Choosing the Right Path for Your CLF-C02 Exam Preparation
Welcome to PassExamHub's comprehensive study guide for the AWS Certified Cloud Practitioner exam. Our CLF-C02 dumps is designed to equip you with the knowledge and resources you need to confidently prepare for and succeed in the CLF-C02 certification exam.
What Our Amazon CLF-C02 Study Material Offers
PassExamHub's CLF-C02 dumps PDF is carefully crafted to provide you with a comprehensive and effective learning experience. Our study material includes:
In-depth Content: Our study guide covers all the key concepts, topics, and skills you need to master for the CLF-C02 exam. Each topic is explained in a clear and concise manner, making it easy to understand even the most complex concepts.
Online Test Engine: Test your knowledge and build your confidence with a wide range of practice questions that simulate the actual exam format. Our test engine cover every exam objective and provide detailed explanations for both correct and incorrect answers.
Exam Strategies: Get valuable insights into exam-taking strategies, time management, and how to approach different types of questions.
Real-world Scenarios: Gain practical insights into applying your knowledge in real-world scenarios, ensuring you're well-prepared to tackle challenges in your professional career.
Why Choose PassExamHub?
Expertise: Our CLF-C02 exam questions answers are developed by experienced Amazon certified professionals who have a deep understanding of the exam objectives and industry best practices.
Comprehensive Coverage: We leave no stone unturned in covering every topic and skill that could appear on the CLF-C02 exam, ensuring you're fully prepared.
Engaging Learning: Our content is presented in a user-friendly and engaging format, making your study sessions enjoyable and effective.
Proven Success: Countless students have used our study materials to achieve their CLF-C02 certifications and advance their careers.
Start Your Journey Today!
Embark on your journey to AWS Certified Cloud Practitioner success with PassExamHub. Our study material is your trusted companion in preparing for the CLF-C02 exam and unlocking exciting career opportunities.
Related Exams
Amazon CLF-C02 Sample Question Answers
Question # 1
A company is running an Amazon EC2 instance in a VPC.An ecommerce company is using Amazon EC2 Auto Scaling groups to manage a fleet ofweb servers running on Amazon EC2.This architecture follows which AWS Well-Architected Framework best practice?
A. Secure the workload B. Decouple infrastructure components C. Design for failure D. Think parallel
Answer: C
Explanation: Design for failure is one of the best practices of the AWS Well-Architected
Framework. It means that the architecture should be resilient and fault-tolerant, and able to
handle failures without impacting the availability and performance of the applications. By
using Amazon EC2 Auto Scaling groups, the ecommerce company can design for failure
by automatically scaling the number of EC2 instances up or down based on demand or
health status. Amazon EC2 Auto Scaling groups can also distribute the EC2 instances
across multiple Availability Zones, which are isolated locations within an AWS Region that
have independent power, cooling, and network connectivity. This way, the company can
ensure that their web servers can handle traffic spikes, recover from failures, and provide a
consistent user experience
Question # 2
Which AWS service can a company use to find security and compliance reports, includingInternational Organization for Standardization (ISO) reports?
A. AWS Artifact B. Amazon CloudWatch C. AWS Config D. AWS Audit Manager
Answer: A
Explanation: AWS Artifact is a self-service portal that provides on-demand access to AWS
security and compliance reports and select online agreements. You can use AWS Artifact
to download AWS service audit reports, such as ISO, PCI, and SOC, and to accept and
manage agreements with AWS, such as the Business Associate Addendum (BAA).
Question # 3
Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes acapability for well-designed data and analytics architecture?
A. Security B. Governance C. Operations D. Platform
Answer: D
Explanation:
The correct answer is D. Platform.
The Platform perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a
capability for well-designed data and analytics architecture. This capability helps you
design, implement, and optimize your data and analytics solutions on AWS, using services
such as Amazon S3, Amazon Redshift, Amazon EMR, Amazon Kinesis, Amazon Athena,
and Amazon QuickSight. A well-designed data and analytics architecture enables you to
collect, store, process, analyze, and visualize data from various sources, and derive
insights that can drive your business decisions12.
The Security perspective does not include a capability for data and analytics architecture,
but it does include a capability for data protection, which helps you secure your data at rest
and in transit using encryption, key management, access control, and auditing13.
The Governance perspective does not include a capability for data and analytics
architecture, but it does include a capability for data governance, which helps you manage the quality, availability, usability, integrity, and security of your data assets14.
The Operations perspective does not include a capability for data and analytics
architecture, but it does include a capability for data operations, which helps you monitor,
troubleshoot, and optimize the performance and availability of your data pipelines and
workloads1 .
References:
1: Foundational capabilities - An Overview of the AWS Cloud Adoption Framework 2: [AWS
A company has set up a VPC on AWS. The company needs a dedicated connectionbetween the VPC and the company’s on-premises network.Which action should the company take to meet this requirement?
A. Establish a VPN connection between the VPC and the company's on-premises network. B. Establish an AWS Direct Connect connection between the VPC and the company's onpremisesnetwork. C. Attach an internet gateway to the VPC. Use the AWS public endpoints for connectivity. D. Configure Amazon Connect to provide connectivity between the VPC and thecompany's on-premisesnetwork.
Answer: B
Explanation: Establishing an AWS Direct Connect connection between the VPC and the
company’s on-premises network is the action that the company should take to meet the
requirement of having a dedicated connection between the VPC and the company’s onpremises
network. AWS Direct Connect is a service that lets you establish a dedicated
network connection between your network and one of the AWS Direct Connect locations.
Using AWS Direct Connect, you can create a private connection between AWS and your
datacenter, office, or colocation environment, which can reduce your network costs,
increase bandwidth throughput, and provide a more consistent network experience than
internet-based connections. Establishing a VPN connection between the VPC and the company’s on-premises network is an action that the company can take to create a secure
and encrypted connection between the VPC and the company’s on-premises network, but
it is not a dedicated connection, as it uses the public internet as the transport mechanism.
Attaching an internet gateway to the VPC and using the AWS public endpoints for
connectivity is an action that the company can take to enable communication between the
VPC and the internet, but it is not a dedicated connection, as it also uses the public internet
as the transport mechanism. Configuring Amazon Connect to provide connectivity between
the VPC and the company’s on-premises network is not an action that the company can
take, because Amazon Connect is a service that lets you set up and manage a contact
center in the cloud, but it does not provide network connectivity between the VPC and the
company’s on-premises network.
Question # 5
Which AWS service is an in-memory data store service?
A. Amazon Aurora B. Amazon RDS C. Amazon DynamoDB D. Amazon ElastiCache
Answer: D
Explanation: Amazon ElastiCache is a fully managed in-memory data store and cache
service that delivers sub-millisecond response times to applications. You can use
ElastiCache as a primary data store for your applications, or as a cache to improve the
performance of your existing databases. ElastiCache supports two popular open-source inmemory
engines: Redis and Memcached5.
Question # 6
Which option is the default pricing model for Amazon EC2 instances?
A. On-Demand Instances B. Savings Plans C. Spot Instances D. Reserved Instances
Answer: A
Explanation: On-Demand Instances are the default pricing model for Amazon EC2
instances. They allow users to pay for compute capacity by the second, with no long-term
commitments or upfront payments. They are suitable for applications with short-term,
irregular, or unpredictable workloads that cannot be interrupted3. Savings Plans are a
pricing model that offer significant savings on Amazon EC2 and AWS Fargate usage, in
exchange for a commitment to a consistent amount of usage (measured in $/hour) for a 1-
year or 3-year term. Spot Instances are a pricing model that offer spare Amazon EC2
compute capacity at up to 90% discount compared to On-Demand prices, but they can be
interrupted by AWS with a two-minute notice when the demand exceeds the supply.
Reserved Instances are a pricing model that offer up to 75% discount compared to On-
Demand prices, in exchange for a commitment to use a specific instance type and size in a
specific region for a 1-year or 3-year term.
Question # 7
Which AWS service will allow a user to set custom cost and usage limits, and will alertwhen the thresholds are exceeded?
