AWS Cloud Practitioner

Notes:
1) AWS Site-to-Site VPN: Site-to-Site VPN creates an encrypted network path
between your on-premises network and your AWS Cloud network. This connection
between your on-premises network and your AWS Cloud network uses the internet.

2) AWS Application Migration Service (AWS MGN): AWS MGN is an automated

lift-and-shift solution. This solution can migrate physical servers and any databases
or applications that run on them to EC2 instances in AWS.

3) Reliability: The reliability pillar includes the ability of a workload to perform its
intended function correctly and consistently when it is expected to do so. The
deployment of Amazon RDS in multiple Availability Zones supports the goal of
reliability because it reduces single points of failure.

4) Amazon S3 is a durable object storage service.

5) Amazon S3 is an object storage service.

6) AWS Direct Connect: Direct Connect links your internal network to a Direct
Connect location through a standard Ethernet fiber-optic cable. One end of the cable
connects to your router. The other end of the cable connects to a Direct Connect
router. AWS Direct Connect is consistent and private because your company is the
only user of the cable.

7) Amazon CloudWatch: CloudWatch monitors your AWS resources and the

applications that you run on AWS in real time. You can use CloudWatch with AWS
CloudTrail to monitor and receive alerts about console sign-in events that involve the
AWS account root user.

8) AWS CodeCommit: CodeCommit is a source code version control service.

CodeCommit helps users store and manage developers' source code in AWS.

9) AWS CloudFormation: AWS CloudFormation provides a common language for

you to model and provision AWS and third party application resources in your cloud
environment. AWS CloudFormation allows you to use programming languages or a
simple text file to model and provision, in an automated and secure manner, all the
resources needed for your applications across all regions and accounts.

10) AWS OpsWorks: AWS OpsWorks is a configuration management service that

provides managed instances of Chef and Puppet. Chef and Puppet are automation
platforms that allow you to use code to automate the configurations of your servers.
OpsWorks lets you use Chef and Puppet to automate how servers are configured,
deployed, and managed across your Amazon EC2 instances or on-premises compute
environments.

11) AWS Shield Advanced: AWS Shield Advanced provides enhanced DDoS
protection against more sophisticated and larger attacks. It offers 24/7 access to the
AWS DDoS Response Team (DRT), which can assist during DDoS attacks by providing
guidance and support in real-time. Additionally, AWS Shield Advanced provides
advanced visibility and telemetry to help mitigate DDoS attacks effectively.

12) AWS IoT Greengrass: AWS IoT Greengrass enables devices to perform local data
processing and real-time event handling, even when cloud connectivity is not
available. It brings cloud capabilities to the edge, allowing the factory to respond
quickly to critical machinery events.

13) AWS AppSync: It's a managed service that simplifies the process of creating and
deploying GraphQL. APIs for apps. It supports real-time data synchronization, offline
access, and offers features like automatic conflict resolution, making it well-suited for
Emma's app development needs.

14) AWS Billing Conductor: AWS Billing Conductor is the service that allows ABC
Corporation to customize billing data, define pricing logic, assign accounts to billing
groups, and display cost data based on defined rates. It provides a comprehensive
solution for managing billing and pricing for the services offered to end users.

15) AWS Firewall Manager is a service that provides a centralized platform for
managing and enforcing firewall rules and security policies across multiple AWS
accounts and resources. It allows organizations to maintain a consistent security
posture by ensuring that firewall rules are applied uniformly and in alignment with
security best practices.

16) AWS Budgets: During each month, Budgets will track how much your current
charged status is, including what your

17) AWS Partner Network Consulting Partners: Consulting Partners help

customers design, build, and manage systems on AWS. So, a Consulting Partner can
help the company start their new system on AWS.

18) Resiliency: Resiliency refers to the ability of a system to continue to function

when some portion of it experiences an outage.

19) Documentation: The AWS Documentation library includes for each AWS service
user guides, API references, pertinent CLI references, and a developer guide.
20) Upgrade to EC2: The 'Upgrade to EC2' feature allows Lightsail customers to
create a copy of their Lightsail instance in EC2

21) DynamoDB: The DynamoDB service under the Free Tier is limited to 25GB of
storage and up to 200 million read/write requests per month.

22) Metered service: Metered service refers to only paying for services that you use
and only during the time in which you are using them

23) Virtualization: Virtualization allows a large pool of hardware, storage, or network

resources to be allocated to systems and services that are hosted on it without
needing those systems to add more hardware to meet new demands.

24) Automation: Automation provides a set of predefined playbooks to do common

repetitive tasks but also allows for users to create their own playbooks that are
appropriate for their specific services.

25)AWS AppConfig: AWS AppConfig provides an API and console method for
applying configuration changes across AWS services from a centralized service.

26) OpsCenter: OpsCenter provides a consolidated view for developers and

operations staff to view and investigate any operational issues

27) AWS Professional Services: offers paid services to help achieve outcomes when
adopting AWS Cloud. It provides best practices and activities based on experience
helping customers adopt AWS.

28) Interoperability: Interoperability is the ease with which one can move or reuse
components of an application or service.

29) Dedicated Hosts: It allow customers to use their existing server-bound software
licenses by dedicating a physical server to their use

30) Run Command: Run Command provides a way to run commands on servers
within AWS without having to actually access them via SSH or PowerShell.

31) To use the AWS CLI, you will need to open outbound port 443 on your firewall if
it is not already allowed.

32) AWS Systems Manager: provides a unified user interface to view operational
data across multiple AWS services. It also allows automating operational tasks across
AWS resources.

33) Fault Tolerance: Fault Tolerance flags any resources that are allocated but are
configured in a way that makes them vulnerable to service interruptions, such as
single points of failure with non-replicated systems, or any systems that are not
being backed up.
34) CIDR blocks with smaller numbers have the largest number of IP addresses
available for them. The allowed ranges in AWS are from/16 to/28.

35) Cost Budgets: Cost Budgets allow for planning what your ceiling will be for
spending on a particular service.

36) Amazon DynamoDB encrypts data at rest by default

37) Resource groups: Resource groups allow for the logical grouping of resources
within AWS for how they are presented within the Systems Manager.

38) SAML: The Security Assertion Markup Language (SAML) was developed for the
use of passing secure data for SSO transactions between the service provider and
identity provider and is widely used throughout the industry.

39) us-gov-west-1: The us-gov-west-1 region is restricted to U.S. government

accounts.

40) Inventory: Inventory collects information from all services you have provisioned
within AWS, including configuration and licensing information.

41) AWS Software Development Kit: The AWS Software Development Kit (SDK) is
the best tool for directly integrating AWS services into an application. The SDK
provides APIs and tools for many AWS services that allow developers to build
applications that use AWS.

42) Amazon Redshift: Redshift is a cloud-based data warehouse solution offered by

AWS. Unlike traditional on-premises data warehouses, Redshift leverages AWS
storage to any capacity that is needed by a company, either now or into the future.

