0% found this document useful (0 votes)

520 views63 pages

AWS Cloud Practitioner Practice Set 1

This document contains a practice test for the AWS Cloud Practitioner certification. It includes 64 multiple choice questions testing knowledge of topics like AWS services, billing and pricing, security, reliability, and operations. For each question, the correct answer is provided along with an explanation of why the other answer options are incorrect. The questions cover services like S3, EC2, Inspector, GuardDuty, and Shield.

Uploaded by

sridhiya

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

520 views63 pages

AWS Cloud Practitioner Practice Set 1

Uploaded by

sridhiya

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 63

9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

You can review your answers by clicking view questions.

Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).

Restart Test
View Answers

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64

Answered
Review

1. Question
Which of the following is an INCORRECT statement about Scaling, a design principle of Reliability pillar of
the AWS Well-Architected Framework.

Fault tolerance is achieved by Horizontal scaling

Horizontal Scaling implies you scale by adding more instances to your existing pool of resources

Vertical Scaling implies you scale by adding more power (CPU, RAM) to your existing machine/node

Fault tolerance is achieved by Vertical Scaling

Unattempted

Correct option:

Fault tolerance is achieved by Vertical Scaling

A “vertically scalable” system, is constrained to be running its processes on only one computer. In such
systems, the only way to increase performance is to add more resources into one computer in the form
of faster (or more) CPUs, memory or storage. Fault tolerance is not possible on vertically scalable
systems since a single instance is prone to failure.

Incorrect options:

Vertical Scaling implies you scale by adding more power (CPU, RAM) to your existing machine/node – A
“vertically scalable” system runs on a single instance. Adding power is only possible through the addition
of resources in the form of CPU, RAM, or storage to enhance performance.

Horizontal Scaling implies you scale by adding more instances to your existing pool of resources – A

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 2/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

“horizontally scalable” system is one that can increase capacity by adding more computers to the system.
Horizontally scalable systems are oftentimes able to outperform vertically scalable systems by enabling
parallel execution of workloads and distributing those across many different computers.

Fault tolerance is achieved by Horizontal scaling – Horizontal scaling adds more instances to its existing
pool to scale. This implies, there is no single point of failure. If an instance is down, the workload is taken
up by other healthy instances. Distributed systems are an example of horizontal scaling.

Reference:

https://wa.aws.amazon.com/wat.concept.horizontal-scaling.en.html

2. Question
Which of the following S3 storage classes takes the most time to retrieve data (also known as first byte
latency)?

S3 Glacier Deep Archive

S3 Standard

S3 Glacier

S3 Intelligent-Tiering

Unattempted

Correct option:

“S3 Glacier Deep Archive” – S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and
supports long-term retention and digital preservation for data that may be accessed once or twice in a
year. It is designed for customers — particularly those in highly-regulated industries, such as the
Financial Services, Healthcare, and Public Sectors — that retain data sets for 7-10 years or longer to
meet regulatory compliance requirements. S3 Glacier Deep Archive can also be used for backup and
disaster recovery use cases. It has a retrieval time (first byte latency) of 12 to 48 hours.

Please review this illustration for S3 Storage Classes data retrieval times. You don’t need to memorize
the actual numbers, just remember that S3 Glacier Deep Archive takes the most time to retrieve
data: via – https://aws.amazon.com/s3/storage-classes/

Incorrect options:

S3 Standard – S3 Standard offers high durability, availability, and performance object storage for
frequently accessed data. S3 Standard has a retrieval time (first byte latency) of milliseconds.

S3 Intelligent-Tiering – The S3 Intelligent-Tiering storage class is designed to optimize costs by

automatically moving data to the most cost-effective access tier, without performance impact or
operational overhead. It works by storing objects in two access tiers: one tier that is optimized for
frequent access and another lower-cost tier that is optimized for infrequent access. S3 Intelligent-Tiering
has a retrieval time (first byte latency) of milliseconds.

S3 Glacier – Amazon S3 Glacier is a secure, durable, and extremely low-cost Amazon S3 cloud storage

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 3/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

class for data archiving and long-term backup. It is designed to deliver 99.999999999% durability, and
provide comprehensive security and compliance capabilities that can help meet even the most stringent
regulatory requirements. S3 Glacier has a retrieval time (first byte latency) of minutes or a few hours.

Reference:

https://aws.amazon.com/s3/storage-classes/

3. Question
AWS Web Application Firewall (WAF) offers protection from common web exploits at which layer?

Layer 3

Layer 4 and 7

Layer 7

Layer 4

Unattempted

Correct option:

Layer 7

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are
forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer. HTTP
and HTTPS requests are part of the Application layer, which is layer 7.

Incorrect options:

Layer 3 – Layer 3 is the Network layer and this layer decides which physical path data will take when it
moves on the network. AWS Shield offers protection at this layer. WAF does not offer protection at this
layer.

Layer 4 – Layer 4 is the Transport layer and this layer data transmission occurs using TCP or UDP
protocols. AWS Shield offers protection at this layer. WAF does not offer protection at this layer.

Layer 4 and 7 – This option has been added as a distractor.

Reference: https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

4. Question
A company runs an application on a fleet of EC2 instances. The company wants to automate the traditional
maintenance job of running timely assessments and checking for OS vulnerabilities. As a Cloud
Practitioner, which service will you suggest for this use case?

Amazon Inspector

Amazon GuardDuty

AWS Shield
https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 4/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Amazon Macie

Unattempted

Correct option:

Amazon Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and
compliance of applications deployed on your Amazon EC2 instances. Amazon Inspector automatically
assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing
an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of
severity. These findings can be reviewed directly or as part of detailed assessment reports which are
available via the Amazon Inspector console or API.

Incorrect options:

Amazon GuardDuty – Amazon GuardDuty is a threat detection service that monitors malicious activity
and unauthorized behavior to protect your AWS account. GuardDuty analyzes billions of events across
your AWS accounts from AWS CloudTrail (AWS user and API activity in your accounts), Amazon VPC
Flow Logs (network traffic data), and DNS Logs (name query patterns). This service is for AWS account
level access, not for instance-level management like an EC2. GuardDuty cannot be used to check OS
vulnerabilities.

Amazon Macie – Amazon Macie is a fully managed data security and data privacy service that uses
machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie helps
identify and alert you to sensitive data, such as personally identifiable information (PII). This service is for
securing data and has nothing to do with an EC2 security assessment. Macie cannot be used to check
OS vulnerabilities.

AWS Shield – AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that
safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline
mitigations that minimize application downtime and latency, so there is no need to engage AWS Support
to benefit from DDoS protection. Shield is general protection against DDos attacks for all resources in the
AWS network, and not an instance-level security assessment service. Shield cannot be used to check OS
vulnerabilities.

Reference:

https://aws.amazon.com/inspector/

5. Question
A big data analytics company is moving its IT infrastructure from an on-premises data center to AWS
Cloud. The company has some server-bound software licenses that it wants to use on AWS. As a Cloud
Practitioner, which of the following EC2 instance types would you recommend to the company?

Reserved Instance

Dedicated Host

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 5/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Dedicated Instance

On-Demand Instance

Unattempted

Correct option:

Dedicated host

Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as
Microsoft and Oracle on Amazon EC2. An Amazon EC2 Dedicated Host is a physical server fully
dedicated for your use, so you can help address corporate compliance requirements.

Exam Alert:

Please review the differences between Dedicated hosts and Dedicated instances: via –
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html

Incorrect options:

Dedicated instance – Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud
(VPC) on hardware that’s dedicated to a single customer. Dedicated Instances that belong to different
AWS accounts are physically isolated at the hardware level. However, Dedicated Instances may share
hardware with other instances from the same AWS account that are not Dedicated Instances. You
cannot use Dedicated Instances for using server-bound software licenses.

Reserved Instance – Reserved Instances provide you with significant savings (up to 75%) on your
Amazon EC2 costs compared to On-Demand Instance pricing. Reserved Instances are not physical
instances, but rather a billing discount applied to the use of On-Demand Instances in your account. You
can purchase a Reserved Instance for a one-year or three-year commitment, with the three-year
commitment offering a bigger discount. You cannot use Reserved Instances for using server-bound
software licenses.

On-Demand Instance – An On-Demand Instance is an instance that you use on-demand. You have full
control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it.
There is no long-term commitment required when you purchase On-Demand Instances. There is no
upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price
per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted.
You cannot use On-demand Instances for using server-bound software licenses.

Reference:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-hosts-overview.html

6. Question
Which of the following is a serverless AWS service?

Lambda

EC2

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 6/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Beanstalk

EMR

Unattempted

Correct option:

Lambda – AWS Lambda lets you run code without provisioning or managing servers. You pay only for
the compute time you consume. With Lambda, you can run code for virtually any type of application or
backend service – all with zero administration. Just upload your code and Lambda takes care of
everything required to run and scale your code with high availability.

How Lambda Works: via – https://aws.amazon.com/lambda/

Incorrect options:

EC2 – Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable
compute capacity in the cloud with support for per-second billing. It is the easiest way to provision
servers on AWS Cloud and access the underlying OS. EC2 is not a serverless service.

EMR – Amazon EMR is the industry-leading cloud big data platform for processing vast amounts of data
using open source tools such as Hadoop, Apache Spark, Apache Hive, Apache HBase, Apache Flink,
Apache Hudi, and Presto. Amazon EMR can be used to provision resources to run big data workloads on
Hadoop clusters. EMR provisions EC2 instances to manage its workload. EMR is not a serverless service.

Beanstalk – AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications
and services. You simply upload your code and Elastic Beanstalk automatically handles the deployment,
from capacity provisioning, load balancing, auto-scaling to application health monitoring. Beanstalk
provisions servers so it is not a serverless service.
Reference:

https://aws.amazon.com/lambda/

7. Question
Which of the following AWS services can be used to connect a company’s on-premises environment to a
VPC without using the public internet?

Amazon VPC Endpoint

AWS Direct Connect

Internet Gateway

Site-to-Site VPN

Unattempted

Correct option:

AWS Direct Connect

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 7/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

connection from your premises to AWS. You can use AWS Direct Connect to establish a private virtual
interface from your on-premise network directly to your Amazon VPC, providing you with a private, high
bandwidth network connection between your network and your VPC. This connection is private and does
not go over the public internet. It takes at least a month to establish this physical connection.

How Direct Connect Works: via – https://aws.amazon.com/directconnect/

Incorrect options:

Amazon VPC Endpoint – A VPC endpoint enables you to privately connect your VPC to supported AWS
services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway,
NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require
public IP addresses to communicate with resources in the service. Traffic between your VPC and the
other service does not leave the Amazon network. VPC Endpoint cannot be used to privately connect on-
premises data center to AWS Cloud.

Internet Gateway – An Internet Gateway is a horizontally scaled, redundant, and highly available VPC
component that allows communication between your VPC and the internet. An internet gateway serves
two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform
network address translation (NAT) for instances. Internet Gateway cannot be used to privately connect
on-premises data center to AWS Cloud.

Site-to-Site VPN – AWS Site-to-Site VPN creates a secure connection between your data center or
branch office and your AWS cloud resources. This connection goes over the public internet.

References:

https://aws.amazon.com/directconnect/

https://aws.amazon.com/vpn/

8. Question
Which type of Cloud Computing does Amazon Elastic Compute Cloud (EC2) represent?

Infrastructure as a Service (IaaS)

Network as a Service (NaaS)

Platform as a Service (PaaS)

Software as a Service (SaaS)

Unattempted

Correct option:

Infrastructure as a Service (IaaS)

Cloud Computing can be broadly divided into three types – Infrastructure as a Service (IaaS), Platform as
a Service (PaaS), Software as a Service (SaaS).

IaaS contains the basic building blocks for cloud IT. It typically provides access to networking features,
computers (virtual or on dedicated hardware), and data storage space. IaaS gives the highest level of

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 8/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

flexibility and management control over IT resources.

EC2 gives you full control over managing the underlying OS, virtual network configurations, storage, data
and applications. So EC2 is an example of an IaaS service.

Please review this overview of the types of Cloud Computing: via – https://aws.amazon.com/types-of-

cloud-computing/

Incorrect options:

Platform as a Service (PaaS) – PaaS removes the need to manage underlying infrastructure (usually
hardware and operating systems), and allows you to focus on the deployment and management of your
applications. You don’t need to worry about resource procurement, capacity planning, software
maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your
application.

Elastic Beanstalk is an example of a PaaS service. You can simply upload your code and Elastic Beanstalk
automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to
application health monitoring.

Software as a Service (SaaS) – SaaS provides you with a complete product that is run and managed by
the service provider. With a SaaS offering, you don’t have to think about how the service is maintained or
how the underlying infrastructure is managed. You only need to think about how you will use that
particular software. AWS Rekognition is an example of a SaaS service.

Network as a Service (NaaS) – This is a made-up option and has been added as a distractor.

Reference:

https://aws.amazon.com/types-of-cloud-computing/

9. Question
A research group wants to use EC2 instances to run a scientific computation application with built-in fault
tolerance. The application needs high-performance hardware disks that provide fast I/O performance. As a
Cloud Practitioner, which of the following storage options would you recommend as the MOST cost-
effective solution?

Instance Store

EBS

EFS

Unattempted

Correct option:

Instance Store

An instance store provides temporary block-level storage for your instance. This storage is located on
disks that are physically attached to the host computer. This is a good option when you need storage

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 9/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

with very low latency, but you don’t need the data to persist when the instance terminates or you can
take advantage of fault-tolerant architectures.

As the Instance Store volumes are included as part of the instance’s usage cost, therefore this is the
correct option.

EC2 Instances Store Overview: via –

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

Incorrect options:

EFS – Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed, elastic NFS
file system. EFS is not available as a hardware disk on the instance, so this option is not correct.

EBS – Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service
designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-
intensive workloads at any scale. EBS is not available as a hardware disk on the instance, so this option is
not correct.

