Amazon CLF-C02 Practice Test PDF

Summary

This document is an AWS CLF-C02 practice test containing questions and answers related to cloud computing concepts. The questions cover topics such as the shared responsibility model, AWS services (e.g., Amazon EC2, Storage Gateway), and availability zones.

Full Transcript

AWS CLF-C02 Practice Test
Number:
Passing Score: 800
Time Limit: 120
File Version: 27

CLF-C02: AWS Certified Cloud Practitioner
Exam A

QUESTION 1
According to the AWS shared responsibility model, which of the following are AWS responsibilities?
(Select TWO.)

A. Network infrastructure and virtualization of infrastructure
B. Security of application data
C. Guest operating systems
D. Physical security of hardware
E. Credentials and policies

Correct Answer: A, D
Section:
Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure
and physical security of hardware are AWS responsibilities according to the AWS shared responsibility
model. The AWS shared responsibility model is a framework that defines the division of
responsibilities between AWS and the customer for security and compliance. AWS is responsible for
the security of the cloud, which includes the global infrastructure, such as the regions, availability
zones, and edge locations; the hardware, software, networking, and facilities that run the AWS
services; and the virtualization layer that separates the customer instances and storage. The customer
is responsible for the security in the cloud, which includes the customer data, the guest operating
systems, the applications, the identity and access management, the firewall configuration, and the
encryption. The other options are incorrect because they are not AWS responsibilities according to
the AWS shared responsibility model. Security of application data, guest operating systems, and
credentials and policies are customer responsibilities according to the AWS shared responsibility
model. Reference: [AWS Shared Responsibility Model]

QUESTION 2
Which options does AWS make available for customers who want to learn about security in the cloud
in an instructor-led setting? (Select TWO.)

A. AWS Trusted Advisor
B. AWS Online Tech Talks
C. AWS Blog
D. AWS Forums
E. AWS Classroom Training

Correct Answer: B, E
Section:
Explanation:
The correct answers are B and E because AWS Online Tech Talks and AWS Classroom Training are
options that AWS makes available for customers who want to learn about security in the cloud in an
instructor-led setting. AWS Online Tech Talks are live, online presentations that cover a broad range of
topics at varying technical levels. AWS Online Tech Talks are delivered by AWS experts and feature live
Q&A sessions with the audience. AWS Classroom Training are in-person or virtual courses that
are led by accredited AWS instructors. AWS Classroom Training offer hands-on labs, exercises, and
best practices to help customers gain confidence and skills on AWS. The other options are incorrect
because they are not options that AWS makes available for customers who want to learn about
security in the cloud in an instructor-led setting. AWS Trusted Advisor is an AWS service that provides
real-time guidance to help customers follow AWS best practices for security, performance, cost
optimization, and fault tolerance. AWS Blog is an AWS resource that provides news, announcements,
and insights from AWS experts and customers. AWS Forums are AWS resources that enable
customers to interact with other AWS users and get feedback and support. Reference: AWS Online
Tech Talks, AWS Classroom Training

QUESTION 3
A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises
backup server is running out of space. The company wants to use AWS services for the backups
without changing its existing backup workflows.
Which AWS service should the company use to meet these requirements?

A. Amazon Elastic Block Store (Amazon EBS)
B. AWS Storage Gateway
C. Amazon Elastic Container Service (Amazon ECS)
D. AWS Lambda

Correct Answer: B
Section:
Explanation:
The correct answer is B because AWS Storage Gateway is a service that should be used by the
company to meet the requirements. AWS Storage Gateway is a service that connects on-premises
software applications with cloud-based storage. AWS Storage Gateway supports three types of
gateways: file gateway, volume gateway, and tape gateway. The tape gateway type enables users to
back up and archive data to virtual tapes in AWS without changing their existing backup workflows.
Users can use their existing backup applications and tape libraries to store data on virtual tapes in
Amazon S3 or Amazon S3 Glacier. The other options are incorrect because they are not services that
should be used by the company to meet the requirements. Amazon Elastic Block Store (Amazon EBS)
is a service that provides block-level storage volumes for Amazon EC2 instances. Amazon Elastic
Container Service (Amazon ECS) is a service that enables users to run, scale, and secure containerized
applications on AWS. AWS Lambda is a service that enables users to run code without provisioning or
managing servers. Reference: AWS Storage Gateway FAQs

QUESTION 4
Which AWS Support plan provides customers with access to an AWS technical account manager
(TAM)?

A. AWS Basic Support
B. AWS Developer Support
C. AWS Business Support
D. AWS Enterprise Support

Correct Answer: D
Section:
Explanation:
The correct answer is D because AWS Enterprise Support is the support plan that provides customers
with access to an AWS technical account manager (TAM). AWS Enterprise Support is the highest level
of support plan offered by AWS, and it provides customers with the most comprehensive and
personalized support experience. An AWS TAM is a dedicated technical resource who works closely
with customers to understand their business and technical needs, provide proactive guidance, and
coordinate support across AWS teams. The other options are incorrect because they are not support
plans that provide customers with access to an AWS TAM. AWS Basic Support is the default and free
support plan that provides customers with access to online documentation, forums, and account
information. AWS Developer Support is the lowest level of paid support plan that provides customers
with access to technical support during business hours, general guidance, and best practice
recommendations. AWS Business Support is the intermediate level of paid support plan that provides
customers with access to technical support 24/7, system health checks, architectural guidance, and
case management. Reference: AWS Support Plans

QUESTION 5
A company is designing a web application that will run on Amazon EC2 instances.
Which AWS services and features will improve availability and reduce the impact of failures for this
application?
(Select TWO.)

A. Amazon EC2 Auto Scaling for the EC2 instances
B. VPC subnet ACLs to check the health of a service
C. Resources that are distributed across multiple Availability Zones
D. Configuration of AWS Server Migration Service (AWS SMS) to move the EC2 instances to a
different AWS Region
E. Resources that are distributed across multiple AWS points of presence

Correct Answer: A, C
Section:
Explanation:
The correct answers are A and C because Amazon EC2 Auto Scaling and resources that are distributed
across multiple Availability Zones are AWS services and features that will improve availability and
reduce the impact of failures for the web application. Amazon EC2 Auto Scaling is a service that
enables users to automatically adjust the number of Amazon EC2 instances in response to changes in
demand or performance. Amazon EC2 Auto Scaling helps users to maintain optimal availability and
performance of their applications by adding or removing instances as needed.
Resources that are distributed across multiple Availability Zones are AWS features that enable users
to increase the fault tolerance and resilience of their applications. Availability Zones are isolated
locations within an AWS Region that have independent power, cooling, and networking. Users can
launch their resources, such as Amazon EC2 instances, in multiple Availability Zones to protect their
applications from the failure of a single location. The other options are incorrect because they are not
AWS services and features that will improve availability and reduce the impact of failures for the web
application. VPC subnet ACLs are AWS features that enable users to control the inbound and
outbound traffic to and from their subnets within a VPC. VPC subnet ACLs do not check the health of
a service, but rather filter the network traffic based on rules. Configuration of AWS Server Migration
Service (AWS SMS) is an AWS service that enables users to migrate their on-premises servers to AWS.
Configuration of AWS SMS does not help to move the Amazon EC2 instances to a different AWS
Region, but rather to migrate the servers from the source environment to AWS. Resources that are
distributed across multiple AWS points of presence are AWS features that enable users to deliver
content to their end users with low latency and high performance. AWS points of presence are edge
locations that are part of the AWS Global Infrastructure. Users can use services such as Amazon
CloudFront and AWS Global Accelerator to distribute their content across multiple AWS points of
presence. Reference: Amazon EC2 Auto Scaling, [Regions, Availability Zones, and Local Zones]

QUESTION 6
An Availability Zone consists of:

A. one or more data centers in a single location.
B. two or more data centers in multiple locations.
C. one or more physical hosts in a single data center.
D. two or more physical hosts in multiple data centers.

Correct Answer: A
Section:
Explanation:
The correct answer is A because an Availability Zone consists of one or more data centers in a single
location. An Availability Zone is an isolated location within an AWS Region that has independent
power, cooling, and networking. Each Availability Zone has one or more data centers that host the
physical servers and storage devices that run the AWS services. The other options are incorrect
because they are not accurate descriptions of an Availability Zone. Two or more data centers in
multiple locations are not an Availability Zone, but rather multiple Availability Zones within an AWS
Region. One or more physical hosts in a single data center are not an Availability Zone, but rather the
components of a data center within an Availability Zone. Two or more physical hosts in multiple data
centers are not an Availability Zone, but rather the components of multiple data centers within one or
more Availability Zones. Reference: [Regions, Availability Zones, and Local Zones]

QUESTION 7
A company wants to ensure that two Amazon EC2 instances are in separate data centers with minimal
communication latency between the data centers.
How can the company meet this requirement?

A. Place the EC2 instances in two separate AWS Regions connected with a VPC peering connection.
B. Place the EC2 instances in two separate Availability Zones within the same AWS Region.
C. Place one EC2 instance on premises and the other in an AWS Region. Then connect them by using
an AWS VPN connection.
D. Place both EC2 instances in a placement group for dedicated bandwidth.