43) Amazon Inspector: It uses an agent installed on Amazon EC2 instances to check
for vulnerabilities or unexpected deviations in the application.

44) AWS VPC: The AWS Virtual Private Cloud allows a user to mirror corporate
networks with the same types of topographies, subnets, and IP addressing that they
currently use.

45) Decoupling: Decoupling focuses on loosely connecting components to prevent

failures from spreading.

Questions & Answers:

1) What is the MINIMUM AWS Support plan that provides technical support through
phone calls?
 • Enterprise
• Business
• Developer
• Basic

2) Which tasks are the customer's responsibility according to the AWS shared
responsibility model? (Select TWO.)

• Patch the operating system that AWS Lambda functions use.

• Install patches on Amazon RDS DB instances.
• Control physical access to the data centre that contains a customer's VPC.
• Configure IAM users according to the principle of least privilege.
• Configure an Amazon S3 bucket to allow public access.

3) Which AWS service identifies security groups that allow unrestricted access to a
user's AWS resources?

• AWS Trusted Advisor

• AWS Config
• Amazon CloudWatch
• AWS CloudTrail

4) A company wants to create a learning application for students. The learning

application must give students the option to choose a button to have the text read
out loud to them.

Which AWS machine learning service will meet this requirement?

• Amazon Transcribe
• Amazon Polly
• Amazon Translate
• Amazon Textract

5) A company requires an encrypted connection between the company's on-

premises servers and AWS. The connection must use the company's existing internet
connection.

Which solution will meet these requirements?

• AWS Direct Connect

• Amazon Connect
• Amazon CloudFront
• AWS Site-to-Site VPN

6) A company requires a relational database on AWS that records new customer

orders from a website.
Which AWS service or feature will meet this requirement?

• AWS Global Accelerator

• Amazon DynamoDB
• Amazon Aurora
• Amazon Elastic Block Store (Amazon EBS)

7) A company has an on-premises Linux-based server with an Oracle database that

runs on it. The company wants to migrate the database server to run on an Amazon
EC2 instance in AWS.

Which service should the company use to complete the migration?

• AWS Database Migration Service (AWS DMS)

• AWS Migration Hub
• AWS Application Migration Service (AWS MGN)
• AWS Application Discovery Service

8) How does AWS charge for AWS Lambda usage once the free tier has been
exceeded? (Select TWO.)

• By the time it takes for the Lambda function to run

• By the number of versions of a specific Lambda function
• By the number of requests made for a given Lambda function
• By the programming language that is used for the Lambda function
• By the total number of Lambda functions in an AWS account

9) A user deploys an Amazon RDS DB instance in multiple Availability Zones.

This strategy involves which pillar of the AWS Well-Architected Framework?

• Performance efficiency
• Reliability
• Cost optimization
• Security

10) Which of the functionalities are characteristics of Amazon S3? (Select TWO.)

• A global file system

• An object store
• A local file store
• A network file system
• A durable storage system

11) A user needs to automatically discover, classify, and protect sensitive data stored
in Amazon S3.
Which AWS service can meet these requirements?

• Amazon Inspector
• Amazon Macie
• Amazon GuardDuty
• AWS Secrets Manager

12) Which AWS service allows customers to purchase unused Amazon EC2 capacity
at an often-discounted rate?

• Reserved Instances
• On-Demand Instances
• Dedicated Instances
• Spot Instances

13) A company wants to establish a consistent and private connection from the
company's on-premises data center to the AWS Cloud.

Which AWS service will meet these requirements?

• AWS Client VPN
• Amazon Connect
• AWS Direct Connect
• AWS Site-to-Site VPN

14) Each department within a company has its own independent AWS account and
its own payment method. The company needs to centralize departmental
governance and consolidate payments.

How can the company achieve these objectives by using AWS services or features?

• Use AWS Cloud Map on each departmental account.

• Create an organization in AWS Organizations with all features enabled within
one account. Invite all accounts to join the organization.
• Use AWS Systems Manager OpsCenter.
• Use the AWS Cost and Usage Reports page of the AWS Billing and Cost
Management console.

15) What are the advantages of deploying an application with Amazon EC2 instances
in multiple Availability Zones? (Select TWO.)

• Preventing a single point of failure

• Reducing the operational costs of the application
• Allowing the application to serve cross-Region users with low latency
• Increasing the availability of the application
• Increasing the load of the application
16) A company needs to monitor and receive alerts about AWS Management
Console sign-in events that involve the AWS account root user.

Which AWS service can the company use to meet these requirements?
• Amazon CloudWatch
• AWS Config
• AWS Trusted Advisor
• AWS Identity and Access Management (IAM)

17) Which credential components are required to gain programmatic access to an

AWS account? (Select TWO.)

• An access key ID
• A primary key
• A secret access key
• A user ID
• A secondary key

18) What are benefits of using the AWS Cloud for companies with customers in many
countries around the world? (Select TWO.)
• Companies can deploy applications in multiple AWS Regions to reduce
latency.
• Amazon Translate automatically translates third-party website interfaces into
multiple languages.
• Amazon CloudFront has multiple edge locations around the world to reduce
latency.
• Amazon Comprehend allows users to build applications that can respond to
user requests in many languages.
• Elastic Load Balancing can distribute application web traffic to multiple AWS
Regions around the world, which reduces latency.

19) A company is moving all of their development activities to AWS. The company
wants a solution to store and manage their developers' source code.

Which AWS coding service will meet this requirement?

• AWS CodeArtifact
• AWS CodeBuild
• AWS CodePipeline
• AWS CodeCommit

20) A company is hosting a static website from a single Amazon S3 bucket.

Which AWS service will achieve lower latency and high transfer speeds?

• AWS Elastic Beanstalk

• Amazon DynamoDB Accelerator (DAX)
• Amazon Route 53
• Amazon CloudFront

21) A company needs to publish messages to a thousands of subscribers

simultaneously using a push mechanism. Which AWS service should the company
use?
• AWS Step Functions
• Amazon Simple Workflow Service (SWF)
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Simple Queue Service (Amazon SQS)

22) Which tasks can a user complete using the AWS Cost Management tools?
• Delete all of your AWS resources with a single click.
• Create budgets and receive notifications if current or forecasted usage
exceeds the budgets.
• Launch either EC2 Spot instances or On-Demand instances based on the
current pricing.
• Move data stored in Amazon S3 Standard to an archiving storage class to
reduce cost.

23) A cloud practitioner needs to migrate a 70 TB of data from an on-premises data

center into the AWS Cloud. The company has a slow and unreliable internet
connection. Which AWS service can the cloud practitioner leverage to transfer the
data?
• Amazon S3 Glacier
• AWS Snowball
• AWS Storage Gateway
• AWS DataSync

24) AWS are able to continue to reduce their pricing due to:
• Pay-as-you go pricing
• The AWS global infrastructure
• Economies of scale
• Reserved instance pricing

25) A Cloud Practitioner is re-architecting a monolithic application. Which design

principles for cloud architecture do AWS recommend? (Select TWO.)
• Implement manual scalability.
• Implement loose coupling.
• Use self-managed servers.
 • Rely on individual components.
• Design for scalability.

