AWS Certified Cloud Practitioner Exam Preparation PDF
Document Details
Uploaded by LawAbidingCommonsense
Tags
Related
Summary
This document is a study guide for the AWS Certified Cloud Practitioner exam. It contains practice questions and explanations focused on various AWS services and concepts. Includes questions and answers about topics such as AWS services, the AWS well-architected framework and cost optimization.
Full Transcript
Certy IQ Premium exam material Get certification quickly with the CertyIQ Premium exam material. Everything you need to prepare, learn & pass your certification exam easily. Lifetime free updates First attempt guaranteed success. https://www.CertyIQ.com Amazon (AWS Certified Cloud Practitioner) AWS...
Certy IQ Premium exam material Get certification quickly with the CertyIQ Premium exam material. Everything you need to prepare, learn & pass your certification exam easily. Lifetime free updates First attempt guaranteed success. https://www.CertyIQ.com Amazon (AWS Certified Cloud Practitioner) AWS Certified Cloud Practitioner (CLF-C01) Total: 1013 Questions Link: https://certyiq.com/papers?provider=amazon&exam=aws-certified-cloud-practitioner Question: 1 CertyIQ A company is planning to run a global marketing application in the AWS Cloud. The application will feature videos that can be viewed by users. The company must ensure that all users can view these videos with low latency. Which AWS service should the company use to meet this requirement? A. AWS Auto Scaling B. Amazon Kinesis Video Streams C. Elastic Load Balancing D. Amazon CloudFront Answer: D Explanation: Reduce latency by delivering data through 410+ globally dispersed Points of Presence (PoPs) with automated network mapping and intelligent routing. https://aws.amazon.com/cloudfront Question: 2 CertyIQ Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand? A. Security B. Reliability C. Performance efficiency D. Cost optimization Answer: B Explanation: B. Reliability The reliability pillar focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands. Key topics include distributed system design, recovery planning, and adapting to changing requirements. https://aws.amazon.com/architecture/well-architected/ Question: 3 Which of the following are benefits of migrating to the AWS Cloud? (Choose two.) A. Operational resilience B. Discounts for products on Amazon.com C. Business agility D. Business excellence E. Increased staff retention CertyIQ Answer: AC Explanation: A. Operational resilience C. Business agility Question: 4 CertyIQ A company is planning to replace its physical on-premises compute servers with AWS serverless compute services. The company wants to be able to take advantage of advanced technologies quickly after the migration. Which pillar of the AWS Well-Architected Framework does this plan represent? A. Security B. Performance efficiency C. Operational excellence D. Reliability Answer: B Explanation: From: https://docs.aws.amazon.com/wellarchitected/latest/performance-efficiency-pillar/performanceefficiency.html The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements, and how to maintain efficiency as demand changes and technologies evolve Question: 5 CertyIQ A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances. Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased. The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances. Which AWS service or tool should the company use to meet these requirements? A. AWS Systems Manager B. Cost Explorer C. AWS Trusted Advisor D. AWS Organizations Answer: D Explanation: Correct is D. Because asked "manage the AWS accounts for all the departments Reference: https://aws.amazon.com/ru/organizations/ Question: 6 CertyIQ Which component of the AWS global infrastructure is made up of one or more discrete data centers that have redundant power, networking, and connectivity? A. AWS Region B. Availability Zone C. Edge location D. AWS Outposts Answer: B Explanation: Answer is B. An availability zone can be made of one or multiple datacenters. An AWS region has at least 3 availability zones, that are separated by multiple kilometers. Then, a region has at least 3 datacenters. Question: 7 CertyIQ Which duties are the responsibility of a company that is using AWS Lambda? (Choose two.) A. Security inside of code B. Selection of CPU resources C. Patching of operating system D. Writing and updating of code E. Security of underlying infrastructure Answer: AD Explanation: https://aws.amazon.com/compliance/shared-responsibility-model/ Customer is responsible for security "IN" the cloud. For this question, it means the Company ("Customer") is responsible for their own code management (updates. CI/CD Question: 8 CertyIQ Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.) A. 2¡ ׀ ׀Reserved Instances B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots D. AWS Shield E. Amazon GuardDuty Answer: BC Explanation: https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recoveryoptions-in-the-cloud.html You can back up Amazon EC2 instances used by your workload as Amazon Machine Images (AMIs). The AMI is created from snapshots of your instance's root volume and any other EBS volumes attached to your instance. You can use this AMI to launch a restored version of the EC2 instance Question: 9 CertyIQ A company is migrating to the AWS Cloud instead of running its infrastructure on premises. Which of the following are advantages of this migration? (Choose two.) A. Elimination of the need to perform security auditing B. Increased global reach and agility C. Ability to deploy globally in minutes D. Elimination of the cost of IT staff members E. Redundancy by default for all compute services Answer: BC Explanation: Additional reference to support the answers B, C. Refer to: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloudcomputing.html Question: 10 CertyIQ A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The application cannot sustain any interruption. The application experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time. It is not possible to modify the application. Which purchase option meets these requirements MOST cost-effectively? A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to cover the predicted and seasonal load. B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run on Spot Instances. C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run at an On-Demand rate. D. Buy Reserved Instances to cover all potential usage that results from the seasonal usage. Answer: C Explanation: C is the correct answer, the question explicitly mentioned that "The application cannot sustain any interruption" of which Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions. Ideally we want pricing that doesn't allow interruption in this case it will be OnDemand Question: 11 CertyIQ A company wants to review its monthly costs of using Amazon EC2 and Amazon RDS for the past year. Which AWS service or tool provides this information? A. AWS Trusted Advisor B. Cost Explorer C. Amazon Forecast D. Amazon CloudWatch Answer: B Explanation: After you enable Cost Explorer, AWS prepares the data about your costs for the current month and the last 12 months, and then calculates the forecast for the next 12 months. The current month's data is available for viewing in about 24 hours. The rest of your data takes a few days longer. Cost Explorer updates your cost data at least once every 24 hours Question: 12 CertyIQ A company wants to migrate a critical application to AWS. The application has a short runtime. The application is invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes operational efficiency and minimizes the cost of running the application. Which AWS solution should the company use to meet these requirements? A. Amazon EC2 On-Demand Instances B. AWS Lambda C. Amazon EC2 Reserved Instances D. Amazon EC2 Spot Instances Answer: B Explanation: From: https://aws.amazon.com/lambda/ 1. Run code without provisioning or managing infrastructure. Simply write and upload code as a.zip file or container image. 2. Automatically respond to code execution requests at any scale, from a dozen events per day to hundreds of thousands per second. 3. Save costs by paying only for the compute time you use—by per-millisecond—instead of provisioning infrastructure upfront for peak capacity Question: 13 Which AWS service or feature allows users to connect with and deploy AWS services programmatically? A. AWS Management Console B. AWS Cloud9 CertyIQ C. AWS CodePipeline D. AWS software development kits (SDKs) Answer: D Explanation: CodePipeline is not necessarily used for deploying AWS services. It is a DevOps service that offers CI/CD that allows you to deploy code changes to a set codebase given your team/company’s release cycle. The correct answer is D Question: 14 CertyIQ A company plans to create a data lake that uses Amazon S3. Which factor will have the MOST effect on cost? A. The selection of S3 storage tiers B. Charges to transfer existing data into Amazon S3 C. The addition of S3 bucket policies D. S3 ingest fees for each request Answer: A Explanation: The most "effect" on cost. Transferring the data is going to be a set cost. There's not really multiple options to effect the price of transferring. Which storage tier they pick out of all the options can largely effect the final cost. Question: 15 CertyIQ A company is launching an ecommerce application that must always be available. The application will run on Amazon EC2 instances continuously for the next 12 months. What is the MOST cost-effective instance purchasing option that meets these requirements? A. Spot Instances B. Savings Plans C. Dedicated Hosts D. On-Demand Instances Answer: B Explanation: Amazon EC2 Savings Plans enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates Question: 16 CertyIQ Which AWS service or feature can a company use to determine which business unit is using specific AWS resources? A. Cost allocation tags B. Key pairs C. Amazon Inspector D. AWS Trusted Advisor Answer: A Question: 17 CertyIQ A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing. Which AWS service or feature will help the company with its migration? A. AWS Trusted Advisor B. AWS Consulting Partners C. AWS Artifacts D. AWS Managed Services Answer: D Explanation: APN Consulting Partners are professional services firms but not AWS service or feature Question: 18 CertyIQ Which AWS service or tool should a company use to centrally request and track service limit increases? A. AWS Config B. Service Quotas C. AWS Service Catalog D. AWS Budgets Answer: B Explanation: https://aws.amazon.com/about-aws/whats-new/2021/04/service-quotas-available-aws-govcloud-us-regions/ Question: 19 Which documentation does AWS Artifact provide? A. Amazon EC2 terms and conditions B. AWS ISO certifications CertyIQ C. A history of a company's AWS spending D. A list of previous-generation Amazon EC2 instance types Answer: B Explanation: B is correct. Here is the description: AWS Artifact provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports. Check this out --> https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html Question: 20 CertyIQ Which task requires using AWS account root user credentials? A. Viewing billing information B. Changing the AWS Support plan C. Starting and stopping Amazon EC2 instances D. Opening an AWS Support case Answer: B Explanation: https://aws.amazon.com/premiumsupport/knowledge-center/change-support-plan/?nc1=h_ls Question: 21 CertyIQ A company needs to simultaneously process hundreds of requests from different users. Which combination of AWS services should the company use to build an operationally efficient solution? A. