DUMPS1

Question #1
A company is planning to run a global marketing application in the AWS Cloud. The
application will feature videos that can be viewed by users. The company must ensure that all
users can view these videos with low latency.
Which AWS service should the company use to meet this requirement?
 A. AWS Auto Scaling

 B. Amazon Kinesis Video Streams
 C. Elastic Load Balancing
 D. Amazon CloudFront Most Voted
Correct Answer: D
Question #2
Which pillar of the AWS Well-Architected Framework refers to the ability of a system to
recover from infrastructure or service disruptions and dynamically acquire computing
resources to meet demand?
 A. Security
 B. Reliability Most Voted
 C. Performance efficiency
 D. Cost optimization
Correct Answer: B
Question #3
Which of the following are benefits of migrating to the AWS Cloud? (Choose two.)
 A. Operational resilience Most Voted

 B. Discounts for products on Amazon.com
 C. Business agility Most Voted
 D. Business excellence
 E. Increased staff retention
Correct Answer: AC
Question #4
A company is planning to replace its physical on-premises compute servers with AWS
serverless compute services. The company wants to be able to take advantage of advanced
technologies quickly after the migration.
Which pillar of the AWS Well-Architected Framework does this plan represent?
 A. Security
 B. Performance efficiency Most Voted
 C. Operational excellence
 D. Reliability
Correct Answer: B
Question #5
A large company has multiple departments. Each department has its own AWS account. Each
department has purchased Amazon EC2 Reserved Instances.
Some departments do not use all the Reserved Instances that they purchased, and other
departments need more Reserved Instances than they purchased.
The company needs to manage the AWS accounts for all the departments so that the
departments can share the Reserved Instances.
Which AWS service or tool should the company use to meet these requirements?
 A. AWS Systems Manager

 B. Cost Explorer
 C. AWS Trusted Advisor
 D. AWS Organizations Most Voted
Correct Answer: B
Reference:
https://aws.amazon.com/ru/organizations/
Question #6
Which component of the AWS global infrastructure is made up of one or more discrete data
centers that have redundant power, networking, and connectivity?
 A. AWS Region
 B. Availability Zone Most Voted
 C. Edge location
 D. AWS Outposts
Correct Answer: B
Question #7
Which duties are the responsibility of a company that is using AWS Lambda? (Choose two.)
 A. Security inside of code Most Voted

 B. Selection of CPU resources
 C. Patching of operating system
 D. Writing and updating of code Most Voted
 E. Security of underlying infrastructure
Correct Answer: AD
Question #8
Which AWS services or features provide disaster recovery solutions for Amazon EC2
instances? (Choose two.)
 A. 2¡‫ ׀•׀‬Reserved Instances
 B. EC2 Amazon Machine Images (AMIs) Most Voted
 C. Amazon Elastic Block Store (Amazon EBS) snapshots Most Voted
 D. AWS Shield
 E. Amazon GuardDuty
Correct Answer: BC
Question #9
A company is migrating to the AWS Cloud instead of running its infrastructure on premises.
Which of the following are advantages of this migration? (Choose two.)
 A. Elimination of the need to perform security auditing

 B. Increased global reach and agility Most Voted
 C. Ability to deploy globally in minutes Most Voted
 D. Elimination of the cost of IT staff members
 E. Redundancy by default for all compute services
Correct Answer: BD
Question #10
A user is comparing purchase options for an application that runs on Amazon EC2 and
Amazon RDS. The application cannot sustain any interruption. The application experiences a
predictable amount of usage, including some seasonal spikes that last only a few weeks at a
time. It is not possible to modify the application.
Which purchase option meets these requirements MOST cost-effectively?
 A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to
cover the predicted and seasonal load.
 B. Buy Reserved Instances for the predicted amount of usage throughout the year.
Allow any seasonal usage to run on Spot Instances.
 C. Buy Reserved Instances for the predicted amount of usage throughout the year.
Allow any seasonal usage to run at an On-Demand rate.
 D. Buy Reserved Instances to cover all potential usage that results from the seasonal
usage.
Correct Answer: B
Question #11
A company wants to review its monthly costs of using Amazon EC2 and Amazon RDS for
the past year.
Which AWS service or tool provides this information?
 A. AWS Trusted Advisor

 B. Cost Explorer Most Voted
 C. Amazon Forecast
 D. Amazon CloudWatch
Correct Answer: B
Question #12
A company wants to migrate a critical application to AWS. The application has a short
runtime. The application is invoked by changes in data or by shifts in system state. The
company needs a compute solution that maximizes operational efficiency and minimizes the
cost of running the application.
Which AWS solution should the company use to meet these requirements?
 A. Amazon EC2 On-Demand Instances

 B. AWS Lambda Most Voted
 C. Amazon EC2 Reserved Instances
 D. Amazon EC2 Spot Instances
Correct Answer: B
Question #13
Which AWS service or feature allows users to connect with and deploy AWS services
programmatically?
 A. AWS Management Console

 B. AWS Cloud9
 C. AWS CodePipeline
 D. AWS software development kits (SDKs) Most Voted
Correct Answer: D
Question #14
A company plans to create a data lake that uses Amazon S3.

Which factor will have the MOST effect on cost?
 A. The selection of S3 storage tiers Most Voted

 B. Charges to transfer existing data into Amazon S3
 C. The addition of S3 bucket policies
 D. S3 ingest fees for each request
Correct Answer: A
Question #15
A company is launching an ecommerce application that must always be available. The

application will run on Amazon EC2 instances continuously for the next
12 months.
What is the MOST cost-effective instance purchasing option that meets these requirements?
 A. Spot Instances
 B. Savings Plans Most Voted
 C. Dedicated Hosts
 D. On-Demand Instances
Correct Answer: B
Question #16
Which AWS service or feature can a company use to determine which business unit is using
specific AWS resources?
 A. Cost allocation tags Most Voted

 B. Key pairs
 C. Amazon Inspector
 D. AWS Trusted Advisor
Correct Answer: A
Question #17
A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud
computing.
Which AWS service or feature will help the company with its migration?

 B. AWS Consulting Partners Most Voted
 C. AWS Artifacts
 D. AWS Managed Services Most Voted
Correct Answer: D
Community vote distribution

Question #18
Which AWS service or tool should a company use to centrally request and track service limit
increases?
 A. AWS Config
 B. Service Quotas Most Voted
 C. AWS Service Catalog
 D. AWS Budgets
Correct Answer: B
Question #19
Which documentation does AWS Artifact provide?
 A. Amazon EC2 terms and conditions

 B. AWS ISO certifications Most Voted
 C. A history of a company's AWS spending
 D. A list of previous-generation Amazon EC2 instance types
Correct Answer: B
Question #20
Which task requires using AWS account root user credentials?
 A. Viewing billing information

 B. Changing the AWS Support plan Most Voted
 C. Starting and stopping Amazon EC2 instances
 D. Opening an AWS Support case
Correct Answer: B
Question #21
A company needs to simultaneously process hundreds of requests from different users.

Which combination of AWS services should the company use to build an operationally
efficient solution?
 A. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda Most Voted
 B. AWS Data Pipeline and Amazon EC2
 C. Amazon Kinesis and Amazon Athena
 D. AWS Amplify and AWS AppSync
Correct Answer: B
Question #22
What is the scope of a VPC within the AWS network?
 A. A VPC can span all Availability Zones globally.

 B. A VPC must span at least two subnets in each AWS Region.
 C. A VPC must span at least two edge locations in each AWS Region.
 D. A VPC can span all Availability Zones within an AWS Region. Most Voted
Correct Answer: D
Question #23
Which of the following are components of an AWS Site-to-Site VPN connection? (Choose
two.)
 A. AWS Storage Gateway

 B. Virtual private gateway Most Voted
 C. NAT gateway
 D. Customer gateway Most Voted
 E. Internet gateway
Correct Answer: BD
Question #24
A company needs to establish a connection between two VPCs. The VPCs are located in two
different AWS Regions. The company wants to use the existing infrastructure of the VPCs
for this connection.
Which AWS service or feature can be used to establish this connection?
 A. AWS Client VPN

 B. VPC peering Most Voted
 C. AWS Direct Connect
 D. VPC endpoints
Correct Answer: B
Reference:
https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
Question #25
According to the AWS shared responsibility model, what responsibility does a customer have
when using Amazon RDS to host a database?
 A. Manage connections to the database Most Voted

 B. Install Microsoft SQL Server
 C. Design encryption-at-rest strategies Most Voted
 D. Apply minor database patches
Correct Answer: A
Question #26
What are some advantages of using Amazon EC2 instances to host applications in the AWS
Cloud instead of on premises? (Choose two.)
 A. EC2 includes operating system patch management.

 B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and
Access Management (IAM). Most Voted
 C. EC2 has a 100% service level agreement (SLA).
 D. EC2 has a flexible, pay-as-you-go pricing model. Most Voted Most Voted
 E. EC2 has automatic storage cost optimization. Most Voted
Correct Answer: DE
Question #27
A user needs to determine whether an Amazon EC2 instance's security groups were modified
in the last month.
How can the user see if a change was made?
 A. Use Amazon EC2 to see if the security group was changed.
 B. Use AWS Identity and Access Management (IAM) to see which user or role
changed the security group.
 C. Use AWS CloudTrail to see if the security group was changed. Most Voted
 D. Use Amazon CloudWatch to see if the security group was changed.
Correct Answer: C
Question #28
Which AWS service will help protect applications running on AWS from DDoS attacks?
 A. Amazon GuardDuty
 B. AWS WAF
 C. AWS Shield Most Voted
 D. Amazon Inspector
Correct Answer: C
Question #29
Which AWS service or feature acts as a firewall for Amazon EC2 instances?
 A. Network ACL
 B. Elastic network interface
 C. Amazon VPC
 D. Security group Most Voted
Correct Answer: D
Question #30
How does the AWS Cloud pricing model differ from the traditional on-premises storage
pricing model?
 A. AWS resources do not incur costs

 B. There are no infrastructure operating costs Most Voted
 C. There are no upfront cost commitments Most Voted
 D. There are no software licensing costs
Correct Answer: B
Question #31
A company has a single Amazon EC2 instance. The company wants to adopt a highly
available architecture.
What can the company do to meet this requirement?
 A. Scale vertically to a larger EC2 instance size.

 B. Scale horizontally across multiple Availability Zones. Most Voted
 C. Purchase an EC2 Dedicated Instance.
 D. Change the EC2 instance family to a compute optimized instance.
Correct Answer: B
Question #32
A company's on-premises application deployment cycle was 3-4 weeks. After migrating to
the AWS Cloud, the company can deploy the application in 2-3 days.
Which benefit has this company experienced by moving to the AWS Cloud?
 A. Elasticity
 B. Flexibility
 C. Agility Most Voted
 D. Resilience
Correct Answer: A
Question #33
Which of the following are included in AWS Enterprise Support? (Choose two.)
 A. AWS technical account manager (TAM) Most Voted

 B. AWS partner-led support
 C. AWS Professional Services
 D. Support of third-party software integration to AWS Most Voted
 E. 5-minute response time for critical issues
Correct Answer: AD
Question #34
A global media company uses AWS Organizations to manage multiple AWS accounts.
Which AWS service or feature can the company use to limit the access to AWS services for
member accounts?
 A. AWS Identity and Access Management (IAM)

 B. Service control policies (SCPs) Most Voted
 C. Organizational units (OUs)
 D. Access control lists (ACLs)
Correct Answer: C
Question #35
A company wants to limit its employees' AWS access to a portfolio of predefined AWS
resources.
Which AWS solution should the company use to meet this requirement?
 A. AWS Config
 B. AWS software development kits (SDKs)
 C. AWS Service Catalog Most Voted
 D. AWS AppSync
Correct Answer: C
Question #36
An online company was running a workload on premises and was struggling to launch new
products and features. After migrating the workload to AWS, the company can quickly
launch products and features and can scale its infrastructure as required.
Which AWS Cloud value proposition does this scenario describe?
 A. Business agility Most Voted

 B. High availability
 C. Security
 D. Centralized auditing
Correct Answer: A
Question #37
Which of the following are advantages of the AWS Cloud? (Choose two.)
 A. AWS management of user-owned infrastructure

 B. Ability to quickly change required capacity Most Voted
 C. High economies of scale Most Voted
 D. Increased deployment time to market
 E. Increased fixed expenses
Correct Answer: BC
Question #38
AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across
hundreds of thousands of users.
This describes which advantage of the AWS Cloud?
 A. Launch globally in minutes

 B. Increase speed and agility
 C. High economies of scale Most Voted
 D. No guessing about compute capacity
Correct Answer: C
Question #39
A company has a database server that is always running. The company hosts the server on
Amazon EC2 instances. The instance sizes are suitable for the workload. The workload will
run for 1 year.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
 A. Standard Reserved Instances Most Voted

 B. On-Demand Instances
 C. Spot Instances
 D. Convertible Reserved Instances
Correct Answer: A
Question #40
A company is developing a mobile app that needs a high-performance NoSQL database.