26) Which of the following is an advantage for a company running workloads in the
AWS Cloud vs on-premises? (Select TWO.)
• Less staff time is required to launch new workloads.
• Increased time to market for new application features.
• Higher acquisition costs to support elastic workloads.
• Lower overall utilization of server and storage systems.
• Increased productivity for application development teams.

27) A company requires a dashboard for reporting when using a business

intelligence solution. Which AWS service can a Cloud Practitioner use?
• Amazon Redshift
• Amazon Kinesis
• Amazon Athena
• Amazon QuickSight

28) A company has a website that delivers static content from an Amazon S3 bucket
to users from around the world. Which AWS service will deliver the content with low
latency?
• AWS Lambda
• Amazon CloudFront
• AWS Elastic Beanstalk
• AWS Global Accelerator

29) A user has an AWS account with a Business-level AWS Support plan and needs
assistance with handling a production service disruption. Which action should the
user take?
• Contact the dedicated Technical Account Manager
• Contact the dedicated AWS Concierge Support team
• Open a business-critical system down support case
• Open a production system down support case

30) According to the shared responsibility model, which security-related task is the
responsibility of the customer?

• Maintaining server-side encryption.

• Securing servers and racks at AWS data centers.
• Maintaining firewall configurations at a hardware level.
• Maintaining physical networking configuration.

31) Under the AWS shared responsibility model, which of the following is an example
of security in the AWS Cloud?
 • Managing edge locations
• Physical security
• Firewall configuration
• Global infrastructure

32) The ability to horizontally scale Amazon EC2 instances based on demand is an
example of which concept?

• Economy of scale
• Elasticity
• High availability
• Agility

33) Which AWS service or feature can be used to restrict the individual API actions
that users and roles in each member account can access?

• Amazon Macie
• AWS Organizations
• AWS Shield
• AWS IAM

34) A manager is planning to migrate applications to the AWS Cloud and needs to
obtain AWS compliance reports. How can these reports be generated?

• Download the reports from AWS Secrets Manager.

• Contact the AWS Compliance team.
• Create a support ticket with AWS Support.
• Download the reports from AWS Artifact.

35) Which of the following statements is correct about Amazon S3 cross-region

replication?

• Both source and destination S3 buckets must have versioning disabled

• The source and destination S3 buckets cannot be in different AWS Regions
• S3 buckets configured for cross-region replication can be owned by a single
AWS account or by different accounts
• The source S3 bucket owner must have the source and destination AWS
Regions disabled for their account

36) How can a company separate costs for storage, Amazon EC2, Amazon S3, and
other AWS services by department?

• Add department-specific tags to each resource

• Create a separate VPC for each department
• Create a separate AWS account for each department
• Use AWS Organizations
37) Which AWS services can be used as infrastructure automation tools? (Select
TWO.)

• AWS CloudFormation
• Amazon CloudFront
• AWS Batch
• AWS OpsWorks
• Amazon QuickSight

38) A company needs protection from distributed denial of service (DDoS) attacks on
its website and assistance from AWS experts during such events. Which AWS
managed service will meet these requirements?

• AWS Shield Advanced

• AWS Firewall Manager
• AWS Web Application Firewall
• Amazon GuardDuty

39) A Cloud Practitioner requires point-in-time recovery (PITR) for an Amazon

DynamoDB table. Who is responsible for configuring and performing backups?

• AWS is responsible for both tasks.

• The customer is responsible for configuring and AWS is responsible for
performing backups.
• The customer is responsible for both tasks.
• AWS is responsible for configuring and the user is responsible for performing
backups.

40) Which AWS Support plan provides access to architectural and operational
reviews, as well as 24/7 access to Cloud Support Engineers through email, online
chat, and phone?

• Basic
• Business
• Developer
• Enterprise

41) Which of the following is an optional Security layer attached to a subnet within a
VPC for controlling traffic in & out of the VPC?

• VPC Flow Logs

• Web Application Firewall
• Security Group
• Network ACL
42) A smart agriculture company wants to optinize its crop yield by monitoring soil
moisture levels and weather conditions in their vast fields. They need to collect data
from sensors spread across the fields, process it in real time, and generate alerts if
certain thresholds are crossed. Which AWS service would be the most suitable for
fulfilling this requirement?

• Amazon QuickSight
• AWS Lambda
• AWS IoT Core
• AWS IoT Greengrass

43) Which of the following are advantages of having infrastructure hosted on the
AWS Cloud?

• Customers get the complete control over the physical infrastructure.

• Customers can use the Pay-as-you-go model.
• The customer requires no Upfront costs.
• Security is handled by AWS

44) A team of engineers is developing an industrial loT solution for a factory that
operates in a remote location with intermittent connectivity. The factory requires
real-time monitoring of critical machinery and immediate local response to certain
events without relying solely on cloud communication. Which AWS service would
provide the best solution for this scenario?

• Amazon S3
• AWS IoT Core
• AWS IoT Greengrass
• Amazon Redshift

45) What is the ability of AWS products and services to recover from disruptions and
mitigate disruptions known as?

• Resiliency
• Consistency
• Durability
• Latency

46) While proposing AWS Cloud solution to a client as a value proposition, which of
the following is not an advantage to use the AWS Cloud?

• The AWS Cloud offers a pay-as-you-go model to trade Capital expense for
Variable expense.
• The AWS Cloud offers a Scale-on-demand model to eliminate wasted capacity.
 • The AWS Cloud gives complete control of Security to its users so that they can
replicate their Data Centre Security model on the Cloud.
• AWS Cloud frees the users from spending time & money for maintaining their
Data Centers.

47) A manufacturing firm has recently migrated their application servers to the
Amazon EC2 instance. The IT Manager is looking for the details of upcoming
scheduled maintenance activities which AWS would be performing on AWS
resources, that may impact the services on these EC2 instances.

Which of the following services can alert you about the changes that can affect
resources in your account?

• AWS Organizations
• AWS Health Dashboard
• AWS Trusted Advisor
• Amazon GuardDuty

48) You have a set of EC2 Instances hosted on the AWS Cloud. The EC2 Instances are
hosting a web application. Which of the following acts as a firewall to your VPC and
the instances in it? Choose 2 answers from the options given below.

• Usage of Security Groups

• Usage of AWS Config
• Usage of Network Access Control Lists
• Usage of the Internet gateway

49) Which of the following features of Amazon RDS allows for better availability of
databases? Choose the answer from the options given below.

• VPC Peering
• Multi-AZ
• Read Replicas
• Data encryption

50) You are the architect of a custom application running inside your corporate data
center. The application runs with some unresolved bugs that produce a lot of data
inside custom log

files generating time-consuming activities for the operation team responsible for
analyzing them.