Correct Answer: B
Section:
Explanation:
The correct answer is B because placing the EC2 instances in two separate Availability Zones within
the same AWS Region is the best way to meet the requirement. Availability Zones are isolated
locations within an AWS Region that have independent power, cooling, and networking. Users can
launch their resources, such as Amazon EC2 instances, in multiple Availability Zones to increase the
fault tolerance and resilience of their applications. Availability Zones within the same AWS Region are
connected with low-latency, high-throughput, and highly redundant networking. The other options
are incorrect because they are not the best ways to meet the requirement. Placing the EC2 instances
in two separate AWS Regions connected with a VPC peering connection is not the best way to meet
the requirement because AWS Regions are geographically dispersed and may have higher
communication latency between them than Availability Zones within the same AWS Region. VPC
peering connection is a networking connection between two VPCs that enables users to route traffic
between them using private IP addresses. Placing one EC2 instance on premises and the other in an
AWS Region, and then connecting them by using an AWS VPN connection is not the best way to meet
the requirement because on-premises and AWS Region are geographically dispersed and may have
higher communication latency between them than Availability Zones within the same AWS Region.
AWS VPN connection is a secure and encrypted connection between a user's network and their VPC.
Placing both EC2 instances in a placement group for dedicated bandwidth is not the best way to meet
the requirement because a placement group is a logical grouping of instances within a single
Availability Zone that enables users to launch instances with specific performance characteristics. A
placement group does not ensure that the instances are in separate data centers, and it does not
provide low-latency communication between instances in different Availability Zones. Reference:
[Regions, Availability Zones, and Local Zones], [VPC Peering], [AWS VPN], [Placement Groups]

QUESTION 8
A company wants to host its relational databases on AWS. The databases have predefined schemas
that the company needs to replicate on AWS.
Which AWS services could the company use for the databases? (Select TWO.)

A. Amazon Aurora
B. Amazon RDS
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune
E. Amazon DynamoDB

Correct Answer: A, B
Section:
Explanation:
: The correct answers are A and B because Amazon Aurora and Amazon RDS are AWS services that
the company could use for the relational databases. Amazon Aurora is a relational database that is
compatible with MySQL and PostgreSQL. Amazon Aurora is a fully managed, scalable, and
highperformance service that offers up to five times the throughput of standard MySQL and up to
three times the throughput of standard PostgreSQL. Amazon RDS is a service that enables users to set
up, operate, and scale relational databases in the cloud. Amazon RDS supports six popular database
engines: MySQL, PostgreSQL, Oracle, SQL Server, MariaDB, and Amazon Aurora. The other options are
incorrect because they are not AWS services that the company could use for the relational databases.
Amazon DocumentDB (with MongoDB compatibility) is a document database that is compatible with
MongoDB. Amazon Neptune is a graph database that supports property graph and RDF models.
Amazon DynamoDB is a key-value and document database. Reference: Amazon Aurora, Amazon RDS

QUESTION 9
Which of the following are benefits that a company receives when it moves an on-premises
production workload to AWS? (Select TWO.)

A. AWS trains the company's staff on the use of all the AWS services.
B. AWS manages all security in the cloud.
C. AWS offers free support from technical account managers (TAMs).
D. AWS offers high availability.
E. AWS provides economies of scale.

Correct Answer: D, E
Section:
Explanation:
The correct answers are D and E because AWS offers high availability and AWS provides economies of
scale are benefits that a company receives when it moves an on-premises production workload to
AWS. High availability means that AWS has a global infrastructure that allows customers to deploy
their applications and data across multiple regions and availability zones. This increases the fault
tolerance and resilience of their applications and reduces the impact of failures. Economies of scale
means that AWS can achieve lower variable costs than customers can get on their own. This allows
customers to pay only for the resources they use and scale up or down as needed. The other options
are incorrect because they are not benefits that a company receives when it moves an on-premises
production workload to AWS. AWS trains the company's staff on the use of all the AWS services is not
a benefit that a company receives when it moves an on-premises production workload to AWS. AWS
does provide various learning resources and training courses for customers, but it does not train the
company's staff on the use of all the AWS services. AWS manages all security in the cloud is not a
benefit that a company receives when it moves an on-premises production workload to AWS. AWS is
responsible for the security of the cloud, but the customer is responsible for the security in the cloud.
AWS offers free support from technical account managers (TAMs) is not a benefit that a company
receives when it moves an on-premises production workload to AWS. AWS does offer support from
TAMs, but only for customers who have the AWS Enterprise Support plan, which is not free.
Reference: What is Cloud Computing?, [AWS Shared Responsibility Model], [AWS Support Plans]

QUESTION 10
A company needs a content delivery network that provides secure delivery of data, videos,
applications, and APIs to users globally with low latency and high transfer speeds.
Which AWS service meets these requirements?

A. Amazon CloudFront
B. Elastic Load Balancing
C. Amazon S3
D. Amazon Elastic Transcoder

Correct Answer: A
Section:
Explanation:
The correct answer is A because Amazon CloudFront is an AWS service that provides secure delivery
of data, videos, applications, and APIs to users globally with low latency and high transfer speeds.
Amazon CloudFront is a fast content delivery network (CDN) that integrates with other AWS services,
such as Amazon S3, Amazon EC2, AWS Lambda, and AWS Shield. Amazon CloudFront delivers content
through a worldwide network of edge locations that are located close to the end users. The other
options are incorrect because they are not AWS services that provide secure delivery of data, videos,
applications, and APIs to users globally with low latency and high transfer speeds. Elastic Load
Balancing is an AWS service that distributes incoming traffic across multiple targets, such as Amazon
EC2 instances, containers, and IP addresses. Amazon S3 is an AWS service that provides object
storage for data of any size and type. Amazon Elastic Transcoder is an AWS service that converts
media files from their original source format into different formats that will play on various devices.
Reference: Amazon CloudFront FAQs

QUESTION 11
An application is running on multiple Amazon EC2 instances. The company wants to make the
application highly available by configuring a load balancer with requests forwarded to the EC2
instances based on URL paths.
Which AWS load balancer will meet these requirements and take the LEAST amount of effort to
deploy?

A. Network Load Balancer
B. Application Load Balancer
C. AWS OpsWorks Load Balancer
D. Custom Load Balancer on Amazon EC2

Correct Answer: B
Section:
Explanation:
The correct answer is B because Application Load Balancer is an AWS load balancer that will meet the
requirements and take the least amount of effort to deploy. Application Load Balancer is a type of
Elastic Load Balancing that operates at the application layer (layer 7) of the OSI model and routes
requests to targets based on the content of the request. Application Load Balancer supports
advanced features, such as path-based routing, host-based routing, and HTTP header-based routing.
The other options are incorrect because they are not AWS load balancers that will meet the
requirements and take the least amount of effort to deploy. Network Load Balancer is a type of Elastic
Load Balancing that operates at the transport layer (layer 4) of the OSI model and routes requests to
targets based on the destination IP address and port. Network Load Balancer does not support path-
based routing. AWS OpsWorks Load Balancer is not an AWS load balancer, but rather a feature of
AWS OpsWorks that enables users to attach an Elastic Load Balancing load balancer to a layer of their
stack. Custom Load Balancer on Amazon EC2 is not an AWS load balancer, but rather a user-defined
load balancer that runs on an Amazon EC2 instance. Custom Load Balancer on Amazon EC2 requires
more effort to deploy and maintain than an AWS load balancer. Reference: Elastic Load Balancing

QUESTION 12
A large company has a workload that requires hardware to remain on premises. The company wants
to use the same management and control plane services that it currently uses on AWS.
Which AWS service should the company use to meet these requirements?

A. AWS Device Farm
B. AWS Fargate
C. AWS Outposts
D. AWS Ground Station

Correct Answer: C
Section:
Explanation:
The correct answer is C because AWS Outposts is an AWS service that enables the company to meet
the requirements. AWS Outposts is a fully managed service that extends AWS infrastructure, services,
APIs, and tools to virtually any datacenter, co-location space, or on-premises facility. AWS Outposts
allows customers to run their workloads on the same hardware and software that AWS uses in its
cloud, while maintaining local access and control. The other options are incorrect because they are
not AWS services that enable the company to meet the requirements. AWS Device Farm is an AWS
service that enables customers to test their mobile and web applications on real devices in the AWS
Cloud. AWS Fargate is an AWS service that enables customers to run containers without having to
manage servers or clusters. AWS Ground Station is an AWS service that enables customers to
communicate with satellites and downlink data from orbit. Reference: AWS Outposts FAQs

QUESTION 13
A company needs to use dashboards and charts to analyze insights from business data.
Which AWS service will provide the dashboards and charts for these insights?

A. Amazon Macie
B. Amazon Aurora
C. Amazon QuickSight
D. AWS CloudTrail

Correct Answer: C
Section:
Explanation:
The correct answer is C because Amazon QuickSight is an AWS service that will provide the
dashboards and charts for the insights from business data. Amazon QuickSight is a fully managed,
scalable, and serverless business intelligence service that enables users to create and share
interactive dashboards and charts. Amazon QuickSight can connect to various data sources, such as
Amazon S3, Amazon RDS, Amazon Redshift, and more. Amazon QuickSight also provides users with
machine learning insights, such as anomaly detection, forecasting, and natural language narratives.
The other options are incorrect because they are not AWS services that will provide the dashboards
and charts for the insights from business data. Amazon Macie is an AWS service that helps users
discover, classify, and protect sensitive data stored in Amazon S3. Amazon Aurora is an AWS service
that provides a relational database that is compatible with MySQL and PostgreSQL. AWS CloudTrail is
an AWS service that enables users to track user activity and API usage across their AWS account.
Reference: Amazon QuickSight FAQs

QUESTION 14
When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software
licenses for a Microsoft Windows server running on AWS, which Amazon EC2 instance type is
required?

A. Spot Instances
B. Dedicated Instances
C. Dedicated Hosts
D. Reserved Instances

Correct Answer: C
Section:
Explanation:
The correct answer is C because Dedicated Hosts are Amazon EC2 instances that are required when a
user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a
Microsoft Windows server running on AWS. Dedicated Hosts are physical servers that are dedicated
to a single customer. Dedicated Hosts allow customers to use their existing server-bound software
licenses, such as Windows Server, SQL Server, and SUSE Linux Enterprise Server, subject to their
license terms. The other options are incorrect because they are not Amazon EC2 instances that are
required when a user wants to utilize their existing per-socket, per-core, or per-virtual machine
software licenses for a Microsoft Windows server running on AWS. Spot Instances are spare Amazon
EC2 instances that are available at up to 90% discount compared to On-Demand prices. Spot
Instances are suitable for stateless, fault-tolerant, and flexible workloads that can recover from
interruptions easily. Dedicated Instances are Amazon EC2 instances that run on hardware that is
dedicated to a single customer, but not to a specific physical server. Dedicated Instances do not allow
customers to use their existing server-bound software licenses. Reserved Instances are Amazon EC2
instances that are reserved for a specific period of time (one or three years) in exchange for a lower
hourly rate. Reserved Instances are suitable for steady-state or predictable workloads that run for a
long duration. Reserved Instances do not allow customers to use their existing server-bound software
licenses. Reference: Dedicated Hosts, Amazon EC2 Instance Purchasing Options

QUESTION 15
Which AWS service should a cloud engineer use to view API calls to AWS services?

