A. Amazon Redshift
B. Amazon RDS
C. Amazon S3
D. Amazon S3 Glacier
Correct Answer:B
A. Amazon Aurora
B. Amazon S3
C. Amazon DynamoDB
D. Amazon Redshift
Correct Answer:A
A. AWS Trusted Advisor
B. AWS Resource Access Manager
C. AWS Config
D. AWS Systems Manager
Correct Answer: C
A. AWS WAF
B. AWS Shield
C. Amazon Inspector
D. Amazon GuardDuty
Correct Answer: D
A. Amazon GuardDuty
B. AWS CloudTrail
C. AWS Trusted Advisor
D. Amazon CloudWatch
Correct Answer: B
A. A technical expert dedicated to the user
B. A partner to help provide scaling guidance for an event launch
C. A primary point of contact for AWS Billing and AWS Support
D. A dedicated AWS staff member who reviews the user’s application architecture
Correct Answer:C
A. AWS Cloud Formation
B. AWS Systems Manager
C. AWS Batch
D. AWS Config
Correct Answer:A
A. AWS Marketplace
B. Amazon Inspector
C. AWS Support
D. AWS Artefact
Correct Answer:D
A. Groups can be nested and can contain other groups.
B. A user can only be a member of a single group at one time.
C. All new users are automatically added to a default group.
D. A user can be a member of multiple groups.
E. Groups can contain users only and cannot be nested.
Correct Answer:DE
A. Cost Explorer
B. AWS Cost and Usage Report
C. AWS Budgets
D. Reserved Instance reporting
Correct Answer: C
A. AWS CodeCommit
B. AWS CodeBuild
C. AWS CodePipeline
D. AWS CodeStar
Correct Answer:A
A. AWS Step Functions
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Streams
Correct Answer:C
A. Security of application data
B. Network infrastructure and virtualization of infrastructure
C. Physical security of hardware
D. Guest operating systems
E. Credentials and policies
Correct Answer:BC
Toggle Cont
A. AWS Personal Health Dashboard
B. AWS Config
C. AWS Systems Manager
D. AWS Trusted Advisor
Correct Answer: A
Â
A. Amazon DynamoDB
B. Amazon EC2
C. Amazon Redshift
D. Amazon RDS
Correct Answer:D
A. AWS Accounts
B. Availability Zones
C. AWS Regions
D. Edge locations
Correct Answer: C
A. Amazon CloudFront
B. AWS Snowball Edge
C. Lambda@Edge
D. AWS Lambda
Correct Answer:B
A. Amazon ElastiCache
B. AWS CloudTrail
C. AWS CloudFormation
D. AWS Systems Manager
Correct Answer: C
A. AWS Direct Connect
B. AWS Snowball
C. AWS Storage Gateway
D. Amazon S3 Transfer Acceleration
Correct Answer:B
A. Place the EC2 instances in two separate Availability Zones within the same AWS Region.
B. Place the EC2 instances in two separate AWS Regions connected with a VPC peering connection.
C. Place one EC2 instance on premises and the other in an AWS Region Then connect them by using an AWS VPN connection.
D. Place both EC2 instances in a placement group for dedicated bandwidth.
Correct Answer:A
A. Security groups
B AWS Identity and Access Management (1AM)