Which AWS services could the company use for this database? (Choose two.)
 A. Amazon Aurora
 B. Amazon RDS
 C. Amazon Redshift
 D. Amazon DocumentDB (with MongoDB compatibility) Most Voted
 E. Amazon DynamoDB Most Voted
Correct Answer: BE
Question #41
Which tasks are the responsibility of AWS, according to the AWS shared responsibility
model? (Choose two.)
 A. Patch the Amazon EC2 guest operating system.

 B. Upgrade the firmware of the network infrastructure. Most Voted
 C. Apply password rotation for IAM users.
 D. Maintain the physical security of edge locations. Most Voted
 E. Maintain least privilege access to the root user account.
Correct Answer: BD
Question #42
Which of the following are features of network ACLs as they are used in the AWS Cloud?
(Choose two.)
 A. They are stateless. Most Voted

 B. They are stateful.
 C. They evaluate all rules before allowing traffic.
 D. They process rules in order, starting with the lowest numbered rule, when deciding
whether to allow traffic. Most Voted
 E. They operate at the instance level.
Correct Answer: AD
Question #43
A company has designed its AWS Cloud infrastructure to run its workloads effectively. The
company also has protocols in place to continuously improve supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?
 A. Security
 B. Performance efficiency
 C. Cost optimization
 D. Operational excellence Most Voted
Correct Answer: D
Question #44
Which AWS service or feature can be used to create a private connection between an on-
premises workload and an AWS Cloud workload?
 A. Amazon Route 53
 B. Amazon Macie
 C. AWS Direct Connect Most Voted
 D. AWS PrivateLink
Correct Answer: D
Question #45
A company needs to graphically visualize AWS billing and usage over time. The company
also needs information about its AWS monthly costs.
Which AWS Billing and Cost Management tool provides this data in a graphical format?
 A. AWS Bills
 B. Cost Explorer Most Voted
 C. AWS Cost and Usage Report
 D. AWS Budgets
Correct Answer: B
Question #46
A company wants to run production workloads on AWS. The company needs concierge
service, a designated AWS technical account manager (TAM), and technical support that is
available 24 hours a day, 7 days a week.
Which AWS Support plan will meet these requirements?
 A. AWS Basic Support

 B. AWS Enterprise Support Most Voted
 C. AWS Business Support
 D. AWS Developer Support
Correct Answer: B
Question #47
Which architecture design principle describes the need to isolate failures between dependent
components in the AWS Cloud?
 A. Use a monolithic design.

 B. Design for automation.
 C. Design for single points of failure.
 D. Loosely couple components. Most Voted
Correct Answer: D
Question #48
Which AWS services are managed database services? (Choose two.)
 A. Amazon Elastic Block Store (Amazon EBS)

 B. Amazon S3
 C. Amazon RDS Most Voted
 D. Amazon Elastic File System (Amazon EFS)
Correct Answer: CE
Question #49
A company is using the AWS Free Tier for several AWS services for an application.
What will happen if the Free Tier usage period expires or if the application use exceeds the
Free Tier usage limits?
 A. The company will be charged the standard pay-as-you-go service rates for the
usage that exceeds the Free Tier usage. Most Voted
 B. AWS Support will contact the company to set up standard service charges.
 C. The company will be charged for the services it consumed during the Free Tier
period, plus additional charges for service consumption after the Free Tier period.
 D. The company's AWS account will be frozen and can be restarted after a payment
plan is established.
Correct Answer: A
Question #50
A company recently deployed an Amazon RDS instance in its VPC. The company needs to
implement a stateful firewall to limit traffic to the private corporate network.
Which AWS service or feature should the company use to limit network traffic directly to its
RDS instance?
 A. Network ACLs
 B. Security groups Most Voted
 C. AWS WAF
 D. Amazon GuardDuty
Correct Answer: C
Question #51
Which AWS service uses machine learning to help discover, monitor, and protect sensitive
data that is stored in Amazon S3 buckets?
 A. AWS Shield
 B. Amazon Macie Most Voted
 C. AWS Network Firewall
 D. Amazon Cognito
Correct Answer: B
Question #52
A company wants to improve the overall availability and performance of its applications that
are hosted on AWS.
Which AWS service should the company use?
 A. Amazon Connect
 B. Amazon Lightsail
 C. AWS Global Accelerator Most Voted
 D. AWS Storage Gateway
Correct Answer: C
Question #53
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has
been shared with an external entity?
 A. AWS Service Catalog

 B. AWS Systems Manager
 C. AWS IAM Access Analyzer Most Voted
 D. AWS Organizations
Correct Answer: C
Question #54
A company does not want to rely on elaborate forecasting to determine its usage of compute
resources. Instead, the company wants to pay only for the resources that it uses. The company
also needs the ability to increase or decrease its resource usage to meet business
requirements.
Which pillar of the AWS Well-Architected Framework aligns with these requirements?
 A. Operational excellence
 B. Security
 C. Reliability
 D. Cost optimization Most Voted
Correct Answer: D
Question #55
A company wants to launch its workload on AWS and requires the system to automatically
recover from failure.
Which pillar of the AWS Well-Architected Framework includes this requirement?
 A. Cost optimization
 B. Operational excellence
 D. Reliability Most Voted
Correct Answer: D
Question #56
A large enterprise with multiple VPCs in several AWS Regions around the world needs to
connect and centrally manage network connectivity between its VPCs.
Which AWS service or feature meets these requirements?
 A. AWS Direct Connect

 B. AWS Transit Gateway Most Voted
 C. AWS Site-to-Site VPN
 D. VPC endpoints
Correct Answer: B
Question #57
Which AWS service supports the creation of visual reports from AWS Cost and Usage
Report data?
 A. Amazon Athena
 B. Amazon QuickSight Most Voted
 C. Amazon CloudWatch
Correct Answer: A
Question #58
Which AWS service should be used to monitor Amazon EC2 instances for CPU and network
utilization?
 A. Amazon Inspector
 B. AWS CloudTrail
 C. Amazon CloudWatch Most Voted
 D. AWS Config
Correct Answer: C
Question #59
A company is preparing to launch a new web store that is expected to receive high traffic for
an upcoming event. The web store runs only on AWS, and the company has an AWS
Enterprise Support plan.
Which AWS resource will provide guidance about how the company should scale its
architecture and operational support during the event?
 A. AWS Abuse team

 B. The designated AWS technical account manager (TAM)
 C. AWS infrastructure event management Most Voted
 D. AWS Professional Services
Correct Answer: B
Question #60
A user wants to deploy a service to the AWS Cloud by using infrastructure-as-code (IaC)
principles.
Which AWS service can be used to meet this requirement?

 B. AWS CloudFormation Most Voted
 C. AWS CodeCommit
 D. AWS Config
Correct Answer: B
Question #61
A company that has multiple business units wants to centrally manage and govern its AWS
Cloud environments. The company wants to automate the creation of
AWS accounts, apply service control policies (SCPs), and simplify billing processes.
Which AWS service or tool should the company use to meet these requirements?
 A. AWS Organizations Most Voted

 C. AWS Budgets
Correct Answer: A
Question #62
Which IT controls do AWS and the customer share, according to the AWS shared
responsibility model? (Choose two.)
 A. Physical and environmental controls

 B. Patch management Most Voted
 C. Cloud awareness and training Most Voted
 D. Zone security
 E. Application data encryption
Correct Answer: BC
Question #63
A company is launching an application in the AWS Cloud. The application will use Amazon
S3 storage. A large team of researchers will have shared access to the data. The company
must be able to recover data that is accidentally overwritten or deleted.
Which S3 feature should the company turn on to meet this requirement?
 A. Server access logging

 B. S3 Versioning Most Voted
 C. S3 Lifecycle rules
 D. Encryption in transit and at rest
Correct Answer: B
Question #64
A manufacturing company has a critical application that runs at a remote site that has a slow
internet connection. The company wants to migrate the workload to
AWS. The application is sensitive to latency and interruptions in connectivity. The company
wants a solution that can host this application with minimum latency.
Which AWS service or feature should the company use to meet these requirements?
 A. Availability Zones
 B. AWS Local Zones Most Voted
 C. AWS Wavelength
 D. AWS Outposts Most Voted
Correct Answer: B
Question #65
A company wants to migrate its applications from its on-premises data center to a VPC in the
AWS Cloud. These applications will need to access on-premises resources.
Which actions will meet these requirements? (Choose two.)
 A. Use AWS Service Catalog to identify a list of on-premises resources that can be
migrated.
 B. Create a VPN connection between an on-premises device and a virtual private
gateway in the VPC. Most Voted
 C. Use an Amazon CloudFront distribution and configure it to accelerate content
delivery close to the on-premises resources.
 D. Set up an AWS Direct Connect connection between the on-premises data center
and AWS. Most Voted
 E. Use Amazon CloudFront to restrict access to static web content provided through
the on-premises web servers.
Correct Answer: AD
Question #66
A company wants to use the AWS Cloud to provide secure access to desktop applications
that are running in a fully managed environment.
 A. Amazon S3
 B. Amazon AppStream 2.0 Most Voted
 C. AWS AppSync
 D. AWS Outposts
Correct Answer: A
Question #67
A company wants to implement threat detection on its AWS infrastructure. However, the
company does not want to deploy additional software.
Which AWS service should the company use to meet these requirements?
 A. Amazon VPC
 B. Amazon EC2
 C. Amazon GuardDuty Most Voted
 D. AWS Direct Connect
Correct Answer: C
Question #68
Which AWS service uses edge locations?
 A. Amazon Aurora
 B. AWS Global Accelerator Most Voted
 C. Amazon Connect
 D. AWS Outposts
Correct Answer: B
Reference:
https://aws.amazon.com/global-accelerator/
Question #69
A company needs to install an application in a Docker container.
Which AWS service eliminates the need to provision and manage the container hosts?
 A. AWS Fargate Most Voted

 B. Amazon FSx for Windows File Server
 C. Amazon Elastic Container Service (Amazon ECS) Most Voted
 D. Amazon EC2
Correct Answer: C
Question #70
Which AWS service or feature checks access policies and offers actionable recommendations
to help users set secure and functional policies?

 B. AWS IAM Access Analyzer Most Voted
Correct Answer: B
Question #71
A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea,
where there is intermittent or no internet connectivity. The company needs to collect, format,
and process the data at sea and move the data to AWS later.
 A. AWS IoT Core
 C. AWS Storage Gateway
 D. AWS Snowball Edge Most Voted
Correct Answer: C
Question #72
A retail company needs to build a highly available architecture for a new ecommerce
platform. The company is using only AWS services that replicate data across multiple
Availability Zones.
Which AWS services should the company use to meet this requirement? (Choose two.)
 A. Amazon EC2 Most Voted
 B. Amazon Elastic Block Store (Amazon EBS) Most Voted
 C. Amazon Aurora Most Voted
 D. Amazon DynamoDB Most Voted
 E. Amazon Redshift
Correct Answer: AB
Reference:
https://aws.amazon.com/rds/features/multi-az/#:~:text=Amazon%20Aurora%20further
%20extends%20the,ways%2C%20across%20three%
20Availability%20Zones
Question #73
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?
 A. Agility
 B. Elasticity Most Voted
 C. Reliability
 D. Durability
Correct Answer: B
Question #74
Service control policies (SCPs) manage permissions for which of the following?
 A. Availability Zones
 B. AWS Regions
 C. AWS Organizations Most Voted
 D. Edge locations
Correct Answer: C
Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
Question #75
Which AWS service can be used to encrypt data at rest?
 B. AWS Shield
 C. AWS Security Hub
 D. AWS Key Management Service (AWS KMS) Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/blogs/security/how-to-protect-data-at-rest-with-amazon-ec2-
instance-store-encryption/
Question #76
Which characteristics are advantages of using the AWS Cloud? (Choose two.)
 A. A 100% service level agreement (SLA) for all AWS services
 B. Compute capacity that is adjusted on demand Most Voted
 C. Availability of AWS Support for code development
 D. Enhanced security Most Voted
 E. Increases in cost and complexity
Correct Answer: BD
Reference:
https://intellipaat.com/blog/aws-benefits-and-drawbacks/
Question #77
A user is storing objects in Amazon S3. The user needs to restrict access to the objects to
meet compliance obligations.
What should the user do to meet this requirement?
 A. Use AWS Secrets Manager.
 B. Tag the objects in the S3 bucket. Most Voted
 C. Use security groups.
 D. Use network ACLs. Most Voted
Correct Answer: D
Question #78
A company wants to convert video files and audio files from their source format into a format
that will play on smartphones, tablets, and web browsers.
Which AWS service will meet these requirements?
 A. Amazon Elastic Transcoder Most Voted
 B. Amazon Comprehend
 C. AWS Glue
 D. Amazon Rekognition
Correct Answer: A
Question #79
Which of the following are benefits of Amazon EC2 Auto Scaling? (Choose two.)
 A. Improved health and availability of applications Most Voted
 B. Reduced network latency
 C. Optimized performance and costs Most Voted
 D. Automated snapshots of data
 E. Cross-Region Replication
Correct Answer: AB
Question #80
A company has several departments. Each department has its own AWS accounts for its
applications. The company wants all AWS costs on a single invoice to simplify payment, but
the company wants to know the costs that each department is incurring.
Which AWS tool or feature will provide this functionality?
 A. AWS Cost and Usage Reports
 B. Consolidated billing Most Voted
 C. Savings Plans
 D. AWS Budgets
Correct Answer: B
Question #81
A company runs its workloads on premises. The company wants to forecast the cost of
running a large application on AWS.
Which AWS service or tool can the company use to obtain this information?
 A. AWS Pricing Calculator Most Voted

 B. AWS Budgets
 D. Cost Explorer
Correct Answer: D
Reference:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html
Question #82
A company wants to eliminate the need to guess infrastructure capacity before deployments.
The company also wants to spend its budget on cloud resources only as the company uses the
resources.
Which advantage of the AWS Cloud matches the company's requirements?
 A. Reliability
 B. Global reach
 C. Economies of scale
 D. Pay-as-you-go pricing Most Voted
Correct Answer: D
Reference:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-
computing.html
Question #83
Which AWS service supports a hybrid architecture that gives users the ability to extend AWS
infrastructure, AWS services, APIs, and tools to data centers, co- location environments, or
on-premises facilities?
 A. AWS Snowmobile
 B. AWS Local Zones
 C. AWS Outposts Most Voted
 D. AWS Fargate
Correct Answer: C
Reference:
https://aws.amazon.com/outposts/
Question #84
A company has a physical tape library to store data backups. The tape library is running out
of space. The company needs to extend the tape library's capacity to the AWS Cloud.

