AWS Certified Cloud Practitioner (CLF-C02) Certification Exam Practice Question and Answers | Pass
FULL TRANSCRIPT
Hello and welcome to this new video. In
this video, we're going to cover 600
latest and important question answers
for AWS Cloud Practitioner CLF C02
version. So before going to the question
answers, we request you to kindly
subscribe to our YouTube channel if
you're not already a subscriber. And
these question answers PDF is also
available to download from
shapingpixel.com website. The full link
will be in the description.
So let's jump onto the questions.
Question number one. A company plans to
use an Amazon Snowball Edge device to
transfer files to the AWS cloud. Which
activities related to a Snowball Edge
device are available to the company at
no cost?
Option A, use of the Snowball Edge
appliance for a 10-day period.
Option B, the transfer of data out of
Amazon S3 and to the Snowball Edge
appliance.
Option C, the transfer of data from the
Snowball Edge appliance into Amazon S3.
And option D, daily use of the Snowball
Edge appliance after 10 days.
So the right answer here is option C.
Data transfer into Amazon S3 is 0 per
GB. Data transfer out of Amazon S3 is
priced by region.
So question number two, a company has
deployed applications on Amazon EC2
instances. The company needs to access
application vulnerabilities and must
identify infrastructure deployments that
do not meet best practices.
Which AWS service can the company use to
meet these requirements?
The options are AWS trusted advisor,
Amazon Inspector, AWS Config, Amazon
Guard Duty.
So the right answer here is option B.
Amazon Inspector.
Amazon Inspector is an automated
vulnerability management service that
continually scans AWS workloads for
software vulnerabilities and unended
network exposure. The key word here is
vulnerabilities.
Question number three. A company has a
centralized group of users with large
file storage requirement that have
exceeded the space available on
premises.
The company wants to extend its file
storage capabilities for this group
while retaining the performance benefit
of sharing content locally. What is the
most operationally efficient AWS
solution for the scenario?
Option A, create an Amazon S3 bucket for
each user. Mount each bucket by using an
S3 file system mounting utility.
Option B, configure and deploy an AWS
storage gateway file gateway. Connect
each user's workstation to the file
gateway.
Option C, move each user's working
environment to Amazon Workspaces. Set up
an Amazon works account for each user.
Option D, deploy an Amazon EC2 instance
and attach an Amazon elastic block store
provided IOPS value. Share the EBS
volume directly with the users.
So the right answer here is option B.
Question number four, according to
security best practices, how should an
Amazon EC2 instance be given access to
an Amazon S3 bucket?
Option A, hardcode an IM user secret key
and access key directly in the
application and upload the file.
Option B, store the IM user secret key
and access key in a text file on the EC2
instance. Read the keys, then upload the
file.
Option C, have the EC2 instance assume a
role to obtain the privileges to upload
the file.
And option D, modify the S3 bucket
policy so that any service can upload to
it at any time.
So the right answer here is option C.
Have the EC2 instance assume a role to
obtain the privileges to upload the
file?
Question number five, which option is a
customer responsibility when using
Amazon Dynamo DB under the AWS shared
responsibility model?
Option A, physical security of Dynamo
DB.
Option B, patching of Dynamo DB. Option
C, access to Dynamo DB tables. And
option D, encryption of data addressed
in Dynamo DB.
So the right answer here is option C,
access to Dynamo DB tables.
Under the AWS share responsibility
model, controlling and managing access
to AWS services including Amazon Dynamo
DB tables is a customer responsibility
while AWS take care of the physical
infrastructure, patching and encryption
of data at rest in Dynamo DB. Customers
are responsible for setting up proper
access controls, authentication and
authorization to protect their data and
resources.
So question number six, which option is
a perspective that includes foundational
capabilities of the AWS cloud adaption
framework AWS CF.
The options are sustainability,
performance, efficiency, governance,
reliability.
So the right answer here is option C,
governance.
The six AWS CF
prospectives are business, people,
governance, platform, security and
operations.
Question number seven. A company is
running and managing its own Docker
environment on Amazon EC2 instances. The
company wants an alternative to help
manage cluster size, scheduuling and
environment maintenance.
Which AWS service meets these
requirements
and the options are AWS Lambda, Amazon
RDS, AWS Fargate, Amazon Athena.
So the right answer here is option C.
AWS Fargate.
AWS Fargate is a serverless
pasco comput engine that lets you focus
on building applications without
managing service.
AWS Fargate is compatible with both
Amazon Elastic Container Service and
Amazon Elastic Kubernetes Service.
Question number eight. A company wants
to run a NoSQL database on Amazon EC2
instances.
Which task is the responsibility of AWS
in this scenario?
Option A, update the guest operating
system of the EC2 instances.
Option B, maintain high availability at
the database layer. Option C, patch the
physical infrastructure that hosts the
EC2 instances.
Option D, configure the security group
firewall.
So the right answer here is option C,
patch the physical infrastructure that
hosts the EC2 instances.
patch the physical infrastructure that
hosts the EC2 instances. Guest operating
system is always responsibility of
customer and host of AWS.
Question number nine, which AWS services
or tools can identify resizing
opportunities for Amazon EC2 instances?
Choose two and the options are AWS Cast
Explorer, AWS Building Conductor, Amazon
Code Guru, Amazon Sage Maker,
AWS Compute Optimizer.
So the right answer here is option A and
option E.
AWS cost explorer and AWS compute
optimizer.
Question number 10. Which of the
following are benefits of using AWS
trusted advisor? Option A, providing
high performance container
orchestration.
Option B, creating and rotating
encryption keys.
Option C, detecting underutilized
resources to save costs. Option D,
improving security by proactively
monitoring the AWS environment. Option
E, implementing enforced tagging across
AWS resources.
So the right answer here is option C and
option D.
Benefits of trusted advisor. Cost
optimization. Performance. Security.
Fall tolerance. Service quotas.
Question number 11. Which of the
following is an advantage that users
experience when they move on premises
workloads to the AWS cloud?
Option A, elimination of expenses for
running and maintaining data centers.
Option B, price discounts that are
identical to discounts from hardware
providers.
Option C, distribution of all
operational controls to AWS.
Option D, elimination of operational
expenses.
So the right answer here is
option A.
Elimination of expenses for running and
maintaining data centers.
Question number 12. A company wants to
manage deployed IT services and govern
its infrastructure as a code templates.
Which AWS service will meet this
requirement?
And the options are AWS resource
explorer,
AWS service catalog,
AWS organizations,
AWS systems manager.
So the right answer here is option B.
AWS service catalog
AWS service catalog lets you centrally
manage your cloud resources to achieve
governance at scale of your
infrastructure as code templates
written in cloud formation or terapform
configurations.
With AWS service catalog, you can meet
your compliance requirements while
making sure your customers can quickly
deploy the cloud resources they need.
Question number 13. Which AWS service or
tool helps users visualize, understand,
and manage spending and usage over time?
And the options are AWS organizations,
AWS pricing calculator,
AWS cost explorer,
AWS service catalog.
So the right answer here is option C,
AWS cost explorer.
AWS Cost Explorer has an easy to use
interface
that lets you visualize, understand, and
manage your AWS cost and usage over
time. Get started quickly by creating
custom reports that analyze cost and
usage data.
Analyze your data at a high level
or dive deeper into your cost and usage
data to identify trends, pinpoint cost
drivers and detect anomalies.
Question number 14. A company is using a
central data platform to manage multiple
types of data to its customers. The
company wants to use AWS services to
discover, transform and visualize the
data.
Which combination of AWS services should
the company use to meet these
requirements? Choose two. And the
options are AWS Glue, Amazon Elastic
File System,
Amazon Red Shift, Amazon Quicksite,
Amazon Quantum Ledger Database.
So the right answer here is
option A and option D.
AWS Glue is a serverless data
integration service that makes it easier
to discover, prepare, move, and
integrate data from multiple resources
for analytics, machine learning, and
application development.
Amazon Quicksite powers datadriven
organizations with unified business
intelligence at hypers scale. With
Quicksite, all users can meet varying
analytic needs from the same source of
truth through modern interactive
dashboards, pagated reports, embedded
analytics, and natural language queries.
Question number 15. A global company
wants to migrate its third-party
applications to the AWS cloud. The
company wants help from a global team of
experts to complete the migration faster
and more reliable in accordance with AWS
internal best practices.
Which AWS service or resource will meet
these requirements?
And the options are AWS support, AWS
professional services, AWS launch
wizard, AWS manage services.
So the right answer here is option B.
AWS professional services.
AWS partner network APN.
Consulting partners help customers
design, architect, build, migrate, and
manage workloads and applications on
Amazon Web Services.
Question number 16.
An e-learning platform needs to run an
application for 2 months each year. The
application will be deployed on Amazon
EC2 instances.
Any application downtime during those
two months must be avoided.
Which EC2 purchasing option will meet
these requirements most cost
effectively?
And the options are reserved instances,
dedicated hosts, spot instances, on
demand instances.
So the right answer here is
option D. On demand instances
on demand instances are recommended for
users that prefer the low cost and
flexibility of EC2 without any upfront
framement upfront payment for long-term
amendments.
applications with short-term spiky or
unpredictable workloads that cannot be
interrupted.
Applications
being developed or tested on EC2 for the
first time.
Question number 17. A developer wants to
deploy an application quickly on AWS
without manually creating the required
resources.
Which AWS service will meet these
requirements?
The options are Amazon EC2,
AWS elastic beanto,
AWS code build, Amazon personalize.
So the right answer here is option B.
AWS elastic beanto.
With Elastic Beantock, you can quickly
deploy and manage applications in the
AWS cloud without having to learn about
the infrastructure that runs those
applications. Elastic Beantock reduces
management complexity without
restricting choice or control. You
simply upload your application and
Elastic Beantock automatically handles
the details of capacity provisioning,
load balancing, scaling and application
health monitoring.
Question number 18. The company is
storing sensitive customers data in an
Amazon S3 bucket. The company wants to
protect the data from accidental
deletion or overriding.
Which S3 feature should the company use
to meet this requirements?
We have the following four options. S3
life cycle rules. S3 versioning, S3
bucket policies, S3 serverside
encryption.
So the right answer here is option B, S3
versioning.
Versioning in Amazon S3
is a means of keeping multiple variants
of an object in the same bucket. You can
use the S3 versioning feature to
preserve, retrieve, and restore every
version of every object stored in your
buckets. Versioning enabled buckets can
help you recover object from accidental
deletion or override. For example, if
you delete an object, Amazon S3 inserts
a delete marker instead of removing the
object permanently.
Question number 19. Which AWS service
provides the ability to manage
infrastructure as code?
And the options are AWS code pipeline,
AWS code deploy, AWS direct connect, AWS
cloud formation.
So the right answer here is option D.
AWS cloud formation.
AWS cloud formation lets you model,
provision and manage AWS and third party
resources by treating infrastructure as
code.
Question number 20. An online gaming
company needs to choose a purchasing
option to run its Amazon EC2 instances
for one year. The web traffic is
consistent and any increase in traffic
are predictable. The EC2 instances must
be online and available without any
disruption.
Which EC2 instances purchasing option
will meet these requirements most cost
effectively
and the options are on demand instances,
reserved instances, spot instances, spot
fleet.
So the right answer here is option B,
reserved instances.
Amazon EC2 reserved instances provide a
significant discount compared to
ondemand prices pricing and provide a
capacity reservation when used in a
specific availability zone.
Question number 21. Which AWS service or
feature allows a users to establish a
dedicated network connection between a
company's on premises data center and
AWS cloud
and the options are AWS direct connect
VPC peering AWSVPN
Amazon root 53.
So the right answer here is option A.
AWS direct connect.
Create a dedicated network connection to
AWS. The AWS direct connect cloud
service is the shortest path to your AWS
resources. While in transit, your
network traffic remains on the AWS
global network and never touches the
public internet.
Question number 22. Which option is a
physical location of the AWS global
infrastructure?
The options are AWS data sync, AWS
region, Amazon connect, AWS
organizations.
So the right answer here is option B AWS
region.
AWS has the concept of a region which is
a physical location around the world
where we cluster data centers.
Question number 23. A company wants to
protect its AWS cloud formation systems
and assets while performing risk
assessment and mitigation tasks.
Which pillar of the AWS well architected
framework is supported by these goals?
And the options are reliability,
security, operational excellence,
performance, efficiency.
So the right answer here is
option B security.
So this is conclusion of security
builder. Help you build and operate
architectures that protect information
systems and assets while delivering
business value.
Question number 24. What is the purpose
of having an internet gateway within a
VPC?
Option A to create a VPN connection to
the VPC.
Option B to allow communication between
the VPC and the internet. Option C to
impose bandwidth constraints on internet
traffic. Option D to load balance
traffic from the internet across Amazon
EC2 instances.
The right answer here is option B to
allow communication between the VPC and
the internet.
An internet gateway is a horizontally
scaled, redundant, and highly available
VPC component that allows communication
between your VPC and the internet.
Question number 25. A company is running
a monolithic on premises application
that does not scale and is difficult to
maintain. The company has a plan to
migrate the application to AWS and
divide the application into
microservices.
Which best practice of the AWS
wellarchchitected framework is the
company following with this plan?
Option A, integrate functional testing
as part of AWS deployment. Option B, use
automation to deploy changes. Option C,
deploy the application to multiple
locations. Option D, implement loosely
coupled dependencies.
So the right answer here is option D,
implement loosely coupled dependencies.
Dependencies such as queuing systems,
streaming systems, workflows, and load
balancers are loosely coupled. Loose
coupling helps isolate behavior of a
component from other components that
depend on it, increasing resilency
and agility.
Question number 26. A company has an AWS
account. The company wants to audit its
password and access key rotation details
for compliance purposes.
Which AWS service or tool will meet this
requirement?
And the options are IM access analyzer,
AWS artifact,
IM credential report, AWS audit manager.
So the right answer here is option C, IM
credential report.
You can use credential reports to assist
in your auditing and compliance efforts.
You can use the report to audit the
effects of credential life cycle
requirements such as password and access
key updates.
Question number 27. A company wants to
receive a notification when a specific
AWS cost threshold is reached. Which AWS
services or tools can the company use to
meet these requirements? Choose two. The
options are Amazon simple Q service, AWS
budgets, cost explorer, Amazon
cloudatch, AWS cost and usage report.
So the right answer here is
option B and option D.
AWS budgets and Amazon Cloudatch.
Question number 28.
Which AWS service or resource provides
answers to the most frequently asked
security related questions that AWS
receives from its users?
The options are AWS artifact, Amazon
connect, AWS chatbot, AWS knowledge
center.
So the right answer here is option D.
AWS knowledge center.
The AWS knowledge center is a
comprehensive resource that provides
answers to the most frequently asked
security related questions that AWS
receives from its users. It is a central
repository of security information and
guidance covering a wide range of
topics.
Question number 29.
Which tasks are customers
responsibilities according to the AWS
shared responsibility model? Choose two.
Option A, configure the AWS provided
security group firewall. Option B,
classify company assets in the AWS
cloud. Option C, determine which
availability jones to use for Amazon S3
buckets. Option D, patch or upgrade
Amazon Dynamo DB. Option E, select
Amazon EC2 instances to run AWS Lambdon.
So the right answer here is option A and
option B.
Question number 13. Which of the
following are pillars of the AWS well
architected framework? Choose two. The
options are availability,
reliability, scalability, responsive
design, operational excellence.
So the right answer here is option B and
option E.
Reliability and operational excellence.
AWS well architected helps cloud
architects build secure, high-erforming,
preent and efficient infrastructure for
a variety of applications and workloads.
Built around six pillars, operational
excellence, security, reliability,
performance, efficiency, cost
optimization, and sustainability.
Question number 31.
Which AWS service or feature is used to
send both text and email messages from
distributed applications?
Option A, Amazon simple notification
service.
Option B, Amazon simple email service.
Option C, Amazon Cloudatch alerts. and
option D, Amazon simple Q service.
So the right answer here is option A,
Amazon simple notification service.
Amazon simple notification service sends
notifications two ways A to A and A2P.
A2A provides high throughput pushbased
many to many messaging dist between
distributed systems microservices and
eventdriven serverless applications.
These applications include Amazon simple
Q service, Amazon Kinesis data fire
host, AWS Lambda and other HTTPS
endpoints. A2P functionality lets you
send messages to your customers with SMS
text, push notifications, and email.
Question number 32. A user needs
programmatic access to AWS resources
through the AWS CLI or the AWS API.
Which option will provide the user with
the appropriate access? And the options
are Amazon inspector access keys, SSH
public keys, AWS key management service
keys.
So the right answer here is option B.
Access keys.
Access
keys are long-term credentials for an IM
user or the AWS account root user. You
can use access keys to sign programmatic
request to the AWS CLI or AWS API.
Question number 33. The company runs
thousands of simultaneous
simulations using AWS batch. Each
simulation is stateless, is fall
tolerant, and runs for up to 3 hours.
Which pricing model enables the company
to optimize cost and meet these
requirements?
The options are reserved instances, spot
instances, on demand instances,
dedicated instances.
So the right answer here is option B.
Spot instances.
Spot instances are good fit for
stateless fall tolerance workloads that
can be interrupted without any impact on
the overall job.
Question number 34.
What does the concept of agility mean in
AWS cloud computing? Choose two. And we
have the following five options. Option
A, the speed at which AWS resources are
implemented.
Option B, the speed at which AWS creates
new AWS regions. Option C, the ability
to experiment quickly. Option D, the
elimination of wasted capacity. Option
E, the low cost of entry into cloud
computing.
The right answer here is option A and
option C.
Question number 35. A company needs to
block SQL injection attacks. Which AWS
service or feature can meet these
requirements?
And the options are AWS WAF, AWS Shield,
Network ACL, Security Groups.
So the right answer here is option A.
AWS WAF.
AWSW AF helps you protect against common
web exploits and bots that can affect
availability, compromise security or
consume excessive resources.
Question number 36. Which AWS service or
feature identifies whether an Amazon S3
bucket or an IM role has been shared
with an external entity?
Option A, AWS service catalog,
option B, AWS systems manager, option C,
AWS IM access analyzer and option D AWS
organizations.
So the right answer here is
option C. AWS IM access analyzer.
IM access analyzer helps identify
resources in your organization and
accounts that are shared with an
external entity.
Question number 37. A cloud practitioner
needs to obtain AWS compliance reports
before migrating an environment to the
AWS cloud. How can these reports be
generated?
Option A, contact the AWS compliance
team.
Option B, download the reports from AWS
artifact.
Option C, open a case with AWS support.
Option D, generate the reports with
Amazon Mackie.
So the right answer here is option B,
download the reports from AWS Artifact.
AWS artifact is a portal that provides
access to various compliance reports
including certifications, attestations
and other relevant documents. You can
download these reports directly from AWS
artifact.
Question number 38. An e-commerce
company has migrated its IT
infrastructure from an on premises data
center to the AWS cloud. Which cost is
the company's direct responsibility?
Option A, cost of application software
licenses,
option B, cost of the hardware
infrastructure on AWS.
Option C, cost of power for the AWS
servers. And option D, cost of physical
security for the AWS data center.
So the right answer here is option A.
Cost of application software licenses.
Question number 39. A company is setting
up AWS identity and access management on
an AWS account. Which recommendation
compiles complies with IM security best
practices?
Option A, use the account root user
access keys for administrative tasks.
Option B, grant broad permissions so
that all company employees can access
the resources they need. Option C, turn
on multiffactor authentication for added
security during the login process.
Option D, avoid rotating credentials to
prevent issues in production
applications.
So the right answer here is option C.
Enabling multiffactor authentication for
user accounts, especially for users with
administrative or highprivilege access,
is a crucial security best practice. MFI
adds an additional layer of security by
requiring users to provide two or more
verification factors.
Something they know like a password or
something they have like a temporary MFA
code from a hardware token or mobile
before gaining access. These
significantly reduces the risk of
unauthorized access even if login
credentials are compromised.
Question number 40. Elasticity in the
AWS cloud refers to which of the
following? Choose two. Option A. How
quickly an Amazon EC2 instance can be
restarted?
Option B, the ability to rightsize
resources as demand shifts. Option C,
the maximum amount of RAM an Amazon EC2
instance can use. Option D, the pay as
you go billing model. Option E, how
easily resources can be produced when
they are needed.
So the right answer here is option B and
option E.
Elasticity is the ability to add and
release resources as business needs
change. It has nothing to do with
pricing.
Question number 41. Which service
enables customers to audit API calls in
their AWS accounts?
And the options are AWS cloud trial,
AWS trusted advisor, Amazon Inspector,
AWS X-Ray.
So the right answer here is option A.
AWS cloud trial.
AWS cloud trial is a service that
records all API calls made on your AWS
account. It provides a detailed history
of events including who made the call,
what actions were performed and from
which IP address the call originated.
This audit trail is valuable for
security compliance, troubleshooting and
monitoring purposes. And it helps you
maintain visibility into how your AWS
resources are being used.
Question number 42. What is a customer
responsibility when using AWS Lambda
according to the AWS shared
responsibility model?
Option A, managing the code within the
Lambda function. Option B, confirming
that the hardware is working in the data
center.
Option C, patching the operating system.
Option D, shutting down Lambda functions
when they are no longer in use.
So the right answer here is option A.
Managing the code with the lambda
function.
In the AWS shared responsibility model,
AWS is responsible for the
infrastructure and security of the cloud
while customers are responsible for the
security in the cloud. When using AWS
Lambda, customers are responsible for
managing the code and configuration
within the Lambda function. These
includes writing and updating the code,
configuring the functions, execution
environment, and ensuring that the code
complies with security best practices
and is free from vulnerabilities.
Question number 43. A company has 5
terabyte of data stored in Amazon S3.
The company plans to occasionally run
queries on the data of for analysis.
Which AWS service should the company use
to run these queries in the most cost
effective manner?
And the following options are Amazon Red
Shift, Amazon Athena, Amazon Kinesis,
Amazon RDS.
So the right answer here is option B,
Amazon Athena.
Amazon Athena is a serverless
interactive analytics service built on
open-source framework supporting open
table and file formats. Athena provides
a simplified flexible way to analyze
pabytes of data where it lives analyze
data or build applications from an
Amazon simple storage service data lake
and 30 data sources
including on premises data sources or
other cloud systems using SQL or Python.
Athena is built on open-source Trino and
Presto engines and Apache Spark
frameworks with no provisioning or
configuration effort required.
Question number 44, which AWS service
can be used at no additional cost?
And the options are Amazon Sage Maker,
AWS Config, AWS organizations,
Amazon Cloudatch.
So the right answer here is option C,
AWS organizations.
AWS organizations is an account
management service that enables you to
consolidate
multiple AWS accounts into an
organization that you create and
centrally manage. AWS organizations is
offered at no additional charge. You are
charged only for AWS resources that uses
and roles in your member account you
accounts use. For example, you are
charged the standard fees for Amazon EC2
instances that are used by users or
roles in your members account.
Question number 45. Which AWS cloud
adoption framework capabilities belongs
to the people prospective?
options are data architecture, event
management, cloud fluency, strategic
partnership.
So the right answer here is option C,
cloud fluency.
Question number 46. A company wants to
make an upfront commitment for continued
use of its production Amazon EC2
instances in exchange for a reduced
overall cost. Which pricing options meet
these requirements with the lowest cost?
Choose two and the options are spot
instances on demand instances, reserved
instances, savings plans, dedicated
hosts.
So the right answer here is option C and
option D.
Reserved instances provide a significant
discount compared to on demand pricing
in exchange for a one-time upfront
payment and or a lower hourly rate. The
more you commit, the greater the
discount. Option D, savings plans.
Savings plans offers flexible pricing
and savings on your AWS usage with
discounts of up to 72%
compared to ondemand pricing. With
savings plans, you commit to a certain
amount of usage for a one or threeear
term and receive a lower rate for the
you for that usage.
Question number 47. A company wants to
migrate its on premises relational
databases to the AWS cloud. The company
wants to use infrastructure as close to
its current geographical location as
possible. Which AWS service or resource
should the company use to select its
Amazon RDS deployment area? And the
options are Amazon connect, AWS
wavelength, AWS regions, AWS direct
connect. So the right answer here is
option C. AWS regions
AWS connect customer service cloud
contact center AWS wavelength 5G devices
AWS direct connect dedicated network
connection bypass public network.
Question number 48. A company is
exploring the use of the AWS cloud and
needs to create a cost estimate for a
project before the infrastructure is
provisioned. Which AWS service or
feature can be used to estimate cost
before deployment?
Option A, AWS free tire, option B, AWS
pricing calculator. Option C, AWS
billing and cost management. Option D,
AWS cost and usage report.
So the right answer here is option B.
AWS pricing calculator.
AWS pricing calculator is a web- based
planning tool that you can use to create
estimates for your AWS use cases. You
can use it to model your solutions
before building them. Explore the AWS
service price points and review the
calculations beyond behind your
estimates.
Question number 49. A company is
building an application that needs to
deliver images and videos globally with
minimal latency. Which approach can the
company use to accomplish these in a
cost-ffective manner?
A deliver content through Amazon
CloudFront. Option B, store the content
on Amazon S3 and enable S3 cross region
replication. Option C, implement a VPN
across multiple AWS regions. Option D,
deliver the content through AWS private
link.
So the right answer here is option A,
deliver the content through Amazon
CloudFront.
Securely deliver content with low
latency and high transfer speeds.
Question number 15. Which option is a
benefit of the economies of scale based
on the advantages of cloud computing?
Option A, the ability to trade variable
expenses for fixed expenses. Option B,
increased speed and agility. Option C,
lower variable cost over fixed costs.
Option D, increased operational cost
over across data centers.
So the right answer here is option C,
lower variable cost over fixed costs.
Benefit from massive economies of scale
by using cloud computing. You can
achieve a lower variable cost than you
can get on your own because usage from
hundreds of thousands of customers is
aggregated in the cloud. Providers such
as AWS can achieve higher economies of
scale which translates into lower pay as
you go prices?
Question number 51. Which of the
following is a software development
framework that a company can use to
define cloud resources as code and
provision the resources through AWS
cloud formation?
Options are AWS CLI, AWS developer
center, AWS cloud development kit, AWS
codear.
So the right answer here is option C.
AWS cloud development kit. AWS CDK is a
software development framework that
enables developers to define
infrastructure as code using familiar
programming languages like TypeScript,
Python, Java, C# and more. With AWS CDK,
you can define cloud resources, the
relationships and provisioning logic in
your preferred programming language. AWS
CDK also generates cloud formation
templates based on your code, making it
easier to manage and deploy
infrastructure resources in AWS.
Question number 52. A company is
developing an application that uses
multiple AWS services. The application
needs to use temporary limited privilege
credentials for authentication with
other AWS APIs. Which AWS service or
feature should the company use to meet
these authentication requirements?
Option A, Amazon API gateway. Option B,
A IM users. Option C, AWS security token
service. Option D, IM instance profiles.
So the right answer here is option C.
AWS security token service. AWS provides
AWS security token service as a web
service that enables you to request
temporary limited privilege credentials
for users.
Question number 53. Which AWS service is
a cloud security posture management
service that aggregates alerts from
various AWS services and partner
products in a standardized format and
the options are AWS security hub, AWS
trusted advisor, Amazon Event Bridge,
Amazon Guard Duty. So the right answer
here is option A, AWS security hub.
AWS Security Hub is a cloud security
posture management service that performs
automated continuous security best
practices checks against your AWS
resources to help you identify
misisconfigurations and aggregates your
security alerts in a standardized format
so that you can more easily enrich,
investigate and remediate them.
Question number 54. Which AWS service is
always provided at no charge? The
options are Amazon S3, AWS identity and
access management, elastic load
balances, AWS W AF.
So the right answer here is option B.
AWS identity and access management
IM is a feature of your AWS account and
is offered at no additional charge.
Question number 55. To reduce cost, a
company is planning to migrate a NoSQL
database to AWS. Which AWS service is
fully managed and can automatically
scale through capacity to meet database
workload demands? And the options are
Amazon Redshift, Amazon Aurora, Amazon
Dynamob, Amazon RDS.
So the right answer here is option C,
Amazon Dynamo DB.
Amazon DynamoB is a fully managed NoSQL
database service that provides fast and
predictable performance with seamless
scalability.
Question number 56. A company is using
Amazon Dynamo DB. Which task is the
company's responsibility according to
the AWS shared responsibility model? And
the options are option A patch the
operating system option B provision host
option C manage database access
permissions and option D secure the
operating system.
So the right answer here is option C
manage database access permissions.
Question number 57. A company has a test
AWS environment. A company is planning
on testing an application within AWS.
Application testing can be interrupted
and does not need to run continuously.
Which Amazon EC2 purchasing option will
meet the requirements most cost
effectively?
And the options are on demand instances,
dedicated instances, spot instances,
reserved instances.
So the right answer here is option C,
spot instances.
Question number 58. Which AWS service
gives users the ability to discover and
protect sensitive data that is stored in
Amazon S3 buckets? The options are
Amazon Mackie, Amazon Detective, Amazon
Guard Duty, AWS IM Access Analyzer.
So the right answer here is option A.
Amazon Macki.
Amazon Mackie is a data security service
that discovers sensitive data using
machine learning and pattern matching.
Provides visibility into data security
risk and enables you to automate
protection against those risks.
Question number 59. Which of the
following services can be used to block
network traffic to an instance?
Choose two. The options are security
groups, Amazon virtual private cloud,
flow logs, network ACL, Amazon
cloudatch, AWS cloud trial.
So the right answer here is option A and
option C. Security groups and network
ACL.
Security groups are stateful firewalls
that control inbound and outbound
traffic at the instance level. You can
configure security groups to allow or
deny specific types of network traffic
to and from your instances. Network ACL
are stateless firewall that control
traffic at the subnet level. Network ACL
define rules to allow or deny traffic
based on source and destination IP
addresses, ports, and protocols.
Question number 60. Which AWS service
can identify when an Amazon EC2 instance
was terminated? And the options are
option A AWS identity and access
management, option B AWS cloud trial,
option C AWS compute optimizer and
option D Amazon event bridge.
So the right answer here is option B AWS
cloud trial.
AWS cloud trial is a service that
records all API activity in your AWS
account, including the termination of
EC2 instances. It creates log entries
for various events, providing an audit
trail of actions taken on resources. By
reviewing cloud trial logs, you can
identify when an EC2 instance was
terminated, who initiated the
termination, and other relevant details
about the event?
Question number 61. Which of the
following is a fully managed MySQL
compatible database?
And the options are Amazon S3, Amazon
Dynamob, Amazon Red Shift, Amazon
Aurora.
So the right answer here is option D,
Amazon Aurora.
Amazon Aurora is a relational database
service that is compatible with MySQL
and PostSQL. It is fully managed by AWS
and is designed for high availability,
performance, and scalability while
maintaining MySQL compatibility. Aurora
offers features like automated backups,
read replicas, and seamless failure to
ensure data durability and availability.
It's a popular choice for applications
that require MySQL compatible database
with the benefits of a fully managed
service.
Question number 62.
Which AWS service supports a hybrid
architecture that gives users the
ability to extend AWS infrastructure,
AWS services, APIs and tools to data
centers, collocation environments or on
premises facilities.
The options are AWS no mobile, AWS local
Jones, AWS outpost and AWS Fargate.
So the right answer here is option C.
AWS outposts.
AWS outposts enable you to run AWS
infrastructure and services on premises
while seamlessly connecting to the AWS
cloud. This service extends the AWS
ecosystem to your on premises locations
allowing you to take advantage of cloud
benefits while addressing the
requirements of data residency,
low latency applications and specific
regulatory needs in hybrid environments.
Question number 63. Which AWS service
can run a managed postry SQL databases?
that provides online transaction
processing OLTP and the options are
Amazon Dynamob, Amazon Athena, Amazon
RDS, Amazon EMR.
So the right answer here is option C,
Amazon RDS.
Amazon RDS supports various database
engines including PostgresSQL and offers
a managed database service suitable for
OLTP workloads. With Amazon RDS for
PostgresSQL, you can easily set up,
operate and scale a PostRSQL database
without the administrative overhead of
managing the infrastructure.
Question number 64. A company wants to
provide managed Windows virtual desktops
and applications to its remote employees
over secure network connections. Which
AWS services can the company use to meet
these requirements? Choose to. And the
options are Amazon Connect, Amazon
AppStream,
Amazon Workspaces, AWS Sight to
SightVPN,
Amazon Elastic Container Service, Amazon
ECS.
So the right answer here is option B and
option C. Amazon AppStream 2.0,
Amazon Workspaces.
Amazon AppStream 2.0 0 is a service that
enables you to stream desktop
applications to users through web
browsers. You can deliver Windows
applications securely to remote users
without the need to provision and manage
full virtual desktops.
Option C, Amazon Workspaces is a fully
managed desktop as a service solution
that provides Windows desktop to users.
You can configure and manage virtual
desktops for remote employees using
workspaces.
Question number 65. A company wants to
monitor for misconfigured security
groups that are allowing unrestricted
access to specific ports. Which AWS
service will meet this requirement?
The options are AWS trusted advisor,
Amazon cloudatch, Amazon guard duty, AWS
health dashboard.
So the right answer here is option A.
AWS trusted advisor.
Unrestricted access check security
groups for rules that allow unrestricted
access to a resource. Unrestricted
accesses increase opportunities for
malicious activities. For more details,
see the trusted advisor frequently asked
questions.
Question number 66.
Which AWS service is a key value
database that provide sub millisecond
latency on a large scale? The options
are Amazon Dynamob, Amazon Aurora,
Amazon Document DB, Amazon Neptune.
So the right answer here is option A.
Amazon Dynamo DB
because Amazon DynamoB is a non-
relational database that delivers
reliable performance at any scale. It's
a fully managed multi-reion multim
masteraster database that provides
consistent singledigit millisecond
latency and offers built-in security
backup and restore and in-memory
catching.
Question number 67. Which AWS services
or features provide disaster recovery
solutions for Amazon EC2 instances?
choose to and the options are EC2
reserved instances, EC2 Amazon machine
images, Amazon elastic block store
snapshots, AWS shield, Amazon guard
duty.
So the right answer here is option B and
option C. EC2 mach Amazon machine
images, Amazon elastic block store
snapshots.
Amazon machine images are used to create
backups of EC2 instances and they can be
used to launch replacement instances in
the event of a disaster or data loss.
AMIs are essential
for creating recovery points for your
EC2 instances.
EBS snapshots allow you to create point
in time backups for your EBS volumes.
These snapshots can be used to restore
data or create new EBS volumes, making
them a key component of disaster
recovery for EC2 instances.
Question number 68. Which AWS service
provides command line access to AWS
tools and resources directly from a web
browser?
And the options are AWS cloud HSM, AWS
CloudShell, Amazon Workspaces, AWS Cloud
Map.
So the right answer here is option B AWS
cloud shell.
Using AWS CloudShell, a browser-based
shell, you can quickly run scripts with
the AWS command line interface,
experiment with service APIs using the
AWS CLI, and use other tools to increase
your productivity. The cloud shell icon
appears in AWS region where cloud shell
is available.
Question number 69. A network engineer
needs to build a hybrid cloud
architecture connecting on premises
network to the AWS cloud using AWS
direct connect. The company has a few
VPCs in a single AWS region and expects
to increase the number of VPCs to
hundreds over time. Which AWS service or
feature should the engineer use to
simplify and scale these connectivity as
the VPCs increase in number? And the
options are VPC endpoints, AWS transit
gateway, Amazon root 53, AWS secrets
manager.
So the right answer here is option B,
AWS transit gateway.
AWS transit gateway connects your Amazon
virtual private clouds and on premises
networks through a central hub. These
connection simplifies your network and
puts an end to complex peering
relationships. Transit gateway acts as a
highly scalable cloud router. Each new
connection is made only once.
Question number 70. A company wants to
establish a schedule for rotating
database user credentials. Which AWS
service will support this requirement
with the least amount of operational
overhead? The options are AWS systems
manager, AWS secrets manager, AWS
license manager, AWS managed services.
So the right answer here is option B.
AWS secrets manager.
AWS Secrets Manager helps you manage,
retrieve, and rotate database
credentials, API keys, and other secrets
throughout their life cycles.
Question number 71. Which AWS service is
used to provide encryption for Amazon
EBS? And the options are AWS certificate
manager, AWS systems manager, AWS KMS,
AWS config.
So the right answer here is option C.
AWS KMS.
AWS key management service lets you
create, manage, and control
cryptographic keys across your
applications and AWS services.
Question number 72. A company wants to
manage its AWS cloud resources through a
web interface. Which AWS service will
meet this requirement? And the options
are AWS management console, AWS CLI, AWS
CDK, AWS cloud9.
So the right answer here is option A.
AWS management console.
The AWS management console is a web
application that comprises and refers to
a broad collection of service consoles
for managing AWS resources.
Question number 73. Which of the
following are advantages of the AWS
cloud? Choose two. And the options are
option A trade variable expenses for
capital expenses. Option B high economy
of scale. Option C launch globally in
minutes. Option D focus on managing
hardware infrastructure. Option E
overprovision to ensure capacity.
So the right answer here is option B and
option C.
High economy of scale launch globally in
minutes.
Ability to quickly change required
capacity. With the AWS cloud, users can
easily scale their infrastructure up or
down based on demand. This flexibility
allows for rapid ad adjustments of
resources to match application needs
enabling cost optimization and efficient
resource utilization.
High economy of scale. AWS operates at a
large scale serving millions of
customers globally. This scale allows
AWS to achieve cost efficiencies and
pass on the benefits to customers. By
leveraging AWS services, users can
access enterprisegrade infrastructure
and services without the need for
significant upfront investment in
hardware or infrastructure.
Question number 74. Which AWS cloud
benefit is shown by an architectures
ability to withstand failures with
minimal downtime?
And the options are agility, elasticity,
scalability, high availability.
So the right answer here is option D,
high availability.
The ability of an architecture to
withstand failures with minimal downtime
is a characteristics of high
availability. High availability ensures
that your system remains operational and
accessible even in the face of component
failures. This is critical for
maintaining a reliable and responsive
application or service.
Question number 75. A developer needs to
maintain a development environment
infrastructure and a production
environment infrastructure in a
repeatable fashion. Which AWS service
should the developer use to meet these
requirements?
The options are AWS ground station, AWS
shield, AWS IoT device defender and AWS
cloud formation.
So the right answer here is
option D. AWS cloud formation.
AWS cloud formation lets you model,
provision and manage AWS and third party
resources by treating infrastructure as
code.
Question number 76. Which task is the
customer's responsibility according to
the AWS shared responsibility model?
Option A, maintain the security of the
AWS cloud. Option B, configure firewalls
and networks. Option C, patch the
operating system of Amazon RDS
instances. Option D, implement physical
and environmental controls.
So the right answer here is option B,
configure firewalls and networks.
Question number 77. Which AWS service
helps deliver highly available
applications with fast failure for
multi-reion and multi-AZ architectures?
And the options are AWS WF, AWS Global
Accelerator, AWS Shield, AWS Direct
Connect.
So the right answer here is
option B. AWS global accelerator.
Deliver highly available applications
with fast failure for multi-reion and
multi-AZ architectures.
Question number 78. A company has a set
of e-commerce applications. The
applications needs to be able to send
messages to each other. Which AWS
service meets this requirement?
Option A, AWS autoscaling. Option B,
elastic load balancing. Option C, Amazon
simple Q service, Amazon SQS. and option
D, Amazon Kinesis data streams. So the
right answer here is option C. Amazon
simple Q service.
Amazon simple Q service is a fully
managed message queuing service that
enables you to decouple and scale
microservices, distributed systems and
serverless applications. It allows one
application to send messages to a que
and another application to retrieve
those messages from the queue. These can
be helpful in scenarios where the sender
and receiver are not required to
interact with each other in real time.
Question number 79. What are the
benefits of consolidated building for
AWS cloud services? Choose two. Option
A, volume discounts. Option B, a minimal
additional fee for use. Option C, one
bill will for multiple accounts. Option
D, installment payment option. And
option E, custom cost usage budget
creation. So the right answer here is
option A and option C.
Consolidated billing has the following
benefits. One bill, you get one bill for
multiple accounts. Easy tracking. You
can track the charges across multiple
accounts and download the combined cost
and usage data. Combined usage. You can
combine the usage across all accounts in
the organization to share the volume
pricing discounts, reserved instances,
discounts, and savings plans. These can
result in a lower charge for your
project department or company than with
individual standalone accounts. For more
information, see volume discounts. No
extra fee. Consolidated billing is
offered at no additional cost.
Question number 80. A user wants to
retrieve all Amazon S3 buckets with
ACL's and S3 bucket policies in the S3
console. Which AWS service or resource
will meet these requirements?
Option A, S3 multi-reion access points.
