Which of the following aspects of security are managed by aws? (choose two)

1. A company has infrastructure in one AWS Region and is expanding operations to a second AWS Region. The company is using the same AWS CloudFormation template in the second Region that the company uses in the original Region. The company attempts to launch Amazon EC2 OnDemand Instances in the second Region and receives error messages. What could cause these error messages?

A. A new EC2 key pair has not been created for the EC2 instances.
B. The requested EC2 instance types are not available in the second Region.
C. The company cannot operate in a second Region until it updates its AWS contract.
D. The company has not configured AWS Budgets to monitor the budget for the EC2 instances.

Reveal

Answer: A

2. Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation?

A. AWS CLI
B. AWS Developer Center
C. AWS Cloud Development Kit (AWS CDK)
D. AWS CodeStar

Reveal

Answer: C

3. Which options are available to a user who wants to contact AWS Support? (Choose two.)

A. Create an email case in the AWS Support Center.
B. Visit a local AWS Support Center.
C. Use live chat functionality.
D. Call the customer service phone number. E. Use the video conference functionality of the AWS Support console.

Reveal

Answer: C D

4. A global company is building a simple time-tracking mobile app. The app needs to operate globally and must store collected data in a database. Data must be accessible from the AWS Region that is closest to the user. What should the company do to meet these data storage requirements with the LEAST amount of operational overhead?

A. Use Amazon EC2 in multiple Regions to host separate databases.
B. Use Amazon RDS cross-Region replication.
C. Use Amazon DynamoDB global tables.
D. Use AWS Database Migration Service (AWS DMS).

Reveal

Answer: C

5. A company plans to store sensitive data in an Amazon S3 bucket. Which task is the responsibility of AWS?

A. Activate encryption at rest for the data.
B. Provide security for the physical infrastructure.
C. Train the company’s employees about cloud security.
D. Remove personally identifiable information (PII) from the data.

Reveal

Answer: A

6. A company needs a firewall that will control network connections to and from a single Amazon EC2 instance. This firewall will not control network connections to and from other instances that are in the same subnet. Which AWS service or feature can the company use to meet these requirements?

A. Network ACL
B. AWS WAF
C. Route table
D. Security group

Reveal

Answer: D

7. Which of the following are AWS Trusted Advisor support categories? (Choose two.)

A. Operational excellence
B. Cost optimization
C. Security
D. Well-Architected Framework
E. Rightsizing

Reveal

Answer: B C

8. Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?

A. Patching of the guest operating system
B. Security awareness and training
C. Physical and environmental controls
D. Development of an IAM password policy

Reveal

Answer: C

9. Which AWS service can be used to decouple applications?

A. AWS Config
B. Amazon Simple Queue Service (Amazon SQS)
C. AWS Batch
D. Amazon Simple Email Service (Amazon SES)

Reveal

Answer: B

10. A financial services company wants to ensure that its AWS account activity is logged to meet regulatory requirements for logging, auditing, and governance. Which AWS service meets these requirements?

A. AWS CloudTrail
B. AWS Trusted Advisor
C. AWS Config
D. Amazon CloudWatch

Reveal

Answer: A

11. A company implements an Amazon EC2 Auto Scaling policy along with an Application Load Balancer to automatically recover unhealthy applications that run on Amazon EC2 instances. Which pillar of the AWS Well-Architected Framework does this action cover?

A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Reveal

Answer: D

12. A retail company needs to build a highly available architecture for a new ecommerce platform. The company is using the only AWS services that replicate data across multiple Availability Zones. Which AWS services should the company use to meet this requirement? (Choose two.)

A. Amazon EC2
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon Aurora
D. Amazon DynamoDB
E. Amazon Redshift

Reveal

Answer: C D

13. Which AWS service uses edge locations?

A. Amazon Aurora
B. AWS Global Accelerator
C. Amazon Connect
D. AWS Outposts

Reveal

Answer: B

14. A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data must remain local and on premises. There must be low latency between AWS and the company resources. Which AWS service or feature can be used to meet these requirements?

A. AWS Local Zones
B. Availability Zones
C. AWS Outposts
D. AWS Wavelength Zones

Reveal

Answer: C

15. What is the LEAST expensive AWS Support plan that provides a designated AWS technical account manager (TAM)?

A. AWS Developer Support
B. AWS Enterprise Support
C. AWS Basic Support
D. AWS Business Support

Reveal

Answer: B

16. Which AWS service or feature enables users to encrypt data at rest in Amazon S3?

A. IAM policies
B. Server-side encryption
C. Amazon GuardDuty
D. Client-side encryption

Reveal

Answer: A

17. A company is moving multiple applications to a single AWS account. The company wants to monitor the AWS Cloud costs incurred by each application. What can the company do to meet this requirement?