You want to move the application to AWS using EC2 instances. At the same time, you
want to take the opportunity to improve logging and monitoring capabilities, but
without touching the application code.
What AWS service should you use to satisfy the requirement?

• AWS Kinesis Data Streams

• AWS CloudTrail
• AWS CloudWatch Logs
• Amazon Kinesis Data Firehose

51) Emma is developing a mobile app that requires real time data synchronization
and offline capabilities. She needs a managed service to easily create and manage
GraphQL APIs for her app. Which AWS service is the most suitable choice for Emma's
requirements?

• Amazon ECS
• AWS AppSync
• AWS Amplify
• AWS Device Farm

52) In the AWS Billing and Management service, which tool will allow the user to
graphically visualize billing and usage over time, particularly monthly running costs?

• AWS Bills
• AWS Cost Explorer
• AWS Reports
• AWS Budgets

53) Which of the following are benefits of the AWS's Relational Database Service
(RDS)? Choose the 2 correct answers from the options below.

• Automated patches and backups

• DB owner can resize the capacity accordingly
• It allows you to store unstructured data
• It allows you to store NoSQL data

54) In serverless services such as AWS Lambda, what are the implications of the
Shared Responsibility Model?

• Amazon has overall responsibility for the infrastructure, including IAM roles
and identities that can invoke functions.
• The user is responsible for the security and access to the instances that handle
the compute capacity.
• Amazon is responsible for any malicious code written in the IDE and can
terminate any rogue activity.
• The user is responsible for IAM roles and identities that can invoke the AWS
Lambda functions.
55) A company is deploying a new two-tier web application in AWS. The company
wants to store their most frequently used data to improve the response time for the
application. Which AWS service provides the caching solution for the company's
requirements?

• MySQL Installed on two Amazon EC2 Instances in a single Availability Zone

• Amazon RDS for MySQL with Multi-AZ
• Amazon ElastiCache
• Amazon DynamoDB

56) A company wants to utilize AWS storage. For them, low storage cost is
paramount. The data is rarely retrieved and a data retrieval time of 13- the best
storage option to use? 14 hours is acceptable for them. What is

• Amazon S3 Glacier
• S3 Glacier Deep Archive
• Amazon EBS volumos
• AWS CloudFront

57) A company is deploying a three-tier, highly available web application to AWS.

Which service provides durable storage for static content for the web tier?

• Amazon EBS volume

• Amazon S3
• Amazon EC2 instance store
• Amazon RDS instance

58) ABC Corporation provides cloud services to its customers and needs a way to
customize billing data for different accounts, assign pricing logic, and display cast
data according to defined rates for each billing group. Which AWS service is
designed to fulfill these requirements?

• AWS Cost Explorer

• AWS Billing and Cost Management
• AWS Marketplace
• AWS Billing Conductor

59) What features and capabilities does AWS Network Firewall offer for enhancing
network security in an Amazon Web Services (AWS) environment? Select the correct
option.

• AWS Network Firewall offers load balancing and auto-scaling for applications
within Amazon VPCS
• AWS Network Firewall provides protection against Distributed Denial of
Service (DDoS) attacks
 • AWS Network Firewall is a managed, stateful firewall for securing your
Amazon VPC
• AWS Network Firewall is a managed, stateless firewall for securing your
Amazon VPC

60) What role does AWS Security Hub play in helping organizations improve their
security posture within an AWS environment?

• AWS Security Hub automates the deployment of security patches to EC2

instances
• AWS Security Hub centralizes and analyzes security findings from various AWS
services
• AWS Security Hub automatically generates and enforces IAM policies for
access control
• AWS Security Hub offers real-time traffic analysis and alerting, preventing
unauthorized access to AWS resources

61) In a complex AWS environment with multiple AWS accounts and resources, an
organization needs a centralized solution to manage and enforce consistent firewall
rules and policies. This helps ensure a uniform security posture and compliance
across the infrastructure, Which AWS service provides the capability to achieve this?

• Amazon GuardDuty
• Amazon Inspector
• AWS Web Application Firewall
• AWS Firewall Manager

62) During an audit process, an organization is advised by the audit committee to

centrally manage all the VPC security groups and WAF rules across their AWS
environment. Given that the organization has multiple AWS accounts, how can this
be achieved?

• AWS Identity & Access Management (IAM)

• AWS Firewall Manager
• Amazon Cloud Directory
• AWS Security Hub

63) An organization needs to ensure the secure management of encryption keys for
various services and resources. They require a centralized solution that allows them
to create, rotate, and control access to encryption keys without the complexity of
managing these keys manually. Which AWS service provides the capability to achieve
this?

• AWS Key Management Service (KMS)

• AWS CloudHSM
 • AWS Identity and Access Management (IAM)
• Amazon GuardDuty

64) An organization has developed an application that creates event-based memes.

The organization has decided to run this application uninterruptedly for the period of
a planned sporting event so that the fans of teams can create memes and share
them on social media to show their support. The sporting event is 3 months long.

Which EC2 instance will be best suited for this scenario?

• On-Demand Instances
• Reserved Instances
• Spot Instances
• Dedicated Instances

65) Which AWS component of the Billing Dashboard will track a user's incurred
billing throughout the month and provide a projected total bill for the month on a
continual basis?

• Cost Categories
• Cost Explorer
• AWS Budgets
• Savings Plans

66) In order to better track costs within the organization, you notice that your
account administrator has added in the ability to sort by options such as
"user:ProjectName." What is this an example of?

• Cost Metadata
• Cost Allocation Tags
• Cost Containers
• Cost Categories

67) Which AWS tool can help identify unused Amazon EC2 instances to reduce costs?

• AWS Config
• AWS Trusted Advisor
• AWS Cost Explorer
• AWS Budgets

68) Which AWS tool can you use to forecast how much you will spend on AWS?

• AWS Trusted Advisor

• AWS Cost Explorer
• AWS Organizations
• Amazon DevPay
69) Which AWS tool can help identify potential cost savings by looking for idle and
underutilized resources?

• AWS Budgets
• AWS Config
• AWS Trusted Advisor
• AWS Cost Explorer

70) A company wants to start a new system on AWS. But the company does not have
an employee who knows about AWS. Which AWS program can help the company to
design, build, and manage their systems on AWS?

• AWS Trusted Advisor

• Amazon Inspector
• AWS Marketplace
• AWS Partner Network Consulting Partners

71) Which universal concept of cloud computing refers to the ability of a cloud
environment to continue functioning while some portions are unavailable?

• Availability
• Scalability
• Performance
• Resiliency

72) How does using managed services like RDS help companies focus on applications
rather than infrastructure?

• The provider handles maintenance tasks.

• Managed services eliminate infrastructure costs.
• Managed services have unlimited scale.
• Managed services are self-healing

73) How does using cloud computing help companies achieve more efficient use of
resources?

• Resources can be scaled based on demand.

• The cloud provider handles efficiency.
• Unused resources are terminated daily.
• Resources are unlimited.

