aws-certified-cloud-practitioner_6

We recommend you to try the PREMIUM AWS-Certified-Cloud-Practitioner Dumps From Exambible
https://www.exambible.com/AWS-Certified-Cloud-Practitioner-exam/ (370 Q&As)
Amazon
Exam Questions AWS-Certified-Cloud-Practitioner
Amazon AWS Certified Cloud Practitioner
Your Partner of IT Exam visit - https://www.exambible.com

About Exambible
Your Partner of IT Exam
Found in 1998
Exambible is a company specialized on providing high quality IT exam practice study materials, especially Cisco CCNA, CCDA,
CCNP, CCIE, Checkpoint CCSE, CompTIA A+, Network+ certification practice exams and so on. We guarantee that the
candidates will not only pass any IT exam at the first attempt but also get profound understanding about the certificates they have
got. There are so many alike companies in this industry, however, Exambible has its unique advantages that other companies could
not achieve.
Our Advances
* 99.9% Uptime
All examinations will be up to date.
* 24/7 Quality Support
We will provide service round the clock.
* 100% Pass Rate
Our guarantee that you will pass the exam.
* Unique Gurantee
If you do not pass the exam at the first time, we will not only arrange FULL REFUND for you, but also provide you another
exam of your claim, ABSOLUTELY FREE!

NEW QUESTION 1
- (Topic 2)
A company needs Amazon EC2 instances for a workload that can tolerate interruptions.
Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-Demand prices?
A. Spot Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Dedicated Hosts
Answer: A
Explanation:
Spot Instances are spare Amazon EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for workloads that
can tolerate interruptions, such as batch processing, data analysis, and testing. Spot Instances are allocated based on the current supply and demand, and can be
reclaimed by AWS with a two-minute notice when the demand exceeds the supply5. Convertible Reserved Instances are a type of Reserved Instances that provide
a significant discount (up to 54%) compared to On-Demand prices and a capacity reservation for Amazon EC2 instances. They are available in 1-year or 3-year
terms and allow users to change the instance family, size, operating system, or tenancy during the term. Standard Reserved Instances are another type of
Reserved Instances that provide a larger discount (up to 75%) compared to On-Demand prices and a capacity reservation for Amazon EC2 instances. They are
available in 1-year or 3-year terms and do not allow users to change the instance attributes during the term. Dedicated Hosts are physical servers with Amazon
EC2 instance capacity fully dedicated to the user’s use. They are suitable for users who have specific server- bound software licenses or compliance
requirements.
NEW QUESTION 2
- (Topic 2)
Which AWS service provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning (ML)?
A. Amazon Kendra
B. Amazon SageMaker
C. Amazon Augmented Al (Amazon A2I)
D. Amazon Polly
Answer: A
Explanation:
Amazon Kendra is a service that provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning. Kendra delivers
powerful natural language search capabilities to your websites and applications so your end users can more easily find the information they need within the vast
amount of content spread across your company. Amazon SageMaker is a service that provides a fully managed platform for data scientists and developers to
quickly and easily build, train, and deploy machine learning models at any scale. Amazon Augmented AI (Amazon A2I) is a service that makes it easy to build the
workflows required for human review of ML predictions. Amazon A2I brings human review to all developers, removing the undifferentiated heavy lifting associated
with building human review systems or managing large numbers of human reviewers. Amazon Polly is a service that turns text into lifelike speech, allowing you to
create applications that talk, and build entirely new categories of speech-enabled
products. None of these services provide an enterprise search service that is powered by machine learning.
NEW QUESTION 3
- (Topic 2)
A company wants to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud.
Which AWS service should the company use to reduce management overhead for this environment?
A. Amazon Elastic Container Service (Amazon ECS)

B. Amazon SageMaker
C. Amazon RDS
D. Amazon Athena
Answer: C
Explanation:
Amazon Relational Database Service (Amazon RDS) is the AWS service that the company should use to migrate its Microsoft SQL Server database management
system from on premises to the AWS Cloud. Amazon RDS is a fully managed service that provides a scalable, secure, and high-performance relational database
platform. Amazon RDS supports several database engines, including Microsoft SQL Server. Amazon RDS reduces the management overhead for the database
environment by taking care of tasks such as provisioning, patching, backup, recovery, and monitoring. For more information, see What is Amazon Relational
Database Service (Amazon RDS)? and Amazon RDS for SQL Server.
NEW QUESTION 4
- (Topic 2)
A company wants an in-memory data store that is compatible with open source in the cloud.
Which AWS service should the company use?
A. Amazon DynamoDB
B. Amazon ElastiCache
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon Redshift
Answer: B
Explanation:
Amazon ElastiCache is a fully managed in-memory data store service that is compatible with open source engines such as Redis and Memcached1. It provides
fast and scalable performance for applications that require high throughput and low latency1. Amazon DynamoDB is a fully managed NoSQL database service that

provides consistent and single-digit millisecond latency at any scale2. Amazon EBS is a block storage service that provides persistent and durable storage
volumes for Amazon EC2 instances3. Amazon Redshift is a fully managed data warehouse service that allows users to run complex analytic queries using SQL4.
NEW QUESTION 5
- (Topic 2)
Which options are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
A. Sustainability
B. Security
C. Operations
D. Performance efficiency
E. Reliability
Answer: CD
Explanation:
The options that are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF) are operations and performance
efficiency. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the
cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective
is divided into capabilities, which are further divided into skills and responsibilities. The operations perspective focuses on the management and monitoring of the
cloud resources and applications, as well as the automation and optimization of the operational processes. The operations perspective capabilities are operations
support, operations integration, and service management. The performance efficiency perspective focuses on the selection and configuration of the right cloud
resources and services to meet the performance requirements of the applications, as well as the continuous improvement and innovation of the cloud solutions.
The performance efficiency perspective capabilities are selection, review, and monitoring. Sustainability, security, and reliability are not perspectives of the AWS
CAF, but they are aspects of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a guidance that helps users build and operate
secure, reliable, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars, which are operational excellence,
security, reliability, performance efficiency, and cost optimization. Sustainability is a cross-cutting theme that applies to all the pillars, and refers to the
environmental and social impact of the cloud solutions.
NEW QUESTION 6
- (Topic 2)
Which AWS service requires the customer to patch the guest operating system?
A. AWS Lambda
B. Amazon OpenSearch Service
C. Amazon EC2
D. Amazon ElastiCache
Answer: C
Explanation:
The AWS service that requires the customer to patch the guest operating system is Amazon EC2. Amazon EC2 is a service that provides scalable compute
capacity in the cloud, and allows customers to launch and run virtual servers, called instances, with a variety of operating systems, configurations, and
specifications. The customer is responsible for patching and updating the guest operating system and any applications that run on the EC2 instances, as part of
the security in the cloud. AWS Lambda, Amazon
OpenSearch Service, and Amazon ElastiCache are not services that require the customer to patch the guest operating system. AWS Lambda is a serverless
compute service that allows customers to run code without provisioning or managing servers. Amazon OpenSearch Service is a fully managed service that makes
it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Amazon ElastiCache is a fully managed service that provides in-memory data store
and cache solutions, such as Redis and Memcached. These services are managed by AWS, and AWS is responsible for patching and updating the underlying
infrastructure and software.
NEW QUESTION 7
- (Topic 1)
Which AWS service will help protect applications running on AWS from DDoS attacks?
A. Amazon GuardDuty
B. AWS WAF
C. AWS Shield
D. Amazon Inspector
Answer: C
Explanation:
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on
detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS
protection3.
NEW QUESTION 8
- (Topic 1)
Which statement describes a characteristic of the AWS global infrastructure?
A. Edge locations contain multiple AWS Regions.

B. AWS Regions contain multiple Regional edge caches.
C. Availability Zones contain multiple data centers.
D. Each data center contains multiple edge locations.
Answer: C
Explanation:

Availability Zones contain multiple data centers. This is a characteristic of the AWS global infrastructure, which consists of AWS Regions, Availability Zones, and
edge locations. AWS Regions are geographically isolated areas that contain multiple Availability Zones. Availability Zones are physically separate locations within
an AWS Region that are engineered to be isolated from failures and connected by low-latency, high- throughput, and highly redundant networking. Each
Availability Zone contains one or more data centers that house the servers and storage devices that run AWS services. Edge locations are sites that are located
closer to the end users and provide caching and content delivery services. AWS Global InfrastructureAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 9
- (Topic 1)
What is an Availability Zone?
A. A location where users can deploy compute, storage, database, and other select AWS serviceswhere no AWS Region currently exists
B. One or more discrete data centers with redundant power, networking, and connectivity
C. One or more clusters of servers where new workloads can be deployed
D. A fast content delivery network (CDN) service that securely delivers data, videos, applications, andAPIs to users globally
Answer: B
Explanation:
An Availability Zone is one or more discrete data centers with redundant power, networking, and connectivity. Availability Zones are part of the AWS global
infrastructure, which consists of AWS Regions, Availability Zones, and edge locations. Availability Zones are physically separate locations within an AWS Region
that are engineered to be isolated from failures and connected by low-latency, high-throughput, and highly redundant networking. Each Availability Zone contains
one or more data centers that house the servers and storage devices that run AWS services. Availability Zones enable users to design and operate fault-tolerant
and high-availability applications on AWS. AWS Global InfrastructureAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 10
- (Topic 1)
Which AWS Support plan assigns an AWS concierge agent to a company's account?
A. AWS Basic Support

B. AWS Developer Support
C. AWS Business Support
D. AWS Enterprise Support
Answer: D
Explanation:
AWS Enterprise Support is the AWS Support plan that assigns an AWS concierge agent to a company’s account. AWS Enterprise Support is the highest level of
support that AWS offers, and it provides the most comprehensive and personalized assistance. An AWS concierge agent is a dedicated technical account
manager who acts as a single point of contact for the company and helps to optimize the AWS environment, resolve issues, and access AWS experts. For more
information, see [AWS Support Plans] and [AWS Concierge Support].
NEW QUESTION 10
- (Topic 1)
A company recently migrated to the AWS Cloud. The company needs to determine whether its newly imported Amazon EC2 instances are the appropriate size
and type.
Which AWS services can provide this information to the company? {Select TWO.)
A. AWS Auto Scaling

B. AWS Control Tower
C. AWS Trusted Advisor
D. AWS Compute Optimizer
E. Amazon Forecast
Answer: CD
Explanation:
AWS Trusted Advisor and AWS Compute Optimizer are the AWS services that can provide information to the company about whether its newly imported Amazon
EC2 instances are the appropriate size and type. AWS Trusted Advisor is an online tool that provides best practices recommendations in five categories: cost
optimization, performance, security, fault tolerance, and service limits. AWS Trusted Advisor can help users identify underutilized or idle EC2 instances, and
suggest ways to reduce costs and improve performance. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of EC2
instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce
costs, and eliminate underutilized resources
NEW QUESTION 11
- (Topic 1)
A company wants to establish a security layer in its VPC that will act as a firewall to control subnet traffic.
Which AWS service or feature will meet this requirement?
A. Routing tables
B. Network access control lists (network ACLs)
C. Security groups
D. Amazon GuardDuty
Answer: C
Explanation:
Security groups are the service or feature that meets the requirement of establishing a security layer in a VPC that will act as a firewall to control subnet traffic.
Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each
instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Security groups are associated with

network interfaces, and therefore apply to all the instances in the subnets that use those network interfaces. Routing tables are used to direct traffic between
subnets and gateways, not to filter traffic. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level, but they are less
granular and more cumbersome to manage than security groups. Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads
for malicious or unauthorized activity, not a firewall service.
NEW QUESTION 13
- (Topic 1)
A cloud engineer needs to download AWS security and compliance documents for an upcoming audit.
Which AWS service can provide the documents?
A. AWS Trusted Advisor