A. AWS Organizations B. AWS Budgets C. Cost Explorer D. AWS Trusted Advisor
Answer: B
Explanation: AWS Budgets allows you to set custom budgets that alert you when your
costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also
use AWS Budgets to set reservation utilization or coverage targets and receive alerts when
your utilization drops below the threshold you define. AWS Budgets provides you with a
comprehensive view of your cost and usage, as well as your reservation utilization and
coverage1.
Question # 8
A company's headquarters is located on a different continent from where the majority of thecompany's customers live. The company wants an AWS Cloud environment setup that willprovide the lowest latency to the customers.A company wants to automate the creation of new AWS accounts and automaticallyprevent all users from creating Amazon EC2instances.Which AWS service provides this functionality?
A. AWS Service Catalog B. AWS Organizations C. EC2 Image Builder D. AWS Systems Manager
Answer: B
Explanation: AWS Organizations is a service that enables you to create and manage
multiple AWS accounts centrally. You can use AWS Organizations to automate account
creation, apply policies to control access and permissions, and consolidate billing across
your accounts. You can also use AWS Organizations to prevent users from creating
Amazon EC2 instances in certain regions or with certain configurations2
Question # 9
A company is moving to the AWS Cloud to reduce operational overhead for its applicationinfrastructure.Which IT operation will the company still be responsible for after the migration to AWS?
A. Security patching of AWS Elastic Beanstalk B. Backups of data that is stored in Amazon Aurora C. Termination of Amazon EC2 instances that are managed by AWS Auto Scaling D. Configuration of 1AM access controls
Answer: D
Explanation: AWS Elastic Beanstalk, Amazon Aurora, and AWS Auto Scaling are
managed services that reduce the operational overhead for the customers. AWS is
responsible for security patching, backups, and termination of these services. However, the
customers are still responsible for configuring IAM access controls to manage the
permissions and policies for their AWS resources. This is part of the AWS shared
responsibility model, which defines the security and compliance responsibilities of AWS
and the customers. You can learn more about the AWS shared responsibility model
from this whitepaper or this digital course.
Question # 10
Which AWS Cloud benefit describes the ability to acquire resources as they are neededand release resources when they are no longer needed?
A. Economies of scale B. Elasticity C. Agility D. Security
Answer: B
Explanation: The AWS Cloud benefit that describes the ability to acquire resources as
they are needed and release resources when they are no longer needed is elasticity.
Elasticity means that users can quickly add and remove resources to match the demand of
their applications, and only pay for what they use. Elasticity enables users to handle
unpredictable workloads, reduce costs, and improve performance1. Economies of scale,
agility, and security are other benefits of the AWS Cloud, but they do not describe the
specific ability of acquiring and releasing resources on demand.
Question # 11
Which AWS service provides storage that can be mounted across multiple Amazon EC2instances?
A. Amazon Workspaces B. Amazon Elastic File System (Amazon EFS) C. AWS Database Migration Service (AWS DMS) D. AWS Snowball Edge
Answer: B
Explanation: Amazon EFS is a fully managed service that provides scalable and elastic
file storage for multiple Amazon EC2 instances. Amazon EFS supports the Network File
System (NFS) protocol, which allows multiple EC2 instances to access the same file
system concurrently. You can learn more about Amazon EFS from this webpage or this
digital course.
Question # 12
Which AWS service or storage class provides low-cost, long-term data storage?
A. Amazon S3 Glacier Deep Archive B. AWS Snowball C. Amazon MQ D. AWS Storage Gateway
Answer: A
Explanation: Amazon S3 Glacier Deep Archive is a storage class within Amazon S3 that
provides the lowest-cost, long-term data storage for data that is rarely accessed. AWS
Snowball is a service that provides a physical device for transferring large amounts of data
into and out of AWS. Amazon MQ is a service that provides managed message broker
service for Apache ActiveMQ. AWS Storage Gateway is a service that provides hybrid
cloud storage for on-premises applications.
Question # 13
A company is planning to migrate to the AWS Cloud. The company is conductingorganizational transformation and wants to become more responsive to customer inquiriesand feedback.Which tasks should the company perform to meet these requirements, according to theAWS Cloud AdoptionFramework (AWS CAF)? (Select TWO.)
A. Realign teams to focus on products and value streams. B. Create new value propositions with new products and services. C. Use agile methods to rapidly iterate and evolve. D. Use a new data and analytics platform to create actionable insights. E. Migrate and modernize legacy infrastructure.
Answer: A,C
Explanation: Realigning teams to focus on products and value streams, and using agile
methods to rapidly iterate and evolve are tasks that the company should perform to meet
the requirements of becoming more responsive to customer inquiries and feedback, according to the AWS Cloud Adoption Framework (AWS CAF). AWS CAF organizes
guidance into six areas of focus, called perspectives: business, people, governance,
platform, security, and operations. Each perspective is divided into capabilities, which
describe the skills and processes to execute the transition effectively. The people
perspective helps you prepare your organization for cloud adoption, and includes
capabilities such as organizational change management, staff skills and readiness, and
organizational alignment. The business perspective helps you align IT strategy with
business strategy, and includes capabilities such as business case development, value
proposition, and product ownership. Creating new value propositions with new products
and services is a task that belongs to the business perspective, but it is not directly related
to the requirement of becoming more responsive to customer inquiries and feedback. Using
a new data and analytics platform to create actionable insights is a task that belongs to the
platform perspective, which helps you design, implement, and optimize the architecture of
the AWS environment. However, it is also not directly related to the requirement of
becoming more responsive to customer inquiries and feedback. Migrating and modernizing
legacy infrastructure is a task that belongs to the operations perspective, which helps you
enable, run, use, operate, and recover IT workloads to the level agreed upon with your
business stakeholders. However, it is also not directly related to the requirement of
becoming more responsive to customer inquiries and feedback.
Question # 14
A company is assessing its AWS Business Support plan to determine if the plan still meetsthe company's needs. The company is considering switching to AWS Enterprise Support.Which additional benefit will the company receive with AWS Enterprise Support?
A. A full set of AWS Trusted Advisor checks B. Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days aweek C. A designated technical account manager (TAM) to assist in monitoring and optimization D. A consultative review and architecture guidance for the company's applications
Answer: C
Explanation:
The additional benefit that the company will receive with AWS Enterprise Support is C. A
designated technical account manager (TAM) to assist in monitoring and optimization.
A TAM is a dedicated point of contact who works with the customer to understand their use
cases, applications, and goals, and provides proactive guidance and best practices to help
them optimize their AWS environment. A TAM also helps the customer with case
management, escalations, service updates, and feature requests12.
A full set of AWS Trusted Advisor checks is available for customers with Business,
Enterprise On-Ramp, or Enterprise Support plans1. Phone, email, and chat access to cloud
support engineers 24/7 is available for customers with Business, Enterprise On-Ramp, or
Enterprise Support plans1. A consultative review and architecture guidance for the
company’s applications is available for customers with Enterprise On-Ramp or Enterprise
Support plans1. Therefore, these benefits are not exclusive to AWS Enterprise Support.
Reference:
1: AWS Support Plan Comparison | Developer, Business, Enterprise …
Question # 15
A company needs to implement identity management for a fleet of mobile apps that arerunning in the AWS Cloud.Which AWS service will meet this requirement?
A. Amazon Cognito B. AWS Security Hub C. AWS Shield D. AWS WAF
Answer: A
Explanation: Amazon Cognito is a service that provides identity management for mobile
and web applications, allowing users to sign up, sign in, and access AWS resources with
different identity providers. AWS Security Hub is a service that provides a comprehensive
view of the security posture of AWS accounts and resources. AWS Shield is a service that
provides protection against distributed denial of service (DDoS) attacks. AWS WAF is a
web application firewall that helps protect web applications from common web exploits.
Question # 16
A company is running a workload in the AWS Cloud.Which AWS best practice ensures the MOST cost-effective architecture for the workload?
