Summer Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 28522818

Home > Amazon Web Services > AWS Certified Foundational > CLF-C02

CLF-C02 AWS Certified Cloud Practitioner Question and Answers

Question # 4

A company purchased Amazon EC2 Standard Reserved Instances (Rls) for a workload in the AWS Cloud. The company needs to move part of the workload to an instance family that does not match the instance family of these Standard RIs.

How can the company take advantage of the Standard RIs that it no longer needs?

A.

Contact the AWS Support team, and ask the team to sell the Standard RIs.

B.

Sell the Standard RIs on the Amazon EC2 Reserved Instance Marketplace.

C.

Sell the Standard RIs as a third-party seller on the AWS Marketplace.

D.

Convert the Standard RIs to Savings Plans.

Full Access
Question # 5

A company needs to configure rules to identify threats and protect applications from malicious network access.

Which AWS service should the company use to meet these requirements?

A.

AWS Identity and Access Management (IAM)

B.

Amazon QuickSight

C.

AWS WAF

D.

Amazon Detective

Full Access
Question # 6

Which of the following are benefits that a company receives when it moves an on-premises production workload to AWS? (Select TWO.)

A.

AWS trains the company's staff on the use of all the AWS services.

B.

AWS manages all security in the cloud.

C.

AWS offers free support from technical account managers (TAMs).

D.

AWS offers high availability.

E.

AWS provides economies of scale.

Full Access
Question # 7

When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS, which Amazon EC2 instance type is required?

A.

Spot Instances

B.

Dedicated Instances

C.

Dedicated Hosts

D.

Reserved Instances

Full Access
Question # 8

Which AWS service or feature captures information about the network traffic to and from an Amazon EC2 instance?

A.

VPC Reachability Analyzer

B.

Amazon Athena

C.

VPC Flow Logs

D.

AWS X-Ray

Full Access
Question # 9

Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?

A.

Amazon DynamoDB

B.

Amazon Aurora

C.

Amazon DocumentDB (with MongoDB compatibility)

D.

Amazon Neptune

Full Access
Question # 10

Which pillar of the AWS Well-Architected Framework focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures?

A.

Cost optimization

B.

Reliability

C.

Operational excellence

D.

Performance efficiency

Full Access
Question # 11

Which AWS service or feature is used to Troubleshoot network connectivity issues between Amazon EC2 instances?

A.

AWS Certificate Manager (ACM)

B.

Internet gateway

C.

VPC Flow Logs

D.

AWS CloudHSM

Full Access
Question # 12

A company wants high levels of detection and near-real-time (NRT) mitigation against large and sophisticated distributed denial of service (DDoS) attacks on applications running on AWS.

Which AWS service should the company use?

A.

Amazon GuardDuty

B.

Amazon Inspector

C.

AWS Shield Advanced

D.

Amazon Macie

Full Access
Question # 13

Which option is an advantage of AWS Cloud computing that minimizes variable costs?

A.

High availability

B.

Economies of scale

C.

Global reach

D.

Agility

Full Access
Question # 14

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.

Which AWS service is used to track, record, and audit configuration changes made to AWS resources?

A.

AWS Shield

B.

AWS Config

C.

AWS IAM

D.

Amazon Inspector

Full Access
Question # 15

Which AWS Support plan provides the full set of AWS Trusted Advisor checks at the LOWEST cost?

A.

AWS Developer Support

B.

AWS Business Support

C.

AWS Enterprise On-Ramp Support

D.

AWS Enterprise Support

Full Access
Question # 16

Which AWS service aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services?

A.

Amazon Detective

B.

Amazon Inspector

C.

Amazon Macie

D.

AWS Security Hub

Full Access
Question # 17

Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?

A.

Amazon FSx for Lustre

B.

AWS Storage Gateway volume gateway

C.

AWS Storage Gateway file gateway

D.

Amazon Elastic File System (Amazon EFS)

Full Access
Question # 18

A company has been storing monthly reports in an Amazon S3 bucket. The company exports the report data into comma-separated values (.csv) files. A developer wants to write a simple query that can read all of these files and generate a summary report.

Which AWS service or feature should the developer use to meet these requirements with the LEAST amount of operational overhead?

A.

Amazon S3 Select

B.

Amazon Athena

C.

Amazon Redshift

D.

Amazon EC2

Full Access
Question # 19

A company wants to use a managed service to simplify the setup, operation, and scaling of its MySQL database in the AWS Cloud.

Which AWS service will meet these requirements?

A.

Amazon EMR

B.

Amazon RDS

C.

Amazon Redshift

D.

Amazon DynamoDB

Full Access
Question # 20

Which of the following is an advantage of AWS Cloud computing?

A.

Trade security for elasticity.

B.

Trade operational excellence for agility.

C.

Trade fixed expenses for variable expenses.

D.

Trade elasticity for performance.

Full Access
Question # 21

A company wants to migrate its on-premises data warehouse to AWS. The information in the data warehouse is

used to populate analytics dashboards.

Which AWS service should the company use for the data warehouse?

A.

Amazon ElastiCache

B.

Amazon Aurora

C.

Amazon RDS

D.

Amazon Redshift

Full Access
Question # 22

A company needs to migrate all of its development teams to a cloud-based integrated development environment (IDE).

Which AWS service should the company use?

A.

AWS CodeBuild

B.

AWS Cloud9

C.

AWS OpsWorks

D.

AWS Cloud Development Kit (AWS CDK)

Full Access
Question # 23

Which AWS service provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning (ML)?

A.

Amazon Kendra

B.

Amazon SageMaker

C.

Amazon Augmented Al (Amazon A2I)

D.

Amazon Polly

Full Access
Question # 24

Which AWS service will help a company identify the user who deleted an Amazon EC2 instance yesterday?

A.

Amazon CloudWatch

B.

AWS Trusted Advisor

C.

AWS CloudTrail

D.

Amazon Inspector

Full Access
Question # 25

A company has set up a VPC in its AWS account and has created a subnet in the VPC. The company wants to make the subnet public.

Which AWS features should the company use to meet this requirement? (Select TWO.)

A.

Amazon VPC internet gateway

B.

Amazon VPC NAT gateway

C.

Amazon VPC route tables

D.

Amazon VPC network ACL

E.

Amazon EC2 security groups

Full Access
Question # 26

Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)

A.

AWS Trusted Advisor

B.

AWS Online Tech Talks

C.

AWS Blog

D.

AWS Forums

E.

AWS Classroom Training

Full Access
Question # 27

A company wants to run a graph query that provides credit card users' names, addresses, and transactions. The company wants the graph to show if the names, addresses, and transactions indicates possible fraud.

Which AWS database service will meet these requirements?

A.

Amazon DocumenlDB (with MongoDB compatibility)

B.

Amazon Timestream

C.

Amazon DynamoDB

D.

Amazon Neptune

Full Access
Question # 28

A company deployed an application on an Amazon EC2 instance. The application ran as expected for 6 months. In the past week, users

have reported latency issues. A system administrator found that the CPU utilization was at 100% during business hours. The company

wants a scalable solution to meet demand.

Which AWS service or feature should the company use to handle the load for its application during periods of high demand?

A.

Auto Scaling groups

B.

AWS Global Accelerator

C.

Amazon Route 53

D.

An Elastic IP address

Full Access
Question # 29

A company's user base needs to remotely access virtual desktop computers from the internet Which AWS service provides this functionality?

A.

Amazon Connect

B.

Amazon Cognito

C.

Amazon Workspaces

D.

Amazon Upstream 2.0

Full Access
Question # 30

Which of the following is a benefit of decoupling an AWS Cloud architecture?

A.

Reduced latency

B.

Ability to upgrade components independently

C.

Decreased costs

D.

Fewer components to manage

Full Access
Question # 31

Which AWS services and features are provided to all customers at no charge? (Select TWO.)

A.

Amazon Aurora

B.

VPC

C.

Amazon SageMaker

D.

AWS Identity and Access Management (IAM)

E.

Amazon Polly

Full Access
Question # 32

A company is planning to migrate applications to the AWS Cloud. During a system audit, the company finds that its content management system (CMS) application is incompatible with cloud environments.

Which migration strategies will help the company to migrate the CMS application with the LEAST effort? (Select TWO.)

A.

Retire

B.

Rehost

C.

Repurchase

D.

