Course Overview

Course overview

Welcome to the AWS Cloud Practitioner Essentials course.

During Modules 1–10, you will build your AWS Cloud knowledge by learning about AWS Cloud concepts, AWS services, security, architecture, pricing, and support.

The lessons in each module include videos, supporting information, and links to additional resources that further your understanding of AWS services.
The knowledge checks and quizzes are opportunities to review the key concepts that were covered in each module. After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

In the final Module 11, you will learn about the structure of the AWS Certified Cloud Practitioner exam. You will also review strategies that help you to increase the probability of passing the exam.

You will then conclude the course with a final 30-question assessment and a brief survey.

Now, get started by continuing on to Module 1: Introduction to Amazon Web Services.

Module 1 - Introduction to Amazon Web Services

Introduction - Learning Objectives

In this module, you will learn how to:

• Summarize the benefits of AWS.
• Describe differences between on-demand delivery and cloud deployments.
• Summarize the pay-as-you-go pricing model.

Video Transcript

I'm Blaine Sundrud, AWS Training and Certification. I've been teaching technology for more years than I'm willing to admit. After spending time teaching the newspaper industry, I moved to AWS, where I've taught classes globally on many different disciplines, such as security, cloud architecture, DevOps, big data, AI and ML, and theater history. My momma was a teacher. My daddy was a teacher. My grandpa was a bartender. I was born for this.


Hi, I'm Morgan Willis, a Senior Cloud Technologist at AWS. I started in the IT world about 10 years ago. And along the way, I decided that I was missing something. I missed the help and teaching aspect of IT that I had in my first job in IT support. So, I went into teaching software development in different areas around the U.S. And then I eventually landed here at AWS, where, as a Cloud Technologist, I get to support others in their cloud journey every day.


And I'm Rudy Chetty. I come from sunny Cape Town, South Africa, home of biltong, boerewors, and bunny chow. I'm a Solutions Architect, and have been with AWS for over three years. Teaching is my passion. And I can't wait for you to dive into the course, and learn. Thank a lot. and good luck.


This course is gonna cover all the essential information that you need to understand, to be comfortable discussing AWS, to know why it's beneficial to your business.


AWS offers a massive range of services for every business, starting with basic elements, like compute, storage, and network security tools, through complex solutions like blockchain, machine learning, or artificial intelligence, and robot development platforms, all the way through very specialized tool sets, like video production management systems, and orbital satellites you can rent by the minute.


All that, however, is way more than we have time to cover in a foundational class like this one. So let's simplify the conversation by starting with the fundamental cloud compute model.


Almost all modern computing centers around a basic client-server model. Now I know it can be more complicated than that, so let's take a look at our coffee shop.


This coffee shop is going to give us some real world metaphors to help you understand why AWS can change the way your IT operates.


Let's make Morgan the server, the barista. And I am the client, the customer. I make a request. In this case, it is for coffee. Now in the computing world, the request could be anything. It could be rain pattern analysis in South Africa, or the latest x-rays of your knee, or videos of kittens. Whatever is the business, basically a customer makes a request, and with permissions, the server responds to that request. All I want is a caffeinated beverage.

Morgan represents the server part of the client-server model. In AWS, she would be called an Amazon Elastic Compute Cloud, or EC2, an EC2 instance, a virtual server. So from an architectural point of view, the transaction we did is really simple to explain. I, the user, made a request to Morgan, the server. Morgan validated that the request was legitimate, in this case, did I give her money? Then she returned a response, which in this case, is a berry blaster with extra caramel shots.


Now in the real world, applications can get more complicated than just a single transaction with a single server. In a business solution that is more mature, it can get beautifully complex.


To avoid this complexity, we're going to start simple. We will build this discussion out so that it is easy for anyone to understand how these concepts build on each other. So, by the end, those complex concepts, they'll be easy to understand. Let's start with a key concept to AWS, and that is, you only pay for what you use.


This principle makes sense when you run a coffee shop. Employees are only paid when they're in the store working. If Rudy and Morgan are off the clock, well then they don't get paid. The store owner simply decides how many baristas are needed and then just pays for the hours they work. For example, the coffee shop is about to release a new drink, the Pumpkin Monster Spice. In anticipation of this launch, you could always staff your shop with a dozen baristas all day long, just in case you suddenly get an unexpected rush at some point in the day. Only, let's be honest. For most of your day, you don't have near enough customers to justify paying for all those employees.


And yet, the is exactly what happens in an on-premises data center. You can't just snap your fingers and triple your capacity. At AWS, you don't pre-pay for anything. And you don't have to worry about capacity constraints.


When you need instances, or baristas, you just click a button, and you have them. And when you don't need them, another click, and they go away, and you stop paying for them. The same way you don't pay for employees for hours that they're not working.


So, pay for what you need, becomes the first key value of many for running your business on AWS. And that is really why we're here, to help you understand how AWS is built to help you run your business better.


We hope you stick around for the entire course, as we dive deeper into these concepts, and help launch you on your journey to being a Cloud Practitioner.

What is a client-server model?

You just learned more about AWS and how almost all of modern computing uses a basic client-server model. Let’s recap what a client-server model is.

In computing, a client can be a web browser or desktop application that a person interacts with to make requests to computer servers. A server can be services such as Amazon Elastic Compute Cloud (Amazon EC2), a type of virtual server.

For example, suppose that a client makes a request for a news article, the score in an online game, or a funny video. The server evaluates the details of this request and fulfills it by returning the information to the client.

Cloud Computing

Video Transcript

Before we get deeper into the pieces and parts of AWS, let's zoom out and get a good working definition of cloud. Cloud computing is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. Let's break this down. On-demand delivery indicates that AWS has the resources you need, when you need them. You don't need to tell us in advance that you're going to need them. Suddenly you find yourself needing 300 virtual servers. Well, just a few clicks and launch them. Or you need 2000 terabytes of storage. You don't have to tell us in advance, just start using the storage you need, when you need it. Don't need them anymore, just as quickly, you can return them and stop paying immediately. That kind of flexibility is just not possible when you're managing your own data centers.


The idea of IT resources is actually a big part of the AWS philosophy. We often get asked why AWS has so many products and the answer is really simple: Because businesses need them. If there are IT elements that are common across a number of businesses, then this is not a differentiator.


Take a MySQL database as an example. If your business runs a MySQL database, does your ability to install the MySQL engine make you a better company than your competitors? Well, probably not that. Do you keep backups in a way that makes you superior to other players in your vertical? Again, doubtful. The data inside your database, now that's critically different. The way you build your tables and manage the structures, absolutely separates you from the competition. But the engine is just the engine. 


At AWS, we call that the *undifferentiated heavy lifting of IT*[^1]. Tasks that are common, often repetitive and ultimately time-consuming; these are the tasks AWS wants to help you with. So you can focus on what makes you unique. Over the internet, seems simple enough, but it implies that you can access those resources using a secure webpage console or programmatically. 


No additional contracts or sales calls are needed. With pay-as-you-go pricing, we re-emphasize what we pointed out here in the coffee shop. You don't staff a shop with employees 24 hours a day at the same levels you do during peak hours. In fact, some hours, you might not even staff them at all. So why pay for developer environments, for example, on weekends, if your developers aren't working on the weekends?

[^1] https://aatt.io/newsletters/undifferentiated-heavy-lifting-274176 https://github.com/knstvk/mariodavid.github.io/blob/master/_drafts/undifferentiated-heavy-lifting-of-business-apps.md

Undifferentiated heavy lifting, a term coined in the origins of AWS is also applicable for other parts of the IT industry. Creating business applications has a lot of things in common with IT infrastructure.

A few years ago i stumbled upon the term “undifferentiated heavy lifting”. As it turns out it was most prominently used by Jeff Bezos and Werner Vogels, C level executives at Amazon. When you look at the origins of the Amazon Web Services offerings, this is basically the core of why they exists.

Deployment models for cloud computing

When selecting a cloud strategy, a company must consider factors such as required cloud application components, preferred resource management tools, and any legacy IT infrastructure requirements.

The three cloud computing deployment models are cloud-based, on-premises, and hybrid.

(Select each tab to learn about each category.) See below:

• Cloud-Based Deployment
• On-Premises Deployment
• Hybrid Deployment

Cloud-Based Deployment

• Run all parts of the application in the cloud.
• Migrate existing applications to the cloud.
• Design and build new applications in the cloud.

In a cloud-based deployment model, you can migrate existing applications to the cloud, or you can design and build new applications in the cloud. You can build those applications on low-level infrastructure that requires your IT staff to manage them. Alternatively, you can build them using higher-level services that reduce the management, architecting, and scaling requirements of the core infrastructure.

For example, a company might create an application consisting of virtual servers, databases, and networking components that are fully based in the cloud.

On-Premises Deployment

• Deploy resources by using virtualization and resource management tools.
• Increase resource utilization by using application management and virtualization technologies.

On-premises deployment is also known as a private cloud deployment. In this model, resources are deployed on premises by using virtualization and resource management tools.

For example, you might have applications that run on technology that is fully kept in your on-premises data center. Though this model is much like legacy IT infrastructure, its incorporation of application management and virtualization technologies helps to increase resource utilization.

Hybrid Deployment

• Connect cloud-based resources to on-premises infrastructure.
• Integrate cloud-based resources with legacy IT applications.

In a hybrid deployment, cloud-based resources are connected to on-premises infrastructure. You might want to use this approach in a number of situations. For example, you have legacy applications that are better maintained on premises, or government regulations require your business to keep certain records on premises.

For example, suppose that a company wants to use cloud services that can automate batch data processing and analytics. However, the company has several legacy applications that are more suitable on premises and will not be migrated to the cloud. With a hybrid deployment, the company would be able to keep the legacy applications on premises while benefiting from the data and analytics services that run in the cloud.

Benefits of cloud computing

Consider why a company might choose to take a particular cloud computing approach when addressing business needs.

(To learn more, select the + symbol next to each category.) Check below:

• Trade upfront expense for variable expense
• Stop spending money to run and maintain data centers
• Stop guessing capacity
• Benefit from massive economies of scale
• Increase speed and agility
• Go global in minutes

Trade upfront expense for variable expense

Upfront expense refers to data centers, physical servers, and other resources that you would need to invest in before using them. Variable expense means you only pay for computing resources you consume instead of investing heavily in data centers and servers before you know how you’re going to use them.

By taking a cloud computing approach that offers the benefit of variable expense, companies can implement innovative solutions while saving on costs.

Stop spending money to run and maintain data centers

Computing in data centers often requires you to spend more money and time managing infrastructure and servers. 

A benefit of cloud computing is the ability to focus less on these tasks and more on your applications and customers.

Stop guessing capacity

With cloud computing, you don’t have to predict how much infrastructure capacity you will need before deploying an application. 

For example, you can launch Amazon EC2 instances when needed, and pay only for the compute time you use. Instead of paying for unused resources or having to deal with limited capacity, you can access only the capacity that you need. You can also scale in or scale out in response to demand.

Benefit from massive economies of scale

By using cloud computing, you can achieve a lower variable cost than you can get on your own.

Because usage from hundreds of thousands of customers can aggregate in the cloud, providers, such as AWS, can achieve higher economies of scale. The economy of scale translates into lower pay-as-you-go prices.

Increase speed and agility

The flexibility of cloud computing makes it easier for you to develop and deploy applications.

This flexibility provides you with more time to experiment and innovate. When computing in data centers, it may take weeks to obtain new resources that you need. By comparison, cloud computing enables you to access new resources within minutes.

Go global in minutes

The global footprint of the AWS Cloud enables you to deploy applications to customers around the world quickly, while providing them with low latency. This means that even if you are located in a different part of the world than your customers, customers are able to access your applications with minimal delays. 

Later in this course, you will explore the AWS global infrastructure in greater detail. You will examine some of the services that you can use to deliver content to customers around the world.

Additional resources

To learn more about the concepts that were explored in Module 1, review these resources.

AWS glossary - https://docs.aws.amazon.com/general/latest/gr/glos-chap.html
Whitepaper: Overview of Amazon Web Services - https://d0.awsstatic.com/whitepapers/aws-overview.pdf
AWS Fundamentals: Overview - https://aws.amazon.com/getting-started/fundamentals-overview/
What is cloud computing? - https://aws.amazon.com/what-is-cloud-computing/
Types of cloud computing - https://aws.amazon.com/types-of-cloud-computing/
Cloud computing with AWS - https://aws.amazon.com/what-is-aws/

Module 1 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations to reinforce your understanding of the concepts.

What is cloud computing?

1. Backing up files that are stored on desktop and mobile devices to prevent data loss
2. Deploying applications connected to on-premises infrastructure
3. Running code without needing to manage or provision servers
4. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

A: 4

Explanation: The correct response option is On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing.

The other response options are incorrect because:

• It is possible to back up files to the cloud, but this response option does not describe cloud computing as a whole.
• Deploying applications connected to on-premises infrastructure is a sample use case for a hybrid cloud deployment. Remember that cloud computing also has cloud and on-premises (or private cloud) deployment models.
• AWS Lambda is an AWS service that lets you run code without needing to manage or provision servers. This description does not describe cloud computing as a whole. AWS Lambda is explained in greater detail later in the course.

What is another name for on-premises deployment?

1. Private cloud deployment
2. Cloud-based application
3. Hybrid deployment
4. AWS Cloud

A: 1

Explanation: The correct response option is Private cloud deployment.

The other response options are incorrect because:

• Cloud-based applications are fully deployed in the cloud and do not have any parts that run on premises.
• A hybrid deployment connects infrastructure and applications between cloud-based resources and existing resources that are not in the cloud, such as on-premises resources. However, a hybrid deployment is not equivalent to an on-premises deployment because it involves resources that are located in the cloud.
• The AWS Cloud offers three cloud deployment models: cloud, hybrid, and on-premises. This response option is incorrect because the AWS Cloud is not equivalent to only an on-premises deployment.

How does the scale of cloud computing help you to save costs?

1. You do not have to invest in technology resources before using them.
2. The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
3. Accessing services on-demand helps to prevent excess or limited capacity.
4. You can quickly deploy applications to customers and provide them with low latency.

A: 2

Explanation: The correct response option is The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

This answer describes how customers can benefit from massive economies of scale in cloud computing.

The other response options are incorrect because:

• Not having to invest in technology resources before using them relates to Trade upfront expense for variable expense.
• Accessing services on-demand to prevent excess or limited capacity relates to Stop guessing capacity.
• Quickly deploying applications to customers and providing them with low latency relates to Go global in minutes.

Dump 1 - 02-02-2023

Question 1/71

• A company needs to deploy an Amazon EC2 instance and attach a storage mount for the operating system and application files. Which AWS service will meet these requirements?

A. Amazon Elastic File System (Amazon EFS)

B. Amazon Elastic Block Store (Amazon EBS)

C. AWS Backup

D. Amazon S3

Correct Answer: D

Question 2/71

• Which AWS service provides alerts when an AWS event may impact a company’s AWS resources?

A. AWS Infrastructure Event Management

B. AWS Trusted Advisor

C. AWS Personal Health Dashboard

D. AWS Service Health Dashboard

Correct Answer: C

Question 3/71

• A company wants to improve the overall availability and performance of its applications that are hosted on AWS. Which AWS service should the company use?

A. AWS Global Accelerator

B. Amazon Lightsail

C. Amazon Connect

D. AWS Storage Gateway

Correct Answer: A

Question 4/71

• A company runs a web application on Amazon EC2 instances. The application must run constantly and is expected to run indefinitely without interruption. Which EC2 instance purchasing options will meet these requirements MOST cost-effectively? (Select TWO.)

A. On-Demand Instances

B. Spot Instances.

C. Reserved Instances

D. Savings Plans

E. Dedicated Hosts

Correct Answer: C,D

Amazon EC2 provides the following purchasing options to enable you to optimize your costs based on your needs:

• On-Demand Instances - Pay, by the second, for the instances that you launch.
• Savings Plans - Reduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years.
• Reserved Instances - Reduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and Region, for a term of 1 or 3 years.
• Spot Instances - Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly.
• Dedicated Hosts - Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.
• Dedicated Instances - Pay, by the hour, for instances that run on single-tenant hardware.
• Capacity Reservations - Reserve capacity for your EC2 instances in a specific Availability Zone for any duration.

If you require a capacity reservation, purchase Reserved Instances or Capacity Reservations for a specific Availability Zone.

Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if they can be interrupted.

Dedicated Hosts or Dedicated Instances can help you address compliance requirements and reduce costs by using your existing server-bound software licenses.

Question 5/71

• A company that is migrating to the AWS Cloud wants to reduce the operational costs of running its databases. Which combination of actions should the company take to achieve this goal (Select TWO.)

A. Deploy resources across multiple Availability Zones.

B. Activate Amazon DynamoDB Accelerator (DAX)

C. Use the AWS global infrastructure to benefit from economies of scale

D. Decrease operational tasks by using AWS managed services.

E. Automate changes and responses to events.

Correct Answer: D,E

Question 6/71

• A company needs to transfer 60 TB of data to the AWS Cloud in a secure manner. Which of the following should the company use to meet these requirements?

A. AWS Snowball Edge device

B. Amazon Elastic Block Store (Amazon EBS)

C. Amazon Elastic File System (Amazon EFS)

D. Amazon S3

Correct Answer: A

• https://aws.amazon.com/blogs/storage/migrating-hundreds-of-tb-of-data-to-amazon-s3-with-aws-datasync/

Question 7/71

• Which AWS service provides managed DDoS protection?

