Amazon - AWS Certified Cloud Practitioner CLF C02.vFeb 2024.by - .Rick - .156q

Amazon.AWS Certified Cloud Practitioner (CLF-C02).vFeb-2024.by.Rick.
156q
Number: CLF-C02
Passing Score: 800.0
Time Limit: 120.0
Website: www.VCEplus.io File Version: 7.7
Twitter: https://twitter.com/VCE_Plus
Exam Code: CLF-C02
Exam Name: AWS Certified Cloud Practitioner
IT Certification Exams - Questions & Answers | VCEplus.io

Exam A
QUESTION 1
A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access.
According to the AWS shared responsibility model, which task is the responsibility of the customer?
A. Protect the global infrastructure that runs all of the services offered in the AWS Cloud.
B. Configure logical access controls for resources, and protect account credentials.
C. Configure the security used by managed services.
D. Patch and back up Amazon Aurora.
Correct Answer: B
Section:
Explanation:
According to the AWS shared responsibility model, the customer is responsible for configuring logical access controls for resources, and protecting account credentials. This includes managing IAM user permissions, security
group rules, network ACLs, encryption keys, and other aspects of access management1. AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud, such as the hardware,
software, networking, and facilities. AWS is also responsible for configuring the security used by managed services, such as Amazon RDS, Amazon DynamoDB, and Amazon Aurora2.
QUESTION 2
Which task is the responsibility of AWS when using AWS services?
A.
B.
C.
Management of 1AM user permissions
Creation of security group rules for outbound access
Maintenance of physical and environmental controls
www.VCEplus.io
D. Application of Amazon EC2 operating system patches
Correct Answer: C
Section:
Explanation:
AWS is responsible for maintaining the physical and environmental controls of the AWS Cloud, such as power, cooling, fire suppression, and physical security1. The customer is responsible for managing the IAM user
permissions, creating security group rules for outbound access, applying Amazon EC2 operating system patches, and other aspects of security in the cloud1.
QUESTION 3
A company wants to push VPC Flow Logs to an Amazon S3 bucket.
A company wants to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances.
Which AWS purchasing option should the company choose to meet these requirements?
A. Dedicated Hosts
B. Compute Savings Plans
C. Reserved Instances
D. Spot Instances
Correct Answer: B
Section:
Explanation:

Compute Savings Plans are a flexible and cost-effective way to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances. With Compute Savings Plans, customers can commit to a consistent
amount of compute usage (measured in $/hour) for a 1-year or 3-year term and receive a discount of up to 66% compared to On-Demand prices3. Dedicated Hosts are physical servers with EC2 instance capacity fully
dedicated to the customer's use. They are suitable for customers who have specific server-bound software licenses or compliance requirements4. Reserved Instances are a pricing model that provides a significant discount (up
to 75%) compared to On-Demand pricing and a capacity reservation for EC2 instances. They are available in 1-year or 3-year terms and different payment options5. Spot Instances are spare EC2 instances that are available at
up to 90% discount compared to On-Demand prices. They are suitable for customers who have flexible start and end times, can withstand interruptions, and can handle excess capacity.
QUESTION 4
A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.
Which AWS offering will meet these requirements?
A. Amazon EventBridge
B. Compute Savings Plans
C. AWS Budgets
D. Migration Evaluator
Correct Answer: C
Section:
Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are
forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1
QUESTION 5
According to the AWS shared responsibility model, which task is the customer's responsibility?
A.
B.
C.
Maintaining the infrastructure needed to run AWS Lambda
Updating the operating system of Amazon DynamoDB instances
Maintaining Amazon S3 infrastructure
www.VCEplus.io
D. Updating the guest operating system on Amazon EC2 instances
Correct Answer: D
Section:
Explanation:
The AWS shared responsibility model describes the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the hardware,
software, networking, and facilities that run AWS services. The customer is responsible for security in the cloud, which includes the customer data, applications, operating systems, and network and firewall configurations.
Therefore, updating the guest operating system on Amazon EC2 instances is the customer's responsibility2
QUESTION 6
Which of the following actions are controlled with AWS Identity and Access Management (1AM)?
(Select TWO.)
A. Control access to AWS service APIs and to other specific resources.

B. Provide intelligent threat detection and continuous monitoring.
C. Protect the AWS environment using multi-factor authentication (MFA).
D. Grant users access to AWS data centers.
E. Provide firewall protection for applications from common web attacks.
Correct Answer: A, C
Section:

Explanation:
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely. You can use IAM to perform the following actions:
Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS resources and how. You can also use IAM to grant temporary access
to users or applications that need to perform certain tasks on your behalf3 Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of
security to your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and password, when they sign in to AWS4
QUESTION 7
A company needs to securely store important credentials that an application uses to connect users to a database.
Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?
A. AWS Key Management Service (AWS KMS)

B. AWS Config
C. AWS Secrets Manager
D. Amazon GuardDuty
Correct Answer: C
Section:
Explanation:
AWS Secrets Manager is a service that helps you protect secrets needed to access your applications, services, and IT resources. You can use AWS Secrets Manager to store, rotate, and retrieve database credentials, API keys,
and other secrets throughout their lifecycle. AWS Secrets Manager eliminates the need to hardcode sensitive information in plain text, and reduces the risk of unauthorized access or leakage. AWS Secrets Manager also
integrates with other AWS services, such as AWS Lambda, Amazon RDS, and AWS CloudFormation, to simplify the management of secrets across your environment5
QUESTION 8
Which AWS service or feature is associated with a subnet in a VPC and is used to control inbound and outbound traffic?
A.
B.
Amazon Inspector
Network ACLs
www.VCEplus.io
C. AWS Shield
D. VPC Flow Logs
Correct Answer: B
Section:
Explanation:
Network ACLs (network access control lists) are an optional layer of security for your VPC that act as a firewall for controlling traffic in and out of one or more subnets. You can use network ACLs to allow or deny traffic based
on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not track the traffic that flows through them. Therefore, you must create rules for both inbound and outbound traffic.
QUESTION 9
Which task does AWS perform automatically?
A. Encrypt data that is stored in Amazon DynamoDB.

B. Patch Amazon EC2 instances.
C. Encrypt user network traffic.
D. Create TLS certificates for users' websites.
Correct Answer: B
Section:
Explanation:
AWS performs some tasks automatically to help you manage and secure your AWS resources. One of these tasks is patching Amazon EC2 instances. AWS provides two options for patching your EC2 instances: managed

instances and patch baselines. Managed instances are a group of EC2 instances or on-premises servers that you can manage using AWS Systems Manager. Patch baselines define the patches that AWS Systems Manager
applies to your instances. You can use AWS Systems Manager to automate the process of patching your instances based on a schedule or a maintenance window.
QUESTION 10
A company is migrating its data center to AWS. The company needs an AWS Support plan that provides chat access to a cloud sup engineer 24 hours a day, 7 days a week. The company does not require access to
infrastructure event management.
What is the MOST cost-effective AWS Support plan that meets these requirements?
A. AWS Enterprise Support

B. AWS Business Support
C. AWS Developer Support
D. AWS Basic Support
Correct Answer: B
Section:
Explanation:
AWS Business Support is the most cost-effective AWS Support plan that provides chat access to a cloud support engineer 24/7. AWS Business Support also offers phone and email support, as well as a response time of less
than one hour for urgent issues. AWS Business Support does not include access to infrastructure event management, which is a feature of AWS Enterprise Support. AWS Enterprise Support is more expensive and provides
additional benefits, such as a technical account manager, a support concierge, and a response time of less than 15 minutes for critical issues. AWS Developer Support and AWS Basic Support do not provide chat access to a
cloud support engineer. AWS Developer Support provides email support and a response time of less than 12 hours for general guidance issues. AWS Basic Support provides customer service and account support, as well as
access to forums and documentation1
QUESTION 11
Which task can a company perform by using security groups in the AWS Cloud?
A.
B.
www.VCEplus.io
Allow access to an Amazon EC2 instance through only a specific port.
Deny access to malicious IP addresses at a subnet level.
C. Protect data that is cached by Amazon CloudFront.
D. Apply a stateless firewall to an Amazon EC2 instance.
Correct Answer: A
Section:
Explanation:
Security groups are virtual firewalls that control the inbound and outbound traffic for Amazon EC2 instances. They can be used to allow access to an Amazon EC2 instance through only a specific port, such as port 22 for SSH
or port 80 for HTTP. Security groups cannot deny access to malicious IP addresses at a subnet level, as they only allow or deny traffic based on the rules defined by the customer. To block malicious IP addresses, customers can
use network ACLs, which are stateless firewalls that can be applied to subnets. Security groups cannot protect data that is cached by Amazon CloudFront, as they only apply to EC2 instances. To protect data that is cached by
Amazon CloudFront, customers can use encryption, signed URLs, or signed cookies. Security groups are not stateless firewalls, as they track the state of the traffic and automatically allow the response traffic to flow back to
the source. Stateless firewalls do not track the state of the traffic and require rules for both inbound and outbound traffic.
QUESTION 12
A company needs to centralize its operational dat a. The company also needs to automate tasks across all of its Amazon EC2 instances.
Which AWS service can the company use to meet these requirements?
A. AWS Trusted Advisor

B. AWS Systems Manager
C. AWS CodeDeploy
D. AWS Elastic Beanstalk

Correct Answer: B
Section:
Explanation:
AWS Systems Manager is a service that enables users to centralize and automate the management of their AWS resources. It provides a unified user interface to view operational data, such as inventory, patch compliance,
and performance metrics. It also allows users to automate common and repetitive tasks, such as patching, backup, and configuration management, across all of their Amazon EC2 instances1. AWS Trusted Advisor is a service
that provides best practices and recommendations to optimize the performance, security, and cost of AWS resources2. AWS CodeDeploy is a service that automates the deployment of code and applications to Amazon EC2
instances or other compute services3. AWS Elastic Beanstalk is a service that simplifies the deployment and management of web applications using popular platforms, such as Java, PHP, and Node.js4.
QUESTION 13
A company needs Amazon EC2 instances for a workload that can tolerate interruptions.
Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-Demand prices?
A. Spot Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Dedicated Hosts
Correct Answer: A
Section:
Explanation:
Spot Instances are spare Amazon EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for workloads that can tolerate interruptions, such as batch processing, data analysis,
and testing. Spot Instances are allocated based on the current supply and demand, and can be reclaimed by AWS with a two-minute notice when the demand exceeds the supply5. Convertible Reserved Instances are a type of
Reserved Instances that provide a significant discount (up to 54%) compared to On-Demand prices and a capacity reservation for Amazon EC2 instances. They are available in 1-year or 3-year terms and allow users to change
the instance family, size, operating system, or tenancy during the term. Standard Reserved Instances are another type of Reserved Instances that provide a larger discount (up to 75%) compared to On-Demand prices and a
www.VCEplus.io
capacity reservation for Amazon EC2 instances. They are available in 1-year or 3-year terms and do not allow users to change the instance attributes during the term. Dedicated Hosts are physical servers with Amazon EC2
instance capacity fully dedicated to the user's use. They are suitable for users who have specific server-bound software licenses or compliance requirements.
QUESTION 14
Which AWS service can defend against DDoS attacks?
A. AWS Firewall Manager

B. AWS Shield Standard
C. AWS WAF
D. Amazon Inspector
Correct Answer: B
Section:
Explanation:
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It automatically detects and mitigates the most common and
frequently occurring network and transport layer DDoS attacks that target AWS resources, such as Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS
Firewall Manager is a service that allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced protections, and Amazon VPC
security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security
assessment service that helps improve the security and compliance of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.
QUESTION 15
A company wants its Amazon EC2 instances to share the same geographic area but use redundant underlying power sources.
Which solution will meet these requirements?

A. Use EC2 instances across multiple Availability Zones in the same AWS Region.
B. Use Amazon CloudFront as the database for the EC2 instances.
C. Use EC2 instances in the same edge location and the same Availability Zone.
D. Use EC2 instances in AWS OpsWorks stacks in different AWS Regions.
Correct Answer: A
Section:
Explanation:
Using EC2 instances across multiple Availability Zones in the same AWS Region is a solution that meets the requirements of sharing the same geographic area but using redundant underlying power sources. Availability Zones
are isolated locations within an AWS Region that have independent power, cooling, and physical security. They are connected through low-latency, high-throughput, and highly redundant networking. By launching EC2
instances in different Availability Zones, users can increase the fault tolerance and availability of their applications. Amazon CloudFront is a content delivery network (CDN) service that speeds up the delivery of web content
and media to end users by caching it at the edge locations closer to them. It is not a database service and cannot be used to store operational data for EC2 instances. Edge locations are sites that are part of the Amazon
CloudFront network and are located in many cities around the world. They are not the same as Availability Zones and do not provide redundancy for EC2 instances. AWS OpsWorks is a configuration management service that
allows users to automate the deployment and management of applications using Chef or Puppet. It can be used to create stacks that span multiple AWS Regions, but this would not meet the requirement of sharing the same
geographic area.
QUESTION 16
A company needs to design a solution for the efficient use of compute resources for an enterprise workload. The company needs to make informed decisions as its technology needs evolve.
Which pillar of the AWS Well-Architected Framework do these requirements represent?
A. Operational excellence
B. Performance efficiency
C. Cost optimization
D. Reliability
Correct Answer: B
www.VCEplus.io
Section:
Explanation:
Performance efficiency is the pillar of the AWS Well-Architected Framework that represents the requirements of designing a solution for the efficient use of compute resources for an enterprise workload and making informed
decisions as the technology needs evolve. It focuses on using the right resources and services for the workload, monitoring performance, and continuously improving the efficiency of the solution. Operational excellence is
the pillar of the AWS Well-Architected Framework that represents the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. Cost optimization is the
pillar of the AWS Well-Architected Framework that represents the ability to run systems to deliver business value at the lowest price point. Reliability is the pillar of the AWS Well-Architected Framework that represents the
ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
QUESTION 17
What are some advantages of using Amazon EC2 instances lo host applications in the AWS Cloud instead of on premises? (Select TWO.)
A. EC2 includes operating system patch management

B. EC2 integrates with Amazon VPC. AWS CloudTrail, and AWS Identity and Access Management (1AM)
C. EC2 has a 100% service level agreement (SLA).
D. EC2 has a flexible, pay-as-you-go pricing model.
E. EC2 has automatic storage cost optimization.
Correct Answer: B, D
Section:
Explanation:
Some of the advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises are:
EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM).

Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. AWS CloudTrail enables governance, compliance, operational auditing,
and risk auditing of your AWS account. AWS IAM enables you to manage access to AWS services and resources securely. Therefore, the correct answer is B. You can learn more about Amazon EC2 and its integration with other
AWS services from this page.
EC2 has a flexible, pay-as-you-go pricing model. You only pay for the compute capacity you use, and you can scale up and down as needed. You can also choose from different pricing options, such as On-Demand, Savings
Plans, Reserved Instances, and Spot Instances, to optimize your costs.
Therefore, the correct answer is D. You can learn more about Amazon EC2 pricing from this page.
The other options are incorrect because:
EC2 does not include operating system patch management. You are responsible for managing and maintaining your own operating systems on EC2 instances. You can use AWS Systems Manager to automate common
maintenance tasks, such as applying patches, or use Amazon EC2 Image Builder to create and maintain secure images. Therefore, the incorrect answer is A.
EC2 does not have a 100% service level agreement (SLA). The EC2 SLA guarantees 99.99% availability for each EC2 Region, not for each individual instance. Therefore, the incorrect answer is C.
EC2 does not have automatic storage cost optimization. You are responsible for choosing the right storage option for your EC2 instances, such as Amazon Elastic Block Store (EBS) or Amazon Elastic File System (EFS), and
monitoring and optimizing your storage costs. You can use AWS Cost Explorer or
AWS Trusted Advisor to analyze and reduce your storage spending. Therefore, the incorrect answer is E.
QUESTION 18
Which option is an advantage of AWS Cloud computing that minimizes variable costs?
A. High availability
B. Economies of scale
C. Global reach
D. Agility
Correct Answer: B
Section:
Explanation:
www.VCEplus.io
One of the advantages of AWS Cloud computing is that it minimizes variable costs by leveraging economies of scale. This means that AWS can achieve lower costs per unit of computing resources by spreading the fixed costs
of building and maintaining data centers over a large number of customers.
As a result, AWS can offer lower and more predictable prices to its customers, who only pay for the resources they consume. Therefore, the correct answer is B. You can learn more about AWS pricing and economies of scale
from this page.
QUESTION 19
Which pillar of the AWS Well-Architected Framework focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures?
A. Cost optimization
B. Reliability
C. Operational excellence
D. Performance efficiency
Correct Answer: C
Section:
Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating systems in the cloud. The framework consists of five pillars: operational excellence, security, reliability, performance
efficiency, and cost optimization. The operational excellence pillar focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures. Therefore,
the correct answer is C. You can learn more about the AWS Well-Architected Framework and its pillars from this page.
QUESTION 20
Which benefit is included with an AWS Enterprise Support plan?

A. AWS Partner Network (APN) support at no cost
B. Designated support from an AWS technical account manager (TAM)
C. On-site support from AWS engineers
D. AWS managed compliance as code with AWS Config
Correct Answer: B
Section:
Explanation:
AWS offers different support plans to meet the needs of different customers. The AWS Enterprise Support plan is the highest level of support that provides customers with concierge-like service, where the main focus is
helping them achieve their outcomes and find success in the cloud. One of the benefits of the AWS Enterprise Support plan is that customers get designated support from an AWS technical account manager (TAM), who
provides consultative architectural and operational guidance based on their applications and use cases. Therefore, the correct answer is B. You can learn more about AWS support plans and their benefits from this page.
QUESTION 21
A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?
A. AWS Pricing Calculator

B. Amazon CloudWatch
C. AWS Cost Explorer
D. AWS Budgets
Correct Answer: A
Section:
Explanation:
www.VCEplus.io
AWS Pricing Calculator is a web-based planning tool that customers can use to create estimates for their AWS use cases. They can use it to model their solutions before building them, explore the AWS service price points, and
review the calculations behind their estimates. Therefore, the correct answer is A. You can learn more about AWS Pricing Calculator and how it works from this page.
QUESTION 22
A developer needs to build an application for a retail company. The application must provide realtime product recommendations that are based on machine learning.
Which AWS service should the developer use to meet this requirement?
A. AWS Health Dashboard

B. Amazon Personalize
C. Amazon Forecast
D. Amazon Transcribe
Correct Answer: B
Section:
Explanation:
Amazon Personalize is a fully managed machine learning service that customers can use to generate personalized recommendations for their users. It can also generate user segments based on the users' affinity for certain
items or item metadata. Amazon Personalize uses the customers' data to train and deploy custom recommendation models that can be integrated into their applications.
Therefore, the correct answer is B. You can learn more about Amazon Personalize and its use cases from this page.
QUESTION 23
A company deploys its application on Amazon EC2 instances. The application occasionally experiences sudden increases in demand. The company wants to ensure that its application can respond to changes in demand at the
lowest possible cost.
Which AWS service or tool will meet these requirements?

A. AWS Auto Scaling
B. AWS Compute Optimizer
D. AWS Well-Architected Framework
Correct Answer: A
Section:
Explanation:
AWS Auto Scaling is the AWS service or tool that will meet the requirements of ensuring that the application can respond to changes in demand at the lowest possible cost. AWS Auto Scaling allows users to automatically
adjust the number of Amazon EC2 instances based on the application's performance and availability needs. AWS Auto Scaling can also optimize costs by helping users select the most cost-effective EC2 instances for their
application1
QUESTION 24
Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?

B. AWS Compute Optimizer
C. AWS App Runner
D. AWS Systems Manager
Correct Answer: B
Section:
Explanation:
www.VCEplus.io
AWS Compute Optimizer is the AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data. AWS Compute Optimizer analyzes the
configuration and performance characteristics of the EC2 instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce
costs, and eliminate underutilized resources
QUESTION 25
A company wants to use a managed service to simplify the setup, operation, and scaling of its MySQL database in the AWS Cloud.
Which AWS service will meet these requirements?
A. Amazon EMR
B. Amazon RDS
C. Amazon Redshift
D. Amazon DynamoDB
Correct Answer: B
Section:
Explanation:
Amazon RDS is the AWS service that will meet the requirements of using a managed service to simplify the setup, operation, and scaling of a MySQL database in the AWS Cloud. Amazon RDS is a relational database service
that supports MySQL and other popular database engines. Amazon RDS handles routine database tasks such as provisioning, patching, backup, recovery, and scaling. Amazon RDS also offers high availability, security, and
compatibility features3
QUESTION 26
A company deploys its application to multiple AWS Regions and configures automatic failover between those Regions.
Which cloud concept does this architecture represent?
A. Security

B. Reliability
C. Scalability
D. Cost optimization
Correct Answer: B
Section:
Explanation:
Reliability is the cloud concept that this architecture represents. Reliability is the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and
mitigate disruptions such as misconfigurations or transient network issues. Deploying an application to multiple AWS Regions and configuring automatic failover between those Regions enhances the reliability of the
application by reducing the impact of regional failures and increasing the availability of the application4
QUESTION 27
A company's IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these
tasks will be completed automatically.
What should the company do to meet these requirements?
A. Deploy MySQL database server clusters on Amazon EC2 instances.

B. Use Amazon RDS with a MySQL database.
C. Use an AWS Cloud Form at ion template to deploy MySQL database servers on Amazon EC2 instances.
D. Migrate all the MySQL database data to Amazon S3.
Correct Answer: B
Section:
Explanation:
www.VCEplus.io
The company should use Amazon RDS with a MySQL database to meet the requirements of moving its workload to AWS so that the tasks of patching the database and taking backup snapshots of the data in the clusters will
be completed automatically. Amazon RDS is a managed service that simplifies the setup, operation, and scaling of relational databases in the AWS Cloud. Amazon RDS automates common database administration tasks such
as patching, backup, and recovery. Amazon RDS also supports MySQL and other popular database engines5
QUESTION 28
A company recently migrated to the AWS Cloud. The company needs to determine whether its newly imported Amazon EC2 instances are the appropriate size and type.
Which AWS services can provide this information to the company? {Select TWO.)
A. AWS Auto Scaling

B. AWS Control Tower
C. AWS Trusted Advisor
D. AWS Compute Optimizer
E. Amazon Forecast
Correct Answer: C, D
Section:
Explanation:
AWS Trusted Advisor and AWS Compute Optimizer are the AWS services that can provide information to the company about whether its newly imported Amazon EC2 instances are the appropriate size and type. AWS Trusted
Advisor is an online tool that provides best practices recommendations in five categories: cost optimization, performance, security, fault tolerance, and service limits. AWS Trusted Advisor can help users identify underutilized
or idle EC2 instances, and suggest ways to reduce costs and improve performance. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of EC2 instances and delivers recommendations
for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized resources
QUESTION 29
A company has a social media platform in which users upload and share photos with other users. The company wants to identify and remove inappropriate photos. The company has no machine learning (ML) scientists and

must build this detection capability with no ML expertise.
Which AWS service should the company use to build this capability?
A. Amazon SageMaker
B. Amazon Textract
C. Amazon Rekognition
D. Amazon Comprehend
Correct Answer: C
Section:
Explanation:
Amazon Rekognition is the AWS service that the company should use to build the capability of identifying and removing inappropriate photos. Amazon Rekognition is a service that uses deep learning technology to analyze
images and videos for various purposes, such as face detection, object recognition, text extraction, and content moderation. Amazon Rekognition can help users detect unsafe or inappropriate content in images and videos,
such as nudity, violence, or drugs, and provide confidence scores for each label. Amazon Rekognition does not require any machine learning expertise, and users can easily integrate it with other AWS services
QUESTION 30
A company's user base needs to remotely access virtual desktop computers from the internet Which AWS service provides this functionality?
A. Amazon Connect
B. Amazon Cognito
C. Amazon Workspaces
D. Amazon Upstream 2.0
Correct Answer: C
Section:
Explanation:
www.VCEplus.io
Amazon Workspaces is the AWS service that provides the functionality of remotely accessing virtual desktop computers from the internet. Amazon Workspaces is a fully managed, secure desktop-as-aservice (DaaS) solution
that allows users to provision cloud-based virtual desktops and access them from anywhere, using any supported device. Amazon Workspaces helps users reduce the complexity and cost of managing and maintaining physical
desktops, and provides a consistent and secure user experience
QUESTION 31
Amazon Elastic File System (Amazon EFS) and Amazon FSx offer which type of storage?
A. File storage
B. Object storage
C. Block storage
D. Instance store
Correct Answer: A
Section:
Explanation:
Amazon Elastic File System (Amazon EFS) and Amazon FSx offer file storage. File storage is a type of storage that organizes data into files and folders, and allows multiple users or applications to access and share the same files
over a network. Amazon EFS is a fully managed, scalable, and elastic file system that supports the Network File System (NFS) protocol and can be used with Amazon EC2 instances and AWS Lambda functions. Amazon FSx is a
fully managed service that provides two file system options: Amazon FSx for Windows File Server, which supports the Server Message Block (SMB) protocol and is compatible with Microsoft Windows applications; and
Amazon FSx for Lustre, which is a high-performance file system that is optimized for compute-intensive workloads
QUESTION 32
Which AWS service or feature is used to Troubleshoot network connectivity issues between Amazon EC2 instances?

A. AWS Certificate Manager (ACM)
B. Internet gateway
C. VPC Flow Logs
D. AWS CloudHSM
Correct Answer: C
Section:
Explanation:
VPC Flow Logs is the AWS service or feature that is used to troubleshoot network connectivity issues between Amazon EC2 instances. VPC Flow Logs is a feature that enables users to capture information about the IP traffic
going to and from network interfaces in their VPC. VPC Flow Logs can help users monitor and diagnose network-related issues, such as traffic not reaching an instance, or an instance not responding to requests. VPC Flow Logs
can be published to Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose for analysis and storage.
QUESTION 33
Which factors affect costs in the AWS Cloud? (Select TWO.)
A. The number of unused AWS Lambda functions

B. The number of configured Amazon S3 buckets
C. Inbound data transfers without acceleration
D. Outbound data transfers without acceleration
E. Compute resources that are currently in use
Correct Answer: D, E
Section:
Explanation: www.VCEplus.io
Outbound data transfers without acceleration and compute resources that are currently in use are the factors that affect costs in the AWS Cloud. Outbound data transfers without acceleration refer to the amount of data that
is transferred from AWS to the internet, without using any service that can optimize the speed and cost of the data transfer, such as AWS Global Accelerator or Amazon CloudFront. Outbound data transfers are charged at
different rates depending on the source and destination AWS Regions, and the volume of data transferred. Compute resources that are currently in use refer to the AWS services and resources that provide computing
capacity, such as Amazon EC2 instances, AWS Lambda functions, or Amazon ECS tasks. Compute resources are charged based on the type, size, and configuration of the resources, and the duration and frequency of their
usage.
QUESTION 34
Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Select TWO.)
A. Perform operations as code.

B. Enable traceability.
C. Automatically scale to meet demand.
D. Deploy resources globally to improve response time.
E. Automatically recover from failure.
Correct Answer: C, E
Section:
Explanation:
The design principles that support the reliability pillar of the AWS Well-Architected Framework are:
automatically scale to meet demand, and automatically recover from failure. These principles help users design systems that can handle changes in load, avoid disruptions, and resume normal operations quickly.
Automatically scaling to meet demand means adjusting the capacity of the system based on the current and anticipated workload, using services such as AWS Auto Scaling, Amazon EC2, and AWS Lambda. Automatically
recovering from failure means detecting and resolving issues, using services such as Amazon CloudWatch, AWS CloudFormation, and AWS CloudTrail

QUESTION 35
Which of the following are user authentication services managed by AWS? (Select TWO.)
A. Amazon Cognito
B. AWS Lambda
C. AWS License Manager
D. AWS Identity and Access Management (1AM)
E. AWS CodeStar
Correct Answer: A, D
Section:
Explanation:
The user authentication services managed by AWS are: Amazon Cognito and AWS Identity and Access Management (IAM). These services help users securely manage and control access to their
AWS resources and applications. Amazon Cognito is a service that provides user sign-up, sign-in, and access control for web and mobile applications. Amazon Cognito supports various identity providers, such as Facebook,
Google, and Amazon, as well as custom user pools. AWS IAM is a service that enables users to create and manage users, groups, roles, and permissions for AWS services and resources. AWS IAM supports various
authentication methods, such as passwords, access keys, and multi-factor authentication (MFA)
QUESTION 36
company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?
A. Reliability
B. Security
C.
D.
Operational excellence
Performance efficiency www.VCEplus.io
Correct Answer: B
Section:
Explanation:
The pillar of the AWS Well-Architected Framework that is supported by the goals of protecting AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks is security. Security is the
ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies. The security pillar covers topics such as identity and access management, data protection,
infrastructure protection, detective controls, incident response, and compliance
QUESTION 37
A company is configuring its AWS Cloud environment. The company's administrators need to group users together and apply permissions to the group.
Which AWS service or feature can the company use to meet these requirements?
A. AWS Organizations
B. Resource groups
C. Resource tagging
D. AWS Identity and Access Management (1AM)
Correct Answer: D
Section:
Explanation:
The AWS service or feature that the company can use to group users together and apply permissions to the group is AWS Identity and Access Management (IAM). AWS IAM is a service that enables users to create and manage
users, groups, roles, and permissions for AWS services and resources. Users can use IAM groups to organize multiple users that have similar access requirements, and attach policies to the groups that define the permissions
for the users in the group. This simplifies the management and administration of user access

QUESTION 38
A company has two AWS accounts in an organization in AWS Organizations for consolidated billing.
All of the company's AWS resources are hosted in one AWS Region.
Account A has purchased five Amazon EC2 Standard Reserved Instances (RIs) and has four EC2 instances running. Account B has not purchased any RIs and also has four EC2 instances running.
Which statement is true regarding pricing for these eight instances?
A. The eight instances will be charged as regular instances.

B. Four instances will be charged as RIs, and four will be charged as regular instances.
C. Five instances will be charged as RIs, and three will be charged as regular instances.
D. The eight instances will be charged as RIs.
Correct Answer: B
Section:
Explanation:
The statement that is true regarding pricing for these eight instances is: four instances will be charged as RIs, and four will be charged as regular instances. Amazon EC2 Reserved Instances (RIs) are a pricing model that allows
users to reserve EC2 instances for a specific term and benefit from discounted hourly rates and capacity reservation. RIs are purchased for a specific AWS Region, and can be shared across multiple accounts in an organization
in AWS Organizations for consolidated billing. However, RIs are applied on a first-come, first-served basis, and there is no guarantee that all instances in the organization will be charged at the RI rate. In this case, Account A
has purchased five
RIs and has four instances running, so all four instances will be charged at the RI rate. Account B has not purchased any RIs and also has four instances running, so all four instances will be charged at the regular rate. The
remaining RI in Account A will not be applied to any instance in Account B, and will be wasted.
QUESTION 39
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
A.
B.
C.
Elimination of expenses for running and maintaining data centers
www.VCEplus.io
Price discounts that are identical to discounts from hardware providers
Distribution of all operational controls to AWS
D. Elimination of operational expenses
Correct Answer: A
Section:
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is:
elimination of expenses for running and maintaining data centers. By moving on-premises workloads to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating physical servers, storage,
network equipment, and facilities. These costs include hardware purchase, maintenance, repair, power, cooling, security, and staff. Users can also benefit from the pay-as-yougo pricing model of AWS, which allows them to
pay only for the resources they use, and scale up or down as needed.
QUESTION 40
Which of the following is a cost efficiency principle related to the AWS Cloud?
A. Right-size services based on capacity requirements.