 B. Amazon S3
 C. Amazon Elastic File System (Amazon EFS)
 D. AWS Storage Gateway Most Voted
Correct Answer: D
Question #85
An online retail company has seasonal sales spikes several times a year, primarily around
holidays. Demand is lower at other times. The company finds it difficult to predict the
increasing infrastructure demand for each season.
Which advantages of moving to the AWS Cloud would MOST benefit the company?
(Choose two.)
 A. Global footprint
 C. AWS service quotas
 D. AWS shared responsibility model
 E. Pay-as-you-go pricing Most Voted
Correct Answer: BE
Reference:
computing.html
Question #86
Which AWS service can be used to turn text into lifelike speech?
 A. Amazon Polly Most Voted

 B. Amazon Kendra
 C. Amazon Rekognition
 D. Amazon Connect
Correct Answer: A
Reference:
https://aws.amazon.com/polly/#:~:text=Amazon%20Polly%20is%20a%20service,synthesize
%20natural%20sounding%20human%20speech
Question #87
Which AWS service or tool can be used to capture information about inbound and outbound
traffic in an Amazon VPC?
 A. VPC Flow Logs Most Voted

 B. Amazon Inspector
 C. VPC endpoint services
 D. NAT gateway
Correct Answer: A
Question #88
A company wants to ensure that two Amazon EC2 instances are in separate data centers with
minimal communication latency between the data centers.
How can the company meet this requirement?
 A. Place the EC2 instances in two separate AWS Regions connected with a VPC
peering connection.
 B. Place the EC2 instances in two separate Availability Zones within the same AWS
Region. Most Voted
 C. Place one EC2 instance on premises and the other in an AWS Region. Then
connect them by using an AWS VPN connection.
 D. Place both EC2 instances in a placement group for dedicated bandwidth.
Correct Answer: B
Question #89
In which situations should a company create an IAM user instead of an IAM role? (Choose
two.)
 A. When an application that runs on Amazon EC2 instances requires access to other
AWS services
 B. When the company creates AWS access credentials for individuals Most Voted
 C. When the company creates an application that runs on a mobile phone that makes
requests to AWS
 D. When the company needs to add users to IAM groups Most Voted
 E. When users are authenticated in the corporate network and want to be able to use
AWS without having to sign in a second time
Correct Answer: BD
Question #90
Which AWS services should a company use to read and write data that changes frequently?
(Choose two.)
 A. Amazon S3 Glacier
 B. Amazon RDS Most Voted
 C. AWS Snowball
 D. Amazon Redshift
 E. Amazon Elastic File System (Amazon EFS) Most Voted
Correct Answer: BD
Question #91
Which AWS service is used to provide encryption for Amazon EBS?
 A. AWS Certificate Manager
 C. AWS KMS Most Voted
 D. AWS Config
Correct Answer: C
Question #92
Which AWS services make use of global edge locations? (Choose two.)
 A. AWS Fargate
 B. Amazon CloudFront Most Voted
 C. AWS Global Accelerator Most Voted
 D. AWS Wavelength
 E. Amazon VPC
Correct Answer: BC
Reference:
https://www.lastweekinaws.com/blog/what-is-an-edge-location-in-aws-a-simple-
explanation/#:~:text=CloudFront%20is%20the%20most%
20commonly,caches%20content%20in%20edge%20locations
Question #93
A company is operating several factories where it builds products. The company needs the
ability to process data, store data, and run applications with local system interdependencies
that require low latency.
 A. AWS IoT Greengrass
 B. AWS Lambda
 D. AWS Snowball Edge
Correct Answer: B
Question #94
Which of the following is a recommended design principle for AWS Cloud architecture?
 A. Design tightly coupled components.
 B. Build a single application component that can handle all the application
functionality.
 C. Make large changes on fewer iterations to reduce chances of failure.
 D. Avoid monolithic architecture by segmenting workloads. Most Voted
Correct Answer: C
Question #95
A company is designing its AWS workloads so that components can be updated regularly and
so that changes can be made in small, reversible increments.
Which pillar of the AWS Well-Architected Framework does this design support?
 A. Security
 C. Operational excellence Most Voted
 D. Reliability
Correct Answer: B
Question #96
Which of the following acts as an instance-level firewall to control inbound and outbound
access?
 A. Network access control list
 B. Security groups Most Voted
 D. Virtual private gateways
Correct Answer: B
Question #97
A company has a workload that will run continuously for 1 year. The workload cannot
tolerate service interruptions.
Which Amazon EC2 purchasing option will be MOST cost-effective?
 A. All Upfront Reserved Instances Most Voted
 B. Partial Upfront Reserved Instances
 C. Dedicated Instances
 D. On-Demand Instances
Correct Answer: A
Question #98
Which AWS service helps protect against DDoS attacks?
 A. AWS Shield Most Voted
 C. Amazon GuardDuty
 D. Amazon Detective
Correct Answer: A
Question #99
Using AWS Config to record, audit, and evaluate changes to AWS resources to enable
traceability is an example of which AWS Well-Architected Framework pillar?
 A. Security Most Voted
 D. Cost optimization
Correct Answer: A
Reference:
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
(12)
Question #100
Which AWS tool or feature acts as a VPC firewall at the subnet level?
 A. Security group
 B. Network ACL Most Voted
 C. Traffic Mirroring
 D. Internet gateway
Correct Answer: B
Question #101
Which AWS service can be used to decouple applications?
 A. AWS Config
 B. Amazon Simple Queue Service (Amazon SQS) Most Voted
 C. AWS Batch
 D. Amazon Simple Email Service (Amazon SES)
Correct Answer: B
Question #102
Which disaster recovery option is the LEAST expensive?
 A. Warm standby
 B. Multisite
 C. Backup and restore Most Voted
 D. Pilot light
Correct Answer: C
Question #103
Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is
stopped or terminated?
 B. Amazon EC2 instance store Most Voted
 C. Amazon Elastic File System (Amazon EFS)
 D. Amazon S3
Correct Answer: B
When you stop or terminate an instance, every block of storage in the instance store is reset.
Therefore, your data cannot be accessed through the instance store of another instance.
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html
Question #104
Which of the following is a characteristic of the AWS account root user?
 A. The root user is the only user that can be configured with multi-factor
authentication (MFA).
 B. The root user is the only user that can access the AWS Management Console.
 C. The root user is the first sign-in identity that is available when an AWS account is
created. Most Voted
 D. The root user has a password that cannot be changed.
Correct Answer: B
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
Question #105
A company hosts an application on an Amazon EC2 instance. The EC2 instance needs to
access several AWS resources, including Amazon S3 and Amazon
DynamoDB.
What is the MOST operationally efficient solution to delegate permissions?
 A. Create an IAM role with the required permissions. Attach the role to the EC2
instance. Most Voted
 B. Create an IAM user and use its access key and secret access key in the application.
 C. Create an IAM user and use its access key and secret access key to create a CLI
profile in the EC2 instance
 D. Create an IAM role with the required permissions. Attach the role to the
administrative IAM user.
Correct Answer: A
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Question #106
Which of the following is a component of the AWS Global Infrastructure?
 A. Amazon Alexa
 B. AWS Regions Most Voted
 C. Amazon Lightsail
Correct Answer: B
Reference:
https://aws.amazon.com/about-aws/global-infrastructure/
Question #107
What is the purpose of having an internet gateway within a VPC?
 A. To create a VPN connection to the VPC
 B. To allow communication between the VPC and the internet Most Voted
 C. To impose bandwidth constraints on internet traffic
 D. To load balance traffic from the internet across Amazon EC2 instances
Correct Answer: B
Question #108
Which AWS service allows users to download security and compliance reports about the
AWS infrastructure on demand?
 B. AWS Security Hub
 C. AWS Artifact Most Voted
 D. AWS Shield
Correct Answer: C
Question #109
A pharmaceutical company operates its infrastructure in a single AWS Region. The company
has thousands of VPCs in a various AWS accounts that it wants to interconnect.
Which AWS service or feature should the company use to help simplify management and
reduce operational costs?
 A. VPC endpoint
 B. AWS Direct Connect
 C. AWS Transit Gateway Most Voted
 D. VPC peering
Correct Answer: D
Reference:
https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-
infrastructure.pdf
(9)
Question #110
A company is planning an infrastructure deployment to the AWS Cloud. Before the
deployment, the company wants a cost estimate for running the infrastructure.
Which AWS service or feature can provide this information?
 A. Cost Explorer
 B. AWS Trusted Advisor
 C. AWS Cost and Usage Report
 D. AWS Pricing Calculator Most Voted
Correct Answer: D
Question #111
Which AWS service of tool helps to centrally manage billing and allow controlled access to
resources across AWS accounts?
 A. AWS Identity and Access Management (IAM)
 B. AWS Organizations Most Voted
 C. Cost Explorer
 D. AWS Budgets
Correct Answer: B
Question #112
Which of the following are Amazon Virtual Private Cloud (Amazon VPC) resources?
 A. Objects; access control lists (ACLs)

 B. Subnets; internet gateways Most Voted
 C. Access policies; buckets
 D. Groups; roles
Correct Answer: B
Question #113
A company needs to identify the last time that a specific user accessed the AWS Management
Console.
Which AWS service will provide this information?
 A. Amazon Cognito
 B. AWS CloudTrail Most Voted
Correct Answer: B
Question #114
A company launched an Amazon EC2 instance with the latest Amazon Linux 2 Amazon
Machine Image (AMI).
Which actions can a system administrator take to connect to the EC2 instance? (Choose two.)
 A. Use Amazon EC2 Instance Connect. Most Voted

 B. Use a Remote Desktop Protocol (RDP) connection.
 C. Use AWS Batch
 D. Use AWS Systems Manager Session Manager. Most Voted
 E. Use Amazon Connect
Correct Answer: AC
Question #115
A company wants to perform sentiment analysis on customer service email messages that it
receives. The company wants to identify whether the customer service engagement was
positive or negative.
Which AWS service should the company use to perform this analysis?
 A. Amazon Textract
 B. Amazon Translate
 C. Amazon Comprehend Most Voted
 D. Amazon Rekognition
Correct Answer: C
Question #116
What is the total amount of storage offered by Amazon S3?
 A. 100MB
 B. 5 GB
 C. 5 TB
 D. Unlimited Most Voted
Correct Answer: D
Question #117
A company is migrating to Amazon S3. The company needs to transfer 60 TB of data from
an on-premises data center to AWS within 10 days.
Which AWS service should the company use to accomplish this migration?
 A. Amazon S3 Glacier
 B. AWS Database Migration Service (AWS DMS)
 C. AWS Snowball Most Voted
Correct Answer: C
Question #118
What type of database is Amazon DynamoDB?
 A. In-memory
 B. Relational
 C. Key-value Most Voted
 D. Graph
Correct Answer: C
Question #119
A large organization has a single AWS account.

