture error logs in your EC2 instances. You may instead use CloudWatch Logs for this purpose.
The option that says: CloudTrail charges you for every management event trail created is incorrect because actually, CloudTrail does not charge you for your first management trail, but only the additional management trails you create after the first one.
55
Which service lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers, or custom URIs?
AWS Trusted Advisor
Network ACLs
Security Group
AWS WAF
AWS WAF
56
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Which of the following best describes what an account alias is in IAM?
Your IAM root username
The name AWS assigns to your account
The numerical value of your account ID
A substitute for an account ID in the web address for your account
A substitute for an account ID in the web address for your account
57
A company is using Amazon S3 to store their static media contents such as photos and videos. Which of the following should you use to provide specific users access to the bucket?
SSH key
Security Group
Network Access Control List
Bucket Policy
Bucket Policy.
Security Group is incorrect because this is primarily used as a virtual firewall for your EC2 instances, and not S3 buckets, to control inbound and outbound traffic.
SSH key is incorrect because this is only used if you want to establish an SSH connection to your EC2 instances and not for S3 buckets.
Network Access Control List is incorrect because this is just an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. This has nothing to do with providing users access to your S3 bucket.
58
What is the best way to keep track of all activities made in your AWS account?
Set up MFA logging to know who is currently in your environment
Use Amazon CloudWatch Logs to log all activities
Create a multi-region trail in AWS CloudTrail
Use LDAP authentication on your AWS account
Create a multi-region trail in AWS CloudTrail.
Using Amazon Cloudwatch Logs is incorrect since this service is not related to user actions in your account. CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.
Setting up MFA is incorrect because it will not tell you exactly who performed what in your AWS account.
Using LDAP authentication on your AWS account is incorrect because not all company supports it. Access logging can be done from the company’s side however, this cannot capture the actions performed within the AWS account.
59
Which of the following is true if you store your data in AWS?
You are the owner of the data you store in AWS
AWS has the right to review any data stored for potential threats
All data are stored durably and redundantly in different AZs
Encryption is required for all data at rest and in transit
You are the owner of the data you store in AWS.
60
Which of the following security group rules are valid? (Select TWO.)
Outbound HTTPS rule with hostname as destination
Outbound MYSQL rule with IP address as source
Inbound HTTP rule with security group ID as source
Inbound TCP rule with instance ID as source
Inbound RDP rule with an address range as source
Inbound HTTP rule with security group ID as source and Inbound RDP rule with an address range as source.
Inbound TCP rule with instance ID as source and Outbound HTTPS rule with hostname as destination are both incorrect because Instance IDs or hostnames are not valid values.
Outbound MYSQL rule with IP address as source is incorrect because the source cannot be modified. Since it is outbound, you should specify the allowed destination instead.
61
Customer wants to further secure his network beyond security groups and network access control lists. Which of the services below can be used to provide the additional security features? (Select TWO.)
```
Amazon SQS
AWS WAF
AWS Key Management Service
Amazon GuardDuty
AWS Single Sign-On
```
– Amazon GuardDuty
– AWS WAF
Amazon SQS is incorrect because this is not a security service. This is a messaging service that allows you to decouple applications and provides more durability for your messages.
AWS Single Sign-On is incorrect because this service only allows you to centrally manage SSO access to multiple AWS accounts and business applications. SSO does not protect your network from potential security threats, but it does provide additional access security for your AWS account.
AWS KMS or Key Management Service is incorrect because this is a central repository for encryption keys in your account. It is not used to protect your network from potential security threats. KMS is useful if you have data that you need to encrypt, and you want a central location where you can manage your keys.
62
You noticed that you cannot reach one of your EC2 web servers behind an ELB whenever you enter the DNS name of your load balancer. Which of the following should you first check to gain more insight on the issue?
AWS Config
Amazon CloudWatch
AWS CloudTrail
ELB Health Check
This is verified by the ELB health checks that you can see in your ELB dashboard, which determines whether an instance is healthy or not.
Amazon CloudWatch is incorrect because this is just used to monitor your AWS resources and collect information in the form of logs, metrics, and events. Although this service can prove useful for investigation, it is not the first thing you should check in this scenario.
AWS CloudTrail is incorrect because this simply provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Although this service can prove useful for investigation, it is not the first thing you should check in this scenario.
AWS Config is incorrect because it just continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. This service will not help you very much in your investigation of the issue.
63
Which of the following services allows you to purchase Reserved Instances? (Select TWO.)
```
AWS Elastic Beanstalk
AWS Batch
Amazon EKS
Amazon EC2
Amazon RDS
```
Amazon EC2 and RDS.
64
In which of the following occasions should you use the Amazon SQS in your application system? (Select TWO.)
When your application requires the use of industry-standard messaging protocols for message delivery
If you require a durable storage for your application events or messages
When you have to automate certain tasks in your workflow
If you need to decouple certain parts of your system for better fault tolerance
If you need to submit push notifications to your event subscribers
– If you need to decouple certain parts of your system for better fault tolerance
– If you require a durable storage for your application events or messages
65
Which of the following infrastructure correlates to a VPC’s subnet?
Availability zone
Region
Edge location
Server
Each subnet must reside entirely within one Availability Zone
66
How can you easily and securely copy your infrastructure to another AWS Region?
Take an EBS snapshot on all your storage devices and copy them to the new region
Create a golden AMI which you can use to redeploy your instances to the new region
Enable RDS multi-AZ to have a similar database instance running in the new region
Create a CloudFormation template and deploy it in the new region
Create a CloudFormation template and deploy it in the new region.
67
You wish to host a static website of your own in AWS at a low cost. Which service should be used for this purpose?
Amazon EC2
Amazon S3 Standard
Amazon Elastic Load Balancer
Amazon S3 Infrequent Access
Amazon S3 Standard.
Amazon EC2 is incorrect because using this will not be as cost-effective as using Amazon S3 Standard for static website hosting. This is because there are other costs to consider when using EC2 instances, such as EBS volumes.
68
You have a fleet of on-premises servers that require a centralized scalable and durable file storage. It should be able to support massive parallel access. Which of the following is the most appropriate service to use?
Amazon S3
Amazon Storage Gateway – File Gateway
Amazon EFS
Amazon Redshift
Amazon EFS is the correct answer.
Amazon S3 is incorrect. First, it is meant specifically for object storage, and second, EFS can serve a fleet of EC2 instances better than S3 as file storage.
Amazon Storage Gateway is incorrect because this service simply provides a file interface into Amazon Simple Storage Service (Amazon S3) and is a combination of storage service and a virtual software appliance. This service is meant for local software hosted on your on-premises data center which requires connection to S3. It is not meant to serve a fleet of EC2 instances.
Amazon Redshift is incorrect because this is a data warehousing service offered by AWS. It cannot be used for file storage.
69
Which of the following practices demonstrate operational excellence in AWS cloud? (Select TWO.)
Use serverless applications such as AWS Lambda
Perform monthly game days on your AWS environment
Monitor EC2 metric consumption and adjust the instance type accordingly
Launching your infrastructure manually via the Console
Deploy small, incremental changes to your production servers using AWS CodeDeploy
Deploy small, incremental changes to your production servers using AWS CodeDeploy and Perform monthly game days on your AWS environment.
