Under the shared responsibility model, which of the following is the customer responsible for?

• Ensuring that disk drives are wiped after use.

• Ensuring that firmware is updated on hardware devices.

• Ensuring that data is encrypted at rest.

• Ensuring that network cables are category six or higher.

AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes

The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?

• Cost allocation tags

• Consolidated billing

• AWS Budgets

• AWS Marketplace

https://aws.amazon.com/blogs/startups/how-to-set-aws-budget-when-paying-with-aws-credits/

Which service stores objects, provides real-time access to those objects, and offers versioning and lifecycle capabilities?

• Amazon Glacier

• AWS Storage Gateway

• Amazon S3

• Amazon EBS

https://aws.amazon.com/s3/faqs/

What AWS team assists customers with accelerating cloud adoption through paid engagements in any of several specialty practice areas?

• AWS Enterprise Support

• AWS Solutions Architects

• AWS Professional Services

• AWS Account Managers

https://aws.amazon.com/professional-services/

A customer would like to design and build a new workload on AWS Cloud but does not have the AWS-related software technical expertise in-house.Which of the following AWS programs can a customer take advantage of to achieve that outcome?

• AWS Partner Network Technology Partners

• AWS Marketplace

• AWS Partner Network Consulting Partners

• AWS Service Catalog

Distributing workloads across multiple Availability Zones supports which cloud architecture design principle?

• Implement automation.

• Design for agility.

• Design for failure.

• Implement elasticity.

Which AWS services can host a Microsoft SQL Server database? (Choose two.)

• Amazon EC2

• Amazon Relational Database Service (Amazon RDS)

• Amazon Aurora

• Amazon Redshift

• Amazon S3

https://aws.amazon.com/sql/

Which of the following inspects AWS environments to find opportunities that can save money for users and also improve system performance?

• AWS Cost Explorer

• AWS Trusted Advisor

• Consolidated billing

• Detailed billing

Which of the following Amazon EC2 pricing models allow customers to use existing server-bound software licenses?

• Spot Instances

• Reserved Instances

• Dedicated Hosts

• On-Demand Instances

https://aws.amazon.com/ec2/pricing/

Which AWS characteristics make AWS cost effective for a workload with dynamic user demand? (Choose two.)

• High availability

• Shared security model

• Elasticity

• Pay-as-you-go pricing

• Reliability

Which service enables risk auditing by continuously monitoring and logging account activity, including user actions in the AWS Management Console and AWSSDKs?

• Amazon CloudWatch

• AWS CloudTrail

• AWS Config

• AWS Health

https://aws.amazon.com/cloudtrail/

Which of the following are characteristics of Amazon S3? (Choose two.)

• A global file system

• An object store

• A local file store

• A network file system

• A durable storage system

Which services can be used across hybrid AWS Cloud architectures? (Choose two.)

• Amazon Route 53

• Virtual Private Gateway

• Classic Load Balancer

• Auto Scaling

• Amazon CloudWatch default metrics

https://www.stratoscale.com/blog/cloud/building-hybrid-cloud-environment-using-amazon-cloud/

What costs are included when comparing AWS Total Cost of Ownership (TCO) with on-premises TCO?

• Project management

• Antivirus software licensing

• Data center security

• Software development

A company is considering using AWS for a self-hosted database that requires a nightly shutdown for maintenance and cost-saving purposes.Which service should the company use?

• Amazon Redshift

• Amazon DynamoDB

• Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store

• Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)

Which of the following is a correct relationship between regions, Availability Zones, and edge locations?

• Data centers contain regions.

• Regions contain Availability Zones.

• Availability Zones contain edge locations.

• Edge locations contain regions.

https://aws.amazon.com/about-aws/global-infrastructure/regions_az/#Region_Maps_and_Edge_Networks

Which AWS tools assist with estimating costs? (Choose three.)

• Detailed billing report

• Cost allocation tags

• AWS Simple Monthly Calculator

• AWS Total Cost of Ownership (TCO) Calculator

• Cost Estimator

Which of the following are advantages of AWS consolidated billing? (Choose two.)

• The ability to receive one bill for multiple accounts

• Service limits increasing by default in all accounts

• A fixed discount on the monthly bill

• Potential volume discounts, as usage in all accounts is combined

• The automatic extension of the master account's AWS support plan to all accounts

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

Which of the following Reserved Instance (RI) pricing models provides the highest average savings compared to On-Demand pricing?

• One-year, No Upfront, Standard RI pricing

• One-year, All Upfront, Convertible RI pricing

• Three-year, All Upfront, Standard RI pricing

• Three-year, No Upfront, Convertible RI pricing

https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/

Compared with costs in traditional and virtualized data centers, AWS has:

• greater variable costs and greater upfront costs.

• fixed usage costs and lower upfront costs.

• lower variable costs and greater upfront costs.

• lower variable costs and lower upfront costs.

https://d1.awsstatic.com/whitepapers/introduction-to-aws-cloud-economics-final.pdf(10)

A characteristic of edge locations is that they:

• host Amazon EC2 instances closer to users.

• help lower latency and improve performance for users.

• cache frequently changing data without reaching the origin server.

• refresh data changes daily.

https://www.edureka.co/community/600/what-is-an-edge-location-in-aws

Which of the following can limit Amazon Storage Service (Amazon S3) bucket access to specific users?

• A public and private key-pair

• Amazon Inspector

• AWS Identity and Access Management (IAM) policies

• Security Groups

https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/

Which of the following security-related actions are available at no cost?

• Calling AWS Support

• Contacting AWS Professional Services to request a workshop

• Accessing forums, blogs, and whitepapers

• Attending AWS classes at a local university

Which of the Reserved Instance (RI) pricing models can change the attributes of the RI as long as the exchange results in the creation of RIs of equal or greater value?

• Dedicated RIs

• Scheduled RIs

• Convertible RIs

• Standard RIs

https://aws.amazon.com/ec2/pricing/reserved-instances/

Which AWS feature will reduce the customer's total cost of ownership (TCO)?

• Shared responsibility security model

• Single tenancy

• Elastic computing

• Encryption

Which of the following services will automatically scale with an expected increase in web traffic?

• AWS CodePipeline

• Elastic Load Balancing

• Amazon EBS

• AWS Direct Connect

https://aws.amazon.com/elasticloadbalancing/

Where are AWS compliance documents, such as an SOC 1 report, located?

• Amazon Inspector

• AWS CloudTrail

• AWS Artifact

• AWS Certificate Manager

https://aws.amazon.com/compliance/soc-faqs/

Under the AWS shared responsibility model, which of the following activities are the customer's responsibility? (Choose two.)

• Patching operating system components for Amazon Relational Database Server (Amazon RDS)

• Encrypting data on the client-side

• Training the data center staff

• Configuring Network Access Control Lists (ACL)

• Maintaining environmental controls within a data center

https://aws.amazon.com/compliance/shared-responsibility-model/

Which is a recommended pattern for designing a highly available architecture on AWS?

• Ensure that components have low-latency network connectivity.

• Run enough Amazon EC2 instances to operate at peak load.

• Ensure that the application is designed to accommodate failure of any single component.

• Use a monolithic application that handles all operations.

According to best practices, how should an application be designed to run in the AWS Cloud?

• Use tighly coupled components.

• Use loosely coupled components.

• Use infrequently coupled components.