Option B, S3 storage lens. Option C, AWS
IM identity center. Option D, Access
Analyzer for S3.
So the right answer here is option D,
access analyzer for S3.
Access analyzer for S3 allows you to
analyze and review access policies for
your S3 buckets.
It helps you identify and resolve
unintended access to your S3 resources.
With access analyzer for S3, you can
review both bucket policies and bucket
ACL to ensure proper access controls.
Question number 81. What is the best
resource for a user to find compliance
related information and reports about
AWS?
The options are AWS artifact, AWS
marketplace, Amazon inspector, AWS
support.
So the right answer here is option A,
AWS artifact.
AWS Artifact is your go-to central
resource for compliance related
information that matters to you. It
provides on demand access to security
and compliance reports from AWS and ISVS
who sell their products on AWS
marketplace.
Question number 82. Which AWS service
enables companies to deploy an
application close to end users? And the
options are Amazon CloudFront, AWS
Autoscaling, AWS AppSync, Amazon Route
53.
So the right answer here is option A,
Amazon CloudFront.
Amazon CloudFront speeds up distribution
of your static and dynamic web content
such as HTML,
CSS, PHP, image and media files. When
users request your content, CloudFront
delivers it through a worldwide network
of edge locations that provide low
latency and high performance.
So question number 83, which AWS service
or feature improves network performance
by sending traffic through the AWS
worldwide network infrastructure?
And the options are root table, AWS
transit gateway, AWS global accelerator,
Amazon VPC.
So the right answer here is option C.
AWS global accelerator.
Improve
application availability, performance,
and security using the AWS global
network.
Question number 84. Which AWS service
provides highly durable object storage?
And the options are Amazon S3, Amazon
Elastic File System, Amazon Elastic
Block Store, Amazon FSX.
So the right answer here is option A,
Amazon S3.
S3 standard offers high durability,
availability, and performance object
storage for frequently accessed data.
Question number 85. Which responsibility
belongs to AWS when a company host its
databases on Amazon EC2 instances?
Options are database backups, database
software patches, operating system
patches, operating system installations.
So the right answer here is option D
operating system installations.
AWS provides the infrastructure and
services that include a range of Amazon
machine main images with pre-installed
operating systems. These means AWS is
responsible for ensuring that these AMIs
are available and that the underlying
infrastructure to run these instances is
secure and reliable. The other
responsibilities listed database
backups, database software patches and
operating system patches are under the
purview of the customers when using
Amazon EC2 instances.
Question number 86. Which of the
following are advantages of moving to
the AWS cloud? Choose two. Option A, the
ability to turn over the responsibility
of all security to AWS. Option B, the
ability to use the pay as you go model.
Option C, the ability to have full
control over the physical
infrastructure. Option D, no longer
having to guess what capacity will be
required. Option E, no longer worrying
about users access controls.
So the right answer here is option B and
option D.
Stop kissing capacity. Trade fixed
expenses for variable expenses.
Question number 87. Which AWS service is
hybrid cloud storage service that
provides on premises users access to
virtually unlimited cloud storage?
And we have four options. AWS data sync,
Amazon S3 Classier, AWS storage gateway,
Amazon elastic block store.
So the right answer here is option C.
AWS storage gateway.
AWS storage gateway is a set of hybrid
cloud storage services that provide on
premises access to virtually unlimited
cloud storage.
Question number 88. A company plans to
migrate to AWS and wants to create cost
estimates for its AWS use cases. Which
AWS service or tool can the company use
to meet these requirements?
And the options are AWS pricing
calculator, Amazon Cloudatch, AWS Cost
Explorer, and AWS Budgets.
So the right answer here is option A,
AWS pricing calculator.
AWS pricing calculator is a web- based
planning tool that you can use to create
estimates for your AWS use cases. You
can use it to model your solutions
before building them. Explore the AWS
service price points and review the
calculations behind your estimates. You
can use it to help you plan how you
spend, find cost-saving opportunities,
and make informed decisions when using
Amazon Web Services.
Question number 89. Which tool should a
developer use to integrate AWS service
feature
directly into an application? The
options are AWS software development
kit, AWS code deploy, AWS Lambda, AWS
batch.
So the right answer here is option A.
AWS software development kit.
Question number 90. Which of the
following is the recommended design
principle of the AWS well architected
framework? Option A, reduce downtime by
making infrastructure changes
infrequently and in large increments.
Option B, invest the time to configure
infrastructure manually. Option C, learn
to improve from operational failures.
Option D, use monolithic application
design for centralization.
So the right answer here is option C.
Learn to improve from operational
failures.
Learn from all operational failures.
Drive improvement through lessons
learned from all operational events and
failures. Share what is learned across
teams and through the entire
organization.
Question number 91. Use AWS identity
access management to grant access only
to the resources needed to perform a
task is a concept known as
the options are restricted access as
needed access least privilege access
token access.
So the right answer here is option C
least privilege access.
Question number 92. A company wants to
operate a data warehouse to analyze data
without managing the data warehouse
infrastructure. Which AWS service will
meet this requirement?
And the options are Amazon Aurora,
Amazon Red Shift Serverless, AWS Lambda,
Amazon RDS.
So the right answer here is option B.
AWS, Amazon Redshift Serverless.
Amazon Redshift Serverless makes it easy
to run analytics workloads of any size
without having to manage data warehouse
infrastructure.
Question number 93. How does AWS cloud
computing help businesses reduce cost?
Choose two. And the options are option A
as charges the same prices for services
in every AWS region. Option B AWS
enables capacity to adjust on demand.
Option C AWS offers discounts for Amazon
EC2 instances that remain ideal for more
than one week. Option C, AWS does not
charge for data sent from the AWS cloud
to the internet. Option E, AWS
eliminates many of the cost of building
and maintaining on premises data
centers.
So the right answer here is option B and
option E.
Stop spending money running and
maintaining data centers benefit from
massive economies of scale.
Question number 94. The company wants to
grant users in one AWS account access to
resources in another AWS account. The
users do not currently have permission
to access the resources. Which AWS
service will meet these requirements?
And the options are IM group, IM role,
IM tag, IM access analyzer.
So the right answer here is option P. IM
role
Question number 95. Which task is the
responsibility of AWS when using AWS
services?
Option A, management of IM user
permissions. Option B, creation of
security group rules for outbound
access. Option C, maintenance of
physical and environmental controls.
Option D, application of Amazon EC2
operating system patches.
So the right answer here is option C.
Maintaining of physical and
environmental controls.
AWS is responsible for maintaining the
physical and environmental controls of
its data centers including the security
and reliability of the infrastructure.
These includes aspects such as power,
cooling and physical security.
Question number 96. A company wants to
automate infrastructure deployment by
using infrastructure as code. The
company wants to scale production stacks
so the stacks can be deployed in
multiple AWS regions. Which AWS service
will meet these requirements?
And the options are Amazon Cloudatch,
AWS Config, AWS Trusted Advisor, AWS
Cloud Formation.
So the right answer here is option D,
AWS cloud formation.
AWS cloud formation gives you an easy
way to model a collection of related AWS
and third party resources, provision
them quickly and consistently and manage
them through their life cycles by
treating infrastructure as code. The
cloud formation template describes your
desired resources and their dependencies
so you can launch and configure them
together as stack. You can use a
template to create, update, and delete
an entire stack as a single unit as
often as you need to. Instead of
managing resources individually, you can
manage and provision stacks across
multiple AWS accounts and AWS regions.
Question number 97. Which option is an
AWS cloud adoption framework
platform perspective capability and the
options are data architecture, data
protection, data governance, data
science.
So the right answer here is option A
data architecture
AWS cloud adoption framework. Seven
platform perspectives are platform
architecture, data architecture,
platform engineering, data engineering,
provisioning and orchestration, modern
app development, CI/CD.
Question number 98.
A company is running a workload in the
AWS cloud. Which AWS best practice
ensures the most cost effective
architecture for the workload
and the options are loose coupling,
right sizing, catching redundancy.
So the right answer here is option B
right sizing.
Right sizing is the process of matching
instances types and sizes to your
workload performance and capacity
requirements at the lowest possible
cost.
Question number 99. A company is using a
third-party service to back up 10
terabyte of data to a tape library. The
on-remises backup server is running out
of space. The company wants to use AWS
services with the backup without
changing its existing backup workflows.
Which AWS service should the company use
to meet these requirements?
options are Amazon elastic block store,
AWS storage gateway, Amazon elastic
container service, AWS Lambda.
So the right answer here is
option B AWS storage gateway.
AWS storage gateway is a hybrid cloud
storage service that gives you onremises
access to virtually unlimited cloud
storage. Storage gateway provides a
standard set of storage protocols such
as ISI
SMP and NFS which allows you to use AWS
storage without rewriting your existing
applications.
Question number 100. Which task are the
customers responsibility according to
the AWS shared responsibility model?
Choose two. And the options are
establish the global infrastructure.
Option B perform client side data
encryption. Option C configure AM
credential. Option D secure edge
locations. Option E patch Amazon RDS DB
instances.
So the right answer here is option B and
option C.
Question number 101. A company is using
the AWS free tar for several AWS
services for an application. What will
happen if the free tar period usage
period expires or if the application use
exceeds the free tar usage limits?
And we have four options. Option A, the
company will be charged standard pay as
you go service rates for the usage that
exceeds the free t usage. Option B, AWS
support will contact the company to set
up standard services charges. Option C,
the company will be charged for the
services it consumes during the free
tire period plus additional charges for
service consumption after the free tire
period. Option D, the company AWS
account will be frozen and can be
restarted after a payment plan is
established.
So the right answer here is option A.
The company will be charged the standard
pay as you go pricing service rates for
the usage that exceeds the free tar
usage. So when your free T expires or if
your application use exceeds the free T
limits, you simply pay standard pay
service rates.
Question number 102.
Which AWS service uses machine learning
to help discover, monitor, and protect
sensitive data that is stored in Amazon
S3 bucket? And we have four options.
Option A, AWS Shield. Option B, Amazon
Mackie. Option C, AWS network firewall.
Option D, Amazon Cognto.
So the right answer here is option B,
Amazon Mackie.
Amazon Mackie is a data security and
data privacy service that uses machine
learning ML and pattern matching to
discover and protect your sensitive
data.
Question number 103. According to the
AWS share responsibility model, which of
the following is exclusively the
responsibility of AWS? We have four
options. Option A, patching of the guest
operating system. Option B, security
awareness and training. Option C,
physical and environmental control.
Option D, development of an IM password
policy.
So the right answer here is option C,
physical and environmental control.
So according to AWS share responsibility
model AWS is responsible for the
security of the cloud and the customer
is responsible for the security in the
cloud. AWS responsibility AWS is
responsible for protecting the
infrastructure that runs all the AWS
services.
Question number 104. What can users do
using AWS Marketplace?
Select and we have five options. Option
A, sell unused Amazon EC2 spot
instances. Option B, sell solutions to
other AWS users. Option C, buy third
party software that runs on AWS. Option
D, purchase AWS security and compliance
documents. Option E, order AWS Snowball.
So the right answer here is option B
sell solution to other AWS users and
option C buy third party software and
that runs on AWS.
So the AWS marketplace enables qualified
partners to market and sell their
software to AWS customers. AWS
marketplace is an online software store
that helps customers to find, buy and
immediate start using the software and
services that runs on AWS.
Question number 105. What are the
possible uses of AWS edge locations?
Select two. And we have five options.
Option A, hosting applications. Option
B, delivering content closer to users.
Option C, running NoSQL database
catching services. Option D reducing
traffic on the service server by
catching responses. Option E sending
notification messages to end users.
So the right answer is option B
delivering content closer to user. And
option D reducing traffic on the server
by catching responses.
So CloudFront delivers your content
through a worldwide network of data
centers called edge locations. When a
user request content that you are search
serving with CloudFront, the user is
rooted to the edge location that
provides the lowest latency so that
content is delivered with the best
possible performance.
Question number 106. Amazon elastic
container service, Amazon ECS and Amazon
Dynamo DB are used by a firm to execute
its mission critical web application
multiple times during the day. The
workload jumps to up to 10 times the
regular level. Which AWS cloud feature
helps the business to adapt to these
demand changes? And we have four
options. Option A, agility, option B
global reach. Option C scalability and
option D security.
So the right answer here is option C,
scalability.
So AWS EC2 autoscaling servers can get
more requests than they can handle. Too
many requests can cause timeouts and
outages. AWS EC2 autoscaling allows you
to add or remove EC2 instances
automatically. It outcome automates the
capacity to the demand.
Question number 107. A company wants to
improve the overall availability and
performance of its application that are
hosted on AWS. Which AWS service should
the company use? And we have four
options. Option A, Amazon Connect.
Option B, Amazon light sale, option C
AWS Global Accelerator. And option D AWS
storage gateway.
So the right answer here is option C.
AWS Global Accelerator.
So AWS Global Accelerator is a
networking service that improves the
performance of your users traffic by up
to 60% using Amazon Web Services global
network infrastructure when the internet
is congested. AWS Global Accelerator
optimizes the path to your application
to keep packet loss, jitter, and latency
consistently low.
Question number 108. Which of the
following tasks is the customer's duty
under the share responsibility model?
And we have five options. Option A,
maintaining the underlying Amazon EC2
hardware. Option B, managing the VPC
network access control lists. Option C,
encrypting data in transit and at rest.
Option D, replacing failed hard disk
drives. Option E, deploying hardware in
different availability jones.
So the right answer here is option B,
managing the VPC network access control
lists and option C, encrypting data in
transit and at rest.
The hardware related jobs is the prime
responsibility of AWS. VPC network
access control list is something a
customer has to do himself to secure the
applications. Encrypting data in transit
and address is a shared responsibility
in which AWS plays a part. All hardware
related jobs have nothing to do with
customer.
Question number 109. Which of the
following are AWS obligations according
to the AWS shared responsibility model?
And we have five options. Option A,
network infrastructure and
virtualization of infrastructure. Option
B, security of application data. Option
C, guest operating systems. Option D,
physical security of hardware and option
A credentials and policies.
So the right answers are option A
network infrastructure and
virtualization of infrastructure and
option D physical security of hardware.
So physical security is one area where
the AWS shared responsibility model
comes into play. AWS is responsible for
protecting security of the cloud which
includes the infrastructure of hardware,
software, networking and facilities that
run AWS services.
Question number 110. What charges are
included in the comparison of AWS versus
on premises total cost of ownership TCO?
And we have four options. Option A data
center security. Option B business
analysis. Option C project management.
And option D operating system
administration.
So the right answer here is option A
data center security. So cloud TCO
involves calculating the cost required
to host, run, integrate, secure and
manage workloads in the cloud over their
lifetime. This includes fees associated
with the underlying infrastructure such
as compute, data transfer and storage.
It also includes the cost of supporting
cloud services ranging from security and
management tools to data analytics.
Manpower cost for cloud engineers should
also be a part of the cloud TCO
equation.
Question number 111. Which AWS service
or feature identifies whether an Amazon
S3 bucket or an IM role has been shared
with an external entity? And we have
four options. Option A, AWS service
catalog. Option B, AWS systems manager.
Option C, AWS IM access analyzer. Option
D, AWS organizations.
So the right answer here is option C,
AWS IM access analyzer.
So access analyzer helps you identify
the resources in your organization and
accounts such as Amazon S3 buckets or IM
roles shared with an external entity.
This lets you identify unintended access
to your resources and data which is a
security risk.
Question number 112. Which AWS service
supports MySQL and PostSQL as relational
databases? And we have four options.
Option A, Amazon Red Shift. Option B,
Amazon Dynamo DB. Option C, Amazon
Aurora. and option D, Amazon Neptune.
So the right answer here is option C,
Amazon Aurora.
So AWS Aurora is a fully managed
relational database optimized for use in
AWS. It supports MySQL and PostgresSQL.
With this service, you can combine the
cost effectiveness of open-source
databases with increased availability
and performance.
Question number 113.
Which AWS services is natively supported
by AWS Snowball Edge?
And we have four options. Option A, AWS
Server Migration Service, AWS SMS,
option B, Amazon Aurora,
option C, AWS Trusted Advisor.
And option D, Amazon EC2.
So the right answer here is option D.
Amazon EC2.
Snowball edge devices have Amazon S3 and
Amazon EC2 compatible endpoints
available enabling programmatic use
cases.
Question number 114. Which AWS share
responsibility controls are shared? And
we have five options. Option Awareness
and training. Option B patching of
Amazon RTS. Option C configuration
management. Option D physical and
environmental controls. Option E service
and communications protection or
security.
So the right answer here is option A
awareness and training and option C
configuration management.
So shared controls controls which apply
to both the infrastructure layer and a
customer layers but in completely
separate contexts or prospectives. In a
shared control AWS provides the
requirements for the infrastructure and
the customers must provide their own
control implementation within their use
of AWS services. Examples include patch
management. AWS is responsible for
patching and fixing flaws within the
infrastructure. But customers are
responsible for patching their guest OS
and applications. Configuration
management. AWS maintains the
configuration of its infrastructure
devices. But a customer is responsible
for configuring their own guest
operating systems, databases, and
applications. Awareness and training.
AWS trains AWS employees, but a customer
must train their own employees.
Question number 115. A company does not
want to rely on elaborate forecasting to
determine its usage of compute
resources. Instead, the company wants to
play pay only for the resources that it
uses. The company also needs the ability
to increase or decrease its resources
using to meet business requirements.
Which pillar of the AWS well architected
framework aligns with these
requirements? And we have four options.
Option A operational excellence. Option
B security, option C reliability. And
option D cost optimization.
So the right answer here is option D
cost optimization.
So cost optimization is a continual
process of refinement and improvement
over span of a workload life cycle. The
practices in this paper helps you build
and operate cost aware workloads that
achieve business outcomes while
minimizing costs and allowing your
organization to maximize its returns on
investments.
Question number 116. After a single
availability jone service disruption, a
corporation must guarantee that the end
point for the database instance stays
the same. The program must continue
database operations without human
intervention from an administrator. How
are these speculations to be met? And we
have four options. Option A, use
multiple Amazon Route 53 routes to the
standby database instance endpoint
hosted on AWS storage gateway. Option B,
configure Amazon RDS multi-availability
zone deployments with automatic failover
to the standby. Option C, add multiple
application load balancers and deploy
the database instance with AWS elastic
paintto. Option D, deploy a single
network load balancer to distribute
incoming traffic across multiple Amazon
CloudFront origins. So the right answer
here is option B. Configure Amazon RDS
multi-availability zone deployment with
automatic failover to the standby.
So multiaser deployments can have one
standby or two standby DB instances.
When the deployment has one standby DB
instance, it's called a multi- asert DB
instant deployment. A multiADB instant
deployment has one standby DB instance
that provides failover support but
doesn't serve read traffic. The
deployment has two standby DB instances.
It's called the multi-AZDB cluster
deployment. A multi-AZDB cluster
deployment has standby DB instances that
provide failover support and can also
serve read traffic.
Question number 117. Which cost must be
addressed when comparing AWS cloud
versus onremises total cost of
ownership? Select two. And we have five
options. Option A, software development.
Option B, project management. Option C,
storage hardware. Option D, physical
servers. Option E, antivirus software
license. So the right answer is option
C, storage hardware and option D,
physical servers.
So to get the most out of your
estimates, you should have a good idea
of your basic requirements. For example,
if you're going to try Amazon Elastic
Compute Cloud, it might help if you know
what kind of operating system you need.
what your memory requirements are and
how much input output you need. You
should also dei decide whether you need
storage such as if you're going to run a
database and how long you intend to use
the service. You don't need to make
these decisions before generating an
estimate. Though you can play around
with the service configuration and
parameters to see which options fit your
use case and budget best.
Question number 118. A company is
migrating to the AWS cloud. The company
requires consultative review and
guidance for its applications during the
migration. After the migration is
complete, the company requires a
response within 30 minutes of if
business critical systems go down. Which
AWS support plans meet these
requirements? Choose two. And we have
five options. Option A, AWS enterprise
support. Option B, AWS enterprise onramp
support. Option C, AWS developer
support. Option D, AWS basic support.
And option E, AWS business support. So
the right answer here is option A, AWS
enterprise support. And option B, AWS
enterprise onramp support.
So with enterprise onramp you get 24
into7 technical support from highquality
engineers tools and technologies to
automatically manage health of your
environment. Consultative architectural
guidance delivered in the context of
your application use cases and a pool of
technical account managers to coordinate
access to proactive preventative
programs and AWS subject matter experts.
Question number 119. Which AWS products
anticipate future AWS expenses
automatically? And we have four options.
Option A, AWS support center. Option B,
AWS total cost of ownership calculator.
Option C, AWS simple monthly calculator.
And option D cost explorer.
So the right answer here is option D
cost explorer.
So AWS cost explorer has an easy to use
interface that lets you visualize,
understand and manage your AWS cost and
usage over time.
Question number 120. Which functionality
may be utilized to prevent inadvertent
overrides or deletions of Amazon S3
buckets? And we have four options.
Option A, life cycle policy. Option B,
object versioning. Option C, server side
encryption. And option D, bucket ACL.
So the right answer here is option B,
object versioning.
So S3 object versioning is one of the
most secret features in Amazon S3.
Object versioning is used to avoid
unintended overrides and deletions.
versionings is not enabled by default
and this feature is used to keep
multiple versions of objects at the same
time in the bucket. If we enable
versioning on the bucket, we cannot
delete an object directly. All versions
remains in the bucket and a delete
marker is introduced which become the
current version. So if you need to
delete an object, you need to remove
that delete marker also. Existing
objects in your bucket do not change and
only future request behavior changes. If
you put an object retrieval request, the
current version of the object will
always return.
Question number 121. Amazon Dynamo DP is
used by a business in its AWS cloud
architecture. Which of the following is
the duty of the organization according
to the AWS shared responsibility model?
We have five options. Option A,
operating system patching and upgrades.
Option B, application of appropriate
permissions with IM tools. Option C,
configuration of data encryption
options. Option D, creation of DynamoB
endpoints. Option E, infrastructure
provisioning and maintenance.
Right answer is option B, application of
appropriate permissions with IM tools
and option C, configuration of data
encryption. options.
So cloud security at AWS is the highest
priority. As an AWS customer, you
benefit from a data center and network
architecture that is built to meet the
requirements of the most security
sensitive organization. Security is a
shared responsibility between AWS and
AWS customer.
Question number 122. A company wants to
launch its workload on AWS and requires
the system to automatically recover from
failure. Which pillar of the AWS well
architected framework includes this
requirement? We have four options.
Option A cost optimization, option B
operational excellence, option C
performance efficiency and option D
reliability.
So the right answer is option D
reliability.
So the reliability pillar includes the
ability of a system to recover from
infrastructure or service disruptions,
dynamically acquire computing resources
to meet demand and mitigate disruptions
such as my misisconfigurations or
transient network issues.
Question number 123. Which AWS service
should a company use to create a NoSQL
database? And we have four options.
Option A, Amazon Aurora. Option B,
Amazon Dynamo TV. Option C, Amazon Red
Shift. And option D, Amazon Neptune.
So the right answer is option B, Amazon
Dynamo DB.
So AWS Dynamob DB is a fully managed
NoSQL database service that is designed
to provide fast and predictable
performance with seamless scalability.
It is a good choice for companies
looking to create a NoSQL database in
AWS.
Question number 124. Which AWS service
or functionality is utilized by
distributed application to send text and
email messages? And we have four
options. Option A, Amazon simple
notification service. Option B, Amazon
simple email service. Option C, Amazon
Cloudatch alerts and option D, Amazon
simple Q service.
So the right answer here is option A,
Amazon simple notification service which
is Amazon SNS.
So Amazon SNS is a fully managed
messaging service for both application
to application and application toerson
communication. The application to
application functionality provides
topics for high throughput pushbased
many to many messaging between
distributed systems, microservices and
event driven serverless applications
using Amazon SNS topics. Your publisher
system can fan out messages to a large
number of subscriber systems including
Amazon SQS
Q's AWS Lambda functions, HTTPS
endpoints, and Amazon Kinesis data
firehouse for parallel processing and
A2P functionality enables you to send
messages to users to scale via SMS,
mobile push, and email.
Question number 125. To achieve high
availability, how many availability
jones should competing resources be
provided across? And we have four
options. Option A, a minimum of one.
Option B, a minimum of two or option C,
a minimum of three. And option D, a
minimum of four or more.
So the right answer is option B. A
minimum of two.
So high availability requires at least
two availability jones. The idea is that
only one jone will go down at a time.
The probable packhole cutting power and
network cables. Since Amazon isolates
the data center for each availability
jone, the pack hole won't take out more
than one availability jone.
Question number 126. Which of the
following is AWS obligation under the
AWS share responsibility model? And we
have four options. Option A, data
encryption in transit. Option B,
firmware updates on hardware. Option C,
operating system patching on Amazon EC2
instances. Option D, data encryption at
rest.
So the right answer here is option B,
firmware updates on hardware.
So under the shared responsibility
model, AWS is responsible for the
hardware and software that runs AWS
services. This applies to AWS outpost
just as it does to an AWS region. For
example, AWS manages security patches,
updates firmware, and maintains the
outpost equipment.
Question number 127. To boost
availability, a user intend to create
two more Amazon EC2 instances. What
should the user do? And we have four
options. Option A, launch the instance
across multiple availability zones in a
single AWS region. Option B, launch the
instances as EC2 reserved instances in
the same AWS region and the same
availability zone. Option C, launch the
instances in multiple AWS region but in
the same availability zone. Option D,
launch the instances as EC2 spot
instances in the same AWS region but in
different availability jones. So the
right answer here is option A, launch
the instances across multiple
availability zones in a single AWS
region. So AWS operates
state-of-the-art, highly available data
centers. Although rare, failures can
occur that affects the availability of
instances that are in the same location.
If you host all of your instances in the
same location that is affected by a
failure, none of your instances would be
available.
Question number 128. What are the
customers duties under the AWS share
responsibility model? Select.
And we have five options. Option A,
physical and environmental security.
Option B, physical network devices
including firewalls. Option C, storage
device decommissioning. Option D,
security of data in transit. Option E,
data integrity authentication.
So the right answer here is option D
security of data in transit. and option
E data integrity authentication.
So customers responsibility is the
security of everything they make in AWS
cloud. Customers have complete control
over your content. Customers manages AWS
services, softwares and access the
access to the data.
Question number 129. A large enterprise
with multiple VPCs in several AWS
regions around the world needs to
connect and centrally manage network
activity between its VPCs. Which AWS
service or feature meets these
requirements? And we have four options.
Option A, AWS direct connect, option B,
AWS transit gateway, option C AWS side
to side VPN or option D VPC endpoints.
So the right answer here is option B.
AWS transit gateway.
So AWS transit gateway connects your
Amazon virtual private clouds and on
premises networks through a central hub.
These connection simplifies your network
and puts an end to complex peering
relationships. Transit gateway acts as a
highly scalable cloud router. Each new
connection is made only once. So deliver
applications around the world. Build,
deploy, and manage applications across
thousands of Amazon VPCs without having
to manage peering connections or update
routing tables.
Question number 130. Which AWS service
should be used to monitor Amazon EC2
instances for CPU and network
utilization? And we have four options.
Option A, Amazon Inspector. Option B,
AWS Cloud Trial. Option C, Amazon
Cloudatch and option D, AWS config. So
the right answer here is option C,
Amazon Cloudatch.
So using Amazon Cloudatch, which is a
monitoring service provided by AWS,
Cloudatch provides metrics and logs for
ECS such as CPU and memory usage for the
container instances, the number of tasks
and running services running, and the
number of containers that are being
deployed or stopped.
Question number 131. How can customers
minimize the amount of time they spend
patching their operating system by
migrating to the AWS cloud? And we have
five options. Option A, users can take
advantage of managed services on AWS.
Option B, users can outsource operating
system patching to the AWS support team.
Option C, AWS professional service will
upgrade instances to the latest
operating system versions. Option D,
users have the ability to use license
included Amazon EC2 instances. Option E,
users can take advantage of AWS system
manager features. So the right answer
here is option A, users can take
advantage of managed services on AWS and
option E, users can take advantage of
AWS system manager futures. So patch
manager a capability of AWS system
manager automates the process of
patching managed nodes with both
security related updates and other types
of updates.
Question number 132. In the case of an
environmental disruption, a company
needs to make sure it infrastructure is
structured for fault tolerance and
business continuity. Which parts of the
AWS truck architecture should the
organization replicate? And we have four
options. Option A, edge locations.
Option B, availability zones. Option C
regions. Option D Amazon root 53.
So the right answer here is option C
regions.
So AWS has the concept of a region which
is a physical location around the world
where we cluster data centers.
So we call each group of logical data
centers an availability zone. Each AWS
region consists of a minimum of three
isolated and physically separated
availability jones within a geographic
area. Unlike other cloud providers who
often define a region as a single data
center. The multiple AZ design of every
AWS region offers advantages for
customers. Each availability zone has
independent power, cooling and physical
security and is connected via redundant
ultra low latency networks.
Question number 133. According to which
AWS cloud design guideline system should
minimize their interdependencies? And we
have four options. Option A scalability.
Option B services not servers. Option C
removing single point of failure. Option
D loose coupling. So the right answer
here is option D loose coupling. So AWS
help helps loose coupled architecture
that reduces interdependencies. A change
of failure in a component does not
cascade to other components.
Question number 134. Which task need the
root user credentials for an AWS
account? Select. And we have five
options. Option A, creating an Amazon
EC2 key pair? Option B, removing an IM
user from the administrators group.
Option C, changing the AWS support plan.
Option D, creating an Amazon CloudFront
keypad. Option E, granting an IM user
full administrative access. So the right
answer here is option C changing the AWS
support plan. Option D granting an IM
user full administrative access.
So there are only few tasks that require
you to use root user. Change your
account settings. This includes account
name, email address, root user password
and root user access keys. View certain
tax invoices. Close your AWS account.
Restore IM user permissions and change
your AWS support plan or cancel your AWS
support plan.
Question number 135. A user wants to
deploy a service to the AWS cloud by
using infrastructure as a code
principles. Which AWS service can be
used to meet this requirement? And we
have four options. Option A, AWS system
manager. Option B, AWS cloud formation.
Option C, AWS code commit. And option D,
AWS config. So the right answer is
option B, AWS cloud formation. So use
AWS cloud formation templates. AWS cloud
formation is a service that helps you
model and set up your Amazon web
services resources, making it easier to
manage and automate your infrastructure.
With cloud formation, you can define
your infrastructure as a code using
templates written in JSON or YAML.
Question number 136. A company that has
multiple business units wants to
centrally manage and govern its AWS
cloud environments. The company wants to
automate the creation of AWS accounts,
apply service control policies, and
simplify billing processes. Which AWS
service or tool should the company use
to meet this requirement? We have four
options. Option A, AWS organizations,
option B, cost explorer, option C, AWS
budgets. Option D, AWS trusted advisor.
So the right answer here is option A,
AWS organization.
So AWS organization provides you with
the capability to centrally manage and
govern your your cloud environment. You
can manage and govern your accounts
under a single bill. Set central
policies and configuration requirements
for your entire organization. Create
custom permissions or capabilities
within the organization and delegate
responsibilities to other accounts so
they can manage on behalf of the
organization. In addition, AWS
organization is integrated with other
AWS services. So you can define central
configurations, security mechanisms,
audit requirements, and resource sharing
across accounts in your organization.
Question number 137. The administrator
must first install and begin utilizing a
popular IT product. What resources are
available to the administrator?
You have four options. Option A, AWS
well architected framework
documentation. Option B, Amazon
CloudFront. Option C, AWS code commit.
Option D, AWS quick start reference
deployments.
So the right answer here is option D AWS
quickart reference deployments.
So quick starts are built by AWS
solutions architects and partners to
help you deploy popular technologies on
AWS
based on AWS best practices for security
and high availability. These
accelerators reduce hundreds of manual
procedures into just a few steps so you
can build your production environment
quickly and start using it immediately.
Question number 138. Which solution
enables user in various AWS regions to
have the fastest application response
times for frequently requested data? And
we have four options. Option A, AWS
cloud trial across multiple availability
zones. Option B, Amazon CloudFront to
edge locations. Option C, AWS cloud
formation in multiple regions. Option D,
a virtual private gateway or AWS direct
connect.
So the right answer here is option B,
AWS CloudFront to edge locations.
So you can deliver content and decrease
end user latency of your web application
using Amazon CloudFront. CloudFront
speeds up content delivery by leveraging
its global network of data centers known
as edge locations to reduce delivery
time by catching your content close to
your end users. CloudFront fetches your
content from an origin such as an Amazon
S3 bucket, an Amazon EC2 instance, an
Amazon elastic load balancing load
balancer, or your own web server. When
it's not already in an edge location,
CloudFront can be used to deliver your
entire website or application, including
dynamic, static, streaming, and
interactive content.
Question number 139. Which qualities
makes AWS cloud computing advantageous?
Select two. And we have five options.
Option A, a 100% service level agreement
SLA for all AWS services. Option B,
compute capacity that is adjusted on
demand. Option C, availability of AWS
support for code development. Option D,
enhance security. Option E, increase in
cost and complexity.
So the right answer here is option B,
compute capacity that is adjusted on
demand and option D, enhanced security.
So applications availability is crucial
for providing an error-free experience
and for minimizing application latency.
Availability depends on having resources
that are accessible and have enough
capacity to meet demand. AWS provides
several mechanisms to meet
manage availability for applications
hosted on Amazon ECS. These include
autoscaling and availability jones.
Autoscaling manages the number of task
or instances based on metrics you define
while availability zones allow you to
host your application in isolated but
geographically closed locations.
Question number 140. A corporation
anticipates a brief increase in internet
traffic for their application. The
program cannot be interrupted during the
traffic spike. In addition, the
organization must reduce cost while
increasing flexibility to achieve these
needs. Which Amazon EC2 instance type
should the organization use? And we have
four options. Option A on demand in
instances, option B, spot instances,
option C reserved instances, and option
D dedicated hosts. So the right answer
here is option A on demand instances. So
AWS on demand instances are virtual
servers that run in AWS elastic compute
cloud or AWS relational database service
and are purchased at a fixed rate per
hour. AWS recommends using ondemand
instances for applications with
short-term irregular workloads that
cannot be interrupted.
Question number 141. Which IT controls
do AWS and the customer share according
to the AWS share responsibility model?
And we have five options. Option A,
physical and environmental controls.
Option B patch management. Option C
cloud awareness and training. Option D
Jone security, option E application data
encryption. So the right answer is
option B patch management and option C
cloud awareness and training.
So examples of shared controls include
patch management. AWS is responsible for
patching and fixing flaws within the
infrastructure. But customers are
responsible for patching their guest OS
and applications. Configuration
management. AWS maintains the
configuration of its infrastructure
devices when the customer is responsible
for configuring their own guest
operating system, database, and
applications. Awareness and training.
AWS trains AWS employees but a customer
must train their own employees.
Question number 142. A company is
launching an application in 8 plus
cloud. The application will use Amazon
S3 storage. A large team of researchers
will have shared access to the data. The
company must be able to recover data
that is accidentally overwritten or
deleted. Which S3 feature should the
company turn on to meet this
requirement? And you have four options.
Option A, server access logging. Option
B, S3 versioning. Option C, S3 life
cycle rules. Or option D, encryption in
transit and at rest.
So the right answer is option B, S3
versioning.
So versioning enabled buckets can help
you recover objects from accidental
deletion or overwrite. For example,
if you delete an object, Amazon S3
inserts a delete marker instead of
removing the object permanently. The
delete marker becomes the current object
version. If you overwrite an object, it
results in a new object version in the
bucket. You can always restore the
previous versions.
Question number 143. An Amazon RDS
database instance is deployed across
several availability jones. Which pillar
of the AWS well architected framework is
included in this strategy?
And we have four options. Option A
performance efficiency, option B
reliability, option C cost optimization
and option D security.
So the right answer here is option B
reliability.
The reliability pillar includes the
ability of a workload to perform its
intended function correctly and
consistently when it's expected to. This
includes the ability to operate and test
the workload through its total life
cycle.
Question number 144. Amazon EC2 and
elastic load balancer and Amazon RDS are
all components of an architectural
design. What is the best method for
estimating the monthly cost of these
architecture? And we have four options.
Option A, open an AWS support case,
provide the architecture proposal and
ask for a monthly cost estimation.
Option B, collect the published prices
of the AWS services and calculate the
monthly estimate. Option C, use the AWS
simply monthly calculator to estimate
the monthly cost. Option D, use the AWS
total cost of ownership calculator to
estimate the monthly cost. So the right
answer here is option B, collect the
published prices of AWS services and
calculate the monthly estimate.
So to estimate a bill using AWS price
calculator,
choose create estimate and then choose
your planned resources by service. The
AWS pricing calculator provides an
estimated cost per month. And to
forecast your cost, use AWS cost
explorer. Use cost allocation tags to
divide your resources into groups and
then estimate the cost for each group.
Question number 145. According to the
AWS share responsibility model, which
job is the customer's duty? And we have
four options. Option A, maintain the
security of the AWS cloud. Option B,
configure firewall and networks. Option
C, patch the operating system of Amazon
RDS instance. Option D, implement
physical and environmental controls.
So the right answer here is option B,
configure firewalls and networks.
So the customer assumes responsibility
and management of the guest operating
system including updates and security
patches, other associated application
software as well as the configuration of
the AWS provided security group
firewall. Customers should carefully
consider the services they choose as
their responsibilities vary depending on
the services used, the integration of
those services into their IT environment
and applicable laws and regulations. The
nature of these shared responsibility
also provides the flexibility and the
customer control that permits the
deployment.
Question number 146. On Amazon EC2, a
business host a web application in a
Docker container. Which of the following
duties is AWS in charge of? And we have
four options. Option A, scaling the web
application and services developed with
Docker. Provisioning or scheduuling
containers to run on clusters and
maintain their availability. Option C,
performing hardware maintenance in the
AWS facilities that runs the AWS cloud.
Option D, managing the guest operating
system including updates and security
patches.
So the right answer here is option C,
performing hardware maintenance in the
AWS facilities that run the AWS cloud.
So AWS is responsible for protecting the
infrastructure that runs all of the
services offered in the AWS cloud. These
infrastructure is composed of the
hardware, software, networking and
facilities that run AWS cloud services.
Question number 147. What are the AWS
clouds advantages? Select. And we have
five options. Option A, fixed rate
monthly cost. Option B, no need to guess
capacity requirements.
Option C, increased speed to market.
Option D, increased upfront capital
expenditure. Option E, physical access
to cloud data centers.
So the right answer here is option B, no
need to guess capacity requirements and
option C, increased speed to market.
So eliminating guessing on your
infrastructure capacity needs. When you
make a capacity decision prior to
deploying an application, you often end
up either sitting on expensive idle
resources are dealing with limited
capacity. With cloud computing, these
problems go away. You can access as much
as little capacity as you need and scale
up and down as required with only a few
minutes notice.
In a cloud computing environment, new IT
resources are only a click away, which
means that you reduce the time to make
those resources available to your
developers from works to just minutes.
This result in a dramatic increase in
agility for the organization since the
cost and time it takes to experiment the
develop is significantly lower.
Question number 148. an elastic load
balancer. Numerous Amazon EC2 instances
and Amazon RDS are used to run a web
application on AWS. Which security
measures are AWS responsibility? Select
two. And we have five options. Option A,
running a virus scan on EC2 instances.
Option B, protecting against IP spoofing
and packet sniffing. Option C,
installing the latest security patches
on the RTS instance. Option D,
encrypting communication between the EC2
instances and the elastic load balancer.
Option E, configuring a security group
and a network access control list NAC
for EC2 instances. So the right answer
here is option B protecting against IP
spoofing and packet sniffing and option
C installing the latest security patches
on the RDS instance. So AWS is
responsible for protecting the
infrastructure that runs AWS services in
the AWS cloud. AWS also provides you
with the services that you can use
securely. Third party auditors regularly
test and verify the effectiveness of
your security as a part of the AWS
compliance programs.
Question number 149. A manufacturing
company has a critical application that
runs at a remote site that has a slow
internet connection. The company wants
to migrate the workload to AWS. The
application is sensitive to latency and
interruptions in connectivity. The
company wants a solution that can host
this application with minimum latency.
Which AWS service or features should the
company use to meet this requirement?
And we have four options. Option A,
availability jones. Option B, AWS local
jones. Option C AWS wavelength and
option D AWS outpost. So the right
answer here is option B AWS local jones.
So AWS local jones are a type of
infrastructure deployment that places
compute storage database and other
select AWS services close to large
population and industry centers. So run
low latency application at the edge.
Build and deploy application close to
end users to enable realtime gaming,
live streaming, augmented and virtual
reality, virtual workstations and more.
Question number 150. Which AWS service
or feature facilitates the purchase and
deployment of third party software by
providing an online managed software
catalog?