What are the advantages of reconfiguring the single account into multiple AWS accounts?
(Choose two.)
 A. It allows for administrative isolation between different workloads. Most Voted
 B. Discounts can be applied on a quarterly basis by submitting cases in the AWS
Management Console.
 C. Transitioning objects from Amazon S3 to Amazon S3 Glacier in separate AWS
accounts will be less expensive.
 D. Having multiple accounts reduces the risks associated with malicious activity
targeted at a single account. Most Voted
 E. Amazon QuickSight offers access to a cost tool that provides application-specific
recommendations for environments running in multiple accounts.
Correct Answer: AC
Question #120
A retail company has recently migrated its website to AWS. The company wants to ensure
that it is protected from SQL injection attacks. The website uses an
Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection
attacks?
 A. Security groups
 B. AWS WAF Most Voted
 C. Network ACLs
 D. AWS Shield
Correct Answer: B
Question #121
Which AWS service provides a feature that can be used to proactively monitor and plan for
the service quotas of AWS resources?
 A. AWS CloudTrail
 B. AWS Personal Health Dashboard
 C. AWS Trusted Advisor Most Voted
 D. Amazon CloudWatch Most Voted
Correct Answer: D
Question #122
Which of the following is an advantage that users experience when they move on-premises
workloads to the AWS Cloud?
 A. Elimination of expenses for running and maintaining data centers Most Voted
 B. Price discounts that are identical to discounts from hardware providers
 C. Distribution of all operational controls to AWS
 D. Elimination of operational expenses
Correct Answer: A
Question #123
Which design principle is included in the operational excellence pillar of the AWS Well-
Architected Framework?
 A. Create annotated documentation.

 B. Anticipate failure. Most Voted
 C. Ensure performance efficiency.
 D. Optimize costs.
Correct Answer: B
Question #124
Which AWS services offer gateway VPC endpoints that can be used to avoid sending traffic
over the internet? (Choose two.)
 A. Amazon Simple Notification Service (Amazon SNS)

 B. Amazon Simple Queue Service (Amazon SQS)
 C. AWS CodeBuild
 D. Amazon S3 Most Voted
Correct Answer: BD
Question #125
Which of the following is the customer responsible for updating and patching, according to
the AWS shared responsibility model?
 A. Amazon FSx for Windows File Server

 B. Amazon WorkSpaces virtual Windows desktop Most Voted
 C. AWS Directory Service for Microsoft Active Directory
 D. Amazon RDS for Microsoft SQL Server
Correct Answer: B
Question #126
Who has the responsibility to patch the host operating system of an Amazon EC2 instance,
according to the AWS shared responsibility model?
 A. Both AWS and the customer

 B. The customer only
 C. The EC2 hardware manufacturer
 D. AWS only Most Voted
Correct Answer: B
Question #127
A company is using an Amazon RDS DB instance for an application that is deployed in the
AWS Cloud. The company needs regular patching of the operating system of the server
where the DB instance runs.
What is the company's responsibility in this situation, according to the AWS shared
responsibility model?
 A. Open a support case to obtain administrative access to the server so that the
company can patch the DB instance operating system.
 B. Open a support case and request that AWS patch the DB instance operating
system.
 C. Use administrative access to the server, and apply the operating system patches
during the regular maintenance window that is defined for the DB instance.
 D. Establish a regular maintenance window that tells AWS when to patch the DB
instance operating system. Most Voted
Correct Answer: B
Question #128
Why is an AWS Well-Architected review a critical part of the cloud design process?
 A. A Well-Architected review is mandatory before a workload can run on AWS.

 B. A Well-Architected review helps identify design gaps and helps evaluate design
decisions and related documents. Most Voted
 C. A Well-Architected review is an audit mechanism that is a part of requirements for
service level agreements.
 D. A Well-Architected review eliminates the need for ongoing auditing and
compliance tests.
Correct Answer: B
Question #129
A company implements an Amazon EC2 Auto Scaling policy along with an Application
Load Balancer to automatically recover unhealthy applications that run on
Amazon EC2 instances.
Which pillar of the AWS Well-Architected Framework does this action cover?
 A. Security
 C. Operational excellence
Correct Answer: D
Reference:
https://docs.aws.amazon.com/wellarchitected/latest/reliability-pillar/wellarchitected-
reliability-pillar.pdf
Question #130
Which AWS Cloud benefit is shown by an architecture's ability to withstand failures with
minimal downtime?
 A. Agility
 B. Elasticity
 C. Scalability
 D. High availability Most Voted
Correct Answer: D
Question #131
Under the AWS shared responsibility model, which task is the customer's responsibility when
managing AWS Lambda functions?
 A. Creating versions of Lambda functions Most Voted

 B. Maintaining server and operating systems
 C. Scaling Lambda resources according to demand
 D. Updating the Lambda runtime environment
Correct Answer: A
Question #132
What does the AWS Concierge Support team provide?
 A. A technical expert dedicated to the user

 B. A primary point of contact for AWS Billing and AWS Support Most Voted
 C. A partner to help provide scaling guidance for an event launch
 D. A dedicated AWS staff member who reviews the user's application architecture
Correct Answer: A
Question #133
A company needs to generate reports that can break down cloud costs by product, by
company-defined tags, and by hour, day, and month.
Which AWS tool should the company use to meet these requirements?
 A. Reserved Instance utilization and coverage reports

 B. Savings Plans utilization reports
 C. AWS Budgets reports
 D. AWS Cost and Usage Reports Most Voted
Correct Answer: D
Question #134
A company has a serverless application that includes an Amazon API Gateway API, an AWS
Lambda function, and an Amazon DynamoDB database.
Which AWS service can the company use to trace user requests as they move through the
application's components?
 A. AWS CloudTrail Most Voted

 B. Amazon CloudWatch
 D. AWS X-Ray Most Voted
Correct Answer: D
Question #135
A company needs to set up a petabyte-scale data warehouse in the AWS Cloud.

Which AWS service will meet this requirement?
 A. Amazon DynamoDB
 B. Amazon RDS
 C. Amazon Redshift Most Voted
 D. Amazon ElastiCache
Correct Answer: C
Question #136
Which AWS service is always provided at no charge?
 A. Amazon S3
 B. AWS Identity and Access Management (IAM) Most Voted
 C. Elastic Load Balancers
 D. AWS WAF
Correct Answer: B
Question #137
A company needs to design an AWS disaster recovery plan to cover multiple geographic
areas.
Which action will meet this requirement?
 A. Configure multiple AWS accounts.

 B. Configure the architecture across multiple Availability Zones in an AWS Region.
Most Voted
 C. Configure the architecture across multiple AWS Regions. Most Voted
 D. Configure the architecture among many edge locations.
Correct Answer: C
Question #138
Which of the following is a benefit of moving from an on-premises data center to the AWS
Cloud?
 A. Compute instances can be launched and terminated as needed to optimize costs.

Most Voted
 B. Compute costs can be viewed in the AWS Billing and Cost Management console.
 C. Users retain full administrative access to their compute instances.
 D. Users can optimize costs by permanently running enough instances at peak load.
Correct Answer: A
Question #139
In which ways does the AWS Cloud offer lower total cost of ownership (TCO) of computing
resources than on-premises data centers? (Choose two.)
 A. AWS replaces upfront capital expenditures with pay-as-you-go costs. Most Voted
 B. AWS is designed for high availability, which eliminates user downtime.
 C. AWS eliminates the need for on-premises IT staff.
 D. AWS uses economies of scale to continually reduce prices. Most Voted
 E. AWS offers a single pricing model for Amazon EC2 instances.
Correct Answer: AC
Question #140
Which AWS service monitors AWS accounts for security threats?
 A. Amazon GuardDuty Most Voted

 B. AWS Secrets Manager
 C. Amazon Cognito
 D. AWS Certificate Manager (ACM)
Correct Answer: A
Question #141
Which benefit is included with an AWS Enterprise Support plan?
 A. AWS Partner Network (APN) support at no cost.

 B. Designated support from an AWS technical account manager (TAM) Most Voted
 C. On-site support from AWS engineers
 D. AWS managed compliance as code with AWS Config
Correct Answer: B
Question #142
Which task does AWS perform automatically?

 A. Encrypt data that is stored in Amazon DynamoDB. Most Voted
 B. Patch Amazon EC2 instances.
 C. Encrypt user network traffic.
 D. Create TLS certificates for users' websites.
Correct Answer: A
Question #143
Which AWS service or tool can a company use to visualize, understand, and manage AWS
spending and usage over time?

 B. Amazon CloudWatch
 C. Cost Explorer Most Voted
 D. AWS Budgets
Correct Answer: C
Question #144
A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory
requirements, the data must remain local and on premises. There must be low latency
between AWS and the company resources.
Which AWS service or feature can be used to meet these requirements?
 A. AWS Local Zones

 B. Availability Zones
 D. AWS Wavelength Zones
Correct Answer: A
Reference:
https://d1.awsstatic.com/whitepapers/hybrid-cloud-with-aws.pdf
(18)
Question #145
A company requires an isolated environment within AWS for security purposes.

Which action can be taken to accomplish this?
 A. Create a separate Availability Zone to host the resources.

 B. Create a separate VPC to host the resources. Most Voted
 C. Create a placement group to host the resources.
 D. Create an AWS Direct Connect connection between the company and AWS.
Correct Answer: B
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/infrastructure-security.html
Question #146
Which AWS service is a highly available and scalable DNS web service?
 A. Amazon VPC
 B. Amazon CloudFront
 C. Amazon Route 53 Most Voted
Correct Answer: C
Reference:
https://aws.amazon.com/route53/
Question #147
Which of the following is an AWS best practice for managing an AWS account root user?
 A. Keep the root user password with the security team.

 B. Enable multi-factor authentication (MFA) for the root user. Most Voted
 C. Create an access key for the root user. Most Voted
 D. Keep the root user password consistent for compliance purposes.
Correct Answer: B
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Question #148
A company wants to improve its security and audit posture by limiting Amazon EC2 inbound
access.
What should the company use to access instances remotely instead of opening inbound SSH
ports and managing SSH keys?
 A. EC2 key pairs

 B. AWS Systems Manager Session Manager Most Voted
 C. AWS Identity and Access Management (IAM)
 D. Network ACLs
Correct Answer: B
Reference:
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
Question #149
After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would
provide the largest discount?
 A. No upfront payment
 B. Hourly on-demand payment
 C. Partial upfront payment
 D. All upfront payment Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
Question #150
A company has refined its workload to use specific AWS services to improve efficiency and
reduce cost.
Which best practice for cost governance does this example show?
 A. Resource controls
 B. Cost allocation
 C. Architecture optimization Most Voted
 D. Tagging enforcement
Correct Answer: B
Question #151
A company would like to host its MySQL databases on AWS and maintain full control over
the operating system, database installation, and configuration.
Which AWS service should the company use to host the databases?
 A. Amazon RDS
 B. Amazon EC2 Most Voted
 C. Amazon DynamoDB
 D. Amazon Aurora
Correct Answer: A
Reference:
https://d1.awsstatic.com/whitepapers/best-practices-for-running-oracle-database-on-aws.pdf?
did=wp_card&trk=wp_card
(6)
Question #152
How does the AWS global infrastructure offer high availability and fault tolerance to its
users?
 A. The AWS infrastructure is made up of multiple AWS Regions within various

Availability Zones located in areas that have low flood risk, and are interconnected
with low-latency networks and redundant power supplies.
 B. The AWS infrastructure consists of subnets containing various Availability Zones
with multiple data centers located in the same geographic location.
 C. AWS allows users to choose AWS Regions and data centers so that users can
select the closest data centers in different Regions.
 D. The AWS infrastructure consists of isolated AWS Regions with independent
Availability Zones that are connected with low-latency networking and redundant
power supplies. Most Voted
Correct Answer: D
Question #153
A company is using Amazon EC2 Auto Scaling to scale its Amazon EC2 instances.
Which benefit of the AWS Cloud does this example illustrate?
 A. High availability Most Voted

 C. Reliability
 D. Global reach
Correct Answer: A
Question #154
Which AWS service or feature is used to send both text and email messages from distributed
applications?
 A. Amazon Simple Notification Service (Amazon SNS) Most Voted

 B. Amazon Simple Email Service (Amazon SES)
 C. Amazon CloudWatch alerts
 D. Amazon Simple Queue Service (Amazon SQS)
Correct Answer: D
Reference:
https://aws.amazon.com/getting-started/hands-on/send-messages-distributed-applications/
#:~:text=Send%20Messages%20Between%20Distributed%
20Applications%20with%20Amazon%20Simple%20Queue%20Service%20(SQS)
Question #155
A user is able to set up a master payer account to view consolidated billing reports through:
 A. AWS Budgets.
 B. Amazon Macie.
 C. Amazon QuickSight.
 D. AWS Organizations. Most Voted
Correct Answer: D
Reference:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html
Question #156
According to the AWS shared responsibility model, which task is the customer's
responsibility?
 A. Maintaining the infrastructure needed to run AWS Lambda

 B. Updating the operating system of Amazon DynamoDB instances
 C. Maintaining Amazon S3 infrastructure
 D. Updating the guest operating system on Amazon EC2 instances Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/#:~:text=Customers%20are
%20responsible%20for%20managing,also%20extends%
20to%20IT%20controls
Question #157
A company wants to migrate a small website and database quickly from on-premises
infrastructure to the AWS Cloud. The company has limited operational knowledge to perform
the migration.
Which AWS service supports this use case?
 A. Amazon EC2
 B. Amazon Lightsail Most Voted
 C. Amazon S3
 D. AWS Lambda
Correct Answer: C
Question #158
A company is moving multiple applications to a single AWS account. The company wants to
monitor the AWS Cloud costs incurred by each application.
What can the company do to meet this requirement?
 A. Set up invoiced billing.