• Use frequently coupled components.

https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

AWS supports which of the following methods to add security to Identity and Access Management (IAM) users? (Choose two.)

• Implementing Amazon Rekognition

• Using AWS Shield-protected resources

• Blocking access with Security Groups

• Using Multi-Factor Authentication (MFA)

• Enforcing password strength and expiration

Which AWS services should be used for read/write of constantly changing data? (Choose two.)

• Amazon Glacier

• Amazon RDS

• AWS Snowball

• Amazon Redshift

• Amazon EFS

What is one of the advantages of the Amazon Relational Database Service (Amazon RDS)?

• It simplifies relational database administration tasks.

• It provides 99.99999999999% reliability and durability.

• It automatically scales databases for loads.

• It enabled users to dynamically adjust CPU and RAM resources.

A customer needs to run a MySQL database that easily scales.Which AWS service should they use?

• Amazon Aurora

• Amazon Redshift

• Amazon DynamoDB

• Amazon ElastiCache

https://aws.amazon.com/rds/aurora/serverless/

Which of the following components of the AWS Global Infrastructure consists of one or more discrete data centers interconnected through low latency links?

• Availability Zone

• Edge location

• Region

• Private networking

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/global-infrastructure.html

Which of the following is a shared control between the customer and AWS?

• Providing a key for Amazon S3 client-side encryption

• Configuration of an Amazon EC2 instance

• Environmental controls of physical AWS data centers

• Awareness and training

https://aws.amazon.com/compliance/shared-responsibility-model/

How many Availability Zones should compute resources be provisioned across to achieve high availability?

• A minimum of one

• A minimum of two

• A minimum of three

• A minimum of four or more

One of the advantages to moving infrastructure from an on-premises data center to the AWS Cloud is:

• it allows the business to eliminate IT bills.

• it allows the business to put a server in each customer's data center.

• it allows the business to focus on business activities.

• it allows the business to leave servers unpatched.

What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval?

• Amazon S3

• Amazon Glacier

• Amazon EBS

• Amazon EC2 Instance Store

Which AWS IAM feature allows developers to access AWS services through the AWS CLI?

• API keys

• Access keys

• User names/Passwords

• SSH keys

Which of the following is a fast and reliable NoSQL database service?

• Amazon Redshift

• Amazon RDS

• Amazon DynamoDB

• Amazon S3

https://aws.amazon.com/dynamodb/

What is an example of agility in the AWS Cloud?

• Access to multiple instance types

• Access to managed services

• Using Consolidated Billing to produce one bill

• Decreased acquisition time for new compute resources

https://aws.amazon.com/blogs/enterprise-strategy/risk-is-lack-of-agility/

Which service should a customer use to consolidate and centrally manage multiple AWS accounts?

• AWS IAM

• AWS Organizations

• AWS Schema Conversion Tool

• AWS Config

https://aws.amazon.com/organizations/

What approach to transcoding a large number of individual video files adheres to AWS architecture principles?

• Using many instances in parallel

• Using a single large instance during off-peak hours

• Using dedicated hardware

• Using a large GPU instance type

https://aws.amazon.com/solutions/case-studies/encoding/

For which auditing process does AWS have sole responsibility?

• AWS IAM policies

• Physical security

• Amazon S3 bucket policies

• AWS CloudTrail Logs

Which feature of the AWS Cloud will support an international company's requirement for low latency to all of its customers?

• Fault tolerance

• Global reach

• Pay-as-you-go pricing

• High availability

Which of the following is the customer's responsibility under the AWS shared responsibility model?

• Patching underlying infrastructure

• Physical security

• Patching Amazon EC2 instances

• Patching network infrastructure

https://aws.amazon.com/compliance/shared-responsibility-model/

A customer is using multiple AWS accounts with separate billing.How can the customer take advantage of volume discounts with minimal impact to the AWS resources?

• Create one global AWS acount and move all AWS resources to tha account.

• Sign up for three years of Reserved Instance pricing up front.

• Use the consolidated billing feature from AWS Organizations.

• Sign up for the AWS Enterprise support plan to get volume discounts.

https://aws.amazon.com/answers/account-management/aws-multi-account-billing-strategy/

Which of the following are features of Amazon CloudWatch Logs? (Choose two.)

• Summaries by Amazon Simple Notification Service (Amazon SNS)

• Free Amazon Elasticsearch Service analytics

• Provided at no charge

• Real-time monitoring

• Adjustable retention

Which of the following is an AWS managed Domain Name System (DNS) web service?

• Amazon Route 53

• Amazon Neptune

• Amazon SageMaker

• Amazon Lightsail

https://aws.amazon.com/getting-started/tutorials/get-a-domain/

A customer is deploying a new application and needs to choose an AWS Region.Which of the following factors could influence the customer's decision? (Choose two.)

• Reduced latency to users

• The application's presentation in the local language

• Data sovereignty compliance

• Cooling costs in hotter climates

• Proximity to the customer's office for on-site visits

Which storage service can be used as a low-cost option for hosting static websites?

• Amazon Glacier

• Amazon DynamoDB

• Amazon Elastic File System (Amazon EFS)

• Amazon Simple Storage Service (Amazon S3)

https://aws.amazon.com/getting-started/projects/host-static-website/

Which Amazon EC2 instance pricing model can provide discounts of up to 90%?

• Reserved Instances

• On-Demand

• Dedicated Hosts

• Spot Instances

https://aws.amazon.com/ec2/spot/

What is the AWS customer responsible for according to the AWS shared responsibility model?

• Physical access controls

• Data encryption

• Secure disposal of storage devices

• Environmental risk management

Which of the following AWS Cloud services can be used to run a customer-managed relational database?

• Amazon EC2

• Amazon Route 53

• Amazon ElastiCache

• Amazon DynamoDB

A company is looking for a scalable data warehouse solution.Which of the following AWS solutions would meet the company's needs?

• Amazon Simple Storage Service (Amazon S3)

• Amazon DynamoDB

• Amazon Kinesis

• Amazon Redshift

https://aws.amazon.com/redshift/

Which statement best describes Elastic Load Balancing?

• It translates a domain name into an IP address using DNS.

• It distributes incoming application traffic across one or more Amazon EC2 instances.

• It collects metrics on connected Amazon EC2 instances.

• It automatically adjusts the number of Amazon EC2 instances to support incoming traffic.

https://aws.amazon.com/elasticloadbalancing/

Which of the following are valid ways for a customer to interact with AWS services? (Choose two.)

• Command line interface

• On-premises

• Software Development Kits

• Software-as-a-service

• Hybrid

The AWS Cloud's multiple Regions are an example of:

• agility.

• global infrastructure.

• elasticity.

• pay-as-you-go pricing.

Which of the following AWS services can be used to serve large amounts of online video content with the lowest possible latency? (Choose two.)

• AWS Storage Gateway

• Amazon S3

• Amazon Elastic File System (EFS)

• Amazon Glacier

• Amazom CloudFront

https://aws.amazon.com/getting-started/tutorials/deliver-content-faster/ https://aws.amazon.com/cloudfront/

Web servers running on Amazon EC2 access a legacy application running in a corporate data center.What term would describe this model?