And you have four options.
Option A, AWS support. Option B, AWS
marketplace. Option C, Amazon EC2
private Amazon machine images. Option D,
AWS reseller program.
And the right answer is option B, AWS
marketplace.
AWS marketplace is a curated digital
catalog that makes it easy for customers
to find, buy, deploy and manage the
third party software.
Question number 151. A business wishes
to improve its capacity for
infrastructure recovery in the event of
a natural catastro. These capability
responds to which pillar of the AWS well
architected framework and we have four
options. Option A cost optimization,
option B performance efficiency, option
C reliability and option D security.
So the right answer here is option C
reliability.
So there are five design principles for
reliability in the cloud. Automatically
recover from failure. Test recovery
prescale horizontally to increase
aggregate workload availability. Stop
guessing capacity. Manage change in
automation.
Question number 152. A business may be
required to operate its workload
exclusively in its onremise data center
due to performance and regulatory
limitations. Which Amazon web services
or resources should the business
utilize? Select to we have five options.
Option A, Amazon Pinpoint, option B,
Amazon work link. Option C, AWS outpost.
Option D, AWS Snowball Edge. And option
E, AWS appsync.
So the right answer here is option C,
AWS outpost and option D, AWS Snowball
edge.
So AWS outpost is a family of of fully
managed solutions delivering AWS
infrastructure and services to virtually
any on premises Ranch location for a
truly consistent hybrid experience.
Outpost solutions allow you to extend
and run native AWS services on premises
and is available in a variety of form
factors from one U and 2 U outpost
servers to 42U outpost racks and
multiple track deployments. AWS Snowball
Edge is a type of Snowball device with
onboard storage and compute power for
select AWS capabilities. Snowole Edge
can do local processing and edge
computing workloads in addition to
transferring data between your local
environment and the AWS cloud.
Question number 153. Security reasons a
business demands an isolated environment
inside AWS. Which course of action is
necessary to achieve this? We have four
options. Option A, create a separate
availability jone to host the resources.
Option B, create a separate VPC to host
the services. Option C, create a
placement group to host the resources.
And option D, create an AWS direct
connect connection between the company
and AWS. So the right answer here is
option B, create a separate VPC to host
the resources.
So a private a virtual private cloud is
a virtual network in your own logically
isolated area in the AWS cloud. You
separate VPCs to isolate infrastructure
by workload or organizational entity.
Subnet is a range of IP addresses in a
VPC. When you launch an instance, you
launch it into a subnet in your VPC. Use
subets to isolate entires of your
application within a single VPC. Use
private subets for your instances if
they should not be accessed directly
from the internet.
Question number 154. How do Amazon's
massive economics of scale help
customers? And we have four options.
Option A, periodic price reductions as a
result of Amazon's operational
efficiencies. Option B, new Amazon EC2
instances types providing the latest
hardware. Option C, the ability to scale
up and down when needed. Option D,
increased reliability in the underlying
hardware of Amazon EC2 instances.
So the right answer here is option A,
periodic price reduction as a result of
Amazon's operational efficiencies.
So benefit from massive economy of scale
by using cloud computing. You can
achieve a lower variable cost than you
can get on your own because usage from
hundreds of thousands of customers is
aggregated in the cloud. Providers such
as AWS can achieve higher economy of
scale which translates into global PSO
pricing.
Question number 15. A company wants to
implement threat detection on its AWS
infrastructure. However, the company
does not want to deploy additional
software. Which AWS service should the
company use to meet this requirement?
And we have four options. Option A,
Amazon VPC, option B, Amazon EC2, option
C, Amazon card duty, and option D AWS
direct connect.
The right answer is option C, Amazon
card duty.
So, Amazon Core Duty continuously
monitor your AWS accounts, instances,
container workloads, users, and storage
for potential threats. Expose threats
quickly using analy detection, machine
learning, behavior modeling, and threat
intelligence feeds from AWS and leading
third parties. Mitigate threats early by
initiating automated responses.
Question number 156. Which AWS service
uses edge locations? And we have four
options. Option A, Amazon Aurora. Option
B, AWS Global Accelerator. Option C,
Amazon Connect. And option D, AWS
Outpost.
So the right answer here is option B,
AWS Global Accelerator.
So AWS Global Accelerator and Amazon
CloudFront are separate services that
use the AWS global network and its edge
locations around the world.
Question number 157. When utilizing the
AWS command line interface, AWS CLI,
which of the following identity and
access management entities is connected
with an access key ID and secret access
key? And we have four options. Option AM
group, option B, IM user, option C, IM
role, and option D IM policy.
So the right answer here is option B IM
user.
So access keys are long-term credentials
for an IM user or the AWS account root
user. You can use access keys to sign
programmatic request to the AWS CLI or
AWS API.
Question number 158. What is AWS
application under the AWS shared
responsibility model? And we have four
options. Option A, application security.
Option B, edge location management.
Option C, patch management. And option
D, client side data.
So the right answer here is option B,
edge location management.
So client side data application security
is the sole responsibility of the
customer. Patch management is a share
responsibility.
That leaves us with edge location
management and since these out of the
control of the customer AWS is one
responsible for it.
Question number 159. Which component of
the AWS architecture permits global
computing and storage deployment? And we
have four options. Option A availability
zones. Option B regions. Option C tags.
And option D resource groups. So the
right answer here is option B regions.
The AWS cloud spans 99 availability
jones within 31 geographic regions
around the world with announced plans
for 12 more availability jones and four
more avails regions in Canada, Israel,
New Zealand and Thailand.
Question number 160. Which of the
following is a design concept associated
with dependability in the AWS well
architected framework? And we have four
options. Option A, deployment to a
single availability zone. Option B,
ability to recover from failure. Option
C, design for cost optimization.
Option D, perform operation as a code.
So the right answer here is option B
ability to cover from failure.
So the reliability pillar encompasses
the ability of a workload to perform its
intended function correctly and
consistently when it's expected to.
These includes the ability to operate
and test the workload through its total
life cycle.
There are five design principle for
reliability in the cloud. Automatic
recovery from failure. Test recovery
procedures. Scale horizontally to
increase aggregate workload
availability.
Stop guessing capacity. Manage change in
automation.
Question number 161. Which activity is
entirely the user's responsibility while
executing workload on AWS? And we have
four options. Option A, patching the
infrastructure components. Option B,
implementing controls to root
application traffic. Option C,
maintaining physical and environmental
control. Option D, maintaining the
underlying infrastructure component. So
the right answer here is option B,
implementing controls to root
application traffic.
So customer responsibility will be
determined by the AWS cloud services
that a customer selects. This determines
the amount of configuration work the
customer must perform as a part of their
security responsibility.
For example, a service such as Amazon
Elastic Compute Cloud is categorized as
infrastructure as a service and as such
requires the customers to perform all
the necessary security configurations
and management task. Customers that
deploy an Amazon EC2 instance are
responsible for management of the guest
operating system.
Any application software or utilities
installed by the customer on the
instance and the configuration of the
AWS provided firewall on each instance
for abstracted services such as Amazon
S3 and Amazon Dynamo DB. AWS operates
the infrastructure layer, the operating
system and platforms and customer access
the endpoint to store and retrieve data.
Customers are responsible for managing
the data,
classifying their assets and using IM
tools to apply the appropriate
permissions.
Question number 162. Which statement
best describes the AWS cloud's agility?
And we have four options. Option A,
agility gives user the ability to host
applications in multiple AWS regions
around the world. Option B, agility
gives users the ability to pay upfront
to reduce cost. Option C, agility
provides customizable physical hardware
at the lowest possible cost. Option D,
agility provides the means for users to
provision resources in minutes.
So the right answer here is option D.
Agility provides the means for users to
provision resources in minutes.
In a cloud computing environment, new IT
resources are only a click away, which
means that you reduce the time to make
those resources available to your
developers from weeks to just minutes.
These results in a dramatic increase in
agility for your for the organization
since the cost and time it takes to
experiment and develop is significantly
lower.
Question number 163. Which AWS product
or service enables businesses to monitor
and classify their expenditure at a
previous level? We have four options.
Option A, cost allocation tax. Option B,
consolidated billing. Option C, AWS
budgets. And option D AWS marketplace.
So the right answer here is option A
cost allocation tags.
AWS cost allocation tags are labels for
classifying,
organizing, and identifying your
resources. These tags, which are key
value pairs, make it easier to manage
them and track their usage. By assigning
tax to your resources, you can track
your overall AWS cost either through
cost explorer or through the AWS API.
Question number 164. A company needs to
install an application in a Docker
container. Which AWS service eliminates
the need to provision and manage the
container's host? We have four options.
Option A, AWS Fargate. Option B, Amazon
FSX for Windows File Server. Option C,
Amazon Elastic Container Service. And
option D, Amazon EC2.
So the right answer here is option C,
Amazon Elastic Container Service.
So, Amazon ECS makes it easy to use
containers as a building block for your
application by eliminating the need for
you to install, operate, and scale your
own cluster management infrastructure.
Amazon ECS lets you schedule longunning
applications, services, and batch
processing using Docker containers.
Question number 165. Which AWS service
is responsible for monitoring the health
of your application automatically? And
we have four options. Option A, Amazon
API gateway, option B, AWS elastic
beantock. Option C, AWS Lambda. And
option D AWS config. So the right answer
here is option B AWS elastic beanto.
So with elastic beantock you can quickly
deploy and manage applications in the
AWS cloud without having to learn about
the infrastructure that runs those
applications. Elastic beantock reduces
management complexity without
restricting choice or control. You
simply upload your application and
elastic beantock automatically handles
the details of capacity provisioning,
load balancing, scaling and application
health monitoring.
Question number 166. A user is
developing a service that aders to the
AWS well architected frameworks
operational excellence pillar. Which
design concept is the user to adhere to
and we have four options. Option A
anticipate failure. Option B make large
scale changes. Option C perform manual
operations. and option D create static
operational residues.
So the right answer here is option A
anticipate failure.
Operational excellence pillar includes
ability to support development and run
workloads effectively gain insights into
their operation and continuously improve
supporting processes and procedures to
deliver business value.
So there are five design principle for
operational excellence in the C cloud.
Perform operations as code. Make
frequent small reversible changes.
Refine operations procedures frequently.
Anticipate failure. Learn from all
operational failures.
Question number 167. When comparing AWS
total cost of ownership to on premises
TCO, what charges are included? And we
have four options. Option A, project
management, option B, antivirus software
licensing. Option C, data center
security, and option D software
development. So the right answer here is
option C, data center security.
So consider the following elements
affecting cost, data center facilities,
hardware and infrastructure, software,
personal disaster recovery and security.
Question number 168. Which AWS service
or feature checks access policies and
offers actionable recommendations to
help users set secure and functional
policies? And we have four options.
Option AWS system manager, option B, AWS
IM access analyzer. Option C AWS trusted
advisor and option D Amazon guard duty.
So the right answer here is option B AWS
IM access analyzer.
So, IM access analyzer generates a
finding for each instance of a
resource-based policy that grants access
to a resource within your zone of trust
to a principle that is not within your
jone of trust. AM access analyzer
reports a security warning when your
policy grants access to pass any role to
any service which is overly permissive.
The security warning includes a
recommendation that you scope down the
permissions to pass specific roles
instead.
Question number 169. Which design
concept is fulfilled by adhering to the
AWS well architected frameworks
dependability pillar? And we have four
options. Option A vertical scaling.
Option B manual failure recovery. Option
C, testing recovery proceduse and option
D changing infrastructure manually. So
the right answer here is option C
testing recovery residues.
So in an on premises environment,
testing is often conducted to prove that
the workload works in a particular
scenario. Testing is not typically used
to validate recovery strategies in the
cloud. You can test how your workload
fails and you can validate your recovery
procedures. You can use automation to
stipulate different failures or to
recreate scenarios that led to failure
before. This approach exposes failure
pathways that you can test and fix
before a real failure scenario occurs,
thus reducing risk.
Question number 170. Which AWS service
or functionality can assist a business
in determining if it has publicly
accessible Amazon S3 buckets? And we
have four options. Option A, AWS service
health dashboard. Option B, Amazon
Cloudatch logs. Option C, AWS trusted
advisor. And option D, AWS service
catalog. So the right answer is option
C, AWS trusted advisor.
So trusted adviser can help improve the
security of your AWS environment by
suggesting fun foundational security
best practices curated by security
experts. Examples include identifying
RDS, security group access risk, exposed
access keys, and unnecessary S3 bucket
permissions.
Question number 171. Seasonal sales
surges occur many times a year for an
online retailer, most notably during the
holidays. At other times of year, demand
is lower. A corporation has difficulty
forecasting the seasonal increase in
infrastructure demand. Which benefits of
migrating to the AWS cloud would be the
most beneficial to the business? Select
two. And we have five options. Option A,
global footprint. Option B, elasticity.
Option C AWS service quotas, option D,
AWS shared responsibility model and
option E pay as you go pricing.
So the right answer here is option B
elasticity
and option E pay as you go pricing.
Benefits of migrating to the AWS cloud.
Trade fixed expenses for variable
expenses. Benefit from massive economy
of scale. Stop casing capacity. Increase
speed and agility. Stop spending money
running and maintaining data centers. Go
global in minutes.
Question number 172. Which concepts of
AWS cloud architecture may assist boost
reliability? Select two. And we have
five options. Option A using monolithic
architecture. Option B, measuring
overall efficiency. Option C, testing
recovery residues. Option D, adopting a
consumption model. Option E,
automatically recovering from failure.
So the right answer here is option C
testing recovery preset
recovering from failure.
automatically recovering recover from
failure. By monitoring a workload for
key performance indicators, you can
trigger automation when a threshold is
breached. These KPIs should be a measure
of business value, not the technical
aspects of operations of the service.
These allows for automatic notification
and tracking of failures and of
automated recovery process that work
around or repair the failures. With more
sophisticated automation, it's possible
to auto uh anticipate and remediate
failures before they occur. Test
recovery positives. In an on- premises
environment, testing is often conducted
to prove that the workload works in a
particular scenario. Testing is not
typically used to validate recovery
strategies. In the cloud, you can test
how your workload fails and you can
validate your recovery procedures. You
can use automation to stimulate
different failures or to recreate
scenarios that led to failures before.
This approach exposes failures pathways
that can test and fix before a real
failure scenario occurs, thus reducing
risk.
Question number 173. Which sort of
storage does Amazon Elastic File System
and Amazon FSX provide? And we have four
options. Option A file storage. Option B
object storage. Option C block storage.
Option D instance storage.
So the right answer here is option A
file storage.
Both these services provide file
storage. The major difference being that
FSX integrates with Windows
environments.
Question number 174.
Which AWS service enables customers to
view AWS compliance control reports on
demand and self-service? And we have
four four options. Option A AWS config.
Option B Amazon Guard Duty.
Option C AWS trusted advisor and option
D AWS artifact.
So the right answer here is option D AWS
artifact.
AWS artifact provides a central resource
for AWS security and compliance reports.
The artifacts available in AWS artifact
include service organization control
reports, payment card industry reports
and certifications from accreditiation
bodies that validate the implementation
and operating effectiveness of AWS
security control. Additionally,
AWS artifact provides on demand access
to the security and compliance documents
such as ISO certifications and service
organization control reports of the
independent software vendors who sell
their products on AWS marketplace.
Question number 175. What may aid in the
evaluation of a cloud-based application?
Select two. And we have five options.
Option A, AWS trusted advisor. Option B,
AWS professional services.
Option C, AWS system manager. Option D,
AWS partner network APN. Option E, AWS
secret manager.
So the right answer here is option B AWS
professional services
and option D AWS partner network API.
So professional services available in
AWS marketplace enables you to find and
buy assessments, implementation support,
manage services and training for
thirdparty software and building on AWS.
AWS marketplace helps you find the
software and associated services you
need to innovate all in one place.
Simplifying procurement. You can
discover complete business solutions and
curated
servise
offerings from independent software
vendors and consulting partners and
select payment options and contract
terms that fit your needs. AWS partner
network APN is a global community of
partners that leverages programs,
expertise and resources to build, market
and sell customer offerings.
Question number 176, which AWS service
enables expense control across numerous
AWS accounts effectively? And we have
four options. Option A, AWS
organizations.
Option B, AWS trusted advisor. Option C,
AWS Direct connect. Option D, Amazon
connect. So the right answer here is
option A, AWS organizations.
AWS organization provides you with the
capability to centrally manage and
govern your cloud environment. You can
manage and organize your accounts under
a single bill. Set central policies and
configurations requirements for your
entire organization. Create custom
permissions or capabilities within the
organization and delegate
responsibilities to other accounts so
they can manage on behalf of the
organization. In addition, AWS
organization is integrated with other
AWS services. So you can define central
configurations, security mechanisms,
audit requirements and resource sharing
across accounts in your organization.
Question number 177. The company's
onremises servers and the AWS cloud need
a dedicated network connection. Which
Amazon web services
should be used? We have four option.
Option A, AWSVPN.
Option B, AWS Direct Connect. Option C,
Amazon API gateway. Option D, Amazon
Connect. So the right answer here is
option B, AWS Direct Connect.
You can use AWS direct connect to
establish a private virtual interface
from your on premises network directly
to your Amazon VPC providing you with
the private high bandwidth network
connection between your network and your
VPC. With multiple virtual interfaces,
you can even establish private
connectivity to multiple VPCs while
maintaining network isolation.
Question number 178. On premises
resources have been underused by user.
Which AWS cloud idea is optimal for
resolving this issue? And we have four
options. Option A high availability.
Option B elasticity. Option C security.
And option D loose coupling.
So the right answer here is option B
elasticity.
So most people when thinking of cloud
computing think of the ease with which
they can procure resources when needed.
This is only one aspect to elasticity.
The other aspect is to contract when
they no longer need resources. Scale out
and scale in. Scale up and scale down.
Question number 179. Which of the
following advantages does Amazon
relational database service provide over
conventional database management? And we
have four options. Option A, AWS manages
the data stored in Amazon RDS tables.
Option B, AWS manages the maintenance of
the operating system. Option C, AWS
automatically scales up instance types
on demand. Option D, AWS manages the
database type.
So the right answer here is option B.
AWS manages the maintenance of the
operating system.
So Amazon RDS will make sure that the
relational database software powering
your deployment stays up to date with
the latest patches. You can exert
optional control over when and if your
database instance is patched.
Question number 180. Service control
policies manage permissions for which of
the following? And we have four options.
Option A, availability jones. Option B,
AWS regions. Option C, AWS
organizations. and option D edge
locations.
So the right answer here is option C AWS
organizations.
AWS organizations provides you with this
capability to centrally manage and
govern your cloud environments. You can
manage and organize your accounts under
a single bill. Set central policies and
configuration requirements for your
entire organization. Create custom
permissions are capabilities within the
organization and delegate
responsibilities to other accounts so
they can manage on behalf of the
organization.
Question number 181. Which AWS service
can be used to encrypt data at rest? And
we have four options. Option A, Amazon
Guard Duty. Option B, AWS a
option C, AWS security hub. And option
D, AWS key management service.
So the right answer here is option D AWS
key management service.
AWS key management service is a managed
service that enables easy creation and
control of encryption keys used to
encrypt data. KMS uses envelope
encryption in which data is encrypted
using a data key that is then encrypted
using a master key. Master keys can also
be used to encrypt and decrypt up to 4
kilobyt of data. In our solution, I use
KMS encrypt decrypt APIs to encrypt and
the encrypted file systems password.
Question number 182. A cloud
practitioner has a seldom run data
analysis job that can be stopped without
causing damage.
Which Amazon EC2 purchase option should
be utilized to maximize cost savings?
And we have four options. Option A on
demand instances. Option B reserved
instances. Option C spot instances. And
option D dedicated hosts.
So the right answer here is option C
spot instances.
AWS allows you to scale services for
short-term usage and helping you reduce
your bill as spot instances can be
reclaimed with a twominut warning when
EC2 needs capacity back. Spot instances
are a great fit for fall tolerant
stateless application. Use spot
instances to significantly lower your
cost and increase the elasticity of your
application.
Question number 183. What are the
advantages of AWS cloud service billing
consolidation? Selected.
And we have five options. Option A,
volume discounts. Option B, a minimal
additional fee for use. Option C, one
bill for multiple accounts. Option D,
installment payment option. and option E
custom cost and usage budget creation.
So the right answer here is option A
volume discounts and option C one bill
for multiple accounts.
So consolidated billing has the
following benefits. One bill you get one
bill for multiple accounts. Easy
tracking. You can track the charges
across multiple accounts and download
the combined cost and usage data.
Combined usage. You can combine the
usage across all accounts in the
organization to share the volume,
pricing discounts, reserved instant
discounts and saving plans.
This can result in a lower charge for
your project, department or company than
with in individual standalone accounts.
So no extra fee. Consolidated billing is
offered at no additional cost.
Question number 184. Which Amazon EC2
instant type is necessary when a user
wishes to use their current per socket
per core or per virtual machine software
licenses on a Microsoft Windows server
operating on AWS. We have four options.
Option A, spot instances. Option B,
dedicated instances. Option C, dedicated
hosts. Option D, reserved instances.
So the right answer here is option C,
dedicated hosts.
In Amazon EC2 dedicated host is a
physical server with EC2 instance
capacity fully dedicated to you.
Dedicated host allow you to use your
existing per socket, per core or per VM
software license including Windows
Server, Microsoft SQL Server, Sushi and
Linux Enterprise Server.
Question number 185. When users connect
to a website with the worldwide consumer
base, they report experiencing delay.
Which Amazon web services offering will
enhance the user experience by lowering
latency?
And we have four options. Option A,
Amazon CloudFront. Option B, AWS Direct
Connect. Option C, Amazon EC2
autoscaling. Option D AWS Transit
Gateway.
So the right answer here is option A,
Amazon CloudFront.
So CloudFront delivers your content
through a worldwide network of data
centers called edge locations. When a
user request content that you are
serving with CloudFront, the request is
rooted to the edge location that
provides the lowest latency so that
content is delivered with the best
possible performance.
Question number 186. Which capabilities
or services are available for monitoring
in AWS accounts charges and expenses?
Select two. And we have five options.
Option A, AWS cost and usage report.
Option B, AWS product pages. Option C,
AWS simply monthly calculator.
Option D, billing alerts. and Amazon
Cloudatch alarms. Option E, AWS Price
List API.
So the right answer here is option A,
AWS cost and usage report and option D,
billing alerts and Amazon Cloudatch
alarms.
With AWS cost and usage reports, you can
review, automize, and organize the most
comprehensive cost and usage data for
your account.
And you can monitor your estimated AWS
charges by using Amazon Cloudatch. When
you enable the monitoring of estimated
charges for your AWS account, the
estimated charges are calculated and
sent several times daily to Cloudatch as
a metric data.
Question number 187. Which service
enables users to store data in the
Amazon web service cloud? We have four
options. Option A, Amazon EFS, option B,
Amazon Red Shift, option C, Amazon RDS
and option D Amazon VPC.
So the right answer here is option A
Amazon EFS.
Amazon EFS is a fully managed service
providing NFS shared file system storage
for Linux workloads. Amazon EFS makes it
quick and efficient to create and
configure file systems. You need you
need not worry about managing files
servers or storage, updating hardware,
configuring software or performing
backups
in seconds. Create a fully managed file
system using the AWS management console,
the AWS command line interface, or an
AWS SDK.
Question number 188. Which AWS service
or product enables an organization to
automate the delivery of application
changes?
And we have four options. So option A
Amazon app flow, option B AWS code
deploy, option C AWS private link and
option D Amazon EKS DRO.
So the right answer here is option B AWS
code deploy.
AWS Code Deploy is a fully managed
deployment service that automates
software deployments to various compute
services such as Amazon Elastic Compute
Cloud, Amazon Elastic Container Service,
AWS Lambda, and your onremises servers.
Use code deployed to automate software
deployments, eliminating the need of
errorprone manual operations.
Question number 189. A corporation
wishes to minimize the physical
footprint of the computing resources
used by developers to execute programs.
Which service would enable serverless
architecture to address these needs? And
we have four options. Option A, Amazon
Elastic Compute Cloud, Amazon EC2.
Option B, AWS Lambda, option C, Amazon
DynamoB, and option D AWS code commit.
So the right answer here is option B,
AWS Lambda.
So AWS Lambda is a serverless
event-driven compute service that lets
you run code for a virtually any type of
application or backend service without
provisioning or managing servers. You
can trigger Lambda from over 200 AWS
services and software as a service
applications and only pay for what you
use.
Question number 190. A load balancer
elastic enables online traffic to be
distributed across multiple. And we have
four options. Option A, AWS regions.
Option B, availability jones. Option C
dedicated hosts. and option D Amazon S3
buckets.
So the right answer here is option B
availability jones.
So AWS elastic load balancing
distributes incoming application traffic
automatically across multiple targets
such as containers, EC2 instances and IP
addresses in one or more availability
jones. These distributes and balances
how front-end traffic reaches backend
servers and increase the fall tolerance
and availability of user applications.
Question number 191. What is AWS storage
gateway purpose? And we have four
options. Option A, it ensures on
premises data storage is 99.999%
durable. Option B, it transports pabytes
of data to and from AWS.
Option C, it connects to multiple Amazon
EC2 instances. Option D, it connects on
premises data storage to the AWS cloud.
So the right answer here is option D. It
connects on premises data storage to the
AWS cloud.
So moving data to the cloud is not quite
as simple as flipping a switch. For
companies that have managed their own
data centers or server rooms for
decades, there are few steps to consider
and it's not always wise to pull the
plug on an internal infrastructure quite
so quickly. If a startup uses on
premises business servers and then
experiences unexpected growth,
abandoning those servers doesn't make
sense. Even if the long-term plan is to
do exactly that, AWS storage gateway is
a way to bridge these gap for companies
of any size. It's a hybrid storage
option that connects on premises storage
including age-old tape backup systems to
the cloud in a way that also provides
one console to access all storage.
configurations.
Question number 192.
How can a client anticipate future
expenses associated with the operation
of a new web application?
And we have four options. Option A,
Amazon Aurora Backtrack. Option B,
Amazon Cloudatch Building Alarms. Option
C AWS simple monthly calculator and
option D AWS cost and usage report.
So the right answer here is option D AWS
cost and usage report.
So you can use cost explorer which is
part of cost and usage report to
forecast future cost of running an
application.
Question number 193. A term fall
tolerance relates to the following. And
you have four options. Option A, the
ability of an application to accommodate
growth without changing design. Option
B, how well and how quickly an
application environment can have lost
data restored. Option C, how secure your
application is. Option D, the built-in
redundancy of an application's
components.
So, the right answer here is option D,
the built-in redundancy of an
application's components.
AWS recommends connecting from multiple
data centers. For physical location
redundancy when designing remote
connections, consider using redundant
hardware and telecommunication
providers.
Question number 194. Which AWS service
enables conventional SQL queries against
stored data sets straight from Amazon
S3?
And we have four options. Option A, AWS
Glue. Option B, AWS data pipeline.
Option C, AWS, Amazon cloud search.
Option D, Amazon Athena.
So the right answer here is option D,
Amazon Athena.
Amazon Ethna is defined as an
interactive query service that makes it
easy to analyze data directly in Amazon
simple storage service using standard
SQL. So it's another SQL query engine
for large data set stored in S3. This is
very similar to other SQL query engines
such as Apache Trail. But unlike Apache
Trail, Athena is limited to data only
from Amazon's own S3 storage service.
However, Athena is able to query a
variety of file formats including but
not limited to CSV, park, JSON, etc.
Question number 195. The startup is
developing a new application that must
be launched immediately. In the near
future, the application criteria may
need to be changed. Which of the
following is an AWS cloud feature that
would fulfill this particular
requirement? And we have four options.
Option A, elasticity. Option B
reliability.
Option C performance and option D
agility.
So the right answer is option D agility.
So cloud infrastructure provides more
agility and responsiveness than
traditional IT environments. These
requires organization to think
differently about how they design, build
and manage applications.
Question number 196. Which
characteristics are advantages of using
the AWS cloud? Choose two. We have five
options. Option A, a 100% service level
agreement SLA for all AWS services.
Option B, compute capacity that is
adjusted on demand. Option C,
availability of AWS support for code
development.
Option D, enhanced security.
Option E, increases in cost and
complexity.
So the right answer here is option B,
compute capacity that is adjusted on
demand
and option D, enhanced security.
Six advantages of cloud computing. Trade
fixed expenses for variable expenses.
Benefit from massive economics of scale.
Stop guessing capacity. Increase speed
and agility. Stop spending money running
and maintaining data centers. Go global
in minutes.
Question number 197.
A company wants to convert video files
and audio files from their source format
into a format that will play on
smartphones, tablets, and web servers.
Which AWS service will meet this
requirement?
And we have four options. Option A,
Amazon elastic transcoder. Option B,
Amazon comprehend.
Option C, AWS Glue. Option D, Amazon
recognition.
So the right answer here is option A.
Amazon Elastic Transcoder.
Amazon Elastic Transcoder lets you
convert media files that you have stored
in Amazon simple storage service into
media files in the format required by
consumer playback devices. For example,
you can convert large highquality
digital media files into formats that
users can play back on mobile devices,
tablets, web browsers, and connected
televisions.
Question number 198. A company has
several departments. Each department has
its own AWS accounts for all its
applications. The company wants all AWS
cost on a single invoice to simplify
payment. But the company wants to know
the costs that each department is in
occurring. Which AWS tool or feature
will provide this functionality?
And we have four options. Option A, AWS
cost and usage reports. Option B,
consolidated billing. Option C, savings
plan. Option D, AWS budgets.
So the right answer here is option B,
consolidated billing.
Consolidated billing is a feature of AWS
organization that allow a single AWS
account to pay the bills for multiple
AWS accounts. These can be useful for
companies that have multiple AWS
accounts as it allows them to see all of
their costs on a single invoice while
still being able to track the cost of
each department separately.
Question number 19. A company wants to
eliminate the need to guess
infrastructure capacity before
deployments. The company also wants to
spend its budget on cloud resources only
as the company uses the resources. Which
advantage of the AWS cloud matches the
company's requirement. And you have four
options. Option A, reliability. Option
B, global reach. Option C economies of
scale. Option D pay as you pricing.
So the right answer here is option D pay
as you go pricing.
So by using cloud computing you can
achieve a lower variable cost than you
can get on your own because usage from
hundreds of thousands of customers is
aggregated in the cloud providers such
as AWS can achieve higher economies of
scale which translates into lower pay as
you go prices.
Question number 200. Which AWS service
must be enabled in order for the AWS
management console to monitor all user
account changes? And we have four
options. Option A, AWS cloud trial.
Option B, Amazon simple notification
service. Option C, VPC flow locks.
Option D, AWS cloud HSM.
So the right answer here is option A,
AWS cloud trial.
So AWS cloud trial is a service that
enables governance, compliance,
operational auditing and risk auditing
of your AWS accounts. With cloud trial,
you can log, continuously monitor and
retain account activity related to
actions across your AWS infrastructure.
Cloud trial provides event history of
your AWS account activity, including
actions taken through the AWS management
console, AWS SDKs, command line tools,
and other AWS services. This event
history simplifies security analysis,
resource change tracking, and
troubleshooting. In addition, you can
use cloud trail to detect unusual
activity in your AWS account. These
capabilities help simplify operational
analysis and troubleshooting.
Question number 201.
Recently an e-commerce firm began using
the AWS cloud. Which security related
responsibilities fall within the purview
of the business? Select two. And we have
five options. Option A, restrict who is
allowed physically
who is allowed physical access to the
host that run the company's Amazon EC2
instance. Option B, install security
patches on Amazon EC2 Linux instances.
Option C, choose to encrypt data at rest
that is stored on Amazon S3. Option D,
wipe Amazon Elastic Block Store volumes
clean before they are decommissioned.
Option E, conduct database patching for
Amazon RDS instances.
So the right answer here is option B,
install security patches on Amazon EC2
Linux instances and option C, choose to
encrypt data at rest that is stored on
Amazon S3.
So for abstracted services
such as Amazon S3 and Amazon Dynamo DB,
AWS operates the infrastructure layer,
operating system and platforms and
customer access the endpoints to store
and retrieve data. Customers are
responsible for managing the data
including encryption option, classifying
their assets and using IM tools to apply
the appropriate permissions.
Question number 202. A business needs to
guarantee that users of the AWS
management console adhere to password
complexity guidelines.
How can a business customize the
difficulty of its passwords? And we have
four options. Option A, using an AWS IM
user policy. Option B, using an AWS
organization service control policy.
Option C, using an AWS IM account
password policy.
Option D, using an AWS security hub
managed inside.
So the right answer here is option C,
using an AWS IM account password policy.
You can set a custom password policy on
your Amazon Web Services account to
specify complexity requirements and
mandatory rotation periods for your IM
users passwords. If you don't set a
custom password policy, IM user
passwords must meet the default password
Amazon password policy.
Question number 203. Which AWS service
would determine if a security group has
granted unlimited access to a resource?
We have four options. Option A, AWS
Trusted Advisor. Option B, Amazon
Cloudatch. Option C, VPC flow logs.
Option D, AWS cloud trial.
So the right answer here is option A,
AWS trusted advisor.
So in the AWS trusted advisor there are
lots of controls for security
configurations of your AWS resources.
Some examples are the following.
Security groups specific ports
unrestricted. These control check
security groups for rules that allow
unrestrict unrestricted access to
specific ports such as SSH and RDB.
Unrestricted access increases
opportunities for malicious activity,
hacking, denial of service attacks, loss
of data.
Question number 204,
which features are available to users
while using AWS KMS?
And we have four options. Option A,
create and manage AWS access keys for
the AWS account root user. Option B,
create and manage AWS access keys for an
AWS account IM user. Option C, create
and manage keys for encryption and
decryption of data. Option D, create and
manage keys for a multiffactor
authentication.
So the right answer here is option C,
create and manage keys for encryption
and decryption of data.
AWS key management service is an
encryption and key management service
scaled for the cloud. AWS KMS keys and
functionalities are used by other AWS
services and you can use them to protect
data in your AWS in your own
applications that use AWS.
Question number 205.
On Amazon EC2 instance, a business has
installed various relation databases.
Each month, the database software
manufacturer publishes new security
updates for databases that must be
deployed. Which method is the most
effective for applying security patches?
And we have four options. Option A,
connect to each database instance on a
monthly basis and download and apply the
necessary security patches from the
vendor. Option B, enable automatic
patching for the instances using the
Amazon RTS console. Option C,
in AWS config, configure a rule for the
instances and the required patch level.
Option D, use AWS system managers to
automate database patching according to
a schedule.
So the right answer here is option D.
Use AWS systems manager to automate
database patching according to a
schedule.
So patch manager the capability of AWS
system manager automates the process of
patching managed nodes with both
security related and other types of
updates. You can use patch manager to
apply patches for both operating system
and applications.
You can use patch manager to install
service packs on Windows nodes and
perform minor version upgrades on Linux
nodes. You can patch fleets of Amazon
elastic compute cloud instance, edge
devices, or your onremises servers and
virtual machines by operating system
type.
Question number 206.
A business is releasing a new
application on AWS. The application will
be hosted on Amazon Elastic Compute
Cloud instance. Additional EC2 instances
will be required as the demand grows.
Which AWS service or technology can the
business utilize to deploy the required
number of EC2 instances?
And we have four options. Option A,
elastic load balancing. Option B, Amazon
EC2 autoscaling.
Option C, AWS app to connect container A
to C. And option D, AWS systems manager.
So the right answer here is option B,
Amazon EC2 autoscaling.
So, Amazon EC2 autoscaling helps you
ensure that you have the correct number
of Amazon EC2 instances available to
handle the load of your application. You
create collections of EC2 instances
called autoscaling groups. You can
specify the minimum number of instances
in each autoscaling group and the Amazon
EC2 autoscaling ensures that your group
never goes below this size. You can
specify the maximum number of instances
in each autoscaling group and the Amazon
EC2 autoscaling ensures that your group
never goes above this size.
Question number 207. What does it mean
to provide AWS IM users the fewest
possible privileges?
And we have four options. Option A, it
is granting permissions to a single user
only. Option B, it is granting
permissions using AWS IM policies only.
Option C, it is granting administrator
access policy permissions to trustworthy
users. Option D, it is granting only the
permissions required to perform
equipment task.
So the right answer here is option D.
When you create IM policies, follow the
standard security advice of granting
least privilege or granting the only the
permissions required to perform a task.
So determine what users need to do and
then craft policies that allow them to
perform only those tasks.
Question number 208. When building an
Amazon relational database service
instance in multiple availability jone
mode, which architectural concept is
followed? And we have four options.
Option A, implement loose coupling.
Option B, design for failure. Option C,
automate everything that can be
automated.
Option D use services not servers.
So the right answer here is option B
design for failure.
So Amazon RDS multi-AZent deployment
provide enhanced availability and
durability for database instances making
them a natural fit for production
database workloads. When you provision a
multi-AZ DB instance, Amazon RDS
automatically creates a primary DB
instance and synchronomously
replicates the data to a standby
instances in a different availability
zone. Each availability jones run on its
own physically distinct independent
infrastructure and is engineered to be
highly reliable. In case of an
infrastructure failure, Amazon RDS
performs an automatic failover to
standby
so that you can resume database
operations as soon as the failover is
complete. Since the endpoint of your DB
instance remains the same after a
failover, your application can resume
database operation without the need for
manual administrative intervention.
Question number 209.
What is a user's responsibility while
using the AWS cloud to execute an
application? And we have four options.
Option A, managing physical hardware,
option B, updating the underlying
hypervisor.
Option C, provision a list of users
approved for data center access. and
option D managing application software
updates.
So the right answer here is option D
managing application software updates.
The customer assumes responsibility and
management of the guest operating system
other associated application softwares
as well as the configuration of the AWS
provided security group firewall.
Customers should carefully consider the
services they choose as their
responsibility vary depending on the
services used. The integration of those
services into their IT environment and
applicable laws and regulations.
Question number 210. Which of the
following statement concerning AWS
worldwide infrastructure is true? And we
have four options. Option A,
availability jones can span multiple AWS
regions. Option B, a VPC can have
different subnets in different AWS
regions. Option C, AWS regions consist
of multiple availability jones. Option
D, a single subnet can span multiple
availability jones.
So the right answer here is option C,
AWS region consist of multiple
availability jones.
So AWS provides a more extensive global
footprint than any other cloud provider.
And to support its global footprint and
ensure customers are served across the
world, AWS opens new regions rapidly.
AWS maintains multiple geographic
regions including regions in North
America, South America, Europe, China,
Asia-Pacific, South Africa, and the
Middle East.
Question number 211. A business wishes
to link AWS to its corporate network
through a private network connection.
Which Amazon Web Services services are
functionality will satisfy this
requirement.
And we have four options. Option A,
Amazon Connect. Option B, Amazon Route
53. Option C AWS direct connect. and
option D VPC pairing.
So the right answer here is option C AWS
direct connect.
So AWS direct connect is a cloud service
solution that makes it easy to establish
a dedicated network connection from your
premises to AWS. Using AWS direct
connect you can establish private
connectivity between AWS and your data
center office or collocation environment
which in many cases can reduce your
network costs increase bandwidth
throughput and provide a more consistent
network experience than internetbased
connections.
Question number 212. Which of the
following may be used to restrict
certain users access to Amazon simple
storage service, Amazon S3 buckets? And
we have four options. Option A, a public
and private key pair. Option B, Amazon
inspector. Option C, AWS identity and
access management IM policies. Option D,
security groups.
So the right answer here is option C.
AWS identity and access management
policies.
To allow users to perform S3 actions on
the bucket from the VPC endpoints or IP
addresses, you must explicitly grant
those user level permissions. You can
grant user level permissions on either
an AWS identity and access management
policy or another statement in the
bucket policy.
So question number 213, which of the
following is an AWS well architected
framework design principle?
And we have four options. Option A,
reduce downtime by making infrastructure
changes frequently and in large
increments.
Option B, invest the time to configure
infrastructure manually.
Option C, learn to improve from
operational failures.
Option D, use monolithic application
design for centralization.
So the right answer here is option C,
learn to improve from operational
failures.
So learn from all operational failures.
Drive improvement through lessons
learned from all operational events and
failures. Share what is learned across
teams and through the entire
organization?
Question number 214.
Which AWS service enables a business to
identify and reroute customers to other
services in the event of a website
service outage? And we have four
options. Option Amazon CloudFront,
option B, Amazon Car Duty, option C,
Amazon Route 53. And option D AWS
Trusted Advisor.
So the right answer here is option C,
Amazon Route 53.
So, Amazon Route 53 set routting
policies to predetermine and automate
responses in case of failure like
redirecting traffic to alternative
availability jones or regions.