The option that says: Launching your infrastructure manually via the console is incorrect because this is not a notable best practice under operational excellence. In the cloud, it is preferred to automate majority of the tasks to achieve a predictable and constant result.
The option that says: Using serverless applications such as AWS Lambda is incorrect because this is more of a design principle that focuses on performance efficiency and not operational excellence. Serverless is a very useful tool that steers away from traditional server management and lets you focus more on your applications and services.
The option that says: Monitoring EC2 consumption and adjusting your instance type accordingly is incorrect because this is more related to the performance efficiency pillar. Underprovisioned instances need to be scaled up to deliver better performance. Overprovisioned instances need to be scaled down to save on costs.
70
Your organization would like to boost productivity by improving business communication channels and customer service experience. Which of the following AWS applications would you suggest? (Select TWO.)
```
Amazon Connect
AWS Transfer Family
Amazon Chime
Amazon Workspaces
AWS Marketplace
```
– Amazon Chime
– Amazon Connect
AWS Transfer Family is incorrect because this tool is used for recurring business-to-business file transfers to Amazon S3 and Amazon EFS using SFTP, FTPS, and FTP protocols.
AWS Marketplace is incorrect because this is a sales channel for ISVs and Consulting Partners to sell their solutions to AWS customers.
Amazon Workspaces is incorrect because this is a fully managed desktop virtualization service for Windows and Linux, and is not related to business communications or customer service.
71
Which of the following is the most cost-effective service to use if you want to coordinate multiple AWS services into serverless workflows?
Amazon SWF
AWS Lambda
AWS Step Functions
AWS Batch
AWS Step Functions provides serverless orchestration for modern applications.
Amazon SWF is incorrect because it is just a fully-managed state tracker and task coordinator service. It does not provide serverless orchestration to multiple AWS resources.
AWS Lambda is incorrect because although this service is used for serverless computing, it does not provide a direct way to coordinate multiple AWS services into serverless workflows.
AWS Batch is incorrect because this is primarily used to efficiently run hundreds of thousands of batch computing jobs in AWS.
72
Which of the following should you set up in order to connect your AWS VPC network to your local network via an IPsec tunnel?
An on-premises NAT gateway device connected to your VPC's Internet Gateway
A VPN gateway in your VPC connected to the Customer Gateway in your on-premises network
A NAT gateway in your private subnet connected to your on-premises network
VPC Peering connection between your on-premises network and VPC
An Amazon VPC VPN connection links your data center (or network) to your Amazon Virtual Private Cloud (VPC)
The option that says: VPC Peering connection between your on-premises network and VPC is incorrect because VPC Peering connects two different VPCs for inter-VPC communication. It does not connect your local network via IPsec VPN.
The option that says: A NAT gateway in your private subnet connected to your on-premises network is incorrect because a NAT Gateway is primarily used to allow EC2 instances launched in your private subnet to be able to connect to the public Internet, but disallows external servers to establish Internet connection to the VPC.
The option that says: An on-premises NAT gateway device connected to your VPC’s Internet Gateway is incorrect because as mentioned above, a NAT Gateway is not a suitable service/network device to be used here.
73
Which of the following provides you access to Reserved Instance (RI) purchase recommendations based on your past usage and indicate potential opportunities for savings as compared to On-Demand usage?
AWS Budgets
AWS Cost Explorer
AWS Cost and Usage report
AWS Billing Dashboard
AWS Cost Explorer.
AWS Billing Dashboard, AWS Budgets, and AWS Cost and Usage report are all incorrect since these tools do not provide Reserved Instance (RI) purchase recommendations, unlike AWS Cost Explorer.
74
What service acts as a firewall for your EC2 instances?
VPC
Elastic Network Interface
Security Group
Network ACL
security Group.
75
Which AWS service lets you provision either Windows or Linux desktops in just a few minutes and can scale easily to provide thousands of desktops to workers?
Amazon Workspaces
AWS Systems Manager
AWS Cloud9
AWS Organizations
Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution where you provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.
AWS Cloud9 is incorrect because this is simply a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. It includes a code editor, debugger, and terminal.
76
Which type of Elastic Load Balancer allows you to forward the incoming request to a target group with a Lambda function as a target?
Application Load Balancer
Network Load Balancer
Classic Load Balancer
Gateway Load Balancer
Application Load Balancer
77
Which of the following services allow you to mask downtime of your application by rerouting your traffic to healthy instances? (Select TWO.)
```
Amazon Route 53
AWS ELB
VPC Route tables
AWS App Mesh
AWS EC2 Auto Scaling
```
AWS ELB and Amazon Route 53 help mask downtime by redirecting traffic to your healthy instances and allowing failover to your secondary systems. This is achieved through a combination of different health checks, routing policies, and failover policies.
AWS EC2 Auto Scaling, and VPC Route Tables do not help mask downtime by rerouting traffic to healthy backend servers.
78
How can your RDS production instances be more cost-effective when they will be used for a long period of time?
You can stop your RDS instances when idle to prevent AWS from charging you during this time
You can easily backup, terminate, and restore RDS instances when you need them
You can avail of reserved instances to get discounts on your instance costs
AWS does not charge you when your RDS is idle
Amazon RDS Reserved Instances give you the option to reserve a DB instance for a one or three year term and in turn receive a significant discount compared to the On-Demand Instance pricing for the DB instance.
The option that says: You can stop your RDS instances when idle to prevent AWS from charging you during this time is not the best way to save money as it entails more effort than required to do so. It is still better to opt for reserved instances for your RDS database cluster instead.
The option that says: You can easily backup, terminate, and restore RDS instances when you need them is not the best solution. There is too much effort involved.
The option that says: AWS does not charge you when your RDS is idle is incorrect. Idle time or not, once your RDS instance is running, AWS charges you for it.
79
You have a large number of log files that will be archived in AWS for a long time and should have a retrieval time of 12 hours or less. Which service is the most cost-effective storage class for this purpose?
Amazon S3 Glacier Deep Archive
Amazon S3 Standard-IA
Amazon S3 Glacier
Amazon EBS Cold HDD
S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year.
Amazon S3 Standard-IA is incorrect because this costs more than Glacier and Glacier Deep Archive. This storage type takes into consideration that you will still need to retrieve your objects in a timely manner, although infrequently.
Amazon S3 Glacier is incorrect because it is already mentioned in the scenario that the retrieval option should be within 12 hours and thus, Glacier Deep Archive can provide a more cost-effective option than the Glacier class including the capability to retrieve the data within the mentioned timeframe.
Amazon EBS Cold HDD is incorrect because this is not the best nor the cheapest choice for archival. You use Cold HDD if you have infrequent workloads that require consistent throughput. EBS volumes need to be used along with EC2 instances for you to have access to the files stored in it.
80
Which service in AWS supports various business intelligence tools such as Apache Spark so that you may perform data transformation workloads (ETL) and analytics at a low cost?
Amazon OpenSearch
Amazon Redshift
Amazon EMR
Amazon RDS
Amazon EMR is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data.
81
You are planning to deploy a video streaming application with frequently accessed, throughput-intensive workloads to your EC2 instance which requires fast, consistent throughput. What EBS volume type should you use to maximize performance as well as cost?
General Purpose SSD
Provisioned IOPS SSD
Cold HDD
Throughput Optimized HDD
Throughput Optimized HDD
Provisioned IOPS SSD is incorrect because this is not the most cost-effective EBS type and is primarily used for critical business applications that require sustained IOPS performance.
