A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the internet from accessing the EC2 instance.
Which AWS managed service allows this?
A. VPC endpoint
B. NAT gateway
C. Amazon PrivateLink
D. VPC peering | NAT gateway |
Which actions are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)
A. Securing the virtualization layer
B. Patching the operating system on Amazon EC2 instances
C. Enforcing a strict password policy for IAM users
D. Patching the operating system on Amazon RDS instances
E. Configuring security groups and network ACLs | Securing the virtualization layer \ Patching the operating system on Amazon RDS instances |
A company is storing data that will not be frequently accessed in the AWS Cloud. If the company needs to access the data, the data needs to be retrieved within 12 hours. The company wants a solution that is cost-effective for storage costs for each gigabyte.
Which Amazon S3 storage class will meet these requirements?
A. S3 Standard
B. S3 Glacier Flexible Retrieval
C. S3 One Zone-Infrequent Access (S3 One Zone-IA)
D. S3 Standard-Infrequent Access (S3 Standard-IA) | S3 Glacier Flexible Retrieval |
Which AWS service or resource can be used to identify services that have been used by a user within a specified date range?
A. Amazon S3 access control lists (ACLs)
B. AWS Certificate Manager (ACM)
C. Network Access Analyzer
D. AWS Identity and Access Management Access Analyzer | AWS Identity and Access Management Access Analyzer |
A company needs to engage third-party consultants to help maintain and support its AWS environment and the company’s business needs.
Which AWS service or resource will meet these requirements?
A. AWS Support
B. AWS Organizations
C. AWS Service Catalog
D. AWS Partner Network (APN) | AWS Partner Network (APN) |
A company wants to create Amazon QuickSight dashboards every week by using its billing data.
Which AWS feature or tool can the company use to meet these requirements?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost and Usage Report
D. AWS Cost Anomaly Detection | AWS Cost and Usage Report |
A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises storage with storage that is cloud-based but locally cached.
Which AWS service meets these requirements?
A. AWS Storage Gateway
B. AWS Snowcone
C. AWS Backup
D. Amazon Elastic File System (Amazon EFS) | AWS Storage Gateway |
A company needs to organize its resources and track AWS costs on a detailed level. The company needs to categorize costs by business department, environment, and application.
Which solution will meet these requirements?
A. Access the AWS Cost Management console to organize resources, set an AWS budget, and receive notifications of unintentional usage.
B. Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level.
C. Create Amazon CloudWatch dashboards to visually organize and track costs individually.
D. Access the AWS Billing and Cost Management dashboard to organize and track resource consumption on a detailed level. | Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level. |
A company needs to plan, schedule, and run hundreds of thousands of computing jobs on AWS.
Which AWS service can the company use to meet this requirement?
A. AWS Step Functions
B. AWS Service Catalog
C. Amazon Simple Queue Service (Amazon SQS)
D. AWS Batch | AWS Batch |
Which AWS services or features provide high availability and low latency by enabling failover across different AWS Regions? (Choose two.)
A. Amazon Route 53
B. Network Load Balancer
C. Amazon S3 Transfer Acceleration
D. AWS Global Accelerator
E. Application Load Balancer | Amazon Route 53
AWS Global Accelerator |
Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS Cloud?
A. Scale the number of EC2 instances in or out automatically, based on demand.
B. Use serverless EC2 instances.
C. Scale the size of EC2 instances up or down automatically, based on demand.
D. Transfer unused CPU resources between EC2 instances. | Scale the number of EC2 instances in or out automatically, based on demand. |
Which abilities are benefits of the AWS Cloud? (Choose two.)
A. Trade variable expenses for capital expenses.
B. Deploy globally in minutes.
C. Plan capacity in advance of deployments.
D. Take advantage of economies of scale.
E. Reduce dependencies on network connectivity. | Deploy globally in minutes.
Take advantage of economies of scale. |
Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations?
A. Amazon Inspector
B. AWS Web Application Firewall (AWS WAF)
C. Elastic Load Balancing (ELB)
D. AWS Shield | AWS Shield |
Which AWS service allows users to model and provision AWS resources using common programming languages?
A. AWS CloudFormation
B. AWS CodePipeline
C. AWS Cloud Development Kit (AWS CDK)
D. AWS Systems Manager | AWS Cloud Development Kit (AWS CDK) |
Which Amazon EC2 instance pricing model can provide discounts of up to 90%?
A. Reserved Instances
B. On-Demand
C. Dedicated Hosts
D. Spot Instances | Spot Instances |
Which of the following acts as an instance-level firewall to control inbound and outbound access?
A. Network access control list
B. Security groups
C. AWS Trusted Advisor
D. Virtual private gateways | Security groups |
A company must be able to develop, test, and launch an application in the AWS Cloud quickly.
Which advantage of cloud computing will meet these requirements?
A. Stop guessing capacity
B. Trade fixed expense for variable expense
C. Achieve economies of scale
D. Increase speed and agility | Increase speed and agility |
A company has teams that have different job roles and responsibilities. The company’s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.
Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?
A. IAM user groups
B. IAM roles
C. IAM instance profiles
D. IAM policies for individual users | IAM roles |
Which AWS service can a company use to securely store and encrypt passwords for a database?
A. AWS Shield
B. AWS Secrets Manager
C. AWS Identity and Access Management (IAM)
D. Amazon Cognito | AWS Secrets Manager |
What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them as evidence to an auditor or regulator?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS Artifact
D. Amazon Inspector | AWS Artifact |
Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)
A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
B. Server-side encryption with AWS KMS managed keys (SSE-KMS)
C. TLS
D. SSL
E. Transparent Data Encryption (TDE) | Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)
Server-side encryption with AWS KMS managed keys (SSE-KMS) |
A company wants to integrate its online shopping website with social media login credentials.
Which AWS service can the company use to make this integration?
A. AWS Directory Service
B. AWS Identity and Access Management (IAM)
C. Amazon Cognito
D. AWS IAM Identity Center (AWS Single Sign-On | . Amazon Cognito |
Which AWS service is used to track, record, and audit configuration changes made to AWS resources?
A. AWS Shield
B. AWS Config
C. AWS IAM
D. Amazon Inspector | AWS Config |
A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed?
