AWS Cloud Final Updated Questions

Amazon
(AWS Certified Cloud Practitioner CLF-C02)
AWS Certified Cloud Practitioner CLF-C02

Total: 377 Questions
Link: https://certyiq.com/papers?provider=amazon&exam=aws-certified-cloud-practitioner-clf-
c02
Question: 1
A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?
Use of the Snowball Edge appliance for a 10-day period

The transfer of data out of Amazon S3 and to the Snowball Edge appliance
The transfer of data from the Snowball Edge appliance into Amazon S3
Answer: C
Explanation:
The transfer of data from the Snowball Edge appliance into Amazon S3.
Question: 2 CertyIQ
A company has deployed applications on Amazon EC2 instances. The company needs to assess application
vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?
A.AWS Trusted Advisor

B.Amazon Inspector
C.AWS Config
D.Amazon GuardDuty
Answer: B
Explanation:
Answer B: Amazon Inspector is an automated vulnerability management service that helps improve the
security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses
applications for exposure, vulnerabilities, and deviations from best practices. After performing an
assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
Reference:
https://aws.amazon.com/inspector/Software Vulnerability / Application Vulnerability
Question: 3
A company has a centralized group of users with large file storage requirements that have exceeded the space
available on premises. The company wants to extend its file storage capabilities for this group while retaining the
What is the MOST operationally efficient AWS solution for this scenario?
Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file
Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS
volume. Share the EBS volume directly with the users.
Answer: B
Explanation:
B is correct AWS Storage Gateway: Connect [on premises] with [AWS S3]file gateway: one of the AWS
Storage Gateway's interface.
Question: 4 CertyIQ
According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3
bucket?
A.Hard code an IAM user’s secret key and access key directly in the application, and upload the file.
B.Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload
the file.
C.Have the EC2 instance assume a role to obtain the privileges to upload the file.
D.Modify the S3 bucket policy so that any service can upload to it at any time.
Answer: C
Explanation:
Have the EC2 instance assume a role to obtain the privileges to upload the file.
Reference:
https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket#
Question: 5 CertyIQ
Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility
Model?
A.Physical security of DynamoDB

B.Patching of DynamoDB
C.Access to DynamoDB tables
D.Encryption of data at rest in DynamoDB
Answer: C
Explanation:
C. Access to DynamoDB tables Under the AWS Shared Responsibility Model, controlling and managing access
to AWS services, including Amazon DynamoDB tables, is a customer responsibility. While AWS takes care of
the physical infrastructure, patching, and encryption of data at rest in DynamoDB, customers are responsible
for setting up proper access controls, authentication, and authorization to protect their data and resources.
Question: 6
Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS
CAF)?
B.Performance efficiency
Answer: C
Explanation:
Question: 7
Which AWS service meets these requirements?
A.AWS Lambda
B.Amazon RDS
C.AWS Fargate
D.Amazon Athena
Answer: C
Explanation:
Question: 8
A company wants to run a NoSQL database on Amazon EC2 instances.
Update the guest operating system of the EC2 instances.

Maintain high availability at the database layer.
Patch the physical infrastructure that hosts the EC2 instances.
Answer: C
Explanation:
A is incorrect because when we set up an instance of ec2 we choose the operating system. B is incorrect
because we are configuring and running the database on the ec2 instances so that would be our
responsibility. D is incorrect because the firewall rules are our job. C is correct because the physical
infrastructure where the ec2 instances run is amazon's responsibility.
Question: 9
B.AWS Billing Conductor

C.Amazon CodeGuru
E.AWS Compute Optimizer
Answer: AE
Explanation:
E.AWS Compute Optimizer.
https://docs.aws.amazon.com/cost-
rightsizing.htmlhttps://aws.amazon.com/compute-optimizer/
Question: 10 CertyIQ
Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
A. Providing high-performance container orchestration

B.Creating and rotating encryption keys
C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E.Implementing enforced tagging across AWS resources
Answer: CD
Explanation:
C & D are correct. Benefits of Trusted Advisor:• Cost optimization - Trusted Advisor can help you save cost
with actionable recommendations by analyzing usage, configuration and spend.• Performance - Trusted
Advisor can help improve the performance of your services with actionable recommendations by analyzing
usage and configuration.• Security - Trusted Advisor can help improve the security of your AWS environment
by suggesting foundational security best practices curated by security experts.• Fault tolerance - Trusted
Advisor can help improve the reliability of your services. • Service quotas - Service quotas are the maximum
number of resources that you can create in an AWS account.
Reference:
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS
B.Price discounts that are identical to discounts from hardware providers
D.Elimination of operational expenses
Answer: A
Explanation:
A. Elimination of expenses for running and maintaining data centers.
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.
Answer: B
Explanation:
B - AWS Service Catalog is correct. AWS Service Catalog lets you centrally manage your cloud resources to
achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or
Question: 13
Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?
Answer: C
Explanation:
https://aws.amazon.com/aws-cost-management/aws-cost-explorer/
A company is using a central data platform to manage multiple types of data for its customers. The company
wants to use AWS services to discover, transform, and visualize the data.
Which combination of AWS services should the company use to meet these requirements? (Choose two.)
A.AWS Glue
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Redshift
D. Amazon QuickSight
E. Amazon Quantum Ledger Database (Amazon QLDB)
Answer: AD
Explanation:
The answer is AD.AWS Glue is a serverless data integration service that makes it easier to discover, prepare,
move, and integrate data from multiple sources for analytics, machine learning (ML), and application
development. Amazon Quick Sight powers data-driven organizations with unified business intelligence (BI) at
hyperscale. With Quick Sight, all users can meet varying analytic needs from the same source of truth through
modern interactive dashboards, paginated reports, embedded analytics, and natural language queries.
Reference:
https://aws.amazon.com/quicksight/
https://aws.amazon.com/glue/
Question: 15
A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a
Which AWS service or resource will meet these requirements?
A.AWS Support
B.AWS Professional Services
D.AWS Managed Services (AMS)
Answer: B
Explanation:
An e-learning platform needs to run an application for 2 months each year. The application will be deployed on
Amazon EC2 instances. Any application downtime during those 2 months must be avoided.
Which EC2 purchasing option will meet these requirements MOST cost-effectively?
A.Reserved Instances
B.Dedicated Hosts
C.Spot Instances
D.On-Demand Instances
Answer: D
Explanation:
D - On-Demand Instances is correct. "On-Demand Instances are recommended for:• Users that prefer the low
cost and flexibility of EC2 without any upfront payment or long-term commitment• Applications with short-
term, spiky, or unpredictable workloads that cannot be interrupted• Applications being developed or tested on
EC2 for the first time" Reference:
https://aws.amazon.com/ec2/pricing/
Question: 17
A developer wants to deploy an application quickly on AWS without manually creating the required resources.
Amazon EC2
Answer: B
Explanation:
B - AWS Elastic Beanstalk is correct.
Deploy scalable web applications in minutes without the complexity of provisioning and managing underlying
Question: 18
A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data
Which S3 feature should the company use to meet these requirements?
C.S3 bucket policies

D.S3 server-side encryption
Answer: B
Explanation:
"Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite.
Question: 19
Which AWS service provides the ability to manage infrastructure as code?
C.AWS Direct Connect

D.AWS CloudFormation
Answer: D
Explanation:
Question: 20
An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The
web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
On-Demand Instances
Reserved Instances
Spot Instances
Spot Fleet
Answer: B
Explanation:
Question: 21
Which AWS service or feature allows a user to establish a dedicated network connection between a company’s on-
C.AWS VPN
D.Amazon Route 53
Answer: A
Explanation:
The Correct answer is A. Create a dedicated network connection to AWS. The AWS Direct Connect cloud
service is the shortest path to your AWS resources. While in transit, your network traffic remains on the AWS
Question: 22
Which option is a physical location of the AWS global infrastructure?
C.Amazon Connect
D.AWS Organizations
Answer: B
Explanation:
Question: 23
A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and
Which pillar of the AWS Well-Architected Framework is supported by these goals?
A.Reliability
C.Operational
D.Performance
Answer: B
Explanation:
Question: 24
What is the purpose of having an internet gateway within a VPC?
To create a VPN connection to the VPC
To impose bandwidth constraints on internet traffic
Answer: B
Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
Question: 25
Which best practice of the AWS Well-Architected Framework is the company following with this plan?
A.Integrate functional testing as part of AWS deployment.

C.Deploy the application to multiple locations.
Answer: D
Explanation:
https://docs.aws.amazon.com/wellarchitected/latest/framework/rel_prevent_interaction_failure_loosely_coupled_
Question: 26
A company has an AWS account. The company wants to audit its password and access key rotation details for
Which AWS service or tool will meet this requirement?
C.IAM credential report

D.AWS Audit Manager
Answer: C
Explanation:
The Correct answer is C.You can use credential reports to assist in your auditing and compliance efforts. You
can use the report to audit the effects of credential lifecycle requirements, such as password and access key
updates. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
A company wants to receive a notification when a specific AWS cost threshold is reached.
Which AWS services or tools can the company use to meet this requirement? (Choose two.)
A. Amazon Simple Queue Service (Amazon SQS)

B.AWS Budgets
C. Cost Explorer
D. Amazon CloudWatch
E. AWS Cost and Usage Report
Answer: BD
Explanation:
B. AWS Budgets: AWS Budgets is a service that allows you to set custom cost and usage budgets for your
AWS resources. You can configure a budget with a specific threshold and define actions, such as sending
notifications, when that threshold is reached.D. Amazon CloudWatch: Amazon CloudWatch is a monitoring
service that can be used to collect and track metrics, logs, and events from various AWS resources. It
supports setting up alarms based on cost metrics, so you can create an alarm for a specific cost threshold and
configure it to send notifications when the threshold is breached.
Question: 28
B.Amazon Connect
D.AWS Knowledge Center
Answer: D
Explanation:
Answer D is Correct. Key: "service or resource provides answers to the most frequently asked security-
The correct answer is D.AWS Official Knowledge Center articles and videos covering the most frequent
Question: 29
Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)
D.Patch or upgrade Amazon DynamoDB.

E.Select Amazon EC2 instances to run AWS Lambda on.
Answer: AB
Explanation:
Configure the AWS provided security group firewall.
Question: 30
Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)
A.Availability
D.Responsive design
E.Operational excellence
Answer: BE
Explanation:
The Correct answer is BE.AWS Well-Architected helps cloud architects build secure, high-performing,
resilient, and efficient infrastructure for a variety of applications and workloads. Built around six pillars—
operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
Which AWS service or feature is used to send both text and email messages from distributed applications?
A. Amazon Simple Notification Service (Amazon SNS)

B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)
Answer: A
Explanation:
The answer is A. Amazon Simple Notification Service (Amazon SNS) sends notifications two ways, A2A and
A2P. A2A provides high-throughput, push-based, many-to-many messaging between distributed systems,
microservices, and event-driven serverless applications. These applications include Amazon Simple Queue
Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, and other HTTPS endpoints. A2P functionality
lets you send messages to your customers with SMS texts, push notifications, and email.
Reference:
https://aws.amazon.com/sns/
Question: 32
A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.
Amazon Inspector
D.AWS Key Management Service (AWS KMS) keys
Answer: B
Explanation:
The answer is B. "Access keys are long-term credentials for an IAM user or the AWS account root user. You
can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS
"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
Question: 33
A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault
Which pricing model enables the company to optimize costs and meet these requirements?
Reserved Instances
On-Demand Instances
Answer: B
Explanation:
Spot Instances are a good fit for stateless, fault-tolerant workloads that can be interrupted without any
Question: 34
What does the concept of agility mean in AWS Cloud computing? (Choose two.)
The speed at which AWS resources are implemented

The speed at which AWS creates new AWS Regions
The ability to experiment quickly
The elimination of wasted capacity
The low cost of entry into cloud computing
Answer: AC
Explanation:
A. The speed at which AWS resources are implemented.
Question: 35
A company needs to block SQL injection attacks.
Which AWS service or feature can meet this requirement?
A.AWS WAF
B.AWS Shield
D.Security groups
Answer: A
Explanation:
The answer is A.AWS WAF helps you protect against common web exploits and bots that can affect
availability, compromise security, or consume excessive resources.
Question: 36
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an
C.AWS IAM Access Analyzer
Answer: C
Explanation:
Question: 37
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud.
Download the reports from AWS Artifact.

Open a case with AWS Support.
Generate the reports with Amazon Macie.
Answer: B
Explanation:
attestations, and other relevant documents. You can download these reports directly from AWS Artifact.
Question: 38
An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which cost is the company’s direct responsibility?
Cost of application software licenses

Cost of the hardware infrastructure on AWS
Cost of power for the AWS servers
Cost of physical security for the AWS data center
Answer: A
Explanation:
Correct answer is A:Cost of application software licenses.
A company is setting up AWS Identity and Access Management (IAM) on an AWS account.
Which recommendation complies with IAM security best practices?
A. Use the account root user access keys for administrative tasks.
B. Grant broad permissions so that all company employees can access the resources they need.
C. Turn on multi-factor authentication (MFA) for added security during the login process.
D.Avoid rotating credentials to prevent issues in production applications.
Answer: C
Explanation:
Turn on multi-factor authentication (MFA) for added security during the login process.Enabling multi-factor
authentication (MFA) for user accounts, especially for users with administrative or high-privilege access, is a
crucial security best practice. MFA adds an additional layer of security by requiring users to provide two or
more verification factors (typically something they know, like a password, and something they have, like a
temporary MFA code from a hardware token or mobile app) before gaining access. This significantly reduces
the risk of unauthorized access, even if login credentials are compromised.
Question: 40
Elasticity in the AWS Cloud refers to which of the following? (Choose two.)
How quickly an Amazon EC2 instance can be restarted

The ability to rightsize resources as demand shifts
The maximum amount of RAM an Amazon EC2 instance can use
The pay-as-you-go billing model
Answer: BE
Explanation:
Question: 41
Which service enables customers to audit API calls in their AWS accounts?
D.AWS X-Ray
Answer: A
Explanation:
Question: 42
What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model?
B.Confirming that the hardware is working in the data center

C.Patching the operating system
D.Shutting down Lambda functions when they are no longer in use
Answer: A
Explanation:
Managing the code within the Lambda function.
Question: 43
A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for
Which AWS service should the company use to run these queries in the MOST cost-effective manner?
Amazon
Amazon Athena
Amazon Kinesis
Amazon RDS
Answer: B
Explanation:
The answer is B. Amazon Athena is a serverless, interactive analytics service built on open-source
frameworks, supporting open-table and file formats. Athena provides a simplified, flexible way to analyze
petabytes of data where it lives. Analyze data or build applications from an Amazon Simple Storage Service
(S3) data lake and 30 data sources, including on-premises data sources or other cloud systems using SQL or
Python. Athena is built on open-source Trino and Presto engines and Apache Spark frameworks, with no
provisioning or configuration effort required.
Which AWS service can be used at no additional cost?
A. Amazon SageMaker
B.AWS Config
C.AWS Organizations
D.Amazon CloudWatch
Answer: C
Explanation:
The answer is C.AWS Organizations is an account management service that enables you to consolidate
multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations is
offered at no additional charge. You are charged only for AWS resources that users and roles in your member
accounts use. For example, you are charged the standard fees for Amazon EC2 instances that are used by
users or roles in your member accounts.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
Question: 45
B.Event management
Answer: C
Explanation:
Question: 46
A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in
exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Choose two.)
Spot Instances
On-Demand Instances
Reserved Instances
E.Dedicated Hosts
Answer: CD
Explanation:
C.Reserved Instances.
D.Savings Plans.
Question: 47
A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use
A.Amazon Connect
B.AWS Wavelength
C.AWS Regions
D.AWS Direct Connect
Answer: C
Explanation:
Correct answer is C:AWS Regions.
Question: 48
A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the
Which AWS service or feature can be used to estimate costs before deployment?
A.AWS Free Tier

B.AWS Pricing Calculator
Answer: B
Explanation:
The answer is B.AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for
your AWS use cases. You can use it to model your solutions before building them, explore the AWS service
https://docs.aws.amazon.com/pricing-calculator/latest/userguide/what-is-pricing-calculator.html
Question: 49
A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner?
A.Deliver the content through Amazon CloudFront.
Answer: A
Explanation:
Deliver the content through Amazon CloudFront.
Question: 50
Which option is a benefit of the economies of scale based on the advantages of cloud computing?
A.The ability to trade variable expense for fixed expense
C.Lower variable costs over fixed costs

D.Increased operational costs across data centers
Answer: C
Explanation:
C seems to be correct. it is the only one that reflects cost benefits which are asked in the question. While A
Question: 51
A.AWS CLI
B.AWS Developer Center
C.AWS Cloud Development Kit (AWS CDK)
Answer: C
Explanation:
C. AWS Cloud Development Kit (AWS CDK)AWS CDK is a software development framework that enables
developers to define infrastructure as code (IaC) using familiar programming languages like TypeScript,
Python, Java, C#, and more. With AWS CDK, you can define cloud resources, their relationships, and
provisioning logic in your preferred programming language. AWS CDK also generates CloudFormation
templates based on your code, making it easier to manage and deploy infrastructure resources in AWS.
A company is developing an application that uses multiple AWS services. The application needs to use temporary,
limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?
A.Amazon API Gateway

B.IAM users
C.AWS Security Token Service (AWS STS)
D.IAM instance profiles
Answer: C
Explanation:
C. AWS Security Token Service (AWS STS)AWS STS provides a way to grant temporary, limited-privilege
credentials to users, applications, or services. These temporary credentials can be used to access AWS
resources securely without having to use long-term access keys or IAM user credentials.
Question: 53
B.AWS Trusted Advisor

C.Amazon EventBridge
D.Amazon GuardDuty
Answer: A
Explanation:
AWS Security Hub is a cloud security posture management (CSPM) service that performs automated,
continuous security best practice checks against your AWS resources to help you identify misconfigurations,
and aggregates your security alerts (i.e. findings) in a standardized format so that you can more easily enrich,
Question: 54
Amazon S3
D.AWS WAF
Answer: B
Explanation:
"IAM is a feature of your AWS account and is offered at no additional charge.
"Reference:
Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload
Amazon
Amazon Aurora
Amazon DynamoDB
Amazon RDS
Answer: C
Explanation:
Correct answer is C" Amazon DynamoDB is a fully managed NoSQL database service that provides fast and
"https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html
Question: 56
A company is using Amazon DynamoDB.
Which task is the company’s responsibility, according to the AWS shared responsibility model?
C.Manage database access permissions.