Replatform

E.

Refactor

Full Access
Question # 33

A company has two AWS accounts in an organization in AWS Organizations for consolidated billing. All of the company's AWS resources are hosted in one AWS Region.

Account A has purchased five Amazon EC2 Standard Reserved Instances (RIs) and has four EC2 instances

running. Account B has not purchased any RIs and also has four EC2 instances running.

Which statement is true regarding pricing for these eight instances?

A.

The eight instances will be charged as regular instances.

B.

Four instances will be charged as RIs, and four will be charged as regular instances.

C.

Five instances will be charged as RIs, and three will be charged as regular instances.

D.

The eight instances will be charged as RIs.

Full Access
Question # 34

Which task is the responsibility of a company that is using Amazon RDS?

A.

Provision the underlying infrastructure.

B.

Create IAM policies to control administrative access to the service.

C.

Install the cables to connect the hardware for compute and storage.

D.

Install and patch the RDS operating system.

Full Access
Question # 35

Amazon Elastic File System (Amazon EFS) and Amazon FSx offer which type of storage?

A.

File storage

B.

Object storage

C.

Block storage

D.

Instance store

Full Access
Question # 36

Which of the following is a cost efficiency principle related to the AWS Cloud?

A.

Right-size services based on capacity requirements.

B.

Use the Billing Dashboard to access information about monthly bills.

C.

Use AWS Organizations to combine the expenses of multiple accounts into a single bill.

D.

Tag all AWS resources.

Full Access
Question # 37

A company's IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.

What should the company do to meet these requirements?

A.

Deploy MySQL database server clusters on Amazon EC2 instances.

B.

Use Amazon RDS with a MySQL database.

C.

Use an AWS Cloud Form at ion template to deploy MySQL database servers on Amazon EC2 instances.

D.

Migrate all the MySQL database data to Amazon S3.

Full Access
Question # 38

Which task is the responsibility of AWS, according to the AWS shared responsibility model?

A.

Set up multi-factor authentication (MFA) for each Workspaces user account.

B.

Ensure the environmental safety and security of the AWS infrastructure that hosts Workspaces.

C.

Provide security for Workspaces user accounts through AWS Identity and Access Management

(IAM).

D.

Configure AWS CloudTrail to log API calls and user activity.

A company stores data in an Amazon S3 bucket. The company must control who has permission to read, write,

or delete objects that the company stores in the S3 bucket.

Full Access
Question # 39

A company is building a serverless architecture that connects application data from multiple data sources. The company needs a solution that does not require additional code.

Which AWS service meets these requirements?

A.

AWS Lambda

B.

Amazon Simple Queue Service (Amazon SQS)

C.

Amazon CloudWatch

D.

Amazon EventBridge

Full Access
Question # 40

Which AWS service is a highly available and scalable DNS web service?

A.

Amazon VPC

B.

Amazon CloudFront

C.

Amazon Route 53

D.

Amazon Connect

Full Access
Question # 41

Which of the following is an AWS value proposition that describes a user's ability to scale infrastructure based on demand?

A.

Speed of innovation

B.

Resource elasticity

C.

Decoupled architecture

D.

Global deployment

Full Access
Question # 42

A company wants to centrally manage security policies and billing services within a multi-account AWS environment. Which AWS service should the company use to meet these requirements?

A.

AWS Identity and Access Management (IAM)

B.

AWS Organizations

C.

AWS Resource Access Manager (AWS RAM)

D.

AWS Config

Full Access
Question # 43

Which tasks are customer responsibilities according to the AWS shared responsibility model? (Select TWO.)

A.

Determine application dependencies with operating systems.

B.

Provide user access with AWS Identity and Access Management (IAM).

C.

Secure the data center in an Availability Zone.

D.

Patch the hypervisor.

E.

Provide network availability in Availability Zones.

Full Access
Question # 44

A company runs thousands of simultaneous simul-ations using AWS Batch. Each simul-ation is stateless, is fault tolerant, and runs for up to 3 hours.

Which pricing model enables the company to optimize costs and meet these requirements?

A.

Reserved Instances

B.

Spot Instances

C.

On-Demand Instances

D.

Dedicated Instances

Full Access
Question # 45

Which option is an advantage of AWS Cloud computing that minimizes variable costs?

A.

High availability

B.

Economies of scale

C.

Global reach

D.

Agility

Full Access
Question # 46

A cloud practitioner is analyzing Amazon EC2 instance performance and usage to provide recommendations for potential cost savings.

Which cloud concept does this analysis demonstrate?

A.

Auto scaling

B.

Rightsizing

C.

Load balancing

D.

High availability

Full Access
Question # 47

According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)

A.

Network infrastructure and virtualization of infrastructure

B.

Security of application data

C.

Guest operating systems

D.

Physical security of hardware

E.

Credentials and policies

Full Access
Question # 48

A company is hosting a web application in a Docker container on Amazon EC2.

AWS is responsible for which of the following tasks?

A.

Scaling the web application and services developed with Docker

B.

Provisioning or scheduling containers to run on clusters and maintain their availability

C.

Performing hardware maintenance in the AWS facilities that run the AWS Cloud

D.

Managing the guest operating system, including updates and security patches

Full Access
Question # 49

Which benefit does Amazon Rekognition provide?

A.

The ability to place watermarks on images

B.

The ability to detect objects that appear in pictures

C.

The ability to resize millions of images automatically

D.

The ability to bid on object detection jobs

Full Access
Question # 50

Which of the following is a recommended design principle of the AWS Well-Architected Framework?

A.

Reduce downtime by making infrastructure changes infrequently and in large increments.

B.

Invest the time to configure infrastructure manually.

C.

Learn to improve from operational failures.

D.

Use monolithic application design for centralization.

Full Access
Question # 51

A company’s IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.

What should the company do to meet these requirements?

A.

Deploy MySQL database server clusters on Amazon EC2 instances.

B.

Use Amazon RDS with a MySQL database.

C.

Use an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances.

D.

Migrate all the MySQL database data to Amazon S3.

Full Access
Question # 52

A company needs to identify the last time that a specific user accessed the AWS Management Console.

Which AWS service will provide this information?

A.

Amazon Cognito

B.

AWS CloudTrail

C.

Amazon Inspector

D.

Amazon GuardDuty

Full Access
Question # 53

Which of the following are design principles for reliability in the AWS Cloud? (Select TWO.)

A.

Build architectures with tightly coupled resources.

B.

Use AWS Trusted Advisor to meet security best practices.

C.

Use automation to recover immediately from failure.

D.

Rightsize Amazon EC2 instances to ensure optimal performance.

E.

Simulate failures to test recovery processes.

Full Access
Question # 54

Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)

A.

Patch AWS network devices.

B.

Set user password rules.

C.

Provide physical security for compute resources.

D.

Configure security groups.

E.

Patch the operating system of an Amazon EC2 instance.

Full Access
Question # 55

A company is migrating an application that includes an Oracle database to AWS. The company cannot rewrite the application.

To which AWS service could the company migrate the database?

A.

Amazon Athena

B.

Amazon DynamoDB

®C. Amazon RDS

C.

Amazon DocumentDB (with MongoDB compatibility)

Full Access
Question # 56

A company is launching a new application in the AWS Cloud. The application will run on an Amazon EC2 instance. More EC2 instances will be needed when the workload increases.

Which AWS service or tool can the company use to launch the number of EC2 instances that will be needed to handle the workload?

A.

Elastic Load Balancing

B.

Amazon EC2 Auto Scaling

C.

AWS App2Container (A2C)

D.

AWS Systems Manager

Full Access
Question # 57

Which AWS service or feature offers HTTP attack protection to users running public-facing web applications?

A.

Security groups

B.

Network ACLs

C.

AWS Shield Standard

D.

AWS WAF

Full Access
Question # 58

A user wants to identify any security group that is allowing unrestricted incoming SSH traffic.

Which AWS service can be used to accomplish this goal?

A.

Amazon Cognito

B.

AWS Shield

C.

Amazon Macie

D.

AWS Trusted Advisor

Full Access
Question # 59

A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing

backup workflows.

Which AWS service should the company use to meet these requirements?

A.

Amazon Elastic Block Store (Amazon EBS)

B.

AWS Storage Gateway

C.

Amazon Elastic Container Service (Amazon ECS)

D.