C. Network ACLs
D. AWS WAF
Correct Answer:C
A. Amazon Aurora
B. Amazon Neptune
C. Amazon FSx
D. Amazon DynamoDB
Correct Answer: B
A. Amazon S3 Glacier
B. AWS Backup
C. Amazon Elastic File System (Amazon EFS)
D. AWS Storage Gateway
Correct Answer:D
A. Amazon DynamoDB
B. AWS Snowball
C. Amazon S3
D. Amazon Elastic Block Store (Amazon EBS)
Correct Answer:C
A. Amazon CloudFront
B. AWS Global Accelerator
C. Amazon VPC
D. Elastic Load Balancer
E. AWS Direct Connect
Correct Answer:AB
Correct Answer:C
A. Use root user credentials to access sensitive information stored on AWS.
B. Delete all root user access keys, if possible.
C. Allow the system administrator group to use the root user credentials for daily access.
D. Use root user credentials to access production database instances.
Correct Answer: B
A. Physical access to a data centre
B. Decommissioning of storage devices
C. Rotation of 1AM access keys
D. Patching of Amazon RDS instances
E. Encryption of Amazon Elastic Block Store (Amazon EBS) volumes
Correct Answer:AB
A. Amazon Macie
B. AWS Certificate Manager
C. AWS Secrets Manager
D. AWS Key Management Service (AWS KMS)
E. AWS CloudHSM
Correct Answer: DE
A. Amazon Macie
B. Amazon GuardDuty
C. Amazon Inspector
D. AWS Shield
Correct Answer:A
A. EC2 Dedicated Instances
B. EC2 Spot Instances
C. EC2 On-Demand Instances
D. EC2 Reserved Instances
Correct Answer:D
A. AWS CloudTrail
B. Amazon CloudWatch
C. AWS Personal Health Dashboard
D. AWS Trusted Advisor
Correct Answer:B
A. Backing up databases
B. Installing operating systems
C. Configuring operating system firewalls
D. Setting up access controls for data
E. Configuring database user accounts
Correct Answer:AB
A. Data centre overhead
B. Currency fluctuations
C. Data security model
D. Network port utilisation
Correct Answer:A
A. Cost Explorer
B. AWS Organizations
C. AWS Budgets
D. AWS Cost and Usage Report
Correct Answer:B
A. Patching the operating system on Amazon EC2 instances
B. Securing the virtualization layer
C. Patching the operating system on Amazon RDS instances
D. Enforcing a strict password policy for 1AM users
E. Configuring security groups and network ACLs
Correct Answer:BC
A. Run MySQL on Amazon Elastic Container Service (Amazon ECS).
B. Choose Amazon RDS for MySQL.
C. Run MySQL on Amazon EC2.
D. Choose Amazon ElastiCache for Redis.
Correct Answer:B
A. AWS Artefact
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor
D. Amazon S3
Correct Answer:A
A. AWS will refund the cost difference if a customer moves to larger servers.
B. Spot instances will automatically be used if the price is lower than on-demand instances.
C. Amazon CloudWatch will automatically predict what resources are needed.
D. The application can be built to scale up or down automatically as resources are needed
Correct Answer:D
A. Regions
B. Availability Zones
C. Tags
D. Resource groups
Correct Answer:A
A. On-Demand Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Spot Instances
Correct Answer: C
A. In an AWS Lambda function
B. On an Amazon EC2 Memory Optimised Reserved Instance
C. On an Amazon EC2 Compute Optimised Reserved Instance
D. On an Amazon EC2 Compute Optimised Spot Instance
Correct Answer:A
A. NAT gateway
B. Amazon VPC
C. AWS Direct Connect
D. Internet gateway
Correct Answer:C
A. physical access to the AWS network.
B. data encryption in Amazon S3.
C. the patching of the host operating system.
D. the operating system for Amazon DynamoDB
Correct Answer: B
A. Amazon SageMaker
B. Amazon Comprehend
C. AWS Deep Learning AMIs (DLAMI)
D. Amazon Rekognition
Correct Answer:B
A. Design using a serverless architecture.
B. Design AWS Auto Scaling into every application.
C. Assume that all components within an application can fail.
D. Design all components using open-source code
Correct Answer:C
A. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group.
B Use Amazon EC2 to see if the security group was changed.