A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Config
D. AWS Artifact

Correct Answer: B
Section:
Explanation:
The correct answer is B because AWS CloudTrail is an AWS service that a cloud engineer can use to
view API calls to AWS services. AWS CloudTrail is a service that enables customers to track user
activity and API usage across their AWS account. AWS CloudTrail records the details of every API call
made to AWS services, such as the identity of the caller, the time of the call, the source IP address of
the caller, the parameters and responses of the call, and more. Customers can use AWS CloudTrail to
audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect
because they are not AWS services that a cloud engineer can use to view API calls to AWS services.
Amazon CloudWatch is an AWS service that enables customers to collect, analyze, and visualize
metrics, logs, and events from their AWS resources and applications. AWS Config is an AWS service
that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS
Artifact is an AWS service that provides customers with on-demand access to AWS compliance
reports and select online agreements. Reference: AWS CloudTrail FAQs

QUESTION 16
A company uses Amazon Workspaces. What can a user accomplish using AWS CloudTrail?

A. Generate an 1AM user credentials report.
B. Record API calls made to AWS services.
C. Assess the compliance of AWS resource configurations with policies and guidelines.
D. Ensure that Amazon EC2 instances are patched with the latest security updates.

Correct Answer: B
Section:
Explanation:
AWS CloudTrail is an AWS service that enables users to accomplish the task of recording API calls
made to AWS services. AWS CloudTrail is a service that tracks user activity and API usage across the
AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the
identity of the caller, the time of the call, the source IP address of the caller, the parameters and
responses of the call, and more. Users can use AWS CloudTrail to audit, monitor, and troubleshoot
their AWS resources and actions. The other options are incorrect because they are not tasks that
users can accomplish using AWS CloudTrail. Generating an IAM user credentials report is a task that
users can accomplish using IAM, which is an AWS service that enables users to manage access and
permissions to AWS resources and services. Assessing the compliance of AWS resource configurations
with policies and guidelines is a task that users can accomplish using AWS Config, which is an AWS
service that enables users to assess, audit, and evaluate the configurations of their AWS resources.
Ensuring that Amazon EC2 instances are patched with the latest security updates is a task that users
can accomplish using AWS Systems Manager, which is an AWS service that enables users to automate
operational tasks, manage configuration and compliance, and monitor system health and
performance. Reference: AWS CloudTrail FAQs

QUESTION 17
A company stores data in an Amazon S3 bucket. The company must control who has permission to
read, write, or delete objects that the company stores in the S3 bucket. Which task is the
responsibility of AWS, according to the AWS shared responsibility model?

A. Set up multi-factor authentication (MFA) for each Workspaces user account.
B. Ensure the environmental safety and security of the AWS infrastructure that hosts Workspaces.
C. Provide security for Workspaces user accounts through AWS Identity and Access Management
(1AM).
D. Configure AWS CloudTrail to log API calls and user activity.

Correct Answer: B
Section:
Explanation:
The correct answer is B because ensuring the environmental safety and security of the AWS
infrastructure that hosts Workspaces is the responsibility of AWS, according to the AWS shared
responsibility model. The AWS shared responsibility model is a framework that defines the division of
responsibilities between AWS and the customer for security and compliance. AWS is responsible for
the security of the cloud, which includes the global infrastructure, such as the regions, availability
zones, and edge locations; the hardware, software, networking, and facilities that run the AWS
services; and the virtualization layer that separates the customer instances and storage. The customer
is responsible for the security in the cloud, which includes the customer data, the guest operating
systems, the applications, the identity and access management, the firewall configuration, and the
encryption. The other options are incorrect because they are the responsibility of the customer,
according to the AWS shared responsibility model. Setting up multi-factor authentication (MFA) for
each Workspaces user account, providing security for Workspaces user accounts through AWS
Identity and Access Management (IAM), configuring AWS CloudTrail to log API calls and user activity,
and encrypting data at rest and in transit are all tasks that the customer has to perform to secure
their Workspaces environment. Reference: AWS Shared Responsibility Model, Amazon WorkSpaces
Security

QUESTION 18
Which database engine is compatible with Amazon RDS?

A. Apache Cassandra
B. MongoDB
C. Neo4j
D. PostgreSQL

Correct Answer: D
Section:
Explanation:
Amazon RDS supports six database engines: Amazon Aurora, MySQL, MariaDB, PostgreSQL, Oracle,
and SQL Server. Apache Cassandra, MongoDB, and Neo4j are not compatible with Amazon RDS.
Therefore, the correct answer is D. You can learn more about Amazon RDS and its supported
database engines from this page.

QUESTION 19
A company needs to run code in response to an event notification that occurs when objects are
uploaded to an Amazon S3 bucket.
Which AWS service will integrate directly with the event notification?

A. AWS Lambda
B. Amazon EC2
C. Amazon Elastic Container Registry (Amazon ECR)
D. AWS Elastic Beanstalk

Correct Answer: A
Section:
Explanation:
AWS Lambda is a service that lets you run code without provisioning or managing servers. You can
use Lambda to process event notifications from Amazon S3 when objects are uploaded or deleted.
Lambda integrates directly with the event notification and invokes your code automatically.
Therefore, the correct answer is A.

QUESTION 20
A company wants to centrally manage security policies and billing services within a multi-account
AWS environment. Which AWS service should the company use to meet these requirements?

A. AWS Identity and Access Management (1AM)
B. AWS Organizations
C. AWS Resource Access Manager (AWS RAM)
D. AWS Config

Correct Answer: B
Section:
Explanation:
AWS Organizations is a service that helps you centrally manage and govern your environment as you
grow and scale your AWS resources. You can use AWS Organizations to create groups of accounts and
apply policies to them. You can also use AWS Organizations to consolidate billing for multiple
accounts. Therefore, the correct answer is B. You can learn more about AWS Organizations and its
features from this page.

QUESTION 21
What are the characteristics of Availability Zones? (Select TWO.)

A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency
networking
B. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).
C. All traffic between Availability Zones is encrypted.
D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.
E. Every Availability Zone contains a single data center.

Correct Answer: A, D
Section:
Explanation:
Availability Zones are physically separate locations within an AWS Region that are engineered to be
isolated from failures. Each Availability Zone has independent power, cooling, and physical security,
and is connected to other Availability Zones in the same Region by a low-latency network. Therefore,
the correct answers are A and D. You can learn more about Availability Zones and their characteristics
from this page.

QUESTION 22
Which AWS Well-Architected Framework concept represents a system's ability to remain functional
when the system encounters operational problems?

A. Consistency
B. Elasticity
C. Durability
D. Latency

Correct Answer: B
Section:
Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and
operating systems in the cloud. The framework consists of five pillars: operational excellence,
security, reliability, performance efficiency, and cost optimization. The concept of elasticity represents
a system's ability to adapt to changes in demand by scaling resources up or down automatically.
Therefore, the correct answer is B. You can learn more about the AWS Well-Architected Framework
and its pillars from this page.

QUESTION 23
Which AWS service or tool does AWS Control Tower use to create resources?

A. AWS CloudFormation
B. AWS Trusted Advisor
C. AWS Directory Service
D. AWS Cost Explorer
Correct Answer: A
Section:
Explanation:
AWS Control Tower uses AWS CloudFormation to create resources in your landing zone. AWS
CloudFormation is a service that helps you model and set up your AWS resources using templates.
AWS Control Tower supports creating AWS::ControlTower::EnabledControl resources in AWS
CloudFormation. Therefore, the correct answer is A. You can learn more about AWS Control Tower
and AWS CloudFormation from this page.

QUESTION 24
What are some advantages of using Amazon EC2 instances lo host applications in the AWS Cloud
instead of on premises? (Select TWO.)

A. EC2 includes operating system patch management
B. EC2 integrates with Amazon VPC. AWS CloudTrail, and AWS Identity and Access Management
(1AM)
C. EC2 has a 100% service level agreement (SLA).
D. EC2 has a flexible, pay-as-you-go pricing model.
E. EC2 has automatic storage cost optimization.

Correct Answer: B, D
Section:
Explanation:
Some of the advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead
of on premises are:
EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM).
Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch
AWS resources in a virtual network that you define. AWS CloudTrail enables governance, compliance,
operational auditing, and risk auditing of your AWS account. AWS IAM enables you to manage access
to AWS services and resources securely. Therefore, the correct answer is B. You can learn more about
Amazon EC2 and its integration with other AWS services from this page.
EC2 has a flexible, pay-as-you-go pricing model. You only pay for the compute capacity you use, and
you can scale up and down as needed. You can also choose from different pricing options, such as On-
Demand, Savings Plans, Reserved Instances, and Spot Instances, to optimize your costs.
Therefore, the correct answer is D. You can learn more about Amazon EC2 pricing from this page.
The other options are incorrect because:
EC2 does not include operating system patch management. You are responsible for managing and
maintaining your own operating systems on EC2 instances. You can use AWS Systems Manager to
automate common maintenance tasks, such as applying patches, or use Amazon EC2 Image Builder to
create and maintain secure images. Therefore, the incorrect answer is A.
EC2 does not have a 100% service level agreement (SLA). The EC2 SLA guarantees 99.99% availability
for each EC2 Region, not for each individual instance. Therefore, the incorrect answer is C.
EC2 does not have automatic storage cost optimization. You are responsible for choosing the right
storage option for your EC2 instances, such as Amazon Elastic Block Store (EBS) or Amazon Elastic File
System (EFS), and monitoring and optimizing your storage costs. You can use AWS Cost Explorer or
AWS Trusted Advisor to analyze and reduce your storage spending. Therefore, the incorrect answer is
E.