• Cloud-native

• Partner network

• Hybrid architecture

• Infrastructure as a service

https://aws.amazon.com/enterprise/hybrid/

What is the benefit of using AWS managed services, such as Amazon ElastiCache and Amazon Relational Database Service (Amazon RDS)?

• They require the customer to monitor and replace failing instances.

• They have better performance than customer-managed services.

• They simplify patching and updating underlying OSs.

• They do not require the customer to optimize instance type or size selections.

Which service provides a virtually unlimited amount of online highly durable object storage?

• Amazon Redshift

• Amazon Elastic File System (Amazon EFS)

• Amazon Elastic Container Service (Amazon ECS)

• Amazon S3

https://aws.amazon.com/what-is-cloud-object-storage/

Which of the following Identity and Access Management (IAM) entities is associated with an access key ID and secret access key when using AWS CommandLine Interface (AWS CLI)?

• IAM group

• IAM user

• IAM role

• IAM policy

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Which of the following security-related services does AWS offer? (Choose two.)

• Multi-factor authentication physical tokens

• AWS Trusted Advisor security checks

• Data encryption

• Automated penetration testing

• Amazon S3 copyrighted content detection

https://aws.amazon.com/security/

Which AWS managed service is used to host databases?

• AWS Batch

• AWS Artifact

• AWS Data Pipeline

• Amazon RDS

Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.https://aws.amazon.com/rds/?c=db&sec=srv

Which AWS service provides a simple and scalable shared file storage solution for use with Linux-based AWS and on-premises servers?

• Amazon S3

• Amazon Glacier

• Amazon EBS

• Amazon EFS

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.Amazon EFS is designed to provide the throughput, IOPS, and low latency needed for Linux workloads. Throughput and IOPS scale as a file system grows and can burst to higher throughput levels for short periods of time to support the unpredictable performance needs of file workloads. For the most demanding workloads, Amazon EFS can support performance over 10 GB/sec and up to 500,000 IOPS.

When architecting cloud applications, which of the following are a key design principle?

• Use the largest instance possible

• Provision capacity for peak load

• Use the Scrum development process

• Implement elasticity

Cloud services main proposition is to provide elasticity through horizontal scaling. It's already there. As for using largest instance possible, it is not a design principle that helps cloud applications in anyway. Scrum development process is not related to architecting. Therefore, a key principle is to provision your application for on-demand capacity. Peak loads is something that cloud applications experience everyday. Peak load management should be a necessary part of cloud application design principle.https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

Which AWS service should be used for long-term, low-cost storage of data backups?

• Amazon RDS

• Amazon Glacier

• AWS Snowball

• AWS EBS

Amazon S3 Glacier is a secure, durable, and low-cost storage class of S3 for data archiving and long-term backup. Customers can store large or small amounts of data for as little as $0.004 per gigabyte per month. The S3 Glacier storage class is ideal for archives where data is regularly retrieved and some of the data may be needed in minutes.Amazon RDS is a relational database service that hosts databases. It helps you create and manage databases. Amazon Snowball is a petabyte-scale data transfer service that provides cost efficient data transfer to AWS from tamper proof physical devices. Similarly, Elastic block storage offers persistent block storage volumes for EC2 instances.https://aws.amazon.com/backup-restore/services/

Under the shared responsibility model, which of the following is a shared control between a customer and AWS?

• Physical controls

• Patch management

• Zone security

• Data center auditing

Which AWS service allows companies to connect an Amazon VPC to an on-premises data center?

• AWS VPN

• Amazon Redshift

• API Gateway

• Amazon Direct Connect

AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. AWS Direct Connect allows you to logically partition the fiber-optic connections into multiple logical connections called Virtual Local Area Networks(VLAN). You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements.https://aws.amazon.com/getting-started/projects/connect-data-center-to-aws/

A company wants to reduce the physical compute footprint that developers use to run code.Which service would meet that need by enabling serverless architectures?

• Amazon Elastic Compute Cloud (Amazon EC2)

• AWS Lambda

• Amazon DynamoDB

• AWS CodeCommit

AWS Lambda is an integral part of coding on AWS. It reduces physical compute footprint by utilizing aws cloud services to run code.

Which AWS service provides alerts when an AWS event may impact a company's AWS resources?

• AWS Personal Health Dashboard

• AWS Service Health Dashboard

• AWS Trusted Advisor

• AWS Infrastructure Event Management

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service HealthDashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of theAWS services underlying your AWS resources.https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Which of the following are categories of AWS Trusted Advisor? (Choose two.)

• Fault Tolerance

• Instance Usage

• Infrastructure

• Performance

• Storage Capacity

Like your customized cloud expert, AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: cost optimization, performance, security, fault tolerance and service limits.https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Which task is AWS responsible for in the shared responsibility model for security and compliance?

• Granting access to individuals and services

• Encrypting data in transit

• Updating Amazon EC2 host firmware

• Updating operating systems

AWS Compliance enables customers to establish and operate in an AWS security control environment

The shared responsibility model is part of AWS Compliance program

The Security of the cloud is managed by Amazon AWS provider

The Security in the cloud is responsibility of the customer

The customer is responsible for their information and data, their secure transmission, integrity, and encryption

Also, the customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2

AWS customers retain control and ownership of their data

The AWS network provides significant protection against traditional network security issues and the customer can implement further protection

https://www.whizlabs.com/blog/aws-security-shared-responsibility/

Where should a company go to search software listings from independent software vendors to find, test, buy and deploy software that runs on AWS?

• AWS Marketplace

• Amazon Lumberyard

• AWS Artifact

• Amazon CloudSearch

AWS Marketplace is a digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS.https://aws.amazon.com

Which of the following is a benefit of using the AWS Cloud?

• Permissive security removes the administrative burden.

• Ability to focus on revenue-generating activities.

• Control over cloud network hardware.

• Choice of specific cloud hardware vendors.

Developer and IT staff productivity accounted for nearly 30% of overall financial benefits. The remaining benefits were driven by the flexibility and agility ofAmazon cloud infrastructure services, which make it easier to trial new business models, support revenue-generating applications, and provide more reliable services to end users.https://media.amazonwebservices.com/IDC_Business_Value_of_AWS_Accelerates_Over_time.pdf

When performing a cost analysis that supports physical isolation of a customer workload, which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)?

• Dedicated Hosts

• Reserved Instances

• On-Demand Instances

• No Upfront Reserved Instances

Use Dedicated Hosts to launch Amazon EC2 instances on physical servers that are dedicated for your use. Dedicated Hosts give you additional visibility and control over how instances are placed on a physical server, and you can reliably use the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses like Windows Server and address corporate compliance and regulatory requirements.

Which AWS service provides the ability to manage infrastructure as code?

• AWS CodePipeline

• AWS CodeDeploy

• AWS Direct Connect

• AWS CloudFormation

AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This file serves as the single source of truth for your cloud environment.https://aws.amazon.com/cloudformation/

If a customer needs to audit the change management of AWS resources, which of the following AWS services should the customer use?

• AWS Config

• AWS Trusted Advisor

• Amazon CloudWatch

• Amazon Inspector

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records yourAWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This enables you to simplify compliance auditing, security analysis, change management, and operational troubleshooting.https://aws.amazon.com/config/

What is Amazon CloudWatch?

• A code repository with customizable build and team commit features.

• A metrics repository with customizable notification thresholds and channels.

• A security configuration repository with threat analytics.