AWS Lambda

Full Access
Question # 60

Which best practice for cost governance does this example show?

A.

Resource controls

B.

Cost allocation

C.

Architecture optimization

D.

Tagging enforcement

Full Access
Question # 61

Which task is a customer's responsibility, according to the AWS shared responsibility model?

A.

Management of the guest operating systems

B.

Maintenance of the configuration of infrastructure devices

C.

Management of the host operating systems and virtualization

D.

Maintenance of the software that powers Availability Zones

A company has refined its workload to use specific AWS services to improve efficiency and reduce cost.

Full Access
Question # 62

A company wants to manage access and permissions for its third-party software as a service (SaaS)

applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications.

Which AWS service should the company use to meet these requirements?

A.

Amazon Cognito

B.

AWS IAM Identity Center (AWS Single Sign-On)

C.

AWS Identity and Access Management (IAM)

D.

AWS Directory Service for Microsoft Active Directory

Full Access
Question # 63

Which AWS service or tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?

A.

AWS Identity and Access Management (IAM)

B.

AWS Organizations

C.

AWS Cost Explorer

D.

AWS Budgets

Full Access
Question # 64

A company needs to test a new application that was written in Python. The code will activate when new images are stored in an Amazon S3 bucket. The application will put a watermark on each image and then will store the images in a different S3 bucket.

Which AWS service should the company use to conduct the test with the LEAST amount of operational

overhead?

A.

Amazon EC2

B.

AWS CodeDeploy

C.

AWS Lambda

D.

Amazon Lightsail

Full Access
Question # 65

Which AWS Well-Architected Framework concept represents a system's ability to remain functional when the system encounters operational problems?

A.

Consistency

B.

Elasticity

C.

Durability

D.

Latency

Full Access
Question # 66

A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.

Which AWS service or tool can the company use to meet these requirements?

A.

AWS Pricing Calculator

B.

Amazon CloudWatch

C.

AWS Cost Explorer

D.

AWS Budgets

Full Access
Question # 67

Which group shares responsibility with AWS for security and compliance of AWS accounts and resources?

A.

Third-party vendors

B.

Customers

C.

Reseller partners

D.

Internet providers

Full Access
Question # 68

Which pillar of the AWS Well-Architected Framework focuses on the return on investment of moving into the AWS Cloud?

A.

Sustainability

B.

Cost optimization

C.

Operational excellence

D.

Reliability

Full Access
Question # 69

What can a user accomplish using AWS CloudTrail?

A.

Generate an IAM user credentials report.

B.

Record API calls made to AWS services.

C.

Assess the compliance of AWS resource configurations with policies and guidelines.

D.

Ensure that Amazon EC2 instances are patched with the latest security updates.

A company uses Amazon Workspaces.

Full Access
Question # 70

A company is developing an application that uses multiple AWS services. The application needs to use

temporary, limited-privilege credentials for authentication with other AWS APIs.

Which AWS service or feature should the company use to meet these authentication requirements?

A.

Amazon API Gateway

B.

IAM users

C.

AWS Security Token Service (AWS STS)

D.

IAM instance profiles

Full Access
Question # 71

Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Select TWO.)

A.

Perform operations as code.

B.

Enable traceability.

C.

Automatically scale to meet demand.

D.

Deploy resources globally to improve response time.

E.

Automatically recover from failure.

Full Access
Question # 72

A manufacturing company has a critical application that runs at a remote site that has a slow internet connection. The company wants to migrate the workload to AWS. The application is sensitive to latency and interruptions in connectivity. The company wants a solution that can host this application with minimum latency.

Which AWS service or feature should the company use to meet these requirements?

A.

Availability Zones

B.

AWS Local Zones

C.

AWS Wavelength

D.

AWS Outposts

Full Access
Question # 73

Which of the following is available to a company that has an AWS Business Support plan?

A.

AWS Support concierge

B.

AWS DDoS Response Team (DRT)

C.

AWS technical account manager (TAM)

D.

AWS Health API

Full Access
Question # 74

Which AWS service requires the customer to patch the guest operating system?

A.

AWS Lambda

B.

Amazon OpenSearch Service

C.

Amazon EC2

D.

Amazon ElastiCache

Full Access
Question # 75

A company is running an application on AWS. The company wants to identify and prevent the accidental

Which AWS service or feature will meet these requirements?

A.

Amazon GuardDuty

B.

Network ACL

C.

AWS WAF

D.

AWS Network Firewall

Full Access
Question # 76

Which AWS service offers a global content delivery network (CDN) that helps companies securely deliver websites, videos, applications,

and APIs at high speeds with low latency?

A.

Amazon EC2

B.

Amazon CloudFront

C.

Amazon CloudWatch

D.

AWS CloudFormation

Full Access
Question # 77

A company wants to migrate to the AWS Cloud. The company needs the ability to acquire resources when the resources are necessary.

The company also needs the ability to release those resources when the resources are no longer necessary.

Which architecture concept of the AWS Cloud meets these requirements?

A.

Elasticity

B.

Availability

C.

Reliability

D.

Durability

Full Access
Question # 78

Which credential allows programmatic access to AWS resources for use from the AWS CLI or the AWS API?

A.

User name and password

B.

Access keys

C.

SSH public keys

D.

AWS Key Management Service (AWS KMS) keys

Full Access
Question # 79

A company migrated its core application onto multiple workloads in the AWS Cloud. The company wants to improve the application's reliability.

Which cloud design principle should the company implement to achieve this goal?

A.

Maximize utilization.

B.

Decouple the components.

C.

Rightsize the resources.

D.

Adopt a consumption model.

Full Access
Question # 80

A new AWS user who has little cloud experience wants to build an application by using AWS services. The user wants to learn how to implement specific AWS services from other customer examples. The user also wants to ask questions to AWS experts.

Which AWS service or resource will meet these requirements?

A.

AWS Online Tech Talks

B.

AWS documentation

C.

AWS Marketplace

D.

AWS Health Dashboard

Full Access
Question # 81

What does "security of the cloud" refer to in the AWS shared responsibility model?

A.

Availability of AWS services such as Amazon EC2

B.

Security of the cloud infrastructure that runs all the AWS services

C.

Implementation of password policies for IAM users

D.

Security of customer environments by using AWS Network Firewall partners

Full Access
Question # 82

A company needs Amazon EC2 instances for a workload that can tolerate interruptions.

Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-Demand prices?

A.

Spot Instances

B.

Convertible Reserved Instances

C.

Standard Reserved Instances

D.

Dedicated Hosts

Full Access
Question # 83

A company wants to move its data warehouse application to the AWS Cloud. The company wants to run and scale its analytics services without needing to provision and manage data warehouse clusters.

Which AWS service will meet these requirements?

A.

Amazon Redshift provisioned data warehouse

B.

Amazon Redshift Serverless

C.

Amazon Athena

D.

Amazon S3

Full Access
Question # 84

What is an AWS responsibility under the AWS shared responsibility model?

A.

Configure the security group rules that determine which ports are open on an Amazon EC2 Linux instance.

B.

Ensure the security of the internal network in the AWS data centers.

C.

Patch the guest operating system with the latest security patches on Amazon EC2.

D.

Turn on server-side encryption for Amazon S3 buckets.

A company wants to deploy its critical application on AWS and maintain high availability.

Full Access
Question # 85

A company must store call recordings for 6 years. The storage system should be highly durable and cost-effective.

Which AWS service meets these requirements?

A.

AWS Snowball

B.

Amazon S3

C.

AWS Storage Gateway

D.

Amazon Kinesis

Full Access
Question # 86

Which task is the responsibility of AWS when using AWS services?

A.

Management of IAM user permissions

B.

Creation of security group rules for outbound access

C.

Maintenance of physical and environmental controls

D.

Application of Amazon EC2 operating system patches

Full Access
Question # 87

A company has an application workload that is stateless by design and can sustain occasional downtime. The application performs massively parallel computations.

Which Amazon EC2 pricing model should the company choose for its application to reduce cost?

A.

On-Demand Instances

B.

Spot Instances

C.

Reserved Instances

D.

Dedicated Instances

Full Access
Question # 88

A company provides a software as a service (SaaS) application. The company has a new customer that is based in a different country.

The new customer's data needs to be hosted in that country.

Which AWS service or infrastructure component should the company use to meet this requirement?