QUESTION 25
Which option is an advantage of AWS Cloud computing that minimizes variable costs?

A. High availability
B. Economies of scale
C. Global reach
D. Agility

Correct Answer: B
Section:
Explanation:
One of the advantages of AWS Cloud computing is that it minimizes variable costs by leveraging
economies of scale. This means that AWS can achieve lower costs per unit of computing resources by
spreading the fixed costs of building and maintaining data centers over a large number of customers.
As a result, AWS can offer lower and more predictable prices to its customers, who only pay for the
resources they consume. Therefore, the correct answer is B. You can learn more about AWS pricing
and economies of scale from this page.

QUESTION 26
Which pillar of the AWS Well-Architected Framework focuses on the ability to run workloads
effectively, gain insight into operations, and continuously improve supporting processes and
procedures?

A. Cost optimization
B. Reliability
C. Operational excellence
D. Performance efficiency

Correct Answer: C
Section:
Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and
operating systems in the cloud. The framework consists of five pillars: operational excellence,
security, reliability, performance efficiency, and cost optimization. The operational excellence pillar
focuses on the ability to run workloads effectively, gain insight into operations, and continuously
improve supporting processes and procedures. Therefore, the correct answer is C. You can learn more
about the AWS Well-Architected Framework and its pillars from this page.

QUESTION 27
Which benefit is included with an AWS Enterprise Support plan?

A. AWS Partner Network (APN) support at no cost
B. Designated support from an AWS technical account manager (TAM)
C. On-site support from AWS engineers
D. AWS managed compliance as code with AWS Config

Correct Answer: B
Section:
Explanation:
AWS offers different support plans to meet the needs of different customers. The AWS Enterprise
Support plan is the highest level of support that provides customers with concierge-like service,
where the main focus is helping them achieve their outcomes and find success in the cloud. One of
the benefits of the AWS Enterprise Support plan is that customers get designated support from an
AWS technical account manager (TAM), who provides consultative architectural and operational
guidance based on their applications and use cases. Therefore, the correct answer is B. You can learn
more about AWS support plans and their benefits from this page.

QUESTION 28
A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?

A. AWS Pricing Calculator
B. Amazon CloudWatch
C. AWS Cost Explorer
D. AWS Budgets

Correct Answer: A
Section:
Explanation:
AWS Pricing Calculator is a web-based planning tool that customers can use to create estimates for
their AWS use cases. They can use it to model their solutions before building them, explore the AWS
service price points, and review the calculations behind their estimates. Therefore, the correct
answer is A. You can learn more about AWS Pricing Calculator and how it works from this page.

QUESTION 29
A developer needs to build an application for a retail company. The application must provide realtime
product recommendations that are based on machine learning.
Which AWS service should the developer use to meet this requirement?

A. AWS Health Dashboard
B. Amazon Personalize
C. Amazon Forecast
D. Amazon Transcribe

Correct Answer: B
Section:
Explanation:
Amazon Personalize is a fully managed machine learning service that customers can use to generate
personalized recommendations for their users. It can also generate user segments based on the users'
affinity for certain items or item metadata. Amazon Personalize uses the customers' data to train and
deploy custom recommendation models that can be integrated into their applications.
Therefore, the correct answer is B. You can learn more about Amazon Personalize and its use cases
from this page.

QUESTION 30
A company deploys its application on Amazon EC2 instances. The application occasionally experiences
sudden increases in demand. The company wants to ensure that its application can respond to
changes in demand at the lowest possible cost.
Which AWS service or tool will meet these requirements?

A. AWS Auto Scaling
B. AWS Compute Optimizer
C. AWS Cost Explorer
D. AWS Well-Architected Framework

Correct Answer: A
Section:
Explanation:
AWS Auto Scaling is the AWS service or tool that will meet the requirements of ensuring that the
application can respond to changes in demand at the lowest possible cost. AWS Auto Scaling allows
users to automatically adjust the number of Amazon EC2 instances based on the application's
performance and availability needs. AWS Auto Scaling can also optimize costs by helping users select
the most cost-effective EC2 instances for their application1

QUESTION 31
Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2
instances based on historical workload usage data?

A. AWS Pricing Calculator
B. AWS Compute Optimizer
C. AWS App Runner
D. AWS Systems Manager

Correct Answer: B
Section:
Explanation:
AWS Compute Optimizer is the AWS service or tool that provides recommendations to help users get
rightsized Amazon EC2 instances based on historical workload usage data. AWS Compute Optimizer
analyzes the configuration and performance characteristics of the EC2 instances and delivers
recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer
helps users improve performance, reduce costs, and eliminate underutilized resources

QUESTION 32
A company wants to use a managed service to simplify the setup, operation, and scaling of its MySQL
database in the AWS Cloud.
Which AWS service will meet these requirements?

A. Amazon EMR
B. Amazon RDS
C. Amazon Redshift
D. Amazon DynamoDB

Correct Answer: B
Section:
Explanation:
Amazon RDS is the AWS service that will meet the requirements of using a managed service to
simplify the setup, operation, and scaling of a MySQL database in the AWS Cloud. Amazon RDS is a
relational database service that supports MySQL and other popular database engines. Amazon RDS
handles routine database tasks such as provisioning, patching, backup, recovery, and scaling. Amazon
RDS also offers high availability, security, and compatibility features3

QUESTION 33
A company deploys its application to multiple AWS Regions and configures automatic failover
between those Regions.
Which cloud concept does this architecture represent?

A. Security
B. Reliability
C. Scalability
D. Cost optimization

Correct Answer: B
Section:
Explanation:
Reliability is the cloud concept that this architecture represents. Reliability is the ability of a system to
recover from infrastructure or service disruptions, dynamically acquire computing resources to meet
demand, and mitigate disruptions such as misconfigurations or transient network issues. Deploying
an application to multiple AWS Regions and configuring automatic failover between those Regions
enhances the reliability of the application by reducing the impact of regional failures and increasing
the availability of the application4

QUESTION 34
A company's IT team is managing MySQL database server clusters. The IT team has to patch the
database and take backup snapshots of the data in the clusters. The company wants to move this
workload to AWS so that these tasks will be completed automatically.
What should the company do to meet these requirements?

A. Deploy MySQL database server clusters on Amazon EC2 instances.
B. Use Amazon RDS with a MySQL database.
C. Use an AWS Cloud Form at ion template to deploy MySQL database servers on Amazon EC2
instances.
D. Migrate all the MySQL database data to Amazon S3.

Correct Answer: B
Section:
Explanation:
The company should use Amazon RDS with a MySQL database to meet the requirements of moving
its workload to AWS so that the tasks of patching the database and taking backup snapshots of the
data in the clusters will be completed automatically. Amazon RDS is a managed service that simplifies
the setup, operation, and scaling of relational databases in the AWS Cloud. Amazon RDS automates
common database administration tasks such as patching, backup, and recovery. Amazon RDS also
supports MySQL and other popular database engines5

QUESTION 35
A company recently migrated to the AWS Cloud. The company needs to determine whether its newly
imported Amazon EC2 instances are the appropriate size and type.
Which AWS services can provide this information to the company? Select TWO.)

A. AWS Auto Scaling
B. AWS Control Tower
C. AWS Trusted Advisor
D. AWS Compute Optimizer
E. Amazon Forecast

Correct Answer: C, D
Section:
Explanation:
AWS Trusted Advisor and AWS Compute Optimizer are the AWS services that can provide information
to the company about whether its newly imported Amazon EC2 instances are the appropriate size
and type. AWS Trusted Advisor is an online tool that provides best practices recommendations in five
categories: cost optimization, performance, security, fault tolerance, and service limits. AWS Trusted
Advisor can help users identify underutilized or idle EC2 instances, and suggest ways to reduce costs
and improve performance. AWS Compute Optimizer is a service that analyzes the configuration and
utilization metrics of EC2 instances and delivers recommendations for optimal instance types, sizes,
and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and
eliminate underutilized resources

QUESTION 36
A company has a social media platform in which users upload and share photos with other users. The
company wants to identify and remove inappropriate photos. The company has no machine learning
(ML) scientists and must build this detection capability with no ML expertise.
Which AWS service should the company use to build this capability?

A. Amazon SageMaker
B. Amazon Textract
C. Amazon Rekognition
D. Amazon Comprehend

Correct Answer: C
Section:
Explanation:
Amazon Rekognition is the AWS service that the company should use to build the capability of
identifying and removing inappropriate photos. Amazon Rekognition is a service that uses deep
learning technology to analyze images and videos for various purposes, such as face detection, object
recognition, text extraction, and content moderation. Amazon Rekognition can help users detect
unsafe or inappropriate content in images and videos, such as nudity, violence, or drugs, and provide
confidence scores for each label. Amazon Rekognition does not require any machine learning
expertise, and users can easily integrate it with other AWS services

QUESTION 37
A company's user base needs to remotely access virtual desktop computers from the internet Which
AWS service provides this functionality?
A. Amazon Connect
B. Amazon Cognito
C. Amazon Workspaces
D. Amazon Upstream 2.0

Correct Answer: C
Section:
Explanation:
Amazon Workspaces is the AWS service that provides the functionality of remotely accessing virtual
desktop computers from the internet. Amazon Workspaces is a fully managed, secure desktop-as-
aservice (DaaS) solution that allows users to provision cloud-based virtual desktops and access them
from anywhere, using any supported device. Amazon Workspaces helps users reduce the complexity
and cost of managing and maintaining physical desktops, and provides a consistent and secure user
experience

QUESTION 38
Amazon Elastic File System (Amazon EFS) and Amazon FSx offer which type of storage?