• A rule repository of a web application firewall with automated vulnerability prevention features.

Amazon CloudWatch is basically a metrics repository. An AWS service "" such as Amazon EC2 "" puts metrics into the repository, and you retrieve statistics based on those metrics. If you put your own custom metrics into the repository, you can retrieve statistics on these metrics as well.https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_architecture.html

Which service allows a company with multiple AWS accounts to combine its usage to obtain volume discounts?

• AWS Server Migration Service

• AWS Organizations

• AWS Budgets

• AWS Trusted Advisor

use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt.Ltd (AISPL) accounts. Every organization in AWS Organizations has a master account that pays the charges of all the member accounts.Consolidated billing has the following benefits:

One bill "" You get one bill for multiple accounts.

Easy tracking "" You can track the charges across multiple accounts and download the combined cost and usage data.

Combined usage "" You can combine the usage across all accounts in the organization to share the volume pricing discounts and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with individual standalone accounts. For more information, seeVolume Discounts.

No extra fee "" Consolidated billing is offered at no additional cost.

Which of the following services could be used to deploy an application to servers running on-premises? (Choose two.)

• AWS Elastic Beanstalk

• AWS OpsWorks

• AWS CodeDeploy

• AWS Batch

• AWS X-Ray

https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premises.html

https://aws.amazon.com/blogs/aws/opsworks-on-prem-and-existing-instances/

Which Amazon EC2 pricing model adjusts based on supply and demand of EC2 instances?

• On-Demand Instances

• Reserved Instances

• Spot Instances

• Convertible Reserved Instances

In the new model, the Spot prices are more predictable, updated less frequently, and are determined by supply and demand for Amazon EC2 spare capacity, not bid prices.https://aws.amazon.com/blogs/compute/new-amazon-ec2-spot-pricing/

Which design principles for cloud architecture are recommended when re-architecting a large monolithic application? (Choose two.)

• Use manual monitoring.

• Use fixed servers.

• Implement loose coupling.

• Rely on individual components.

• Design for scalability.

Rearchitecting applications involves sweeping change where an old monolithic application is completely revamped according to modern microservices architecture. Using individual components to re-architect a big application is one part of the process. The most important part is to design the application for scalability because the level of investment for a monolithic application can only be justified when resilience and scalability is needed.https://www.architech.ca/re-architect-applications/

Which is the MINIMUM AWS Support plan that allows for one-hour target response time for support cases?

• Enterprise

• Business

• Developer

• Basic

https://aws.amazon.com/premiumsupport/plans/

Where can AWS compliance and certification reports be downloaded?

• AWS Artifact

• AWS Concierge

• AWS Certificate Manager

• AWS Trusted Advisor

WS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS's security and compliance reports and select online agreements. The AWS SOC 2 report is particularly helpful for completing questionnaires because it provides a comprehensive description of the implementation and operating effectiveness of AWS security controls. Another useful document is the Executive Briefing within the AWSFedRAMP Partner Package.https://aws.amazon.com/compliance/faq/

Which AWS service provides a customized view of the health of specific AWS services that power a customer's workloads running on AWS?

• AWS Service Health Dashboard

• AWS X-Ray

• AWS Personal Health Dashboard

• Amazon CloudWatch

Personal Health Dashboard gives you a personalized view of the status of the AWS services that power your applications, enabling you to quickly see when AWS is experiencing issues that may impact you. For example, in the event of a lost EBS volume associated with one of your EC2 instances, you would gain quick visibility into the status of the specific service you are using, helping save precious time troubleshooting to determine root cause.https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Which of the following is an advantage of consolidated billing on AWS?

• Volume pricing qualification

• Shared access permissions

• Multiple bills per account

• Eliminates the need for tagging

If you have multiple standalone accounts, your charges might decrease if you add the accounts to an organization. AWS combines usage from all accounts in the organization to qualify you for volume pricing discounts.https://help.nops.io/consolidated-billing

Which of the following steps should be taken by a customer when conducting penetration testing on AWS?

• Conduct penetration testing using Amazon Inspector, and then notify AWS support.

• Request and wait for approval from the customer's internal security team, and then conduct testing.

• Notify AWS support, and then conduct testing immediately.

• Request and wait for approval from AWS support, and then conduct testing.

AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services.https://aws.amazon.com/security/penetration-testing/

Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance?

• Amazon Elastic Block Store (Amazon EBS)

• Amazon Machine Image

• Amazon EC2 Systems Manager

• Amazon AppStream 2.0

To use Amazon EC2, you simply:

Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings.

Configure security and network access on your Amazon EC2 instance.

Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided.

Determine whether you want to run in multiple locations, utilize static IP endpoints, or attach persistent block storage to your instances.

Pay only for the resources that you actually consume, like instance-hours or data transfer.https://aws.amazon.com/ec2/features/

How would an AWS customer easily apply common access controls to a large set of users?

• Apply an IAM policy to an IAM group.

• Apply an IAM policy to an IAM role.

• Apply the same IAM policy to all IAM users with access to the same workload.

• Apply an IAM policy to an Amazon Cognito user pool.

Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to.https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

What technology enables compute capacity to adjust as loads change?

• Load balancing

• Automatic failover

• Round robin

• Auto Scaling

AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. UsingAWS Auto Scaling, it's easy to setup application scaling for multiple resources across multiple services in minutes. The service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance between them. If you're already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2 instances, you can now combine it with AWS AutoScaling to scale additional resources for other AWS services. With AWS Auto Scaling, your applications always have the right resources at the right time.https://aws.amazon.com/autoscaling/

Which AWS services are defined as global instead of regional? (Choose two.)

• Amazon Route 53

• Amazon EC2

• Amazon S3

• Amazon CloudFront

• Amazon DynamoDB

http://jayendrapatil.com/aws-global-vs-regional-vs-az-resources/

Which AWS service would you use to obtain compliance reports and certificates?

• AWS Artifact

• AWS Lambda

• Amazon Inspector

• AWS Certificate Manager

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment CardIndustry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement(NDA).https://aws.amazon.com/artifact/

Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Choose two.)

• Ensuring that application data is encrypted at rest

• Ensuring that AWS NTP servers are set to the correct time

• Ensuring that users have received security training in the use of AWS services

• Ensuring that access to data centers is restricted

• Ensuring that hardware is disposed of properly

Which AWS service can be used to manually launch instances based on resource requirements?

• Amazon EBS

• Amazon S3

• Amazon EC2

• Amazon ECS

A company is migrating an application that is running non-interruptible workloads for a three-year time frame.Which pricing construct would provide the MOST cost-effective solution?

• Amazon EC2 Spot Instances

• Amazon EC2 Dedicated Instances

• Amazon EC2 On-Demand Instances

• Amazon EC2 Reserved Instances

The financial benefits of using AWS are: (Choose two.)

• reduced Total Cost of Ownership (TCO).

• increased capital expenditure (capex).

• reduced operational expenditure (opex).

• deferred payment plans for startups.

• business credit lines for stratups.

Which AWS Cost Management tool allows you to view the most granular data about your AWS bill?

• AWS Cost Explorer

• AWS Budgets

• AWS Cost and Usage report

• AWS Billing dashboard

The Cost & Usage Report is your one-stop-shop for accessing the most granular data about your AWS costs and usage. You can also load your cost and usage information into Amazon Athena, Amazon Redshift, AWS QuickSight, or a tool of your choice.https://aws.amazon.com/aws-cost-management/

Which of the following can an AWS customer use to launch a new Amazon Relational Database Service (Amazon RDS) cluster? (Choose two.)