So question number 215. An organization
with an AWS support plan for developers
established an Amazon RDS database but
is unable to connect to it to get this
degree of help. Who should the developer
contact? And we have four options.
Option AWS support using a support case.
Option B AWS professional services.
Option C, AWS technical account manager
and option D, AWS consulting partners.
So the right answer here is option A,
AWS support using a support keys.
So customers with the developer support
plan have access to these additional
features. Best practice guidance,
client side diagnostic tools, building
block architecture support, guidance on
how to use AWS products, features, and
services together, support an unlimited
number of support cases that can be
opened by one primary contract, which is
the AWS account root user.
Question number 216. Which AWS service
enables you to monitor and debug
distributed application end to end? And
we have four options. Option A, AWS
Cloud9. Option B, AWS codear. Option C
AWS Cloud Map and option D AWS X-ray.
So the right answer here is option D AWS
X-ray.
So, AWS X-Ray is a powerful tool offered
by Amazon that enables developers to
debug production and distributed
applications especially in the
microservices architecture. By analyzing
the performance of the application and
its underlying services, developers can
identify root causes of performance
issues to like quickly resolve them.
Question number 217.
Which AWS share responsibility model
duties are the customer's
responsibility? Select two. And we have
five options. Option A, infrastructure
facilities access management. Option B,
cloud infrastructure, hardware life
cycle management. Option C,
configuration management of users
applications. Option D networking
infrastructure protection. Option E
security groups configuration.
So the right answer here is option C
configuration management of users
applications and option E security
groups configuration.
So the customer is responsible for the
security configuration or firewall
identity and access management client
and server side encryption and the
customer's data.
Now apart from AWS services, AWS share
responsibility also extends to IT
controls also check.
Question number 218.
Which AWS cloud service gives tips on
how to optimize an AWS accounts
performance? And we have four options.
Option A, Amazon Inspector. Option B,
AWS Trusted Advisor. Option C, Amazon
Cloudatch. And option D, AWS Cloud
Trial. So the right answer here is
option B, AWS Trusted Advisor.
AWS Trusted Advisor provides
recommendations that help you follow AWS
best practices. Trusted advisor
evaluates your accounts by using checks.
These checks identify ways to optimize
your AWS infrastructure, improve
security and performance, reduce cost
and monitor service quotas.
Question number 219,
which variables impact AWS cloud costs?
Select two. And we have five options.
Option A, the number of unused AWS
Lambda functions. Option B, the number
of configured Amazon S3 buckets. Option
C, inbound data transfers without
acceleration. Option D, outbound data
transfers without acceleration. And
option E, compute resources that are
currently in use.
So the right answer here is option D,
outbound data transfers without
acceleration, and option E, compute
resources that are currently in use.
Charges may apply if there's data
transfer between different components of
your workload. These charges vary
depending on where the components are
deployed.
Question number 220. A corporation is
required by law to track and as access
configuration changes to AWS resources
as well as to conduct corrective steps.
Which Amazon Web Services service should
the business use? And we have four
options. Option AWS config, option B,
AWS secrets manager. Option C AWS cloud
trial. Option D AWS trusted advisor.
So the right answer here is option A AWS
config.
So AWS Config continuously monitors and
records your AWS resource
configurations. You can use the service
to automate the evaluation and
remediation of recorded configurations
against desired configurations. You also
can review changes in configurations and
relationships between AWS resources and
dive into the history of a resource
configuration.
So question number 221.
Which AWS service should be utilized to
store data backups for an extended
period of time at a reasonable cost? And
we have four options. Option A, Amazon
RDS. Option B, Amazon Glacier. Option C,
AWS Snowball. And option D AWS EBS.
So the right answer is option B. Amazon
Glacier.
So Amazon S3 Glacier is a secure,
durable and lowcost storage class of S3
for data archiving and long-term backup.
Customers can store large or small
amounts of data for as little as 0.00.4
per gigabyte per month. The S3 glacia
storage class is ideal for our chiefs
where data is regularly retrieved and
some of the data may be needed in
minutes. Amazon RDS is a relational
database service that host databases. It
helps you create that manage databases.
Amazon snowball is a pabyte scale data
transfer service that provides
cost-effective data transfer to AWS from
tamperproof physical devices. Similarly,
elastic block storage offers persistent
block storage values for EC2 instances.
Question number 222. What does the AWS
cloud bring clients in terms of
increased execution speed and agility?
Select two. And we have five options.
Option A, readily available resources
with low provisioning times. Option B,
scalable compute capacity. Option C,
free tire services usage. Option D,
access to AWS data centers. Option E,
lower resource provisioning cost.
So the right answer here is option A
readily available resources with low
provisioning times and option B scalable
compute capacity.
In a cloud computing environment, new IT
resources are only a click away, which
means that you reduce the time to make
those resources available to your
developers from weeks to just minutes.
This results in a dramatic increase in
agility for the organization since the
cost and time it takes to experiment and
develop is significantly lower.
Question number 223.
A retailer wishes to supply just the
resources required to meet current
demand. Which cloud advantage is the
organization attempting to accomplish
with this objective? And we have four
options. Option A reliability, option B,
global reach. Option C scalability. And
option D high availability.
So the right answer here is option C
scalability.
So as autoscaling lets you build scaling
plans that automate how groups of
different resources respond to changes
in demand.
Question number 224.
What storage capabilities does Amazon S3
intelligent tiring provide? We have four
options. Option A, payment flexibility
by reserving storage capacity. Option B,
long-term retention of data by copying
the data to an encrypted Amazon elastic
block store value. Option C, automatic
costsaving by moving objects between
tires based on access pattern changes.
Option D, secure, durable and lowest
cost storage for data achievable.
So the right answer here is option C.
Automatic costs saving by moving objects
between tires based on access pattern
changes.
So the S3 intelligent tiring storage
class delivers automatic storage costs
saving in three low latency and high
throughput access tires. It also offers
optional archive capabilities to help
you get the lowest storage cost in the
cloud for data that can be accessed in
minutes to hours.
Question number 225. A business wishes
to transfer its apps to an AWS VPC.
These apps will need access to resources
located on premises. Which combination
of activities will allow the business to
achieve these objective? Select two. And
we have five options. Option A, use the
AWS service catalog to identify a list
of onremises resources that can be
migrated. Option B, build a VPN
connection between an on-remises devices
and a virtual private gateway in the new
VPC. Option C, use Amazon Athena to
query data from the on-remises database
servers. Option D, connect the company's
on premises data center to AWS using AWS
direct connect. Option E, leverage
Amazon CloudFront to restrict access to
static web content provided through the
company's on premises web server.
So the right answer here is option B.
Build a VPN connection between an
on-romises device and a virtual private
gateway in a the new VPC.
and option D connect the company's on
premises data center to AWS using AWS
direct connect.
So AWS direct connect link your AWS and
on-remises network to build applications
that span environments without
compromising performance.
Question number 226.
What is the most effective approach to
link an on- premises network to numerous
VPCs located in separate AWS regions?
And you have four options. Option A, use
AWS Direct Connect. Option B, use
AWSVPN.
Option C, use AWS clientVPN. Option D,
use an AWS transit gateway.
So the right answer here is option D,
use an AWS transit gateway.
So AWS transit gateway connects your
Amazon virtual private clouds and on-
premises networks through a central hub.
This connection simplifies your network
and puts an end to complex peering
relationships. Transit gateway acts as a
highly scalable cloud router. Each new
connection is made only once.
Question number 227.
Multiple regions of the AWS cloud are an
example of and you have four options.
Option A agility, option B, global
infrastructure. Option C elasticity and
option D pay as you go pricing.
So the right answer here is option B
global infrastructure.
AWS cloud spans 99 availability zones
within 31 geographic regions around the
world with announced plans for 12 more
availability jones and four more AWS
regions in Canada, Israel, New Zealand
and Thailand.
Question number 228. Which AWS service
does Jeff CHF and Puppet utilize to
automate configuration management? And
we have four options. Option A, AWS
config. Option B, AWS Ops works. Option
C, AWS cloud formation. And option D,
AWS systems manager.
So the right answer here is option B AWS
ops works.
So AWS ops works for CHF automate. Chef
Automate is an example is an enterprise
level platform that provides actionable
insights with enterprise scale and
performance across your cloud
architecture. AWS Opsworks for CHF
automates is a managed way of launching
a CHF automate server in Opssworks AWS.
Opssworks for Puppet Enterprise lets you
launch a Puppet Enterprise Masters in
minutes and lets AWS Opsworks handles
its operations, backups, restoration,
and software upgrades. OP works for
Puppet Enterprise frees you to focus on
core configuration management task
instead of managing a puppet master.
Question number 229.
A corporation want to remove the
necessity for pre-eployment estimation
of infrastructure capacity.
Additionally, the corporation want to
spend its money on cloud resources only
when the resources are used. Which AWS
cloud feature best meets your business
needs? And we have four options. Option
A, reliability. Option B, global reach.
Option C, economies of scale. and option
D pay as you go pricing.
So the right answer here is option D pay
as you go pricing.
The on demand pricing model is the true
embodiment of Amazon's pay as you go
payment philosophy. You have no upfront
payments which means you are not
committed yourself over a long-term
period. Amazon will charge you for the
compute capacity by the hour and you can
increase or decrease in usage depending
on your application.
Question number 230.
SQL injection attacks are being launched
against an application from a variety of
external locations. Which AWS service or
functionality can assist in automating
response to these attacks? And we have
four options. Option A, AWS WAF, option
B security groups. Option C elastic load
balancer and option D network ACL.
So the right answer here is option A AWS
WAF.
So AWSWF makes it easy to create rules
that block common web exploits like SQL
injection and cross-sight scripting.
AWSWF allows you to create a centralized
set of rules that you can deploy across
multiple websites.
Question number 231.
Which feature enables Amazon EC2
instance to be more elastic in response
to changing workload demand? And we have
four options. Option A resource groups,
option B life cycle policies, option C
application load balancer and option D
Amazon EC2 autoscaling.
So the right answer here is option D.
Amazon EC2 autoscaling
support of monitoring the health of each
service independently as health checks
are defined at the target group level
and many cloudatch metrics are reported
at the target group level. Attempting
attaching a target group to an
autoscaling group enables you to scale
each service dynamically based on
demand.
Question number 232.
What timesaving benefits can Amazon
recognition provide?
And we have four options. Option A,
Amazon recognition provides automatic
watermarking of images. Option B, Amazon
recognition provides automatic detection
of objects appearing in pictures. Option
C, Amazon recognition provides the
ability to resize millions of images
automatically.
Option D, Amazon recognition uses Amazon
mechanical turk to allow humans to embid
on object detection jobs.
So the right answer here is option B.
Amazon recognition provides automatic
detection of objects appearing in
pictures.
Recognition image is an image
recognition service that detects
objects, scenes and faces, extracts
text, recognizes, celebrities and
identifies inappropriate content in
image. It also allows you to search and
compare faces. Recognition image is
based on the same proven highly scalable
deep learning technology developed by
Amazon computer vision scientist to
analyze billions of image daily for
prime photos.
Question number 233.
A corporation want to migrate pabytes of
data from on premises sites to the AWS
cloud as rapidly as feasible. Which
Amazon Web Services service should the
business use? And we have four options.
Option AWS Snowball, option B AWS Global
Accelerator, option C Amazon S3 Transfer
Acceleration. And option D, Amazon
Connect.
So the right answer here is option A.
AWS snowball.
The snowball appliance allows you to
move or chiefs data links and whatever
data you have at faster than internet
speeds right into Amazon S3 bucket. From
Amazon S3 data can be achieved into
Classier or analyzed by other services
such as AWS, Redshift or EMR.
This implementation guide will get you
started with AWS Snowball quick. Simple
and secure process for migrating large
amount of data into AWS.
Question number 234. Where should a
business go to locate, test, purchase,
and deploy software that works on AWS?
And we have four options. Option A, AWS
Marketplace. Option B, Amazon
Lumberyard. Option C, AWS Artifact. And
option D, Amazon Cloud Search.
So the right answer here is option A,
AWS Marketplace.
AWS Marketplace is a digital catalog
with thousands of software listings from
independent software vendors that make
it easy to find, test, buy, and deploy
software that runs on AWS.
Question number 235. The business user
base is worldwide in scope. The
organization need a highly available
application with reduced latency for end
end users. Which AWS architecture
approach will meet these criteria the
most effectively? And we have four
options. Option A single region multi-AZ
architecture. Option B multi-reion
active active architecture. Or option C
multi-reion active passive architecture.
Or option D single region single
availability zone architecture.
So the right answer here is option B
multi-reion active active architecture.
So simply put a multi-reion active
active architecture gets all the
services on the client request path
deployed across multiple AWS regions. In
order to do so several requirements have
to be fulfilled. Data replication
between regions must be fast and
reliable.
Question number 236.
Which duty is the customer's
responsibility under the AWS share
responsibility model? And we have four
options. Option A, maintaining the
infrastructure needed to run AWS Lambda.
Option B, updating the operating system
of Amazon Dynamo DB instances. Option C,
maintaining Amazon S3 infrastructure.
Option D, updating the guest operating
system on Amazon EC2 instance.
So the right answer here is option D,
updating the guest operating system on
Amazon EC2 instance.
The customer assumes responsibility and
management of the guest operating
system, other associated application
software as well as the configuration of
the AWS provided security group
firewall.
Question number 237.
How can a user safeguard against AWS
service outages in the event of a
widespread natural disaster? And we have
four options. Option A, deploy
applications across multiple
availability zones within an AWS region.
Option B, use hybrid cloud computing
deployment model within the geographic
area. Option C, deploy applications
across multiple AWS regions. Option D,
store application artifacts using AWS
artifact and replicate them across
multiple AWS regions.
So the right answer here is option C.
Deploy applications across multiple AWS
regions.
An AWS region is a geographic location
where AWS provides multiple physically
separated and isolated availability
jones which are connected with low
latency, high throughput and highly
redundant networking.
Question number 238. What is an example
of a cloud-based application that is
decoupled and scalable?
And we have four options. Option A, a
mail and log application that runs on a
single Amazon EC2 instance. Option B, a
web page that is hosted on Amazon S3 and
uses AWS Lambda to update an Amazon
DynamoB database. Option C, an
application load balancer, web server,
and database server that supports a
monolithic application. Option D, a
legacy database server that is running
on the maximum instance size supported
by its license.
So the right answer here is option B. A
web page that is hosted on Amazon S3 and
uses AWS Lambda to update an Amazon
DynamoB database.
Many applications start to grow in
complexity as they mature, making it
harder for developers to maintain code
or add new features. These lead to
monolithic applications where developer
must know more about the entire
architecture to make changes. Typically,
these cause code to become more fragile
and the rate of development slows down.
Question number 239. A client has many
AWS accounts, each with its own billing.
How can the client benefit from bulk
savings while minimizing the effect on
AWS resources? We have four options.
Option A, create one global AWS account
and move all AWS resources to the
account. Option B, sign up for 3 years
of reserved instances pricing up front.
Option C, use the consolidated billing
future from AWS organization.
Option D, sign up for the AWS enterprise
support plan to get volume discounts.
So the right answer here is option C,
use the consolidated billing feature
from AWS organization.
So consolidated billing is a feature of
AWS organization. You can use the
management account for your organization
to consolidate and pay for all member
accounts in consolidated billing.
Management accounts can also access the
billing information. Account information
and activity account activity of member
accounts in their organization. These
information may be used for services
such as cost explorer which can help
management accounts improve their
organizations cost performance.
Question number 240. A business must
keep its data near its core consumer.
Which AWS cloud advantage satisfies this
requirement? And we have four options.
Option A security, option B high
availability. Option C elasticity and
option D global footprint.
So the right answer here is option D
global footprint.
A successful global footprint depends on
how you use regions and their
availability jones. The AWS global
infrastructure is compromised of 69
availability jones within 22 geographic
regions.
Question number 241. who is responsible
for the virtualization layered down to
the physical security of the facilities
in which AWS services operates under the
AWS share responsibility model
and we have four options. Option A, it
is the solo responsibility of the
customer. Option B, it is the solo
responsibility of AWS. Option C, it is a
shared responsibility between AWS and
the customer. And option D, the
customer's AWS support plan determines
who manages the configuration.
So the right answer here is option B. It
is the solar responsibility of AWS.
So AWS is responsible for protecting the
infrastructure that runs all the
services offered in the AWS cloud. The
infrastructure is composed of the
hardware, software, networking and
facilities that run AWS cloud services.
Question number 242. A company's managed
IM policy does not allow users the
rights essential to be needed
activities.
How is this situation to be resolved and
we have four options option A enable AWS
shield advanced. Option B create a
custom IM policy. Option C, use a third
party web application firewall managed
to rule from the AWS marketplace.
Option D, use AWS key management service
to create a customer managed key.
So the right answer here is option B,
create a custom IM policy.
When you create or edit IM policies, AWS
can automatically perform policy
validation to help you create an
effective policy with least privilege in
mind. In the AWS management console, IM
identifies JSON syntax errors while IM
access analyzer provides additional
policy checks with recommendations to
help you further refine your policies.
Question number 243. A business wishes
to strengthen its security and audit
posture by restricting incoming access
to Amazon EC2. What should the
organization use instead of opening
incoming SSH ports and handling SSH keys
to remotely access instances? And we
have four options. Option A, EC2 key
pairs. Option B, AWS system manager
session managers. Option C AWS identity
and access management am option D
network ACL.
So the right answer here is option B AWS
systems manager session manager.
So you can use the AWS systems manager
console to start a session with a
managed node in your account.
Question number 244.
Which scenarios warrant the utilization
of Amazon EC2 spot instances? And we
have four options. Option A, a company
wants to move its main website to AWS
from an on-remises web server. Option B,
a company has a number of application
services whose service level agreement
requires 99.999%
uptime. Option C, a company's heavily
used legacy database is currently
running on premises. Option D, a company
has a number of infrequent interruptible
jobs that are currently using on demand
instances.
So the right answer here is option D. A
companies has a number of infrequent
iter
interruptible jobs that are currently
using on demand instances.
So, a spot instance is an unused Amazon
EC2 instance that is available for less
than the on demand price. Because spot
instances enable you to request unused
EC2 instance to at steep discounts, you
can lower your Amazon EC2 cost
significantly. The hourly price for a
spot instance is called a spot price.
Question number 245.
A business must transmit time-sensitive
communication to a large number of
subscribers using a push technique.
Which Amazon Web Services service should
the business use? And we have four
options. Option A, Amazon Kinesis.
Option B, Amazon MQ. Option C, Amazon
simple Q service. Option D, Amazon
simple notification service.
So the right answer here is option D,
Amazon simple notification service.
Amazon SNS allow application to send
time critical messages to multiple
subscribers through a push mechanism.
Question number 246. Which task need
access to the root user of the AWS
account? And we have five options.
Option A, changing an AWS support plan.
Option B, modifying an Amazon EC2
instance type. Option C, grouping
resources in AWS systems manager. Option
D, running applications in Amazon
Elastic Kubernetes Service. Option E,
closing an account.
So the right answer here is option A
changing an AWS support plan and option
E closing an AWS account.
So the following task uh which we need
the root user for an AWS account uh
change your account settings. restore IM
user permissions.
um to activate IM access to the billing
and cost management console or view
certain tax invoices or close your AWS
account, change your AWS support plan
or cancel your AWS support plan,
register as a seller in the reserved
instance marketplace and uh configure an
Amazon S3 bucket to enable MFA delete
and edit or delete an Amazon S3 bucket
policy that includes an invalid VPC ID,
RVPC point ID or sign up for go cloud.
Question number 247. Which AWS cloud
best practices makes advantage of cloud
computings flexibility and agility?
And we have four options. Option A,
provision capacity based on past usage
and theoretical peaks. Option B,
dynamically and predictively scale to
meet usage demands. Option C, build the
application infrastructure in a data
center that grants physical access.
Option D, break apart the application
into loosely coupled components.
So the right answer here is option B,
dynamically and predictively scale to
meet usage demands.
So in a traditional computing
environment, you provision capacity
based on an estimate of a theoretical
maximum peak. These can result in
periods where expensive resources are
sitting ideal or occasions of
insufficient capacity. With cloud
computing, you can access as much or as
little capacity as you need and
dynamically scale to meet actual demand
while only paying for what you use.
Question number 248. Users of Amazon
Route 53 are able to and we have four
options. Option A, encrypt data in
transit. Option B, register DNS domain
names. Option C, generate and manage SSL
certificates. Option D, establish a
dedicated network connection to AWS.
So the right answer here is option B,
register DNS domain names.
So Amazon Route 53 is a highly available
and scalable domain name system web
service. Route 53 connects your request
to internet applications running on AWS
or on premises.
Question number 249.
Which characteristics of the Amazon
virtual private cloud Amazon VPC allows
customers to link two VPCs? And we have
four options. Option A, Amazon VPC
endpoints. Option B, Amazon Elastic
Compute Cloud Classic Link. Option C,
Amazon VPC pairing. Option D, AWS Direct
Connect.
So the right answer here is option C,
Amazon VPC pairing.
A VPC pairing connection is a networking
connection between two VPCs that enables
you to route traffic between them using
private IPv4 addresses or IPv6
addresses. Instances in either VPC can
communicate with each other as if they
are within the same network. You can
create a VPC pairing connection between
your own VPCs or with the VPC in another
database account. The VPCs can be in
different region also known as an inter
region VPC pairing connection.
Question number 250. Multiple Amazon EC2
instances are used to host an
application. The program sends messages
using Amazon simple notification service
Amazon SNS. Which AWS service or feature
grants authorization for the application
to access needed AWS services? And we
have four options. Option AWS
certificate manager, option B, IM roles,
option C AWS security hub, and option D
Amazon Guard Duty.
So the right answer here is option B. IM
roles.
An IM role is an IM entity that defines
a set of permissions for making AWS
service request. IM roles are not
associated with a specific user or
group. Instead, trusted entities assume
roles such as IM users, users,
applications, or AWS services such as
EC2.
Question number 251.
A business is contemplating migrating to
the AWS cloud. The firm wishes to be
able to scale its computing capacity in
response to changing demand conditions.
Which AWS cloud advantage does these
case illustrate? And we have four
options. Option A, global deployment in
minutes. Option B, cost savings. Option
C, agility. Option D, elasticity.
So the right answer is option D
elasticity.
So in AWS the process of getting the
resource dynamically
when you actually require them and then
release the resources when you are done
and do not need them is known as
elasticity. In another way growing or
shrinking the resources dynamically when
needed is known as elasticity.
Question number 252.
Which of the following is a NoSQL
database service that is both quick and
dependable? And we have four options.
Option A, Amazon Red Shift. Option B,
Amazon RDS. Option C, Amazon DynamoB,
and option D, Amazon S3.
So the right answer here is option C,
Amazon Dynamo DB.
So, Amazon DynamoB is a fully managed
NoSQL database service that provides
fast and predictable performance with
seamless scalability.
Question number 253.
A client wants to develop and construct
a new workload on AWS cloud but lacks
the necessary technical skills in AWS
related technologies. Which of the
following AWS programs may a client use
to accomplish that goal?
And we have four options. Option A, AWS
partner network technology partners.
Option B, AWS marketplace. Option C, AWS
partner network consulting partners. And
option D, AWS service catalog.
So the right answer here is option C,
AWS partner network consulting partners.
So benefits of becoming an APN
consulting partners include access to go
to market resources, training and
certification, market development
funding, innovation sandbox credits,
increased visibility to AWS customers
and AWS field teams.
Question number 254.
Which AWS solution enables rapid setup
and management of a new multi-account
AWS environment? And we have four
options. Option A, AWS trusted advisor.
Option B, AWS security hub. Option C,
AWS control tower. Option D, AWS
resource access manager.
So the right answer here is option C AWS
control tower.
So AWS control tower is a service for
organization with multiple accounts and
teams who are looking for the easiest
way to set up their new or existing
multi- account as environment and govern
at scale. With AWS control, cloud
administrators get peace of mind knowing
accounts in their organizations are
compliant with their established
policies. Building benefits from being
able to provision new AWS accounts
quickly.
Question number 255.
Which operation needs the usage of the
root account user credential for the AWS
account? And we have four options.
Option A, closing an AS account. Option
B, creating a log file. Option C,
modifying IM user permissions. Option D,
deleting IM user.
So the right answer here is option A,
closing an AWS account.
So to close your AWS account, do the
following. Sign into the AWS management
console as the root user of the account.
From the navigation bar, choose your
account name and then choose
account.
Question number 256. On Amazon EC2
instance, a business is operating and
controlling its own Docker environment.
Alternate is desired to assist in
managing cluster size, scheduuling and
environmental management. Which AWS
service satisfies these criteria? And we
have four options. Option A, AWS Lambda.
Option B, Amazon RDS. Option C, AWS
Fargate. Option D, Amazon Athena.
So the right answer here is option C,
AWS Fargate.
With AWS Fargate, you no longer have to
provision, configure, or scale clusters
of virtual machines to run containers.
These removes the need to choose server
types, decide when to scale your cluster
or optimize cluster packing.
Question number 257. Which AWS situation
exemplify the idea of elasticity?
And we have five options. Option A,
scaling the number of Amazon EC2
instances based on traffic. Option B,
resizing Amazon RDS instance as business
needs change. Option C, automatically
directing traffic to less utilized
Amazon EC2 instances. Option D, using
AWS compliance document to accelerate
the compliance process. Option E, having
the ability to create and govern
environmental using code.
So the right answer here is option A
scaling the number of Amazon EC2
instances based on traffic and option B
resizing Amazon RDS instances as
business needs change.
So the situations where implement
elasticity identify the workloads that
have variable loads. Identify the
workload range that is is there enough
variability to varant adding or removing
sources. Identify the application
limitations that may limit elasticity.
Identify if the increase in demand can
be met by automatic scaling or if it
needs to be placed before. Identify
application that can use Amazon Athena
or Amazon Aurora serverless. Implement
elasticity using AWS autoscaling or
application autoscaling for the aspects
of your services that are not elastic by
design. Test elasticity both up and down
ensuring it will meet requirement for
load variance.
Iterate on implementation and testing
until you can meet requirements. You may
want to investigate golden Amazon
machine images, Docker containers, etc.
to speed launch.
Question number 258. Which of the
following are advantages of using the
AWS cloud to host infrastructure? Select
two. And we have five options. Option A,
there are no upfront commitments. Option
B, AWS manages all security in the
cloud. Option C, users have the ability
to provision resources on demand. Option
D, users have access to free and
unlimited storage. Option E, users have
control over the physical
infrastructure.
So the right answer here is option A,
there are no upfront commitments. And
option C, users have the ability to
provision resources on demand.
The no upfront option does not require
any upfront payment and your commitment
will be charged purely on a monthly
basis.
Savings plans offer significant savings
over on demand just like EC2 rise but
automatically reduce your bills on
compute usage across any AWS region even
as usage changes.
Question number 259.
Which of the following are benefits of
Amazon Web Services cloud computing
platforms?
And we have five options. Option A, AWS
manages the maintenance of the cloud
infrastructure. Option B, AWS manages
the security of application built on
AWS. Option C, AWS manages capacity
planning for physical servers.
And option D, AWS manages the
development of application on AWS. And
option E, AWS manages cost planning for
virtual servers.
So the right answer here is option A,
AWS manages the maintenance of the cloud
infrastructure and option
C, AWS manages capacity planning for
physical servers.
AWS manages all infrastructure layers.
Some of the infrastructure layers are
data centers, hardware and software,
virtualization, networking.
Question number 260. Which AWS service
enables infrastructure as a code
management? And we have four options.
Option A, AWS code pipeline? Option B,
AWS code deploy. Option C, AWS direct
connect. Option D, AWS cloud formation.
So the right answer here is option D AWS
cloud formation.
AWS cloud formation provides a common
language for you to describe the pro and
provision all the infrastructure
resources in your cloud environment.
Cloud formation allows you to use a
simple text file to model and provision
in an automated and secure manner all
the resources needed for your
application across all regions and
accounts. These file serves as a single
source of truth for your cloud
environment.
So question number 261, how might AWS
help a business manage cost when an
application's consumption varies
unpredictably?
And we have four options. Option A, AWS
will refund the cost difference if a
customer moves to larger servers. Option
B, the application can be built to scale
up or down automatically as resources
are needed. Option C, spot instances
will automatically be used if the price
is lower than on demand instances.
Option D, Amazon Cloudatch will
automatically predict what resources are
needed.
So the right answer here is option B.
The application can be built to scale up
or down automatically as resources are
needed.
AWS autoscaling can help us to optimize
our utilization and cost performances
when consuming the AWS services. So you
only pay for the resources you need to
run the application. When demand falls,
AWS autoscaling will automatically
eliminate any excess resources capacity
so you avoid any overspending.
Question number 262.
What are the benefits of deploying an
application across various availability
jones using Amazon EC2 instances? Select
two. And we have five options. Option A,
preventing a single point of failure.
Option B, reducing the operational cost
of the application.
Option C, allowing the application to
serve cross region users with low
latency. Option D increasing the
availability of the application. Option
E increasing the load of the
application.
So the right answer here is option A
preventing a single point of failure
and option D increasing the availability
of the application.
The application will have higher
availability because it can withstand a
service disruption in one availability
zone.
Question number 263.
Which AWS service supports a hybrid
architecture that gives user the ability
to extend AWS infrastructure, AWS
services, APIs and tools to data
centers, collocation environments or on
premises facilities.
And we have four options. Option AWS no
mobile. Option B AWS local jones. Option
C AWS outposts and option D AWS Fargate.
So the right answer here is option
C AWS outposts.
So AWS Outpost is a service that
supports a hybrid architecture that
gives users the ability to extend AWS
infrastructure, AWS services, APIs and
tools to data centers, collocation
environments or on premises facilities.
So question number 264.
A company has a physical tape library to
store data backups. The tape library is
running out of space. The company needs
to extend the tape libraries capacity to
the AWS cloud. Which AWS service should
the company use to meet this
requirement?
And we have four options. Option A,
Amazon Elastic Block Store.
Option B, Amazon S3.
Option C, Amazon Elastic File System.
and option D AWS storage gateway.
So the right answer here is option D AWS
storage gateway.
So AWS storage gateway is a service that
can be used to extend the tape libraries
capacity to the AWS cloud. So AWS
storage gateway is a hybrid storage
service that allows user to connect
their on-remises data centers to the AWS
cloud. It provides a range of storage
options including file based, block
based and tape based storage which can
be used to store data backups and other
types of data.
Question number 265. A business wishes
to downsize its infrastructure in order
to save money. At what stages should a
business downsize? Selective.
And we have five options. Option A,
right size before a migration occurs to
the cloud. Option B, right size
continuously off to the cloud onboarding
process.
Option C, right size when AWS support
calls and explains that right sizing is
needed. Option D, right size when
seasonal workloads are at their peak.
Right size after purchasing all reserved
instances.
So the right answer here is option A
right size before a migration occurs to
the cloud
and option
B right size continuously after the
cloud onboarding process.
So right sizing is the process of
matching instances types and sizes to
your workload performance and capacity
requirements at the lowest possible
cost. It's also the process of looking
at deployed instances and identifying
opportunities to eliminate our downsize
without compromising capacity or other
requirements which result in lower
costs.
So question number 266
AWS budgets may be used for the
following purposes
and we have four options. Option A,
prevent a given user from creating a
resource. Option B, send an alert when
the utilization of reserved instances
drops below a certain percentage. Option
C, set resources limits in AWS accounts
to prevent overspending.
Option D, split an AWS bill across
multiple forms of payments.
So the right answer here is option B.
Send an alert when the utilization of
reserved instances drops below a certain
percentage.
So AWS budgets allow you to set custom
budgets to track your cost and usage
from the simplest to the most complex
use cases. With AWS budgets, you can
choose to be alerted by email or SNS
notification when actual or forecasted
cost and usage exceeds your budget
threshold or when your actual RAI and
savings plan utilization or coverage
drops below your desired threshold.
So question number 267.
An online retail company has seasonal
sales spikes several times a year.
Primarily around holidays, demand is
lower at other times. The company finds
it difficult to predict the increase
infrastructure demand for each season.
Which advantage of moving to the AWS
cloud would most benefit the company
choose to? And we have five options.
Option A, global footprint.
Option B, elasticity.
Option C, AWS service quotas. Option D,
AWS share responsibility model. And
option E pay as you go pricing.
So the right answer here is option B
elasticity and option E pay as you go
pricing.
So cloud elasticity is the ability to
rapidly and dynamically allocate cloud
resources including compute, storage and
memory resources in response to changing
demands. The goal of cloud elasticity is
to avoid either overprovisioning or
underprovisioning a particular service
or application.
Question number 268.
What are the advantages of unified
billing for Amazon Web Services
accounts? And we have four options.
Option A, access to AWS personal health
dashboard. Option B, combined usage
volume discounts. Option C, improved
account security. And option D
centralized AWS AM.
So the right answer here is option B.
Combined usage volume discounts.
Question number 269.
A corporation want to connect to AWS
from a distant office through a private
low latency connection. Which strategy
is advised for meeting these
requirements?
And we have four options. Option A,
create a VPN tunnel. Option B, connect
across the public internet. Option C,
use VPC pairing to create a connection.
Option D, use AWS direct connect.
So the right answer here is option D.
Use AWS Direct Connect.
The AWS Direct Connect
cloud service is the shortest path to
your AWS resources. While in transit,
your network traffic remains on the AWS
global network and never touches the
public internet. This reduces the chance
of hitting bottlenecks or unexpected
increase in latency.
Question number 270.
Which AWS service can be used to turn
text into lifl like speech? And we have
four options. Option A, Amazon Poly,
option B, Amazon Kra. Option C, Amazon
recognition. Option D, Amazon Connect.
So the right answer here is option A,
Amazon Poly.
So Amazon Poly is a service that can be
used to turn text into lifelike like
speech. Amazon Poly uses advanced deep
learning technologies to synthesize
speech that sounds naturally and
lifelike, allowing users to convert
written content into spoken language.
Question number 271.
Which Amazon EC2 pricing model is
dynamically adjusted in response to EC2
instance availability and demand?
And we have four options. Option A
ondemand instances. Option B reserved
instances. Option C spot instances. and
option D convertible reserved instances.
So the right answer here is option C
spot instances.
In the new model, the spot prices are
more predictable, updated less
frequently, and are determined by supply
and demand for Amazon EC2 spare
capacity, not bit prices.
So question number 272, which service
should a client utilize to integrate and
manage several Amazon Web Services
accounts centrally?
And we have four options. Option A, AWS
IM, option B, AWS organizations. Option
C, AWS schema conversion tool. Option D,
AWS config.
So the right answer here is option B,
AWS organizations.
So integrate multiple AWS services with
multiple unique AWS accounts. Manage the
user environment based on
organizational, legal or project based
policies. The accounts can also share
resources, security mechanism, audit
requirements, configurations and
policies between multiple AWS
organizations.
Question number 273, which AWS service
or tool can be used to capture
information about inbound and outbound
traffic in an Amazon VPC? And we have
four options. Option A, VPC flow logs.
Option B, Amazon Inspector, option C,
VPC endpoint services. And option D, NAT
gateway.
So the right answer here is option A,
VPC flow logs.
VPC flow logs is a feature that enables
you to capture information about the IP
traffic going to and from network
interfaces in your VPC.
Question number 274.
Which choices do users have when
contacting AWS support? And we have five
options. Option A, create an email case
in the AWS support center. Option B,
visit a local AWS support center. Option
C, use live chat functionality.
Option D, call the customer service
phone number. Option E, use the video
conference functionality of the AWS
support console.
So the right answer here is option C,
use live chat functionality.
The AWS supports offers a range of plans
that provides access to tools and
expertise that supports the success and
operational health of your AWS solution.
All support plans provides 24 by7 access
to customer service, AWS documentation,
technical papers and support forums for
technical support and more resources to
plan, deploy and improve your AWS
environment. You can choose a support
plan for your AWS use case.
Question number 275.
A business must track and anticipate AWS
expenditure and use additionally the
organization must configure eventdriven
alert alerts that are triggered when
expenditure limitations are exceeded.
Which Amazon Web Services offerings or
technology should the business employ to
achieve these requirements?
And we have four options. Option A, AWS
budgets. Option B, Amazon Cloudatch.
Option C, AWS config. And option D, AWS
service catalog.
So the right answer here is option A,
AWS config budgets.
So within AWS budgets, a budget is a
single regularly updating cost and usage
metrics relating to your AWS resources.
The rich structure of these AWS data
allows you to set up multiple budgets to
track this data across different
departments are drilling down into
different systems and resource types.
Question number 276.
Which of the following IT functions does
AWS do in order to relieve a business of
its responsibilities for managing its IT
resources? Select two. And we have five
options. Option A, configuring operating
system firewalls. Option B, setting up
access controls for data. Option C,
backing up databases. Option D,
configuring database user accounts.
Option E, installing operating systems.
So the right answer here is option C,
backing up databases,
and option E, installing operating
systems.
AWS maintains the configuration of its
infrastructure devices, but a customer
is responsible for configuring their own
guest operating systems, databases, and
applications.
Question number 277, which AWS
technologies aid in cost estimation?
Select three. And we have five options.
Option A, detailed building report.
Option B, cost allocation tags. Option
C, AWS simple monthly calculator. Option
D, AWS total cost of ownership
calculator. Option E, cost estimator.
So the right answer here is option B,
cost allocation tags
and option C, AWS simple monthly
calculator.
and option D AWS total cost of ownership
calculator.
So AWS cost allocation tags are labels
for classifying, organizing and
identifying your resources. These tags
which are key value pairs make it easier
to manage them and track their usage. By
assigning tags to your resources, you
can track your overall AWS cost either
through cost explorer or through the AWS
API.
Question number 278.
A company wants to ensure that two
Amazon EC2 instances are in separate
data centers with minimal communication
latency between the data centers. How
can the company meet this requirement?
And we have four options. Option A,
place the EC2 instances in two separate
AWS regions connected with the VPC
pairing connection. Option B, place the
EC2 instances in two separate
availability jones within the same AWS
region.
Option C, place one EC2 instance on
premises and other in AWS region, then
connect them by using an AWSVPN
connection. Option D, place both EC2
instances in a placement group for
dedicated bandwidth.
So the right answer here is option B,
place the EC2 instances in two separate
availability jones within the same AWS
region.
Easily deploy EC2 instances in separate
availability jones within the same
region, which is enough to meet the SLA
for service credits from outages. If you
haven't already, you can see which Jone
each instance is assigned to by viewing
the details of each of the instance
page.
Question number 279.
In comparison to conventional and
virtualized data enterprises, AWS offers
the following. And we have four options.
Option A, greater variable cost and
greater upfront costs. Option B, fixed
usage cost and lower upfront costs.
Option C, lower variable cost and
greater upfront costs. and option D
lower variable cost and lower upfront
costs.
So the right answer here is option D
lower variable cost and lower upfront
costs.
AWS does not require minimum spend
commitments or long-term contracts. You
replace
large upfront expenses with low variable
payments that only apply to what you
use. With AWS, you are not born to
multi-year agreements or complicated
licensing models.
Question number 280. Which situations
should the AWS abuse team be notified
about? And we have four options. Option
A, in availability zone has a service
disruption. Option B, an intrusion
attempt is made from an AWS IP address.
Option C, a user has trouble accessing
an Amazon S3 bucket from an IWS IP
address. Option D, a user needs to
change payments methods due to a
compromise.
So the right answer here is option B. An
intrusion attempt is made from an AWS IP
address
so that AWS trust and safety team can
assist you when AWS resources are used
to engage in the following types of
abuse behavior. spam, port scanning,
denial of service attacks and intrusion
attempts.
Question number 281,
which AWS feature should a client
exploit to ensure an application high
availability? And we have four options.
Option A, AWS direct connect. Option B,
availability jones. Option C, data
centers. And option D, Amazon virtual
private cloud.
So the right answer here is option B,
availability jones.
So this is to achieve high availability
for any web application deployed in AWS.
The following features will be present.
High availability across multiple
instances, multiple availability jones.
Autoscaling of instances based on number
of requests coming in. Additional
security to the instance database that
are in production. No impact to end
users during newer versions of code
deployment. No impact during patching
the instance.
Question number 282. In which situations
should a company create an IM user
instead of an IM role? Choose two. And
we have five options. Option A, where an
application that runs on Amazon EC2
instance requires access to other AWS
services. Option B, when the company
creates AWS access credentials for
individuals. Option C, when the company
creates an application that runs on a
mobile phone that makes requests to AWS.
Option D when the company needs to add
users to AM IM groups. Option E when
users are authenticated in the corporate
network and want to be able to use AWS
without having to sign in a second time.
So the right answer here is option B
when the company creates AWS access
credentials for individuals
and option D when the company needs to
add users to IM groups.