B. Use the Billing Dashboard to access information about monthly bills.
C. Use AWS Organizations to combine the expenses of multiple accounts into a single bill.
D. Tag all AWS resources.
Correct Answer: A
Section:
Explanation:

One of the cost efficiency principles related to the AWS Cloud is to right-size services based on capacity requirements. This means choosing the most appropriate type and size of AWS resources to meet the performance and
scalability needs of the applications, while avoiding over-provisioning or under-provisioning. By right-sizing services, users can optimize the costs and benefits of using the AWS Cloud1
QUESTION 41
A cloud engineer needs to download AWS security and compliance documents for an upcoming audit.
Which AWS service can provide the documents?

B. AWS Artifact
C. AWS Well-Architected Tool
Correct Answer: B
Section:
Explanation:
AWS Artifact is the AWS service that can provide security and compliance documents for an upcoming audit. AWS Artifact is a self-service portal that allows users to access and download AWS compliance reports and
agreements. These documents provide evidence of AWS's compliance with global, regional, and industry-specific security standards and regulations
QUESTION 42
A company has been storing monthly reports in an Amazon S3 bucket. The company exports the report data into comma-separated values (.csv) files. A developer wants to write a simple query that can read all of these files
and generate a summary report.
Which AWS service or feature should the developer use to meet these requirements with the LEAST amount of operational overhead?
A. Amazon S3 Select
B.
C.
Amazon Athena
Amazon Redshift
www.VCEplus.io
D. Amazon EC2
Correct Answer: B
Section:
Explanation:
Amazon Athena is the AWS service that the developer should use to write a simple query that can read all of the .csv files stored in an Amazon S3 bucket and generate a summary report. Amazon Athena is an interactive
query service that allows users to analyze data in Amazon S3 using standard SQL. Amazon Athena does not require any server setup or management, and users only pay for the queries they run. Amazon Athena can handle
various data formats, including .csv, and can integrate with other AWS services such as Amazon QuickSight for data visualization
QUESTION 43
Which task requires the use of AWS account root user credentials?
A. The deletion of 1AM users

B. The change to a different AWS Support plan
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances
Correct Answer: C
Section:
Explanation:
The creation of an organization in AWS Organizations requires the use of AWS account root user credentials. The AWS account root user is the email address that was used to create the AWS account. The root user has
complete access to all AWS services and resources in the account, and can perform sensitive tasks such as changing the account settings, closing the account, or creating an organization. The root user credentials should be

used sparingly and securely, and only for tasks that cannot be performed by IAM users or roles4
QUESTION 44
Which feature of the AWS Cloud gives users the ability to pay based on current needs rather than forecasted needs?
A. AWS Budgets
B. Pay-as-you-go pricing
C. Volume discounts
D. Savings Plans
Correct Answer: B
Section:
Explanation:
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on current needs rather than forecasted needs. Pay-as-you-go pricing means that users only pay for the AWS services and
resources they use, without any upfront or long-term commitments. This allows users to scale up or down their usage depending on their changing business requirements, and avoid paying for idle or unused capacity. Pay-as-
you-go pricing also enables users to benefit from the economies of scale and lower costs of AWS as they grow their business5
QUESTION 45
What does the Amazon S3 Intelligent-Tiering storage class offer?
A. Payment flexibility by reserving storage capacity

B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure, durable, and lowest cost storage for data archival
Correct Answer: C
www.VCEplus.io
Section:
Explanation:
The Amazon S3 Intelligent-Tiering storage class offers automatic cost savings by moving objects between tiers based on access pattern changes. This storage class is designed for data with unknown or changing access
patterns. It has two access tiers: frequent access and infrequent access. Objects are stored in the frequent access tier by default, and are moved to the infrequent access tier after 30 consecutive days of no access. If an object
in the infrequent access tier is accessed, it is moved back to the frequent access tier. There are no retrieval fees in S3 Intelligent-Tiering, and no additional tiering fees when objects are moved between access tiers within the
S3 Intelligent-Tiering storage class1.
QUESTION 46
Which AWS service gives users the ability to provision a dedicated and private network connection from their internal network to AWS?
A. AWS CloudHSM
B. AWS Direct Connect
C. AWS VPN
D. Amazon Connect
Correct Answer: B
Section:
Explanation:
AWS Direct Connect gives users the ability to provision a dedicated and private network connection from their internal network to AWS. AWS Direct Connect links the user's internal network to an AWS Direct Connect location
over a standard Ethernet fiber-optic cable. One end of the cable is connected to the user's router, the other to an AWS Direct Connect router. With this connection in place, the user can create virtual interfaces directly to the
AWS cloud and Amazon Virtual Private Cloud (Amazon VPC), bypassing internet service providers in the network path2.

QUESTION 47
A company is hosting a web application in a Docker container on Amazon EC2.
AWS is responsible for which of the following tasks?
A. Scaling the web application and services developed with Docker

B. Provisioning or scheduling containers to run on clusters and maintain their availability
C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud
D. Managing the guest operating system, including updates and security patches
Correct Answer: C
Section:
Explanation:
AWS is responsible for performing hardware maintenance in the AWS facilities that run the AWS Cloud. This is part of the shared responsibility model, where AWS is responsible for the security of the cloud, and the customer
is responsible for security in the cloud. AWS is also responsible for the global infrastructure that runs all of the services offered in the AWS Cloud, including the hardware, software, networking, and facilities that run AWS
Cloud services3. The customer is responsible for the guest operating system, including updates and security patches, as well as the web application and services developed with Docker4.
QUESTION 48
Which design principle should be considered when architecting in the AWS Cloud?
A. Think of servers as non-disposable resources.

B. Use synchronous integration of services.
C. Design loosely coupled components.
D. Implement the least permissive rules for security groups.
Correct Answer: C
Section:
www.VCEplus.io
Explanation:
Designing loosely coupled components is a design principle that should be considered when architecting in the AWS Cloud. Loose coupling is a way of designing systems to reduce interdependencies and minimize the impact
of changes. Loose coupling allows components to interact with each other through well-defined interfaces, rather than direct references. This reduces the risk of failures and errors propagating across the system, and enables
greater scalability, availability, and maintainability5.
QUESTION 49
Which AWS service or tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?
A. AWS Identity and Access Management (1AM)

B. AWS Organizations
D. AWS Budgets
Correct Answer: B
Section:
Explanation:
AWS Organizations helps to centrally manage billing and allow controlled access to resources across AWS accounts. AWS Organizations is a service that enables the user to consolidate multiple AWS accounts into an
organization that can be managed as a single unit. AWS Organizations allows the user to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that
users and roles can access in the accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization into a single bill.
QUESTION 50
Which AWS service or feature can be used to estimate costs before deployment?

A. AWS Free Tier
B. AWS Pricing Calculator
C. AWS Billing and Cost Management
D. AWS Cost and Usage Report
Correct Answer: B
Section:
Explanation:
AWS Pricing Calculator can be used to estimate costs before deployment. AWS Pricing Calculator is a tool that helps the user to compare the cost of AWS services for different use cases and configurations. The user can create
estimates for various AWS services, such as Amazon EC2, Amazon S3, Amazon RDS, and more. The user can also adjust the parameters, such as region, instance type, storage size, and duration, to see how they affect the cost.
AWS Pricing Calculator provides a detailed breakdown of the estimated cost, as well as a summary of the key drivers of the cost.
QUESTION 51
Which of the following promotes AWS Cloud architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems?
A. AWS Serverless Application Model framework

B. AWS Business Support
C. Principle of least privilege
D. AWS Well-Architected Framework
Correct Answer: D
Section:
Explanation:
www.VCEplus.io
AWS Well-Architected Framework promotes AWS Cloud architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems. AWS Well-Architected Framework is a set of guidelines and
best practices that help the user to evaluate and improve the architecture of their applications and workloads on AWS. AWS Well-Architected Framework consists of five pillars:
operational excellence, security, reliability, performance efficiency, and cost optimization. Each pillar provides a set of design principles, questions, and best practices that help the user to achieve the desired outcomes for
their systems.
QUESTION 52
A company has refined its workload to use specific AWS services to improve efficiency and reduce cost. Which task is a customer's responsibility, according to the AWS shared responsibility model?
A. Management of the guest operating systems

B. Maintenance of the configuration of infrastructure devices
C. Management of the host operating systems and virtualization
D. Maintenance of the software that powers Availability Zones
Correct Answer: A
Section:
Explanation:
Management of the guest operating systems is a customer's responsibility, according to the AWS shared responsibility model. The AWS shared responsibility model defines the different security and compliance
responsibilities of AWS and the customer. AWS is responsible for the security of the cloud, which includes the physical infrastructure, hardware, software, and facilities that run the AWS Cloud. The customer is responsible for
security in the cloud, which includes the configuration and management of the guest operating systems, applications, data, and network traffic protection
QUESTION 53
Which best practice for cost governance does this example show?
A. Resource controls

B. Cost allocation
C. Architecture optimization
D. Tagging enforcement
Correct Answer: C
Section:
Explanation:
Architecture optimization is the best practice for cost governance that this example shows.
Architecture optimization is the process of designing and implementing AWS solutions that are efficient, scalable, and cost-effective. By using specific AWS services to improve efficiency and reduce cost, the company is
following the architecture optimization best practice. Some of the techniques for architecture optimization include using the right size and type of resources, leveraging elasticity and scalability, choosing the most suitable
storage class, and using serverless and managed services2.
QUESTION 54
Which activity can companies complete by using AWS Organizations?
A. Troubleshoot the performance of applications.

B. Manage service control policies (SCPs).
C. Migrate applications to microservices.
D. Monitor the performance of applications.
Correct Answer: B
Section:
Explanation:
www.VCEplus.io
Managing service control policies (SCPs) is an activity that companies can complete by using AWS Organizations. AWS Organizations is a service that enables the user to consolidate multiple AWS accounts into an organization
that can be managed as a single unit. AWS Organizations allows the user to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles
can access in the accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization into a single bill3.
QUESTION 55
Which AWS service or feature is used to send both text and email messages from distributed applications?
A. Amazon Simple Notification Service (Amazon SNS)

B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)
Correct Answer: A
Section:
Explanation:
Amazon Simple Notification Service (Amazon SNS) is the AWS service or feature that is used to send both text and email messages from distributed applications. Amazon SNS is a fully managed pub/sub messaging service that
enables the user to send messages to multiple subscribers or endpoints, such as email addresses, phone numbers, HTTP endpoints, AWS Lambda functions, and more. Amazon SNS can be used to send notifications, alerts,
confirmations, and reminders from applications to users or other applications4.
QUESTION 56
Which of the following is a benefit of decoupling an AWS Cloud architecture?
A. Reduced latency
B. Ability to upgrade components independently
C. Decreased costs

D. Fewer components to manage
Correct Answer: B
Section:
Explanation:
A benefit of decoupling an AWS Cloud architecture is the ability to upgrade components independently. Decoupling is a way of designing systems to reduce interdependencies and minimize the impact of changes. Decoupling
allows components to interact with each other through welldefined interfaces, rather than direct references. This reduces the risk of failures and errors propagating across the system, and enables greater scalability,
availability, and maintainability. By decoupling an AWS Cloud architecture, the user can upgrade or modify one component without affecting the other components5.
QUESTION 57
Which of the following describes an AWS Region?
A. A specific location within a geographic area that provides high availability

B. A set of data centers spanning multiple countries
C. A global picture of a user's cloud computing environment
D. A collection of databases that can be accessed from a specific geographic area only
Correct Answer: A
Section:
Explanation:
An AWS Region is a specific location within a geographic area that provides high availability. An AWS Region consists of two or more Availability Zones, which are isolated locations within the same Region. Each Availability
Zone has independent power, cooling, and physical security, and is connected to the other Availability Zones in the same Region by low-latency, high-throughput, and highly redundant networking. AWS services are available
in multiple Regions around the world, allowing the user to choose where to run their applications and store their data1.
QUESTION 58
www.VCEplus.io
A retail company is building a new mobile app. The company is evaluating whether to build the app at an on-premises data center or in the AWS Cloud.
responsibility model?
A. Amazon FSx for Windows File Server

B. Amazon Workspaces virtual Windows desktop
C. AWS Directory Service for Microsoft Active Directory
D. Amazon RDS for Microsoft SQL Server
Correct Answer: C
Section:
Explanation:
AWS Directory Service for Microsoft Active Directory is the AWS service that provides a managed Microsoft Active Directory in the AWS Cloud. It enables the user to use their existing Active Directory users, groups, and
policies to access AWS resources, such as Amazon EC2 instances, Amazon S3 buckets, and AWS Single Sign-On. It also integrates with other Microsoft applications and services, such as Microsoft SQL Server, Microsoft Office
365, and Microsoft SharePoint
QUESTION 59
Which AWS service should a cloud practitioner use to receive real-time guidance for provisioning resources, based on AWS best practices related to security, cost optimization, and service limits?

B. AWS Config
C. AWS Security Hub

Correct Answer: A
Section:
Explanation:
AWS Trusted Advisor is the AWS service that provides real-time guidance for provisioning resources, based on AWS best practices related to security, cost optimization, and service limits. AWS Trusted Advisor inspects the
user's AWS environment and provides recommendations for improving performance, security, and reliability, reducing costs, and following best practices. AWS Trusted Advisor also alerts the user when they are approaching
or exceeding their service limits, and helps them request limit increases3.
QUESTION 60
Which AWS service provides highly durable object storage?
A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon FSx
Correct Answer: A
Section:
Explanation:
Amazon S3 is the AWS service that provides highly durable object storage. Amazon S3 is designed to provide 99.999999999% durability of objects over a given year. This means that you can store your data with high
confidence that it will not be lost. Amazon S3 also provides high availability, scalability, security, and performance for your data. You can use Amazon S3 to store and retrieve any amount of data, at any time, from anywhere
on the web5.
QUESTION 61
Which pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value?
A.
B.
Operational excellence
Security
www.VCEplus.io
C. Reliability
Correct Answer: A
Section:
Explanation:
The operational excellence pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value. This principle states that you should
monitor and measure key performance indicators (KPIs) and set targets and thresholds that align with your business goals. You should also use feedback loops to continuously improve your processes and procedures1.
QUESTION 62
Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
A. AWS Support
B. AWS customers
C. AWS Key Management Service (AWS KMS)
D. AWS Trusted Advisor
Correct Answer: B
Section:
Explanation:
AWS customers are responsible for enabling encryption of data at rest for Amazon Elastic Block Store (Amazon EBS). Amazon EBS encryption offers a simple encryption solution for your EBS volumes that does not require you

to build, maintain, and secure your own key management infrastructure. You can encrypt both the boot and data volumes of your EC2 instances. You can use AWS Key Management Service (AWS KMS) customer master keys
(CMKs) or your own CMKs to encrypt your volumes2.
QUESTION 63
Who is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS?
A. Customer
B. AWS
C. Account creator
D. Auditing team
Correct Answer: B
Section:
Explanation:
AWS is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS. AWS follows strict and audited data destruction processes to ensure that customer data is not exposed to
unauthorized individuals or devices when an AWS storage device reaches the end of its useful life. AWS uses techniques detailed in DoD 5220.22-M ("National Industrial Security Program Operating Manual") or NIST 800-88
("Guidelines for Media Sanitization") to destroy data as part of the decommissioning process3.
QUESTION 64
A company wants to manage access and permissions for its third-party software as a service (SaaS) applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud
applications.
Which AWS service should the company use to meet these requirements?
A. Amazon Cognito
B.
C.
AWS 1AM Identity Center (AWS Single Sign-On)
AWS Identity and Access Management (1AM)
www.VCEplus.io
D. AWS Directory Service for Microsoft Active Directory
Correct Answer: B
Section:
Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is the AWS service that the company should use to meet the requirements of managing access and permissions for its third-party SaaS applications.
AWS Single Sign-On is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. You can use AWS Single Sign-On to enable your users to sign
in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place4.
QUESTION 65
A large company wants to track the combined AWS usage costs of all of its linked accounts.
How can this be accomplished?
A. Use AWS Trusted Advisor to generate customized summary reports.