A. Amazon Inspector

B. Amazon GuardDuty

C. AWS Firewall Manager

D. AWS Shield

Correct Answer: D

Question 8/71

• A company wants to offer direct phone and chat channels for customer service. The company needs a pay-as-you-go solution that remote customer service agents can use to create and manage voice and chat contact flows. Which AWS service will meet these requirements?

A. Amazon Connect

B. AWS Direct Connect

C. Amazon Cognito

D. Amazon EventBridge (Amazon CloudWatch Events)

Correct Answer: A

Question 9/71

• Which AWS service provides an isolated virtual network to connect AWS services and resources?

A. Amazon EC2

B. Amazon DynamoDB

C. Amazon Lightsail

D. Amazon VPC

Correct Answer: D

• Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Question 10/71

• A company stores several terabytes of data in an Amazon S3 bucket. The company needs to query the data by using standard SQL and does not want to set up infrastructure. Which AWS service should the company use to meet these. requirements?

A. Amazon Athena

B. Amazon EC2

C. Amazon Redshift

D. Amazon RDS

Correct Answer: A

Question 11/71

• Which solution provides a fast, automated and repeatable method of deploying AWS Cloud infrastructure to multiple AWS Regions?

A. Use AWS CodeStar to set up a continuous delivery toolchain for automated deployment

B. Create and use an AWS CloudFormation template

C. Use AWS Systems Manager to automate management tasks such as creating Amazon EC2 Amazon Machine images (AMIS) and applying patches

D. Create and launch an Amazon EC2 Amazon Machine Image (AMI) containing the source code with butt-m deployment hooks lo launch other AWS services

Correct Answer: B

Question 12/71

• Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Select TWO.)

A. Use the AWS account root user for daily access.

B. Use access keys and secret access keys on Amazon EC2.

C. Rotate credentials on a regular basis.

D. Create a shared set of access keys for system administrators.

E. Configure multi-factor authentication (MFA).

Correct Answer: C,E

• If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. To delete or rotate your root user access keys, go to the My Security Credentials page in the AWS Management Console and sign in with your account’s email address and password. You can manage your access keys in the Access keys section. For more information about rotating access keys, see Rotating access keys.

Question 13/71

• A company implements an Amazon EC2 Auto Scaling policy along with an Application Load Balancer to automatically recover unhealthy applications that run on Amazon EC2 instances. Which pillar of the AWS Well-Architected Framework does this action cover?

A. Performance efficiency

B. Security

C. Reliability

D. Operational excellence

Correct Answer: C

Question 14/71

• Which approach will enhance a user’s security on AWS?

A. Create a hybrid architecture by using AWS Direct Connect.

B. Use Multi-AZ deployments with Amazon RDS.

C. Monitor application-specific information with AWS X-Ray.

D. Encrypt data by using AWS Key Management Service (AWS KMS).

Correct Answer: D

Question 15/71

• A company needs to report on events that involve the specific AWS services that the company uses. Which AWS service or resource can the company use with Amazon CloudWatch to meet this requirement?

A. Amazon Inspector

B. AWS Personal Health Dashboard

C. AWS Trusted Advisor

D. AWS CloudTrail logs

Correct Answer: D

Question 16/71

• Which service enables customers to audit API calls in their AWS accounts?

A. AWS CloudTrail

B. AWS Trusted Advisor

C. Amazon Inspector

D. AWS X-Ray

Correct Answer: A

• AWS Audit Manager is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Audit Manager. CloudTrail captures all API calls for Audit Manager as events.

Question 17/71

• A company is moving its on-premises NoSQL database to the AWS Cloud Which AWS service should the company use for the NoSQL database?

A. Amazon Redshift

B. Amazon Quantum Ledger Database (Amazon QLDB)

C. Amazon DynamoDB

D. Amazon RDS for MySQL

Correct Answer: C

Question 18/71

• A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports. Which AWS service or group can provide these documents?

A. AWS Config

B. AWS Support

C. AWS Abuse team

D. AWS Artifact

Correct Answer: D

Question 19/71

• Which Reserved Instance (Rl) provides the HIGHEST average cost savings compared to an On-Demand Instance?

A. 1-year. No Upfront. Standard Rl

B. 3-year. No Upfront. Convertible Rl

C. 1-year. All Upfront. Convertible Rl

D. 3-year. All Upfront, Standard Rl

Correct Answer: D

Question 20/71

• A company wants a cost-effective option when running its applications in an Amazon EC2 instance for short time periods. The applications can be interrupted. Which EC2 instance type will meet these requirements?

A. Spot Instances

B. On-Demand Instances

C. Reserved Instances

D. Dedicated Instances

Correct Answer: A

• Spot Instances - Spot Instances are the most cost-effective choice if you are flexible about when your applications run and if your applications can be interrupted.

Question 21/71

• Which task is the responsibility of the customer according to the AWS snared responsibility model?

A. Patch the Amazon DynamoDB operating system

B. Protect the hardware that runs AWS services

C. Secure Amazon CloudFront edge locations by allowing physical access according to the principle of least privilege

D. Use AWS Identity and Access Management (IAM) according to the principle of least privilege

Correct Answer: D

Question 22/71

• A company plans to create a data lake that uses Amazon S3. Which factor will have the MOST effect on cost?

A. The addition of S3 bucket policies

B. The selection of S3 storage tiers

C. S3 ingest fees for each request

D. Charges to transfer existing data into Amazon S3

Correct Answer: D

Question 23/71

• What is a benefit of using AWS serverless computing?

A. Application deployment and management are not required.

B. Application security will be fully managed by AWS.

C. Monitoring and logging are not needed.

D. Management of infrastructure is offloaded to AWS.

Correct Answer: D

• Serverless computing allows you to build and run applications and services without thinking about servers. With serverless computing, your application still runs on servers, but all the server management is done by AWS.

Question 24/71

• A company runs applications that process credit card information. Auditors have asked if the AWS environment has changed since the previous audit. If the AWS environment has changed, the auditors want to know how it has changed. Which AWS services can provide this information? (Select TWO.)

A. AWS Artifact

B. AWS Trusted Advisor

C. AWS Config

D. AWS Cloud Trail

E. AWS Identity and Access Management (IAM)

Correct Answer: C,D

• AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements.
• AWS Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.
• AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
• AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
• AWS Identity and Access Management (IAM) provides fine-grained access control across all of AWS. With IAM, you can specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure least-privilege permissions.

Question 25/71

• A company recently mutated to AWS and wants to enable intelligent threat protection and continuous monitoring across all of its AWS accounts. Which AWS service should the company use lo achieve this goal?

A. Amazon Detective

B. Amazon Macie

C. AWS Shield

D. Amazon GuardDuty

Correct Answer: D

Question 26/71

• A company wants to organize its users so that the company can grant permissions to the users as a group. Which AWS service or tool can the company use to meet this requirement?

A. Resource groups

B. AWS identity and Access Management (IAM)

C. Security groups

D. AWS Security Hub

Correct Answer: B

Question 27/71

• A company is running an Amazon EC2 instance in a VPC. Which of the following can the company use to route and filter incoming network requests for the EC2 instance?

A. Route tables and web application firewalls

B. Security groups and route tables

C. Route tables and AWS Shield

D. Security groups and a network intrusion system

Correct Answer: B

Question 28/71

• Which of the following are design principles of the reliability pillar of the AWS Well-Architected Framework? (Select TWO.)

A. Perform operations as code.

B. Stop guessing capacity.

C. Make changes to infrastructure by using automation.

D. Use build and deployment management systems.

E. Adopt serverless architecture whenever possible.

Correct Answer: B,C

Question 29/71

• Which AWS service offers threat detection and continuously monitors for malicious activity and unauthorized behavior in AWS accounts?

A. AWS Config

B. Amazon GuardDuty

C. Amazon Made

D. Amazon Inspector

Correct Answer: B

Question 30/71

• Which tasks require use of the AWS account root user? (Select TWO.)

A. Grouping resources in AWS Systems Manager

B. Running applications in Amazon Elastic Kubernetes Service (Amazon EKS)

C. Modifying an Amazon EC2 instance type

D. Changing an AWS Support plan

E. Closing an AWS account

Correct Answer: D,E

Question 31/71

• A company is developing a new Node.js application. The application must have a scalabe NoSQL database to meet increasing demand as the popularity of the application grown. Which AWS services will meet the requirements for the database?

A. Amazon Aurora Serverless

B. Amazon Redshift

C. Amazon ElastiCache

D. Amazon DynamoDB

Correct Answer: D

Question 32/71

• A company needs to process data from satellite communications without managing any infrastructure. Which AWS service should the company use to meet these requirements?

A. Amazon CloudWatch

B. Amazon Aurora

C. Amazon Athena

D. AWS Ground Station

Correct Answer: D

• AWS Ground Station is a fully managed service that lets you control satellite communications, process data, and scale your operations without having to worry about building or managing your own ground station infrastructure. Satellites are used for a wide variety of use cases, including weather forecasting, surface imaging, communications, and video broadcasts. Ground stations form the core of global satellite networks. With AWS Ground Station, you have direct access to AWS services and the AWS Global Infrastructure including a low-latency global fiber network. For example, you can use Amazon S3 to store the downloaded data, Amazon Kinesis Data Streams for managing data ingestion from satellites, and Amazon SageMaker for building custom machine learning applications that apply to your data sets. You can save up to 80% on the cost of your ground station operations by paying only for the actual antenna time used, and relying on the global footprint of ground stations to download data when and where you need it. There are no long-term commitments, and you gain the ability to rapidly scale your satellite communications on-demand when your business needs it.

Question 33/71

• A company requires an isolated environment within AWS for security purposes. Which action can be taken to accomplish this?

A. Create an AWS Direct Connect connection between the company and AWS.

B. Create a separate Availability Zone to host the resources.

C. Create a separate VPC to host the resources.

D. Create a placement group to host the resources.

Correct Answer: C

Question 34/71

• A company needs to schedule the rotation of database credentials in the AWS Cloud. Which AWS service should the company use to perform this task?

A. AWS Identity and Access Management (IAM)

B. AWS Managed Services (AMS)

C. Amazon RDS

D. AWS Secrets Manager

Correct Answer: D

• AWS Secrets Manager makes it easier to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. The key features of this service include the ability to:
  1. Secure and manage secrets centrally. You can store, view, and manage all your secrets centrally. By default, Secrets Manager encrypts these secrets with encryption keys that you own and control. You can use fine-grained IAM policies or resource-based policies to control access to your secrets. You can also tag secrets to help you discover, organize, and control access to secrets used throughout your organization.
  2. Rotate secrets safely. You can configure Secrets Manager to rotate secrets automatically without disrupting your applications. Secrets Manager offers built-in integrations for rotating credentials for all Amazon RDS databases (MySQL, PostgreSQL, Oracle, Microsoft SQL Server, MariaDB, and Amazon Aurora.) You can also extend Secrets Manager to meet your custom rotation requirements by creating an AWS Lambda function to rotate other types of secrets.
  3. Transmit securely. Secrets are transmitted securely over Transport Layer Security (TLS) protocol 1.2. You can also use Secrets Manager with Amazon Virtual Private Cloud (Amazon VPC) endpoints powered by AWS Privatelink to keep this communication within the AWS network and help meet your compliance and regulatory requirements to limit public internet connectivity.
  4. Pay as you go. Pay for the secrets you store in Secrets Manager and for the use of these secrets; there are no long-term contracts, licensing fees, or infrastructure and personnel costs. For example, a typical production-scale web application will generate an estimated monthly bill of $6. If you follow along the instructions in this blog post, your estimated monthly bill for Secrets Manager will be $1. Note: you may incur additional charges for using Amazon RDS and Amazon Lambda, if you’ve already consumed the free tier for these services.

• Now that you’re familiar with Secrets Manager features, I’ll show you how to store and automatically rotate credentials for an Oracle database hosted on Amazon RDS. I divided these instructions into three phases:

  1. Phase 1: Store and configure rotation for the superuser credential

  2. Phase 2: Store and configure rotation for the application credential

  3. Phase 3: Retrieve the credential from Secrets Manager programmatically

Question 35/71

• A company wants to use a server less compute service for an application. When AWS service will meet tins requirement?

A. AWS Elastic Beanstalk

B. AWS Lambda

C. AWS CloudFormation

D. Elastic Load Balancing

Correct Answer: B

Question 36/71

• A company needs a centralized, secure way to create and manage cryptographic keys. The company will use the keys across a wide range of AWS services and applications. The company needs to track and document when the keys are created, used, and deleted. Which AWS service or feature will meet these requirements?

A. AWS Secrets Manager

B. AWS License Manager

C. AWS Systems Manager Parameter Store

D. AWS Key Management Service (AWS KMS)

Correct Answer: D

• AWS Key Management Service (AWS KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

Question 37/71

• Which AWS service is a fully hosted version control service?

A. AWS CodeDeploy

B. AWS CodeBuild

C. AWS CodeCommit

D. AWS CodeStar

Correct Answer: C

Question 38/71

• A user needs the ability to access as many resources as are needed. The user also needs the ability to scale up and scale down with only a few minutes of notice. Which benefit of the AWS Cloud describes these abilities?

A. Economy of scale

B. Pay-as-you-go pricing

C. Ratability

D. Elasticity

Correct Answer: D

Question 39/71

• How can a user protect an Amazon EC2 instance from a suspicious IP address?

A. Block the IP on the outbound rule of a security group.

B. Block the IP on the inbound rule of a security group and network ACL.

C. Block the IP on the outbound rule of a security group and network ACL.

D. Block the IP on the inbound rule of a network ACL.

Correct Answer: D

Question 40/71

• Which of the following gives a company the ability to fake advantage of tiered pricing tor services across multiple AWS member accounts?

A. AWS Organizations consolidated billing

B. AWS Organizations service control policies (SCPs)

C. All Upfront Reserved instances

D. Cost Explorer utilization reports

Correct Answer: A

Question 41/71

• Which pillar of the AWS Well-Architected Framework includes the continual improvement of processes and procedures as a priority?

A. Performance efficiency

B. Operational excellence

C. Reliability

D. Cost optimization

Correct Answer: B

Question 42/71

• Which of the following are characteristics of a serverless application that runs in the AWS Cloud? (Select TWO.)

A. Users have a choice of operating systems.

B. The application has built-in fault tolerance.

C. The application can scale based on demand.

D. Users can run Amazon EC2 Spot Instances.

E. Users must manually configure Amazon EC2 instances.

Correct Answer: B,C

Question 43/71

• A company needs to run an application on Amazon EC2 instances. The instances cannot be interrupted at any time. The company needs an instance purch asing option that requires no long-term commitment or upfront payment. Which instance purchasing option will meet these requirements MOST cost-effectively?

A. On-Demand Instances

B. Spot Instances

C. Reserved Instances

D. Dedicated Hosts

Correct Answer: A

Question 44/71

• Which of the following are AWS compute services? (Select TWO.)

A. Amazon Lightsail

B. AWS Systems Manager

C. AWS CloudFormation

D. AWS Batch

E. Amazon Inspector

Correct Answer: A,D

• Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project - a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP address - for a low, predictable price.

• AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory-optimized instances) based on the volume and specific resource requirements of the batch jobs submitted. With AWS Batch, there is no need to install and manage batch computing software or server clusters that you use to run your jobs, allowing you to focus on analyzing results and solving problems. AWS Batch plans, schedules, and runs your batch computing workloads across the full range of AWS compute services and features, such as Amazon EC2 and Spot Instances.

Question 45/71

• A company wants to migrate its on-premises Microsoft SQL Server database server to the AWS Cloud. The company has decided to use Amazon EC2 instances to run this database. Which of the following is the company responsible for managing, according to the AWS shared responsibility model?

A. Network connectivity of the host server

B. EC2 hypervisor

C. Security patching of the guest operating system

D. Uptime service level agreement (SLA) for the EC2 instances

Correct Answer: C

Question 46/71

• Which Amazon S3 feature or storage class uses the AWS backbone network and edge locations to reduce latencies from the end user to Amazon S3?

A. S3 Cross-Region Replication

B. S3 Transfer Acceleration

C. S3 Event Notifications

D. S3 Standard-Infrequent Access (S3 Standard-IA)

Correct Answer: B

Question 47/71

• Which of the following is available to a company that has an AWS Business Support plan?

A. AWS Health API

B. AWS DDoS Response Team (DRT)

C. AWS technical account manager (TAM)

D. AWS Support concierge

Correct Answer: A

Question 48/71

• Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?

A. Agility

B. Durability

C. Reliability

D. Elasticity

Correct Answer: D

Question 49/71

• A company wants to build an application that consists entirely of microservices. Which AWS Cloud architecture design principle supports this goal?

A. Think parallel

B. Implement elasticity

C. Decouple components

D. Stop guessing capacity

Correct Answer: C

Question 50/71

• A user has been granted permission to change their own IAM user password. Which AWS services can the user use to change the password? (Select TWO.)

A. AWS Management Console

B. AWS Key Management Service (AWS KMS)

C. AWS Command Line Interface (AWS CLI)

D. AWS Resource Access Manager (AWS RAM)

E. AWS Secrets Manager

Correct Answer: A,C

Question 51/71

• A company recently created its first AWS account. Which AWS services will require the use of a VPC? (Select TWO.)

A. Amazon Cognito

B. Amazon EC2

C. Amazon DynamoDB

D. Amazon S3

E. Amazon Elastic File System (Amazon EFS)

Correct Answer: B,E

Question 52/71

• A company is running a workload on AWS. The company wants to protect the workload from DDoS attacks. When AWS service will meet these requirements?