A. 3 hours, 5 minutes
B. 3 hours, 5 minutes, and 6 seconds
C. 3 hours, 6 minutes
D. 4 hours | C. 3 hours, 6 minutes |
Which AWS services provide a way to extend an on-premises architecture to the AWS Cloud? (Choose two.)
A. Amazon EBS
B. AWS Direct Connect
C. Amazon CloudFront
D. AWS Storage Gateway
E. Amazon Connect | AWS Direct Connect
Amazon Connect |
A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the AWS Cloud.
Which AWS service or tool will meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Control Tower
D. Migration Evaluator | Migration Evaluator |
A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify billing processes.
Which AWS service or tool should the company use to meet these requirements?
A. AWS Organizations
B. Cost Explorer
C. AWS Budgets
D. AWS Trusted Advisor | AWS Organizations |
A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services and general AWS infrastructure are operating normally.
Which combination of AWS services can the company use to gather the required information? (Choose two.)
A. AWS Personal Health Dashboard
B. AWS Systems Manager
C. AWS Trusted Advisor
D. AWS Service Health Dashboard
E. AWS Service Catalog | AWS Personal Health Dashboard
AWS Service Health Dashboard |
A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS.
Which AWS service or tool should the company use to meet this requirement?
A. Cloud Adoption Readiness Tool
B. AWS Migration Hub
C. AWS Database Migration Service (AWS DMS)
D. AWS Application Migration Service | AWS Database Migration Service (AWS DMS) |
Which cloud concept is demonstrated by using AWS Compute Optimizer?
A. Security validation
B. Rightsizing
C. Elasticity
D. Global reach | Rightsizing |
A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered sensitive.
Which AWS service will meet the requirement?
A. Amazon Inspector
B. Amazon Macie
C. AWS Identity and Access Management (IAM)
D. Amazon CloudWatch | Amazon Macie |
A user has a stateful workload that will run on Amazon EC2 for the next 3 years.
What is the MOST cost-effective pricing model for this workload?
A. On-Demand Instances
B. Reserved Instances
C. Dedicated Instances
D. Spot Instances | Reserved Instances |
Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
A. AWS Support
B. AWS customers
C. AWS Key Management Service (AWS KMS)
D. AWS Trusted Advisor | AWS customers |
Which AWS service identifies security groups that allow unrestricted access to a user's AWS resources?
A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon CloudWatch
D. Amazon Inspector | AWS Trusted Advisor |
A company is planning to host its workloads on AWS.
Which AWS service requires the company to update and patch the guest operating system?
A. Amazon DynamoDB
B. Amazon S3
C. Amazon EC2
D. Amazon Aurora | Amazon EC2 |
Which AWS service or feature will search for and identify AWS resources that are shared externally?
A. Amazon OpenSearch Service
B. AWS Control Tower
C. AWS IAM Access Analyzer
D. AWS Fargate | AWS IAM Access Analyzer |
Which benefit of the AWS Cloud supports matching the supply of resources with changing workload demands?
A. Security
B. Reliability
C. Elasticity
D. High availability | Elasticity |
At what support level do users receive access to a support concierge?
A. Basic Support
B. Developer Support
C. Business Support
D. Enterprise Support | Enterprise Support |
Which AWS service can a company use to visually design and build serverless applications?
A. AWS Lambda
B. AWS Batch
C. AWS Application Composer
D. AWS App Runner | AWS Application Composer |
A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS.
Where can the company purchase the security solution?
A. AWS Partner Solutions Finder
B. AWS Support Center
C. AWS Management Console
D. AWS Marketplace | AWS Marketplace |
A company has deployed an Amazon EC2 instance.
Which option is an AWS responsibility under the AWS shared responsibility model?
A. Managing and encrypting application data
B. Installing updates and security patches of guest operating system
C. Configuration of infrastructure devices
D. Configuration of security groups on each instance | Configuration of infrastructure devices |
A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.
Which AWS service or resource will meet these requirements with the LEAST management overhead?
A. PostgreSQL on Amazon EC2
B. Amazon RDS for PostgreSQL
C. Amazon Aurora PostgreSQL-Compatible Edition
D. Amazon Aurora Serverless | Amazon Aurora Serverless |
A company is using Amazon DynamoDB for its application database.
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)
A. Classify data.
B. Configure access permissions.
C. Manage encryption options.
D. Provide public endpoints to store and retrieve data.
E. Manage the infrastructure layer and the operating system. | Provide public endpoints to store and retrieve data.
Manage the infrastructure layer and the operating system. |
What are the benefits of using the AWS Cloud for companies with customers in many countries around the world? (Choose two.)
A. Companies can deploy applications in multiple AWS Regions to reduce latency.
B. Amazon Translate automatically translates third-party website interfaces into multiple languages.
C. Amazon CloudFront has multiple edge locations around the world to reduce latency.
D. Amazon Comprehend allows users to build applications that can respond to user requests in many languages.
E. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around the world, which reduces latency. | Companies can deploy applications in multiple AWS Regions to reduce latency.
Amazon CloudFront has multiple edge locations around the world to reduce latency. |
What is a benefit of moving to the AWS Cloud in terms of improving time to market?
A. Decreased deployment speed
B. Increased application security
C. Increased business agility
D. Increased backup capabilities | Increased business agility |
A company wants to improve its security posture by reviewing user activity through API calls.
Which AWS service will meet this requirement?
A. AWS WAF
B. Amazon Detective
C. Amazon CloudWatch
D. AWS CloudTrail | AWS CloudTrail |
When a company provisions web servers in multiple AWS Regions, what is being increased?
A. Coupling
B. Availability
C. Security
D. Durability | Availability |
A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instances.
Which action should the company take to assess its readiness to scale for this launch?
A. Replace the EC2 instances with AWS Lambda functions.
B. Use AWS Infrastructure Event Management (IEM) support.
C. Submit a request on AWS Marketplace to monitor the event.
D. Review the coverage reports in the AWS Cost Management console. | Use AWS Infrastructure Event Management (IEM) support. |
Under the AWS shared responsibility model, AWS is responsible for which security-related task?
A. Lifecycle management of IAM credentials
B. Physical security of global infrastructure
C. Encryption of Amazon EBS volumes
D. Firewall configuration | Physical security of global infrastructure |
A company wants a time-series database service that makes it easier to store and analyze trillions of events each day.