S3 – Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-
leading scalability, data availability, security, and performance. S3 is not available as a hardware disk on
the instance, so this option is not correct.

Reference:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

10. Question
Which of the following is an AWS database service?

Redshift

Glue

Storage Gateway

Database Migration Service

Unattempted

Correct option:

Redshift – Amazon Redshift is a fully-managed petabyte-scale cloud-based data warehouse product

designed for large scale data set storage and analysis.

Incorrect options:

Glue – AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for
customers to prepare and load their data for analytics.

Storage Gateway – AWS Storage Gateway is a hybrid cloud storage service that connects your existing
on-premises environments with the AWS Cloud. Customers use Storage Gateway to simplify storage
management and reduce costs for key hybrid cloud storage use cases.

Database Migration Service – AWS Database Migration Service helps you migrate databases to AWS

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 10/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

quickly and securely. The source database remains fully operational during the migration, minimizing
downtime to applications that rely on the database. The AWS Database Migration Service can migrate
your data to and from the most widely used commercial and open-source databases.

References:

https://aws.amazon.com/redshift/

https://aws.amazon.com/dms/

11. Question
Which of the following AWS services has encryption enabled by default?

Elastic Block Storage (EBS)

CloudTrail Logs

Amazon S3

Elastic File Storage (EFS)

Unattempted

Correct option:

CloudTrail Logs

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing
of your AWS account. CloudTrail can be used to record AWS API calls and other activity for your AWS
account and save the recorded information to log files in an Amazon Simple Storage Service (Amazon S3)
bucket that you choose. By default, the log files delivered by CloudTrail to your S3 bucket are encrypted
using server-side encryption with Amazon S3–managed encryption keys (SSE-S3).

Incorrect options:

Elastic File Storage (EFS) – Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully
managed elastic NFS file system for use with AWS Cloud services and on-premises resources. Amazon
EFS supports two forms of encryption for file systems, encryption of data in transit and encryption at
rest. This is an optional feature and has to be enabled by user if needed.

Elastic Block Storage (EBS) – Amazon Elastic Block Store (EBS) is an easy to use, high-performance block
storage service designed for use with Amazon Elastic Compute Cloud (EC2) instances for both
throughput and transaction-intensive workloads at any scale. Encryption (at rest and during transit) is an
optional feature for EBS and has to be enabled by the user.

Amazon S3 – Amazon Simple Storage Service is storage for the Internet. To upload data into S3 you
need to create an S3 bucket in one of the AWS Regions. Amazon S3 default encryption provides a way to
set the default encryption behavior for an S3 bucket. Encryption for an S3 bucket is an additional feature
and the user needs to enable it.

Reference: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-
with-aws-kms.html

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 11/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

12. Question
Which AWS service will help you receive alerts when the reservation utilization falls below the defined
threshold?

AWS Simple Monthly Calculator

AWS Budgets

AWS CloudTrail

AWS Trusted Advisor

Unattempted

Correct option:

AWS Budgets

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage
exceed (or are forecasted to exceed) your budgeted amount.

You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when
your utilization drops below the threshold you define. Reservation alerts are supported for Amazon EC2,
Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations.

Incorrect options:

AWS Simple Monthly Calculator – The Simple Monthly Calculator provides an estimate of usage charges
for AWS services based on certain information you provide. It helps customers and prospects estimate
their monthly AWS bill more efficiently. You cannot use this service to receive alerts when the
reservation utilization falls below the defined threshold.

AWS CloudTrail – AWS CloudTrail is a service that enables governance, compliance, operational auditing,
and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain
account activity related to actions across your AWS infrastructure. CloudTrail provides event history of
your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs,
command-line tools, and other AWS services. You cannot use this service to receive alerts when the
reservation utilization falls below the defined threshold.

AWS Trusted Advisor – AWS Trusted Advisor is an online tool that provides real-time guidance to help
provision your resources following AWS best practices. Whether establishing new workflows, developing
applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly
help keep your solutions provisioned optimally. AWS Trusted Advisor analyzes your AWS environment
and provides best practice recommendations in five categories: Cost Optimization, Performance,
Security, Fault Tolerance, Service Limits. You cannot use this service to receive alerts when the
reservation utilization falls below the defined threshold.

References:

https://aws.amazon.com/aws-cost-management/aws-budgets/

https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 12/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

13. Question
Which AWS services can be used to decouple components of a microservices based application on AWS
Cloud? (Select two)

Step Function

EC2

Lambda

SQS

SNS

Unattempted

Correct option:

SQS – Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables
you to decouple and scale microservices, distributed systems, and serverless applications. Using SQS,
you can send, store, and receive messages between software components at any volume, without losing
messages or requiring other services to be available.

SNS – Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed
pub/sub messaging service that enables you to decouple microservices, distributed systems, and
serverless applications. Using Amazon SNS topics, your publisher systems can fan-out messages to a
large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS
Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end
users using mobile push, SMS, and email.

Therefore, both SNS and SQS can be used to decouple components of a microservices-based application.

Please review this reference architecture for building a decoupled order processing system using SNS
and SQS: via – https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-
with-amazon-sqs-and-amazon-sns/

Incorrect options:

Lambda – AWS Lambda lets you run code without provisioning or managing servers. You pay only for
the compute time you consume. Lambda cannot be used to decouple components of a microservices-
based application.

Step Function – AWS Step Function lets you coordinate multiple AWS services into serverless
workflows. You can design and run workflows that stitch together services such as AWS Lambda, AWS
Glue and Amazon SageMaker. Step Function cannot be used to decouple components of a
microservices-based application.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 13/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Reference:

https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-
sqs-and-amazon-sns/

https://aws.amazon.com/microservices/

14. Question
Which of the following are correct statements regarding the AWS Global Infrastructure? (Select two)

Each AWS Region consists of two or more Availability Zones

Each Availability Zone (AZ) consists of two or more discrete data centers

Each Availability Zone (AZ) consists of one or more discrete data centers

Each AWS Region consists of two or more Edge Locations

Each AWS Region consists of one or more Availability Zones

Unattempted

Correct options:

Each AWS Region consists of two or more Availability Zones

Each Availability Zone (AZ) consists of one or more discrete data centers

AWS has the concept of a Region, which is a physical location around the world where AWS clusters
data centers. Each AWS Region consists of multiple (two or more), isolated, and physically separate AZ’s
within a geographic area. Each AZ has independent power, cooling, and physical security and is
connected via redundant, ultra-low-latency networks.

An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and
connectivity in an AWS Region. All AZ’s in an AWS Region are interconnected with high-bandwidth, low-
latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency
networking between AZ’s.

AWS Regions and Availability Zones Overview: via – https://aws.amazon.com/about-aws/global-

infrastructure/regions_az/

Incorrect options:

Each AWS Region consists of one or more Availability Zones

Each Availability Zone (AZ) consists of two or more discrete data centers

Each AWS Region consists of two or more Edge Locations

These three options contradict the details provided earlier in the explanation, so these options are
incorrect.

Reference:

https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 14/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

15. Question
A unicorn startup is building an analytics application with support for a speech-based interface. The
application will accept speech-based input from users and then convey results via speech. As a Cloud
Practitioner, which solution would you recommend for the given use-case?

Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly
to convey the text results via speech

Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Transcribe
to convey the text results via speech

Use Amazon Translate to convert speech to text for downstream analysis. Then use Amazon Polly to
convey the text results via speech

Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Translate to
convey the text results via speech

Unattempted

Correct option:

Use Amazon Transcribe to convert speech to text for downstream analysis. Then use Amazon Polly to
convey the text results via speech

You can use Amazon Transcribe to add speech-to-text capability to your applications. Amazon Transcribe
uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly
and accurately. Amazon Transcribe can be used to transcribe customer service calls, to automate closed
captioning and subtitling, and to generate metadata for media assets.

Amazon Transcribe Use-Cases: via – https://aws.amazon.com/transcribe/

You can use Amazon Polly to turn text into lifelike speech thereby allowing you to create applications that
talk. Polly’s Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural
sounding human speech.

Amazon Polly Benefits: via – https://aws.amazon.com/polly/

Amazon Translate is used for language translation. Amazon Translate uses neural machine translation via
deep learning models to deliver more accurate and more natural-sounding translation than traditional
statistical and rule-based translation algorithms.

Incorrect options:

Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Transcribe to
convey the text results via speech – Amazon Polly cannot be used to convert speech to text, so this
option is incorrect.

Use Amazon Translate to convert speech to text for downstream analysis. Then use Amazon Polly to
convey the text results via speech – Amazon Translate cannot convert speech to text, so this option is
incorrect.

Use Amazon Polly to convert speech to text for downstream analysis. Then use Amazon Translate to
convey the text results via speech – Amazon Polly cannot be used to convert speech to text, so this

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 15/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

option is incorrect.

References:

https://aws.amazon.com/transcribe/

https://aws.amazon.com/polly/

16. Question
As per AWS shared responsibility model, which of the following is a responsibility of the customer from a
security and compliance point of view?

Edge Location management and maintenance

Patching/fixing flaws within the AWS infrastructure

Availability Zone infrastructure management

Manage Elastic Block Store (EBS) backups using EBS snapshots

Unattempted

Correct option:

Elastic Block Store (EBS) backups using EBS snapshots

Security and Compliance is a shared responsibility between AWS and the customer. This shared model
can help relieve the customer’s operational burden as AWS operates, manages, and controls the
components from the host operating system and virtualization layer down to the physical security of the
facilities in which the service operates.

AWS is responsible for security “of” the Cloud and customer is responsible for security “in” the cloud.
Customers are responsible for managing their data (including encryption options), classifying their assets,
and using IAM tools to apply the appropriate permissions. Creating a backup for EBS volumes is the
responsibility of the customer.

Shared Responsibility Model Overview: via – https://aws.amazon.com/compliance/shared-responsibility-

model/

Incorrect options:

Edge Location management and maintenance

Availability Zone infrastructure management

Patching/fixing flaws within the AWS infrastructure

AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS
Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run
AWS Cloud services. Therefore these three options fall under the ambit of AWS as per the shared
responsibility model.

Reference:

https://aws.amazon.com/compliance/shared-responsibility-model/

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 16/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

17. Question
Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?

Raise a support ticket with AWS Support to remove the account

The AWS account must be able to operate as a standalone account. Only then it can be removed
from AWS organizations

The AWS account can be removed from AWS Systems Manager

The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can
be removed from AWS organizations

Unattempted

Correct option:

The AWS account must be able to operate as a standalone account. Only then it can be removed from
AWS organizations

You can remove an account from your organization only if the account has the information that is
required for it to operate as a standalone account. For each account that you want to make standalone,
you must accept the AWS Customer Agreement, choose a support plan, provide and verify the required
contact information, and provide a current payment method. AWS uses the payment method to charge
for any billable (not AWS Free Tier) AWS activity that occurs while the account isn’t attached to an
organization.

Incorrect options:

Raise a support ticket with AWS Support to remove the account – AWS Support does not need to help
you in removing an AWS account from AWS Organizations.

The AWS account can be removed from AWS Systems Manager – AWS Systems Manager gives you
visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so
you can view operational data from multiple AWS services and allows you to automate operational tasks
such as running commands, managing patches, and configuring servers across AWS Cloud as well as on-
premises infrastructure. Systems Manager cannot be used to remove an AWS account from AWS
Organizations.

The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can be
removed from AWS organizations – This is not a pre-requisite to remove the AWS account. The
principals in the AWS account are no longer affected by any service control policies (SCPs) that were
defined in the organization. This means that restrictions imposed by those SCPs are gone, and the users
and roles in the account might have more permissions than they had before.

Reference:

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html

18. Question

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 17/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

A multi-national corporation wants to get expert professional advice on migrating to AWS and managing
their applications on AWS Cloud. Which of the following entities would you recommend for this
engagement?

APN Technology Partner

Concierge Support Team

APN Consulting Partner

AWS Trusted Advisor

Unattempted

Correct option:

APN Consulting Partner

The AWS Partner Network (APN) is the global partner program for technology and consulting businesses
that leverage Amazon Web Services to build solutions and services for customers.

APN Consulting Partners are professional services firms that help customers of all types and sizes
design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their
migration to AWS cloud.

APN Partner Types Overview: via – https://aws.amazon.com/partners/

Incorrect options:

APN Technology Partner – APN Technology Partners provide hardware, connectivity services, or
software solutions that are either hosted on or integrated with, the AWS Cloud. APN Technology
Partners cannot help in migrating to AWS and managing applications on AWS Cloud.

AWS Trusted Advisor – AWS Trusted Advisor is an online tool that provides you real-time guidance to
help you provision your resources following AWS best practices on cost optimization, security, fault
tolerance, service limits, and performance improvement. Whether establishing new workflows,
developing applications, or as part of ongoing improvement, recommendations provided by Trusted
Advisor regularly help keep your solutions provisioned optimally. All AWS customers get access to the
seven core Trusted Advisor checks to help increase the security and performance of the AWS
environment. Trusted Advisor cannot be used to migrate to AWS and manage applications on AWS
Cloud.

Concierge Support Team – The Concierge Support Team are AWS billing and account experts that
specialize in working with enterprise accounts. They will quickly and efficiently assist you with your billing
and account inquiries. The Concierge Support Team is only available for the Enterprise Support plan.
Concierge Support Team cannot help in migrating to AWS and managing applications on AWS Cloud.

Reference:

https://aws.amazon.com/partners/

19. Question

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 18/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

A startup wants to migrate its data and applications from the on-premises data center to AWS Cloud.
Which of the following options can be used by the startup to help with this migration? (Select two)

Use AWS Trusted Advisor to automate the infrastructure migration

Leverage AWS Professional Services and set up AWS Landing Zone to accelerate the infrastructure
migration

Consult moderators on AWS Developer Forums

Raise a support ticket with AWS Support for further assistance

Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration

Unattempted

Correct options:

Leverage AWS Professional Services and set up AWS Landing Zone to accelerate the infrastructure
migration

The AWS Professional Services organization is a global team of experts that can help you realize your
desired business outcomes when using the AWS Cloud. AWS Professional Services consultants can
supplement your team with specialized skills and experience that can help you achieve quick results.