A. Amazon VPC

B. AWS Shield

C. AWS Artifact

D. AWS Identity and Access Management (IAM)

Correct Answer: B

Question 53/71

• Which AWS service should a company use to create a NoSQL database?

A. Amazon DynamoDB

B. Amazon Aurora

C. Amazon Redshift

D. Amazon Neptune

Correct Answer: A

Question 54/71

• Which benefit of cloud computing gives a company the ability to deploy applications to users all over the world through a network of AWS Regions, Availability Zones, and edge locations?

A. Economy of scale

B. High availability

C. Global reach

D. Agility

Correct Answer: C

Question 55/71

• A company discovered unauthorized access to resources in its on-premises data center. Upon investigation, the company found that the requests originated from a resource hosted on AWS. Which AWS team should the company contact to report this issue?

A. AWS Customer Service team

B. AWS Abuse team

C. AWS Sales team

D. AWS Technical Support team

Correct Answer: D

Question 56/71

• Which AWS service supports the analysis, investigation, and identification of the root cause of security events and suspicious activities in an AWS account?

A. Amazon Detective

B. Amazon Inspector

C. Amazon CloudWatch

D. Amazon Macie

Correct Answer: B

Question 57/71

• A company is using Amazon RDS. Which task is the company’s responsibility, according to the AWS shared responsibility model?

A. Apply encryption options for the database.

B. Manage the underlying server hardware on which Amazon RDS runs.

C. Apply patches to the underlying operating system.

D. Apply minor patches to the database.

Correct Answer: A

Question 58/71

• Which AWS service provides intelligent recommendations to improve code quality and identify an application is most expensive lines of code?

A. AWS CodeCommit

B. AWS CodeDeploy

C. Amazon CodeGuru

D. AWS CodeStar

Correct Answer: C

Question 59/71

• Which of the following consists of one or more isolated data centers in the same regional area that are interconnected through low-latency networks?

A. Edge location

B. Private networking

C. AWS Region

D. Availability Zone

Correct Answer: D

Question 60/71

• Which AWS benefit enables users to deploy cloud infrastructure that consists of multiple geographic regions connected by a network with low latency, high throughput, and redundancy?

A. Economies of scale

B. Security

C. Elasticity

D. Global reach

Correct Answer: D

• The AWS Global Cloud Infrastructure is the most secure, extensive, and reliable cloud platform, offering over 200 fully featured services from data centers globally. Whether you need to deploy your application workloads across the globe in a single click, or you want to build and deploy specific applications closer to your end-users with single-digit millisecond latency, AWS provides you the cloud infrastructure where and when you need it.

Question 61/71

• A retail company is building a new mobile app. The company is evaluating whether to build the app at an on-premises data center or in the AWS Cloud. Which of the following are benefits of building this app in the AWS Cloud? (Select TWO.)

A. A large, upfront capital expense and low variable expenses

B. Complete control over the physical security of the infrastructure

C. Increased speed for trying out new projects

D. Ability to pick the specific data centers that will host the application servers

E. Flexibility to scale up in minutes as the application becomes popular

Correct Answer: C,E

Question 62/71

• What are characteristics of AWS IAM users and groups? (Select TWO.)

A. Groups can be nested and can contain other groups.

B. All new users are automatically added to a default group

C. Groups can contain users only and cannot be nested

D. A user can be a member of multiple groups

E. A user can only be a member of a single group at one time.

Correct Answer: C,D

Question 63/71

• A company stores configuration files in an Amazon S3 bucket. These configuration files must be accessed by applications that are running on Amazon EC2 instances. According to AWS security best practices, how should the company grant permissions to allow the applications to access the S3 bucket?

A. Use the AWS account root user access keys.

B. Use an IAM role with the necessary permissions.

C. Activate multi-factor authentication (MFA) and versioning on the S3 bucket.

D. Use the AWS access key ID and the EC2 secret access key.

Correct Answer: B

Question 64/71

• A company is considering implementing a new workload m the AWS Cloud However, the company first wants to forecast the potential cost. Which tool should the company use to estimate the cost of the workload?

A. Cost Explorer

B. AWS Billing and Cost Management dashboard

C. AWS Pricing Calculator

D. AWS Cost and Usage Report

Correct Answer: C

Question 65/71

• A company needs steady and predictable performance from its Amazon EC2 instances at the lowest possible cost. The company also needs the ability to scale resources to ensure that it has the right resources available at the right time. Which AWS service or resource will meet these requirements?

A. Amazon CloudWatch

B. Application Load Balancer

C. AWS Batch

D. Amazon EC2 Auto Scaling

Correct Answer: D

• AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.

Question 66/71

• A company has an on-premises Oracle database. The company spends a significant amount of time on database administration activities. The company is moving the database to AWS and needs to minimize the time that is requited lot these administration activities Which AWS service should the company use to meet this requirement’’

A. Amazon DynamoDB

B. Amazon ElastiCache

C. Amazon EC2

D. Amazon RDS

Correct Answer: D

Question 67/71

• Which AWS services provide high availability across multiple Availability Zones by default? (Select TWO.)

A. Amazon Redshift

B. Amazon Elastic File System (Amazon EFS)

C. Amazon S3

D. Amazon Elastic Block Store (Amazon EBS)

E. Amazon EC2

Correct Answer: A,D

Question 68/71

• A company is running a Microsoft SOL Server instance on premises and is migrating its application to AWS. The company lacks the resources needed to refactor the application but management wants to reduce operational overhead as part of the migration. Which database service would MOST effectively support these requirements?

A. Amazon Redshift

B. Microsoft SQL Server on Amazon EC2

C. Amazon DynamoDB

D. Amazon RDS for SQL Server

Correct Answer: D

Question 69/71

• Which of the following are advantages of moving to the AWS Cloud? (Select TWO.)

A. Users can implement all AWS services in seconds.

B. Users experience increased speed and agility.

C. AWS assumes all responsibility for the security of infrastructure and applications.

D. Users benefits from massive economies of scale.

E. Users can more hardware from their data center to the AWS Cloud.

Correct Answer: B,D

Question 70/71

• A company needs to store code in a version control system. The company also needs to continually deploy updated code through a series of automated steps (build test package and deploy). Which combination of AWS services will meet these requirements? (Select TWO.)

A. AWS CloudFormation

B. AWS CodeCommit

C. AWS Control Tower

D. AWS CodePipeline

E. AWS Elastic Beanstalk

Correct Answer: B,D

Question 71/71

• A company wants to receive alerts when resources that are launched in the company’s AWS account reach 80% of their service quotas. Which AWS service should the company use to meet this requirement?

A. AWS Trusted Advisor

B. Amazon inspector

C. AWS Config

D. AWS CloudTrail

Correct Answer: A

Dump 2 - Exam Topics - 31-01-2023

Question #1

• A company is planning to run a global marketing application in the AWS Cloud. The application will feature videos that can be viewed by users. The company must ensure that all users can view these videos with low latency. Which AWS service should the company use to meet this requirement?

A. AWS Auto Scaling

B. Amazon Kinesis Video Streams

C. Elastic Load Balancing

D. Amazon CloudFront

Correct Answer: D

Question #2

• Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?

A. Security

B. Reliability

C. Performance efficiency

D. Cost optimization

Correct Answer: B

Question #3

• Which of the following are benefits of migrating to the AWS Cloud? (Choose two.)

A. Operational resilience

B. Discounts for products on Amazon.com

C. Business agility

D. Business excellence

E. Increased staff retention

Correct Answer: A, C

Question #4

• A company is planning to replace its physical on-premises compute servers with AWS serverless compute services. The company wants to be able to take advantage of advanced technologies quickly after the migration. Which pillar of the AWS Well-Architected Framework does this plan represent?

A. Security

B. Performance efficiency

C. Operational excellence

D. Reliability

Correct Answer: B

Question #5

• A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances. Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased. The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances. Which AWS service or tool should the company use to meet these requirements?

A. AWS Systems Manager

B. Cost Explorer

C. AWS Trusted Advisor

D. AWS Organizations

Correct Examtopic Answer: B

Correct Community Answer: D

• Explanation: https://aws.amazon.com/ru/organizations/

It has to be D because the cost explorer is for managing the “AWS COST & USAGE”, while the AWS organization is for managing the “ACCOUNTS”.

AWS Organizations When your account is managed by AWS Organizations, you can take advantage of that to share resources more easily. With or without Organizations, a user can share with individual accounts. However, if your account is in an organization, then you can share with individual accounts, or with all accounts in the organization or in an OU without having to enumerate each account.

https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html#getting-started-sharing-orgs

Question #6

• Which component of the AWS global infrastructure is made up of one or more discrete data centers that have redundant power, networking, and connectivity?

A. AWS Region

B. Availability Zone

C. Edge location

D. AWS Outposts

Correct Answer: B

Question #7

• Which duties are the responsibility of a company that is using AWS Lambda? (Choose two.)

A. Security inside of code

B. Selection of CPU resources

C. Patching of operating system

D. Writing and updating of code

E. Security of underlying infrastructure

Correct Answer: A, D

Question #8

• Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)

A. EC2 Reserved Instances

B. EC2 Amazon Machine Images (AMIs)

C. Amazon Elastic Block Store (Amazon EBS) snapshots

D. AWS Shield

E. Amazon GuardDuty

Correct Answer: B, C

Question #9

• A company is migrating to the AWS Cloud instead of running its infrastructure on premises. Which of the following are advantages of this migration? (Choose two.)

A. Elimination of the need to perform security auditing

B. Increased global reach and agility

C. Ability to deploy globally in minutes

D. Elimination of the cost of IT staff members

E. Redundancy by default for all compute services

Correct Examtopics Answer: B, D

Correct Community Answer: B, C

• Explanation:

The six advantages of cloud computing are:

• Trade upfront expense for variable expense.

• Benefit from massive economies of scale.

• Stop guessing capacity.

• Increase speed and agility. Yes B

• Stop spending money running and maintaining data centers.

• Go global in minutes. YES C

Additional reference to support the answers B, C. Refer to: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Adding to the fact that it must be B & C the correct answers, at the end of the day you’ll still need someone to manage your IT workloads in the cloud, you can’t just fire them all even if C is already part of the B to some extent, where AWS always a money saver on IT Staff spending.

Question 10

• A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The application cannot sustain any interruption. The application experiences a predictable amount of usage, including some seasonal spikes that last only a few weeks at a time. It is not possible to modify the application. Which purchase option meets these requirements MOST cost-effectively?

A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to cover the predicted and seasonal load.

B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run on Spot Instances.

C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to run at an On-Demand rate.

D. Buy Reserved Instances to cover all potential usage that results from the seasonal usage.

Correct Examtopics Answer: B

Correct Community Answer: C

• Explanation: C is the correct answer, the question explicitly mentioned that “The application cannot sustain any interruption” of which Spot Instances are ideal for workloads with flexible start and end times, or that can withstand interruptions. Ideally we want pricing that doesn’t allow interruption in this case it will be On-Demand.

Question #11

• A company wants to review its monthly costs of using Amazon EC2 and Amazon RDS for the past year. Which AWS service or tool provides this information?

A. AWS Trusted Advisor

B. Cost Explorer

C. Amazon Forecast

D. Amazon CloudWatch

Correct Answer: B

Question #12

• A company wants to migrate a critical application to AWS. The application has a short runtime. The application is invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes operational efficiency and minimizes the cost of running the application. Which AWS solution should the company use to meet these requirements?

A. Amazon EC2 On-Demand Instances

B. AWS Lambda

C. Amazon EC2 Reserved Instances

D. Amazon EC2 Spot Instances

Correct Answer: B

Question #13

• Which AWS service or feature allows users to connect with and deploy AWS services programmatically?

A. AWS Management Console

B. AWS Cloud9

C. AWS CodePipeline

D. AWS software development kits (SDKs)

Correct Answer: D

Question #14

• A company plans to create a data lake that uses Amazon S3. Which factor will have the MOST effect on cost?

A. The selection of S3 storage tiers

B. Charges to transfer existing data into Amazon S3

C. The addition of S3 bucket policies

D. S3 ingest fees for each request

Correct Answer: A

Question #15

• A company is launching an ecommerce application that must always be available. The application will run on Amazon EC2 instances continuously for the next 12 months. What is the MOST cost-effective instance purchasing option that meets these requirements?

A. Spot Instances

B. Savings Plans

C. Dedicated Hosts

D. On-Demand Instances

Correct Answer: B

Question #16

• Which AWS service or feature can a company use to determine which business unit is using specific AWS resources?

A. Cost allocation tags

B. Key pairs

C. Amazon Inspector

D. AWS Trusted Advisor

Correct Answer: A

Question #17

• A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing. Which AWS service or feature will help the company with its migration?

A. AWS Trusted Advisor

B. AWS Consulting Partners

C. AWS Artifacts

D. AWS Managed Services

Correct Answer: D

• Explanation: Altough you still need expertise to use managed services. An APN Consulting Partner helps an AWS customer implement and manage an AWS cloud deployment. These types of partners include system integrators, managed services providers, and other consultancies and agencies. An APN Technology Partner provides software tools and services that are hosted on or integrated with AWS. They help customers design, architect, build, migrate, and manage workloads and applications on Amazon Web Services.

https://d1.awsstatic.com/partner-network/APN_Consulting-Benefits_Brochure-Digital.pdf

The question, mentions that the company “lacks expertise”. This means that the answer should be something that provides that. By choosing D we are “trying” to remove the need of that expertise, even tough is arguable because you still need some degree of expertise to do use managed services. AWS Consulting Partners is a service that is provided by Amazon. In this case is not a cloud service but is a service where Amazon is working constantly to provide a vetted list of Partners that provide good expertise. Being what mostly makes sense the answer being B.

But answer may be indeed D. Look into this video https://www.youtube.com/watch?v=OCK8GCImWZw&t=98 starting from 10:49. Also agree with fryderyk comment i.e “ A case study from AWS website seems to support the idea that it’s the Managed Services: https://aws.amazon.com/solutions/case-studies/origin-energy-case-study/ “

Being B more of a feature then a service, like it says in question it may be B also. Maybe its both.

uestion #18

• Which AWS service or tool should a company use to centrally request and track service limit increases?

A. AWS Config

B. Service Quotas Most Voted

C. AWS Service Catalog

D. AWS Budgets

Correct Answer: B

Question #19

• Which documentation does AWS Artifact provide?

A. Amazon EC2 terms and conditions

B. AWS ISO certifications

C. A history of a company’s AWS spending

D. A list of previous-generation Amazon EC2 instance types

Correct Answer: B

Question #20

• Which task requires using AWS account root user credentials?

A. Viewing billing information

B. Changing the AWS Support plan

C. Starting and stopping Amazon EC2 instances

D. Opening an AWS Support case

Correct Answer: B

Question #21 Topic 1

• A company needs to simultaneously process hundreds of requests from different users. Which combination of AWS services should the company use to build an operationally efficient solution?

A. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda

B. AWS Data Pipeline and Amazon EC2

C. Amazon Kinesis and Amazon Athena

D. AWS Amplify and AWS AppSync

Correct Examtopic Answer: B <- This is wrong obviously

Correct Community Answer: A

Question #22

• What is the scope of a VPC within the AWS network?

A. A VPC can span all Availability Zones globally.

B. A VPC must span at least two subnets in each AWS Region.

C. A VPC must span at least two edge locations in each AWS Region.

D. A VPC can span all Availability Zones within an AWS Region.

Correct Answer: D

Question #23

• Which of the following are components of an AWS Site-to-Site VPN connection? (Choose two.)

A. AWS Storage Gateway

B. Virtual private gateway

C. NAT gateway

D. Customer gateway

E. Internet gateway

Correct Answer: B, D

Question #24

• A company needs to establish a connection between two VPCs. The VPCs are located in two different AWS Regions. The company wants to use the existing infrastructure of the VPCs for this connection. Which AWS service or feature can be used to establish this connection?

A. AWS Client VPN

B. VPC peering

C. AWS Direct Connect

D. VPC endpoints

Correct Answer: B

Reference: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

Question #25

• According to the AWS shared responsibility model, what responsibility does a customer have when using Amazon RDS to host a database?

A. Manage connections to the database

B. Install Microsoft SQL Server

C. Design encryption-at-rest strategies

D. Apply minor database patches

Correct Answer: A

Question #26

• What are some advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises? (Choose two.)

A. EC2 includes operating system patch management.

B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM).

C. EC2 has a 100% service level agreement (SLA).

D. EC2 has a flexible, pay-as-you-go pricing model.

E. EC2 has automatic storage cost optimization.

Correct Answer: D, E

Question #27

• A user needs to determine whether an Amazon EC2 instance’s security groups were modified in the last month. How can the user see if a change was made?

A. Use Amazon EC2 to see if the security group was changed.

B. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group.

C. Use AWS CloudTrail to see if the security group was changed.

D. Use Amazon CloudWatch to see if the security group was changed.

Correct Answer: C

Question #28

Which AWS service will help protect applications running on AWS from DDoS attacks?

A. Amazon GuardDuty

B. AWS WAF

C. AWS Shield

D. Amazon Inspector

Correct Answer: C

Question #29

• Which AWS service or feature acts as a firewall for Amazon EC2 instances?

A. Network ACL

B. Elastic network interface

C. Amazon VPC

D. Security group

Correct Answer: D

Question #30

• How does the AWS Cloud pricing model differ from the traditional on-premises storage pricing model?