B. AWS Artifact
C. AWS Well-Architected Tool
D. AWS Systems Manager
Answer: B
Explanation:
AWS Artifact is the AWS service that can provide security and compliance documents for an upcoming audit. AWS Artifact is a self-service portal that allows users
to access and download AWS compliance reports and agreements. These documents provide evidence of AWS’s compliance with global, regional, and industry-
specific security standards and regulations
NEW QUESTION 16
- (Topic 1)
A company wants to deploy and manage a Docker-based application on AWS.
Which solution meets these requirements with the LEAST amount of operational overhead?
A. An open-source Docker orchestrator on Amazon EC2 instances

B. AWS AppSync
C. Amazon Elastic Container Registry (Amazon ECR)
D. Amazon Elastic Container Service (Amazon ECS)
Answer: D
Explanation:
Amazon Elastic Container Service (Amazon ECS) is a solution that meets the requirements of deploying and managing a Docker-based application on AWS with
the least amount of operational overhead. Amazon ECS is a fully managed container orchestration service that makes it easy to run, scale, and secure Docker
container applications on AWS. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple
API calls, you can launch and stop container-enabled applications, query the complete state of your cluster, and access many familiar features like security groups,
Elastic Load Balancing, EBS volumes, and IAM roles3.
NEW QUESTION 19
- (Topic 1)
Which AWS service or feature offers HTTP attack protection to users running public-facing web applications?
A. Security groups
B. Network ACLs
C. AWS Shield Standard
D. AWS WAF
Answer: D
Explanation:
AWS WAF is the AWS service or feature that offers HTTP attack protection to users running public-facing web applications. AWS WAF is a web application
firewall that helps users protect their web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Users can create
custom rules to define the web traffic that they want to allow, block, or count. Users can also use AWS Managed Rules, which are pre-configured rules that are
curated and maintained by AWS or AWS Marketplace Sellers. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API
Gateway, and Application Load Balancer, to provide comprehensive security for web applications. [AWS WAF Overview] AWS Certified Cloud Practitioner -
aws.amazon.com
NEW QUESTION 23
- (Topic 1)
When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS, which
Amazon EC2 instance type is required?
A. Spot Instances
B. Dedicated Instances
C. Dedicated Hosts
D. Reserved Instances
Answer: C
Explanation:
The correct answer is C because Dedicated Hosts are Amazon EC2 instances that are required when a user wants to utilize their existing per-socket, per-core, or
per-virtual machine software licenses for a Microsoft Windows server running on AWS. Dedicated Hosts are physical servers that are dedicated to a single
customer. Dedicated Hosts allow customers to use their existing server-bound software licenses, such as Windows Server, SQL Server, and SUSE Linux
Enterprise Server, subject to their license terms. The other options are incorrect because they are not Amazon EC2 instances that are required when a user wants
to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS. Spot Instances are spare
Amazon EC2 instances that are available at up to 90% discount compared to On-Demand prices. Spot Instances are suitable for stateless, fault-tolerant, and

flexible workloads that can recover from interruptions easily. Dedicated Instances are Amazon EC2 instances that run on hardware that is dedicated to a single
customer, but not to a specific physical server. Dedicated Instances do not allow customers to use their existing server-bound software licenses. Reserved
Instances are Amazon EC2 instances that are reserved for a specific period of time (one or three years) in exchange for a lower hourly rate. Reserved Instances
are suitable for steady-state or predictable workloads that run for a long duration. Reserved Instances do not allow customers to use their existing server-bound
software licenses. Reference: Dedicated Hosts, Amazon EC2 Instance Purchasing Options
NEW QUESTION 24
- (Topic 1)
A company is hosting a web application in a Docker container on Amazon EC2. AWS is responsible for which of the following tasks?
A. Scaling the web application and services developed with Docker

B. Provisioning or scheduling containers to run on clusters and maintain their availability
C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud
D. Managing the guest operating system, including updates and security patches
Answer: C
Explanation:
AWS is responsible for performing hardware maintenance in the AWS facilities that run the AWS Cloud. This is part of the shared responsibility model, where
AWS is responsible for the security of the cloud, and the customer is responsible for security in the cloud. AWS is also responsible for the global infrastructure that
runs all of the services offered in the AWS Cloud, including the hardware, software, networking, and facilities that run AWS Cloud services3. The customer is
responsible for the guest operating system, including updates and security patches, as well as the web application and services developed with Docker4.
NEW QUESTION 29
- (Topic 1)
A company wants to centrally manage security policies and billing services within a multi- account AWS environment. Which AWS service should the company use
to meet these requirements?
A. AWS Identity and Access Management (IAM)

B. AWS Organizations
C. AWS Resource Access Manager (AWS RAM)
D. AWS Config
Answer: B
Explanation:
AWS Organizations is a service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. You can use AWS
Organizations to create groups of accounts and apply policies to them. You can also use AWS Organizations to consolidate billing for multiple accounts. Therefore,
the correct answer is B. You can learn more about AWS Organizations and its features from this page.
NEW QUESTION 31
- (Topic 1)
A company has an online shopping website and wants to store customers' credit card data. The company must meet Payment Card Industry (PCI) standards.
Which service can the company use to access AWS compliance documentation?
A. Amazon Cloud Directory

B. AWS Artifact
D. Amazon Inspector
Answer: B
Explanation:
The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications,
and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options
are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers
to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers
follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security
vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: [AWS Artifact FAQs]
NEW QUESTION 32
- (Topic 1)
Which design principle is achieved by following the reliability pillar of the AWS Well- Architected Framework?
A. Vertical scaling
B. Manual failure recovery
C. Testing recovery procedures
D. Changing infrastructure manually
Answer: C
Explanation:
Testing recovery procedures is the design principle that is achieved by following the reliability pillar of the AWS Well-Architected Framework. The reliability pillar
focuses on the ability of a system to recover from failures and prevent disruptions. Testing recovery procedures helps to ensure that the system can handle
different failure scenarios and restore normal operations as quickly as possible. Testing recovery procedures also helps to identify and mitigate any risks or gaps in
the system design and implementation. For more information, see [Reliability Pillar] and [Testing for Reliability].
NEW QUESTION 34

- (Topic 1)
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)
A. Network infrastructure and virtualization of infrastructure

B. Security of application data
C. Guest operating systems
D. Physical security of hardware
E. Credentials and policies
Answer: AD
Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities
according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS
and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions,
availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the
customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the
applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS
responsibilities according to the AWS shared responsibility model. Security of application data, guest operating systems, and credentials and policies are customer
responsibilities according to the AWS shared responsibility model. Reference: [AWS Shared Responsibility Model]
NEW QUESTION 37
- (Topic 1)
Which database engine is compatible with Amazon RDS?
A. Apache Cassandra
B. MongoDB
C. Neo4j
D. PostgreSQL
Answer: D
Explanation:
Amazon RDS supports six database engines: Amazon Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server. Apache Cassandra, MongoDB, and
Neo4j are not compatible with Amazon RDS. Therefore, the correct answer is D. You can learn more about Amazon RDS and its supported database engines from
this page.
NEW QUESTION 39
- (Topic 1)
Which AWS Well-Architected Framework concept represents a system's ability to remain functional when the system encounters operational problems?
A. Consistency
B. Elasticity
C. Durability
D. Latency
Answer: B
Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating systems in the cloud. The framework consists of five
pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. The concept of elasticity represents a system’s ability to adapt to
changes in demand by scaling resources up or down automatically. Therefore, the correct answer is B. You can learn more about the AWS Well-Architected
Framework and its pillars from this page.
NEW QUESTION 41
- (Topic 1)
Which task is the responsibility of a company that is using Amazon RDS?
A. Provision the underlying infrastructure.

B. Create IAM policies to control administrative access to the service.
C. Install the cables to connect the hardware for compute and storage.
D. Install and patch the RDS operating system.
Answer: B
Explanation:
The correct answer is B because AWS IAM policies can be used to control administrative access to the Amazon RDS service. The other options are incorrect
because they are the responsibilities of AWS, not the company that is using Amazon RDS. AWS manages the provisioning, cabling, installation, and patching of
the underlying infrastructure for Amazon RDS. Reference: Amazon RDS FAQs
NEW QUESTION 42
- (Topic 1)
Which task requires the use of AWS account root user credentials?
A. The deletion of IAM users

B. The change to a different AWS Support plan
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances

Answer: C
Explanation:
The creation of an organization in AWS Organizations requires the use of AWS account root user credentials. The AWS account root user is the email address
that was used to create the AWS account. The root user has complete access to all AWS services and resources in the account, and can perform sensitive tasks
such as changing the account settings, closing the account, or creating an organization. The root user credentials should be used sparingly and securely, and only
for tasks that cannot be performed by IAM users or roles4
NEW QUESTION 43
- (Topic 1)
Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?
A. Ensuring network connectivity from AWS to the internet

B. Patching and fixing flaws within the AWS Cloud infrastructure
C. Ensuring the physical security of cloud data centers
D. Ensuring Amazon EBS volumes are backed up
Answer: D
Explanation:
The AWS shared responsibility model describes how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is
responsible for the security of the cloud, which includes the physical security of AWS facilities, the infrastructure, hardware, software, and networking that run AWS
services. The customer is responsible for security in the cloud, which includes the configuration of security groups, the encryption of customer data on AWS, the
management of AWS Lambda infrastructure, and the management of network throughput of each AWS Region. One of the customer responsibilities is to ensure
that Amazon EBS volumes are backed up.
NEW QUESTION 47
- (Topic 1)
Which AWS Support plan provides customers with access to an AWS technical account manager (TAM)?
A. AWS Basic Support