D.Secure the operating system.
Answer: C
Explanation:
Correct answer is C:Manage database access permissions.
Question: 57
Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively?
A.On-Demand Instances
C.Spot Instances
D.Reserved Instances
Answer: C
Explanation:
Spot Instances are a good fit for stateless, fault-tolerant workloads that can be interrupted without any
Question: 58
Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3
Amazon Macie
Amazon Detective
D.AWS IAM Access Analyzer
Answer: A
Explanation:
A. Amazon Macie Amazon Macie is a security service that uses machine learning to automatically discover,
classify, and protect sensitive data in Amazon S3. It helps you identify and protect data such as personally
identifiable information (PII), financial information, intellectual property, and more by monitoring data access
Question: 59
Which of the following services can be used to block network traffic to an instance? (Choose two.)
Amazon Virtual Private Cloud (Amazon VPC) flow logs
Amazon CloudWatch
E.AWS CloudTrail
Answer: AC
Explanation:
C. Network ACLs
Security groups are stateful firewalls that control inbound and outbound traffic at the instance level. You can
configure security groups to allow or deny specific types of network traffic to and from your
instances.Network ACLs (Access Control Lists) are stateless firewalls that control traffic at the subnet level.
Network ACLs define rules to allow or deny traffic based on source and destination IP addresses, ports, and
protocols.
Which AWS service can identify when an Amazon EC2 instance was terminated?
A.AWS Identity and Access Management (IAM)

B.AWS CloudTrail
C.AWS Compute Optimizer
D.Amazon EventBridge
Answer: B
Explanation:
B. AWS CloudTrailAWS CloudTrail is a service that records all API activity in your AWS account, including the
termination of EC2 instances. It creates log entries for various events, providing an audit trail of actions taken
on resources. By reviewing CloudTrail logs, you can identify when an EC2 instance was terminated, who
initiated the termination, and other relevant details about the event.
Question: 61
Which of the following is a fully managed MySQL-compatible database?
Amazon S3
Amazon DynamoDB
Amazon
Amazon Aurora
Answer: D
Explanation:
D. Amazon Aurora Amazon Aurora is a relational database service that is compatible with MySQL and
PostgreSQL. It is fully managed by AWS and is designed for high availability, performance, and scalability
while maintaining MySQL compatibility. Aurora offers features like automated backups, read replicas, and
seamless failover to ensure data durability and availability. It's a popular choice for applications that require a
Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS
services, APIs, and tools to data centers, co-location environments, or on-premises facilities?
A.AWS Snowmobile
B.AWS Local Zones
C.AWS Outposts
D.AWS Fargate
Answer: C
Explanation:
C. AWS Outposts AWS Outposts enables you to run AWS infrastructure and services on premises while
seamlessly connecting to the AWS cloud. This service extends the AWS ecosystem to your on-premises
locations, allowing you to take advantage of cloud benefits while addressing the requirements of data
residency, low-latency applications, and specific regulatory needs in hybrid environments.
Question: 63
Amazon DynamoDB
Amazon Athena
Amazon RDS
Amazon EMR
Answer: C
Explanation:
C. Amazon RDS (Relational Database Service)Amazon RDS supports various database engines, including
Question: 64
A company wants to provide managed Windows virtual desktops and applications to its remote employees over
Which AWS services can the company use to meet these requirements? (Choose two.)
A.Amazon Connect
B.Amazon AppStream 2.0
E.Amazon Elastic Container Service (Amazon ECS)

Answer: CD
Explanation:
CD is right.Amazon AppStream 2.0 is a service for streaming desktop applications to a web browser, but it is
different from full Windows virtual desktops provided by Amazon WorkSpaces.
A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific
ports.
Which AWS service will meet this requirement?
A.AWS Trusted Advisor

B.Amazon CloudWatch
C.Amazon GuardDuty
D.AWS Health Dashboard
Answer: A
Explanation:
A. AWS Trusted Advisor AWS Trusted Advisor is a service that provides recommendations for optimizing your
AWS infrastructure. It includes checks for security best practices, such as identifying security groups that
have overly permissive rules, which would allow unrestricted access to specific ports. It offers guidance on
how to address these misconfigurations.
Question: 66
Amazon DynamoDB
Amazon Aurora
Amazon DocumentDB (with MongoDB compatibility)
Amazon Neptune
Answer: A
Explanation:
Amazon DynamoDB is a nonrelational database that delivers reliable performance at any scale. It's a fully
managed, multi-region, multi-master database that provides consistent single-digit millisecond latency, and
Question: 67
A company is deploying a machine learning (ML) research project that will require a lot of compute power over
several months. The ML processing jobs do not need to run at specific times.
Which Amazon EC2 instance purchasing option will meet these requirements at the lowest cost?
On-Demand Instances
Spot Instances
D.Dedicated Instances
Answer: B
Explanation:
B. Spot Instances
Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)
A.EC2 Reserved Instances

B.EC2 Amazon Machine Images (AMIs)
C.Amazon Elastic Block Store (Amazon EBS) snapshots
D.AWS Shield
E.Amazon GuardDuty
Answer: BC
Explanation:
B. EC2 Amazon Machine Images (AMIs): AMIs are used to create backups of EC2 instances, and they can be
used to launch replacement instances in the event of a disaster or data loss. AMIs are essential for creating
recovery points for your EC2 instances.C. Amazon Elastic Block Store (Amazon EBS) snapshots: EBS
snapshots allow you to create point-in-time backups of your EBS volumes. These snapshots can be used to
restore data or create new EBS volumes, making them a key component of disaster recovery for EC2
instances.
Question: 69
C.Amazon WorkSpaces
Answer: B
Explanation:
B is correct" Using AWS Cloud Shell, a browser-based shell, you can quickly run scripts with the AWS
A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud
using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the
number of VPCs to hundreds over time.
Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase
in number?
A. VPC endpoints
B.AWS Transit Gateway
C.Amazon Route 53
D.AWS Secrets Manager
Answer: B
Explanation:
BAWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks
through a central hub. This connection simplifies your network and puts an end to complex peering
relationships. Transit Gateway acts as a highly scalable cloud router—each new connection is made only
once.
https://aws.amazon.com/transit-gateway/
Question: 71
A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks
Which AWS Support plan offers guidance and support for this kind of event at no additional charge?
D.AWS Enterprise Support
Answer: D
Explanation:
Correct answer is D:AWS Enterprise Support.
Question: 72
A company wants to establish a schedule for rotating database user credentials.
Which AWS service will support this requirement with the LEAST amount of operational overhead?
A.AWS Systems Manager

B.AWS Secrets Manager
C.AWS License Manager
D.AWS Managed Services
Answer: B
Explanation:
Correct answer is B:AWS Secrets Manager.
Question: 73
Which AWS service or feature can be used to create a private connection between an on-premises workload and
Amazon Route 53
Answer: C
Explanation:
AWS PrivateLink: Establish connectivity between VPCs and AWS services without exposing data to the
internetDirectConnect: Create a dedicated network connection to AWS.
Question: 74
D.AWS Config
Answer: C
Explanation:
Question: 75
A.AWS Management Console

B.AWS CLI
C.AWS SDK
D.AWS Cloud9
Answer: A
Explanation:
Correct answer is A:AWS Management Console.
Which of the following are advantages of the AWS Cloud? (Choose two.)
A. Trade variable expenses for capital expenses

B.High economies of scale
C. Launch globally in minutes
D. Focus on managing hardware infrastructure
E.Overprovision to ensure capacity
Answer: BC
Explanation:
B. Ability to quickly change required capacity: With the AWS Cloud, users can easily scale their infrastructure
up or down based on demand. This flexibility allows for rapid adjustment of resources to match application
needs, enabling cost optimization and efficient resource utilization.C. High economies of scale: AWS operates
at a large scale, serving millions of customers globally. This scale allows AWS to achieve cost efficiencies and
pass on the benefits to customers. By leveraging AWS services, users can access enterprise-grade
infrastructure and services without the need for significant upfront investment in hardware or infrastructure.
Question: 77
Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?
D.High availability
Answer: D
Explanation:
https://aws.amazon.com/marketplace/solutions/infrastructure-software/high-availability
A developer needs to maintain a development environment infrastructure and a production environment
Which AWS service should the developer use to meet these requirements?
C.AWS IoT Device Defender

Answer: D
Explanation:
Question: 79
Which task is the customer’s responsibility, according to the AWS shared responsibility model?
A.Maintain the security of the AWS Cloud.
C.Patch the operating system of Amazon RDS instances.

D.Implement physical and environmental controls.
Answer: B
Explanation:
Configure firewalls and networks.
Question: 80
Which AWS service helps deliver highly available applications with fast failover for multi-Region and Multi-AZ
A.AWS WAF
B.AWS Global Accelerator
Answer: B
Explanation:
Correct answer is B:AWS Global Accelerator.
A company has a set of ecommerce applications. The applications need to be able to send messages to each other.
Which AWS service meets this requirement?
A.AWS Auto Scaling

B. Elastic Load Balancing
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Streams
Answer: C
Explanation:
Amazon Simple Queue Service (SQS): SQS is a fully managed message queuing service that enables you to
decouple and scale microservices, distributed systems, and serverless applications. It allows one application
to send messages to a queue, and another application to retrieve those messages from the queue. This can be
helpful in scenarios where the sender and receiver are not required to interact with each other in real-time.
Question: 82
What are the benefits of consolidated billing for AWS Cloud services? (Choose two.)
A.Volume discounts
B.A minimal additional fee for use
E.Custom cost and usage budget creation
Answer: AC
Explanation:
A. Volume discounts.
C. One bill for multiple accounts.
Question: 83
A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console.
B.S3 Storage Lens

C. AWS IAM Identity Center (AWS Single Sign-On)
D.Access Analyzer for S3
Answer: D
Explanation:
The correct answer is D. When reviewing an at-risk bucket in IAM Access Analyzer for S3, you can block all
public access to the bucket with a single click. We recommend that you block all access to your buckets
unless you require public access to support a specific use case. Before you block all public access, ensure
that your applications will continue to work correctly without public access.
"IAM Access Analyzer for S3 might show that a bucket has read or write access provided through a bucket
access control list (ACL), a bucket policy, a Multi-Region Access Point policy, or an access point policy...IAM
Access Analyzer for S3 is available at no extra cost on the Amazon S3 console.
"Reference:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-analyzer.html
https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-analyzer.html
Question: 84
What is the best resource for a user to find compliance-related information and reports about AWS?
C.Amazon Inspector
D.AWS Support
Answer: A
Explanation:
provides on-demand access to security and compliance reports from AWS and ISVs who sell their products on
Question: 85
D.Amazon Route 53
Answer: A
Explanation:
Question: 86
Which AWS service or feature improves network performance by sending traffic through the AWS worldwide
Route
Answer: C
Explanation:
Correct answer is C:AWS Global Accelerator.
Question: 87
Which AWS service provides highly durable object storage?
Amazon S3
Amazon Elastic File System (Amazon EFS)
Amazon Elastic Block Store (Amazon EBS)
Amazon FSx
Answer: A
Explanation:
S3 Standard offers high durability, availability, and performance object storage for frequently accessed data.
Database backups
D.Operating system installations
Answer: D
Explanation:
Operating system installations is a correct answer.
Question: 89
Which of the following are advantages of moving to the AWS Cloud? (Choose two.)
The ability to turn over the responsibility for all security to AWS.
The ability to use the pay-as-you-go model.
The ability to have full control over the physical infrastructure.
No longer having to guess what capacity will be required.
No longer worrying about users access controls.
Answer: BD
Explanation:
Question: 90
Which AWS service is a hybrid cloud storage service that provides on-premises users access to virtually unlimited
C.AWS Storage Gateway

D.Amazon Elastic Block Store (Amazon EBS)
Answer: C
Explanation:
C. AWS Storage GatewayAWS Storage Gateway is a hybrid cloud storage service that enables on-premises
applications to seamlessly access AWS Cloud-based storage. It provides a local cache for frequently
accessed data to ensure low-latency access, while also storing data in the cloud for durability and scalability.
A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?
A.AWS Pricing Calculator

B.Amazon CloudWatch
C.AWS Cost Explorer
D.AWS Budgets
Answer: A
Explanation:
AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for your AWS use
cases. You can use it to model your solutions before building them, explore the AWS service price points, and
review the calculations behind your estimates. You can use it to help you plan how you spend, find cost saving
opportunities, and make informed decisions when using Amazon Web Services.
Reference:
https://docs.aws.amazon.com/pricing-calculator/latest/userguide/what-is-pricing-calculator.html
Question: 92
Which tool should a developer use to integrate AWS service features directly into an application?
C.AWS Lambda
D.AWS Batch
Answer: A
Explanation:
AWS Software Development Kit is a correct answer.
Question: 93
Which of the following is a recommended design principle of the AWS Well-Architected Framework?
Reduce downtime by making infrastructure changes infrequently and in large increments.

Invest the time to configure infrastructure manually.
Learn to improve from operational failures.
Use monolithic application design for centralization.
Answer: C
Explanation:
The answer is C Learn from all operational failures: Drive improvement through lessons learned from all
operational events and failures. Share what is learned across teams and through the entire organization.
Question: 94
A.restricted access.
B.as-needed access.
C.least privilege access.
D.token access.
Answer: C
Explanation:
Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an
Amazon VPC subnet?
A. Security group
B.AWS WAF
C.AWS Firewall Manager
D.Network ACL
Answer: D
Explanation:
Network ACLs are an optional layer of security that act as a firewall for controlling inbound and outbound
traffic at the subnet level. VPC_Security_Comparison
Since we are on a subnet level, D is the correct answer. Network ACLs allow or deny inbound and outbound
traffic at the subnet level. Security groups allow inbound and outbound traffic for associated resources, such
as EC2 instances
https://docs.aws.amazon.com/vpc/latest/userguide/infrastructure-security.html#VPC_Security_Comparison
https://docs.aws.amazon.com/zh_tw/vpc/latest/userguide/VPC_Security.html#
A company wants to operate a data warehouse to analyze data without managing the data warehouse

A.Amazon Aurora
B.Amazon Redshift Serverless
C.AWS Lambda
D.Amazon RDS
Answer: B
Explanation:
Amazon Redshift Serverless makes it easy to run analytics workloads of any size without having to manage
data warehouse infrastructure.
How does AWS Cloud computing help businesses reduce costs? (Choose two.)
A.AWS charges the same prices for services in every AWS Region.
B.AWS enables capacity to be adjusted on demand.
C.AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week.
D.AWS does not charge for data sent from the AWS Cloud to the internet.
E. AWS eliminates many of the costs of building and maintaining on-premises data centers.
Answer: BE
Explanation:
B. AWS enables capacity to be adjusted on demand.
E.AWS eliminates many of the costs of building and maintaining on-premises data centers.
Question: 98
Answer: B
Explanation:
Correct answer is B:IAM role.