A. File storage
B. Object storage
C. Block storage
D. Instance store

Correct Answer: A
Section:
Explanation:
Amazon Elastic File System (Amazon EFS) and Amazon FSx offer file storage. File storage is a type of
storage that organizes data into files and folders, and allows multiple users or applications to access
and share the same files over a network. Amazon EFS is a fully managed, scalable, and elastic file
system that supports the Network File System (NFS) protocol and can be used with Amazon EC2
instances and AWS Lambda functions. Amazon FSx is a fully managed service that provides two file
system options: Amazon FSx for Windows File Server, which supports the Server Message Block (SMB)
protocol and is compatible with Microsoft Windows applications; and Amazon FSx for Lustre, which is
a high-performance file system that is optimized for compute-intensive workloads

QUESTION 39
Which AWS service or feature is used to Troubleshoot network connectivity issues between Amazon
EC2 instances?

A. AWS Certificate Manager (ACM)
B. Internet gateway
C. VPC Flow Logs
D. AWS CloudHSM

Correct Answer: C
Section:
Explanation:
VPC Flow Logs is the AWS service or feature that is used to troubleshoot network connectivity issues
between Amazon EC2 instances. VPC Flow Logs is a feature that enables users to capture information
about the IP traffic going to and from network interfaces in their VPC. VPC Flow Logs can help users
monitor and diagnose network-related issues, such as traffic not reaching an instance, or an instance
not responding to requests. VPC Flow Logs can be published to Amazon CloudWatch Logs, Amazon
S3, or Amazon Kinesis Data Firehose for analysis and storage.

QUESTION 40
Which factors affect costs in the AWS Cloud? (Select TWO.)

A. The number of unused AWS Lambda functions
B. The number of configured Amazon S3 buckets
C. Inbound data transfers without acceleration
D. Outbound data transfers without acceleration
E. Compute resources that are currently in use

Correct Answer: D, E
Section:
Explanation:
Outbound data transfers without acceleration and compute resources that are currently in use are
the factors that affect costs in the AWS Cloud. Outbound data transfers without acceleration refer to
the amount of data that is transferred from AWS to the internet, without using any service that can
optimize the speed and cost of the data transfer, such as AWS Global Accelerator or Amazon
CloudFront. Outbound data transfers are charged at different rates depending on the source and
destination AWS Regions, and the volume of data transferred. Compute resources that are currently
in use refer to the AWS services and resources that provide computing capacity, such as Amazon EC2
instances, AWS Lambda functions, or Amazon ECS tasks. Compute resources are charged based on
the type, size, and configuration of the resources, and the duration and frequency of their usage.

QUESTION 41
Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Select
TWO.)

A. Perform operations as code.
B. Enable traceability.
C. Automatically scale to meet demand.
D. Deploy resources globally to improve response time.
E. Automatically recover from failure.

Correct Answer: C, E
Section:
Explanation:
The design principles that support the reliability pillar of the AWS Well-Architected Framework are:
automatically scale to meet demand, and automatically recover from failure. These principles help
users design systems that can handle changes in load, avoid disruptions, and resume normal
operations quickly. Automatically scaling to meet demand means adjusting the capacity of the system
based on the current and anticipated workload, using services such as AWS Auto Scaling, Amazon
EC2, and AWS Lambda. Automatically recovering from failure means detecting and resolving issues,
using services such as Amazon CloudWatch, AWS CloudFormation, and AWS CloudTrail
QUESTION 42
Which of the following are user authentication services managed by AWS? (Select TWO.)

A. Amazon Cognito
B. AWS Lambda
C. AWS License Manager
D. AWS Identity and Access Management (1AM)
E. AWS CodeStar

Correct Answer: A, D
Section:
Explanation:
The user authentication services managed by AWS are: Amazon Cognito and AWS Identity and Access
Management (IAM). These services help users securely manage and control access to their
AWS resources and applications. Amazon Cognito is a service that provides user sign-up, sign-in, and
access control for web and mobile applications. Amazon Cognito supports various identity providers,
such as Facebook, Google, and Amazon, as well as custom user pools. AWS IAM is a service that
enables users to create and manage users, groups, roles, and permissions for AWS services and
resources. AWS IAM supports various authentication methods, such as passwords, access keys, and
multi-factor authentication (MFA)

QUESTION 43
company wants to protect its AWS Cloud information, systems, and assets while performing risk
assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?

A. Reliability
B. Security
C. Operational excellence
D. Performance efficiency

Correct Answer: B
Section:
Explanation:
The pillar of the AWS Well-Architected Framework that is supported by the goals of protecting AWS
Cloud information, systems, and assets while performing risk assessment and mitigation tasks is
security. Security is the ability to protect information, systems, and assets while delivering business
value through risk assessments and mitigation strategies. The security pillar covers topics such as
identity and access management, data protection, infrastructure protection, detective controls,
incident response, and compliance

QUESTION 44
A company is configuring its AWS Cloud environment. The company's administrators need to group
users together and apply permissions to the group.
Which AWS service or feature can the company use to meet these requirements?

A. AWS Organizations
B. Resource groups
C. Resource tagging
D. AWS Identity and Access Management (1AM)

Correct Answer: D
Section:
Explanation:
The AWS service or feature that the company can use to group users together and apply permissions
to the group is AWS Identity and Access Management (IAM). AWS IAM is a service that enables users
to create and manage users, groups, roles, and permissions for AWS services and resources. Users can
use IAM groups to organize multiple users that have similar access requirements, and attach policies
to the groups that define the permissions for the users in the group. This simplifies the management
and administration of user access

QUESTION 45
A company has two AWS accounts in an organization in AWS Organizations for consolidated billing.
All of the company's AWS resources are hosted in one AWS Region.
Account A has purchased five Amazon EC2 Standard Reserved Instances (RIs) and has four EC2
instances running. Account B has not purchased any RIs and also has four EC2 instances running.
Which statement is true regarding pricing for these eight instances?

A. The eight instances will be charged as regular instances.
B. Four instances will be charged as RIs, and four will be charged as regular instances.
C. Five instances will be charged as RIs, and three will be charged as regular instances.
D. The eight instances will be charged as RIs.

Correct Answer: B
Section:
Explanation:
The statement that is true regarding pricing for these eight instances is: four instances will be charged
as RIs, and four will be charged as regular instances. Amazon EC2 Reserved Instances (RIs) are a
pricing model that allows users to reserve EC2 instances for a specific term and benefit from
discounted hourly rates and capacity reservation. RIs are purchased for a specific AWS Region, and
can be shared across multiple accounts in an organization in AWS Organizations for consolidated
billing. However, RIs are applied on a first-come, first-served basis, and there is no guarantee that all
instances in the organization will be charged at the RI rate. In this case, Account A has purchased five
RIs and has four instances running, so all four instances will be charged at the RI rate. Account B has
not purchased any RIs and also has four instances running, so all four instances will be charged at the
regular rate. The remaining RI in Account A will not be applied to any instance in Account B, and will
be wasted.

QUESTION 46
Which of the following is an advantage that users experience when they move on-premises
workloads to the AWS Cloud?

A. Elimination of expenses for running and maintaining data centers
B. Price discounts that are identical to discounts from hardware providers
C. Distribution of all operational controls to AWS
D. Elimination of operational expenses
Correct Answer: A
Section:
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is:
elimination of expenses for running and maintaining data centers. By moving on-premises workloads
to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating
physical servers, storage, network equipment, and facilities. These costs include hardware purchase,
maintenance, repair, power, cooling, security, and staff. Users can also benefit from the pay-as-yougo
pricing model of AWS, which allows them to pay only for the resources they use, and scale up or
down as needed.

QUESTION 47
Which of the following is a cost efficiency principle related to the AWS Cloud?

A. Right-size services based on capacity requirements.
B. Use the Billing Dashboard to access information about monthly bills.
C. Use AWS Organizations to combine the expenses of multiple accounts into a single bill.
D. Tag all AWS resources.

Correct Answer: A
Section:
Explanation:
One of the cost efficiency principles related to the AWS Cloud is to right-size services based on
capacity requirements. This means choosing the most appropriate type and size of AWS resources to
meet the performance and scalability needs of the applications, while avoiding over-provisioning or
under-provisioning. By right-sizing services, users can optimize the costs and benefits of using the
AWS Cloud1

QUESTION 48
A cloud engineer needs to download AWS security and compliance documents for an upcoming audit.
Which AWS service can provide the documents?

A. AWS Trusted Advisor
B. AWS Artifact
C. AWS Well-Architected Tool
D. AWS Systems Manager

Correct Answer: B
Section:
Explanation:
AWS Artifact is the AWS service that can provide security and compliance documents for an
upcoming audit. AWS Artifact is a self-service portal that allows users to access and download AWS
compliance reports and agreements. These documents provide evidence of AWS's compliance with
global, regional, and industry-specific security standards and regulations

QUESTION 49
A company has been storing monthly reports in an Amazon S3 bucket. The company exports the
report data into comma-separated values (.csv) files. A developer wants to write a simple query that
can read all of these files and generate a summary report.
Which AWS service or feature should the developer use to meet these requirements with the LEAST
amount of operational overhead?

A. Amazon S3 Select
B. Amazon Athena
C. Amazon Redshift
D. Amazon EC2

Correct Answer: B
Section:
Explanation:
Amazon Athena is the AWS service that the developer should use to write a simple query that can
read all of the.csv files stored in an Amazon S3 bucket and generate a summary report. Amazon
Athena is an interactive query service that allows users to analyze data in Amazon S3 using standard
SQL. Amazon Athena does not require any server setup or management, and users only pay for the
queries they run. Amazon Athena can handle various data formats, including.csv, and can integrate
with other AWS services such as Amazon QuickSight for data visualization

QUESTION 50
Which task requires the use of AWS account root user credentials?