B. AWS Developer Support
D. AWS Enterprise Support
Answer: D
Explanation:
The correct answer is D because AWS Enterprise Support is the support plan that provides customers with access to an AWS technical account manager (TAM).
AWS Enterprise Support is the highest level of support plan offered by AWS, and it provides customers with the most comprehensive and personalized support
experience. An AWS TAM is a dedicated technical resource who works closely with customers to understand their business and technical needs, provide proactive
guidance, and coordinate support across AWS teams. The other options are incorrect because they are not support plans that provide customers with access to an
AWS TAM. AWS Basic Support is the default and free support plan that provides customers with access to online documentation, forums, and account information.
AWS Developer Support is the lowest level of paid support plan that provides customers with access to technical support during business hours, general guidance,
and best practice recommendations. AWS Business Support is the intermediate level of paid support plan that provides customers with access to technical support
24/7, system health checks, architectural guidance, and case management. Reference: AWS Support Plans
NEW QUESTION 51
- (Topic 1)
Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?
A. High availability
B. Economies of scale
C. Pay-as-you-go pricing
D. Global reach
Answer: C
Explanation:
Pay-as-you-go pricing is an AWS benefit that demonstrates the ability of users to replace upfront fixed expenses with variable expenses. With pay-as-you-go
pricing, users only pay for the resources they consume, without any long-term contracts or commitments. This can lower the total cost of ownership and increase
the return on investment. Pay-as-you-go pricing also provides flexibility and scalability, as users can adjust their resource usage according to their changing needs
and demands. AWS Cloud Value FrameworkAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 56
- (Topic 1)
Which AWS services or features can control VPC traffic? (Select TWO.)
A. Security groups
B. AWS Direct Connect
C. Amazon GuardDuty
D. Network ACLs
E. Amazon Connect
Answer: AD
Explanation:
The AWS services or features that can control VPC traffic are security groups and network ACLs. Security groups are stateful firewalls that control the inbound

and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic
based on the protocol, port, and source or destination. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level. You
can associate one network ACL with each subnet in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination.
AWS Direct Connect, Amazon GuardDuty, and Amazon Connect are not services or features that can control VPC traffic. AWS Direct Connect is a service that
establishes a dedicated network connection between your premises and AWS. Amazon GuardDuty is a service that monitors your AWS account and workloads for
malicious or unauthorized activity. Amazon Connect is a service that provides a cloud-based contact center solution.
NEW QUESTION 60
- (Topic 1)
A company needs to use standard SQL to query and combine exabytes of structured and semi-structured data across a data warehouse, operational database,
and data lake.
Which AWS service meets these requirements?
A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon Athena
D. Amazon Redshift
Answer: D
Explanation:
Amazon Redshift is the service that meets the requirements of using standard SQL to query and combine exabytes of structured and semi-structured data across
a data warehouse, operational database, and data lake. Amazon Redshift is a fully managed, petabyte-scale data warehouse service that allows you to run
complex analytic queries using standard SQL and your existing business intelligence tools. Amazon Redshift also supports Redshift Spectrum, a feature that
allows you to directly query and join data stored in Amazon S3 using the same SQL syntax. Amazon Redshift can scale up or down to handle any volume of data
and deliver fast query performance5
NEW QUESTION 64
- (Topic 1)
An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which AWS service is used to track, record, and audit configuration changes made to AWS resources?
A. AWS Shield
B. AWS Config
C. AWS IAM
D. Amazon Inspector
Answer: B
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and
records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config,
you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall
compliance against the configurations specified in your internal guidelines3.
NEW QUESTION 69
- (Topic 1)
A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?
A. AWS Pricing Calculator

B. Amazon CloudWatch
C. AWS Cost Explorer
D. AWS Budgets
Answer: A
Explanation:
AWS Pricing Calculator is a web-based planning tool that customers can use to create estimates for their AWS use cases. They can use it to model their solutions
before building them, explore the AWS service price points, and review the calculations behind their estimates. Therefore, the correct answer is A. You can learn
more about AWS Pricing Calculator and how it works from this page.
NEW QUESTION 70
- (Topic 1)
Which AWS database service provides in-memory data storage?
A. Amazon DynamoDB
B. Amazon ElastiCache
C. Amazon RDS
D. Amazon Timestream
Answer: B
Explanation:
The correct answer is B because Amazon ElastiCache is a service that provides in-memory data storage. Amazon ElastiCache is a fully managed, scalable, and
high-performance service that supports two popular open-source in-memory engines: Redis and Memcached. Amazon ElastiCache allows users to store and
retrieve data from fast, low-latency, and high-throughput in-memory systems. Users can use Amazon ElastiCache to improve the performance of their applications
by caching frequently accessed data, reducing database load, and enabling real-time data processing. The other options are incorrect because they are not
services that provide in-memory data storage. Amazon DynamoDB is a service that provides key-value and document data storage. Amazon RDS is a service that

provides relational data storage. Amazon Timestream is a service that provides time series data storage. Reference: Amazon ElastiCache FAQs
NEW QUESTION 73
- (Topic 1)
A company needs to migrate all of its development teams to a cloud-based integrated development environment (IDE).
A. AWS CodeBuild
B. AWS Cloud9
C. AWS OpsWorks
D. AWS Cloud Development Kit (AWS CDK)
Answer: B
Explanation:
The correct answer is B because AWS Cloud9 is an AWS service that enables users to run their existing custom, nonproduction workloads in the AWS Cloud
quickly and cost-effectively. AWS Cloud9 is a cloud-based integrated development environment (IDE) that allows users to write, run, and debug code from a web
browser. AWS Cloud9 supports multiple programming languages, such as Python, Java, Node.js, and more. AWS Cloud9 also provides users with a terminal that
can access AWS services and resources, such as Amazon EC2 instances, AWS Lambda functions, and AWS CloudFormation stacks. The other options are
incorrect because they are not AWS services that enable users to run their existing custom, nonproduction workloads in the AWS Cloud quickly and cost-
effectively. AWS CodeBuild is an AWS service that enables users to compile, test, and package their code for deployment. AWS OpsWorks is an AWS service that
enables users to configure and manage their applications using Chef or Puppet. AWS Cloud Development Kit (AWS CDK) is an AWS service that enables users to
define and provision their cloud infrastructure using familiar programming languages, such as TypeScript, Python, Java, and C#. Reference: AWS Cloud9 FAQs
NEW QUESTION 76
- (Topic 1)
Which of the following are components of an AWS Site-to-Site VPN connection? (Select TWO.)
A. AWS Storage Gateway

B. Virtual private gateway
C. NAT gateway
D. Customer gateway
E. Internet gateway
Answer: BD
Explanation:
The correct answers are B and D because a virtual private gateway and a customer gateway are components of an AWS Site-to-Site VPN connection. A virtual
private gateway is the AWS side of the VPN connection that attaches to the customer’s VPC. A customer gateway is the customer side of the VPN connection that
resides in the customer’s network. The other options are incorrect because they are not components of an AWS Site-to-Site VPN connection. AWS Storage
Gateway is a service that connects on- premises software applications with cloud-based storage. NAT gateway is a service that enables instances in a private
subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. Internet gateway is a service
that enables communication between instances in a VPC and the internet. Reference: [What is AWS Site-to-Site VPN?]
NEW QUESTION 80
- (Topic 1)
Which task is a customer's responsibility, according to the AWS shared responsibility model?
A. Management of the guest operating systems

B. Maintenance of the configuration of infrastructure devices
C. Management of the host operating systems and virtualization
D. Maintenance of the software that powers Availability ZonesA company has refined its workload to use specific AWS services to improve efficiency and reduce
cost.
Answer: A
Explanation:
Management of the guest operating systems is a customer’s responsibility, according to the AWS shared responsibility model. The AWS shared responsibility
model defines the different security and compliance responsibilities of AWS and the customer. AWS is responsible for the security of the cloud, which includes the
physical infrastructure, hardware, software, and facilities that run the AWS Cloud. The customer is responsible for security in the cloud, which includes the
configuration and management of the guest operating systems, applications, data, and network traffic protection
NEW QUESTION 82
- (Topic 1)
Which AWS service or tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?
A. AWS Identity and Access Management (IAM)

D. AWS Budgets
Answer: B
Explanation:
AWS Organizations helps to centrally manage billing and allow controlled access to resources across AWS accounts. AWS Organizations is a service that
enables the user to consolidate multiple AWS accounts into an organization that can be managed as a single unit. AWS Organizations allows the user to create
groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access in the
accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization
into a single bill.

NEW QUESTION 83
- (Topic 1)
What are some advantages of using Amazon EC2 instances lo host applications in the AWS Cloud instead of on premises? (Select TWO.)
A. EC2 includes operating system patch management

B. EC2 integrates with Amazon VP
C. AWS CloudTrail, and AWS Identity and Access Management (IAM)
D. EC2 has a 100% service level agreement (SLA).
E. EC2 has a flexible, pay-as-you-go pricing model.
F. EC2 has automatic storage cost optimization.
Answer: BD
Explanation:
Some of the advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises are:
? EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). Amazon VPC lets you provision a logically isolated
section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. AWS CloudTrail enables governance, compliance,
operational auditing, and risk auditing of your AWS account. AWS IAM enables you to manage access to AWS services and resources securely. Therefore, the
correct answer is B. You can learn more about Amazon EC2 and its integration with other AWS services from this page.
? EC2 has a flexible, pay-as-you-go pricing model. You only pay for the compute capacity you use, and you can scale up and down as needed. You can also
choose from different pricing options, such as On-Demand, Savings Plans, Reserved Instances, and Spot Instances, to optimize your costs. Therefore, the correct
answer is D. You can learn more about Amazon EC2 pricing from this page.
The other options are incorrect because:
? EC2 does not include operating system patch management. You are responsible for managing and maintaining your own operating systems on EC2 instances.
You can use AWS Systems Manager to automate common maintenance tasks, such as applying patches, or use Amazon EC2 Image Builder to create and
maintain secure images. Therefore, the incorrect answer is A.
? EC2 does not have a 100% service level agreement (SLA). The EC2 SLA guarantees 99.99% availability for each EC2 Region, not for each individual instance.
Therefore, the incorrect answer is C.
? EC2 does not have automatic storage cost optimization. You are responsible for choosing the right storage option for your EC2 instances, such as Amazon
Elastic Block Store (EBS) or Amazon Elastic File System (EFS), and monitoring and optimizing your storage costs. You can use AWS Cost Explorer or AWS
Trusted Advisor to analyze and reduce your storage spending. Therefore, the incorrect answer is E.
NEW QUESTION 84
- (Topic 1)
company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?
A. Reliability
B. Security
C. Operational excellence
D. Performance efficiency
Answer: B
Explanation:
The pillar of the AWS Well-Architected Framework that is supported by the goals of protecting AWS Cloud information, systems, and assets while performing risk
assessment and mitigation tasks is security. Security is the ability to protect information, systems, and assets while delivering business value through risk
assessments and mitigation strategies. The security pillar covers topics such as identity and access management, data protection, infrastructure protection,
detective controls, incident response, and compliance
NEW QUESTION 88
- (Topic 1)
A company has been storing monthly reports in an Amazon S3 bucket. The company exports the report data into comma-separated values (.csv) files. A developer
wants to write a simple query that can read all of these files and generate a summary report.
Which AWS service or feature should the developer use to meet these requirements with the LEAST amount of operational overhead?
A. Amazon S3 Select
B. Amazon Athena
C. Amazon Redshift
D. Amazon EC2
Answer: B
Explanation:
Amazon Athena is the AWS service that the developer should use to write a simple query that can read all of the .csv files stored in an Amazon S3 bucket and
generate a summary report. Amazon Athena is an interactive query service that allows users to analyze data in Amazon S3 using standard SQL. Amazon Athena
does not require any server setup or management, and users only pay for the queries they run. Amazon Athena can handle various data formats, including .csv,
and can integrate with other AWS services such as Amazon QuickSight for data visualization
NEW QUESTION 90
- (Topic 1)
Which AWS services and features are provided to all customers at no charge? (Select TWO.)
A. Amazon Aurora
B. VPC
C. Amazon SageMaker
D. AWS Identity and Access Management (IAM)
E. Amazon Polly

Answer: BD
Explanation:
The AWS services and features that are provided to all customers at no charge are VPC and AWS Identity and Access Management (IAM). VPC is a service that
allows you to launch AWS resources in a logically isolated virtual network that you define. You can create and use a VPC at no additional charge, and you only pay
for the resources that you launch in the VPC, such as EC2 instances or EBS volumes. IAM is a service that allows you to manage access and permissions to AWS
resources. You can create and use IAM users, groups, roles, and policies at no additional charge, and you only pay for the AWS resources that the IAM entities
access. Amazon Aurora, Amazon SageMaker, and Amazon Polly are not free services, and they charge based on the usage and features that you choose5
NEW QUESTION 95
- (Topic 1)
Which AWS service or tool can be used to consolidate payments for a company with multiple AWS accounts?
A. AWS Cost and Usage Report