74) What are two benefits of deploying a relational database on Amazon RDS instead
of Amazon EC2?

• Software patching
• Automatic backup
 • Unlimited resources
• Cost savings

75) On which AWS services do customers need to patch the operating systems?

• Amazon EC2
• AWS Fargate
• Amazon Lambda
• Amazon DynamoDB

76) The AWS Trusted Advisor is split into five areas of focus to analyze your services
and configurations and recommend appropriate best practices. Which of the
following is not one of the AWS Trusted Advisor areas of focus?

• Fault tolerance
• Security
• Privacy
• Performance

77) According to the AWS Shared Responsibility Model, which two of the following
are customer responsibilities?

• Physical security of data center facilities

• Patching the EC2 Operating System
• Patching the network infrastructure
• Setting up encryption on an Amazon S3 bucket

78) You are looking for the user guides for Elastic Beanstalk. Which AWS support
resource would you explore to find this?

• Documentation
• Discussion Forums
• AWS Professional Services
• Knowledge Center

79) What is the purpose of Amazon CloudHSM?

• It applies protection against malware.

• It is used to generate, use, and manage encryption keys in the cloud.
• It protects against DDoS attacks.
• It acts as an interface between the user and the computer.

80) A website wants to serve content to users in their native language based on the
user's location. Which Amazon Web Services feature provides location-based web
personalization using geolocation headers?

• AWS Global Accelerator

 • Amazon EC2
• AWS Elastic Beanstalk
• Amazon CloudFront

81) The AWS RDS offers several different types of managed databases to meet the
needs of almost all users. Which of the following is not a type of database offered
under RDS?

• Oracle
• DynamoDB
• PostgreSQL
• MariaDB

82) You want to use AWS to back up your on-premises data in a seamless manner.
Which AWS service would enable you to accomplish this?

• AWS Storage Gateway

• AWS Glacier
• AWS Containers
• AWS Snow

83) Which statement about S3 storage buckets is true?

• Bucket names must be globally unique within AWS and can only exist in one
region.
• Bucket names must be unique within your account and region.
• Bucket names can be used in multiple regions to enable automatic replication
between them.
• Bucket names can span multiple regions but must have a unique name.

84) In which two locations can Amazon EC2 Auto Scaling launch resources?

• Only in one single availability zone

• Everywhere, there are no constraints
• Multiple availability zones within a region
• Multiple availability zones across multiple regions

85) Which Amazon Web Services service can you use to create billing alarms?

• Amazon CloudWatch
• Amazon CloudFormation
• Amazon CloudFront
• AWS Systems Manager

86) Which of the following statements best explains AWS Service Quotas?

• Service Quotas only apply to compute and storage instances across AWS.
 • Service Quotas sets limitations on the amount of AWS services that may be
allocated across AWS for a specific account.
• Service Quotas is specific to a region and will place default limits on the
number of specific types of resources you can allocate.
• Service Quotas places limits on AWS Services within an account but can always
be increased for a fee specific to that service.

87) Which type of AWS Reserved Instance offers the smaller cost savings?

• Standard
• Limited
• Flexible
• Convertible

88) Which characteristic of the AWS Cloud enables companies to innovate faster?

• High Availability
• Security
• Agility
• Cost Savings

89) Which cloud characteristic involves delivering the same resources to a large pool
of customers?

• Agility
• Elasticity
• Multitenancy
• Scalability

90) What is the maximum amount of data that can be stored in Amazon S3?

• Virtually Unlimited 1 EB
• 1 PB
• 100 PB

91) Which characteristic of cloud computing enables accessing computer system

resources rapidly and elastically?

• Availability
• Durability
• Agility
• Scalability

92) Which AWS service allows you to centrally manage security and compliance
controls across multiple AWS accounts?

• AWS Inspector
 • AWS Config
• AWS Organizations
• AWS Shield

93) You are starting to move your company's systems into AWS, and you need to
make sure you have a support plan that will assist with integrating many of your
common third-party applications into the AWS ecosystem. Which is the lowest-level
support plan you would need to purchase for this level of support?

• Developer
• Integration
• Business
• Enterprise

94) Which AWS service can be used to capture information about inbound and
outbound IP traffic on network interfaces in a VPC?

• VPC Flow Logs

• Site to Site VPN
• VPC Peering
• Transit Gateway

95) Which Amazon Web Services tool allows you to check Amazon EC2 instances for
security vulnerabilities by analyzing them against predefined security templates?

• AWS Inspector
• AWS Trusted Advisor
• Amazon GuardDuty
• AWS Config

96) Where can a user find the policies and rules about prohibited actions when using
AWS infrastructure and services?

• AWS Identity and Access Management (IAM)

• AWS Trusted Advisor
• AWS Acceptable Use Policy
• AWS Billing Console

97) Which feature of the AWS Systems Manager provides a way to store and push
software packages out to your AWS instances?

• Distributor
• Explorer
• AWS AppConfig
• Inventory
98) Which Amazon Web Services feature allows customers to create a copy of their
Lightsail instance in EC2?

• LightSail-EC2 snapshot
• LightSail Copy
• LightSail Backup
• Upgrade to EC2

99) Select two types of reserved instances offered by AWS for EC2 services.

• Standard
• Convertible
• Flexible
• Dynamic
• Hybrid

100) In the AWS Pricing Calculator, which AWS service offers options for both a quick
estimate and an advanced estimate?

• EC2
• Lightsail
• S3
• Elastic Beanstalk

101) Which of the following AWS services under the Free Tier would have limitations
for both storage of data and the number of requests per month to access it?

• CloudWatch
• Lambda
• DynamoDB
• Server Migration Service

102) While reserved instances apply only to EC2, Savings Plans incorporates two
additional AWS services. Select these two services.

• Elastic Beanstalk
• S3
• Lambda
• Fargate
• Lightsail

103) What AWS mechanism is used to protect the overall availability of resources
within AWS and to protect users from potentially runaway billing as well?

• Constraints
• Blocks
 • Quotas
• Segments

104) Which core aspect of cloud computing refers to users only paying for specific
services that they use and only during the time in which they are in use?

• On-demand self-service
• Resource pooling
• Metered service
• Multitenancy

105) In a traditional data center, if you needed to add storage beyond what you
already had connected to a server, you would need to buy or move hardware to
expand. What key concept of cloud computing enables resources to be added
without needing to add more hardware?

• Metered service
• Virtualization
• Rapid elasticity
• On-demand self-service
• Explanation

106) While AWS has the capabilities to meet many different hosting needs and
models, which cloud deployment model best describes AWS as a whole?

• Private
• Public
• Hybrid
• Community

107) Which key cloud computing characteristic enables someone to create an

account with AWS and get up and running quickly after providing a credit card
number?

• Broad network access

• Resource pooling
• On-demand self-service
• Multitenancy

108) Which protocol is the most commonly used to protect data in transit with
applications and services?