 B. Use AWS Artifact.
 C. Set budgets in Cost Explorer.
 D. Create cost allocation tags. Most Voted
Correct Answer: C
Question #159
Which design principle is achieved by following the reliability pillar of the AWS Well-
Architected Framework?
 A. Vertical scaling
 B. Manual failure recovery
 C. Testing recovery procedures Most Voted
 D. Changing infrastructure manually
Correct Answer: C
Reference:
https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/
Question #160
A user needs to quickly deploy a non-relational database on AWS. The user does not want to
manage the underlying hardware or the database software.
Which AWS service can be used to accomplish this?
 A. Amazon RDS
 B. Amazon DynamoDB Most Voted
 C. Amazon Aurora
Correct Answer: B
Question #161
Which task is an AWS responsibility when a workload is running in Amazon RDS?
 A. Creating the database table

 B. Updating the database schema
 C. Installing the database engine Most Voted
 D. Dropping the database records
Correct Answer: C
Question #162
A development team wants to publish and manage web services that provide REST APIs.
 A. AWS App Mesh

 B. Amazon API Gateway Most Voted
 C. Amazon CloudFront
 D. AWS Cloud Map
Correct Answer: B
Question #163
A company has a social media platform in which users upload and share photos with other
users. The company wants to identify and remove inappropriate photos. The company has no
machine learning (ML) scientists and must build this detection capability with no ML
expertise.
Which AWS service should the company use to build this capability?
 A. Amazon SageMaker
 B. Amazon Textract
 C. Amazon Rekognition Most Voted
 D. Amazon Comprehend
Correct Answer: D
Question #164
Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2
instances?
 A. Database backups
 B. Database software patches
 C. Operating system patches
 D. Operating system installations. Most Voted
Correct Answer: D
Question #165
A company wants to use Amazon S3 to store its legacy data. The data is rarely accessed.
However, the data is critical and cannot be recreated. The data needs to be available for
retrieval within seconds.
Which S3 storage class meets these requirements MOST cost-effectively?
 A. S3 Standard
 B. S3 One Zone-Infrequent Access (S3 One Zone-IA)
 C. S3 Standard-Infrequent Access (S3 Standard-IA) Most Voted
 D. S3 Glacier
Correct Answer: A
Question #166
An online retail company wants to migrate its on-premises workload to AWS. The company
needs to automatically handle a seasonal workload increase in a cost- effective manner.
Which AWS Cloud features will help the company meet this requirement? (Choose two.)
 A. Cross-Region workload deployment

 B. Pay-as-you-go pricing Most Voted
 C. Built-in AWS CloudTrail audit capabilities
 D. Auto Scaling policies Most Voted
 E. Centralized logging
Correct Answer: BD
Question #167
Which AWS service helps developers use loose coupling and reliable messaging between
microservices?
 A. Elastic Load Balancing

 B. Amazon Simple Notification Service (Amazon SNS)
 D. Amazon Simple Queue Service (Amazon SQS) Most Voted
Correct Answer: D
Question #168
A company needs to build an application that uses AWS services. The application will be
delivered to residents in European Counties. The company must abide by regional regulatory
requirements.
Which AWS service or program should the company use to determine which AWS services
meet the regional requirements?
 A. AWS Audit Manager

 B. AWS Shield
 C. AWS Compliance Program Most Voted
 D. AWS Artifact Most Voted
Correct Answer: C
Question #169
A company needs to implement identity management for a fleet of mobile apps that are
running in the AWS Cloud.
 A. Amazon Cognito Most Voted

 B. AWS Security Hub
 C. AWS Shield
 D. AWS WAF
Correct Answer: A
Question #170
A company needs an Amazon EC2 instance for a rightsized database server that must run
constantly for 1 year.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
 A. Standard Reserved Instance Most Voted

 B. Convertible Reserved Instance
 C. On-Demand Instance
 D. Spot Instance
Correct Answer: A
Question #171
A company has multiple applications and is now building a new multi-tier application. The
company will host the new application on Amazon EC2 instances. The company wants the
network routing and traffic between the various applications to follow the security principle
of least privilege.
Which AWS service or feature should the company use to enforce this principle?
 A. Security groups Most Voted

 B. AWS Shield
 C. AWS Global Accelerator
 D. AWS Direct Connect gateway
Correct Answer: A
Question #172
A company's web application requires AWS credentials and authorizations to use an AWS
service.
Which IAM entity should the company use as best practice?
 A. IAM role Most Voted

 B. IAM user
 C. IAM group
 D. IAM multi-factor authentication (MFA)
Correct Answer: A
Question #173
A company is creating a document that defines the operating system patch routine for all the
company's systems.
Which AWS resources should the company include in this document? (Choose two.)
 A. Amazon EC2 instances Most Voted Most Voted
 B. AWS Lambda functions
 C. AWS Fargate tasks
 D. Amazon RDS instances Most Voted
 E. Amazon Elastic Container Service (Amazon ECS) instances Most Voted
Correct Answer: AD
Question #174
Which AWS service or feature gives a company the ability to control incoming traffic and
outgoing traffic for Amazon EC2 instances?
 A. Security groups Most Voted

 B. Amazon Route 53
 C. AWS Direct Connect
 D. Amazon VPC
Correct Answer: D
Question #175
A company is starting to build its infrastructure in the AWS Cloud. The company wants
access to technical support during business hours. The company also wants general
architectural guidance as teams build and test new applications.
Which AWS Support plan will meet these requirements at the LOWEST cost?

 B. AWS Developer Support Most Voted
 C. AWS Business Support
 D. AWS Enterprise Support
Correct Answer: B
Question #176
A company is migrating its public website to AWS. The company wants to host the domain
name for the website on AWS.
 A. AWS Lambda
 B. Amazon Route 53 Most Voted
Correct Answer: B
Question #177
A company needs to evaluate its AWS environment and provide best practice
recommendations in five categories: cost, performance, service limits, fault tolerance, and
security.
Which AWS service can the company use to meet these requirements?
 A. AWS Shield
 B. AWS WAF
 C. AWS Trusted Advisor Most Voted
 D. AWS Service Catalog
Correct Answer: C
Question #178
Which AWS service provides the capability to view end-to-end performance metrics and
troubleshoot distributed applications?
 A. AWS Cloud9
 B. AWS CodeStar
 C. AWS Cloud Map
 D. AWS X-Ray Most Voted
Correct Answer: D
Question #179
Which cloud computing benefit does AWS demonstrate with its ability to offer lower
variable costs as a result of high purchase volumes?
 A. Pay-as-you-go pricing
 B. High availability
 C. Global reach
 D. Economies of scale Most Voted
Correct Answer: A
Question #180
Which AWS service provides threat detection by monitoring for malicious activities and
unauthorized actions to protect AWS accounts, workloads, and data that is stored in Amazon
S3?
 A. AWS Shield
 B. AWS Firewall Manager
 C. Amazon GuardDuty Most Voted
 D. Amazon Inspector
Correct Answer: C
Question #181
Which AWS service can a company use to store and manage Docker images?
 B. Amazon Kinesis Data Streams
 C. Amazon Elastic Container Registry (Amazon ECR) Most Voted
Correct Answer: C
Question #182
A company needs an automated security assessment report that will identify unintended
network access to Amazon EC2 instances. The report also must identify operating system
vulnerabilities on those instances.
Which AWS service or feature should the company use to meet this requirement?

 B. Security groups
 C. Amazon Macie
 D. Amazon Inspector Most Voted
Correct Answer: D
Question #183
A global company is building a simple time-tracking mobile app. The app needs to operate
globally and must store collected data in a database. Data must be accessible from the AWS
Region that is closest to the user.
What should the company do to meet these data storage requirements with the LEAST
amount of operational overhead?
 A. Use Amazon EC2 in multiple Regions to host separate databases

 B. Use Amazon RDS cross-Region replication
 C. Use Amazon DynamoDB global tables Most Voted
 D. Use AWS Database Migration Service (AWS DMS)
Correct Answer: C
Question #184
Which of the following are economic advantages of the AWS Cloud? (Choose two.)
 A. Increased workforce productivity Most Voted Most Voted

 B. Decreased need to encrypt user data
 C. Manual compliance audits
 D. Simplified total cost of ownership (TCO) accounting Most Voted
 E. Faster product launches Most Voted
Correct Answer: DE
Question #185
Which controls does the customer fully inherit from AWS in the AWS shared responsibility
model?
 A. Patch management controls

 B. Awareness and training controls
 C. Physical and environmental controls Most Voted
 D. Configuration management controls
Correct Answer: A
Question #186
Which task is a customer's responsibility, according to the AWS shared responsibility model?
 A. Management of the guest operating systems Most Voted

 B. Maintenance of the configuration of infrastructure devices
 C. Management of the host operating systems and virtualization
 D. Maintenance of the software that powers Availability Zones
Correct Answer: A
Question #187
A company needs to deliver new website features quickly in an iterative manner to minimize
the time to market.
Which AWS Cloud concept does this requirement represent?
 A. Reliability
 B. Elasticity
 C. Agility Most Voted
 D. High availability
Correct Answer: C
Question #188
A company wants to increase its ability to recover its infrastructure in the case of a natural
disaster.
Which pillar of the AWS Well-Architected Framework does this ability represent?
 C. Reliability Most Voted
 D. Security
Correct Answer: C
Question #189
Which AWS service tracks API calls and user activity?
 A. AWS Organizations
 B. AWS Config
 D. AWS CloudTrail Most Voted
Correct Answer: D
Question #190
Which AWS service, feature, or tool uses machine learning to continuously monitor cost and
usage for unusual cloud spending?
 A. Amazon Lookout for Metrics

 B. AWS Budgets
 D. AWS Cost Anomaly Detection Most Voted
Correct Answer: D
Question #191
A company deployed an application on an Amazon EC2 instance. The application ran as

expected for 6 months in the past week, users have reported latency issues. A system
administrator found that the CPU utilization was at 100% during business hours. The
company wants a scalable solution to meet demand.
Which AWS service or feature should the company use to handle the load for its application
during periods of high demand?
 A. Auto Scaling groups Most Voted

 B. AWS Global Accelerator
 C. Amazon Route 53
 D. An Elastic IP address
Correct Answer: C
Question #192
A company wants to migrate to AWS and use the same security software it uses on premises.
The security software vendor offers its security software as a service on AWS.
Where can the company purchase the security solution?
 A. AWS Partner Solutions Finder

 B. AWS Support Center
 C. AWS Management Console
 D. AWS Marketplace Most Voted
Correct Answer: D
Question #193
A company is generating large sets of critical data in its on-premises data center. The
company needs to securely transfer the data to AWS for processing. These transfers must
occur daily over a dedicated connection.
 A. AWS Backup
 B. AWS DataSync Most Voted
 C. AWS Direct Connect Most Voted
 D. AWS Snowball
Correct Answer: B
Question #194
A company wants to run production workloads on AWS. The company wants access to
technical support from engineers 24 hours a day, 7 days a week. The company also wants
access to the AWS Health API and contextual architectural guidance for business use cases.
The company has a strong IT support team and does not need concierge support.
Which AWS Support plan will meet these requirements at the LOWEST cost?

 B. AWS Developer Support
 C. AWS Business Support Most Voted
 D. AWS Enterprise Support
Correct Answer: D
Question #195
Which of the following is a managed AWS service that is used specifically for extract,
transform, and load (ETL) data?
 A. Amazon Athena
 B. AWS Glue Most Voted
 C. Amazon S3
Correct Answer: B
Question #196
Which of the following actions are controlled with AWS Identity and Access Management
(IAM)? (Choose two.)
 A. Control access to AWS service APIs and to other specific resources. Most Voted
 B. Provide intelligent threat detection and continuous monitoring.
 C. Protect the AWS environment using multi-factor authentication (MFA). Most
Voted
 D. Grant users access to AWS data centers.
 E. Provide firewall protection for applications from common web attacks.
Correct Answer: AC
Question #197
Which of the following are shared controls that apply to both AWS and the customer,
according to the AWS shared responsibility model? (Choose two.)
 A. Resource configuration management Most Voted

 B. Network data integrity
 C. Employee awareness and training Most Voted
 D. Physical and environmental security
 E. Replacement and disposal of disk drives
Correct Answer: AC
Question #198
What information is found on an AWS Identity and Access Management (IAM) credential
report? (Choose two.)
 A. The date and time when an IAM user's password was last used to sign in to the
AWS Management Console. Most Voted
 B. The type of multi-factor authentication (MFA) device assigned to an IAM user.
 C. The User-Agent browser identifier for each IAM user currently logged in.
 D. Whether multi-factor authentication (MFA) has been enabled for an IAM user.
Most Voted
 E. The number of incorrect login attempts by each IAM user in the previous 30 days.
Correct Answer: AC
Question #199
What is the LEAST expensive AWS Support plan that contains a full set of AWS Trusted
Advisor best practice checks?
 A. AWS Enterprise Support

 B. AWS Business Support Most Voted
 C. AWS Developer Support
 D. AWS Basic Support
Correct Answer: B
Question #200
Which AWS service provides domain registration, DNS routing, and service health checks?