C. Cost Explorer
D. AWS Budgets
Answer: B
Explanation:
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally
manage. AWS Organizations includes consolidated billing and account management capabilities that enable you to better meet the budgetary, security, and
compliance needs of your business1.
NEW QUESTION 100

- (Topic 1)
Which AWS service or feature captures information about the network traffic to and from an Amazon EC2 instance?
A. VPC Reachability Analyzer

B. Amazon Athena
C. VPC Flow Logs
D. AWS X-Ray
Answer: C
Explanation:
The correct answer is C because VPC Flow Logs is an AWS service or feature that captures information about the network traffic to and from an Amazon EC2
instance. VPC Flow Logs is a feature that enables customers to capture information about the IP traffic going to and from network interfaces in their VPC. VPC
Flow Logs can help customers to monitor and troubleshoot connectivity issues, such as traffic not reaching an instance or traffic being rejected by a security group.
The other options are incorrect because they are not AWS services or features that capture information about the network traffic to and from an Amazon EC2
instance. VPC Reachability Analyzer is an AWS service or feature that enables customers to perform connectivity testing between resources in their VPC and
identify configuration issues that prevent connectivity. Amazon Athena is an AWS service that enables customers to query data stored in Amazon S3 using
standard SQL. AWS X-Ray is an AWS service that enables customers to analyze and debug distributed applications, such as those built using a microservices
architecture.
Reference: VPC Flow Logs
NEW QUESTION 103

- (Topic 1)
Which of the following are customer responsibilities under the AWS shared responsibility model? (Select TWO.)
A. Physical security of AWS facilities

B. Configuration of security groupsQ
C. Encryption of customer data on AWS
D. Management of AWS Lambda infrastructureQ
E. Management of network throughput of each AWS Region
Answer: BC
Explanation:
The AWS shared responsibility model describes how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is
responsible for the security of the cloud, which includes the physical security of AWS facilities, the infrastructure, hardware, software, and networking that run AWS
services. The customer is responsible for security in the cloud, which includes the configuration of security groups, the encryption of customer data on AWS, the
management of AWS Lambda infrastructure, and the management of network throughput of each AWS Region.
NEW QUESTION 108

- (Topic 1)
Which AWS service should a cloud practitioner use to receive real-time guidance for provisioning resources, based on AWS best practices related to security, cost
optimization, and service limits?

B. AWS Config
C. AWS Security Hub
Answer: A
Explanation:

AWS Trusted Advisor is the AWS service that provides real-time guidance for provisioning resources, based on AWS best practices related to security, cost
optimization, and service limits. AWS Trusted Advisor inspects the user’s AWS environment and provides recommendations for improving performance, security,
and reliability, reducing costs, and following best practices. AWS Trusted Advisor also alerts the user when they are approaching or exceeding their service limits,
and helps them request
limit increases3.
NEW QUESTION 111

- (Topic 1)
A company wants to manage access and permissions for its third-party software as a service (SaaS)
applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications.
Which AWS service should the company use to meet these requirements?
A. Amazon Cognito
B. AWS IAM Identity Center (AWS Single Sign-On)
C. AWS Identity and Access Management (IAM)
D. AWS Directory Service for Microsoft Active Directory
Answer: B
Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is the AWS service that the company should use to meet the requirements of managing access and permissions
for its third-party SaaS applications. AWS Single Sign-On is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple
AWS accounts and business applications. You can use AWS Single Sign-On to enable your users to sign in to a user portal with their existing corporate
credentials and access all of their assigned accounts and applications from one place4.
NEW QUESTION 113

- (Topic 1)
Which AWS service is a highly available and scalable DNS web service?
A. Amazon VPC
B. Amazon CloudFront
C. Amazon Route 53
D. Amazon Connect
Answer: C
Explanation:
Amazon Route 53 is a highly available and scalable DNS web service. It is designed to give developers and businesses an extremely reliable and cost-effective
way to route end users to Internet applications by translating domain names into the numeric IP addresses that computers use to connect to each other2. Amazon
Route 53 also offers other features such as health checks, traffic management, domain name registration, and DNSSEC3.
NEW QUESTION 117

- (Topic 1)
What is the total amount of storage offered by Amazon S3?
A. WOMB
B. 5 GB
C. 5 TB
D. Unlimited
Answer: D
Explanation:
Amazon S3 offers unlimited storage for any amount of data. You can store as many objects as you want, and each object can be as large as 5 terabytes. You pay
only for the storage space that you actually use, and there are no minimum commitments or upfront fees. Amazon S3 also provides high durability, availability,
scalability, and security for your data.
NEW QUESTION 119

- (Topic 1)
A user wants to identify any security group that is allowing unrestricted incoming SSH traffic.
Which AWS service can be used to accomplish this goal?
A. Amazon Cognito
B. AWS Shield
C. Amazon Macie
D. AWS Trusted Advisor
Answer: D
Explanation:
The correct answer to the question is D because AWS Trusted Advisor is an AWS service that can be used to accomplish the goal of identifying any security
group that is allowing unrestricted incoming SSH traffic. AWS Trusted Advisor is a service that provides customers with recommendations that help them follow
AWS best practices. Trusted Advisor evaluates the customer’s AWS environment and identifies ways to optimize their AWS infrastructure, improve security and
performance, reduce costs, and monitor service quotas. One of the checks that Trusted Advisor performs is the Security Groups - Specific Ports Unrestricted
check, which flags security groups that allow unrestricted access to specific ports, such as port 22 for SSH. Customers can use this check to review and modify
their security group rules to restrict SSH access to only authorized sources. Reference: Security Groups - Specific Ports Unrestricted
NEW QUESTION 120

- (Topic 1)
A large company has a workload that requires hardware to remain on premises. The company wants to use the same management and control plane services that
it currently uses on AWS.
Which AWS service should the company use to meet these requirements?
A. AWS Device Farm

B. AWS Fargate
C. AWS Outposts
D. AWS Ground Station
Answer: C
Explanation:
The correct answer is C because AWS Outposts is an AWS service that enables the company to meet the requirements. AWS Outposts is a fully managed
service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co- location space, or on-premises facility. AWS Outposts allows
customers to run their workloads on the same hardware and software that AWS uses in its cloud, while maintaining local access and control. The other options are
incorrect because they are not AWS services that enable the company to meet the requirements. AWS Device Farm is an AWS service that enables customers to
test their mobile and web applications on real devices in the AWS Cloud. AWS Fargate is an AWS service that enables customers to run containers without having
to manage servers or clusters. AWS Ground Station is an AWS service that enables customers to communicate with satellites and downlink data from orbit.
Reference: AWS Outposts FAQs
NEW QUESTION 124

- (Topic 1)
A company is launching a new application in the AWS Cloud. The application will run on an Amazon EC2 instance. More EC2 instances will be needed when the
workload increases.
Which AWS service or tool can the company use to launch the number of EC2 instances that will be needed to handle the workload?
A. Elastic Load Balancing

B. Amazon EC2 Auto Scaling
C. AWS App2Container (A2C)
Answer: B
Explanation:
Amazon EC2 Auto Scaling is the AWS service or tool that can help the company launch the number of EC2 instances that will be needed to handle the workload.
Amazon EC2 Auto Scaling automatically adjusts the capacity of the EC2 instances based on the demand and the predefined scaling policies. Amazon EC2 Auto
Scaling also helps to improve availability and reduce costs by scaling in and out as needed. For more information, see What is Amazon EC2 Auto Scaling? and
[Getting Started with Amazon EC2 Auto Scaling].
NEW QUESTION 129

- (Topic 1)
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
A. Elimination of expenses for running and maintaining data centers

B. Price discounts that are identical to discounts from hardware providers
C. Distribution of all operational controls to AWS
D. Elimination of operational expenses
Answer: A
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is: elimination of expenses for running and maintaining data
centers. By moving on-premises workloads to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating physical servers,
storage, network equipment, and facilities. These costs include hardware purchase, maintenance, repair, power, cooling, security, and staff. Users can also benefit
from the pay-as-you-go pricing model of AWS, which allows them to pay only for the resources they use, and scale up or down as needed.
NEW QUESTION 133

- (Topic 1)
Which AWS network services or features allow Cl DR block notation when providing an IP address range?
(Select TWO.)
A. Security groups
B. Amazon Machine Image (AMI)
C. Network access control list (network ACL)
D. AWS Budgets
E. Amazon Elastic Block Store (Amazon EBS)
Answer: AC
Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP
address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network
ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR
block notation to specify the IP address ranges that are allowed or denied
NEW QUESTION 135

- (Topic 1)
Which of the following is a benefit of decoupling an AWS Cloud architecture?

A. Reduced latency
B. Ability to upgrade components independently
C. Decreased costs
D. Fewer components to manage
Answer: B
Explanation:
A benefit of decoupling an AWS Cloud architecture is the ability to upgrade components independently. Decoupling is a way of designing systems to reduce
interdependencies and minimize the impact of changes. Decoupling allows components to interact with each other through well-defined interfaces, rather than
direct references. This reduces the risk of failures and errors propagating across the system, and enables greater scalability, availability, and maintainability. By
decoupling an AWS Cloud architecture, the user can upgrade or modify one component without affecting the other components5.
NEW QUESTION 139

- (Topic 1)
A company deploys its application to multiple AWS Regions and configures automatic failover between those Regions.
Which cloud concept does this architecture represent?
A. Security
B. Reliability
C. Scalability
D. Cost optimization
Answer: B
Explanation:
Reliability is the cloud concept that this architecture represents. Reliability is the ability of a system to recover from infrastructure or service disruptions,
dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. Deploying an
application to multiple AWS Regions and configuring automatic failover between those Regions enhances the reliability of the application by reducing the impact of
regional failures and increasing the availability of the application4
NEW QUESTION 143

- (Topic 1)
Which statements represent the cost-effectiveness of the AWS Cloud? (Select TWO.)
A. Users can trade fixed expenses for variable expenses.