A. Set up invoiced billing.
B. Use AWS Artifact.
C. Set the budgets in Cost Explorer.
D. Create cost allocation tags.

Reveal

Answer: D

18. A company is based in the us-east-1 Region and has a satellite office in the eu-west-2 Region. The company wants to use Amazon WorkSpaces to host its internal web portal and virtual desktops for employees. What should the company do to minimize latency and ensure the best possible performance for employees?

A. Deploy the internal web portal and virtual desktops to us-east-1 only. Use an Amazon CloudFront distribution for the users in eu-west-2.
B. Deploy the internal web portal to us-east-1 only. Deploy the virtual desktops to us-east-1 and eu-west-2.
C. Deploy the internal web portal to us-east-1 and eu-west-2. Deploy the virtual desktops on network optimized Amazon EC2 instances to us-east-1 only.
D. Deploy the internal web portal and virtual desktops to us-east-1 and eu-west-2.

Reveal

Answer: B

19. A company is considering a move to the AWS Cloud. The company wants to be able to scale its compute resources as needed to accommodate changing loads. Which benefit of the AWS Cloud does this scenario describe?

A. Global deployments in minutes
B. Cost savings
C. Agility
D. Elasticity

Reveal

Answer: D

20. A company runs its workloads on premises. The company wants to forecast the cost of running a large application on AWS. Which AWS service or tool can the company use to obtain this information?

A. AWS Pricing Calculator
B. AWS Budgets
C. AWS Trusted Advisor
D. Cost Explorer

Reveal

Answer: D

21. A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections. Which AWS services can the company use to meet these requirements? (Choose two.)

A. Amazon Connect
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. AWS Site-to-Site VPN E. Amazon Elastic Container Service (Amazon ECS)

Reveal

Answer: C D

22. Which of the following is a managed AWS service that is used specifically for extract, transform, and load (ETL) data?

A. Amazon Athena
B. AWS Glue
C. Amazon S3
D. AWS Snowball Edge

Reveal

Answer: B

23. Which AWS service is always free of charge for users?

A. Amazon S3
B. Amazon Aurora
C. Amazon EC2
D. AWS Identity and Access Management (IAM)

Reveal

Answer: C

24. Which AWS services can be used to store files? (Choose two.)

A. Amazon S3
B. AWS Lambda
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon SageMaker
E. AWS Storage Gateway

Reveal

Answer: A C E

25. How does consolidated billing help reduce costs for a company that has multiple AWS accounts?

A. It aggregates usage across accounts so that the company can reach volume discount thresholds sooner.
B. It offers an additional 5% discount on purchases of AII Upfront Reserved Instances.
C. It provides a simplified billing invoice that the company can process more quickly than a standard invoice.
D. It gives AWS resellers the ability to bill their customers for usage.

Reveal

Answer: A

26. Which AWS service or feature can be used to find availability status information on all AWSservices?

A. AWS Personal Health Dashboard
B. AWS CloudTrail
C. AWS Service Health Dashboard
D. Amazon CloudWatch

Reveal

Answer: C

27. Which AWS service or feature provides users with recommendations for common billing questions?

A. AWS Marketplace
B. AWS Knowledge Center
C. Amazon Pinpoint
D. Amazon Connect

Reveal

Answer: B

28. A company wants to distribute its incoming traffic across multiple Amazon EC2 instances. Which AWS service or feature should be used to meet this requirement?

A. Amazon Virtual Private Cloud (Amazon VPC)
B. AWS Application Load Balancer
C. AWS Managed VPN
D. AWS Direct Connect

Reveal

Answer: B

29. Which disaster recovery option is the LEAST expensive?

A. Warm standby
B. Multisite
C. Backup and restore
D. Pilot light

Reveal

Answer: C

30. A company uses a database that has a simple sign-up page to create users, and a basic login form to authenticate users so they can access the database. The company wants to give users the ability to store personal information, but the user access must be controlled in a more secure and reliable way. Which AWS service or feature will meet these requirements?