B. Use AWS Organizations to generate consolidated billing reports.
C. Use AWS Budgets to set utilization targets and receive summary reports.
D. Use the AWS Control Tower dashboard to get a summary report of all linked account costs.
Correct Answer: B
Section:
Explanation:
The company can use AWS Organizations to track the combined AWS usage costs of all of its linked accounts. AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that

you can manage centrally. You can use AWS Organizations to create a consolidated billing report that shows the charges incurred by each account in your organization as well as the total charges across all accounts. You can
also use AWS Organizations to apply policies and controls to your accounts to help you manage costs and security5.
QUESTION 66
A company wants its Amazon EC2 instances to operate in a highly available environment, even if there is a natural disaster in a particular geographic area.
Which solution achieves this goal?
A. Use EC2 instances in a single Availability Zone.

B. Use EC2 instances in multiple AWS Regions.
C. Use EC2 instances in multiple edge locations.
D. Use Amazon CloudFront with the EC2 instances configured as the source.
Correct Answer: B
Section:
Explanation:
To achieve high availability in the event of a natural disaster, the company should use EC2 instances in multiple AWS Regions. AWS Regions are geographically isolated areas that consist of multiple Availability Zones.
Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. By using EC2 instances in multiple AWS Regions, the company can ensure that its applications can
continue to run even if one Region is affected by a disaster. AWS Global InfrastructureAWS Well-Architected Framework
QUESTION 67
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:
A. a loosely coupled architecture.

B.
C.
D.
a tightly coupled architecture.
a stateless architecture.
a stateful architecture.
www.VCEplus.io
Correct Answer: A
Section:
Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled architecture. A loosely coupled architecture is one where the components
are independent and can communicate with each other through well-defined interfaces. This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are
interdependent and rely on each other for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected Framework
QUESTION 68
Which of the following are design principles for reliability in the AWS Cloud? (Select TWO.)
A. Build architectures with tightly coupled resources.

B. Use AWS Trusted Advisor to meet security best practices.
C. Use automation to recover immediately from failure.
D. Rightsize Amazon EC2 instances to ensure optimal performance.
E. Simulate failures to test recovery processes.
Section:
Explanation:
The design principles for reliability in the AWS Cloud are:
Test recovery procedures. The best way to ensure that systems can recover from failures is to regularly test them using simulated scenarios. This can help identify gaps and improve the recovery process.

Automatically recover from failure. By using automation, systems can detect and correct failures without human intervention. This can reduce the impact and duration of failures and improve the availability of the system.
Scale horizontally to increase aggregate system availability. By adding more redundant resources to the system, the impact of individual resource failures can be reduced. This can also improve the performance and scalability
of the system.
Stop guessing capacity. By using monitoring and automation, systems can adjust the capacity based on the demand and performance metrics. This can prevent failures due to insufficient or excessive capacity and optimize the
cost and efficiency of the system.
Manage change in automation. By using automation, changes to the system can be applied in a consistent and controlled manner. This can reduce the risk of human errors and configuration drifts that can cause failures. AWS
Well-Architected Framework
QUESTION 69
Which statements represent the cost-effectiveness of the AWS Cloud? (Select TWO.)
A. Users can trade fixed expenses for variable expenses.

B. Users can deploy all over the world in minutes.
C. AWS offers increased speed and agility.
D. AWS is responsible for patching the infrastructure.
E. Users benefit from economies of scale.
Correct Answer: A, E
Section:
Explanation:
The statements that represent the cost-effectiveness of the AWS Cloud are:
Users can trade fixed expenses for variable expenses. By using the AWS Cloud, users can pay only for the resources they use, instead of investing in fixed and upfront costs for hardware and software. This can lower the total
cost of ownership and increase the return on investment.
Users benefit from economies of scale. By using the AWS Cloud, users can leverage the massive scale and efficiency of AWS to access lower prices and higher performance. AWS passes the cost savings to the users through
price reductions and innovations. AWS Cloud Value Framework
QUESTION 70
www.VCEplus.io
A company wants to migrate its on-premises data warehouse to AWS. The information in the data warehouse is used to populate analytics dashboards.
Which AWS service should the company use for the data warehouse?
A. Amazon ElastiCache
B. Amazon Aurora
C. Amazon RDS
D. Amazon Redshift
Correct Answer: D
Section:
Explanation:
The AWS service that the company should use for the data warehouse is Amazon Redshift. Amazon Redshift is a fully managed, petabyte-scale data warehouse service that is optimized for analytical queries. It can integrate
with various data sources and business intelligence tools to provide fast and cost-effective insights. Amazon Redshift also offers high availability, scalability, security, and compliance features. [Amazon Redshift Overview]
QUESTION 71
Which benefit does Amazon Rekognition provide?
A. The ability to place watermarks on images

B. The ability to detect objects that appear in pictures
C. The ability to resize millions of images automatically
D. The ability to bid on object detection jobs

Correct Answer: B
Section:
Explanation:
Amazon Rekognition is a service that provides deep learning-based image and video analysis. One of the benefits of Amazon Rekognition is the ability to detect objects that appear in pictures, such as faces, landmarks,
animals, text, and scenes. This can enable applications to perform tasks such as face recognition, face verification, face comparison, face search, celebrity recognition, emotion detection, age range estimation, gender
identification, facial analysis, facial expression recognition, and more. Amazon Rekognition OverviewAWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 72
Which AWS service uses a combination of publishers and subscribers?
A. AWS Lambda
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon CloudWatch
D. AWS CloudFormation
Correct Answer: B
Section:
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers.
Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and
subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S
endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 73
www.VCEplus.io
A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?
A. Amazon API Gateway

B. 1AM users
C. AWS Security Token Service (AWS STS)
D. 1AM instance profiles
Correct Answer: C
Section:
Explanation:
AWS Security Token Service (AWS STS) is a service that enables applications to request temporary, limited-privilege credentials for authentication with other AWS APIs. AWS STS can be used to grant access to AWS resources
to users who are federated (using IAM roles), switched (using IAM users), or cross-account (using IAM roles). AWS STS can also be used to assume a role within the same account or a different account. The credentials issued
by AWS STS are short-term and have a limited scope, which can enhance the security and compliance of the application. AWS STS OverviewAWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 74
A company is migrating an application that includes an Oracle database to AWS. The company cannot rewrite the application.
To which AWS service could the company migrate the database?
A. Amazon Athena
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon DocumentDB (with MongoDB compatibility)

Correct Answer: C
Section:
Explanation:
Amazon Relational Database Service (Amazon RDS) is a service that provides fully managed relational database engines. Amazon RDS supports several database engines, including Oracle, MySQL, PostgreSQL, MariaDB, SQL
Server, and Amazon Aurora. Amazon RDS can be used to migrate an application that includes an Oracle database to AWS without rewriting the application, as long as the application is compatible with the Oracle version and
edition supported by Amazon RDS. Amazon RDS can also provide benefits such as high availability, scalability, security, backup and restore, and performance optimization. [Amazon RDS Overview] AWS Certified Cloud
Practitioner -aws.amazon.com
QUESTION 75
Which of the following is an AWS value proposition that describes a user's ability to scale infrastructure based on demand?
A. Speed of innovation
B. Resource elasticity
C. Decoupled architecture
D. Global deployment
Correct Answer: B
Section:
Explanation:
Resource elasticity is an AWS value proposition that describes a user's ability to scale infrastructure based on demand. Resource elasticity means that the user can provision or deprovision resources quickly and easily, without
any upfront commitment or long-term contract. Resource elasticity can help the user optimize the cost and performance of the application, as well as respond to changing business needs and customer expectations. Resource
elasticity can be achieved by using services such as Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, Amazon ECS, and AWS Lambda.
[AWS Cloud Value Framework] AWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 76
www.VCEplus.io
A company needs to continuously monitor its environment to analyze network and account activity and identify potential security threats.
A. AWS Artifact
B. Amazon Macie
C. AWS Identity and Access Management (1AM)
D. Amazon GuardDuty
Correct Answer: D
Section:
Explanation:
Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for the AWS environment. It analyzes network and account activity using machine learning and threat intelligence to
identify potential security threats, such as unauthorized access, compromised credentials, malicious hosts, and reconnaissance activities. It also generates detailed and actionable findings that can be viewed on the AWS
Management Console or sent to other AWS services, such as Amazon CloudWatch Events and AWS Lambda, for further analysis or remediation. Amazon GuardDuty OverviewAWS Certified Cloud Practitioner -
aws.amazon.com
QUESTION 77
Which AWS service can report how AWS resource configurations have changed over time?
A. AWS CloudTrail
C. AWS Config
D. Amazon Inspector

Correct Answer: C
Section:
Explanation:
AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records the configuration changes of the resources and evaluates them against
desired configurations and best practices. It also provides a detailed view of the resource configuration history and relationships, as well as compliance reports and notifications.
AWS Config can help users maintain consistent and secure configurations, troubleshoot issues, and simplify compliance auditing. AWS Config OverviewAWS Certified Cloud Practitioner -aws.amazon.com
QUESTION 78
Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?
C. Pay-as-you-go pricing
D. Global reach
Correct Answer: C
Section:
Explanation:
Pay-as-you-go pricing is an AWS benefit that demonstrates the ability of users to replace upfront fixed expenses with variable expenses. With pay-as-you-go pricing, users only pay for the resources they consume, without any
long-term contracts or commitments. This can lower the total cost of ownership and increase the return on investment. Pay-as-you-go pricing also provides flexibility and scalability, as users can adjust their resource usage
according to their changing needs and demands. AWS Cloud Value FrameworkAWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 79
A company is using AWS Lambda functions to build an application.
www.VCEplus.io
Which tasks are the company's responsibility, according to the AWS shared responsibility model?
(Select TWO.)
A. Patch the servers where the Lambda functions are deployed.

B. Establish the 1AM permissions that define who can run the Lambda functions.
C. Write the code for the Lambda functions to define the application logic.
D. Deploy Amazon EC2 instances to support the Lambda functions.
E. Scale out the Lambda functions when the load increases.
Correct Answer: B, C
Section:
Explanation:
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the user is responsible for the security in the cloud. This means that AWS manages the security and maintenance of
the underlying infrastructure, such as the servers, networks, and operating systems, while the user manages the security and configuration of the resources and applications that run on AWS. For AWS Lambda functions, the
tasks that are the user's responsibility are:
Establish the IAM permissions that define who can run the Lambda functions. IAM is a service that enables users to manage access and permissions for AWS resources and users. Users can create IAM policies, roles, and users
to grant or deny permissions to run Lambda functions, invoke other AWS services, or access AWS resources from Lambda functions. [AWS Lambda Permissions] AWS Certified Cloud Practitioner - aws.amazon.com
Write the code for the Lambda functions to define the application logic. Lambda functions are units of code that can be written in any supported programming language, such as Python, Node.js, Java, or Go. Users can write
the code for the Lambda functions using the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS SDKs, or any code editor of their choice. Users can also use AWS Lambda Layers to share and
manage common code and dependencies across multiple functions. [AWS Lambda Overview] AWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 80
Which services can be used to deploy applications on AWS? (Select TWO.)

A. AWS Elastic Beanstalk
B. AWS Config
C. AWS OpsWorks
D. AWS Application Discovery Service
E. Amazon Kinesis
Section:
Explanation:
The services that can be used to deploy applications on AWS are:
AWS Elastic Beanstalk. This is a service that simplifies the deployment and management of web applications on AWS. Users can upload their application code and Elastic Beanstalk automatically handles the provisioning,
scaling, load balancing, monitoring, and health checking of the resources needed to run the application. Users can also retain full control and access to the underlying resources and customize their configuration settings.
Elastic Beanstalk supports multiple platforms, such as Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker. [AWS Elastic Beanstalk Overview] AWS Certified Cloud Practitioner - aws.amazon.com
AWS OpsWorks. This is a service that provides configuration management and automation for AWS resources. Users can define the application architecture and the configuration of each resource using Chef or Puppet, which
are popular open-source automation platforms. OpsWorks then automatically creates and configures the resources according to the user's specifications. OpsWorks also provides features such as auto scaling, monitoring, and
integration with other AWS services. OpsWorks has two offerings: OpsWorks for Chef Automate and OpsWorks for Puppet Enterprise. [AWS OpsWorks Overview] AWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 81
Which statement describes a characteristic of the AWS global infrastructure?
A. Edge locations contain multiple AWS Regions.