A. AWS resources do not incur costs

B. There are no infrastructure operating costs

C. There are no upfront cost commitments

D. There are no software licensing costs

Correct ExamTopic Answer: B - because in AWS you pay for storage, compute, etc. You don’t pay for infra ops directly. On the other hand you can make commitments with saving plans or reserved instances. (but: the question is specific to Storage.. there are no upfront commitments (savings plan etc apply to ec2 instances only))

Correct Community Answer: C - No Capex, Only Opex. No upfront or capital expenditure. But On premise or AWS will have operational expenditure (OpEx), and the same is managed/covered by the fees you pay for AWS. - the question is specific to Storage.. there are no upfront commitments (savings plan etc apply to ec2 instances only)

• Explanation: CapEx vs. OpEx: An Overview

There are a variety of costs and expenses which companies have to pay in order to continue running their businesses. These costs can be one-off or they can be recurring, and it can often be challenging to keep up with all of these expenses. But how are they able to keep track of all of them?

One way is to divide them up into different categories—the most common of which are capital expenditures (CapEx) and operating expenses (OpEx). Capital expenditures are major purchases that a company makes, which are used over the long term. Operating expenses, on the other hand, are the day-to-day expenses that a company incurs to keep its business running.

Question #31

• A company has a single Amazon EC2 instance. The company wants to adopt a highly available architecture. What can the company do to meet this requirement?

A. Scale vertically to a larger EC2 instance size.

B. Scale horizontally across multiple Availability Zones.

C. Purchase an EC2 Dedicated Instance.

D. Change the EC2 instance family to a compute optimized instance.

Correct Answer: B

Question #32

• A company’s on-premises application deployment cycle was 3-4 weeks. After migrating to the AWS Cloud, the company can deploy the application in 2-3 days. Which benefit has this company experienced by moving to the AWS Cloud?

A. Elasticity

B. Flexibility

C. Agility

D. Resilience

Correct Examtopics Answer: A

Correct Community Answer: C

• Explanation: Answer is C. This is the definition of agility as per AWS : Increase speed and agility – In a cloud computing environment, new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes. This results in a dramatic increase in agility for the organization, since the cost and time it takes to experiment and develop is significantly lower. Elasticity basically means scaling up/down when needed since they are talking about Application not hosts, so it should be Agility not Elasticity. - https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Question #33

• Which of the following are included in AWS Enterprise Support? (Choose two.)

A. AWS technical account manager (TAM)

B. AWS partner-led support

C. AWS Professional Services

D. Support of third-party software integration to AWS

E. 5-minute response time for critical issues

Correct Answer: A, D

https://i.ytimg.com/vi/0LQcq_zyNmg/maxresdefault.jpg

Explanation:

• Guidance, configuration, and troubleshooting of AWS interoperability with many common operating systems, platforms, and application stack components.) https://aws.amazon.com/premiumsupport/plans/enterprise/
• The word integration in option D seems confusing. Since AWS does provide third-party application support, D seems like the correct choice along with A https://aws.amazon.com/premiumsupport/third-party-applications/
• Not E, because it’s it’s 15min not 5 min (it’s a “< 15 mins”)

Question #34

• A global media company uses AWS Organizations to manage multiple AWS accounts. Which AWS service or feature can the company use to limit the access to AWS services for member accounts?

A. AWS Identity and Access Management (IAM)

B. Service control policies (SCPs)

C. Organizational units (OUs)

D. Access control lists (ACLs)

Correct Examtopic Answer: C

Correct Community Answer: B

• Explanation: Must be B (SCPs)

https://aws.amazon.com/blogs/industries/best-practices-for-aws-organizations-service-control-policies-in-a-multi-account-environment/#:~:text=One%20of%20the%20features%20from,each%20member%20account%20can%20access.

• **One of the features from AWS Organizations is SCPs, which helps you specify the maximum permissions for member accounts in the organization. **

Question #35

• A company wants to limit its employees’ AWS access to a portfolio of predefined AWS resources. Which AWS solution should the company use to meet this requirement?

A. AWS Config

B. AWS software development kits (SDKs)

C. AWS Service Catalog

D. AWS AppSync

Correct Answer: C

Question #36

• An online company was running a workload on premises and was struggling to launch new products and features. After migrating the workload to AWS, the company can quickly launch products and features and can scale its infrastructure as required. Which AWS Cloud value proposition does this scenario describe?

A. Business agility

B. High availability

C. Security

D. Centralized auditing

Correct Answer: A

Question #37

• Which of the following are advantages of the AWS Cloud? (Choose two.)

A. AWS management of user-owned infrastructure

B. Ability to quickly change required capacity

C. High economies of scale

D. Increased deployment time to market

E. Increased fixed expenses

Correct Answer: B, C

Question #38

• AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of users. This describes which advantage of the AWS Cloud?

A. Launch globally in minutes

B. Increase speed and agility

C. High economies of scale

D. No guessing about compute capacity

Correct Answer: C

Question #39

• A company has a database server that is always running. The company hosts the server on Amazon EC2 instances. The instance sizes are suitable for the workload. The workload will run for 1 year. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A. Standard Reserved Instances

B. On-Demand Instances

C. Spot Instances

D. Convertible Reserved Instances

Correct Answer: A

Question #40

• A company is developing a mobile app that needs a high-performance NoSQL database. Which AWS services could the company use for this database? (Choose two.)

A. Amazon Aurora

B. Amazon RDS

C. Amazon Redshift

D. Amazon DocumentDB (with MongoDB compatibility)

E. Amazon DynamoDB

Correct Examtopics Answer: B, E

Correct Community Answer: D, E

Explanation: RDS is a SQL based DB. So it has to be D and E.

Question #41

• Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)

A. Patch the Amazon EC2 guest operating system.

B. Upgrade the firmware of the network infrastructure.

C. Apply password rotation for IAM users.

D. Maintain the physical security of edge locations.

E. Maintain least privilege access to the root user account.

Correct Answer: B, D

Question #42

• Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.)

A. They are stateless.

B. They are stateful.

C. They evaluate all rules before allowing traffic.

D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.

E. They operate at the instance level.

Correct Answer: A, D

Question #43

A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve supporting processes. Which pillar of the AWS Well-Architected Framework does this scenario represent?

A. Security

B. Performance efficiency

C. Cost optimization

D. Operational excellence

Correct Answer: D

Question #44

• Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload?

A. Amazon Route 53

B. Amazon Macie

C. AWS Direct Connect

D. AWS PrivateLink

Correct Examtopic Answer: D <- This time the guy from the site is right IMHO.

Correct Community Answer: C

• Explanation: It has to be D. Because: Its a workload and not a network connection. “AWS Direct Connect allows to create a private, dedicated network connection from on-premises data center to your VPC, but it does not create a direct private connection between a specific on-premises application and an AWS Cloud service. Direct Connect is a network-level connection, it allows you to connect your on-premises network to your VPC, but it does not provide a direct, application-level connection between your on-premises application and an AWS Cloud service. To create a private connection between a specific on-premises application and an AWS Cloud service, you can use VPC endpoint services (such as PrivateLink) to access the service over an Amazon VPC endpoint, rather than over external network infrastructure. This provides increased security and performance by eliminating the need to traverse external networks.” - https://aws.amazon.com/privatelink/

AWS PrivateLink provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet. Interface VPC endpoints, powered by PrivateLink, connect you to services hosted by AWS Partners and supported solutions available in AWS Marketplace.

Private Connection may be the keyword along with workload on-premises.

For Direct Conn4ect to be private needs the Sitelink: With AWS Direct Connect SiteLink, you can send data between AWS Direct Connect locations to create private network connections between the offices and data centers in your global network. It’s a feature from AWS Direct Connect (DX) - https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-direct-connect-sitelink/

Question #45

• A company needs to graphically visualize AWS billing and usage over time. The company also needs information about its AWS monthly costs. Which AWS Billing and Cost Management tool provides this data in a graphical format?

A. AWS Bills

B. Cost Explorer

C. AWS Cost and Usage Report

D. AWS Budgets

Correct Answer: B

Question #46

• A company wants to run production workloads on AWS. The company needs concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week. Which AWS Support plan will meet these requirements?

A. AWS Basic Support

B. AWS Enterprise Support

C. AWS Business Support

D. AWS Developer Support

Correct Answer: B

Question #47

• Which architecture design principle describes the need to isolate failures between dependent components in the AWS Cloud?

A. Use a monolithic design.

B. Design for automation.

C. Design for single points of failure.

D. Loosely couple components.

Correct Answer: D

Question #48

• Which AWS services are managed database services? (Choose two.)

A. Amazon Elastic Block Store (Amazon EBS)

B. Amazon S3

C. Amazon RDS

D. Amazon Elastic File System (Amazon EFS)

E. Amazon DynamoDB

Correct Answer: C, E

• Explanation: A , B & D are Storage Services.. and C & E are Database Services. KEYWORD here is DATABASE

Question #49

• A company is using the AWS Free Tier for several AWS services for an application. What will happen if the Free Tier usage period expires or if the application use exceeds the Free Tier usage limits?

A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage.

B. AWS Support will contact the company to set up standard service charges.

C. The company will be charged for the services it consumed during the Free Tier period, plus additional charges for service consumption after the Free Tier period.

D. The company’s AWS account will be frozen and can be restarted after a payment plan is established.

Correct Answer: A

Question #50

• A company recently deployed an Amazon RDS instance in its VPC. The company needs to implement a stateful firewall to limit traffic to the private corporate network. Which AWS service or feature should the company use to limit network traffic directly to its RDS instance?

A. Network ACLs

B. Security groups

C. AWS WAF

D. Amazon GuardDuty

Correct Examtopic Answer: C

Correct Community Answer: B

• Explanation:

It has to be B. Again, same old topic; the keyword here is STATEFUL:

• stateless: Netwrok ACL

• stateful: security group

• AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources. You can protect the following resource types:

• Amazon CloudFront distribution

• Amazon API Gateway REST API

• Application Load Balancer

• AWS AppSync GraphQL API

• Amazon Cognito user pool

• “Security groups are stateful”. Hence sec group is the right answer.

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html

• https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

WAF is for internet and web application/services. Hence not the answer.

Question #51

• Which AWS service uses machine learning to help discover, monitor, and protect sensitive data that is stored in Amazon S3 buckets?

A. AWS Shield

B. Amazon Macie

C. AWS Network Firewall

D. Amazon Cognito

Correct Answer: B

Question #52

• A company wants to improve the overall availability and performance of its applications that are hosted on AWS. Which AWS service should the company use?

A. Amazon Connect

B. Amazon Lightsail

C. AWS Global Accelerator

D. AWS Storage Gateway

Correct Answer: C

Question #53

• Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

A. AWS Service Catalog

B. AWS Systems Manager

C. AWS IAM Access Analyzer

D. AWS Organizations

Correct Answer: C

Question #54

• A company does not want to rely on elaborate forecasting to determine its usage of compute resources. Instead, the company wants to pay only for the resources that it uses. The company also needs the ability to increase or decrease its resource usage to meet business requirements. Which pillar of the AWS Well-Architected Framework aligns with these requirements?

A. Operational excellence B. Security C. Reliability D. Cost optimization

Correct Answer: D

Question #55

• A company wants to launch its workload on AWS and requires the system to automatically recover from failure. Which pillar of the AWS Well-Architected Framework includes this requirement?

A. Cost optimization

B. Operational excellence

C. Performance efficiency

D. Reliability

Correct Answer: D

Question #56

• A large enterprise with multiple VPCs in several AWS Regions around the world needs to connect and centrally manage network connectivity between its VPCs. Which AWS service or feature meets these requirements?

A. AWS Direct Connect

B. AWS Transit Gateway

C. AWS Site-to-Site VPN

D. VPC endpoints

Correct Answer: B

Question #57

• Which AWS service supports the creation of visual reports from AWS Cost and Usage Report data?

A. Amazon Athena

B. Amazon QuickSight

C. Amazon CloudWatch

D. AWS Organizations

Correct ExamTopics Answer: A

Correct Community Answer: B

Quicksight ~ MS PowerBI / Tableau. Answer is Quicksight. Athena can also read from the S3 bucket in which CUR data is stored but there is no report visulalization capability in Athena. You can create a simple tabular report in Athena. - https://docs.aws.amazon.com/cur/latest/userguide/cur-query-athena.html

“For Enable report data integration for, select whether you want to enable your Cost and Usage Reports to integrate with Amazon Athena, Amazon Redshift, or Amazon QuickSight. The report is compressed in the following formats:

• Athena: parquet format
• Amazon Redshift or Amazon QuickSight: .gz compression”

https://docs.aws.amazon.com/cur/latest/userguide/cur-create.html

Question #58

• Which AWS service should be used to monitor Amazon EC2 instances for CPU and network utilization?

A. Amazon Inspector

B. AWS CloudTrail

C. Amazon CloudWatch

D. AWS Config

Correct Answer: C

Question #59

• A company is preparing to launch a new web store that is expected to receive high traffic for an upcoming event. The web store runs only on AWS, and the company has an AWS Enterprise Support plan. Which AWS resource will provide guidance about how the company should scale its architecture and operational support during the event?

A. AWS Abuse team

B. The designated AWS technical account manager (TAM)

C. AWS infrastructure event management

D. AWS Professional Services

Correct Examtopic Answer: B

Correct Community Answer: C

• Explanation: Its an event as the documentation states: https://aws.amazon.com/premiumsupport/programs/iem/

  AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. For these events, AWS Infrastructure Event Management will help you assess operational readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The program is included in the Enterprise Support plan and is available to Business Support customers for an additional fee.

The correct answer should be C.

Altough: As per the https://aws.amazon.com/premiumsupport/plans/enterprise/. Enterprise support plan is having AWS IEM covered under TAM.

And a Technical Account Manager (TAM) is your designated technical point of contact who helps you onboard, provides advocacy and guidance to help plan and build solutions using best practices, coordinates access to subject matter experts, assists with case management, presents insights and recommendations on your AWS spend, workload optimization, and event management, and proactively keeps your AWS environment healthy. Here it is mentioned TAM helps you in event management as well so if you have Enterprise support. So it’s a weird one. Majority of the Community goes with C

Question #60

• A user wants to deploy a service to the AWS Cloud by using infrastructure-as-code (IaC) principles. Which AWS service can be used to meet this requirement?

A. AWS Systems Manager

B. AWS CloudFormation

C. AWS CodeCommit

D. AWS Config

Correct Answer: B

Question #61

• A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify billing processes. Which AWS service or tool should the company use to meet these requirements?

A. AWS Organizations

B. Cost Explorer

C. AWS Budgets

D. AWS Trusted Advisor

Correct Answer: A

Question #62

• Which IT controls do AWS and the customer share, according to the AWS shared responsibility model? (Choose two.)

A. Physical and environmental controls

B. Patch management

C. Cloud awareness and training

D. Zone security

E. Application data encryption

Correct Answer: B, C

Question #63

• A company is launching an application in the AWS Cloud. The application will use Amazon S3 storage. A large team of researchers will have shared access to the data. The company must be able to recover data that is accidentally overwritten or deleted. Which S3 feature should the company turn on to meet this requirement?

A. Server access logging

B. S3 Versioning

C. S3 Lifecycle rules

D. Encryption in transit and at rest

Correct Answer: B

Question #64

• A manufacturing company has a critical application that runs at a remote site that has a slow internet connection. The company wants to migrate the workload to AWS. The application is sensitive to latency and interruptions in connectivity. The company wants a solution that can host this application with minimum latency. Which AWS service or feature should the company use to meet these requirements?

A. Availability Zones

B. AWS Local Zones

C. AWS Wavelength

D. AWS Outposts

Correct Examtopic and 51% of Community Answer: B

Correct 49% of Community Answer: D

• Explanation: AWS Outposts is designed for workloads that need to remain on-premises due to latency requirements, where customers want that workload to run seamlessly with the rest of their other workloads in AWS.

AWS Local Zones are a new type of AWS infrastructure designed to run workloads that require single-digit millisecond latency, like video rendering and graphics intensive, virtual desktop applications. Not every customer wants to operate their own on-premises data center, while others may be interested in getting rid of their local data center entirely. Local Zones allow customers to gain all the benefits of having compute and storage resources closer to end-users, without the need to own and operate their own data center infrastructure.

(D) AWS Outposts could be the best fit here. Since the client is migrating only the workloads on AWS while (B) AWS Local Zone wants to get rid of hosting its on-prem data center.

But although outposts would mostly solve it, the text states: “A manufacturing company has a critical application that runs at a remote site that has a slow internet connection”. The slow internet connection is the problem, doing Outpost won’t fix this. Local Zone will. Since both Outposts and Local Zones fit a customer’s use case and requirements, then Local Zones will be the preferred choice.

AWS Local Zones are designed to bring the power of AWS to select geographic locations closer to users and customers, providing low-latency access to services. This service allows customers to run compute and storage resources in an on-premises environment, while still using the same APIs and management tools as the rest of their AWS infrastructure. This could be a good solution for a manufacturing company that wants to host a critical application with minimal latency.

The answer is B and not D. We use AWS outposts when we want to use local AWS Services in on-premises data centres, but the question here specifically mentions that they want to migrate their workload into the cloud. Therefore, we can AWS outposts to place your resources closer to end users.

Question #65

• A company wants to migrate its applications from its on-premises data center to a VPC in the AWS Cloud. These applications will need to access on-premises resources. Which actions will meet these requirements? (Choose two.)

A. Use AWS Service Catalog to identify a list of on-premises resources that can be migrated.

B. Create a VPN connection between an on-premises device and a virtual private gateway in the VPC.

C. Use an Amazon CloudFront distribution and configure it to accelerate content delivery close to the on-premises resources.