General Purpose SSD is incorrect because although this volume balances price and performance for a wide variety of workloads, it is not suitable for frequently accessed, throughput-intensive workloads. Throughput Optimized HDD is a more suitable option to use than General Purpose SSD.
Cold HDD is incorrect because although this one provides the lowest cost among all other options, it is much suitable for less frequently accessed workloads.
82
Which service in AWS allows you to host your own Puppet Enterprise infrastructure?
AWS Service Catalog
AWS Elastic Beanstalk
AWS CloudFormation
AWS Opsworks
AWS Opsworks
83
What service should you use in order to add user sign-up, sign-in, and access control to your mobile app with a feature that supports sign-in with social identity providers such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0?
Amazon Cognito
AWS Directory Service
AWS Identity and Access Management (IAM)
AWS Single Sign-On (SSO)
Amazon Cognito
84
Where can you track the costs you’ve incurred so far in your AWS account with a graphical visualization?
AWS Consolidated Billing
AWS Cost Explorer
AWS Cost and Usage Reports
AWS Budgets
The AWS Cost Explorer service has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time
AWS Cost & Usage Report is incorrect because this simply lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes.
85
Which of the following is a continuous delivery service that you should use to automate your release pipelines for fast and reliable application and infrastructure updates?
AWS CodePipeline
AWS CodeCommit
Amazon Data Pipeline
AWS CodeDeploy
AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates
Amazon Data Pipeline is incorrect because this service is primarily used for data workflow orchestration which helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources, at specified intervals. This has nothing to do with application release pipelines which is what AWS CodePipeline handles.
AWS CodeCommit is incorrect because this is just a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories.
86
Which of the following services will be able to reroute traffic to your secondary EC2 instances in another region during disaster recovery?
Amazon VPC
Amazon Route 53
VPC Peering
AWS ELB
Amazon Route 53
Both Amazon VPC and VPC Peering are incorrect because they don’t do any kind of failover rerouting procedure during a disaster.
AWS ELB is incorrect. If the ELB itself were to fail then no traffic would reach your servers at all.
87
________ is AWS’s digital user engagement service that enables AWS customers to effectively communicate with their end users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.
Amazon Pinpoint
Amazon Simple Notification Service
Amazon SNS Mobile Push
Amazon Simple Email Service
Amazon Pinpoint is AWS’s Digital User Engagement Service that enables AWS customers to effectively communicate with their end-users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications.
88
Tutorials Dojo would like to test their new mobile app on multiple devices at once in a coordinated fashion using AWS. Which of the following services will help speed up the process? (Select TWO.)
```
AWS Device Farm
Amazon Lumberyard
AWS Ground Station
AWS Mobile Hub
AWS Security Bulletin
```
– AWS Device Farm
– AWS Mobile Hub
AWS Ground Station is incorrect since this service is for controlling satellite communications and processing data using satellites.
Amazon Lumberyard is incorrect because this is a game engine service for creating games. Take note that you need to test out a new mobile app on multiple devices. Therefore, this service won’t help you accomplish the task.
AWS Security Bulletin is incorrect because this AWS service is a security announcement provider service. This means that you can’t use this service to test mobile apps on multiple devices.
89
Which of the following are defined as global services in AWS? (Select TWO.)
```
Amazon CloudFront
Amazon RDS
AWS Batch
Amazon DynamoDB
AWS Identity and Access Management
```
– AWS Identity and Access Management
– Amazon CloudFront
90
What cloud computing model deals with services such as EC2 instances?
IaaS
PaaS
SaaS
DBaaS
Infrastructure as a Service (IaaS)
91
Which of the following are regarded as regional services in AWS? (Select TWO.)
```
Amazon EFS
AWS Security Token Service
Amazon Route 53
AWS Batch
Amazon EC2
```
AWS Batch is a regional service that simplifies running batch jobs across multiple Availability Zones within a region.
Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZs) for high availability and durability.
AWS Security Token Service and Amazon Route 53 are incorrect because these are considered as global services.
Amazon EC2 is incorrect because this is considered as a zonal service
92
Due to a high number of visitors, many customers are timing out from your website which is running in an Auto Scaling group of EC2 instances behind an ELB. Upon checking, the Auto Scaling group has stopped adding new instances to your group.
Which of the following Trusted Advisor categories will give you more insight on this issue? (Select TWO.)
```
Security
Performance
Service Limits
Fault Tolerance
Cost Optimization
```
Performance
| Service Limits
93
Which among the options below can you use to launch a new Amazon RDS database cluster to your VPC? (Select TWO.)
```
AWS Systems Manager
AWS CloudFormation
AWS CodePipeline
AWS Concierge
AWS Management Console
```
– AWS Management Console
– AWS CloudFormation
AWS Concierge is incorrect because this is actually a senior customer service agent who is assigned to your account when you subscribe to an Enterprise or qualified Reseller Support plan.
94
You have a customized EC2 instance running your latest web application. How can you create an exact copy of this instance in another region?
Create a golden AMI of the instance and copy it to the other region.
95
A customer has a popular website that has millions of viewers from all over the world and has read-heavy database workloads. Which of the following is the best option to use to increase the read throughput on their database?
Enable Multi-AZ deployments
Enable Amazon RDS Standby Replicas
Enable Amazon RDS Read Replicas
Use SQS to queue up the requests
Amazon RDS Read Replicas
The option that says: Enable Multi-AZ deployments is incorrect because the Multi-AZ deployments feature is mainly used to achieve high availability and failover support for your database.
The option that says: Enable Amazon RDS Standby Replicas is incorrect because a Standby replica is used in Multi-AZ deployments and hence, it is not a solution to reduce read-heavy database workloads.
96
Which AWS storage service offers faster disk read and write performance and provides temporary block-level storage for your instance?
EBS Provisioned IOPS SSD
EBS Throughput Optimized HDD
EFS
Instance Store
An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer
97
Which of the following services should you provision if your local data center requires additional storage space without having to migrate data?
AWS Direct Connect
AWS Storage Gateway
AWS Snowball Edge
AWS Backup
AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage.
98
A company has a hybrid cloud architecture where their on-premises data center interacts with their cloud resources in AWS. Which of the following services in AWS can you use to deploy a web application to the servers running on-premises? (Select TWO.)
```
AWS CodeDeploy
AWS Elastic Beanstalk
AWS OpsWorks
AWS Batch
AWS CloudFormation
```
AWS OpsWorks and AWS CodeDeploy.
AWS CloudFormation and AWS Elastic Beanstalk are incorrect because these services can only deploy applications to your AWS resources
99
What type of EBS volume is recommended for most workloads and is also usable as a boot volume?
Throughput Optimized HDD
Provisioned IOPS SSD
General Purpose SSD
Cold HDD
General Purpose SSD
100
Which AWS well-architected pillar stresses the importance of selecting the most appropriate and right number of resource types for your requirements?
Performance Efficiency
Reliability
Operational Excellence
Cost optimization
Cost optimization
Performance efficiency is incorrect because this pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.
Operational Excellence is incorrect because this pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
101
What AWS service can monitor the compliance status of your AWS resources against a set of compliance guidelines?
AWS Artifact
AWS Config
Amazon CloudWatch
AWS IAM
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
102
Which AWS service allows me to patch my Windows EC2 instances without having to RDP into them?