A.

AWS Shield

B.

Amazon S3 Object Lock

C.

AWS Regions

D.

Placement groups

Full Access
Question # 89

A company wants to access a report about the estimated environmental impact of the company's AWS usage.

Which AWS service or feature should the company use to meet this requirement?

A.

AWS Organizations

B.

IAM policy

C.

AWS Billing console

D.

Amazon Simple Notification Service (Amazon SNS)

Full Access
Question # 90

Which AWS services or tools are designed to protect a workload from SQL injections, cross-site scripting, and DDoS attacks? (Select TWO.)

A.

VPC endpoint

B.

Virtual private gateway

Q C. AWS Shield Standard

C.

AWS Config

D.

AWS WAF

Full Access
Question # 91

Which benefit of AWS Cloud computing provides lower latency between users and applications?

A.

Agility

B.

Economies of scale

C.

Global reach

D.

Pay-as-you-go pricing

Full Access
Question # 92

Which AWS services can a company use to host and run a MySQL database? (Select TWO.)

A.

Amazon RDS

B.

Amazon DynamoDB

C.

Amazon S3

D.

Amazon EC2

E.

Amazon MQ

Full Access
Question # 93

A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances. Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased.

The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.

Which AWS service or tool should the company use to meet these requirements?

A.

AWS Systems Manager

B.

Cost Explorer

C.

AWS Trusted Advisor

D.

AWS Organizations

Full Access
Question # 94

A company wants to develop a shopping application that records customer orders. The application needs to use an AWS managed database service to store data.

Which AWS service should the company use to meet these requirements?

A.

Amazon RDS

B.

Amazon Redshift

C.

Amazon ElastiCache

D.

Amazon Neptune

Full Access
Question # 95

A company needs to host a web server on Amazon EC2 instances for at least 1 year. The web server cannot tolerate interruption.

Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

A.

On-Demand Instances

B.

Partial Upfront Reserved Instances

C.

Spot Instances

D.

No Upfront Reserved Instances

Full Access
Question # 96

A company needs to centralize its operational data. The company also needs to automate tasks across all of its Amazon EC2 instances.

Which AWS service can the company use to meet these requirements?

A.

AWS Trusted Advisor

B.

AWS Systems Manager

C.

AWS CodeDeploy

D.

AWS Elastic Beanstalk

Full Access
Question # 97

A company wants to use Amazon EC2 instances to run a stateless and restartable process after business hours.

Which AWS service provides DNS resolution?

A.

Amazon CloudFront

B.

Amazon VPC

C.

Amazon Route 53

D.

AWS Direct Connect

Full Access
Question # 98

Which aspect of security is the customer's responsibility, according to the AWS shared responsibility model?

A.

Patch and configuration management

B.

Service and communications protection or zone security

C.

Physical and environmental controls

D.

Awareness and training

Full Access
Question # 99

Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?

A.

AWS Pricing Calculator

B.

AWS Compute Optimizer

C.

AWS App Runner

D.

AWS Systems Manager

Full Access
Question # 100

Which AWS service or feature can be used to control inbound and outbound traffic on an Amazon EC2 instance?

A.

Internet gateways

B.

AWS Identity and Access Management (IAM)

C.

Network ACLs

D.

Security groups

Full Access
Question # 101

A company that is planning to migrate to the AWS Cloud is based in an isolated area that has limited internet connectivity. The company needs to perform local data processing on premises. The company needs a solution that can operate without a stable internet connection.

Which AWS service will meet these requirements?

A.

Amazon S3

B.

AWS Snowball Edge

C.

AWS StorageGateway

D.

AWS Backup

Full Access
Question # 102

A company is running an order processing system on Amazon EC2 instances. The company wants to migrate microservices-based application.

Which combination of AWS services can the application use to meet these requirements? (Select TWO.)

A.

Amazon Simple Queue Service (Amazon SQS)

B.

AWS Lambda

C.

AWS Migration Hub

D.

AWS AppSync

E.

AWS Application Migration Service

Full Access
Question # 103

A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access.

According to the AWS shared responsibility model, which task is the responsibility of the customer?

A.

Protect the global infrastructure that runs all of the services offered in the AWS Cloud.

B.

Configure logical access controls for resources, and protect account credentials.

C.

Configure the security used by managed services.

D.

Patch and back up Amazon Aurora.

Full Access
Question # 104

A company wants its Amazon EC2 instances to share the same geographic area but use redundant underlying power sources.

Which solution will meet these requirements?

A.

Use EC2 instances across multiple Availability Zones in the same AWS Region.

B.

Use Amazon CloudFront as the database for the EC2 instances.

C.

Use EC2 instances in the same edge location and the same Availability Zone.

D.

Use EC2 instances in AWS OpsWorks stacks in different AWS Regions.

Full Access
Question # 105

Which AWS Cloud design principle does a company follow by using AWS CloudTrail?

A.

Recover automatically.

B.

Perform operations as code.

C.

Measure efficiency.

D.

Ensure traceability.

Full Access
Question # 106

How should the company deploy the application to meet these requirements?

A.

Ina single Availability Zone

B.

On AWS Direct Connect

C.

On Reserved Instances

D.

In multiple Availability Zones

Full Access
Question # 107

A company wants guidance to optimize the cost and performance of its current AWS environment.

Which AWS service or tool should the company use to identify areas for optimization?

A.

Amazon QuickSight

B.

AWS Trusted Advisor

C.

AWS Organizations

D.

AWS Budgets

Full Access
Question # 108

A company needs to design a solution for the efficient use of compute resources for an enterprise workload. The company needs to make informed decisions as its technology needs evolve.

Which pillar of the AWS Well-Architected Framework do these requirements represent?

A.

Operational excellence

B.

Performance efficiency

C.

Cost optimization

D.

Reliability

Full Access
Question # 109

Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?

A.

Security awareness and training

B.

Development of an IAM password policy

C.

Patching of the guest operating system

D.

Physical and environmental controls

Full Access
Question # 110

A company wants to move its iOS application development and build activities to AWS.

Which AWS service or resource should the company use for these activities?

A.

AWS CodeCommit

B.

Amazon EC2 M1 Mac instances

C.

AWS Amplify

D.

AWS App Runner

Full Access
Question # 111

Which options are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)

A.

Sustainability

B.

Security

C.

Operations

D.

Performance efficiency

E.

Reliability

Full Access
Question # 112

Which perspective of the AWS Cloud Adoption Framework (AWS CAF) connects technology and business?

A.

Operations

B.

People

C.

Security

D.

Governance

Full Access
Question # 113

Which AWS service is always available free of charge to users?

A.

Amazon Athena

B.

AWS Identity and Access Management (IAM)

C.

AWS Secrets Manager

D.

Amazon ElastiCache

A company has only basic knowledge of AWS technologies.

Full Access
Question # 114

Which AWS service can defend against DDoS attacks?

A.

AWS Firewall Manager

B.

AWS Shield Standard

C.

AWS WAF

D.

Amazon Inspector

Full Access
Question # 115

A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.

Which AWS service should the developer use to meet these requirements?

A.

AWS Ground Station

B.

AWS Shield

C.

AWS loT Device Defender

D.

AWS CloudFormation

Full Access
Question # 116

A company wants an in-memory data store that is compatible with open source in the cloud.

Which AWS service should the company use?

A.

Amazon DynamoDB

B.

Amazon ElastiCache

C.

Amazon Elastic Block Store (Amazon EBS)

D.

Amazon Redshift

Full Access
Question # 117

Which AWS service is always free of charge for users?

A.

Amazon S3

B.

Amazon Aurora

C.

Amazon EC2

D.

AWS Identity and Access Management (IAM)

Full Access
Question # 118

A company provides a web-based ecommerce service that runs in two Availability Zones within a single AWS Region. The web service distributes content that is stored in the Amazon S3 Standard storage class. The company wants to improve the web service's performance globally.

What should the company do to meet this requirement?

A.

Change the S3 storage class to S3 Intelligent-Tiering.

B.

Deploy an Amazon CloudFront distribution to cache web server content in edge locations.

C.

Use Amazon API Gateway for the web service.

D.

Migrate the website ecommerce servers to Amazon EC2 with enhanced networking.

Full Access
Question # 119

Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework?

A.

Create annotated documentation.

B.