D. Set up an AWS Direct Connect connection between the on-premises data center and AWS.

E. Use Amazon CloudFront to restrict access to static web content provided through the on-premises web servers.

Correct Examtopics Answer: A, D

Correct Examtopics Answer: B, D

Explanation: It has to be B and D because: https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-vpn.html

Can’t be A: Regarding Service Catalog (SC), ‘This helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need (link below).’ The question never said anything about requiring the services SC provides. The customer may benefit from SC but it’s not needed to meet their requirements. https://aws.amazon.com/servicecatalog/?aws-service-catalog.sort-by=item.additionalFields.createdDate&aws-service-catalog.sort-order=desc

Question #66

• A company wants to use the AWS Cloud to provide secure access to desktop applications that are running in a fully managed environment. Which AWS service should the company use to meet this requirement?

A. Amazon S3

B. Amazon AppStream 2.0

C. AWS AppSync

D. AWS Outposts

Correct Examtopics Answer: A (doesn’t make any sense)

Correct Community Answer: B

• Explanation: Answer has to be B. AppStream 2.0 is a fully managed application streaming service that provides users instant access to their desktop applications from anywhere. https://aws.amazon.com/pm/appstream2/?trk=11ff099d-a664-4cc9-bb3f-ef7173e10b69&sc_channel=ps&s_kwcid=AL!4422!3!593877466233!e!!g!!aws%20appstream&ef_id=Cj0KCQjwk5ibBhDqARIsACzmgLQeX468vkRfgjdpLagjFH7clBYYketIOiDbBWGSVGCmsvdX_U2Urj4aArQBEALw_wcB:G:s&s_kwcid=AL!4422!3!593877466233!e!!g!!aws%20appstream

Secure, reliable, and scalable access to applications and non-persistent desktops from any location

• Note: Appstream is not listed on the exam guide. I see a lot of questions that are using services that are not on the exam guide. Are they even relevant? I guess they want to see if you know the rest of answers (that they actually are in the exam guide) are not valid options. It has no sense, I would write a note in the comment section of the question if this is asked.

Question #67

• A company wants to implement threat detection on its AWS infrastructure. However, the company does not want to deploy additional software. Which AWS service should the company use to meet these requirements?

A. Amazon VPC

B. Amazon EC2

C. Amazon GuardDuty

D. AWS Direct Connect

Correct Answer: C

Question #68

• Which AWS service uses edge locations?

A. Amazon Aurora

B. AWS Global Accelerator

C. Amazon Connect

D. AWS Outposts

Correct Answer: B

• Explanation: https://aws.amazon.com/global-accelerator/

Question #69

• A company needs to install an application in a Docker container. Which AWS service eliminates the need to provision and manage the container hosts?

A. AWS Fargate

B. Amazon FSx for Windows File Server

C. Amazon Elastic Container Service (Amazon ECS)

D. Amazon EC2

Correct Examtopic Answer: C <- this would be correct if you didn’t need to have the instances running to host the containers.

Correct Community Answer: A <- Fargate eliminates the need to provision and manage the container hosts.

• Explanation: Answer must be A

https://aws.amazon.com/ecs/ Optimize your time with AWS Fargate serverless compute for containers, which eliminates the need to configure and manage control plane, nodes, and instances.

https://aws.amazon.com/fargate/ Deploy and manage your applications, not infrastructure. Fargate removes the operational overhead of scaling, patching, securing, and managing servers.

It eliminates the need to provision and MANAGE the container hosts. ECS is a container orchestration service that allows you to run, stop, and MANAGE Docker containers on a cluster of EC2 instances

Question #70

• Which AWS service or feature checks access policies and offers actionable recommendations to help users set secure and functional policies?

A. AWS Systems Manager

B. AWS IAM Access Analyzer

C. AWS Trusted Advisor

D. Amazon GuardDuty

Correct Answer: B

Dump 3 - 21-01-2023

NO.1 A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud. Which costs will the company eliminate with this migration? (Select TWO.)

A. Cost of data center operations B. Cost of application licensing C. Cost of marketing campaigns D. Cost of physical server hardware E. Cost of network management

Answer: A,D

NO.2 Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Select TWO.)

A. Use the AWS account root user for daily access. B. Use access keys and secret access keys on Amazon EC2. C. Rotate credentials on a regular basis. D. Create a shared set of access keys for system administrators. E. Configure multi-factor authentication (MFA).

Answer: C,E

Explanation: If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. To delete or rotate your root user access keys, go to the My Security Credentials page in the AWS Management Console and sign in with your account’s email address and password. You can manage your access keys in the Access keys section. For more information about rotating access keys, see Rotating access keys.

NO.3 Which AWS service or tool lists all the users in an account and reports on the status of account details, including passwords, access keys, and multi-factor authentication (MFA) devices?

A. WS Shield B. AWS Trusted Advisor C. Amazon Inspector D. IAM credential report

Answer: D

Explanation: You can generate and download a credential report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices. You can get a credential report from the AWS Management Console, the AWS SDKs and Command Line Tools , or the IAM API. NO.4 Which databases are available on Amazon RDS? (Select TWO.) A. Sybase B. Microsoft SQL Server C. IBM Db2 D. MongoDB E. PostgreSQL

Answer: B,E

NO.5 Which AWS service supports the analysis, investigation, and identification of the root cause of security events and suspicious activities in an AWS account?

A. Amazon Inspector B. Amazon Macie C. Amazon Detective D. Amazon CloudWatch

Answer: C

Explanation: Amazon Detective makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Ref : https://aws.amazon.com/it/detective/features/#:~:text=Amazon%20Detective%20makes%20it%20e asy,security%20issues%20or%20suspicious%20activities.

NO.6 A user has been granted permission to change their own IAM user password. Which AWS services can the user use to change the password? (Select TWO.)

A. AWS Command Line Interface (AWS CLI) B. AWS Key Management Service (AWS KMS) C. AWS Management Console D. AWS Resource Access Manager (AWS RAM) E. AWS Secrets Manager

Answer: A,C

NO.7 Which AWS service allows for file sharing between multiple Amazon EC2 instances? A. AWS Direct Connect B. AWS Snowball Edge C. AWS Backup D. Amazon Elastic File System (Amazon EFS)

Answer: D

Explanation: Amazon EFS provides shared file storage for use with compute instances in the AWS Cloud and onpremises servers. Applications that require shared file access can use Amazon EFS for reliable file storage delivering high aggregate throughput to thousands of clients simultaneously.

NO.8 Which AWS service is a relational database compatible with MySQL and PostgreSQL? A. Amazon Redshift B. Amazon DynamoDB C. Amazon Aurora D. Amazon Neptune

Answer: C

NO.9 A company is reviewing the current costs of running its own infrastructure on premises. The company wants to compare these on-premises costs to the costs of running infrastructure in the AWS Cloud. How should the company make this comparison?

A. Review the AWS shared responsibility model. B. Audit existing software and hardware licensing costs. C. Analyze the AWS Well-Architected Framework. D. Use Migration Evaluator.

Answer: D

NO.10 Elasticity in the AWS Cloud refers to which of the following? (Select TWO.)

A. How quickly an Amazon EC2 instance can be restarted B. The ability to right size resources as demand shifts C. The maximum amount of RAM an Amazon EC2 instance can use D. The pay-as-you-go billing model E. How easily resources can be procured when they are needed

Answer: B,E

Explanation: The AWS Well-Architected Framework defines elasticity as: The ability to acquire resources as you need them and release resources when you no longer need them. In the cloud, you want to do this automatically

https://dev.to/aws-builders/what-does-elastic-mean-cloud-concepts-explained-4anb#:~:text=The%20AWS%20Well%2DArchitected%20Framework%20defines%20elasticity%20as%3

NO.11 A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports. Which AWS service or group can provide these documents?

A. AWS Abuse team B. AWS Artifact C. AWS Support D. AWS Config

Answer: B

Explanation:

• Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements * Artifact Reports - Allows you to download AWS security and compliance documents from third-party auditors, like AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports * Artifact Agreements - Allows you to review, accept, and track the status of AWS agreements such as the Business Associate Addendum (BAA) or the Health Insurance Portability and Accountability Act (HIPAA) for an individual account or in your organization * Can be used to support internal audit or compliance

NO.12 A company is running an Amazon EC2 instance in a VPC. Which of the following can the company use to route and filter incoming network requests for the EC2 instance?

A. Route tables and web application firewalls B. Security groups and route tables C. Security groups and a network intrusion system D. Route tables and AWS Shield

Answer: B

NO.13 Which of the following are aspects of the AWS shared responsibility model? (Select TWO.)

A. Configuration management of infrastructure devices is the customer’s responsibility. B. For Amazon S3, AWS operates the infrastructure layer, the operating systems, and the platforms. C. AWS is responsible for protecting the physical cloud infrastructure. D. AWS is responsible for training the customer’s employees on AWS products and services. E. For Amazon EC2, AWS is responsible for maintaining the guest operating system.

Answer: A,C

Explanation:

AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. Customer responsibility “Security in the Cloud” - Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.

NO.14 What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility model?

A. Software licenses B. Networking C. Customer data D. Encryption keys

Answer: C

NO.15 A company wants to improve the overall availability and performance of its applications that are hosted on AWS. Which AWS service should the company use?

A. Amazon Connect B. Amazon Lightsail C. AWS Global Accelerator D. AWS Storage Gateway

Answer: C

NO.16 Which AWS service keeps track of SSL/TLS certificates, creates new certificates, and processes renewals?

A. AWS Identity and Access Management (1AM) B. AWS Certificate Manager (ACM) C. AWS Config D. AWS Trusted Advisor

Answer: B

Explanation:

AWS Certificate Manager helps manage the challenges of maintaining SSL/TLS certificates, including certificate renewals so you don’t have to worry about expiring certificates. Learn more about provisioning, managing, and deploying public and private SSL/TLS certificates.

NO.17 A company has a global website with static content. Which AWS service will deliver the static content with low latency?

A. AWS Lambda B. Amazon CloudFront C. Amazon EC2 Auto Scaling D. AWS Compute Optimizer

Answer: B

NO.18 Which of the following does Amazon CloudFront use to distribute content to users around the world?

A. Amazon VPC B. AWS Local Zones C. Edge locations D. Availability Zones

Answer: C

Explanation:

CloudFront delivers your content through a worldwide network of data centers called edge locations. The regional edge caches are located between your origin web server and the global edge locations that serve content directly to your viewers.

NO.19 Which design principles of the AWS WelI-Architected Framework help increase reliability? (Select TWO.)

A. Automatically recover from failure. B. Enable traceability. C. Scale horizontally to increase workload availability. D. Automate security best practices. E. Keep people away from data.

Answer: A,C

Explanation:

Reliability The Reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. You can find prescriptive guidance on implementation in the Reliability Pillar whitepaper. Design Principles There are five design principles for reliability in the cloud: Automatically recover from failure Test recovery procedures Scale horizontally to increase aggregate workload availability Stop guessing capacity Manage change in automation https://aws.amazon.com/blogs/apn/the-6-pillars-of-the-aws-well-architected-framework/

NO.20 A company that uses AWS needs to transfer 2 TB of data. Which type of transfer of that data would result in no cost for the company?

A. Inbound data transfer from the internet B. Outbound data transfer to the internet C. Data transfer between AWS Regions D. Data transfer between Availability Zones

Answer: B

NO.21 A company uses a database that has a simple sign-up page to create users, and a basic login form to authenticate users so they can access the database. The company wants to give users the ability to store personal information, but user access must be controlled in a more secure and reliable way. Which AWS service or feature will meet these requirements?

A. Security groups B. Amazon GuardDuty C. AWS Secrets Manager D. Amazon Cognito

Answer: D

Explanation: aws.amazon.com/cognito/

NO.22 A company wants to offer direct phone and chat channels for customer service. The company needs a pay-as-you-go solution that remote customer service agents can use to create and manage voice and chat contact flows. Which AWS service will meet these requirements?

A. Amazon EventBridge (Amazon CloudWatch Events) B. Amazon Connect C. Amazon Cognito D. AWS Direct Connect

Answer: B

NO.23 A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption. Which action should the user take?

A. Contact the dedicated AWS technical account manager (TAM). B. Contact the dedicated AWS Concierge Support team. C. Open a business-critical system down support case. D. Open a production system down support case. Answer: C

NO.24 Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?

A. Agility B. Elasticity C. Reliability D. Durability

Answer: B

NO.25 A company wants to accelerate migration from its data center to the AWS Cloud. Which combination of AWS services should the company use to meet this requirement? (Select TWO.)

A. Amazon Connect B. AWS Direct Connect C. AWS Server Migration Service (AWS SMS) D. Amazon Route 53 E. AWS Organizations

Answer: B,C

NO.26 A company has stopped all of its Amazon EC2 instances but monthly billing charges continue to occur. What could be causing this? (Select TWO.) A. Amazon Elastic Block Store (Amazon EBS) storage charges B. Operating system charges C. Hardware charges D. Elastic IP charges E. Input/output (I/O) charges

Answer: A,D

NO.27 Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand?

A. Security B. Reliability C. Performance efficiency D. Cost optimization

Answer: B

NO.28 A company runs a web application on Amazon EC2 instances. The application has consistent usage and is expected to run indefinitely. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A. 1-year All Upfront Reserved Instances B. 1-year No Upfront Reserved Instances C. 3-year All Upfront Reserved Instances D. 3-year No Upfront Reserved Instances

Answer: C

NO.29 A company needs to automatically protect its Amazon EC2 instances from distributed denial of service (DDoS) attacks. Which AWS service or tool will provide this protection?

A. Network access control list (ACL) B. AWS Shield C. Security group D. Amazon GuardDuty

Answer: B

NO.30 Which guidelines are key AWS architectural design principles? (Select TWO.) A. Design for fixed resources. B. Build scalable architectures. C. Use tightly coupled components. D. Use managed services when possible. E. Design for human interaction.

Answer: B,D

Module 14 - Questions

Questions Dump

2019 - Study Guide

2019 Study Guide Questions

The Cloud Questions

1 - Which of the following does not contribute significantly to the operational value of a large cloud provider like AWS?

• A. Multiregional presence
• B. Highly experienced teams of security engineers
• C. Deep experience in the retail sphere
• D. Metered, pay-per-use pricing

Answer: C. Having globally distributed infrastructure and experienced security engineers makes a provider’s infrastructure more reliable. Metered pricing makes a wider range of workloads possible.

2 - Which of the following are signs of a highly available application? (Select TWO.)

• A. A failure in one geographic region will trigger an automatic failover to resources in a different region.
• B. Applications are protected behind multiple layers of security.
• C. Virtualized hypervisor-driven systems are deployed as mandated by company policy.
• D. Spikes in user demand are met through automatically increasing resources.

Answer: A, D. Security and virtualization are both important characteristics of successful cloud workloads, but neither will directly impact availability.

3 - How does the metered payment model make many benefits of cloud computing possible? (Select TWO.)

• A. Greater application security is now possible.
• B. Experiments with multiple configuration options are now cost-effective.
• C. Applications are now highly scalable.
• D. Full-stack applications are possible without the need to invest in capital expenses.

Answer: B, D. Security and scalability are important cloud elements but are not related to metered pricing.

4 - Which of the following are direct benefits of server virtualization? (Select TWO.)

• A. Fast resource provisioning and launching
• B. Efficient (high-density) use of resources
• C. Greater application security
• D. Elastic application designs

Answer: A, B. Security and elasticity are important but are not directly related to server virtualization.

5 - What is a hypervisor?

A. Hardware device used to provide an interface between storage and compute modules B. Hardware device used to provide an interface between networking and compute modules C. Software used to log and monitor virtualized operations D. Software used to administrate virtualized resources run on physical infrastructure

Answer: D. A hypervisor is software (not hardware) that administrates virtualized operations.

6 - Which of the following best describes server virtualization?

• A. “Sharding” data from multiple sources into a single virtual data store
• B. Logically partitioning physical compute and storage devices into multiple smaller virtual devices
• C. Aggregating physical resources spread over multiple physical devices into a single virtual device
• D. Abstracting the complexity of physical infrastructure behind a simple web interface

Answer: B. Sharding, aggregating remote resources, and abstracting complex infrastructure can all be accomplished using virtualization techniques, but they aren’t, of themselves, virtualization.

7 - Which of the following best describes Infrastructure as a Service products?

A. Services that hide infrastructure complexity behind a simple interface B. Services that provide a service to end users through a public network C. Services that give you direct control over underlying compute and storage resources D. Platforms that allow developers to run their code over short periods on cloud servers

Answer: C. PaaS products mask complexity, SaaS products provide end-user services, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

8 - Which of the following best describes Platform as a Service products?

• A. Services that hide infrastructure complexity behind a simple interface
• B. Platforms that allow developers to run their code over short periods on cloud servers
• C. Services that give you direct control over underlying compute and storage resources
• D. Services that provide a service to end users through a public network

Answer: A. IaaS products provide full infrastructure access, SaaS products provide end-user services, and serverless architectures (like AWS Lambda) let developers run code on cloud servers.

9 - Which of the following best describes Software as a Service products?

• A. Services that give you direct control over underlying compute and storage resources
• B. Services that provide a service to end users through a public network
• C. Services that hide infrastructure complexity behind a simple interface
• D. Platforms that allow developers to run their code over short periods on cloud servers

Answer: B. IaaS products provide full infrastructure access, PaaS products mask complexity, and serverless architectures (like AWS Lambda) let developers run code on cloud servers

10 - Which of the following best describes scalability?