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda B. AWS Data Pipeline and Amazon EC2 C. Amazon Kinesis and Amazon Athena D. AWS Amplify and AWS AppSync Answer: A Explanation: Data pipeline is not relevant for this question - it moves data between AWS compute / storage services and on prem data Question: 22 What is the scope of a VPC within the AWS network? A. A VPC can span all Availability Zones globally. CertyIQ B. A VPC must span at least two subnets in each AWS Region. C. A VPC must span at least two edge locations in each AWS Region. D. A VPC can span all Availability Zones within an AWS Region. Answer: D Explanation: * A VPC is a logically isolated piece of AWS cloud dedicated to your company. This means, you can run applications on overly provisioned, highly available, and redundant infrastructure setup and it is managed by AWS. All the complexity of setting up a data center with cables, server racks, hardware, power supply, etc. all are managed by AWS. * A VPC belongs to a region. * A VPC spans all availability zones. * You can have multiple VPCs per region. * VPC contains one or more subnets. * A Subnet is tied to a single availability zone. * EC2 instances launch into subnets Question: 23 CertyIQ Which of the following are components of an AWS Site-to-Site VPN connection? (Choose two.) A. AWS Storage Gateway B. Virtual private gateway C. NAT gateway D. Customer gateway E. Internet gateway Answer: BD Explanation: The VPC has an attached virtual private gateway, and your on-premises (remote) network includes a customer gateway device, which you must configure to enable the Site-to-Site VPN connection. You set up the routing so that any traffic from the VPC bound for your network is routed to the virtual private gateway Question: 24 CertyIQ A company needs to establish a connection between two VPCs. The VPCs are located in two different AWS Regions. The company wants to use the existing infrastructure of the VPCs for this connection. Which AWS service or feature can be used to establish this connection? A. AWS Client VPN B. VPC peering C. AWS Direct Connect D. VPC endpoints Answer: B Explanation: A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Reference: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html Question: 25 CertyIQ According to the AWS shared responsibility model, what responsibility does a customer have when using Amazon RDS to host a database? A. Manage connections to the database B. Install Microsoft SQL Server C. Design encryption-at-rest strategies D. Apply minor database patches Answer: A Explanation: Amazon RDS encrypts your databases using keys you manage with the AWS Key Management Service (KMS). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots. Amazon RDS encryption uses the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS instance. Question: 26 CertyIQ What are some advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises? (Choose two.) A. EC2 includes operating system patch management. B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). C. EC2 has a 100% service level agreement (SLA). D. EC2 has a flexible, pay-as-you-go pricing model. E. EC2 has automatic storage cost optimization. Answer: DE Explanation: EC2 doesn't have any storage cost optimization options, only S3 has: https://aws.amazon.com/s3/cost-optimization/ https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html B - Increase speed and agility D - Stop spending money running and maintaining data centers Question: 27 CertyIQ A user needs to determine whether an Amazon EC2 instance's security groups were modified in the last month. How can the user see if a change was made? A. Use Amazon EC2 to see if the security group was changed. B. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group. C. Use AWS CloudTrail to see if the security group was changed. D. Use Amazon CloudWatch to see if the security group was changed. Answer: C Explanation: CloudTrail is the correct answer: https://aws.amazon.com/cloudtrail/features/ "CloudTrail records user activity and API calls across AWS services as events. CloudTrail events help you answer the questions of "who did what, where, and when? Question: 28 CertyIQ Which AWS service will help protect applications running on AWS from DDoS attacks? A. Amazon GuardDuty B. AWS WAF C. AWS Shield D. Amazon Inspector Answer: C Explanation: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. https://aws.amazon.com/shield/?nc1=h_ls&whats-new-cards.sortby=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc Question: 29 Which AWS service or feature acts as a firewall for Amazon EC2 instances? A. Network ACL B. Elastic network interface CertyIQ C. Amazon VPC D. Security group Answer: D Explanation: Security Group is correct per AWS Doc : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2security-groups.html Question: 30 CertyIQ How does the AWS Cloud pricing model differ from the traditional on-premises storage pricing model? A. AWS resources do not incur costs B. There are no infrastructure operating costs C. There are no upfront cost commitments D. There are no software licensing costs Answer: B Explanation: B is correct, because in AWS you pay for stroage, compute, etc. You don't pay for infra ops directly. On the other hand you can make commitments with saving plans or reserved instances Question: 31 CertyIQ A company has a single Amazon EC2 instance. The company wants to adopt a highly available architecture. What can the company do to meet this requirement? A. Scale vertically to a larger EC2 instance size. B. Scale horizontally across multiple Availability Zones. C. Purchase an EC2 Dedicated Instance. D. Change the EC2 instance family to a compute optimized instance. Answer: B Explanation: Multi AZ for highly available Question: 32 CertyIQ A company's on-premises application deployment cycle was 3-4 weeks. After migrating to the AWS Cloud, the company can deploy the application in 2-3 days. Which benefit has this company experienced by moving to the AWS Cloud? A. Elasticity B. Flexibility C. Agility D. Resilience Answer: C Explanation: Answer is C. This is the definition of agility as per AWS : Increase speed and agility – In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower. Question: 33 CertyIQ Which of the following are included in AWS Enterprise Support? (Choose two.) A. AWS technical account manager (TAM) B. AWS partner-led support C. AWS Professional Services D. Support of third-party software integration to AWS E. 5-minute response time for critical issues Answer: AD Explanation: https://aws.amazon.com/premiumsupport/plans/enterprise/ Question: 34 CertyIQ A global media company uses AWS Organizations to manage multiple AWS accounts. Which AWS service or feature can the company use to limit the access to AWS services for member accounts? A. AWS Identity and Access Management (IAM) B. Service control policies (SCPs) C. Organizational units (OUs) D. Access control lists (ACLs) Answer: B Explanation: Answer is B. "You can use SCPs to allow or deny access to AWS services for individual AWS accounts with AWS Organizations member accounts, or for groups of accounts within an organizational unit (OU)." https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-service-control-policy/ Question: 35 A company wants to limit its employees' AWS access to a portfolio of predefined AWS resources. Which AWS solution should the company use to meet this requirement? CertyIQ A. AWS Config B. AWS software development kits (SDKs) C. AWS Service Catalog D. AWS AppSync Answer: C Explanation: From: https://aws.amazon.com/servicecatalog/ Apply access controls Scale and control permissions so you can manage resource access in multi-account AWS environments. How it works AWS Service Catalog lets you centrally manage deployed IT services, applications, resources, and metadata to achieve consistent governance of your infrastructure as code (IaC) templates. With AWS Service Catalog, you can meet your compliance requirements while making sure your customers can quickly deploy the approved IT services they need Question: 36 CertyIQ An online company was running a workload on premises and was struggling to launch new products and features. After migrating the workload to AWS, the company can quickly launch products and features and can scale its infrastructure as required. Which AWS Cloud value proposition does this scenario describe? A. Business agility B. High availability C. Security D. Centralized auditing Answer: A Question: 37 CertyIQ Which of the following are advantages of the AWS Cloud? (Choose two.) A. AWS management of user-owned infrastructure B. Ability to quickly change required capacity C. High economies of scale D. Increased deployment time to market E. Increased fixed expenses Answer: BC Explanation: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html Question: 38 CertyIQ AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of users. This describes which advantage of the AWS Cloud? A. Launch globally in minutes B. Increase speed and agility C. High economies of scale D. No guessing about compute capacity Answer: C Explanation: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html Question: 39 CertyIQ What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval? A. Amazon S3 B. Amazon Glacier C. Amazon EBS D. Amazon EC2 Instance Store Answer: A Explanation: A. Amazon S3 https://aws.amazon.com/rds/features/backup/ Question: 40 CertyIQ A company is developing a mobile app that needs a high-performance NoSQL database. Which AWS services could the company use for this database? (Choose two.) A. Amazon Aurora B. Amazon RDS C. Amazon Redshift D. Amazon DocumentDB (with MongoDB compatibility) E. Amazon DynamoDB Answer: DE Explanation: Correct answer is D & E, Amazon DyamoDB it's a NoSQL (Refference: https://aws.amazon.com/es/dynamodb/) and algo MongoDB (Reference: https://en.wikipedia.org/wiki/MongoDB & https://www.mongodb.com/es/nosql-explained) Question: 41 CertyIQ Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.) A. Patch the Amazon EC2 guest operating system. B. Upgrade the firmware of the network infrastructure. C. Apply password rotation for IAM users. D. Maintain the physical security of edge locations. E. Maintain least privilege access to the root user account. Answer: BD Question: 42 CertyIQ Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.) A. They are stateless. B. They are stateful. C. They evaluate all rules before allowing traffic. D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic. E. They operate at the instance level. Answer: AD Explanation: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html Network ACLs are stateless, which means that responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa). Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it's applied regardless of any higher-numbered rule that might contradict it Question: 43 CertyIQ A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve supporting processes. Which pillar of the AWS Well-Architected Framework does this scenario represent? A. Security B. Performance efficiency C. Cost optimization D. Operational excellence Answer: D Explanation: The Operational Excellence pillar includes the ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value Question: 44 CertyIQ Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload? A. Amazon Route 53 B. Amazon Macie C. AWS Direct Connect D. AWS PrivateLink Answer: C Explanation: Correct answer is C- Direct connect is for private dedicated connection between on premise and AWS. PrivateLink provides direct secure connections from VPCs to other AWS services. VPC Private Link is a way of making your service available to set of consumers. You can expose a service and the consumers can consume your service by creating an endpoint for your service.With PrivateLink, endpoints are instead created directly inside of your VPC, using Elastic Network Interfaces (ENIs) and IP addresses in your VPC's subnets.To use AWS PrivateLink, create a VPC endpoint in your VPC, specifying the name of the service and a subnet. This creates an elastic network interface in the subnet that serves as an entry point for traffic destined to the service. The service is now in your VPC, enabling connectivity to AWS services via private IP addresses. Question: 45 CertyIQ A company needs to graphically visualize AWS billing and usage over time. The company also needs information about its AWS monthly costs. Which AWS Billing and Cost Management tool provides this data in a graphical format? A. AWS Bills B. Cost Explorer C. AWS Cost and Usage Report D. AWS Budgets Answer: B Question: 46 CertyIQ A company wants to run production workloads on AWS. The company needs concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week. Which AWS Support plan will meet these requirements? A. AWS Basic Support B. AWS Enterprise Support C. AWS Business Support D. AWS Developer Support Answer: B Question: 47 CertyIQ Which architecture design principle describes the need to isolate failures between dependent components in the AWS Cloud? A. Use a monolithic design. B. Design for automation. C. Design for single points of failure. D. Loosely couple components. Answer: D Question: 48 CertyIQ Which AWS services are managed database services? (Choose two.) A. Amazon Elastic Block Store (Amazon EBS) B. Amazon S3 C. Amazon RDS D. Amazon Elastic File System (Amazon EFS) E. Amazon DynamoDB Answer: CE Explanation: Except for C & E, none of them is DB services so, the answer is C & E Question: 49 CertyIQ A company is using the AWS Free Tier for several AWS services for an application. What will happen if the Free Tier usage period expires or if the application use exceeds the Free Tier usage limits? A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage. B. AWS Support will contact the company to set up standard service charges. C. The company will be charged for the services it consumed during the Free Tier period, plus additional charges for service consumption after the Free Tier period. D. The company's AWS account will be frozen and can be restarted after a payment plan is established. Answer: A Question: 50 CertyIQ A company recently deployed an Amazon RDS instance in its VPC. The company needs to implement a stateful firewall to limit traffic to the private corporate network. Which AWS service or feature should the company use to limit network traffic directly to its RDS instance? A. Network ACLs B. Security groups C. AWS WAF D. Amazon GuardDuty Answer: B Explanation: Amazon RDS security groups enable you to manage network access to your Amazon RDS instances. With security groups, you specify sets of IP addresses using CIDR notation, and only network traffic originating from these addresses is recognized by your Amazon RDS instance. Although they function in a similar way, Amazon RDS security groups are different from Amazon EC2 security groups. It is possible to add an EC2 security group to your RDS security group. Any EC2 instances that are members of the EC2 security group are then able to access the RDS instances that are members of the RDS security group. https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/rds-security-groups.html Question: 51 CertyIQ Which AWS service uses machine learning to help discover, monitor, and protect sensitive data that is stored in Amazon S3 buckets? A. AWS Shield B. Amazon Macie C. AWS Network Firewall D. Amazon Cognito Answer: B Question: 52 CertyIQ A company wants to improve the overall availability and performance of its applications that are hosted on AWS. Which AWS service should the company use? A. Amazon Connect B. Amazon Lightsail C. AWS Global Accelerator D. AWS Storage Gateway Answer: C Explanation: https://aws.amazon.com/global-accelerator/?blogs-global-accelerator.sortby=item.additionalFields.createdDate&blogs-global-accelerator.sort-order=desc&aws-global-acceleratorwn.sort-by=item.additionalFields.postDateTime&aws-global-accelerator-wn.sort-order=desc Question: 53 CertyIQ Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity? A. AWS Service Catalog B. AWS Systems Manager C. AWS IAM Access Analyzer D. AWS Organizations Answer: C Explanation: Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html Question: 54 CertyIQ A company does not want to rely on elaborate forecasting to determine its usage of compute resources. Instead, the company wants to pay only for the resources that it uses. The company also needs the ability to increase or decrease its resource usage to meet business requirements. Which pillar of the AWS Well-Architected Framework aligns with these requirements? A. Operational excellence B. Security C. Reliability D. Cost optimization Answer: D Explanation: To optimize costs, you should only pay for the computing resources you consume and increase or decrease usage depending on your business requirements, not with elaborate forecasting. https://emergencetek.com/aws-five-pillars-of-a-well-architected-framework/ Question: 55 CertyIQ A company wants to launch its workload on AWS and requires the system to automatically recover from failure. Which pillar of the AWS Well-Architected Framework includes this requirement? A. Cost optimization B. Operational excellence C. Performance efficiency D. Reliability Answer: D Question: 56 CertyIQ A large enterprise with multiple VPCs in several AWS Regions around the world needs to connect and centrally manage network connectivity between its VPCs. Which AWS service or feature meets these requirements? A. AWS Direct Connect B. AWS Transit Gateway C. AWS Site-to-Site VPN D. VPC endpoints Answer: B Explanation: https://aws.amazon.com/transit-gateway/?whats-new-cards.sortby=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc Question: 57 CertyIQ Which AWS service supports the creation of visual reports from AWS Cost and Usage Report data? A. Amazon Athena B. Amazon QuickSight C. Amazon CloudWatch D. AWS Organizations Answer: B Explanation: Please refer to: https://aws.amazon.com/athena/?whats-new-cards.sortby=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. Athena is easy to use. Simply point to your data in Amazon S3, define the schema, and start querying using standard SQL. Most results are delivered within seconds. With Athena, there’s no need for complex ETL jobs to prepare your data for analysis. This makes it easy for anyone with SQL skills to quickly analyze large-scale datasets. Athena is out-of-the-box integrated with AWS Glue Data Catalog, allowing you to create a unified metadata repository across various services, crawl data sources to discover schemas and populate your Catalog with new and modified table and partition definitions, and maintain schema versioning Question: 58 CertyIQ Which AWS service should be used to monitor Amazon EC2 instances for CPU and network utilization? A. Amazon Inspector B. AWS CloudTrail C. Amazon CloudWatch D. AWS Config Answer: C Question: 59 CertyIQ A company is preparing to launch a new web store that is expected to receive high traffic for an upcoming event. The web store runs only on AWS, and the company has an AWS Enterprise Support plan. Which AWS resource will provide guidance about how the company should scale its architecture and operational support during the event? A. AWS Abuse team B. The designated AWS technical account manager (TAM) C. AWS infrastructure event management D. AWS Professional Services Answer: C Explanation: https://aws.amazon.com/premiumsupport/programs/iem/ AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. For these events, AWS Infrastructure Event Management will help you assess operational readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The program is included in the Enterprise Support plan and is available to Business Support customers for an additional fee. Question: 60 A user wants to deploy a service to the AWS Cloud by using infrastructure-as-code (IaC) principles. Which AWS service can be used to meet this requirement? A. AWS Systems Manager B. AWS CloudFormation C. AWS CodeCommit D. AWS Config Answer: B Explanation: CertyIQ Correct answer is B: AWS CloudFormation. Question: 61 CertyIQ A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify billing processes. Which AWS service or tool should the company use to meet these requirements? A. AWS Organizations B. Cost Explorer C. AWS Budgets D. AWS Trusted Advisor Answer: A Question: 62 CertyIQ Which IT controls do AWS and the customer share, according to the AWS shared responsibility model? (Choose two.) A. Physical and environmental controls B. Patch management C. Cloud awareness and training D. Zone security E. Application data encryption Answer: BC Explanation: Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but customers are responsible for patching their guest OS and applications. Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible for configuring their own guest operating systems, databases, and applications. Awareness & Training - AWS trains AWS employees, but a customer must train their own employees Question: 63 CertyIQ A company is launching an application in the AWS Cloud. The application will use Amazon S3 storage. A large team of researchers will have shared access to the data. The company must be able to recover data that is accidentally overwritten or deleted. Which S3 feature should the company turn on to meet this requirement? A. Server access logging B. S3 Versioning C. S3 Lifecycle rules D. Encryption in transit and at rest Answer: B Question: 64 CertyIQ A manufacturing company has a critical application that runs at a remote site that has a slow internet connection. The company wants to migrate the workload to AWS. The application is sensitive to latency and interruptions in connectivity. The company wants a solution that can host this application with minimum latency. Which AWS service or feature should the company use to meet these requirements? A. Availability Zones B. AWS Local Zones C. AWS Wavelength D. AWS Outposts Answer: D Explanation: AWS Outposts is designed for workloads that need to remain on-premises due to latency requirements, where customers want that workload to run seamlessly with the rest of their other workloads in AWS. AWS Local Zones are a new type of AWS infrastructure designed to run workloads that require single-digit millisecond latency, like video rendering and graphics intensive, virtual desktop applications. Not every customer wants to operate their own on-premises data center, while others may be interested in getting rid of their local data center