Which AWS service will meet this requirement?
A. Amazon Neptune
B. Amazon Timestream
C. Amazon Forecast
D. Amazon DocumentDB (with MongoDB compatibility) | Amazon Timestream |
Which option is a shared control between AWS and the customer, according to the AWS shared responsibility model?
A. Configuration management
B. Physical and environmental controls
C. Data integrity authentication
D. Identity and access management | Configuration management |
A company often does not use all of its current Amazon EC2 capacity to run stateless workloads. The company wants to optimize its EC2 costs.
Which EC2 instance type will meet these requirements?
A. Spot Instances
B. Dedicated Instances
C. Reserved Instances
D. On-Demand Instances | Spot Instances |
A company wants to store data in Amazon S3. The company rarely access the data, and the data can be regenerated if necessary. The company wants to store the data in the most cost-effective storage class.
Which S3 storage class will meet this requirement?
A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Standard-Infrequent Access (S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA) | S3 One Zone-Infrequent Access (S3 One Zone-IA) |
A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely. Which AWS service or framework should the company use for operational support?
A. AWS Support
B. AWS Cloud Adoption Framework (AWS CAF)
C. AWS Managed Services (AMS)
D. AWS Well-Architected Framework | AWS Managed Services (AMS) |
A company wants to provision and manage its AWS infrastructure by using the common programming languages Typescript, Python, Java, and .NET.
Which AWS service will meet this requirement?
A. AWS CodeBuild
B. AWS CloudFormation
C. AWS CLI
D. AWS Cloud Development Kit (AWS CDK) | AWS CodeBuild |
Which Amazon EC2 pricing model provides the MOST cost savings for an always-up, right-sized database server running for a project that will last 1 year?
A. On-Demand Instances
B. Convertible Reserved Instances
C. Spot Instances
D. Standard Reserved Instances | Standard Reserved Instances |
A company wants to migrate its applications to a VPC on AWS. These applications will need to access on-premises resources.
What combination of actions will enable the company to accomplish this goal? (Choose two.)
A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated.
B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC.
C. Use Amazon Athena to query data from the on-premises database servers.
D. Connect the company's on-premises data center to AWS using AWS Direct Connect.
E. Leverage Amazon CloudFront to restrict access to static web content provided through the company's on-premises web servers. | Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC.
Connect the company's on-premises data center to AWS using AWS Direct Connect. |
A company is using the AWS Free Tier for several AWS services for an application.
What will happen if the Free Tier usage period expires or if the application use exceeds the Free Tier usage limits?
A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage.
B. AWS Support will contact the company to set up standard service charges.
C. The company will be charged for the services it consumed during the Free Tier period, plus additional charges for service consumption after the Free Tier period.
D. The company's AWS account will be frozen and can be restarted after a payment plan is established. | The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free Tier usage. |
A company wants to monitor its workload performance. The company wants to ensure that the cloud services are delivered at a level that meets its business needs.
Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?
A. Business
B. Governance
C. Platform
D. Operations | Operations |
A company wants to migrate its applications to the AWS Cloud. The company plans to identify and prioritize any business transformation opportunities and evaluate its AWS Cloud readiness.
Which AWS service or tool should the company use to meet these requirements?
A. AWS Cloud Adoption Framework (AWS CAF)
B. AWS Managed Services (AMS)
C. AWS Well-Architected Framework
D. AWS Migration Hub | AWS Cloud Adoption Framework (AWS CAF) |
Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL?
A. AWS Glue
B. AWS Data Pipeline
C. Amazon CloudSearch
D. Amazon Athena | Amazon Athena |
AWS CloudFormation is designed to help the user:
A. model and provision resources.
B. update application code.
C. set up data lakes.
D. create reports for billing. | model and provision resources. |
Which of the following is an AWS database service?
A. Amazon Redshift
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3 Glacier
D. AWS Snowball | Amazon Redshift |
Which of the following is a managed AWS service that is used specifically for extract, transform, and load (ETL) data?
A. Amazon Athena
B. AWS Glue
C. Amazon S3
D. AWS Snowball Edge | AWS Glue |
A company wants to migrate petabytes of data from its on-premises data center to AWS. The company does not want to use an internet connection to perform the migration.
Which AWS service will meet these requirements?
A. AWS DataSync
B. Amazon Connect
C. AWS Snowmobile
D. AWS Direct Connect | AWS Snowmobile |
A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.
Which AWS offering will meet these requirements?
A. Amazon EventBridge
B. Compute Savings Plans
C. AWS Budgets
D. Migration Evaluator | AWS Budgets |
How can a company isolate the costs of production and non-production workloads on AWS?
A. Create Identity and Access Management (IAM) roles for production and non-production workloads.
B. Use different accounts for production and non-production expenses.
C. Use Amazon EC2 for non-production workloads and other services for production workloads.
D. Use Amazon CloudWatch to monitor the use of services. | Use different accounts for production and non-production expenses. |
A company wants to run a simulation for 3 years without interruptions.
Which Amazon EC2 instance purchasing option will meet these requirements MOST cost-effectively?
A. Spot Instances
B. Reserved Instances
C. Dedicated Hosts
D. On-Demand Instances | Reserved Instances |
Which AWS service or resource can provide discounts on some AWS service costs in exchange for a spending commitment?
A. Amazon Detective
B. AWS Pricing Calculator
C. Savings Plans
D. Basic Support | Savings Plans |
Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)
A. High availability
B. Performance efficiency
C. Cost optimization
D. Going global in minutes
E. Continuous development | Performance efficiency
Cost optimization |
A company wants to use Amazon EC2 instances to provide a static website to users all over the world. The company needs to minimize latency for the users.
Which solution meets these requirements?
A. Use EC2 instances in multiple edge locations.
B. Use EC2 instances in the same Availability Zone but in different AWS Regions.
C. Use Amazon CloudFront with the EC2 instances configured as the source.
D. Use EC2 instances in the same Availability Zone but in different AWS accounts. | Use Amazon CloudFront with the EC2 instances configured as the source. |
A team of researchers is going to collect data at remote locations around the world. Many locations do not have internet connectivity. The team needs to capture the data in the field, and transfer it to the AWS Cloud later.
Which AWS service will support these requirements?