 B. Amazon Route 53 Most Voted
 D. Amazon API Gateway
Correct Answer: B
Question #201
A bank needs to store recordings of calls made to its contact center for 6 years. The
recordings must be accessible within 48 hours from the time they are requested.
Which AWS service will provide a secure and cost-effective solution for retaining these
files?
 B. Amazon S3 Glacier Most Voted
 C. Amazon Connect
 D. Amazon ElastiCache
Correct Answer: C
Question #202
Which AWS service should be used to migrate a company's on-premises MySQL database to
Amazon RDS?

 B. AWS Server Migration Service (AWS SMS)
 C. AWS Database Migration Service (AWS DMS) Most Voted
 D. AWS Schema Conversion Tool (AWS SCT)
Correct Answer: C
Question #203
Which benefits does a company gain when the company moves from on-premises IT
architecture to the AWS Cloud? (Choose two.)
 A. Reduced or eliminated tasks for hardware troubleshooting, capacity planning, and

procurement Most Voted
 B. Elimination of the need for trained IT staff
 C. Automatic security configuration of all applications that are migrated to the cloud
 D. Elimination of the need for disaster recovery planning
 E. Faster deployment of new features and applications Most Voted
Correct Answer: AE
Question #204
Which of the following is a benefit of decoupling an AWS Cloud architecture?

 A. Reduced latency
 B. Ability to upgrade components independently Most Voted
 C. Decreased costs
 D. Fewer components to manage
Correct Answer: B
Question #205
Which task is the responsibility of the customer according to the AWS shared responsibility
model?
 A. Maintain the security of the hardware that runs Amazon EC2 instances.
 B. Patch the guest operating system of Amazon EC2 instances. Most Voted
 C. Protect the security of the AWS global infrastructure.
 D. Patch Amazon RDS software.
Correct Answer: B
Question #206
Which AWS Organizations feature can be used to track charges across multiple accounts and
report the combined cost?
 A. Service control policies (SCPs)

 C. Consolidated billing Most Voted
 D. AWS Identity and Access Management (IAM)
Correct Answer: C
Question #207
Which of the following is a cloud benefit that AWS offers to its users?
 A. The ability to configure AWS data center hypervisors

 B. The ability to purchase hardware in advance of increased traffic
 C. The ability to deploy to AWS on a global scale Most Voted
 D. Compliance audits for user IT environments
Correct Answer: C
Question #208
An ecommerce company has migrated its IT infrastructure from an on-premises data center to
the AWS Cloud.
Which cost is the company's direct responsibility?
 A. Cost of application software licenses Most Voted

 B. Cost of the hardware infrastructure on AWS
 C. Cost of power for the AWS servers
 D. Cost of physical security for the AWS data center
Correct Answer: A
Question #209
What are the five pillars of the AWS Well-Architected Framework?
 A. Encryption, documentation, speed, hybrid design, and cost optimization

 B. Containerization, cost margins, globalization, marketplace, and developer
operations
 C. Network, compute, storage, security, and developer operations
 D. Operational excellence, reliability, performance efficiency, security, and cost
optimization Most Voted
Correct Answer: D
Question #210
A company accepts enrollment applications on handwritten paper forms. The company uses a
manual process to enter the form data into its backend systems.
The company wants to automate the process by scanning the forms and capturing the
enrollment data from scanned PDF files.
Which AWS service should the company use to build this process?
 A. Amazon Rekognition
 B. Amazon Textract Most Voted
 C. Amazon Transcribe
 D. Amazon Comprehend
Correct Answer: B
Question #211
Which AWS service should a company use to organize, characterize, and search large
numbers of images?
 A. Amazon Transcribe
 B. Amazon Rekognition Most Voted
 C. Amazon Aurora
 D. Amazon QuickSight
Correct Answer: B
Question #212
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2
instances based on CPU utilization.
Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve
this goal?
 A. Amazon Simple Queue Service (Amazon SQS)

 B. Amazon Simple Notification Service (Amazon SNS)
 C. AWS Systems Manager
 D. Amazon CloudWatch alarm Most Voted
Correct Answer: B
Question #213
A company wants to host a private version control system for its application code in the AWS
Cloud.
 A. AWS CodePipeline
 B. AWS CodeStar
 C. AWS CodeCommit Most Voted
 D. AWS CodeDeploy
Correct Answer: C
Question #214
Which AWS service or tool can a company set up to send notifications that a custom
spending threshold has been reached or exceeded?
 A. AWS Budgets Most Voted

 C. AWS CloudTrail
 D. AWS Support
Correct Answer: A
Question #215
Which AWS service is used to host static websites?
 A. Amazon S3 Most Voted

 B. Amazon Elastic Block Store (Amazon EBS)
 C. AWS CloudFormation
Correct Answer: A
Question #216
Which AWS service contains built-in engines to protect web applications that run in the
cloud from SQL injection attacks and cross-site scripting?
 A. AWS WAF Most Voted
 B. AWS Shield Advanced
 D. Amazon Detective
Correct Answer: A
Question #217
A company owns per-core software licenses.

Which Amazon EC2 instance purchasing option must the company use for this license type?
 A. Reserved Instances
 B. Dedicated Hosts Most Voted
 C. Spot Instances
 D. Dedicated Instances
Correct Answer: A
Question #218
A company needs to set up user authentication for a new application. Users must be able to
sign in directly with a user name and password, or through a third- party provider.
 A. AWS Single Sign-On

 B. AWS Signer
 C. Amazon Cognito Most Voted
 D. AWS Directory Service
Correct Answer: C
Question #219
A company's IT team is managing MySQL database server clusters. The IT team has to patch
the database and take backup snapshots of the data in the clusters.
The company wants to move this workload to AWS so that these tasks will be completed
automatically.
What should the company do to meet these requirements?
 A. Deploy MySQL database server clusters on Amazon EC2 instances.

 B. Use Amazon RDS with a MySQL database. Most Voted
 C. Use an AWS CloudFormation template to deploy MySQL database servers on
 D. Migrate all the MySQL database data to Amazon S3.
Correct Answer: B
Question #220
What is the primary use case for Amazon GuardDuty?
 A. Prevention of DDoS attacks

 B. Protection against SQL injection attacks
 C. Automatic monitoring for threats to AWS workloads Most Voted
 D. Automatic provisioning of AWS resources
Correct Answer: C
Question #221
Which statements explain the business value of migration to the AWS Cloud? (Choose two.)
 A. The migration of enterprise applications to the AWS Cloud makes these

applications automatically available on mobile devices.
 B. AWS availability and security provide the ability to improve service level
agreements (SLAs) while reducing risk and unplanned downtime. Most Voted
 C. Companies that migrate to the AWS Cloud eliminate the need to plan for high
availability and disaster recovery.
 D. Companies that migrate to the AWS Cloud reduce IT costs related to
infrastructure, freeing budget for reinvestment in other areas. Most Voted
 E. Applications are modernized because migration to the AWS Cloud requires
companies to rearchitect and rewrite all enterprise applications.
Correct Answer: CD
Question #222
A company needs to identify personally identifiable information (PII), such as credit card
numbers, from data that is stored in Amazon S3.
 B. AWS Shield
 D. Amazon Macie Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/macie/
Question #223
Which AWS services or tools are designed to protect a workload from SQL injections, cross-
site scripting, and DDoS attacks? (Choose two.)
 A. VPC endpoint
 B. Virtual private gateway
 C. AWS Shield Standard Most Voted
 D. AWS Config
 E. AWS WAF Most Voted
Correct Answer: C
Reference:
https://aws.amazon.com/waf/
https://aws.amazon.com/shield/?whats-new-cards.sort-
by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc
Question #224
A company wants to forecast future costs and usage of AWS resources based on past
consumption.
Which AWS service or tool will provide this forecast?
 A. AWS Cost and Usage Report

 B. Amazon Forecast
 C. AWS Pricing Calculator
 D. Cost Explorer Most Voted
Correct Answer: D
Reference:
https://docs.aws.amazon.com/cost-management/latest/userguide/ce-forecast.html
Question #225
Which AWS services use cloud-native storage that provides replication across multiple
Availability Zones by default? (Choose two.)
 A. Amazon ElastiCache
 B. Amazon RDS for Oracle Most Voted
 C. Amazon Neptune Most Voted Most Voted
 D. Amazon DocumentDB (with MongoDB compatibility) Most Voted
 E. Amazon Redshift Most Voted Most Voted
Correct Answer: CD
Reference:
https://docs.aws.amazon.com/documentdb/latest/developerguide/replication.html
https://docs.aws.amazon.com/neptune/latest/userguide/feature-overview-storage.html
Question #226
Which AWS services are serverless? (Choose two.)
 A. AWS Fargate Most Voted

 B. Amazon Managed Streaming for Apache Kafka
 C. Amazon EMR
 D. Amazon S3 Most Voted
 E. Amazon EC2
Correct Answer: AD
Reference:
https://aws.amazon.com/serverless/?nc2=h_ql_prod_serv_s
Question #227
Which task is the responsibility of AWS, according to the AWS shared responsibility model?
 A. Apply guest operating system patches to Amazon EC2 instances.

 B. Provide monitoring of human resources information management (HRIM) systems.
 C. Perform automated backups of Amazon RDS instances. Most Voted
 D. Optimize the costs of running AWS services.
Correct Answer: C
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html
Question #228
A company needs to deploy a PostgreSQL database into Amazon RDS. The database must be
highly available and fault tolerant.
Which AWS solution should the company use to meet these requirements?
 A. Amazon RDS with a single Availability Zone

 B. Amazon RDS snapshots
 C. Amazon RDS with multiple Availability Zones Most Voted
 D. AWS Database Migration Service (AWS DMS)
Correct Answer: C
Reference:
https://aws.amazon.com/rds/features/multi-az/
Question #229
A company wants to add facial identification to its user verification process on an

application.
 A. Amazon Polly
 B. Amazon Transcribe
 C. Amazon Lex
 D. Amazon Rekognition Most Voted
Correct Answer: D
Question #230
A company wants the ability to quickly upload its applications to the AWS Cloud without
needing to provision underlying resources.
 A. AWS CloudFormation
 B. AWS Elastic Beanstalk Most Voted
 C. AWS CodeDeploy
 D. AWS CodeCommit
Correct Answer: B
Question #231
Which AWS service monitors CPU utilization on Amazon EC2 instances?
 A. AWS CloudTrail
 C. AWS Config
 D. Amazon CloudWatch Most Voted
Correct Answer: D
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-cloudwatch.html
Question #232
A company needs to label its AWS resources so that the company can categorize and track
costs.
What should the company do to meet this requirement?
 A. Use cost allocation tags. Most Voted

 B. Use AWS Identity and Access Management (IAM).
 C. Use AWS Organizations.
 D. Use the AWS Cost Management coverage report.
Correct Answer: A
Reference:
https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html
Question #233
A company wants its employees to have access to virtual desktop infrastructure to securely
access company-provided desktops through the employees' personal devices.
 A. Amazon AppStream 2.0

 B. AWS AppSync
 C. Amazon FSx for Windows File Server
 D. Amazon WorkSpaces Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/workspaces/
Question #234
Which task can a company complete by using AWS Organizations?
 A. Track application deployment statuses globally.

 B. Remove unused and underutilized AWS resources across all accounts.
 C. Activate DDoS protection across all accounts.
 D. Share pre-purchased Amazon EC2 resources across accounts. Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/organizations/
https://docs.aws.amazon.com/ram/latest/userguide/shareable.html

D (78%)
B (22%)
Question #235
A user has been granted permission to change their own IAM user password.
Which AWS services can the user use to change the password? (Choose two.)
 A. AWS Command Line Interface (AWS CLI) Most Voted

 B. AWS Key Management Service (AWS KMS)
 C. AWS Management Console Most Voted
 D. AWS Resource Access Manager (AWS RAM)
 E. AWS Secrets Manager
Correct Answer: AC
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_user-change-
own.html
Question #236
A company needs to run an application on Amazon EC2 instances. The instances cannot be
interrupted at any time. The company needs an instance purchasing option that requires no
long-term commitment or upfront payment.
Which instance purchasing option will meet these requirements MOST cost-effectively?
 A. On-Demand Instances Most Voted

 B. Spot Instances
 C. Dedicated Hosts
 D. Reserved Instances
Correct Answer: A
Reference:
https://aws.amazon.com/ec2/pricing/
Question #237
A company uses Amazon EC2 instances to run its web application. The company uses On-
Demand Instances and Spot Instances. The company needs to visualize its monthly spending
on both types of instances.
Which AWS service or feature will meet this requirement?
 A. AWS Cost Explorer Most Voted

 B. AWS Budgets
 D. AWS Cost Categories
Correct Answer: A
Reference:
https://aws.amazon.com/aws-cost-management/aws-cost-explorer/
Question #238
Which task can a user complete by using AWS Identity and Access Management (IAM)?
 A. Validate JSON syntax from an application configuration file.