C. Use AWS CloudTrail to see if the security group was changed.
D. Use Amazon CloudWatch to see if the security group was changed.
Correct Answer:A
A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon S3
C. Amazon Simple Email Service (Amazon SES)
D. Amazon Simple Queue Service (Amazon SQS)
Correct Answer:D
A. Delete all root user access keys, if possible.
B. Allow the system administrator group to use the root user credentials for daily access.
C. Use root user credentials to access sensitive information stored on AWS.
D. Use root user credentials to access production database instances.
Correct Answer: C
A. Amazon GuardDuty
B. AWS CloudTrail
C. Amazon Inspector
D. AWS Trusted Advisor
Correct Answer:A
A. Contact an AWS Account Manager to sign a new contract
B. Begin deploying resources in the second Region
C. Move an Availability Zone to the new Region
D. Download the AWS Management Console for the new Region
Correct Answer:B
A. Right-size the Amazon EC2 instances to prevent over-provisioning in terms of compute and memory.
B. Rewrite the legacy applications in an open-source language, such as Python.
C. Migrate relational databases to Amazon DynamoDB
D. Reserve a data centre facility with an upfront payment, which provides an additional discount
Correct Answer:A
A. Patching guest OS and applications
B. Physical and environmental controls
C. Patching and fixing flaws in the infrastructure
D. Configuration of AWS infrastructure devices
Correct Answer:C
A. AWS Trusted Advisor
B. AWS Personal Health Dashboard
C. Amazon Inspector
D. Amazon GuardDuty
Correct Answer:D
A. AWS Trusted Advisor
B. Amazon Inspector
C. Amazon CloudWatch
D. AWS CloudTrail
Correct Answer:A
A. Create an AWS IAM account with billing access and use the AWS CLI to view EC2 instance use statistics.
B. Enable billing alerts through Amazon CloudWatch
C. Have each department tag their resources, then run a cost allocation report.
D. Configure three VPCs. allocating one tor each department
Correct Answer:C
A. Amazon Inspector
B. Amazon CloudWatch
C. AWS CloudTrail
D. AWS Config
Correct Answer:B
A company is designing a new stateful application to run on AWS. Which design patterns will help reduce risk? (Select TWO.)
A. Consume compute resources using Amazon EC2 Spot instance types.
B. Consolidate application resources into one or two large instance types to minimise the number of components to be managed.
C. Build a microservices-based architecture to break out application services into containers for the application tierB. Use Amazon S3 with a bucket policy that ensures the least restrictive access to the data.
D. Separate the database tier from the application tier using Amazon RDS.
.Correct Answer:BC
A. Microsoft SOL Server
B. Oracle
C. MahaDB
D. MySQL
E. PostgreSQL
Correct Answer:DE
A. Network access control list
B. AWS Trusted Advisor
C. Security groups
D. Virtual private gateways
Correct Answer:C
A. AWS Direct Connect
B. Internal gateway
C. VPC peering
D. NAT gateway
Correct Answer:B
A. The customer is responsible for rotating keys.
B. IAM access and secret keys are static, so there is no need to rotate them
C. AWS will rotate the keys whenever required.
D. The AWS Support team will rotate keys when requested by the customer.
Correct Answer:A
A. AWS Security Token Service (AWS STS)
B. Amazon EMR
C. Amazon Macie
D. AWS Key Management Service (AWS KMS)
Correct Answer:D
A. Guest operating system firewall configuration
B. Hypervisor-level software patching
C. Underlying hardware maintenance
D. File-system-level encryption
E. Physical security at data centre facilities
Correct Answer:AB
A. Cost Allocation Tags
B. AWS Price List API
C. AWS Trusted Advisor
D. AWS Organizations
Correct Answer:C
A. AWS Security Hub
B. AWS Service Catalog
C. AWS Artefact
D. AWS Support Center
Correct Answer:A
A. Contact an AWS technical account manager and request access to the next scheduled facility tour.
B. Access the AWS Artefact portal and download the required reports to provide to the auditor.