AWS CloudFormation
AWS CodeDeploy
AWS Systems Manager
Amazon Simple Workflow
AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources.
103
Which of the following RDS engines allows you to bring your own license (BYOL)?
PostgreSQL
MS SQL
MySQL
Oracle
Oracle
104
If you are tasked to create a lightweight Wordpress site in AWS without having to install the package on your own, which PaaS solution in AWS will allow you to do this easily?
Amazon Lightsail
AWS Glue
Amazon GameLift
AWS Elastic Beanstalk
Amazon Lightsail is a PaaS solution for users who need a simple virtual private server (VPS) solution. Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud.
Amazon Elastic Beanstalk is another PaaS solution of AWS. This is not the correct answer, however, because you would have to deploy and set up your own WordPress application first. Elastic Beanstalk does not offer a simple solution to quickly set up a functional WordPress website in minutes, unlike Lightsail.
Amazon GameLift is incorrect because you can’t use this service to deploy applications. Amazon GameLift is a dedicated game server hosting solution that deploys, operates, and scales cloud servers for multiplayer games.
AWS Glue is incorrect because this is a serverless ETL (extract, transform, and load) service that makes it simple and cost-effective to categorize your data, clean it, enrich it, and move it reliably between various data stores and data streams. This service is not for setting up a WordPress site.
105
A customer is using Amazon S3 to store sprites of game characters. When players retrieve these sprites, they are temporarily stored on the player’s computer. The sprites are currently stored in the S3 Standard storage class. Which of the following options would you recommend to optimize storage costs?
Add a lifecycle policy to move sprites to S3 Standard – Infrequent Access after the customer uploads them.
Add a lifecycle policy to move sprites to S3 Glacier after the customer uploads them.
Have the customer compress the sprites to reduce storage consumption.
Have the customer directly upload the sprites to S3 Standard – Infrequent Access.
Have the customer directly upload the sprites to S3 Standard – Infrequent Access.
Sprites are rarely accessed (and after accessing them they are stored on the user’s phone).
Add a lifecycle policy to move sprites to S3 Standard – Infrequent Access after the customer uploads them is not necessary since you can store the objects directly to S3 Standard-IA.
106
Availability Zones are physically separated by a meaningful distance from any other AZ, although all are within 100 km or 60 miles of each other. What is the primary reason why Availability Zones are set up the way they are now?
Price of the land is cheaper in those locations
To keep them as far apart from each other in case of a disaster
To achieve better network connectivity to users in the location
To maximize area coverage in a Region
To keep them as far apart from each other in case of a disaster
107
Which of the following is true regarding the AWS Cost and Usage report? (Select TWO.)
Provides you a dashboard that lets you view the status of your month-to-date AWS expenditure and provides access to a number of other cost management products that can help you dig deeper into your AWS costs and usage
Provides you with granular data about your AWS costs and usage
Lets you set custom cost and usage budgets that alert you when those thresholds are exceeded
Allows you to load your cost and usage information into Amazon Athena, Amazon Redshift, and AWS QuickSight
Helps you visualize, understand, and manage your AWS costs and usage over time via an intuitive interface that enables you to quickly create custom reports
– Provides you with granular data about your AWS costs and usage
– Allows you to load your cost and usage information into Amazon Athena, Amazon Redshift, and AWS QuickSight
108
Which of the following actions does not affect costs when using Amazon S3?
Making GET requests to your S3 objects
Choosing S3 Standard IA rather than One Zone IA
Data transfer costs for uploading objects into your S3 bucket.
Moving objects out of your S3 bucket to another bucket
: Data transfer costs for uploading objects into your S3 bucket.
109
What is an advantage of cloud computing when it comes to equipment expenditures?
AWS makes sure that physical devices are continuously secured and monitored.
You can easily scale and manage the number of resources running in your cloud environment.
AWS introduces cost reductions each year in their services.
AWS uses the cheapest possible equipment for their data centers so that they do not charge expensive fees.
AWS introduces cost reductions each year in their services.
110
You have an Amazon Linux EC2 instance running for an hour and thirty minutes. How will AWS bill you in terms of usage?
You will only be billed for an hour according to the hourly billing rule
You will be billed for one hour and thirty minutes according to the hourly billing rule
You will be billed for an hour and thirty minutes according to the per-second billing rule
You will be billed for an hour and twenty-nine minutes according to the per second billing rule
Amazon Linux instances are now billed in a per-second duration. With per-second billing, you pay for only what you use.
111
What is the lowest support plan that allows an unlimited number of technical support cases to be opened?
Developer
Basic
Business
Enterprise
Developer
112
In implementing continuous integration and continuous delivery (CI/CD) in your cloud architecture, which service will make it easy for you to set up your entire development and continuous delivery toolchain for coding, building, testing, and deploying your application code?
AWS CodeCommit
AWS CodeStar
AWS CodeBuild
AWS CodePipeline
With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster.
AWS CodeBuild is incorrect because this is just a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy.
AWS CodeCommit is incorrect because this is simply a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories.
AWS CodePipeline is incorrect because this basically helps you automate your release pipelines for fast and reliable application and infrastructure updates. It doesn’t provide an entire development and continuous delivery toolchain for coding, building, testing, and deploying your application code, unlike AWS CodeStar.
113
Which of the following does the Enterprise support plan provide to customers in AWS? (Select TWO.)
Limited access to the 7 Core Trusted Advisor checks
15-minute response time support if your production system goes down
Proactive Technical Account Management
Access to online self-paced labs
5-minute response time support if your business-critical system goes down
Proactive Technical Account Management
Access to online self-paced labs
The option that says: Limited access to the 7 Core Trusted Advisor checks is incorrect because the Enterprise support plan has access to the full set of Trusted Advisor checks.
The option that says: 15-minute response time support if your production system goes down is incorrect because the Enterprise support plan actually provides a 1-hour response time for this kind of incident.
The option that says: 5-minute response time support if your business-critical system goes down is incorrect because the Enterprise support plan actually provides a 15-minute response time for this type of outage.
114
A startup is in need of a database that is capable of self-healing and has a high throughput. Which of the following services fits these criteria?
Amazon Aurora
Amazon RDS
Amazon Redshift
Amazon DynamoDB
Amazon Aurora
Amazon RDS is incorrect. Although it is similar to Amazon Aurora such that they are both SQL databases, RDS does not have self-healing capabilities.
Amazon DynamoDB and Amazon Redshift are both incorrect since these services are not self-healing databases. Amazon Redshift is considered more as a data warehouse rather than a database.
115
What type of service is AWS Elastic Beanstalk?
IaaS
PaaS
DBaaS
SaaS
Platform as service - PaaS services include AWS Elastic Beanstalk, which provides you a platform to launch your applications, while the service prepares all the necessary infrastructure to run your application.
116
What are the benefits of using Amazon DynamoDB as your database? (Select TWO.)
DynamoDB offers 11 9’s in terms of durability, according to the SLA
You can perform very complex queries and joins without deterioration in performance
DynamoDB is self-healing, which means your data is scanned for errors and is repaired continuously
Database size scales automatically so you won’t have to worry about capacity
You can store different kinds of unstructured data that would normally not be suitable for relational databases
– Database size scales automatically so you won’t have to worry about capacity
– You can store different kinds of unstructured data that would normally not be suitable for relational databases
The option that says: DynamoDB is self-healing, which means your data is scanned for errors and is repaired continuously is incorrect because DynamoDB is not a self-healing database and it doesn’t automatically scan or repair your data. An example of a self-healing database in AWS is Amazon Aurora in which the concept of “self-healing” relates to the underlying infrastructure.