Anticipate failure.

C.

Ensure performance efficiency.

D.

Optimize costs.

Full Access
Question # 120

A company wants to run its production workloads on AWS. The company needs concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week.

Which AWS Support plan will meet these requirements?

A.

AWS Basic Support

B.

AWS Enterprise Support

C.

AWS Business Support

D.

AWS Developer Support

Full Access
Question # 121

Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Select TWO.)

A.

Maximize utilization of Amazon EC2 instances.

B.

Minimize utilization of Amazon EC2 instances.

C.

Minimize usage of managed services.

D.

Force frequent application reinstallations by users.

E.

Reduce the need for users to reinstall applications.

Full Access
Question # 122

Which AWS solution provides the ability for a company to run AWS services in the company's on-premises data center?

A.

AWS Direct Connect

B.

AWS Outposts

C.

AWS Systems Manager hybrid activations

D.

AWS Storage Gateway

Full Access
Question # 123

Which AWS service can a company use to securely store and encrypt passwords for a database?

A.

AWS Shield

B.

AWS Secrets Manager

C.

AWS Identity and Access Management (IAM)

D.

Amazon Cognito

Full Access
Question # 124

What is a characteristic of Convertible Reserved Instances (RIs)?

A.

Users can exchange Convertible RIs for other Convertible RIs from a different instance family.

B.

Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.

C.

Users can sell and buy Convertible RIs on the AWS Marketplace.

D.

Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs.

Full Access
Question # 125

A company needs to host a highly available application in the AWS Cloud. The application runs infrequently for short periods of time.

Which AWS service will meet these requirements with the LEAST amount of operational overhead?

A.

Amazon EC2

B.

AWS Fargate

C.

AWS Lambda

D.

Amazon Aurora

Full Access
Question # 126

Which AWS service or tool should a company use to forecast AWS spending?

A.

Amazon DevPay

B.

AWS Organizations

C.

AWS Trusted Advisor

D.

Cost Explorer

Full Access
Question # 127

Which tasks are the responsibility of AWS according to the AWS shared responsibility model? (Select TWO.)

A.

Configure AWS Identity and Access Management (IAM).

B.

Configure security groups on Amazon EC2 instances.

C.

Secure the access of physical AWS facilities.

D.

Patch applications that run on Amazon EC2 instances.

E.

Perform infrastructure patching and maintenance.

Full Access
Question # 128

Which task can a company perform by using security groups in the AWS Cloud?

A.

Allow access to an Amazon EC2 instance through only a specific port.

B.

Deny access to malicious IP addresses at a subnet level.

C.

Protect data that is cached by Amazon CloudFront.

D.

Apply a stateless firewall to an Amazon EC2 instance.

Full Access
Question # 129

A company suspects that its AWS resources are being used for illegal activities.

Which AWS group or team should the company notify?

A.

AWS Abuse team

B.

AWS Support team

C.

AWS technical account managers

D.

AWS Professional Services team

Full Access
Question # 130

A user is moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud.

Which type of migration is this?

A.

On-premises to cloud native

B.

Hybrid to cloud native

C.

On-premises to hybrid

D.

Cloud native to hybrid

Full Access
Question # 131

A company wants to migrate its applications to the AWS Cloud. The company plans to identify and prioritize any business transformation opportunities and evaluate its AWS Cloud readiness.

Which AWS service or tool should the company use to meet these requirements?

A.

AWS Cloud Adoption Framework (AWS CAF)

B.

AWS Managed Services (AMS)

C.

AWS Well-Architected Framework

D.

AWS Migration Hub

Full Access
Question # 132

A company wants to migrate its on-premises application to the AWS Cloud. The company is legally obligated to retain certain data in its onpremises data center.

Which AWS service or feature will support this requirement?

A.

AWS Wavelength

B.

AWS Local Zones

C.

VMware Cloud on AWS

D.

AWS Outposts

Full Access
Question # 133

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

A.

Sustainability

B.

Operations

C.

Performance efficiency

D.

Reliability

Full Access
Question # 134

A company needs help managing multiple AWS linked accounts that are reported on a consolidated bill.

Which AWS Support plan includes an AWS concierge whom the company can ask for assistance?

A.

AWS Developer Support

B.

AWS Enterprise Support

C.

AWS Business Support

D.

AWS Basic Support

Full Access
Question # 135

A company is reviewing the design of an application that will be migrated from on premises to a single Amazon EC2 instance.

What should the company do to make the application highly available?

A.

Provision additional EC2 instances in other Availability Zones.

B.

Configure an Application Load Balancer (ALB). Assign the EC2 instance as the ALB's target.

C.

Use an Amazon Machine Image (AMI) to create the EC2 instance.

D.

Provision the application by using an EC2 Spot Instance.

Full Access
Question # 136

In which categories does AWS Trusted Advisor provide recommended actions? (Select TWO.)

A.

Operating system patches

B.

Cost optimization

C.

Repetitive tasks

D.

Service quotas

E.

Account activity records

Full Access
Question # 137

A company needs a repository that stores source code. The company needs a way to update the running software when the code changes.

Which combination of AWS services will meet these requirements? (Select TWO.)

A.

AWS CodeCommit

B.

AWS CodeDeploy

C.

Amazon DynamoDB

D.

Amazon S3

E.

Amazon Elastic Container Service (Amazon ECS)

Full Access
Question # 138

A developer wants to use an Amazon S3 bucket to store application logs that contain sensitive data.

Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?

A.

Security groups

B.

Amazon CloudWatch

C.

AWS CloudTrail

D.

ACLs

Full Access
Question # 139

A company is preparing to launch a redesigned website on AWS. Users from around the world will download digital handbooks from the website.

Which AWS solution should the company use to provide these static files securely?

A.

Amazon Kinesis Data Streams

B.

Amazon CloudFront with Amazon S3

C.

Amazon EC2 instances with an Application Load Balancer

D.

Amazon Elastic File System (Amazon EFS)

Full Access
Question # 140

Which benefit of the AWS Cloud helps companies achieve lower usage costs because of the aggregate usage of all AWS users?

A.

No need to guess capacity

B.

Ability to go global in minutes

C.

Economies of scale

D.

Increased speed and agility

Full Access
Question # 141

Which encryption types can be used to protect objects at rest in Amazon S3? (Select TWO.)

A.

Server-side encryption with AmazonS3 managed encryption keys (SSE-S3)

B.

Server-side encryption with AWS KMSmanaged keys (SSE-KMS)

C.

TLS

D.

SSL

E.

Transparent Data Encryption (TDE)

Full Access
Question # 142

A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.

Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?

A.

Security groups

B.

AWS WAF

C.

Network ACLs

D.

AWS Shield

Full Access
Question # 143

A company manages factory machines in real time. The company wants to use AWS technology to deploy its monitoring applications as close to the factory machines as possible.

Which AWS solution will meet these requirements with the LEAST latency?

A.

AWS Outposts

B.

Amazon EC2

C.

AWS App Runner

D.

AWS Batch

Full Access
Question # 144

Which options are common stakeholders for the AWS Cloud Adoption Framework (AWS CAF) platform perspective? (Select TWO.)

A.

Chief financial officers (CFOs)

B.

IT architects

C.

Chief information officers (CIOs)

D.

Chief data officers (CDOs)

E.

Engineers

Full Access
Question # 145

A company has an application that runs periodically in an on-premises environment. The application runs for a few hours most days, but runs for 8 hours a day for a week at the end of each month.

Which AWS service or feature should be used to host the application in the AWS Cloud?

A.

Amazon EC2 Standard Reserved Instances

B.

Amazon EC2 On-Demand Instances

C.

AWS Wavelength

D.

Application Load Balancer

Full Access
Question # 146

Which AWS service is designed to help users orchestrate a workflow process for a set of AWS Lambda functions?

A.

Amazon DynamoDB

B.

AWS CodePipeline

C.

AWS Batch

D.

AWS Step Functions

Full Access
Question # 147

Which AWS database service provides in-memory data storage?

A.

Amazon DynamoDB

B.

Amazon ElastiCache

C.

Amazon RDS

D.

Amazon Timestream

Full Access
Question # 148

A company has an Amazon S3 bucket containing images of scanned financial invoices. The company is building an artificial intelligence (Al)-based application on AWS. The company wants the application to identify and read total balance amounts on the invoices.