A. AWS Outposts
B. AWS Transfer Family
C. AWS Snow Family
D. AWS Migration Hub | AWS Snow Family |
What should users do if they want to install an application in geographically isolated locations?
A. Install the application using multiple internet gateways.
B. Deploy the application to an Amazon VPC.
C. Deploy the application to multiple AWS Regions.
D. Configure the application using multiple NAT gateways. | Deploy the application to multiple AWS Regions. |
A company has decided to adopt Amazon EC2 infrastructure and wants to scale various stateless services for short-term usage.
Which EC2 pricing model is MOST cost-efficient to meet these requirements?
A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Dedicated Hosts | Spot Instances |
A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system.
Which AWS service can fulfill this requirement?
A. AWS Direct Connect
B. AWS VPN
C. Amazon Connect
D. AWS Data Pipeline | AWS Direct Connect |
A company wants to save costs by archiving data that is no longer frequently accessed by end users.
Which Amazon S3 feature will meet this requirement?
A. S3 Versioning
B. S3 Lifecycle
C. S3 Object Lock
D. S3 Inventory | S3 Lifecycle |
Which cloud computing advantage is a company applying when it uses AWS Regions to increase application availability to users in different countries?
A. Pay-as-you-go pricing
B. Capacity forecasting
C. Economies of scale
D. Global reach | Global reach |
A company wants an AWS service to collect and process 10 TB of data locally and transfer the data to AWS. The company has intermittent connectivity.
Which AWS service will meet these requirements?
A. AWS Database Migration Service (AWS DMS)
B. AWS DataSync
C. AWS Backup
D. AWS Snowball Edge | AWS Snowball Edge |
Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?
A. Go global in minutes.
B. Make frequent, small, reversible changes.
C. Implement a strong foundation of identity and access management
D. Stop spending money on hardware infrastructure for data center operations. | Make frequent, small, reversible changes. |
What is a benefit of using AWS serverless computing?
A. Application deployment and management are not required.
B. Application security will be fully managed by AWS.
C. Monitoring and logging are not needed.
D. Management of infrastructure is offloaded to AWS. | Management of infrastructure is offloaded to AWS. |
A developer wants AWS users to access AWS services by using temporary security credentials.
Which AWS service or feature should the developer use to provide these credentials?
A. IAM policies
B. IAM user groups
C. AWS Security Token Service (AWS STS)
D. AWS IAM Identity Center (AWS Single Sign-On) | AWS Security Token Service (AWS STS) |
A global company wants to use a managed security service for protection from SQL injection attacks. The service also must provide detailed logging information about access to the company's ecommerce applications.
Which AWS service will meet these requirements?
A. AWS Network Firewall
B. Amazon RDS for SQL Server
C. Amazon GuardDuty
D. AWS WAF | AWS WAF |
A company is migrating its on-premises server to an Amazon EC2 instance. The server must stay active at all times for the next 12 months.
Which EC2 pricing option is the MOST cost-effective for the company's workload?
A. On-Demand
B. Dedicated Hosts
C. Spot Instances
D. Reserved Instances | Reserved Instances |
Which of the following is the customer's responsibility under the AWS shared responsibility model? (Choose two.)
A. Maintain the configuration of infrastructure devices.
B. Maintain patching and updates within the hardware infrastructure.
C. Maintain the configuration of guest operating systems and applications.
D. Manage decisions involving encryption options.
E. Maintain infrastructure hardware. | Maintain the configuration of guest operating systems and applications.
Manage decisions involving encryption options. |
A company wants to verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts.
Which AWS service or resource will meet this requirement?
A. AWS Cost and Usage Report
B. IAM credential reports
C. AWS Artifact
D. Amazon CloudFront reports | IAM credential reports |
A company uses AWS security services and tools. The company needs a service to help manage the security alerts and must organize the alerts into a single dashboard.
Which AWS service should the company use to meet these requirements?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Security Hub | WS Security Hub |
A company wants to run its workloads in the AWS Cloud effectively, reduce management overhead, and improve processes.
Which AWS Well-Architected Framework pillar represents these requirements?
A. Reliability
B. Operational excellence
C. Performance efficiency
D. Cost optimization | Operational excellence |
A company uses Amazon S3 to store records that can contain personally identifiable information (PII). The company wants a solution that can monitor all S3 buckets for PII and immediately alert staff about vulnerabilities.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. Amazon Detective
C. Amazon Macie
D. AWS Shield | Amazon Macie |
Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand?
A. Amazon GuardDuty
B. AWS Security Hub
C. AWS Artifact
D. AWS Shield | AWS Artifact |
An external auditor has requested that a company provide a list of all its IAM users, including the status of users' credentials and access keys.
What is the SIMPLEST way to provide this information?
A. Create an IAM user account for the auditor, granting the auditor administrator permissions.
B. Take a screenshot of each user's page in the AWS Management Console, then provide the screenshots to the auditor.
C. Download the IAM credential report, then provide the report to the auditor.
D. Download the AWS Trusted Advisor report, then provide the report to the auditor. | Download the IAM credential report, then provide the report to the auditor. |
Which task can a company perform by using security groups in the AWS Cloud?
A. Allow access to an Amazon EC2 instance through only a specific port.
B. Deny access to malicious IP addresses at a subnet level.
C. Protect data that is cached by Amazon CloudFront.
D. Apply a stateless firewall to an Amazon EC2 instance. | Allow access to an Amazon EC2 instance through only a specific port. |
A company plans to run a compute-intensive workload that uses graphics processing units (GPUs).
Which Amazon EC2 instance type should the company use?
A. Accelerated computing
B. Compute optimized
C. Storage optimized
D. General purpose | Accelerated computing |
Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.)
A. They are stateless.
B. They are stateful.
C. They evaluate all rules before allowing traffic.
D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.
E. They operate at the instance level. | They are stateless
They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic. |
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Choose two.)
A. Performance and capacity management
B. Data engineering
C. Continuous integration and continuous delivery (CI/CD)
D. Infrastructure protection
E. Change and release management | Change and release management
Continuous integration and continuous delivery (CI/CD) |
According to the AWS shared responsibility model, the customer is responsible for applying the latest security updates and patches for which of the following?