• AWS Concierge

• AWS CloudFormation

• Amazon Simple Storage Service (Amazon S3)

• Amazon EC2 Auto Scaling

• AWS Management Console

Which of the following is an AWS Cloud architecture design principle?

• Implement single points of failure.

• Implement loose coupling.

• Implement monolithic design.

• Implement vertical scaling.

Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. This approach decouples the two components and introduces additional resiliency. So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers.

https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Which of the following security measures protect access to an AWS account? (Choose two.)

• Enable AWS CloudTrail.

• Grant least privilege access to IAM users.

• Create one IAM user and share with many developers and users.

• Enable Amazon CloudFront.

• Activate multi-factor authentication (MFA) for privileged users.

If you decided to create service accounts (that is, accounts used for programmatic access by applications running outside of the AWS environment) and generate access keys for them, you should create a dedicated service account for each use case. This will allow you to restrict the associated policy to only the permissions needed for the particular use case, limiting the blast radius if the credentials are compromised. For example, if a monitoring tool and a release management tool both require access to your AWS environment, create two separate service accounts with two separate policies that define the minimum set of permissions for each tool.

https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/

Which service provides a hybrid storage service that enables on-premises applications to seamlessly use cloud storage?

• Amazon Glacier

• AWS Snowball

• AWS Storage Gateway

• Amazon Elastic Block Storage (Amazon EBS)

AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. Customers use Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases.https://aws.amazon.com/storagegateway/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Which of the following services falls under the responsibility of the customer to maintain operating system configuration, security patching, and networking?

• Amazon RDS

• Amazon EC2

• Amazon ElastiCache

• AWS Fargate

The customer is responsible for managing, support, patching and control of the guest operating system and AWS services provided like EC2.https://www.whizlabs.com/blog/aws-security-shared-responsibility/

Which of the following is an important architectural design principle when designing cloud applications?

• Use multiple Availability Zones.

• Use tightly coupled components.

• Use open source software.

• Provision extra capacity.

Data Center resilience is practiced through Availability Zones across data centers that reduce the impact of failures.Fault isolation improvement can be made to traditional horizontal scaling by sharding (a method of grouping instances into groups called shards, instead of sending the traffic from all users to every node like in the traditional IT structure.)https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

Which AWS support plan includes a dedicated Technical Account Manager?

• Developer

• Enterprise

• Business

• Basic

The enterprise support plans supports technical account manager. Developer and business support plans are devoid of this facility.https://aws.amazon.com/premiumsupport/plans/

Amazon Relational Database Service (Amazon RDS) offers which of the following benefits over traditional database management?

• AWS manages the data stored in Amazon RDS tables.

• AWS manages the maintenance of the operating system.

• AWS automatically scales up instance types on demand.

• AWS manages the database type.

Which service is best for storing common database query results, which helps to alleviate database access load?

• Amazon Machine Learning

• Amazon SQS

• Amazon ElastiCache

• Amazon EC2 Instance Store

Amazon ElastiCache for Redis is a great choice for implementing a highly available, distributed, and secure in-memory cache to decrease access latency, increase throughput, and ease the load off your relational or NoSQL databases and applications. ElastiCache can serve frequently requested items at sub- millisecond response times, and enables you to easily scale for higher loads without growing the costlier backend databases. Database query results caching, persistent session caching, and full-page caching are all popular examples of caching with ElastiCache for Redis.https://aws.amazon.com/products/databases/real-time-apps-elasticache-for-redis/

Which of the following is a component of the shared responsibility model managed entirely by AWS?

• Patching operating system software

• Encrypting data

• Enforcing multi-factor authentication

• Auditing physical data center assets

Of course, Amazon is responsible for auditing physical data center assets and resources since it is the property of Amazon Inc. Customers have no access to physical sites, hence they are not responsible for maintaining physical data center assets.

Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Choose two.)

• AWS Trusted Advisor

• AWS Online Tech Talks

• AWS Blog

• AWS Forums

• AWS Classroom Training

Which of the following features can be configured through the Amazon Virtual Private Cloud (Amazon VPC) Dashboard? (Choose two.)

• Amazon CloudFront distributions

• Amazon Route 53

• Security Groups

• Subnets

• Elastic Load Balancing

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.You can easily customize the network configuration for your Amazon VPC. For example, you can create a public-facing subnet for your web servers that has access to the Internet, and place your backend systems such as databases or application servers in a private-facing subnet with no Internet access. You can leverage multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

https://aws.amazon.com/vpc/

If each department within a company has its own AWS account, what is one way to enable consolidated billing?

• Use AWS Budgets on each account to pay only to budget.

• Contact AWS Support for a monthly bill.

• Create an AWS Organization from the payer account and invite the other accounts to join.

• Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into Amazon Redshift, and then run a billing report.

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

How do customers benefit from Amazon's massive economies of scale?

• Periodic price reductions as the result of Amazon's operational efficiencies

• New Amazon EC2 instance types providing the latest hardware

• The ability to scale up and down when needed

• Increased reliability in the underlying hardware of Amazon EC2 instances

Which AWS services can be used to gather information about AWS account activity? (Choose two.)

• Amazon CloudFront

• AWS Cloud9

• AWS CloudTrail

• AWS CloudHSM

• Amazon CloudWatch

AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. The solution also features a dashboard that visualizes your account activity in real-time.

https://aws.amazon.com/solutions/real-time-insights-account-activity/

Which of the following common IT tasks can AWS cover to free up company IT resources? (Choose two.)

• Patching databases software

• Testing application releases

• Backing up databases

• Creating database schema

• Running penetration tests

In which scenario should Amazon EC2 Spot Instances be used?

• A company wants to move its main website to AWS from an on-premises web server.

• A company has a number of application services whose Service Level Agreement (SLA) requires 99.999% uptime.

• A company's heavily used legacy database is currently running on-premises.

• A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances.

https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-leveraging-ec2-spot-instances/spot-instance-interruptions.html

Which AWS feature should a customer leverage to achieve high availability of an application?

• AWS Direct Connect

• Availability Zones

• Data centers

• Amazon Virtual Private Cloud (Amazon VPC)

This is to achieve High Availability for any web application (in this case SwiftCode) deployed in AWS. The following features will be present:

High availability across multiple instances/multiple availability zones.

Auto Scaling of instances (scale up and scale down) based on number of requests coming in

Additional Security to the instances/database that are in production

No impact to end users during newer version of code deployment

No Impact during patching the instance

https://betsol.com/2018/01/how-to-make-high-availability-web-applications-on-amazon-web-services/

Which is the minimum AWS Support plan that includes Infrastructure Event Management without additional costs?

• Enterprise

• Business

• Developer

• Basic

https://aws.amazon.com/premiumsupport/plans/

Which AWS service can serve a static website?

• Amazon S3

• Amazon Route 53

• Amazon QuickSight

• AWS X-Ray

You can host a static website on Amazon Simple Storage Service (Amazon S3). On a static website, individual webpages include static content. They might also contain client-side scripts. By contrast, a dynamic website relies on server-side processing, including server-side scripts such as PHP, JSP, or ASP.NET. AmazonS3 does not support server-side scripting.https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html

How does AWS shorten the time to provision IT resources?