B. AWS Regions contain multiple Regional edge caches.
C. Availability Zones contain multiple data centers.
D. Each data center contains multiple edge locations.
Correct Answer: C
www.VCEplus.io
Section:
Explanation:
Availability Zones contain multiple data centers. This is a characteristic of the AWS global infrastructure, which consists of AWS Regions, Availability Zones, and edge locations. AWS Regions are geographically isolated areas
that contain multiple Availability Zones. Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures and connected by low-latency, high-throughput, and highly
redundant networking. Each Availability Zone contains one or more data centers that house the servers and storage devices that run AWS services. Edge locations are sites that are located closer to the end users and provide
caching and content delivery services. AWS Global InfrastructureAWS Certified Cloud Practitioner -aws.amazon.com
QUESTION 82
Which of the following is available to a company that has an AWS Business Support plan?
A. AWS Support concierge

B. AWS DDoS Response Team (DRT)
C. AWS technical account manager (TAM)
D. AWS Health API
Correct Answer: D
Section:
Explanation:
AWS Health API is available to a company that has an AWS Business Support plan. The AWS Health API provides programmatic access to the AWS Health information that is presented in the AWS Personal Health Dashboard.
The AWS Health API can help users get timely and personalized information about events that can affect the availability and performance of their AWS resources, such as scheduled maintenance, network issues, or service
disruptions. The AWS Health API can also integrate with other AWS services, such as Amazon CloudWatch Events and AWS Lambda, to enable automated actions and notifications. AWS Health API OverviewAWS Support Plans

QUESTION 83
Which pillar of the AWS Well-Architected Framework focuses on the return on investment of moving into the AWS Cloud?
A. Sustainability
B. Cost optimization
C. Operational excellence
D. Reliability
Correct Answer: B
Section:
Explanation:
Cost optimization is the pillar of the AWS Well-Architected Framework that focuses on the return on investment of moving into the AWS Cloud. Cost optimization means that users can achieve the desired business outcomes
at the lowest possible price point, while maintaining high performance and reliability. Cost optimization can be achieved by using various AWS features and best practices, such as pay-as-you-go pricing, right-sizing, elasticity,
reserved instances, spot instances, cost allocation tags, cost and usage reports, and AWS Trusted Advisor. [AWS Well-Architected Framework] AWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 84
Which AWS service or feature offers HTTP attack protection to users running public-facing web applications?
A. Security groups
B. Network ACLs
C. AWS Shield Standard
D. AWS WAF
Correct Answer: D
Section:
Explanation:
www.VCEplus.io
AWS WAF is the AWS service or feature that offers HTTP attack protection to users running publicfacing web applications. AWS WAF is a web application firewall that helps users protect their web applications from common
web exploits, such as SQL injection, cross-site scripting, and bot attacks.
Users can create custom rules to define the web traffic that they want to allow, block, or count. Users can also use AWS Managed Rules, which are pre-configured rules that are curated and maintained by AWS or AWS
Marketplace Sellers. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer, to provide comprehensive security for web applications. [AWS
WAF Overview] AWS Certified Cloud Practitioner -aws.amazon.com
QUESTION 85
What is an Availability Zone?
A. A location where users can deploy compute, storage, database, and other select AWS services where no AWS Region currently exists
B. One or more discrete data centers with redundant power, networking, and connectivity
C. One or more clusters of servers where new workloads can be deployed
D. A fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to users globally
Correct Answer: B
Section:
Explanation:
An Availability Zone is one or more discrete data centers with redundant power, networking, and connectivity. Availability Zones are part of the AWS global infrastructure, which consists of AWS Regions, Availability Zones, and
edge locations. Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures and connected by low-latency, high-throughput, and highly redundant networking.
Each Availability Zone contains one or more data centers that house the servers and storage devices that run AWS services. Availability Zones enable users to design and operate fault-tolerant and high-availability applications
on AWS. AWS Global InfrastructureAWS Certified Cloud Practitioner - aws.amazon.com

QUESTION 86
Which of the following is a cloud benefit that AWS offers to its users?
A. The ability to configure AWS data center hypervisors

B. The ability to purchase hardware in advance of increased traffic
C. The ability to deploy to AWS on a global scale
D. Compliance audits for user IT environments
Correct Answer: C
Section:
Explanation:
The ability to deploy to AWS on a global scale is a cloud benefit that AWS offers to its users. AWS has a global infrastructure that consists of AWS Regions, Availability Zones, and edge locations. Users can choose from multiple
AWS Regions around the world to deploy their applications and data closer to their end users, while also meeting their compliance and regulatory requirements. Users can also leverage AWS services, such as Amazon
CloudFront, Amazon Route 53, and AWS Global Accelerator, to improve the performance and availability of their global applications. AWS also provides tools and guidance to help users optimize their global deployments,
such as AWS Well-Architected Framework, AWS CloudFormation, and AWS Migration Hub. AWS Global Infrastructure [AWS Cloud Value Framework] AWS Certified Cloud Practitioner - aws.amazon.com
QUESTION 87
A company has created an AWS Cost and Usage Report and wants to visualize the report.
Which AWS service should the company use to ingest and display this information?
A. Amazon QuickSight
B. Amazon Pinpoint
C. Amazon Neptune
D. Amazon Kinesis
Correct Answer: A
www.VCEplus.io
Section:
Explanation:
Amazon QuickSight is an AWS service that provides business intelligence and data visualization capabilities. Amazon QuickSight enables you to ingest, analyze, and display data from various sources, such as AWS Cost and
Usage Reports, Amazon S3, Amazon Athena, Amazon Redshift, and Amazon RDS. You can use Amazon QuickSight to create interactive dashboards and charts that show insights and trends from your data. You can also share
your dashboards and charts with other users or embed them into your applications.
QUESTION 88
A company is migrating to the AWS Cloud to meet storage needs. The company wants to optimize costs based on the amount of storage that the company uses.
Which AWS offering or benefit will meet these requirements MOST cost-effectively?
A. Pay-as-you-go pricing
B. Savings Plans
C. AWS Free Tier
D. Volume-based discounts
Correct Answer: D
Section:
Explanation:
Volume-based discounts are an AWS offering or benefit that can help the company optimize costs based on the amount of storage that the company uses. Volume-based discounts are discounts that AWS provides for some
storage services, such as Amazon S3 and Amazon EBS, when the company stores a large amount of data. The more data the company stores, the lower the price per GB. For example, Amazon S3 offers six storage classes, each
with a different price per GB. The price per GB decreases as the amount of data stored in each storage class increases

QUESTION 89
A company wants to minimize network latency between its Amazon EC2 instances. The EC2 instances do not need to be highly available.
Which solution meets these requirements?
A. Use EC2 instances in a single Availability Zone.

B. Use Amazon CloudFront as the database for the EC2 instances.
C. Use EC2 instances in the same edge location and the same Availability Zone.
D. Use EC2 instances in the same edge location and the same AWS Region.
Correct Answer: A
Section:
Explanation:
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not needing high availability. An Availability Zone is a physically isolated
location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However,
EC2 instances in a single Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone
QUESTION 90
A company seeks cost savings in exchange for a commitment to use a specific amount of an AWS service or category ofAWS services for 1 year or 3 years.
Which AWS pricing model or offering will meet these requirements?
A. Pay-as-you-go pricing
B. Savings Plans
C. AWS Free Tier
D. Volume discounts
Correct Answer: B
www.VCEplus.io
Section:
Explanation:
Savings Plans are an AWS pricing model or offering that can meet the requirements of seeking cost savings in exchange for a commitment to use a specific amount of an AWS service or category of AWS services for 1 year or 3
years. Savings Plans are flexible plans that offer significant discounts on AWS compute usage, such as EC2, Lambda, and Fargate. The company can choose from two types of Savings Plans: Compute Savings Plans and EC2
Instance Savings Plans. Compute Savings Plans provide the most flexibility and apply to any eligible compute usage, regardless of instance family, size, region, operating system, or tenancy. EC2 Instance Savings Plans provide
more savings and apply to a specific instance family within a region. The company can select the amount of compute usage per hour (e.g., $10/hour) that they want to commit to for the duration of the plan (1 year or 3
years). The company will pay the discounted Savings Plan rate for the amount of usage that matches their commitment, and the regular on-demand rate for any usage beyond that
QUESTION 91
Which company needs to apply security rules to a subnet for Amazon EC2 instances.
Which AWS service or feature provides this functionality?
A. Network ACLs
B. Security groups
C. AWS Certificate Manager (ACM)
D. AWS Config
Correct Answer: A
Section:
Explanation:
Network ACLs (network access control lists) are an AWS service or feature that provides the functionality of applying security rules to a subnet for EC2 instances. A subnet is a logical partition of an IP network within a VPC
(virtual private cloud). A VPC is a logically isolated section of the AWS Cloud where the company can launch AWS resources in a virtual network that they define. A network ACL is a virtual firewall that controls the inbound

and outbound traffic for one or more subnets. The company can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not
track the traffic that flows through them. Therefore, the company must create rules for both inbound and outbound traffic4
QUESTION 92
Which AWS service can a company use to perform complex analytical queries?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon ElastiCache
Correct Answer: C
Section:
Explanation:
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire
new insights for your business and customers. Amazon Redshift is designed for complex analytical queries that often involve aggregations and joins across very large tables. Amazon Redshift supports standard SQL and
integrates with many existing business intelligence tools1.
QUESTION 93
Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework?
A. Vertical scaling
B. Manual failure recovery
C.
D.
Testing recovery procedures
Changing infrastructure manually www.VCEplus.io
Correct Answer: C
Section:
Explanation:
: Testing recovery procedures is the design principle that is achieved by following the reliability pillar of the AWS Well-Architected Framework. The reliability pillar focuses on the ability of a system to recover from failures and
prevent disruptions. Testing recovery procedures helps to ensure that the system can handle different failure scenarios and restore normal operations as quickly as possible.
Testing recovery procedures also helps to identify and mitigate any risks or gaps in the system design and implementation. For more information, see [Reliability Pillar] and [Testing for Reliability].
QUESTION 94
What is a benefit of moving to the AWS Cloud in terms of improving time to market?
A. Decreased deployment speed

B. Increased application security
C. Increased business agility
D. Increased backup capabilities
Correct Answer: C
Section:
Explanation:
Increased business agility is a benefit of moving to the AWS Cloud in terms of improving time to market. Business agility refers to the ability of a company to adapt to changing customer needs, market conditions, and
competitive pressures. Moving to the AWS Cloud enables business agility by providing faster access to resources, lower upfront costs, and greater scalability and flexibility. By using the AWS Cloud, companies can launch new
products and services, experiment with new ideas, and respond to customer feedback more quickly and efficiently. For more information, see [Benefits of Cloud Computing] and [Business Agility].

QUESTION 95
In which of the following AWS services should database credentials be stored for maximum security?

B. AWS Secrets Manager
C. Amazon S3
D. AWS Key Management Service (AWS KMS)
Correct Answer: B
Section:
Explanation:
AWS Secrets Manager is the AWS service where database credentials should be stored for maximum security. AWS Secrets Manager helps to protect the secrets, such as database credentials, passwords, API keys, and tokens,
that are used to access applications, services, and resources. AWS Secrets Manager enables secure storage, encryption, rotation, and retrieval of the secrets. AWS Secrets Manager also integrates with other AWS services,
such as AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), and AWS Lambda. For more information, see [What is AWS Secrets Manager?] and [Getting Started with AWS Secrets
Manager].
QUESTION 96
A company needs to configure rules to identify threats and protect applications from malicious network access.

B. Amazon QuickSight
C. AWS WAF
D. Amazon Detective
Correct Answer: C
www.VCEplus.io
Section:
Explanation:
AWS WAF is the AWS service that the company should use to configure rules to identify threats and protect applications from malicious network access. AWS WAF is a web application firewall that helps to filter, monitor, and
block malicious web requests based on customizable rules. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer. For more information, see
What is AWS WAF? and How AWS WAF Works.
QUESTION 97
Which option is an advantage of AWS Cloud computing that minimizes variable costs?
C. Global reach
D. Agility
Correct Answer: B
Section:
Explanation:
Economies of scale is the advantage of AWS Cloud computing that minimizes variable costs.
Economies of scale refers to the reduction in the cost per unit as the output increases. AWS Cloud computing leverages economies of scale by providing a large pool of shared resources that can be accessed on demand and
paid for as needed. AWS Cloud computing also passes the cost savings to the customers by offering lower prices and discounts. For more information, see Economies of Scale and AWS Pricing.
QUESTION 98

A company moves its infrastructure from on premises to the AWS Cloud. The company can now provision additional Amazon EC2 instances whenever the instances are required. With this ability, the company can launch new
marketing campaigns in 3 days instead of 3 weeks.
Which benefit of the AWS Cloud does this scenario demonstrate?
A. Cost savings
B. Improved operational resilience
C. Increased business agility
D. Enhanced security
Correct Answer: C
Section:
Explanation:
Increased business agility is the benefit of the AWS Cloud that this scenario demonstrates. Business agility refers to the ability of a company to adapt to changing customer needs, market conditions, and competitive
pressures. Moving to the AWS Cloud enables business agility by providing faster access to resources, lower upfront costs, and greater scalability and flexibility. By using the AWS Cloud, the company can launch new marketing
campaigns in 3 days instead of 3 weeks, which shows that it can respond to customer feedback more quickly and efficiently. For more information, see Benefits of Cloud Computing and [Business Agility].
QUESTION 99
A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud.
Which costs will the company eliminate with this migration? (Select TWO.)
A. Cost of data center operations

B. Cost of application licensing
C. Cost of marketing campaigns
D.
E.
Cost of physical server hardware
Cost of network management www.VCEplus.io
Section:
Explanation:
The costs that the company will eliminate with this migration are the cost of application licensing and the cost of physical server hardware. The cost of application licensing is the fee that the company has to pay to use the
software applications on its on-premises servers. The cost of physical server hardware is the expense that the company has to incur to purchase, maintain, and upgrade the servers and related equipment. By migrating to the
AWS Cloud, the company can avoid these costs by using the AWS services and resources that are already licensed and managed by AWS. For more information, see [Cloud Economics] and [AWS Total Cost of Ownership (TCO)
Calculator].
QUESTION 100
Which AWS Support plan assigns an AWS concierge agent to a company's account?
A. AWS Basic Support

B. AWS Developer Support
C. AWS Business Support
D. AWS Enterprise Support
Correct Answer: D
Section:
Explanation:
AWS Enterprise Support is the AWS Support plan that assigns an AWS concierge agent to a company's account. AWS Enterprise Support is the highest level of support that AWS offers, and it provides the most comprehensive
and personalized assistance. An AWS concierge agent is a dedicated technical account manager who acts as a single point of contact for the company and helps to optimize the AWS environment, resolve issues, and access
AWS experts. For more information, see [AWS Support Plans] and [AWS Concierge Support].

QUESTION 101
A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to access several AWS resources, including Amazon S3 and Amazon DynamoDB.
What is the MOST operationally efficient solution to delegate permissions?
A. Create an 1AM role with the required permissions. Attach the role to the EC2 instance.
B. Create an IAM user and use its access key and secret access key in the application.
C. Create an 1AM user and use its access key and secret access key to create a CLI profile in the EC2 instance.
D. Create an 1AM role with the required permissions. Attach the role to the administrative1AM user.
Correct Answer: A
Section:
Explanation:
Creating an IAM role with the required permissions and attaching the role to the EC2 instance is the most operationally efficient solution to delegate permissions. An IAM role is an entity that defines a set of permissions for
making AWS service requests. An IAM role can be assumed by an EC2 instance to access other AWS resources, such as Amazon S3 and Amazon DynamoDB, without having to store any credentials on the instance. This
solution is more secure and scalable than using IAM users and their access keys. For more information, see [IAM Roles for Amazon EC2] and [Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2
Instances].
QUESTION 102
Which encryption types can be used to protect objects at rest in Amazon S3? (Select TWO.)
A. Server-side encryption with AmazonS3 managed encryption keys (SSE-S3)

B. Server-side encryption with AWS KMSmanaged keys (SSE-KMS)
C. TLS
D.
E.
SSL
Transparent Data Encryption (TDE) www.VCEplus.io
Correct Answer: A, B
Section:
Explanation:
Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and server-side encryption with AWS KMS managed keys (SSE-KMS) are the encryption types that can be used to protect objects at rest in Amazon
S3. Server-side encryption means that Amazon S3 encrypts the objects before saving them on disks and decrypts them when they are downloaded. SSE-S3 uses one master key per bucket that is managed by Amazon S3. SSE-
KMS uses a customer master key (CMK) that is stored in AWS Key Management Service (AWS KMS) and provides additional benefits, such as audit trails and key rotation. For more information, see Protecting Data Using
Server-Side Encryption and Protecting Data Using Encryption.
QUESTION 103
A company is building an application that will receive millions of database queries each second. The company needs the data store for the application to scale to meet these needs.
Which AWS service will meet this requirement?
A. Amazon DynamoDB
B. AWS Cloud9
C. Amazon ElastiCache for Memcached
D. Amazon Neptune
Correct Answer: A
Section:
Explanation:
Amazon DynamoDB is the AWS service that will meet the requirement of building an application that will receive millions of database queries each second. Amazon DynamoDB is a fully managed NoSQL database service that
provides fast and consistent performance, scalability, and durability.