AWS Landing Zone is a solution that helps customers more quickly set up a secure, multi-account AWS
environment based on AWS best practices. This solution can help save time by automating the set-up of
an environment for running secure and scalable workloads while implementing an initial security baseline
through the creation of core accounts and resources.

Therefore, leveraging AWS Professional Services along with AWS Landing Zone can accelerate the
infrastructure migration for the startup.

Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration

The AWS Partner Network (APN) is the global partner program for technology and consulting businesses
that leverage Amazon Web Services to build solutions and services for customers. The startup can work
with experts from APN to build a custom solution for this infrastructure migration.

Incorrect options:

Raise a support ticket with AWS Support for further assistance – AWS Support cannot help with
complex infrastructure migration of this nature. Hence this option is incorrect.

Consult moderators on AWS Developer Forums – This is a made-up option and has been added as a
distractor.

Use AWS Trusted Advisor to automate the infrastructure migration – AWS Trusted Advisor is an online
tool that provides you real-time guidance to help you provision your resources following AWS best
practices on cost optimization, security, fault tolerance, service limits, and performance improvement.
Trusted Advisor cannot automate the infrastructure migration.

References:

https://aws.amazon.com/partners/

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 19/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

https://aws.amazon.com/professional-services/

https://aws.amazon.com/solutions/implementations/aws-landing-zone/

20. Question
A financial services company wants to ensure that its AWS account activity meets the governance,
compliance and auditing norms. As a Cloud Practitioner, which AWS service would you recommend for this
use-case?

CloudWatch

Config

Trusted Advisor

CloudTrail

Unattempted

Correct option:

CloudTrail

You can use CloudTrail to log, monitor and retain account activity related to actions across your AWS
infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken
through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

How CloudTrail Works: via – https://aws.amazon.com/cloudtrail/

Incorrect options:

Config – AWS Config is a service that enables you to assess, audit, and evaluate the configurations of
your AWS resources. Config continuously monitors and records your AWS resource configurations and
allows you to automate the evaluation of recorded configurations against desired configurations.

CloudWatch – Amazon CloudWatch is a monitoring and observability service built for DevOps engineers,
developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable
insights to monitor applications, respond to system-wide performance changes, optimize resource
utilization, and get a unified view of operational health. This is an excellent service for building Resilient
systems.

Exam Alert:

You may see use-cases asking you to select one of CloudWatch vs CloudTrail vs Config. Just remember
this thumb rule –

Think resource performance monitoring, events, and alerts; think CloudWatch.

Think account-specific activity and audit; think CloudTrail.

Think resource-specific change history, audit, and compliance; think Config.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 20/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Reference:

https://aws.amazon.com/cloudtrail/

21. Question
Which of the following represents a serverless stack on AWS Cloud?

Step Function, DynamoDB, EC2

Step Function, DynamoDB, Lambda

EMR, DynamoDB, Lambda

EC2, DynamoDB, Lambda

Unattempted

Correct option:

Step Function, DynamoDB, Lambda

AWS provides a set of fully managed services that you can use to build and run serverless applications.
Serverless applications don’t require provisioning, maintaining, and administering servers for backend
components such as compute, databases, storage, stream processing, message queueing, and more.
You also no longer need to worry about ensuring application fault tolerance and availability.

The AWS serverless platform overview: via – https://aws.amazon.com/serverless/

AWS Step Function lets you coordinate multiple AWS services into serverless workflows. You can design
and run workflows that stitch together services such as AWS Lambda, AWS Glue and Amazon
SageMaker.

Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond
performance at any scale. It’s a fully managed, multi-Region, multi-master, durable database with built-in
security, backup and restore, and in-memory caching for internet-scale applications.

AWS Lambda lets you run code without provisioning or managing servers.

Incorrect options:

Amazon EMR is the industry-leading cloud big data platform for processing vast amounts of data using
open source tools such as Hadoop, Apache Spark, Apache Hive, Apache HBase, Apache Flink, Apache
Hudi, and Presto. Amazon EMR can be used to provision resources to run big data workloads on Hadoop
clusters. EMR provisions EC2 instances to manage its workload. EMR is not a serverless service.

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute
capacity in the cloud with support for per-second billing. It is the easiest way to provision servers on
AWS Cloud and access the underlying OS. EC2 is not a serverless service.

Step Function, DynamoDB, EC2

EMR, DynamoDB, Lambda

EC2, DynamoDB, Lambda

As each of these three stacks has either EC2 or EMR, therefore, these options are incorrect.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 21/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Reference:

https://aws.amazon.com/serverless/

22. Question
Which of the following AWS services should be used to automatically distribute incoming traffic across
multiple targets?

Amazon Elasticsearch

AWS Elastic Beanstalk

AWS Elastic Load Balancing

AWS Auto Scaling

Unattempted

Correct option:

AWS Elastic Load Balancing

Elastic Load Balancing is used to automatically distribute your incoming application traffic across all the
EC2 instances that you are running. You can use Elastic Load Balancing to manage incoming requests by
optimally routing traffic so that no one instance is overwhelmed. Your load balancer acts as a single point
of contact for all incoming web traffic to your application. When an instance is added, it needs to register
with the load balancer or no traffic is routed to it. When an instance is removed, it must deregister from
the load balancer or traffic continues to be routed to it.

Incorrect options:

AWS Elastic Beanstalk – AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web
applications and services developed in a variety of programming languages. You can simply upload your
code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load
balancing, auto-scaling to application health monitoring. You cannot use Beanstalk to distribute incoming
traffic across multiple targets.

Amazon Elasticsearch – The term “Elasticsearch” is used to define a distributed, open source search and
analytics engine for all types of data, including textual, numerical, geospatial, structured, and
unstructured. Amazon Elasticsearch Service is a fully managed service that makes it easy to deploy,
secure, and run Elasticsearch cost effectively at scale. It is a search and analytics service from Amazon.

AWS Auto Scaling – AWS Auto Scaling monitors your applications and automatically adjusts capacity to
maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy
to setup application scaling for multiple resources across multiple services in minutes. This is a scaling
service that helps you spin up resources as and when you need them and scale down when the high
demand reduces. Auto Scaling can be used with Elastic Load Balacing to build high performance
applications.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 22/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Reference:

https://aws.amazon.com/elasticloadbalancing/

23. Question
Which of the following is the MOST cost-effective option to purchase an EC2 Reserved Instance?

Partial upfront payment option with standard 3-years term

No upfront payment option with standard 1-year term

No upfront payment option with standard 3-years term

All upfront payment option with standard 1-year term

Unattempted

Correct option:

Partial upfront payment option with standard 3-years term

You can use Amazon EC2 Reserved Instances to reserve capacity and receive a discount on your instance
usage compared to running On-Demand instances. The discounted usage price is reserved for the
duration of your contract, allowing you to predict compute costs over the term of the Reserved Instance.

Please review this pricing comparison for EC2 Reserved Instances: via –

https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf

So the percentage savings for each option is as follows:

“No upfront payment option with the standard 1-year term” – 36%

“All upfront payment option with the standard 1-year term” – 40%

“No upfront payment option with the standard 3-years term” – 56%

“Partial upfront payment option with the standard 3-years term” – 59%

Exam Alert:

For the exam, there is no need to memorize these savings numbers. All you need to remember is that a
3 years term would always be more cost-effective than a 1-year term. Then within a term, “all upfront” is
better than “partial upfront” which in turn is better than “no upfront” from a cost savings perspective.

Incorrect options:

No upfront payment option with standard 1-year term

No upfront payment option with standard 3-years term

These three options contradict the details provided earlier in the explanation, so these options are
incorrect.

Reference:

https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf

24. Question
https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 23/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Which of the following are the storage services offered by the AWS Cloud? (Select two)

SNS

EC2

EFS

SQS

Unattempted

Correct options:

S3 – Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-
leading scalability, data availability, security, and performance.

EFS – Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS
file system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to
petabytes without disrupting applications, growing and shrinking automatically as you add and remove
files, eliminating the need to provision and manage capacity to accommodate growth.

Incorrect options:

EC2 – Amazon EC2 is a web service that provides secure, resizable compute capacity in the AWS cloud.
You can use EC2 to provision virtual servers on AWS Cloud.

Reference:

25. Question
AWS Shield Advanced provides expanded DDoS attack protection for web applications running on which of
the following resources? (Select two)

AWS Global Accelerator

AWS Elastic Beanstalk

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 24/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

AWS CloudFormation

Amazon Route 53

Amazon API Gateway

Unattempted

Correct options:

Amazon Route 53

AWS Global Accelerator

AWS Shield Standard is activated for all AWS customers, by default. For higher levels of protection
against attacks, you can subscribe to AWS Shield Advanced. With Shield Advanced, you also have
exclusive access to advanced, real-time metrics and reports for extensive visibility into attacks on your
AWS resources. With the assistance of the DRT (DDoS response team), AWS Shield Advanced includes
intelligent DDoS attack detection and mitigation for not only for network layer (layer 3) and transport layer
(layer 4) attacks but also for application layer (layer 7) attacks.

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on the
following resources: Amazon Elastic Compute Cloud, Elastic Load Balancing (ELB), Amazon CloudFront,
Amazon Route 53, AWS Global Accelerator.

Incorrect options:

Amazon API Gateway – Amazon API Gateway is a fully managed service that makes it easy for
developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the “front
door” for applications to access data, business logic, or functionality from your backend services. Amazon
Web Application Firewall is used to monitor the HTTP and HTTPS requests that are forwarded to an
Amazon API Gateway API. It is not covered under AWS Shield Advanced.

AWS CloudFormation – AWS CloudFormation allows you to use programming languages or a simple text
file to model and provision, in an automated and secure manner, all the resources needed for your
applications across all regions and accounts. CloudFormation is not covered under AWS Shield Advanced.

AWS Elastic Beanstalk – AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web
applications and services developed with various programming languages. You can simply upload your
code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load
balancing, auto-scaling to application health monitoring. Elastic Beanstalk is covered under AWS Shield
Standard. Advanced coverage is not offered for this service.

Reference: https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html

26. Question
Which of the following is a hybrid storage service that allows on-premises applications to access data on
AWS Cloud?

Amazon EBS

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 25/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

AWS Storage Gateway

AWS Snowball

AWS Direct Connect

Unattempted

Correct option:

AWS Storage Gateway

AWS Storage Gateway is a hybrid cloud storage service that connects your existing on-premises
environments with the AWS Cloud. Customers use Storage Gateway to simplify storage management
and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the
cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data
in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster
recovery use cases.

AWS Storage Gateway service provides three different types of gateways – Tape Gateway, File
Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage,
caching data locally for low-latency access.

Incorrect options:

“AWS Direct Connect” – AWS Direct Connect creates a dedicated private connection from a remote
network to your VPC. This is a private connection and does not use the public internet. Takes at least a
month to establish this connection. Direct Connect is a connectivity service and you cannot use it to
provide AWS Cloud based storage access to on-premises applications.

“AWS Snowball” – AWS Snowball is a data transport solution that accelerates moving terabytes to
petabytes of data into and out of AWS services using storage devices designed to be secure for physical
transport. You cannot use Snowball to provide AWS Cloud based storage access to on-premises
applications.

“Amazon EBS” – Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage
service designed for use with Amazon Elastic Compute Cloud (EC2) instances for both throughput and
transaction-intensive workloads at any scale. You cannot use EBS to provide AWS Cloud based storage
access to on-premises applications.

Reference:

https://aws.amazon.com/storagegateway/features/

27. Question
Under the AWS Shared Responsibility Model, which of the following is a shared responsibility of both AWS
and the customer?

Configuration Management

Guarentee data separation among various AWS customers

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 26/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Infrastructure maintenance of Amazon S3 storage servers

Availability Zone infrastructure maintenance

Unattempted

Correct option:

Configuration Management

Security and Compliance is a shared responsibility between AWS and the customer. This shared model
can help relieve the customer’s operational burden as AWS operates, manages and controls the
components from the host operating system and virtualization layer down to the physical security of the
facilities in which the service operates.

Controls that apply to both the infrastructure layer and customer layers, but in completely separate
contexts or perspectives are called shared controls. In a shared control, AWS provides the requirements
for the infrastructure and the customer must provide their own control implementation within their use
of AWS services. Configuration Management forms a part of shared controls – AWS maintains the
configuration of its infrastructure devices, but a customer is responsible for configuring their own guest
operating systems, databases, and applications.

Shared Responsibility Model Overview: via – https://aws.amazon.com/compliance/shared-responsibility-

model/

Incorrect options:

Infrastructure maintenance of Amazon S3 storage servers – AWS is responsible for protecting the
infrastructure that runs all of the services offered in the AWS Cloud.

Guarentee data separation among various AWS customers – AWS is responsible for protecting the
infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of
the hardware, software, networking, and facilities that run AWS Cloud services.

Availability Zone infrastructure maintenance – AWS is responsible for protecting the infrastructure that
runs all of the services offered in the AWS Cloud.

Reference:

https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys

28. Question
Which of the following statements are CORRECT regarding the Availability Zone (AZ) specific
characteristics of EBS and EFS storage types?

EBS volume can be attached to a single instance in the same Availability Zone and EFS file system
can be mounted on instances in the same Availability Zone

EBS volume can be attached to instances in multiple Availability Zones and EFS file system can be
mounted on instances in the same Availability Zone

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 27/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

EBS volume can be attached to a single instance in the same Availability Zone whereas EFS file
system can be mounted on instances across multiple Availability Zones

EBS volume can be attached to instances in multiple Availability Zones and EFS file system can be
mounted on instances across multiple Availability Zones

Unattempted

Correct options:

“EBS volume can be attached to a single instance in the same Availability Zone whereas EFS file system
can be mounted on instances across multiple Availability Zones”

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file
system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to
petabytes without disrupting applications, growing and shrinking automatically as you add and remove
files, eliminating the need to provision and manage capacity to accommodate growth.