Which AWS service will meet these requirements?

A.

Amazon Forecast

B.

Amazon Textract

C.

Amazon Rekognition

D.

Amazon Lex

Full Access
Question # 149

A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.

Which AWS service or resource will meet these requirements with the LEAST management overhead?

A.

PostgreSQL on Amazon EC2

B.

Amazon RDS for PostgreSQL

C.

Amazon Aurora PostgreSQL-Compatible Edition

D.

Amazon Aurora Serverless

Full Access
Question # 150

A company processes personally identifiable information (Pll) and must keep data in the country where it was generated. The company wants to use Amazon EC2 instances for these workloads.

Which AWS service will meet these requirements?

A.

AWS Outposts

B.

AWS Storage Gateway

C.

AWS DataSync

D.

AWS OpsWorks

Full Access
Question # 151

Which of the following are user authentication services managed by AWS? (Select TWO.)

A.

Amazon Cognito

B.

AWS Lambda

C.

AWS License Manager

D.

AWS Identity and Access Management (IAM)

E.

AWS CodeStar

Full Access
Question # 152

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud How can these reports be generated?

A.

Contact the AWS Compliance team

B.

Download the reports from AWS Artifact

C.

Open a case with AWS Support

D.

Generate the reports with Amazon Macie.

Full Access
Question # 153

A company needs to track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources. Which AWS tool or service can be used to meet these requirements?

A.

Amazon CloudWatch

B.

Amazon Inspector

C.

AWS CloudTrail

D.

AWS IAM

Full Access
Question # 154

Which of the following is an advantage that the AWS Cloud provides to users?

A.

Users eliminate the need to guess about infrastructure capacity requirements.

B.

Users decrease their variable costs by maintaining sole ownership of IT hardware.

C.

Users maintain control of underlying IT infrastructure hardware.

D.

Users maintain control of operating systems for managed services.

Full Access
Question # 155

What is the total amount of storage offered by Amazon S3?

A.

WOMB

B.

5 GB

C.

5 TB

D.

Unlimited

Full Access
Question # 156

A company wants its workload to perform consistently and correctly.

Which benefit of AWS Cloud computing does this goal represent?

A.

Security

B.

Elasticity

C.

Pay-as-you-go pricing

D.

Reliability

Full Access
Question # 157

Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC? images?

A.

EC2 Image Builder

B.

Amazon Machine Image (AMI)

C.

AWS Launch Wizard

D.

AWS Elastic Beanstalk

Full Access
Question # 158

A company needs to block SOL injection attacks.

Which AWS service or feature provides this functionality?

A.

AWS WAF

B.

Network ACLs

C.

Security groups

D.

AWS Trusted Advisor

Full Access
Question # 159

A company needs to store infrequently used data for data archives and long-term backups.

A company needs a history report about how its Amazon EC2 instances were modified last month.

Which AWS service can be used to meet this requirement?

A.

AWS Service Catalog

B.

AWS Config

C.

Amazon CloudWatch

D.

AWS Artifact

Full Access
Question # 160

A company plans to migrate its custom marketing application and order-processing application to AWS. The company needs to deploy the applications on different types of instances with various configurations of CPU, memory, storage, and networking capacity.

Which AWS service should the company use to meet these requirements?

A.

AWS Lambda

B.

Amazon Cognito

C.

Amazon Athena

D.

Amazon EC2

Full Access
Question # 161

A company has moved all its infrastructure to the AWS Cloud. To plan ahead for each quarter, the finance team wants to track the cost and usage data of all resources from previous months. The finance team wants to automatically generate reports that contains the data.

Which AWS service or feature should the finance team use to meet these requirements?

A.

Amazon Detective

B.

AWS Pricing Calculator

C.

AWS Budgets

D.

AWS Savings Plans

Full Access
Question # 162

Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?

A.

On-Demand Instances

B.

Standard Reserved Instances

C.

Spot Instances

D.

Convertible Reserved Instances

Full Access
Question # 163

Which AWS service or tool provides users with a graphical interface that they can use to manage AWS services?

A.

AWS Copilot

B.

AWS CLI

C.

AWS Management Console

D.

AWS software development kits (SDKs)

Full Access
Question # 164

Which of the following is a fully managed graph database service on AWS?

A.

Amazon Aurora

B.

Amazon FSx

C.

Amazon DynamoDB

D.

Amazon Neptune

Full Access
Question # 165

Which of the following is a fully managed MySQL-compatible database?

A.

Amazon S3

B.

Amazon DynamoDB

C.

Amazon Redshift

D.

Amazon Aurora

Full Access
Question # 166

A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises storage with storage that is cloud-based but locally cached.

Which AWS service meets these requirements?

A.

AWS Storage Gateway

B.

AWS Snowcone

C.

AWS Backup

D.

Amazon Elastic File System (Amazon EFS)

Full Access
Question # 167

Which of the following are general AWS Cloud design principles described in the AWS Well-Architected Framework?

A.

Consolidate key components into monolithic architectures.

B.

Test systems at production scale.

C.

Provision more capacity than a workload is expected to need.

D.

Drive architecture design based on data collected about the workload behavior and requirements.

E.

Make AWS Cloud architectural decisions static, one-time events.

Full Access
Question # 168

A company has a large number of Linux Amazon EC2 instances across several Availability Zones in an AWS Region. Applications that run on the EC2 instances need access to a common set of files.

Which AWS service or device should the company use to meet this requirement?

A.

AWS Backup

B.

Amazon Elastic File System (Amazon EFS)

C.

Amazon Elastic Block Store (Amazon EBS)

D.

AWS Snowball Edge Storage Optimized

Full Access
Question # 169

Which guidelines are best practices for using AWS Identity and Access Management (1AM)? (Select TWO.)

A.

Share access keys.

B.

Create individual 1AM users.

C.

Use inline policies instead of customer managed policies.

D.

Grant maximum privileges to 1AM users.

E.

Use groups to assign permissions to 1AM users.

Full Access
Question # 170

A company needs to set up user authentication for a new application. Users must be able to sign in directly with a user name and password, or through a third-party provider.

Which AWS service should the company use to meet these requirements?

A.

AWS IAM Identity Center (AWS Single Sign-On)

B.

AWS Signer

C.

Amazon Cognito

D.

AWS Directory Service

Full Access
Question # 171

A company's information security manager is supervising a move to AWS and wants to ensure that AWS best practices are followed. The manager has concerns about the potential misuse of AWS account root user credentials.

Which of the following is an AWS best practice for using the AWS account root user credentials?

A.

Allow only the manager to use the account root user credentials for normal activities.

B.

Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.

C.

Use the account root user credentials only when they alone must be used to perform a required

function.

D.

Use the account root user credentials only for the creation of private VPC subnets.

Full Access
Question # 172

Which of the following services can be used to block network traffic to an instance? (Select TWO.)

A.

Security groups

B.

Amazon Virtual Private Cloud (Amazon VPC) flow logs

C.

Network ACLs

D.

Amazon CloudWatch

E.

AWS CloudTrail

Full Access
Question # 173

Which of the following is a benefit that AWS Professional Services provides?

A.

Management of the ongoing security of user data

B.

Advisory solutions for AWS adoption

C.

Technical support 24 hours a day, 7 days a week

D.

Monitoring of monthly billing costs in AWS accounts

Full Access
Question # 174

A company wants to query its server logs to gain insights about its customers' experiences.

Which AWS service will store this data MOST cost-effectively?

A.

Amazon Aurora

B.

Amazon Elastic File System (Amazon EFS)

C.

Amazon Elastic Block Store (Amazon EBS)

D.

Amazon S3

Full Access
Question # 175

An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2 instances based on CPU utilization.

Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?

A.

Amazon Simple Queue Service (Amazon SQS)

B.

Amazon Simple Notification Service (Amazon SNS)

C.

AWS Systems Manager

D.

Amazon CloudWatch alarm

Full Access
Question # 176

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

A.

High availability

B.

Economies of scale

C.

Pay-as-you-go pricing

D.

Global reach

Full Access
Question # 177

A company has batch workloads that need to run for short periods of time on Amazon EC2. The workloads can handle interruptions and can start again from where they ended.

What is the MOST cost-effective EC2 instance purchasing option to meet these requirements?

A.

Reserved Instances

B.

Spot Instances

C.