A. Amazon DynamoDB
B. Amazon EC2 instances
C. Amazon RDS instances
D. Amazon S3 | Amazon EC2 instances |
Which Amazon S3 storage class is MOST cost-effective for unknown access patterns?
A. S3 Standard
B. S3 Standard-Infrequent Access (S3 Standard-IA)
C. S3 One Zone-Infrequent Access (S3 One Zone-IA)
D. S3 Intelligent-Tiering | S3 Intelligent-Tiering |
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity | Incident response
Infrastructure protection |
A company has a managed IAM policy that does not grant the necessary permissions for users to accomplish required tasks.
How can this be resolved?
A. Enable AWS Shield Advanced.
B. Create a custom IAM policy.
C. Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace.
D. Use AWS Key Management Service (AWS KMS) to create a customer-managed key. | Create a custom IAM policy. |
Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model?
A. IAM access and secret keys are static, so there is no need to rotate them.
B. The customer is responsible for rotating keys.
C. AWS will rotate the keys whenever required.
D. The AWS Support team will rotate keys when requested by the customer. | The customer is responsible for rotating keys. |
A company needs to run a pre-installed third-party firewall on an Amazon EC2 instance.
Which AWS service or feature can provide this solution?
A. Network ACLs
B. Security groups
C. AWS Marketplace
D. AWS Trusted Advisor | AWS Marketplace |
Which AWS Cloud benefit gives a company the ability to quickly deploy cloud resources to access compute, storage, and database infrastructures in a matter of minutes?
A. Elasticity
B. Cost savings
C. Agility
D. Reliability | Agility |
Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?
A. Security awareness and training
B. Development of an IAM password policy
C. Patching of the guest operating system
D. Physical and environmental controls | Physical and environmental controls |
Which of the following is a characteristic of the AWS account root user?
A. The root user is the only user that can be configured with multi-factor authentication (MFA).
B. The root user is the only user that can access the AWS Management Console.
C. The root user is the first sign-in identity that is available when an AWS account is created.
D. The root user has a password that cannot be changed. | The root user is the first sign-in identity that is available when an AWS account is created. |
An Amazon EC2 instance previously used for development is inaccessible and no longer appears in the AWS Management Console.
Which AWS service should be used to determine what action made this EC2 instance inaccessible?
A. Amazon CloudWatch Logs
B. AWS Security Hub
C. Amazon Inspector
D. AWS CloudTraiI | AWS CloudTraiI |
A company's application developers need to quickly provision and manage AWS services by using scripts.
Which AWS offering should the developers use to meet these requirements?
A. AWS CLI
B. AWS CodeBuild
C. AWS Cloud Adoption Framework (AWS CAF)
D. AWS Systems Manager Session Manager | AWS CLI |
A company wants to migrate unstructured data to AWS. The data needs to be securely moved with inflight encryption and end-to-end data validation.
Which AWS service will meet these requirements?
A. AWS Application Migration Service
B. Amazon Elastic File System (Amazon EFS)
C. AWS DataSync
D. AWS Migration Hub | AWS DataSync |
A development team wants to deploy multiple test environments for an application in a fast, repeatable manner.
Which AWS service should the team use?
A. Amazon EC2
B. AWS CloudFormation
C. Amazon QuickSight
D. Amazon Elastic Container Service (Amazon ECS) | AWS CloudFormation Most Voted |
A company wants to quickly implement a continuous integration/continuous delivery (CI/CD) pipeline.
Which AWS service will meet this requirement?
A. AWS Config
B. Amazon Cognito
C. AWS DataSync
D. AWS CodeStar | AWS CodeStar |
Which AWS Cloud deployment model uses AWS Outposts as part of the application deployment infrastructure?
A. On-premises
B. Serverless
C. Cloud-native
D. Hybrid | Hybrid |
Which of the following is a fully managed graph database service on AWS?
A. Amazon Aurora
B. Amazon FSx
C. Amazon DynamoDB
D. Amazon Neptune | Amazon Neptune |
Which AWS service could an administrator use to provide desktop environments for several employees?
A. AWS Organizations
B. AWS Fargate
C. AWS WAF
D. AWS WorkSpaces | AWS WorkSpaces |
Which AWS service or feature gives users the ability to capture information about network traffic in a VPC?
A. VPC Flow Logs
B. Amazon Inspector
C. VPC route tables
D. AWS CloudTrail | VPC Flow Logs |
Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon EC2 instance store
C. Amazon Elastic File System (Amazon EFS)
D. Amazon S3 | Amazon EC2 instance store |
A company wants to provide access to Windows file shares in AWS from its on-premises workloads. The company does not want to provision any additional infrastructure or applications in its data center.
Which AWS service will meet these requirements?
A. Amazon FSx File Gateway
B. AWS DataSync
C. Amazon S3
D. AWS Snow Family | Amazon FSx File Gateway |
A company wants durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost.
Which AWS service should the company choose?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon S3
C. AWS Storage Gateway
D. Amazon Elastic File System (Amazon EFS) | Amazon S3 |
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2 instances based on CPU utilization.
Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?
A. Amazon Simple Queue Service (Amazon SQS)
B. Amazon Simple Notification Service (Amazon SNS)
C. AWS Systems Manager
D. Amazon CloudWatch alarm | Amazon CloudWatch alarm |
A company wants to transform its workforce by attracting and developing a digitally fluent high-performance workforce. The company wants to attract a diverse and inclusive workforce with appropriate mix of technical and non-technical skills.
Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?
A. Business
B. People
C. Platform
D. Operations | People |
A company wants to move its on-premises databases to managed cloud database services by using a simplified migration process.
Which AWS service or tool can help the company meet this requirement?
A. AWS Storage Gateway
B. AWS Application Migration Service
C. AWS DataSync
D. AWS Database Migration Service (AWS DMS) | AWS Database Migration Service (AWS DMS) |
A company needs a fully managed file server that natively supports Microsoft workloads and file systems. The file server must also support the SMB protocol.
Which AWS service should the company use to meet these requirements?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon FSx for Lustre
C. Amazon FSx for Windows File Server
D. Amazon Elastic Block Store (Amazon EBS) | Amazon FSx for Windows File Server |
A company has been storing monthly reports in an Amazon S3 bucket. The company exports the report data into comma-separated values (.csv) files. A developer wants to write a simple query that can read all of these files and generate a summary report.