A. Loose coupling B. Rightsizing C. Caching D. Redundancy
Answer: B
Explanation: The AWS best practice that ensures the most cost-effective architecture for
the workload is rightsizing. Rightsizing means selecting the most appropriate instance
type or resource configuration that matches the needs of the workload. Rightsizing can
help optimize performance and reduce costs by avoiding over-provisioning or under- provisioning of resources1. Loose coupling, caching, and redundancy are other AWS best
practices that can improve the scalability, availability, and performance of the workload, but
they do not necessarily ensure the most cost-effective architecture.
Question # 17
A company is building an application on AWS. The application needs to comply with creditcard regulatory requirements. The company needs proof that the AWS services anddeployment are in compliance.Which actions should the company take to meet these requirements? (Select TWO.)
A. Use Amazon Inspector to submit the application for certification. B. Ensure that the application's underlying hardware components comply withrequirements. C. Use AWS Artifact to access AWS documents about the compliance of the services. D. Get the compliance of the application certified by a company assessor. E. Use AWS Security Hub to certify the compliance of the application.
Answer: C,D
Explanation: Using AWS Artifact to access AWS documents about the compliance of the
services, and getting the compliance of the application certified by a company assessor are
actions that the company should take to meet the requirements of complying with credit
card regulatory requirements. AWS Artifact is a service that provides on-demand access to
AWS security and compliance reports and select online agreements. Reports available in
AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and
compliance verticals that validate the implementation and operating effectiveness of AWS
security controls. AWS Artifact can help you demonstrate compliance with credit card
regulatory requirements by providing you with proof that the AWS services and deployment
are in compliance. Getting the compliance of the application certified by a company
assessor is an action that the company should take to ensure that the application meets
the specific requirements of the credit card industry. A company assessor is an
independent third-party entity that is qualified to assess the compliance of the application
with the relevant standards and regulations. Using Amazon Inspector to submit the
application for certification is not an action that the company should take, because Amazon
Inspector is a service that helps you improve the security and compliance of your
applications deployed on AWS by automatically assessing them for vulnerabilities and
deviations from best practices, but it does not provide certification for the applications.
Ensuring that the application’s underlying hardware components comply with requirements
is not an action that the company should take, because the application is deployed on
AWS, and AWS is responsible for the security and compliance of the underlying hardware
components. This is part of the shared responsibility model, where AWS is responsible for
security of the cloud, and customers are responsible for security in the cloud. Using AWS
Security Hub to certify the compliance of the application is not an action that the company
should take, because AWS Security Hub is a service that gives you a comprehensive view
of your security posture across your AWS accounts and helps you check your environment
against security industry standards and best practices, but it does not provide certification
for the applications.
Question # 18
Which Amazon S3 storage class is the MOST cost-effective for long-term storage?
A. S3 Glacier Deep Archive B. S3 Standard C. S3 Standard-Infrequent Access (S3 Standard-IA) D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
Answer: A
Explanation: Amazon S3 Glacier Deep Archive is the lowest-cost storage class in the
cloud. It is designed for long-term data archiving that is rarely accessed. It offers a retrieval
time of 12 hours and a durability of 99.999999999% (11 9’s). It is ideal for data that must
be retained for 7 years or longer to meet regulatory compliance requirements.
Question # 19
A company deployed an application on an Amazon EC2 instance. The application ran asexpected for 6 months. In the past week, usershave reported latency issues. A system administrator found that the CPU utilization was at100% during business hours. The companywants a scalable solution to meet demand.Which AWS service or feature should the company use to handle the load for itsapplication during periods of high demand?
A. Auto Scaling groups B. AWS Global Accelerator C. Amazon Route 53 D. An Elastic IP address
Answer: A
Explanation: Auto Scaling groups are a feature that allows users to automatically scale the
number of Amazon EC2 instances up or down based on demand or a predefined
schedule. Auto Scaling groups can help improve the performance and availability of
applications by adjusting the capacity in response to traffic fluctuations1. AWS Global
Accelerator is a service that improves the availability and performance of applications by
routing traffic through AWS edge locations2. Amazon Route 53 is a service that provides scalable and reliable domain name system (DNS) service3. An Elastic IP address is a
static IPv4 address that can be associated with an Amazon EC2 instance4.
Question # 20
A company wants a list of all users in its AWS account, the status of all of the users' accesskeys, and if multi-factor authentication (MFA) has been configured.Which AWS service or feature will meet these requirements?
A. AWS Key Management Service (AWS KMS) B. IAM Access Analyzer C. IAM credential report D. Amazon CloudWatch
Answer: C
Explanation: IAM credential report is a feature that allows you to generate and download a
report that lists all IAM users in your AWS account and the status of their various
credentials, including access keys and MFA devices. You can use this report to audit the
security status of your IAM users and ensure that they follow the best practices for using
AWS1.
AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys to protect your data. It does not provide information about IAM
users or their credentials2.
IAM Access Analyzer is a feature that helps you identify the resources in your AWS
account, such as S3 buckets or IAM roles, that are shared with an external entity. It does
not provide information about IAM users or their credentials3.
Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from
your AWS resources and applications. It does not provide information about IAM users or
their credentials4.
References:
Getting credential reports for your AWS account - AWS Identity and Access
Management
AWS Key Management Service - Amazon Web Services
IAM Access Analyzer - AWS Identity and Access Management
Amazon CloudWatch - Amazon Web Services
Question # 21
Which of the following actions are controlled with AWS Identity and Access Management(1AM)? (Select TWO.)
A. Control access to AWS service APIs and to other specific resources. B. Provide intelligent threat detection and continuous monitoring. C. Protect the AWS environment using multi-factor authentication (MFA). D. Grant users access to AWS data centers. E. Provide firewall protection for applications from common web attacks.
Answer: A,C
Explanation: AWS Identity and Access Management (IAM) is a service that enables you
to manage access to AWS services and resources securely. You can use IAM to perform
the following actions:
Control access to AWS service APIs and to other specific resources: You can
create users, groups, roles, and policies that define who can access which AWS
resources and how. You can also use IAM to grant temporary access to users or
applications that need to perform certain tasks on your behalf3
Protect the AWS environment using multi-factor authentication (MFA): You can
enable MFA for your IAM users and root user to add an extra layer of security to
your AWS account. MFA requires users to provide a unique authentication code
from an approved device or SMS text message, in addition to their user name and
password, when they sign in to AWS4
Question # 22
A company needs an automated vulnerability management service that continually scansAWS workloads for software vulnerabilities.Which AWS service will meet these requirements?
A. Amazon GuardDuty B. Amazon Inspector C. AWS Security Hub D. AWS Shield
Answer: B
Explanation:
The correct answer is B. Amazon Inspector.
Amazon Inspector is an automated vulnerability management service that continually scans
AWS workloads for software vulnerabilities and unintended network exposure. Amazon
Inspector automatically discovers workloads, such as Amazon EC2 instances, containers,
and Lambda functions, and scans them for software vulnerabilities and unintended network
exposure12.
Amazon GuardDuty is a threat detection service that monitors your AWS accounts and
workloads for malicious or unauthorized activity. Amazon GuardDuty does not scan for
software vulnerabilities, but rather analyzes AWS CloudTrail, Amazon VPC Flow Logs, and
DNS logs to detect threats such as compromised credentials, backdoors, or crypto
mining3.
AWS Security Hub is a security and compliance service that aggregates and prioritizes
security findings from multiple AWS services and partner solutions. AWS Security Hub
does not scan for software vulnerabilities, but rather provides a comprehensive view of
your security posture across your AWS accounts4.
AWS Shield is a managed service that protects your web applications and network
resources from distributed denial-of-service (DDoS) attacks. AWS Shield does not scan for
software vulnerabilities, but rather provides detection and mitigation of DDoS attacks at the
For which AWS service is the customer responsible for maintaining the underlyingoperating system?