• A. The ability of an application to automatically add preconfigured compute resources to meet increasing demand
• B. The ability of an application to increase or decrease compute resources to match changing demand
• C. The ability to more densely pack virtualized resources onto a single physical server
• D. The ability to bill resource usage using a pay-per-user model

Answer: A. Increasing or decreasing compute resources better describes elasticity. Efficient use of virtualized resources and billing models aren’t related directly to scalability.

11 - Which of the following best describes elasticity?

• A. The ability to more densely pack virtualized resources onto a single physical server
• B. The ability to bill resource usage using a pay-per-user model
• C. The ability of an application to increase or decrease compute resources to match changing demand
• D. The ability of an application to automatically add preconfigured compute resources to meet increasing demand

Answer: C. Preconfiguring compute instances before they’re used to scale up an application is an element of scalability rather than elasticity. Efficient use of virtualized resources and billing models aren’t related directly to elasticity.

12 - Which of the following characteristics most help AWS provide such scalable services? (Select TWO.)

• A. The enormous number of servers it operates
• B. The value of its capitalized assets
• C. Its geographic reach
• D. Its highly automated infrastructure administration systems

Answer: A, D. Capitalized assets and geographic reach are important but don’t have a direct impact on operational scalability.

AWS Sample Quiz

1) Why is AWS more economical than traditional data centers for applications with varying compute workloads? A) Amazon EC2 costs are billed on a monthly basis. B) Users retain full administrative access to their Amazon EC2 instances. C) Amazon EC2 instances can be launched on demand when needed. D) Users can permanently run enough instances to handle peak workloads.

Answers 1) C – The ability to launch instances on demand when needed allows users to launch and terminate instances in response to a varying workload. This is a more economical practice than purchasing enough on-premises servers to handle the peak load.

2) Which AWS service would simplify the migration of a database to AWS? A) AWS Storage Gateway B) AWS Database Migration Service (AWS DMS) C) Amazon EC2 D) Amazon AppStream 2.0

2) B – AWS DMS helps users migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. AWS DMS can migrate data to and from most widely used commercial and open-source databases.

3) Which AWS offering enables users to find, buy, and immediately start using software solutions in their AWS environment? A) AWS Config B) AWS OpsWorks C) AWS SDK D) AWS Marketplace

3) D – AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on AWS.

4) Which AWS networking service enables a company to create a virtual network within AWS? A) AWS Config B) Amazon Route 53 C) AWS Direct Connect D) Amazon Virtual Private Cloud (Amazon VPC)

4) D – Amazon VPC lets users provision a logically isolated section of the AWS Cloud where users can launch AWS resources in a virtual network that they define

5) Which of the following is an AWS responsibility under the AWS shared responsibility model? A) Configuring third-party applications B) Maintaining physical hardware C) Securing application access and data D) Managing guest operating systems

5) B – Maintaining physical hardware is an AWS responsibility under the AWS shared responsibility model.

6) Which component of the AWS global infrastructure does Amazon CloudFront use to ensure low-latency delivery? A) AWS Regions B) Edge locations C) Availability Zones D) Virtual Private Cloud (VPC)

6) B – To deliver content to users with lower latency, Amazon CloudFront uses a global network of points of presence (edge locations and regional edge caches) worldwide.

7) How would a system administrator add an additional layer of login security to a user’s AWS Management Console? A) Use Amazon Cloud Directory B) Audit AWS Identity and Access Management (IAM) roles C) Enable multi-factor authentication D) Enable AWS CloudTrail

7) C – Multi-factor authentication (MFA) is a simple best practice that adds an extra layer of protection on top of a username and password. With MFA enabled, when a user signs in to an AWS Management Console, they will be prompted for their username and password (the first factor—what they know), as well as for an authentication code from their MFA device (the second factor—what they have). Taken together, these multiple factors provide increased security for AWS account settings and resources.

8) Which service can identify the user that made the API call when an Amazon EC2 instance is terminated? A) AWS Trusted Advisor B) AWS CloudTrail C) AWS X-Ray D) AWS Identity and Access Management (AWS IAM)

8) B – AWS CloudTrail helps users enable governance, compliance, and operational and risk auditing of their AWS accounts. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Events include actions taken in the AWS Management Console, AWS Command Line Interface (CLI), and AWS SDKs and APIs.

9) Which service would be used to send alerts based on Amazon CloudWatch alarms? A) Amazon Simple Notification Service (Amazon SNS) B) AWS CloudTrail C) AWS Trusted Advisor D) Amazon Route 53

9) A – Amazon SNS and Amazon CloudWatch are integrated so users can collect, view, and analyze metrics for every active SNS. Once users have configured CloudWatch for Amazon SNS, they can gain better insight into the performance of their Amazon SNS topics, push notifications, and SMS deliveries.

10) Where can a user find information about prohibited actions on the AWS infrastructure? A) AWS Trusted Advisor B) AWS Identity and Access Management (IAM) C) AWS Billing Console D) AWS Acceptable Use Policy

10) D – The AWS Acceptable Use Policy provides information regarding prohibited actions on the AWS infrastructure.

Skillbuilder Questions

Skillbuilder

Module 1 Quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations to reinforce your understanding of the concepts.

What is cloud computing?

1. Backing up files that are stored on desktop and mobile devices to prevent data loss
2. Deploying applications connected to on-premises infrastructure
3. Running code without needing to manage or provision servers
4. On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

A: 4

Explanation:

The correct response option is On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing.

The other response options are incorrect because:

• It is possible to back up files to the cloud, but this response option does not describe cloud computing as a whole.
• Deploying applications connected to on-premises infrastructure is a sample use case for a hybrid cloud deployment. Remember that cloud computing also has cloud and on-premises (or private cloud) deployment models.
• AWS Lambda is an AWS service that lets you run code without needing to manage or provision servers. This description does not describe cloud computing as a whole. AWS Lambda is explained in greater detail later in the course.

What is another name for on-premises deployment?

1. Private cloud deployment
2. Cloud-based application
3. Hybrid deployment
4. AWS Cloud

A: 1

Explanation:

The correct response option is Private cloud deployment.

The other response options are incorrect because:

• Cloud-based applications are fully deployed in the cloud and do not have any parts that run on premises.
• A hybrid deployment connects infrastructure and applications between cloud-based resources and existing resources that are not in the cloud, such as on-premises resources. However, a hybrid deployment is not equivalent to an on-premises deployment because it involves resources that are located in the cloud.
• The AWS Cloud offers three cloud deployment models: cloud, hybrid, and on-premises. This response option is incorrect because the AWS Cloud is not equivalent to only an on-premises deployment.

How does the scale of cloud computing help you to save costs?

1. You do not have to invest in technology resources before using them.
2. The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.
3. Accessing services on-demand helps to prevent excess or limited capacity.
4. You can quickly deploy applications to customers and provide them with low latency.

A: 2

Explanation:

The correct response option is The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

This answer describes how customers can benefit from massive economies of scale in cloud computing.

The other response options are incorrect because:

• Not having to invest in technology resources before using them relates to Trade upfront expense for variable expense.
• Accessing services on-demand to prevent excess or limited capacity relates to Stop guessing capacity.
• Quickly deploying applications to customers and providing them with low latency relates to Go global in minutes.

Module 2 Quiz

Module 2 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

1 You want to use an Amazon EC2 instance for a batch processing workload. What would be the best Amazon EC2 instance type to use?

General purpose

Memory optimized

Compute optimized

Storage optimized

Answer: C: The correct response option is Compute optimized.

The other response options are incorrect because:

General purpose instances provide a balance of compute, memory, and networking resources. This instance family would not be the best choice for the application in this scenario. Compute optimized instances are more well suited for batch processing workloads than general purpose instances.
Memory optimized instances are more ideal for workloads that process large datasets in memory, such as high-performance databases.
Storage optimized instances are designed for workloads that require high, sequential read and write access to large datasets on local storage. The question does not specify the size of data that will be processed. Batch processing involves processing data in groups. A compute optimized instance is ideal for this type of workload, which would benefit from a high-performance processor.

Learn more:

(Amazon EC2 instance types)[https://aws.amazon.com/pt/ec2/instance-types/]

2 - What are the contract length options for Amazon EC2 Reserved Instances? (Select TWO.)

1 year 2 years 3 years 4 years 5 years

The two correct response options are:

1 year
3 years

Reserved Instances require a commitment of either 1 year or 3 years. The 3-year option offers a larger discount.

Learn more:

(Amazon EC2 Reserved Instances)[https://aws.amazon.com/ec2/pricing/reserved-instances/]

3 - You have a workload that will run for a total of 6 months and can withstand interruptions. What would be the most cost-efficient Amazon EC2 purchasing option?

Reserved Instance

Spot Instance

Dedicated Instance

On-Demand Instance

The correct response option is Spot Instance.

The other response options are incorrect because:

Reserved Instances require a contract length of either 1 year or 3 years. The workload in this scenario will only be running for 6 months.
Dedicated Instances run in a virtual private cloud (VPC) on hardware that is dedicated to a single customer. They have a higher cost than the other response options, which run on shared hardware.
On-Demand Instances fulfill the requirements of running for only 6 months and withstanding interruptions. However, a Spot Instance would be the best choice because it does not require a minimum contract length, is able to withstand interruptions, and costs less than an On-Demand Instance.

Learn more:

(Amazon EC2 pricing)[https://aws.amazon.com/ec2/pricing/]

4 - Which process is an example of Elastic Load Balancing?

Ensuring that no single Amazon EC2 instance has to carry the full workload on its own

Removing unneeded Amazon EC2 instances when demand is low

Adding a second Amazon EC2 instance during an online store’s popular sale

Automatically adjusting the number of Amazon EC2 instances to meet demand

The correct response option is Ensuring that no single Amazon EC2 instance has to carry the full workload on its own.

Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.

The other response options are all examples of Auto Scaling.

Learn more:

(Elastic Load Balancing)[https://aws.amazon.com/elasticloadbalancing]
(Amazon EC2 Auto Scaling)[https://aws.amazon.com/ec2/autoscaling]

5 - You want to deploy and manage containerized applications. Which service should you use?

AWS Lambda

Amazon Simple Notification Service (Amazon SNS)

Amazon Simple Queue Service (Amazon SQS)

Amazon Elastic Kubernetes Service (Amazon EKS)

The correct response option is Amazon Elastic Kubernetes Service (Amazon EKS).

Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

The other response options are incorrect because:

AWS Lambda is a service that lets you run code without provisioning or managing servers.
Amazon Simple Queue Service (Amazon SQS) is a service that enables you to send, store, and receive messages between software components through a queue.
Amazon Simple Notification Service (Amazon SNS) is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.

Learn more:

(Amazon EKS)[https://aws.amazon.com/eks]

Module 3 Quiz

Module 3 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which statement is TRUE for the AWS global infrastructure?

A Region consists of a single Availability Zone.

An Availability Zone consists of two or more Regions.

A Region consists of two or more Availability Zones.

An Availability Zone consists of a single Region.

Incorrect

The correct response option is A Region consists of two or more Availability Zones.

For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.

Learn more:

AWS global infrastructure
Regions and Availability Zones

Which factors should be considered when selecting a Region? (Select TWO.)

Compliance with data governance and legal requirements

Proximity to your customers

Access to 24/7 technical support

Ability to assign custom permissions to different users

Access to the AWS Command Line Interface (AWS CLI)

Incorrect

The correct two response options are:

Compliance with data governance and legal requirements
Proximity to your customers

Two other factors to consider when selecting a Region are pricing and the services that are available in a Region.

The other response options are incorrect because:

The level of support that you choose is not determined by Region. AWS Support plans are explored later in this course.
Assigning custom permissions to different users is a feature that is possible in all AWS Regions.
The AWS Command Line Interface (AWS CLI) is available in all AWS Regions.

Learn more:

Choosing Regions and Availability Zones

Which statement best describes Amazon CloudFront?

A service that enables you to run infrastructure in a hybrid cloud approach

A serverless compute engine for containers

A service that enables you to send and receive messages between software components through a queue

A global content delivery service

Incorrect

The correct response option is A global content delivery service.

Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

The other response options are incorrect because:

AWS Outposts is a service that enables you to run infrastructure in a hybrid cloud approach.
AWS Fargate is a serverless compute engine for containers.
Amazon Simple Queue Service (Amazon SQS) is a service that enables you to send, store, and receive messages between software components through a queue.

Learn more:

Amazon CloudFront

Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location?

Region

Availability Zone

Edge location

Origin

Incorrect

The correct response option is Edge location.

The other response options are incorrect because:

A Region is a separate geographical location with multiple locations that are isolated from each other.
An Availability Zone is a fully isolated portion of the AWS global infrastructure.
An origin is the server from which CloudFront gets your files. Examples of CloudFront origins include Amazon Simple Storage Service (Amazon S3) buckets and web servers. Note: Amazon S3 is explored later in this course.

Learn more:

Amazon CloudFront infrastructure

Which action can you perform with AWS Outposts?

Automate actions for AWS services and applications through scripts.

Access wizards and automated workflows to perform tasks in AWS services.

Develop AWS applications in supported programming languages.

Extend AWS infrastructure and services to your on-premises data center.

Module 4 Quiz

Module 4 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?

Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.

Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.

Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.

Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.

Incorrect

The correct response option is Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.

A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.

Public subnets contain resources that need to be accessible by the public, such as an online store’s website.

Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

Learn more:

Amazon VPC
VPCs and subnets

Which component can be used to establish a private dedicated connection between your company’s data center and AWS?

Private subnet

DNS

AWS Direct Connect

Virtual private gateway

Incorrect

The correct response option is AWS Direct Connect.

The other response options are incorrect because:

A private subnet is a section of a VPC in which you can group resources that should be accessed only through your private network. Although it is private, it is not used for establishing a connection between a data center and AWS.
DNS stands for Domain Name System, which is a directory used for matching domain names to IP addresses.
A virtual private gateway enables you to create a VPN connection between your VPC and a private network, such as your company’s data center. Although this connection is private and encrypted, it travels through the public internet, not through a dedicated connection.

Learn more:

AWS Direct Connect

Which statement best describes security groups?

They are stateful and deny all inbound traffic by default.

They are stateful and allow all inbound traffic by default.

They are stateless and deny all inbound traffic by default.

They are stateless and allow all inbound traffic by default.

Incorrect

The correct response option is Security groups are stateful and deny all inbound traffic by default.

Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.

By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

Learn more:

Security groups for your VPC

Which component is used to connect a VPC to the internet?

Public subnet

Edge location

Security group

Internet gateway

Incorrect

The correct response option is Internet gateway.

The other response options are incorrect because:

A public subnet is a section of a VPC that contains public-facing resources.
An edge location is a site that Amazon CloudFront uses to store cached copies of your content for faster delivery to customers.
A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

Learn more:

Internet gateways

Which service is used to manage the DNS records for domain names?

Amazon Virtual Private Cloud

AWS Direct Connect

Amazon CloudFront

Amazon Route 53

Module 5 Quiz

Module 5 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which Amazon S3 storage classes are optimized for archival data? (Select TWO.)

Amazon S3 Standard

Amazon S3 Glacier Flexible Retrieval

Amazon S3 Intelligent-Tiering

Amazon S3 Standard-IA

Amazon S3 Glacier Deep Archive

Incorrect

The correct two response options are:

Amazon S3 Glacier Flexible Retrieval
Amazon S3 Glacier Deep Archive

Objects stored in the Amazon S3 Glacier Flexible Retrieval storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the Amazon S3 Glacier Deep Archive storage class can be retrieved within 12 hours.

The other response options are incorrect because:

Amazon S3 Standard is a storage class that is ideal for frequently accessed data, not archival data.
Amazon S3 Intelligent-Tiering monitors access patterns of objects and automatically moves them between the Amazon S3 Standard and Amazon S3 Standard-IA storage classes. It is not designed for archival data.
Amazon S3 Standard-IA is ideal for data that is infrequently accessed but requires high availability when needed.

Learn more:

Amazon S3 storage classes

Which statement or statements are TRUE about Amazon EBS volumes and Amazon EFS file systems?

EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.

EBS volumes store data across multiple Availability Zones. Amazon EFS file systems store data within a single Availability Zone.

EBS volumes and Amazon EFS file systems both store data within a single Availability Zone.

EBS volumes and Amazon EFS file systems both store data across multiple Availability Zones.

Incorrect

The correct response option is: EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.

An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached.

Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.

Learn more:

Amazon EBS volumes
Amazon EFS: How it works

You want to store data in an object storage service. Which AWS service is best for this type of storage?

Amazon Managed Blockchain

Amazon Elastic File System (Amazon EFS)

Amazon Elastic Block Store (Amazon EBS)

Amazon Simple Storage Service (Amazon S3)

Incorrect

The correct response option is Amazon Simple Storage Service (Amazon S3).

The other response options are incorrect because:

Amazon Managed Blockchain is a service that you can use to create and manage blockchain networks with open-source frameworks. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.
Amazon Elastic File System (Amazon EFS) is a scalable file system used with AWS Cloud services and on-premises resources. It does not store data as object storage.
Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes that you can use with Amazon EC2 instances.

Learn more:

Amazon S3
What is cloud object storage?

Which statement best describes Amazon DynamoDB?

A service that enables you to run relational databases in the AWS Cloud

A serverless key-value database service

A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores

An enterprise-class relational database

Incorrect

The correct response option is A serverless key-value database service.

Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.

The other response options are incorrect because:

A service that enables you to run relational databases in the AWS Cloud describes Amazon Relational Database Service (Amazon RDS).
A service that you can use to migrate relational databases, nonrelational databases, and other types of data stores describes AWS Database Migration Service (AWS DMS).
An enterprise-class relational database describes Amazon Aurora.