Which AWS service or feature should the developer use to meet these requirements with the LEAST amount of operational overhead?
A. Amazon S3 Select
B. Amazon Athena
C. Amazon Redshift
D. Amazon EC2 | Amazon Athena |
Which AWS feature provides a no-cost platform for AWS users to join community groups, ask questions, find answers, and read community-generated articles about best practices?
A. AWS Knowledge Center
B. AWS re:Post
C. AWS IQ
D. AWS Enterprise Support | AWS re:Post |
Which element of the AWS global infrastructure consists of one or more discrete data centers, each with redundant power, networking, and connectivity, which are housed in separate facilities?
A. AWS Regions
B. Availability Zones
C. Edge locations
D. Amazon CloudFront | Availability Zones |
Which AWS services make use of global edge locations? (Choose two.)
A. AWS Fargate
B. Amazon CloudFront
C. AWS Global Accelerator
D. AWS Wavelength
E. Amazon VPC | AWS Global Accelerator
AWS Wavelength |
A user needs a relational database but does not have the resources to manage the hardware, resiliency, and replication.
Which AWS service option meets the user's requirements?
A. Run MySQL on Amazon Elastic Container Service (Amazon ECS).
B. Run MySQL on Amazon EC2.
C. Choose Amazon RDS for MySQL.
D. Choose Amazon ElastiCache for Redis. | Choose Amazon RDS for MySQL. |
A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to minimize the complexity that is related to the management of AWS resources.
Which AWS service should the company use to meet these requirements?
A. AWS Config
B. AWS Elastic Beanstalk
C. Amazon EC2
D. Amazon Personalize | AWS Elastic Beanstalk |
Which mechanism allows developers to access AWS services from application code?
A. AWS Software Development Kit
B. AWS Management Console
C. AWS CodePipeline
D. AWS Config | AWS Software Development Kit |
A company is migrating to the AWS Cloud. The company wants to understand and identify potential security misconfigurations or unexpected behaviors. The company wants to prioritize any protective controls it might need.
Which AWS Cloud Adoption Framework (AWS CAF) security perspective capability will meet these requirements?
A. Identity and access management
B. Threat detection
C. Platform engineering
D. Availability and continuity management | Threat detection |
A company wants to establish a private network connection between AWS and its corporate network.
Which AWS service or feature will meet this requirement?
A. Amazon Connect
B. Amazon Route 53
C. AWS Direct Connect
D. VPC peering | AWS Direct Connect |
Which AWS services or features give users the ability to create a network connection between two VPCs? (Choose two.)
A. VPC endpoints
B. Amazon Route 53
C. VPC peering
D. AWS Direct Connect
E. AWS Transit Gateway | VPC peering
AWS Transit Gateway |
Which AWS service converts text to lifelike voices?
A. Amazon Transcribe
B. Amazon Rekognition
C. Amazon Polly
D. Amazon Textract | Amazon Polly |
A company wants to use application stacks to run a workload in the AWS Cloud. The company wants to use pre-configured instances.
Which AWS service will meet these requirements?
A. Amazon Lightsail
B. Amazon Athena
C. AWS Outposts
D. Amazon EC2 | Amazon Lightsail |
Which AWS services are supported by Savings Plans? (Choose two.)
A. Amazon EC2
B. Amazon RDS
C. Amazon SageMaker
D. Amazon Redshift
E. Amazon DynamoDB | Amazon EC2
Amazon SageMaker |
Which AWS service or tool can provide rightsizing recommendations for Amazon EC2 resources at no additional cost?
A. AWS Well-Architected Tool
B. Amazon CloudWatch
C. AWS Cost Explorer
D. Amazon S3 analytics | AWS Cost Explorer |
A company operates a petabyte-scale data warehouse to analyze its data. The company wants a solution that will not require manual hardware and software management.
Which AWS service will meet these requirements?
A. Amazon DocumentDB (with MongoDB compatibility)
B. Amazon Redshift
C. Amazon Neptune
D. Amazon ElastiCache | Amazon Redshift |
A library wants to automate the classification of electronic books based on the contents of the books.
Which AWS service should the library use to meet this requirement?
A. Amazon Redshift
B. Amazon CloudSearch
C. Amazon Comprehend
D. Amazon Aurora | Amazon Comprehend |
Which task is a responsibility of AWS, according to the AWS shared responsibility model?
A. Encryption of application data
B. Authentication of application users
C. Protection of physical network infrastructure
D. Configuration of firewalls | Protection of physical network infrastructure |
Which options are AWS Cloud Adoption Framework (AWS CAF) cloud transformation journey recommendations? (Choose two.)
A. Envision phase
B. Align phase
C. Assess phase
D. Mobilize phase
E. Migrate and modernize phase | Envision phase
Mobilize phase |
A company wants to generate a list of IAM users. The company also wants to view the status of various credentials that are associated with the users, such as password, access keys, and multi-factor authentication (MFA) devices.
Which AWS service or feature will meet these requirements?
A. IAM credential report
B. AWS IAM Identity Center (AWS Single Sign-On)
C. AWS Identity and Access Management Access Analyzer
D. AWS Cost and Usage Report | IAM credential report |
A company is designing its AWS workloads so that components can be updated regularly and so that changes can be made in small, reversible increments.
Which pillar of the AWS Well-Architected Framework does this design support?
A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability | Operational excellence |
A company wants to track tags, buckets, and prefixes for its Amazon S3 objects.
Which S3 feature will meet this requirement?
A. S3 Inventory report
B. S3 Lifecycle
C. S3 Versioning
D. S3 ACLs | S3 Inventory report |
A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of credentials.
Which AWS service or resource will meet this requirement?
A. AWS Organizations
B. IAM user
C. AWS IAM Identity Center (AWS Single Sign-On)
D. AWS Control Tower | AWS IAM Identity Center (AWS Single Sign-On) |
A company created an Amazon EC2 instance. The company wants to control the incoming and outgoing network traffic at the instance level.
Which AWS resource or service will meet this requirement?
A. AWS Shield
B. Security groups
C. Network Access Analyzer
D. VPC endpoints | Security groups |
A company wants to use the AWS Cloud to deploy an application globally.
Which architecture deployment model should the company use to meet this requirement?