A. The deletion of 1AM users
B. The change to a different AWS Support plan
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances

Correct Answer: C
Section:
Explanation:
The creation of an organization in AWS Organizations requires the use of AWS account root user
credentials. The AWS account root user is the email address that was used to create the AWS
account. The root user has complete access to all AWS services and resources in the account, and can
perform sensitive tasks such as changing the account settings, closing the account, or creating an
organization. The root user credentials should be used sparingly and securely, and only for tasks that
cannot be performed by IAM users or roles4

QUESTION 51
Which feature of the AWS Cloud gives users the ability to pay based on current needs rather than
forecasted needs?

A. AWS Budgets
B. Pay-as-you-go pricing
C. Volume discounts
D. Savings Plans

Correct Answer: B
Section:
Explanation:
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on
current needs rather than forecasted needs. Pay-as-you-go pricing means that users only pay for the
AWS services and resources they use, without any upfront or long-term commitments. This allows
users to scale up or down their usage depending on their changing business requirements, and avoid
paying for idle or unused capacity. Pay-as-you-go pricing also enables users to benefit from the
economies of scale and lower costs of AWS as they grow their business5

QUESTION 52
What does the Amazon S3 Intelligent-Tiering storage class offer?

A. Payment flexibility by reserving storage capacity
B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store
(Amazon EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure, durable, and lowest cost storage for data archival

Correct Answer: C
Section:
Explanation:
The Amazon S3 Intelligent-Tiering storage class offers automatic cost savings by moving objects
between tiers based on access pattern changes. This storage class is designed for data with unknown
or changing access patterns. It has two access tiers: frequent access and infrequent access. Objects
are stored in the frequent access tier by default, and are moved to the infrequent access tier after 30
consecutive days of no access. If an object in the infrequent access tier is accessed, it is moved back
to the frequent access tier. There are no retrieval fees in S3 Intelligent-Tiering, and no additional
tiering fees when objects are moved between access tiers within the S3 Intelligent-Tiering storage
class1.

QUESTION 53
Which AWS service gives users the ability to provision a dedicated and private network connection
from their internal network to AWS?

A. AWS CloudHSM
B. AWS Direct Connect
C. AWS VPN
D. Amazon Connect

Correct Answer: B
Section:
Explanation:
AWS Direct Connect gives users the ability to provision a dedicated and private network connection
from their internal network to AWS. AWS Direct Connect links the user's internal network to an AWS
Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected
to the user's router, the other to an AWS Direct Connect router. With this connection in place, the
user can create virtual interfaces directly to the AWS cloud and Amazon Virtual Private Cloud
(Amazon VPC), bypassing internet service providers in the network path2.

QUESTION 54
A company is hosting a web application in a Docker container on Amazon EC2.
AWS is responsible for which of the following tasks?

A. Scaling the web application and services developed with Docker
B. Provisioning or scheduling containers to run on clusters and maintain their availability
C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud
D. Managing the guest operating system, including updates and security patches

Correct Answer: C
Section:
Explanation:
AWS is responsible for performing hardware maintenance in the AWS facilities that run the AWS
Cloud. This is part of the shared responsibility model, where AWS is responsible for the security of the
cloud, and the customer is responsible for security in the cloud. AWS is also responsible for the global
infrastructure that runs all of the services offered in the AWS Cloud, including the hardware,
software, networking, and facilities that run AWS Cloud services3. The customer is responsible for the
guest operating system, including updates and security patches, as well as the web application and
services developed with Docker4.

QUESTION 55
Which design principle should be considered when architecting in the AWS Cloud?

A. Think of servers as non-disposable resources.
B. Use synchronous integration of services.
C. Design loosely coupled components.
D. Implement the least permissive rules for security groups.

Correct Answer: C
Section:
Explanation:
Designing loosely coupled components is a design principle that should be considered when
architecting in the AWS Cloud. Loose coupling is a way of designing systems to reduce
interdependencies and minimize the impact of changes. Loose coupling allows components to
interact with each other through well-defined interfaces, rather than direct references. This reduces
the risk of failures and errors propagating across the system, and enables greater scalability,
availability, and maintainability5.

QUESTION 56
Which AWS service or tool helps to centrally manage billing and allow controlled access to resources
across AWS accounts?

A. AWS Identity and Access Management (1AM)
B. AWS Organizations
C. AWS Cost Explorer
D. AWS Budgets

Correct Answer: B
Section:
Explanation:
AWS Organizations helps to centrally manage billing and allow controlled access to resources across
AWS accounts. AWS Organizations is a service that enables the user to consolidate multiple AWS
accounts into an organization that can be managed as a single unit. AWS Organizations allows the
user to create groups of accounts and apply policies to them, such as service control policies (SCPs)
that specify the services and actions that users and roles can access in the accounts. AWS
Organizations also enables the user to use consolidated billing, which combines the usage and
charges from all the accounts in the organization into a single bill.

QUESTION 57
Which AWS service or feature can be used to estimate costs before deployment?

A. AWS Free Tier
B. AWS Pricing Calculator
C. AWS Billing and Cost Management
D. AWS Cost and Usage Report

Correct Answer: B
Section:
Explanation:
AWS Pricing Calculator can be used to estimate costs before deployment. AWS Pricing Calculator is a
tool that helps the user to compare the cost of AWS services for different use cases and
configurations. The user can create estimates for various AWS services, such as Amazon EC2, Amazon
S3, Amazon RDS, and more. The user can also adjust the parameters, such as region, instance type,
storage size, and duration, to see how they affect the cost. AWS Pricing Calculator provides a detailed
breakdown of the estimated cost, as well as a summary of the key drivers of the cost.

QUESTION 58
Which of the following promotes AWS Cloud architectural best practices for designing and operating
reliable, secure, efficient, and cost-effective systems?

A. AWS Serverless Application Model framework
B. AWS Business Support
C. Principle of least privilege
D. AWS Well-Architected Framework

Correct Answer: D
Section:
Explanation:
AWS Well-Architected Framework promotes AWS Cloud architectural best practices for designing and
operating reliable, secure, efficient, and cost-effective systems. AWS Well-Architected Framework is a
set of guidelines and best practices that help the user to evaluate and improve the architecture of
their applications and workloads on AWS. AWS Well-Architected Framework consists of five pillars:
operational excellence, security, reliability, performance efficiency, and cost optimization. Each pillar
provides a set of design principles, questions, and best practices that help the user to achieve the
desired outcomes for their systems.

QUESTION 59
A company has refined its workload to use specific AWS services to improve efficiency and reduce
cost. Which task is a customer's responsibility, according to the AWS shared responsibility model?
A. Management of the guest operating systems
B. Maintenance of the configuration of infrastructure devices
C. Management of the host operating systems and virtualization
D. Maintenance of the software that powers Availability Zones

Correct Answer: A
Section:
Explanation:
Management of the guest operating systems is a customer's responsibility, according to the AWS
shared responsibility model. The AWS shared responsibility model defines the different security and
compliance responsibilities of AWS and the customer. AWS is responsible for the security of the
cloud, which includes the physical infrastructure, hardware, software, and facilities that run the AWS
Cloud. The customer is responsible for security in the cloud, which includes the configuration and
management of the guest operating systems, applications, data, and network traffic protection

QUESTION 60
Which best practice for cost governance does this example show?

A. Resource controls
B. Cost allocation
C. Architecture optimization
D. Tagging enforcement

Correct Answer: C
Section:
Explanation:
Architecture optimization is the best practice for cost governance that this example shows.
Architecture optimization is the process of designing and implementing AWS solutions that are
efficient, scalable, and cost-effective. By using specific AWS services to improve efficiency and reduce
cost, the company is following the architecture optimization best practice. Some of the techniques for
architecture optimization include using the right size and type of resources, leveraging elasticity and
scalability, choosing the most suitable storage class, and using serverless and managed services2.

QUESTION 61
Which activity can companies complete by using AWS Organizations?

A. Troubleshoot the performance of applications.
B. Manage service control policies (SCPs).
C. Migrate applications to microservices.
D. Monitor the performance of applications.

Correct Answer: B
Section:
Explanation:
Managing service control policies (SCPs) is an activity that companies can complete by using AWS
Organizations. AWS Organizations is a service that enables the user to consolidate multiple AWS
accounts into an organization that can be managed as a single unit. AWS Organizations allows the
user to create groups of accounts and apply policies to them, such as service control policies (SCPs)
that specify the services and actions that users and roles can access in the accounts. AWS
Organizations also enables the user to use consolidated billing, which combines the usage and
charges from all the accounts in the organization into a single bill3.

QUESTION 62
Which AWS service or feature is used to send both text and email messages from distributed
applications?

A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)

Correct Answer: A
Section:
Explanation:
Amazon Simple Notification Service (Amazon SNS) is the AWS service or feature that is used to send
both text and email messages from distributed applications. Amazon SNS is a fully managed pub/sub
messaging service that enables the user to send messages to multiple subscribers or endpoints, such
as email addresses, phone numbers, HTTP endpoints, AWS Lambda functions, and more. Amazon SNS
can be used to send notifications, alerts, confirmations, and reminders from applications to users or
other applications4.

QUESTION 63
Which of the following is a benefit of decoupling an AWS Cloud architecture?

A. Reduced latency
B. Ability to upgrade components independently
C. Decreased costs
D. Fewer components to manage

Correct Answer: B
Section:
Explanation:
A benefit of decoupling an AWS Cloud architecture is the ability to upgrade components
independently. Decoupling is a way of designing systems to reduce interdependencies and minimize
the impact of changes. Decoupling allows components to interact with each other through
welldefined interfaces, rather than direct references. This reduces the risk of failures and errors
propagating across the system, and enables greater scalability, availability, and maintainability. By
decoupling an AWS Cloud architecture, the user can upgrade or modify one component without
affecting the other components5.

QUESTION 64
Which of the following describes an AWS Region?