The service is designed to be highly scalable, highly available, and highly durable. Amazon EFS file
systems store data and metadata across multiple Availability Zones in an AWS Region. EFS file system
can be mounted on instances across multiple Availability Zones.

Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service designed for
use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads
at any scale.

Designed for mission-critical systems, EBS volumes are replicated within an Availability Zone (AZ) and
can easily scale to petabytes of data. EBS volume can be attached to a single instance in the same
Availability Zone.

Incorrect options:

“EBS volume can be attached to instances in multiple Availability Zones and EFS file system can be
mounted on instances in the same Availability Zone”

“EBS volume can be attached to a single instance in the same Availability Zone and EFS file system can
be mounted on instances in the same Availability Zone”

“EBS volume can be attached to instances in multiple Availability Zones and EFS file system can be
mounted on instances across multiple Availability Zones”

These three options contradict the details provided earlier in the explanation, so these options are
incorrect.

Reference:

29. Question
Which AWS services can be used to facilitate organizational change management, part of the Reliability
pillar of AWS Well-Architected Framework (Select 2)?

AWS CloudTrail

Amazon Inspector

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 28/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

AWS Trusted Advisor

AWS Config

Amazon CloudWatch

Unattempted

Correct options:

There are three best practice areas for Reliability in the cloud – Foundations, Change Management,
Failure Management. Being aware of how change affects a system (change management) allows you to
plan proactively, and monitoring allows you to quickly identify trends that could lead to capacity issues or
SLA breaches.

AWS Config – AWS Config is a service that enables you to assess, audit, and evaluate the configurations
of your AWS resources. Config continuously monitors and records your AWS resource configurations and
allows you to automate the evaluation of recorded configurations against desired configurations.

How AWS Config Works: via – https://aws.amazon.com/config/

How CloudTrail Works: via – https://aws.amazon.com/cloudtrail/

Incorrect options:

Amazon Inspector – Amazon Inspector is an automated security assessment service that helps improve
the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses
applications for exposure, vulnerabilities, and deviations from best practices.

References:

https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf

https://aws.amazon.com/config/

https://aws.amazon.com/cloudtrail/

30. Question
A company wants to have control over creating and using its own keys for encryption on AWS services.
Which of the following can be used for this use-case?

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 29/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Secrets Manager

Customer Managed CMK

AWS Managed CMK

AWS Owned CMK

Unattempted

Correct option:

Customer Managed CMK

A customer master key (CMK) is a logical representation of a master key. The CMK includes metadata,
such as the key ID, creation date, description, and key state. The CMK also contains the key material
used to encrypt and decrypt data. These are created and managed by the AWS customer. Access to
these can be controlled using the AWS IAM service.

Incorrect options:

Secrets Manager – AWS Secrets Manager helps you protect secrets needed to access your applications,
services, and IT resources. The service enables you to easily rotate, manage, and retrieve database
credentials, API keys, and other secrets throughout their lifecycle. You cannot use Secrets Manager for
creating and using your own keys for encryption on AWS services.

AWS Managed CMK – AWS managed CMKs are CMKs in your account that are created, managed, and
used on your behalf by an AWS service that is integrated with AWS KMS.

AWS Owned CMK – AWS owned CMKs are a collection of CMKs that an AWS service owns and
manages for use in multiple AWS accounts. AWS owned CMKs are not in your AWS account. You
cannot view or manage these CMKs.

Reference:

https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys

31. Question
Compared to the On-demand prices, what is the highest possible discount offered for spot instances?

Unattempted

Correct option:

Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 30/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot
Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized
workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development
workloads.

EC2 Pricing Options Overview: via – https://aws.amazon.com/ec2/pricing/

Incorrect options:

These three options contradict the details provided earlier in the explanation, so these options are
incorrect.

Reference:

https://aws.amazon.com/ec2/spot/

32. Question
A multi-national company has just moved its infrastructure from its on-premises data center to AWS Cloud.
As part of the shared responsibility model, AWS is responsible for which of the following?

Service and Communications Protection or Zone Security

Patching guest OS

Configuring customer applications

Physical and Environmental controls

Unattempted

Correct option:

Physical and Environmental controls

As part of the shared responsibility model, Physical and Environmental controls are part of the inherited
controls and hence these are the responsibility of AWS.

Shared Responsibility Model Overview: via – https://aws.amazon.com/compliance/shared-responsibility-

model/

Incorrect options:

Patching guest OS

Configuring customer applications

The customers must provide their own control implementation within their use of AWS services.
Therefore, the customers are responsible for patching their guest OS as well as for configuring their
applications.

Service and Communications Protection or Zone Security – Customers are responsible for Service and
Communications Protection or Zone Security which may require the customers to route or zone data

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 31/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

within specific security environments.

Please review the IT controls under the Shared Responsibility Model: via –

https://aws.amazon.com/compliance/shared-responsibility-model/

Reference:

https://aws.amazon.com/compliance/shared-responsibility-model/

33. Question
Which of the following AWS services support reservations to optimize costs? (Select three)

Lambda

EC2 Instances

RDS

DynamoDB

DocumentDB

Unattempted

Correct options:

EC2 Instances

DynamoDB

RDS

The following AWS services support reservations to optimize costs:

Amazon EC2 Reserved Instances: You can use Amazon EC2 Reserved Instances to reserve capacity and
receive a discount on your instance usage compared to running On-Demand instances.

Amazon DynamoDB Reserved Capacity: If you can predict your need for Amazon DynamoDB read-and-
write throughput, Reserved Capacity offers significant savings over the normal price of DynamoDB
provisioned throughput capacity.

Amazon ElastiCache Reserved Nodes: Amazon ElastiCache Reserved Nodes give you the option to make
a low, one-time payment for each cache node you want to reserve and, in turn, receive a significant
discount on the hourly charge for that node.

Amazon RDS RIs: Like Amazon EC2 RIs, Amazon RDS RIs can be purchased using No Upfront, Partial
Upfront, or All Upfront terms. All Reserved Instance types are available for Aurora, MySQL, MariaDB,
PostgreSQL, Oracle, and SQL Server database engines.

Amazon Redshift Reserved Nodes: If you intend to keep an Amazon Redshift cluster running
continuously for a prolonged period, you should consider purchasing reserved-node offerings. These
offerings provide significant savings over on-demand pricing, but they require you to reserve compute
nodes and commit to paying for those nodes for either a 1- or 3-year duration.

Incorrect options:

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 32/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

DocumentDB – Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available,
and fully managed document database service that supports MongoDB workloads. As a document
database, Amazon DocumentDB makes it easy to store, query, and index JSON data.

Lambda – AWS Lambda lets you run code without provisioning or managing servers. You pay only for
the compute time you consume.

S3 – Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-
leading scalability, data availability, security, and performance.

None of these AWS services support reservations to optimize costs.

Reference:

https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf

34. Question
A company uses reserved EC2 instances across multiple units with each unit having its own AWS account.
However, some of the units under-utilize their reserved instances while other units need more reserved
instances. As a Cloud Practitioner, which of the following would you recommend as the most cost-optimal
solution?

Use AWS Systems Manager to manage AWS accounts of all units and then share the reserved EC2
instances amongst all units

Use AWS Cost Explorer to manage AWS accounts of all units and then share the reserved EC2
instances amongst all units

Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2
instances amongst all units

Use AWS Trusted Advisor to manage AWS accounts of all units and then share the reserved EC2
instances amongst all units

Unattempted

Correct option:

Use AWS Organizations to manage AWS accounts of all units and then share the reserved EC2 instances
amongst all units

AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and
share resources across your AWS accounts. Using AWS Organizations, you can automate account
creation, create groups of accounts to reflect your business needs, and apply policies for these groups for
governance. You can also simplify billing by setting up a single payment method for all of your AWS
accounts. AWS Organizations is available to all AWS customers at no additional charge.

Key Features of AWS Organizations: via – https://aws.amazon.com/organizations/

Incorrect options:

Use AWS Trusted Advisor to manage AWS accounts of all units and then share the reserved EC2

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 33/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

instances amongst all units – AWS Trusted Advisor is an online tool that provides you real-time guidance
to help you provision your resources following AWS best practices on cost optimization, security, fault
tolerance, service limits, and performance improvement. You cannot use Trusted Advisor to share the
reserved EC2 instances amongst multiple AWS accounts.

How Trusted Advisor Works: via – https://aws.amazon.com/premiumsupport/technology/trusted-

advisor/

Use AWS Cost Explorer to manage AWS accounts of all units and then share the reserved EC2 instances
amongst all units – AWS Cost Explorer lets you explore your AWS costs and usage at both a high level
and at a detailed level of analysis, and empowering you to dive deeper using several filtering dimensions
(e.g., AWS Service, Region, Linked Account). You cannot use Cost Explorer to share the reserved EC2
instances amongst multiple AWS accounts.

Use AWS Systems Manager to manage AWS accounts of all units and then share the reserved EC2
instances amongst all units – Systems Manager provides a unified user interface so you can view
operational data from multiple AWS services and allows you to automate operational tasks across your
AWS resources. With Systems Manager, you can group resources, like Amazon EC2 instances, Amazon
S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and
troubleshooting, and take action on your groups of resources. You cannot use Systems Manager to share
the reserved EC2 instances amongst multiple AWS accounts.

How Systems Manager Works: via – https://aws.amazon.com/systems-manager/

References:

https://aws.amazon.com/organizations/

https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

https://aws.amazon.com/systems-manager/

35. Question
A company needs a storage solution for a project wherein the data is accessed less frequently but needs
rapid access when required. Which S3 storage class is the MOST cost-effective for the given use-case?

Amazon S3 Standard

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

Amazon S3 Glacier (S3 Glacier)

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)

Unattempted

Correct option:

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

S3 Standard-IA is for data that is accessed less frequently, but requires rapid access when needed. S3
Standard-IA offers the high durability, high throughput, and low latency of S3 Standard, with a low per

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 34/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

GB storage price and per GB retrieval fee. This combination of low cost and high performance make S3
Standard-IA ideal for long-term storage, backups, and as a data store for disaster recovery files.

Incorrect options:

Amazon S3 Standard – The S3 Standard offers high durability, availability, and performance object
storage for frequently accessed data. S3 standard would turn out to be costlier than S3 Standard-IA for
the given use-case, so this option is not correct.

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) – The S3 Intelligent-Tiering storage class is

designed to optimize costs by automatically moving data to the most cost-effective access tier, without
performance impact or operational overhead. It works by storing objects in two access tiers: one tier that
is optimized for frequent access and another lower-cost tier that is optimized for infrequent access. S3
Intelligent-Tiering would turn out to be costlier than S3 Standard-IA for the given use-case, so this option
is not correct.

Amazon S3 Glacier (S3 Glacier) – Amazon S3 Glacier is a secure, durable, and extremely low-cost
Amazon S3 cloud storage class for data archiving and long-term backup. It is designed to deliver
99.999999999% durability, and provide comprehensive security and compliance capabilities that can help
meet even the most stringent regulatory requirements. S3 Glacier does not support rapid data retrieval,
so this option is ruled out.

Reference:

https://aws.amazon.com/s3/storage-classes/

36. Question
The DevOps team at an e-commerce company is trying to debug performance issues for its serverless
application built using a microservices architecture. As a Cloud Practitioner, which AWS service would you
recommend addressing this use-case?

AWS CloudFormation

AWS Trusted Advisor

AWS X-Ray

Amazon Pinpoint

Unattempted

Correct option:

AWS X-Ray – You can use AWS X-Ray to analyze and debug serverless and distributed applications such
as those built using a microservices architecture. With X-Ray, you can understand how your application
and its underlying services are performing to identify and troubleshoot the root cause of performance
issues and errors.

How X-Ray Works: via – https://aws.amazon.com/xray/

Incorrect options:

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 35/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

AWS Trusted Advisor – AWS Trusted Advisor is an online tool that provides you real-time guidance to
help you provision your resources following AWS best practices on cost optimization, security, fault
tolerance, service limits and performance improvement. Whether establishing new workflows,
developing applications, or as part of ongoing improvement, recommendations provided by Trusted
Advisor regularly help keep your solutions provisioned optimally. Trusted Advisor cannot be used to
debug performance issues for this serverless application built using a microservices architecture.

Amazon Pinpoint – Amazon Pinpoint allows marketers and developers to deliver customer-centric
engagement experiences by capturing customer usage data to draw real-time insights. Pinpoint cannot
be used to debug performance issues for this serverless application built using a microservices
architecture.

AWS CloudFormation – AWS CloudFormation allows you to use programming languages or a simple text
file to model and provision, in an automated and secure manner, all the resources needed for your
applications across all Regions and accounts. Think infrastructure as code; think CloudFormation.
CloudFormation cannot be used to debug performance issues for this serverless application built using a
microservices architecture.

How Amazon Pinpoint Works: via – https://aws.amazon.com/pinpoint/

Reference:

https://aws.amazon.com/xray/

37. Question
A medical research startup wants to understand the compliance of AWS services concerning HIPAA
guidelines. Which AWS service can be used to review the HIPAA compliance and governance-related
documents on AWS?

AWS Artifact

AWS Trusted Advisor

AWS Systems Manager

AWS Secrets Manager

Unattempted

Correct option:

AWS Artifact

AWS Artifact is your go-to, central resource for compliance-related information that matters to your
organization. It provides on-demand access to AWS’ security and compliance reports and select online
agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports,
Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and
compliance verticals that validate the implementation and operating effectiveness of AWS security
controls. Different types of agreements are available in AWS Artifact Agreements to address the needs

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 36/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

of customers subject to specific regulations. For example, the Business Associate Addendum (BAA) is
available for customers that need to comply with the Health Insurance Portability and Accountability Act
(HIPAA). It is not a service, it’s a no-cost, self-service portal for on-demand access to AWS’ compliance
reports.