 B. Analyze logs from an Amazon API Gateway call.
 C. Filter traffic to or from an Amazon EC2 instance.
 D. Grant permissions to applications that run on Amazon EC2 instances. Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/iam/#:~:text=With%20AWS%20Identity%20and%20Access,to
%20refine%20permissions%20across%20AWS
Question #239
A company needs to generate reports for business intelligence and operational analytics on
petabytes of semistructured and structured data. These reports are produced from standard
SQL queries on data that is in an Amazon S3 data lake.
Which AWS service provides the ability to analyze this data?
 A. Amazon RDS
 B. Amazon Neptune
 C. Amazon DynamoDB
 D. Amazon Redshift Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/data-warehouse/
Question #240
A system automatically recovers from failure when a company launches its workload on the
AWS Cloud services platform.
Which pillar of the AWS Well-Architected Framework does this situation demonstrate?
Correct Answer: D
Question #241
Which of the following describes AWS Local Zones?
 A. A cluster of data centers in one geographic location

 B. A site used by Amazon CloudFront to cache frequently accessed content
 C. An extension of an AWS Region to more granular locations Most Voted
 D. One or more data centers with redundant power and networking
Correct Answer: C
Reference:
https://aws.amazon.com/about-aws/global-infrastructure/localzones/faqs/
Question #242
A retail company is migrating its IT infrastructure applications from on premises to the AWS
Cloud.
Which costs will the company eliminate with this migration? (Choose two.)
 A. Cost of data center operations Most Voted

 B. Cost of application licensing
 C. Cost of marketing campaigns
 D. Cost of physical server hardware Most Voted Most Voted
 E. Cost of network management Most Voted
Correct Answer: AD
Reference:
computing.html
Question #243
What is a benefit of moving to the AWS Cloud in terms of improving time to market?
 A. Decreased deployment speed

 B. Increased application security
 C. Increased business agility Most Voted
 D. Increased backup capabilities
Correct Answer: C
Reference:
computing.html
Question #244
Which of the following are characteristics of a serverless application that runs in the AWS
Cloud? (Choose two.)
 A. Users must manually configure Amazon EC2 instances.

 B. Users have a choice of operating systems.
 C. The application has built-in fault tolerance. Most Voted
 D. Users can run Amazon EC2 Spot Instances.
 E. The application can scale based on demand. Most Voted
Correct Answer: CE
Reference:
https://aws.amazon.com/serverless/#:~:text=Serverless%20on%20AWS&text=AWS
%20offers%20technologies%20for%20running,increase%20agility%20and%
20optimize%20costs
Question #245
A company has existing software licenses that it wants to bring to AWS, but the licensing
model requires licensing physical cores.
How can the company meet this requirement in the AWS Cloud?
 A. Launch an Amazon EC2 instance with default tenancy.

 B. Launch an Amazon EC2 instance on a Dedicated Host. Most Voted
 C. Create an On-Demand Capacity Reservation.
 D. Purchase Dedicated Reserved Instances.
Correct Answer: B
Reference:
https://aws.amazon.com/ec2/dedicated-hosts/
Question #246
A company has a complex AWS architecture. The company needs assistance from a
dedicated technical professional who can suggest strategies regarding incidents, trade-offs,
support, and risk management.
Which AWS Support plan will provide the required support?
 A. AWS Business Support

 B. AWS Enterprise Support Most Voted
 C. AWS Developer Support
 D. AWS Basic Support
Correct Answer: A
Reference:
https://aws.amazon.com/premiumsupport/plans/
Question #247
Which of the following is an advantage that the AWS Cloud provides to users?
 A. Users eliminate the need to guess about infrastructure capacity requirements. Most
Voted
 B. Users decrease their variable costs by maintaining sole ownership of IT hardware.
 C. Users maintain control of underlying IT infrastructure hardware.
 D. Users maintain control of operating systems for managed services.
Correct Answer: A
Reference:
computing.html
Question #248
Which AWS services can use AWS WAF to protect against common web exploitations?
(Choose two.)
 A. Amazon Route 53
 B. Amazon CloudFront Most Voted
 C. AWS Transfer Family
 D. AWS Site-to-Site VPN
 E. Amazon API Gateway Most Voted
Correct Answer: BE
Reference:
https://aws.amazon.com/waf/faqs/#:~:text=AWS%20WAF%20can%20be
%20deployed,content%20at%20the%20Edge%20locations
Question #249
Which controls are shared under the AWS shared responsibility model? (Choose two.)
 A. Awareness and training Most Voted

 B. Patching of Amazon RDS
 C. Configuration management Most Voted
 D. Physical and environmental controls
 E. Service and communications protection or security
Correct Answer: AC
Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/
Question #250
A company manages global applications that require static IP addresses.

Which AWS service would enable the company to improve the availability and performance
of its applications?
 A. Amazon CloudFront
 B. AWS Global Accelerator Most Voted
 C. Amazon S3 Transfer Acceleration
 D. Amazon API Gateway
Correct Answer: B
Question #251
Which of the following are AWS compute services? (Choose two.)
 A. Amazon Lightsail Most Voted

 C. AWS CloudFormation
 D. AWS Batch Most Voted
 E. Amazon Inspector
Correct Answer: AD
Reference:
https://aws.amazon.com/products/compute/
Question #252
A company needs to report on events that involve the specific AWS services that the
company uses.
Which AWS service or resource can the company use with Amazon CloudWatch to meet this
requirement?
 B. AWS Personal Health Dashboard
 D. AWS CloudTrail logs Most Voted
Correct Answer: D
Reference:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-examples.html
Question #253
A company with AWS Enterprise Support needs help understanding its monthly AWS bill
and wants to implement billing best practices.
Which AWS tool or resource is available to accomplish these goals?
 A. Resource tagging
 B. AWS Concierge Support team Most Voted
 C. AWS Abuse team
 D. AWS Support
Correct Answer: B
Reference:
https://aws.amazon.com/premiumsupport/plans/enterprise/
Question #254
Which of the following is an AWS key-value database offering consistent single-digit

millisecond performance at any scale?
 A. Amazon RDS
 B. Amazon Aurora
 C. Amazon DynamoDB Most Voted
Correct Answer: C
Reference:
https://aws.amazon.com/dynamodb/
Question #255
A company is developing a new Node.js application. The application must have a scalable
NoSQL database to meet increasing demand as the popularity of the application grows.
Which AWS service will meet the requirements for the database?
 A. Amazon Aurora Serverless

 B. Amazon ElastiCache
 C. Amazon DynamoDB Most Voted
Correct Answer: C
Reference:
https://aws.amazon.com/dynamodb/
Question #256
A company wants to set up an entire development and continuous delivery toolchain for
coding, building, testing, and deploying code.
 A. Amazon CodeGuru
 B. AWS CodeStar Most Voted
Correct Answer: B
Question #257
Which service enables customers to audit API calls in their AWS accounts?
 A. AWS CloudTrail Most Voted

 D. AWS X-Ray
Correct Answer: A
Reference:
https://docs.aws.amazon.com/audit-manager/latest/userguide/logging-using-cloudtrail.html
Question #258
A company is moving its office and must establish an encrypted connection to AWS.
Which AWS service will help meet this requirement?
 A. AWS VPN Most Voted

 B. Amazon Route 53
 C. Amazon API Gateway
Correct Answer: A
Reference:
https://aws.amazon.com/vpn/
Question #259
A company needs steady and predictable performance from its Amazon EC2 instances at the
lowest possible cost. The company also needs the ability to scale resources to ensure that it
has the right resources available at the right time.
Which AWS service or resource will meet these requirements?
 A. Amazon CloudWatch
 B. Application Load Balancer
 C. AWS Batch
 D. Amazon EC2 Auto Scaling Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/autoscaling/
Question #260
Which action will provide documentation to help a company evaluate whether its use of the
AWS Cloud is compliant with local regulatory standards?
 A. Running Amazon GuardDuty

 B. Using AWS Artifact Most Voted
 C. Creating an AWS Support ticket
 D. Evaluating AWS CloudTrail logs
Correct Answer: B
Question #261
A company wants a cost-effective option when running its applications in an Amazon EC2
instance for short time periods. The applications can be interrupted.
Which EC2 instance type will meet these requirements?
 A. Spot Instances Most Voted

 B. On-Demand Instances
 C. Reserved Instances
 D. Dedicated Instances
Correct Answer: A
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html
Question #262
A retail company is building a new mobile app. The company is evaluating whether to build
the app at an on-premises data center or in the AWS Cloud.
Which of the following are benefits of building this app in the AWS Cloud? (Choose two.)
 A. A large, upfront capital expense and low variable expenses

 B. Increased speed for trying out new projects Most Voted
 C. Complete control over the physical security of the infrastructure
 D. Flexibility to scale up in minutes as the application becomes popular Most Voted
 E. Ability to pick the specific data centers that will host the application servers
Correct Answer: BD
Reference:
computing.html
Question #263
A developer is working on enhancing applications at AWS. The developer needs a service

that can securely host GitHub-based code, repositories, and version controls.
Which AWS service should the developer use?
 A. AWS CodeStar
 B. Amazon CodeGuru
 C. AWS CodeCommit Most Voted
 D. AWS CodePipeline
Correct Answer: C
Reference:
https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html
Question #264
What is an AWS Region?

 A. A broad set of global, cloud-based products that include compute, storage, and
databases
 B. A physical location around the world where data centers are clustered Most Voted
 C. One or more discrete data centers with redundant power, networking, and
connectivity
 D. A service that developers use to build applications that deliver latencies of single-
digit milliseconds to users
Correct Answer: B
Reference:
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Question #265
Which AWS benefit enables users to deploy cloud infrastructure that consists of multiple
geographic regions connected by a network with low latency, high throughput, and
redundancy?
 A. Economies of scale
 B. Security
 C. Elasticity
 D. Global reach Most Voted
Correct Answer: D
Reference:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/global-infrastructure.html
Question #266
A company is considering a migration from on premises to the AWS Cloud. The company's
IT team needs to offload support of the workload.
What should the IT team do to accomplish this goal?
 A. Use AWS Managed Services to provision, run, and support the company
infrastructure. Most Voted
 B. Build hardware refreshes into the operational calendar to ensure availability.
 C. Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 instances.
 D. Overprovision compute capacity for seasonal events and traffic spikes to prevent
downtime.
Correct Answer: A
Reference:
https://docs.aws.amazon.com/managedservices/latest/userguide/what-is-ams.html
Question #267
What is a benefit of using AWS serverless computing?
 A. Application deployment and management are not required.

 B. Application security will be fully managed by AWS.
 C. Monitoring and logging are not needed.
 D. Management of infrastructure is offloaded to AWS. Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/serverless/
Question #268
A company plans to launch an application that will run in multiple locations within the
United States. The company needs to identify the two AWS Regions where the application
can operate at the lowest price.
Which AWS service or feature should the company use to determine the Regions that offer
the lowest price?
 A. Cost Explorer
 B. AWS Budgets
 D. AWS Pricing Calculator Most Voted
Correct Answer: D
The other three options help with post deployment in AWS cloud.
Reference:
https://calculator.aws/#/
Question #269
Which approach will enhance a user's security on AWS?
 A. Use Multi-AZ deployments with Amazon RDS.

 B. Create a hybrid architecture by using AWS Direct Connect.
 C. Monitor application-specific information with AWS X-Ray.
 D. Encrypt data by using AWS Key Management Service (AWS KMS). Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/kms/features/
Question #270
Which AWS service or tool is associated with an Amazon EC2 instance and acts as a virtual
firewall to control inbound and outbound traffic?
 A. AWS WAF
 B. AWS Shield
 C. Network access control list (ACL)
 D. Security group Most Voted
Correct Answer: D
Question #271
A company wants to migrate its on-premises Microsoft SQL Server database server to the
AWS Cloud. The company has decided to use Amazon EC2 instances to run this database.
Which of the following is the company responsible for managing, according to the AWS
shared responsibility model?
 A. EC2 hypervisor
 B. Security patching of the guest operating system Most Voted
 C. Network connectivity of the host server
 D. Uptime service level agreement (SLA) for the EC2 instances
Correct Answer: B
Reference:
Question #272
A developer wants to deploy an application on a container-based service. The service must

automatically provision and manage the backend instances. The service must provision only
the necessary resources.
 A. Amazon EC2
 C. Amazon Elastic Kubernetes Service (Amazon EKS) Most Voted
 D. AWS Fargate Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/fargate/
Question #273
Which tasks require use of the AWS account root user? (Choose two.)
 A. Changing an AWS Support plan Most Voted

 B. Modifying an Amazon EC2 instance type
 C. Grouping resources in AWS Systems Manager
 D. Running applications in Amazon Elastic Kubernetes Service (Amazon EKS)
 E. Closing an AWS account Most Voted
Correct Answer: AE
Reference:
https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html
Question #274
Which AWS service enables the decoupling and scaling of applications?