A. A specific location within a geographic area that provides high availability
B. A set of data centers spanning multiple countries
C. A global picture of a user's cloud computing environment
D. A collection of databases that can be accessed from a specific geographic area only

Correct Answer: A
Section:
Explanation:
An AWS Region is a specific location within a geographic area that provides high availability. An AWS
Region consists of two or more Availability Zones, which are isolated locations within the same
Region. Each Availability Zone has independent power, cooling, and physical security, and is
connected to the other Availability Zones in the same Region by low-latency, high-throughput, and
highly redundant networking. AWS services are available in multiple Regions around the world,
allowing the user to choose where to run their applications and store their data1.

QUESTION 65
A retail company is building a new mobile app. The company is evaluating whether to build the app at
an on-premises data center or in the AWS Cloud.
responsibility model?

A. Amazon FSx for Windows File Server
B. Amazon Workspaces virtual Windows desktop
C. AWS Directory Service for Microsoft Active Directory
D. Amazon RDS for Microsoft SQL Server

Correct Answer: C
Section:
Explanation:
AWS Directory Service for Microsoft Active Directory is the AWS service that provides a managed
Microsoft Active Directory in the AWS Cloud. It enables the user to use their existing Active Directory
users, groups, and policies to access AWS resources, such as Amazon EC2 instances, Amazon S3
buckets, and AWS Single Sign-On. It also integrates with other Microsoft applications and services,
such as Microsoft SQL Server, Microsoft Office 365, and Microsoft SharePoint

QUESTION 66
Which AWS service should a cloud practitioner use to receive real-time guidance for provisioning
resources, based on AWS best practices related to security, cost optimization, and service limits?

A. AWS Trusted Advisor
B. AWS Config
C. AWS Security Hub
D. AWS Systems Manager

Correct Answer: A
Section:
Explanation:
AWS Trusted Advisor is the AWS service that provides real-time guidance for provisioning resources,
based on AWS best practices related to security, cost optimization, and service limits. AWS Trusted
Advisor inspects the user's AWS environment and provides recommendations for improving
performance, security, and reliability, reducing costs, and following best practices. AWS Trusted
Advisor also alerts the user when they are approaching or exceeding their service limits, and helps
them request limit increases3.

QUESTION 67
Which of the following are advantages of moving to the AWS Cloud? (Select TWO.)

A. The ability to turn over the responsibility for all security to AWS.
B. The ability to use the pay-as-you-go model.
C. The ability to have full control over the physical infrastructure.
D. No longer having to guess what capacity will be required.
E. No longer worrying about users access controls.

Correct Answer: B, D
Section:
Explanation:
The advantages of moving to the AWS Cloud are the ability to use the pay-as-you-go model and no
longer having to guess what capacity will be required. The pay-as-you-go model allows the user to
pay only for the resources they use, without any upfront or long-term commitments. This reduces the
cost and risk of over-provisioning or under-provisioning resources. No longer having to guess what
capacity will be required means that the user can scale their resources up or down according to the
demand, without wasting money on idle resources or losing customers due to insufficient capacity4.

QUESTION 68
A company is migrating a relational database server to the AWS Cloud. The company wants to
minimize administrative overhead of database maintenance tasks.
Which AWS service will meet these requirements?

A. Amazon DynamoDB
B. Amazon EC2
C. Amazon Redshift
D. Amazon RDS

Correct Answer: D
Section:
Explanation:
Amazon RDS is the AWS service that will meet the requirements of migrating a relational database
server to the AWS Cloud and minimizing administrative overhead of database maintenance tasks.
Amazon RDS is a fully managed relational database service that handles routine database tasks, such
as provisioning, patching, backup, recovery, failure detection, and repair. Amazon RDS supports
several database engines, such as MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora5.

QUESTION 69
A company is reviewing its operating policies.
Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?

A. Ensure that employees have access to all company data.
B. Expand employees' permissions as they gain more experience.
C. Grant all privileges and access to all users.
D. Apply security requirements at all layers of a process.

Correct Answer: D
Section:
Explanation:
Applying security requirements at all layers of a process is a policy that complies with guidance in the
security pillar of the AWS Well-Architected Framework. The security pillar of the AWS Well-
Architected Framework provides best practices for securing the user's data and systems in the AWS
Cloud. One of the design principles of the security pillar is to apply security at all layers, which means
that the user should implement defense-in-depth strategies and avoid relying on a single security
mechanism. For example, the user should use multiple security controls, such as encryption, firewalls,
identity and access management, and logging and monitoring, to protect their data and resources at
different layers.

QUESTION 70
Which task is the responsibility of a company that is using Amazon RDS?

A. Provision the underlying infrastructure.
B. Create 1AM policies to control administrative access to the service.
C. Install the cables to connect the hardware for compute and storage.
D. Install and patch the RDS operating system.

Correct Answer: B
Section:
Explanation:
The correct answer is B because AWS 1AM policies can be used to control administrative access to
the Amazon RDS service. The other options are incorrect because they are the responsibilities of
AWS, not the company that is using Amazon RDS. AWS manages the provisioning, cabling,
installation, and patching of the underlying infrastructure for Amazon RDS. Reference: Amazon RDS
FAQs

QUESTION 71
A company is designing an identity access management solution for an application. The company
wants users to be able to use their social media, email, or online shopping accounts to access the
application.
Which AWS service provides this functionality?

A. AWS 1AM Identity Center (AWS Single Sign-On)
B. AWS Config
C. Amazon Cognito
D. AWS Identity and Access Management (1AM)

Correct Answer: C
Section:
Explanation:
The correct answer is C because Amazon Cognito provides identity federation and user authentication
for web and mobile applications. Amazon Cognito allows users to sign in with their social media,
email, or online shopping accounts. The other options are incorrect because they do not provide
identity federation or user authentication. AWS 1AM Identity Center (AWS Single Sign-On) is a service
that enables users to access multiple AWS accounts and applications with a single sign-on experience.
AWS Config is a service that enables users to assess, audit, and evaluate the configurations of their
AWS resources. AWS Identity and Access Management (1AM) is a service that enables users to
manage access to AWS resources using users, groups, roles, and policies.
Reference: Amazon Cognito FAQs

QUESTION 72
Which AWS service aggregates, organizes, and prioritizes security alerts and findings from multiple
AWS services?

A. Amazon Detective
B. Amazon Inspector
C. Amazon Macie
D. AWS Security Hub

Correct Answer: D
Section:
Explanation:
The correct answer is D because AWS Security Hub is a service that aggregates, organizes, and
prioritizes security alerts and findings from multiple AWS services, such as Amazon GuardDuty,
Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer. The other
options are incorrect because they are not services that aggregate security alerts and findings from
multiple AWS services. Amazon Detective is a service that helps users analyze and visualize security
data to investigate and remediate potential issues. Amazon Inspector is a service that helps users find
security vulnerabilities and deviations from best practices in their Amazon EC2 instances.
Amazon Macie is a service that helps users discover, classify, and protect sensitive data stored in
Amazon S3. Reference: AWS Security Hub FAQs

QUESTION 73
Which of the following are advantages of the AWS Cloud? (Select TWO.)

A. Trade variable expenses for capital expenses
B. High economies of scale
C. Launch globally in minutes
D. Focus on managing hardware infrastructure
E. Overprovision to ensure capacity

Correct Answer: B, C
Section:
Explanation:
The correct answers are B and C because they are advantages of the AWS Cloud. High economies of
scale means that AWS can achieve lower variable costs than customers can get on their own. Launch
globally in minutes means that AWS has a global infrastructure that allows customers to deploy their
applications and data across multiple regions and availability zones. The other options are incorrect
because they are not advantages of the AWS Cloud. Trade variable expenses for capital expenses
means that customers have to invest heavily in data centers and servers before they know how they
will use them. Focus on managing hardware infrastructure means that customers have to spend time
and money on maintaining and upgrading their physical resources. Overprovision to ensure capacity
means that customers have to pay for more resources than they actually need to avoid performance
issues. Reference: What is Cloud Computing?

QUESTION 74
Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?

A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune

Correct Answer: A
Section:
Explanation:
The correct answer is A because Amazon DynamoDB is a key-value database that provides
submillisecond latency on a large scale. Amazon DynamoDB is a fully managed, serverless, and
scalable NoSQL database service that supports both key-value and document data models. The other
options are incorrect because they are not key-value databases. Amazon Aurora is a relational
database that is compatible with MySQL and PostgreSQL. Amazon DocumentDB (with MongoDB
compatibility) is a document database that is compatible with MongoDB. Amazon Neptune is a graph
database that supports property graph and RDF models. Reference: Amazon DynamoDB FAQs

QUESTION 75
Which AWS service or tool provides users with the ability to monitor AWS service quotas?

A. AWS CloudTrail
B. AWS Cost and Usage Reports
C. AWS Trusted Advisor
D. AWS Budgets

Correct Answer: C
Section:
Explanation:
The correct answer is C because AWS Trusted Advisor is an AWS service or tool that provides users
with the ability to monitor AWS service quotas. AWS Trusted Advisor is an online tool that provides
users with real-time guidance to help them provision their resources following AWS best practices.
One of the categories of checks that AWS Trusted Advisor performs is service limits, which monitors
the usage of each AWS service and alerts users when they are close to reaching the default limit. The
other options are incorrect because they are not AWS services or tools that provide users with the
ability to monitor AWS service quotas. AWS CloudTrail is a service that enables users to track user
activity and API usage across their AWS account. AWS Cost and Usage Reports is a tool that enables
users to access comprehensive information about their AWS costs and usage. AWS Budgets is a tool
that enables users to plan their service usage, costs, and reservations. Reference: [AWS Trusted
Advisor FAQs]

QUESTION 76
Which of the following is an advantage of AWS Cloud computing?
A. Trade security for elasticity.
B. Trade operational excellence for agility.
C. Trade fixed expenses for variable expenses.
D. Trade elasticity for performance.