A. Security groups
B. Amazon GuardDuty
C. AWS Secrets Manager
D. Amazon Cognito

Reveal

Answer: A

31. Which pillar of the AWS Well-Architected Framework focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures?

A. Cost optimization
B. Reliability
C. Operational excellence
D. Performance efficiency

Reveal

Answer: C

32. Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

A. High availability
B. Economies of scale
C. Pay-as-you-go pricing
D. Global reach

Reveal

Answer: C

33. A large organization has a single AWS account. What are the advantages of reconfiguring the single account into multiple AWS accounts? (Choose two.)

A. It allows for administrative isolation between different workloads.
B. Discounts can be applied on a quarterly basis by submitting cases in the AWS Management Console.
C. Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS accounts will be less expensive.
D. Having multiple accounts reduces the risks associated with malicious activity targeted at a single account.
E. Amazon QuickSight offers access to a cost tool that provides application-specific recommendations for environments running in multiple accounts.

Reveal

Answer: A C

34. An online retail company recently deployed a production web application. The system administrator needs to block common attack patterns such as SQL injection and cross-site scripting. Which AWS service should the administrator use to address these concerns?

A. AWS WAF
B. Amazon VPC
C. Amazon GuardDuty
D. Amazon CloudWatch

Reveal

Answer: A

35. What does Amazon CloudFront provide?

A. Automatic scaling for all resources to power an application from a single unified interface
B. Secure delivery of data, videos, applications, and APIs to users globally with low latency
C. Ability to directly manage traffic globally through a variety of routing types, including latency-based routing, geo DNS, geo-proximity, and weighted round robin
D. Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and AWS Lambda functions

Reveal

Answer: B

36. Which phase describes agility as a benefit of building in the AWS Cloud?

A. The ability to pay only when computing resources are consumed, based on the volume of resources that are consumed
B. The ability to eliminate guessing about infrastructure capacity needs
C. The ability to support innovation through a reduction in the time that is required to make IT resources available to developers
D. The ability to deploy an application in multiple AWS Regions around the world in minutes

Reveal

Answer: C

37. A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports. Which AWS service or group can provide these documents?

A. AWS Abuse team
B. AWS Artifact
C. AWS Support
D. AWS Config

Reveal

Answer: B

38. Which AWS Trusted Advisor checks are available to users with AWS Basic Support? (Choose two.)

A. Service limits
B. High utilization Amazon EC2 instances
C. Security groups – specific ports unrestricted
D. Load balancer optimization
E. Large number of rules in an EC2 security groups

Reveal

Answer: A C

39. A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario?

A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

Reveal

Answer: B

40. Which network security features are supported by Amazon VPC? (Choose two.)

A. Network ACLs
B. Internet gateways
C. VPC peering
D. Security groups
E. Firewall rules

Reveal

Answer: A D

41. A company wants to build a new architecture with AWS services. The company needs to compare service costs at various scales. Which AWS service, tool, or feature should the company use to meet this requirement?

A. AWS Compute Optimizer
B. AWS Pricing Calculator
C. AWS Trusted Advisor
D. Cost Explorer right sizing recommendations

Reveal

Answer: B

42. An Elastic Load Balancer allows the distribution of web traffic across multiple:

A. AWS Regions.
B. Availability Zones.
C. Dedicated Hosts.
D. Amazon S3 buckets.

Reveal

Answer: B

43. Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?

A. Agility
B. Elasticity
C. Reliability
D. Durability

Reveal

Answer: B

44. Which AWS services make use of global edge locations? (Choose two.)

A. AWS Fargate
B. Amazon CloudFront
C. AWS Global Accelerator
D. AWS Wavelength
E. Amazon VPC

Reveal

Answer: B C

45. Which of the following are economic benefits of using AWS Cloud? (Choose two.)

A. Consumption-based pricing
B. Perpetual licenses
C. Economies of scale
D. AWS Enterprise Support at no additional cost
E. Bring-your-own-hardware model

Reveal

Answer: A C

46. A company is using Amazon EC2 Auto Scaling to scale its Amazon EC2 instances. Which benefit of the AWS Cloud does this example illustrate?

A. High availability
B. Elasticity
C. Reliability
D. Global reach

Reveal

Answer: B

47. A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants to alternate to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements?

A. AWS Lambda
B. Amazon RDS
C. AWS Fargate
D. Amazon Athena

Reveal

Answer: C

48. A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB. What is the MOST operationally efficient solution to delegate permissions?

A. Create an IAM role with the required permissions. Attach the role to the EC2 instance.
B. Create an IAM user and use its access key and secret access key in the application.
C. Create an IAM user and use its access key and secret access key to create a CLI profile in the EC2 instance
D. Create an IAM role with the required permissions. Attach the role to the administrative IAM user.