B. Users can deploy all over the world in minutes.
C. AWS offers increased speed and agility.
D. AWS is responsible for patching the infrastructure.
E. Users benefit from economies of scale.
Answer: AE
Explanation:
The statements that represent the cost-effectiveness of the AWS Cloud are:
? Users can trade fixed expenses for variable expenses. By using the AWS Cloud, users can pay only for the resources they use, instead of investing in fixed and
upfront costs for hardware and software. This can lower the total cost of ownership and increase the return on investment.
? Users benefit from economies of scale. By using the AWS Cloud, users can leverage the massive scale and efficiency of AWS to access lower prices and higher
performance. AWS passes the cost savings to the users through price reductions and innovations. AWS Cloud Value Framework
NEW QUESTION 146

- (Topic 1)
Which AWS service uses a combination of publishers and subscribers?
A. AWS Lambda
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon CloudWatch
D. AWS CloudFormation
Answer: B
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a
combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages
from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to
decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues,
and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 150

- (Topic 3)
A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve
supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?
A. Security
B. Performance efficiency
C. Cost optimization
D. Operational excellence

Answer: D
Explanation:
The scenario represents the operational excellence pillar of the AWS Well- Architected Framework, which focuses on running and monitoring systems to deliver
business value and continually improve supporting processes and procedures1. Security, performance efficiency, cost optimization, and reliability are the other
four pillars of the framework1.
NEW QUESTION 152

- (Topic 3)
Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?
A. AWS Organizations
B. AWS Pricing Calculator
D. AWS Service Catalog
Answer: C
Explanation:
AWS Cost Explorer is the AWS service or tool that helps users visualize, understand, and manage spending and usage over time. AWS Cost Explorer is a web-
based interface that allows users to access interactive graphs and tables that display their AWS costs and usage data. Users can create custom reports that
analyze cost and usage data by various dimensions, such as service, region, account, tag, and more. Users can also view historical data for up to the last 12
months, forecast future costs for up to the next 12 months, and get recommendations for cost optimization. AWS Cost Explorer also provides preconfigured views
that show common cost and usage scenarios, such as monthly spend by service, daily spend by linked account, and Reserved Instance utilization. Users can use
AWS Cost Explorer to monitor their AWS spending and usage trends, identify cost drivers and anomalies, and optimize their resource allocation and budget
planning. References: Cloud Cost Analysis - AWS Cost Explorer - AWS, Analyzing your costs with AWS Cost Explorer
NEW QUESTION 153

- (Topic 3)
A company needs to securely store important credentials that an application uses to connect users to a database.
Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?
A. AWS Key Management Service (AWS KMS)

B. AWS Config
C. AWS Secrets Manager
D. Amazon GuardDuty
Answer: C
Explanation:
AWS Secrets Manager is a service that helps you protect secrets needed to access your applications, services, and IT resources. You can use AWS Secrets
Manager to store, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. AWS Secrets Manager eliminates the need to
hardcode sensitive information in plain text, and reduces the risk of unauthorized access or leakage. AWS Secrets Manager also integrates with other AWS
services, such as AWS Lambda, Amazon RDS, and AWS CloudFormation, to simplify the management of secrets across your environment5
NEW QUESTION 158

- (Topic 3)
A company wants to migrate a database from an on-premises environment to Amazon RDS.
After the migration is complete, which management task will the company still be responsible for?
A. Hardware lifecycle management

B. Application optimization
C. Server maintenance
D. Power, network, and cooling provisioning
Answer: B
Explanation:
Amazon RDS is a managed database service that handles most of the common database administration tasks, such as hardware provisioning, server
maintenance, backup and recovery, patching, scaling, and replication. However, Amazon RDS does not optimize the application that interacts with the database.
The company is still responsible for tuning the performance, security, and availability of the application according to its business requirements and best
practices12. References:
? What is Amazon Relational Database Service (Amazon RDS)?
? Perform common DBA tasks for Amazon RDS DB instances
NEW QUESTION 159

- (Topic 3)
A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing.
Which AWS service or feature will help the company with its migration?

B. AWS Consulting Partners
C. AWS Artifacts
D. AWS Managed Services
Answer: D
Explanation:

AWS Managed Services is a service that provides operational management for AWS infrastructure and applications. It helps users migrate their workloads to
AWS and provides ongoing support, security, compliance, and automation. AWS Trusted Advisor is a service that provides best practices and recommendations
for cost optimization, performance, security, and fault tolerance. AWS Consulting Partners are professional services firms that help customers design, architect,
build, migrate, and manage their workloads and applications on AWS. AWS Artifacts is a service that provides on-demand access to AWS compliance reports and
select online agreements.
NEW QUESTION 161

- (Topic 3)
Which AWS service or feature gives users the ability to capture information about network traffic in a VPC?
A. VPC Flow Logs

B. Amazon Inspector
C. VPC route tables
D. AWS CloudTrail
Answer: A
Explanation:
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be
published to Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. You can use VPC Flow Logs to diagnose network issues, monitor traffic
patterns, detect security anomalies, and comply with auditing requirements34. References: Logging IP traffic using VPC Flow Logs - Amazon Virtual Private Cloud,
New – VPC Traffic Mirroring – Capture & Inspect Network Traffic | AWS News Blog
NEW QUESTION 166

- (Topic 3)
Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?
A. Go global in minutes
B. Make frequent, small, reversible changes
C. Implement a strong foundation of identity and access management
D. Stop spending money on hardware infrastructure for data center operations
Answer: B
Explanation:
Making frequent, small, reversible changes is one of the design principles for operational excellence in the AWS Cloud, as defined by the AWS Well-Architected
Framework. This principle means that you should design your workloads to allow for rapid and safe changes, such as deploying updates, rolling back failures, and
experimenting with new features. By making small and reversible changes, you can reduce the risk of errors,
minimize the impact of failures, and increase the speed of recovery2. References: 2: AWS Documentation - AWS Well-Architected Framework - Operational
Excellence Pillar
NEW QUESTION 167

- (Topic 3)
A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario"?
A. Update the guest operating system of the EC2 instances

B. Maintain high availability at the database layer
C. Patch the physical infrastructure that hosts the EC2 instances
D. Configure the security group firewall
Answer: C
Explanation:
When you run a NoSQL database on Amazon EC2 instances, you are responsible for managing the database layer and the guest operating system of the
instances. This means that you need to perform tasks such as updating the operating system, maintaining high availability, and configuring the security group
firewall. AWS is responsible for managing the physical infrastructure that hosts the EC2 instances. This means that AWS ensures that the hardware and firmware
of the servers, routers, switches, and other devices are updated and secure. AWS also handles the power, cooling, networking, and security of the data centers12.
References: CLF-C02: Which task is responsibility of AWS to run NoSQL database on …, Best Practices for Hosting NoSQL Databases on Amazon EC2
NEW QUESTION 172

- (Topic 3)
Which AWS Cloud deployment model uses AWS Outposts as part of the application deployment infrastructure?
A. On-premises
B. Serverless
C. Cloud-native
D. Hybrid
Answer: D
Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS
managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions,
while using local compute and storage resources for lower latency and local data processing needs. An Outpost is a pool of AWS compute and storage capacity
deployed at a customer site. AWS operates, monitors, and manages this capacity as part of an AWS Region. You can create subnets on your Outpost and specify
them when you create AWS resources such as EC2 instances, EBS volumes, ECS clusters, and RDS instances. Instances in Outpost subnets communicate with
other instances in the AWS Region using private IP addresses, all within the same VPC. Outposts solutions allow you to extend and run native AWS services on
premises, and is available in a variety of form factors, from 1U and 2U Outposts servers to 42U Outposts racks, and multiple rack deployments. With AWS
Outposts, you can run some AWS services locally and connect to a broad range of services available in the local AWS Region2. AWS Outposts is a hybrid cloud

deployment model that uses AWS Outposts as part of the application deployment infrastructure. Hybrid cloud is a cloud computing environment that uses a mix of
on-premises, private cloud, and public cloud services with orchestration between the platforms. Hybrid cloud provides businesses with greater flexibility, more
deployment options, and optimized costs. By using AWS Outposts, customers can benefit from the fully managed infrastructure, services, APIs, and tools of AWS
on premises, while still having access to the full range of AWS services available in the Region for a truly consistent hybrid experience3. References: On-Premises
Private Cloud - AWS Outposts Family - AWS, What is AWS Outposts? - AWS Outposts
NEW QUESTION 176

- (Topic 3)
A company is assessing its AWS Business Support plan to determine if the plan still meets the company's needs. The company is considering switching to AWS
Enterprise Support.
Which additional benefit will the company receive with AWS Enterprise Support?
A. A full set of AWS Trusted Advisor checks

B. Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week
C. A designated technical account manager (TAM) to assist in monitoring and optimization
D. A consultative review and architecture guidance for the company's applications
Answer: C
Explanation:
The additional benefit that the company will receive with AWS Enterprise Support is C. A designated technical account manager (TAM) to assist in monitoring and
optimization.
A TAM is a dedicated point of contact who works with the customer to understand their use cases, applications, and goals, and provides proactive guidance and
best practices to help them optimize their AWS environment. A TAM also helps the customer with case management, escalations, service updates, and feature
requests12.
A full set of AWS Trusted Advisor checks is available for customers with Business, Enterprise On-Ramp, or Enterprise Support plans1. Phone, email, and chat
access to cloud support engineers 24/7 is available for customers with Business, Enterprise On-Ramp, or Enterprise Support plans1. A consultative review and
architecture guidance for the company’s applications is available for customers with Enterprise On-Ramp or Enterprise Support plans1. Therefore, these benefits
are not exclusive to AWS Enterprise Support.
Reference:
1: AWS Support Plan Comparison | Developer, Business, Enterprise …
NEW QUESTION 177

- (Topic 3)
A company needs to run some of its workloads on premises to comply with regulatory guidelines. The company wants to use the AWS Cloud to run workloads that
are not required to be on premises. The company also wants to be able to use the same API calls for the on-premises workloads and the cloud workloads.
Which AWS service or feature should the company use to meet these requirements?
A. Dedicated Hosts
B. AWS Outposts
C. Availability Zones
D. AWS Wavelength
Answer: B
Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-
premises facility for a truly consistent hybrid experience1. AWS Outposts enables customers to run workloads on premises using the same AWS APIs, tools, and
services that they use in the cloud2. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to a customer’s use3. Availability Zones are
one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities within an AWS Region4. AWS
Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications.
NEW QUESTION 179

- (Topic 2)
A company has an application that runs periodically in an on-premises environment. The application runs for a few hours most days, but runs for 8 hours a day for
a week at the end of each month.
Which AWS service or feature should be used to host the application in the AWS Cloud?
A. Amazon EC2 Standard Reserved Instances

B. Amazon EC2 On-Demand Instances
C. AWS Wavelength
D. Application Load Balancer
Answer: B
Explanation:
Amazon EC2 On-Demand Instances are instances that you pay for by the second, with no long-term commitments or upfront payments4. This option is suitable
for applications that have unpredictable or intermittent workloads, such as the one described in the question. Amazon EC2 Standard Reserved Instances are
instances that you purchase for a one-year or three-year term, and pay a lower hourly rate compared to On-Demand Instances. This option is suitable for
applications that have steady state or predictable usage. AWS Wavelength is a service that enables developers to build applications that deliver ultra-low latency
to mobile devices and users by deploying AWS compute and storage at the edge of the 5G network. This option is not relevant for the application described in the
question. Application Load Balancer is a type of load balancer that operates at the application layer and distributes traffic based on the content of the request. This
option is not a service or feature to host the application, but rather to balance the traffic among multiple instances.
NEW QUESTION 181

- (Topic 2)
A company wants to securely store Amazon RDS database credentials and automatically rotate user passwords periodically.
Which AWS service or capability will meet these requirements?

A. Amazon S3
B. AWS Systems Manager Parameter Store
C. AWS Secrets Manager
D. AWS CloudTrail
Answer: C
Explanation:
AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate,
manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle1. Amazon S3 is a storage service that does not offer automatic
rotation of credentials. AWS Systems Manager Parameter Store is a service that provides secure, hierarchical storage for configuration data management and
secrets management2, but it does not offer automatic rotation of credentials. AWS CloudTrail is a service that enables governance, compliance, operational
auditing, and risk auditing of your AWS account3, but it does not store or rotate credentials.
NEW QUESTION 184

- (Topic 2)
Which AWS service can a company use to securely store and encrypt passwords for a database?
A. AWS Shield
B. AWS Secrets Manager
C. AWS Identity and Access Management (IAM)
D. Amazon Cognito
Answer: B
Explanation:
AWS Secrets Manager is an AWS service that can be used to securely store and encrypt passwords for a database. It allows users to manage secrets, such as
database credentials, API keys, and tokens, in a centralized and secure way. It also provides features such as automatic rotation, fine-grained access control, and
auditing. AWS Shield is an AWS service that provides protection against Distributed Denial of Service (DDoS) attacks for AWS resources and services. It does not
store or encrypt passwords for a database. AWS Identity and Access Management (IAM) is an AWS service that allows users to manage access to AWS
resources and services. It can be used to create users, groups, roles, and policies that control who can do what in AWS. It does not store or encrypt passwords for
a database. Amazon Cognito is an AWS service that provides user identity and data synchronization for web and mobile applications. It can be used to
authenticate and authorize users, manage user profiles, and sync user data across devices. It does not store or encrypt passwords for a database.
NEW QUESTION 187

- (Topic 2)
A company runs a database on Amazon Aurora in the us-east-1 Region. The company has a disaster recovery requirement that the database be available in
another Region.
Which solution meets this requirement with minimal disruption to the database operations?
A. Perform an Aurora Multi-AZ deployment.