Question: 99
Which task is the responsibility of AWS when using AWS services?
Creation of security group rules for outbound access

C.Maintenance of physical and environmental controls
D.Application of Amazon EC2 operating system patches
Answer: C
Explanation:

A company wants to automate infrastructure deployment by using infrastructure as code (IaC). The company
wants to scale production stacks so the stacks can be deployed in multiple AWS Regions.
Which AWS service will meet these requirements?
A.Amazon CloudWatch
B.AWS Config
C. AWS Trusted Advisor
Answer: D
Explanation:
AWS CloudFormation gives you an easy way to model a collection of related AWS and third-party resources,
provision them quickly and consistently, and manage them throughout their lifecycles, by treating
infrastructure as code. A CloudFormation template describes your desired resources and their dependencies
so you can launch and configure them together as a stack. You can use a template to create, update, and
delete an entire stack as a single unit, as often as you need to, instead of managing resources individually. You
can manage and provision stacks across multiple AWS accounts and AWS Regions.
Reference:
https://aws.amazon.com/cloudformation/features/
Question: 101
Which option is an AWS Cloud Adoption Framework (AWS CAF) platform perspective capability?
Data
Data
Data governance
Data science
Answer: A
Explanation:
A is the right answerPlatform perspective helps you build an enterprise-grade, scalable, hybrid cloud
platform, modernize existing workloads, and implement new cloud-native solutions. This includes DATA
ARCHITECTURE
Question: 102
Which AWS best practice ensures the MOST cost-effective architecture for the workload?
D.Redundancy
Answer: B
Explanation:
Right sizing is the process of matching instance types and sizes to your workload performance and capacity
https://aws.amazon.com/aws-cost-management/aws-cost-optimization/right-
sizing/#:~:text=Right%20sizing%20is%20the%20process,at%20the%20lowest%20possible%20cost.

A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server
is running out of space. The company wants to use AWS services for the backups without changing its existing
backup workflows.
Which AWS service should the company use to meet these requirements?
A.Amazon Elastic Block Store (Amazon EBS)

B.AWS Storage Gateway
C.Amazon Elastic Container Service (Amazon ECS)
D.AWS Lambda
Answer: B
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually
unlimited cloud storage. Storage Gateway provides a standard set of storage protocols such as iSCSI, SMB,
and NFS, which allow you to use AWS storage without rewriting your existing applications.
Question: 104
Which AWS tool gives users the ability to plan their service usage, service costs, and instance reservations, and
also allows them to set custom alerts when their costs or usage exceed established thresholds?
A.Cost Explorer
B.AWS Budgets
C.AWS Cost and Usage Report
D.Reserved Instance reporting
Answer: B
Explanation:
B. AWS Budgets
"https://aws.amazon.com/aws-cost-management/aws-budgets/faqs/
Question: 105
Which tasks are the customer’s responsibility, according to the AWS shared responsibility model? (Choose two.)
B.Perform client-side data encryption.
D.Secure edge locations.

E.Patch Amazon RDS DB instances.
Answer: BC
Explanation:
B.Perform client-side data encryption.
C.Configure IAM credentials.
Question: 106
A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.)
Grant the developer access to only the AWS resources needed to perform the job.
Share the AWS account root user credentials with the developer.
Add the developer to the administrator’s group in AWS IAM.
Answer: AE
Explanation:
A. Grant the developer access to only the AWS resources needed to perform the job.

A company has multiple AWS accounts that include compute workloads that cannot be interrupted. The company
wants to obtain billing discounts that are based on the company’s use of AWS services.
Which AWS feature or purchasing option will meet these requirements?
A.Resource tagging
B.Consolidated billing
C.Pay-as-you-go pricing
D.Spot Instances
Answer: B
Explanation:
B. Consolidated billing. Consolidated billing allows you to combine multiple AWS accounts and aggregate the
usage and spending across those accounts. This simplifies billing and enables you to take advantage of
volume discounts, which can lead to cost savings. Each account can still maintain its own resource tagging
and pricing options, so it's possible to manage compute workloads in individual accounts as needed.
Question: 108
A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The
C.IAM roles
D.IAM user SSH keys
Answer: C
Explanation:
Question: 109
A company wants a fully managed Windows file server for its Windows-based applications.
A.Amazon FSx
B.Amazon Elastic Kubernetes Service (Amazon EKS)
C.Amazon Elastic Container Service (Amazon ECS)
D.Amazon EMR
Answer: A
Explanation:
Choosing an Amazon FSx File System.

A company wants to migrate its NFS on-premises workload to AWS.
Which AWS Storage Gateway type should the company use to meet this requirement?
A. Tape Gateway
B. Volume Gateway
C. Amazon FSx File Gateway
D. Amazon S3 File Gateway
Answer: D
Explanation:
Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data
files and backup images as durable objects in Amazon S3 cloud storage. Amazon S3 File Gateway offers SMB
or NFS-based access to data in Amazon S3 with local caching. It can be used for on-premises data-intensive
Amazon EC2-based applications that need file protocol access to S3 object storage."
Reference:
https://aws.amazon.com/storagegateway/file/s3/
Which AWS tool or service can be used to meet these requirements?
Amazon CloudWatch
Amazon Inspector
C.AWS CloudTrail
D.AWS IAM
Answer: C
Explanation:
CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and
API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your
A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly
processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to
continue to grow for years.
What is the MOST cost-effective EC2 instance purchasing model to meet these requirements?
A.Spot Instances
B.On-Demand Instances
C.Savings Plans
D.Dedicated Hosts
Answer: C
Explanation:
C - Savings Plans: "uninterruptible application" and "usage is expected to continue to grow for
years."Company can commit to 1 or 3 year plan to obtain savings.
CSavings Plans are a flexible pricing model that offer low prices on EC2 usage, in exchange for a commitment
to a consistent amount of usage, measured in dollars per hour, for a term of 1 or 3 years. Savings Plans can
reduce your EC2 costs by up to 72% compared to On-Demand price.
Question: 113
Amazon Polly
Amazon Personalize
Amazon Comprehend
Amazon Rekognition
Answer: B
Explanation:
Question: 114
Which phase of the cloud transformation journey includes these identification activities?
A.Envision
B.Align
C.Scale
D.Launch
Answer: B
Explanation:
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-
transformation-journey.html
Question: 115
A social media company wants to protect its web application from common web exploits such as SQL injections
A.Amazon Inspector
B.AWS WAF
C.Amazon GuardDuty
D.Amazon CloudWatch
Answer: B
Explanation:
configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These
conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.
Question: 116
Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC2
EC2 Image Builder

Amazon Machine Image (AMI)
C.AWS Launch Wizard
D.AWS Elastic Beanstalk
Answer: A
Explanation:
https://aws.amazon.com/image-builder/faqs/

A company wants an automated process to continuously scan its Amazon EC2 instances for software
Amazon GuardDuty
Amazon Inspector
Amazon Detective
Amazon Cognito
Answer: B
Explanation:
Question: 118
A company needs to perform data processing once a week that typically takes about 5 hours to complete.
Which AWS service should the company use for this workload?
A.AWS Lambda
B.Amazon EC2
C.AWS CodeDeploy
D.AWS Wavelength
Answer: B
Explanation:
However, Lambda functions have a maximum execution time of 15 minutes. Therefore, Lambda is not suitable
for workloads that need to run for longer than 15 minutes.Amazon EC2 is a scalable computing service that
provides instances with varying capabilities and pricing options. You can choose an EC2 instance that is right
for your data processing job and then terminate the instance when the job is complete. This will help you to
save money on your AWS bill.

Which AWS service or feature provides log information of the inbound and outbound traffic on network interfaces
in a VPC?
A.Amazon CloudWatch Logs

B.AWS CloudTrail
C.VPC Flow Logs
D.AWS Identity and Access Management (IAM)
Answer: C
Explanation:
The correct answer is C.VPC flow logs is a feature that enables you to capture information about the IP traffic
going to and from network interfaces in your VPC. Flow logs data can be published to either Amazon
CloudWatch Logs or Amazon S3. You can monitor your VPC flow logs to gain operational visibility about your
network dependencies and traffic patterns, detect anomalies and prevent data leakage, or troubleshoot
network connectivity and configuration issues.
https://aws.amazon.com/vpc/faqs/#:~:text=VPC%20flow%20logs%20is%20a,network%20interfaces%20in%20you

A company wants to design a centralized storage system to manage the configuration data and passwords for its
critical business applications.
Which AWS service or capability will meet these requirements MOST cost-effectively?
A.AWS Systems Manager Parameter Store

C.AWS Config
D.Amazon S3
Answer: A
Explanation:
"Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for
configuration data management and secrets management. You can store data such as passwords, database
strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values.
Reference:
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html
Question: 121
A company plans to deploy containers on AWS. The company wants full control of the compute resources that
host the containers. Which AWS service will meet these requirements?
A.Amazon Elastic Kubernetes Service (Amazon EKS)

B.AWS Fargate
C.Amazon EC2
D.Amazon Elastic Container Service (Amazon ECS)
Answer: D
Explanation:
Correct answer is D:Amazon Elastic Container Service (Amazon ECS).

Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize
workflows, and apply policies to groups of accounts?

B.AWS Trusted Advisor
C.AWS CloudFormation
D.AWS Organizations
Answer: D
Explanation:
AWS Organizations provides you with the capability to centrally manage and govern your cloud environment.
You can manage and organize your accounts under a single bill, set central policies and configuration
requirements for your entire organization, create custom permissions or capabilities within the organization,
and delegate responsibilities to other accounts so they can manage on behalf of the organization.
Reference:
https://aws.amazon.com/organizations/features/
Question: 123
A company wants to store and retrieve files in Amazon S3 for its existing on-premises applications by using
B.AWS Snowball Edge

C.Amazon S3 File Gateway
D.AWS Transfer Family
Answer: C
Explanation:
Amazon S3 File Gateway provides a seamless way to connect to the cloud in order to store application data
files and backup images as durable objects in Amazon S3 cloud storage. Amazon S3 File Gateway offers SMB
or NFS-based access to data in Amazon S3 with local caching. It can be used for on-premises data-intensive
Amazon EC2-based applications that need file protocol access to S3 object storage."
Question: 124
A company wants to block SQL injection attacks.
Which AWS service or feature should the company use to meet this requirement?
AWS WAF
Answer: A
Explanation:
configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These
conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site
Question: 125
A company wants a unified tool to provide a consistent method to interact with AWS services.
AWS CLI
Amazon Elastic Container Service (Amazon ECS)
Answer: A
Explanation:
The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services. With just one tool
to download and configure, you can control multiple AWS services from the command line and automate them
Question: 126
A.AWS Shield
B.AWS WAF
C.AWS Trusted Advisor
D.AWS Service Catalog
Answer: C
Explanation:
Correct answer is C:AWS Trusted Advisor.
Question: 127
D.Governance
Answer: B
Explanation:
AWS CAF Operations perspective capabilities• Observability• Event management (AIOps)• Incident and
problem management• Change and release management• Performance and capacity management•
Configuration management• Patch management• Availability and continuity management• Application
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/operations-
Question: 128
A company has a compute workload that is steady, predictable, and uninterruptible.
Which Amazon EC2 instance purchasing options meet these requirements MOST cost-effectively? (Choose two.)
B.Reserved Instances
C.Spot Instances
Answer: BD
Explanation:
B. Reserved Instances.
D. Saving Plans.
Question: 129
Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year
On-Demand Instances
Reserved Instances
Answer: A
Explanation:
With On-Demand instances, you pay for compute capacity by the hour or the second depending on which
instances you run. No longer-term commitments or upfront payments are needed. You can increase or
decrease your compute capacity depending on the demands of your application and only pay the specified per
Question: 130
Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility
A.Configuration of Amazon EC2 instance operating systems
C.Patch management
D.Security of the physical infrastructure
Answer: C
Explanation:
Correct answer is C:Patch management.
Shared Controls "AWS is responsible for patching and fixing flaws within the infrastructure, but customers
A company wants to migrate its on-premises workloads to the AWS Cloud. The company wants to separate
workloads for chargeback to different departments.
Which AWS services or features will meet these requirements? (Choose two.)
A.Placement groups
B.Consolidated billing
C.Edge locations
D.AWS Config
E.Multiple AWS accounts
Answer: BE
Explanation:
B. Consolidated Billing Consolidated billing is a feature of AWS Organizations that allows you to combine
billing for multiple AWS accounts. With consolidated billing, each department can have its own AWS account
for tracking and managing its resources separately, while the company enjoys the convenience of a single
payment method for all these accounts. This setup makes it easier to track costs and implement chargeback
mechanisms.
E. Multiple AWS Accounts Creating multiple AWS accounts, one for each department, is an effective way to
segregate resources, manage permissions, and track costs separately. This approach enhances security by
limiting the scope of access and impact of changes, and it simplifies the process of attributing costs to the
right department. Combined with consolidated billing, it provides both organizational flexibility and
centralized financial control.

Which task is a responsibility of AWS, according to the AWS shared responsibility model?
A.Enable client-side encryption for objects that are stored in Amazon S3.
B.Configure IAM security policies to comply with the principle of least privilege.
C.Patch the guest operating system on an Amazon EC2 instance.
D.Apply updates to the Nitro Hypervisor.
Answer: D
Explanation:
"AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all
of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software,
networking, and facilities that run AWS Cloud services.
"Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/
Question: 133
Which option is a benefit of using AWS for cloud computing?
C.Decreased speed and agility

D.Spending money running and maintaining data centers
Answer: B
Explanation:
The answer is given In the doc "Six advantages of cloud computing." The benefit from massive economies of
scale is pay-as-you-go pricing.
go.
Question: 134
Which option is an AWS Cloud Adoption Framework (AWS CAF) business perspective capability?
B.Event management
C.Data monetization
D.Platform architecture
Answer: C
Explanation:
Correct answer is C:Data monetization.
Question: 135
A company is assessing its AWS Business Support plan to determine if the plan still meets the company’s needs.
The company is considering switching to AWS Enterprise Support.
Which additional benefit will the company receive with AWS Enterprise Support?
A full set of AWS Trusted Advisor checks
A designated technical account manager (TAM) to assist in monitoring and optimization

A consultative review and architecture guidance for the company’s applications
Answer: C
Explanation:
A designated technical account manager (TAM) to assist in monitoring and optimization.

Question: 136
On-Demand Instances
Standard Reserved Instances
Convertible Reserved Instances
Answer: C
Explanation:
Question: 137
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
E.Availability and continuity
Answer: CD
Explanation:
C .Incident response.
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-
Question: 138
Which option offers a discounted hourly rate compared to the hourly rate of On-Demand Instances?
A.AWS Graviton processor
C.EC2 Instance Savings Plans

D.Amazon EC2 Auto Scaling instances
Answer: C
Explanation:
EC2 Instance Savings Plans is a correct answer.
Question: 139
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?
C.Reliability
Answer: B
Explanation:

Which AWS services can a company use to achieve a loosely coupled architecture? (Choose two.)
A.Amazon WorkSpaces
B.Amazon Simple Queue Service (Amazon SQS)
C.Amazon Connect
D.AWS Trusted Advisor
E.AWS Step Functions
Answer: BE
Explanation:
B. Amazon Simple Queue Service (Amazon SQS):** SQS is a fully managed message queuing service that
enables decoupling of the components in a distributed system. It allows components to communicate
asynchronously, promoting loose coupling. E. AWS Step Functions:** Step Functions is a serverless function
orchestrator that allows you to coordinate multiple AWS services into serverless workflows. It helps in
creating loosely coupled, flexible systems by defining workflows that connect various services.

Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded?
B.AWS Cost Explorer

Answer: A
Explanation:
A. AWS Budgets is the AWS Cloud service that allows users to set custom spending thresholds and receive
alerts when those thresholds are exceeded. It helps users to keep track of their AWS spending by providing
notifications based on their budget limits.