Dedicated Instances

D.

On-Demand Instances

Full Access
Question # 178

Which statement describes a characteristic of the AWS global infrastructure?

A.

Edge locations contain multiple AWS Regions.

B.

AWS Regions contain multiple Regional edge caches.

C.

Availability Zones contain multiple data centers.

D.

Each data center contains multiple edge locations.

Full Access
Question # 179

A company needs to engage third-party consultants to help maintain and support its AWS environment and the company's business needs.

Which AWS service or resource will meet these requirements?

A.

AWS Support

B.

AWS Organizations

C.

AWS Service Catalog

D.

AWS Partner Network (APN)

Full Access
Question # 180

A company's gaming application has been gaining popularity. There has been high demand for the gaming application in countries where the company does not currently deploy the application.

Which advantage of the AWS Cloud can help the company to deploy the application to more countries around the world?

A.

Increase speed and agility

B.

Go global in minutes

C.

Trade fixed expense for variable expense

D.

Benefit from massive economies of scale

Full Access
Question # 181

What are the characteristics of Availability Zones? (Select TWO.)

A.

All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking

B.

Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).

C.

All traffic between Availability Zones is encrypted.

D.

Availability Zones within an AWS Region share redundant power, networking, and connectivity.

E.

Every Availability Zone contains a single data center.

Full Access
Question # 182

A company seeks cost savings in exchange for a commitment to use a specific amount of an AWS service or category ofAWS services for 1 year or 3 years.

Which AWS pricing model or offering will meet these requirements?

A.

Pay-as-you-go pricing

B.

Savings Plans

C.

AWS Free Tier

D.

Volume discounts

Full Access
Question # 183

A company is building a web application using AWS.

Which AWS service will help prevent network layer DDoS attacks against the web application?

A.

AWS WAF

B.

AWS Firewall Manager

C.

Amazon GuardDuty

D.

AWS Shield

Full Access
Question # 184

Which options are AWS Cloud Adoption Framework (AWS CAF) cloud transformation journey recommendations? (Select TWO.)

A.

Envision phase

B.

AIign phase

C.

Assess phase

D.

Mobilize phase

E.

Migrate and modernize phase

Full Access
Question # 185

A company runs a legacy workload in an on-premises data center. The company wants to migrate the workload to AWS. The company does not want to make any changes to the workload.

Which migration strategy should the company use?

A.

Repurchase

B.

Replatform

C.

Rehost

D.

Refactor

Full Access
Question # 186

A company wants to develop applications that run on AWS. The company's developers need a set of libraries and development tools that are available in multiple programming languages.

Which AWS solution provides these libraries and tools?

A.

AWS CodePipeline

B.

AWS SDKs

C.

Amazon CloudWatch

D.

AWS CodeDeploy

Full Access
Question # 187

A company wants a key-value NoSQL database that is fully managed and serverless.

Which AWS service will meet these requirements?

A.

Amazon DynamoDB

B.

Amazon RDS

C.

Amazon Aurora

D.

Amazon Memory DB for Redis

Full Access
Question # 188

Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?

A.

AWS Organizations

B.

AWS Pricing Calculator

C.

AWS Cost Explorer

D.

AWS Service Catalog

Full Access
Question # 189

Which task can only an AWS account root user perform?

A.

Changing the AWS Support plan

B.

Deleting AWS resources

C.

Creating an Amazon EC2 instance key pair

D.

Configuring AWS WAF

Full Access
Question # 190

A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely.

Which AWS service or framework should the company use for operational support?

A.

AWS Support

B.

AWS Cloud Adoption Framework (AWS CAF)

C.

AWS Managed Services (AMS)

D.

AWS Well-Architected Framework

Full Access
Question # 191

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

A.

Sustainability

B.

Security

C.

Performance efficiency

D.

Reliability

Full Access
Question # 192

A company wants to launch its web application in a second AWS Region. The company needs to determine which services must be regionally configured for this launch.

Which AWS services can be configured at the Region level? (Select TWO.)

A.

Amazon EC2

B.

Amazon Route 53

C.

Amazon CloudFront

D.

AWS WAF

E.

Amazon DynamoDB

Full Access
Question # 193

A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to minimize the complexity that is related to the management of AWS resources.

Which AWS service should the company use to meet these requirements?

A.

AWS config

B.

AWS Elastic Beanstalk

C.

Amazon EC2

D.

Amazon Personalize

Full Access
Question # 194

A company is migrating its public website to AWS. The company wants to host the domain name for the website on AWS.

Which AWS service should the company use to meet this requirement?

A.

AWS Lambda

B.

Amazon Route 53

C.

Amazon CloudFront

D.

AWS Direct Connect

Full Access
Question # 195

Which option is an AWS Cloud Adoption Framework (AWS CAF) foundational capability for the operations perspective?

A.

Performance and capacity management

B.

Application portfolio management

C.

Identity and access management

D.

Product management

Full Access
Question # 196

A company plans to migrate to the AWS Cloud. The company wants to use the AWS Cloud Adoption Framework (AWS CAF) to define and track business outcomes as part of its cloud transformation journey.

Which AWS CAF governance perspective capability will meet these requirements?

A.

Benefits management

B.

Risk management

C.

Application portfolio management

D.

Cloud financial management

Full Access
Question # 197

A company wants to receive a notification when a specific AWS cost threshold is reached.

Which AWS services or tools can the company use to meet this requirement? (Select TWO.)

A.

Amazon Simple Queue Service (Amazon SQS)

B.

AWS Budgets

C.

Cost Explorer

D.

Amazon CloudWatch

E.

AWS Cost and Usage Report

Full Access
Question # 198

Which AWS service supports user sign-up functionality and authentication to mobile and web applications?

A.

Amazon Cognito

B.

AWS Config

C.

Amazon GuardDuty

D.

AWS Systems Manager

Full Access
Question # 199

Which AWS service provides the ability to manage infrastructure as code?

A.

AWS CodePipeline

B.

AWS CodeDeploy

C.

AWS Direct Connect

D.

AWS CloudFormation

Full Access
Question # 200

A company has data lakes designed for high performance computing (HPC) workloads. Which Amazon EC2 instance type should the company use to meet these requirements?

A.

General purpose instances

B.

Compute optimized instances

C.

Memory optimized instances

D.

Storage optimized instances

Full Access
Question # 201

Under the AWS shared responsibility model, which of the following is a responsibility of the customer?

A.

Shred disk drives before they leave a data center.

B.

Prevent customers from gathering packets or collecting traffic at the hypervisor level.

C.

Patch the guest operating system with the latest security patches.

D.

Maintain security systems that provide physical monitoring of data centers.

Full Access
Question # 202

Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload?

A.

Amazon Route 53

B.

Amazon Macie

C.

AWS Direct Connect

D.

AWS PrivaleLink

Full Access
Question # 203

Which AWS service enables companies to deploy an application dose to end users?

A.

Amazon CloudFront

B.

AWS Auto Scaling

C.

AWS AppSync

D.

Amazon Route S3

Full Access
Question # 204

Which AWS service or feature provides a firewall at the subnet level within a VPC?

A.

Security group

B.

Network ACL

C.

Elastic network interface

D.

AWS WAF

Full Access
Question # 205

A user needs a relational database but does not have the resources to manage the hardware, resiliency, and replication.

Which AWS service option meets the user's requirements'?

A.

Run MySQL on Amazon Elastic Container Service (Amazon ECS)

B.

Run MySQL on Amazon EC2

C.

Choose Amazon RDS for MySQL

D.

Choose Amazon ElastiCache for Redis

Full Access
Question # 206

Which task requires the use of AWS account root user credentials?

A.

The deletion of IAM users

B.

The change to a different AWS Support plan

C.

The creation of an organization in AWS Organizations

D.

The deletion of Amazon EC2 instances

Full Access
Question # 207

A company is requesting Payment Card Industry (PCI) reports that validate the operating effectiveness of AWS security controls.

How should the company obtain these reports?

A.

Contact AWS Support

B.

Download reports from AWS Artifact.

C.

Download reports from AWS Security Hub.

D.

Contact an AWS technical account manager (TAM).

Full Access
Question # 208

Which AWS Cloud benefit describes the ability to acquire resources as they are needed and release resources when they are no longer needed?

A.

Economies of scale

B.

Elasticity

C.