The option that says: DynamoDB offers 11 9’s in terms of durability, according to the SLA is incorrect because it does not offer 11 9’s in durability, unlike Amazon S3.
The option that says: You can perform very complex queries and joins without deterioration in performance is incorrect because usually, with NoSQL databases, you would not perform complex queries due to the unstructured formatting of your data. Complex queries are better performed in SQL databases due to predictable structuring.
117
A number of servers in your on-premises data center have been collecting dust over the past few years. What is the benefit of moving to the Cloud in this case?
AWS has automated services for you
Physical servers are managed and maintained by AWS for you
The ability to provision resources only when you need them
The ability to pay for only what you use
The ability to provision resources only when you need them
118
Which of the following advantages of cloud computing describes the continual price reduction of AWS services?
Trade capital expense for variable expense
Stop guessing capacity
Benefit from massive economies of scale
Stop spending money running and maintaining data centers
Benefit from massive economies of scale
119
Which of the following services simplifies contact center operations, improves agent efficiency, lowers costs, and can scale to support millions of customers?
Amazon WorkSpaces
AWS Direct Connect
Amazon Lex
Amazon Connect
Amazon Connect.
Amazon Lex is incorrect because this is just a service for building conversational interfaces into any application using voice and text.
120
A developer needs to install their application in Docker containers. Which of the following services eliminates the need to manage containers manually?
Amazon EC2
Amazon FSx
AWS Fargate
Amazon ECS
AWS Fargate is a serverless compute engine for containers.
Amazon FSx is incorrect because this is primarily used as a file system for Windows-based applications.
Amazon ECS is incorrect because by using this service, you still need to manage your own EC2 instances where your containers are hosted.
Amazon EC2 is incorrect since you still need to provision and manage your Docker containers that are hosted in these EC2 instances.
121
Which of the following cost management capabilities does AWS immediately provide you even before you create your AWS account?
Allows you to organize your resources according to your own cost allocation tagging strategy.
Allows you to estimate your monthly spending in AWS.
Allows you to create monthly reports on the cost behavior of your resources.
Allows you to request billing discounts in exchange for a committed level of instance usage.
Allows you to estimate your monthly spending in AWS.
122
What is the cloud computing model for services like Amazon RDS and Amazon ECS?
FaaS
SaaS
IaaS
PaaS
PaaS - you don’t need to worry about setting up servers, storage, and network. You only manage the application and the data.
123
A customer plans to use Amazon S3 to store their less frequently accessed data and reduce their costs. The data is re-creatable and will be used as a secondary backup. They also require S3’s low latency and high throughput performance. Which of the following storage classes is the cheapest and most suitable option?
S3 Standard
S3 Glacier Deep Archive
S3 Glacier
S3 One Zone-IA
S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed.
S3 Standard is incorrect because it is not the cheapest option available.
S3 Glacier and S3 Glacier Deep Archive are both incorrect because they are designed for low-cost data archiving. These storage classes have retrieval options that take from a few minutes to hours.
124
Which of the following support plans provides access to the AWS Personal Health Dashboard?
Developer, Business, Enterprise
Basic, Developer, Business
Basic, Developer, Business, Enterprise
Basic, Business, Enterprise
Basic, Developer, Business, Enterprise
125
A company is using Cost Explorer to gain an understanding of its cost trends in AWS. How many months of historical data can Cost Explorer store and display?
12 Months
6 Months
15 Months
3 Months
12 Months
126
A customer needs to store objects that are frequently accessed. To help the customer save costs, you must select a storage service free from retrieval charges. Which of the following S3 storage classes would meet this requirement? (Select TWO.)
```
S3 Intelligent Tiering
S3 One Zone IA
S3 Standard
S3 Standard-IA
S3 Glacier Deep Archive
```
– S3 Standard
– S3 Intelligent-Tiering
S3 Glacier Deep Archive, S3 Standard-IA, and S3 One Zone-IA are all incorrect since these storage tiers have object retrieval fees.
127
Which of the following services connects VPCs and on-premises networks through a central hub?
AWS Transit Gateway
AWS Direct Connect
Amazon VPC Peering
AWS Client VPN
AWS Transit Gateway.
AWS Client VPN is incorrect because this is just a VPN service used to securely access your AWS resources and resources in your on-premises network. You can’t use AWS Client VPN to connect and manage multiple VPCs.
VPC Peering is incorrect. Although this service could connect two or more VPCs, it is not appropriate to use if you are managing multiple VPC peering connections and on-premises networks at scale.
AWS Direct Connect is incorrect because this is a dedicated network connection from your on-premises to AWS. Direct Connect doesn’t support the peering between VPCs unless it is associated with Transit Gateway.
128
Which of the following services displays the general status of all available AWS Services and informs you if a service is experiencing availability issues?
AWS Service Health Dashboard
AWS CloudTrail
AWS Personal Health Dashboard
Amazon CloudWatch
AWS Service Health Dashboard
129
Which AWS services should you use to upload SSL certificates? (Select TWO.)
```
AWS License Manager
AWS Certificate Manager
AWS Systems Manager
AWS KMS
AWS IAM
```
– AWS Certificate Manager
– AWS Identity and Access Management
AWS License Manager is incorrect because this service is mainly used for managing software licenses from different vendors (Microsoft, Oracle, SAP, IBM)
130
Which of the following pricing options will automatically reduce your cost on any EC2 instance usage regardless of region, instance family, size, OS, or tenancy?
On-Demand Instances
Dedicated Hosts
Savings Plans
Reserved Instances
Savings Plans
131
What types of caching solutions are available in Amazon ElastiCache? (Select TWO.)
```
Amazon ElastiCache for Serverless
Amazon ElastiCache for Redis
Amazon ElastiCache for Memcached
Amazon ElastiCache for Apache Kafka
Amazon ElastiCache for Apache Ignite
```
Amazon ElastiCache for Redis
| Amazon ElastiCache for Memcached
132
Which service should you use to run complex analytic queries against terabytes to petabytes of structured data?
Amazon DynamoDB
Amazon Redshift
Amazon S3
Amazon Neptune
Amazon Redshift
133
A company plans to restrict access to content served from an Amazon S3 bucket using Amazon CloudFront. Which of the following features can you use to satisfy this requirement?
Server Name Indication
Service Control Policies
Origin Access Identity
Sticky Sessions
An Origin Access Identity is used for sharing private content through CloudFront.
Service Control Policies is incorrect because this is an AWS Organization policy and not an Amazon CloudFront feature.
134
A company plans to encrypt and manage its own encryption keys using a single-tenant hardware security module. The company must also have exclusive control over how its keys are used via an authentication mechanism independent from AWS.
```
Which service would meet that requirement?
Amazon GuardDuty
Amazon S3
AWS KMS
AWS CloudHSM
```
AWS CloudHSM is standards-compliant and enables you to export all of your keys to most other commercially available HSMs,
AWS KMS is incorrect because this service is primarily used to create and manage cryptographic keys, and control their use across a wide range of AWS services and in your applications. Requirement in the scenario is to have exclusive control over how its keys are used via an authentication mechanism independent from AWS.