A company plans to migrate to the AWS Cloud. The company wants to use the AWS Cloud Adoption Framework
(AWS CAF) to define and track business outcomes as part of its cloud transformation journey.
Which AWS CAF governance perspective capability will meet these requirements?
A.Benefits management
B.Risk management
C.Application portfolio management
D.Cloud financial management
Answer: A
Explanation:
The correct answer is A. Benefits management.
The Benefits management capability of the AWS CAF governance perspective is specifically designed to help
organizations define, measure, and track the business outcomes they expect to achieve from their cloud
adoption initiatives. This includes identifying and quantifying the expected benefits, establishing clear
ownership and responsibility for achieving those benefits, and establishing processes and metrics to track
progress and measure success.
Question: 143
A company needs to quickly and securely move files over long distances between its client and an Amazon S3
Which S3 feature will meet this requirement?
A.S3 Versioning
D.S3 Intelligent-Tiering
Answer: B
Explanation:
B. S3 Transfer AccelerationS3 Transfer Acceleration is a feature that utilizes Amazon Cloud Front's globally
using Amazon's backbone network, reducing latency and improving speeds when transferring files over long
Question: 144
A company needs to continuously run an experimental workload on an Amazon EC2 instance and stop the instance
Which instance purchasing option will meet this requirement MOST cost-effectively?
On-Demand Instances
Reserved Instances
Answer: A
Explanation:
Correct answer is A:On-Demand Instances.
Question: 145
Which cloud transformation journey phase of the AWS Cloud Adoption Framework (AWS CAF) focuses on
A.Scale
B.Envision
C.Align
D.Launch
Answer: B
Explanation:
B is correct Envision – demonstrate how the Cloud will accelerate business out comes by identifying
Question: 146
Which option is a customer responsibility under the AWS shared responsibility model?
A.Maintenance of underlying hardware of Amazon EC2 instances
C.Physical security of data centers

D.Maintenance of VPC components
Answer: B
Explanation:
Correct answer is B:Application data security.

Question: 147
Which approach will achieve this goal?
Use EC2 instances in multiple AWS Regions.

Use EC2 instances in multiple Amazon CloudFront locations.
Use EC2 instances in AWS Local Zones.
Answer: A
Explanation:
Use EC2 instances in multiple AWS Regions.
Question: 148
Which migration strategy should the company use?
C.Repurchase
Answer: D
Explanation:
Question: 149
A systems administrator created a new IAM user for a developer and assigned the user an access key instead of a
user name and password. What is the access key used for?
To access the AWS account as the AWS account root user
To access all of a company’s AWS accounts
Answer: C
Explanation:
Question: 150
Which option is an environment that consists of one or more data centers?
D.AWS Outposts
Answer: B
Explanation:
An availability zone consists of multiple data centers, which are all equipped with independent power, cooling
and networking infrastructure all housed in separate facilities. A region can have multiple availability zones,
zones#:~:text=An%20availability%20zone%20consists%20of,are%20shared%20with%20different%20regions.
Question: 151
A company is moving an on-premises data center to the AWS Cloud. The company must migrate 50 petabytes of
Which AWS service or resource should the company use to meet these requirements?
A.AWS Snowmobile
B.AWS Snowball Edge
C.AWS Data Exchange
D.AWS Database Migration Service (AWS DMS)
Answer: A
Explanation:
Correct answer is A:AWS Snowmobile.
Question: 152
Which AWS service will help the company deploy the application without investing in backend infrastructure or
A.Amazon AppStream 2.0

Answer: A
Explanation:
Amazon AppStream 2.0 is a cloud-based desktop streaming service that allows companies to deploy
applications and desktops to any device, including lightweight laptops. AppStream 2.0 handles all of the
application's processing and graphics power, so students only need a web browser on their device.
Question: 153
Which AWS service will store this data MOST cost-effectively?
Amazon Aurora
Amazon S3
Answer: D
Explanation:
Correct answer is D:Amazon S3.
Question: 154
Which of the following is a recommended design principle for AWS Cloud architecture?
Design tightly coupled components.

Build a single application component that can handle all the application functionality.
Make large changes on fewer iterations to reduce chances of failure.
Answer: D
Explanation:
Avoid monolithic architecture by segmenting workloads.
Question: 155
A.AWS CloudTrail
B.Amazon Inspector
C.AWS WAF
D.AWS Config
Answer: A
Explanation:
AWS CloudTrail, you can monitor your AWS deployments in the cloud by getting a history of AWS API calls for
your account, including API calls made by using the AWS Management Console, the AWS SDKs, the command
line tools, and higher-level AWS services. You can also identify which users and accounts called AWS APIs for
services that support CloudTrail, the source IP address from which the calls were made, and when the calls
occurred. You can integrate CloudTrail into applications using the API, automate trail creation for your
organization, check the status of your trails, and control how administrators turn CloudTrail logging on and
off.
Question: 156
Which task is a customer’s responsibility, according to the AWS shared responsibility model?
B.Maintenance of the configuration of infrastructure devices

C.Management of the host operating systems and virtualization
D.Maintenance of the software that powers Availability Zones
Answer: A
Explanation:
Management of the guest operating systems.
https://aws.amazon.com/compliance/shared-responsibility-model/
Question: 157
A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances
Which service or feature will meet these requirements?
Amazon DynamoDB
Amazon EC2 Spot Instances
Answer: D
Explanation:
Correct answer is D:Amazon EC2 Auto Scaling.
Question: 158
Which AWS service or feature can be used to accomplish this?
A.AWS CloudHSM
B.AWS Key Management Service (AWS KMS)
C.AWS Secrets Manager
D.Server-side encryption
Answer: C
Explanation:
AWS Secrets Manager makes it easier to rotate, manage, and retrieve database credentials, API keys, and
other secrets throughout their lifecycle.
Question: 159
Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?
Amazon GuardDuty
Amazon Macie
Answer: B
Explanation:
Correct answer is B:Amazon Macie.

Which actions are best practices for an AWS account root user? (Choose two.)
A. Share root user credentials with team members.

B. Create multiple root users for the account, separated by environment.
C. Enable multi-factor authentication (MFA) on the root user.
D. Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user.
E. Use programmatic access instead of the root user and password.
Answer: CD
Explanation:
C. Enable multi-factor authentication (MFA) on the root user.
D. Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root
user.
Question: 161
Which solution will meet these requirements?
Create a read replica of the DB instance.
Take frequent snapshots of the DB instance. Store the snapshots in Amazon S3.
Modify the DB instance to be a Multi-AZ deployment.
Answer: D
Explanation:
Modify the DB instance to be a Multi-AZ deployment.
Question: 162
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
Reserved Instances
On-Demand Instances
Answer: A
Explanation:
Correct answer is A:Reserved Instances.
Question: 163
A company needs to transfer data between an Amazon S3 bucket and an on-premises application.
Who is responsible for the security of this data, according to the AWS shared responsibility model?
A.The company
B.AWS
C.Firewall vendor
D.AWS Marketplace partner
Answer: A
Explanation:
Correct answer is A:The company.

Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from
infrastructure or service disruptions and dynamically acquire computing resources to meet demand?
B.Reliability
C.Performance
D.Cost optimization
Answer: B
Explanation:
Question: 165
A company wants to identify Amazon S3 buckets that are shared with another AWS account.
Which AWS service or feature will meet these requirements?
AWS Lake Formation

IAM credential report
Amazon CloudWatch
Answer: D
Explanation:
Question: 166
Which AWS service gives users the ability to build interactive business intelligence dashboards that include
Amazon Athena
Amazon Kendra
Amazon QuickSight
Amazon
Answer: C
Explanation:
Correct answer is C:Amazon QuickSight.

Question: 167
Which of the following is an AWS value proposition that describes a user’s ability to scale infrastructure based on
Speed of innovation
C.Decoupled architecture
Answer: B
Explanation:
Correct answer is B:Resource elasticity.
Question: 168
Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket?
Enable S3 Cross-Region Replication (CRR) on the S3 bucket.
C.Configure AWS WAF to prevent unauthorized access to the S3 bucket.

D.Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.
Answer: B
Explanation:
Use IAM roles for applications that require access to the S3 bucket.

A company wants to know more about the benefits offered by cloud computing. The company wants to understand
the operational advantage of agility. How does AWS provide agility for users?
A.The ability the ensure high availability by deploying workloads to multiple regions
B.A pay-as-you-go model for many services and resources
C.The ability to transfer infrastructure management to the AWS Cloud
D.The ability to provision and deprovision resources quickly with minimal effort
Answer: D
Explanation:
D. The ability to provision and deprovision resources quickly with minimal effortThe agility provided by AWS is
closely tied to the ability to provision and deprovision resources rapidly. AWS allows users to scale their
infrastructure up or down based on demand, enabling them to quickly deploy new resources when needed and
release them when no longer necessary. This flexibility and speed in resource management contribute to
operational agility, allowing companies to respond more efficiently to changing business requirements.
Question: 170
D.AWS CLI
Answer: C
Explanation:
Question: 171
B.AWS Service Catalog
D.AWS Health Dashboard
Answer: B
Explanation:
Correct answer is B:AWS Service Catalog.
Question: 172
VPC Flow Logs

Amazon Inspector
VPC endpoint services
Answer: A
Explanation:
Correct answer is A:VPC Flow Logs.

Question: 173
What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility model?
Answer: C
Explanation:
Correct answer is C:Customer data.
Question: 174
C.AWS Security Hub
Answer: B
Explanation:
Correct answer is B:AWS Artifact.
Question: 175
A.AWS WAF
Answer: C
Explanation:
Correct answer is C:Amazon Inspector.
Question: 176
A.AWS DataSync
C.AWS Application Discovery Service

Answer: C
Explanation:
Question: 177
Which action will help increase security in the AWS Cloud?
Enable programmatic access for all IAM users.

Use IAM users instead of IAM roles to delegate permissions.
Use inline policies instead of customer managed policies.
Answer: C
Explanation:
C. Rotate access keys on a reoccurring basis.
Question: 178
A company is planning to migrate its application to the AWS Cloud.
Which AWS tool or set of resources should the company use to analyze and assess its readiness for migration?
A.AWS Cloud Adoption Framework (AWS CAF)
C.AWS Well-Architected Framework

D.AWS Budgets
Answer: C
Explanation:
AWS Well-Architected Framework.
Question: 179
Which of the following describes some of the core functionality of Amazon S3?
Amazon S3 is a high-performance block storage service that is designed for use with Amazon EC2.
Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data
availability.
Amazon S3 is a fully managed, highly reliable, and scalable file storage system that is accessible over the
industry-standard SMB protocol.
Answer: B
Explanation:
Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data
availability.
Question: 180
Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront
Answer: C
Explanation:
Correct answer is C:Pay-as-you-go pricing.

Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.)
AWS VPN
VPC peering
Amazon CloudFront
Answer: AC
Explanation:
A.AWS VPN.
C.AWS Direct Connect.

A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the
underlying hardware or the database software.
Amazon RDS
Amazon DynamoDB
Amazon Aurora
Amazon Redshift
Answer: B
Explanation:
Correct answer is B:Amazon DynamoDB.

Which actions are examples of a company’s effort to rightsize its AWS resources to control cloud costs? (Choose
two.)
A. Switch from Amazon RDS to Amazon DynamoDB to accommodate NoSQL datasets.

B. Base the selection of Amazon EC2 instance types on past utilization patterns.
C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers.
D. Use Multi-AZ deployments for Amazon RDS.
E. Replace existing Amazon EC2 instances with AWS Elastic Beanstalk.
Answer: BC
Explanation:
B. Base the selection of Amazon EC2 instance types on past utilization patterns.
C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage
tiers.
Question: 184
Answer: B
Explanation:
Question: 185
Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Choose two.)
Enable
Automatically scale to meet demand.
Deploy resources globally to improve response time.
Answer: CE
Explanation:
C. Automatically scale to meet demand.
E. Automatically recover from failure.
Question: 186
A company that uses AWS needs to transfer 2 TB of data.
Which type of transfer of that data would result in no cost for the company?
Inbound data transfer from the internet

Outbound data transfer to the internet
Data transfer between Availability Zones
Answer: A
Explanation:
Inbound data transfer from the internet.

A company wants to create templates that the company can reuse to deploy multiple AWS resources.
Which AWS service or feature can the company use to meet this requirement?
AWS Marketplace
Amazon Machine Image (AMI)
D.AWS OpsWorks
Answer: C
Explanation:
Correct answer is C:AWS Cloud Formation.

A company is building an application that requires the ability to send, store, and receive messages between
application components. The company has another requirement to process messages in first-in, first-out (FIFO)
order.
Which AWS service should the company use?
A.AWS Step Functions

B.Amazon Simple Notification Service (Amazon SNS)
C.Amazon Kinesis Data Streams
D.Amazon Simple Queue Service (Amazon SQS)
Answer: D
Explanation:
Amazon SQS FIFO queues preserve the order in which messages are sent and received, and avoid that a
message is processed more than once. This ensures that the messages are processed in first-in, first-out
(FIFO) order1.
Question: 189
A.AWS API
Answer: D
Explanation:
Correct answer is D:AWS CloudShell.
Question: 190
Amazon Athena
Amazon RDS
Amazon EC2
Amazon DynamoDB
Amazon Aurora
Answer: BE
Explanation:
B. Amazon RDS.
E. Amazon Aurora.
Question: 191
A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is
intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and
C.AWS Storage Gateway
Answer: D
Explanation:
Correct answer is D:AWS Snowball Edge.
Which AWS service or feature will give the application permission to access required AWS services?
C.AWS Security Hub

D.Amazon GuardDuty
Answer: B
Explanation:
IAM provides fine-grained access control across all of AWS.
Question: 193
A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the
Which service should be used to deploy the application?

D.AWS OpsWorks
Answer: B
Explanation:
applications and services developed with Java, . NET, PHP, Node. js, Python, Ruby, Go, and Docker on familiar
Question: 194
A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs
Amazon CloudFront
Amazon S3
Amazon Elastic Transcoder
Answer: A
Explanation:
Question: 195
A company needs to use third-party software for its workload on AWS.
A.AWS Resource Access Manager
C.AWS License Manager
Answer: D
Explanation:
Correct answer is D:AWS Marketplace.

https://docs.aws.amazon.com/marketplace/latest/userguide/what-is-marketplace.html
Question: 196
A company needs fully managed, highly reliable, and scalable file storage that is accessible over the Server
Amazon S3
Amazon FSx for Windows File Server
Answer: C
Explanation:
Amazon FSx for Windows File Server.
Question: 197
Amazon GuardDuty
Amazon Detective
D.AWS WAF
Answer: A
Explanation:
Question: 198
A.Configure identity and access management for applications.
C.Configure security groups for Amazon EC2 instances.

D.Maintain the physical hardware of the infrastructure.
Answer: D
Explanation:
Maintain the physical hardware of the infrastructure.
Question: 199
A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the
Which AWS managed service allows this?
B.NAT gateway
C.Amazon PrivateLink
D.VPC peering
Answer: B
Explanation:
Question: 200
Which actions are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)
Securing the virtualization layer
Answer: AD
Explanation:
D. Patching the operating system on Amazon RDS instances.
Question: 201
A company is storing data that will not be frequently accessed in the AWS Cloud. If the company needs to access
the data, the data needs to be retrieved within 12 hours. The company wants a solution that is cost-effective for
Which Amazon S3 storage class will meet these requirements?
A.S3 Standard
B.S3 Glacier Flexible Retrieval
C.S3 One Zone-Infrequent Access (S3 One Zone-IA)
Answer: B
Explanation:
Question: 202
D.AWS Identity and Access Management Access Analyzer
Answer: D
Explanation:
Question: 203
A company needs to engage third-party consultants to help maintain and support its AWS environment and the
Which AWS service or resource will meet these requirements?
B.AWS Organizations
C.AWS Service Catalog
Answer: D
Explanation:
Question: 204
A company wants to create Amazon QuickSight dashboards every week by using its billing data.
Which AWS feature or tool can the company use to meet these requirements?
B.AWS Cost Explorer

C.AWS Cost and Usage Report
D.AWS Cost Anomaly Detection
Answer: C
Explanation:
AWS Cost and Usage Report.