An AWS identity and access management
user is an entity that you create in
AWS. The IM user represents the human
user or workload who uses the IM user to
interact with AWS. A user AWS consist of
a name and credentials. An IM user with
administrative permissions is not the
same thing as the IWS account root user.
Question number 283. How might an AWS
client implement common access
restrictions to a big group of users
easily? And we have four options. Option
A, apply an IM policy to an IM group.
Option B, apply an IM policy to an IM
role. Option C, apply the same IM policy
to all IM users with access to the same
workload. Option D, apply an IM policy
to an Amazon cognitive user pool.
So the right answer here is option A,
apply an IM policy to an IM group.
So instead of defining permissions for
individual IM users, it's usually more
convenient to create groups that relate
to job functions. Next, define the
relevant permissions for each group.
Finally, assign IM users to those
groups. All the users in an IM group
inheritions assigned to the group. That
way, you can make changes for everyone
in a group in just one place. As people
move around in your company, you can
simply change what IM group their IM
user belongs to.
Question number 284. Which AWS service
is used to provide encryption for Amazon
EBS? And we have four options. Option A,
AWS Certificate Manager. Option B, AWS
Systems Manager. Option C, AWS KMS.
Option D, AWS Config.
So the right answer here is option C,
AWS KMS.
AWS key management service makes it easy
for you to create and manage
cryptographic keys and control their use
across a wide range of AWS services and
in your application. AWS KMS is a
service and resilient service that uses
hardware security modules that have been
validated under FIPS 140-2
or are in process of being validated to
protect your keys. AWS KMS is integrated
with AWS cloud trial to provide you with
logs of all keys using to help meet your
regularity, regulatory and compliance
needs.
So question number 285. A business need
software solution that are either hosted
on the AWS platform are linked with it.
Independent software providers as well
as management and security vendors are
required to provide solutions.
Which organization or team is capable of
providing these solutions? And we have
four options. Option A, AWS technical
account managers. Option B, AWS partner
network consulting partners. Option C,
AWS conserge support. And option D, AWS
partner network technology partners.
So the right answer here is option D AWS
partner network technology partners.
So AWS partner network is a global
partner program that vendors and other
service providers offer cloud software
services and build solutions for Amazon
web services customers. The partners and
professionals in software and services
who are earned an endorsement from AWS.
Question number 286. Which AWS services
are available for application
deployment? Select two. And we have five
options. Option A, AWS elastic binto.
Option B, AWS config. Option C, AWS ops
works. Option D, AWS application
discovery service and option E Amazon
Kinesis.
So the right answer here is option A A
as Elastic Beatstock
and option C AWS Ops works.
So AWS elastic beatstock deploys web
applications so that you can focus on
your business. AWS Opsworks provides a
simple and flexible way to create and
manage stacks and applications.
With Opssworks, you can provision AWS
resources, manage their configuration,
deploy applications to those resources,
and monitor their health.
Question number 287. Which AWS services
makes use of global edge locations?
Choose two. And we have five options.
Option A, AWS Fargate. Option B, Amazon
CloudFront. Option C, AWS Global
Accelerator. Option B, AWS Wavelength.
And option E, Amazon VPC.
So the right answer here is option B,
Amazon CloudFront, and option C, AWS
Global Accelerator.
So CloudFront is the most commonly
discussed use of edge locations. It's a
content delivery network that catches
content in edge locations. Content can
be served directly from the catchy so it
gets users
users faster. Cloudfront is often used
to serve static assets, speed up
websites and stream videos.
An AWS global accelerator allow you to
route a request for key resources
through Amazon's global network. Even if
the request is going halfway around the
world, the request is initially rooted
to the closest edge location and then
travels through Amazon's network,
often with lower latency and higher
throughput than the public internet.
Question number 288.
Which responsibilities do customers bear
while using Amazon EC2? Select two. And
we have five options. Option A
underlying hardware maintenance. Option
B file system level encryption. Option C
guest operating system firewall
configuration.
Option D hypervisor level software
patching.
Option E physical security at data
center facilities.
So the right answer here is option B
file system level encryption
and option C guest operating system
firewall configuration.
So customers that deploy an Amazon EC2
instance are responsible for management
of the guest operating system including
updates and security patches. any
application, software or utilities
installed by the customer on the
instance and the configuration of the
AWS provided firewall called a security
group on each instance.
Question number 289. A company is
operating several factories where it
builds products. The company needs the
ability to process data, store data, and
run applications with local system
interdependencies that require low
latency. Which AWS service should the
company use to meet these requirements?
And we have four options. Option A, AWS
IoT Greenrass, option B, AWS Lambda.
Option C, AWS outpost. And option D, AWS
Noble Edge.
So the right answer here is option. See
AWS outposts.
Outpost is designed to provide the same
APIs, control plane and hardware as the
AWS cloud but with ability to run
workloads on premises. This can be
useful for applications that require low
latency or local system
interdependencies as it allows you to
keep your data and applications close to
your users and process.
Question number 290. A business needs
handle a huge volume of data from social
network accounts using high throughput
graphical queries. Which AWS service
will assist the business in developing a
cloud architecture that satisfies this
criteria? And we have four options.
Option A, Amazon RDS. Option B, Amazon
Dynamo DB. Option C, Amazon Neptune. And
option D, Amazon Red Shift.
So the right answer here is option C,
Amazon Neptune.
Amazon Neptune is a fast, reliable,
fully managed graph database service
that makes it easy to build and run
applications.
Question number 291. Which AWS service
enables the use of the AWS cloud to host
a NoSQL database? And we have four
options. Option A, Amazon Aurora, option
B, Amazon DynamoB, option C, Amazon RDS
and option D Amazon Red Shift.
So the right answer is Amazon Dynamo DB.
Amazon Dynamo DB is a fully managed
NoSQL database service that provides
fast and predictable performance with
seamless scalability.
Question number 292. Which of the
following acts as an instance level
firewall to control inbound and outbound
access? And we have four options. Option
A, network access control list. Option
B, security groups. Option C, AWS
trusted advisor. And option D, virtual
private gateway.
So the right answer here is option B,
security groups.
A security group acts as a virtual
firewall for your instance to control
inbound and outbound traffic. When you
launch an instance in a VPC, you can
assign the instance to up to five
security groups. Security groups acts at
the instance level, not the subnet
level.
Question number 293. A business is
consolidating many apps into a single
Amazon Web Services account. The
organization wishes to keep track of the
AWS cloud fees paid by individual
applications. What can the business do
to ensure compliance with these
requirements? And we have four options.
Option A, set up invoiced billing.
Option B, use AWS artifact. Option C,
set the budgets in cost explorer. And
option D, create cost allocation tax.
So the right answer here is option D
create cost allocation tax.
Question number 294.
On an Amazon EC2 instance, a batch job
takes 5 hours to complete. Monthly, the
quantity of data to be processed doubles
and the time required to process it is
proportionate.
What is the optimal cloud architecture
for meeting these is creating demand and
we have four options. Option A, run the
application on a bigger EC2 instance
size. Option B, switch to an EC2
instance family that better matches
batch requirements. Option C, distribute
the application across multiple EC2
instances and run the workload in
parallel. Option D, run the application
on a bare metal EC2 instance.
So the right answer here is option C,
distribute the application across
multiple EC2 instance and run the
workload in parallel.
Question number 295. A company has a
workload that will run continuously for
one year. The workload cannot tolerate
service interruptions. Which Amazon EC2
purchasing option will be most cost
effective? And we have four options.
Option A, all upfront reserved
instances. Option B, partial upfront
reserved instances. Option C dedicated
instances and option D on demand
instances.
So the right answer is option A all
upfront reserved instances.
With all upfront options you pay for the
entire reserved instance term with one
upfront payment. This option provides
you with the largest discount compared
to ondemand instance pricing.
Question number 296. How can AWS trusted
advisor assist AWS cloud users? Select
two. And we have five options. Option A,
it identifies software vulnerabilities
in applications running on AWS. Option
B, it provides a list of cost
optimization recommendations based on
current AWS usage. Option C, it detects
potential security vulnerabilities
caused by permission setting on account
resources. Option D, it automatically
corrects potential security issues
caused by permission settings on account
resources. And option E, it provides
proactive alerting whenever an Amazon
EC2 instance has been compromised.
So the right answer here is option B and
option C.
So AWS trusted advisor provides
recommendations that help you follow AWS
best practices. Trusted advisor
evaluates your accounts by using checks.
These checks identify ways to optimize
your AWS infrastructure, improve
security and performance, reduce cost
and monitor service quotas. You can then
follow the recommendations to optimize
your service and resources.
Question number 297.
Which AWS function will assist users in
determining the CPU capacity of an
application running on an Amazon EC2
instance? And we have four options.
Option A, Amazon Cloudatch. Option B,
AWS Config. Option C, AWS Cloud Trial.
And option D, Amazon Inspector.
So the right answer here is option A,
Amazon Cloudatch.
So you can you can see the CPU credit
balance for each T2 instance in EC2 per
instance metrics in Amazon Cloudatch. T2
instance have four metrics. CPU credit
usage, CPU credit balance, CPU surplus
credit balance and CPU surplus credits
charged.
Question number 298. A user may create a
master payer account in order to access
aggregated billing data via and we have
four options. Option A AWS budgets,
option B, Amazon Mackie, option C,
Amazon Quicksite and option C AWS
organizations.
So the right answer here is option D AWS
organizations.
As part of AWS account creation, AWS
organization creates an IM role with
full administrative permissions in the
new account. IM users and IM roles with
appropriate permissions in the master
account can assume these IM role to gain
access to the newly created accounts.
Question number 299.
Every few years, a business invests
several months in modernizing its
on-remises infrastructure. The
organization wishes to shorten the time
required for infrastructure purchase by
shifting to the AWS cloud.
What is the primary advantage of
transferring this use case to the AWS
cloud? And we have four options. Option
A, AWS will help move the existing
hardware to the AWS data centers. Option
B, the company will have increased
agility with ondemand access to IT
resources.
Option C, enterprise support will be
available to help with recurring
application installation and setup.
Option D, the company will experience
less downtime with multi-AZ deployment.
So the right answer here is option B.
The company will have increased agility
with ondemand access to IT resources.
Question number 300.
Which AWS service helps protects against
DOS attacks? And we have four options.
Option A, AWS shield. Option B, Amazon
Inspector, option C, Amazon Guard Duty.
And option D, Amazon Detective.
So the right answer here is option A AWS
shield.
So AWS shield is a managed distributed
denial of service protection service
that safeguards applications running on
AWS. AWS shield provides always on
detection and automatic inline
mitigations that minimize application
downtime and latency. So there is no
need to engage AWS support to benefit
from DOS production.
Question number 301. Which Amazon web
service offering allow customers to
aggregate billing for many accounts? And
we have four options. Option A, Amazon
Quicksite, option B, AWS organizations.
Option C AWS budgets. and option D
Amazon forecast.
So the right answer here is option B AWS
organizations.
So you can use the consolidated billing
feature in AWS organization to
consolidate billing and payment for
multiple AWS accounts or multiple Amazon
internet services private limited
accounts. Every organization in AWS
organization has a master account that
pays the charges of all the members
accounts.
Question number 302. Which of the
following are advantages of Amazon Web
Services Cloud computing platform?
Select two. And we have five options.
Option A, unlimited uptime. Option B,
elasticity. Option C, agility. Option D
collocation and option E capital
expenses.
So the right answer here is option B
elasticity and option C agility.
The most celebrated benefit of AWS cloud
is elasticity since you can expand the
services when you experience more
traffic. Agile developments in AWS cloud
through strategies are day by day
becoming more established within the
enterprise across the world. With so
much improvement and call for
optimization in the cloud, it is
necessary that these strategies get
established from the ground up within
the organization. It is highly important
as already enterprises have a lot of
bequest politics and hierarchies which
acts as barriers in these businesses.
Question number 303. An application
installed in the AWS cloud exhibits
irregular consumption patterns and is
responsible for non-stop workloads.
Which Amazon EC2 pricing plan is the
most cost effective for this
application? And we have four options.
Option A, dedicated instances. Option B,
spot instances. Option C reserved
instances and option D on demand
instances.
So the right answer here is option D on
demand instances.
On demand instances are virtual servers
that run in Amazon EC2 and are available
on demand with organizations paying for
them by the hour or second with no
long-term commitments.
An instance refers to a virtual server
in the AWS cloud, especially in the
Amazon EC2 compute platform.
Question number 304. Which service
primary aim is to manage software
versions? And we have four options.
Option A, Amazon codear. Option B, AWS
command line interface. Option C, Amazon
Cognto. And option D, AWS code commit.
So the right answer here is option D,
AWS code commit.
AWS Code Commit is a version control
service hosted by Amazon Web Services
that you can use to privately store and
manage assets such as documents, source
code, and binary files in the cloud.
Question number 305. A business is now
undergoing a security examination. The
audit includes a security and compliance
review of the company's AWS
infrastructure and services. The auditor
must identify and download AWS security
and compliance materials. The system and
organization control reports are one of
these documents.
Which AWS service or collection of
service is capable of providing these
documents?
And we have four options.
Option A as abuse team. Option B, AWS
artifact. Option C, AWS support. And
option D, AWS config.
So the right answer here is option B,
AWS artifact.
AWS artifact is a portal that provides
an enterprise with access to security
and compliance reports that apply to the
Amazon Web Services public cloud.
Question number 306. Using AWS config to
record, audit and evaluate changes to
AWS resources to enable traceability is
an example of which AWS
wellarchchitected framework pillar. And
we have four options. Option A security.
Option B operational excellence. Option
C performance efficiency and option D
cost optimization.
So the right answer here is option A
security.
Question number 307. Which of the
following is a design concept for AWS
cloud architecture? And we have four
options. Option A implement single point
of failure. Option B implement loose
coupling. Option C implement monolithic
design and option D implement vertical
scaling.
So the right answer here is option B
implement loose coupling.
Loose coupling between services can also
be done through a synchronized
integration. It involves one component
that generates events and another that
consumes them. The two components do not
integrate through direct point-to-point
interaction but usually through an
intermediate durable storage layer. This
approach decouples the two components
and introduces additional resilency. So
for example, if a process that is
reading messages from the queue fails,
messages can still be able added to the
queue to be processed when the system
recovers.
Question number 308. The continuous
lowering in AWS cloud price is a result
of the following. And we have four
options. Option A, P as you go pricing.
Option B, the AWS global infrastructure.
Option C, economies of scale. Option D,
reserved storage pricing.
So the right answer here is option C.
Economies of scale.
More customer leads to higher AWS usage
which leads to more infrastructure. The
economies of scale effects occurs
because cost can now be spread over a
larger number of customers. The
infrastructure becomes cheaper. Prices
can be reduced and new customer benefits
from the lower prices.
Question number 309. Which phase and
discusses agility as an advantage of AWS
cloud-based deployment? And we have four
options. Option A, the ability to pay
only when computing resources are
consumed based on the volume of
resources that are consumed. Option B,
the ability to eliminate guessing about
infrastructure capacity needs. Option C,
the ability to support innovation
through a reduction in the time that is
required to make IT resources available
to developers. Option D, the ability to
deploy an application in multiple AWS
regions around the world in minutes.
So the right answer here is option C.
The ability to support innovation
through a reduction in the time that is
required to make it resources available
to developers.
Question number 310. Which AWS tool or
feature acts as a VPC firewall at the
subnet level? And we have four options.
Option A security group, option B,
network ACL. Option C traffic mirroring.
And option D Internet gateway.
So the right answer here is option B
network ACL.
A network access control list ACL allows
or denies specific inbound or outbound
traffic at the subnet level.
Question number 311. A business wishes
to deliver managed Windows virtual
desktops and programs through secure
network connections to its distant
workers. Which AWS service does the
business have access to in order to
achieve these requirements? Select two.
And we have five options. Option A,
Amazon Connect. Option B, Amazon
AppStream 2.0.
Option C, Amazon Workspaces. Option D,
AWS Sightto-SightVPN.
Option E, Amazon Elastic Container
Service, Amazon ECS.
So the right answer here is option B,
Amazon AppStream 2.0
and option C, Amazon Workspaces.
With AppStream 2.0, O you can easily add
your existing desktop applications to
AWS and enable your users to instantly
stream them. Windows user can use either
the AppStream 2.0 client or an HTML 5
capable web browser for application
streaming. Amazon Workspaces enable you
to provision virtual cloud-based
Microsoft Windows, Amazon Linux or
Ubuntu Linux desktops for you users
known as workspaces.
Question number 312. Which of the
following is an AWS shared
responsibility? And we have four
options. Option A, identity and access
management. Option B, serverside
encryption. Option C, firewall
configuration. And option D, maintaining
physical hardware.
So the right answer here is option D,
maintaining physical hardware.
AWS is responsible for protecting the
infrastructure that runs all of the
services offered in the AWS cloud. These
infrastructure is composed of the
hardware, software, networking, and
facilities that run AWS cloud services.
Question number 313.
Which storage service can be utilized to
host static web pages at a minimal cost?
And we have four options. Option A,
Amazon Glacier. Option B, Amazon
Dynamob.
Option C, Amazon Elastic File System.
Option D, Amazon Simple Storage Service.
So the right answer here is option D,
Amazon Simple Storage Service, Amazon
S3.
You can use Amazon S3 to host a static
website. On a static website, individual
web pages include static content. They
might also contain client side scripts.
By contrast, a dynamic website release
on serverside processing including
serverside scripts such as PHP, JSP, or
ASP.NET. Amazon S3 does not support
serverside scripting but AWS has other
resources for hosting dynamic websites.
Question number 314. Which AWS service
can be used to decouple applications?
And we have four options. Option AWS
config. Option B Amazon simple Q
service.
Option C AWS batch. Option D, Amazon
simple email service.
So the right answer here is option B,
Amazon simple Q service.
Amazon simple Q service is a fully
managed message queuing service that
makes it easy to decouple and scale
microservices, distributed systems and
serverless applications. Amazon SQS
moves data between distributed
application components and helps you
decouple these components.
Question number 315.
Which AWS services are globally
specified rather than regionally
defined? Select two. And we have five
options. Option A, Amazon Route 53.
Option B, Amazon EC2. Option C, Amazon
S3. Option D, Amazon CloudFront. And
option E, Amazon Dynamo TV.
So the right answer here is option A,
Amazon Route 53.
And option D, Amazon CloudFront.
So AWS provides a lot of services and
these services are either global,
regional are specific to the
availability zone and cannot be accessed
outside. Most of the AWS managed
services are regional based services
except for IM, root 53, CloudFront, WAF
etc.
Question number 316. Currently, a
company's online program is highly
dependent on underlaying components,
which means that when one component
fails, the whole website crashes. Which
AWS cloud design concept is most
appropriate for resolving the present
design issue? And we have four options.
Option A, implementing elasticity,
enabling the application to scale up or
scale down as demand changes. Option B,
enabling several EC2 instances to run in
parallel to achieve better performance.
Option C, focusing on decoupling
components by isolating them and
ensuring individual components can
function when other components fail. And
option D, doubling EC2 computing
resources to increase system for
tolerance.
So the right answer here is option C.
Focusing on decoupling components by
isolating them and ensuring individual
components can function when other
components fail.
Question number 317. A user must locate,
categorize, and safeguard sensitive data
stored in Amazon S3 automatically. Which
AWS service stat satisfies these
criteria? And we have four options.
Option A, Amazon Inspector, option B,
Amazon Mackie. Option C Amazon Guard
Duty. And option D AWS secrets manager.
So the right answer here is option B
Amazon Mackie.
To help you manage the security posture
of your organization's Amazon simple
storage service data estate, Mackie
provides you with an inventory of your
S3 bucket and automatically evaluates
and monitors the buckets for security
and access control. If Mackie detects a
potential issue with the security or
privacy of your data, such as a bucket
that becomes publicly accessible, Mackie
generates a finding for you to review
and remediate as necessary.
Question number 318. On an Amazon EC2
instance, a business host an
application. Several AWS resources
including Amazon S3 and Amazon Dynamo DB
are required by the EC2 instance. What
is the most optimal way to delegate
permissions? And we have four options.
Option A, create an IM role with the
required permissions. Attach the role to
the EC2 instance. Option B, create an IM
role user and use its access key and
secret access keys in the application.
Option C, create an IM user and use it
its access key and secret keys. Secret
access keys to create a CLI profile in
the EC2 instance. And option D, create
an IM role with the required
permissions. Attach the role to the
administrative IM user.
So the right answer here is option A.
Create an IM role with the required
permissions. Attach the role to the EC2
instance.
Question number 319. Which of the
following are support categories for AWS
trusted advisor? Select. And we have
five options. Option A, operational
excellence. Option B cost optimization,
option C security, option D well
architected framework and option E right
sizing.
So the right answer here is option B
cost optimization
and option C security.
Question number 320. Which disaster
recovery option is the least expensive?
We have four options. Option A warm
standby. Option B multi-sight. Option C
backup and restore. Option D pilot
light.
So the right answer here is option C
backup and restore.
Sending backups to AWS can be the first
step in reducing total cost of ownership
and your data center footprint.
Question number 321. Which type of AWS
storage is empal and is deleted when an
Amazon EC2 instance is stopped or
terminated?
And we have four options. Option A,
Amazon Elastic Block Store. Option B,
Amazon EC2 instance store. Option C,
Amazon Elastic File System. Option D,
Amazon S3.
So the right answer here is option B,
Amazon EC2 instance store.
When you stop or terminate an instance,
every block of storage in the instance
store is reset. Therefore, your data
cannot be accessed through the instance
store of another instance.
Question number 322. A company needs
fully managed, highly reliable and
scalable file storage that is accessible
over the server message block protocol.
Which AWS service will meet this
requirement? And we have four options.
Option A, Amazon S3,
option B, Amazon Elastic File System,
option C, Amazon FSX for Windows file
server. And option D, Amazon Elastic
Block Store.
So the right answer here is option C.
Amazon FSX for Windows file server.
Amazon FSX for Windows file server is a
fully managed, highly reliable and
scalable file storage service that is
accessible over the server message block
protocol. It provides fully managed,
highly reliable and scalable file
storage that is accessible over the SMP
protocol. It is designed to work with
the Microsoft Windows operating system
and it supports the SMB protocol which
allows to access the file storage from
Windows servers and clients.
Question number 323.
Which of the following is a component of
the AWS global infrastructure? And we
have four options. Option A, Amazon
Alexa, option B, AWS regions, option C,
Amazon light sale. Then option D AWS
organizations.
So the right answer here is option B AWS
regions.
The AWS cloud spans 99 availability
jones within 31 geographic regions
around the world with announced plans
for 12 more availability zones and four
more AWS regions in Canada, Israel, New
Zealand and Thailand.
Question number 324. What is the purpose
of having an internet gateway within a
VPC? And we have four options. Option A
to create a VPN connection to the VPC.
Option B to allow communication between
the VPC and the internet. Option C to
impose bandwidth constraints on internet
traffic. Option D to load balance a
traffic from the internet across Amazon
EC2 instance.
So the right answer here is option B to
allow communication between the VPC and
the internet.
An internet gateway is a horizontally
scaled, redundant, and highly available
VPC component that allows communication
between your VPC and the internet.
Question number 325. Which AWS service
allows user to download security and
compliance reports about the AWS
infrastructure on demand? We have four
options. is option Amazon car duty.
Option B AWS security hub option C AWS
artifact and option D AWS shield.
So the right answer here is option C AWS
artifact.
AWS artifact is your go to central
resource for compliance related
information that matters to you. It
provides ondemand access to security and
compliance reports from AWS and ISVS who
sell their products on AWS marketplace.
Question number 326. A company is
planning an infrastructure deployment to
the AWS cloud. Before the deployment,
the company wants a cost estimate for
running the infrastructure. Which AWS
service or feature can provide this
information? And we have four options.
Option A, cost explorer. Option B AWS
trusted advisor. Option C AWS cost and
usage report. And option D AWS pricing
calculator.
So the right answer here is option D AWS
pricing calculator.
AWS pricing calculator. Estimate the
cost of your architecture solution.
Configure a cost estimate that fits your
unique business or personal needs with
AWS products and services.
Question number 327.
How can Amazon EC2 autoscaling groups
contribute to a web application's high
availability? And we have four options.
Option A, they automatically add more
instances across multiple AWS regions
based on global demand of the
application. Option B automatically add
instances across multiple availability
jones when the application needs it.
Option C, they enable the application
static content to reside closer to end
users. Option D, they are able to
distribute incoming request across
entire of web server instances.
So the right answer is option B. They
automatically add or replace instances
across multiple availability chs.
[Music]
When the unhealthy availability jone
returns to an healthy state, autoscaling
automatically redistributes the
application instances evenly across all
of the designated availability jones.
[Music]
Question number 328. A business has a
stateless application workload that can
withstand brief period of outage. The
program conducts calculations in
massively parallel fashion. Which Amazon
EC2 pricing model should the business
choose to save costs? And we have four
options. Option A on demand instances.
Option B spot instances. Option C
reserved instances and option Dedicated
instances.
So the right answer here is option B
spot instances.
A spot instance is an instance that uses
spare EC2 capacity that is available for
less than the ondemand price. Because
spot instances enable you to request
unused EC2 instances at steep discounts,
you can lower your Amazon EC2 cost
significantly. Hourly price for a spot
instance is called spot price.
Question number 329. Which of the
following is a method for enhancing AWS
security? Select. And we have five
options. Option A, using AWS artifact.
Option B, granting the broadest
permission to all IMU roles. Option C,
running application code with AWS
Cloud9. Option D, enabling multiffactor
authentication MFA with amazing Amazon
cognto. Option E using AWS trusted
advisor security checks.
So the right answer is option D enabling
multiffactor authentication MFA with
Amazon Cognito
and option E using AWS trusted advisor
security checks.
MFA adds extra security because it
requires users to provide unique
authentication from an AWS supported MFA
mechanism in addition to their regular
signin credentials when they access AWS
websites or services. Virtual MFA
devices, a software app that runs on a
phone or other devices and emulates a
physical device.
Question number 330.
Which AWS service of tool helps to
centrally manage billing and allow
controlled access to resources across
the AWS accounts? And we have four
options. Option AWS identity and access
management. Option B AWS organizations.
Option C cost explorer. And option D AS
budgets.
So the right answer here is option B.
AWS organizations.
By default, organizations support
consolidated billing features.
Consolidated billing separates paying
accounts and linked accounts. You can
use AWS organizations to set up a single
payment method for all the AWS accounts
in your organization through
consolidated billing.
Question number 331.
Under the AWS share responsibility
parading, the following parties are
responsible for the security and
patching of the guest operating system.
And we have four options. Option AWS
support,
option B the customer, option C AWS
systems manager and option D AWS config.
So the right answer here is option B the
customer.
For example, a service such as Amazon
Elastic Computer Cloud is categorized as
infrastructure as a service and as such
requires the customers to perform all of
the necessary security configurations
and management task. Customers that
deploy an Amazon EC2 instances are
responsible for management of the guest
operating system.
any application softwares or utilities
installed by the customer on the
instance and the configuration of the
AWS provided firewall on each instance.
Question 332.
What is an example of AWS cloud's high
availability?
We have four options. Option A,
consulting AWS technical support at any
time, day or night. Option B, ensuring
an application remains accessible even
if a reason resource fails. Option C,
making any AWS service available for use
by paying on demand. Option D, deploying
in any part of the world using AWS
regions.
So the right answer here is option B.
Ensuring an application remains
accessible even if a resource fails.
Question number 333.
Which of the following are the Amazon's
virtual private cloud resources? We have
four options. Option A, objects access
control list ACL. Option B, subnets,
internet gateways. Option C, access
policies, buckets. Option D, groups,
roles.
So the right answer here is option B,
subnets, internet gateways.
A subnet is a range of IP address in
your VPC. A subnet must reside in a
single availability zone. After you add
subnets, you can deploy AWS resources in
your VPC. A gateway connects your VPC to
another network. For example, use an
internet gateway to connect your VPC to
the internet. Use a VPC endpoint to
connect to AWS services privately
without the use of an internet gateway
or n device.
Question number 334.
Which aspects of AWS make it cost viable
for workloads with fluctuating customers
demand? Select. And we have five
options. Option A high availability.
Option B shared security model. Option C
elasticity. Option D pay as you go
pricing. And option E reliability.
So the right answer here is option C
elasticity and option D pay as you go
pricing.
Question 335.
A business wants to migrate 40 terabyte
of data from on premises to clean
systems to Amazon S3. The transfer must
occur as rapidly as visible while
maintaining a low cost. The firm has
internet access at a speed of 100
megabytes per second. Which AWS service
will satisfy these criteria?
We have four options. Option A, AWS
Snowball. Option B, AWS Direct Connect.
Option C, AWS storage gateway. Option D,
Amazon S3 transfer acceleration.
So the right answer here is option A,
AWS mobile.
Snowball is better for 40 terabyte
transfer. It will make transfer while
keeping the cost at minimum. With 100
Mbps, it will be quick.
Question number 336.
Which of the following allows customers
to programmatically access the power of
AWS services? We have four options.
Option A, AWS command line interface.
Option B, AWS trusted advisor.
Option C, AWS code deploy. Option D, AWS
management console.
So the right answer here is option A,
AWS command line interface,
AWS CLI.
AWS command line interface is a unified
tool to manage your AWS services with
just one tool to download and configure.
You can control multiple AWS services
from the command line and automate them
through scripts.
Question number 337.
A business wishes to migrate some of its
resources to the AWS cloud. To comply
with regulatory standards, data must
stay on premises and local. AWS and the
company's resources must have a low
latency. Which Amazon Web Services
service or functionality
may be leveraged to fulfill these
requirements? And we have four options.
Option A, AWS local Jones. Option B
availability jones, option C, AWS
outposts, and option D AWS wavelength
zones.
So the right answer here is option C,
AWS outposts.
With AWS outpost, you can run some AWS
services locally and connect to a broad
range of services available in the local
AWS region. Run application and
workloads on premises using familiar AWS
service tools and APIs. Outpost supports
workloads and devices requiring low
latency access to on-remises systems.
Local data processing, data residency,
and application migration with local
system interdependencies.
Question number 338. A business has
specified the Amazon Web Services
resources it requires for a new
application. The business must determine
the expenses associ associated with
operating the application on AWS.
What actions should the business take to
comply with this stipulation and we have
four options. Option A, take advantage
of AWS ondemand pricing. Option B, use
the AWS pricing calculator to generate
an approximate dollar amount. Option C,
use Amazon Quicksite to analyze current
on premises spending. Option D, use
Amazon AppStream 2.0 for realtime
pricing analytics.
So the right answer here is option A,
take advantage of AWS on demand pricing.
Question number 339.
For its steadyst state database, the
corporation runs a self-managed Oracle
database directly on Amazon EC2. The
corporation wishes to cut its computing
expenses. Which option should the
business choose in order to optimize
savings over a three-year period? We
have four options. Option A, EC2
dedicated instance. Option B, EC2 spot
instances. Option C, EC2 reserved
instances. Option D, EC2 on demand
instances.
So the right answer here is option
C, EC2 reserved instances.
Amazon EC2 reserved instances provide a
significant discount compared to
ondemand pricing and provide a capacity
reservation when used in specific
availability in June.
Question 340.
corporation is developing an application
that must distribute photos and videos
internationally the least amount of
delay possible. Which strategy may the
business take to do these in the most
cost effective manner? And we have four
options. Option A, deliver the content
through Amazon CloudFront. Option B,
store the content on Amazon S3 and
enable S3 cross region replication.
Option C, implement the VPN across
multiple AWS regions. Option D, deliver
the content through AWS private link.
So the right answer here is option A,
deliver the content through Amazon
CloudFront.
Amazon CloudFront is a content delivery
network operated by Amazon Web Services.
Content delivery networks provide a
globally distributed network of proxy
servers that catch content such as web,
videos or other bulky media more likely
to consumers, thus improving access
speed for downloading the content.
Question number 341.
Which AWS service or functionality gives
advice to customers about frequently
asked building questions? And we have
four options. Option A, AWS Marketplace.
Option B, AWS Knowledge Center. Option
C, Amazon Pinpoint. And option D, Amazon
Connect.
So the right answer here is option B.
AWS knowledge center.
All AWS account owners have access to
account and building support free of
charge.
Question number 342.
Which AWS service enables an on premises
infrastructure to be extended to the AWS
cloud? Select. We have five options.
Option A, Amazon EBS. Option B, AWS
Direct Connect. Option C, Amazon
CloudFront. Option D, AWS storage
gateway. And option E, Amazon Connect.
So the right answer here is option B AWS
direct connect and option D AWS storage
gateway.
AWS direct connect is a cloud service
solution that makes it easy to establish
a dedicated network connection from your
premises to AWS. AWS storage gateway is
a set of hybrid cloud storage service
that provide
onremises access to virtually unlimited
storage cloud storage.
Question number 343. Which AWS service
enables the generation of warnings based
on a monthly bill estimate?
We have four options. Option AWS
config. Option B Amazon Cloudatch.
Option C AWS X-Ray. Option D AWS Cloud
Trail.
So the right answer here is option B
Amazon Cloudatch.
You can monitor your estimated AWS
charges by using Amazon Cloudatch. When
you enable the monitoring of estimated
charges for your AWS account, the
estimated charges are calculated and
sent several times daily to Cloudatch as
a metric data. Billing metric data is
stored in the US East region and
represents worldwide charges. This data
includes the estimated charges for every
service in AWS that you use in addition
to the estimated overall total of your
AWS charges.
Question number 344. A company needs to
identify the last time that a specific
user access the AWS management console.
Which AWS service will provide this
information?
And we have four options. Option A,
Amazon Cognito. Option B, AWS cloud
trial. Option C, Amazon inspector.
Option D, Amazon cart.
So the right answer here is option B,
AWS cloud trial.
AWS cloud trial enables auditing,
security monitoring and operational
troubleshooting by tracking user
activity and API usage. Cloud trial
logs, continuously monitors and retains
account activity related to action
across your AWS infrastructure giving
you control over storage analysis and
remediation actions.
Question number 345. Which AWS service
may be utilized to deploy the
application? And we have four options.
Option A, AWS apps sync. Option B, AWS
batch. Option C, AWS code pipeline.
Option D, AWS data sync.
So the right answer here is option C,
AWS code pipeline.
AWS code pipeline is a continuous
delivery service you can use to model,
visualize and automate the steps
required to release your software. You
can quickly model and configure the
different stages of a software release
process. Code pipeline automates the
steps required to release your software
changes continuously.
Question number 346. Which AWS service
or functionality is by default highly
available?
We have four options. Option A, Amazon
EC2. Option B, Amazon Arbora. Option C
that instances and option D Amazon RDS.
So the right answer here is option D.
Amazon RDS.
Amazon relational database service
supports two easy to use options for
ensuring high availability of your
relational database for your MySQL,
Mari DB, PostSQL, Oracle and SQL server
database instances. You can use Amazon
RDS multi-AZ deployments.
When you provision a multi-AZer DP
instance, Amazon RDS automatically
creates a primary DP instance and
synchronously replicates the data to a
standby instance in a different
availability.
Question number 347. A business requires
data migration from its onremises
environment to the AWS cloud. The
business demands extremely elastic and
efficient connection. Which AWS service
satisfies these criteria?
And we have four options. Option A,
Amazon S3 Classier. Option B, AWS
storage gateway. Option C, AWS backup.
Option D, Amazon Elastic File System.
So the right answer here is option B,
AWS storage gateway.
AWS storage gateway is a hybrid cloud
storage service that gives you on
premises access to virtually unlimited
cloud storage. You can use storage
gateway to simplify storage management
and reduce cost for key hybrid cloud
storage use cases. These include Boing
backups to the cloud, using on premises
file shares backed by cloud storage, and
providing low latency access to data in
AWS for on premises applications.
Question number 348. A company wants to
perform sentiment analysis on customer
service email messages that it receives.
The company wants to identify whether
the customer service engagement was
positive or negative. Which AWS service
should the company used to perform these
analysis?
And we have four options. Option A,
Amazon text. Option B, Amazon translate.
Option C, Amazon comprehend. Option D,
Amazon recognition.
So the right answer here is option C,
Amazon comprehend.
Amazon compliment uses natural language
processing NLP to extract insights
about the content of documents. It
develops insights by recognizing the
entities, key phrases, language,
sentiment, and other common elements in
a document.
Question number 349. What is the total
amount of storage offered by Amazon S3?
And we have four options. Option A 100
MB, option B 5GB. Option C 5 terabyte
and option D unlimited.
So the right answer here is option D
unlimited.
The total value of data and number of
objects you can store are unlimited.
Individual Amazon S3 objects can range
in size from a minimum of zero bytes to
a maximum of 5 terabyte.
Question number 350. Which AWS service
or functionality is exclusively
accessible to AWS enterprise support
customers?
We have four options. Option A, AWS
trusted advisor. Option B, AWS support
case. Option C, AWS consarch support
team. And option D, Amazon connect.
So the right answer here is option C,
AWS consarch support team.
AWS enterprise support concerns
dedicated team for enterprise account
specialist to help with building and
account subjects.
Question number 351. Which resources is
the most effective for keeping
on AWS security announcements?
We have four options. Option A, AWS
personal health dashboard. Option B, AWS
secret managers. Option C, AWS security
bulletins. Option D, Amazon inspect.
So the right answer here is option C.
AWS security bulletins.
AWS makes public notifications in the
form of security bulletins which are
posted in the AWS security website.
Individuals, companies and security
teams typically post their advisories on
their own websites and in other forums
and when relevant we will include links
to those third party resources in AWS
security bulletin.
Question number 352. Which AWS services
aid in application performance
optimizing by lowering latency
associated with global content access?
Select. And we have five options. Option
A, Amazon CloudFront. Option B, AWSVPN.
Option C, AWS Direct Connect. Option D,
AWS Global Accelerator. Option E, Amazon
S3 Glacier.
So the right answer here is option A,
Amazon CloudFront.
And option D, AWS Global Accelerator.
Amazon CloudFront is a content delivery
network service built for high
performance security and developer
convenience. AWS Global Accelerator is a
networking service that helps you
improve the availability, performance,
and security of your public
applications. Global accelerator
provides two global static public IPs
that acts as a fixed entry point to your
application endpoints such as
application load balances, network load
balancer, Amazon elastic computer cloud
instances, and elastic.
Question number 353. Which AWS service
should a company used to create NoSQL
database? And we have four options.
Option A, Amazon Aurora. Option B,
Amazon Dynamo TV. Option C, Amazon Red
Shift. Option D, Amazon Nifty.
So the right answer here is option B,
Amazon Dynamo TV.
AWS Tano DB is a fully managed NoSQL
database service that is designed to
provide fast and predictable performance
with seamless scalability. It is a good
choice for companies looking to create a
NoSQL database in AWS.
Question 354. Which technologies are
available for deriving AWS charges by
department? Select. We have five
options. Option A, enable multiffactor
authentication for the AWS account root
user. Option B, create separate accounts
for each department.
Option C, use reserved instances
whenever possible. Option D, use tags to
associate each instance with the
particular department. Option E, pay
bills using purchase orders.
So the right answer here is option B,
create separate accounts for each
department.
Option D, use tax to associate each
instance with a particular department.
Question 355. Which AWS services can be
utilized to automate infrastructure?
Select two. And we have five options.
Option A, AWS cloud formation. Option B
Amazon CloudFront. Option C AWS batch.
Option D AWS Opsworks. Option E Amazon
Quicksite.
So the right answer here is option A AWS
cloud formation. And option D AWS Ops
works.
Question 356. A solution architect of a
business wants to deploy a few Amazon
EC2 instances in an already existing AWS
account. Before the firm can accept the
request, he wants a cost estimate. Which
AWS tool should be used to generate the
cost estimate?
We have four options. Option A, AWS
pricing calculator. Option B, cost
explorer. Option C, AWS cost and usage
report. Option D, AWS budgets.
So the right answer here is option A,
AWS pricing calculator.
AWS pricing calculator is a web- based
planning tool that you can use to create
estimates for your AWS use cases. You
can use it to model your solutions
before building them. Explore the AWS
service price points and review the
calculations behind your estimates. You
can use it to help you plan how you
spend, find cost-saving opportunities,
and make informed decisions when using
Amazon Web Services.
Question number 357. A company is
migrating to Amazon S3. The company
needs to transfer 60 terabyte of data
from an on-remises data center to AWS
within 10 days. Which AWS service should
the company use to establish this
migration? And we have four options.
Option A, Amazon S3 Glacier. Option B,
AWS database migration service.
Option C, AWS Snowball. Option D, AWS
Direct Connect.
So the right answer here is option C,
AWS Snowball.
Question number 358. What type of
database is Amazon Dynamo DB?
We have four options. Option A in
memory. Option B relational. Option C
key value. And option D graph.