135
```
Which AWS team can assist you when your systems are impacted by AWS resources engaging in abusive activities such as phishing, malware, spam, and denial of service (DoS) or distributed denial of service (DDoS) incidents?
Concierge Support
AWS Support API
AWS Trust & Safety
Architecture Support
```
AWS Trust & Safety
Concierge Support is incorrect because this is a team of experts that quickly and efficiently assist you with your billing and account inquiries, and work with you to implement billing and account best practices so that you can focus on running your business.
AWS Support API is incorrect because this is not a team in AWS, but a collection of APIs that provides programmatic access to AWS Support Center features. This is primarily used to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status.
Architecture Support is incorrect because this is a team that guides customers on how AWS services fit together to meet a specific architecture, use-case, workload, or application.
136
A high-performance computing (HPC) application needs a storage service in AWS that can be used as a centralized Windows File Server for multiple EC2 instances.
```
Which of the following should they use?
Amazon S3
Amazon EFS
Amazon FSx
Amazon EBS
```
Amazon FSx makes it easy and cost-effective to launch and run popular file systems.
Amazon EFS is incorrect. Although it is a shared file system storage, EFS only supports Linux workloads.
Amazon EBS is incorrect. An EBS volume can only be accessed by multiple EC2 instances if it is a Provisioned IOPS EBS volume. A more suitable option here is to use Amazon FSx for Windows File Server.
137
```
Which of the following services connects VPCs and on-premises networks through a central hub?
AWS Client VPN
Amazon VPC Peering
AWS Direct Connect
AWS Transit Gateway
```
AWS Transit Gateway connects VPCs and on-premises networks through a central hub.
AWS Direct Connect is incorrect because this is a dedicated network connection from your on-premises to AWS. Direct Connect doesn't support the peering between VPCs unless it is associated with Transit Gateway.
138
Which of the following provides a collection of technical resources to help you build more effectively and efficiently in the AWS Cloud?
AWS Trusted Advisor
AWS Organizations
AWS Architecture Center
AWS Config
AWS Architecture Center.
AWS Trusted Advisor is incorrect because this is just an online tool that provides real-time guidance to help you provision your resources following AWS best practices.
139
```
Which is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy?
AWS CodeDeploy
AWS CodePipeline
AWS CodeCommit
AWS CodeBuild
```
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
CodeDeploy is primarily used to automate code deployments to any instance, including EC2 instances and instances running on-premises. CodePipeline is a continuous delivery service while CodeCommit is a fully-managed source control service
140
```
A developer plans to build a serverless application with a key-value database. Which of the following AWS services can be used to fulfill this requirement? (Select TWO.)
Amazon RDS
AWS Lambda
Amazon DynamoDB
Amazon ECR
Amazon SageMaker
```
- AWS Lambda
- Amazon DynamoDB
Amazon RDS is incorrect because it is not a key-value database. RDS is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. Also, RDS is not a suitable fit for key-value pairs.
Amazon ECR is incorrect because this is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images. ECR is not a serverless computing service. If you want to have a serverless container, you can use AWS Fargate.
Amazon SageMaker is incorrect because this is not a serverless service. SageMaker is primarily used to build, train, and deploy machine learning (ML) models quickly.
141
Which of the following is a benefit of using AWS Global Accelerator?
Decreased latency in accessing applications hosted in AWS
Accelerates server performance of your Amazon EC2 instances globally
Reduced server costs in running AWS Services
Provides a highly durable data store in AWS
Decreased latency in accessing applications hosted in AWS
142
An organization is mandated to secure its Amazon S3 bucket and ensure that it cannot have any public objects to satisfy the compliance requirements.
```
What S3 feature should be used to easily accomplish this?
Block Public Access
Network ACL
Security Groups
VPC Endpoint
```
Amazon S3 provides Block Public Access settings for buckets and accounts to help you manage public access to Amazon S3 resources.
Network ACL is incorrect because a Network ACL is primarily used for VPCs and not in S3 buckets.
Security Group is incorrect because Amazon S3 doesn't have a security group.
143
```
What is the MOST affordable AWS Support plan that provides users access to the AWS Support API?
Basic
Developer
Business
Enterprise
```
Business
144
```
A developer needs to set up a message broker service for Apache ActiveMQ for its enterprise application running in AWS. Which service should be used in this scenario?
Amazon Simple Email Service
Amazon Chime
Amazon WorkMail
Amazon MQ
```
Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud
145
Which of the following are the capabilities provided by Amazon Route 53? (Select TWO.)
```
Resource metrics collection
Web traffic filtering
Domain Registration
DNS Resolution
DDoS Protection
```
Domain Registration
| DNS Resolution
146
Which of the following AWS resources is a zonal service? (Select TWO.)
```
Amazon S3
Amazon EBS
Amazon Route 53
AWS IAM
Amazon EC2
```
– Amazon EC2
– Amazon EBS
Amazon EC2 is a compute capacity in the cloud and Amazon EBS is a block storage service. Both are created in a specific Availability Zone, and EBS can be attached to any instances in that same Availability Zone.
Amazon S3, Amazon Route 53, and AWS IAM are all incorrect because these are global services offered by AWS.
147
A company needs to store frequently accessed data in Amazon S3. How will AWS bill you for storing objects in your S3 buckets?
Per Hour or Second
Per Unique File Type
Per GB
By Instance Type
Per GB
The usage of an EC2 instance is calculated by the hour or second based on the size of the instance, operating system, and the AWS Region where the instances are launched
148
Which service enables you to set up directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory?
AWS Site-to-Site VPN
AWS Direct Connect
AWS Directory Service
Amazon Connect
AWS Directory Service
149
Which feature will customers have access to by using the AWS Business Support plan?
Technical Account Manager
Access to online self-paced labs
Concierge Support Team
Architecture Support
Architecture Support
150
A company needs access to the full set of monitoring checks in AWS Trusted Advisor to ensure that its cloud environment is well-architected.
What is the MOST cost-effective support plan that the company should avail of?
Enterprise
Business
Basic
Developer
Business
151
Which AWS service provides automated reference deployments for key workloads in AWS via CloudFormation templates?
AWS OpsWorks
AWS Config
AWS Quick Starts
AWS Systems Manager Automation
AWS Quick Starts
152
Which AWS service provides tracing and monitoring capabilities for your Lambda function?
AWS Shield
AWS X-Ray
Amazon Macie
Amazon Inspector
AWS X-Ray
153
Which of the following AWS Cost Management tools enable you to forecast future costs and usage of your AWS resources based on your past consumption?
AWS Pricing Calculator
AWS Cost and Usage report
Cost Explorer
Amazon Forecast
Cost Explorer
154
Which of the following Cost Management Tools allows you to track your Amazon EC2 Reserved Instance (RI) usage and view the discounted RI rate that was charged to your resources?
AWS Cost and Usage report
AWS Systems Manager
AWS Cost Explorer
AWS Budgets
AWS Cost and Usage report
155
Which of the following purchase options offers the most significant discount compared to On-Demand instance pricing to process steady-state workloads that will continuously be running for a year?
Convertible Reserved Instance
Standard Reserved Instance
Dedicated Instance
Scheduled Reserved Instance
Standard Reserved Instances provide you with a significant discount compared to On-Demand instance pricing and can be purchased for a 1-year or 3-year term
156
Which of the following are the characteristics of Amazon EC2 Convertible Reserved Instances? (Select TWO.)