C. Create a support case using the AWS account root user credentials requesting that a concierge accompany the auditor to the facility.
D. Access the AWS Artefact portal and create an access URL for the auditor to download the required reports,
Correct Answer:C
A. AWS Artefact
B. AWS Systems Manager
C. AWS Secrets Manager
D. AWS Certificate Manager
Correct Answer:D
A. Using an AWS Organizations service control policy (SCP)
B. Using an AWS IAM user policy
C. Using an AWS IAM account password policy
D. Using an AWS Security Hub managed insight
Correct Answer:A
A. AWSCloudHSM
B. AWS Secret Manager
C. AWS Key Management Service (AWS KMS)
D. Server-side encryption
Correct Answer:B
A. AWS Direct Connect
B. AWS Support Center
C. Amazon Connect
D. AWS Managed Services
Correct Answer:C
A. IAM
B. Guest operating system
C. Network rules
D. Host platform
E. Physical infrastructure
Correct Answer: AB
A. AWS Config
B. AWS OpsWorks
C. Amazon Kinesis
D. AWS Elastic Beanstalk
E. AWS Application Discovery Service
Correct Answer:DE
A. TCO Calculator
B. AWS Budgets
C. Cost Explorer
D. Simple Monthly Calculator
Correct Answer:C
A. VPN connection
B. NAT gateway
C. VPC endpoint
D. Internet gateway
Correct Answer:A
A. Spot Instance
B. Partial Upfront Reserved Instance
C. On-Demand Instance
D. No Upfront Reserved Instance
Correct Answer: B
A. Add an Application Load Balancer in front of the EC2 instance
B. Configure EC2 Auto Recovery to move the instance to another Availability Zone
C. Enable termination protection for the EC2 instance to avoid outages
D. Migrate to Amazon RDS and enable Multi-AZ
Correct Answer:D
A. Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer
B. Use any AWS service and implement PCI controls at the application layer
C. Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to enable PCI compliance at the application layer
D. Use any AWS service and raise an AWS support ticket to enable PCI compliance on that service
Correct Answer:A
A. Create a VPN tunnel
B. Connect across the public internet
C. Use AWS Direct Connect
D. Use VPC peering to create a connection
Correct Answer:C
A. A minimal additional tee for use
B. Instalment payment options
C. Custom cost usage and budget creation
D. Volume discounts
E. One bill for multiple accounts
Correct Answer:DE
A. Elasticity
B. AWS service quotas
C. Global footprint
D. AWS shared responsibility model
E. Pay-as-you-go pricing
Correct Answer:AB
A. AWS Config
B. AWS Service Catalog
C. Service Quotas
D. AWS Budgets
Correct Answer:C
A. Amazon S3
B. Amazon EC2
C. AWS lambda
D. Amazon Elastic Block Store (Amazon EBS)
E. Amazon Cognito
Correct Answer:BC
A. Security groups
B. AWS Shield
C. AWS WAF
D. Network ACLs
Correct Answer:B
A. Deactivate the user’s API key in AWS Identity and Access Management (IAM)
B. Email the user to inform them of their mistake
C. Create a new API key for the user in AWS Identity and Access Management (1AM).
D. Review the API activity of the key in AWS CloudTrail.
Correct Answer:A
A. AWSCIoud9
B. AWS CodeStar
C. AWSX-Ray
D. AWS Cloud Map
Correct Answer:C
A. Example Corp. must submit a request to its AWS solutions architect or AWS technical account manager to link the accounts and consolidated billing
B. Migrate the Example Corp VPCs, Amazon EC2 instances, and other resources into the AnyCompany AWS account
C. AnyCompany must create a new support case in the AWS Support Center requesting that both bills be combined
C. Send an invitation to join the organisation from AnyCompany’s AWS Organizations master account to Example Corp
Correct Answer: B
A. Amazon Transcribe
B. Amazon Rekognition
C. Amazon Lex
D. Amazon Polly
Correct Answer:D
A. Patching the operating system of underlying hardware
B. Replacing failed DB instances
C. Controlling traffic to and from the database through security groups
D Running backups that enable point-in-time recovery of a DB instance
Correct Answer:B
A. Amazon Simple Queue Service (Amazon SQS)
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon Simple Email Service (Amazon SES)