A. Amazon DynamoDB B. Amazon S3 C. Amazon EC2 D. AWS Lambda
Answer: C
Explanation: Amazon EC2 is a service that provides resizable compute capacity in the
cloud. Users can launch and manage virtual servers, known as instances, that run on the
AWS infrastructure. Users are responsible for maintaining the underlying operating system
of the instances, as well as any applications or software that run on them. Amazon
DynamoDB is a service that provides a fully managed NoSQL database that delivers fast
and consistent performance at any scale. Users do not need to manage the underlying
operating system or the database software. Amazon S3 is a service that provides scalable
and durable object storage in the cloud. Users do not need to manage the underlying
operating system or the storage infrastructure. AWS Lambda is a service that allows users
to run code without provisioning or managing servers. Users only need to upload their code
and configure the triggers and parameters. AWS Lambda takes care of the underlying
operating system and the execution environment.
Question # 24
A company wants to use the latest technologies and wants to minimize its capitalinvestment. Instead of upgrading on-premises infrastructure, the company wants to moveto the AWS Cloud.Which AWS Cloud benefit does this scenario describe?
A. Increased speed to market B. The trade of infrastructure expenses for operating expenses C. Massive economies of scale D. The ability to go global in minutes
Answer: B
Explanation: The trade of infrastructure expenses for operating expenses is one of the
benefits of the AWS Cloud. By moving to the AWS Cloud, the company can avoid the
upfront costs of purchasing and maintaining on-premises infrastructure, such as servers,
storage, network, and software. Instead, the company can pay only for the AWS resources
and services that they use, as they use them. This reduces the risk and complexity of
planning and managing IT infrastructure, and allows the company to focus on innovation
and growth. Increased speed to market, massive economies of scale, and the ability to go
global in minutes are also benefits of the AWS Cloud, but they are not the best ones to
describe this scenario. Increased speed to market means that the company can launch new products and services faster by using AWS services and tools. Massive economies of
scale means that the company can benefit from the lower costs and higher performance
that AWS achieves by operating at a large scale. The ability to go global in minutes means
that the company can deploy their applications and data in multiple regions and availability
zones around the world to reach their customers faster and improve performance and
reliability5
Question # 25
A company has deployed an application in the AWS Cloud. The company wants to ensurethat the application is highly resilient.Which component of AWS infrastructure can the company use to meet this requireme
A. Content delivery network (CDN) B. Edge locations C. Wavelength Zones D. Availability Zones
Answer: D
Explanation: Availability Zones are components of AWS infrastructure that can help the
company ensure that the application is highly resilient. Availability Zones are multiple,
isolated locations within each AWS Region. Each Availability Zone has independent power,
cooling, and physical security, and is connected to the other Availability Zones in the same
Region via low-latency, high-throughput, and highly redundant networking. Availability
Zones allow you to operate production applications and databases that are more highly
available, fault tolerant, and scalable than would be possible from a single data center.
Question # 26
A company wants an AWS service to provide product recommendations based on itscustomer data.Which AWS service will meet this requirement?
A. Amazon Polly B. Amazon Personalize C. Amazon Comprehend D. Amazon Rekognition
Answer: B
Explanation:
Amazon Personalize is an AWS service that helps developers quickly build and deploy a
custom recommendation engine with real-time personalization and user segmentation1. It
uses machine learning (ML) to analyze customer data and provide relevant
recommendations based on their preferences, behavior, and context. Amazon Personalize
can be used for various use cases such as optimizing recommendations, targeting
customers more accurately, maximizing the value of unstructured text, and promoting items
using business rules1.
The other options are not suitable for providing product recommendations based on
customer data. Amazon Polly is a service that converts text into lifelike speech. Amazon
Comprehend is a service that uses natural language processing (NLP) to extract insights
from text and documents. Amazon Rekognition is a service that uses computer vision (CV)
to analyze images and videos for faces, objects, scenes, and activities.
References:
1: Cloud Products - Amazon Web Services (AWS)
2: Recommender System – Amazon Personalize – Amazon Web Services
3: Top 25 AWS Services List 2023 - GeeksforGeeks
4: AWS to Azure services comparison - Azure Architecture Center
5: The 25+ Best AWS Cost Optimization Tools (Updated 2023) - CloudZero
6: Amazon Polly – Text-to-Speech Service - AWS
7: Natural Language Processing - Amazon Comprehend - AWS
8: Image and Video Analysis - Amazon Rekognition - AWS
Question # 27
A company needs to set a maximum spending limit on AWS services each month. Thecompany also needs to set up alerts for when the company reaches its spending limit.Which AWS service or tool should the company use to meet these requirements?
A. Cost Explorer B. AWS Trusted Advisor C. Service Quotas D. AWS Budgets
Answer: D
Explanation: AWS Budgets is a service that helps you plan your service usage, service
costs, and instance reservations, and track how close your plan is to your budgeted
amount. You can set custom budgets that alert you when you exceed (or are forecasted to
exceed) your budgeted thresholds. You can also use AWS Budgets to set a maximum
spending limit on AWS services each month and set up alerts for when you reach your
spending limit. Cost Explorer is a service that enables you to visualize, understand, and
manage your AWS costs and usage over time. You can use Cost Explorer to view charts
and graphs that show how your costs are trending, identify areas that need further inquiry,
and see the impact of your cost management actions. However, Cost Explorer does not
allow you to set a maximum spending limit or alerts for your AWS services. AWS Trusted
Advisor is a service that provides you real time guidance to help you provision your
resources following AWS best practices, including security and performance. It can help
you monitor for cost optimization opportunities, such as unused or underutilized resources,
but it does not allow you to set a maximum spending limit or alerts for your AWS services.
Service Quotas is a service that enables you to view and manage your quotas, also
referred to as limits, from a central location. Quotas, also referred to as limits, are the
maximum number of resources that you can create in your AWS account. However,
Service Quotas does not allow you to set a maximum spending limit or alerts for your AWS
services.
Question # 28
A company is migrating to the AWS Cloud to meet storage needs. The company wants tooptimize costs based on the amount of storage that the company uses.Which AWS offering or benefit will meet these requirements MOST cost-effectively?
A. Pay-as-you-go pricing B. Savings Plans C. AWS Free Tier D. Volume-based discounts
Answer: D
Explanation: Volume-based discounts are an AWS offering or benefit that can help the
company optimize costs based on the amount of storage that the company uses. Volume- based discounts are discounts that AWS provides for some storage services, such as
Amazon S3 and Amazon EBS, when the company stores a large amount of data. The more
data the company stores, the lower the price per GB. For example, Amazon S3 offers six
storage classes, each with a different price per GB. The price per GB decreases as the
amount of data stored in each storage class increases
Question # 29
A company has a MySQL database running on a single Amazon EC2 instance. Thecompany now requires higher availability in the event of an outage.Which set of tasks would meet this requirement?
A. Add an Application Load Balancer in front of the EC2 instance. B. Configure EC2 Auto Recovery to move the instance to another Availability Zone. C. Migrate to Amazon RDS and enable Multi-AZ. D. Enable termination protection for the EC2 instance to avoid outages.
Answer: C
Explanation: The set of tasks that would meet the requirement of having higher availability
for a MySQL database running on a single Amazon EC2 instance is to migrate to Amazon
RDS and enable Multi-AZ. Amazon RDS is a fully managed relational database service that
supports MySQL and other popular database engines. By enabling Multi-AZ, users can
have a primary database in one Availability Zone and a synchronous standby replica in
another Availability Zone. In case of a planned or unplanned outage of the primary
database, Amazon RDS automatically fails over to the standby replica with minimal
disruption3. Adding an Application Load Balancer in front of the EC2 instance, configuring
EC2 Auto Recovery to move the instance to another Availability Zone, or enabling
termination protection for the EC2 instance would not provide higher availability for the
database, as they do not address the single point of failure or data replication issues.
Question # 30
A company is building an application in the AWS Cloud. The company wants to usetemporary credentials for the application to access other AWS resources.Which AWS service will meet these requirements?
A. AWS Key Management Service (Aws KMS) B. AWS CloudHSM C. Amazon Cognito D. AWS Security Token Service (Aws STS)
Answer: D
Explanation: AWS Security Token Service (AWS STS) is a service that provides
temporary security credentials to users or applications that need to access AWS resources.