Allows the change of instance family, operating system, tenancy, and payment option
Allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month
Allows you to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or lesser value
Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value
Provides the most significant discount of the RI types and are best suited for steady-state usage
– ALlows the change of instance family, operating system, tenancy, and payment option.
– Has the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value.
157
Which of the following provides you access to Reserved Instance (RI) purchase recommendations based on your past usage and indicate potential opportunities for savings as compared to On-Demand usage?
AWS Cost Explorer
AWS Cost and Usage report
AWS Billing Dashboard
AWS Budgets
AWS Cost Explorer
158
Which of the following statements is true for AWS CloudTrail?
CloudTrail charges you for every management event trail created
When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default
CloudTrail is disabled by default for newly created AWS accounts
CloudTrail is able to capture application error logs from your EC2 instances
When you create a trail in the AWS Management Console, the trail applies to all AWS Regions by default
159
What feature will allow you to label and sort your EC2 instances according to their deployment stage (development, staging, production)?
Instance metadata
Instance type
Instance userdata
Instance tags
Instance tags
Instance metadata is incorrect because it just details the server and network information of the instance itself. This is automatically generated for you by AWS when you launch an instance. To add metadata of your own, use tags.
Instance user data is incorrect because this is just a custom script that you prepare if you want your instance to be initialized every time it is launched. You cannot add metadata such as environment tags here
160
Which of the following AWS well-architected pillars discusses the use of the right computing resources to meet demand levels even as the demand changes and technologies evolve?
Operational Excellence
Reliability
Performance Efficiency
Cost optimization
Performance Efficiency
161
A company is planning to deploy their high-frequency trading (HFT) application which will store constantly changing financial data in AWS and require low latency access. Which AWS services below should you use? (Select TWO.)
```
Amazon S3
Amazon RDS
Amazon EFS
Amazon Glacier
AWS Snowball
```
Amazon RDS
Amazon EFS
Amazon S3 is incorrect because although you can technically use this service as a data storage for rapidly changing data, this entails high latency since S3 is located outside of your VPC.
Amazon Glacier is not suitable to be used for applications with rapidly changing data.
162
Which of the following services should you use to deploy and easily rollback a web application from your Git repository to your on-premises server?
AWS OpsWorks
AWS Systems Manager
AWS CloudFormation
AWS Elastic Beanstalk
AWS OpsWorks
AWS CloudFormation and AWS Elastic Beanstalk are incorrect because these services can only deploy applications to your AWS resources and not to the servers located in your on-premises data center.
163
Which AWS support plan includes a Concierge Support Team which will assist you with your billing and account inquiries, and work with you to implement billing and account best practices?
Developer support plan
Enterprise support plan
Business support plan
Basic support plan
Enterprise support plan
164
Which of the following Amazon EC2 instance purchasing options can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses?
On-Demand Instance
Dedicated Instance
Dedicated Host
Reserved Instance
Dedicated Host
Dedicated Instance purchasing option is incorrect because although Dedicated instances also run on dedicated hardware, Dedicated Hosts provide further visibility and control by allowing you to place your instances on a specific, physical server
165
Which of the following is typically used to secure your VPC subnets?
Security Group
AWS IAM
AWS Config
Network ACL
Network ACL
Security group is incorrect because this is used to secure your resource-level network such as EC2 instances and RDS databases, in a similar way with how network ACLs work. However, security groups do not operate on the subnet level.
166
Which of the following AWS services are not considered to be region-specific services? (Select TWO.)
```
Amazon Route 53
AWS WAF
AWS CloudTrail
AWS Lambda
Amazon VPC
```
Amazon Route 53 and AWS WAF are both global services
AWS Lambda, AWS CloudTrail, and Amazon VPC are all incorrect because these are region-specific services.
167
Which of the following services are part of the AWS serverless platform that does not require provisioning, maintaining, and administering servers for backend components? (Select TWO.)
```
Amazon API Gateway
Amazon OpenSearch
Amazon ElastiCache
Amazon EMR
Lambda@Edge
```
– Amazon API Gateway
– Lambda@Edge
All of the other options are incorrect because you still need to choose which type of EC2 instance type will be used for running these services as well as its scaling capability.
168
What services has built-in DDoS mitigation and/or protection?
a) SNS
b) EC2
c) None of these apply
d) RDS
c) None of these apply
AWS services with built-in DDoS mitigation/protection include: 1) Route 53 2) CloudFront 3) WAF (web application firewall) 4) Elastic Load Balancing 5) VPCs and Security Groups https://linuxacademy.com/cp/courses/lesson/course/1548/lesson/5/module/154
169
How many VPCs are created by default in a region?
```
a) 2
b) 3
c) 4
d) 1
```
d) 1
By default, when an AWS account is created, each region will get 1 VPC.
170
What is NACL?
a) A logically isolated section of AWS
b) A table of rules that directs traffic flow in a network
c) A firewall on the subnet level
d) A firewall on the instance level
c) A firewall on the subnet level
A NACL is a firewall on the subnet level.
171
VPCs span all of these except for _____.
```
a) AWS Regions
b) Availability Zones
c) AWS Resources
d) Subnets
```
a) AWS Regions
VPCs cannot span AWS Regions.
172
A security group is a _____ on the _____ level.
```
a) Firewall, Instance
b) Firewall, AWS
c) Firewall, VPC
d) Firewall, Subnet
```
a) Firewall, Instance
A security group is a firewall on the instance level.
173
Which of the following will connect instances within a VPC to networks outside of the VPC and provides Internet access for the VPC?
```
a) Subnet
b) Route Table
c) Internet Gateway
d) NACL
```
c) Internet Gateway
An internet gateway connects instances within a VPC to the network outside of the VPC. Video for reference: Internet Gateways and Route Tables
174
```
Which of the following is *not* a method of getting or using MFA codes?
a) Single sign-on
b) Virtual MFA Device
c) Hardware key fob
d) API keys
```
a) Single sign-on
175
```
In this scenario, we have an IAM User with an _AWSDenyAll_ policy, but this user is also in an IAM Group with access to various AWS services. These services include S3, EC2, VPC, and IAM. Which of the following resources can this user access?
a) S3 and VPC
b) EC2
c) The IAM user cannot access any of the AWS services
d) VPC And EC2
```
c) The IAM user cannot access any of the AWS services
This IAM User will not be able to access any of the AWS services because the user is attached to an _AWSDenyAll_ policy regardless of being in an IAM Group with access to these services. This is because an explicit deny always overrides and explicit allow. Video for reference: Overview of Identity and Access Management Part 2
176
```
By default, which timeframe does CloudWatch provide free analysis metrics?
a) 5 minutes
b) 1 minute
c) 30 seconds
d) 10 minutes
```
a) 5 minutes
By default, CloudWatch analyzes AWS resources for metrics every 5 minutes for free. Video for reference: CloudWatch Monitoring, Metrics, and Logs
177
Which service stores log events for CloudTrail?
```
a) IAM
b) CloudWatch
c) S3
d) CloudTrail
```
c) S3
S3 is the service in which CloudTrail logs events. It logs the events as an S3 object.