entirely. Local Zones allow customers to gain all the benefits of having compute and storage resources closer to end-users, without the need to own and operate their own data center infrastructure. (D) AWS Outposts would be the best fit here. Since the client is migrating only the workloads on AWS while (B) AWS Local Zone wants to get rid of hosting its on-prem data center Question: 65 CertyIQ A company wants to migrate its applications from its on-premises data center to a VPC in the AWS Cloud. These applications will need to access on-premises resources. Which actions will meet these requirements? (Choose two.) A. Use AWS Service Catalog to identify a list of on-premises resources that can be migrated. B. Create a VPN connection between an on-premises device and a virtual private gateway in the VPC. C. Use an Amazon CloudFront distribution and configure it to accelerate content delivery close to the onpremises resources. D. Set up an AWS Direct Connect connection between the on-premises data center and AWS. E. Use Amazon CloudFront to restrict access to static web content provided through the on-premises web servers. Answer: BD Explanation: Regarding Service Catalog (SC), 'This helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need (link below).' The question never said anything about requiring the services SC provides. The customer may benefit from SC but it's not needed to meet their requirements. https://aws.amazon.com/servicecatalog/?aws-service-catalog.sortby=item.additionalFields.createdDate&aws-service-catalog.sort-order=desc Question: 66 CertyIQ A company wants to use the AWS Cloud to provide secure access to desktop applications that are running in a fully managed environment. Which AWS service should the company use to meet this requirement? A. Amazon S3 B. Amazon AppStream 2.0 C. AWS AppSync D. AWS Outposts Answer: B Explanation: Amazon AppStream 2.0 is a fully managed non-persistent desktop and application service for remotely accessing your work. Deliver Software as a Service (SaaS) versions of applications without rewrites, special hardware, or device installs; ideal for training, trials and software demonstrations. Question: 67 CertyIQ A company wants to implement threat detection on its AWS infrastructure. However, the company does not want to deploy additional software. Which AWS service should the company use to meet these requirements? A. Amazon VPC B. Amazon EC2 C. Amazon GuardDuty D. AWS Direct Connect Answer: C Explanation: https://aws.amazon.com/guardduty/ 1. Continuously monitor your AWS accounts, instances, container workloads, users, and storage for potential threats. 2. Expose threats quickly using anomaly detection, machine learning, behavioral modeling, and threat intelligence feeds from AWS and leading third-parties. 3. Mitigate threats early by initiating automated responses. Question: 68 CertyIQ Which AWS service uses edge locations? A. Amazon Aurora B. AWS Global Accelerator C. Amazon Connect D. AWS Outposts Answer: B Explanation: Reference: https://aws.amazon.com/global-accelerator/ Question: 69 CertyIQ A company needs to install an application in a Docker container. Which AWS service eliminates the need to provision and manage the container hosts? A. AWS Fargate B. Amazon FSx for Windows File Server C. Amazon Elastic Container Service (Amazon ECS) D. Amazon EC2 Answer: C Explanation: AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). AWS Fargate makes it easy to focus on building your applications. Fargate eliminates the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design. Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and Amazon Elastic Kubernetes Service (EKS) is a fully managed Kubernetes service. Both ECS and EKS use containers provisioned by Fargate to automatically scale, load balance, and optimize container availability through managed scheduling, providing an easier way to build and operate containerized applications. URL:https://aws.amazon.com/fargate/faqs/ Question: 70 CertyIQ Which AWS service or feature checks access policies and offers actionable recommendations to help users set secure and functional policies? A. AWS Systems Manager B. AWS IAM Access Analyzer C. AWS Trusted Advisor D. Amazon GuardDuty Answer: B Question: 71 CertyIQ A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and move the data to AWS later. Which AWS service should the company use to meet these requirements? A. AWS IoT Core B. Amazon Lightsail C. AWS Storage Gateway D. AWS Snowball Edge Answer: D Explanation: AWS Snow Family - The AWS Snow Family is a collection of physical devices that help migrate large amounts of data into and out of the cloud without depending on networks. This helps you apply the wide variety of AWS services for analytics, file systems, and archives to your data. You can use AWS Snow Family services for data transfer and occasional pre-processing on location. Some large data transfer examples include cloud migration, disaster recovery, data center relocation, and/or remote data collection projects. These projects typically require you to migrate large amounts of data in the shortest, and most cost-effective, amount of time Question: 72 CertyIQ A retail company needs to build a highly available architecture for a new ecommerce platform. The company is using only AWS services that replicate data across multiple Availability Zones. Which AWS services should the company use to meet this requirement? (Choose two.) A. Amazon EC2 B. Amazon Elastic Block Store (Amazon EBS) C. Amazon Aurora D. Amazon DynamoDB E. Amazon Redshift Answer: CD Explanation: 1. data replication with th these two. 2. "using only AWS services for data replication" so i think C and D Question: 73 CertyIQ Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity? A. Agility B. Elasticity C. Reliability D. Durability Answer: B Question: 74 CertyIQ Service control policies (SCPs) manage permissions for which of the following? A. Availability Zones B. AWS Regions C. AWS Organizations D. Edge locations Answer: C Explanation: Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html Question: 75 CertyIQ Which AWS service can be used to encrypt data at rest? A. Amazon GuardDuty B. AWS Shield C. AWS Security Hub D. AWS Key Management Service (AWS KMS) Answer: D Explanation: Reference: https://aws.amazon.com/blogs/security/how-to-protect-data-at-rest-with-amazon-ec2-instance-store-encryp tion/ " target="_blank" style="word-break: break-all;"> Question: 76 CertyIQ Which characteristics are advantages of using the AWS Cloud? (Choose two.) A. A 100% service level agreement (SLA) for all AWS services B. Compute capacity that is adjusted on demand C. Availability of AWS Support for code development D. Enhanced security E. Increases in cost and complexity Answer: BD Explanation: Reference: https://intellipaat.com/blog/aws-benefits-and-drawbacks/ Question: 77 CertyIQ A user is storing objects in Amazon S3. The user needs to restrict access to the objects to meet compliance obligations. What should the user do to meet this requirement? A. Use AWS Secrets Manager. B. Tag the objects in the S3 bucket. C. Use security groups. D. Use network ACLs. Answer: B Explanation: Secrets Manager is for secrets (passwords) Network ACL is a statekless firewall working on IPs, not users. Security Groups are stateful firewall, not for user permissions. In this case I'd say tags: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html "Object tags enable fine-grained access control of permissions. For example, you could grant an IAM user permissions to read-only objects with specific tags." Question: 78 CertyIQ A company wants to convert video files and audio files from their source format into a format that will play on smartphones, tablets, and web browsers. Which AWS service will meet these requirements? A. Amazon Elastic Transcoder B. Amazon Comprehend C. AWS Glue D. Amazon Rekognition Answer: A Question: 79 CertyIQ Which of the following are benefits of Amazon EC2 Auto Scaling? (Choose two.) A. Improved health and availability of applications B. Reduced network latency C. Optimized performance and costs D. Automated snapshots of data E. Cross-Region Replication Answer: AC Explanation: https://aws.amazon.com/ec2/autoscaling/faqs here's a description of the two types of auto scaling confirming the answer is AC. Vertical Scaling (C. Optimized performance and costs) ○ You 'scale up' your instance type to a larger instance type with additional resources. ○ Requires shutting the server down. ○ Doesn't rely on ELB. Horizontal Scaling (A. Improved health and availability of applications) ○ You 'scale out' and add additional instances to handle the demand of your application. ○ Utilizes ELB. Question: 80 CertyIQ A company has several departments. Each department has its own AWS accounts for its applications. The company wants all AWS costs on a single invoice to simplify payment, but the company wants to know the costs that each department is incurring. Which AWS tool or feature will provide this functionality? A. AWS Cost and Usage Reports B. Consolidated billing C. Savings Plans D. AWS Budgets Answer: B Question: 81 CertyIQ A company runs its workloads on premises. The company wants to forecast the cost of running a large application on AWS. Which AWS service or tool can the company use to obtain this information? A. AWS Pricing Calculator B. AWS Budgets C. AWS Trusted Advisor D. Cost Explorer Answer: A Explanation: AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for your AWS use cases. You can use it to model your solutions before building them, explore the AWS service price points, and review the calculations behind your estimates. You can use it to help you plan how you spend, find cost saving opportunities, and make informed decisions when using Amazon Web Services. Answer A Question: 82 CertyIQ A company wants to eliminate the need to guess infrastructure capacity before deployments. The company also wants to spend its budget on cloud resources only as the company uses the resources. Which advantage of the AWS Cloud matches the company's requirements? A. Reliability B. Global reach C. Economies of scale D. Pay-as-you-go pricing Answer: D Explanation: Compared C and D and the answer is D. C. https://aws.amazon.com/pricing/?aws-products-pricing.sortby=item.additionalFields.productNameLowercase&aws-products-pricing.sortorder=asc&awsf.Free%20Tier%20Type=*all&awsf.tech-category=*all D. https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.htm Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html Question: 83 CertyIQ Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co- location environments, or on-premises facilities? A. AWS Snowmobile B. AWS Local Zones C. AWS Outposts D. AWS Fargate Answer: C Explanation: AWS Outposts Hybrid Cloud: businesses that keep an on - premises infrastructure alongside a cloud infrastructure Therefore, two ways of dealing with IT systems: One for the AWS cloud (using the AWS console, CLI, and AWS APIs) One for their on -premises infrastructure AWS Outposts are “server racks” that offers the same AWS infrastructure, services, APIs & tools to build your own applications on -premises just as in the cloud AWS will setup and manage “Outposts Racks” within your on -premises infrastructure and you can start leveraging AWS services on-premises You are responsible for the Outposts Rack physical security Reference: https://aws.amazon.com/outposts/ Question: 84 CertyIQ A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library's capacity to the AWS Cloud. Which AWS service should the company use to meet this requirement? A. Amazon Elastic Block Store (Amazon EBS) B. Amazon S3 C. Amazon Elastic File System (Amazon EFS) D. AWS Storage Gateway Answer: D Question: 85 CertyIQ An online retail company has seasonal sales spikes several times a year, primarily around holidays. Demand is lower at other times. The company finds it difficult to predict the increasing infrastructure demand for each season. Which advantages of moving to the AWS Cloud would MOST benefit the company? (Choose two.) A. Global footprint B. Elasticity C. AWS service quotas D. AWS shared responsibility model E. Pay-as-you-go pricing Answer: BE Explanation: Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html Question: 86 CertyIQ Which AWS service can be used to turn text into lifelike speech? A. Amazon Polly B. Amazon Kendra C. Amazon Rekognition D. Amazon Connect Answer: A Explanation: Reference: https://aws.amazon.com/polly/#:~:text=Amazon%20Polly%20is%20a%20service,synthesize%20natural%20s ounding%20human%20speech Question: 87 CertyIQ Which AWS service or tool can be used to capture information about inbound and outbound traffic in an Amazon VPC? A. VPC Flow Logs B. Amazon Inspector C. VPC endpoint services D. NAT gateway Answer: A Question: 88 CertyIQ A company wants to ensure that two Amazon EC2 instances are in separate data centers with minimal communication latency between the data centers. How can the company meet this requirement? A. Place the EC2 instances in two separate AWS Regions connected with a VPC peering connection. B. Place the EC2 instances in two separate Availability Zones within the same AWS Region. C. Place one EC2 instance on premises and the other in an AWS Region. Then connect them by using an AWS VPN connection. D. Place both EC2 instances in a placement group for dedicated bandwidth. Answer: B Question: 89 CertyIQ In which situations should a company create an IAM user instead of an IAM role? (Choose two.) A. When an application that runs on Amazon EC2 instances requires access to other AWS services B. When the company creates AWS access credentials for individuals C. When the company creates an application that runs on a mobile phone that makes requests to AWS D. When the company needs to add users to IAM groups E. When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time Answer: BD Question: 90 CertyIQ Which AWS services should a company use to read and write data that changes frequently? (Choose two.) A. Amazon S3 Glacier B. Amazon RDS C. AWS Snowball D. Amazon Redshift E. Amazon Elastic File System (Amazon EFS) Answer: BE Explanation: 1. Redshift is a datawarehouse and cannot be the right answer. correct answer is B and E 2. B and E as redshift is warehouse Question: 91 CertyIQ Which AWS service is used to provide encryption for Amazon EBS? A. AWS Certificate Manager B. AWS Systems Manager C. AWS KMS D. AWS Config Answer: C Question: 92 CertyIQ Which AWS services make use of global edge locations? (Choose two.) A. AWS Fargate B. Amazon CloudFront C. AWS Global Accelerator D. AWS Wavelength E. Amazon VPC Answer: BC Explanation: Reference: https://www.lastweekinaws.com/blog/what-is-an-edge-location-in-aws-a-simple-explanation/#:~:text=CloudF ront%20is%20the%20most% 20commonly,caches%20content%20in%20edge%20locations " target="_blank" style="word-break: break-all;"> Question: 93 CertyIQ A company is operating several factories where it builds products. The company needs the ability to process data, store data, and run applications with local system interdependencies that require low latency. Which AWS service should the company use to meet these requirements? A. AWS IoT Greengrass B. AWS Lambda C. AWS Outposts D. AWS Snowball Edge Answer: B Explanation: A. No because IoT Greengrass doesn't handle storage. B. Yes because Lambda can offer double-digit millisecond latency when Provisioned Concurrency is enabled. Generally, double-digit latency is considered 'low' and the question should have clarified what it considers 'low.' This allows you to meet your needs and still utilize all of the redundancy and other features built into the cloud. C. No. Yes, this meets their needs, too, but it adds layers of complexity (and failure domains) that Lambda doesn't have to contend with. Kind of like buying a Mercedes G Wagon (Outpost) to go to a friends house down the street instead of buying a bike (Lambda). D. No because it only handles storage. Question: 94 CertyIQ Which of the following is a recommended design principle for AWS Cloud architecture? A. Design tightly coupled components. B. Build a single application component that can handle all the application functionality. C. Make large changes on fewer iterations to reduce chances of failure. D. Avoid monolithic architecture by segmenting workloads. Answer: D Explanation: Refer to design principles link to prove Option C is wrong https://docs.aws.amazon.com/wellarchitected/latest/framework/oe-design-principles.html Refer to design principles link to prove Option D is correct: https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/design-your-workload-servicearchitecture.html Question: 95 CertyIQ A company is designing its AWS workloads so that components can be updated regularly and so that changes can be made in small, reversible increments. Which pillar of the AWS Well-Architected Framework does this design support? A. Security B. Performance efficiency C. Operational excellence D. Reliability Answer: C Explanation: The operational excellence pillar focuses on running and monitoring systems, and continually improving processes and procedures. Key topics include automating changes, responding to events, and defining standards to manage daily operations. Question: 96 CertyIQ Which of the following acts as an instance-level firewall to control inbound and outbound access? A. Network access control list B. Security groups C. AWS Trusted Advisor D. Virtual private gateways Answer: B Question: 97 CertyIQ A company has a workload that will run continuously for 1 year. The workload cannot tolerate service interruptions. Which Amazon EC2 purchasing option will be MOST cost-effective? A. All Upfront Reserved Instances B. Partial Upfront Reserved Instances C. Dedicated Instances D. On-Demand Instances Answer: A Question: 98 Which AWS service helps protect against DDoS attacks? A. AWS Shield B. Amazon Inspector C. Amazon GuardDuty D. Amazon Detective Answer: A CertyIQ Question: 99 CertyIQ Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar? A. Security B. Operational excellence C. Performance efficiency D. Cost optimization Answer: A Explanation: Reference: https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf (12) Question: 100 CertyIQ Which AWS tool or feature acts as a VPC firewall at the subnet level? A. Security group B. Network ACL C. Traffic Mirroring D. Internet gateway Answer: B Explanation: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html "A network access control list (ACL) allows or denies specific inbound or outbound traffic at the subnet level. " Question: 101 CertyIQ Which AWS service can be used to decouple applications? A. AWS Config B. Amazon Simple Queue Service (Amazon SQS) C. AWS Batch D. Amazon Simple Email Service (Amazon SES) Answer: B Question: 102 Which disaster recovery option is the LEAST expensive? CertyIQ A. Warm standby B. Multisite C. Backup and restore D. Pilot light Answer: C Question: 103 CertyIQ Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated? A. Amazon Elastic Block Store (Amazon EBS) B. Amazon EC2 instance store C. Amazon Elastic File System (Amazon EFS) D. Amazon S3 Answer: B Explanation: When you stop or terminate an instance, every block of storage in the instance store is reset. Therefore, your data cannot be accessed through the instance store of another instance. Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html Question: 104 Which of the following is a characteristic of the AWS account root user? A. The root user is the only user that can be configured with multi-factor authentication (MFA). B. The root user is the only user that can access the AWS Management Console. C. The root user is the first sign-in identity that is available when an AWS account is created. D. The root user has a password that cannot be changed. Answer: C Explanation: The root user is the first sign-in identity that is available when an AWS account is created Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html CertyIQ Question: 105 CertyIQ A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB. What is the MOST operationally efficient solution to delegate permissions? A. Create an IAM role with the required permissions. Attach the role to the EC2 instance. B. Create an IAM user and use its access key and secret access key in the application. C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user. Answer: A Explanation: Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html Question: 106 CertyIQ Which of the following is a component of the AWS Global Infrastructure? A. Amazon Alexa B. AWS Regions C. Amazon Lightsail D. AWS Organizations Answer: B Explanation: Reference: https://aws.amazon.com/about-aws/global-infrastructure/ Question: 107 What is the purpose of having an internet gateway within a VPC? CertyIQ A. To create a VPN connection to the VPC B. To allow communication between the VPC and the internet C. To impose bandwidth constraints on internet traffic D. To load balance traffic from the internet across Amazon EC2 instances Answer: B Question: 108 CertyIQ Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand? A. Amazon GuardDuty B. AWS Security Hub C. AWS Artifact D. AWS Shield Answer: C Question: 109 CertyIQ A pharmaceutical company operates its infrastructure in a single AWS Region. The company has thousands of VPCs in a various AWS accounts that it wants to interconnect. Which AWS service or feature should the company use to help simplify management and reduce operational costs? A. VPC endpoint B. AWS Direct Connect C. AWS Transit Gateway D. VPC peering Answer: C Explanation: https://aws.amazon.com/transit-gateway/?whats-new-cards.sortby=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once. Question: 110 CertyIQ A company is planning an infrastructure deployment to the AWS Cloud. Before the deployment, the company wants a cost estimate for running the infrastructure. Which AWS service or feature can provide this information? A. Cost Explorer B. AWS Trusted Advisor C. AWS Cost and Usage Report D. AWS Pricing Calculator Answer: D Question: 111 CertyIQ Which AWS service of tool helps to centrally manage billing and allow controlled access to resources across AWS accounts? A. AWS Identity and Access Management (IAM) B. AWS Organizations C. Cost Explorer D. AWS Budgets Answer: B Question: 112 CertyIQ Which of the following are Amazon Virtual Private Cloud (Amazon VPC) resources? A. Objects; access control lists (ACLs) B. Subnets; internet gateways C. Access policies; buckets D. Groups; roles Answer: B Question: 113 CertyIQ A company needs to identify the last time that a specific user accessed the AWS Management Console. Which AWS service will provide this information? A. Amazon Cognito B. AWS CloudTrail C. Amazon Inspector D. Amazon GuardDuty Answer: B