So the right answer here is option
C key value.
So Amazon DynamoB is a fully managed
serverless key value NoSQL database
designed to run high performance
applications at any scale.
Question number 359. A retail company
has recently migrated its website to
AWS. The company wants to ensure that it
is protected from SQL injection attacks.
The website uses an application load
balancer to distribute traffic to
multiple Amazon EC2 instances. Which AWS
service or feature can be used to create
a custom rule that blocks SQL injection
attacks? And we have four options.
Option A, security groups. Option B, AWS
WF. Option C network ACL. And option D A
shield.
So the right answer here is option B AWS
WF.
Question number 360. Which AWS services
enables user to link their AWS cloud
services to their on premises resources?
Select. We have five options. Option A,
AWSVPN.
Option B, Amazon Connect. Option C,
Amazon Cognto. Option D, AWS Direct
Connect. Option E, AWS managed services.
So the right answer here is option A
AWSVPN
and option D AWS direct connect.
Question number 361.
While an Amazon EC2 instance is only
activated when it is required, it must
stay active throughout the life of the
procedure. What is the most acceptable
method of purchase? And we have four
options. Option A dedicated instances,
option B spot instances, option C on
demand instances. And option D reserved
instances.
So the right answer here is option C on
demand instances.
Question number 362.
A business operations are conducted on
site. The business want to anticipate
the cost associated with hosting a major
application on AWS.
Which AWS service or tool does the
business have access to in order to
collect this information? And we have
four options. Option AWS pricing
calculator, option B, AWS budgets.
Option C, AWS trusted advisor. And
option D cost explorer.
So the right answer here is option A,
AWS pricing calculator.
Question number 363. How can a client
strengthen the security of their Amazon
Web Services accounts login? Select two.
And we have five options. Option A,
configure AWS Certificate Manager.
Option B, enable multiffactor
authentication, MFA. Option C, use
Amazon Cognito to manage access. and
option D configure a strong password
policy. Option E enable AWS
organizations.
So the right answers are option B enable
multiffactor authentication
and option D configure a strong password
policy.
So your root account should always be
protected by multiffactor
authentication. This additional layer of
security helps protects against
unauthorized login to your account by
requiring two factors. Something you
know a password and something you have
for example an MFA device. AWS supports
virtual and hardware MFA devices and U2F
security keys.
Question number 364. A big firm often
has a single Amazon Web Services
account. What are the benefits of
reproposing a single AWS account to
create additional AWS accounts? Select
two. And we have five options.
Option A, it allows for administrative
isolation between different workloads.
Option B, discounts can be applied on a
quarterly basis by submitting cases in
the AWS management console. Option C,
transitioning objects from Amazon S3 to
Amazon S3 Glacier in separate AWS
accounts will be less expensive. Option
D, having multiple accounts reduces the
risk associated with malicious
activities targeted at a single account.
Option E, Amazon Quicksite offers access
to a cost tool that provides application
specific recommendations for
environments running in multiple
accounts.
So the right answer is option A. It
allows for administrative isolation
between different workloads and option D
having multiple accounts reduce the risk
associated with malicious activities
targeted at a single account.
Question number 365.
Which solution enables a business with
numerous AWS accounts to consolidate its
consumption in order to qualify for bulk
discounts? And we have four options.
Option A, AWS server migration service.
Option B, AWS organizations. Option C,
AWS budgets. Option D, AWS trusted
advisor.
So the right answer here is option B,
AWS organizations.
Use the consolidated billing feature in
AWS organization to consolidate billing
and payment for multiple AWS accounts or
multiple Amazon Internet Service Private
Limited
accounts. Every organization in AWS
organizations has a master account that
pays the charges for of all the all the
member accounts. Consolidated billing
has the following benefits. One bill.
You get one bill for multiple accounts.
Easy tracking. You can track the changes
across multiple accounts and download
the combined cost and usage data.
Combined usage. You can combine the
usage across all accounts in the
organization to share the volume, price,
discounts and reserved instant
discounts.
These can result in a lower charge for
your project, department or company than
with individual standalone accounts.
No extra fee. Consolidate building is
offered at no extra no additional cost.
Question number 366. Which AWS services
may be protected against typical online
exploitations using AWS WAF? Select two.
And we have five options. Option A,
Amazon Route 53. Option B, Amazon
CloudFront. Option C, AWS Transfer
Family. Option D, AWS STOSightVPN.
Option E, Amazon API Gateway.
So the right answer here is option B,
Amazon CloudFront,
and option E, Amazon API Gateway.
Question number 367. A business uses an
Amazon EC2 autoscaling policy in
conjunction with an application load
balancer to restore sik applications
running on Amazon EC2 instances
automatically.
These activity pertains to which pillar
of the AWS well architected framework.
And we have four options. Option A
security, option B performance
efficiency, option C operational
excellence and option D reliability.
So the right answer here is option D
reliability.
Question number 368.
A business want to migrate current
software licenses to AWS. However, the
licensing strategy involves licensing
physical cores. How can the organization
do these in the AWS cloud? And we have
four options. Option A, launch an Amazon
EC2 instance with default tenency.
Option B, launch an Amazon EC2 instance
on a dedicated host. Option C, create an
ondemand capacity reservation. Option D,
purchase dedicated reserved instances.
So the right answer here is option B.
Launch an Amazon EC2 instance on a
dedicated host.
Question number 369.
Which service offers nearly infinite
online storage for very durable objects?
And we have four options. Option A,
Amazon Redshift. Option B, Amazon
Elastic File System. Option C, Amazon
Elastic Container Service and option D,
Amazon S3.
So the right answer here is option D,
Amazon S3.
Question number 370. Which of the
following is an advantage that users
experience when they move on premises
workloads to the AWS cloud?
We have five options. Option A,
elimination of expenses for running and
maintaining data centers. Option B,
price discounts that are identical to
discounts from hardware providers.
Option C, distribution of all
operational controls to AWS. Option D,
elimination of operational expenses.
So the right answer here is option A,
elimination of expenses for running and
maintaining data centers.
Question number 371.
Which AWS services are available for
file storage? Select two. We have five
options. Option A, Amazon S3. Option B,
AWS Lambda. Option three, Amazon Elastic
Block Store.
Option D, Amazon Sage Maker. Option E,
AWS Storage Gateway.
So the right answer here is option A,
Amazon S3 and option C, Amazon Elastic
Block Store.
Question number 372. A media business
want to disseminate video material
through the internet to millions of
viewers globally. The organization
visions to use AWS worldwide network
backbone in order to deliver catched
material with minimal latency and fast
data transfer rates.
Which AWS service will satisfy these
criteria?
And we have four options. Option A,
Amazon CloudFront. Option B, AWS Global
Accelerator. Option C, AWS Direct
Connect. And option D, Amazon Connect.
So the right answer here is option A,
Amazon CloudFront.
Question number 373. Which AWS advantage
allows customers to construct cloud
infrastructure that spans various
geographic areas and is linked through a
low latency high performance network.
And we have four options. is option A
economies of scale, option B security,
option C elasticity and option D global
reach.
So the right answer here is option D
global reach.
Question number 374.
Which AWS service or feature enables
businesses to take advantage of AWS
volume discounts?
And we have four options. Option A,
savings plans. Option B, AWS budgets.
Option C, AWS organizations. And option
D AWS pricing calculator.
So the right answer is option C AWS
organizations.
So AWS organizations enables you to
simplify cost and take advantage of
quantity discounts with a single bill.
In addition, you can optimize usage
across your organization with services
like AWS compute optimizer and AWS cost
explorer.
Question number 375.
Which AWS AM feature is used to link
numerous users with a set of
permissions? And we have four options.
Option A multiffactor authentication.
Option B groups. Option C password
policies. Option D access keys.
So the right answer here is option B
groups.
An IM group is a collection of IM users.
You can use groups to specify
permissions for a collection of users
which can make those permissions easier
to manage for those users. For example,
you could have a group called admins and
give that group the type of permissions
that administrators typically need.
Question number 376. A social media firm
has been tasked with the responsibility
of launching a new function. Users will
be able to share photographs that will
be seen by other users worldwide with
little delay. Which AWS service or
feature should the business use in order
to achieve these demand the most cost
effectively?
And we have four options. Option A,
Amazon Dynamob Global Tables. Option B,
AWS Direct Connect. Option C, Amazon
CloudFront. And option D, AWS Outposts.
So the right answer here is option C,
Amazon CloudFront.
Securely deliver content with low
latency and high transfer speeds.
Question number 377.
Which AWS service enables applications
decoupling?
We have four options. Option A, AWS
config. Option B, Amazon simple Q
service. Option C, AWS batch. Option D,
Amazon simple email service.
So the right answer here is option B.
Amazon simple Q service. Amazon SQS.
Amazon SQS refers to a message queuing
service that is used for decoupling and
scaling microservices, distributed
systems and serverless applications. SQS
removes the complexity and overhead
linked with managing and operating
message oriented middleware and empowers
developers for focusing on
differentiating work.
Question number 378. Amazon EC2 web
servers connect to a traditional
application operating in a corporate
data center.
What phrase would be appropriate to use
to describe this model? And we have four
options. Option A, cloud native. Option
B, partner network. Option C, hybrid
architecture. And option D,
infrastructure as a service.
So the right answer here is option C,
hybrid architecture.
AWS hybrid cloud services deliver a
consistent AWS experience whenever you
need it from the cloud to on premises
and at the edge. Select from the
broadest set of compute, networking,
storage, security, identity, data
integration, management, monitoring, and
operation services to build hybrid
architectures that meet your specific
requirements and use cases.
Question number 379.
Which design principle is included in
the operational excellence pillar of the
AWS well architected framework? And we
have four options. Option A create
annotated documentation. Option B
anticipate failure.
Option C ensure performance efficiency.
Option D optimize costs.
So the right answer here is option B
anticipate failure.
Question number 380. Which of the
following is the customers responsible
for updating and patching according to
the AWS share responsibility model? And
we have four options. Option A, Amazon
FSX for Windows file server. Option B,
Amazon Workspace virtual Windows
desktop.
Option C, AWS Directory Service for
Microsoft Active Directory. and option
D, Amazon RDS for Microsoft SQL Server.
So the right answer here is option B,
Amazon Workspaces virtual Windows
desktop.
Question number 381. Previously utilized
Amazon EC2 instance for development is
no longer available and does not display
in the AWS management console. Which AWS
service should be utilized to discover
what activity resulted in the
inaccessibility of these EC2 instance?
And we have four options. Option A,
Amazon Cloudatch logs. Option B, AWS
Security Hub. Option C Amazon Inspector,
option D, AWS Cloud Trial.
So the right answer here is option D AWS
cloud trial.
Visibility into your AWS account
activity is a key aspect of security and
operational best practices. You can use
cloud trial to view, search, download,
archive, analyze, and respond to account
activity across your AWS infrastructure.
You can identify who or what took which
action, what resources were acted upon
when the event occurred and other
detailed details to help you analyze and
respond to activity in your AWS account.
Optionally, you can enable AWS cloud
trial insights on a trial to help you
identify and respond to unusual
activity.
Question number 382. A cloud
practitioner is required to retain data
for 7 years in order to compile with
regulatory standards. Which AWS service
meets this need for the least amount of
money? And we have four options. Option
A, Amazon S3. Option B, AWS Snowball.
Option C, Amazon Red Shift. And option
D, Amazon S3 Glacier.
So the right answer here is option D,
Amazon S3 Glacier.
So S3 Glacier deep archive is Amazon's
S3's lowest cost storage class and
supports long-term retention and digital
preservation for data that may be
accessed once or twice in a year. It is
designed for customers particularly
those in highly regulated industries
such as the financial services,
healthcare and public sectors that
retain data sets for 3 to 10 years or
longer to meet regulatory compliance
requirements. S3 glacier deep arch can
also be used for backup and disaster
recovery use cases. and is a cost-
effective and easy to manage alternative
to magnetic tape systems whether they
are on premises libraries or off-
premises services.
Question number 383. Why is an AWS well
architected review a critical part of
the cloud design process? And we have
four options. Option A, a well
architected review is mandatory before a
workload can run on AWS. Option B, a
well architected review helps identify
design gaps and helps evaluate design
decisions and related documents. Option
C, a well architected review is an audit
mechanism that is a part of requirement
for service level agreements. Option D,
a well architected review eliminates the
need for ongoing auditing and compliance
tests.
So the right answer here is option B. A
well architected review helps identify
design gaps and helps evaluate design
decisions and related documents.
Question number 384. A company
implements an Amazon EC2 autoscaling
policy along with an application load
balancer to automatically recover
unhealthy applications that run on
Amazon EC2 instances. Which pillar of
the AWS wellarchchitected framework does
this action cover and we have four
options. Option A security, option B
performance efficiency, option C
operational excellence and option D
reliability.
So the right answer here is option D,
reliability.
Question number 385. What does AWS
obligation under the shared
responsibility paradig entail? And we
have four options. Option A, updating
the network ACL to block traffic to
vulnerable ports. Option B, patching
operating systems running on Amazon EC2
instances. Option C, updating the
firmware on the underlying EC2 host. And
option D, updating the security group
rule to block traffic to the vulnerable
ports.
So the right answer here is option C,
updating the firmware on the underlying
EC2 hosts.
Question number 386.
AWS cloud formation is intended to
assist the user in the following ways.
And we have four options. Option A,
model and provision resources. Option B,
update application code. Option C, set
up data links. And option D, create
reports for billing.
So the right answer here is option A,
model and provision resources.
AWS cloud formation provides a common
language for you to model and provision
AWS and thirdparty application resources
in your cloud environment. AWS cloud
formation allows you to use programming
languages or a simple text file to model
and provision in an automated and secure
manner. All the resources needed for an
for your application across all regions
and accounts give this gives you a
single source of truth for your AWS and
third party resources.
Question number 387.
Which AWS cloud benefit is shown by an
architectures ability to withstand
failure with minimal downtime? We have
four options. Option Agility,
option B elasticity, option C
scalability and option D high
availability.
So the right answer here is option D
high availability.
Question number 388. Under the AWS share
responsibility model, which task is the
customer's responsibility when managing
AWS Lambda functions?
And we have four options. Option A,
creating versions of Lambda functions.
Option B, maintaining server and
operating systems. Option C, scaling
Lambda resources according to demand.
Option D, updating the Lambda runtime
environment.
So the right answer here is option A,
creating versions of Lambda functions.
Question number 389. A company needs to
generate reports that can break down
cloud cost by product by company defined
tax and by hour, day and month. Which
AWS tool should the company use to meet
this requirements? And we have four
options. Option A, a reserved instance
utilization and coverage reports. Option
B, saving plans utilization reports.
Option C AWS budgets reports and option
D AWS cost and usage reports.
So the right answer here is option D AWS
cloud cost AWS cost and usage reports.
AWS cost and usage report tracks your
AWS usage and provides estimate charges
associated with your account. Each
report contains line items of each
unique combination of AWS products,
usage type, and operation that you use
in your AWS account. You can customize
the AWS cost and usage reports to
aggregate the information either by the
hour, day, or month.
Question number 390.
A business wishes to grant access to
Amazon RDS to one of its workers.
Additionally, the corporation wishes to
confine contact to the AWS CLI and AWS
software development kits. Which
combination of measures should the
business do in order to satisfy these
needs while adhering to the concepts of
least privilege?
Option A, create an IM user and provide
AWS management console access only.
Option B, create an IM user and provide
programmatic access only. Option C,
create an IM role and provide AWS
management console access only. Option
D, create an IM policy with
administrator access and attach it to
the IM user. Option E, create an IM
policy with Amazon RDS access and attach
it to the IM user.
So the right answer here is option B,
create an IM user and provide
programmatic access only.
And option E, create an IM policy with
the with Amazon RTS access and attach it
to the IM user.
Question number 391.
Which of the following guidelines
constitutes a well architected design
philosophy for cloud application
development?
And we have four options. Option A, keep
static data closer to compute resources.
Option B, provision resources for peak
capacity. Option C, design for automated
recovery for failure. Option D, use
tightly coupled components.
So the right answer here is option C.
Designed for automated recovery for
failure.
Automatically recover from failure by
monitoring your workload for key
performance indicators. You can trigger
automation when a threshold is breached
with KPIs should be a measure of
business value not of the technical
aspects of the operation of the service.
These allows for automatic notification
and tracking of failures and for
automated recovery process that work
around a repair the failure. With more
sophisticated automation, it's possible
to anticipate and remediate failures
before they occur.
Question number 392. A company has a
serverless application that includes an
Amazon API gateway API, an AWS Lambda
function, and an Amazon Dynamob
database. Which AWS service can the
company use to trace user request as
they move through the applications
components? And we have four options.
Option A, AWS cloud trial. Option B,
Amazon Cloudatch. Option C, Amazon
Inspector. And option D, AWS X-Ray.
So the right answer here is option D,
AWS X-ray.
AWS X-ray. It provides a complete view
of requests as they travel through your
application and filters visual data
across payloads, functions, traces,
services, APIs, and more with no code
and low code motions.
Question number 393. A company needs to
set up a pabyte scale data warehouse in
the AWS cloud. Which AWS service will
beat this requirement? And we have four
options. Option Amazon Dynamob, option B
Amazon RDS, option C, Amazon Red Shift.
And option D, Amazon Elastic.
So the right answer here is option C,
Amazon Red Shift.
Amazon Redshift is a fast, fully managed
pabyte scale data warehouse service that
makes it simple and cost effective to
efficiently analyze all your data using
your existing business intelligent
tools.
Question number 394. What are the
immediate advantages of AWS cloud
computing? Select two. And we have five
options. Option A, increased IT staff.
Option B, capital expenses are replaced
with variable expenses. Option C, user
control of infrastructure. Option D,
increased agility. Option B, AWS holds
responsibility for security in the
cloud.
So the right answer here is option B
capital expenses are replaced with
variable expenses
and option D increased agility.
Question number 395. The following are
the economical advantage of using AWS.
Choose two. And we have five options.
Option A reduced total cost of
ownership. Option B increased capital
expenditure. Option C reduced
operational expenditure. Option D
deferred payment plans for startups.
Option E business credit lines for
startups.
So the right answer here is option A
reduced total cost of ownership.
Option C reduced operational
expenditure.
Question number 396,
which AWS services always provided at no
charge? And we have four options. Option
A, Amazon S3, option B, AWS identity and
access management. Option C, elastic
load balances. Option D, AWS WF.
So the right answer here is option B AWS
identity and access management.
You can interact with IM through the
web- based IM console, the AWS command
line interface or the AWS API or SDKs.
IM is offered at no additional charge.
Question number 397.
Which acts exemplify excellent practices
for AWS IM use? Select two. And we have
five options. Option A, configure a
strong password policy. Option B, share
the security credentials among users of
AWS accounts who are in the same region.
Option C, use access keys to log to the
AWS management console. Option D, rotate
access keys on a regular basis. And
option E, avoid using IM roles to
delegate permissions.
So the right answer here is option A,
configure a strong password policy.
And option D, rotate access keys on a
regular basis.
Question number 398. A business want to
establish templates that it may reuse
when deploying numerous AWS resources.
Which Amazon Web Services offerings or
functionality can the business employ to
achieve this requirement? And we have
four options. Option A, AWS Marketplace,
option B, Amazon machine image. Option C
AWS cloud formation and option D AWS ops
works.
So the right answer here is option C AWS
cloud formation.
So after you have your stacks and
resources set up, you can reuse your
templates to replicate your
infrastructure in multiple environments.
So AWS cloud formation simplifies
provisioning and management on AWS. You
can create templates for the service or
applications architectures you want and
have AWS cloud formation. Use those
templates for quick and reliable
provision of the services or
applications. You can also easily update
or replicate the stacks as needed.
Question number 399. How can a business
use AWS to lower its total cost of
ownership TCO? And we have four options.
Option A by minimizing large capital
expenditures. Option B by having no
responsibility for third party license
cost. Option C by having no operational
expenditure. Option D by having AWS
manage applications.
So the right answer here is option A by
minimizing large capital expenditures.
AWS helps you reduce total cost of
ownership by reducing the need to invest
in large capital expenditures and
providing a pay as you go model that
empowers you to invest in the capacity
you need and use it only when the
business requires it.
Question number 400. A business website
is hosted on Amazon EC2 instance. The
firm must guarantee that the website is
accessible to a worldwide audience and
has a low latency for visitors. Which
Amazon Web Services offering should the
business employ to achieve these
requirements? And we have four options.
Option A, Amazon Route 53, option B
Amazon CloudFront, option C elastic load
balancing. And option D AWS Lambda.
So the right answer here is option B.
Amazon CloudFront.
CloudFront users can secure access to
their websites and enable fast access
worldwide.
Question number 401. A business employs
Amazon EC2 infrastructure to host
steadyst state workloads and is looking
to save money. Which pricing model for
EC2 instances should the business
choose? And we have four options. Option
A reserved instances, option B on demand
instances, option C spot instances, and
option Dedicated hosts.
So the right answer here is option A
reserved instances.
Amazon reserved instances are a great
way to save money on AWS. Whether you're
looking to save on EC2, RDS, Elastic
Aachi, Elastic Search, or Red Shift,
there are options to save 30 to 70%
compared to on demand costs.
Question number 402.
Which actions should a user take if he
or she detects a hacked AWS account?
Make a selection of at least two. And we
have five options. Option A, remove any
multiffactor authentication MFA tokens.
Option B, rotate and delete all AWS
access keys. Option C, move resources to
a different AWS region. Option D, delete
AWS cloud trail resources. And option E,
contact AWS support.
So the right answer here is option B,
rotate and delete all AWS access keys
and option E, contact AWS support.
Question number 403. Which job in
accordance with the AWS share
responsibility model is AWS duty for
workloads operating on Amazon EC2?
And we have four options. Option A
updating the physical hardware. Option B
updating the operating system. Option C
updating the database engine. and option
D updating the user data.
So the right answer here is option A
updating the physical hardware.
Question number 404. How can AWS most
effectively cut a rising start computing
costs? And we have four options. Option
A, it provides ondemand resources for
peak usage. Option B, it automates the
provision of individual developer
environments. Option C, it automates
customers relationship management.
Option D, it implements a fixed monthly
compute budget.
So the right answer here is option A. It
provides on demand resources for peak
usage.
So you can continue to optimize your
spend and keep your development cost low
by making sure you re revisit your
architecture often to adjust your
startup growth. Manage your cost further
by leveraging different options such as
S3 CloudFront for catching and
offloading to reduce cost of EC2
computing as well as elastic load
balancing which prepares you for a
massive scale, high reliability and
under uninterrupted growth. Another way
to keep cost down is to use AWS identity
and access management solutions to
manage governance of your cost drivers
effectively and by the right teams.
Question number 405. Which service
manages objects by storing them,
providing realtime access to them and
managing their versions and life cycles?
And we have four options. Option A,
Amazon Glacier. Option B, AWS storage
gateway. Option C, Amazon S3. And option
D, Amazon EBS.
So the right answer here is option C,
Amazon S3.
Question number 406, which Amazon Web
Services service may be used to securely
store and manage source code versions?
And we have four options. Option A, AWS
code build. Option B, AWS code commit.
Option C, AWS code pipeline. And option
D, AWS code start.
So the right answer here is option B,
AWS code commit.
So AWS Code Commit is a version control
service hosted by Amazon Web Services
that you can use to privately store and
manage assets such as documents, source
code, and binary files in the cloud.
Question number 407, which tool may be
used to track planned AWS infrastructure
changes?
And we have four options. Option A, AWS
personal health dashboard. Option B, AWS
trusted advisor. Option C, billing
dashboard. And option D, AWS config.
So the right answer here is option D,
AWS config.
So, Amazon Web Services introduced AWS
config in 2014 to help users of their
service track changes to the
configuration of EC2 instances and other
AWS resources. These offering was
further enhanced in following years with
the introduction of AWS config rules.
Question number 408. A company needs to
design an AWS disaster recovery plan to
cover multiple geographic areas. Which
action will meet this requirement? And
we have four options. Option A,
configure multiple AWS accounts. Option
B, configure the architecture across
multiple availability jones in an AWS
region. Option C, configure the
architecture across multiple AWS
regions.
Option D, configure the architecture
among many edge locations.
So the right answer here is option C,
configure the architecture across
multiple AWS regions.
Question number 409. Which of the
following are AWS security recommended
practices for managing an AWS account? A
root user using AWS identity and access
management.
And we have five options. Option A, set
up multiffactor authentication for the
root user. Option B, remove all IM
policies for the root user. Option C,
delete the root user access keys. Option
D, use the root user for daily tasks.
Option E, assign a readonly access
policy to the root user.
So the right answer here is option A,
set up multiffactor authentication for
the root user.
And option C, delete the root user
access keys.
For increased security, we recommend
that you configure multiffactor
authentication to help protect your AWS
resources.
You should never have access keys for
your root user. You should delete or
deactivate them immediately. The reason
for this is access keys cannot have an F
MFA device linked to them. So if you
were to accidentally leave them
somewhere public like a GitHub
repository
then anyone with them can immediately
use them?
Question number 410. Which AWS support
package is the least costly and gives 24
hours access to AWS customer care and
communities?
And we have four options. Option A, AWS
enterprise support. Option B, AWS
business support. Option C, AWS
developer support. And option D, AWS
basic support.
So the right answer here is option D,
AWS basic support.
Basic support is included for all AWS
customers and includes customer service
and communities 24 into7 access to
customer service documentation white
papers and AWS repost. AWS trusted
advisor access to core trusted advisor
checks and guidance to provision your
resources following best practices to
increase performance and improve
security.
Question number 411. A firm that does
business online must supply new
capabilities rapidly and interactively
decrease time to market. Which AWS cloud
function is capable of doing this? And
we have four options. Option A,
elasticity.
Option B high availability. Option C
agility. And option D reliability.
So the right answer here is option C.
Agility.
Agility is the ability to react quickly
in cloud. It takes a minute or two to
create a virtual machine that is up and
running. On the other hands, it takes
days or weeks when we submit a request
to purchase a physical server and by
when it gets delivered.
Question number 412. A business has a
concentrated group of users with
significant file storage needs that
outstrips the available capacity on
premises. Organizations organization
wishes to expand its file storage
capabilities for this group file
maintaining and performing advantage
associated with local content sharing.
Which AWS option is the most
operationally effective in this
scenario?
We have four options. Option A, create
an Amazon S3 bucket for each user. Mount
each bucket by using S3 file system
mounting utility.
Option B, configure and deploy an AWS
storage gateway file gateway. Connect
each user's workstation to the file
gateway. Option C, move each users's
working environment to Amazon Workspace.
Set up an Amazon work docs account for
each user. Option D, deploy an Amazon
EC2 instance and attach an Amazon
elastic block store provisioned IOPS
value. share the EBS volume directly
with the users.
So the right answer here is option B.
Configure and deploy an AWS storage
gateway live gateway file gateway.
Connect each each user workstation to
the file gateway.
Question number 430. Which AWS feature
enables a business to use consumption
levels across different members
accounts?
And we have four options. Option A,
service control policies. Option B,
consolidated billing. Option C, all
upfront reserved instances. And option
D, AWS cost explorer.
So the right answer here is option B,
consolidated billing.
Monthly consolidated invoicing
and chargeback reporting. Each month you
receive a single consolidated invoice
for your previous month's AWS
consumption across all linked accounts
summarized by AWS service.
Question number 414. To utilize the AWS
CLI, users must produce the following.
And we have four options. Option A, a
password policy. Option B, an access
secret key. Option C, a managed policy.
Or option D, an API key.
So the right answer here is option B, an
access secret key.
To use the CLI, one must generate a
manage policy. To access it, one must
use the secret access key.
Question number 415.
Which of the following is a benefit of
moving from an on- premises data center
to the AWS cloud?
And we have four options. Option A,
compute instances can be launched and
terminated as needed to optimize costs.
Option B, compute cost can be viewed in
the AWS building and cost management
console. Option C, users retain full
administrative access to their compute
instances.
Option D, users can optimize cost by
permanently running enough instances at
peak load.
So the right answer here is option A.
Compute instances can be launched and
terminated as needed to optimize cost.
Question number 460. Which AWS service
monitors AWS accounts for security
threats? And we have four options.
Option A, Amazon Car Duty. Option B, AWS
Secrets Manager. Option C, Amazon
Cognito. and option D AWS certificate
manager.
So the right answer here is option A AWS
guard duty.
Amazon Guard Duty is a threat detection
service that continuously monitors your
AWS accounts and workloads for malicious
activity and delivers detailed security
findings for visibility and remediation.
Question number 470.
Which AWS solution enables customers to
extend AWS infrastructure, AWS services,
APIs and tools to data centers,
collocation settings or on premises
facilities through a hybrid
architecture.
And we have four options. Option AWS no
mobile, option B AWS local Jones, option
C AWS outposts. And option D AWS
Fargate.
So the right answer here is option C AWS
outposts.
With AWS outpost, you can run some AWS
services locally and connect to a broad
range of services available in your in
the local AWS region. Run applications
and workloads on premises using familiar
AWS services, tools, and APIs. Outpost
supports workloads and devices requiring
low latency access to on-remises
systems, local data processing, data
residency and application migration with
local system interdependencies.
Question number 418. Which service
allows consumers to audit a AW API
calls? And we have four options. Option
A, AWS cloud trial. Option B, AWS
Trusted Advisor. Option C, AWS
Inspector. And option D, AWS X-Ray.
So the right answer here is option A,
AWS cloud trial.
Cloud trial is a service offered by AWS
that captures a log a log of all API
calls for AWS accounts and its services.
Cloud trial enables continuous
monitoring and post incident forensic
investigations of AWS by providing an
audit trail of all activities across an
AWS infrastructure.
All cloud trial log files are get stored
in a dedicated S3 bucket.
Question number 419. Which AWS service
would be utilized to manage AWS access
across numerous accounts in a
centralized fashion? And we have four
options. Option A, AWS service catalog.
Option B, AWS config. Option C, AWS
trusted advisor. And option D, AWS
organizations.
So the right answer here is option D AWS
organization.
To improve control over your AWS
environment, you can use AWS
organization to create groups of
accounts and then attach policies to a
group to ensure the correct policies are
applied across the accounts without
requiring custom scripts and manual
processes.
Question number 420.
Which benefit is included with an AWS
enterprise support plan? And we have
four options. Option A, AWS partner
network support at no cost. Option B,
designated support from an AWS technical
account manager. Option C, on-site
support from AWS engineers. Option D,
AWS managed compliance as code with AWS
config.
So the right answer here is option B,
designated support from an AWS technical
account manager.
Question number 421,
which task does AWS perform
automatically?
And we have four options. Option A,
encrypt data that is stored in Amazon
Dynamo DP. Option B, patch Amazon EC2
instances. Option C, encrypt user
network traffic. Option D, create TLS
certificates for users websites.
So the right answer here is option A,
encrypt data that is stored in Amazon
Dynamo DB.
All users data stored in Amazon Dynamob
is fully encrypted at rest. DynamoB
encryption at rest provides enhanced
security by encrypting all your data at
rest using encryption keys stored in AWS
key management service.
Question number 422.
Which Amazon Web offerings service
provides computational capabilities?
Select two and we have five options.
Amazon EC2, Amazon S3, Amazon Elastic
Block Store, Amazon Cognto or AWS
Lambda.
So the right answer here is option A,
Amazon EC2 and option E AWS Lambda.
Question number 423. Which opportunities
does AWS provide for client interested
in learning about cloud security in an
instructor-led training? Selected and we
have five options. AWS trusted advisor,
AWS online tech talks, AWS blog, AWS
forums and AWS classroom training.
So the right answers are option B AWS
online tech talks and option E AS
classroom training.
So AWS online tech talks cover a range
of topics and expertise levels and
feature technical deep dives,
demonstrations, customer examples and
live question and answers with AWS
experts.
Question number 424.
A business wishes to launch a worldwide
commercial application using Amazon
Elastic Cloud Compute Cloud Amazon EC2.
The deployment solution should be
constructed with the greatest degree of
redundancy and fall tolerance possible.
According to this scenario, the
following Amazon EC2 instances should be
deployed. And we have four options.
Option A in a single availability zone
in one AWS region. Option B with
multiple elastic network interfaces
belonging to different subnets. Option C
across multiple availability jones in
one AWS region. Option D across multiple
availability jones in two AWS regions.
So the right answer here is option D
across multiple availability jones in
two AWS regions.
Question number 425.
Which tool is used suited for
integrating the billing of previously
distinct AWS accounts? And we have four
options. Option A detailed billing
report. Option B, consolidated building,
option C, AWS cost and usage report and
option D cost allocation report.
So the right answer here is option B
consolidated billing.
So consolidated billing has the
following benefits. One bill, easy
tracking, combined usage, no extra fee.
Question number 426.
Which AWS service or tool can a company
use to visualize, understand and manage
AWS spending and usage over time? And we
have four options. Option A, AWS Trusted
Advisor. Option B, Amazon Cloudatch.
Option C, Cost Explorer. Option D, AWS
budgets.
So the right answer here is option C,
cost explorer.
Question number 427,
how can deploying an application across
several availability jones benefit you?
And we have four options. Option A,
there is a lower risk of service failure
if a national disaster cause a service
disruption in a given AWS region. Option
B, application will have higher
availability because it can withstand a
service disruption in one availability
zone. Option C, there will be better
coverage as availability jones are
geographically distant and can serve a
wider area. Option D, there will be
decreased application latency that will
improve the user experience.
So the right answer here is option B.
The application will have higher
availability because it can withstand a
service disruption in one availability
jone.
Question number 428.
Which of the following enable AWS
customers to control billing expense
allocation? And we have four options.
Option A, tagging resources.
Option B, limiting who can create
resources. Option C, adding a secondary
payment method. And option D running all
operations on a single AWS account.
So the right answer here is option A,
tagging resources.
AWS tags allow you to define a tag like
billing service or team or cost center
and then apply that to as many AWS
resources as needed. You are able to
apply each tag to more than one resource
and you are able to apply up to 50 tags
to each resource. At the end of each
billing period, AWS generates a
commaepparated value document.
Question number 429. A business is
developing an application that will be
hosted in a single AWS region and will
serve end customers located around the
globe. The firm wishes to give low
latency access to application data to
end users. Which of the following
services will assist you in achieving
your goal? And we have four options.
Option A, Amazon CloudFront. Option B,
AWS Direct Connect. Option C, Amazon
Route 53 Global DNS. And option D,
Amazon Simple Storage Service Transform
Acceleration.
So the right answer here is option A.
Amazon CloudFront.
Amazon CloudFront features can be
customized for your specific application
requirements. Extend your custom code
across AWS locations worldwide, allowing
you to move even complex application
logic closer to your end users to
improve responsiveness.
Question number 430. The application of
a business has a variable start and
finish time. Which pricing option for
Amazon EC2 will be the most cost
effective? And we have four options.
Option A on demand instances. Option B
spot instances. Option C reserved
instances. And option D dedicated hosts.
So the right answer here is option B.
Spot instances.
Amazon EC2 spot instances allow you to
request spare Amazon EC2 computing
capacity for up to 90% of the ondemand
price.
Question number 431. A new application
is being developed by a business that
will save and retrieve millions of
photographs and movies. Which AWS
service or feature offers the cheapest
underlying storage? And we have four
options. Option A, Amazon EC2 instance
store, option B, Amazon Elastic Block
Store, option C, Amazon S3. And option
D, Amazon simple Q service.
So the right answer here is option C.
Amazon S3
Amazon S3 is cheapest for data storage
alone.
Question number 432. A business intend
to use the AWS cloud to host a huge
e-commerce application. The business
must have an architecture that
safeguards against network-based
security threats such as DDoS assaults.
Which Amazon Web offering AWS services
should the business employ to achieve
this requirement? Select two. And we
have five options. Option A, Amazon
Inspector. Option B, Amazon Guard Duty.
Option C, Amazon CloudFront. And option
D AWS Shield. and option E AWS identity
and access management.
The right answer here is option C,
Amazon CloudFront
and option D, AWS Shield.
AWSWF is a web application firewall that
can be deployed on CloudFront to help
protect your application against DOS
attacks by giving you control over which
traffic to allow or block by defining
security rules. AWS Shield is a managed
distributed denial of service production
service that safeguards applications
running on AWS.
Question number 433.
Which AWS service or functionality
enables the user to control application
traffic between regions? And we have
four options. Option A, Amazon AppStream
2.0. Option B, Amazon VPC. Option C
elastic load balancer. And option D,
Amazon Route 53.
So the right answer here is option D,
Amazon Route 53.
So, Amazon Route 53
geoproximity rooting policy.
Geoproximity rooting lets Amazon Route
53 root traffic to your resources based
on the geographic location of your users
and your resources.
Question number 434.
A company requires an isolated
environment within AWS for security
purposes. Which action can be taken to
accomplish this? And we have four
options. Option A, create a separate
availability zone to host the resources.
Option B, create a separate VPC to host
the resources. Option C, create a
placement group to host the resources.
and option D create an AWS direct
connect connection between the company
and AWS.
So the right answer here is option B
create a separate VPC to host the
resources.
Question number 435.
What expenses should be addressed when
comparing the total cost of ownership of
an on-remises infrastructure to a cloud
architecture? And we have five options.
Option A, the credit card processing
fees for application transaction in the
cloud. Option B, the cost of purchasing
and installing server hardware in the
onremises data. Option C, the cost of
administering the infrastructure
including operating system and software
installation,
patches, backups, and recovery from
failures. And option D, the cost of
third-party penetration testing. And
option E, the advertising cost
associated with an ongoing
enterprisewide campaign.
So the right answer here is option B,
the cost of purchasing and installing
server hardware in the on premises data.
An option C the cost of administering
the infrastructure including operating
system and software installation,
patches, backups and recovering from
failures.
Question number 436.
which service is an AWS managed Hadoop
framework that enables processing
massive volumes of data across
dynamically expandable Amazon EC2
instance. Simple, quick and cost
effective.
And we have four options. Option A,
Amazon EMR. Option B, Amazon EC2. Option
C, AWS Elastic Beantock. Option D,
Amazon Red Shift.
So the right answer here is option A.
Amazon EMR.
Amazon EMR. Amazon elastic map reduce
produces a managed Hadoop framework
using the elastic infrastructure of
Amazon EC2 and Amazon S3. It distributes
computation
of the data over multiple Amazon EC2
instances.
Question number 437.
What is the greatest place for a user to
get information and report on AWS
compliance? And we have four options.
Option A, AWS artifact. Option B, AWS
marketplace, option C, Amazon inspector.
And option D, AWS support.
So the right answer here is option A, A
as artifact.
AWS Artifact is your go-to central
resource for compliance related
information that matters to you. It
provides ondemand access to AWS security
and compliance reports and select online
agreements.
Question number 438. A business wishes
to be alerted when its AWS cloud
expenses or usage surpass certain
limits. Which Amazon Web Services
offering will meet these requirements?
And we have four options. Option A, AWS
budgets, option B, cost explorer, option
C, AWS cloud trial and option D, Amazon
Mackie.
So the right answer here is option A AWS
budgets.
AWS budgets allow you to set customer
budgets to track your cost and usage
from the simplest to the most complex
use cases. With AWS budgets, you can
choose to be alerted by email or SNS
notification when actual or forecasted
cost and usage exceeds your budget
threshold or when your actual RAI and
saving plans utilization or coverage
drops below your desired threshold.
Question number 439.
Which AWS service is a highly available
and scalable DNS web service? And we
have four options. Amazon VPC, Amazon
CloudFront, Amazon Route 53 or Amazon
Connect.
So the right answer here is option C,
Amazon Route 53.
Amazon Route 53 is a highly available
and scalable cloud domain name system
web service.
Question number 440. A business needs to
monitor changes to AWS resource
configurations for a compliance purpose.
Which Amazon Web Service functionality
may be utilized to fulfill these
requirements?
And we have four options. Option A, AWS
cost and usage report. Option B, AWS
organizations service control policies.
Option C, AWS config rules. And option
D, VPC flow logs.
So the right answer here is option C,
AWS config rules.
AWS configs lets you configure rules
that you would like your AWS resources
to fulfill and tracks to see whether the
resources compile with those rules.
Every time something is changed, config
records the change. It stores a snap of
the system at custom intervals set by
the user and even records how one AWS uh
resource relates to another.
Question number 441. A customer request
advice on potential cost reductions
associated with the migration from on
premises to AWS. Which tool is most
appropriate in this situation? And we
have four options. Option A, AWS
budgets. Option B cost explorer, option
C, AWS total cost of ownership
calculator. and option D AWS well
architected tool.
So the right answer here is option C AWS
total cost of ownership calculator.
The TCO calculator provides directional
guidance on possible realized
savings when deploying EWS. This tool is
built on an underlying
calculation model that generates a fair
assessment of value that a customer may
achieve given the data provided by the
user.