Amazon DynamoDB can handle any level of request traffic and automatically scale up or down the capacity based on the demand. Amazon DynamoDB also supports in-memory caching with Amazon DynamoDB Accelerator
(DAX) to improve the response time and reduce the cost. For more information, see What is Amazon DynamoDB? and Amazon DynamoDB Features.
QUESTION 104
An application runs on multiple Amazon EC2 instances that access a shared file system simultaneously.
Which AWS storage service should be used?
A. Amazon EBS
B. Amazon EFS
C. Amazon S3
D. AWS Artifact
Correct Answer: B
Section:
Explanation:
Amazon Elastic File System (Amazon EFS) is the AWS storage service that should be used for an application that runs on multiple Amazon EC2 instances that access a shared file system simultaneously. Amazon EFS is a fully
managed service that provides a scalable, elastic, and highly available file system for Linux-based workloads. Amazon EFS supports the Network File System version 4 (NFSv4) protocol and allows multiple EC2 instances to read
and write data to the same file system concurrently. Amazon EFS also integrates with other AWS services, such as AWS Backup, AWS CloudFormation, and AWS CloudTrail. For more information, see What is Amazon Elastic
File System? and [Amazon EFS Use Cases].
QUESTION 105
Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?
A. Security awareness and training

B.
C.
Development of an 1AM password policy
Patching of the guest operating system
www.VCEplus.io
D. Physical and environmental controls
Correct Answer: D
Section:
Explanation:
Physical and environmental controls are entirely the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model defines the division of responsibilities between AWS and the
customer for security and compliance. AWS is responsible for the security of the cloud, which includes the physical and environmental controls of the AWS global infrastructure, such as power, cooling, fire suppression, and
physical access. The customer is responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications. For more information, see [AWS Shared Responsibility
Model] and [AWS Cloud Security].
QUESTION 106
A company does not want to rely on elaborate forecasting to determine its usage of compute resources. Instead, the company wants to pay only for the resources that it uses. The company also needs the ability to increase or
decrease its resource usage to meet business requirements.
Which pillar of the AWS Well-Architected Framework aligns with these requirements?
A. Operational excellence
B. Security
C. Reliability
Correct Answer: D
Section:

Explanation:
Cost optimization is the pillar of the AWS Well-Architected Framework that aligns with the requirements of not relying on elaborate forecasting and paying only for the resources that are used.
The cost optimization pillar focuses on the ability of a system to deliver business value at the lowest price point. Cost optimization involves using the right AWS services and resources for the workload, measuring and
monitoring the cost and usage, and continuously improving the cost efficiency. Cost optimization also leverages the benefits of the AWS Cloud, such as pay-as-you-go pricing, elasticity, and scalability. For more information,
see [Cost Optimization Pillar] and [Cost Optimization].
QUESTION 107
A company wants to use Amazon EC2 instances to run a stateless and restartable process after business hours.
Which AWS service provides DNS resolution?
A. Amazon CloudFront
B. Amazon VPC
C. Amazon Route 53
D. AWS Direct Connect
Correct Answer: C
Section:
Explanation:
Amazon Route 53 is the AWS service that provides DNS resolution. DNS (Domain Name System) is a service that translates domain names into IP addresses. Amazon Route 53 is a highly available and scalable cloud DNS
service that offers domain name registration, DNS routing, and health checking.
Amazon Route 53 can route the traffic to various AWS services, such as Amazon EC2, Amazon S3, and Amazon CloudFront. Amazon Route 53 can also integrate with other AWS services, such as AWS Certificate Manager, AWS
Shield, and AWS WAF. For more information, see [What is Amazon Route 53?] and [Amazon Route 53 Features].
QUESTION 108
A. Third-party vendors
www.VCEplus.io
Which group shares responsibility with AWS for security and compliance of AWS accounts and resources?
B. Customers
C. Reseller partners
D. Internet providers
Correct Answer: B
Section:
Explanation:
Customers share responsibility with AWS for security and compliance of AWS accounts and resources. This is part of the AWS shared responsibility model, which defines the division of responsibilities between AWS and the
customer for security and compliance. AWS is responsible for the security of the cloud, which includes the physical and environmental controls of the AWS global infrastructure, such as power, cooling, fire suppression, and
physical access. The customer is responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications, such as identity and access management, encryption,
firewall, and backup. For more information, see AWS Shared Responsibility Model and AWS Cloud Security.
QUESTION 109
A company wants to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud.
Which AWS service should the company use to reduce management overhead for this environment?
A. Amazon Elastic Container Service (Amazon ECS)

B. Amazon SageMaker
C. Amazon RDS
D. Amazon Athena

Correct Answer: C
Section:
Explanation:
Amazon Relational Database Service (Amazon RDS) is the AWS service that the company should use to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud. Amazon RDS is a
fully managed service that provides a scalable, secure, and highperformance relational database platform. Amazon RDS supports several database engines, including Microsoft SQL Server. Amazon RDS reduces the
management overhead for the database environment by taking care of tasks such as provisioning, patching, backup, recovery, and monitoring. For more information, see What is Amazon Relational Database Service (Amazon
RDS)? and Amazon RDS for SQL Server.
QUESTION 110
A company moves a workload to AWS to run on Amazon EC2 instances. The company needs to run the workload in the most cost-effective way.
What can the company do to meet this requirement?
A. Use AWS Key Management Service (AWS KMS).

B. Use multiple AWS accounts and consolidated billing.
C. Use AWS CloudFormation to deploy the infrastructure.
D. Rightsized all the EC2 instances that are used in the deployment.
Correct Answer: D
Section:
Explanation:
Rightsizing all the EC2 instances that are used in the deployment is the best way to run the workload in the most cost-effective way. Rightsizing means choosing the optimal instance type and size for the workload based on
the performance and capacity requirements. Rightsizing helps to avoid overprovisioning or under-provisioning of the EC2 instances, which can result in wasted resources or poor performance. Rightsizing also helps to take
advantage of the different pricing models and features that AWS offers, such as On-Demand, Reserved, and Spot Instances, and Auto Scaling. For more information, see Rightsizing Your Instances and [Cost Optimization with
AWS].
QUESTION 111
A company needs to launch an Amazon EC2 instance.
www.VCEplus.io
Which of the following can the company use during the launch process to configure the root volume of the EC2 instance?
A. Amazon EC2 Auto Scaling

B. Amazon Data Lifecycle Manager (Amazon DLM)
C. Amazon Machine Image (AMI)
D. Amazon Elastic Block Store (Amazon EBS) volume
Correct Answer: C
Section:
Explanation:
Amazon Machine Image (AMI) is the option that the company can use during the launch process to configure the root volume of the EC2 instance. An AMI is a template that contains the software configuration, such as the
operating system, applications, and settings, required to launch an EC2 instance. An AMI also specifies the volume size and type of the root device for the instance. The company can choose an AMI provided by AWS, the AWS
Marketplace, or the AWS community, or create a custom AMI. For more information, see [Amazon Machine Images (AMI)] and [Launching an Instance Using the Launch Instance Wizard].
QUESTION 112
A company plans to migrate its on-premises workload to AWS. Before the migration, the company needs to estimate its future AWS service costs.
Which AWS service or tool should the company use to meet this requirement?

B. AWS Budgets
C. AWS Pricing Calculator

D. AWS Cost Explorer
Correct Answer: C
Section:
Explanation:
AWS Pricing Calculator is the AWS service or tool that the company should use to estimate its future AWS service costs before the migration. AWS Pricing Calculator is a web-based tool that allows the company to create cost
estimates for various AWS services and scenarios. AWS Pricing Calculator helps the company to compare the costs of running the workload on premises versus on AWS, and to optimize the costs by choosing the best options
for the workload. AWS Pricing Calculator also provides a detailed breakdown of the cost components and a downloadable report. For more information, see [AWS Pricing Calculator] and [Getting Started with AWS Pricing
Calculator].
QUESTION 113
A company suspects that its AWS resources are being used for illegal activities.
Which AWS group or team should the company notify?
A. AWS Abuse team

B. AWS Support team
C. AWS technical account managers
D. AWS Professional Services team
Correct Answer: A
Section:
Explanation:
AWS Abuse team is the AWS group or team that the company should notify if it suspects that its
AWS resources are being used for illegal activities. AWS Abuse team is a dedicated team that handles reports of abuse, such as spam, phishing, malware, denial-of-service attacks, and unauthorized access, involving AWS
www.VCEplus.io
resources. The company can contact the AWS Abuse team by filling out the [Report Abuse of AWS Resources form] or sending an email to [email protected]. The company should provide as much information as
possible, such as the source and destination IP addresses, timestamps, log files, and screenshots, to help the AWS Abuse team investigate and take appropriate actions. For more information, see [Reporting Abuse] and [AWS
Acceptable Use Policy].
QUESTION 114
A company wants an in-memory data store that is compatible with open source in the cloud.
Which AWS service should the company use?
A. Amazon DynamoDB
B. Amazon ElastiCache
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon Redshift
Correct Answer: B
Section:
Explanation:
Amazon ElastiCache is a fully managed in-memory data store service that is compatible with open source engines such as Redis and Memcached1. It provides fast and scalable performance for applications that require high
throughput and low latency1. Amazon DynamoDB is a fully managed NoSQL database service that provides consistent and single-digit millisecond latency at any scale2. Amazon EBS is a block storage service that provides
persistent and durable storage volumes for Amazon EC2 instances3. Amazon Redshift is a fully managed data warehouse service that allows users to run complex analytic queries using SQL4.
QUESTION 115
What does "security of the cloud" refer to in the AWS shared responsibility model?
A. Availability of AWS services such as Amazon EC2

B. Security of the cloud infrastructure that runs all the AWS services
C. Implementation of password policies for 1AM users
D. Security of customer environments by using AWS Network Firewall partners
Correct Answer: B
Section:
Explanation:
Security of the cloud refers to the security of the cloud infrastructure that runs all the AWS services.
This includes the hardware, software, networking, and facilities that AWS operates and manages.
AWS is responsible for protecting the security of the cloud as part of the AWS shared responsibility model. Availability of AWS services such as Amazon EC2 refers to the ability of the services to be up and running and to meet
the expected performance. Availability is part of the reliability pillar of the AWS Well-Architected Framework and is a shared responsibility between AWS and the customer .
Implementation of password policies for IAM users refers to the security of the customer data and applications in the cloud. This includes the configuration and management of IAM user permissions, encryption keys, security
group rules, network ACLs, and other aspects of access management. The customer is responsible for protecting the security in the cloud as part of the AWS shared responsibility model. Security of customer environments by
using AWS Network Firewall partners refers to the security of the customer data and applications in the cloud. AWS Network Firewall is a managed service that provides network protection for Amazon VPCs. It allows
customers to use AWS Marketplace partners to implement firewall rules and policies. The customer is responsible for protecting the security in the cloud as part of the AWS shared responsibility model .
QUESTION 116
Which AWS service or tool should a company use to forecast AWS spending?
A. Amazon DevPay
B. AWS Organizations
C. AWS Trusted Advisor
D. Cost Explorer
Correct Answer: D
Section:
Explanation:
www.VCEplus.io
Cost Explorer is an AWS service or tool that can be used to forecast AWS spending. It allows users to analyze their AWS costs and usage using interactive graphs and tables. It also provides features such as filtering, grouping,
and forecasting to help users plan their future spending. Amazon DevPay is an AWS service that allows developers to sell applications that are built on AWS services. It handles the billing and metering for the customers of the
applications and collects payments from them. It is not a tool for forecasting AWS spending. AWS Organizations is an AWS service that allows users to centrally manage and govern their AWS accounts. It provides features
such as creating groups of accounts, applying policies, and automating account creation. It is not a tool for forecasting AWS spending. AWS Trusted Advisor is an AWS service that provides best practices and recommendations
to optimize the performance, security, and cost of AWS resources. It can help users identify opportunities to reduce their AWS costs, but it is not a tool for forecasting AWS spending
QUESTION 117
A company wants to migrate its on-premises application to the AWS Cloud. The company is legally obligated to retain certain data in its onpremises data center.
Which AWS service or feature will support this requirement?
A. AWS Wavelength
B. AWS Local Zones
C. VMware Cloud on AWS
D. AWS Outposts
Correct Answer: D
Section:
Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience. AWS
Outposts enables you to run AWS services in your on-premises data center, which can support the requirement of retaining certain data on-premises due to legal obligations5.

QUESTION 118
A company has set up a VPC in its AWS account and has created a subnet in the VPC. The company wants to make the subnet public.
Which AWS features should the company use to meet this requirement? (Select TWO.)
A. Amazon VPC internet gateway

B. Amazon VPC NAT gateway
C. Amazon VPC route tables
D. Amazon VPC network ACL
E. Amazon EC2 security groups
Section:
Explanation:
To make a subnet public, the company should use an Amazon VPC internet gateway and an Amazon VPC route table. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows
communication between your VPC and the internet. A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. To enable internet access for
a subnet, you need to attach an internet gateway to your VPC and add a route to the internet gateway in the route table associated with the subnet.
QUESTION 119
A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use?
A. AWS Config
B. AWS Secrets Manager
C.
D.
AWS CloudTrail
AWS Trusted Advisor www.VCEplus.io
Correct Answer: A
Section:
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate
the evaluation of recorded configurations against desired configurations.
With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations
specified in your internal guidelines. This can help you simplify compliance auditing, security analysis, change management, and operational troubleshooting1.
QUESTION 120
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon
EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
A. Security groups
B. AWS WAF
C. Network ACLs
D. AWS Shield
Correct Answer: B
Section:
Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you

control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you
define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.
QUESTION 121
A company has an application workload that is stateless by design and can sustain occasional downtime. The application performs massively parallel computations.
Which Amazon EC2 pricing model should the company choose for its application to reduce cost?
A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Instances
Correct Answer: B
Section:
Explanation:
Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various
stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development workloads. Spot Instances are well-suited for
massively parallel computations, as they can provide large amounts of compute capacity at a low cost, and can be interrupted with a two-minute notice3
QUESTION 122
A company wants to store data with high availability, encrypt the data at rest, and have direct access to the data over the internet.
Which AWS service will meet these requirements MOST cost-effectively?
A. Amazon Elastic Block Store (AmazonEBS)

B.
C.
Amazon S3
Amazon Elastic File System (Amazon EFS)
www.VCEplus.io
D. AWS Storage Gateway
Correct Answer: C
Section:
Explanation:
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without
disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.
Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent Access storage class (EFS IA). EFS IA provides price/performance that is cost-optimized for files not accessed every day. Amazon EFS
encrypts data at rest and in transit, and supports direct access over the internet4.
QUESTION 123
Which AWS service or feature enables users to encrypt data at rest in Amazon S3?
A. 1AM policies
B. Server-side encryption
C. Amazon GuardDuty
D. Client-side encryption
Correct Answer: B
Section:
Explanation:
Server-side encryption is an encryption option that Amazon S3 provides to encrypt data at rest in Amazon S3. With server-side encryption, Amazon S3 encrypts an object before saving it to disk in its data centers and decrypts

it when you download the objects. You have three server-side encryption options to choose from: SSE-S3, SSE-C, and SSE-KMS. SSE-S3 uses keys that are managed by Amazon S3. SSE-C allows you to manage your own
encryption keys. SSE-KMS uses keys that are managed by AWS Key Management Service (AWS KMS)5.
QUESTION 124
An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability Zones in the us-east-1 Region.
How should the company respond to the auditor's request?
A. Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
B. Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company operates.
C. Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
D. Use AWS Artifact to download the applicable report for AWS security controls. Provide the report to the auditor.
Correct Answer: D
Section:
Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements.
Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that
validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). You can use
AWS Artifact to download the applicable report for AWS security controls and provide it to the auditor.
QUESTION 125
Which benefits can customers gain by using AWS Marketplace? (Select TWO.)
A. Speed of business
B.
C.
Fewer legal objections
Ability to pay with credit cards
www.VCEplus.io
D. No requirement for product licenses for any products
E. Free use of all services for the first hour
Section:
Explanation:
AWS Marketplace is a digital catalog that offers thousands of software products and solutions from independent software vendors (ISVs) and AWS partners. Customers can use AWS Marketplace to find, buy, and deploy
software on AWS. Some of the benefits of using AWS Marketplace are:
Speed of business: You can quickly and easily discover and deploy software that meets your business needs, without having to go through lengthy procurement processes. You can also use AWS Marketplace to test and
compare different solutions before making a purchase decision.
Fewer legal objections: You can benefit from standardized contract terms and conditions that are pre-negotiated between AWS and the ISVs. This reduces the time and effort required to review and approve legal agreements.
QUESTION 126
In the AWS shared responsibility model, which tasks are the responsibility of AWS? (Select TWO.)
A. Patch an Amazon EC2 instance operating system.