A. Multi-Region
B. Single-Region
C. Multi-AZ
D. Single-AZ | Multi-Region |
A company wants a web application to interact with various AWS services.
Which AWS service or resource will meet this requirement?
A. AWS CloudShell
B. AWS Marketplace
C. AWS Management Console
D. AWS CLI | AWS Management Console |
A company is migrating its applications from on-premises to the AWS Cloud. The company wants to ensure that the applications are assigned only the minimum permissions that are needed to perform all operations.
Which AWS service will meet these requirements?
A. AWS Identity and Access Management (IAM)
B. Amazon CloudWatch
C. Amazon Macie
D. Amazon GuardDuty | AWS Identity and Access Management (IAM) |
Which options are AWS Cloud Adoption Framework (AWS CAF) governance perspective capabilities? (Choose two.)
A. Identity and access management
B. Cloud financial management
C. Application portfolio management
D. Innovation management
E. Product management | Identity and access management
Cloud financial management |
Which AWS service provides a single location to track the progress of application migrations?
A. AWS Application Discovery Service
B. AWS Application Migration Service
C. AWS Service Catalog
D. AWS Migration Hub | AWS Migration Hub |
A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon Machine Image (AMI).
Which actions can a system administrator take to connect to the EC2 instance? (Choose two.)
A. Use Amazon EC2 Instance Connect.
B. Use a Remote Desktop Protocol (RDP) connection.
C. Use AWS Batch.
D. Use AWS Systems Manager Session Manager.
E. Use Amazon Connect. | Use Amazon EC2 Instance Connect.
Use AWS Systems Manager Session Manager. |
Which architecture concept describes the ability to deploy resources on demand and release resources when they are no longer needed?
A. High availability
B. Decoupled architecture
C. Resilience
D. Elasticity | Elasticity |
Which task requires a user to sign in as the AWS account root user?
A. The deletion of IAM users
B. The deletion of an AWS account
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances | the deletion of an AWS account |
What does the Amazon S3 Intelligent-Tiering storage class offer?
A. Payment flexibility by reserving storage capacity
B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure, durable, and lowest cost storage for data archival | Automatic cost savings by moving objects between tiers based on access pattern changes |
A company needs Amazon EC2 instances for a workload that can tolerate interruptions.
Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-Demand prices?
A. Spot Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Dedicated Hosts | Spot Instances |
A company is planning to migrate to the AWS Cloud. The company wants to identify measurable business outcomes that will explain the value of the company's decision to migrate.
Which phase of the cloud transformation journey includes these activities?
A. Envision
B. Align
C. Scale
D. Launch | Envision |
Which AWS service or component allows inbound traffic from the internet to access a VPC?
A. Internet gateway
B. NAT gateway
C. AWS WAF
D. VPC peering | Internet gateway |
Which AWS service can companies use to create infrastructure from code?
A. Amazon Elastic Kubernetes Service (Amazon EKS)
B. AWS Outposts
C. AWS CodePipeline
D. AWS CloudFormation | AWS CloudFormation |
Which guideline is a well-architected design principle for building cloud applications?
A. Keep static data closer to compute resources.
B. Provision resources for peak capacity.
C. Design for automated recovery from failure.
D. Use tightly coupled components. | Design for automated recovery from failure. |
A company needs to move 75 petabytes of data from its on-premises data centers to AWS.
Which AWS service should the company use to meet these requirements MOST cost-effectively?
A. AWS Snowball Edge Storage Optimized
B. AWS Snowmobile
C. AWS Direct Connect
D. AWS Storage Gateway | AWS Snowmobile |
Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)
A. Resource scalability
B. Performance efficiency
C. System elasticity
D. Agile development
E. Operational excellence | Performance efficiency
Operational excellence |
A company needs to connect its on-premises data center to the AWS Cloud. The company needs a dedicated, low-latency connection with consistent network performance.
Which AWS service will meet these requirements?
A. AWS Global Accelerator
B. Amazon CloudFront
C. AWS Direct Connect
D. AWS Managed VPN | AWS Direct Connect |
Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Choose two.)
A. Maximize utilization of Amazon EC2 instances.
B. Minimize utilization of Amazon EC2 instances.
C. Minimize usage of managed services.
D. Force frequent application reinstallations by users.
E. Reduce the need for users to reinstall applications. | Maximize utilization of Amazon EC2 instances.
Reduce the need for users to reinstall applications. |
In which ways does the AWS Cloud offer lower total cost of ownership (TCO) of computing resources than on-premises data centers? (Choose two.)
A. AWS replaces upfront capital expenditures with pay-as-you-go costs.
B. AWS is designed for high availability, which eliminates user downtime.
C. AWS eliminates the need for on-premises IT staff.
D. AWS uses economies of scale to continually reduce prices.
E. AWS offers a single pricing model for Amazon EC2 instances. | AWS replaces upfront capital expenditures with pay-as-you-go costs.
AWS uses economies of scale to continually reduce prices. |
A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data must remain local and on premises. There must be low latency between AWS and the company resources.
Which AWS service or feature can be used to meet these requirements?
A. AWS Local Zones
B. Availability Zones
C. AWS Outposts
D. AWS Wavelength Zones | AWS Outposts |
Which of the following AWS services are serverless? (Choose two.)
A. AWS Outposts
B. Amazon EC2
C. Amazon Elastic Kubernetes Service (Amazon EKS)
D. AWS Fargate
E. AWS Lambda | AWS Fargate
AWS Lambda |
When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS, which Amazon EC2 instance type is required?
A. Spot Instances
B. Dedicated Instances
C. Dedicated Hosts
D. Reserved Instances | Dedicated Hosts |
A solutions architect needs to maintain a fleet of Amazon EC2 instances so that any impaired instances are replaced with new ones.
Which AWS service should the solutions architect use?
A. Amazon Elastic Container Service (Amazon ECS)
B. Amazon GuardDuty
C. AWS Shield
D. AWS Auto Scaling | AWS Auto Scaling |
Which AWS service provides on-premises applications with low-latency access to data that is stored in the AWS Cloud?
A. Amazon CloudFront
B. AWS Storage Gateway
C. AWS Backup
D. AWS DataSync | AWS Storage Gateway |
What does Amazon CloudFront provide?