Question number 442.
Which AWS services are functionalities
enable customers to establish a network
connection between two virtual private
clouds VPCs? Select two. And we have
five options. Option A, VPC endpoints.
Option B, Amazon Route 53. Option C, VPC
pairing. Option D, AWS direct connect.
Option E, AWS transit gateway.
So the right answer here is option C VPC
pairing
and option E AWS transit gateway.
Question number 443.
Which of the following is the
recommended method for setting IM user
policies? And we have four options.
Option A, start with a large set of
permissions and remove the permissions
that are not required. Option B, use
only Amazon managed policies. Option C,
start with the minimum set of
permissions and grant additional
permissions as necessary. Option D,
attach policies directly to each user
individually.
So the right answer here is option C.
Start with minimum set of permissions
and grant additional permissions as
necessary.
Question number 444.
How can consolidated billing benefit a
business with many AWS accounts?
And we have four options. Option A, it
aggregates usage across accounts so that
the company can reach volume discount
thresholds sooner. Option B, it offers
an additional 5% discount on purchases
of all upfront reserved instances.
Option C, it provides a simplified
billing invoice that the company can
process more quickly than a standard
invoice. Option D, it gives AWS
resellers the ability to bill their
customers for usage.
So the right answer here is option A. It
aggregates usage across accounts so that
the company can reach volume discount
thresholds sooner.
Using consolidated billing, you can
combine usage from multiple accounts
into a single invoice, allowing you to
reach the tires with lower prices
faster. You can also apply unused
reservations from one account to another
account's instant usage.
Question number 445.
Which of the following is an AWS best
practice for managing an AWS account
root user? And we have four options.
Option A, keep the root user password
with the security team. Option B, enable
multiffactor authentication for the root
user. Option C, create an access key for
the root user. And option D, keep the
root user password consistent for
compliance purposes.
So the right answer here is option B,
enable multiffactor authentication for
the root user.
AWS recommends enabling multiffactor
authentication for the root user of an
AWS account to provide an additional
layer of security. MFA requires the use
of a second form of authentication such
as one-time code generated by an
authentication app or a hardware token
in addition to a password. This makes it
much harder for an attacker to gain
access to the root user account even if
they have obtained the password.
Question number 446.
AWS pay as you go pricing model. And we
have four options. Option A reduces
capital expenditures. Option B requires
payment upfront for AWS services. Option
C is relevant only for Amazon EC2,
Amazon S3 and Amazon RDS. Option D
reduces operational expenditures.
So the right answer here is option A
reduce capital expenditures.
AWS helps you reduce total cost of
ownership by reducing the need to invest
in large capital in expenditures and
providing a pay as you go model that
empowers you to invest in the capacity
you need and use it only when the
business requires it.
Question number 447.
What AWS feature relates to a customer's
flexibility to scale up and down
applications to meet changeable demand?
And we have four options. Elasticity,
agility, security, scalability.
So the right answer here is option D,
scalability.
The ability to increase the size of the
workload either software or hardware in
your existing infrastructure and at the
same time making sure that the
performance is not impacted is known as
scalability in AWS.
Question number 448. A company wants to
improve its security and audit posture
by limiting Amazon EC2 inbound access.
What should the company use to access
instances remotely instead of opening
inbound SSH ports and managing SSH keys?
And we have four options. Option A, EC2
key pairs. Option B, AWS systems manager
sessions manager. Option C, AWS identity
and access management. Option D, network
ACL.
So the right answer here is option B AWS
systems manager session manager.
So AWS systems manager session manager
is a new interactive shell and CLI that
helps to provide secure access
controlled and audit Windows and Linux
AC2 instance management. Session manager
removes the need to open inbound ports,
manage SSH keys, or use bastion hosts.
Question number 449.
After selecting an Amazon EC2 dedicated
host reservation, which pricing option
would provide the largest discount?
And we have four options. Option A, no
upfront payment. Option B, hourly on
demand payment. Option C, partially
upfront payment. And option D, all
upfront payment.
So the right answer here is option D,
all upfront payment.
So you can choose between three payment
options when you purchase a standard or
convertible reserved instances. With all
upfront option, you pay for the entire
reserved instances term with one upfront
payment. These option provides you with
the largest discount compared to
ondemand instance pricing.
Question number 450.
Which AWS cloud feature enables resource
supply to be matched to changing
workload demands? And we have four
options. Security, reliability,
elasticity,
and high availability.
So the right answer here is option C.
Elasticity
in AWS. The process of getting the
resource dynamically when you actually
require them and then release the
resources when you are done and do not
need them is known as elasticity.
Question number 451. A business has
chosen to shift its production workloads
to the Amazon web service AWS cloud.
Which activities may assist in lowering
operating expenses associated with the
migration? Select two. And we have five
options. Option A, reduce
overprovisioned instances. Option B,
rehost all third-party licenses on AWS.
Option C, implement a highly available
architecture. Option D, use managed
services. Or option E, improve
application security.
So the right answer here is option A,
reduce overprovisioned instances and
option D, use managed services.
Question number 452.
A business want to provide a single user
complete access to an Amazon S3 bucket.
Which element in the S3 bucket policy
contains information about the users who
need access to the S3 bucket? And we
have four options. Option A, principle,
action, resource, statement.
So the right answer here is option A
principle.
The account or user who is allowed
access to the actions and resources in
the statement. In a bucket policy, the
principal is the user, account, service
or other entity that is the recipient of
of these permission.
Question number 453.
Which Amazon Web Services solution
enables clients to acquire unused Amazon
EC2 capacity at often reduced prices?
And we have four options. Reserved
instances, ondemand instances, dedicated
instances, or spot instances.
So the right answer here is option D.
Spot instances.
Spot instance is a standard AWS E2
instance that is available for less than
ondemand price due to spare EC2 capacity
by requesting unused EC2 instances at a
discounted price.
Question number 454.
How does the AWS global infrastructure
offer high availability and fault
tolerance to its users?
And we have four options. Option A. The
AWS infrastructure is made up of
multiple AWS regions within various
availability zones located in areas that
have low flood risk and are
interconnected with low latency networks
and interendent power supplies. Option
B, the AWS infrastructure consists of
subnets containing various availability
jones with multiple data centers located
in the same geographic location.
Option C, AWS allows user to choose AWS
regions and data centers so that users
can select the closest data centers in
different regions. And option D, the AWS
infrastructure consists of isolated AWS
regions with interdependent availability
jones that are connected with low
latency networking and redundant power
supplies.
So the right answer here is option D.
The AWS infrastructure consist of
isolated AWS regions with interdependent
availability jones that are connected
with low latency networking and
redundant power supplies.
Question number 455.
Which of the following procedures should
a client perform while doing penetration
testing on Amazon Web Services?
And we have four options. Option A,
conduct penetration testing using Amazon
inspector and then notify AWS support.
Option B, request and wait for approval
from the customer's internal security
team and then conduct testing.
Option C, notify AWS support and then
conduct testing immediately.
Option D, request and wait for approval
from AWS support and then conduct
testing.
So the right answer here is option B,
request and wait for approval from the
customer's internal security team and
then conduct testing.
Question number 456.
Which service would be reasonable for
network connection in a hybrid design
that incorporates Amazon Web Services?
And we have four options. Option A,
Amazon VPC. Option B, AWS Direct
Connect. Option C, AWS Directory
Service. And the last option Amazon API
gateway.
So the right answer here is option B AWS
direct connect.
So hybrid network connection these
component refers to the connection from
the on premises networking edge device
to the AWS cloud.
It can be physically connect connection
such as AWS direct connect or an overlay
connection such as side to side VPN.
Question number 457.
What is the name given to the several
separate sites inside an AWS region that
are linked by low latency networks?
And we have four options. AWS direct
connects, Amazon VPCs, edge locations,
availability jones.
So the right answer here is option D.
Availability jones.
Availability jones are interconnected
within a region for low latency.
Question number 458.
Which of the following AWS services can
be utilized to efficiently deliver big
volume of online video content? Select
two. And we have five options. Option
AWS storage gateway. Option B Amazon S3.
Option C Amazon Elastic File System. And
option D Amazon Glacier. Option E,
Amazon CloudFront.
So the right answer here is option B,
Amazon S3 and option E, Amazon
CloudFront.
So Amazon CloudFront is configured with
the destination S3 bucket as the origin
for global distribution of the
transcoded video content.
Question number 459.
Which Amazon EC2 price option is
appropriate for applications that need
intermittent spiky or unexpected
workloads?
And we have four options. SWAT
instances, dedicated host, on demand
instances or reserved instances.
So the right answer here is option C on
demand instances.
So on demand instances are recommended
for users that prefer the low cost and
flexibility of Amazon EC2 without any
upfront payment or long-term commitment.
Applications with short-term spiky or
unpredictable workloads that cannot be
interpreted.
Interrupted applications being developed
are tested on Amazon EC2 for the first
time.
Question number 460. A user is able to
set up a master payer account to view
consolidated billing reports through.
And we have four options. Option A as
budgets, Amazon Mackie, Amazon Quicksite
and option D AWS organizations.
So the right answer here is option D AWS
organizations.
So AWS organizations you can track the
charges across multiple accounts and
download the combined cost and usage
data.
Question number 461.
Which of the following is a duty of the
client under the AWS share
responsibility model?
And we have four options. Option A
virtualization infrastructure. Option B
network infrastructure.
Option C application security. Option D
physical security of hardware.
So the right answer here is option C
application security.
So customers retain control of what
security they choose to implement to
protect their own content platform,
applications, systems and networks.
Question number 462.
Which Amazon Web Services service can be
used to monitor illegal API calls? And
we have four options. AWS config, AWS
cloud trial, AWS trusted advisor, Amazon
inspector.
So the right answer here is option B.
AWS cloud trail.
AWS Cloud Trail allows AWS customers to
record API calls, sending log files to
Amazon S3 bucket for storage. The
service provides API activity data
including the identity of an API caller,
the time of an API call, the source of
the IP address of of an API caller, the
request parameters, and the response
elements returned by the AWS service.
Question number 463.
An e-commerce firm predicts a
significant rise in online traffic in
the run-up to two very popular shopping
holidays. Which AWS service or
functionality enables dynamic resource
adjustments in response to this charge
in demand? And we have four options.
Option A, AWS cloud trial, option B,
Amazon EC2 autoscaling.
Option C, Amazon forecast or option D
AWS config.
So the right answer here is option B,
Amazon EC2 autoscaling.
Amazon EC2 autoscaling use predictive
scaling to increase the number of EC2
instances in your autoscaling group in
advance of daily and weekly patterns in
traffic flows.
Question number 464.
Which strategy contributes to the cost
optimization of consumers migrating to
the AWS cloud? And we have four options.
Option A, paying only for what is used.
Option B, purchasing hardware before it
is needed. Option C, manually
provisioning cloud resources. Option D,
purchasing for the maximum possible
load.
So the right answer here is option A,
paying only for what is used.
With AWS, you only pay for what use,
helping your organizations remain agile,
responsive, and always able to meet
scale demands.
Question number 465.
According to the AWS shared
responsibility model, which task is the
customer's responsibility?
And we have four options. Option A,
maintaining the infrastructure needed to
run AWS Lambda? Option B, updating the
operating system of Amazon Dynamob
instances.
Option C, maintaining Amazon S3
infrastructure.
Option D, updating the guest operating
system on Amazon EC2 instances.
So the right answer here is option D,
updating the guest operating system on
Amazon EC2 instances.
Question number 466.
Which design principle is achieved by
following the reliability pillar of the
AWS well architected framework? And we
have four options. Option A vertical
scaling. Option B manual failure
recovery. Option C testing recovery
procedures. Option D changing
infrastructure manually.
So the right answer here is option C
testing recovery procedures.
Question number 467,
what enables a business to give a low
latency experience to its worldwide
users? And we have four options. Option
A, using an AWS region that is central
to all users. Option B, using a second
availability zone in the AWS region that
is being used. Option C, enabling
catching in the AWS region that is being
used. Option D, using edge locations to
put content closer to all users.
So the right answer here is option D,
using edge locations to put content
closer to all users.
The edge location is physically much
closer to the user than the origin
server. It has lower latency.
Question number 468.
A business has optimized its workloads
by using certain AWS services in order
to increase efficiency and minimize
costs. Which cost management best
practice does this case demonstrate?
And we have four options. Resource
controls, cost allocation, architecture
optimization, tagging enforcement.
So the right answer here is option C.
Architecture optimization.
Architecture optimization focuses on the
need to continually refine workloads to
be more cost cautious to create better
architected systems.
Question number 469.
Which feature of cloud computing can AWS
exhibit via its capacity to provide
reduced variable prices as a consequence
of big purchase volumes?
And we have four options. Option A pico
pricing, option B high availability.
Option C, global reach. Option D,
economies of scale.
So the right answer here is option D.
Economies of scale.
The economies of scale effect occurs
because cost can now be spread over a
large number of customers. The
infrastructures become cheaper, prices
can be reduced and new customers benefit
from the lower prices.
Question number 470. A customer with an
AWS basic support subscription has
discovered that their AWS resources are
being used for unauthorized purposes.
What is the preferred mechanism for the
user to notify AWS of the activity?
And we have four options. Option A,
contact the AWS consarch support team.
Option B, contact an AWS technical
account manager. Option C, contact the
AWS abuse team. Or option D, contact the
AWS support team.
So the right answer here is option C,
contact the AWS abuse team.
So if you suspect the AWS resources are
used for abusive purposes, contact the
AWS abuse team using the report Amazon
AWS abuse form or by contacting abuse at
amazons.com.
Provide all the necessary information
including logs in plain text, email
headers and so on when you submit your
request.
Question number 471.
Which AWS service should a business use
to check the compliance of AWS resource
settings on a continual basis?
And we have four options. Option A, AWS
organizations, option B AWS config,
option C AWS artifact and option D AWS
service catalog.
So the right answer here is option B AWS
config.
So AWS config is a service that enables
you to access, audit and evaluate the
configurations of your AWS resources.
Config continuously monitors and records
your AWS resource configurations and
allows you to automate the evaluation of
recorded configurations against desired
configurations. With config, you can
review changes in configurations and
relationships between AWS resources,
dive into detailed resources
configuration histories, and determine
your overall compliance against the
configurations specified in your
internal guidelines. These enables you
to specify compliance auditing, security
analysis, change management, and
operational troubleshooting.
Question number 472,
which AWS cloud feature relieves
customers of the requirement to estimate
future infrastructure consumption?
And we have four options. Option A, easy
and fast deployment of applications in
multiple regions around the world.
Option B, security of the AWS cloud.
Option C, elasticity of the AWS cloud.
Option D, lower variable cost due to
massive economies of scale.
So the right answer here is option C,
elasticity of the AWS cloud.
So implement elasticity when identifying
the workloads that have variable load.
Identify if the increase in demand can
met by automatic scaling or if it needs
to be in place before.
Question number 473.
A user needs to quickly deploy a non-
relational database on AWS. The user
does not want to manage the underlying
hardware or the database software. Which
AWS service can be used to accomplish
these?
And we have four options. Amazon RDS,
Amazon Dynamo DB, Amazon Aurora and
Amazon Redshift.
So the right answer here is option B.
Amazon Dynamo DB.
Amazon Dynamo DB is a fully managed
serverless key value NoSQL database
designed to run high performance
applications at any scale. DynamoB
offers built-in security, continuous
backups, automated multi-reion
replication, in-memory caching and data
import and export tools.
Question number 474.
Which pattern is suggested for creating
an AWS highly available architecture?
And we have four options. Option A,
ensure that components have low latency
network connectivity. Option B, run
enough Amazon EC2 instances to operate
at peak load. Option C, ensure that the
application is designed to accommodate
failure of any single component. Option
D, use a monolithic application that
handles all operations.
So the right answer here is option C.
Ensure that the application is designed
to accommodate failure of any single
component.
Amazon Web Services provide services and
infrastructures to build reliable fall
tolerance and highly available systems
in the cloud. Fall tolerance defines the
ability for a system to remain in
operation even if some of the components
used to build the system fail.
Question number 475.
Which task is an AWS responsibility when
a workload is running in Amazon RDS? And
we have four options. Option A, creating
the database table. Option B, updating
the database schema. Option C,
installing the database engine. Option
D, dropping the database records.
So the right answer here is option C,
installing the database engine.
Question number 476. A business is
contemplating
migrating its on-remises data center to
Amazon Web Services. What aspects should
a total cost of ownership study
consider? Select two. And we have five
options. Option A, Amazon EC2 instance
availability. Option B, power
consumption of the data center. Option
C, labor cost to replace old servers.
Option D, application developer time.
Option E, database engine capacity.
So the right answer here is option B,
power consumption of the data center
and option C, labor cost to replace old
servers.
The total cost of ownership is an
analysis that looks at the hidden cost
beyond price and places a single value
on the complete like cycle of a capital
purchase. These value includes every
phase of ownership, acquisition,
operation and other software cost of
change management that flows down from
acquisition such as documentation and
training.
Question number 477.
A business currently operates an on-
premises Microsoft SQL Server instance
and is transferring its application to
AWS. Although the firm lacks the
resources necessary to modify the
program, management wants to cut
operation cost as part of the move. So
which database service is most capable
of meeting these requirements? And we
have four options. Amazon Dynamob,
Amazon Red Shift, Microsoft SQL Server
on Amazon EC2, Amazon RDS for SQL
Server.
So the right answer here is option D.
Amazon RDS for SQL Server.
So with Amazon RDS, your database
operations are managed by AWS, leaving
your team free to focus on innovation.
Amazon RDS handles instant failover,
data backups, software updates,
so you can enjoy the efficiencies of the
AWS cloud for a fast and reliable
database option.
Question number 478.
A development team wants to publish and
manage web services that provide REST
APIs. Which AWS service will meet this
requirement?
And we have four options. AWS App Mesh,
Amazon API Gateway, Amazon Cloudfront,
AWS Cloud Map.
So the right answer here is option B.
Amazon API Gateway.
Amazon API Gateway is a fully managed
service that makes it easy for
developers to create, publish, maintain,
monitor, and secure APIs at any scale.
Question number 479.
What is an example of AWS cloud agility?
And we have four options. Option A,
access to multiple instance types.
Option B, access to managed services.
Option C, using consolidated building to
produce one bill. Option D, decreased
acquisition time for new compute
resources.
So the right answer here is option D,
decreased acquisition time for new
compute resources.
Agility is the ability to react quickly
in cloud. It takes a minute or two to
create a virtual machine that is up and
running.
Question number 480.
What are the advantages of using loose
coupling as a design parading for cloud
architectures?
And we have four options. Option A, it
facilitates low latency request
handling. Option B, it allows
applications to have dependent
workflows.
Option C, it prevents cascading failures
between different components. Option D,
it allows companies to focus on their
physical data center operations.
So the right answer here is option C. It
prevents cascading failures between
different components.
Loose coupling. A change or a failure in
one component should not cascade to
other components.
Question number 481. A business operates
a website that is hosted on AWS and is
protected by an application load
balancer. The business wishes to protect
its website against SQL injection and
cross-sight scripting. Which Amazon Web
Services service should the business
use? And we have four options. Option A,
Amazon Guard Duty,
AWSWF,
AWS Trusted Advisor, Amazon Inspector.
So the right answer here is option B.
AWS WF.
To protect your applications against SQL
injection and cross-ite scripting
attacks, use the built-in SQL injection
and cross-ite scripting engines.
Remember that attacks can be performed
on different parts of the HTTP request
such as the HTTP header, query string,
or URI. Configure the AWSWF rules to
inspect different parts of the HTTP
request against the built-in M
mitigation engines.
Question number 482.
An online retail company wants to
migrate its onremises workload to AWS.
The company needs to automatically
handle a seasonal workload increase in a
cost effective manner. Which AWS cloud
features will help the company meet this
requirement? Choose two. We have five
options. Option A, cross region workload
deployment. Option B, pay as you go
pricing. Option C, built-in AWS cloud
trial audit capabilities.
Option D, autoscaling policies. Option
E, centralized logging.
So the right answer here is option B,
pay as you go pricing.
And option D, autoscaling policies.
Question number 483.
A company's recently released
application is rapidly gaining
popularity. To enhance customer service,
the firm want to establish a phone
number that would enable it to handle
the growing amount of calls received by
its support employees. Which Amazon Web
Services offering should be utilized to
fulfill this requirement?
And we have four options. Option A,
Amazon Connect. Option B, Amazon
CloudFront. Option C, Amazon Direct
Connect. Option D, AWS Trusted Advisor.
So the right answer here is option A,
Amazon Connect.
Question number 484. A business want to
evaluate streaming user data and reply
in real time to consumer inquiries.
Which AWS service satisfies these
criteria?
And we have four options. Option A,
Amazon Quicksite.
Option B, Amazon Redshift. Amazon
Kinesis data analytics
and option D AWS data pipeline.
So the right answer here is option C
Amazon Kinesis data analytics.
Amazon Kinesis data streams is a
scalable and durable real-time data
streaming service that can continuously
capture gigabytes of data per second
from hundreds of thousands of sources.
Question number 485. Which of the
following is an example of a frequent IT
duty that AWS can do in order to free up
firm IT resources? Select two. And we
have five options. Option A, patching
database softwares.
Option B, testing application releases.
Option C, backing up databases. Option
D, creating database schema. Option E
running penetration tests.
So the right answer here is option A
patching database softwares
and option C backing up databases.
Patch manager a capability of AWS system
manager automates the process of
patching managed nodes with both
security related and other types of
updates. AWS backup automates and
consolidates backups task previously
performed service by service removing
the need to create custom scripts and
manual process.
Question number 486. Which AWS service
helps developers use loose coupling and
reliable messaging between
microservices?
And we have four options. Option A,
elastic load balancing. Option B, Amazon
simple notification service. Option C,
Amazon CloudFront. Option D, Amazon
simple Q service.
So the right answer here is option D,
Amazon simple Q service.
Amazon simple Q service is a managed
message queuing service. Technical
professional and developers used to
send, store and retrieve multiple
messages of various sizes as
synchronously.
Question number 487.
How should a web application be deployed
in the AWS cloud to guarantee high
availability?
And we have four options. Option A,
deploy multiple instances of the
application in multiple availability
jones. Option B, deploy multiple
instances of the application in a single
availability zone. Option C, deploy the
application to a compute optimized
Amazon EC2 instance in a single
availability zone. Option D, deploy the
application in one Amazon EC2 instance
in an auto scaling group.
So the right answer here is option A,
deploy multiple instances of the
application in multiple availability
zones.
So this is to achieve high availability
for any web application deployed in AWS.
The following features will be present.
High availability across multiple
instance. Multiple availability jones.
Autoscaling of instance based on the
number of requests coming in. Additional
security to the instance that is in
production. No impact to end users
during the newer version of code
deployment. No impact during patching
the instances.
Question number 488. A company needs to
implement identity management for a
fleet of mobile apps that are running in
the AWS cloud. Which AWS service will
meet this requirement?
And we have four options. Option A,
Amazon Cognitive. Option B, AWS Security
Hub. Option C, AWS Shield. Option D,
AWSWF.
So the right answer here is option A,
Amazon Cognto.
Amazon Cognto lets you add user signup,
sign in, and access control to your web
and mobile apps quickly and easily.
Question number 489. Which AWS service
or feature enables a business to track,
monitor and control its AWS expenses and
consumptions over time?
We have four options. Option A, AWS
budgets. Option B, AWS cost explorer.
Option C, AWS organizations. And option
D, consolidated billing.
So the right answer here is option B.
AWS cost explorer.
AWS cost explorer has an easy to use
interface that lets you visualize,
understand, and manage your AWS costs
and usage over time.
Question number 490. A huge corporation
has recruited a developer who requires
AWS credentials. Which security best
practices should be adhered to? Select
two. And we have five options. Option A,
grant the developer access to only the
AWS resources needed to perform the job.
Option B, share the AWS account root
user credentials with the developer.
Option C, add the developer to the
administrators group in AWS IM. Option
D, configure a password policy that
ensures the developer password cannot be
changed. And option E, ensure the
account password policy requires a
minimum length.
So the right answers are option A, grant
the developer access to only the AWS
resources needed to perform the job and
option E ensure the account password
policy requires a minimum length.
Question number 491. A business has 500
terbte image repository that has to be
moved to Amazon web services for
processing.
Which AWS service is the most cost
effective way to import this data? And
we have four options. Amazon AWS
Snowball, AWS Direct Connect, AWSVPN,
Amazon S3.
So the right answer here is option A.
AWS Snowball.
Snowball is a pabyte scale data
transport solution that uses secure
appliances to trans transfer large
amounts of data into and out of the AWS
cloud. Using Snowball addresses common
challenges with large scale data
transfers, including high network cost,
long transfer times, and security
concerns.
Question number 492.
What is an AWS cloud best practice in
terms of design?
And we have four options. Option A tight
coupling of components.
Option B single point of failure.
Option C high availability. Option D
overprovisioning of resources.
So the right answer here is option C,
high availability.
Question number 493. A workload hosted
on AWS will continue to operate
indefinitely by using a steady number of
Amazon EC2 instances.
Which pricing strategy will decrease
cost while assuring the availability of
computational resources?
And we have four options dedicated host
on demand instances, spot instances or
reserved instances.
So the right answer here is option D.
Reserved instances.
So reserved instances provide you with
significant savings on your Amazon EC2
cost compared to ondemand instance
pricing. Reserved instances are not
physical instances, but rather a billing
discount applied to the use of ondemand
instances in your account.
Question number 494. A company needs an
Amazon AC2 instance for a right-size
database server that must run constantly
for one year.
Which EC2 instance purchasing option
will meet this requirement most cost
effectively? And we have four options.
Standard reserved instances,
convertible reserved instances, on
demand instances or spot instance.
So the right answer here is option A,
standard reserved instance.
Standard reserved instances typically
provide the highest discount level. One
year standard reserved instances provide
a similar discount to three-year
convertible reserved instance.
Question number 495. A company has
multiple applications and is now
building a new multidar application. The
company will host the new application on
Amazon EC2 instances. The company wants
the network routting and traffic between
the various applications to follow the
security principle of least privilege.
Which AWS service or feature should the
company use to enforce this principle?
And we have four options. Option A,
security groups. Option B, AWS shield.
Option C, AWS global accelerator. Option
D, AWS direct connect gateway.
So the right answer here is option A,
security groups.
Security groups control the traffic that
is allowed to reach and leave the
resources that it is associated with.
Question number 496. A business is
developing an application that will need
the capacity to transmit, save, and
receive messages across its components.
Additionally, the corporation requires
that communication be processed in first
in first out sequence. Which Amazon Web
Services service should the business
use? And we have four options. Option A,
AWS Step Functions. Option B, Amazon
simple notification service. Option C,
Amazon Kinesis data streams. Option D,
Amazon simple Q service.
So the right answer here is option D,
Amazon simple Q service.
First in first out Q's are available in
all AWS regions where Amazon SQS is
available.
Question number 497. A business require
24 by7 phone, email, and chat support
with a response time of less than 1 hour
in the event of a service outage to a
production system. Which AWS support
plan best matches these needs for the
least amount of money? And we have four
options basic developer business
enterprise.
So the right answer here is option C
business.
Question number 498. A customer is
considering migrating an application
burden to the Amazon web services cloud.
Which control becomes AWS responsibility
after the migration? And we have four
options. Option A, patching the guest
operating system.
Option B, maintaining physical and
environmental controls. Option C,
protecting communications and
maintaining zone security. Option D,
patching specific applications.
So the right answer here is option B,
maintaining physical and environmental
controls.
Question number 499.
What is the function of a VPC internet
gateway?
And we have four options. Option A to
create a VPN connection to the VPC.
Option B to allow communication between
the VPC and the internet. Option C to
impose bandwidth constraints on internet
traffic. Option D to load balanced
traffic from the internet across Amazon
EC2 instances.
So the right answer here is option B to
allow communication between the VPC and
the internet.
An internet gateway is a horizontally
scaled, redundant, and highly available
VPC component that allow communication
between your VPC and the internet.
Question number 500, which AWS IM
feature enables developers to use the
AWS CLI to access AWS services? And we
have four options. API keys, access
keys, username, passwords, SSH keys.
So the right answer here is option B,
access keys.
Access keys or long-term credentials for
an IM user or the AWS account root user.
You can use access keys to sign
programmatic requests to the AWS CLI or
AWS API directly or using the AWS SDK.
Question number 501. The company's web
application requires AWS credentials and
authorizations to use an AWS service.
Which IM entity should the company use
as the best practice? And we have four
options. IM role, IM user, IM group or
IM multiffactor authentication.
So the right answer here is option A. IM
role?
Question number 502. Which AWS service
or feature gives a company the ability
to control incoming traffic and outgoing
traffic from Amazon EC2 instances? And
we have four options. Security groups,
Amazon Route 53, AWS Direct Connect or
Amazon PPC.
So the right answer here is option A,
security groups.
The security group acts as a virtual
firewall for your EC2 instance to
control incoming and outgoing traffic.
Inbound rules control the incoming
traffic to your instance and outbound
rules control the outgoing traffic from
your instance. When you launch an
instance, you can specify one or more
security groups.
Question number 503. In AWS, a
corporation is constructing a new
archiving system capable of storing
terabytes of data. The firm will not
often retrieve the data. Which Amazon S3
storage type will result in the lowest
system cost? And we have four options.
S3 standard infrequent access, S3
glacier, S3 intelligent tiring and S3
one zone infrequent access.
So the right answer here is option B. S3
Glacier.
Amazon S3 Glacier is a secure, durable
and low cost storage class for data
achieving. You can reliably store any
amount of data at cost that are
competitive with our cheapest than on
premises solutions.
Question number 504.
Which AWS support package includes
access to architectural and operational
assessments
as well as 24 by7 email online chat and
phone support from senior cloud support
engineers
and we have four options basic business
developer enterprise.
So the right answer here is option D
enterprise.
With enterprise support you get 24 into7
technical support from highquality
engineers, tools and technologies to
automatically manage health of your
environment. Consultative architectural
guidance delivered in the context of
your application and use cases and a
designated technical account manager to
coordinate access to proactive
preventative programs and AWS subject
matter experts. AWS enterprise support
is recommended if you have business and
or mission critical workloads in AWS.
Question number 505. Which of the
following describe the root user of an
AWS account? And we have four options.
Option A, the root user is the only user
that can be configured with multiffactor
authentication. Option B, the root user
is the only user that can access the AWS
management console. Option C, the root
user is the first signin identity that
is available when an AWS account is
created. Option D, the root user has a
password that cannot be changed.
So the right answer here is option C.
The root user is the first sign-in
identity that is available when an AWS
account is created.
So AWS account root user when you first
create an Amazon web service account you
begin with one identity that has
complete access to all AWS res services
and resources in the account. This
identity is called the AWS account root
user. So you can sign in as the root
user using the email address and
password that you use to create the
account.
Question number 506.
The AWS AM recommended practice for
providing the fewest possible privileges
is as follows.
And you have four options. Option A,
apply an IM policy to an IM group and
limit the size of the group. Option B,
require multiffactor authentication for
all IM users. Option C, require each IM
user who has different permission to
have multiple passwords. Option D, apply
an IM policy only to IM users who
require it.
So the right answer here is option D,
apply an IM policy only to IM users who
require it.
By creating an AWS IM policy, IT admins
can ensure that members of a project
will only have access to the exact
resources they'll need to complete the
project. They can do this by creating a
policy that enable access to a
particular resource for a specific date
range and applying the policy to each IM
identity.
Question number 507. To prevent
fraudulent compute activity, a user need
a simple method to detect whether any
Amazon EC2 instance have limited access
to their ports. Which Amazon Web
Services offering will meet this
requirement? And we have four options.
Option A, VPC flow logs. Option B,
AWSWF.
Option C, AWS cloud trial. Option D, AWS
trusted advisor.
So the right answer here is option D,
AWS trusted advisor.
AWS trusted advisor check security
groups for rules that allow unrestricted
access to specific ports. Unrestricted
access increase opportunities for
malicious activities. The ports with
highest risk are flagged red and those
with less risk are flagged yellow. Ports
flagged green are typically used by
applicants. applications that require
unrestricted access such as HTTP and
SMTP.
Question number 508. Which AWS service
is a content delivery network that
safely and quickly distributes data,
video and apps to consumers worldwide?
And we have four options. Option A, AWS
Cloud Formation, AWS Direct Connect,
Amazon CloudFront, Amazon Pinpoint.
So the right answer here is option C,
Amazon CloudFront.
Amazon CloudFront is a fast content
delivery network service that securely
delivers data, videos, applications, and
APIs to customers globally with low
latency, high transfer speeds, all
within a developer friendly environment.
CloudFront is integrated with AWS, both
physical locations that are directly
connected to the AWS global
infrastructure as well as other AWS
services.
Question number 509. A company starting
to build it its infrastructure in the
AWS cloud. The company wants access to
technical support during business hours.
The company also wants general
architectural guidance as team build and
test new applications. Which AWS support
plan will meet this requirement at the
lowest cost? And we have four options.
AWS basic support, AWS developer
support, AWS business support and AWS
enterprise support.
So the right answer here is option B.
AWS developer support.
Question number 510. A company is
migrating its public website to AWS. The
company wants to host the domain name
for the website on AWS. Which AWS
service should the company use to meet
this requirement?
And we have four options. AWS Lambda,
Amazon Route 53, Amazon CloudFront, and
AWS Direct Connect.
So the right answer here is option B,
Amazon Route 53.
Question number 511. A company needs to
evaluate its AWS environment and provide
best practice recommendations in five
categories. Cost, performance, service
limits, fall tolerance, and security.
Which AWS service can the company use to
meet these requirements?
We have four options. AWS Shield, AWS
WF, AWS Trusted Advisor, AWS Service
Catalog.
So the right answer here is option C.
AWS trusted advisor.
AWS trusted advisor is used to evaluate
its AWS environment and provide best
practice recommendations in five
categories. Cost performance, service
limit, fall tolerance and security.
Question number 512. Which AWS feature
is exemplified by ondemand technology
services that allow businesses to
substitute variable expenditures for
upfront fixed expenses. And we have four
options. High availability, economy of
scale,
pay as you go pricing, global reach.
So the right answer here is option C,
pay as you go pricing.
Trade fixed expenses for variable
expense. Instead of having to invest
heavily in data centers and servers
before you know how you are going to use
them, you can pay only when you consume
computing resources and pay only for how
much you consume.
Question number 513.
A business is relocating and need an
encrypted connection to AWS. Which AWS
service will assist you in fulfilling
this requirement?
And we have four options. AWSVPN,
Amazon Route 53, Amazon API gateway and
Amazon Connect.
So the right answer here is option
A AWSVPN.
So AWSVPN you can now use additional
encryption integrity and key exchange
algorithms for your VPN connections.
These advanced algorithms provide higher
security to protect your data, higher
performance for faster transfer rates
and help meet compliance compliance
requirements.
Question number 514.
What technology permits compute capacity
to alter in response to changing load
conditions?
And we have four options. Option A, load
balancing. Option B, automatic failover.
Option C, round robin. Option D,
autoscaling.
So the right answer here is option D
autoscaling.
So AWS autoscaling monitors your
application and automatically adjust
capacity to maintain steady predictable
performance at the lowest possible cost.
Using AWS autoscaling, it's easy to set
up application scaling for multiple
resources across multiple services in
minutes. The service provides a simple
powerful user interface that lets you
build scaling plans for resources
including Amazon C2 instance and spot
fleets. Amazon ECS tasks, Amazon Dynamob
tables and indexes and Amazon Aurora
replicas. AWS autoscaling makes scaling
simple with recommendations that allow
you to optimize performance, cost or
balance between them. If you're already
using Amazon EC2 autoscaling to
dynamically scale your Amazon EC2
instance, you can now combine it with
AWS autoscaling to scale additional
resources for other AWS services. With
AWS autoscaling, your applications
always have the right resource at the
right time.
Question number 515.
Which AWS service provides the
capability to view end-to-end
performance metrics and troubleshoot
distributed applications? And we have
four options. AWS cloud9, AWS codear,
AWS cloud map and AWS X-ray.
So the right answer here is option D.
AWS X-ray.
So AWS X-Ray makes it easy for
developers to analyze the behavior of
their production distributed
applications
with end-to-end tracing capabilities.
You can use X-ray to identify
performance bottlenecks, edge case
errors, and other hard to detect issues.
X-ray supports applications either in
development or in production of any type
or size from simple as synchronous event
calls and threet web application to
complex distributed applications built
using a microservices architecture. This
enables developers to quickly find and
address problems in their applications
and improve the experience for end users
of their applications.
Question number 516.
A major corporation has a workload that
demands on premises hardware. The
organization want to continue using the
same management and control plane
service as it does on AWS.
Which Amazon Web Service offering should
the business employ to achieve these
requirements? And we have four options.
Option AWS device form. Option B AWS
Fargate. Option C AWS outposts. And
option D AWS ground station.
The right answer here is option C AWS
outposts.
AWS Outpost is a family of full fully
managed solutions delivering AWS
infrastructure and services to virtually
any on premises or edge location for a
truly consistent hybrid experience.
Outpost solution allow you to extend and
run native AWS services on premises and
is available in a variety of form
factors from one UU and 2U outpost
servers to 42U outpost racks and
multiple rack deployments.
With AWS outpost, you can run some AWS
services locally and connect to a broad
range of services available in the local
AWS region. run applications and
workloads on premises using familiar AWS
services, tools, and APIs. Outpost
supports workloads and devices requiring
low latency access to on-remises
systems, local data processing, data
residency, and application migration
with local system interdependencies.
Question number 517. A business operates
an e-commerce application that is hosted
in Europe to reduce latency for
international customers accessing the
website. The firm would want to catch a
frequently viewed static information
closer to the c consumers. Which Amazon
web service offering will meet this
requirement? We have four options.
Amazon Elastic Achie, Amazon CloudFront,
Amazon Elastic File System, Amazon
Elastic Block Store.
So the right answer here is option B.
Amazon CloudFront.
Amazon CloudFront employs a global
network of edge locations and regional
edge catchies that catch copies of your
content close to your viewers. Amazon
CloudFront ensures that enduser request
are served by the closest edge location.
As a result, viewers request travel a
short term short distance improving
performance of your viewers for files
not catched at the edge location and the
regional edge cgies. Amazon CloudFront
keeps persistent connections with your
origin servers so that those files can
be fetched from the origin servers as
quickly as possible.
Question number 518.
Which of the following is not a
recommended approach for IM user
management? Select two. And we have five
options. Option A, require IM users to
change their passwords after a specified
period of time. Option B, prevent IM
users from reusing previous passwords.
Option C, recommended that the same
password be used on AWS and other sites.
Option D, require IM users to store
their passwords in raw text. Option E,
disable multiffactor authentication for
IM users.
So the right answers are option D
require IM users to store their
passwords in raw text and option E
disable multiffactor authentication for
IM users.
Question number 519.
Which Amazon Web Services feature assist
in identifying harmful or illegal
activity in AWS accounts and workloads?
And we have four options. Option A,
Amazon recognition. Option B, AWS
Trusted Advisor.
Option C, Amazon Guard Duty. And option
D, Amazon Cloudatch.
So the right answer here is option C,
Amazon Guard Duty.
Amazon God duty is a continuous security
monitoring service that analyzes and
processes the following data sources.
AWS cloud trial management event logs.
AWS cloud trial data event for S3. DNS
logs, EKS audit logs and VPC flow logs.
It uses threat intelligence feeds such
as list of malicious IP addresses and
domains and machine learning to identify
unexpected and potential unauthorized
and malicious activities within your AWS
or environment.
Question number 520. Which AWS service
or functionality provides technical
support to users who dis subscribe to
the AWS basic support plan?
And we have four options. Option A, AWS
senior support engineers. Option B, AWS
technical account manager. Option C, AWS
trusted advisor. Option D, AWS
discussion forums.
So the right answer here is option C,
AWS trusted advisor.
So basic support is included for all AWS
customers and includes customer service
and communities,
AWS tested advisor, AWS personal health
dashboard.
Question number 521.
Which as service provides threat
detection by monitoring for malicious
activities and unauthorized actions to
protect AWS accounts, workloads and data
that is stored in Amazon S3.
And we have four options AWS Shield, AWS
Firewall Manager, Amazon Guard Duty,
Amazon Inspector.
So the right answer here is option C,
Amazon Guard Duty.
Amazon Guard Duty is a threat detection
service that continuously monitors your
A+ accounts and workloads for malicious
activity and delivers detailed security
findings for visibility and remediation.
Question number 522.
Which AWS service enables you to get AWS
security and compliance information on
demand?
And we have four options. AWS cloud
trial, AWS artifact, AWS health, Amazon
cloud.