B. Deploy Aurora cross-Region read replicas.
C. Create Amazon Elastic Block Store (Amazon EBS) volume snapshots for Aurora and copy them to another Region.
D. Deploy Aurora Replicas.
Answer: B
Explanation:
The solution that meets the requirement of the company that runs a database on Amazon Aurora in the us-east-1 Region and has a disaster recovery requirement
that the database be available in another Region with minimal disruption to the database operations is to deploy Aurora cross-Region read replicas. Aurora cross-
Region read replicas are secondary Aurora clusters that are created in a different AWS Region from the primary Aurora cluster, and are kept in sync with the
primary cluster using physical replication. The company can use Aurora cross-Region read replicas to improve the availability and durability of the database, as
well as to reduce the recovery time objective (RTO) and recovery point objective (RPO) in case of a regional disaster. Performing an Aurora Multi-AZ deployment,
creating Amazon EBS volume snapshots for Aurora and copying them to another Region, and deploying Aurora Replicas are not the best solutions for this
requirement. An Aurora Multi-AZ deployment is a configuration that creates one or more Aurora Replicas within the same AWS Region as the primary Aurora
cluster, and provides automatic failover in case of an Availability Zone outage. However, this does not provide cross-Region disaster recovery. Creating Amazon
EBS volume snapshots for Aurora and copying them to another Region is a manual process that requires stopping the database, creating the snapshots, copying
them to the target Region, and restoring them to a new Aurora cluster. This process can cause significant downtime and data loss. Deploying Aurora Replicas is a
configuration that creates one or more secondary Aurora clusters within the same AWS Region as the primary Aurora cluster, and provides read scaling and high
availability. However, this does not provide cross-Region disaster recovery.
NEW QUESTION 188

- (Topic 2)
A company wants to move its iOS application development and build activities to AWS. Which AWS service or resource should the company use for these
activities?
A. AWS CodeCommit
B. Amazon EC2 M1 Mac instances
C. AWS Amplify
D. AWS App Runner
Answer: B
Explanation:
Amazon EC2 M1 Mac instances are the AWS service or resource that the company should use for its iOS application development and build activities, as they
enable users to run macOS on AWS and access a broad and growing set of AWS services. AWS CodeCommit is a service that provides a fully managed source
control service that hosts secure Git-based repositories. AWS Amplify is a set of tools and services that enable developers to build full-stack web and mobile
applications using AWS. AWS App Runner is a service that makes it easy for developers to quickly deploy containerized web applications and APIs. These
concepts are explained in the AWS Developer Tools page4.

NEW QUESTION 193

- (Topic 2)
Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Select TWO.)
A. Maximize utilization of Amazon EC2 instances.

B. Minimize utilization of Amazon EC2 instances.
C. Minimize usage of managed services.
D. Force frequent application reinstallations by users.
E. Reduce the need for users to reinstall applications.
Answer: AE
Explanation:
To maximize sustainability and minimize environmental impact, a company should apply the following design principles to AWS Cloud workloads: maximize
utilization of Amazon EC2 instances and reduce the need for users to reinstall applications. Maximizing utilization of Amazon EC2 instances means that the
company can optimize the performance and efficiency of their compute resources, and avoid wasting energy and money on idle or underutilized instances. The
company can use features such as Amazon EC2 Auto Scaling, Amazon EC2 Spot Instances, and AWS Compute Optimizer to automatically adjust the number and
type of instances based on demand, cost, and performance. Reducing the need for users to reinstall applications means that the company can minimize the
amount of data and bandwidth required to deliver their applications to users, and avoid unnecessary downloads and updates that consume energy and resources.
The company can use services such as Amazon CloudFront, AWS AppStream 2.0, and AWS Amplify to deliver their applications faster, more securely, and more
efficiently to users across the globe. Minimizing utilization of Amazon EC2 instances, minimizing usage of managed services, and forcing frequent application
reinstallations by users are not design principles that would maximize sustainability and minimize environmental impact. Minimizing utilization of Amazon EC2
instances would reduce the performance and efficiency of the compute resources, and potentially increase the costs and complexity of the cloud workloads.
Minimizing usage of managed services would increase the operational overhead and responsibility of the company, and potentially expose them to more security
and reliability risks. Forcing frequent application reinstallations by users would increase the amount of data and bandwidth required to deliver the applications to
users, and potentially degrade the user experience and satisfaction.
NEW QUESTION 194

- (Topic 2)
A company needs help managing multiple AWS linked accounts that are reported on a consolidated bill.
Which AWS Support plan includes an AWS concierge whom the company can ask for assistance?
A. AWS Developer Support

B. AWS Enterprise Support
D. AWS Basic Support
Answer: B
Explanation:
AWS Enterprise Support is the AWS Support plan that includes an AWS concierge whom the company can ask for assistance. According to the AWS Support
Plans page, AWS Enterprise Support provides "a dedicated Technical Account Manager (TAM) who provides advocacy and guidance to help plan and build
solutions using best practices, coordinate access to subject matter experts, and proactively keep your AWS environment operationally healthy."2 AWS Business
Support, AWS Developer Support, and AWS Basic Support do not include a TAM or a concierge service.
NEW QUESTION 196

- (Topic 2)
A company has multiple AWS accounts that include compute workloads that cannot be interrupted. The company wants to obtain billing discounts that are based
on the company's use of AWS services.
Which AWS feature or purchasing option will meet these requirements?
A. Resource tagging
B. Consolidated billing
C. Pay-as-you-go pricing
D. Spot Instances
Answer: B
Explanation:
Consolidated billing is an AWS feature that allows users to combine the usage and costs of multiple AWS accounts into a single bill. This enables users to obtain
billing discounts that are based on the company’s use of AWS services, such as volume pricing tiers, Reserved Instance discounts, and Savings Plans
discounts5. Resource tagging is an AWS feature that allows users to assign metadata to AWS resources, such as EC2 instances, S3 buckets, and Lambda
functions. This enables users to organize, track, and manage their AWS resources, such as filtering, grouping, and reporting. Pay-as-you- go pricing is an AWS
pricing model that allows users to pay only for the resources and services they use, without any upfront or long-term commitments. This enables users to lower
their costs by scaling up or down as needed, and avoiding over-provisioning or under-utilization. Spot Instances are spare EC2 instances that are available at up to
90% discount compared to On-Demand prices. They are suitable for workloads that can tolerate interruptions, such as batch processing, data analysis, and
testing. Spot Instances are
allocated based on the current supply and demand, and can be reclaimed by AWS with a two-minute notice when the demand exceeds the supply.
NEW QUESTION 199

- (Topic 2)
A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
A. AWS Config
B. AWS Secrets Manager
C. AWS CloudTrail
D. AWS Trusted Advisor
Answer: A

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and
records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config,
you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall
compliance against the configurations specified in your internal guidelines. This can help you simplify compliance auditing,
security analysis, change management, and operational troubleshooting1.
NEW QUESTION 204

- (Topic 2)
Which AWS services allow users to monitor and retain records of account activities that include governance, compliance, and auditing?
(Select TWO.)
A. Amazon CloudWatch
B. AWS CloudTrail
C. Amazon GuardDuty
D. AWS Shield
E. AWS WAF
Answer: AB
Explanation:
Amazon CloudWatch and AWS CloudTrail are the AWS services that allow users to monitor and retain records of account activities that include governance,
compliance, and auditing. Amazon CloudWatch is a service that collects and tracks metrics, collects and monitors log files, and sets alarms. AWS CloudTrail is a
service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. Amazon GuardDuty, AWS Shield, and AWS WAF are
AWS services that provide security and protection for AWS resources, but they do not monitor and retain records of
account activities. These concepts are explained in the AWS Cloud Practitioner Essentials course3.
NEW QUESTION 205

- (Topic 2)
A company wants its Amazon EC2 instances to share the same geographic area but use redundant underlying power sources.
Which solution will meet these requirements?
A. Use EC2 instances across multiple Availability Zones in the same AWS Region.
B. Use Amazon CloudFront as the database for the EC2 instances.
C. Use EC2 instances in the same edge location and the same Availability Zone.
D. Use EC2 instances in AWS OpsWorks stacks in different AWS Regions.
Answer: A
Explanation:
Using EC2 instances across multiple Availability Zones in the same AWS Region is a solution that meets the requirements of sharing the same geographic area
but using redundant underlying power sources. Availability Zones are isolated locations within an AWS Region that have independent power, cooling, and physical
security. They are connected through low-latency, high-throughput, and highly redundant networking. By launching EC2 instances in different Availability Zones,
users can increase the fault tolerance and availability of their applications. Amazon CloudFront is a content delivery network (CDN) service that speeds up the
delivery of web content and media to end users by caching it at the edge locations closer to them. It is not a database service and cannot be used to store
operational data for EC2 instances. Edge locations are sites that are part of the Amazon CloudFront network and are located in many cities around the world. They
are not the same as Availability Zones and do not provide redundancy for EC2 instances. AWS OpsWorks is a configuration management service that allows users
to automate the deployment and management of applications using Chef or Puppet. It can be used to create stacks that span multiple AWS Regions, but this
would not meet the requirement of sharing the same geographic area.
NEW QUESTION 208

- (Topic 2)
A company does not want to rely on elaborate forecasting to determine its usage of compute resources. Instead, the company wants to pay only for the resources
that it uses. The company also needs the ability to increase or decrease its resource usage to meet business requirements.
Which pillar of the AWS Well-Architected Framework aligns with these requirements?
A. Operational excellence
B. Security
C. Reliability
D. Cost optimization
Answer: D
Explanation:
Cost optimization is the pillar of the AWS Well-Architected Framework that aligns with the requirements of not relying on elaborate forecasting and paying only for
the resources that are used. The cost optimization pillar focuses on the ability of a system to deliver business value at the lowest price point. Cost optimization
involves using the right AWS services and resources for the workload, measuring and monitoring the cost and usage, and continuously improving the cost
efficiency. Cost optimization also leverages the benefits of the AWS Cloud, such as pay-as-you-go pricing, elasticity, and scalability. For more information, see
[Cost Optimization Pillar] and [Cost Optimization].
NEW QUESTION 211

- (Topic 2)
A company has an environment that includes Amazon EC2 instances, Amazon Lightsail, and on-premises servers. The company wants to automate the security
updates for its operating systems and applications.
Which solution will meet these requirements with the LEAST operational effort?
A. Use AWS Shield to identify and manage security events.