A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises
storage with storage that is cloud-based but locally cached.
A.AWS Storage Gateway

B.AWS Snowcone
C.AWS Backup
D.Amazon Elastic File System (Amazon EFS)
Answer: A
Explanation:
A. AWS Storage Gateway
AWS Storage Gateway is a service that connects an on-premises software appliance with cloud-based
storage to provide seamless and secure integration between an organization's on-premises IT environment
and AWS's storage infrastructure. It allows the company to store data backups in the cloud while caching a
copy locally for low-latency access.
There are different options of Storage Gateway, but two types that could be used for this use case are:
File Gateway (NFS) - allows to store and retrieve files as objects in Amazon S3 and access them through a file
interface.
Volume Gateway (iSCSI) - allows to create storage volumes and mount them as iSCSI devices from on-
premises application and access them as locally attached disks.
Both options provide a cloud-based storage that is locally cached, which meets the company's requirement.
Question: 206
Which solution will meet these requirements?
Access the AWS Cost Management console to organize resources, set an AWS budget, and receive
Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level.
Create Amazon CloudWatch dashboards to visually organize and track costs individually.
Answer: A
Explanation:
Access the AWS Cost Management console to organize resources, set an AWS budget, and receive
notifications of unintentional usage.
Question: 207
Which AWS service can the company use to meet this requirement?
B.AWS Service Catalog

C.Amazon Simple Queue Service (Amazon SQS)
D.AWS Batch
Answer: D
Explanation:
D is correct" AWS Batch Fully managed batch processing at any scale• Efficiently run 100,000s of computing
batch jobs on AWS• A “batch” job is a job with a start and an end (opposed to continuous)• Batch will
dynamically launch EC2 instances or Spot Instances• AWS Batch provisions the right amount of compute /
Question: 208
Which AWS services or features provide high availability and low latency by enabling failover across different
AWS Regions? (Choose two.)
Amazon Route 53
Network Load Balancer
Answer: AD
Explanation:
A. Amazon Route 53.
D.AWS Global Accelerator.
Question: 209
Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS Cloud?
Scale the number of EC2 instances in or out automatically, based on demand.

Use serverless EC2 instances.
Transfer unused CPU resources between EC2 instances.
Answer: A
Explanation:
Scale the number of EC2 instances in or out automatically, based on demand.
Question: 210
Which abilities are benefits of the AWS Cloud? (Choose two.)
Trade variable expenses for capital expenses.

Deploy globally in minutes.
Plan capacity in advance of deployments.
Take advantage of economies of scale.
Reduce dependencies on network connectivity.
Answer: BD
Explanation:
D. Take advantage of economies of scale.
Question: 211
Which AWS security service protects applications from distributed denial of service attacks with always-on
Amazon Inspector
D.AWS Shield
Answer: D
Explanation:
Correct answer is D:AWS Shield.
Question: 212
A.AWS CloudFormation
C.AWS Cloud Development Kit (AWS CDK)

D.AWS Systems Manager
Answer: C
Explanation:
AWS CDK is an open-source software development framework that helps you model cloud application
resources using familiar programming languages, and then provision your infrastructure using
CloudFormation directly from your IDE
Question: 213
Which Amazon EC2 instance pricing model can provide discounts of up to 90%?
A.Reserved Instances
D.Spot Instances
Answer: D
Explanation:
Question: 214
Which of the following acts as an instance-level firewall to control inbound and outbound access?
A.Network access control list

D.Virtual private gateways
Answer: B
Explanation:
B is correct "Security Groups: Firewall attached to the EC2 instance".
Question: 215
A company must be able to develop, test, and launch an application in the AWS Cloud quickly.
Which advantage of cloud computing will meet these requirements?

Stop guessing capacity
Trade fixed expense for variable expense
Achieve economies of scale
Increase speed and agility
Answer: D
Explanation:
Increase speed and agility.
Question: 216
A company has teams that have different job roles and responsibilities. The company’s employees often change
teams. The company needs to manage permissions for the employees so that the permissions are appropriate for
Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?
IAM instance profiles

IAM policies for individual users
Answer: B
Explanation:
Correct answer is B:IAM roles.
Question: 217
A.AWS Shield
Answer: B
Explanation:
Correct answer is B:AWS Secrets Manager.
Question: 218
What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them as
D.Amazon Inspector
Answer: C
Explanation:
Correct answer is C:AWS Artifact.
Question: 219
Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)
C.TLS
D.SSL
E.Transparent Data Encryption (TDE)
Answer: AB
Explanation:
Server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
Server-side encryption with AWS KMS managed keys (SSE-KMS).

A company wants to integrate its online shopping website with social media login credentials.
Which AWS service can the company use to make this integration?
A.AWS Directory Service

B.AWS Identity and Access Management (IAM)
C.Amazon Cognito
D.AWS IAM Identity Center (AWS Single Sign-On)
Answer: C
Explanation:
For integrating the online shopping website with social media login credentials, the most suitable AWS
service would be C. Amazon Cognito. Cognito provides user authentication, authorization, and management
for web and mobile applications. It includes features specifically designed for integrating social media logins
(such as Facebook, Google, or Amazon) into applications, making it easier to manage user identities from
various sources.
D.Amazon Inspector
Answer: B
Explanation:
Correct answer is B:AWS Config.
Question: 222
A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed?
A.3 hours, 5 minutes

B.3 hours, 5 minutes, and 6 seconds
C.3 hours, 6 minutes
D.4 hours
Answer: B
Explanation:
Question: 223
A company website is experiencing DDoS attacks.
Which AWS service can help protect the company website against these attacks?
A.AWS Resource Access Manager
C.AWS Shield
D.Amazon GuardDuty
Answer: C
Explanation:
Correct answer is C:AWS Shield.

Question: 224
Which AWS service or tool will meet these requirements?
Answer: D
Explanation:

A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments.
The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify
billing processes.
Which AWS service or tool should the company use to meet these requirements?
A.AWS Organizations
B.Cost Explorer
C.AWS Budgets
Answer: A
Explanation:
AWS Organizations is a service that allows you to consolidate multiple AWS accounts into an organization
that you create and centrally manage. It enables you to automate the creation of AWS accounts, apply
Service Control Policies (SCPs) to manage permissions across accounts, and simplify billing by using
consolidated billing.
Question: 226
A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services
Which combination of AWS services can the company use to gather the required information? (Choose two.)
B.AWS Systems Manager
D.AWS Service Health Dashboard

E.AWS Service Catalog
Answer: AD
Explanation:
AWS Personal Health Dashboard - gives you a personalized view of the status of the Amazon Web Services
services that power your applications, enabling you to quickly see when Amazon Web Services is experiencing
issues that may impact you.AWS Health notifies you about service events, planned changes, and account
notifications to help you manage and take actions.

A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS.
Which AWS service or tool should the company use to meet this requirement?
A.Cloud Adoption Readiness Tool

B.AWS Migration Hub
C.AWS Database Migration Service (AWS DMS)
D.AWS Application Migration Service
Answer: C
Explanation:
key - "Database" AWS Database Migration ServiceAWS Cloud Readiness - See your responses and scores
across the six AWS Cloud Adoption Framework (CAF) perspectives summarized in detail.AWS Migration Hub
provides a central location to collect server and application inventory data for the assessment, planning, and
tracking of migrationsAWS Database Migration Service (AWS DMS) is a managed migration and replication
service that helps you move your databases and analytics workloads to AWS quickly and securely. AWS
Application Migration Service (AWS MGN) is the recommended service for migrations to AWS. AWS
Application Migration Service simplifies and expedites your migration to AWS by automatically converting
your source servers from physical, virtual, or cloud infrastructure to run natively on AWS.
Question: 228
Which cloud concept is demonstrated by using AWS Compute Optimizer?
A.Security validation
D.Global reach
Answer: B
Explanation:
Question: 229
A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be
considered sensitive.
Which AWS service will meet the requirement?
Amazon Inspector
Amazon Macie
Answer: B
Explanation:
B. Amazon MacieAmazon Macie is specifically designed to help discover, classify, and protect sensitive data
stored in AWS. It uses machine learning and pattern matching to automatically identify and classify sensitive
data within various AWS services like S3 buckets, helping companies better understand their data and
enforce security policies.
Question: 230
A user has a stateful workload that will run on Amazon EC2 for the next 3 years.
What is the MOST cost-effective pricing model for this workload?
Answer: B
Explanation:
Reserved Instances provide a significant discount compared to On-Demand Instances while offering a
commitment to a specific instance type in a particular region for a term of 1 or 3 years. Since the workload is
expected to run continuously for the next 3 years, a Reserved Instance with a 3-year term would provide the
Question: 231
Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
C.AWS Key Management Service (AWS KMS)

Answer: B
Explanation:
Correct answer is B:AWS customers.

What can a user accomplish using AWS CloudTrail?
A.Generate an IAM user credentials report.

B.Record API calls made to AWS services.
C.Assess the compliance of AWS resource configurations with policies and guidelines.
D.Ensure that Amazon EC2 instances are patched with the latest security updates.
Answer: B
Explanation:
B. Record API calls made to AWS services.AWS CloudTrail is a service that enables governance, compliance,
operational auditing, and risk auditing of your AWS account. It records API calls made on your account,
including who made the call, the services used, the actions performed, and when they occurred. This
information is valuable for security analysis, resource change tracking, and troubleshooting.
Question: 233
A company is planning to host its workloads on AWS.
Which AWS service requires the company to update and patch the guest operating system?
Amazon DynamoDB
Amazon S3
Amazon EC2
Amazon Aurora
Answer: C
Explanation:
C. Amazon EC2Amazon EC2 (Elastic Compute Cloud) is the AWS service that provides resizable compute
capacity in the cloud. When you use EC2 instances, you have control over the guest operating system, and it is

Which AWS service or feature will search for and identify AWS resources that are shared externally?
A.Amazon OpenSearch Service

B.AWS Control Tower
C.AWS IAM Access Analyzer
D.AWS Fargate
Answer: C
Explanation:
Correct answer is C:AWS IAM Access Analyzer.

A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch
management for the guest operating systems that host its applications.
A.Amazon DynamoDB
B.Amazon EC2
C.AWS Lambda
D.Amazon RDS
Answer: B
Explanation:
B. Amazon EC2Amazon EC2 (Elastic Compute Cloud) allows the company to retain full control over the guest
operating systems, including patch management. With EC2, you have the flexibility to choose the operating
system, configure security settings, and apply patches as needed. This level of control is suitable for
scenarios where the company wants to manage the entire software stack, including the operating system.
Question: 236
At what support level do users receive access to a support concierge?
D.Enterprise
Answer: D
Explanation:
Correct answer is D:Enterprise Support.
Question: 237
Which AWS service can a company use to visually design and build serverless applications?
A.AWS Lambda
C.AWS Application Composer

D.AWS App Runner
Answer: C
Explanation:
Question: 238
A company wants to migrate to AWS and use the same security software it uses on premises. The security
Where can the company purchase the security solution?
A.AWS Partner Solutions Finder
C.AWS Management Console
Answer: D
Explanation:
Correct answer is D:AWS Marketplace.
Question: 239
A company has deployed an Amazon EC2 instance.
Which option is an AWS responsibility under the AWS shared responsibility model?
A.Managing and encrypting application data

B.Installing updates and security patches of guest operating system
D.Configuration of security groups on each instance
Answer: C
Explanation:
Configuration of infrastructure devices.

Which AWS service or resource will meet these requirements with the LEAST management overhead?
PostgreSQL on Amazon EC2

Amazon RDS for PostgreSQL
Amazon Aurora PostgreSQL-Compatible Edition
Amazon Aurora Serverless
Answer: B
Explanation:
Amazon RDS for PostgreSQL.
Question: 241
A company is using Amazon DynamoDB for its application database.
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)
Classify data.
Provide public endpoints to store and retrieve data.

Manage the infrastructure layer and the operating system.
Answer: DE
Explanation:
D. Provide public endpoints to store and retrieve data.
E. Manage the infrastructure layer and the operating system.
Question: 242
A company wants to create a globally accessible ecommerce platform for its customers. The company wants to
use a highly available and scalable DNS web service to connect users to the platform.
Amazon EC2
Amazon VPC
Amazon Route 53
Amazon RDS
Answer: C
Explanation:
instances, AWS Elastic Load Balancers, or other resources. Route 53 provides a reliable and cost-effective
way to ensure that users can access your globally distributed ecommerce platform with low-latency and high
availability.
Question: 243
Which maintenance task is the customer’s responsibility, according to the AWS shared responsibility model?
Physical connectivity among Availability Zones

Network switch maintenance
Amazon EC2 updates and security patches
Answer: D
Explanation:
Amazon EC2 updates and security patches.
Question: 244
A company wants to improve its security posture by reviewing user activity through API calls.
AWS WAF
Amazon Detective
Amazon CloudWatch
Answer: D
Explanation:
Question: 245
A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to 6 months on AWS.
Use Savings Plans for a 3-year term.

Use Dedicated Hosts.
Buy Reserved Instances.
Use On-Demand Instances.
Answer: D
Explanation:
Correct answer is D:Use On-Demand Instances.
Question: 246
A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The
company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instances.
Which action should the company take to assess its readiness to scale for this launch?
Replace the EC2 instances with AWS Lambda functions.

Use AWS Infrastructure Event Management (IEM) support.
Submit a request on AWS Marketplace to monitor the event.
Answer: B
Explanation:
Use AWS Infrastructure Event Management (IEM) support.

A company wants to launch multiple workloads on AWS. Each workload is related to a different business unit. The
company wants to separate and track costs for each business unit.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS Organizations and create one account for each business unit.
B. Use a spreadsheet to control the owners and cost of each resource.
C. Use an Amazon DynamoDB table to record costs for each business unit.
D. Use the AWS Billing console to assign owners to resources and track costs.
Answer: A
Explanation:
A. Use AWS Organizations and create one account for each business unit.
Using AWS Organizations allows you to centrally manage and govern multiple AWS accounts. By creating
separate accounts for each business unit, you can easily isolate and track costs for each unit without mixing
them up. This approach provides a clear separation of resources and costs, simplifying cost management and
tracking. Additionally, AWS provides consolidated billing and cost allocation features within Organizations,
making it easier to manage billing and costs across multiple accounts.
Question: 248
A company wants a time-series database service that makes it easier to store and analyze trillions of events each
day.
Amazon Neptune
Amazon Timestream
Amazon Forecast
Answer: B
Explanation:
B is correct "Amazon Timestream is a fast, scalable, and serverless time-series database service that makes it
easier to store and analyze trillions of events per day up to 1,000 times faster. Amazon Timestream
automatically scales up or down to adjust capacity and performance, so that you don’t have to manage the
underlying infrastructure."

Which option is a shared control between AWS and the customer, according to the AWS shared responsibility
model?
A. Configuration management
B. Physical and environmental controls
C. Data integrity authentication
D. Identity and access management
Answer: A
Explanation:
1. A is correct "Shared controls:• Patch Management, Configuration Management, Awareness & Training"
2. Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in
completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the
infrastructure and the customer must provide their own control implementation within their use of AWS
services. Examples include:Patch Management – AWS is responsible for patching and fixing flaws within the
infrastructure, but customers are responsible for patching their guest OS and applications.Configuration
Management – AWS maintains the configuration of its infrastructure devices, but a customer is responsible
for configuring their own guest operating systems, databases, and applications.Awareness & Training - AWS
trains AWS employees, but a customer must train their own employees.
Question: 250
A company often does not use all of its current Amazon EC2 capacity to run stateless workloads. The company
Which EC2 instance type will meet these requirements?
Answer: A
Explanation:
your business. Spot requests depends on Amazon EC2 capacity availability.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html

A company wants to store data in Amazon S3. The company rarely access the data, and the data can be
regenerated if necessary. The company wants to store the data in the most cost-effective storage class.
Which S3 storage class will meet this requirement?
A.S3 Standard
B.S3 Intelligent-Tiering
D.S3 One Zone-Infrequent Access (S3 One Zone-IA)
Answer: D
Explanation:
S3 One Zone-IA is ideal for customers who want a lower-cost option for infrequently accessed.

A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more
efficiently and securely. Which AWS service or framework should the company use for operational support?
A.AWS Support
B. AWS Cloud Adoption Framework (AWS CAF)
C.AWS Managed Services (AMS)
D.AWS Well-Architected Framework
Answer: C
Explanation:
AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely. We
leverage standard AWS services and offer operational guidance with specialized automations, skills, and
experience that are contextual to your environment and applications.
Question: 253
B.AWS CloudFormation
D.AWS Cloud Development Kit (AWS CDK)
Answer: D
Explanation:
Question: 254
Which Amazon EC2 pricing model provides the MOST cost savings for an always-up, right-sized database server
1
B.Convertible Reserved Instances

C.Spot Instances
D.Standard Reserved Instances
Answer: D
Explanation:
It is D, because it says right-sized, meaning that most probably the instance will not change and we need more
cost effective. Thus, standard Reserved Instances.
Question: 255
A company has a physical tape library to store data backups. The tape library is running out of space. The company
Which AWS service should the company use to meet this requirement?