Question: 114 CertyIQ A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon Machine Image (AMI). Which actions can a system administrator take to connect to the EC2 instance? (Choose two.) A. Use Amazon EC2 Instance Connect. B. Use a Remote Desktop Protocol (RDP) connection. C. Use AWS Batch D. Use AWS Systems Manager Session Manager. E. Use Amazon Connect Answer: AD Explanation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstances.html Question: 115 CertyIQ A company wants to perform sentiment analysis on customer service email messages that it receives. The company wants to identify whether the customer service engagement was positive or negative. Which AWS service should the company use to perform this analysis? A. Amazon Textract B. Amazon Translate C. Amazon Comprehend D. Amazon Rekognition Answer: C Explanation: Amazon Comprehend is a natural-language processing (NLP) service that uses machine learning to uncover valuable insights and connections in text. Amazon Translate is a neural machine translation service that delivers fast, high-quality, affordable, and customizable language translation. Question: 116 CertyIQ What is the total amount of storage offered by Amazon S3? A. 100MB B. 5 GB C. 5 TB D. Unlimited Answer: D Explanation: The total volume of data and number of objects you can store are unlimited. Individual Amazon S3 objects can range in size from a minimum of 0 bytes to a maximum of 5 TB. The largest object that can be uploaded in a single PUT is 5 GB. Question: 117 CertyIQ A company is migrating to Amazon S3. The company needs to transfer 60 TB of data from an on-premises data center to AWS within 10 days. Which AWS service should the company use to accomplish this migration? A. Amazon S3 Glacier B. AWS Database Migration Service (AWS DMS) C. AWS Snowball D. AWS Direct Connect Answer: C Question: 118 CertyIQ What type of database is Amazon DynamoDB? A. In-memory B. Relational C. Key-value D. Graph Answer: C Question: 119 CertyIQ A large organization has a single AWS account. What are the advantages of reconfiguring the single account into multiple AWS accounts? (Choose two.) A. It allows for administrative isolation between different workloads. B. Discounts can be applied on a quarterly basis by submitting cases in the AWS Management Console. C. Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS accounts will be less expensive. D. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account. E. Amazon QuickSight offers access to a cost tool that provides application-specific recommendations for environments running in multiple accounts. Answer: AD Explanation: https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/benefits-of-usingmultiple-aws-accounts.html Question: 120 CertyIQ A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances. Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks? A. Security groups B. AWS WAF C. Network ACLs D. AWS Shield Answer: B Question: 121 CertyIQ Which AWS service provides a feature that can be used to proactively monitor and plan for the service quotas of AWS resources? A. AWS CloudTrail B. AWS Personal Health Dashboard C. AWS Trusted Advisor D. Amazon CloudWatch Answer: D Explanation: You can proactively manage your quotas by configuring Amazon CloudWatch alarms that monitor usage and alert you to approaching quotas. https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-service-quotas-view-and-managequotas-for-aws-services-from-onelocation/#:~:text=You%20can%20proactively%20manage%20your,up%20quotas%20in%20new%20accounts. Question: 122 CertyIQ Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud? A. Elimination of expenses for running and maintaining data centers B. Price discounts that are identical to discounts from hardware providers C. Distribution of all operational controls to AWS D. Elimination of operational expenses Answer: A Question: 123 CertyIQ Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework? A. Create annotated documentation. B. Anticipate failure. C. Ensure performance efficiency. D. Optimize costs. Answer: B Explanation: B. anticipate failure operational excellence: anticipate failure perform operations as code make frequent, small, reversible changes refine operations procedures frequently anticipate failure learn from all operational failure Question: 124 CertyIQ Which AWS services offer gateway VPC endpoints that can be used to avoid sending traffic over the internet? (Choose two.) A. Amazon Simple Notification Service (Amazon SNS) B. Amazon Simple Queue Service (Amazon SQS) C. AWS CodeBuild D. Amazon S3 E. Amazon DynamoDB Answer: DE Explanation: D+ E: S3 and DynamoDB VPC endpoints enable you to privately connect your VPC to services hosted on AWS without requiring an Internet gateway, a NAT device, VPN, or firewall proxies. Endpoints are horizontally scalable and highly available virtual devices that allow communication between instances in your VPC and AWS services. Amazon VPC offers two different types of endpoints: gateway type endpoints and interface type endpoints. Gateway type endpoints are available only for AWS services including S3 and DynamoDB. These endpoints will add an entry to your route table you selected and route the traffic to the supported services through Amazon’s private network. Interface type endpoints provide private connectivity to services powered by PrivateLink, being AWS services, your own services or SaaS solutions, and supports connectivity over Direct Connect. More AWS and SaaS solutions will be supported by these endpoints in the future. Please refer to VPC Pricing for the price of interface type endpoints. Question: 125 CertyIQ Which of the following is the customer responsible for updating and patching, according to the AWS shared responsibility model? A. Amazon FSx for Windows File Server B. Amazon WorkSpaces virtual Windows desktop C. AWS Directory Service for Microsoft Active Directory D. Amazon RDS for Microsoft SQL Server Answer: B Question: 126 CertyIQ Who has the responsibility to patch the host operating system of an Amazon EC2 instance, according to the AWS shared responsibility model? A. Both AWS and the customer B. The customer only C. The EC2 hardware manufacturer D. AWS only Answer: D Explanation: D. Only AWS guest--> customer/ client host --> AWS "This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. " https://aws.amazon.com/compliance/shared-responsibilitymodel/ Question: 127 CertyIQ A company is using an Amazon RDS DB instance for an application that is deployed in the AWS Cloud. The company needs regular patching of the operating system of the server where the DB instance runs. What is the company's responsibility in this situation, according to the AWS shared responsibility model? A. Open a support case to obtain administrative access to the server so that the company can patch the DB instance operating system. B. Open a support case and request that AWS patch the DB instance operating system. C. Use administrative access to the server, and apply the operating system patches during the regular maintenance window that is defined for the DB instance. D. Establish a regular maintenance window that tells AWS when to patch the DB instance operating system. Answer: D Explanation: Some maintenance items require that Amazon RDS take your DB instance offline for a short time. Maintenance items that require a resource to be offline include required operating system or database patching. Required patching is automatically scheduled only for patches that are related to security and instance reliability. Such patching occurs infrequently (typically once every few months) and seldom requires more than a fraction of your maintenance window. key word: Amazon RDS DB instance ,regular patching of the operating system Question: 128 CertyIQ Why is an AWS Well-Architected review a critical part of the cloud design process? A. A Well-Architected review is mandatory before a workload can run on AWS. B. A Well-Architected review helps identify design gaps and helps evaluate design decisions and related documents. C. A Well-Architected review is an audit mechanism that is a part of requirements for service level agreements. D. A Well-Architected review eliminates the need for ongoing auditing and compliance tests. Answer: B Question: 129 CertyIQ A company implements an Amazon EC2 Auto Scaling policy along with an Application Load Balancer to automatically recover unhealthy applications that run on Amazon EC2 instances. Which pillar of the AWS Well-Architected Framework does this action cover? A. Security B. Performance efficiency C. Operational excellence D. Reliability Answer: D Explanation: Reference: https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/wellarchitected-reliability-pillar.pdf Question: 130 CertyIQ Which AWS Cloud benefit is shown by an architecture's ability to withstand failures with minimal downtime? A. Agility B. Elasticity C. Scalability D. High availability Answer: D Explanation: High availability = minimal downtime = recovery quickly from failure. Agility is about how quickly something is deployed. https://aws.amazon.com/marketplace/solutions/infrastructure-software/high-availability Question: 131 CertyIQ Under the AWS shared responsibility model, which task is the customer's responsibility when managing AWS Lambda functions? A. Creating versions of Lambda functions B. Maintaining server and operating systems C. Scaling Lambda resources according to demand D. Updating the Lambda runtime environment Answer: A Explanation: The Shared Responsibility Model For Lambda https://docs.aws.amazon.com/whitepapers/latest/security-overview-aws-lambda/the-shared-responsibilitymodel.html Question: 132 CertyIQ What does the AWS Concierge Support team provide? A. A technical expert dedicated to the user B. A primary point of contact for AWS Billing and AWS Support C. A partner to help provide scaling guidance for an event launch D. A dedicated AWS staff member who reviews the user's application architecture Answer: B Explanation: The Support Concierge Team are AWS billing and account experts that specialize in working with enterprise accounts. Question: 133 CertyIQ A company needs to generate reports that can break down cloud costs by product, by company-defined tags, and by hour, day, and month. Which AWS tool should the company use to meet these requirements? A. Reserved Instance utilization and coverage reports B. Savings Plans utilization reports C. AWS Budgets reports D. AWS Cost and Usage Reports Answer: D Explanation: Cost and usage report AWS Cost and Usage Reports tracks your AWS usage and provides estimated charges associated with your account. Each report contains line items for each unique combination of AWS products, usage type, and operation that you use in your AWS account. You can customize the AWS Cost and Usage Reports to aggregate the information either by the hour, day, or month. Question: 134 CertyIQ A company has a serverless application that includes an Amazon API Gateway API, an AWS Lambda function, and an Amazon DynamoDB database. Which AWS service can the company use to trace user requests as they move through the application's components? A. AWS CloudTrail B. Amazon CloudWatch C. Amazon Inspector D. AWS X-Ray Answer: D Explanation: AWS X-Ray provides a complete view of requests as they travel through your application and filters visual data across payloads, functions, traces, services, APIs, and