B. Connect to each server by using a remote desktop connectio
C. Run an update script.

D. Use the AWS Systems Manager Patch Manager capability.

E. Schedule Amazon GuardDuty to run on a nightly basis.
Answer: C
Explanation:
AWS Systems Manager Patch Manager is a capability that allows users to automate the security updates for their operating systems and applications. It enables
users to scan their instances for missing patches, define patch baselines, schedule patching windows, and monitor patch compliance. It supports Amazon EC2
instances, Amazon Lightsail instances, and on-premises servers. AWS Shield is a service that provides protection against Distributed Denial of Service (DDoS)
attacks for AWS resources and services. It does not automate the security updates for operating systems and applications. Connecting to each server by using a
remote desktop connection and running an update script is a manual and time-consuming solution that requires a lot of operational effort. It is not a recommended
best practice for automating the security updates for operating systems and applications. Amazon GuardDuty is a service that provides intelligent threat detection
and continuous monitoring for AWS accounts and resources. It does not automate the security updates for operating systems and applications.
NEW QUESTION 215

- (Topic 2)
Which AWS service can defend against DDoS attacks?
A. AWS Firewall Manager

B. AWS Shield Standard
C. AWS WAF
D. Amazon Inspector
Answer: B
Explanation:
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It
automatically detects and mitigates the most common and frequently occurring network and transport layer DDoS attacks that target AWS resources, such as
Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS Firewall Manager is a service that
allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced
protections, and Amazon VPC security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as
SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security assessment service that helps improve the security and compliance
of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.
NEW QUESTION 219

- (Topic 2)
Which AWS service provides the SIMPLEST way for the company to establish a website on AWS?
A. Amazon Elastic File System (Amazon EFS)

B. AWS Elastic Beanstalk
C. AWS Lambda
D. Amazon Lightsail
Answer: D
Explanation:
Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan.
Whether you’re new to the cloud or looking to get on the cloud quickly with AWS infrastructure you trust, we’ve got you covered. Lightsail provides the simplest
way for the company to establish a website on AWS.
NEW QUESTION 223

- (Topic 2)
Which credential allows programmatic access to AWS resources for use from the AWS CLI or the AWS API?
A. User name and password

B. Access keys
C. SSH public keys
D. AWS Key Management Service (AWS KMS) keys
Answer: B
Explanation:
Access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you
make to AWS using the AWS CLI or AWS API1. User name and password are credentials that you use to sign in to the AWS Management Console or the AWS
Management Console mobile app2. SSH public keys are credentials that you use to authenticate with EC2 instances that are launched from certain Linux AMIs3.
AWS Key Management Service (AWS KMS) keys are customer master keys (CMKs) that you use to encrypt and decrypt your data and to control access to your
data across AWS services and in your applications4.
NEW QUESTION 227

- (Topic 2)
Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?
A. Security awareness and training

B. Development of an IAM password policy
C. Patching of the guest operating system
D. Physical and environmental controls
Answer: D

Explanation:
Physical and environmental controls are entirely the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility
model defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which
includes the physical and environmental controls of the AWS global infrastructure, such as power, cooling, fire suppression, and physical access. The customer is
responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications. For more information, see
[AWS Shared Responsibility Model] and [AWS Cloud Security].
NEW QUESTION 229

- (Topic 2)
A company needs to host a highly available application in the AWS Cloud. The application runs infrequently for short periods of time.
Which AWS service will meet these requirements with the LEAST amount of operational overhead?
A. Amazon EC2
B. AWS Fargate
C. AWS Lambda
D. Amazon Aurora
Answer: C
Explanation:
The AWS service that will meet the requirements of the company that needs to host a highly available application in the AWS Cloud that runs infrequently for short
periods of time with the least amount of operational overhead is AWS Lambda. AWS Lambda is a serverless compute service that allows customers to run code
without provisioning or managing servers. The company can use AWS Lambda to create and deploy their application as functions that are triggered by events,
such as API calls, messages, or schedules. AWS Lambda automatically scales the compute resources based on the demand, and customers only pay for the
compute time they consume. AWS Lambda also simplifies the management and maintenance of the application, as customers do not need to worry about the
underlying infrastructure, security, or availability. Amazon EC2, AWS Fargate, and Amazon Aurora are not the best services to use for this purpose. Amazon EC2
is a service that provides scalable compute capacity in the cloud, and allows customers to launch and run virtual servers, called instances, with a variety of
operating systems, configurations, and specifications. Amazon EC2 requires customers to provision and manage the instances, and pay for the instance hours
they use, regardless of the application usage. AWS Fargate is a serverless compute engine for containers that allows customers to run containerized applications
without managing servers or clusters. AWS Fargate requires customers to specify the amount of CPU and memory resources for each container, and pay for the
resources they allocate, regardless of the application usage.
Amazon Aurora is a fully managed relational database service that provides high performance, availability, and compatibility. Amazon Aurora is not a compute
service, and it is not suitable for hosting an application that runs infrequently for short periods of time12
NEW QUESTION 231

- (Topic 2)
A company needs to centralize its operational data. The company also needs to automate tasks across all of its Amazon EC2 instances.
Which AWS service can the company use to meet these requirements?

B. AWS Systems Manager
C. AWS CodeDeploy
D. AWS Elastic Beanstalk
Answer: B
Explanation:
AWS Systems Manager is a service that enables users to centralize and automate the management of their AWS resources. It provides a unified user interface to
view operational data, such as inventory, patch compliance, and performance metrics. It also allows users to automate common and repetitive tasks, such as
patching, backup, and configuration management, across all of their Amazon EC2 instances1. AWS Trusted Advisor is a service that provides best practices and
recommendations to optimize the performance, security, and cost of AWS resources2. AWS CodeDeploy is a service that automates the deployment of code and
applications to Amazon EC2 instances or other compute services3. AWS Elastic Beanstalk is a service that simplifies the deployment and management of web
applications using popular platforms, such as Java, PHP, and Node.js4.
NEW QUESTION 234

- (Topic 2)
A company is running an application on AWS. The company wants to identify and prevent the accidental
Which AWS service or feature will meet these requirements?
A. Amazon GuardDuty
B. Network ACL
C. AWS WAF
D. AWS Network Firewall
Answer: A
Explanation:
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts,
workloads, and data stored in Amazon S3. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time
consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you can automate anomaly detection and get
actionable findings to help you protect your AWS resources4.
NEW QUESTION 236

- (Topic 2)
A company needs to design a solution for the efficient use of compute resources for an enterprise workload. The company needs to make informed decisions as its
technology needs evolve.
Which pillar of the AWS Well-Architected Framework do these requirements represent?
A. Operational excellence

B. Performance efficiency
C. Cost optimization
D. Reliability
Answer: B
Explanation:
Performance efficiency is the pillar of the AWS Well-Architected Framework that represents the requirements of designing a solution for the efficient use of
compute resources for an enterprise workload and making informed decisions as the technology needs evolve. It focuses on using the right resources and services
for the workload, monitoring performance, and continuously improving the efficiency of the solution. Operational excellence is the pillar of the AWS Well-
Architected Framework that represents the ability to run and monitor systems to deliver business value and to continually improve supporting processes and
procedures. Cost optimization is the pillar of the AWS Well-Architected Framework that represents the ability to run systems to deliver business value at the lowest
price point. Reliability is the pillar of the AWS Well-Architected Framework that represents the ability of a system to recover from infrastructure or service
disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
NEW QUESTION 241

- (Topic 2)
What is an AWS responsibility under the AWS shared responsibility model?
A. Configure the security group rules that determine which ports are open on an Amazon EC2 Linux instance.
B. Ensure the security of the internal network in the AWS data centers.
C. Patch the guest operating system with the latest security patches on Amazon EC2.
D. Turn on server-side encryption for Amazon S3 buckets.A company wants to deploy its critical application on AWS and maintain high availability.
Answer: B
Explanation:
Under the AWS shared responsibility model, AWS is responsible for ensuring the security of the internal network in the AWS data centers, as well as the physical
security of the hardware and facilities that run AWS services. AWS customers are responsible for configuring the security group rules that determine which ports
are open on an EC2 Linux instance, patching the guest operating system with the latest security patches on EC2, and turning on server-side encryption for S3
buckets. Source: AWS Shared Responsibility Model
NEW QUESTION 246

- (Topic 2)
A user is moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud.
Which type of migration is this?
A. On-premises to cloud native

B. Hybrid to cloud native
C. On-premises to hybrid
D. Cloud native to hybrid
Answer: C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an
example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud
services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local
data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving
a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the
AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on
the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
NEW QUESTION 247

- (Topic 2)
A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances.
Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased.
The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.
Which AWS service or tool should the company use to meet these requirements?
A. AWS Systems Manager

B. Cost Explorer
D. AWS Organizations
Answer: D
Explanation:
AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. With AWS
Organizations, you can apply service control policies (SCPs) across multiple AWS accounts to restrict what services and actions users and roles can access. You
can also use AWS Organizations to enable features such as consolidated billing, AWS Config rules and conformance packs, and AWS CloudFormation StackSets
across multiple accounts3. One of the benefits of using AWS Organizations is that you can share your Reserved Instances (RIs) with all of the accounts in your
organization. This enables you to take advantage of the billing benefits of RIs without having to specify which account will use them4. AWS Systems Manager is a
service that gives you visibility and control of your infrastructure on AWS. Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS
costs and usage over time. AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices.
None of these services or tools can help you manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.
NEW QUESTION 252

- (Topic 2)

A company wants to move its data warehouse application to the AWS Cloud. The company wants to run and scale its analytics services without needing to
provision and manage data warehouse clusters.
Which AWS service will meet these requirements?
A. Amazon Redshift provisioned data warehouse

B. Amazon Redshift Serverless
C. Amazon Athena
D. Amazon S3
Answer: B
Explanation:
Amazon Redshift Serverless is the AWS service that will meet the requirements of the company that wants to move its data warehouse application to the AWS
Cloud and run and scale its analytics services without needing to provision and manage data warehouse clusters. Amazon Redshift Serverless is a new feature of
Amazon Redshift, which is a fully managed data warehouse service that allows customers to run complex queries and analytics on large volumes of structured and
semi-structured data. Amazon Redshift Serverless automatically scales the compute and storage resources based on the workload demand, and customers only
pay for the resources they consume. Amazon Redshift Serverless also simplifies the management and maintenance of the data warehouse, as customers do not
need to worry about choosing the right cluster size, resizing the cluster, or distributing the data across the nodes. Amazon Redshift provisioned data warehouse,
Amazon Athena, and Amazon S3 are not the best services to meet the requirements of the company. Amazon Redshift provisioned data warehouse requires
customers to choose the number and type of nodes for their cluster, and manually resize the cluster if their workload changes. Amazon Athena is a serverless
query service that allows customers to analyze data stored in Amazon S3 using standard SQL, but it is not a data warehouse service that can store and organize
the data. Amazon S3 is a scalable object storage service that can store any amount and type of data, but it is not a data warehouse service that can run complex
queries and analytics on the data.
NEW QUESTION 255

- (Topic 2)
A developer wants to use an Amazon S3 bucket to store application logs that contain sensitive data.
Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?
A. Security groups
B. Amazon CloudWatch
C. AWS CloudTrail
D. ACLs
Answer: D
Explanation:
ACLs are an AWS service or feature that the developer can use to restrict read and write access to the S3 bucket. ACLs are access control lists that grant basic
permissions to other AWS accounts or predefined groups. They can be used to grant read or write access to an S3 bucket or an object3. Security groups are
virtual firewalls that control the inbound and outbound traffic for Amazon EC2 instances. They are not a service or feature that can be used to restrict access to an
S3 bucket. Amazon CloudWatch is a service that provides monitoring and observability for AWS resources and applications. It can be used to collect and analyze
metrics, logs, events, and alarms. It is not a service or feature that can be used to restrict access to an S3 bucket. AWS CloudTrail is a service that provides
governance, compliance, and audit for AWS accounts and resources. It can be used to track and record the API calls and user activity in AWS. It is not a service or
feature that can be used to restrict access to an S3 bucket.
NEW QUESTION 260