Incorrect options:

AWS Trusted Advisor – AWS Trusted Advisor is an online tool that provides you real-time guidance to
help you provision your resources following AWS best practices. Whether establishing new workflows,
developing applications, or as part of ongoing improvement, recommendations provided by Trusted
Advisor regularly help keep your solutions provisioned optimally.

AWS Secrets Manager – AWS Secrets Manager helps you protect secrets needed to access your
applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve
database credentials, API keys, and other secrets throughout their lifecycle. Users and applications
retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive
information in plain text.

AWS Systems Manager – AWS Systems Manager gives you visibility and control of your infrastructure
on AWS. Systems Manager provides a unified user interface so you can view operational data from
multiple AWS services and allows you to automate operational tasks across your AWS resources. With
Systems Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon
RDS instances, by application, view operational data for monitoring and troubleshooting, and take action
on your groups of resources.

Reference:

https://aws.amazon.com/artifact/

38. Question
Which security service of AWS is enabled for all AWS customers, by default, at no additional cost?

AWS Shield Advanced

AWS Web Application Firewall (AWS WAF)

AWS Shield Standard

AWS Secrets Manager

Unattempted

Correct option:

AWS Shield Standard

AWS Shield Standard defends against most common, frequently occurring network and transport layer
DDoS attacks that target your website or applications. While AWS Shield Standard helps protect all AWS
customers, you get better protection if you are using Amazon CloudFront and Amazon Route 53. All
AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 37/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Incorrect options:

AWS Web Application Firewall (AWS WAF) – AWS WAF is a web application firewall that lets you
monitor the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution, an Amazon API
Gateway API, or an Application Load Balancer. AWS WAF charges based on the number of web access
control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number
of web requests that you receive (it is not a free service).

AWS Secrets Manager – AWS Secrets Manager helps you protect secrets needed to access your
applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve
database credentials, API keys, and other secrets throughout their lifecycle. With Secrets Manager, you
pay based on the number of secrets stored and API calls made.

AWS Shield Advanced – AWS Shield Advanced includes intelligent DDoS attack detection and mitigation
for not only for network layer (layer 3) and transport layer (layer 4) attacks but also for application layer
(layer 7) attacks. AWS Shield Advanced is a paid service that provides additional protections for internet-
facing applications.

Reference: https://docs.aws.amazon.com/waf/latest/developerguide/shield-chapter.html

39. Question
A data analytics company is running a proprietary batch analytics application on AWS and wants to use a
storage service which would be accessed by hundreds of EC2 instances simultaneously to append data to
existing files. As a Cloud Practitioner, which AWS service would you suggest for this use-case?

Instance Store

EFS

EBS

Unattempted

Correct option:

“EFS” – Amazon EFS is a file storage service for use with Amazon EC2. Amazon EFS provides a file
system interface, file system access semantics, and concurrently-accessible storage for up to thousands
of Amazon EC2 instances. Amazon EFS uses the Network File System protocol.

How EFS works: via – https://aws.amazon.com/efs/

Incorrect options:

EBS – Amazon Elastic Block Store (EBS) is an easy to use, high-performance block storage service
designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-
intensive workloads at any scale. EBS volumes cannot be accessed simultaneously by multiple EC2
instances, so this option is incorrect.

Instance Store – An instance store provides temporary block-level storage for your instance. This storage

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 38/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

is located on disks that are physically attached to the host computer. Instance Store volumes cannot be
accessed simultaneously by multiple EC2 instances, so this option is incorrect.

S3 – Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-
leading scalability, data availability, security, and performance. S3 is object storage and it does not
support file append operations, so this option is incorrect.

Reference:

https://aws.amazon.com/efs/

40. Question
An IT company is planning to migrate from an on-premises environment to AWS Cloud. Which of the
following expense areas would result in cost savings when the company moves to AWS Cloud? (Select
two)

Data center physical security expenditure

Computing hardware infrastructure expenditure

Developer salary

Project manager salary

SaaS application license fee

Unattempted

Correct option:

Data center hardware infrastructure expenditure

Data center physical security expenditure

The company does not need to spend on the computing hardware infrastructure and data center physical
security. So these expense areas would result in cost savings. The expenditure on the SaaS application
license fee, developer salary, and project manager salary would remain the same.

Exam Alert:

Please check out the following six advantages of Cloud Computing. You would certainly be asked
questions on the advantages of Cloud Computing compared to a traditional on-premises setup: via –
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Incorrect options:

SaaS application license fee

Developer salary

Project manager salary

As explained earlier, the expenditure on the SaaS application license fee, developer salary, and project
manager salary would remain the same, so these options are incorrect.

Reference:

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 39/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

41. Question
Which of the following AWS Support plans provides access to online training with self-paced labs?

Basic

Enterprise

Business

Developer

Unattempted

Correct option:

Enterprise

AWS offers three different support plans to cater to each of its customers – Developer, Business, and
Enterprise Support plans. A basic support plan is included for all AWS customers.

AWS Enterprise Support provides customers with concierge-like service where the main focus is on
helping the customer achieve their outcomes and find success in the cloud. With Enterprise Support, you
get access to online training with self-paced labs, 24×7 technical support from high-quality engineers,
tools and technology to automatically manage the health of your environment, consultative architectural
guidance, a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative
programs and AWS subject matter experts.

AWS Enterprise Support Plan Offerings: via –

https://aws.amazon.com/premiumsupport/plans/enterprise/

Incorrect options:

Developer – AWS recommends Developer Support if you are testing or doing early development on
AWS and want the ability to get technical support during business hours as well as general architectural
guidance as you build and test.

Business – AWS recommends Business Support if you have production workloads on AWS and want
24×7 access to technical support and architectural guidance in the context of your specific use-cases.

Basic – A basic support plan is included for all AWS customers.

None of these three support plans provide access to online training with self-paced labs.

References:

https://aws.amazon.com/premiumsupport/plans/

https://aws.amazon.com/premiumsupport/plans/enterprise/

42. Question
Which of the following is a recommended way to provide programmatic access to AWS resources?

Create a new IAM user and share the username and password

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 40/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Use Access Key ID and Secret Access Key to access AWS resources programmatically

Use IAM groups to access AWS resources programmatically

Use Multi Factor Authentication to access AWS resources programmatically

Unattempted

Correct option:

Use Access Key ID and Secret Access Key to access AWS resources programmatically

Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access
keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).
Access keys consist of two parts: an access key ID and a secret access key. As a user name and
password, you must use both the access key ID and secret access key together to authenticate your
requests. When you create an access key pair, save the access key ID and secret access key in a secure
location. The secret access key is available only at the time you create it. If you lose your secret access
key, you must delete the access key and create a new one.

Incorrect options:

Create a new IAM user and share the username and password – This is not a viable option, IAM user
credentials are not needed to access resources programmatically.

Use Multi Factor Authentication to access AWS resources programmatically – For increased security,
AWS recommends that you configure multi-factor authentication (MFA) to help protect your AWS
resources. You can enable MFA for IAM users or the AWS account root user. MFA adds extra security
because it requires users to provide unique authentication from an AWS supported MFA mechanism in
addition to their regular sign-in credentials when they access AWS websites or services. MFA cannot be
used for programmatic access to AWS resources.

Use IAM Groups to access AWS resources programmatically – An IAM Group is a collection of IAM
users. Groups let you specify permissions for multiple users, which can make it easier to manage the
permissions for those users. IAM Group is for managing users and not for programmatic access to AWS
resources.

Reference:

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

43. Question
Which of the following AWS services support VPC Endpoint Gateway for a private connection from a VPC?
(Select two)

Amazon SNS

DynamoDB

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 41/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Amazon SQS

Amazon EC2

Unattempted

Correct option:

DynamoDB

A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint
services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN
connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses
to communicate with resources in the service. Traffic between your VPC and the other service does not
leave the Amazon network.

There are two types of VPC endpoints: interface endpoints and gateway endpoints.

An interface endpoint is an elastic network interface with a private IP address from the IP address range
of your subnet that serves as an entry point for traffic destined to a supported service. Interface
endpoints are powered by AWS PrivateLink, a technology that enables you to privately access services by
using private IP addresses.

A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic
destined to a supported AWS service. The following AWS services are supported:

Amazon S3

DynamoDB

Exam Alert:

You may see a question around this concept in the exam. Just remember that only S3 and DynamoDB
support VPC Endpoint Gateway. All other services that support VPC Endpoints use a VPC Endpoint
Interface.

Incorrect options:

Amazon EC2

Amazon SQS

Amazon SNS
As explained earlier, these services support VPC Endpoint Interfaces.

Reference:

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

44. Question
A startup wants to set up its IT infrastructure on AWS Cloud. The CTO would like to get an estimate of the
monthly AWS bill based on the AWS services that the startup wants to use. As a Cloud Practitioner, which
AWS service would you suggest for this use-case?

AWS Cost Explorer

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 42/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

AWS Budgets

AWS Total Cost of Ownership (TCO) Calculator

AWS Simple Monthly Calculator

Unattempted

Correct option:

AWS Simple Monthly Calculator

The Simple Monthly Calculator provides an estimate of usage charges for AWS services based on certain
information you provide. It helps customers and prospects estimate their monthly AWS bill more
efficiently.

This calculator provides a visual interface to enter details about the AWS services that you plan to use
and then it outputs a detailed estimate of the monthly AWS bill. Please see the illustration for more
details: via – https://calculator.s3.amazonaws.com/index.html

Incorrect options:

AWS Total Cost of Ownership (TCO) Calculator

TCO calculator helps to compare the cost of your applications in an on-premises or traditional hosting
environment to AWS. AWS helps reduce Total Cost of Ownership (TCO) by reducing the need to invest
in large capital expenditures and providing a pay-as-you-go model that empowers to invest in the capacity
you need and use it only when the business requires it. Once you describe your on-premises or hosting
environment configuration, it produces a detailed cost comparison with AWS. TCO Calculator cannot
provide the estimate of the monthly AWS bill based on the list of AWS services.

AWS Cost Explorer – AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand,
and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that
helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and
gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range
to view historical data going back up to twelve months to gain an understanding of your cost trends.
AWS Cost Explorer cannot provide the estimate of the monthly AWS bill based on the list of AWS
services.

AWS Budgets – AWS Budgets gives the ability to set custom budgets that alert you when your costs or
usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to
set reservation utilization or coverage targets and receive alerts when your utilization drops below the
threshold you define. Budgets can be created at the monthly, quarterly, or yearly level, and you can
customize the start and end dates. You can further refine your budget to track costs associated with
multiple dimensions, such as AWS service, linked account, tag, and others. AWS Budgets cannot provide
the estimate of the monthly AWS bill based on the list of AWS services.

Reference:

https://calculator.s3.amazonaws.com/index.html

45. Question

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 43/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)

A NAT Instance is managed by AWS

A NAT Gateway is managed by AWS

A NACL can have allow rules only

A Security Group can have both allow and deny rules

A Security Group can have allow rules only

Unattempted

Correct options:

A Security Group can have allow rules only

A NAT Gateway is managed by AWS

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
Security groups act at the instance level, not at the subnet level. You can specify allow rules, but not
deny rules. You can specify separate rules for inbound and outbound traffic.

Security Group Overview: via –

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

A Network Access Control List (NACL) is an optional layer of security for your VPC that acts as a firewall
for controlling traffic in and out of one or more subnets (i.e. it works at subnet level). A network ACL has
separate inbound and outbound rules, and each rule can either allow or deny traffic.

Network Access Control List (NACL) Overview: via –

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

You can use a network address translation (NAT) gateway or a NAT Instance to enable instances in a
private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a
connection with those instances. NAT Gateway is managed by AWS but NAT Instance is managed by
you.

Please see this comparison table for differences between NAT Gateway and NAT Instance: via –
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

Incorrect options:

A Security Group can have both allow and deny rules

A NAT Instance is managed by AWS

A NACL can have allow rules only

These three options contradict the details provided earlier in the explanation, so these options are
incorrect.

References:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 44/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

46. Question
Which of the following are the advantages of Cloud Computing? (Select three)

Trade capital expense for variable expense

Trade variable expense for capital expense

Allocate a few months of planning for your infrastructure capacity needs

Go global in minutes and deploy applications in multiple regions around the world with just a few
clicks

Spend money on building and maintaining data centers

Benefit from massive economies of scale

Unattempted

Correct options:

Benefit from massive economies of scale

Trade capital expense for variable expense

Go global in minutes and deploy applications in multiple regions around the world with just a few clicks

Exam Alert:

Incorrect options:

Spend money on building and maintaining data centers – With Cloud Computing, you can focus on
projects that differentiate your business, not the infrastructure. You don’t need to spend money on
building and maintaining data centers as the Cloud provider takes care of that.

Allocate a few months of planning for your infrastructure capacity needs – With Cloud Computing, you
don’t need to guess on your infrastructure capacity needs. You can access as much or as little capacity as
you need, and scale up and down as required with only a few minutes’ notice. There is no need to
allocate a few months of infrastructure planning.

Trade variable expense for capital expense – With Cloud Computing, you actually trade capital expense
for variable expense.

Reference:

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

47. Question
A startup wants to provision an EC2 instance for the lowest possible cost for a long-term duration but
needs to make sure that the instance would never be interrupted. As a Cloud Practitioner, which of the
following options would you recommend?

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 45/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Reserved Instance

Dedicated Host

Spot Instance

On-Demand Instance

Unattempted

Correct option:

Reserved Instance – Reserved Instances provide you with significant savings (up to 75%) on your
Amazon EC2 costs compared to On-Demand Instance pricing. Reserved Instances are not physical
instances, but rather a billing discount applied to the use of On-Demand Instances in your account. You
can purchase a Reserved Instance for a one-year or three-year commitment, with the three-year
commitment offering a bigger discount. Reserved instances cannot be interrupted. So this is the correct
option.