B. Configure a security group.
C. Monitor the health of an Availability Zone.
D. Protect the infrastructure that runs Amazon EC2 instances.
E. Manage access to the data in an Amazon S3 bucket

Section:
Explanation:
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, which includes the tasks of monitoring the health of an Availability Zone and protecting the infrastructure that runs Amazon
EC2 instances. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. AWS monitors the health and performance of each Availability Zone and
notifies customers of any issues or disruptions.
AWS also protects the infrastructure that runs AWS services, such as Amazon EC2, by implementing physical, environmental, and operational security measures. AWS is not responsible for patching an Amazon EC2 instance
operating system, configuring a security group, or managing access to the data in an Amazon S3 bucket. These are the customer's responsibilities for security in the cloud. The customer must ensure that the operating system
and applications on their EC2 instances are up to date and secure. The customer must also configure the security group rules that control the inbound and outbound traffic for their EC2 instances. The customer must also
manage the access permissions and encryption settings for their S3 buckets and objects2
QUESTION 127
A company's IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these
tasks will be completed automatically.
What should the company do to meet these requirements?
A. Deploy MySQL database server clusters on Amazon EC2 instances.

B. Use Amazon RDS with a MySQL database.
C. Use an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances.
D. Migrate all the MySQL database data to Amazon S3.
Correct Answer: B
Section:
Explanation:
www.VCEplus.io
Amazon RDS is a service that makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS supports MySQL as one of the database engines. By using Amazon RDS with a MySQL database, the
company can offload the tasks of patching the database and taking backup snapshots to AWS. Amazon RDS automatically patches the database software and operating system of the database instances. Amazon RDS also
automatically backs up the database and retains the backups for a user-defined retention period. The company can also restore the database to any point in time within the retention period. Deploying MySQL database server
clusters on Amazon EC2 instances, using an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances, or migrating all the MySQL database data to Amazon S3 are not the best options to
meet the requirements. These options would not automate the tasks of patching the database and taking backup snapshots, and would require more operational overhead from the company3
QUESTION 128
A company needs to store infrequently used data for data archives and long-term backups.
A company needs a history report about how its Amazon EC2 instances were modified last month.
Which AWS service can be used to meet this requirement?
A. AWS Service Catalog

B. AWS Config
C. Amazon CloudWatch
D. AWS Artifact
Correct Answer: B
Section:
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate
the evaluation of recorded configurations against desired configurations.
AWS Config can also track changes to your EC2 instances over time and provide a history report of the modifications. AWS Service Catalog, Amazon CloudWatch, and AWS Artifact are not the best services to meet this
requirement. AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS. Amazon CloudWatch is a service that monitors your AWS resources and
applications and provides metrics, alarms, dashboards, and logs. AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and online agreements

QUESTION 129
A company wants to use the latest technologies and wants to minimize its capital investment.
Instead of upgrading on-premises infrastructure, the company wants to move to the AWS Cloud.
Which AWS Cloud benefit does this scenario describe?
A. Increased speed to market

B. The trade of infrastructure expenses for operating expenses
C. Massive economies of scale
D. The ability to go global in minutes
Correct Answer: B
Section:
Explanation:
The trade of infrastructure expenses for operating expenses is one of the benefits of the AWS Cloud.
By moving to the AWS Cloud, the company can avoid the upfront costs of purchasing and maintaining on-premises infrastructure, such as servers, storage, network, and software. Instead, the company can pay only for the
AWS resources and services that they use, as they use them. This reduces the risk and complexity of planning and managing IT infrastructure, and allows the company to focus on innovation and growth. Increased speed to
market, massive economies of scale, and the ability to go global in minutes are also benefits of the AWS Cloud, but they are not the best ones to describe this scenario. Increased speed to market means that the company can
launch new products and services faster by using AWS services and tools. Massive economies of scale means that the company can benefit from the lower costs and higher performance that AWS achieves by operating at a
large scale. The ability to go global in minutes means that the company can deploy their applications and data in multiple regions and availability zones around the world to reach their customers faster and improve
performance and reliability5
QUESTION 130
Which AWS service provides threat detection by monitoring for malicious activities and unauthorized actions to protect AWS accounts, workloads, and data that is stored in Amazon S3?
A.
B.
C.
AWS Shield
AWS Firewall Manager
Amazon GuardDuty
www.VCEplus.io
D. Amazon Inspector
Correct Answer: C
Section:
Explanation:
Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for your AWS accounts, workloads, and data. Amazon GuardDuty analyzes and processes data sources, such as VPC Flow
Logs, AWS CloudTrail event logs, and DNS logs, to identify malicious activities and unauthorized actions, such as reconnaissance, instance compromise, account compromise, and data exfiltration. Amazon GuardDuty can also
detect threats to your data stored in Amazon S3, such as API calls from unusual locations or disabling of preventative controls. Amazon GuardDuty generates findings that summarize the details of the detected threats and
provides recommendations for remediation. AWS Shield, AWS Firewall Manager, and Amazon Inspector are not the best services to meet this requirement. AWS Shield is a service that provides protection against distributed
denial of service (DDoS) attacks. AWS Firewall Manager is a service that allows you to centrally configure and manage firewall rules across your accounts and resources. Amazon
Inspector is a service that assesses the security and compliance of your applications running on EC2 instances.
QUESTION 131
Amazon Elastic File System (Amazon EFS) and Amazon FSx offer which type of storage?
A. File storage
B. Object storage
C. Block storage
D. Instance store
Correct Answer: A

Section:
Explanation:
Amazon Elastic File System (Amazon EFS) and Amazon FSx are AWS services that offer file storage.
File storage is a type of storage that organizes data into files and folders that can be accessed and shared over a network. File storage is suitable for applications that require shared access to data, such as content
management, media processing, and web serving. Amazon EFS provides a simple, scalable, and fully managed elastic file system that can be used with AWS Cloud services and onpremises resources. Amazon FSx provides fully
managed third-party file systems, such as Windows File Server and Lustre, with native compatibility and high performance12
QUESTION 132
Which AWS service provides protection against DDoS attacks for applications that run in the AWS Cloud?
A. Amazon VPC
B. AWS Shield
C. AWS Audit Manager
D. AWS Config
Correct Answer: B
Section:
Explanation:
AWS Shield is an AWS service that provides protection against distributed denial of service (DDoS) attacks for applications that run in the AWS Cloud. DDoS attacks are attempts to make an online service unavailable by
overwhelming it with traffic from multiple sources. AWS Shield provides two tiers of protection: AWS Shield Standard and AWS Shield Advanced. AWS Shield Standard is automatically enabled for all AWS customers at no
additional charge. It provides protection against common and frequently occurring network and transport layer DDoS attacks. AWS Shield Advanced is an optional paid service that provides additional protection against larger
and more sophisticated DDoS attacks. AWS Shield Advanced also provides access to 24/7 DDoS response team, cost protection, and enhanced detection and mitigation capabilities
QUESTION 133
www.VCEplus.io
A company wants to migrate its server-based applications to the AWS Cloud. The company wants to determine the total cost of ownership for its compute resources that will be hosted on the AWS Cloud.
Which combination of AWS services or tools will meet these requirements?

B. Migration Evaluator
C. AWS Support Center
D. AWS Application Discovery Service
E. AWS Database Migration Service (AWS DMS)
Section:
Explanation:
AWS Pricing Calculator and AWS Application Discovery Service are the best combination of AWS services or tools to meet the requirements of determining the total cost of ownership for compute resources that will be hosted
on the AWS Cloud. AWS Pricing Calculator is a tool that enables you to estimate the cost of using AWS services based on your usage scenarios and requirements. You can use AWS Pricing Calculator to compare the costs of
running your applications on-premises or on AWS, and to optimize your AWS spending. AWS Application Discovery Service is a service that helps you plan your migration to the AWS Cloud by collecting and analyzing
information about your onpremises servers, applications, and dependencies. You can use AWS Application Discovery Service to identify the inventory of your on-premises infrastructure, group servers by applications, and
estimate the performance and resource utilization of your applications45
QUESTION 134
A company is planning to migrate to the AWS Cloud and wants to become more responsive to customer inquiries and feedback. The company wants to focus on organizational transformation.
A company wants to give its customers the ability to view specific data that is hosted in Amazon S3 buckets. The company wants to keep control over the full datasets that the company shares with the customers.
Which S3 feature will meet these requirements?
A. S3 Storage Lens

B. S3 Cross-Region Replication (CRR)
C. S3 Versioning D.S3 Access Points
Correct Answer:
Section:
Explanation:
S3 Access Points are a feature of Amazon S3 that allows you to easily manage access to specific data that is hosted in S3 buckets. S3 Access Points are unique hostnames that customers can use to access data in S3 buckets.
You can create multiple access points for a single bucket, each with its own name and permissions. You can use S3 Access Points to provide different levels of access to different groups of customers, such as read-only or write-
only access. You can also use S3 Access Points to enforce encryption or logging requirements for specific data. S3 Access Points help you keep control over the full datasets that you share with your customers, while
simplifying the access management and improving the performance and scalability of your applications.
QUESTION 135
Which AWS services can limit manual errors by consistently provisioning AWS resources in multiple envirom
A. AWS Config
B. AWS CodeStar
C. AWS CloudFormation
D. AWS Cloud Development Kit (AWS CDK)
E. AWS CodeBuild
Section:
Explanation:
enables you to model and provision AWS resources using templates.

www.VCEplus.io
AWS CloudFormation and AWS Cloud Development Kit (AWS CDK) are AWS services that can limit manual errors by consistently provisioning AWS resources in multiple environments. AWS CloudFormation is a service that
You can use AWS CloudFormation to define the AWS resources and their dependencies that you need for your applications, and to automate the creation and update of those resources across multiple environments, such as
development, testing, and production. AWS CloudFormation helps you ensure that your AWS resources are configured consistently and correctly, and that you can easily replicate or modify them as needed. AWS Cloud
Development Kit (AWS CDK) is a service that enables you to use familiar programming languages, such as Python, TypeScript, Java, and C#, to define and provision AWS resources. You can use AWS CDK to write code that
synthesizes into AWS CloudFormation templates, and to leverage the existing libraries and tools of your preferred language. AWS CDK helps you reduce the complexity and errors of writing and maintaining AWS
CloudFormation templates, and to apply the best practices and standards of software development to your AWS infrastructure.
QUESTION 136
A company is preparing to launch a redesigned website on AWS. Users from around the world will download digital handbooks from the website.
Which AWS solution should the company use to provide these static files securely?
A. Amazon Kinesis Data Streams

B. Amazon CloudFront with Amazon S3
C. Amazon EC2 instances with an Application Load Balancer
D. Amazon Elastic File System (Amazon EFS)
Correct Answer: B
Section:
Explanation:
Amazon CloudFront with Amazon S3 is a solution that allows you to provide static files securely to users from around the world. Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data,
videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. Amazon S3 is an object storage service that offers industry-leading scalability, data
availability, security, and performance. You can use Amazon S3 to store and retrieve any amount of data from anywhere. You can also configure Amazon S3 to work with Amazon CloudFront to distribute your content to edge
locations near your users for faster delivery and lower latency. Amazon Kinesis Data Streams is a service that enables you to build custom applications that process or analyze streaming data for specialized needs. This option
is not relevant for providing static files securely. Amazon EC2 instances with an Application Load Balancer is a solution that allows you to distribute incoming traffic across multiple targets, such as EC2 instances, in multiple

Availability Zones. This option is suitable for dynamic web applications, but not necessary for static files. Amazon Elastic File System (Amazon EFS) is a service that provides a simple, scalable, fully managed elastic NFS file
system for use with AWS Cloud services and onpremises resources. This option is not relevant for providing static files securely.
QUESTION 137
Which service is an AWS in-memory data store service?
A. Amazon Aurora
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon ElastiCache
Correct Answer: D
Section:
Explanation:
Amazon ElastiCache is a service that offers fully managed in-memory data store and cache services that deliver sub-millisecond response times to applications. You can use Amazon ElastiCache to improve the performance of
your applications by retrieving data from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases. Amazon Aurora is a relational database service that combines the performance and
availability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Amazon RDS is a service that makes it easy to set up, operate, and scale a relational database in the cloud.
Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale.
None of these services are in-memory data store services.
QUESTION 138
Which AWS service or tool offers consolidated billing?
A. AWS Artifact
B.
C.
AWS Budgets
AWS Organizations
www.VCEplus.io
D. AWS Trusted Advisor A company wants to limit its employees' AWS access to a portfolio of predefined AWS resources.
Correct Answer: C
Section:
Explanation:
AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. With AWS Organizations, you can create a single payment method for all the
AWS accounts in your organization through consolidated billing.
Consolidated billing enables you to see a combined view of AWS charges incurred by all accounts in your organization, as well as get a detailed cost report for each individual AWS account associated with your organization.
AWS Artifact is a service that provides on-demand access to AWS' security and compliance reports and select online agreements. AWS Budgets is a service that enables you to plan your service usage, service costs, and
instance reservations. AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices.
None of these services or tools offer consolidated billing.
QUESTION 139
Which AWS solution should the company use to meet this requirement?
A. AWS Config
B. AWS software development kits (SDKs)
C. AWS Service Catalog
D. AWS AppSync
Correct Answer: C
Section:

Explanation:
AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS. You can use AWS Service Catalog to centrally manage commonly deployed IT services and help
your organization achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need1. AWS Config is a service that enables you to assess,
audit, and evaluate the configurations of your AWS resources. AWS software development kits (SDKs) are tools that enable you to easily integrate your applications with AWS services using your preferred programming
language. AWS AppSync is a service that simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources. None of these services can
help you limit your employees' AWS access to a portfolio of predefined AWS resources.
QUESTION 140
A company processes personally identifiable information (Pll) and must keep data in the country where it was generated. The company wants to use Amazon EC2 instances for these workloads.
Which AWS service will meet these requirements?
A. AWS Outposts
B. AWS Storage Gateway
C. AWS DataSync
D. AWS OpsWorks
Correct Answer: A
Section:
Explanation:
AWS Outposts is an AWS service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility. AWS Outposts enables you to run Amazon EC2 instances and
other AWS services locally, while maintaining a consistent and seamless connection to the AWS Cloud. AWS Outposts is ideal for workloads that require low latency, local data processing, or data residency. By using AWS
Outposts, the company can process personally identifiable information (PII) and keep data in the country where it was generated, while leveraging the benefits of AWS
QUESTION 141
A. Configure the AWS provided security group firewall.

www.VCEplus.io
Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Select TWO.)
B. Classify company assets in the AWS Cloud.