Learn more:

Amazon DynamoDB

Which service is used to query and analyze data across a data warehouse?

Amazon Redshift

Amazon Neptune

Amazon DocumentDB

Amazon ElastiCache

Incorrect

The correct response option is Amazon Redshift.

Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

The other response options are incorrect because:

Amazon Neptune is a graph database service. You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
Amazon DocumentDB is a document database service that supports MongoDB workloads.
Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.

Learn more:

Amazon Redshift

The next module examines security in the AWS Cloud.

Module 6 Quiz

Module 6 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which statement best describes an IAM policy?

An authentication process that provides an extra layer of protection for your AWS account

A document that grants or denies permissions to AWS services and resources

An identity that you can assume to gain temporary access to permissions

The identity that is established when you first create an AWS account

Incorrect

The correct response option is: A document that grants or denies permissions to AWS services and resources.

IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.

The other response options are incorrect because:

Multi-factor authentication (MFA) is an authentication process that provides an extra layer of protection for your AWS account.
An IAM role is an identity that you can assume to gain temporary access to permissions.
The root user identity is the identity that is established when you first create an AWS account.

Learn more:

AWS IAM: Policies and permissions

An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?

AWS account root user

IAM group

IAM role

Service control policy (SCP)

Incorrect

The correct answer is IAM role.

An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.

The other response options are incorrect because:

The AWS account root user is established when you first create an AWS account. As a best practice, do not use the root user for everyday tasks.
Although you can attach IAM policies to an IAM group, this would not be the best choice for this scenario because the employee only needs to be granted temporary permissions.
Service control policies (SCPs) enable you to centrally control permissions for the accounts in your organization. An SCP is not the best choice for granting temporary permissions to an individual employee.

Learn more:

IAM roles

Which statement best describes the principle of least privilege?

Adding an IAM user into at least one IAM group

Checking a packet’s permissions against an access control list

Granting only the permissions that are needed to perform specific tasks

Performing a denial of service attack that originates from at least one device

Incorrect

The correct response option is: Granting only the permissions that are needed to perform specific job tasks.

When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.

Learn more:

Security best practices in IAM

Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?

Amazon GuardDuty

Amazon Inspector

AWS Artifact

AWS Shield

Incorrect

The correct response option is AWS Shield.

As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.

The other response options are incorrect because:

Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
Amazon Inspector checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.
AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements.

Learn more:

AWS Shield

Which task can AWS Key Management Service (AWS KMS) perform?

Configure multi-factor authentication (MFA).

Update the AWS account root user password.

Create cryptographic keys.

Assign permissions to users and groups.

Incorrect

The correct response option is: Create cryptographic keys.

AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

The other response options are incorrect because:

You can configure multi-factor authentication (MFA) in AWS Identity and Access Management (IAM).
You can update the AWS account root user password in the AWS Management Console.
You can assign permissions to users and groups in AWS Identity and Access Management (IAM).

Learn more:

AWS KMS

The next module explores AWS tools for monitoring and analytics.

Module 7 Quiz

Module 7 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which actions can you perform using Amazon CloudWatch? (Select TWO.)

Monitor your resources’ utilization and performance

Receive real-time guidance for improving your AWS environment

Compare your infrastructure to AWS best practices in five categories

Access metrics from a single dashboard

Automatically detect unusual account activity

Incorrect

The two correct response options are:

Monitor your resources’ utilization and performance
Access metrics from a single dashboard

The other response options are incorrect because:

Receiving real-time recommendations for improving your AWS environment can be performed by AWS Trusted Advisor.
Comparing your infrastructure to AWS best practices in five categories can be performed by AWS Trusted Advisor.
Automatically detecting unusual account activity can be performed by AWS CloudTrail.

Learn more:

Amazon CloudWatch

Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?

Amazon CloudWatch

AWS CloudTrail

AWS Trusted Advisor

Amazon GuardDuty

Incorrect

The correct response option is AWS Trusted Advisor.

AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.

The other response options are incorrect because:

Amazon CloudWatch is a web service that enables you to monitor and manage various metrics for the resources that run your applications.
AWS CloudTrail is a web service that enables you to review details for user activities and API calls that have occurred within your AWS environment.
Amazon GuardDuty is a service that provides intelligent threat detection for your AWS environment and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

Learn more:

AWS Trusted Advisor

Which categories are included in the AWS Trusted Advisor dashboard? (Select TWO.)

Reliability

Performance

Scalability

Elasticity

Fault tolerance

Incorrect

The two correct response options are:

Performance
Fault tolerance

AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.

Learn more:

AWS Trusted Advisor

The next module examines AWS pricing and support.

Module 8 Quiz

Module 8 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which action can you perform with consolidated billing?

Review how much cost your predicted AWS usage will incur by the end of the month.

Create an estimate for the cost of your use cases on AWS.

Combine usage across accounts to receive volume pricing discounts.

Visualize and manage your AWS costs and usage over time.

Incorrect

The correct response option is: Combine usage across accounts to receive volume pricing discounts.

The other response options are incorrect because:

Review how much cost your predicted AWS usage will incur by the end of the month - You can perform this action in AWS Budgets.
Create an estimate for the cost of your use cases on AWS - You can perform this action in AWS Pricing Calculator.
Visualize and manage your AWS costs and usage over time - You can perform this action in AWS Cost Explorer.

Learn more:

Consolidated billing for AWS Organizations

Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time?

AWS Pricing Calculator

AWS Budgets

AWS Cost Explorer

AWS Free Tier

Incorrect

The correct response option is AWS Cost Explorer.

AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

The other response options are incorrect because:

AWS Pricing Calculator enables you to create an estimate for the cost of your use cases on AWS.
AWS Budgets enables you to create budgets to plan your service usage, service costs, and instance reservations. In AWS Budgets, you can also set custom alerts when your usage exceeds (or is forecasted to exceed) the budgeted amount.
The AWS Free Tier is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.

Learn more:

AWS Cost Explorer

Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined?

Billing dashboard in the AWS Management Console

AWS Budgets

AWS Free Tier

AWS Cost Explorer

Incorrect

The correct response option is AWS Budgets.

In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.

Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.

The other response options are incorrect because:

From the billing dashboard in the AWS Management Console, you can view details on your AWS bill, such as service costs by Region, month to date spend, and more. However, you cannot set alerts from the billing dashboard.
The AWS Free Tier is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.
AWS Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time.

Learn more:

AWS Budgets

Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose?

Developer

Enterprise

Basic

Business

Incorrect

The correct response option is Enterprise.

A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Learn more:

Compare AWS Support plans

Which service or resource is used to find third-party software that runs on AWS?

AWS Marketplace

AWS Free Tier

AWS Support

Billing dashboard in the AWS Management Console

Incorrect

The correct response option is AWS Marketplace.

AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

The other response options are incorrect because:

The AWS Free Tier consists of offers that allow customers to use AWS services without incurring costs. These offers are related to AWS services, not third-party software that can be used on AWS.
AWS Support is a resource that can answer questions about best practices, assist with troubleshooting issues, help you to identify ways to optimize your use of AWS services, and so on.
You can use the billing dashboard in the AWS Management Console to view details such as service costs by Region, the top services being used by your account, and forecasted billing costs. From the billing dashboard, you can also access other AWS billing tools, such as AWS Cost Explorer, AWS Budgets, and AWS Budgets Reports.

Learn more:

AWS Marketplace

The next module examines migration and innovation in the AWS Cloud.

Module 9 Quiz

Module 9 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which Perspective of the AWS Cloud Adoption Framework helps you structure the selection and implementation of permissions?

Governance Perspective

Security Perspective

Operations Perspective

Business Perspective

Incorrect

The correct response option is Security Perspective.

The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas on non-compliance and plan ongoing security initiatives.

The other response options are incorrect because:

The Governance Perspective helps you to identify and implement best practices for IT governance and support business processes with technology.
The Operations Perspective focuses on operating and recovering IT workloads to meet the requirements of your business stakeholders.
The Business Perspective helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.

Learn more:

Whitepaper: An Overview of the AWS Cloud Adoption Framework

Which strategies are included in the six strategies for application migration? (Select TWO.)

Revisiting

Retaining

Remembering

Redeveloping

Rehosting

Incorrect

The two correct response options are:

Retaining
Rehosting

The application migration strategies are rehosting, replatforming, refactoring/re-architecting, repurchasing, retaining, and retiring.

Learn more:

6 Strategies for Migrating Applications to the Cloud

What is the storage capacity of AWS Snowmobile?

40 PB

60 PB

80 PB

100 PB

Incorrect

The correct response option is 100 PB.

AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi trailer truck.

Learn more:

AWS Snow Family

Which statement best describes Amazon Lex?

A service that enables you to build conversational interfaces using voice and text

A machine learning service that automatically extracts text and data from scanned documents

A document database service that supports MongoDB workloads

A service that enables you to identify potentially fraudulent online activities

Incorrect

The correct response option is Amazon Lex.

In Amazon Lex, you can quickly build, test, and deploy conversational chatbots to use in your applications.

The other response options are incorrect because:

A machine learning service that automatically extracts text and data from scanned document describes Amazon Textract.
A document database service that supports MongoDB workloads describes Amazon DocumentDB.
A service that enables you to identify potentially fraudulent online activities describes Amazon Fraud Detector.

Learn more:

Amazon Lex

The next module explores the AWS Well-Architected Framework and benefits of the AWS Cloud.

Module 10 Quiz

Module 10 quiz

Test your knowledge of some of the key concepts from this module by answering the questions in this quiz.

After answering each question, review the detailed answer explanations and external links to reinforce your understanding of the concepts.

Which pillar of the AWS Well-Architected Framework includes the ability to run workloads effectively and gain insights into their operations?

Cost Optimization

Operational Excellence

Performance Efficiency

Reliability

Incorrect

The correct response option is Operational Excellence.

The other response options are incorrect because:

The Cost Optimization pillar focuses on the ability to run systems to deliver business value at the lowest price point.
The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions.

Learn more:

AWS Well-Architected Framework

What are the benefits of cloud computing? (Select TWO.)

Increase speed and agility.

Benefit from smaller economies of scale.

Trade variable expense for upfront expense.

Maintain infrastructure capacity.

Stop spending money running and maintaining data centers.

Incorrect

The two correct response options are:

Increase speed and agility.
Stop spending money running and maintaining data centers.

The six advantages of cloud computing are:

Trade upfront expense for variable expense.
Benefit from massive economies of scale.
Stop guessing capacity.
Increase speed and agility.
Stop spending money running and maintaining data centers.
Go global in minutes.

Learn more:

Six advantages of cloud computing

The next module provides an overview of the AWS Certified Cloud Practitioner exam.

Module 11 Quiz

Intro: Exam details

Exam domains

The AWS Certified Cloud Practitioner exam includes four domains:

1

1

Cloud Concepts
2

2

Security and Compliance
3

3

Technology
4

4

Billing and Pricing

The areas covered describe each domain in the Exam Guide for the AWS Certified Cloud Practitioner certification. For a description of each domain, review the AWS Certified Cloud Practitioner website. You are encouraged to read the information in the Exam Guide as part of your preparation for the exam.

Each domain in the exam is weighted. The weight represents the percentage of questions in the exam that correspond to that particular domain. These are approximations, so the questions on your exam may not match these percentages exactly. The exam does not indicate the domain associated with a question. In fact, some questions can potentially fall under multiple domains. Domain Percentage of exam Domain 1: Cloud Concepts 26% Domain 2: Security and Compliance 25% Domain 3: Technology 33% Domain 4: Billing and Pricing 16% Total 100%

You are encouraged to use these benchmarks to help you determine how to allocate your time studying for the exam.

Recommended experience

Candidates for the AWS Certified Cloud Practitioner exam should have a basic understanding of IT services and their uses in the AWS Cloud platform.

We recommend that you have at least six months of experience with the AWS Cloud in any role, including project managers, IT managers, sales managers, decision makers, and marketers. These roles are in addition to those working in finance, procurement, and legal departments.

Exam details

The AWS Certified Cloud Practitioner exam consists of 65 questions to be completed in 90 minutes. The minimum passing score is 70%.

Two types of questions are included on the exam: multiple choice and multiple response.

A multiple-choice question has one correct response and three incorrect responses, or distractors.
A multiple-response question has two or more correct responses out of five or more options.

On the exam, there is no penalty for guessing. Any questions that you do not answer are scored as incorrect. If you are not sure of what the correct answer is, it’s always best for you to guess instead of leaving any questions unanswered.

The exam enables you to flag any questions that you’d like to review before submitting the exam. This helps you to use your time during the exam efficiently, knowing that you can always go back and review any questions that you were initially unsure of.

Whitepapers and resources

As part of your preparation for the AWS Certified Cloud Practitioner exam, we recommend that you review the following whitepapers and resources:

Overview of Amazon Web Services - https://d1.awsstatic.com/whitepapers/aws-overview.pdf
How AWS Pricing Works - http://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf
Compare AWS Support Plans - https://aws.amazon.com/premiumsupport/plans/

Exam Strategies

This section explores several strategies that can help you to increase the probability of passing the exam.

To learn more, select the + symbol next to each strategy.

• Read the full question

First, make sure that you read each question in full. Key words or phrases in the question that, if left unread, could result in you selecting an incorrect response option.

• Predit the answer before reviewing the reponse options.

Next, try to predict the correct answer before looking at any of the response options.

This strategy helps you to draw directly from your knowledge and skills without distraction from incorrect response options. If your prediction turns out to be one of the response options, this can be helpful for knowing whether you’re on the right track. However, make sure that you review all the other response options for that question.

• Eliminate incorrect reponse options.

Before selecting your response to a question, eliminate any options that you believe to be incorrect.

This strategy helps you to focus on the correct option (or options, for multiple-response questions) and ensure that you have fulfilled all the requirements of the question.

Sample questions

The following two questions help you become familiar with the differences between multiple-choice and multiple-response questions.

Multiple choice

AWS Certified Cloud Practitioner exam results are reported as a score from 100–1,000. What is the minimum passing score?

650

700 *

850

900

The correct response option is 700.

Key words and phrases that you might have identified in this question include minimum and AWS Certified Cloud Practitioner.

Multiple response

Which domains are included on the AWS Certified Cloud Practitioner exam? (Select TWO.)

Strategy: Think back to the exam domains that were reviewed earlier in this module. Based on the domains that you recall learning about, which response options do you think that you can eliminate as incorrect?

Security and Compliance *

Automation and Optimization

Monitoring and Reporting

Billing and Pricing *

Deployment and Provisioning

The two correct response options are:

Security and Compliance
Billing and Pricing

Key words and phrases that you might have identified in this question include domains and AWS Certified Cloud Practitioner.

The other three response options are domains that are included on the AWS Certified SysOps Administrator – Associate exam.

As you continue to prepare for the AWS Certified Cloud Practitioner exam, review the sample exam questions and detailed answer explanations.

Module 12 Quiz

Final assessment

Test your knowledge of some of the key concepts from this course by answering the questions in the final assessment.

After answering each question, review the detailed answer explanations and external links to learn more.

Question 01/30

Which component or service enables you to establish a dedicated private connection between your data center and virtual private cloud (VPC)?

Virtual private gateway

Amazon CloudFront

Internet gateway

AWS Direct Connect (*)

Question 02/30

You want to store data in a key-value database. Which service should you use?

Amazon DynamoDB (*)

Amazon Aurora

Amazon DocumentDB

Amazon RDS

Correct

The correct response option is Amazon DynamoDB.

Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”.

In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.

The other response options are incorrect because:

Amazon Relational Database Service (Amazon RDS) and Amazon Aurora use structured query language (SQL) to store and query data. They are not key-value databases.
Amazon DocumentDB is a document database service that supports MongoDB workloads.

Learn more:

Amazon DynamoDB

Question 03/30

Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of your business stakeholders?

Business Perspective

Operations Perspective *

Governance Perspective

People Perspective

The correct response option is Operations Perspective.

The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.

The other response options are incorrect because:

The Business Perspective helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.
The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
The Governance Perspective helps you understand how to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.

Learn more:

Whitepaper: An Overview of the AWS Cloud Adoption Framework - https://d1.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf

Question 04/30

You are running an Amazon EC2 instance and want to store data in an attached resource. Your data is temporary and will not be kept long term. Which resource should you use?

Instance store *

Amazon Elastic Block Store (Amazon EBS) volume

Amazon S3 bucket

Subnet

The correct response option is instance store.

Instance stores are ideal for temporary data that does not need to be kept long term.

When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

The other response options are incorrect because:

Amazon EBS volumes are ideal for data that needs to be retained. When an Amazon EC2 instance is stopped or terminated, all of the data on the attached EBS volume is still available.
Amazon S3 buckets cannot be attached to Amazon EC2 instances.
A subnet is a section of a virtual private cloud (VPC) in which you can group resources based on security or operational needs.

Learn more:

Amazon EC2 instance store - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Question 05/30

Which service enables you to review details for user activities and API calls that have occurred within your AWS environment?

AWS Trusted Advisor

Amazon CloudWatch

Amazon Inspector

AWS CloudTrail *

The correct response option is AWS CloudTrail.

With CloudTrail, you can view a complete history of user activity and API calls for your applications and resources.

Events are typically updated in CloudTrail within 15 minutes after an API call was made. You can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.

The other response options are incorrect because:

Amazon CloudWatch is a service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes.
Amazon Inspector is a service that checks applications for security vulnerabilities and deviations from security best practices.
AWS Trusted Advisor is an online tool that inspects your AWS environment and provides real-time guidance in accordance with AWS best practices.