EC2 Pricing Options Overview: via – https://aws.amazon.com/ec2/pricing/

Incorrect options:

On-Demand Instance – An On-Demand Instance is an instance that you use on-demand. You have full
control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it.
There is no long-term commitment required when you purchase On-Demand Instances. There is no
upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price
per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted.
However, On-demand instances are not as cost-effective as Reserved instances, so this option is not
correct.

Spot Instance – A Spot Instance is an unused EC2 instance that is available for less than the On-Demand
price. Because Spot Instances enable you to request unused EC2 instances at steep discounts (up to
90%), you can lower your Amazon EC2 costs significantly. Spot Instances are well-suited for data
analysis, batch jobs, background processing, and optional tasks. These can be terminated at short notice,
so these are not suitable for critical workloads that need to run at a specific point in time. So this option
is not correct for the given use-case.

Dedicated Host – Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from
vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-
effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS. An Amazon
EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate
compliance requirement. They’re not cost-efficient compared to On-Demand instances. So this option is
not correct.

Reference:

https://aws.amazon.com/ec2/pricing/

48. Question

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 46/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Which of the following AWS Support plans provides access to Infrastructure Event Management for an
additional fee?

Developer

Enterprise

Business

Basic

Unattempted

Correct option:

Business – AWS recommends Business Support if you have production workloads on AWS and want
24×7 phone, email and chat access to technical support and architectural guidance in the context of your
specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. Also, you get
access to Infrastructure Event Management for an additional fee.

Incorrect options:

Developer – AWS recommends Developer Support if you are testing or doing early development on
AWS and want the ability to get email-based technical support during business hours as well as general
architectural guidance as you build and test. You do not get access to Infrastructure Event Management
with this plan.

Basic – The basic plan only provides access to the following:

Customer Service & Communities – 24×7 access to customer service, documentation, whitepapers, and
support forums. AWS Trusted Advisor – Access to the 7 core Trusted Advisor checks and guidance to
provision your resources following best practices to increase performance and improve security. AWS
Personal Health Dashboard – A personalized view of the health of AWS services, and alerts when your
resources are impacted. You do not get access to Infrastructure Event Management with this plan.

Enterprise – AWS Enterprise Support provides customers with concierge-like service where the main
focus is helping the customer achieve their outcomes and find success in the cloud. With Enterprise
Support, you get 24×7 technical support from high-quality engineers, tools and technology to
automatically manage the health of your environment, consultative architectural guidance delivered in the
context of your applications and use-cases, and a designated Technical Account Manager (TAM) to
coordinate access to proactive/preventative programs and AWS subject matter experts. Access to
Infrastructure Event Management is included in the plan.

Reference:

https://aws.amazon.com/premiumsupport/plans/

49. Question
Which of the following AWS services manages account privileges?

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 47/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

AWS CloudTrail

AWS Web Application Firewall (WAF)

AWS Secrets Manager

AWS Identity and Access Management (IAM)

Unattempted

Correct option:

AWS Identity and Access Management (IAM)

In AWS, privilege management is primarily supported by the AWS Identity and Access Management
(IAM) service, which allows you to control user and programmatic access to AWS services and resources.
You should apply granular policies, which assign permissions to a user, group, role, or resource. You also
can require strong password practices, such as complexity level, avoiding re-use, and enforcing multi-
factor authentication (MFA). You can use federation with your existing directory service. For workloads
that require systems to have access to AWS, IAM enables secure access through roles, instance profiles,
identity federation, and temporary credentials.

Incorrect options:

AWS CloudTrail – AWS CloudTrail is a service that enables governance, compliance, operational auditing,
and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain
account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of
your AWS account activity, including actions taken through the AWS Management. CloudTrail cannot be
used to manage account privileges.

AWS Web Application Firewall (WAF) – AWS WAF is a web application firewall that helps protect your
web applications or APIs against common web exploits that may affect availability, compromise security,
or consume excessive resources. It is not an access management system. CloudTrail cannot be used to
manage account privileges.

AWS Secrets Manager – AWS Secrets Manager helps you protect secrets needed to access your
applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve
database credentials, API keys, and other secrets throughout their lifecycle. You cannot use Secrets
Manager for creating and using your own keys for encryption on AWS services.

Reference: https://aws.amazon.com/iam/

50. Question
The AWS Well-Architected Framework helps organizations build robust Cloud solutions based on AWS
recommended best practices. Which of the following are part of the five pillars mandated in the Well-
Architected Framework (Select two)

Privacy

Security
https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 48/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Configuration Management

Performance Efficiency

Scalability

Unattempted

Correct options:

Security

Performance Efficiency

The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make
while building systems on AWS. By using the Framework you will learn architectural best practices for
designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a
way for you to consistently measure your architectures against best practices and identify areas for
improvement.

The AWS Well-Architected Framework is based on five pillars — Operational Excellence, Security,
Reliability, Performance Efficiency, and Cost Optimization.

“Security” – The ability to protect information, systems, and assets while delivering business value
through risk assessments and mitigation strategies.

“Performance Efficiency” – The ability to use computing resources efficiently to meet system
requirements, and to maintain that efficiency as demand changes and technologies evolve.

Incorrect options:

Configuration Management – This is not part of the five pillars of the AWS Well-Architected Framework.
Privacy – This is not part of the five pillars of the AWS Well-Architected Framework.

Scalability – This is not part of the five pillars of the AWS Well-Architected Framework.

Reference:

This is not part of the five pillars of AWS Well-Architected Framework.

51. Question
Which AWS EC2 pricing model is the most cost-effective and flexible with no requirement for a long term
resource commitment or upfront payment but still guarantees that instance would not be interrupted?

On-demand Instances

Reserved Instances

Dedicated Hosts

Spot Instances

Unattempted

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 49/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Correct option:

On-Demand Instances – An On-Demand Instance is an instance that you use on-demand. You have full
control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it.
There is no long-term commitment required when you purchase On-Demand Instances. There is no
upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price
per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted.

EC2 Pricing Options Overview: via – https://aws.amazon.com/ec2/pricing/

Incorrect options:

Reserved Instances – Reserved Instances provide you with significant savings on your Amazon EC2
costs compared to On-Demand Instance pricing. Reserved Instances are not physical instances, but
rather a billing discount applied to the use of On-Demand Instances in your account. You can purchase a
Reserved Instance for a one-year or three-year commitment, with the three-year commitment offering a
bigger discount. You will be charged for the entire duration, irrespective of your usage, so this option is
not correct for running weekly workloads. So this option is not correct for the given use-case.

Spot Instances – A Spot Instance is an unused EC2 instance that is available for less than the On-
Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts,
you can lower your Amazon EC2 costs significantly. Spot Instances are well-suited for data analysis,
batch jobs, background processing, and optional tasks. These can be terminated at short notice, so these
are not suitable for critical workloads that need to run at a specific point in time. So this option is not
correct for the given use-case.

Dedicated Hosts – Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from
vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-
effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS. An Amazon
EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate
compliance requirement. They’re not cost-efficient compared to On-Demand instances. So this option is
not correct.

Reference:

https://aws.amazon.com/ec2/pricing/

52. Question
Which AWS service can be used to review the compliance and governance-related documents on AWS?

Secrets Manager

Trusted Advisor

Artifact

Service Catalog

Unattempted

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 50/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Correct option:

Artifact

AWS Artifact is your central resource for compliance-related information on AWS Cloud. It provides on-
demand access to AWS’ security and compliance reports and select online agreements. Reports available
in AWS Artifact include the Service Organization Control (SOC) reports, Payment Card Industry (PCI)
reports, and certifications from accreditation bodies across geographies. Agreements available in AWS
Artifact also include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).

Incorrect options:

Trusted Advisor – AWS Trusted Advisor is an online tool that provides you real-time guidance to help you
provision your resources following AWS best practices on cost optimization, security, fault tolerance,
service limits, and performance improvement. Whether establishing new workflows, developing
applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly
help keep your solutions provisioned optimally. Trusted Advisor cannot be used to review the compliance
and governance-related documents on AWS.

Service Catalog – AWS Service Catalog allows organizations to create and manage catalogs of IT
services that are approved for use on AWS. These IT services can include everything from virtual
machine images, servers, software, and databases to complete multi-tier application architectures.
Service Catalog cannot be used to review the compliance and governance-related documents on AWS.

Secrets Manager – AWS Secrets Manager helps you protect secrets needed to access your applications,
services, and IT resources. The service enables you to easily rotate, manage, and retrieve database
credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets
with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.
Secrets Manager cannot be used to review the compliance and governance-related documents on AWS.

Reference:

https://aws.amazon.com/artifact/

53. Question
Multi AZ (Availability Zone) deployment is an example of which of the following?

Vertical Scaling

Performance Efficiency

High Availability

Horizontal Scaling

Unattempted

Correct option:

High Availability – A system that is available is capable of delivering the designed functionality at a given
point in time. Highly available systems are those that can withstand some measure of degradation while

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 51/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

still remaining available. On AWS Cloud, you can run instances for an application across multi AZ to
achieve High Availability.

Incorrect options:

Horizontal Scaling – A “horizontally scalable” system is one that can increase capacity by adding more
computers to the system. This is in contrast to a “vertically scalable” system, which is constrained to
running its processes on only one computer; in such systems, the only way to increase performance is to
add more resources into one computer in the form of faster (or more) CPUs, memory or storage.
Horizontally scalable systems are oftentimes able to outperform vertically scalable systems by enabling
parallel execution of workloads and distributing those across many different computers. Auto Scaling
Group is an example of Horizontal Scaling on AWS.

Vertical Scaling – Vertical Scaling is adding more resources (like CPU, RAM) to a single node or machine.
Example- Resizing an instance of EC2.

Performance Efficiency – Is the ability to use computing resources efficiently to meet system
requirements and to maintain that efficiency as demand changes and technologies evolve.

References:

https://wa.aws.amazon.com/wat.concept.availability.en.html

https://wa.aws.amazon.com/wat.concept.horizontal-scaling.en.html

54. Question
A startup is looking for 24×7 phone based technical support for his AWS account. Which of the following is
the MOST cost-effective AWS support plan for this use-case?

Basic

Developer

Enterprise

Business

Unattempted

Correct option:

AWS offers three different support plans to cater to each of its customers – Developer, Business, and
Enterprise Support plans.

A basic support plan is included for all AWS customers.

Business – AWS recommends Business Support if you have production workloads on AWS and want
24×7 phone, email and chat access to technical support and architectural guidance in the context of your
specific use-cases. Enterprise Support plan also provides 24×7 phone, email and chat access to technical
support however it’s much costlier than Business Support plan. Developer plan does not provide 24×7
phone based technical support. Therefore Business Support plan is the correct option for the given use-
case.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 52/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Exam Alert:

Please review the differences between the Developer, Business, and Enterprise support plans as you can
expect at least a couple of questions on the exam:

via – https://aws.amazon.com/premiumsupport/plans/

Incorrect options:

Basic – The basic plan only provides access to the following:

Developer – AWS recommends Developer Support if you are testing or doing early development on
AWS and want the ability to get email based technical support during business hours as well as general
architectural guidance as you build and test. This plan does not support 24×7 phone based technical
support.

Enterprise – AWS Enterprise Support provides customers with concierge-like service where the main
focus is helping the customer achieve their outcomes and find success in the cloud. With Enterprise
Support, you get 24×7 technical support from high-quality engineers, tools and technology to
automatically manage the health of your environment, consultative architectural guidance delivered in the
context of your applications and use-cases, and a designated Technical Account Manager (TAM) to
coordinate access to proactive/preventative programs and AWS subject matter experts. Enterprise
Support plan provides 24×7 phone, email and chat access to technical support however it’s much costlier
than Business Support plan.

Reference:

https://aws.amazon.com/premiumsupport/plans/

55. Question
Which AWS Route 53 routing policy would you use to improve the performance for your customers by
routing the requests to the AWS endpoint that provides the fastest experience?

Latency routing policy

Weighted routing policy

Simple routing policy

Failover routing policy

Unattempted

Correct option:

Latency routing policy

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 53/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is
designed to give developers and businesses an extremely reliable and cost-effective way to route end
users to Internet applications by translating names like http://www.example.com into the numeric IP
addresses like 192.0.2.1 that computers use to connect to each other.

If your application is hosted in multiple AWS Regions, you can use latency routing policy to improve the
performance for your users by serving their requests from the AWS Region that provides the lowest
latency. To use latency-based routing, you create latency records for your resources in multiple AWS
Regions. When Route 53 receives a DNS query for your domain or subdomain (example.com or
acme.example.com), it determines which AWS Regions you’ve created latency records for, determines
which region gives the user the lowest latency, and then selects a latency record for that region. Route
53 responds with the value from the selected record, such as the IP address for a web server.

Route 53 Routing Policy Overview: via –

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Incorrect options:

Failover routing policy – This routing policy is used when you want to configure active-passive failover.

Weighted routing policy – This routing policy is used to route traffic to multiple resources in proportions
that you specify.

Simple routing policy – With simple routing, you typically route traffic to a single resource, for example,
to a web server for your website.

Reference:

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

56. Question
A customer has created a VPC and a subnet within AWS Cloud. Which of the following statements is
correct?

A VPC spans all of the Availability Zones in the Region whereas a subnet spans only one Availability
Zone in the Region

A subnet spans all of the Availability Zones in the Region whereas a VPC spans only one Availability
Zone in the Region

Both the VPC and the subnet span all of the Availability Zones in the Region

Both the VPC and the subnet span only one Availability Zone in the Region

Unattempted

Correct option:

A VPC spans all of the Availability Zones in the Region whereas a subnet spans only one Availability Zone
in the Region

Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated section of the AWS Cloud where you

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 54/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

can launch AWS resources in a virtual network that you define. You have complete control over your
virtual networking environment, including the selection of your IP address range, creation of subnets, and
configuration of route tables and network gateways. A VPC spans all of the Availability Zones in the
Region.

A subnet is a range of IP addresses within your VPC. A subnet spans only one Availability Zone in the
Region.