Agility

D.

Security

Full Access
Question # 209

Which maintenance task is the customer's responsibility, according to the AWS shared responsibility model?

A.

Physical connectivity among Availability Zones

B.

Network switch maintenance

C.

Hardware updates and firmware patches

D.

Amazon EC2 updates and security patches

Full Access
Question # 210

Which AWS service provides storage that can be mounted across multiple Amazon EC2 instances?

A.

Amazon Workspaces

B.

Amazon Elastic File System (Amazon EFS)

C.

AWS Database Migration Service (AWS DMS)

D.

AWS Snowball Edge

Full Access
Question # 211

A company wants to migrate a database from an on-premises environment to Amazon RDS.

After the migration is complete, which management task will the company still be responsible for?

A.

Hardware lifecycle management

B.

Application optimization

C.

Server maintenance

D.

Power, network, and cooling provisioning

Full Access
Question # 212

A company is moving an on-premises data center to the AWS Cloud. The company must migrate 50 petabytes of file storage data to AWS with the least possible operational overhead.

Which AWS service or resource should the company use to meet these requirements?

A.

AWS Snowmobile

B.

AWS Snowball Edge

C.

AWS Data Exchange

D.

AWS Database Migration Service (AWS DMS)

Full Access
Question # 213

A company wants to monitor its workload performance. The company wants to ensure that the cloud services are delivered at a level that meets its business needs.

Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?

A.

Business

B.

Governance

C.

Platform

D.

Operations

Full Access
Question # 214

Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Select TWO.)

A.

EC2 Reserved Instances

B.

EC2 Amazon Machine Images (AMIs)

C.

Amazon Elastic Block Store (Amazon EBS) snapshots

D.

AWS Shield

E.

Amazon GuardDuty

Full Access
Question # 215

A company needs a graph database service that is scalable and highly available.

Which AWS service meets these requirements?

A.

Amazon Aurora

B.

Amazon Redshift

C.

Amazon DynamoDB

D.

Amazon Neptune

Full Access
Question # 216

Which AWS service provides storage-optimized and compute-optimized device configurations?

A.

AWS Snowcone

B.

AWS Storage Gateway

C.

AWS Snowball Edge

D.

AWS DataSync

Full Access
Question # 217

A company wants to use the AWS Cloud to deploy an application globally.

Which architecture deployment model should the company use to meet this requirement?

A.

Multi-Region

B.

Single-Region

C.

Multi-AZ

D.

Single-AZ

Full Access
Question # 218

What is the recommended use case for Amazon EC2 On-Demand Instances?

A.

A steady-state workload that requires a particular EC2 instance configuration for a long period of time

B.

A workload that can be interrupted for a project that requires the lowest possible cost

C.

An unpredictable workload that does not require a long-term commitment

D.

A workload that is expected to run for longer than 1 year

Full Access
Question # 219

Which mechanism allows developers to access AWS services from application code?

A.

AWS Software Development Kit

B.

AWS Management Console

C.

AWS CodePipeline

D.

AWS Config

Full Access
Question # 220

A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services and general AWS infrastructure are operating normally.

Which combination of AWS services can the company use to gather the required information? (Select TWO.)

A.

AWS Personal Health Dashboard

B.

AWS Systems Manager

C.

AWS Trusted Advisor

D.

AWS Service Health Dashboard

E.

AWS Service Catalog

Full Access
Question # 221

A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections. Which AWS services can the company use to meet these requirements? (Select TWO.)

A.

Amazon Connect

B.

Amazon AppStream 2.0

C.

Amazon Workspaces

D.

AWS Site-to-Site VPN

E.

Amazon Elastic Container Service (Amazon ECS)

Full Access
Question # 222

A company wants to store its files in the AWS Cloud. Users need to be able to download these files directly using a public URL.

Which AWS service or feature will meet this requirement?

A.

Amazon Redshift

B.

Amazon Elastic Block Store (Amazon EBS)

C.

Amazon Elastic File System (Amazon EFS)

D.

Amazon S3

Full Access
Question # 223

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud. Which cost is the company's direct responsibility?

A.

Cost of application software licenses

B.

Cost of the hardware infrastructure on AWS

C.

Cost of power for the AWS servers

D.

Cost of physical security for the AWS data center

Full Access
Question # 224

Which AWS service provides a single location to track the progress of application migrations?

A.

AWS Application Discovery Service

B.

AWS Application Migration Service

C.

AWS Service Catalog

D.

AWS Migration Hub

Full Access
Question # 225

A company wants to transport 100 TB of data from its data center to AWS without using internet.

Which AWS service will meet this requirement?

A.

AWS Snowcone

B.

AWS Snowball Edge

C.

AWS Data Exchange

D.

AWS DataSync

Full Access
Question # 226

Which pillar of the AWS Well-Architected Framework focuses on the ability to recover automatically from service Interruptions?

A.

Security

B.

Performance efficiency

C.

Operational excellence

D.

Reliability

Full Access
Question # 227

A company wants to test a new application.

Which AWS principle will help the company test the application?

A.

Make long-term commitments in exchange for a cost discount.

B.

Scale up and down when needed without any long-term commitments.

C.

Have total control over the application infrastructure.

D.

Manage all of the maintenance tasks associated with the cloud.

Full Access
Question # 228

A social media company wants to protect its web application from common web exploits such as SQL injections and cross-site scripting. Which AWS service will meet these requirements?

A.

Amazon Inspector

B.

AWS WAF

C.

Amazon GuardDuty

D.

Amazon CloudWatch

Full Access
Question # 229

A company moves its infrastructure from on premises to the AWS Cloud. The company can now provision additional Amazon EC2 instances whenever the instances are required. With this ability, the company can launch new marketing campaigns in 3 days instead of 3 weeks.

Which benefit of the AWS Cloud does this scenario demonstrate?

A.

Cost savings

B.

Improved operational resilience

C.

Increased business agility

D.

Enhanced security

Full Access
Question # 230

A developer needs to build an application for a retail company. The application must provide real-time product recommendations that are based on machine learning.

Which AWS service should the developer use to meet this requirement?

A.

AWS Health Dashboard

B.

Amazon Personalize

C.

Amazon Forecast

D.

Amazon Transcribe

Full Access
Question # 231

When designing AWS workloads to be operational even when there are component failures, what is an AWS best practice?

A.

Perform quarterly disaster recovery tests.

B.

Place the main component on the us-east-1 Region.

C.

Design for automatic failover to healthy resources.

D.

Design workloads to fit on a single Amazon EC2 instance.

Full Access
Question # 232

Which database engine is compatible with Amazon RDS?

A.

Apache Cassandra

B.

MongoDB

C.

Neo4j

D.

PostgreSQL

Full Access
Question # 233

A company has a social media platform in which users upload and share photos with other users. The company wants to identify and remove inappropriate photos. The company has no machine learning (ML) scientists and must build this detection capability with no ML expertise.

Which AWS service should the company use to build this capability?

A.

Amazon SageMaker

B.

Amazon Textract

C.

Amazon Rekognition

D.

Amazon Comprehend

Full Access
Question # 234

A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud.

Which costs will the company eliminate with this migration? (Select TWO.)

A.

Cost of data center operations

B.

Cost of application licensing

C.

Cost of marketing campaigns

D.

Cost of physical server hardware

E.

Cost of network management

Full Access
Question # 235

Which of the following describes an AWS Region?

A.

A specific location within a geographic area that provides high availability

B.

A set of data centers spanning multiple countries

C.

A global picture of a user's cloud computing environment

D.

A collection of databases that can be accessed from a specific geographic area only

Full Access
Question # 236

company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.

Which pillar of the AWS Well-Architected Framework is supported by these goals?

A.

Reliability

B.

Security

C.

Operational excellence

D.

Performance efficiency

Full Access
Question # 237

Which AWS service uses a combination of publishers and subscribers?

A.

AWS Lambda

B.

Amazon Simple Notification Service (Amazon SNS)

C.

Amazon CloudWatch

D.

AWS CloudFormation

Full Access
Question # 238

A cloud engineer needs to download AWS security and compliance documents for an upcoming audit.

Which AWS service can provide the documents?

A.

AWS Trusted Advisor

B.

AWS Artifact

C.

AWS Well-Architected Tool

D.

AWS Systems Manager

Full Access