• SCP
• SMTP
• FTP
• HTTPS
109) Which of the following is not a technology used to protect data in transit?

• HTTPS
• VPN
• Ipsec
• S3 Encryption

110) Prior to performing data classification, which process must first be performed?

• Location
• Discovery
• Identification
• Tokenization

111) Which AWS tool will allow you to initiate processes as a result of events that are
detected within CloudWatch and take action based on the value of the event?

• Events
• Alarms
• Triggers
• Alerts

112) You suspect that one of your employees has been using your AWS services,
including incurring billing charges, for personal use. Which AWS service would be the
most useful to your investigation?

• Cost Explorer
• AWS Budgets
• AWS Shield
• AWS CloudTrail

113) Which service of the AWS Systems Manager provides playbooks to perform
tasks, both those provided by AWS and ones that can be custom-written by users?

• AWS AppConfig
• Patch Manager
• Automation
• OpsCenter

114) Which AWS service provides offerings to help achieve outcomes related to
adopting AWS Cloud through paid engagements?

• AWS Enterprise Support

• AWS Professional Services
• Concierge Support
• AWS Technical Account Manager
115) Which concept will articulate the specific requirements between the cloud user
and provider as far as promised performance, uptime, and responsiveness for
services?

• Service level agreement (SLA)

• Auditability
• Governance
• Contract

116) How can using fully managed services from AWS be more beneficial than
deploying third-party software on Amazon EC2 instances?

• Reduced capital expenses

• Automated infrastructure deployment using code
• Automated backups
• Reduced operational overhead

117) Which key cloud concept pertains to the ability to reuse components of an
application or service?

• Interoperability
• Reusability
• Modularization
• Portability

118) What are two advantages of using Availability Zones in Amazon Web Services?

• With multiple availability zones, the cost is reduced

• Availability Zones provide unlimited storage capacity
• Availability Zones are connected by low-latency networks
• Availability Zones automatically replicate data across zones

119) What Amazon Web Services service would you use to send notifications based
on Amazon CloudWatch alarms?

• AWS CloudTrail
• AWS Trusted Advisor
• Amazon Simple Notification Service (Amazon SNS)
• Amazon Route 53

120) What are two true statements about AWS Secrets Manager?

• It replaces hardcoding authentication information in code.

• It provides free storage.
• It encrypts data at rest.
 • It retrieves authentication information from a central repository using an API
call.
• It replaces IAM users and roles.

121) An organization runs several Amazon EC2 instances inside an Amazon VPC
using three subnets - one for Development, one for Test, and one for Production. The
Security team wants to restrict communication between the EC2 instances using
Security Groups. Which of the following statements is true about changing Security
Groups associated with the instances in this scenario?

• You can change a Security Group only if there are no instances associated with
it.
• You can change a Security Group associated with an instance if the instance is
in the hibernate state.
• You can change only the Default Security Group.
• You can change a Security Group associated with an instance if the instance is
in the running state.

122) Under Elastic Block Store (EBS), which types of underlying storage do you have
to choose from? (Choose two)

• SAN
• SSD
• NAS
• HDD
• Object

123) AWS offers a variety of different EC2 instance types that are optimized for
different types of focused usage. Which of the following is not an optimized instance
type under EC2?

• Storage optimized
• Network optimized
• Memory optimized
• Compute optimized

124) Which service is the AWS DNS offering that allows for highly scalable and secure
lookups and the ability to extend traditional DNS to encompass health checks?

• AWS DNS
• Route 53
• Lambda
• CloudFront
125) As part of the AWS Free Tier, which service offers a user a free one-month trial
of either a Linux or Windows platform?

• GuardDuty
• Inspector
• AppStream
• Lightsail

126) What feature does the AWS Pricing Calculator offer for users to organize
services for estimates?

• Projects
• Groups
• Services
• Units

127) Which computing concept allows the provisioning of services within a large
pool of resources and sharing the same hardware infrastructure via a hypervisor?

• Metered service
• Virtualization
• Elasticity
• Containers

128) Which cloud concept refers to the assigning of jobs, tasks, roles, and
responsibilities and ensuring they are satisfactorily performed?

• Interoperability
• Governance
• Auditability
• Maintenance

129) With a Platform as a Service (PaaS) implementation, which two areas of

responsibility lie with the cloud user?

• Networking
• Operating system
• Storage
• Application code
• Data

130) Which of the following is not an example of data at rest and the potential
security implications of it?

• DynamoDB tables
• Machine images
 • API calls
• S3 objects

131) For optimal security, when should a root user account be used within AWS?

• To approve S3 bucket creations

• To provision new services
• To create initial admin accounts from the IAM console
• To use tools on the Billing Dashboard

132) If you were located in Germany and wanted to run an EC2 instance within your
own jurisdiction, which AWS region would allow you to accomplish that?

• af-south-1
• eu-central-1
• us-west-1
• ge-south-1

133) Which of the following is a correct service endpoint for an EC2 instance within
AWS?

• ec2.aws.com
• ec2.aws.amazon.com
• ec2.amazonaws.com
• ec2.eu-west-2.amazonaws.com

134) Which authentication method is supported by the AWS CLI to perform

automation tasks on your AWS account?

• MFA
• Security hardware token
• Username/password
• Access/secret key

135) If you wanted to have identical configurations across your AWS systems for
database connections, but you want to have the ability to have different systems
connect to different database names depending if they are production or test
environments, which AWS service would be ideal to implement?

• Automation
• AWS AppConfig
• Distributor
• Parameter Store

136) What is the main difference between AWS Shield and AWS WAF?
 • AWS Shield protects from external attacks, whereas AWS WAF protects
between services within AWS.
• AWS Shield protects at the Layer 7 content level, while AWS WAF protects at
the Layer 3 and 4 network traffic levels.
• AWS Shield protects storage services; AWS WAF protects compute services.
• AWS Shield protects at the Layer 3 and 4 network levels, while AWS WAF
protects at the Layer 7 content level.

137) Which Amazon EC2 pricing model allows customers to use existing server-
bound software licenses?

• On-Demand Instances
• Dedicated Hosts
• Spot Instances
• Reserved Instances

138) What are two common tasks that AWS can manage for their customers when
running applications in the AWS Cloud?

• Design schema of your data

• Customize your code
• Taking backups of databases
• Patching database software

139) What is a key financial benefit of migrating systems hosted in your on-premises
data center to AWS?

• Opportunity to replace variable operational expenses (OPEX) with low upfront

capital expenses (CAPEX)
• Opportunity to replace variable capital expenses (CAPEX) with low upfront
costs
• Opportunity to replace upfront operational expenses (OPEX) with low variable
operational expenses (OPEX)
• Opportunity to replace upfront capital expenses (CAPEX) with low variable
costs

140) Which two options should be used to improve the security of your AWS
Management Console?

• AWS Key Management Service (KMS)

• Strong password policies
• Multi-factor authentication (MFA)
• IAM roles
141) Which authentication method should be used to programmatically access AWS
resources from the AWS CLI?