A. Automatic scaling for all resources to power an application from a single unified interface
B. Secure delivery of data, videos, applications, and APIs to users globally with low latency
C. Ability to directly manage traffic globally through a variety of routing types, including latency-based routing, geo DNS, geoproximity, and weighted round robin
D. Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and AWS Lambda functions | Secure delivery of data, videos, applications, and APIs to users globally with low latency |
Which AWS service supports the deployment and management of applications in the AWS Cloud?
A. Amazon CodeGuru
B. AWS Fargate
C. AWS CodeCommit
D. AWS Elastic Beanstalk | AWS Elastic Beanstalk |
A company wants to integrate natural language processing (NLP) into business intelligence (BI) dashboards. The company wants to ask questions and receive answers with relevant visualizations.
Which AWS service or tool will meet these requirements?
A. Amazon Macie
B. Amazon Rekognition
C. Amazon QuickSight Q
D. Amazon Lex | Amazon QuickSight Q |
Which Amazon S3 feature or storage class uses the AWS backbone network and edge locations to reduce latencies from the end user to Amazon S3?
A. S3 Cross-Region Replication
B. S3 Transfer Acceleration
C. S3 Event Notifications
D. S3 Standard-Infrequent Access (S3 Standard-IA) | S3 Transfer Acceleration |
Which AWS service provides the ability to host a NoSQL database in the AWS Cloud?
A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift | Amazon DynamoDB |
Which AWS service is a relational database compatible with MySQL and PostgreSQL?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Neptune | Amazon Aurora |
Which architecture design principle describes the need to isolate failures between dependent components in the AWS Cloud?
A. Use a monolithic design.
B. Design for automation.
C. Design for single points of failure.
D. Loosely couple components. | Loosely couple components. |
Which benefit of cloud computing gives a company the ability to deploy applications to users all over the world through a network of AWS Regions, Availability Zones, and edge locations?
A. Economy of scale
B. Global reach
C. Agility
D. High availability | Global reach |
Which AWS service makes it easier to monitor and troubleshoot application logs and cloud resources?
A. Amazon EC2
B. AWS Identity and Access Management (IAM)
C. Amazon CloudWatch
D. AWS CloudTrail | Amazon CloudWatch |
Which AWS service uses AWS Compute Optimizer to provide sizing recommendations based on workload metrics?
A. Amazon EC2
B. Amazon RDS
C. Amazon Lightsail
D. AWS Step Functions | Amazon EC2 |
Which AWS service will help a company plan a migration to AWS by collecting the configuration, usage, and behavior data of on-premises data centers?
A. AWS Resource Groups
B. AWS Application Discovery Service
C. AWS Service Catalog
D. AWS Systems Manager | AWS Application Discovery Service |
Which AWS service uses a combination of publishers and subscribers?
A. AWS Lambda
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon CloudWatch
D. AWS CloudFormation | Amazon Simple Notification Service (Amazon SNS) |
A company is in the early stages of planning a migration to AWS. The company wants to obtain the monthly predicted total AWS cost of ownership for future Amazon EC2 instances and associated storage.
Which AWS service or tool should the company use to meet these requirements?
A. AWS Pricing Calculator
B. AWS Compute Optimizer
C. AWS Trusted Advisor
D. AWS Application Migration Service | AWS Pricing Calculator |
Under the AWS shared responsibility model, which of the following is a customer responsibility?
A. Installing security patches for the Xen and KVM hypervisors
B. Installing operating system patches for Amazon DynamoDB
C. Installing operating system security patches for Amazon EC2 database instances
D. Installing operating system security patches for Amazon RDS database instances | Installing operating system security patches for Amazon EC2 database instances |
A company is using AWS for all its IT infrastructure. The company's developers are allowed to deploy applications on their own. The developers want to deploy their applications without having to provision the infrastructure themselves.
Which AWS service should the developers use to meet these requirements?
A. AWS Cloud Formation
B. AWS CodeBuild
C. AWS Elastic Beanstalk
D. AWS CodeDeploy | AWS Elastic Beanstalk |
A company needs to analyze its AWS Cloud environment to determine whether the company is following security best practices. The company wants recommendations about how to close security gaps.
Which AWS service should the company use to obtain these recommendations?
A. AWS WAF
B. AWS Systems Manager
C. AWS Trusted Advisor
D. AWS Shield | AWS Trusted Advisor |
Which AWS service makes it easy to create and manage AWS users and groups, and provide them with secure access to AWS resources at no charge?
A. AWS Direct Connect
B. Amazon Connect
C. AWS Identity and Access Management (IAM)
D. AWS Firewall Manager | AWS Identity and Access Management (IAM) |
Exam question from Amazon's AWS Certified Cloud Practitioner
Question #: 382
Topic #: 1
[All AWS Certified Cloud Practitioner Questions]
A company needs a managed NFS file system that the company can use with its AWS compute resources.
Which AWS service or feature will meet these requirements?
A. Amazon Elastic Block Store (Amazon EBS)
B. AWS Storage Gateway Tape Gateway
C. Amazon S3 Glacier Flexible Retrieval
D. Amazon Elastic File System (Amazon EFS) | Amazon Elastic File System (Amazon EFS) |
What is the security best practice concerning sensitive data stored in Amazon S3?
A. Enable cross-Region replication on the S3 bucket.
B. Enable S3 server-side encryption on the S3 bucket.
C. Configure AWS WAF to prevent unauthorized access to the S3 bucket.
D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket. | Enable S3 server-side encryption on the S3 bucket. |
A user needs to generate a report that outlines the status of key security checks in an AWS account. The report must include:
✑ The status of Amazon S3 bucket permissions.
✑ Whether multi-factor authentication is enabled for the AWS account root user.
If any security groups are configured to allow unrestricted access.
Where can all this information be found in one location?
A. Amazon QuickSight dashboard
B. AWS CloudTrail trails
C. AWS Trusted Advisor report
D. IAM credential report | AWS Trusted Advisor report |
Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?
A. Dedicated Hosts
B. On-Demand Instances
C. Spot Instances
D. Reserved Instances | Dedicated Hosts |
Which of the AWS global infrastructure is used to cache copies of content for faster delivery to users across the globe?
A. AWS Regions
B. Availability Zones
C. Edge locations
D. Data centers | Edge locations |