 A. Amazon Simple Queue Service (Amazon SQS) Most Voted
 B. AWS Outposts
 C. Amazon S3
 D. Amazon Simple Email Service (Amazon SES)
Correct Answer: A
Reference:
https://aws.amazon.com/sqs/#:~:text=Amazon%20Simple%20Queue%20Service
%20(SQS,distributed%20systems%2C%20and%20serverless%
20applications
Question #275
Which of the following describes some of the core functionality of Amazon S3?
 A. Amazon S3 is a high-performance block storage service that is designed for use

with Amazon EC2.
 B. Amazon S3 is an object storage service that provides high-level performance,
security, scalability, and data availability. Most Voted
 C. Amazon S3 is a fully managed, highly reliable, and scalable file storage system
that is accessible over the industry-standard SMB protocol.
 D. Amazon S3 is a scalable, fully managed elastic NFS for use with AWS Cloud
services and on-premises resources.
Correct Answer: A
Question #276
How does consolidated billing help reduce costs for a company that has multiple AWS
accounts?
 A. It aggregates usage across accounts so that the company can reach volume discount
thresholds sooner. Most Voted
 B. It offers an additional 5% discount on purchases of All Upfront Reserved
Instances.
 C. It provides a simplified billing invoice that the company can process more quickly
than a standard invoice.
 D. It gives AWS resellers the ability to bill their customers for usage.
Correct Answer: A
Reference:
https://aws.amazon.com/about-aws/whats-new/2010/02/09/announcing-consolidated-billing-
for-aws-accounts/#:~:text=Consolidated%20Billing%
20enables%20you%20to,associated%20with%20your%20paying%20account
Question #277
A company wants to secure its consumer web application by using SSL/TLS to encrypt
traffic.
Which AWS service can the company use to meet this goal?
 A. AWS WAF Most Voted
 B. AWS Shield
 C. Amazon VPC
 D. AWS Certificate Manager (ACM) Most Voted
Correct Answer: D
Reference:
https://aws.amazon.com/certificate-manager/
Question #278
Which of the following are advantages of moving to the AWS Cloud? (Choose two.)
 A. Users can implement all AWS services in seconds.

 B. AWS assumes all responsibility for the security of infrastructure and applications.
 C. Users experience increased speed and agility. Most Voted
 D. Users benefit from massive economies of scale. Most Voted
 E. Users can move hardware from their data center to the AWS Cloud.
Correct Answer: CD
Reference:
computing.html
Question #279
A company stores configuration files in an Amazon S3 bucket. These configuration files must
be accessed by applications that are running on Amazon EC2 instances.
According to AWS security best practices, how should the company grant permissions to
allow the applications for access the S3 bucket?
 A. Use the AWS account root user access keys.

 B. Use the AWS access key ID and the EC2 secret access key.
 C. Use an IAM role with the necessary permissions. Most Voted
 D. Activate multi-factor authentication (MFA) and versioning on the S3 bucket.
Correct Answer: C
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
Question #280
A company needs an AWS service that will continuously monitor the company's AWS
account for suspicious activity. The service must have the ability to initiate automated actions
against threats that are identified in the security findings.
Which service will meet these requirements?

 B. Amazon Detective
 D. Amazon GuardDuty Most Voted
Correct Answer: D
Question #281
A company wants to analyze streaming user data and respond to customer queries in real
time.
Which AWS service can meet these requirements?
 A. Amazon QuickSight
 B. Amazon Redshift
 C. Amazon Kinesis Data Analytics Most Voted
 D. AWS Data Pipeline
Correct Answer: C
Reference:
https://aws.amazon.com/kinesis/data-analytics/
Question #282
Who can create and manage access keys for an AWS account root user?
 A. The AWS account owner Most Voted

 B. An IAM user that has administrator permissions
 C. IAM users within a designated group
 D. An IAM user that has the required role
Correct Answer: A
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
Question #283
Which AWS service can help a company detect an outage of its website servers and redirect
users to alternate servers?
 A. Amazon CloudFront
 B. Amazon GuardDuty
 C. Amazon Route 53 Most Voted
Correct Answer: C
Reference:
https://aws.amazon.com/about-aws/whats-new/2013/02/11/announcing-dns-failover-for-
route-53/
Question #284
A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2
instances, and Amazon RDS.
Which security measures fall under the responsibility of AWS? (Choose two.)
 A. Running a virus scan on EC2 instances

 B. Protecting against IP spoofing and packet sniffing Most Voted
 C. Installing the latest security patches on the RDS instance Most Voted
 D. Encrypting communication between the EC2 instances and the Elastic Load
Balancer
 E. Configuring a security group and a network access control list (NACL) for EC2
instances
Correct Answer: BC
Reference:
https://docs.aws.amazon.com/acm/latest/userguide/data-protection.html
Question #285
Which of the following is an AWS Well-Architected Framework design principle for

operational excellence in the AWS Cloud?
 A. Go global in minutes.
 B. Make frequent, small, reversible changes. Most Voted
 C. Implement a strong foundation of identity and access management.
 D. Stop spending money on hardware infrastructure for data center operations.
Correct Answer: B
Reference:
https://aws.amazon.com/architecture/well-architected/
Question #286
Which AWS service provides intelligent recommendations to improve code quality and
identify an application's most expensive lines of code?
 A. Amazon CodeGuru Most Voted

 B. AWS CodeStar
Correct Answer: A
Reference:
https://aws.amazon.com/codeguru/#:~:text=Amazon%20CodeGuru%20is%20a
%20developer,most%20expensive%20lines%20of%20code
Question #287
A company wants to expand from one AWS Region into a second AWS Region.
What does the company need to do to expand into the second Region?
 A. Contact an AWS account manager to sign a new contract.
 B. Move an Availability Zone to the second Region.
 C. Begin to deploy resources in the second Region. Most Voted
 D. Download the AWS Management Console for the second Region.
Correct Answer: C
Reference:
https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-region.html
Question #288
Which AWS service provides storage that can be mounted across multiple Amazon EC2
instances?
 A. Amazon WorkSpaces
 B. Amazon Elastic File System (Amazon EFS) Most Voted
 C. AWS Database Migration Service (AWS DMS)
Correct Answer: B
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html
Question #289
A company needs to deploy applications in the AWS Cloud as quickly as possible. The
company also needs to minimize the complexity that is related to the management of AWS
resources.
 A. AWS Config
 B. AWS Elastic Beanstalk Most Voted
 C. Amazon EC2
 D. Amazon Personalize
Correct Answer: B
Reference:
https://docs.aws.amazon.com/elastic-beanstalk/index.html
Question #290
A company has a set of databases that are stored on premises. The company wants to bring its
existing Microsoft SQL Server licenses when the company moves the databases to run on
Which EC2 instance purchasing option should the company use to meet these requirements?
 A. Dedicated Instances
 B. Reserved Instances
 C. Dedicated Hosts Most Voted
 D. Spot Instances
Correct Answer: A
Question #291
Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in
the AWS Cloud?
 A. Scale the number of EC2 instances in or out automatically, based on demand. Most
Voted
 B. Use serverless EC2 instances.
 C. Scale the size of EC2 instances up or down automatically, based on demand.
 D. Transfer unused CPU resources between EC2 instances.
Correct Answer: A
Reference:
https://aws.amazon.com/ec2/autoscaling/faqs/
Question #292
A company discovered unauthorized access to resources in its on-premises data center. Upon
investigation, the company found that the requests originated from a resource hosted on
AWS.
Which AWS team should the company contact to report this issue?
 A. AWS Customer Service team

 B. AWS Sales team
 C. AWS Abuse team Most Voted
 D. AWS Technical Support team
Correct Answer: C
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/
Question #293
Which of the following are aspects of the AWS shared responsibility model? (Choose two.)
 A. Configuration management of infrastructure devices is the customer's

responsibility.
 B. For Amazon S3, AWS operates the infrastructure layer, the operating systems, and
the platforms. Most Voted
 C. AWS is responsible for protecting the physical cloud infrastructure. Most Voted
 D. AWS is responsible for training the customer's employees on AWS products and
services.
 E. For Amazon EC2, AWS is responsible for maintaining the guest operating system.
Correct Answer: BC
Question #294
A company needs real-time guidance to follow AWS best practices to save money, improve
system performance, and close security gaps.
Which AWS service should the company use?
 B. AWS Trusted Advisor Most Voted
 C. AWS Management Console
 D. AWS Systems Manager
Correct Answer: B
Question #295
A company wants to organize its users so that the company can grant permissions to the users
as a group.
Which AWS service or tool can the company use to meet this requirement?
 A. Security groups
 B. AWS Identity and Access Management (IAM) Most Voted
 C. Resource groups
 D. AWS Security Hub
Correct Answer: B
Question #296
A company runs applications that process credit card information. Auditors have asked if the
AWS environment has changed since the previous audit. If the AWS environment has
changed, the auditors want to know how it has changed.
Which AWS services can provide this information? (Choose two.)
 A. AWS Artifact
 C. AWS Config Most Voted
 D. AWS CloudTrail Most Voted
 E. AWS Identity and Access Management (IAM)
Correct Answer: CD
Question #297
A company wants to use a template to reliably provision, manage, and update its
infrastructure in the AWS Cloud.
 A. AWS Lambda
 B. AWS CloudFormation Most Voted
 C. AWS Fargate
Correct Answer: B
Question #298
A company is reviewing the current costs of running its own infrastructure on premises. The
company wants to compare these on-premises costs to the costs of running infrastructure in
the AWS Cloud.
How should the company make this comparison?
 A. Review the AWS shared responsibility model.

 B. Audit existing software and hardware licensing costs.
 C. Analyze the AWS Well-Architected Framework.
 D. Use Migration Evaluator. Most Voted
Correct Answer: D
Question #299
A company needs a low-code, visual workflow service that developers can use to build
distributed applications.
Which AWS service is designed to meet these requirements?
 A. AWS Step Functions Most Voted

 B. AWS Config
 C. AWS Lambda
 D. Amazon CloudWatch
Correct Answer: A
Question #300
A company wants to accelerate migration from its data center to the AWS Cloud.
Which combination of AWS services should the company use to meet this requirement?
(Choose two.)
 A. Amazon Connect
 B. AWS Direct Connect Most Voted
 C. AWS Server Migration Service (AWS SMS) Most Voted
 D. Amazon Route 53
 E. AWS Organizations
Correct Answer: BC

DUMPS1

Uploaded by

Copyright:

Available Formats

DUMPS1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

DUMPS1

Uploaded by

Copyright:

Available Formats

Question #1

 A. AWS Auto Scaling

 A. Operational resilience Most Voted

 A. AWS Systems Manager

 A. Security inside of code Most Voted

 A. Elimination of the need to perform security auditing

 A. AWS Trusted Advisor

 A. Amazon EC2 On-Demand Instances

 A. AWS Management Console

A company plans to create a data lake that uses Amazon S3.

 A. The selection of S3 storage tiers Most Voted

A company is launching an ecommerce application that must always be available. The

 A. Cost allocation tags Most Voted

 A. AWS Trusted Advisor

Community vote distribution

Which documentation does AWS Artifact provide?

 A. Amazon EC2 terms and conditions

Which task requires using AWS account root user credentials?

 A. Viewing billing information

A company needs to simultaneously process hundreds of requests from different users.

What is the scope of a VPC within the AWS network?

 A. A VPC can span all Availability Zones globally.

 A. AWS Storage Gateway

 A. AWS Client VPN

 A. Manage connections to the database Most Voted

 A. EC2 includes operating system patch management.

 A. AWS resources do not incur costs

 A. Scale vertically to a larger EC2 instance size.

 A. AWS technical account manager (TAM) Most Voted

 A. AWS Identity and Access Management (IAM)

 A. Business agility Most Voted

 A. AWS management of user-owned infrastructure

 A. Launch globally in minutes

 A. Standard Reserved Instances Most Voted

A company is developing a mobile app that needs a high-performance NoSQL database.

 A. Patch the Amazon EC2 guest operating system.

 A. They are stateless. Most Voted

 A. AWS Basic Support

 A. Use a monolithic design.

Which AWS services are managed database services? (Choose two.)

 A. Amazon Elastic Block Store (Amazon EBS)

 A. AWS Service Catalog

 A. AWS Direct Connect

 A. AWS Abuse team

 A. AWS Systems Manager

 A. AWS Organizations Most Voted

 A. Physical and environmental controls

 A. Server access logging

Which AWS service uses edge locations?

 A. AWS Fargate Most Voted

 A. AWS Systems Manager

 A. AWS Pricing Calculator Most Voted

 A. Amazon Elastic Block Store (Amazon EBS)

 A. Amazon Polly Most Voted

 A. VPC Flow Logs Most Voted

 A. Objects; access control lists (ACLs)

 A. Use Amazon EC2 Instance Connect. Most Voted

What is the total amount of storage offered by Amazon S3?

What type of database is Amazon DynamoDB?

A large organization has a single AWS account.