Amazon S3
Answer: D
Explanation:
Correct answer is D:AWS Storage Gateway.

A company is using the AWS Free Tier for several AWS services for an application.
What will happen if the Free Tier usage period expires or if the application use exceeds the Free Tier usage limits?
A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free
Tier usage.
B. AWS Support will contact the company to set up standard service charges.
C. The company will be charged for the services it consumed during the Free Tier period, plus additional charges
for service consumption after the Free Tier period.
D. The company's AWS account will be frozen and can be restarted after a payment plan is established.
Answer: A
Explanation:
The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free
Tier usage.
Question: 257
A company wants to monitor its workload performance. The company wants to ensure that the cloud services are
B.Governance
Answer: D
Explanation:
D. The Operations perspective helps ensure that your cloud services are delivered at a level that meets the
Question: 258
A company wants to migrate its applications to the AWS Cloud. The company plans to identify and prioritize any
business transformation opportunities and evaluate its AWS Cloud readiness.
A.AWS Cloud Adoption Framework (AWS CAF)
C.AWS Well-Architected Framework

D.AWS Migration Hub
Answer: A
Explanation:

A company need an AWS service that provides a clear baseline of what the company runs in its on-premises data
centers. The company needs the projected cost to run its on-premises workloads in the AWS Cloud.
What AWS service or tool will meet these requirements?
A.AWS Compute Optimizer

B.AWS Cost Explorer
C. AWS Systems Manager Agent (SSM Agent)
D.Migration Evaluator
Answer: D
Explanation:
D Migration Evaluator is a migration assessment service that helps you create a directional business case for
AWS cloud planning and migration. To project future-state cloud costs, Migration Evaluator provides (a clear
baseline) of what your organization is running today and projects AWS costs based on measured on-premises
provisioning and utilization.
Question: 260
Which AWS service or tool can the company use to consolidate the billing for these two accounts?
A.AWS Systems Manager
Answer: B
Explanation:
that you create and centrally manage. It helps you to simplify billing by allowing you to consolidate payment
methods for all linked accounts. This way, you can benefit from volume discounts and have a centralized view
of your AWS spending. It also provides features for policy-based management, which helps you enforce
policies across your accounts, among other organizational benefits.
Question: 261
A company wants to set up its workloads to perform their intended functions and recover quickly from failure.
A.Performance efficiency
Answer: C
Explanation:
The Reliability pillar of the AWS Well-Architected Framework focuses on ensuring a workload performs its
customer demands. It emphasizes designing for failure and implementing mechanisms to automatically
Question: 262
Which of the following is a managed AWS service that is used specifically for extract, transform, and load (ETL)
A.Amazon Athena
B.AWS Glue
C.Amazon S3
D.AWS Snowball Edge
Answer: B
Explanation:
Correct answer is B:AWS Glue.
Glue: Managed extract, transform, and load (ETL) service.
Question: 263
A company wants to migrate petabytes of data from its on-premises data center to AWS. The company does not
A.AWS DataSync
C.AWS Snowmobile
Answer: C
Explanation:
CAWS Snowmobile is an exabyte-scale data transfer service that is used to move large volumes of data to
Amazon Web Services. Each Snowmobile allows transfer for up to 100PB of data. It is a 45-foot-long
ruggedized shipping container that is pulled by a semi-trailer truck.

A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.
Which AWS offering will meet these requirements?
A. Amazon EventBridge
B. Compute Savings Plans
C.AWS Budgets
D.Migration Evaluator
Answer: C
Explanation:
C. 76AWS Budgets AWS Budgets allows you to set custom budgets to track your cost and usage from the
simplest to the most complex use cases. With AWS Budgets, you can set alerts when your costs or usage
exceed (or are forecasted to exceed) your budgeted amount. This service provides notifications that can help
the company manage its spending on AWS and stay within its desired budget. AWS Budgets can send alerts
via email or integrate with Amazon Simple Notification Service (SNS) for more advanced notification options.
Question: 265
How does the AWS Enterprise Support Concierge team help users?
C.Answering billing and account inquiries

D.Answering questions regarding technical support cases
Answer: C
Explanation:
The Enterprise Support Concierge is a group of AWS billing and account experts that specialize in working
Question: 266
A company wants to run a simulation for 3 years without interruptions.
Which Amazon EC2 instance purchasing option will meet these requirements MOST cost-effectively?
B.Reserved Instances
Answer: B
Explanation:
B. Reserved Instances Reserved Instances provide cost savings compared to On-Demand Instances, especially
Question: 267
B.AWS Pricing Calculator

C.Savings Plans
D.Basic Support
Answer: C
Explanation:
Savings Plans offer significant savings over On-Demand Instances, in exchange for a commitment to use a
https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-reservation-models/savings-plans.html
Question: 268
Cost
E.Continuous development
Answer: BC
Explanation:
Cost optimization.

A company wants to use Amazon EC2 instances to provide a static website to users all over the world. The
company needs to minimize latency for the users.
Which solution meets these requirements?
A. Use EC2 instances in multiple edge locations.

B. Use EC2 instances in the same Availability Zone but in different AWS Regions.
C. Use Amazon CloudFront with the EC2 instances configured as the source.
D. Use EC2 instances in the same Availability Zone but in different AWS accounts.
Answer: C
Explanation:
Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of your
websites, APIs, video content, or other web assets. In this scenario, using Amazon CloudFront is the most
suitable option to minimize latency for users all over the world.

A team of researchers is going to collect data at remote locations around the world. Many locations do not have
internet connectivity. The team needs to capture the data in the field, and transfer it to the AWS Cloud later.
Which AWS service will support these requirements?
A.AWS Outposts
B.AWS Transfer Family
C.AWS Snow Family
D.AWS Migration Hub
Answer: C
Explanation:
The AWS Snow Family is designed for situations where you need to transfer large amounts of data to and
from the AWS Cloud but have limited or no internet connectivity. In this scenario, AWS Snow Family devices
(such as AWS Snowball or AWS Snowmobile) can be used to physically transfer data.
Question: 271
Which of the following are benefits that a company receives when it moves an on-premises production workload to
A.AWS trains the company's staff on the use of all the AWS services.
E.AWS provides economies of scale.
Answer: DE
Explanation:
E. AWS provides economies of scale.
Question: 272
A company has decided to adopt Amazon EC2 infrastructure and wants to scale various stateless services for
Which EC2 pricing model is MOST cost-efficient to meet these requirements?
On-Demand Instances
Answer: A
Explanation:
Question: 273
Which of the following are benefits of AWS Trusted Advisor? (Choose two.)
Access to Amazon Simple Queue Service (Amazon SQS)

Cost optimization recommendations
Hourly refresh of the service limit checks
Answer: BD
Explanation:
D. Security checks.
Question: 274
D.S3 Inventory
Answer: B
Explanation:
classes or delete them when they are no longer needed. In the context of cost savings and archiving data that

Which cloud computing advantage is a company applying when it uses AWS Regions to increase application
availability to users in different countries?
A.Pay-as-you-go pricing
B.Capacity forecasting
C.Economies of scale
D.Global reach
Answer: D
Explanation:
When a company uses AWS Regions to increase application availability to users in different countries, it is
leveraging the global reach of cloud computing. AWS Regions are geographically distributed data center
clusters, and each Region consists of multiple Availability Zones. Deploying applications across multiple AWS
Regions allows companies to provide low-latency access to their services for users in different geographical
locations, thereby improving global reach and availability.
Question: 276
A company wants an AWS service to collect and process 10 TB of data locally and transfer the data to AWS. The
A.AWS Database Migration Service (AWS DMS)
C.AWS Backup
D.AWS Snowball Edge
Answer: D
Explanation:
Correct answer is D:AWS Snowball Edge.
Question: 277
Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the
Make frequent, small, reversible changes.

Implement a strong foundation of identity and access management
Stop spending money on hardware infrastructure for data center operations.
Answer: B
Explanation:
Make frequent, small, reversible changes.

What is a benefit of using AWS serverless computing?
A.Application deployment and management are not required.

B.Application security will be fully managed by AWS.
C.Monitoring and logging are not needed.
D.Management of infrastructure is offloaded to AWS.
Answer: D
Explanation:
D. Management of infrastructure is offloaded to AWS.One of the benefits of using AWS serverless computing
is that it offloads the management of infrastructure to AWS. With serverless computing, developers can focus
on writing code without worrying about server provisioning, scaling, or maintenance. AWS takes care of the
underlying infrastructure, allowing developers to concentrate on building and deploying applications.
Question: 279
A developer wants AWS users to access AWS services by using temporary security credentials.
Which AWS service or feature should the developer use to provide these credentials?
Answer: C
Explanation:
C. AWS Security Token Service (AWS STS)AWS STS allows you to grant users and systems temporary access
to AWS resources. Users can assume an IAM role for a limited time to access AWS services, which STS
facilitates by providing temporary security credentials. This service is particularly useful in scenarios where
you need to provide access that is limited in time and scope, such as for cross-account access or federated
user access.
Question: 280
A global company wants to use a managed security service for protection from SQL injection attacks. The service
also must provide detailed logging information about access to the company's ecommerce applications.
AWS Network Firewall

Amazon RDS for SQL Server
Amazon GuardDuty
D.AWS WAF
Answer: D
Explanation:
Correct answer is D:AWS WAF.
Question: 281
A company is migrating its on-premises server to an Amazon EC2 instance. The server must stay active at all times
Which EC2 pricing option is the MOST cost-effective for the company's workload?
C.Spot Instances
D.Reserved Instances
Answer: D
Explanation:
Correct answer is D:Reserved Instances.
Question: 282
Which of the following is the customer's responsibility under the AWS shared responsibility model? (Choose two.)
Maintain the configuration of infrastructure devices.

Maintain patching and updates within the hardware infrastructure.
C.Maintain the configuration of guest operating systems and applications.
D.Manage decisions involving encryption options.
Answer: CD
Explanation:
Under the AWS shared responsibility model, AWS manages the infrastructure, while the customer is
responsible for the management of the guest operating systems (including updates and security patches),
application software, and for the configuration of AWS provided security group firewalls. The customer also
has to manage encryption options and key management, except for the infrastructure where AWS manages
these (e.g., managed services).
Question: 283
A company wants to verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts.
A.AWS Cost and Usage Report
D.Amazon CloudFront reports
Answer: B
Explanation:
IAM credential reports provide a way to audit the status of all your IAM credentials, including the status of
Question: 284
Amazon GuardDuty
Amazon Inspector
Answer: D
Explanation:
Question: 285
Which AWS Well-Architected Framework pillar represents these requirements?
Answer: B
Explanation:
B.Keyphrase for operational excellence: Run and monitor systems to deliver business value and to "improve
supporting processes and procedures".
Question: 286
A company uses Amazon S3 to store records that can contain personally identifiable information (PII). The
company wants a solution that can monitor all S3 buckets for PII and immediately alert staff about vulnerabilities.
Amazon GuardDuty
Amazon Detective
Answer: C
Explanation:
Question: 287
Which AWS service allows users to download security and compliance reports about the AWS infrastructure on
A.Amazon GuardDuty
Answer: C
Explanation:
Correct answer is C:AWS Artifact.

An external auditor has requested that a company provide a list of all its IAM users, including the status of users'
credentials and access keys.
What is the SIMPLEST way to provide this information?
A. Create an IAM user account for the auditor, granting the auditor administrator permissions.
B. Take a screenshot of each user's page in the AWS Management Console, then provide the screenshots to the
auditor.
C. Download the IAM credential report, then provide the report to the auditor.
D. Download the AWS Trusted Advisor report, then provide the report to the auditor.
Answer: C
Explanation:
Download the IAM credential report, then provide the report to the auditor.
Question: 289
Allow access to an Amazon EC2 instance through only a specific port.

Deny access to malicious IP addresses at a subnet level.
Protect data that is cached by Amazon CloudFront.
Apply a stateless firewall to an Amazon EC2 instance.
Answer: A
Explanation:
Allow access to an Amazon EC2 instance through only a specific port.
Question: 290
Which Amazon EC2 instance type should the company use?
Compute
General purpose
Answer: A
Explanation:
Answer is A.Accelerated computing instances are made to work with graphic intensive workloads.

Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.)
A. They are stateless.

B. They are stateful.
C. They evaluate all rules before allowing traffic.
D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.
E. They operate at the instance level.
Answer: AD
Explanation:
A. They are stateless.
D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.
A. Network ACLs (Access Control Lists) in AWS are stateless, meaning they do not keep track of the state of
established connections. Each rule in a network ACL is applied independently of the others.
D. Network ACLs process rules in order, starting with the lowest numbered rule. Once a rule is matched, no
further rules are evaluated, which makes the order of rules important.
Question: 292
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Choose
C.Continuous integration and continuous delivery (CI/CD)
E.Change and release management
Answer: BC
Explanation:
B. Data engineering.
Question: 293
According to the AWS shared responsibility model, the customer is responsible for applying the latest security
A.Amazon DynamoDB
B.Amazon EC2 instances
C.Amazon RDS instances
D.Amazon S3
Answer: B
Explanation:
The customer is responsible for applying the latest security updates and patches to Amazon EC2 instances.
Question: 294
Which Amazon S3 storage class is MOST cost-effective for unknown access patterns?
A.S3 Standard
C.S3 One Zone-Infrequent Access (S3 One Zone-IA)
Answer: D
Explanation:
D. S3 Intelligent-TieringS3 Intelligent-Tiering is the most cost-effective option for unknown access patterns.
It automatically moves objects between two access tiers (frequent and infrequent access) based on changing
access patterns. This helps optimize costs for data with unknown or changing access patterns.
Question: 295
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)
E.Availability and continuity
Answer: CD
Explanation:
C .Incident response.
D .Infrastructure protection.
Question: 296
Enable AWS Shield Advanced.
Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace.
Use AWS Key Management Service (AWS KMS) to create a customer-managed key.
Answer: B
Explanation:
B. Create a custom IAM policy.If the existing managed IAM policy does not provide the necessary permissions,
you can create a custom IAM policy tailored to the specific permissions required by the users. This allows you
to define and grant the permissions needed for the tasks.
Question: 297
Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility
B.The customer is responsible for rotating keys.

C.AWS will rotate the keys whenever required.
D.The AWS Support team will rotate keys when requested by the customer.
Answer: B
Explanation:
The customer is responsible for rotating keys.

A company needs to run a pre-installed third-party firewall on an Amazon EC2 instance.
Which AWS service or feature can provide this solution?
A. Network ACLs
B. Security groups
C.AWS Marketplace
Answer: C
Explanation:
AWS Marketplace is a digital catalog that includes thousands of software listings from independent software
vendors that make it easy to find, test, buy, and deploy software on AWS – including pre-installed third-party
firewalls.
The correct answer is C. AWS Marketplace.Here's why AWS Marketplace is the most suitable option for
running a pre-installed third-party firewall on an EC2 instance:AWS Marketplace provides a wide range of
Question: 299
Which AWS Cloud benefit gives a company the ability to quickly deploy cloud resources to access compute,
B.Cost savings
Answer: C
Explanation:
Agility in cloud computing refers to the ability to quickly develop, test, and launch applications that the
Question: 300
Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?
C.Patching of the guest operating system

D.Physical and environmental controls
Answer: D
Explanation:
AWS is responsible for the protection of the physical infrastructure and environment of its data centers. This
Question: 301
Which of the following is a characteristic of the AWS account root user?
The root user is the only user that can be configured with multi-factor authentication (MFA).
The root user is the first sign-in identity that is available when an AWS account is created.
Answer: C
Explanation:
The root user is the first sign-in identity that is available when an AWS account is created.

An Amazon EC2 instance previously used for development is inaccessible and no longer appears in the AWS
Management Console.
Which AWS service should be used to determine what action made this EC2 instance inaccessible?
A. Amazon CloudWatch Logs

B.AWS Security Hub
C.Amazon Inspector
D.AWS CloudTraiI
Answer: D
Explanation:
D. AWS CloudTrailAWS CloudTrail is the service that records API calls and related events made on your AWS
account. If an Amazon EC2 instance is inaccessible or if there are actions taken on the instance, CloudTrail
can be used to determine what actions were performed, who performed them, and when they occurred. It
provides a detailed history of changes and activity within your AWS environment.