The temporary credentials have a limited lifetime and can be configured to last from a few
minutes to several hours. The credentials are not stored with the user or application, but
are generated dynamically and provided on request. The credentials work almost
identically to long-term access key credentials, but have the advantage of not requiring
distribution, rotation, or revocation1.
AWS Key Management Service (AWS KMS) is a service that provides encryption and
decryption services for data and keys. It does not provide temporary security credentials2.
AWS CloudHSM is a service that provides hardware security modules (HSMs) for
cryptographic operations and key management. It does not provide temporary security
credentials3.
Amazon Cognito is a service that provides user authentication and authorization for web
and mobile applications. It can also provide temporary security credentials for
authenticated users, but not for applications4.
Question # 31
Which AWS service uses AWS Compute Optimizer to provide sizing recommendationsbased on workload metrics?
A. Amazon EC2 B. Amazon RDS C. Amazon Lightsail D. AWS Step Functions
Answer: A
Explanation:
Amazon EC2 is a web service that provides secure, resizable compute capacity in the
cloud. It allows you to launch virtual servers, called instances, with different configurations
of CPU, memory, storage, and networking resources. AWS Compute Optimizer analyzes
the specifications and utilization metrics of your Amazon EC2 instances and generates
recommendations for optimal instance types that can reduce costs and improve
performance. You can view the recommendations on the AWS Compute Optimizer console
or the Amazon EC2 console12.
Amazon RDS, Amazon Lightsail, and AWS Step Functions are not supported by AWS
Compute Optimizer. Amazon RDS is a managed relational database service that lets you
set up, operate, and scale a relational database in the cloud. Amazon Lightsail is an easyto-
use cloud platform that offers everything you need to build an application or website,
plus a cost-effective, monthly plan. AWS Step Functions lets you coordinate multiple AWS
services into serverless workflows so you can build and update apps quickly3 .
Question # 32
Which of the following is a benefit of operating in the AWS Cloud?
A. The ability to migrate on-premises network devices to the AWS Cloud B. The ability to expand compute, storage, and memory when needed C. The ability to host custom hardware in the AWS Cloud D. The ability to customize the underlying hypervisor layer for Amazon EC2
Answer: B
Explanation: One of the benefits of operating in the AWS Cloud is the ability to expand
compute, storage, and memory when needed, which enables users to scale their
applications and resources up or down based on demand. This also helps users optimize
their costs and performance. The ability to migrate on-premises network devices to the
AWS Cloud, the ability to host custom hardware in the AWS Cloud, and the ability to
customize the underlying hypervisor layer for Amazon EC2 are not benefits of operating in
the AWS Cloud, as they are either not possible or not recommended by AWS
Question # 33
Which AWS service or feature enables users to encrypt data at rest in Amazon S3?
A. 1AM policies B. Server-side encryption C. Amazon GuardDuty D. Client-side encryption
Answer: B
Explanation: Server-side encryption is an encryption option that Amazon S3 provides to
encrypt data at rest in Amazon S3. With server-side encryption, Amazon S3 encrypts an
object before saving it to disk in its data centers and decrypts it when you download the
objects. You have three server-side encryption options to choose from: SSE-S3, SSE-C,
and SSE-KMS. SSE-S3 uses keys that are managed by Amazon S3. SSE-C allows you to
manage your own encryption keys. SSE-KMS uses keys that are managed by AWS Key
Management Service (AWS KMS)5.
Question # 34
A company runs a MySQL database in its on-premises data center. The company wants torun a copy of this database in the AWSCloud.Which AWS service would support this workload?
A. Amazon RDS B. Amazon Neptune C. Amazon ElastiCache for Redis D. Amazon Quantum Ledger Database (Amazon QLDB)
Answer: A
Explanation: Amazon Relational Database Service (Amazon RDS) is a web service that
makes it easier to set up, operate, and scale a relational database in the cloud. It provides
cost-efficient and resizable capacity, while automating time-consuming administration tasks
such as hardware provisioning, database setup, patching, and backups. Amazon RDS
supports six popular database engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB,
Oracle Database, and SQL Server. Amazon RDS can support running a copy of a MySQL
database in the AWS Cloud, as it offers compatibility, scalability, and availability features.
Question # 35
A company wants to set up a high-speed connection between its data center and itsapplications that run on AWS. The company must not transfer data over the internet.Which action should the company take to meet these requirements?
A. Transfer data to AWS by using AWS Snowball. B. Transfer data to AWS by using AWS Storage Gateway. C. Set up a VPN connection between the data center and an AWS Region. D. Set up an AWS Direct Connect connection between the company network and AWS.
Answer: D
Explanation: AWS Direct Connect is a cloud service solution that makes it easy to
establish a dedicated network connection from a customer’s premises to AWS. AWS Direct
Connect does not involve the public internet, and therefore can reduce network costs,
increase bandwidth throughput, and provide a more consistent network experience than
internet-based connections. AWS Snowball is a petabyte-scale data transport service that
uses secure devices to transfer large amounts of data into and out of the AWS Cloud. AWS
Storage Gateway is a hybrid cloud storage service that gives customers on-premises
access to virtually unlimited cloud storage. A VPN connection enables customers to
establish a secure and private connection between their network and AWS.
Question # 36
A company has an application that runs periodically in an on-premises environment. Theapplication runs for a few hours most days, but runs for 8 hours a day for a week at the endof each month.Which AWS service or feature should be used to host the application in the AWS Cloud?
A. Amazon EC2 Standard Reserved Instances B. Amazon EC2 On-Demand Instances C. AWS Wavelength D. Application Load Balancer
Answer: B
Explanation: Amazon EC2 On-Demand Instances are instances that let you pay for
compute capacity by the hour or second (minimum of 60 seconds) with no long-term
commitments. This frees you from the costs and complexities of planning, purchasing, and
maintaining hardware and transforms what are commonly large fixed costs into much
smaller variable costs. On-Demand Instances are suitable for applications with short-term,
irregular, or unpredictable workloads that cannot be interrupted, such as periodic
applications that run for a few hours most days, but run for 8 hours a day for a week at the
end of each month2. Amazon EC2 Standard Reserved Instances are instances that
provide you with a significant discount (up to 75%) compared to On-Demand Instance
pricing. In exchange, you select a term and make an upfront payment to reserve a certain
amount of compute capacity for that term. Reserved Instances are suitable for applications
with steady state or predictable usage that require reserved capacity3. AWS Wavelength is
a service that enables developers to build applications that deliver ultra-low latency to
mobile devices and users by deploying AWS compute and storage at the edge of the 5G
network. Wavelength is suitable for applications that require single-digit millisecond latencies, such as game and live video streaming, machine learning inference at the edge,
and augmented and virtual reality (AR/VR). Application Load Balancer is a service that
operates at the request level (layer 7) and distributes incoming application traffic across
multiple targets, such as EC2 instances, containers, Lambda functions, and IP addresses.
Application Load Balancer is suitable for applications that need advanced routing
capabilities, such as microservices or container-based architectures.
Question # 37
A company wants to launch its web application in a second AWS Region. The companyneeds to determine which services must be regionally configured for this launch.Which AWS services can be configured at the Region level? (Select TWO.)
A. Amazon EC2 B. Amazon Route 53 C. Amazon CloudFront D. AWS WAF E. Amazon DynamoDB
Answer: B,D
Explanation: Amazon Route 53 and AWS WAF are AWS services that can be configured
at the Region level. Amazon Route 53 is a highly available and scalable cloud Domain
Name System (DNS) web service that lets you register domain names, route traffic to
resources, and check the health of your resources. AWS WAF is a web application firewall
that helps protect your web applications or APIs against common web exploits that may
affect availability, compromise security, or consume excessive resources. Amazon EC2,
Amazon CloudFront, and Amazon DynamoDB are AWS services that can be configured at
the global level or the Availability Zone level .
Question # 38
A company has created an AWS Cost and Usage Report and wants to visualize the report.Which AWS service should the company use to ingest and display this information?