• It supplies an online IT ticketing platform for resource requests.

• It supports automatic code validation services.

• It provides the ability to programmatically provision existing resources.

• It automates the resource request process from a company's IT vendor list.

What can AWS edge locations be used for? (Choose two.)

• Hosting applications

• Delivering content closer to users

• Running NoSQL database caching services

• Reducing traffic on the server by caching responses

• Sending notification messages to end users

CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving withCloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html

Which of the following can limit Amazon Simple Storage Service (Amazon S3) bucket access to specific users?

• A public and private key-pair

• Amazon Inspector

• AWS Identity and Access Management (IAM) policies

• Security Groups

To allow users to perform S3 actions on the bucket from the VPC endpoints or IP addresses, you must explicitly grant those user-level permissions. You can grant user-level permissions on either an AWS Identity and Access Management (IAM) policy or another statement in the bucket policy.https://aws.amazon.com/premiumsupport/knowledge-center/block-s3-traffic-vpc-ip/

A solution that is able to support growth in users, traffic, or data size with no drop in performance aligns with which cloud architecture principle?

• Think parallel

• Implement elasticity

• Decouple your components

• Design for failure

https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf

A company will be moving from an on-premises data center to the AWS Cloud.What would be one financial difference after the move?

• Moving from variable operational expense (opex) to upfront capital expense (capex).

• Moving from upfront capital expense (capex) to variable capital expense (capex).

• Moving from upfront capital expense (capex) to variable operational expense (opex).

• Elimination of upfront capital expense (capex) and elimination of variable operational expense (opex)

How should a customer forecast the future costs for running a new web application?

• Amazon Aurora Backtrack

• Amazon CloudWatch Billing Alarms

• AWS Simple Monthly Calculator

• AWS Cost and Usage report

You can use Cost explorer which is part of Cost and Usage report to forecast future costs of running an application.https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html

Which is the MINIMUM AWS Support plan that provides technical support through phone calls?

• Enterprise

• Business

• Developer

• Basic

https://aws.amazon.com/premiumsupport/plans/

Which of the following tasks is the responsibility of AWS?

• Encrypting client-side data

• Configuring AWS Identity and Access Management (IAM) roles

• Securing the Amazon EC2 hypervisor

• Setting user password policies

In EC2, the AWS IaaS offering, everything from the hypervisor layer down is AWS's responsibility. A customer's poorly coded applications, misconfigured operating systems, or insecure firewall settings will not affect the hypervisor, it will only affect the customer's virtual machines running on that hypervisor.https://www.mindpointgroup.com/blog/the-aws-shared-responsibility-model-part-1-security-in-the-cloud/

One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon EC2) pricing is:

• the ability to bid for a lower hourly cost.

• paying a daily rate regardless of time used.

• paying only for time used.

• pre-paying for instances and paying a lower hourly rate.

On-Demand Capacity Reservations are priced exactly the same as their equivalent (On-Demand) instance usage. If a Capacity Reservation is fully utilized, you only pay for instance usage and nothing towards the Capacity Reservation. If a Capacity Reservation is partially utilized, you pay for the instance usage and for the unused portion of the Capacity Reservation.https://aws.amazon.com/ec2/pricing/on-demand/

An administrator needs to rapidly deploy a popular IT solution and start using it immediately.Where can the administrator find assistance?

• AWS Well-Architected Framework documentation

• Amazon CloudFront

• AWS CodeCommit

• AWS Quick Start reference deployments

Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.https://aws.amazon.com/quickstart/?quickstart-all.sort-by=item.additionalFields.updateDate&quickstart-all.sort-order=desc

Which of the following services is in the category of AWS serverless platform?

• Amazon EMR

• Elastic Load Balancing

• AWS Lambda

• AWS Mobile Hub

AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services.https://aws.amazon.com/serverless/

Which services are parts of the AWS serverless platform?

• Amazon EC2, Amazon S3, Amazon Athena

• Amazon Kinesis, Amazon SQS, Amazon EMR

• AWS Step Functions, Amazon DynamoDB, Amazon SNS

• Amazon Athena, Amazon Cognito, Amazon EC2

AWS provides a set of fully managed services that you can use to build and run serverless applications. Serverless applications don't require provisioning, maintaining, and administering servers for backend components such as compute, databases, storage, stream processing, message queueing, and more. You also no longer need to worry about ensuring application fault tolerance and availability. Instead, AWS handles all of these capabilities for you. Serverless platform includes: AWS lambda, Amazon S3, DynamoDB, API gateway, Amazon SNS, AWS step functions, Amazon kinesis and developing tools and services.https://aws.amazon.com/serverless/

According to the AWS shared responsibility model, what is the sole responsibility of AWS?

• Application security

• Edge location management

• Patch management

• Client-side data

Client-side data, application security is the sole responsibility of the customer. Patch management is a shared responsibility. That leaves us with edge location management and since this out of the control of the customer, AWS is the one responsible for it.https://aws.amazon.com/compliance/shared-responsibility-model/

Which AWS IAM feature is used to associate a set of permissions with multiple users?

• Multi-factor authentication

• Groups

• Password policies

• Access keys

An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need.https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

Which of the following are benefits of the AWS Cloud? (Choose two.)

• Unlimited uptime

• Elasticity

• Agility

• Colocation

• Capital expenses

The most celebrated benefit of AWS cloud is elasticity since you can expand the services when you experience more traffic.Agile developments in AWS Cloud through strategies are day by day becoming more established within the enterprises across the world. With so much improvement and call for optimization in the cloud, it is necessary that these strategies get established from the ground up within the organizations. It is highly important as already enterprises have a lot of bequest, politics and hierarchies which act as barriers in their businesses.https://www.botmetric.com/blog/evolution-agile-enterprises-aws-cloud/

Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?

• Amazon Connect

• AWS Directory Service

• Amazon Pinpoint

• Amazon Rekognition

Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. It cannot be used on computers that are not joined to the directory.https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_single_sign_on.html

What are the multiple, isolated locations within an AWS Region that are connected by low-latency networks called?

• AWS Direct Connects

• Amazon VPCs

• Edge locations

• Availability Zones

Each Region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links. A LocalZone is an AWS infrastructure deployment that places select services closer to your end users. A Local Zone is an extension of a Region that is in a different location from your Region. It provides a high-bandwidth backbone to the AWS infrastructure and is ideal for latency-sensitive applications, for example machine learning.https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Which of the following benefits does the AWS Compliance program provide to AWS customers? (Choose two.)

• It verifies that hosted workloads are automatically compliant with the controls of supported compliance frameworks.

• AWS is responsible for the maintenance of common compliance framework documentation.

• It assures customers that AWS is maintaining physical security and data protection.

• It ensures the use of compliance frameworks that are being used by other cloud providers.

• It will adopt new compliance frameworks as they become relevant to customer workloads.

https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf

Which of the following services provides on-demand access to AWS compliance reports?

• AWS IAM

• AWS Artifact

• Amazon GuardDuty

• AWS KMS

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment CardIndustry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement(NDA).https://aws.amazon.com/artifact/

As part of the AWS shared responsibility model, which of the following operational controls do users fully inherit from AWS?