more with no-code and low-code motions. Question: 135 CertyIQ A company needs to set up a petabyte-scale data warehouse in the AWS Cloud. Which AWS service will meet this requirement? A. Amazon DynamoDB B. Amazon RDS C. Amazon Redshift D. Amazon ElastiCache Answer: C Question: 136 Which AWS service is always provided at no charge? A. Amazon S3 B. AWS Identity and Access Management (IAM) C. Elastic Load Balancers D. AWS WAF CertyIQ Answer: B Explanation: From: https://aws.amazon.com/premiumsupport/knowledge-center/iamintro/#:~:text=You%20can%20interact%20with%20IAM,offered%20at%20no%20additional%20charge. "You can interact with IAM through the web-based IAM console, the AWS Command Line Interface, or the AWS API or SDKs. IAM is offered at no additional charge. " Question: 137 CertyIQ A company needs to design an AWS disaster recovery plan to cover multiple geographic areas. Which action will meet this requirement? A. Configure multiple AWS accounts. B. Configure the architecture across multiple Availability Zones in an AWS Region. C. Configure the architecture across multiple AWS Regions. D. Configure the architecture among many edge locations. Answer: C Question: 138 CertyIQ Which of the following is a benefit of moving from an on-premises data center to the AWS Cloud? A. Compute instances can be launched and terminated as needed to optimize costs. B. Compute costs can be viewed in the AWS Billing and Cost Management console. C. Users retain full administrative access to their compute instances. D. Users can optimize costs by permanently running enough instances at peak load. Answer: A Question: 139 CertyIQ In which ways does the AWS Cloud offer lower total cost of ownership (TCO) of computing resources than onpremises data centers? (Choose two.) A. AWS replaces upfront capital expenditures with pay-as-you-go costs. B. AWS is designed for high availability, which eliminates user downtime. C. AWS eliminates the need for on-premises IT staff. D. AWS uses economies of scale to continually reduce prices. E. AWS offers a single pricing model for Amazon EC2 instances. Answer: AD Question: 140 CertyIQ Which AWS service monitors AWS accounts for security threats? A. Amazon GuardDuty B. AWS Secrets Manager C. Amazon Cognito D. AWS Certificate Manager (ACM) Answer: A Explanation: "Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation" Question: 141 CertyIQ Which benefit is included with an AWS Enterprise Support plan? A. AWS Partner Network (APN) support at no cost. B. Designated support from an AWS technical account manager (TAM) C. On-site support from AWS engineers D. AWS managed compliance as code with AWS Config Answer: B Question: 142 CertyIQ Which task does AWS perform automatically? A. Encrypt data that is stored in Amazon DynamoDB. B. Patch Amazon EC2 instances. C. Encrypt user network traffic. D. Create TLS certificates for users' websites. Answer: A Explanation: DynamoDB All user data stored in Amazon DynamoDB is fully encrypted at rest. DynamoDB encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS) Question: 143 CertyIQ Which AWS service or tool can a company use to visualize, understand, and manage AWS spending and usage over time? A. AWS Trusted Advisor B. Amazon CloudWatch C. Cost Explorer D. AWS Budgets Answer: C Explanation: Cost Explorer --> graph, over time CloudTrail: monitor and record account activity across AWS infrastructure, giving you control over storage, remediation action. CloudTrail enables auditing, security monitoring and operational troubleshooting by tracking user activity and API usage Question: 144 CertyIQ A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data must remain local and on premises. There must be low latency between AWS and the company resources. Which AWS service or feature can be used to meet these requirements? A. AWS Local Zones B. Availability Zones C. AWS Outposts D. AWS Wavelength Zones Answer: C Explanation: C ANSWER AWS Outposts Hybrid Cloud: businesses that keep an on - premises infrastructure alongside a cloud infrastructure Therefore, two ways of dealing with IT systems: One for the AWS cloud (using the AWS console, CLI, and AWS APIs) One for their on -premises infrastructure AWS Outposts are “server racks” that offers the same AWS infrastructure, services, APIs & tools to build your own applications on -premises just as in the cloud AWS will setup and manage “Outposts Racks” within your on -premises infrastructure and you can start leveraging AWS services on-premises You are responsible for the Outposts Rack physical security Benefits: Low-latency access to on-premises systems Local data processing Data residency Easier migration from on-premises to the cloud Fully managed service Question: 145 A company requires an isolated environment within AWS for security purposes. Which action can be taken to accomplish this? A. Create a separate Availability Zone to host the resources. B. Create a separate VPC to host the resources. C. Create a placement group to host the resources. D. Create an AWS Direct Connect connection between the company and AWS. Answer: B Explanation: Reference: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/infrastructure-security.html " target="_blank" style="word-break: break-all;"> CertyIQ Question: 146 CertyIQ Which AWS service is a highly available and scalable DNS web service? A. Amazon VPC B. Amazon CloudFront C. Amazon Route 53 D. Amazon Connect Answer: C Explanation: Reference: https://aws.amazon.com/route53/ Question: 147 CertyIQ Which of the following is an AWS best practice for managing an AWS account root user? A. Keep the root user password with the security team. B. Enable multi-factor authentication (MFA) for the root user. C. Create an access key for the root user. D. Keep the root user password consistent for compliance purposes. Answer: B Explanation: The question is what is the BEST practice, not NOT THE BEST practice. A = no B = definitely a good practice. "Safeguard your root user credentials the same way you would protect other sensitive personal information. You can do this by configuring MFA for your root user credentials." C = nope. "We don't recommend generating access keys for your root user, because they allow full access to all your resources for all AWS services, including your billing information." https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html D = obviously no. "To protect your password, it's important to follow these best practices: Change your password periodically." https://docs.aws.amazon.com/accounts/latest/reference/root-user-password.html Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html Question: 148 CertyIQ A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access. What should the company use to access instances remotely instead of opening inbound SSH ports and managing SSH keys? A. EC2 key pairs B. AWS Systems Manager Session Manager C. AWS Identity and Access Management (IAM) D. Network ACLs Answer: B Explanation: Reference: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html Question: 149 CertyIQ After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount? A. No upfront payment B. Hourly on-demand payment C. Partial upfront payment D. All upfront payment Answer: D Explanation: Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/ Question: 150 CertyIQ A company has refined its workload to use specific AWS services to improve efficiency and reduce cost. Which best practice for cost governance does this example show? A. Resource controls B. Cost allocation C. Architecture optimization D. Tagging enforcement Answer: Explanation: C as per the AWS documentation: https://docs.aws.amazon.com/whitepapers/latest/cost-management/cost-governance-best-practices.html "Architecture optimization focuses on the need to continually refine workloads to be more cost-conscious to create better architected systems." Question: 151 CertyIQ A company would like to host its MySQL databases on AWS and maintain full control over the operating system, database installation, and configuration. Which AWS service should the company use to host the databases? A. Amazon RDS B. Amazon EC2 C. Amazon DynamoDB D. Amazon Aurora Answer: B Explanation: Hosting a MySQL database on an EC2 instance, you will be able to choose the underlying building blocks such as operating system, storage settings, and database configuration, giving you full control and flexibility over your MySQL database and surpassing the limitations of Amazon RDS, while also leveraging all the advantages of the AWS Cloud platform and services. Question: 152 CertyIQ How does the AWS global infrastructure offer high availability and fault tolerance to its users? A. The AWS infrastructure is made up of multiple AWS Regions within various Availability Zones located in areas that have low flood risk, and are interconnected with low-latency networks and redundant power supplies. B. The AWS infrastructure consists of subnets containing various Availability Zones with multiple data centers located in the same geographic location. C. AWS allows users to choose AWS Regions and data centers so that users can select the closest data centers in different Regions. D. The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones that are connected with low-latency networking and redundant power supplies. Answer: D Question: 153 CertyIQ A company is using Amazon EC2 Auto Scaling to scale its Amazon EC2 instances. Which benefit of the AWS Cloud does this example illustrate? A. High availability B. Elasticity C. Reliability D. Global reach Answer: B Explanation: B - Elasticity. High Availability is a result of Elasticity but the action being performed is actually Elasticity no HA. ( Check on the section of Scalability vs High Availability ) there's a thin difference. Question: 154 CertyIQ Which AWS service or feature is used to send both text and email messages from distributed applications? A. Amazon Simple Notification Service (Amazon SNS) B. Amazon Simple Email Service (Amazon SES) C. Amazon CloudWatch alerts D. Amazon Simple Queue Service (Amazon SQS) Answer: A Explanation: Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both applicationto-application (A2A) and application-to-person (A2P) communication. The A2A pub/sub functionality provides topics for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. Using Amazon SNS topics, your publisher systems can fanout messages to a large number of subscriber systems including Amazon SQS queues, AWS Lambda functions and HTTPS endpoints, for parallel processing, and Amazon Kinesis Data Firehose. The A2P functionality enables you to send messages to users at scale via SMS, mobile push, and email. Question: 155 CertyIQ What feature of Amazon RDS helps to create globally redundant databases? A. Snapshots B. Automatic patching and updating C. Cross-Region read replicas D. Provisioned IOPS Answer: C Explanation: https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-mysql/ Cross-Region Read Replicas for Amazon RDS for MySQL by Jeff Barr | on 26 NOV 2013 | in Amazon RDS, Amazon Redshift | Permalink | Share You can now create cross-region read replicas for Amazon RDS database instances! This feature builds upon our existing support for read replicas that reside within the same region as the source database instance. You can now create up to five in-region and cross-region replicas per source with a single