A company's application developers need to quickly provision and manage AWS services by using scripts.
Which AWS offering should the developers use to meet these requirements?
A.AWS CLI
B. AWS CodeBuild
C. AWS Cloud Adoption Framework (AWS CAF)
D.AWS Systems Manager Session Manager
Answer: A
Explanation:
A.AWS CLI allows you to manage services using scripts.
The AWS CLI is a command-line tool provided by AWS that allows developers and administrators to interact
with AWS services directly from the command line.It provides a set of commands for a broad set of AWS
services, allowing users to perform tasks such as creating and managing EC2 instances, configuring S3
buckets, managing IAM users, and more.Developers can use scripts and automation tools to orchestrate and
automate various AWS operations by leveraging the AWS CLI commands.
Question: 304
A company wants to migrate unstructured data to AWS. The data needs to be securely moved with inflight
encryption and end-to-end data validation.
A.AWS Application Migration Service

B.Amazon Elastic File System (Amazon EFS)
C.AWS DataSync
D. AWS Migration Hub
Answer: C
Explanation:
C. AWS DataSync
AWS DataSync is a service designed for securely transferring large amounts of data between on-premises
storage and Amazon S3, Amazon EFS, or Amazon FSx for Windows File Server. It supports in-flight encryption
and end-to-end data validation during the transfer process.
In the context of the question, AWS DataSync is a suitable choice for securely moving unstructured data to
AWS while ensuring encryption and data integrity throughout the migration process. Therefore, option C,
AWS DataSync, would meet the specified requirements.
Question: 305
A development team wants to deploy multiple test environments for an application in a fast, repeatable manner.
Amazon EC2
AWS CloudFormation
Amazon QuickSight
Answer: B
Explanation:

A company wants to quickly implement a continuous integration/continuous delivery (CI/CD) pipeline.
B.Amazon Cognito
Answer: D
Explanation:
D is the correct answer AWS Code Star is a cloud-based development service that provides the tools you need
to quickly develop, build, and deploy applications on AWS. With AWS CodeStar, you can set up your entire
continuous delivery toolchain in minutes, allowing you to start releasing code faster.
AWS Code Star is a fully managed service that makes it easy to develop, build, and deploy applications on
AWS. It provides a unified user interface, pre-configured project templates, and integration with other AWS
services to set up a CI/CD pipeline quickly.
Question: 307
Which AWS Cloud deployment model uses AWS Outposts as part of the application deployment infrastructure?
A.On-premises
C.Cloud-native
Answer: D
Explanation:
Hybrid Cloud: A hybrid cloud environment blends on-premises infrastructure with cloud resources, enabling
AWS Outposts is a fully managed service that extends AWS infrastructure, services, and APIs to customer
premises. It allows you to run AWS compute, storage, and other services on-premises, providing a consistent
Question: 308
Which of the following is a fully managed graph database service on AWS?
Amazon Aurora
Amazon FSx
Amazon DynamoDB
Amazon Neptune
Answer: D
Explanation:
A.AWS Organizations
D.AWS WorkSpaces
Answer: D
Explanation:
AWS WorkSpaces is a fully managed desktop computing service in the cloud. It allows administrators to
provision and manage desktop environments for users, providing them with a secure and scalable solution for
accessing their desktops from various devices.
Question: 310
Which AWS service or feature gives users the ability to capture information about network traffic in a VPC?
VPC Flow Logs

Amazon Inspector
Answer: A
Explanation:
Correct answer is A:VPC Flow Logs.
Question: 311
Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?

Amazon EC2 instance store
Amazon S3
Answer: B
Explanation:
B .Amazon EC2 instance store provides temporary block-level storage that is directly attached to the Amazon
EC2 instance. It is referred to as "ephemeral" because the data stored in the instance store volumes is not
A company wants to provide access to Windows file shares in AWS from its on-premises workloads. The company
does not want to provision any additional infrastructure or applications in its data center.
A.Amazon FSx File Gateway

B.AWS DataSync
C.Amazon S3
D.AWS Snow Family
Answer: A
Explanation:
Amazon FSx File Gateway is a service that enables on-premises access to file data stored in Amazon FSx for
Windows File Server. It allows you to access Amazon FSx file shares from your on-premises workloads
without provisioning additional infrastructure or applications in your data center.
Question: 313
A company wants durable storage for static content and infinitely scalable data storage infrastructure at the
Which AWS service should the company choose?

Amazon S3
Answer: B
Explanation:
Amazon S3 (Simple Storage Service) is a fully managed object storage service that provides durable storage
for static content. It is designed for scalability, high availability, and low-latency access to store and retrieve
Question: 314
Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?
A.Amazon Simple Queue Service (Amazon SQS)
D.Amazon CloudWatch alarm

Answer: D
Explanation:
Amazon CloudWatch alarm.
Amazon CloudWatch is a monitoring service that provides data and actionable insights for AWS resources.
You can set up CloudWatch alarms to monitor metrics, such as CPU utilization, and trigger Auto Scaling
actions based on defined thresholds.

A company wants to transform its workforce by attracting and developing a digitally fluent high-performance
workforce. The company wants to attract a diverse and inclusive workforce with appropriate mix of technical and
non-technical skills.
Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?
A.Business
B.People
C.Platform
D.Operations
Answer: B
Explanation:
B. PeopleThe AWS Cloud Adoption Framework (AWS CAF) has several perspectives, and the "People"
perspective is focused on workforce transformation, including attracting and developing a digitally fluent
high-performance workforce. This perspective emphasizes the importance of organizational culture, skills
development, and creating a diverse and inclusive workforce with the right mix of technical and non-technical
skills.
Reference:
https://docs.aws.amazon.com/whitepapers/latest/aws-caf-people-perspective/aws-caf-people-
perspective.html
Question: 316
Which AWS service or tool can help the company meet this requirement?
A.AWS Storage Gateway
Answer: D
Explanation:
A company needs a fully managed file server that natively supports Microsoft workloads and file systems. The file
server must also support the SMB protocol.
A.Amazon Elastic File System (Amazon EFS)

B.Amazon FSx for Lustre
C.Amazon FSx for Windows File Server
D.Amazon Elastic Block Store (Amazon EBS)
Answer: C
Explanation:
C. Amazon FSx for Windows File ServerAmazon FSx for Windows File Server is the AWS service that provides
a fully managed file server that natively supports Microsoft workloads and file systems. It is built on Windows
Server and supports the Server Message Block (SMB) protocol, making it suitable for seamlessly integrating
with Microsoft applications and workloads.

A company has been storing monthly reports in an Amazon S3 bucket. The company exports the report data into
comma-separated values (.csv) files. A developer wants to write a simple query that can read all of these files and
generate a summary report.
Which AWS service or feature should the developer use to meet these requirements with the LEAST amount of
operational overhead?
A.Amazon S3 Select
B.Amazon Athena
C.Amazon Redshift
D.Amazon EC2
Answer: B
Explanation:
Amazon Athena is a serverless query service that allows you to analyze data directly in Amazon S3 using
standard SQL. It enables you to query .csv files stored in Amazon S3 without the need to set up and manage
infrastructure. Athena automatically scales and charges you only for the queries you run.
Question: 319
Which AWS feature provides a no-cost platform for AWS users to join community groups, ask questions, find
answers, and read community-generated articles about best practices?
A.AWS Knowledge Center

B.AWS re:Post
C.AWS IQ
D.AWS Enterprise Support
Answer: B
Explanation:
B. AWS re:PostAWS re:Post is a no-cost platform that provides AWS users with a community space to ask
questions, find answers, and engage with other users. Users can join community groups, participate in
discussions, and read community-generated articles about best practices. It is a part of the AWS Community
and allows users to share knowledge and experiences.The other options are not specifically associated with a
community platform.
Question: 320
A company needs to search for text in documents that are stored in Amazon S3.
Amazon Kendra
Amazon Rekognition
Amazon Polly
Amazon Lex
Answer: A
Explanation:
Question: 321
Which AWS services make use of global edge locations? (Choose two.)
B.Amazon CloudFront
C.AWS Global Accelerator
E.Amazon VPC
Answer: BC
Explanation:
B.Amazon CloudFront.
C.AWS Global Accelerator.

A user needs a relational database but does not have the resources to manage the hardware, resiliency, and
replication.
Which AWS service option meets the user's requirements?
A.Run MySQL on Amazon Elastic Container Service (Amazon ECS).

B.Run MySQL on Amazon EC2.
C.Choose Amazon RDS for MySQL.
D.Choose Amazon ElastiCache for Redis.
Answer: C
Explanation:
C. Choose Amazon RDS for MySQL.Amazon RDS (Relational Database Service) is a fully managed relational
database service that takes care of tasks such as hardware provisioning, database setup, patching, and
backups. It provides a managed environment for various database engines, including MySQL. With Amazon
RDS for MySQL, users can offload the operational aspects of database management and focus on their
application development.

A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to
minimize the complexity that is related to the management of AWS resources.
A.AWS Config
B.AWS Elastic Beanstalk
C.Amazon EC2
D.Amazon Personalize
Answer: B
Explanation:
AWS Elastic Beanstalk is a fully managed service that makes it easy to deploy and run applications in multiple
languages (such as Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker) on AWS. It abstracts away the
underlying infrastructure, allowing developers to focus on writing code while AWS handles the deployment,
capacity provisioning, load balancing, and automatic scaling.
Question: 324
A.AWS Software Development Kit

B.AWS Management Console
C.AWS CodePipeline
D.AWS Config
Answer: A
Explanation:
A. AWS Software Development KitThe AWS Software Development Kit (SDK) is the mechanism that allows
developers to access AWS services from application code. The SDK provides libraries and APIs that
developers can use to interact with AWS services programmatically. It supports multiple programming
languages, making it easier for developers to integrate AWS services into their applications.

A company is migrating to the AWS Cloud. The company wants to understand and identify potential security
misconfigurations or unexpected behaviors. The company wants to prioritize any protective controls it might need.
Which AWS Cloud Adoption Framework (AWS CAF) security perspective capability will meet these requirements?
A.Identity and access management

B.Threat detection
C.Platform engineering
D.Availability and continuity management
Answer: B
Explanation:
B. Threat Detection. Threat detection – Understand and identify potential security misconfigurations, threats,
or unexpected behaviours.
Reference:
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/security-
perspective.html

A company wants to establish a private network connection between AWS and its corporate network.
Amazon Connect

Answer: C
Explanation:
Correct answer is C:AWS Direct Connect.
Question: 327
Which AWS services or features give users the ability to create a network connection between two VPCs? (Choose
VPC endpoints
Amazon Route 53
VPC peering
E.AWS Transit Gateway
Answer: CE
Explanation:
C.VPC peering.
E.AWS Transit Gateway.
peering.htmlhttps://docs.aws.amazon.com/vpc/latest/tgw/transit-gateway-isolated.html
Question: 328
Which AWS service converts text to lifelike voices?
Amazon Transcribe
Amazon Rekognition
Amazon Polly
Amazon
Answer: C
Explanation:
Correct answer is C:Amazon Polly.
Question: 329
A company wants to use application stacks to run a workload in the AWS Cloud. The company wants to use pre-

Amazon Lightsail
Amazon Athena
C.AWS Outposts
D.Amazon EC2
Answer: A
Explanation:
Question: 330
Which AWS services are supported by Savings Plans? (Choose two.)
Amazon EC2
Amazon RDS
Amazon SageMaker
Amazon
Amazon DynamoDB
Answer: AC
Explanation:
A.Amazon EC2.
C.Amazon SageMaker.
Reference:
https://docs.aws.amazon.com/savingsplans/latest/userguide/what-is-savings-plans.html
Question: 331
Answer: C
Explanation:
Correct answer is C:AWS Cost Explorer.

Question: 332
A company operates a petabyte-scale data warehouse to analyze its data. The company wants a solution that will

Amazon
Amazon Neptune
Amazon ElastiCache
Answer: B
Explanation:
Correct answer is B:Amazon Redshift.

A library wants to automate the classification of electronic books based on the contents of the books.
Which AWS service should the library use to meet this requirement?
A. Amazon Redshift
B. Amazon CloudSearch
C. Amazon Comprehend
D. Amazon Aurora
Answer: C
Explanation:
Amazon Comprehend (Option C): Amazon Comprehend is a natural language processing (NLP) service that can
be used to analyze and extract insights from text. It provides capabilities such as sentiment analysis, key
phrase extraction, entity recognition, and language detection. In the context of a library wanting to automate
the classification of electronic books based on their contents, Amazon Comprehend could be used to analyze
the text content of the books and extract relevant information for classification purposes.
Question: 334
C.Protection of physical network infrastructure

D.Configuration of firewalls
Answer: C
Explanation:
Protection of physical network infrastructure.
Question: 335
Envision phase
Assess phase
Answer: AB
Explanation:
Envision phase.
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/your-cloud-
Question: 336
A company wants to generate a list of IAM users. The company also wants to view the status of various credentials
that are associated with the users, such as password, access keys, and multi-factor authentication (MFA) devices.
Which AWS service or feature will meet these requirements?
IAM credential report

AWS IAM Identity Center (AWS Single Sign-On)
Answer: A
Explanation:
Correct answer is A:IAM credential report.
Question: 337
be made in small, reversible increments.
Which pillar of the AWS Well-Architected Framework does this design support?
A.Security
C.Operational excellence
D.Reliability
Answer: C
Explanation:
C. Operational ExcellenceOperational excellence in the AWS Well-Architected Framework focuses on

designing and operating workloads to deliver business value, with a strong emphasis on continuous
improvement, responding to events, and automation. Making regular updates in small, reversible increments
supports the goal of achieving operational excellence by promoting agility and efficiency in the development
and deployment processes.
Reference:
https://docs.aws.amazon.com/wellarchitected/latest/framework/oe-design-principles.html
Question: 338
A company wants to track tags, buckets, and prefixes for its Amazon S3 objects.
Which S3 feature will meet this requirement?
C.S3 Versioning
D.S3 ACLs
Answer: A
Explanation:
To keep track of objects and their respective tags, buckets, and prefixes, you can use an S3 Inventory report
that lists your stored objects within an S3 bucket or with a specific prefix, and their respective metadata and
Question: 339
A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of
Which AWS service or resource will meet this requirement?
A.AWS Organizations
D.AWS Control Tower
Answer: C
Explanation:
C. AWS IAM Identity Center (AWS Single Sign-On)AWS Single Sign-On (SSO) enables centralized
authentication and authorization across multiple AWS accounts and other business applications. It allows
users to sign in once and access resources in various accounts without the need for separate credentials for
each account. This helps simplify access management in a multi-account environment.
Question: 340
A company created an Amazon EC2 instance. The company wants to control the incoming and outgoing network
Which AWS resource or service will meet this requirement?
AWS Shield
Network Access Analyzer

VPC endpoints
Answer: B
Explanation:
B. Security groupsSecurity groups act as virtual firewalls for your Amazon EC2 instances, controlling inbound

A company wants to use the AWS Cloud to deploy an application globally.
Which architecture deployment model should the company use to meet this requirement?
A.Multi-Region
B.Single-Region
C.Multi-AZ
D.Single-AZ
Answer: A
Explanation:
Answer is AWhile a multi-AZ deployment can provide better availability and resilience than a single-region
deployment, it is not the most appropriate architecture for deploying an application globally because it does
not offer the same level of performance and latency reduction as a multi-region deployment.In a multi-AZ
deployment, the application is deployed in multiple Availability Zones (AZs) within the same region. This
Question: 342
A company wants a web application to interact with various AWS services.
Which AWS service or resource will meet this requirement?
B.AWS Marketplace
C.AWS Management Console
D.AWS CLI
Answer: C
Explanation:
https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/learn-whats-new.html

A company is migrating its applications from on-premises to the AWS Cloud. The company wants to ensure that
the applications are assigned only the minimum permissions that are needed to perform all operations.