• Security management of data center

• Patch management

• Configuration management

• User and access management

https://aws.amazon.com/compliance/shared-responsibility-model/

When comparing AWS Cloud with on-premises Total Cost of Ownership, which expenses must be considered? (Choose two.)

• Software development

• Project management

• Storage hardware

• Physical servers

• Antivirus software license

https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/

Under the shared responsibility model, which of the following tasks are the responsibility of the customer? (Choose two.)

• Maintaining the underlying Amazon EC2 hardware.

• Managing the VPC network access control lists.

• Encrypting data in transit and at rest.

• Replacing failed hard disk drives.

• Deploying hardware in different Availability Zones.

The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is something a customer has to do himself to secure the applications. Encrypting data in transit and at rest is a shared responsibility in which AWS plays a part. All hardware related jobs have nothing to do with the customer.https://dzone.com/articles/aws-shared-responsibility-model-cloud-security

Which scenarios represent the concept of elasticity on AWS? (Choose two.)

• Scaling the number of Amazon EC2 instances based on traffic.

• Resizing Amazon RDS instances as business needs change.

• Automatically directing traffic to less-utilized Amazon EC2 instances.

• Using AWS compliance documents to accelerate the compliance process.

• Having the ability to create and govern environments using code.

https://wa.aws.amazon.com/wat.concept.elasticity.en.html

When is it beneficial for a company to use a Spot Instance?

• When there is flexibility in when an application needs to run.

• When there are mission-critical workloads.

• When dedicated capacity is needed.

• When an instance should not be stopped.

The key to understanding spot instances is to look at the way that cloud service providers such as Amazon Web Services (AWS) operate. Cloud service providers invest in hardware resources and then release those resources (often on a per-hour basis) to subscribers. One of the problems with this business model, however, is that at any given time, there are likely to be compute resources that are not being utilized. These resources represent hardware capacity that AWS has paid for but are sitting idle, and not making AWS any money at the moment.Rather than allowing these computing resources to go to waste, AWS offers them at a substantially discounted rate, with the understanding that if someone needs those resources for running a normal EC2 instance, that instance will take priority over spot instances that are using the hardware resources at a discounted rate.In fact, spot instances will be stopped if the resources are needed elsewhere.https://awsinsider.net/articles/2017/09/25/aws-spot-instances-primer.aspx

A company is considering moving its on-premises data center to AWS.What factors should be included in doing a Total Cost of Ownership (TCO) analysis? (Choose two.)

• Amazon EC2 instance availability

• Power consumption of the data center

• Labor costs to replace old servers

• Application developer time

• Database engine capacity

How does AWS charge for AWS Lambda?

• Users bid on the maximum price they are willing to pay per hour.

• Users choose a 1-, 3- or 5-year upfront payment term.

• Users pay for the required permanent storage on a file system or in a database.

• Users pay based on the number of requests and consumed compute resources.

AWS Lambda is charging its users by the number of requests for their functions and by the duration, which is the time the code needs to execute. When code starts running in response to an event, AWS Lambda counts a request. It will charge the total number of requests across all of the functions used. Duration is calculated by the time when your code started executing until it returns or until it is terminated, rounded up near to 100ms. The AWS Lambda pricing depends on the amount of memory that the user used to allocate to the function.https://dashbird.io/blog/aws-lambda-pricing-model-explained/

What function do security groups serve related Amazon Elastic Compute Cloud (Amazon EC2) instance security?

• Act as a virtual firewall for the Amazon EC2 instance.

• Secure AWS user accounts with AWS identity and Access Management (IAM) policies.

• Provide DDoS protection with AWS Shield.

• Use Amazon CloudFront to protect the Amazon EC2 instance.

AWS Security Groups act like a firewall for your Amazon EC2 instances controlling both inbound and outbound traffic. When you launch an instance on AmazonEC2, you need to assign it to a particular security group.After that, you can set up ports and protocols, which remain open for users and computers over the internet.AWS Security Groups are very flexible. You can use the default security group and still customize it according to your liking (although we don't recommend this practice because groups should be named according to their purpose.) Or you can create a security group that you want for your specific applications. To do this, you can write the corresponding code or use the Amazon EC2 console to make the process easier.https://www.threatstack.com/blog/aws-security-groups-what-they-are-and-how-to-get-the-most-out-of-them

Which disaster recovery scenario offers the lowest probability of down time?

• Backup and restore

• Pilot light

• Warm standby

• Multi-site active-active

Backup and Restore: a simple, straightforward, cost-effective method that backs up and restores data as needed. Keep in mind that because none of your data is on standby, this method, while cheap, can be quite time-consuming.

Pilot Light: This method keeps critical applications and data at the ready so that it can be quickly retrieved if needed.

Warm Standby: This method keeps a duplicate version of your business' core elements running on standby at all times, which makes for a little downtime and an almost seamless transition.

Multi-Site Solution: Also known as a Hot Standby, this method fully replicates your company's data/applications between two or more active locations and splits your traffic/usage between them. If a disaster strikes, everything is simply rerouted to the unaffected area, which means you'll suffer almost zero downtime. However, by running two separate environments simultaneously, you will obviously incur much higher costs.

https://cloudranger.com/best-practices-aws-disaster-recovery-planning/

What will help a company perform a cost benefit analysis of migrating to the AWS Cloud?

• Cost Explorer

• AWS Total Cost of Ownership (TCO) Calculator

• AWS Simple Monthly Calculator

• AWS Trusted Advisor

AWS TCO calculators allow you to estimate the cost savings when using AWS and provide a detailed set of reports that can be used in executive presentations.The calculators also give you the option to modify assumptions that best meet your business needs.https://aws.amazon.com/tco-calculator/

Which of the following provides the ability to share the cost benefits of Reserved Instances across AWS accounts?

• AWS Cost Explorer between AWS accounts

• Linked accounts and consolidated billing

• Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report

• Amazon EC2 Instance Usage Report between AWS accounts

The way that Reserved Instance discounts apply to accounts in an organization's consolidated billing family depends on whether Reserved Instance sharing is turned on or off for the account. By default, Reserved Instance sharing for all accounts in an organization is turned on. You can change this setting by Turning OffReserved Instance Sharing for an account.The capacity reservation for a Reserved Instance applies only to the account the Reserved Instance was purchased on, regardless of whether Reserved Instance sharing is turned on or off.https://aws.amazon.com/premiumsupport/knowledge-center/ec2-ri-consolidated-billing/

A company has multiple AWS accounts and wants to simplify and consolidate its billing process.Which AWS service will achieve this?

• AWS Cost and Usage Reports

• AWS Organizations

• AWS Cost Explorer

• AWS Budgets

You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon InternetServices Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a master (payer) account that pays the charges of all the member (linked) accounts.https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html

A company is designing an application hosted in a single AWS Region serving end-users spread across the world. The company wants to provide the end-users low latency access to the application data.Which of the following services will help fulfill this requirement?

• Amazon CloudFront

• AWS Direct Connect

• Amazon Route 53 global DNS

• Amazon Simple Storage Service (Amazon S3) transfer acceleration

Use AWS Local Zones to deploy workloads closer to your end-users for low-latency requirements. AWS Local Zones have their own connection to the internet and support AWS Direct Connect, so resources created in the Local Zone can serve local end-users with very low-latency communications.nationhttps://aws.amazon.com/about-aws/global-infrastructure/localzones/faqs/

Which of the following deployment models enables customers to fully trade their capital IT expenses for operational expenses?