VPC and Subnet Overview: via – https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html

Incorrect options:

Both the VPC and the subnet span all of the Availability Zones in the Region

Both the VPC and the subnet span only one Availability Zone in the Region

A subnet spans all of the Availability Zones in the Region whereas a VPC spans only one Availability Zone
in the Region

These three options contradict the details provided earlier in the explanation, so these options are
incorrect.

Reference:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html

57. Question
Which service gives a personalized view of the status of the AWS services that are part of your Cloud
architecture so that you can quickly assess the impact on your business when AWS service(s) are
experiencing issues?

Amazon CloudWatch

AWS Inspector

AWS Personal Health Dashboard

AWS Service Health Dashboard

Unattempted

Correct option: AWS Personal Health Dashboard

AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing
events that may impact you. With Personal Health Dashboard, alerts are triggered by changes in the
health of your AWS resources, giving you event visibility, and guidance to help quickly diagnose and
resolve issues.

AWS Personal Health Dashboard Overview: via – https://status.aws.amazon.com/

Incorrect options:

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 55/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

be used to prevent Distributed Denial-of-Service (DDoS) attack. It cannot provide the status of your AWS
resources.

Amazon CloudWatch – Amazon CloudWatch is a monitoring and observability service built for DevOps
engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and
actionable insights to monitor applications, respond to system-wide performance changes, optimize
resource utilization, and get a unified view of operational health. This is an excellent service for building
Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. It
cannot provide the status of your AWS resources.

AWS Service Health Dashboard – AWS Service Health Dashboard publishes most up-to-the-minute
information on the status and availability of all AWS services in tabular form for all Regions that AWS is
present in. You can check on this page (https://status.aws.amazon.com/) any time to get current status
information or subscribe to an RSS feed to be notified of interruptions to each service.

AWS Service Health Dashboard Overview: via – https://status.aws.amazon.com/

Exam Alert:

While the Service Health Dashboard displays the general status of AWS services, Personal Health
Dashboard gives you a personalized view of the performance and availability of the AWS services
underlying your AWS resources.

Reference:

https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

58. Question
Which AWS service can be used to store, manage, and deploy Docker container images?

Amazon EC2

Amazon Elastic Container Service (ECS)

Amazon Lambda

Amazon Elastic Container Registry (ECR)

Unattempted

Correct option:

Amazon Elastic Container Registry (ECR) – Amazon Elastic Container Registry (ECR) can be used to
store, manage, and deploy Docker container images. Amazon ECR eliminates the need to operate your
container repositories. You can then pull your docker images from ECR and run those on Amazon Elastic
Container Service (ECS).

Please see this schematic diagram to understand how ECR works: via – https://aws.amazon.com/ecr/

Incorrect options:

Amazon Elastic Container Service (ECS) – Amazon Elastic Container Service (Amazon ECS) is a highly
scalable, fast, container management service that makes it easy to run, stop, and manage Docker

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 56/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

containers on a cluster. You cannot use ECS to store and deploy docker container images.

Please see this schematic diagram to understand how ECS works: via – https://aws.amazon.com/ecs/

Amazon EC2 – Amazon EC2 is a web service that provides secure, resizable compute capacity in the
AWS cloud. You can use EC2 to provision virtual servers on AWS Cloud. You cannot use EC2 to store
and deploy docker container images.

Amazon Lambda – AWS Lambda lets you run code without provisioning or managing servers. You pay
only for the compute time you consume. You cannot use Lambda to store and deploy docker container
images.

References:

https://aws.amazon.com/ecr/

https://aws.amazon.com/ecs/

59. Question
Which AWS service publishes up-to-the-minute information on the general status and availability of all
AWS services in all the Regions of AWS Cloud?

AWS Personal Health Dashboard

Amazon CloudWatch

AWS Service Health Dashboard

AWS CloudFormation

Unattempted

Correct option: AWS Service Health Dashboard

AWS Service Health Dashboard publishes most up-to-the-minute information on the status and
availability of all AWS services in tabular form for all Regions that AWS is present in. You can check on
this page https://status.aws.amazon.com/ to get current status information.

AWS Service Health Dashboard Overview: via – https://status.aws.amazon.com/

Incorrect options:

AWS CloudFormation – AWS CloudFormation allows you to use programming languages or a simple text
file to model and provision, in an automated and secure manner, all the resources needed for your
applications across all Regions and accounts. Think infrastructure as code; think CloudFormation.
CloudFormation does not provide the general status of AWS services availability for all Regions.

AWS Personal Health Dashboard – AWS Personal Health Dashboard provides alerts and remediation
guidance when AWS is experiencing events that may impact you.

AWS Personal Health Dashboard Overview: via – https://status.aws.amazon.com/

Exam Alert:

While the Service Health Dashboard displays the general status of AWS services, Personal Health
Dashboard gives you a personalized view of the performance and availability of the AWS services

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 57/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

underlying your AWS resources.

Amazon CloudWatch – Amazon CloudWatch is a monitoring and observability service built for DevOps
engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and
actionable insights to monitor applications, respond to system-wide performance changes, optimize
resource utilization, and get a unified view of operational health. This is an excellent service for building
Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch.
CloudWatch does not provide the general status of AWS services availability for all Regions.

Reference:

https://status.aws.amazon.com/

60. Question
A photo sharing web application wants to store thumbnails of user-uploaded images on Amazon S3. The
thumbnails are rarely used but need to be immediately accessible from the web application. The
thumbnails can be regenerated easily if they are lost. Which is the most cost-effective way to store these
thumbnails on S3?

Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails

Use S3 Standard to store the thumbnails

Use S3 Glacier to store the thumbnails

Use S3 Standard Infrequent Access (Standard-IA) to store the thumbnails

Unattempted

Correct option:

Use S3 One-Zone Infrequent Access (One-Zone IA) to store the thumbnails

S3 One Zone-IA is for data that is accessed less frequently but requires rapid access when needed.
Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One
Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. S3 One Zone-IA offers the
same high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price
and per GB retrieval fee. Although S3 One Zone-IA offers less availability than S3 Standard but that’s not
an issue for the given use-case since the thumbnails can be regenerated easily.

As the thumbnails are rarely used but need to be rapidly accessed when required, so S3 One Zone-IA is
the best choice for this use-case.

Exam Alert:

Please review this detailed comparison on S3 Storage Classes as you can expect a few questions on this
aspect of S3: via – https://aws.amazon.com/s3/storage-classes/

Incorrect options:

Use S3 Standard Infrequent Access (Standard-IA) to store the thumbnails – S3 Standard-IA storage class
is for data that is accessed less frequently but requires rapid access when needed. S3 Standard-IA

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 58/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

matches the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage
price and per GB retrieval fee. S3 One Zone-IA costs 20% less than S3 Standard-IA, so this option is
incorrect.

Use S3 Standard to store the thumbnails – S3 Standard offers high durability, availability, and
performance object storage for frequently accessed data. As described above, S3 One Zone-IA is a better
fit than S3 Standard, hence using S3 standard is ruled out for the given use-case.

Use S3 Glacier to store the thumbnails – S3 Glacier is a secure, durable, and low-cost storage class for
data archiving. Although Glacier is cheaper than One Zone-IA, however the retrieval time ranges from a
minute to hours, so this option is also ruled out for the given use-case.

Reference:

https://aws.amazon.com/s3/storage-classes/

61. Question
Due to regulatory and compliance reasons, an organization has deployed its entire IT infrastructure on its
on-premises data center. How would you classify this deployment model?

Cloud

Hybrid

Mixed

Private

Unattempted

Correct option:

Private – For this deployment model, resources are deployed on-premises using virtualization
technologies. On-premises deployment does not provide many of the benefits of cloud computing but is
sometimes sought for its ability to provide dedicated resources to meet compliance and regulatory
guidelines.

Overview of Cloud Computing Deployment Models: via – https://aws.amazon.com/types-of-cloud-

computing/

Incorrect options:

Cloud – For this type of deployment, a cloud-based application is fully deployed in the cloud, and all parts
of the application run in the cloud. Applications in the cloud have either been created in the cloud or have
been migrated from an existing infrastructure to take advantage of the benefits of cloud computing.

Hybrid – A hybrid deployment is a way to connect your on-premises infrastructure to the cloud. The most
common method of hybrid deployment is between the cloud and existing on-premises infrastructure to
extend an organization’s infrastructure into the cloud while connecting cloud resources to internal
systems.

Mixed – This is a made-up option and has been added as a distractor.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 59/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Reference:

https://aws.amazon.com/types-of-cloud-computing/

62. Question
What are the different gateway types supported by AWS Storage Gateway service?

Object Gateway, File Gateway and Block Gateway

Tape Gateway, File Gateway and Block Gateway

Tape Gateway, Object Gateway and Volume Gateway

Tape Gateway, File Gateway and Volume Gateway

Unattempted

Correct option:

Tape Gateway, File Gateway and Volume Gateway

Gateway Storage Types Overview: via – https://aws.amazon.com/storagegateway/features/

Incorrect options:

Object Gateway, File Gateway and Block Gateway

Tape Gateway, Object Gateway and Volume Gateway

Tape Gateway, File Gateway and Block Gateway

Block Gateway and Object Gateway are made-up options, so these three options are incorrect.
Reference:

https://aws.amazon.com/storagegateway/features/

63. Question
Which of the following use-cases is NOT supported by Amazon Rekognition?

Label objects in a photo

Quickly resize photos to create thumbnails

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 60/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Identify person in a photo

Detect text in a photo

Unattempted

Correct options:

Quickly resize photos to create thumbnails – You cannot use Rekognition to resize photos to create
thumbnails.

With Amazon Rekognition, you can identify objects, people, text, scenes, and activities in images and
videos, as well as detect any inappropriate content. Amazon Rekognition also provides highly accurate
facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a
wide variety of user verification, people counting, and public safety use cases.

Amazon Rekognition Use-Cases:

via – https://aws.amazon.com/rekognition/

Incorrect options:

Identify person in a photo

Detect text in a photo

Label objects in a photo

As mentioned in the explanation above, Amazon Rekognition can be used to build solutions for these
use-cases.

Reference: https://aws.amazon.com/rekognition/

64. Question
Which AWS service should be used when you want to run container applications, but want to avoid the
operational overhead of scaling, patching, securing, and managing servers?

Amazon Elastic Container Service (Amazon ECS)

AWS Fargate

Amazon Elastic Compute Cloud (Amazon EC2)

AWS Lambda

Unattempted

Correct option:

AWS Fargate

AWS Fargate is a serverless compute engine for containers. It works with both Amazon Elastic Container
Service (ECS) and Amazon Elastic Kubernetes Service (EKS). Fargate makes it easy for you to focus on
building your applications. Fargate removes the need to provision and manage servers, lets you specify
and pay for resources per application, and improves security through application isolation by design.

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 61/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Fargate allocates the right amount of compute, eliminating the need to choose instances and scale
cluster capacity. You only pay for the resources required to run your containers, so there is no over-
provisioning and paying for additional servers. Fargate runs each task or pod in its kernel providing the
tasks and pods their own isolated compute environment. This enables your application to have workload
isolation and improved security by design.

How Fargate Works: via – https://aws.amazon.com/fargate/

Incorrect options:

Amazon Elastic Container Service (Amazon ECS) – Amazon Elastic Container Service (Amazon ECS) is a
highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker
containers on a cluster. Unlike Fargate, this is not a fully managed service and you need to manage the
underlying servers yourself.

AWS Lambda – AWS Lambda is a compute service that lets you run code without provisioning or
managing servers. AWS Lambda executes your code only when needed and scales automatically, from a
few requests per day to thousands per second. Lambda does not support running container applications.

Amazon Elastic Compute Cloud (Amazon EC2) – Amazon Elastic Compute Cloud (Amazon EC2) is a web
service that provides secure, resizable compute capacity in the cloud, per-second billing, and access to
the underlying OS. It is designed to make web-scale cloud computing easier for developers. Maintenance
of the server and its software has to be done by the customer, so this option is ruled out.

Reference:

https://aws.amazon.com/fargate/

65. Question
The engineering team at an IT company wants to monitor the CPU utilization for its fleet of EC2 instances
and send an email to the administrator if the utilization exceeds 80%. As a Cloud Practitioner, which AWS
services would you recommend to build this solution? (Select two)

CloudWatch

Lambda

SNS

SQS

CloudTrail

Unattempted

Correct options:

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 62/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

an email message using Amazon SNS when the alarm changes state from OK to ALARM. The alarm
changes to the ALARM state when the average CPU use of an EC2 instance exceeds a specified
threshold for consecutive specified periods.

How SNS Works: via – https://aws.amazon.com/sns/

Incorrect options:

CloudTrail – AWS CloudTrail is a service that enables governance, compliance, operational auditing, and
risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account
activity related to actions across your AWS infrastructure. Think account-specific activity and audit; think
CloudTrail. CloudTrail cannot be used to monitor CPU utilization for EC2 instances or send emails.

Lambda – AWS Lambda lets you run code without provisioning or managing servers. You pay only for
the compute time you consume. Lambda cannot be used to monitor CPU utilization for EC2 instances or
send emails.

SQS – Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables
you to decouple and scale microservices, distributed systems, and serverless applications. SQS offers
two types of message queues – Standard queues vs FIFO queues. SQS cannot be used to monitor CPU
utilization for EC2 instances or send emails.