B. Amazon CloudWatch
C. Amazon Macie
D. Amazon GuardDuty
Answer: A
Explanation:
A. AWS Identity and Access Management (IAM)AWS IAM is the service specifically designed for managing
access to AWS services and resources. It allows you to create and manage users, groups, and roles and define
fine-grained permissions through policies. By carefully crafting IAM policies, you can grant only the necessary
permissions to each application or user, following the principle of least privilege.
Question: 344
Which options are AWS Cloud Adoption Framework (AWS CAF) governance perspective capabilities? (Choose two.)
Answer: BC
Explanation:
https://docs.aws.amazon.com/whitepapers/latest/overview-aws-cloud-adoption-framework/governance-
Question: 345
Which AWS service provides a single location to track the progress of application migrations?
D.AWS Migration Hub
Answer: D
Explanation:
https://docs.aws.amazon.com/migrationhub/latest/ug/whatishub.html
Question: 346
Use Amazon EC2 Instance Connect.

Use a Remote Desktop Protocol (RDP) connection.
Use AWS Batch.
Use AWS Systems Manager Session Manager.
Use Amazon Connect.
Answer: AD
Explanation:
A.Use Amazon EC2 Instance Connect.
D.Use AWS Systems Manager Session Manager.
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-linux-inst-eic.html
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
Question: 347
Answer: D
Explanation:

Which task requires a user to sign in as the AWS account root user?
A. The deletion of IAM users

B. The deletion of an AWS account
C. The creation of an organization in AWS Organizations
D. The deletion of Amazon EC2 instances
Answer: B
Explanation:
The AWS account root user has the highest level of access and is associated with the email address used to
create the AWS account. Certain tasks, such as the deletion of an entire AWS account, can only be performed
by the AWS account root user. Other administrative tasks, like creating an organization in AWS Organizations
or deleting IAM users, can often be performed by IAM users with appropriate permissions, and it is
recommended to use IAM users instead of relying on the root user for day-to-day activities.
Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/root-user-tasks.html
Question: 349
What does the Amazon S3 Intelligent-Tiering storage class offer?
Payment flexibility by reserving storage capacity

Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS)
Automatic cost savings by moving objects between tiers based on access pattern changes
Answer: C
Explanation:
https://aws.amazon.com/s3/storage-classes/intelligent-tiering/

A company needs Amazon EC2 instances for a workload that can tolerate interruptions.
Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-
Demand prices?
A.Spot Instances
B.Convertible Reserved Instances
C.Standard Reserved Instances
D.Dedicated Hosts
Answer: A
Explanation:
Spot Instances provide the largest discount compared to On-Demand prices, but they come with the caveat
that they can be terminated by AWS if the capacity is needed by On-Demand or Reserved Instances. Spot
Instances are suitable for workloads that can tolerate interruptions and are cost-effective for applications
that have flexible start and end times or that can be distributed across multiple instances.
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html
Question: 351
A company is planning to migrate to the AWS Cloud. The company wants to identify measurable business
Which phase of the cloud transformation journey includes these activities?

A.Envision
D.Launch
Answer: A
Explanation:
Envison is the correct answer.EnvisionIdentify and prioritize transformation opportunities in line with your
strategic objectives. Associating your transformation initiatives with key stakeholders and measurable
business outcomes will help you demonstrate value as you progress through your transformation journey.
Question: 352
D.VPC peering
Answer: A
Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html
Question: 353
Which AWS service can companies use to create infrastructure from code?
A.Amazon Elastic Kubernetes Service (Amazon EKS)
C.AWS CodePipeline
Answer: D
Explanation:
Question: 354
Which guideline is a well-architected design principle for building cloud applications?
C.Design for automated recovery from failure.
Answer: C
Explanation:
Design for automated recovery from failure.
A company needs to move 75 petabytes of data from its on-premises data centers to AWS.
Which AWS service should the company use to meet these requirements MOST cost-effectively?

D.AWS Storage Gateway
Answer: B
Explanation:
Question: 356
C.System
E.Operational excellence
Answer: BE
Explanation:
B. Performance efficiency.
E. Operational excellence
A company needs to connect its on-premises data center to the AWS Cloud. The company needs a dedicated, low-
latency connection with consistent network performance.
A.AWS Global Accelerator

B.Amazon CloudFront
D.AWS Managed VPN
Answer: C
Explanation:
AWS Direct Connect provides a dedicated network connection from an on-premises data center to AWS. It
offers a private, dedicated, and high-bandwidth connection that can help ensure low-latency and consistent
network performance. Direct Connect is particularly suitable for scenarios where a company requires a
reliable and predictable connection to AWS resources without going over the public internet
Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize
A.Maximize utilization of Amazon EC2 instances.

B.Minimize utilization of Amazon EC2 instances.
C.Minimize usage of managed services.
D.Force frequent application reinstallations by users.
E.Reduce the need for users to reinstall applications.
Answer: AE
Explanation:
A.Maximize utilization of Amazon EC2 instances.
E.Reduce the need for users to reinstall applications.
https://docs.aws.amazon.com/wellarchitected/latest/framework/sus-design-principles.html
Question: 359
In which ways does the AWS Cloud offer lower total cost of ownership (TCO) of computing resources than on-
A.AWS replaces upfront capital expenditures with pay-as-you-go costs.

B.AWS is designed for high availability, which eliminates user downtime.
Answer: AD
Explanation:
A.AWS replaces upfront capital expenditures with pay-as-you-go costs.
D.AWS uses economies of scale to continually reduce prices.
https://aws.amazon.com/blogs/publicsector/tco-cost-optimization-best-practices-for-managing-
usage/https://onica.com/blog/migration/aws-total-cost-of-ownership/

A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data
must remain local and on premises. There must be low latency between AWS and the company resources.
Which AWS service or feature can be used to meet these requirements?
A.AWS Local Zones

B.Availability Zones
C.AWS Outposts
D.AWS Wavelength Zones
Answer: C
Explanation:
C. AWS OutpostsAWS Outposts allows you to deploy AWS-designed infrastructure on-premises, providing a
consistent hybrid experience. With AWS Outposts, you can run compute and storage workloads locally on
your premises while seamlessly connecting to the rest of AWS's broad array of services in the cloud.In this
scenario, if the company wants to keep the data local and on-premises to meet regulatory requirements and
maintain low latency between AWS and on-premises resources, AWS Outposts would be the suitable option. It
extends the AWS infrastructure to your on-premises location, providing a hybrid solution that combines the
benefits of both on-premises and cloud resources.
Question: 361
Which of the following AWS services are serverless? (Choose two.)
AWS Outposts
Amazon EC2
Amazon Elastic Kubernetes Service (Amazon EKS)
E.AWS Lambda
Answer: DE
Explanation:
D.AWS Fargate.
E.AWS Lambda.
Reference:
https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-
fargate.htmlhttps://docs.aws.amazon.com/lambda/latest/dg/welcome.html
Question: 362
Answer: C
Explanation:
Question: 363
A solutions architect needs to maintain a fleet of Amazon EC2 instances so that any impaired instances are
Which AWS service should the solutions architect use?

Amazon GuardDuty
Answer: D
Explanation:
AWS Auto Scaling helps you maintain application availability and allows you to automatically adjust capacity
to meet varying demand. In this case, the solutions architect can configure Auto Scaling groups to replace
Question: 364
Which AWS service provides on-premises applications with low-latency access to data that is stored in the AWS
A.Amazon CloudFront
B.AWS Storage Gateway
C.AWS Backup
D.AWS DataSync
Answer: B
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that enables

on-premises applications to access low-latency, highly durable
storage in the AWS Cloud. It provides a seamless and secure
integration between an organization's on-premises environment and
AWS Cloud storage resources.
Question: 365
What does Amazon CloudFront provide?
Automatic scaling for all resources to power an application from a single unified interface
Secure delivery of data, videos, applications, and APIs to users globally with low latency
Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances,
containers, IP addresses, and AWS Lambda functions
Answer: B
Explanation:
Secure delivery of data, videos, applications, and APIs to users globally with low latency.
Question: 366
Which AWS service supports the deployment and management of applications in the AWS Cloud?
A.Amazon CodeGuru
C.AWS CodeCommit
D.AWS Elastic Beanstalk
Answer: D
Explanation:
D. AWS Elastic BeanstalkAWS Elastic Beanstalk is a fully managed service that supports the deployment and
allowing developers to focus on writing code without worrying about the operational aspects of deploying and
scaling applications.While other services like Amazon CodeGuru, AWS Fargate, and AWS CodeCommit play
roles in the development and deployment process, AWS Elastic Beanstalk specifically provides a platform-as-
a-service (PaaS) environment for deploying and managing applications with ease.

A company wants to integrate natural language processing (NLP) into business intelligence (BI) dashboards. The
company wants to ask questions and receive answers with relevant visualizations.
Which AWS service or tool will meet these requirements?
A.Amazon Macie
B.Amazon Rekognition
C.Amazon QuickSight Q
D.Amazon Lex
Answer: C
Explanation:
C. Amazon QuickSight QAmazon QuickSight Q is the AWS service or tool that allows users to integrate
natural language processing (NLP) into business intelligence (BI) dashboards. With QuickSight Q, users can
ask questions using natural language and receive answers with relevant visualizations. It enables an
interactive and conversational experience for querying and exploring data within BI dashboards.
Reference:
https://docs.aws.amazon.com/quicksight/latest/user/working-with-quicksight-q.html

Which Amazon S3 feature or storage class uses the AWS backbone network and edge locations to reduce
latencies from the end user to Amazon S3?
A.S3 Cross-Region Replication

B.S3 Transfer Acceleration
C.S3 Event Notifications
D.S3 Standard-Infrequent Access (S3 Standard-IA)
Answer: B
Explanation:
1. B. S3 Transfer AccelerationS3 Transfer Acceleration is a feature of Amazon S3 that uses Amazon

CloudFront's globally distributed edge locations to accelerate transfers of files to and from Amazon S3
buckets. It leverages the AWS backbone network and edge locations to reduce latencies and increase
transfer speeds for both uploading and downloading content from Amazon S3. This feature is particularly
useful when users or applications are located far from the AWS region where the S3 bucket is hosted, as it
optimizes the data path and helps achieve faster data transfers by using the CloudFront network.
S3 Transfer Acceleration is a feature of Amazon S3 that uses Amazon CloudFront's globally distributed edge
locations to accelerate transfers of files to and from Amazon S3 buckets. It leverages the AWS backbone
network and edge locations to reduce latencies and increase transfer speeds for both uploading and
downloading content from Amazon S3.This feature is particularly useful when users or applications are
located far from the AWS region where the S3 bucket is hosted, as it optimizes the data path and helps
achieve faster data transfers by using the CloudFront network
Question: 369
Amazon Aurora
Amazon DynamoDB
Amazon RDS
Amazon
Answer: B
Explanation:
Correct answer is B:Amazon DynamoDB.
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html
Question: 370
Amazon
Amazon DynamoDB
Amazon Aurora
Amazon Neptune
Answer: C
Explanation:
Amazon Aurora is a relational database management system (RDBMS) built for the cloud with full MySQL and
Amazon Aurora is a fully managed relational database service that is compatible with MySQL and
PostgreSQL. It provides high performance and availability with the ease of use of a fully managed database
Question: 371
Which architecture design principle describes the need to isolate failures between dependent components in the
A.Use a monolithic design.

B.Design for automation.
C.Design for single points of failure.
D.Loosely couple components.
Answer: D
Explanation:
Loosely coupling components is a design principle that emphasizes minimizing dependencies between
different components in a system. This helps isolate failures, meaning that if one component fails or
undergoes changes, it doesn't have a significant impact on other components. This design principle
contributes to increased resilience, flexibility, and easier maintenance of the overall system.

Which benefit of cloud computing gives a company the ability to deploy applications to users all over the world
through a network of AWS Regions, Availability Zones, and edge locations?
A. Economy of scale
B. Global reach
C.Agility
D.High availability
Answer: B
Explanation:
The benefit of cloud computing that provides the ability to deploy applications to users all over the world
through a network of AWS Regions, Availability Zones, and edge locations is referred to as "Global reach."
AWS has a global infrastructure with multiple Regions, each consisting of multiple Availability Zones, and
edge locations for content delivery. This global reach allows companies to distribute their applications and
content closer to end-users, reducing latency and improving the overall user experience.

Which AWS service makes it easier to monitor and troubleshoot application logs and cloud resources?
Amazon EC2
D.AWS CloudTrail
Answer: C
Explanation:
Amazon CloudWatch is an AWS monitoring service for cloud resources and the applications that you run on
AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set
Amazon CloudWatch is the AWS service that makes it easier to monitor and troubleshoot application logs and
cloud resources. CloudWatch allows you to collect and track metrics, collect and monitor log files, set alarms,
and automatically react to changes in your AWS resources. It provides a unified view of your AWS resources,
applications, and services that run on AWS. With CloudWatch, you can gain system-wide visibility into
resource utilization, application performance, and operational health.
Question: 374
Which AWS service uses AWS Compute Optimizer to provide sizing recommendations based on workload metrics?
Amazon EC2
Amazon RDS
D.AWS Step Functions
Answer: A
Explanation:
Question: 375
Which AWS service will help a company plan a migration to AWS by collecting the configuration, usage, and
A.AWS Resource Groups
D.AWS Systems Manager
Answer: B
Explanation:
AWS Application Discovery Service helps you plan your migration to the AWS cloud by collecting usage and
configuration data about your on-premises servers and databases.
Question: 376
AWS Lambda
Answer: B
Explanation:
Amazon Simple Notification Service (SNS) makes it easy for you to build an application using the pub/sub
messaging model. You can send messages from your applications to customers or other applications in a
scalable and cost-efficient manner.
B. Amazon Simple Notification Service (Amazon SNS)
Question: 377
A company is in the early stages of planning a migration to AWS. The company wants to obtain the monthly
predicted total AWS cost of ownership for future Amazon EC2 instances and associated storage.
B.AWS Compute Optimizer
D.AWS Application Migration Service
Answer: A
Explanation:
Answer A.AWS Pricing Calculator.

AWS Cloud Final Updated Questions

Uploaded by

Copyright:

Available Formats

AWS Cloud Final Updated Questions

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS Cloud Final Updated Questions

Uploaded by

Copyright:

Available Formats

Amazon

(AWS Certified Cloud Practitioner CLF-C02)

AWS Certified Cloud Practitioner CLF-C02

Use of the Snowball Edge appliance for a 10-day period

A.AWS Trusted Advisor

https://aws.amazon.com/inspector/Software Vulnerability / Application Vulnerability

A.Physical security of DynamoDB

Which AWS service meets these requirements?

Update the guest operating system of the EC2 instances.

B.AWS Billing Conductor

E.AWS Compute Optimizer

E.AWS Compute Optimizer.

A. Providing high-performance container orchestration

B.Price discounts that are identical to discounts from hardware providers

D.Elimination of operational expenses

A. Elimination of expenses for running and maintaining data centers.

Which AWS service or resource will meet these requirements?

D.AWS Managed Services (AMS)

B - AWS Elastic Beanstalk is correct.

Which S3 feature should the company use to meet these requirements?

C.S3 bucket policies

C.AWS Direct Connect

Which pillar of the AWS Well-Architected Framework is supported by these goals?

To create a VPN connection to the VPC

To impose bandwidth constraints on internet traffic

A.Integrate functional testing as part of AWS deployment.

Which AWS service or tool will meet this requirement?

C.IAM credential report

A. Amazon Simple Queue Service (Amazon SQS)

D.AWS Knowledge Center

D.Patch or upgrade Amazon DynamoDB.

Configure the AWS provided security group firewall.

A. Amazon Simple Notification Service (Amazon SNS)

D.AWS Key Management Service (AWS KMS) keys

The speed at which AWS resources are implemented

A. The speed at which AWS resources are implemented.

C.AWS IAM Access Analyzer

Download the reports from AWS Artifact.

Cost of application software licenses

Correct answer is A:Cost of application software licenses.

How quickly an Amazon EC2 instance can be restarted

B.Confirming that the hardware is working in the data center

Managing the code within the Lambda function.

Correct answer is C:AWS Regions.

A.AWS Free Tier

A.Deliver the content through Amazon CloudFront.

Deliver the content through Amazon CloudFront.

A.The ability to trade variable expense for fixed expense

C.Lower variable costs over fixed costs

A.Amazon API Gateway

B.AWS Trusted Advisor

"IAM is a feature of your AWS account and is offered at no additional charge.

C.Manage database access permissions.

Correct answer is C:Manage database access permissions.

D.AWS IAM Access Analyzer

Amazon Virtual Private Cloud (Amazon VPC) flow logs

A.AWS Identity and Access Management (IAM)

E.Amazon Elastic Container Service (Amazon ECS)

A.AWS Trusted Advisor

A.EC2 Reserved Instances