- (Topic 2)
A company is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads.
Which AWS tool will meet these requirements?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Pricing Calculator
D. AWS Cost and Usage Report
Answer: C
Explanation:
The AWS tool that will meet the requirements of the company that is planning a migration to the AWS Cloud and wants to examine the costs that are associated
with different workloads is AWS Pricing Calculator. AWS Pricing Calculator is a tool that helps customers estimate the cost of using AWS services based on their
requirements and preferences. The company can use AWS Pricing Calculator to compare the costs of different AWS services and configurations, such as Amazon
EC2, Amazon S3, Amazon RDS, and more. AWS Pricing Calculator also provides detailed breakdowns of the cost components, such as compute, storage,
network, and data transfer. AWS Pricing Calculator helps customers plan and optimize their cloud budget and migration strategy. AWS Budgets, AWS Cost
Explorer, and AWS Cost and Usage Report are not the best tools to use for this purpose. AWS Budgets is a tool that helps customers monitor and manage their
AWS spending and usage against predefined budget limits and thresholds. AWS Cost Explorer is a tool that helps customers analyze and visualize their AWS
spending and usage trends over time. AWS Cost and Usage Report is a tool that helps customers access comprehensive and granular information about their
AWS costs and usage in a CSV or Parquet file. These tools are more useful for tracking and optimizing the existing AWS costs and usage, rather than estimating
the costs of different workloads34
NEW QUESTION 263

- (Topic 2)
Which AWS service or feature can be used to control inbound and outbound traffic on an Amazon EC2 instance?
A. Internet gateways
B. AWS Identity and Access Management (IAM)
C. Network ACLs
D. Security groups
Answer: D

Explanation:
D is correct because security groups are the AWS service or feature that can be used to control inbound and outbound traffic on an Amazon EC2 instance.
Security groups act as a virtual firewall for the EC2 instance, allowing users to specify which protocols, ports, and source or destination IP addresses are allowed
or denied. A is incorrect because internet gateways are the AWS service or feature that enable communication between instances in a VPC and the internet. They
do not control the traffic on an EC2 instance. B is incorrect because AWS Identity and Access Management (IAM) is the AWS service or feature that enables users
to manage access to AWS services and resources securely. It does not control the traffic on an EC2 instance. C is incorrect because network ACLs are the AWS
service or feature that provide an optional layer of security for the VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They do not
control the traffic on an EC2 instance.
NEW QUESTION 265

- (Topic 2)
A company is running an order processing system on Amazon EC2 instances. The company wants to migrate microservices-based application.
Which combination of AWS services can the application use to meet these requirements? (Select TWO.)
A. Amazon Simple Queue Service (Amazon SQS)

B. AWS Lambda
C. AWS Migration Hub
D. AWS AppSync
E. AWS Application Migration Service
Answer: AB
Explanation:
The combination of AWS services that the application can use to migrate to a microservices-based application are Amazon Simple Queue Service (Amazon SQS)
and AWS Lambda. Amazon SQS is a fully managed message queuing service that enables customers to decouple and scale microservices, distributed systems,
and serverless applications. The application can use Amazon SQS to send, store, and receive messages between the microservices, ensuring that each message
is processed only once and in the right order. AWS Lambda is a serverless compute service that allows customers to run code without provisioning or managing
servers. The application can use AWS Lambda to create and deploy microservices as functions that are triggered by events, such as messages from Amazon
SQS. AWS Migration Hub, AWS AppSync, and AWS Application Migration Service are not the best services to use for migrating to a microservices-based
application. AWS Migration Hub is a service that provides a single location to track the progress of application migrations across multiple AWS and partner
solutions. AWS AppSync is a service that simplifies the development of GraphQL APIs for real-time and offline data synchronization. AWS Application Migration
Service is a service that enables customers to migrate their on-premises applications to AWS without making any changes to the applications, servers, or
databases.
NEW QUESTION 267

- (Topic 2)
Which task can a company perform by using security groups in the AWS Cloud?
A. Allow access to an Amazon EC2 instance through only a specific port.

B. Deny access to malicious IP addresses at a subnet level.
C. Protect data that is cached by Amazon CloudFront.
D. Apply a stateless firewall to an Amazon EC2 instance.
Answer: A
Explanation:
Security groups are virtual firewalls that control the inbound and outbound traffic for Amazon EC2 instances. They can be used to allow access to an Amazon EC2
instance through only a specific port, such as port 22 for SSH or port 80 for HTTP. Security groups cannot deny access to malicious IP addresses at a subnet
level, as they only allow or deny traffic based on the rules defined by the customer. To block malicious IP addresses, customers can use network ACLs, which are
stateless firewalls that can be applied to subnets. Security groups cannot protect data that is cached by Amazon CloudFront, as they only apply to EC2 instances.
To protect data that is cached by Amazon CloudFront, customers can use encryption, signed URLs, or signed cookies. Security groups are not stateless firewalls,
as they track the state of the traffic and automatically allow the response traffic to flow back to the source. Stateless firewalls do not track the state of the traffic and
require rules for both inbound and outbound traffic.
NEW QUESTION 270

- (Topic 2)
Which of the following is the customer's responsibility, according to the AWS shared responsibility model?
A. Identity and access management

B. Hard drive initialization
C. Protection of data center hardware
D. Security of Availability Zones
Answer: A
Explanation:
Identity and access management is the customer’s responsibility, according to the AWS shared responsibility model. This means that the customer is responsible
for managing user access to the AWS resources, using tools such as AWS Identity and Access Management (IAM), AWS Single Sign-On (SSO), and AWS
Organizations. The customer is also responsible for securing their data in transit and at rest, using encryption, key management, and other methods. Hard drive
initialization, protection of data center hardware, and security of Availability Zones are AWS’s responsibility, as they are part of the infrastructure, physical security,
and network security that AWS provides to the customer12
NEW QUESTION 273

- (Topic 2)
A company wants guidance to optimize the cost and performance of its current AWS environment.
Which AWS service or tool should the company use to identify areas for optimization?
A. Amazon QuickSight
B. AWS Trusted Advisor

C. AWS Organizations
D. AWS Budgets
Answer: B
Explanation:
AWS Trusted Advisor is the AWS service or tool that the company should use to identify areas for optimization. According to the AWS Trusted Advisor User
Guide, “AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. AWS
Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits.” Amazon
QuickSight, AWS Organizations, and AWS Budgets are not designed to provide optimization recommendations for the current AWS environment.
NEW QUESTION 277

- (Topic 2)
Which AWS service or tool should a company use to forecast AWS spending?
A. Amazon DevPay
D. Cost Explorer
Answer: D
Explanation:
Cost Explorer is an AWS service or tool that can be used to forecast AWS spending. It allows users to analyze their AWS costs and usage using interactive
graphs and tables. It also provides features such as filtering, grouping, and forecasting to help users plan their future spending. Amazon DevPay is an AWS
service that allows developers to sell applications that are built on AWS services. It handles the billing and metering for the customers of the applications and
collects payments from them. It is not a tool for forecasting AWS spending. AWS Organizations is an AWS service that allows users to centrally manage and
govern their AWS accounts. It provides features such as creating groups of accounts, applying policies, and automating account creation. It is not a tool for
forecasting AWS spending. AWS Trusted Advisor is an AWS service that provides best practices and recommendations to optimize the performance, security, and
cost of AWS resources. It can help users identify opportunities to reduce their AWS costs, but it is not a tool for forecasting AWS spending
NEW QUESTION 282

- (Topic 2)
Which group shares responsibility with AWS for security and compliance of AWS accounts and resources?
A. Third-party vendors
B. Customers
C. Reseller partners
D. Internet providers
Answer: B
Explanation:
Customers share responsibility with AWS for security and compliance of AWS accounts and resources. This is part of the AWS shared responsibility model, which
defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which
includes the physical and environmental controls of the AWS global infrastructure, such as power, cooling, fire suppression, and physical access. The customer is
responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications, such as identity and access
management, encryption, firewall, and backup.
For more information, see AWS Shared Responsibility Model and AWS Cloud Security.
NEW QUESTION 287

......

Relate Links
100% Pass Your AWS-Certified-Cloud-Practitioner Exam with Exambible Prep Materials
https://www.exambible.com/AWS-Certified-Cloud-Practitioner-exam/
Contact us
We are proud of our high-quality customer service, which serves you around the clock 24/7.
Viste - https://www.exambible.com/

Powered by TCPDF (www.tcpdf.org)

aws-certified-cloud-practitioner_6

Uploaded by

Copyright:

Available Formats

aws-certified-cloud-practitioner_6

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

aws-certified-cloud-practitioner_6

Uploaded by

Copyright:

Available Formats

We recommend you to try the PREMIUM AWS-Certified-Cloud-Practitioner Dumps From Exambible

https://www.exambible.com/AWS-Certified-Cloud-Practitioner-exam/ (370 Q&As)

Your Partner of IT Exam visit - https://www.exambible.com

Your Partner of IT Exam

Your Partner of IT Exam visit - https://www.exambible.com

A. Amazon Elastic Container Service (Amazon ECS)

Your Partner of IT Exam visit - https://www.exambible.com

A. Edge locations contain multiple AWS Regions.

Your Partner of IT Exam visit - https://www.exambible.com

A. AWS Basic Support

A. AWS Auto Scaling

Your Partner of IT Exam visit - https://www.exambible.com

A. AWS Trusted Advisor

A. An open-source Docker orchestrator on Amazon EC2 instances

Your Partner of IT Exam visit - https://www.exambible.com

A. Scaling the web application and services developed with Docker

A. AWS Identity and Access Management (IAM)

A. Amazon Cloud Directory

Your Partner of IT Exam visit - https://www.exambible.com

A. Network infrastructure and virtualization of infrastructure

A. Provision the underlying infrastructure.

A. The deletion of IAM users

Your Partner of IT Exam visit - https://www.exambible.com

A. Ensuring network connectivity from AWS to the internet

A. AWS Basic Support

Your Partner of IT Exam visit - https://www.exambible.com

A. AWS Pricing Calculator

Your Partner of IT Exam visit - https://www.exambible.com

A. AWS Storage Gateway

A. Management of the guest operating systems

A. AWS Identity and Access Management (IAM)

Your Partner of IT Exam visit - https://www.exambible.com

A. EC2 includes operating system patch management

Your Partner of IT Exam visit - https://www.exambible.com

A. AWS Cost and Usage Report

NEW QUESTION 100

A. VPC Reachability Analyzer

NEW QUESTION 103

A. Physical security of AWS facilities

NEW QUESTION 108

A. AWS Trusted Advisor

Your Partner of IT Exam visit - https://www.exambible.com

NEW QUESTION 111

NEW QUESTION 113

NEW QUESTION 117

NEW QUESTION 119

NEW QUESTION 120

Your Partner of IT Exam visit - https://www.exambible.com

A. AWS Device Farm

NEW QUESTION 124

A. Elastic Load Balancing

NEW QUESTION 129

A. Elimination of expenses for running and maintaining data centers

NEW QUESTION 133

NEW QUESTION 135

Your Partner of IT Exam visit - https://www.exambible.com

NEW QUESTION 139

NEW QUESTION 143

A. Users can trade fixed expenses for variable expenses.

NEW QUESTION 146