References:

https://aws.amazon.com/cloudwatch/

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/US_AlarmAtThresholdEC2.html

Use Page numbers below to navigate to other

practice tests

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14

← Previous Post Next Post →

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 63/64
9/2/22, 4:26 PM AWS Cloud Practitioner Full Practice Sets - SkillCertPro

Skillcertpro

Quick Links

ABOUT US
FAQ
BROWSE ALL PRACTICE TESTS
CONTACT FORM

Important Links

REFUND POLICY
REFUND REQUEST
TERMS & CONDITIONS
PRIVACY POLICY

https://skillcertpro.com/aws-cloud-practitioner-full-practice-sets/ 64/64

Aws Certified Developer Associate Dva c02
No ratings yet
Aws Certified Developer Associate Dva c02
209 pages
AWS Certified Cloud Practitioner Exam
100% (1)
AWS Certified Cloud Practitioner Exam
143 pages
Laser Maker Manual (YLM) - 95p - ENG
No ratings yet
Laser Maker Manual (YLM) - 95p - ENG
95 pages
Nire0510 Aws Services
No ratings yet
Nire0510 Aws Services
3 pages
Awsfundamentals Introduction
0% (1)
Awsfundamentals Introduction
9 pages
AWS Certified Cloud Practitioner Slides v2.3.2
100% (1)
AWS Certified Cloud Practitioner Slides v2.3.2
462 pages
AWS Questions
50% (6)
AWS Questions
15 pages
AWS Certified Solutions Architect - Associate SAA-C02
No ratings yet
AWS Certified Solutions Architect - Associate SAA-C02
15 pages
AWS Certified Cloud Practitioner (CLF-C01) Sample Exam Questions
No ratings yet
AWS Certified Cloud Practitioner (CLF-C01) Sample Exam Questions
3 pages
Design Thinking
100% (4)
Design Thinking
58 pages
Architect Philippines - Parking and Loading Space Requirements
No ratings yet
Architect Philippines - Parking and Loading Space Requirements
4 pages
Amazon: Exam Questions AWS-Certified-Cloud-Practitioner
No ratings yet
Amazon: Exam Questions AWS-Certified-Cloud-Practitioner
9 pages
AWS Cloud Practitioner Practice Set 2
100% (1)
AWS Cloud Practitioner Practice Set 2
63 pages
AWS Cloud Practitioner - Practice Questions
No ratings yet
AWS Cloud Practitioner - Practice Questions
97 pages
AWS Dumps
No ratings yet
AWS Dumps
18 pages
AWS Certified Solutions Architect Associate Exam Insights : Q&A with Explanations
From Everand
AWS Certified Solutions Architect Associate Exam Insights : Q&A with Explanations
SUJAN
No ratings yet
Ultimate AWS Certified Solutions Architect Associate Exam Guide: Master Designing Resilient, Scalable Architectures with Core and Advanced AWS Services to Crack the SAA-C03 Certification (English Edition)
From Everand
Ultimate AWS Certified Solutions Architect Associate Exam Guide: Master Designing Resilient, Scalable Architectures with Core and Advanced AWS Services to Crack the SAA-C03 Certification (English Edition)
Venkata Sasi Kanumuri
No ratings yet
AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023
From Everand
AWS Solutions Architect Certification Case Based Practice Questions Latest Edition 2023
Exam OG
No ratings yet
WhizCard CLF C01 06 09 2022
No ratings yet
WhizCard CLF C01 06 09 2022
111 pages
Official Practice Question Set
No ratings yet
Official Practice Question Set
32 pages
Aws Cloud Practitioner Notes
No ratings yet
Aws Cloud Practitioner Notes
31 pages
Amazon - Premium.SAA-C03.403q: Number: AWS SAA-C03 Passing Score: 800 Time Limit: 120 Min File Version: 6.6
No ratings yet
Amazon - Premium.SAA-C03.403q: Number: AWS SAA-C03 Passing Score: 800 Time Limit: 120 Min File Version: 6.6
131 pages
AWS Certified Developer Associate - Exam Guide
No ratings yet
AWS Certified Developer Associate - Exam Guide
11 pages
Dumps 2
No ratings yet
Dumps 2
11 pages
AWS Certified Solutions Architect Associate Exam Guide
No ratings yet
AWS Certified Solutions Architect Associate Exam Guide
8 pages
awsCP Studyguide
50% (2)
awsCP Studyguide
12 pages
ºèðÀÂÛÌ - AWS-SAP Certified Solutions Architect-Professional.577Q
100% (2)
ºèðÀÂÛÌ - AWS-SAP Certified Solutions Architect-Professional.577Q
91 pages
Website: Vce To PDF Converter: Facebook: Twitter:: Saa-C02.Vceplus - Premium.Exam.65Q
No ratings yet
Website: Vce To PDF Converter: Facebook: Twitter:: Saa-C02.Vceplus - Premium.Exam.65Q
22 pages
CLF c01
100% (1)
CLF c01
6 pages
Aws Certified Cloud Practitioner - 9
100% (1)
Aws Certified Cloud Practitioner - 9
28 pages
AWS Cloud Practitioner 2023
0% (1)
AWS Cloud Practitioner 2023
3 pages
Question Set 2
No ratings yet
Question Set 2
13 pages
Test 3 Nael Davis Exam AWS
0% (1)
Test 3 Nael Davis Exam AWS
222 pages
AWS Certified Solutions Architect Associate SAA C02 Demo
No ratings yet
AWS Certified Solutions Architect Associate SAA C02 Demo
12 pages
Stratospheric
100% (1)
Stratospheric
459 pages
Aws Certified Cloud Practitioner CLF c02 Sample1713265794
No ratings yet
Aws Certified Cloud Practitioner CLF c02 Sample1713265794
5 pages
AWS Certified Solutions Architect Associate Exam Guide - v1.1 - 2019 - 08 - 27 - FINAL PDF
No ratings yet
AWS Certified Solutions Architect Associate Exam Guide - v1.1 - 2019 - 08 - 27 - FINAL PDF
2 pages
AWS Certified Developer - Associate
No ratings yet
AWS Certified Developer - Associate
2 pages
Sample DevOps Resume
No ratings yet
Sample DevOps Resume
2 pages
Real SAA-C02 Exam Questions 2021
No ratings yet
Real SAA-C02 Exam Questions 2021
11 pages
Amazon: Exam Questions AWS-Certified-Cloud-Practitioner
100% (1)
Amazon: Exam Questions AWS-Certified-Cloud-Practitioner
10 pages
111 Associate Solution Architect Study Guide AWS
No ratings yet
111 Associate Solution Architect Study Guide AWS
11 pages
AWS Certified DevOps Engineer Professional - Exam Guide
No ratings yet
AWS Certified DevOps Engineer Professional - Exam Guide
14 pages
AWS Certified Solutions Architect - Associate (SAA-C02) Exam Guide
100% (1)
AWS Certified Solutions Architect - Associate (SAA-C02) Exam Guide
8 pages
AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
No ratings yet
AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
4 pages
Amazon SAA-C03 Exam
No ratings yet
Amazon SAA-C03 Exam
9 pages
Final Internship Report Content
No ratings yet
Final Internship Report Content
20 pages
Saa C03
No ratings yet
Saa C03
85 pages
AWS Real Exam Questions
100% (3)
AWS Real Exam Questions
31 pages
AWS Training Stuff
No ratings yet
AWS Training Stuff
8 pages
AWS Certified Solutions Architect - Associate - SAA-C02 - DumpsHome - Mansoor
No ratings yet
AWS Certified Solutions Architect - Associate - SAA-C02 - DumpsHome - Mansoor
4 pages
AWS CP - Sruya Kiran Sir Notes
No ratings yet
AWS CP - Sruya Kiran Sir Notes
8 pages
AWS Certified Cloud Practitioner Exam Guide v2.1
No ratings yet
AWS Certified Cloud Practitioner Exam Guide v2.1
2 pages
AWS Certified Solutions Architect Associate Exam Guide
No ratings yet
AWS Certified Solutions Architect Associate Exam Guide
8 pages
SAA-C03 AWS Certified Solutions Architect - Associate Updated Dumps
No ratings yet
SAA-C03 AWS Certified Solutions Architect - Associate Updated Dumps
89 pages
Amazon: Exam Questions AWS-Certified-Security-Specialty
No ratings yet
Amazon: Exam Questions AWS-Certified-Security-Specialty
47 pages
AWS Certified Cloud Practitioner Exam - Free Actual Q&As, Page 14 - ExamTopics
No ratings yet
AWS Certified Cloud Practitioner Exam - Free Actual Q&As, Page 14 - ExamTopics
2 pages
AWS Certified Cloud Practitioner Exam - Free Actual Q&As, Page 1 - ExamTopics PDF
100% (1)
AWS Certified Cloud Practitioner Exam - Free Actual Q&As, Page 1 - ExamTopics PDF
114 pages
AWS Certified Solutions Architect Professional - Exam Guide
No ratings yet
AWS Certified Solutions Architect Professional - Exam Guide
22 pages
AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 39 - ExamTopics
No ratings yet
AWS Certified Solutions Architect - Associate SAA-C03 Exam - Free Exam Q&As, Page 39 - ExamTopics
6 pages
SAA-C03 AWS Certified Solutions Architect - Associate Updated Dumps
No ratings yet
SAA-C03 AWS Certified Solutions Architect - Associate Updated Dumps
90 pages
Ultimate AWS Certified Solutions Architect Associate Exam Guide: Master Designing Resilient, Scalable Architectures with Core and Advanced AWS Services to Crack the SAA-C03 Certification (English Edition)
From Everand
Ultimate AWS Certified Solutions Architect Associate Exam Guide: Master Designing Resilient, Scalable Architectures with Core and Advanced AWS Services to Crack the SAA-C03 Certification (English Edition)
Venkata Kanumuri
No ratings yet
Microsoft AZURE® AZ-104 Administrator Practice Tests
From Everand
Microsoft AZURE® AZ-104 Administrator Practice Tests
iCertify Training
No ratings yet
Matrimony App 1
No ratings yet
Matrimony App 1
5 pages
Model Driven
No ratings yet
Model Driven
61 pages
Object Persistence Using Hibernate: An Object-Relational Mapping Framework For Object Persistence
No ratings yet
Object Persistence Using Hibernate: An Object-Relational Mapping Framework For Object Persistence
74 pages
BackPropagation PDF
No ratings yet
BackPropagation PDF
48 pages
Published On 22 Jul 15
No ratings yet
Published On 22 Jul 15
4 pages
23 Java 8 File IO Part 2 PDF
No ratings yet
23 Java 8 File IO Part 2 PDF
23 pages
What Does XML Stand For
No ratings yet
What Does XML Stand For
16 pages
Data Structures and Algorithms: Linked Lists Stacks PLSD210 (Ii)
No ratings yet
Data Structures and Algorithms: Linked Lists Stacks PLSD210 (Ii)
18 pages
SQL2
No ratings yet
SQL2
44 pages
Big Data Processing, 2014/15: Lecture 8: Pig Latin!
No ratings yet
Big Data Processing, 2014/15: Lecture 8: Pig Latin!
58 pages
Java Web Services
No ratings yet
Java Web Services
61 pages
Angular2 PDF
No ratings yet
Angular2 PDF
24 pages
Programming With Java: K.Srivatsan
No ratings yet
Programming With Java: K.Srivatsan
194 pages
Introduction To PL/SQL
No ratings yet
Introduction To PL/SQL
50 pages
wb3 Draft
No ratings yet
wb3 Draft
6 pages
SIWES Report (Corrected)
100% (1)
SIWES Report (Corrected)
23 pages
Regression Analysis of Gapminder Data
No ratings yet
Regression Analysis of Gapminder Data
41 pages
2024 04 21 11.55.01
No ratings yet
2024 04 21 11.55.01
694 pages
Quectel-Antenna-Brochure - V1 7 4
No ratings yet
Quectel-Antenna-Brochure - V1 7 4
20 pages
DVR Kit 0 NVR Kit - Pricelist (SINSYN-Tech) 2014.10
No ratings yet
DVR Kit 0 NVR Kit - Pricelist (SINSYN-Tech) 2014.10
4 pages
Risk To Reward Ratio Spreadsheet Tradingview
No ratings yet
Risk To Reward Ratio Spreadsheet Tradingview
19 pages
Batch Analysis Tool
No ratings yet
Batch Analysis Tool
8 pages
2025 04 11 Meet-Your-New-Household-Robot
No ratings yet
2025 04 11 Meet-Your-New-Household-Robot
8 pages
Digi SM-110 Operation and Programming Manual
No ratings yet
Digi SM-110 Operation and Programming Manual
7 pages
Your E-Admit Card
No ratings yet
Your E-Admit Card
4 pages
Control Systems Lab 02
No ratings yet
Control Systems Lab 02
31 pages
Combinatorics 11695
No ratings yet
Combinatorics 11695
41 pages
1, 2, 3 MCQ RL
No ratings yet
1, 2, 3 MCQ RL
15 pages
DGS-1510 Series CLI Reference Guide v1.70
No ratings yet
DGS-1510 Series CLI Reference Guide v1.70
815 pages
Gaurav Kumar Resume
No ratings yet
Gaurav Kumar Resume
3 pages
Day 4 - MSP Bootcamp Training 201
No ratings yet
Day 4 - MSP Bootcamp Training 201
54 pages
Reading: Form B - Extra Reading
No ratings yet
Reading: Form B - Extra Reading
3 pages
Chapter 1 Statement of The Problem
100% (2)
Chapter 1 Statement of The Problem
4 pages
Number System Solutions
No ratings yet
Number System Solutions
5 pages
Run Length Encoding
No ratings yet
Run Length Encoding
7 pages
Basics of ICS Cyber Security Solutions PDF
100% (2)
Basics of ICS Cyber Security Solutions PDF
27 pages
Big Data and Hadoop - Suzanne
No ratings yet
Big Data and Hadoop - Suzanne
5 pages
Lec. 1 Computer Organization and Architecture (CPE343)
No ratings yet
Lec. 1 Computer Organization and Architecture (CPE343)
18 pages
122 Penn ST LRev 613
No ratings yet
122 Penn ST LRev 613
33 pages
202441551502IA Alatishe
No ratings yet
202441551502IA Alatishe
1 page
Chapter 2 - Network Basics
No ratings yet
Chapter 2 - Network Basics
64 pages
ARMA RFM 6T6R B20 360W Datasheet
No ratings yet
ARMA RFM 6T6R B20 360W Datasheet
4 pages