• Client Certificate
• User ID and Password
• Fingerprint
• IAM Role

142) Where in the architecture should firewalling be implemented for a web hosting
design using AWS?

• At all layers
• For all access layer functions
• At the core
• At the perimeter

143) Which of the following are true about security groups, but not ACLs? (Choose
two)

• The VPC by default will allow all traffic for both inbound and outbound routes.
• Traffic is automatically allowed outbound to respond to an allowed inbound
rule.
• Rules are applied to only specify things allowed.
• Each subnet must have a security group applied.
• Rule are applied at the subnet level.

144) Which AWS tool will allow you to execute commands on servers within AWS
without having to use SSH or PowerShell?

• Run Command
• AWS AppConfig
• Distributor
• CodeDeploy

145) Which of the following statements about security groups is true?

• Security groups deny all inbound and outbound traffic by default.

• Security groups allow all outbound and inbound traffic by default.
• Security groups allow all outbound traffic by default, but no inbound traffic.
• Security groups allow all inbound traffic by default, but no outbound traffic.

146) What benefits are included with an Enterprise Support plan from Amazon Web
Services?

• AWS Support Analysts

• AWS Cloud Architect
 • Technical Account Manager
• AWS Technical Support Manager

147) Which AWS tool can be best used to track your usage of Reserved Instances?

• Budgets
• Cost Categories
• Cost Explorer
• Instance Tracker

148) Which concept focuses on replicating data across AZs and regions?

• Elasticity
• Automation
• Decoupling
• Durability

149) Which of the following describes a benefit of the AWS pricing model?

• Provides a promotional offer of 50% discount every year

• Eliminates idle resources
• Reduces the cost of maintaining idle resources
• Eliminates all resources after 50 days

150) Which AWS service helps identify the resources that were modified and who
made the changes?

• Amazon Inspector
• AWS Config
• AWS CloudTrail
• AWS Trusted Advisor

151) Which technique enables governance of an AWS environment by comparing

configurations against desired baselines?

• Use AWS Trusted Advisor.

• Use AWS Config rules.
• Use AWS GuardDuty.
• Enable AWS CloudTrail.

152) Which technique can help protect data stored in Amazon S3 buckets?

• Enable default encryption using server-side encryption.

• Use bucket policies to restrict access.
• Use pre signed URLs for temporary access.
• Enable object versioning.
153) Through the Quick Start options, AWS offers Amazon Machine Images for a
variety of operating systems. Which operating system is not one offered through
Quick Start?

• Oracle Linux
• Microsoft Windows
• Red Hat Enterprise Linux
• AWS Linux

154) In order to use the AWS CLI, what do you need to open on your firewall
settings?

• Outbound port 80
• Outbound port 443
• Inbound/outbound port 80
• Inbound/outbound port 443

155) Which AWS service provides a unified interface to view operational data across
multiple AWS services and automate tasks?

• AWS Service Catalog

• AWS Systems Manager
• AWS Organizations
• AWS Trusted Advisor

156) Which of the following is the correct URL for accessing the AWS Management
Console?

• https://console.amazon.com
• https://console.aws.com
• https://mgmt.aws.com
• https://console.aws.amazon.com

157) When moving to a cloud environment, which facet of computing does an

organization give up control over and responsibilities for?

• Data
• Operations
• Hardware
• Security

158) Your company wants to provide easy and quick access to its developers to try
applications and codes across multiple frameworks to determine what gets the best
performance and scalability. Which cloud service category would you be looking to
utilize?
 • DaaS
• laas
• SaaS
• PaaS

159) Which cloud service category has volume and object storage associated with it?

• DaaS
• SaaS
• PaaS
• Laas

160) Which is the lowest support plan you would need to choose in order to get
access to the AWS Trusted Advisor?

• Free
• Developer
• Business
• Enterprise

161) Which component of the AWS Trusted Advisor would you use to look for any
flagged resources that are not optimally configured to minimize service
interruptions?

• Fault Tolerance
• Security
• Performance
• Service Limits

162) Which CIDR block sizing will allow for the largest number of IP addresses within
a subnet?

• /24
• /28
• /32
• /16

163) Select two prominent headers for drop-down menus that appear across the top
of the AWS Management Console.

• Automation
• Services
• Billing Dashboard
• Regions
• Cost Explorer
164) Which type of AWS Budget is used for planning what your ceiling for spending
on a particular service will be?

• Cost Budgets
• Usage Budgets
• Savings Plans Utilization Budgets
• Cost Savings Budgets

165) In the shared responsibility model for Amazon EC2, which two choices are
customer responsibilities?

• Physical security of hardware

• Applications in EC2 instances
• Amazon Machine Images (AMIs)
• Network infrastructure
• Virtualization infrastructure

166) How can we allow an application running on an Amazon EC2 instance to

securely access data in an Amazon S3 bucket without providing long-term
credentials to the application?

• Using Bucket Permissions

• Using User Groups
• Using cross region replication
• Using an IAM role

167) A company migrated their application servers to Amazon EC2 instances. The IT
Manager wants to know about upcoming AWS scheduled maintenance activities that
could impact the EC2 instances. Which AWS service provides alerts about these
activities?

• AWS Organizations
• AWS Trusted Advisor
• AWS Service Health Dashboard
• AWS Personal Health Dashboard

168) Amazon RDS provides Multi-AZ feature for better availability of databases.
Which of the following options describes Multi-AZ?

• Multi-AZ allows read replicas of RDS instances across availability zones.

• Multi-AZ encrypts RDS instance data.
• Multi-AZ maintains standby replicas of RDS instances in different availability
zones.
• Multi-AZ allows peering connections between VPCs.
169) You have a Node.js application that you want to get running as quickly as
possible. You need high performance and reliability, but you do not care about the
underlying system running your code. Which AWS service would best suit your
needs?

• Elastic Beanstalk
• EC2
• AppStream
• Lightsail

170) When doing a cost estimation for EC2 services, which other AWS service is a
required component?

• S3
• Lambda
• RDS
• EBS

171) Which two Amazon Web Services support plans provide 24/7 access to
enhanced technical support?

• Business
• Developer
• All plans
• Enterprise

172) What benefits does a database administrator get by using Amazon Relational
Database Service (RDS)?

• RDS enables users to dynamically adjust CPU and RAM resources.

• RDS simplifies tasks related to managing relational databases.
• RDS provides extremely high reliability and durability.
• RDS databases automatically scale based on load.

173) Which AWS Cloud Adoption Framework perspective focuses on aligning cloud
adoption with business goals?

• Security perspective
• Business perspective
• Governance perspective
• People perspective

174) What AWS services and resources are contained within an Amazon Virtual
Private Cloud (VPC)?

• Resources across multiple regions

 • Resources across multiple AWS regions and your on-premises networks
• Only resources in a single Availability Zone
• Resources across multiple Availability Zones in a single region

175) Which AWS database service encrypts data at rest by default?