So the right answer here is option B.
AWS artifact.
So AWS artifact is your go-to central
resource for compliance related
information that matters to you. It
provides on demand access to AWS
security and compliance reports and
select online agreements. The reports
available in AWS artifacts include
service organization control reports,
payment card industry reports and
certifications from accreditiation
bodies across geographies and compliance
verticals that validate the
implementation and operating
effectiveness of AWS security controls.
Agreements available in AWS artifacts
include business associate addit and
non-disclosure agreement.
Question number 523.
Which Amazon Web Services service makes
use of edge locations? And we have four
options. Option A, Amazon Aurora. Option
B, AWS Global Accelerator. Option C,
Amazon Connect. Option D, AWS Outposts.
So the right answer here is option B.
AWS Global Accelerator.
AWS Global Accelerator and Amazon
CloudFront are separate services that
use the AWS Global Network and its edge
locations around the world.
Question number 524.
Which of the following AWS capabilities
allows a user to deploy an Amazon
Elastic Compute Cloud instance that has
already been configured.
And we have four options. Option A,
Amazon Elastic Block Store. Option B,
Amazon Machine.
Option C, Amazon EC2 Systems Manager.
Option D, Amazon AppStream 2.0.
So the right answer is option B, Amazon
machine image.
To use Amazon EC2, you simply select a
preconfigured template Amazon machine
image to get up and running immediately
or create an EMI containing your
applications libraries, data, and
associated configuration settings.
Question number 525. Which AWS service
can a company use to store and manage
Docker images?
And we have four options. Option A,
Amazon Dynamob.
Option B, Amazon Kinesis data streams.
Option C, Amazon Elastic Container
Registry. Option D, Amazon Elastic File
System.
So the right answer here is option C,
Amazon Elastic Container Registry.
Amazon Elastic Container Registry is a
highly available and secure private
container reg rep repository that makes
it easy to store and manage your Docker
container images encrypting and
compressing images so they are fast to
pull and secure.
Question number 526.
A business wishes to send its traffic
directly and confidentially
to a virtual private cloud rather than
through the public network. Which mode
of connection enables this capacity?
And we have four options. AWSVPN,
AWS Direct Connect, VPC NAT gateway and
VPC internet gateway.
So the right answer here is option B.
AWS direct connect.
[Music]
Direct connect can be used to establish
a private virtual interface from your on
premises directly to AWS VPC. It can
provide you private high bandwidth
network connection between your network
and VPC. With the help of multiple
virtual interfaces, you can establish
private connectivity to multiple VPCs.
Question number 527.
can be utilized to automate and manage
AWS setups that are safe, well
architected and multi-account.
And we have four options. Option A, AWS
share responsibility model. Option B,
AWS control tower. Option C, AWS
security hub. Option D, AWS well
architected tool.
So the right answer is option B, AWS
control tower. Control
tower automates the process of setting
up a new baseline multi-account AWS
environment that is secure, well
architected and ready to use. Control
tower incorporates the knowledge that
AWS provisional service has gained over
the course of thousands of successful
customer engagements.
[Music]
Question number 528. A company needs an
automated security assessment report
that will identify our intended network
access to Amazon EC2 instances. The
report also must identify operating
system vulnerabilities on those
instances. Which AWS service or a
feature should the company use to meet
this requirement?
And we have four options. AWS trusted
advisor, security groups, Amazon Mackie,
Amazon Inspector.
So the right answer here is option D,
Amazon Inspector.
Amazon Inspector is an automated
vulnerabilities management service that
continually scans AWS workloads for
software vulnerabilities and unintended
network exposure.
Question number 529.
Which AWS support plan is the least
expensive that provides for an 1 hour
goal response time for support cases? We
have four options. Option A enterprise.
Option B business. Option C developer
and option D basic.
So the right answer is option B
business.
We recommend AWS business support if you
have production workloads on AWS and
want 24 into7 access to technical
support and architectural guidance in
the context of your specific use cases
in addition to enhanced technical
support and architectural guidance.
Business support provides access to
third-party software support
documentation and forums. AS trusted
advisor, AWS personal health dashboard,
AWS support API and launch and event
planning.
Question number 530.
Which AWS hybrid storage offering allows
user to effortlessly integrate on
premises application with AWS cloud
storage?
And we have four options. Option A, AWS
backup. Option B, Amazon connect. Option
C, AWS direct connect. And option D, AWS
storage gateway.
So the right answer is option D AWS
storage gateway.
AWS storage gateway is a set of hybrid
cloud storage services that provide on
premises access to virtually unlimited
storage, cloud storage.
Question number 531.
A user needs to prepare a report that
summarizes the status of AWS accounts
major security checks. The report must
contain the following permissions on
Amazon S3 bucket are now inactive.
Whether or not multiffactor
authentication is enabled for the root
user of the AWS account. If any security
groups are set to enable unlimited
access, this will be shown. Where can I
get all of these information in one
place? We have four options. Option A,
Amazon Quicksite dashboard. Option B,
AWS cloud trial trails. Option C, AWS
trusted advisor report. And option D, IM
credential report.
So the right answer here is option C,
AWS trusted advisor report.
Question number 532.
A pharmaceutical company infrastructure
is managed in a single AWS region. The
organization want to link hundreds of
VPCs across many AS accounts. Which AWS
service or feature should the business
use to streamline administration and
save operating costs?
We have four options. Option A VPC
endpoint. Option B AWS direct connect.
Option C AWS transit gateway. And option
D VPC pairing.
So the right answer here is option C AWS
transit K2
AWS transit gateway connects PPCs and on
premises networks through a central hub.
These simplify your network and puts an
end to complex peering relationships. It
acts as a cloud router. Each new
connection is only made once.
Question number 533. A global company is
building a simple time tracking mobile
app. The app needs to operate globally
and must store collected data in a
database. Data must be accessible from
the AWS region that is closest to the
user. What should the company do to meet
these data storage requirements with the
least amount of operational overhead?
And we have four options. Option A, use
Amazon EC2 in multiple regions to host
separate databases.
Option B, use Amazon RDS cross region
replication.
Option C, use Amazon Dynamob global
tables. And option D, use AWS database
migration service.
So the right answer here is option C.
Use Amazon Dynamob global tables.
Global tables built on the global Amazon
Dynamob footprint provide you with a
fully managed multi-reion and
multi-active database that delivers fast
local read and write performance for
massively scaled global applications.
Global tables replicate your Dynamo DB
tables automatically across your choice
of AWS regions.
Question number 534.
One advantage of Amazon Elastic Computer
Cloud on demand pricing is the
following. And we have four options.
Option A, the ability to bid for a lower
hourly cost. Option B, paying a daily
rate regardless of time used. Option C,
paying only for time used. Option D,
prepaying for instances and paying a
lower hourly rate.
So the right answer here is option C,
paying only for time used.
On demand capacity reservations are
priced exactly the same as their
equivalent
instance usage. If a capacity
reservation is fully utilized, you only
pay for instance usage and nothing
towards the capacity reservation. If you
if a capacity reservation is partially
used, you pay for the instance used and
for the unused portion of the capacity
reservation.
Question number 535.
Which task is a customer's
responsibility according to the AWS
share responsibility model. And we have
four options. Option A, management of
the guest operating system. Option B,
maintenance of the configuration of
infrastructure devices. Option C,
management of the host operating system
and virtualization.
Option D, maintenance of the software
that powers availability jones.
So the right answer here is option A
management of the guest operating
systems.
Question number 536.
Which AWS service enables you to shiftly
conduct one-time queries on Amazon S3
data?
And we have four options. Amazon EMR,
Amazon Dynamob, Amazon Red Shift, Amazon
Athena.
So the right answer here is option D,
Amazon Athena.
So Amazon Athena is an interactive query
service that makes it easy to analyze
data in Amazon S3 using standard SQL.
Ethna is serverless so there is no
infrastructure to manage and you pay
only for the queries that you run.
Question number 537.
A company needs to deliver new website
features quickly in an interactive
manner to minimize the time to market.
Which AWS cloud concept does these
requirement represents? And we have four
options. Option A, reliability,
elasticity, agility, and high
availability.
So the right answer here is option C,
agility.
Question number 538.
Which VPC component adds an additional
layer of protection to the subnet? And
we have four options. Option A security
groups, option B, network ACL. Option C,
NAT gateways. And option D root tables.
So the right answer here is option B
network ACL.
Access control list ACL are network
traffic filters that can control
incoming or outgoing traffic. ACL's work
on a set of rules that define how to
forward or block a packet at the
router's interface. An ACL is the same
as stateless firewall which only
restricts blocks or allows the packets
that are flowing from source to
destination.
[Music]
Question number 539.
A company wants to increase its ability
to recover its infrastructure in the
case of a natural disaster. Which pillar
of the AWS well architected framework
does this ability represents?
And we have four options. Option A cost
optimization.
Option B performance efficiency. Option
C reliability and option D security.
So the right answer here is option C
reliability.
The ability of a system to recover from
infrastructure or service disruptions,
dynamically acquire computing resources
to meet demand and mitigate disruptions
such as misconfigurations or transient
network issues.
Question number 540.
Which AWS support package is the least
expensive that includes a dedicated AWS
technical account manager? And we have
four options. AWS developer support, AWS
enterprise support, AWS basic support
and AWS business support.
So the right answer here is option B.
AWS enterprise support.
Question number 541.
Which tool is suitable for monitoring
Amazon Web Services Service Limits?
And we have four options. Option A, AWS
total cost of ownership calculator.
Option B AWS trusted advisor. Option C
AWS personal health dashboard. Option D,
AWS cost and usage report.
So the right answer here is option B,
AWS trusted advisor.
The trusted advisor analyze your AWS
account and provides recommendation,
cost optimization, performance,
security, fall tolerance, service
limits.
Question number 542.
Which AWS service or functionality
involves the implementation of an
internet service provider and a
collocation facility?
We have four options. AWSVPN,
Amazon Connect, AWS Direct Connect,
Internet Gateway.
So the right answer here is option
C AWS direct connect.
Question number 543.
Which AWS service tracks API calls and
user activity?
And we have four options. AWS
organization,
AWS Config, Amazon Cloudatch, AWS Cloud
Trial.
So the right answer is option D. AWS
cloud trial.
So AWS cloud trial enables auditing,
security monitoring and operational
troubleshooting by tracking user
activity and API usage.
Cloud Trail logs continuously monitor
and retain account activity related to
actions across your AWS infrastructure,
giving you control over storage analysis
and remediation actions.
Question number 544.
Which cloud architectural design concept
are advised for rearchitecting a huge
monolithic application? select and we
have five options. Option A, use manual
monitoring. Option B, use fixed servers.
Option C, implement loose coupling.
Option D, relay on individual
components. And option A, design for
scalability.
So the right answer here is option C,
implement loose coupling.
And option E, design for scalability.
Rearchitecting applications involves
sweeping change where an old monolithic
application is completely revamped
according to modern microservices
architecture. Using individual
components to rearchitect a big
application is one part of the process.
The most important part is to design the
application for scalability because the
level of investment for a monolithic
application can only be justified when
resilence and scalability is needed.
Question number 545.
The worldwide architecture of Amazon Web
Services is compromised of regions,
availability zones and what else?
And we have four options. VPCs, data
centers,
dark fiber network links, edge
locations.
So the right answer here is option B,
data centers.
Question number 546.
A business must monitor its AWS accounts
and determine when an API request is
performed against its AWS resources.
Which AWS product or service is most
appropriate for meeting these
requirements?
And we have four options. Amazon
Cloudatch, Amazon Inspector, AWS Cloud
Trial, AWS IM.
So the right answer here is option C.
AWS cloud trail.
AWS cloud trail monitors and records
account activity across your AWS
infrastructure giving you control over
storage analysis and remediation
actions.
Question number 547.
Which AWS service feature or tools uses
machine learning to continuously monitor
cost and usage for unusual cloud
spending?
And we have four options. Option A,
Amazon lookout for metrics.
Option B, AWS budgets.
Option C, Amazon Cloudatch. Option D,
AWS cost anomaly detection.
So the right answer here is option D AWS
cost anomaly detection.
AWS cost anomaly detection spends you
sends you a notification when the
difference between your actual spend and
normal spend pattern exceeds the
threshold. For example, suppose that
your normal spend pattern is $100 and
you get a $10 threshold. Then alert
recipients get anomaly notification when
the cost exceeds $110.
Question number 548.
Which AWS cloud feature will enable a
multinational corporation to meet its
demand for low latency to all its
customers?
And we have four options. Option A fall
tolerance. Option B global reach. Option
C pay as you go pricing and option D
high availability.
The right answer here is option B global
range.
Question number 549.
A business currently operates in one AWS
region and is extending operations to a
second. In the second region, the
organization is utilizing the identical
AWS cloud formation template as in the
original region. When the organization
seeks to deploy Amazon EC2 on demand
instances in the second region, it
encounters errors. What might possibly
be the source of these error messages?
And we have four options. Option A, a
new EC2 key pair has not been created
for the EC2 instance. Option B, the
requested EC2 instant types are not
available in the second region. Option
C, the company cannot operate in a
second region until it updates its AWS
contract. Option D, the company has not
configured AWS budgets to monitor the
budget for the EC2 instance.
So the right answer is option A. A new
EC2 key pair has not been created for
the EC2 instances.
Question number 550.
Which principles are used while
architecting apps for AWS cloud
reliability? Select two. And we have
five options. Option A, design for
automated failure recovery. Option B,
use multiple availability jones. Option
C, manage changes via documented
processes. Option D, test for moderate
demand to ensure reliability. Option E,
backup recovery to an on-remises
environment.
So the right answer here is option A
design for automated failure recovery
and option B use multiple availability
zone.
The reliability pillar encompasses the
ability of a workload to perform its
intended function correctly and
consistently when it's expected to.
These includes the ability to operate
and test the workload through its total
life cycle.
There are five design principle for
reliability in the cloud. Automatically
recover from failure. Test recovery
procedures. Scale horizontally to
increase aggregate workload
availability. Stop guessing capacity.
Manage change in automation.
Question number 551.
A company wants to migrate to AWS and
use the same security software it uses
on premises. The security software
vendor offers its security software as a
service on AWS. Where can the company
purchase the security solution? We have
four options. Option A, AWS partner
solution finder. Option B, AWS support
center. Option C, AWS management
console. Option D, AWS marketplace.
So the right answer here is option D,
AWS marketplace.
AWS marketplace provides a new sales
channel for ISVS and consulting partners
to sell their solutions to AWS
customers. We make it easy for customers
to find, buy, deploy and manage software
solutions including SAS in a matter of
minutes.
Question number 552.
AWS is responsible for which of the
following security related elements of
hosting an Amazon Elastic Compute Cloud
instance? Amazon EC2. And we have four
options. Option A security of private
keys. Option B hypervisor software
updates. Option C security updates to
software running on the instance. Option
D, policies controlling instance access.
So the right answer here is option B,
hypervisor software updates.
Question number 553.
Which of the following statement mostly
accurately characterizes elastic load
balancing?
And we have four options. Option A, it
translates a domain name into an IP
address using DNS. Option B, it
distributes incoming application traffic
across one or more Amazon EC2 instance.
Option C, it collects metrics on
connected Amazon EC2 instances. Option
D, it automatically adjusts the number
of Amazon EC2 instances to support
incoming traffic.
So the right answer here is option B. It
distributes incoming application traffic
across one or more Amazon EC2 instance.
Elastic load balancing automatically
distributes incoming application traffic
across multiple targets and virtual
appliances in one or more availability
zones.
Question number 554.
Which feature of the AWS cloud enables
customer to reduce ideal CPU capacity?
And we have four options. Agility,
elasticity, reliability, and durability.
The right answer is option B,
elasticity.
So cloud elasticity is the ability to
gain or reduce computing resources such
as CPU processing, RAM, input output
bandwidth and storage capacities on
demand without causing system
performance disruptions. This is often
an automatic process in cloud computing.
Question number 555.
Which of the following is a managed AWS
service that is used specifically for
extract, transform and load data? And we
have four options. Amazon Athena, AWS
Glue, Amazon S3, AWS noble edge.
So the right answer here is option B.
AWS Glue.
So AWS Glue is another offering from AWS
and is a serverless ETL extract,
transform and load service on the cloud.
It is fully managed cost-effective
service to categorize your data, clean
and enrich it and finally move it from
source system to target systems.
Question number 556.
A corporation is developing a mobile
application to give its clients with
shopping suggestions. The business
intends to include a graph database into
the shopping recommendation engine.
Which Amazon web service database
service should the business use? And we
have four options. Option A, Amazon
Dynamob. Option B, Amazon Aurora. Option
C, Amazon Neptune. And option D, Amazon
Document DB with MongoDB compatibility.
So the right answer here is option C,
Amazon Neptune.
So, Amazon Neptune is a fast, reliable,
fully managed graph database service
that makes it easy to build and run
applications.
Question number 557.
Which of the following actions are
controlled with AWS identity and access
management? Choose two. And we have five
options. Option A, control access to AWS
service APIs and to other specific
resources. Option B, provide intelligent
thread detection and continuous
monitoring. Option C, protect the AWS
environment using multiffactor
authentication. Option D, grant users
access to AWS data centers. Option E,
provide firewall protection for
applications from common web attacks.
So the right answer here is option A
control access to AWS service APIs and
to other specific resources.
Option C protect the AWS environment
using multiffactor authentication MFA.
AWS multiffactor authentication is an
AWS identity and access management best
practice that requires a second
authentication factor in addition to
username and password signing
credentials. You can enable MFA at the
AWS account level and for root and IM
users you have created in your account.
Question number 558.
A business wishes to establish a
dedicated link between its on-remises IT
infrastructure and AWS region resources.
Additionally, the organization wishes to
decrease network latency and congestion.
Which Amazon Web Services service or
functionality should the business
select? And we have four options.
AWSVPN,
AWS Private Link, Amazon Connect, and
AWS Direct Connect.
So the right answer here is option D AWS
direct connect.
So AWS direct connect cloud service is
the shortest path to your AWS resources.
While in transit, your network traffic
remains on the AWS global network and
never touches the public internet. These
reduces the chance of hitting
bottlenecks or unexpected increase in
latency. When creating a new connection,
you can choose a hosted connection
provided by an AWS direct connect
delivery partner or choose dedicated
connection from AWS.
Question number 559.
Which AWS service allows clients to
audit and monitor AWS resource changes?
And we have four options. AWS trusted
advisor, Amazon Guard Duty, Amazon
Inspector, and AWS Config.
So the right answer here is option D.
AWS config.
So AWS Config is a service that enables
you to access, audit, and evaluate the
configuration of your AWS resources.
Config continuously monitors and records
your AWS resource configurations and
allows you to automate the evaluation of
recorded configurations against desired
configurations. With config, you can
review changes in configurations and
relationship between AWS resources. Dive
into detailed resource configuration
histories and determine your overall
compliance against the configuration
specified in your internal guidelines.
These enables you to simplify compliance
auditing, security analysis, change
management and operational
troubleshooting.
Question number 560. Which of the
following is an advantage of using AWS
cloud computing platform?
And we have four options. Option A,
permissive security removes the
administrative burden. Option B, ability
to focus on revenue generating
activities.
Option C, control over cloud network
hardware. Option D, choice of specific
cloud hardware vendors.
So the right answer here is option B.
Ability to focus on revenue generating
activities.
Developers and IT staff productivity
accounted for nearly 30% of overall
financial benefits. The remaining
benefits were driven by the flexibility
and agility of Amazon cloud
infrastructure services which makes it
easier to try new business models,
support revenue generating applications
and provide more reliable services to
end users.
Question number 561.
Which of the following are shared
controls that apply to both AWS and
customer? according to the AWS shared
responsibility model. Choose two and we
have five options. Option A resource
configuration management, option B
network data integrity, option C
employee awareness and training, option
D physical and environmental security,
option E, replacement and disposal of
disk drives.
So the right answer here is option A
resource configuration management
and option C employee awareness and
training.
So controls which apply to both the
infrastructure layer and customer
layers. But in completely separate
constants or perspectives in a shared
control AWS provides the requirements
for the infrastructure and the customer
must provide their own control
implementation within their use of AWS
services. Examples include in patch
management, AWS is responsible for
patching and fixing flaws within the
infrastructure, but customers are
responsible for patching their guest OS
and applications. In configuration
management, AWS maintains the
configuration of its infrastructure
devices, but a customer is responsible
for configuring their own guest
operating system, databases, and
applications. and awareness and
training. AWS trains AWS employees,
but a customer must train their own
employees.
Question number 562.
Which AWS service or feature gives
information about planned events that
are now occurring or may occur in the
near future and may impact an AWS
account?
We have four options. AWS config, AWS
systems manager, AWS health personal
health dashboard and AWS trusted
advisor.
So the right answer here is option C AWS
personal health dashboard.
So AWS personal health dashboard
provides alerts and guidance for AWS
events that might affect your
environment. While the service health
dashboard shows the general status of
AWS service, the personal health
dashboard provides proactive and
transparent notifications about your
specific AWS environment.
Question number 563.
A business has many Amazon Web Services
accounts and want to streamline and
unify its billing process. Which AWS
service is capable of doing this?
And we have four options. AWS cost and
usage report, AWS organizations,
AWS cost explorer, AWS budgets.
So the right answer here is option B,
AWS organizations.
You can use the consolidated billing
feature in AWS organization. consolidate
billing and payment for multiple AWS
accounts or multiple Amazon Internet
Service Private Limited accounts. Every
organization in AWS organization has a
master account that pays the charge for
all the member accounts.
Question number 564.
What does it imply when a customer uses
AWS to construct a hybrid cloud
architecture? And we have four options.
Option A, all resources run using on
premises infrastructure. Option B, some
resources run on premises and some run
in a collocation center. Option C, all
resources run in the AWS cloud. Option
D, some resources run on premises and
some run in the AWS cloud.
So the right answer here is option D.
Some resources run on premises and some
run in the AWS cloud.
Hybrid cloud combines the unifies public
cloud, private cloud and on- premises
infrastructure to create a single
flexible cost optimal IT infrastructure.
Question number 565.
What is the least expensive AWS support
plan that contains a full set of AWS
trusted advisor best practice checks?
And we have four options. AWS enterprise
support, AWS business support, AWS
developer support and AWS basic support.
So the right answer here is option B.
AWS business support
AWS business support and AWS enterprise
support customers can access all checks
including cost optimization, security,
fault tolerance, performance and service
quotas.
Question number 566.
A business wishes to anticipate its AWS
cloud expenses for the following year
based on historical AWS cloud spending
patterns. Which Amazon Web Services
offering should the business employ to
achieve these requirements? And we have
four options. Option A, AWS control
tower, option B, cost explorer, option
C, AWS ops works. And option D AWS cloud
formation.
So the right answer here is option B,
cost explorer.
AWS cost explorer has an easy to use
interface that lets you visualize,
understand, and manage your AWS cost and
usage over time?
Question number 567.
Which AWS service provides domain
registration, DNS routting and service
health checks?
And we have four options. AWS direct
connect, Amazon Route 53, Amazon
CloudFront and Amazon API Gateway.
So the right answer here is option B,
Amazon Route 53.
So, Amazon root 53 is a highly available
and scalable cloud domain name system
web service. It is basically designed
for developers and corporate to route
the end users to internet applications
by translating human readable names like
www.shapingpixel.com
into the numeric IP addresses like
92.0.1 0.1.1
that computers use to connect to each
other. You cannot use Amazon Route 53 to
connect your on premises network with
AWS cloud.
Question number 568.
Which AWS service or feature can help to
improve network security by restricting
request for a web application hosted on
AWS from a certain network. Select two.
And we have five options AWS WF, AWS
Trusted Advisor, AWS Direct Connect or
AWS organizations
and network ACL.
So the right answer here is option A AWS
W AF
and option E network ACL.
So AWS WAF is a web application firewall
that helps protects your web application
or API against common web exploits.
and bots that may affect availability,
compromise security, or consume
excessive resources.
A network access control list, ACL, is
an optional layer of security for your
VPC that acts as a firewall for
controlling traffic in and out of one or
more subnets.
Question number 569.
Which components are necessary to
configure an AWS site toightVPN
connection successfully? Selected. And
we have five options. Option A internet
gateway. Option B NAT gateway. Option C
customer gateway. Option D transit
gateway. And option E virtual private
gateway.
So the right answer here is option C
customer gateway.
Option D, transit gateway.
Question number 570.
Which AWS service should be used to
migrate a company's onremises MySQL
database to Amazon RDS?
And we have four options. AWS Direct
Connect, AWS server migration service,
AWS database migration service, AWS
schema conversion tool.
So the right answer here is option C.
AWS database migration service.
AWS database migration service is a
cloud service that makes it possible to
migrate relational database, data
warehouses, NoSQL databases and other
types of data stores. You can use AWS
DMS to migrate your data into the AWS
cloud or between combination of cloud
and on-remises setups.
Question number 571.
Which benefits does a company gain when
the company moves from on premises IT
architecture to the AWS cloud? Choose
two. And we have five options. Option A,
reduced or eliminated task for hardware
troubleshooting, capacity planning and
procurement. Option B, elimination of
the need for trained IT staff. Option C,
automatic security configuration of all
applications that are migrated to the
cloud. Option D, elimination of the need
for disaster recovery planning. Option
E, faster deployment of new features and
applications.
So the right answer here is
option A reduced or eliminated task for
hardware troubleshooting, capacity
planning and procurement and option E
faster deployment of new features and
applications.
Question number 572.
A business needs security against
increased distributed denial of service
assaults on its website as well as help
from AWS professional in the case of
such an attack. Which AWS managed
service will satisfy these criteria? And
we have four options. Option AWS Shield
advanced, option B AWS firewall manager,
option C AWS WF and option D Amazon
Guard Duty.
So the right answer here is option A as
shield advanced.
So AWS shield is is a managed
distributed denial of service protection
service that safeguards applications
running on AWS. AWS Shield provides
always on detection and auto automatic
inline mitigations that minimize
applications downtime and latency. So
there is no need to engage AWS support
to benefit from DDOS protection. There
are two types of AWS shield standard and
advanced.
Question number 573.
Which of the following is a benefit of
decoupling an AWS cloud architecture?
And we have four options. Option A,
reduced latency. Option B, ability to
upgrade components independently.
Option C, decreased costs. Option D,
favor components to manage.
So the right answer here is option P,
ability to upgrade components
independently.
Question number 574.
A cloud practitioner requires a
dedicated link between AWS resources and
an on- premises system that is constant
and devoted. Which AWS service satisfies
these criteria?
And we have four options. Option A, AWS
Direct Connect, AWSVPN,
Amazon Connect or AWS data pipeline.
So the right answer here is option A,
AWS Direct Connect.
So you can use AWS direct connect to
establish a private virtual interface
from your on- premises network directly
to your VPC Amazon VPC providing you
with a private high bandwidth network
connection between your network and your
VPC
with multiple virtual interfaces.
You can even establish private
connectivity to multiple VPCs while
maintaining network isolation.
Question number 575.
Which task is the responsibility of the
customer according to the AWS share
responsibility model? And we have four
options. Option A, maintain the security
of the hardware that runs Amazon EC2
instance. Option B, patch the guest
operating system of Amazon EC2
instances. Option C, protect the
security of the AWS global
infrastructure.
Option D, patch Amazon RDS software.
So the right answer is option B, patch
the guest operating system of Amazon EC2
instances.
Question number 576.
A business requires the migration of a
significant amount of data from an
on-remises data center to the AWS cloud.
The internet connection at the workplace
is sluggish and unstable.
Which Amazon Web Services service is
capable of facilitating this data
transfer? And we have four options.
Amazon S3 Classier, AWS Snowball, AWS
Storage Gateway, Amazon Elastic File
System.
So the right answer here is option B,
AWS Snowball.
Snowball is a pabyte scale data
transport solution that uses secure
appliances to transfer
large amount of data into and out of AWS
cloud. Using Snowball addresses common
challenges with large scale data
transfers, including high network cost,
long transfer times, and security
concerns.
Question number 577.
Which AWS service or functionality
allows customers to encrypt data stored
in Amazon S3 during the storage process?
And we have four options. Option A, IM
policies. Option B serverside
encryption.
Option C Amazon card duty. Option D
client side encryption.
So the right answer here is option D.
Client side encryption.
Client side encryption encrypt data
client side and upload the encrypted
data to Amazon S3. In this case you
manage the encryption process, the
encryption keys and related tools.
Question number 578.
Which AWS organization features can be
used to track charges across multiple
accounts and report the combined use
cost?
And we have four options. Option A
service control policies. Option B cost
explorer.
Option C consolidated billing. Option D
AWS identity and access management.
So the right answer here is option C,
consolidated billing.
Question number 579.
Which of the following is a cloud
benefit that AWS offers to its users?
And we have four options. Option A, the
ability to configure AWS data center
hypervisor.
Option B, the ability to purchase
hardware in advance of increased
traffic. Option C, the ability to deploy
to AWS on a global scale. Option D,
compliance audits for users IT
environments.
So the right answer is option C, the
ability to deploy to AWS on a global
scale.
Question number 580. AWS provides which
of the following security related
services? Select two. And we have five
options. Option A, multiffactor
authentication, physical tokens, option
B, AWS trusted advisor security checks.
Option C data encryption. Option D
automated penetration testing. Option E,
Amazon S3 copyrighted content detection.
So the right answer is option B AWS
trusted advisor security checks
and option C data encryption.
Question number 581.
What are the five pillars of the AWS
well architected framework?
And we have four options. Option A,
encryption, documentation, speed, hybrid
design and cost optimization.
Option B, containerization, cost
margins, globalization, marketplace and
developers operations. Option C,
network, compute, storage, security and
developer operations. Option D,
operational excellence, reliability,
performance, efficiency, security and
cost optimization.
So the right answer here is option D.
Question number 582. A company accepts
enrollment application on handwritten
paper forms. The company uses a manual
process to enter the form data into its
backend systems. The company wants to
automate the process by scanning the
forms and capturing the enrollment data
from scanned PDF files. Which AWS
service should the company use to build
this process?
And we have four options. Option A,
Amazon recognition. Option B, Amazon
Textract. Option C, Amazon transcribe.
Option D, Amazon comprehend.
So the right answer is option B, Amazon
Textract.
Amazon Textract is a machine learning
service that automatically extracts
text, handwritten, and data from scanned
documents. It goes beyond simple optical
character recognition to identify,
understand and extract data from forms
and tables.
Question number 583.
Which AWS service should a company use
to organize, characterize and search
large number of images? And we have four
options. Option A, Amazon Transcribe.
Option B, Amazon recognition. Option C,
Amazon Aurora. Option D, Amazon
Quicksite.
So the right answer here is option B,
Amazon recognition.
You use the Amazon recognition image API
operation to analyze images stored in
Amazon S3 bucket and image bytes loaded
from the local file system. This section
also covers getting image orientation
information from a JPG image.
Question number 584.
A company wants to host a private
version control system for its
application code in the AWS cloud. Which
AWS service should the company use to
meet this requirement?
And we have four options. Option A, AWS
code pipeline,
AWS code star, AWS code commit and AWS
code deploy.
So the right answer here is option
C AWS code commit.
So AWS AWS code commit will sort code
binaries and metadata in a redundant
fashion with high availability.
You will be able to collaborate with
local and remote teams to edit, compare,
sync and revise your code.
Question number 585.
Which AWS service or tool can a company
set up to send notifications that a
custom spending threshold has been
reached or exceeded? And we have four
options. AWS budgets, AWS trusted
advisor, AWS cloud trial, AWS support.
So the right answer is option A. AWS
budgets.
With AWS budgets, you can choose to be
alerted by email or SNS notifications
when actual or forecasted cost and usage
exceed your budget threshold or when
your actual RARI and savings plans
utilization or coverage drops below your
desired threshold.
Question number 586.
Which AWS service is used to host static
websites? And we have four options.
Option A, Amazon S3. Option B, Amazon
Elastic Block Store. Option C, AWS Cloud
Formation. Option D, Amazon Elastic File
System.
So the right answer here is option A.
Amazon S3.
Amazon S3 is a cloud storage service
offered by Amazon web services that
allows user to store and retrieve data
from anywhere on the internet. One of
the features of S3 is ability to host
static websites which are websites that
consist of fixed HTML pages and other
assets such as images, stylesheets, and
JavaScript files.
Question number 587.
Which AWS service contains built-in
engines to protect web application that
run in the cloud from SQL injection
attacks and cross-sight scripting?
And we have four options AWS WF, AWS
Shield Advanced, Amazon Guard Duty, and
Amazon Detective.
So the right answer here is option A AWS
W AF.
AWS WAF helps protect web applications
from attacks by allowing you to
configure rules that allow block or
monitor web request based on conditions
that you define. These conditions
include IP addresses, HTTP headers, HTTP
body, URI strings, SQL injection, and
cross-site scripting.
Question number 588.
A company needs to set up user
authentication for a new application.
Users must be able to sign in directly
with a username and password or through
a third party provider. Which AWS
service should the company use to meet
these requirements?
And we have four options. Option A, AWS
sign, single sign on. Option B, AWS Sync
Signer. Option C, Amazon Cognto. Option
D, AWS Directory Service.
So the right answer here is option
C, Amazon Cognto.
So Amazon Cognto lets you add user
signup, sign in, and access control to
your web and mobile app quickly and
easily. Amazon Cognto scales to millions
of users and supports signin with social
identity providers such as Apple,
Facebook, Google and Amazon and
enterprise identity providers via SL 2.0
and open ID connect.
Question number 589. A company's IT team
is managing MySQL database server
clusters. The IT team has to patch the
database and take backup snapshots of
the data in the clusters. The company
wants to move these workload to AWS so
that these tasks will be complete
completed automatically.
What should the company do to meet this
requirement?
We have four options. Option A, deploy
MySQL database server cluster on Amazon
EC2 instances. Option B, use Amazon RDS
with the MySQL database.
Option C, use an AWS cloud formation
template to deploy MySQL database
servers on Amazon EC2 instances. Option
D, migrate all the MySQL database data
to Amazon S3.
So the right answer here is option B.
Use Amazon RDS with MySQL database.
Question number 590.
What is the primary use case of Amazon
car duty?
And we have four options. Option A,
prevention of DOS attacks. Option B,
protecting against SQL injection
attacks. Option C, automatic monitoring
for threats to AWS workloads. Option D,
automatic provisioning of AWS resources.
So the right answer here is option C,
automatic monitoring of threat to AWS
workloads.
Amazon Guard Duty is a threat detection
service that continuously monitors your
AWS accounts and workloads for malicious
activity and delivers detailed security
findings for visibility and remediation.
Question number 591.
A company needs to identify personally
identifiable information such as credit
card numbers from data that is stored in
Amazon S3. Which AWS service should the
company use to meet this requirement?
And we have four options. Amazon
Inspector, AWS Shield, Amazon Guard
Duty, Amazon Mackie.
So the right answer here is option D.
Amazon Mackie.
Mackie automatically detects a large and
growing list of sensitive data types
including personally identifiable
information such as names, addresses,
and credit card numbers. It also gives
you constant visibility of the data
security and data privacy of your data
stored in Amazon S3.
Question number 592. A company wants to
forecast future costs and usage of AWS
resources based on past consumption.
Which AWS service or tool will provide
these forecast
and we have four options. Option AWS
cost and usage report. Option B Amazon
forecast. Option C AWS pricing
calculator. Option D, cost explorer.
So the right answer is option D, cost
explorer.
Question number 593.
Which AWS services are serverless?
Choose two. And we have five options.
AWS Fargate, Amazon Managed Streaming
for Apache Kafka, Amazon EMR, Amazon S3,
Amazon EC2.
So the right answers here is option A,
AWS Fargate and option D, Amazon S3.
Serverless applications generally use
cloud storage services like Amazon S3 to
store application data that doesn't fit
into a database. S3 therefore forms the
functional basis for all serverless
solutions that handle large files like
user generated data, images or video
content.
Question number 594.
Which task is the responsibility of AWS
according to the AWS shared
responsibility model?
And we have four options. Option A,
apply guest operating system patches to
Amazon EC2 instances. Option B,
providing monitoring of human resources
information management systems. Option
C, perform automated backup of Amazon
RDS instance. Option D, optimize the
cost of running AWS services.
So the right answer is option C, perform
automated backups of Amazon RDS
instance.
Amazon RDS creates and saves automated
backups of your data DB instance. Amazon
RDS creates a storage volume snapshot of
your DB instance backing of the entire
DB instance and not just individual
databases both of which are
automatically active when you create an
RDS unless you specify otherwise while
creating the RDS instance.
Question number 595. A company needs to
deploy a postcript SQL database into
Amazon RDS. The database must be highly
available and fall tolerant. Which AWS
solution should the company use to meet
these requirements?
We have four options. Option A, Amazon
RDS with a single availability zone.
Option B, Amazon RDS snapshots. Option
C, Amazon RDS with multiple availability
jones. Option D, AWS database migration
service.
So the right answer here is option C,
Amazon RDS with multi-availability
jones.
Your Amazon RDS database instance and
their deployment in multiple
availability jones improve the
reliability and availability of your DB
instances. These makes them an
appropriate fit for database workloads
in production. Multi-asit deployment for
Amazon RDS instances. AWS RDS instance
is an isolated database infrastructure
in the cloud.
Question number 596. A company wants to
add facial identification to its user
verification process on an application.
Which AWS service should the company use
to meet this requirement? And we have
four options. Option A, Amazon Poly,
Option B, Amazon Transcribe. Option C,
Amazon Lex. Option D, Amazon
recognition.
So the right answer here is option D,
Amazon recognition.
Amazon recognition can store information
about detected faces in serverside
containers known as collections. You can
use the facial information that's stored
in a collection to search for known
faces and images, stored videos, and
streaming videos.
Question number 597.
A company wants the ability to quickly
upload its applications to the AWS cloud
without needing to provision underlying
resources. Which AWS service will meet
these requirements?
And we have four options. Option A, AWS
cloud formation. Option B, AWS elastic
beantock.
Option C, AWS code deploy. Option D, AWS
code commit.
So the right answer here is option B,
AWS elastic beanto.
With elastic beanto, you can quickly
deploy and manage applications in the
AWS cloud without having to learn about
the infrastructure that runs those
applications.
Question number 598. Which AWS service
monitors CPU utilization on Amazon EC2
instances?
And we have four options. Option A, AWS
Cloud Trail, Option B, Amazon Inspector.
Option C, AWS Config. Option D, Amazon
Cloudatch.
So the right answer here is option D,
Amazon Cloudatch.
You can monitor the CPU usage and disk
reads and rights of your Amazon EC2
instances and then use that data to
determine whether you should launch
additional instances to handle increased
load. You can also use this data to stop
under used instances to save money. With
Cloudatch, you gain systemwide
visibility into resource utilization,
application performance, and operational
health.
Question number 599. A company needs to
label its AWS resources so that the
company can categorize and track cost.
What should the company do to meet this
requirement?
And we have four options. Option A, use
cost allocation tags. Option B, use AWS
identity and access management.
Option C, use AWS organizations.
Option D, use the AWS cost management
coverage report.
So the right answer here is option A,
use cost allocation tax.
AWS uses the cost allocation tax to
organize your resource cost on your cost
allocation report to make it easier for
you to categorize and track your AWS
costs.
Question number 600. A company wants its
employees to have access to virtual
desktop infrastructure to securely
access company provided desktops through
the employees personal devices. Which
AWS service should the company use to
meet these requirements? And we have
four options. Option A, Amazon
AppStream. Option B, AWS AppSync. Option
C, Amazon FSX for Windows file server.
Option D, Amazon Workspaces.
So the right answer here is option D.
Amazon workspaces.
Amazon workspaces provide a secure
managed desktop as a service to your end
users.
So that's all in this video guys. I hope
you like the video. Please subscribe to
my channel if you're not already done
so. And uh if you think any of the
answer is incorrect while going through
the question and answers, please let me
know in the comment section with the
question number and the right answer and
your explanation please and I wish you
all the best for your AWS certification
journey and please let me know once you
have passed the exam and uh see you in
the next video and keep learning. Thank
you.
UNLOCK MORE
Sign up free to access premium features
INTERACTIVE VIEWER
Watch the video with synced subtitles, adjustable overlay, and full playback control.
AI SUMMARY
Get an instant AI-generated summary of the video content, key points, and takeaways.
TRANSLATE
Translate the transcript to 100+ languages with one click. Download in any format.
MIND MAP
Visualize the transcript as an interactive mind map. Understand structure at a glance.
CHAT WITH TRANSCRIPT
Ask questions about the video content. Get answers powered by AI directly from the transcript.
GET MORE FROM YOUR TRANSCRIPTS
Sign up for free and unlock interactive viewer, AI summaries, translations, mind maps, and more. No credit card required.