178
Which of the following examples best demonstrates the agility that cloud computing offers?
a) Protect your data by centralizing your applications in one Availability Zone.
b) Increase network throughput with AWS Direct Connect (DX) nodes.
c) Spin up servers in minutes, and shut down servers when you don't need them.
d) Quickly deploy multi—factor authentication (MFA) to multiple data centers.
(c) Spin up servers in minutes, and shut down servers when you don't need them.
179
Users of your services are reporting latency. With on-premises architecture you would notify your Administrator to launch another server to balance the load. How can this be automated using AWS?
a) Create a new template using AWS CloudFormation.
b) Enable AWS CloudTrail to monitor latency issues.
c) Enable an Amazon CloudWatch alarm to trigger a scaling policy.
d) Create six Amazon EC2 instances in different Availability Zones.
(c) Enable an Amazon CloudWatch alarm to trigger a scaling policy.
180
Which AWS service enables you to repeatedly and predictably provision resources to power your applications?
a) AWS CloudFormation
b) AWS Cloud Map
c) AWS CloudTrail
d) Amazon CloudFront
(a) AWS CloudFormation
181
You have an application composed of individual services
and you need to route a request to a service based on the
content of the request. What type of load balancer should
you use?
a) Application Load Balancer
b) Classic Load Balancer
c) Network Load Balancer
d) VPN Load Balancer
(a) Application Load Balancer
182
An intern at an IT company provisioned a Linux based On-demand EC2 instance with per-second billing but terminated it within 30 seconds as he wanted to provision another instance type. What is the duration for which the instance would be charged?
a. 600 seconds
b. 300 seconds
c. 60 seconds
d. 30 seconds
c. 60 seconds
183
Which of the following AWS Support plans provides access to online training with self-paced labs?
a. Business
b. Enterprise
c. Developer
d. Basic
b. Enterprise
184
Which of the following AWS authentication mechanisms supports a Multi-Factor Authentication (MFA) device that you can plug into a USB port on your computer?
a. U2F security key
b. Virtual MFA device
c. SMS text messaged-based MFA
d. Hardware MFA device
a
185
An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case? (Select two)
a. Step Function
b. EC2 Instance
c. Lambda
d. Systems Manager
e. CloudWatch
c. Lambda
| e. CloudWatch
186
Data encryption is automatically enabled for which of the following AWS services? (Select two)
a. Amazon RedShift
b. Amazon EBS volumes
c. Amazon EFS drives
d. Amazon S3 Glacier
e. AWS Storage Gateway
d. Amazon S3 Glacier
| e. AWS Storage Gateway
187
An AWS user is trying to launch an EC2 instance in a given region. What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this EC2 instance?
a. You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance.
b. You can use an AMI from a different region, but it degrades the performance of the EC2 instance.
c. You should us an AMI from the same region, as it improves the performance of the EC2 instance.
d. An AMI is a global entity, so the region is NOT applicable.
a. You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance.
188
A start-up would like to quickly deploy a popular technology on AWS. As a Cloud Practitioner, which AWS tool would you use for this task?
a. AWS Quick Start References
b. AWS Whitepapers
c. AWS Forums
d. AWS CodeDeploy
a. AWS Quick Start References
189
A Cloud Practitioner would like to deploy identical resources across all regions and accounts using templates while estimating costs. Which AWS service can assist with this task?
a. Amazon LightSail
b. AWS CloudFormation
c. AWS Directory Service
d. AWS CodeDeploy
b. AWS CloudFormation
190
Which of the following options is NOT a feature of Amazon Inspector?
a. Automate security assessments
b. Track configuration changes
c. Analyze against unintended network accessibility
d. Inspect running operating systems (OS) against known vulnerabilities
b. Track configuration changes
191
A corporation would like to have a central user portal to log in to third-party business applications as well as accounts managed under AWS Organizations. As a Cloud Practitioner, which AWS service would you use for this task?
a. AWS Command Line Interface (CLI)
b. AWS Cognito
c. AWS Identity and Access Management (IAM)
d. AWS Single Sign-On (SSO
d. AWS Single Sign-On (SSO)
192
Which pillar of the AWS Well-Architected Framework recommends maintaining infrastructure as code?
a. Operational Excellence
b. Performance Efficiency
c. Security
d. Cost Optimization
a. Operational Excellence
193
A photo sharing web application wants to store thumbnails of user-uploaded images on Amazon S3. The thumbnails are rarely used but need to be immediately accessible from the web application. The thumbnails can be regenerated easily if they are lost. Which is the most cost-effective way to store these thumbnails on S3?
a. Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails.
b. Use S3 Standard to store the thumbnails.
c. Use S3 Standard Infrequent Access (Standard-IA) to store the thumbnails.
d. Use S3 Glacier to store the thumbnails.
a. Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails.
194
A unicorn startup is building an analytics application with support for a speech-based interface. The application will accept speech-based input from users and then convey results via speech. As a Cloud Practitioner, which solution would you recommend for the given use-case?
a. Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Translate to convey the text results via speech.
b. Use Amazon Translate to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.
c. Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Transcribe to convey the text results via speech.
d. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.
d. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.
d. Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to convey the text results via speech.
195
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?
a. Amazon Trusted Advisor
b. Amazon Inspector
c. AWS Systems Manager
d. AWS Personal Health Dashboard
c. AWS Systems Manager
c. AWS Systems Manager
196
A financial services enterprise plans to enable Multi-Factor Authentication (MFA) for its employees. For ease of travel, they prefer not to use any physical devices to implement MFA. Which of the below options is best suited for this use case?
a. Soft Token MFA device
b. Hardware MFA device
c. U2F security key
d. Virtual MFA device
d. Virtual MFA device
197
Which AWS Route 53 routing policy would you use to route traffic to multiple resources and also choose how much traffic is routed to each resource?
a. Failover routing policy
b. Weighted routing policy
c. Simple routine policy
d. Latency routing policy
b. Weighted routing policy
198
Which AWS service can be used to subscribe to an RSS feed to be notified of services' interruptions?
a. Amazon SNS
b. AWS Lambda
c. AWS Personal Health Dashboard
d. AWS Service Health Dashboard
d. AWS Service Health Dashboard
199
A data analytics company is running a proprietary batch analytics application on AWS and wants to use a storage service which would be accessed by hundreds of EC2 instances simultaneously to append data to existing files. As a Cloud Practitioner, which AWS service would you suggest for this use-case?
a. S3
b. EFS
c. Instance Store
d. EBS
b. EFS
200
A financial services company wants to ensure that its AWS account activity meets the governance, compliance and auditing norms. As a Cloud Practitioner, which AWS service would you recommend for this use-case?
a. ) Config
b. ) Trusted Advisor
c. ) CloudWatch
d. ) CloudTrail
D.) CloudTrail
You can use CloudTrail to log, monitor and retain account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
201
Which of the following AWS services offer block-level storage? (Select two)
a. S3
b. EBS
c. ECS
d. EFS
e. Instance Store
b. EBS
| e. Instance Store
202
Due to regulatory and compliance reasons, an organization is supposed to use a hardware device for any data encryption operations in the cloud. Which AWS service can be used to meet this compliance requirement?
a. AWS Trusted Advisor
b. AWS Key Management Service (KMS)
c. AWS CloudHSM
d. AWS Secrets Manager
c. AWS CloudHSM
AWS CloudHSM is a service for creating and managing cloud-based hardware security modules.
AWS Key Management Service (AWS KMS) lets you create, store, and manage KMS keys securely.