• Amazon Aurora
• Amazon RDS
• Amazon DynamoDB
• Amazon Redshift

176) Which AWS service can be used to track user activity in AWS?

• Amazon Elastic Cache

• AWS CloudTrail
• AWS CloudWatch
• Amazon Beanstalk

177) What Amazon Web Services feature enables fast, secure transfers of files over
long distances between your computer and your Amazon S3 storage bucket?

• S3 Acceleration
• HTTP Transfer
• File Transfer
• Amazon S3 Transfer Acceleration

178) What should customers do to ensure the availability and backup of Amazon EBS
volumes?

• Create copies of EBS volumes

• Delete the data and create new EBS volumes
• Create EBS snapshots
• Attach new volumes to EC2 instances

179) What activities are included in AWS Support?

• Debugging custom software

• Code development
• Configuring third-party applications on AWS
• Troubleshooting API issues

180) Select two pillars in the AWS Well-Architected Framework.

• Operational Excellence
• Elasticity and Scalability
• Data Consistency
• Performance Efficiency
181) Which concept focuses on deploying systems across multiple physical locations?

• Geo-distribution
• Elasticity
• Durability
• Automation

182) Which feature of the AWS Systems Manager allows for grouping of resources
for easier viewing and granularity?

• Resource groups
• Cost categories
• Service labels
• Resource pools

183) Which of the following states is true about password policies for IAM accounts?

• IAM password policies have granular controls and can be set based on the
regulatory or corporate policies required for the account.
• IAM account passwords can only be set by the root account and cannot be
modified by the account itself.
• IAM accounts are free to use whatever password is desired by the account
holder.
• AWS has a global password policy that is enforced for all IAM accounts to
meet industry best practices.

184) Which standard is widely used for SSO federations and implementations?

• SQL
• JSON
• SAML
• XML

185) To provide optimal responsiveness for customers, AWS maintains a network of

Edge locations throughout the world to provide ultra-low-latency access to data.
Which AWS service is not available through Edge locations?

• AWS Shield
• CloudFront
• Route 53
• Lightsail

186) Which AWS region is limited to specific customers and is not available for
selection in general?

• sa-east-1
 • us-gov-west-1
• ca-central-1
• me-south-1

187) A developer is creating a new application and wants to integrate features of

AWS services directly into the application. Which AWS tool is the BEST for this
purpose?

• AWS CodePipeline
• AWS Command Line Interface (CLI)
• AWS Software Development Kit
• AWS CodeDeploy

188) To save on long-term costs from pre-purchasing hardware, you want to move
your company's data warehouse system into AWS. Which AWS service would you
utilize for this?

• Amazon Aurora
• DynamoDB
• Amazon RDS
• Amazon Redshift

189) What are two benefits of using AWS Elastic Load Balancing?

• Pay-per-use pricing
• Automated scaling
• High availability
• Reduced management overhead

190) Which Amazon Web Services resource requires customers to be responsible for
security configurations related to the infrastructure?

• Amazon DynamoDB
• Amazon RDS
• Amazon EC2
• AWS Fargate

191) Which Amazon Web Services security tool uses an agent installed on Amazon
Elastic Compute Cloud instances to check for vulnerabilities or unexpected changes
in the application?

• Amazon Macie
• Amazon Glacier
• Amazon Inspector

192) What are two benefits of using the Amazon Web Services (AWS) Cloud?
 • Fast setup of IT resources
• Go global in minutes
• Instant migration of any service to the cloud
• 100% SLA

193) Which Amazon Web Services tool can identify the user that terminated an
Amazon EC2 instance?

• Amazon Inspector
• AWS Trusted Advisor
• AWS Config
• AWS CloudTrail

194) Which AWS database service encrypts data at rest by default?

• NAT Gateway
• Internet Gateway
• Network Access Control List (NaCl)

195) Which AWS service allows a customer to mirror their corporate network within
AWS with the same types of topographies?

• CloudFront
• AWS VPC
• Route 53
• AWS VPN

196) Which concept focuses on loosely connecting components and layers of cloud
architecture?

• Automation
• Immutability
• Decoupling
• Infrastructure as code

197) Why does using cloud computing typically provide more agility compared to
on-premises data centers?

• Unlimited on-demand resources

• No infrastructure maintenance
• Faster time to market for new resources
• No need for IT staff

198) When using federated authentication with SAML, what are the two key
components involved with the workflow? (Choose two.)

• LDAP
 • Application
• Service provider
• System of record
• Identity provider

199) Which statement about AWS Certificate Manager certificates is incorrect?

• They automate the process of getting and renewing SSL/TLS certificates.

• They are free when used with Elastic Load Balancer.
• They are permanent certificates.
• You can issue unlimited certificates.

200) Which AWS service provides a history of the activities in your AWS account,
including actions through the AWS Console, SDKS, CLI, and other AWS services?

• AWS Config
• AWS CloudTrail
• AWS Infrastructure Event Management
• Amazon CloudWatch

201) Which AWS service can help provide low latency access to video files stored in a
single S3 bucket to users around the world?

• Use Amazon Elasticache to cache the video content closer to end users.
• Use AWS CloudFront to cache the video content closer to end users.
• Use Amazon Kinesis to cache the video content closer to end users.
• Use AWS DynamoDB DAX to cache the video content closer to end users.

202) With Elastic Load Balancing, three different load balancing models are available.
Which of the following is not a load balancing model offered by AWS?

• Application
• Dynamic
• Classic
• Network

203) With which AWS service would you expect to see service quotas regarding
number of buckets, maximum object size, or number of restore requests?

• S3
• EBS
• EC2
• S3 Glacier
204) Which key concept of cloud computing allows the resources to an application to
be expanded to meet increased demand of the user without having to provision for
maximum capacity in advance?

• Multitenancy
• Metered service
• Resource pooling
• Elasticity

205) Which cloud service model is most closely associated with DevOps?

• SaaS
• laas
• PaaS
• DaaS

206) Which AWS service is utilized to consolidate monitoring and measure services
for your entire account within AWS?

• AWS WAF
• AWS CloudTrail
• AWS CloudWatch
• AWS Shield

207) If you have multiple users who need the same rights within your AWS account,
which would be the easiest approach to implement and maintain the consistency of
them?

• Make each their own AWS account and share access to the main account.
• Create each user in IAM and assign the proper roles.
• Assign them to the same IAM group that you create.
• Assign them to the same security group.

208) Which AWS service allows traffic from the internet to access resources in a VPC?

• Internet Gateway
• NAT Gateway
• Transit Gateway
• Network Access Control List (NaCl)

209) Which service can help identify potential vulnerabilities and deviations from
best practices in an AWS environment?

• Amazon Inspector
• AWS CloudTrail
• AWS Config
 • AWS Trusted Advisor

210) Which two components can be configured through the VPC console in AWS?

• Key Pair
• Endpoint
• Security Group
• Subnet

211)