A. Amazon QuickSight B. Amazon Pinpoint C. Amazon Neptune D. Amazon Kinesis
Answer: A
Explanation: Amazon QuickSight is an AWS service that provides business intelligence
and data visualization capabilities. Amazon QuickSight enables you to ingest, analyze, and
display data from various sources, such as AWS Cost and Usage Reports, Amazon S3,
Amazon Athena, Amazon Redshift, and Amazon RDS. You can use Amazon QuickSight to
create interactive dashboards and charts that show insights and trends from your data. You
can also share your dashboards and charts with other users or embed them into your
applications.
Question # 39
A company is looking for a managed machine learning (ML) service that can recommendproducts based on a customer's previous behaviors.Which AWS service meets this requirement?
A. Amazon Personalize B. Amazon SageMaker C. Amazon Pinpoint D. Amazon Comprehend
Answer: A
Explanation: The AWS service that meets the requirement of providing a managed
machine learning (ML) service that can recommend products based on a customer’s
previous behaviors is Amazon Personalize. Amazon Personalize is a fully managed
service that enables developers to create personalized recommendations for customers
using their own data. Amazon Personalize can automatically process and examine the
data, identify what is meaningful, select the right algorithms, and train and optimize a
personalized recommendation model2. Amazon SageMaker, Amazon Pinpoint, and
Amazon Comprehend are other AWS services related to machine learning, but they do not
provide the specific functionality of product recommendation.
Question # 40
Which benefits can customers gain by using AWS Marketplace? (Select TWO.)
A. Speed of business B. Fewer legal objections C. Ability to pay with credit cards D. No requirement for product licenses for any products E. Free use of all services for the first hour
Answer: A,B
Explanation: AWS Marketplace is a digital catalog that offers thousands of software
products and solutions from independent software vendors (ISVs) and AWS partners.
Customers can use AWS Marketplace to find, buy, and deploy software on AWS. Some of
the benefits of using AWS Marketplace are:
Speed of business: You can quickly and easily discover and deploy software that
meets your business needs, without having to go through lengthy procurement
processes. You can also use AWS Marketplace to test and compare different
solutions before making a purchase decision. Fewer legal objections: You can benefit from standardized contract terms and
conditions that are pre-negotiated between AWS and the ISVs. This reduces the
time and effort required to review and approve legal agreements.
Question # 41
A company wants to use guidelines from the AWS Well-Architected Framework to limithuman error and facilitate consistent responses to events.Which of the following is a Well-Architected design principle that will meet theserequirements?
A. Use AWS CodeDeploy. B. Perform operations as code. C. Migrate workloads to a Dedicated Host. D. Use AWS Compute Optimizer.
Answer: B
Explanation: This is a design principle of the operational excellence pillar of the AWS
Well-Architected Framework. Performing operations as code means using scripts,
templates, or automation tools to perform routine tasks, such as provisioning, configuration,
deployment, and monitoring. This reduces human error, increases consistency, and
enables faster recovery from failures. You can learn more about the operational excellence
pillar from this whitepaper or this digital course.
Question # 42
A company needs to set up user authentication for a new application. Users must be ableto sign in directly with a user name and password, or through a third-party provider.Which AWS service should the company use to meet these requirements?
A. AWS 1AM Identity Center (AWS Single Sign-On) B. AWS Signer C. Amazon Cognito D. AWS Directory Service
Answer: C
Explanation: Amazon Cognito is a service that provides user authentication and
authorization for web and mobile applications. You can use Amazon Cognito to enable
users to sign in directly with a user name and password, or through a third-party provider,
such as Facebook, Google, or Amazon. You can also use Amazon Cognito to manage user
profiles, preferences, and security settings3
Question # 43
AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage acrosshundreds of thousands of users.This describes which advantage of the AWS Cloud?
A. Launch globally in minutes B. Increase speed and agility C. High economies of scale D. No guessing about compute capacity
Answer: C
Explanation: AWS has the ability to achieve lower pay-as-you-go pricing by aggregating
usage across hundreds of thousands of users. This means that AWS can leverage its
massive scale and purchasing power to reduce the costs of infrastructure, hardware,
software, and operations. These savings are then passed on to the customers, who only
pay for the resources they use. You can learn more about the AWS pricing model from [this
webpage] or [this digital course].
Question # 44
Which AWS service or feature offers security for a VPC by acting as a firewall to controltraffic in and out of subnets?
A. AWS Security Hub B. Security groups C. Network ACL D. AWSWAF
Answer: C
Explanation: A network access control list (network ACL) is a feature that acts as a firewall
for controlling traffic in and out of one or more subnets in a virtual private cloud
(VPC). Network ACLs can be configured with rules that allow or deny traffic based on the
source and destination IP addresses, ports, and protocols1. AWS Security Hub is a service
that provides a comprehensive view of the security posture of AWS accounts and
resources2. Security groups are features that act as firewalls for controlling traffic at the
instance level3. AWS WAF is a web application firewall that helps protect web applications
from common web exploits4.
Question # 45
A company is using a central data platform to manage multiple types of data for itscustomers. The company wants to use AWS services to discover, transform, and visualizethe data.Which combination of AWS services should the company use to meet these requirements?(Select TWO.)
A. AWS Glue B. Amazon Elastic File System (Amazon EFS) C. Amazon Redshift D. Amazon QuickSight E. Amazon Quantum Ledger Database (Amazon QLDB)
Answer: A,C
Explanation: AWS Glue is a fully managed extract, transform, and load (ETL) service that
makes it easy to prepare and load data for analytics. AWS Glue can discover data sources,
transform data, and make it available for analysis by using data catalogs and workflows.
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud
that enables customers to analyze data using standard SQL and existing business
intelligence tools. Amazon Redshift can also integrate with other AWS services to visualize
and transform data. Amazon Elastic File System (Amazon EFS) provides a simple,
scalable, fully managed elastic NFS file system for use with AWS Cloud services and onpremises
resources. Amazon QuickSight is a fast, cloud-powered business intelligence
service that makes it easy to deliver insights to everyone in an organization. Amazon
Quantum Ledger Database (Amazon QLDB) is a fully managed ledger database that
provides a transparent, immutable, and cryptographically verifiable transaction log owned
by a central trusted authority.
Question # 46
A software engineer wants to launch a virtual machine (VM) and MySQL database onAWS.Which AWS service will meet these requirements with the LEAST operational effort?
A. Amazon Elastic Container Service (Amazon ECS) B. AWS Elastic Beanstalk C. Amazon Lightsail D. Amazon EC2
Answer: B
Explanation: AWS Elastic Beanstalk is a service that enables you to quickly deploy and
manage applications in the AWS Cloud without worrying about the infrastructure that runs
those applications. You simply upload your application, and Elastic Beanstalk automatically
handles the details of capacity provisioning, load balancing, scaling, and application health
monitoring. Elastic Beanstalk supports several platform configurations for Java, .NET, PHP,
Node.js, Python, Ruby, Go, and Docker web applications that can run on familiar servers
such as Apache, Nginx, Passenger, and IIS. You can also use Elastic Beanstalk to launch
a virtual machine (VM) and MySQL database on AWS with the least operational effort.
Amazon Elastic Container Service (Amazon ECS) is a fully managed container
orchestration service that enables you to easily run, scale, and secure Docker
containerized applications on AWS. However, it requires more operational effort than
Elastic Beanstalk, as you need to define your application architecture and the specifications
of the containers that run it. Amazon Lightsail is an easy-to-use cloud platform that offers
everything you need to build an application or website, plus a cost-effective, monthly plan.
It is designed for developers who have little or no prior cloud experience and want to
launch and manage applications on AWS with minimal complexity. However, it does not
support MySQL databases, and it requires more operational effort than Elastic Beanstalk,
as you need to configure your VM and database settings. Amazon EC2 is a web service
that provides secure, resizable compute capacity in the cloud. It allows you to launch a
virtual machine (VM) and MySQL database on AWS, but it requires the most operational
effort, as you need to provision, monitor, and manage your EC2 instances and database.