Correct Answer: C
Section:
Explanation:
The correct answer is C because AWS Cloud computing allows customers to trade fixed expenses for
variable expenses. This means that customers only pay for the resources they use, and can scale up or
down as needed. The other options are incorrect because they are not advantages of AWS Cloud
computing. Trade security for elasticity means that customers have to compromise on the protection
of their data and applications in order to adjust their capacity quickly. Trade operational excellence
for agility means that customers have to sacrifice the quality and reliability of their operations in
order to respond to changing needs faster. Trade elasticity for performance means that customers
have to limit their ability to scale up or down in order to achieve higher speed and efficiency.
Reference: What is Cloud Computing?

QUESTION 77
A company is running applications on Amazon EC2 instances in the same AWS account for several
different projects. The company wants to track the infrastructure costs for each of the projects
separately. The company must conduct this tracking with the least possible impact to the existing
infrastructure and with no additional cost.
What should the company do to meet these requirements?

A. Use a different EC2 instance type for each project.
B. Publish project-specific custom Amazon CloudWatch metrics for each application.
C. Deploy EC2 instances for each project in a separate AWS account.
D. Use cost allocation tags with values that are specific to each project.

Correct Answer: D
Section:
Explanation:
The correct answer is D because cost allocation tags are a way to track the infrastructure costs for
each of the projects separately. Cost allocation tags are key-value pairs that can be attached to AWS
resources, such as EC2 instances, and used to categorize and group them for billing purposes. The
other options are incorrect because they do not meet the requirements of the question. Use a
different EC2 instance type for each project does not help to track the costs for each project, and may
impact the performance and compatibility of the applications. Publish project-specific custom
Amazon CloudWatch metrics for each application does not help to track the costs for each project,
and may incur additional charges for using CloudWatch. Deploy EC2 instances for each project in a
separate AWS account does help to track the costs for each project, but it impacts the existing
infrastructure and incurs additional charges for using multiple accounts. Reference: Using Cost
Allocation Tags

QUESTION 78
A company has an online shopping website and wants to store customers' credit card dat a. The
company must meet Payment Card Industry (PCI) standards.
Which service can the company use to access AWS compliance documentation?
A. Amazon Cloud Directory
B. AWS Artifact
C. AWS Trusted Advisor
D. Amazon Inspector

Correct Answer: B
Section:
Explanation:
The correct answer is B because AWS Artifact is a service that provides access to AWS compliance
documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows
customers to download, review, and accept the documents that are relevant to their use of AWS
services. The other options are incorrect because they are not services that provide access to AWS
compliance documentation. Amazon Cloud Directory is a service that enables customers to create
flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service
that provides real-time guidance to help customers follow AWS best practices for security,
performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps
customers find security vulnerabilities and deviations from best practices in their Amazon EC2
instances. Reference: [AWS Artifact FAQs]

QUESTION 79
Which of the following are components of an AWS Site-to-Site VPN connection? (Select TWO.)

A. AWS Storage Gateway
B. Virtual private gateway
C. NAT gateway
D. Customer gateway
E. Internet gateway

Correct Answer: B, D
Section:
Explanation:
The correct answers are B and D because a virtual private gateway and a customer gateway are
components of an AWS Site-to-Site VPN connection. A virtual private gateway is the AWS side of the
VPN connection that attaches to the customer's VPC. A customer gateway is the customer side of the
VPN connection that resides in the customer's network. The other options are incorrect because they
are not components of an AWS Site-to-Site VPN connection. AWS Storage Gateway is a service that
connects on-premises software applications with cloud-based storage. NAT gateway is a service that
enables instances in a private subnet to connect to the internet or other AWS services, but prevents
the internet from initiating a connection with those instances. Internet gateway is a service that
enables communication between instances in a VPC and the internet. Reference: [What is AWS Siteto-
Site VPN?]

QUESTION 80
A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is
stateless, is fault tolerant, and runs for up to 3 hours.
Which pricing model enables the company to optimize costs and meet these requirements?
A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Instances

Correct Answer: B
Section:
Explanation:
The correct answer is B because Spot Instances enable the company to optimize costs and meet the
requirements. Spot Instances are spare EC2 instances that are available at up to 90% discount
compared to On-Demand prices. Spot Instances are suitable for stateless, fault-tolerant, and flexible
applications that can run for any duration. The other options are incorrect because they do not
enable the company to optimize costs and meet the requirements. Reserved Instances are EC2
instances that are reserved for a specific period of time (one or three years) in exchange for a lower
hourly rate. Reserved Instances are suitable for steady-state or predictable workloads that run for a
long duration. On-Demand Instances are EC2 instances that are launched and billed at a fixed hourly
rate. On-Demand Instances are suitable for short-term, irregular, or unpredictable workloads that
cannot be interrupted. Dedicated Instances are EC2 instances that run on hardware that is dedicated
to a single customer. Dedicated Instances are suitable for workloads that require regulatory
compliance or data isolation. Reference: [Amazon EC2 Instance Purchasing Options]

QUESTION 81
A company has an application with robust hardware requirements. The application must be accessed
by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend
infrastructure or high end client hardware?

A. Amazon AppStream 2.0
B. AWS AppSync
C. Amazon WorkLink
D. AWS Elastic Beanstalk

Correct Answer: A
Section:
Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company
deploy the application without investing in backend infrastructure or high end client hardware.
Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows
customers to stream desktop applications from AWS to any device running a web browser. Amazon
AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend
infrastructure, and delivers high performance and responsive user experience. The other options are
incorrect because they are not services that will help the company deploy the application without
investing in backend infrastructure or high end client hardware. AWS AppSync is a service that
enables customers to create flexible APIs for synchronizing data across multiple data sources.
Amazon WorkLink is a service that enables customers to provide secure, one-click access to internal
websites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables
customers to deploy and manage web applications using popular platforms such as Java,.NET, PHP,
and Node.js. Reference: [Amazon AppStream 2.0 FAQs]
QUESTION 82
Which AWS service will help a company identify the user who deleted an Amazon EC2 instance
yesterday?

A. Amazon CloudWatch
B. AWS Trusted Advisor
C. AWS CloudTrail
D. Amazon Inspector

Correct Answer: C
Section:
Explanation:
The correct answer is C because AWS CloudTrail is a service that will help a company identify the user
who deleted an Amazon EC2 instance yesterday. AWS CloudTrail is a service that enables users to
track user activity and API usage across their AWS account. AWS CloudTrail records the details of
every API call made to AWS services, such as the identity of the caller, the time of the call, the source
IP address of the caller, the parameters and responses of the call, and more. Users can use AWS
CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are
incorrect because they are not services that will help a company identify the user who deleted an
Amazon EC2 instance yesterday. Amazon CloudWatch is a service that enables users to collect,
analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS
Trusted Advisor is a service that provides real-time guidance to help users follow AWS best practices
for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that
helps users find security vulnerabilities and deviations from best practices in their Amazon EC2
instances. Reference: AWS CloudTrail FAQs

QUESTION 83
Which AWS database service provides in-memory data storage?

A. Amazon DynamoDB
B. Amazon ElastiCache
C. Amazon RDS
D. Amazon Timestream

Correct Answer: B
Section:
Explanation:
The correct answer is B because Amazon ElastiCache is a service that provides in-memory data
storage. Amazon ElastiCache is a fully managed, scalable, and high-performance service that supports
two popular open-source in-memory engines: Redis and Memcached. Amazon ElastiCache allows
users to store and retrieve data from fast, low-latency, and high-throughput in-memory systems.
Users can use Amazon ElastiCache to improve the performance of their applications by caching
frequently accessed data, reducing database load, and enabling real-time data processing.
The other options are incorrect because they are not services that provide in-memory data storage.
Amazon DynamoDB is a service that provides key-value and document data storage. Amazon RDS is a
service that provides relational data storage. Amazon Timestream is a service that provides time
series data storage. Reference: Amazon ElastiCache FAQs

QUESTION 84
Which of the following acts as an instance-level firewall to control inbound and outbound access?

A. Network access control list
B. Security groups
C. AWS Trusted Advisor
D. Virtual private gateways

Correct Answer: B
Section:
Explanation:
The correct answer is B because security groups are AWS features that act as instance-level firewalls
to control inbound and outbound access. Security groups are virtual firewalls that can be attached to
one or more Amazon EC2 instances. Users can configure rules for security groups to allow or deny
traffic based on protocols, ports, and source or destination IP addresses. The other options are
incorrect because they are not AWS features that act as instance-level firewalls to control inbound
and outbound access. Network access control list is an AWS feature that acts as a subnet-level
firewall to control inbound and outbound access. AWS Trusted Advisor is an AWS service that
provides real-time guidance to help users follow AWS best practices for security, performance, cost
optimization, and fault tolerance. Virtual private gateways are AWS features that enable users to
create a secure and encrypted connection between their VPC and their on-premises network.
Reference: Security Groups for Your VPC

QUESTION 85
A company has an application that uses AWS services. During scaling events, the company wants to
keep application usage within AWS service quotas.
Which AWS services or tools can report on the quotas so that the company can improve the reliability
of the application? (Select TWO.)

A. Service Quotas console
B. AWS Trusted Advisor
C. AWS Systems Manager
D. AWS Shield
E. AWS Cost Explorer

Correct Answer: A, B
Section:
Explanation:
The correct answers are A and B because Service Quotas console and AWS Trusted Advisor are AWS
services or tools that can report on the quotas so that the company can improve the reliability of the
application. Service Quotas console is an AWS tool that enables users to view and manage their
quotas for AWS services from a central location. Users can use Service Quotas console to request
quota increases, track quota usage, and set up alarms for approaching quota limits. AWS Trusted
Advisor is an AWS service that provides real-time guidance to help users follow AWS best practices for
security, performance, cost optimization, and fault tolerance. One of the categories of checks that
AWS Trusted Advisor performs is service limits, which monitors the usage of e