Reveal

Answer: A C

49. Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model?

A. IAM access and secret keys are static, so there is no need to rotate them.
B. The customer is responsible for rotating keys.
C. AWS will rotate the keys whenever required.
D. The AWS Support team will rotate keys when requested by the customer.

Reveal

Answer: B

50. A company is running a Microsoft SQL Server instance on premises and is migrating its application to AWS. The company lacks the resources needed to refactor the application, but management wants to reduce operational overhead as part of the migration. Which database service would MOST effectively support these requirements?

A. Amazon DynamoDB
B. Amazon Redshift
C. Microsoft SQL Server on Amazon EC2
D. Amazon RDS for SQL Server

Reveal

Answer: D

51. A company wants to increase its ability to recover its infrastructure in the case of a natural disaster. Which pillar of the AWS Well-Architected Framework does this ability represent?

A. Cost optimization
B. Performance efficiency
C. Reliability
D. Security

Reveal

Answer: C

52. Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications?

A. AWS Cloud9
B. AWS CodeStar
C. AWS Cloud Map
D. AWS X-Ray

Reveal

Answer: D

53. Which tasks require use of the AWS account root user? (Choose two.)

A. Changing an AWS Support plan
B. Modifying an Amazon EC2 instance type
C. Grouping resources in AWS Systems Manager
D. Running applications in Amazon Elastic Kubernetes Service (Amazon EKS)
E. Closing an AWS account

Reveal

Answer: A E

54. Which of the following describes AWS Local Zones?

A. A cluster of data centers in one geographic location
B. A site used by Amazon CloudFront to cache frequently accessed content
C. An extension of an AWS Region to more granular locations
D. One or more data centers with redundant power and networking

Reveal

Answer: C

55. Which AWS service or feature is highly available by default?

A. Amazon EC2
B. Amazon Aurora
C. NAT instances
D. Amazon RDS

Reveal

Answer: D

56. A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access. What should the company use to access instances remotely instead of opening inbound SSH ports and managing SSH keys?

A. EC2 key pairs
B. AWS Systems Manager Session Manager
C. AWS Identity and Access Management (IAM)
D. Network ACLs

Reveal

Answer: B

57. A user needs the ability to access as many resources as are needed. The user also needs the ability to scale up and scale down with only a few minutes of notice. Which benefit of the AWS Cloud describes these abilities?

A. Reliability
B. Economy of scale
C. Elasticity
D. Pay-as-you-go pricing

Reveal

Answer: C

58. Which task is an AWS responsibility when a workload is running in Amazon RDS?

A. Creating the database table
B. Updating the database schema
C. Installing the database engine
D. Dropping the database records

Reveal

Answer: C

59. A company is building a mobile app to provide shopping recommendations to its customers. The company wants to use a graph database as part of the shopping recommendation engine. Which AWS database service should the company choose?

A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon Neptune
D. Amazon DocumentDB (with MongoDB compatibility)

Reveal

Answer: C

60. Which duty is a responsibility of AWS under the AWS shared responsibility model?

A. Identity and access management (IAM)
B. Server-side encryption (SSE)
C. Firewall configuration
D. Maintaining physical hardware

Reveal

Answer: D

61. Which AWS service allows users to provision resources using a consistent and repeatable process?

A. AWS Systems Manager
B. AWS CloudFormation
C. AWS Batch
D. AWS Config

Reveal

Answer: B

62. A company has an application workload that is stateless be design and can sustain occasional downtime. The application performs massively parallel computations. Which Amazon EC2 pricing model should the company choose for its application to reduce cost?

A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Instances

Reveal

Answer: B

63. A company wants to establish a private network connection between AWS and its corporate network. Which AWS service or feature will meet this requirement?

A. Amazon Connect
B. Amazon Route 53
C. AWS Direct Connect
D. VPC peering

Reveal

Answer: C

64. According to the AWS shared responsibility model, the customer is responsible for applying the latest security updates and patches for which of the following?

A. Amazon DynamoDB
B. Amazon EC2 instances
C. Amazon RDS instances
D. Amazon S3

Reveal

Answer: B

65. Which AWS service is a relational database compatible with MySQL and PostgreSQL?

A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Neptune

Reveal

Answer: C

68. Which AWS service should a company use to continuously monitor the compliance of AWS resource configurations?

Which of the following aspects of security are managed by AWS?

What are the security aspects that the AWS customer is responsible for Choose two?

Which of the following controls are managed by AWS?

Which of the following security requirements are managed by AWS select 3 answers from the options given below?