Question # 47
A software engineer wants to launch a virtual machine (VM) and MySQL database onAWS.Which AWS service will meet these requirements with the LEAST operational effort?
A. Amazon Elastic Container Service (Amazon ECS) B. AWS Elastic Beanstalk C. Amazon Lightsail D. Amazon EC2
Answer: B
Explanation: AWS Elastic Beanstalk is a service that enables you to quickly deploy and
manage applications in the AWS Cloud without worrying about the infrastructure that runs
those applications. You simply upload your application, and Elastic Beanstalk automatically
handles the details of capacity provisioning, load balancing, scaling, and application health
monitoring. Elastic Beanstalk supports several platform configurations for Java, .NET, PHP,
Node.js, Python, Ruby, Go, and Docker web applications that can run on familiar servers
such as Apache, Nginx, Passenger, and IIS. You can also use Elastic Beanstalk to launch
a virtual machine (VM) and MySQL database on AWS with the least operational effort.
Amazon Elastic Container Service (Amazon ECS) is a fully managed container
orchestration service that enables you to easily run, scale, and secure Docker
containerized applications on AWS. However, it requires more operational effort than
Elastic Beanstalk, as you need to define your application architecture and the specifications
of the containers that run it. Amazon Lightsail is an easy-to-use cloud platform that offers
everything you need to build an application or website, plus a cost-effective, monthly plan.
It is designed for developers who have little or no prior cloud experience and want to
launch and manage applications on AWS with minimal complexity. However, it does not
support MySQL databases, and it requires more operational effort than Elastic Beanstalk,
as you need to configure your VM and database settings. Amazon EC2 is a web service
that provides secure, resizable compute capacity in the cloud. It allows you to launch a
virtual machine (VM) and MySQL database on AWS, but it requires the most operational
effort, as you need to provision, monitor, and manage your EC2 instances and database.
Question # 48
A company wants to ensure that all of its Amazon EC2 instances have compliant operatingsystem patches.Which AWS service will meet these requirements?
A. AWS Compute Optimizer B. AWS Elastic Beanstalk C. AWS AppSync D. AWS Systems Manager
Answer: D
Explanation: AWS Systems Manager gives you visibility and control of your infrastructure
on AWS. Systems Manager provides a unified user interface so you can view operational
data from multiple AWS services and allows you to automate operational tasks across your
AWS resources. You can use Systems Manager to apply OS patches, create system
images, configure Windows and Linux operating systems, and execute PowerShell
commands5. Systems Manager can help you ensure that all of your Amazon EC2
instances have compliant operating system patches by using the Patch Manager feature.
Question # 49
Which AWS service helps developers use loose coupling and reliable messaging betweenmicroservices?
A. Elastic Load Balancing B. Amazon Simple Notification Service (Amazon SNS) C. Amazon CloudFront D. Amazon Simple Queue Service (Amazon SQS)
Answer: D
Explanation: Amazon Simple Queue Service (Amazon SQS) is a service that provides
fully managed message queues for asynchronous communication between
microservices. It helps developers use loose coupling and reliable messaging by allowing
them to send, store, and receive messages between distributed components without losing
them or requiring each component to be always available1. Elastic Load Balancing is a
service that distributes incoming traffic across multiple targets, such as Amazon EC2
instances, containers, and IP addresses. Amazon Simple Notification Service (Amazon
SNS) is a service that provides fully managed pub/sub messaging for event-driven and
push-based communication between microservices. Amazon CloudFront is a service that
provides a fast and secure content delivery network (CDN) for web applications.
Question # 50
A company is running an Amazon EC2 instance in a VPC.An ecommerce company is using Amazon EC2 Auto Scaling groups to manage a fleet ofweb servers running on Amazon EC2.This architecture follows which AWS Well-Architected Framework best practice?
A. Secure the workload B. Decouple infrastructure components C. Design for failure D. Think parallel
Answer: C
Explanation: Design for failure is one of the best practices of the AWS Well-Architected
Framework. It means that the architecture should be resilient and fault-tolerant, and able to
handle failures without impacting the availability and performance of the applications. By
using Amazon EC2 Auto Scaling groups, the ecommerce company can design for failure
by automatically scaling the number of EC2 instances up or down based on demand or
health status. Amazon EC2 Auto Scaling groups can also distribute the EC2 instances
across multiple Availability Zones, which are isolated locations within an AWS Region that
have independent power, cooling, and network connectivity. This way, the company can
ensure that their web servers can handle traffic spikes, recover from failures, and provide a
consistent user experience
Question # 51
A company hosts a large amount of data in AWS. The company wants to identify if any ofthe data should be considered sensitive.Which AWS service will meet the requirement?
A. Amazon Inspector B. Amazon Macie C. AWS Identity and Access Management (IAM) D. Amazon CloudWatch
Answer: B
Explanation: Amazon Macie is a fully managed service that uses machine learning and
pattern matching to help you detect, classify, and better protect your sensitive data stored
in the AWS Cloud1. Macie can automatically discover and scan your Amazon S3 buckets
for sensitive data such as personally identifiable information (PII), financial information,
healthcare information, intellectual property, and credentials1. Macie also provides you with
a dashboard that shows the type, location, and volume of sensitive data in your AWS
environment, as well as alerts and findings on potential security issues1.
The other options are not suitable for identifying sensitive data in AWS. Amazon Inspector
is a service that helps you find security vulnerabilities and deviations from best practices in
your Amazon EC2 instances2. AWS Identity and Access Management (IAM) is a service
that helps you manage access to your AWS resources by creating users, groups, roles,
and policies3. Amazon CloudWatch is a service that helps you monitor and troubleshoot
your AWS resources and applications by collecting metrics, logs, events, and alarms4. References:
1: What Is Amazon Macie? - Amazon Macie
2: What Is Amazon Inspector? - Amazon Inspector
3: What Is IAM? - AWS Identity and Access Management
4: What Is Amazon CloudWatch? - Amazon CloudWatch
Question # 52
A company wants to launch multiple workloads on AWS. Each workload is related to adifferent business unit. The company wants to separate and track costs for each businessunit.Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS Organizations and create one account for each business unit. B. Use a spreadsheet to control the owners and cost of each resource. C. Use an Amazon DynamoDB table to record costs for each business unit. D. Use the AWS Billing console to assign owners to resources and track costs.
Answer: A
Explanation: AWS Organizations is a service that helps you centrally manage and govern
your AWS environment. You can use AWS Organizations to create multiple accounts for
different business units, and group them into organizational units (OUs) that reflect your
organizational structure1. By doing so, you can separate and track costs for each business
unit using the account ID as a cost allocation tag2. You can also use AWS Organizations to
apply policies and controls to your accounts, such as service control policies (SCPs) and
tag policies1.
The other options are not suitable for meeting the requirements with the least operational
Question # 53
A company has all of its servers in the us-east-1 Region. The company is considering thedeployment of additional servers different Region. Which AWS tool should the company use to find pricing information for other Regions?
A. Cost Explorer B. AWS Budgets C. AWS Purchase Order Management D. AWS Pricing Calculator
Answer: D
Explanation: AWS Pricing Calculator lets customers explore AWS services, and create an
estimate for the cost of their use cases on AWS. AWS Pricing Calculator can also compare
the costs of different AWS Regions and configurations. Cost Explorer is a tool that enables
customers to visualize, understand, and manage their AWS costs and usage over time.
AWS Budgets gives customers the ability to set custom budgets that alert them when their
costs or usage exceed (or are forecasted to exceed) their budgeted amount. AWS
Purchase Order Management is a feature that allows customers to pay for their AWS
invoices using purchase orders.
Question # 54
A company wants its Amazon EC2 instances to share the same geographic area but usemultiple independent underlying power sources.Which solution achieves this goal?
A. Use EC2 instances in a single Availability Zone. B. Use EC2 instances in multiple AWS Regions. C. Use EC2 instances in multiple Availability Zones in the same AWS Region. D. Use EC2 instances in the same edge location and the same AWS Region.