C. Determine which Availability Zones to use for Amazon S3 buckets.
D. Patch or upgrade Amazon DynamoDB.
E. Select Amazon EC2 instances to run AWS Lambda on.
F. AWS Config
Section:
Explanation:
According to the AWS shared responsibility model, the customer is responsible for security in the cloud, which includes the tasks of configuring the AWS provided security group firewall and classifying company assets in the
AWS Cloud. A security group is a virtual firewall that controls the inbound and outbound traffic for one or more EC2 instances. The customer must configure the security group rules to allow or deny traffic based on protocol,
port, or source and destination IP address2 Classifying company assets in the AWS Cloud means identifying the types, categories, and sensitivity levels of the data and resources that the customer stores and processes on
AWS. The customer must also determine the applicable compliance requirements and regulations that apply to their assets, and implement the appropriate security controls and measures to protect them
QUESTION 142
A company is running an Amazon EC2 instance in a VPC.
An ecommerce company is using Amazon EC2 Auto Scaling groups to manage a fleet of web servers running on Amazon EC2.
This architecture follows which AWS Well-Architected Framework best practice?
A. Secure the workload

B. Decouple infrastructure components

C. Design for failure
D. Think parallel
Correct Answer: C
Section:
Explanation:
Design for failure is one of the best practices of the AWS Well-Architected Framework. It means that the architecture should be resilient and fault-tolerant, and able to handle failures without impacting the availability and
performance of the applications. By using Amazon EC2 Auto Scaling groups, the ecommerce company can design for failure by automatically scaling the number of EC2 instances up or down based on demand or health status.
Amazon EC2 Auto Scaling groups can also distribute the EC2 instances across multiple Availability Zones, which are isolated locations within an AWS Region that have independent power, cooling, and network connectivity.
This way, the company can ensure that their web servers can handle traffic spikes, recover from failures, and provide a consistent user experience
QUESTION 143
Which tasks are the responsibility of the customer, according to the AWS shared responsibility model? (Select TWO.)
A. Patch the Amazon RDS operating system.

B. Upgrade the firmware of the network infrastructure.
C. Manage data encryption.
D. Maintain physical access control in an AWS Region.
E. Grant least privilege access to 1AM users.
Section:
Explanation:
www.VCEplus.io
According to the AWS shared responsibility model, the customer is responsible for security in the cloud, which includes the tasks of managing data encryption and granting least privilege access to IAM users. Data encryption
is the process of transforming data into an unreadable format that can only be accessed with a key or a password. The customer must decide whether to encrypt their data at rest (when it is stored on AWS) or in transit (when
it is moving between AWS and the customer or between AWS services). The customer must also choose the encryption method, algorithm, and key management solution that best suit their needs. AWS provides various
services and features that support data encryption, such as AWS Key Management Service (AWS KMS), AWS Certificate Manager (ACM), and AWS Encryption SDK5 IAM users are entities that represent the people or
applications that interact with AWS resources and services. The customer must grant the IAM users the minimum permissions that they need to perform their tasks, and avoid giving them unnecessary or excessive access.
This is known as the principle of least privilege, and it helps reduce the risk of unauthorized or malicious actions. The customer can use IAM policies, roles, groups, and permissions boundaries to manage the access of IAM
users.
QUESTION 144
A company wants to migrate its high-performance computing (HPC) application to Amazon EC2 instances. The application has multiple components. The application must have fault tolerance and must have the ability to fail
over automatically.
Which AWS infrastructure solution will meet these requirements with the LEAST latency between components?
A. Multiple AWS Regions

B. Multiple edge locations
C. Multiple Availability Zones
D. Regional edge caches
Correct Answer: C
Section:
Explanation:
Using EC2 instances in multiple Availability Zones is an AWS infrastructure solution that meets the requirements of migrating a high performance computing (HPC) application to AWS with fault tolerance and failover
capabilities, and with the least latency between components. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the
same Region can communicate with each other using low-latency private IP addresses. By using EC2 instances in multiple Availability Zones, the company can achieve fault tolerance and failover for their HPC application,
because they can distribute the workload and data across different locations that are independent of each other. If one Availability Zone becomes unavailable or impaired, the company can redirect the traffic and data to

another Availability Zone without affecting the performance and availability of the application5
QUESTION 145
A company is running its application in the AWS Cloud. The company wants to periodically review its AWS account for cost optimization opportunities.
Which AWS service or tool can the company use to meet these requirements?
A. AWS Cost Explorer

B. AWS Trusted Advisor
C. AWS Pricing Calculator
D. AWS Budgets
Correct Answer: A
Section:
Explanation:
AWS Cost Explorer is an AWS service or tool that the company can use to periodically review its AWS account for cost optimization opportunities. AWS Cost Explorer is a tool that enables the company to visualize, understand,
and manage their AWS costs and usage over time. The company can use AWS Cost Explorer to access interactive graphs and tables that show the breakdown of their costs and usage by service, region, account, tag, and more.
The company can also use AWS Cost Explorer to forecast their future costs, identify trends and anomalies, and discover potential savings by using Reserved Instances or Savings Plans.
QUESTION 146
A developer who has no AWS Cloud experience wants to use AWS technology to build a web application.
Which AWS service should the developer use to start building the application?
A. Amazon SageMaker
B.
C.
D.
AWS Lambda
Amazon Lightsail
Amazon Elastic Container Service (Amazon ECS)
www.VCEplus.io
Correct Answer: C
Section:
Explanation:
Amazon Lightsail is an easy-to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan1. It is designed for developers who have little or no prior cloud
experience and want to launch and manage applications on AWS with minimal complexity2. Amazon SageMaker is a service for building, training, and deploying machine learning models3. AWS Lambda is a service that lets
you run code without provisioning or managing servers4.
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service.
QUESTION 147
A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?

C. Amazon GuardDuty
D. AWS Health Dashboard
Correct Answer: A
Section:
Explanation:
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices, including security and performance. It can help you monitor for misconfigured

security groups that are allowing unrestricted access to specific ports. Amazon CloudWatch is a service that monitors your AWS resources and the applications you run on AWS.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. AWS Health Dashboard provides relevant and timely information to help you manage events in
progress, and provides proactive notification to help you plan for scheduled activities.
QUESTION 148
An IT engineer needs to access AWS services from an on-premises application.
Which credentials or keys does the application need for authentication?
A. AWS account user name and password

B. 1AM access key and secret
C. Amazon EC2 key pairs
D. AWS Key Management Service (AWS KMS) keys
Correct Answer: B
Section:
Explanation:
IAM access keys are long-term credentials that consist of an access key ID and a secret access key.
You use access keys to sign programmatic requests that you make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account user
name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH. AWS Key Management Service (AWS KMS) keys are used to encrypt and
decrypt your data using the AWS Encryption SDK or the AWS CLI.
QUESTION 149
A company simulates workflows to review and validate that all processes are effective and that staff are familiar with the processes.
Which design principle of the AWS Well-Architected Framework is the company following with this practice?
A.
B.
Perform operations as code.
Refine operation procedures frequently.
www.VCEplus.io
C. Make frequent, small, reversible changes.
D. Structure the company to support business outcomes.
Correct Answer: B
Section:
Explanation:
Refining operation procedures frequently is one of the design principles of the operational excellence pillar of the AWS Well-Architected Framework. It means that you should review and validate your processes regularly to
ensure they are effective and that staff are familiar with them. Performing operations as code, making frequent, small, reversible changes, and structuring the company to support business outcomes are design principles of
other pillars of the AWS Well-Architected Framework.
QUESTION 150
A company wants to launch its web application in a second AWS Region. The company needs to determine which services must be regionally configured for this launch.
Which AWS services can be configured at the Region level? (Select TWO.)
A. Amazon EC2
B. Amazon Route 53
C. Amazon CloudFront
D. AWS WAF
E. Amazon DynamoDB
Correct Answer: B, D

Section:
Explanation:
Amazon Route 53 and AWS WAF are AWS services that can be configured at the Region level.
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service that lets you register domain names, route traffic to resources, and check the health of your resources. AWS WAF is a web
application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Amazon EC2, Amazon CloudFront, and
Amazon DynamoDB are AWS services that can be configured at the global level or the Availability Zone level .
QUESTION 151
A company needs to identify who accessed an AWS service and what action was performed for a given time period.
Which AWS service should the company use to meet this requirement?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Security Hub
D. Amazon Inspector
Correct Answer: B
Section:
Explanation:
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions
across your AWS infrastructure. You can use CloudTrail to identify who accessed an AWS service and what action was performed for a given time period. Amazon CloudWatch, AWS Security Hub, and Amazon Inspector are
AWS services that provide different types of monitoring and security capabilities.
QUESTION 152
www.VCEplus.io
A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its applications.
A. Amazon DynamoDB
B. Amazon EC2
C. AWS Lambda
D. Amazon RDS
Correct Answer: B
Section:
Explanation:
Amazon EC2 is the AWS service that the company should use to meet its requirements of retaining full control of patch management for the guest operating systems that host its applications. Amazon EC2 is a service that
provides secure, resizable compute capacity in the cloud. Users can launch virtual servers, called instances, that run various operating systems, such as Linux, Windows, macOS, and more. Users have full administrative access
to their instances and can install and configure any software, including patches and updates, on their instances. Users are responsible for managing the security and maintenance of their instances, including patching the
guest operating system and applications. Users can also use AWS Systems Manager to automate and simplify the patching process for their EC2 instances. AWS Systems Manager is a service that helps users manage their AWS
and on-premises resources at scale. Users can use AWS Systems Manager Patch Manager to scan their instances for missing patches, define patch baselines and maintenance windows, and apply patches automatically or
manually across their instances. Users can also use AWS Systems Manager to monitor the patch compliance status and patching history of their instances.Reference:What is Amazon EC2?,AWS Systems Manager Patch
Manager
QUESTION 153
At what support level do users receive access to a support concierge?
A. Basic Support
B. Developer Support

C. Business Support
D. Enterprise Support
Correct Answer: D
Section:
Explanation:
Users receive access to a support concierge at the Enterprise Support level. A support concierge is a team of AWS billing and account experts that specialize in working with enterprise accounts. They can help users with billing
and account inquiries, cost optimization, FinOps support, cost analysis, and prioritized answers to billing questions. The support concierge is included as part of the Enterprise Support plan, which also provides access to a
Technical Account Manager (TAM), Infrastructure Event Management, AWS Trusted Advisor, and 24/7 technical support.Reference:AWS Support Plan Comparison,AWS Enterprise Support Plan,AWS Support Concierge
QUESTION 154
Which AWS service can a company use to visually design and build serverless applications?
A. AWS Lambda
B. AWS Batch
C. AWS Application Composer
D. AWS App Runner
Correct Answer: C
Section:
Explanation:
AWS Application Composer is a service that allows users to visually design and build serverless applications. Users can drag and drop components, such as AWS Lambda functions, Amazon API Gateway endpoints, Amazon
DynamoDB tables, and Amazon S3 buckets, to create a serverless application architecture. Users can also configure the properties, permissions, and dependencies of each component, and deploy the application to their AWS
account with a few clicks. AWS Application Composer simplifies the design and configuration of serverless applications, and reduces the need to write code or use AWS CloudFormation templates.Reference:AWS Application
www.VCEplus.io
Composer,AWS releases Application Composer to make serverless 'easier' but initial scope is limited
QUESTION 155
A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS.
Where can the company purchase the security solution?
A. AWS Partner Solutions Finder

B. AWS Support Center
C. AWS Management Console
D. AWS Marketplace
Correct Answer: D
Section:
Explanation:
AWS Marketplace is an online store that helps customers find, buy, and immediately start using the software and services that run on AWS. Customers can choose from a wide range of software products in popular categories
such as security, networking, storage, machine learning, business intelligence, database, and DevOps. Customers can also use AWS Marketplace to purchase software as a service (SaaS) solutions that are integrated with AWS.
Customers can benefit from simplified procurement, billing, and deployment processes, as well as flexible pricing options and free trials. Customers can also leverage AWS Marketplace to discover and subscribe to solutions
offered by AWS Partners, such as the security software vendor mentioned in the question.Reference:AWS Marketplace, [AWS Marketplace: Software as a Service (SaaS)], [AWS Cloud Practitioner Essentials: Module 6 - AWS
Pricing, Billing, and Support]
QUESTION 156
A company has deployed an Amazon EC2 instance.
Which option is an AWS responsibility under the AWS shared responsibility model?

A. Managing and encrypting application data
B. Installing updates and security patches of guest operating system
C. Configuration of infrastructure devices
D. Configuration of security groups on each instance
Correct Answer: C
Section:
Explanation:
According to the AWS shared responsibility model, AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud, such as data centers, hardware, software, networking, and
facilities1.This includes the configuration of infrastructure devices, such as routers, switches, firewalls, and load balancers2.Customers are responsible for managing their data, applications, operating systems, security groups,
and other aspects of their AWS environment1.Therefore, options A, B, and D are customer responsibilities, not AWS responsibilities.Reference:1: AWS Well-Architected Framework - Elasticity;2: Reactive Systems on AWS -
Elastic
www.VCEplus.io

Amazon - AWS Certified Cloud Practitioner CLF C02.vFeb 2024.by - .Rick - .156q

Uploaded by

Copyright:

Available Formats

Amazon - AWS Certified Cloud Practitioner CLF C02.vFeb 2024.by - .Rick - .156q

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Amazon - AWS Certified Cloud Practitioner CLF C02.vFeb 2024.by - .Rick - .156q

Uploaded by

Copyright:

Available Formats

Amazon.AWS Certified Cloud Practitioner (CLF-C02).vFeb-2024.by.Rick.

Exam Name: AWS Certified Cloud Practitioner

IT Certification Exams - Questions & Answers | VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

A. Control access to AWS service APIs and to other specific resources.

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Key Management Service (AWS KMS)

A. Encrypt data that is stored in Amazon DynamoDB.

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Enterprise Support

A. AWS Trusted Advisor

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Firewall Manager

IT Certification Exams - Questions & Answers | VCEplus.io

A. EC2 includes operating system patch management

IT Certification Exams - Questions & Answers | VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Pricing Calculator

A. AWS Health Dashboard

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Pricing Calculator

IT Certification Exams - Questions & Answers | VCEplus.io

A. Deploy MySQL database server clusters on Amazon EC2 instances.

A. AWS Auto Scaling

IT Certification Exams - Questions & Answers | VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

A. The number of unused AWS Lambda functions

A. Perform operations as code.

IT Certification Exams - Questions & Answers | VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

A. The eight instances will be charged as regular instances.

A. Right-size services based on capacity requirements.

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Trusted Advisor

A. The deletion of 1AM users

IT Certification Exams - Questions & Answers | VCEplus.io

A. Payment flexibility by reserving storage capacity

IT Certification Exams - Questions & Answers | VCEplus.io

A. Scaling the web application and services developed with Docker

A. Think of servers as non-disposable resources.

A. AWS Identity and Access Management (1AM)

IT Certification Exams - Questions & Answers | VCEplus.io

A. AWS Serverless Application Model framework

A. Management of the guest operating systems

IT Certification Exams - Questions & Answers | VCEplus.io

A. Troubleshoot the performance of applications.

A. Amazon Simple Notification Service (Amazon SNS)

IT Certification Exams - Questions & Answers | VCEplus.io

A. A specific location within a geographic area that provides high availability

A. Amazon FSx for Windows File Server

A. AWS Trusted Advisor

IT Certification Exams - Questions & Answers | VCEplus.io

IT Certification Exams - Questions & Answers | VCEplus.io

A. Use AWS Trusted Advisor to generate customized summary reports.

IT Certification Exams - Questions & Answers | VCEplus.io

A. Use EC2 instances in a single Availability Zone.

A. a loosely coupled architecture.

A. Build architectures with tightly coupled resources.

IT Certification Exams - Questions & Answers | VCEplus.io