• On-premises

• Hybrid

• Cloud

• Platform as a service

The cloud allows you to trade capital expenses (such as data centers and physical servers) for variable expenses, and only pay for IT as you consume it. Plus, the variable expenses are much lower than what you would pay to do it yourself because of the economies of scale.https://aws.amazon.com/what-is-cloud-computing/

How is asset management on AWS easier than asset management in a physical data center?

• AWS provides a Configuration Management Database that users can maintain.

• AWS performs infrastructure discovery scans on the customer's behalf.

• Amazon EC2 automatically generates an asset report and places it in the customer's specified Amazon S3 bucket.

• Users can gather asset metadata reliably with a few API calls.

AWS assets are centrally managed through an inventory management system that stores and tracks owner, location, status, maintenance, and descriptive information for AWS-owned assets. Following procurement, assets are scanned and tracked, and assets undergoing maintenance are checked and monitored for ownership, status, and resolution.https://aws.amazon.com/compliance/data-center/controls/

What feature of Amazon RDS helps to create globally redundant databases?

• Snapshots

• Automatic patching and updating

• Cross-Region read replicas

• Provisioned IOPS

https://docs.amazonaws.cn/en_us/AmazonRDS/latest/UserGuide/rds-ug.pdf

Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:

• restricted access.

• as-needed access.

• least privilege access.

• token access.

When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task.Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Which methods can be used to identify AWS costs by departments? (Choose two.)

• Enable multi-factor authentication for the AWS account root user.

• Create separate accounts for each department.

• Use Reserved Instances whenever possible.

• Use tags to associate each instance with a particular department.

• Pay bills using purchase orders.

Tags are key-value pairs that allow you to organize your AWS resources into groups. You can use tags to:

Visualize information about tagged resources in one place, in conjunction with Resource Groups.

View billing information using Cost Explorer and the AWS Cost and Usage report.Send notifications about spending limits using AWS Budgets.Use logical groupings of your resources that make sense for your infrastructure or business. For example, you could organize your resources by:

Project

Cost center

Development environment

Application

Department

https://aws.amazon.com/premiumsupport/knowledge-center/tags-billing-cost-center-project/

Under the AWS shared responsibility model, customer responsibilities include which one of the following?

• Securing the hardware, software, facilities, and networks that run all products and services.

• Providing certificates, reports, and other documentation directly to AWS customers under NDA.

• Configuring the operating system, network, and firewall.

• Obtaining industry certifications and independent third-party attestations.

https://aws.amazon.com/compliance/shared-responsibility-model/

Which managed AWS service provides real-time guidance on AWS security best practices?

• AWS X-Ray

• AWS Trusted Advisor

• Amazon CloudWatch

• AWS Systems Manager

AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security.https://www.ibm.com/downloads/cas/2N40X4PQ

Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads?

• Resource groups

• Lifecycle policies

• Application Load Balancer

• Amazon EC2 Auto Scaling

Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand.https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? (Choose two.)

• Visualization management

• Hardware management

• Encryption management

• Facilities management

• Firewall management

With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management.Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing.

https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Which AWS hybrid storage service enables on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols?

• AWS Direct Connect

• AWS Snowball

• AWS Storage Gateway

• AWS Snowball Edge

The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon's block and object cloud storage services through industry standard storage protocols. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage.https://aws.amazon.com/storagegateway/faqs/

What is a responsibility of AWS in the shared responsibility model?

• Updating the network ACLs to block traffic to vulnerable ports.

• Patching operating systems running on Amazon EC2 instances.

• Updating the firmware on the underlying EC2 hosts.

• Updating the security group rules to block traffic to the vulnerable ports.

https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode?

• Implement loose coupling.

• Design for failure.

• Automate everything that can be automated.

• Use services, not servers.

Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.https://aws.amazon.com/rds/details/multi-az/

What does it mean to grant least privilege to AWS IAM users?

• It is granting permissions to a single user only.

• It is granting permissions using AWS IAM policies only.

• It is granting AdministratorAccess policy permissions to trustworthy users.

• It is granting only the permissions required to perform a given task.

When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task.Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

What is a benefit of loose coupling as a principle of cloud architecture design?

• It facilitates low-latency request handling.

• It allows applications to have dependent workflows.

• It prevents cascading failures between different components.

• It allows companies to focus on their physical data center operations.

IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others.Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology- agnostic interfaces. Modifying any underlying operations without affecting other components should be made possible.https://www.botmetric.com/blog/aws-cloud-architecture-design-principles/

A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet.Which service will facilitate private hybrid connectivity?

• Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway

• AWS Direct Connect

• Amazon Simple Storage Service (Amazon S3) Transfer Acceleration

• AWS Web Application Firewall (AWS WAF)

Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes.https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/introduction.html

A company's web application currently has tight dependencies on underlying components, so when one component fails the entire web application fails.Applying which AWS Cloud design principle will address the current design issue?

• Implementing elasticity, enabling the application to scale up or scale down as demand changes.

• Enabling several EC2 instances to run in parallel to achieve better performance.

• Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail.

• Doubling EC2 computing resources to increase system fault tolerance.

How can a customer increase security to AWS account logons? (Choose two.)

• Configure AWS Certificate Manager

• Enable Multi-Factor Authentication (MFA)

• Use Amazon Cognito to manage access

• Configure a strong password policy

• Enable AWS Organizations

Your root account should always be protected by Multi-Factor Authentication (MFA). This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). AWS supports virtual and hardware MFA devices and U2F security keys.Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated withOpenID Connect, SAML, and other popular web identity providers like Amazon.com.Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications.

https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-using-programmatic-access/

What AWS service would be used to centrally manage AWS access across multiple accounts?

• AWS Service Catalog

• AWS Config

• AWS Trusted Advisor

• AWS Organizations

To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes.https://aws.amazon.com/organizations/

Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount?

• AWS Cost and Usage reports

• AWS Budgets

• AWS Cost Explorer

• AWS Trusted Advisor

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html

What can users access from AWS Artifact?

• AWS security and compliance documents

• A download of configuration management details for all AWS resources

• Training materials for AWS services

• A security assessment of the applications deployed in the AWS Cloud

You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), andSystem and Organization Control (SOC) reports.https://aws.amazon.com/artifact/faq/

Which is the MINIMUM AWS Support plan that provides designated Technical Account Managers?

• Enterprise

• Business

• Developer

• Basic

https://aws.amazon.com/premiumsupport/plans/

Which of the following is an AWS Well-Architected Framework design principle related to reliability?

• Deployment to a single Availability Zone

• Ability to recover from failure

• Design for cost optimization

• Perform operations as code

https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Which type of AWS storage is ephemeral and is deleted when an instance is stopped or terminated?

• Amazon EBS

• Amazon EC2 instance store

• Amazon EFS

• Amazon S3

When you stop or terminate an instance, every block of storage in the instance store is reset. Therefore, your data cannot be accessed through the instance store of another instance.https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

What is an advantage of using the AWS Cloud over a traditional on-premises solution?

• Users do not have to guess about future capacity needs.

• Users can utilize existing hardware contracts for purchases.

• Users can fix costs no matter what their traffic is.

• Users can avoid audits by using reports from AWS.