Answer: C
Explanation: The solution that achieves the goal of having Amazon EC2 instances share
the same geographic area but use multiple independent underlying power sources is to use
EC2 instances in multiple Availability Zones in the same AWS Region. An Availability
Zone is a physically isolated location within an AWS Region that has its own power,
cooling, and network connectivity. An AWS Region is a geographical area that consists of
two or more Availability Zones. By using multiple Availability Zones, users can increase the
fault tolerance and resilience of their applications, as well as reduce latency for end users3.
Using EC2 instances in a single Availability Zone, multiple AWS Regions, or the same
edge location and the same AWS Region would not meet the requirement of having
multiple independent power sources.
Question # 55
Which company needs to apply security rules to a subnet for Amazon EC2 instances.Which AWS service or feature provides this functionality?
A. Network ACLs B. Security groups C. AWS Certificate Manager (ACM) D. AWS Config
Answer: A
Explanation: Network ACLs (network access control lists) are an AWS service or feature
that provides the functionality of applying security rules to a subnet for EC2 instances. A
subnet is a logical partition of an IP network within a VPC (virtual private cloud). A VPC is a
logically isolated section of the AWS Cloud where the company can launch AWS resources
in a virtual network that they define. A network ACL is a virtual firewall that controls the
inbound and outbound traffic for one or more subnets. The company can use network
ACLs to allow or deny traffic based on protocol, port, or source and destination IP address.
Network ACLs are stateless, meaning that they do not track the traffic that flows through
them. Therefore, the company must create rules for both inbound and outbound traffic4
Question # 56
A company has migrated its workloads to AWS. The company wants to adopt AWS atscale and operate more efficiently and securely.Which AWS service or framework should the company use for operational support?
A. AWS Support B. AWS Cloud Adoption Framework (AWS CAF) C. AWS Managed Services (AMS) D. AWS Well-Architected Framework
Answer: D
Explanation: The AWS Well-Architected Framework is a set of best practices and
guidelines for designing and operating workloads on AWS. It helps customers achieve
operational excellence, security, reliability, performance efficiency, cost optimization, and
sustainability. The framework is based on six pillars, each with its own design principles,
best practices, and questions. Customers can use the framework to assess their current
state, identify gaps, and implement improvements12.
AWS Support is a service that provides technical assistance, guidance, and resources for
AWS customers. It offers different plans with varying levels of access to AWS experts,
response times, and features3. AWS Support does not provide a comprehensive
framework for operational support.
AWS Cloud Adoption Framework (AWS CAF) is a guidance tool that helps customers plan
and execute their cloud migration journey. It provides a set of perspectives, capabilities,
and best practices to align the business and technical aspects of cloud adoption4. AWS
CAF does not focus on operational support for existing workloads on AWS.
AWS Managed Services (AMS) is a service that operates AWS infrastructure on behalf of
customers. It provides a secure and compliant environment, automates common activities,
and applies best practices for provisioning, patching, backup, recovery, and monitoring5.
AMS does not provide a framework for customers to operate their own workloads on AWS.
Question # 57
Which AWS Support plan is the minimum recommended tier for users who have productionworkloads on AWS?
A. AWS Developer Support B. AWS Enterprise Support C. AWS Business Support D. AWS Enterprise On-Ramp Support
Answer: C
Explanation: AWS Business Support is the minimum recommended tier for users who
have production workloads on AWS. AWS Business Support provides 24x7 access to
cloud support engineers via phone, chat, or email, as well as a guaranteed response time
of less than one hour for urgent issues. AWS Business Support also includes access to
AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your
resources following AWS best practices4.
Question # 58
A developer has been hired by a large company and needs AWS credentials.Which are security best practices that should be followed? (Select TWO.)
A. Grant the developer access to only the AWS resources needed to perform the job. B. Share the AWS account root user credentials with the developer. C. Add the developer to the administrator's group in AWS IAM. D. Configure a password policy that ensures the developer's password cannot be changed. E. Ensure the account password policy requires a minimum length.
Answer: A,E
Explanation:
The security best practices that should be followed are A and E.
A. Grant the developer access to only the AWS resources needed to perform the job. This
is an example of the principle of least privilege, which means giving the minimum
permissions necessary to achieve a task. This reduces the risk of unauthorized access,
data leakage, or accidental damage to AWS resources. You can use AWS Identity and
Access Management (IAM) to create users, groups, roles, and policies that grant finegrained
access to AWS resources12.
E. Ensure the account password policy requires a minimum length. This is a basic security
measure that helps prevent brute-force attacks or guessing of passwords. A longer
password is harder to crack than a shorter one. You can use IAM to configure a password
policy that enforces a minimum password length, as well as other requirements such as
complexity, expiration, and history34.
B. Share the AWS account root user credentials with the developer. This is a bad practice
that should be avoided. The root user has full access to all AWS resources and services,
and can perform sensitive actions such as changing billing information, closing the account,
or deleting all resources. Sharing the root user credentials exposes your account to
potential compromise or misuse. You should never share your root user credentials with
anyone, and use them only for account administration tasks5 .
C. Add the developer to the administrator’s group in IAM. This is also a bad practice that
should be avoided. The administrator’s group has full access to all AWS resources and
services, which is more than what a developer needs to perform their job. Adding the
developer to the administrator’s group violates the principle of least privilege and increases
the risk of unauthorized access, data leakage, or accidental damage to AWS resources.
You should create a custom group for the developer that grants only the necessary permissions for their role12.
D. Configure a password policy that ensures the developer’s password cannot be changed.
This is another bad practice that should be avoided. Preventing the developer from
changing their password reduces their ability to protect their credentials and comply with
security policies. For example, if the developer’s password is compromised, they cannot
change it to prevent further unauthorized access. Or if the company requires periodic
password rotation, they cannot update their password to meet this requirement. You should
allow the developer to change their password as needed, and enforce a password policy
that sets reasonable rules for password management34.
Question # 59
A company uses AWS for its web application. The company wants to minimize latency andperform compute operations for the application as close to end users as possible.Which AWS service or infrastructure component will provide this functionality?
A. AWS Regions B. Availability Zones C. Edge locations D. AWS Direct Connect
Answer: C
Explanation: Edge locations are sites that Amazon CloudFront uses to cache copies of
your content for faster delivery to users at any location. You can use Amazon CloudFront to
deliver your entire website, including dynamic, static, streaming, and interactive content
using a global network of edge locations. Requests for your content are automatically
routed to the nearest edge location, so content is delivered with the best possible
performance3. Edge locations can also host AWS Lambda functions to perform compute
operations for your web application as close to end users as possible4.
Question # 60
Which AWS services can be used to store files? (Select TWO.)
A. Amazon S3 B. AWS Lambda C. Amazon Elastic Block Store (Amazon EBS) D. Amazon SageMaker E. AWS Storage Gateway
Answer: A,C
Explanation: Amazon S3 and Amazon EBS are two AWS services that can be used to
store files . Amazon S3 is an object storage service that offers high scalability, durability,
availability, and performance. Amazon EBS is a block storage service that provides
persistent and low-latency storage volumes for Amazon EC2 instances. AWS Lambda,
Amazon SageMaker, and AWS Storage Gateway are other AWS services that have
different purposes, such as serverless computing, machine learning, and hybrid cloud
storage .
Question # 61
A company wants to define a central data protection policy that works across AWS servicesfor compute, storage, and database resources.Which AWS service will meet this requirement?
A. AWS Batch B. AWS Elastic Disaster Recovery C. AWS Backup D. Amazon FSx
Answer: C
Explanation: The AWS service that will meet this requirement is C. AWS Backup.
AWS Backup is a service that allows you to define a central data protection policy that
works across AWS services for compute, storage, and database resources. You can use
AWS Backup to create backup plans that specify the frequency, retention, and lifecycle of
your backups, and apply them to your AWS resources using tags or resource IDs. AWS
Backup supports various AWS services, such as Amazon EC2, Amazon EBS, Amazon