D. Amazon CloudWatch alerts
Correct Answer:A
A. Amazon EC2
B. AWS CodeDeploy
C. AWS Lambda
D. AWS Wavelength
Correct Answer:C
A. Amazon GuardDuty
B. AWS Key Management Service (AWS KMS)
C. AWS Shield
D. AWS Certificate Manager (ACM)
E. AWS Secrets Manager
Correct Answer:BD
A. Amazon CloudFront
B. Amazon Route 53
C. Amazon GuardDuty
D. AWS Trusted Advisor
Correct Answer: B
A. Spot Instances
B. Reserved Instances
C. On-Demand Instances
D. Dedicated Instances
Correct Answer:A
A. Amazon GuardDuty
B. AWS Trusted Advisor
C. AWS WAF
D. Amazon Inspector
Correct Answer: C
A On-Demand Instances
B. Spot instances
C. Reserved instances
D. Dedicated Hosts
Correct Answer:A
A. Amazon API Gateway
B. AWSLambda
C. AWS Elastic Beanstalk
D. AWSConfig
Correct Answer:C
A. Security groups
B. Network ACLs
C. IAM policy
D. AWS WAF
Correct Answer:D
A. Testing recovery procedures
B. Automatically recovering from failure
C. Using monolithic architecture
D. Measuring overall efficiency
E. Adopting a consumption model
Correct Answer:AB
A. how well and how quickly an application’s environment can have lost data restored
B. the ability of an application to accommodate growth without changing design
C. how secure your application is
D. the built-in redundancy of an applications components
Correct Answer:A
A. AWS Control Tower
B. AWS shared responsibility model
C. AWS Security Hub
D. AWS Well-Architected Tool
Correct Answer:B
A. Store the content on Amazon S3 and enable S3 cross-region replication
B. Implement a VPN across multiple AWS Regions.
C. Deliver the content through Amazon CloudFront
D. Deliver the content through AWS PrivateLink.
Correct Answer: C
A. Deploy multiple instances of the application in a single Availability Zone
B. Deploy multiple instances of the application in multiple Availability Zones.
C. Deploy the application to a compute-optimised Amazon EC2 instance in a single Availability Zone.
D. Deploy the application in one Amazon EC2 instance in an Auto Scaling group
Correct Answer: B
A. Core checks
B. All checks
C. Fault tolerance checks
D. Cost optimization checks
Correct Answer:D
A. require multi-factor authentication (MFA) for all 1AM users
D. requires each 1AM user who has different permissions to have multiple passwords.
C. apply an 1AM policy to an IAN1 group and limit the size of the group.
D. apply an 1AM policy only to IAM users who require it
Correct Answer:C
A. AWS CloudFormation
B. Amazon EC2
C. AWS Elastic Beanstalk
D. AWS OpsWorks
Correct Answer:C
A. S3 Standard
B. S3 Standard-Infrequent Access (S3 Standard-IA)
C. S3 One Zone-Infrequent Access (S3 One Zone-IA)
D. S3 Glacier
Correct Answer:B
A. AWS Artefact
B. AWS Secrets Manager
C. AWS Security Hub
D. AWS Certificate Manager
Correct Answer:A
A. Maintaining server and operating systems
B. Creating versions of Lambda functions
C. Scaling Lambda resources according to demand
D. Updating the Lambda runtime environment
Correct Answer:B
A. VPCs
B. Dark fibre network links
C. Data centres
D. Edge locations
Correct Answer:C
A. Amazon DynamoDB
B. Amazon DocumentDB (with MongoDB compatibility)
C. Amazon Redshift
D. Amazon Aurora
E. Amazon S3
Correct Answer:AB
A. AWS Budgets
B. Cost Explorer
C. AWS Cost and Usage Report
D. AWS CloudTrail
Correct Answer:A
A. Availability Zones can span multiple AWS Regions.
B. AWS Regions consist of multiple Availability Zones.
C. A VPC can have different subnets in different AWS Regions.
D. A single subnet can span multiple Availability Zones.
Correct Answer:B
A. Create an 1AM user account for the auditor, granting the auditor administrator permissions
B. Take a screenshot of each user’s page in the AWS Management Console, then provide the screenshots to the auditor
C. Download the AWS Trusted Advisor report, then provide the report to the auditor
D. Download the 1AM credential report then provide the report to the auditor.
Correct Answer:D
A. Hard code an 1AM user’s secret key and access key directly in the application, and upload the file.
B. Store the 1AM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the tile.
C. Modify the S3 bucket policy so that any service can upload to it at any time
D. Have the EC2 instance assume a role to obtain the privileges to upload the file.
Correct Answer:D
A. AWS Trusted Advisor
B. AWS Personal Health Dashboard
C. Billing Dashboard
D. AWS Config
Correct Answer:A
A. right-sizing AWS infrastructure.
B. leveraging AWS managed services.
C. manually creating all necessary resources.
D. managing their own software licences.
Correct Answer:B
A. Cost Explorer
B. AWS CloudTrail
C. AWS Budgets
D. Amazon Made
Correct Answer: C
A. Amazon CloudWatch
B. Amazon Inspector
C. AWS 1AM
D. AWS CloudTrail
Correct Answer:D
A. Reserved Instances
B Dedicated Hosts
C. On-Demand Instances
D. Spot instances
Correct Answer:A
A. Security groups
B. Network ACl
C. AWS WAF
D. Amazon GuardDuty
Correct Answer:B
A. Contact AWS Support.
B. Download reports from AWS Security Hub
C. Download reports from AWS Artefact.
D. Contact an AWS technical account manager (TAM)
Correct Answer:C
A. Amazon S3 Glacier
B. Amazon DynamoDB
C. Amazon Connect
D. Amazon ElastiCache
Correct Answer:A
A. Amazon Kinesis
B. Amazon CloudWatch
C. Amazon QuickSight
D. AWS X Ray
Correct Answer:C
A. Amazon CloudFront
B. AWS Support Center
C. AWS Service Health Dashboard
D. AWS Shield
E. AWS CloudTrail
Correct Answer:DE
A. AWS Config
B. Amazon GuardDuty
C. AWS Artefact
D. AWS Trusted Advisor
Correct Answer:C