API call or a couple of clicks in the AWS Management Console. We are launching with support for version 5.6 of MySQL Reference: https://aws.amazon.com/blogs/aws/cross-region-read-replicas-for-amazon-rds-for-mysql/ Question: 156 CertyIQ According to the AWS shared responsibility model, which task is the customer's responsibility? A. Maintaining the infrastructure needed to run AWS Lambda B. Updating the operating system of Amazon DynamoDB instances C. Maintaining Amazon S3 infrastructure D. Updating the guest operating system on Amazon EC2 instances Answer: D Explanation: Reference: https://aws.amazon.com/compliance/shared-responsibility-model/#:~:text=Customers%20are%20responsible %20for%20managing,also%20extends% 20to%20IT%20controls Question: 157 CertyIQ A company wants to migrate a small website and database quickly from on-premises infrastructure to the AWS Cloud. The company has limited operational knowledge to perform the migration. Which AWS service supports this use case? A. Amazon EC2 B. Amazon Lightsail C. Amazon S3 D. AWS Lambda Answer: B Explanation: Lightsail > Create a website or application in just a few clicks. Automatically configure networking, access, and security environments. s3 is for static web, the question include database Question: 158 CertyIQ A company is moving multiple applications to a single AWS account. The company wants to monitor the AWS Cloud costs incurred by each application. What can the company do to meet this requirement? A. Set up invoiced billing. B. Use AWS Artifact. C. Set budgets in Cost Explorer. D. Create cost allocation tags. Answer: D Explanation: You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services. Question: 159 CertyIQ Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework? A. Vertical scaling B. Manual failure recovery C. Testing recovery procedures D. Changing infrastructure manually Answer: C Explanation: Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ Question: 160 CertyIQ A user needs to quickly deploy a non-relational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service can be used to accomplish this? A. Amazon RDS B. Amazon DynamoDB C. Amazon Aurora D. Amazon Redshift Answer: B Explanation: Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SQLtoNoSQL.html Question: 161 Which task is an AWS responsibility when a workload is running in Amazon RDS? A. Creating the database table B. Updating the database schema C. Installing the database engine D. Dropping the database records CertyIQ Answer: C Question: 162 CertyIQ A development team wants to publish and manage web services that provide REST APIs. Which AWS service will meet this requirement? A. AWS App Mesh B. Amazon API Gateway C. Amazon CloudFront D. AWS Cloud Map Answer: B Explanation: Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. So its B Question: 163 CertyIQ A company has a social media platform in which users upload and share photos with other users. The company wants to identify and remove inappropriate photos. The company has no machine learning (ML) scientists and must build this detection capability with no ML expertise. Which AWS service should the company use to build this capability? A. Amazon SageMaker B. Amazon Textract C. Amazon Rekognition D. Amazon Comprehend Answer: C Explanation: Amazon Rekognition enables your applications to confirm user identities by comparing their live image with a reference image. Question: 164 Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances? A. Database backups B. Database software patches C. Operating system patches D. Operating system installations. Answer: D CertyIQ Question: 165 CertyIQ A company wants to use Amazon S3 to store its legacy data. The data is rarely accessed. However, the data is critical and cannot be recreated. The data needs to be available for retrieval within seconds. Which S3 storage class meets these requirements MOST cost-effectively? A. S3 Standard B. S3 One Zone-Infrequent Access (S3 One Zone-IA) C. S3 Standard-Infrequent Access (S3 Standard-IA) D. S3 Glacier Answer: A Explanation: S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed Question: 166 CertyIQ An online retail company wants to migrate its on-premises workload to AWS. The company needs to automatically handle a seasonal workload increase in a cost- effective manner. Which AWS Cloud features will help the company meet this requirement? (Choose two.) A. Cross-Region workload deployment B. Pay-as-you-go pricing C. Built-in AWS CloudTrail audit capabilities D. Auto Scaling policies E. Centralized logging Answer: BD Explanation: BD – Pay-as-you-go pricing is great for a cost-effective manner, and with auto scaling policies, customer can define a scaling policy that performs the optimal scaling action, such as change in capacity by value or percentage, or setting exact capacity values. Cross-Region workload deployment is not fitting for the question (there is nothing about globalisation). There is no request for monitoring user activity, so CloudTrail is also incorrect. There is nothing about checking any statuses or collecting logs, so there is no need for centralized logging Question: 167 Which AWS service helps developers use loose coupling and reliable messaging between microservices? A. Elastic Load Balancing B. Amazon Simple Notification Service (Amazon SNS) C. Amazon CloudFront D. Amazon Simple Queue Service (Amazon SQS) CertyIQ Answer: D Explanation: D - Amazon SQS is a fully managed message queuing for microservices, distributed systems, and serverless applications. Elastic Load Balancing automatically distributes incoming application traffic; it doesn’t help with developer work in this context. Amazon SNS is used for email and notifications to users, not for developers. Amazon CloudFront is a content delivery network (CDN) service built for securely delivering content to customers. It is not used for loose coupling nor microservices. Question: 168 CertyIQ A company needs to build an application that uses AWS services. The application will be delivered to residents in European Counties. The company must abide by regional regulatory requirements. Which AWS service or program should the company use to determine which AWS services meet the regional requirements? A. AWS Audit Manager B. AWS Shield C. AWS Compliance Program D. AWS Artifact Answer: C Explanation: The key word is "which AWS services meet the regional requirements?" In this case, it refers to GDPR for Europe. Inherit the most comprehensive compliance controls with AWS. AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping customers satisfy compliance requirements for virtually every regulatory agency around the globe. Question: 169 CertyIQ A company needs to implement identity management for a fleet of mobile apps that are running in the AWS Cloud. Which AWS service will meet this requirement? A. Amazon Cognito B. AWS Security Hub C. AWS Shield D. AWS WAF Answer: A Explanation: Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts, and supports automated remediation. Not relevant. AWS Shield and AWS WAF are for threat protection (Shield for DDoS, WAF for SQL injections), not relevant to the question. Question: 170 CertyIQ A company needs an Amazon EC2 instance for a rightsized database server that must run constantly for 1 year. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively? A. Standard Reserved Instance B. Convertible Reserved Instance C. On-Demand Instance D. Spot Instance Answer: A Question: 171 CertyIQ A company has multiple applications and is now building a new multi-tier application. The company will host the new application on Amazon EC2 instances. The company wants the network routing and traffic between the various applications to follow the security principle of least privilege. Which AWS service or feature should the company use to enforce this principle? A. Security groups B. AWS Shield C. AWS Global Accelerator D. AWS Direct Connect gateway Answer: A Explanation: Security groups control the traffic that is allowed to reach and leave the resources that it is associated with. AWS Shield is for DDoS protection. AWS Global Accelerator is for global reach. AWS Direct Connect is a cloud service that links your network directly to AWS to deliver consistent, lowlatency performance. Question: 172 A company's web application requires AWS credentials and authorizations to use an AWS service. Which IAM entity should the company use as best practice? CertyIQ A. IAM role B. IAM user C. IAM group D. IAM multi-factor authentication (MFA) Answer: A Question: 173 CertyIQ A company is creating a document that defines the operating system patch routine for all the company's systems. Which AWS resources should the company include in this document? (Choose two.) A. Amazon EC2 instances B. AWS Lambda functions C. AWS Fargate tasks D. Amazon RDS instances E. Amazon Elastic Container Service (Amazon ECS) instances Answer: AD Explanation: 'Amazon RDS) is a collection of managed services' - https://aws.amazon.com/rds/ 'Amazon Aurora is fully managed by RDS' - https://www.amazonaws.cn/en/rds/aurora/ RDS is not 'fully' managed, it is a managed instance. Therefore answer is AD Question: 174 CertyIQ Which AWS service or feature gives a company the ability to control incoming traffic and outgoing traffic for Amazon EC2 instances? A. Security groups B. Amazon Route 53 C. AWS Direct Connect D. Amazon VPC Answer: A Explanation: A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. Question: 175 CertyIQ A company is starting to build its infrastructure in the AWS Cloud. The company wants access to technical support during business hours. The company also wants general architectural guidance as teams build and test new applications. Which AWS Support plan will meet these requirements at the LOWEST cost? A. AWS Basic Support B. AWS Developer Support C. AWS Business Support D. AWS Enterprise Support Answer: B Explanation: We recommend AWS Developer Support if you are testing or doing early development on AWS and want the ability to get technical support during business hours as well as general architectural guidance as you build and test. In addition to enhanced technical support and architectural guidance, Developer Support provides access to documentation and forums, AWS Trusted Advisor, and AWS Personal Health Dashboard. Question: 176 CertyIQ A company is migrating its public website to AWS. The company wants to host the domain name for the website on AWS. Which AWS service should the company use to meet this requirement? A. AWS Lambda B. Amazon Route 53 C. Amazon CloudFront D. AWS Direct Connect Answer: B Question: 177 CertyIQ A company needs to evaluate its AWS environment and provide best practice recommendations in five categories: cost, performance, service limits, fault tolerance, and security. Which AWS service can the company use to meet these requirements? A. AWS Shield B. AWS WAF C. AWS Trusted Advisor D. AWS Service Catalog Answer: C Explanation: AWS Trusted Advisor is used to evaluate its AWS environment and provide best practice recommendations in five categories: cost, performance, service limits, fault tolerance, and security. AWS Shield is for DDoS protection. AWS WAF is for SQL injection protection. AWS Service Catalog is for managing services. Question: 178 CertyIQ Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications? A. AWS Cloud9 B. AWS CodeStar C. AWS Cloud Map D. AWS X-Ra