Learn more:

AWS CloudTrail - https://aws.amazon.com/cloudtrail

Question 06/30

Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.)

Business *

Developer

AWS Free Tier

Basic

Enterprise *

The two correct response options are:

Enterprise
Business

The other response options are incorrect because:

The Basic and Developer Support plans provide access to a limited selection of AWS Trusted Advisor checks.
The AWS Free Tier is not a Support plan. It is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.

Learn more:

AWS Trusted Advisor - https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

07/30

Which service is used to transfer up to 100 PB of data to AWS?

Amazon CloudFront

AWS Snowmobile *

AWS DeepRacer

Amazon Neptune

The correct response option is AWS Snowmobile.

AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck.

The other response options are incorrect because:

Amazon Neptune is a graph database service. You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
Amazon CloudFront is a content delivery service.
AWS DeepRacer is an autonomous 1/18 scale race car that you can use to test reinforcement learning models.

Learn more:

AWS Snow Family - https://aws.amazon.com/snow

Which service is used to quickly deploy and scale applications on AWS?

AWS Elastic Beanstalk *

AWS Snowball

AWS Outposts

Amazon CloudFront

The correct response option is AWS Elastic Beanstalk.

You upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

The other response options are incorrect because:

AWS Outposts is a service that enables you to run infrastructure in a hybrid cloud approach.
Amazon CloudFront is a content delivery service. 
AWS Snowball is a device that enables you to transfer large amounts of data into and out of AWS.

Learn more:

AWS Quick Starts - https://aws.amazon.com/quickstart

Question 09/30

Which statement best describes an Availability Zone?

A fully isolated portion of the AWS global infrastructure *

A separate geographical location with multiple locations that are isolated from each other

A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location

The server from which Amazon CloudFront gets your files

The correct response option is A fully isolated portion of the AWS global infrastructure.

An Availability Zone is a single data center or a group of data centers within a Region.

Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

The other response options are incorrect because:

A separate geographical location with multiple locations that are isolated from each other - This response option describes a Region.
The server from which Amazon CloudFront gets your files - This response option describes an origin.
A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location - This response option describes an Edge location.

Learn more:

AWS global infrastructure - https://aws.amazon.com/about-aws/global-infrastructure
Regions and Availability Zones - https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

10/30

Which statement best describes Elastic Load Balancing?

A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances *

A service that monitors your applications and automatically adds or removes capacity from your resource groups in response to changing demand

A service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes

A service that enables you to set up, manage, and scale a distributed in-memory or cache environment in the cloud

The correct response option is A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances.

A load balancer acts as a single point of contact for all incoming web traffic to your Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.

The other response options are incorrect because:

A service that monitors your applications and automatically adds or removes capacity from your resource groups in response to changing demand - This response option describes AWS Auto Scaling.
A service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes - This response option describes Amazon CloudWatch. Although Elastic Load Balancing does optimize resource utilization by distributing incoming traffic across available resources, this would not be the best response option because Elastic Load Balancing does not provide all the other listed features.
A service that enables you to set up, manage, and scale a distributed in-memory or cache environment in the cloud - This response option describes Amazon ElastiCache.

Learn more:

Elastic Load Balancing - https://aws.amazon.com/elasticloadbalancing

Question 11/30

You want to send and receive messages between distributed application components. Which service should you use?

Amazon Simple Queue Service (Amazon SQS) *

Amazon ElastiCache

Amazon Route 53

AWS Snowball

The correct response option is Amazon Simple Queue Service (Amazon SQS).

Amazon SQS is a message queuing service. Using Amazon SQS, you can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.

In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

The other response options are incorrect because:

AWS Snowball is a device that enables you to transfer large amounts of data into and out of AWS.
Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.
Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS. Additionally, you can transfer DNS records for existing domain names that are currently managed by other domain registrars or register new domain names directly in Amazon Route 53.

Learn more:

Amazon SQS - https://aws.amazon.com/sqs

Question 12/30

Which actions can you perform in Amazon Route 53? (Select TWO.)

Monitor your applications and respond to system-wide performance changes.

Connect user requests to infrastructure in AWS and outside of AWS. *

Automate the deployment of workloads into your AWS environment.

Manage DNS records for domain names. *

Access AWS security and compliance reports and select online agreements.

The correct two response options are:

Connect user requests to infrastructure in AWS and outside of AWS.
Manage DNS records for domain names. 

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS.

Additionally, you can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.

The other response options are incorrect because:

Monitor your applications and respond to system-wide performance changes - These actions can be performed in Amazon CloudWatch.
Access AWS security and compliance reports and special online agreements - This action can be performed in AWS Artifact.
Automate the deployment of workloads into your AWS environment - This action can be performed with AWS Quick Starts.

Learn more:

Amazon Route 53 - https://aws.amazon.com/route53

Question 13/30

Which compute option reduces costs when you commit to a consistent amount of compute usage for a 1-year or 3-year term?

Dedicated Hosts

Reserved Instances

Savings Plans *

Spot Instances

The correct response option is Savings Plans.

Amazon EC2 Savings Plans enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates.

The other response options are incorrect because:

Reserved Instances are a billing discount that is applied to the use of On-Demand Instances in your account. You can purchase Standard Reserved and Convertible Reserved Instances for a one-year or three-year term, and Scheduled Reserved Instances for a one-year term. Unlike Savings Plans, Reserved Instances do not require you to commit to a consistent amount of compute usage over the duration of the contract.
Spot Instances are ideal for workloads with flexible start and end times or that can withstand interruptions. Spot Instances leverage unused EC2 computing capacity and offer you cost savings at up to 90% of On-Demand Instance prices.
Dedicated Hosts are physical servers with EC2 instance capacity that is fully dedicated to your use. 

You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance. You can purchase On-Demand Dedicated Hosts or Reserved Dedicated Hosts. Of all the Amazon EC2 options that were covered in this course, Dedicated Hosts are the most expensive.

Learn more:

Savings Plans - https://aws.amazon.com/savingsplans/

Question 14/30

Which tasks are the responsibilities of AWS? (Select TWO.)

Training company employees on how to use AWS services

Configuring AWS infrastructure devices *

Configuring security groups on Amazon EC2 instances

Creating IAM users and groups

Maintaining virtualization infrastructure *

The two correct response options are:

Maintaining virtualization infrastructure
Configuring AWS infrastructure devices 

The other three response options are tasks that are the responsibilities of customers.

Learn more:

AWS shared responsibility model - https://aws.amazon.com/compliance/shared-responsibility-model/

Question 15/30

Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features?

Replatforming

Refactoring *

Repurchasing

Rehosting

The correct response option is Refactoring.

The other response options are incorrect because:

Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.
Rehosting involves moving an application to the cloud with little to no modifications to the application itself. It is also known as “lift and shift.”
Replatforming involves selectively optimizing aspects of an application to achieve benefits in the cloud without changing the core architecture of the application. It is also known as “lift, tinker, and shift.”

Learn more:

6 Strategies for Migrating Applications to the Cloud - https://aws.amazon.com/blogs/enterprise-strategy/6-strategies-for-migrating-applications-to-the-cloud/

Question 16/30

Which AWS Trusted Advisor category includes checks for high-utilization EC2 instances?

Cost Optimization

Performance *

Security

Fault Tolerance

The correct response option is Performance.

In this category, AWS Trusted Advisor also helps improve the performance of your services by providing recommendations for how to take advantage of provisioned throughput.

The other response options are incorrect because:

The Security category includes checks that help you to review your permissions and identify which AWS security features to enable.
The Cost Optimization category includes checks for unused or idle resources that could be eliminated and provide cost savings.
The Fault Tolerance category includes checks to help you improve your applications’ availability and redundancy.

Learn more:

AWS Trusted Advisor - https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Question 17/30

Which service is used to run containerized applications on AWS?

Amazon Aurora

Amazon Redshift

Amazon SageMaker

Amazon Elastic Kubernetes Service (Amazon EKS) *

The correct response option is Amazon Elastic Kubernetes Service (Amazon EKS).

Amazon EKS is a fully managed service that you can use to run Kubernetes on AWS. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Containers provide you with a standard way to package your application’s code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.

The other response options are incorrect because:

Amazon SageMaker is a service that enables you to quickly build, train, and deploy machine learning models.
Amazon Aurora is an enterprise-class relational database. 
Amazon Redshift is a data warehousing service that you can use for big data analytics.

Learn more:

Amazon EKS - https://aws.amazon.com/eks

Question 18/30

Which tool is used to automate actions for AWS services and applications through scripts?

AWS Snowball

Amazon QLDB

AWS Command Line Interface

Amazon Redshift

The correct response option is AWS Command Line Interface.

The AWS Command Line Interface (AWS CLI) enables you to control multiple AWS services directly from the command line within one tool. For example, you can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.

The other response options are incorrect because:

Amazon Redshift is a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and help you to understand relationships and trends across your data. 
Amazon Quantum Ledger Database (Amazon QLDB) is a ledger database service. You can use Amazon QLDB to review a complete history of all the changes that have been made to your application data.
AWS Snowball is a device that enables you to transfer large amounts of data into and out of AWS.

Learn more:

AWS Command Line Interface - https://aws.amazon.com/cli/

Question 19/30

Which action can you perform in Amazon CloudFront?

Provision resources by using programming languages or a text file.

Provision an isolated section of the AWS Cloud to launch resources in a virtual network that you define.

Run infrastructure in a hybrid cloud approach.

Deliver content to customers through a global network of edge locations. *

The correct response is Deliver content to customers through a global network of edge locations.

Amazon CloudFront is a content delivery service.

It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

The other response options are incorrect because:

Run infrastructure in a hybrid cloud approach - This action can be performed with AWS Outposts. 
Provision resources by using programming languages or a text file - This action can be performed in AWS CloudFormation.
Provision an isolated section of the AWS Cloud to launch resources in a virtual network that you define - This action can be performed in Amazon Virtual Private Cloud (Amazon VPC).

Learn more:

Amazon CloudFront - https://aws.amazon.com/cloudfront

Question 20/30

Which statement best describes AWS Marketplace?

A resource that can answer questions about best practices and assist with troubleshooting issues

A digital catalog that includes thousands of software listings from independent software vendors *

An online tool that inspects your AWS environment and provides real-time guidance in accordance with AWS best practices

A resource that provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications

The correct response option is A digital catalog that includes thousands of listings from independent software vendors.

You can use AWS Marketplace to find, test, and buy software that runs on AWS.

The other response options are incorrect because:

A resource that can answer questions about best practices and assist with troubleshooting issues - This response option describes AWS Support.
A resource that provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications - This response option describes a Technical Account Manager (TAM). 
An online tool that inspects your AWS environment and provides real-time guidance in accordance with AWS best practices - This response option describes AWS Trusted Advisor.

Learn more:

AWS Marketplace - https://aws.amazon.com/marketplace

Question 21/30

You want to store data in a volume that is attached to an Amazon EC2 instance. Which service should you use?

AWS Lambda

Amazon ElastiCache

Amazon Elastic Block Store (Amazon EBS) *

Amazon Simple Storage Service (Amazon S3)

The correct response option is Amazon Elastic Block Store (Amazon EBS).

Amazon EBS provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.

The other response options are incorrect because:

Amazon Simple Storage Service (Amazon S3) is a service that provides object-level storage. Amazon S3 stores data as objects within buckets.
AWS Lambda is a service that lets you run code without provisioning or managing servers.
Amazon ElastiCache is a service that adds caching layers on top of your databases to help improve the read times of common requests.

Learn more:

Amazon EBS - https://aws.amazon.com/ebs

Question 22/30

Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements?

Operational Excellence

Performance Efficiency *

Security

Reliability

The correct response option is Performance Efficiency.

The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

The other responses are incorrect because:

The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value. 
The Security pillar focuses on protecting data, systems, and assets. It also focuses on using cloud technologies to improve the security of your workloads.
The Reliability pillar focuses on the ability of a workload to consistently and correctly perform its intended functions.

Learn more:

AWS Well-Architected Framework - https://docs.aws.amazon.com/wellarchitected/latest/framework/welcome.html

Question 23/30

Which statement is TRUE for AWS Lambda?

Before using AWS Lambda, you must prepay for your estimated compute time.

To use AWS Lambda, you must configure the servers that run your code.

You pay only for compute time while your code is running. *

The first step in using AWS Lambda is provisioning a server.

The correct response option is You pay only for compute time while your code is running.

AWS Lambda is a service that lets you run code without needing to provision or manage servers.

While using AWS Lambda, you pay only for the compute time that you consume. You are charged only when your code is running. With AWS Lambda, you can run code for virtually any type of application or backend service, all with zero administration.

Learn more:

AWS Lambda - https://aws.amazon.com/lambda

Question 24/30

Which service enables you to consolidate and manage multiple AWS accounts from a central location?

AWS Organizations *

AWS Key Management Service (AWS KMS)

AWS Identity and Access Management (IAM)

AWS Artifact

The correct response option is AWS Organizations.

In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). Additionally, you can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.

The other response options are incorrect because:

AWS Identity and Access Management (IAM) is a service that you can use to manage access to AWS services and resources.  
AWS Artifact is a service that enables you to access AWS security and compliance reports and special online agreements.
AWS Key Management Service (AWS KMS) enables you to create, manage, and use cryptographic keys.

Learn more:

AWS Organizations - https://aws.amazon.com/organizations

Question 25/30

Which service enables you to build the workflows that are required for human review of machine learning predictions?

Amazon Lex

Amazon Aurora

Amazon Augmented AI *

Amazon Textract

The correct response option is Amazon Augmented AI.

Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, you can also create your own workflows for machine learning models built on Amazon SageMaker or any other tools.

The other response options are incorrect because:

Amazon Textract is a machine learning service that automatically extracts text and data from scanned documents.
Amazon Lex is a service that enables you to build conversational interfaces using voice and text.
Amazon Aurora is an enterprise-class relational database.

Learn more:

Amazon Augmented AI https://aws.amazon.com/augmented-ai

Question 26/30

Which statement best describes Amazon GuardDuty?

A service that lets you monitor network requests that come into your web applications

A service that provides intelligent threat detection for your AWS infrastructure and resources *

A service that helps protect your applications against distributed denial-of-service (DDoS) attacks

A service that checks applications for security vulnerabilities and deviations from security best practices

The correct response option is A service that provides intelligent threat detection for your AWS infrastructure and resources.

AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within your AWS environment.

The other response options are incorrect because:

A service that helps protect your applications against distributed denial-of-service (DDoS) attacks - This response option describes AWS Shield.
A service that checks applications for security vulnerabilities and deviations from security best practices - This response option describes Amazon Inspector.
A service that lets you monitor network requests that come into your web applications - This response option describes AWS WAF.

Learn more:

Amazon GuardDuty - https://aws.amazon.com/guardduty

Question 27/30

Which tool enables you to visualize, understand, and manage your AWS costs and usage over time?

AWS Pricing Calculator

AWS Artifact

AWS Budgets

AWS Cost Explorer *

The correct response option is AWS Cost Explorer.

With AWS Cost Explorer, you can quickly create custom reports to analyze your AWS cost and usage data.

The other response options are incorrect because:

AWS Budgets lets you set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.
AWS Pricing Calculator lets you explore AWS services and create an estimate for the cost of your use cases on AWS. In the AWS Pricing Calculator, you can enter details for your cloud computing requirements and then receive a detailed estimate that can be exported and shared. 
AWS Artifact is a service that enables you to access AWS security and compliance reports and special online agreements.

Learn more:

AWS Cost Explorer - https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

Question 28/30

Which virtual private cloud (VPC) component controls inbound and outbound traffic for Amazon EC2 instances?

Security group *

Subnet

Network access control list

Internet gateway

The correct response option is security group.

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic should be allowed or denied.

The other response options are incorrect because:

A subnet is a section of a VPC in which you can group resources based on security or operational needs.
A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level.
An internet gateway is a connection between a VPC and the internet. It allows public traffic from the internet to access a VPC.

Learn more:

Security groups for your VPC - https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

Question 29/30

In the S3 Intelligent-Tiering storage class, Amazon S3 moves objects between a frequent access tier and an infrequent access tier. Which storage classes are used for these tiers? (Select TWO.)

Amazon S3 Standard-IA *

Amazon S3 Glacier Flexible Retrieval

Amazon S3 Standard *

Amazon S3 Glacier Deep Archive

Amazon S3 One Zone-IA

The two correct response options are:

Amazon S3 Standard
Amazon S3 Standard-IA 

In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.

Learn more:

Amazon S3 storage classes - https://aws.amazon.com/s3/storage-classes/

Question 30/30

You want Amazon S3 to monitor your objects’ access patterns. Which storage class should you use?

Amazon S3 Glacier Flexible Retrieval

Amazon S3 Standard-IA

Amazon S3 One Zone-IA

Amazon S3 Intelligent-Tiering

The correct response option is Amazon S3 Intelligent-Tiering.

In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.

The other response options are incorrect because:

Amazon S3 Glacier Flexible Retrieval is a low-cost storage class that is ideal for data archiving. You can retrieve objects stored in the Amazon S3 Glacier Flexible Retrieval storage class within a few minutes to a few hours.
The Amazon S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both Amazon S3 Standard and Amazon S3 Standard-IA store data in a minimum of three Availability Zones. Amazon S3 Standard-IA provides the same level of availability as Amazon S3 Standard but at a lower storage price. 
Amazon S3 One Zone-IA is ideal for infrequently accessed data that does not require high availability.

Learn more:

Amazon S3 storage classes - https://aws.amazon.com/s3/storage-classes/