aws-certified-cloud-practitioner_1

Welcome to download the Newest 2passeasy AWS-Certified-Cloud-Practitioner dumps
https://www.2passeasy.com/dumps/AWS-Certified-Cloud-Practitioner/ (370 New Questions)
Exam Questions AWS-Certified-Cloud-Practitioner

Amazon AWS Certified Cloud Practitioner
https://www.2passeasy.com/dumps/AWS-Certified-Cloud-Practitioner/
Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 1
- (Topic 2)
Which AWS service provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning (ML)?
A. Amazon Kendra
B. Amazon SageMaker
C. Amazon Augmented Al (Amazon A2I)
D. Amazon Polly
Answer: A
Explanation:
Amazon Kendra is a service that provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning. Kendra delivers
powerful natural language search capabilities to your websites and applications so your end users can more easily find the information they need within the vast
amount of content spread across your company. Amazon SageMaker is a service that provides a fully managed platform for data scientists and developers to
quickly and easily build, train, and deploy machine learning models at any scale. Amazon Augmented AI (Amazon A2I) is a service that makes it easy to build the
workflows required for human review of ML predictions. Amazon A2I brings human review to all developers, removing the undifferentiated heavy lifting associated
with building human review systems or managing large numbers of human reviewers. Amazon Polly is a service that turns text into lifelike speech, allowing you to
create applications that talk, and build entirely new categories of speech-enabled
products. None of these services provide an enterprise search service that is powered by machine learning.
NEW QUESTION 2
- (Topic 2)
A company wants to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud.
Which AWS service should the company use to reduce management overhead for this environment?
A. Amazon Elastic Container Service (Amazon ECS)

B. Amazon SageMaker
C. Amazon RDS
D. Amazon Athena
Answer: C
Explanation:
Amazon Relational Database Service (Amazon RDS) is the AWS service that the company should use to migrate its Microsoft SQL Server database management
system from on premises to the AWS Cloud. Amazon RDS is a fully managed service that provides a scalable, secure, and high-performance relational database
platform. Amazon RDS supports several database engines, including Microsoft SQL Server. Amazon RDS reduces the management overhead for the database
environment by taking care of tasks such as provisioning, patching, backup, recovery, and monitoring. For more information, see What is Amazon Relational
Database Service (Amazon RDS)? and Amazon RDS for SQL Server.
NEW QUESTION 3
- (Topic 2)
A company wants to access a report about the estimated environmental impact of the company's AWS usage.
Which AWS service or feature should the company use to meet this requirement?
A. AWS Organizations
B. IAM policy
C. AWS Billing console
D. Amazon Simple Notification Service (Amazon SNS)
Answer: C
Explanation:
The company should use the AWS Billing console to access a report about the estimated environmental impact of the company’s AWS usage. The AWS Billing
console provides customers with various tools and reports to manage and monitor their AWS costs and usage. One of the reports available in the AWS Billing
console is the AWS Sustainability Dashboard, which shows the estimated carbon footprint and energy mix of the customer’s AWS usage. The company can use
this dashboard to measure and improve the sustainability of their cloud workloads. AWS Organizations, IAM policy, and Amazon Simple Notification Service
(Amazon SNS) are not services or features that can provide a report about the estimated environmental impact of the company’s AWS usage. AWS Organizations
is a service that enables customers to centrally manage and govern their AWS accounts. IAM policy is a document that defines the permissions for an IAM identity
(user, group, or role) or an AWS resource. Amazon SNS is a fully managed pub/sub messaging service that enables customers to send messages to subscribers
or other AWS services.
NEW QUESTION 4
- (Topic 1)
Which AWS features will meet these requirements? (Select TWO.)
A. Security groups
B. Network ACLs
C. S3 bucket policies
D. IAM user policies
E. S3 bucket versioning
Answer: CD
Explanation:
The correct answers are C and D because S3 bucket policies and IAM user policies are AWS features that will meet the requirements. S3 bucket policies are
access policies that can be attached to Amazon S3 buckets to grant or deny permissions to the bucket and the objects it contains. S3 bucket policies can be used
to control who has permission to read, write, or delete objects that the company stores in the S3 bucket. IAM user policies are access policies that can be attached

to IAM users to grant or deny permissions to AWS resources and actions. IAM user policies can be used to control who has permission to read, write, or delete
objects that the company stores in the S3 bucket. The other options are incorrect because they are not AWS features that will meet the requirements. Security
groups and network ACLs are AWS features that act as firewalls to control inbound and outbound traffic to and from Amazon EC2 instances and subnets. Security
groups and network ACLs do not control who has permission to read, write, or delete objects that the company stores in the S3 bucket. S3 bucket versioning is an
AWS feature that enables users to keep multiple versions of the same object in the same bucket. S3 bucket versioning can be used to recover from accidental
overwrites or deletions of objects, but it does not control who has permission to read, write, or delete objects that the company stores in the S3 bucket. Reference:
Using Bucket Policies and User Policies, Security Groups for Your VPC, Network ACLs, [Using Versioning]
NEW QUESTION 5
- (Topic 1)
Which statement describes a characteristic of the AWS global infrastructure?
A. Edge locations contain multiple AWS Regions.

B. AWS Regions contain multiple Regional edge caches.
C. Availability Zones contain multiple data centers.
D. Each data center contains multiple edge locations.
Answer: C
Explanation:
Availability Zones contain multiple data centers. This is a characteristic of the AWS global infrastructure, which consists of AWS Regions, Availability Zones, and
edge locations. AWS Regions are geographically isolated areas that contain multiple Availability Zones. Availability Zones are physically separate locations within
an AWS Region that are engineered to be isolated from failures and connected by low-latency, high- throughput, and highly redundant networking. Each
Availability Zone contains one or more data centers that house the servers and storage devices that run AWS services. Edge locations are sites that are located
closer to the end users and provide caching and content delivery services. AWS Global InfrastructureAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 6
- (Topic 1)
A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high end client hardware?
A. Amazon AppStream 2.0

B. AWS AppSync
C. Amazon WorkLink
D. AWS Elastic Beanstalk
Answer: A
Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure
or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications
from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend
infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the
company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to
create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access
to internal websites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using
popular platforms such as Java, .NET, PHP, and Node.js. Reference: [Amazon AppStream 2.0 FAQs]
NEW QUESTION 7
- (Topic 1)
A company is migrating a relational database server to the AWS Cloud. The company wants to minimize
administrative overhead of database maintenance tasks. Which AWS service will meet these requirements?
A. Amazon DynamoDB
B. Amazon EC2
C. Amazon Redshift
D. Amazon RDS
Answer: D
Explanation:
Amazon RDS is the AWS service that will meet the requirements of migrating a relational database server to the AWS Cloud and minimizing administrative
overhead of database maintenance tasks. Amazon RDS is a fully managed relational database service that handles routine database tasks, such as provisioning,
patching, backup, recovery, failure detection, and repair. Amazon RDS supports several database engines, such as MySQL, PostgreSQL, Oracle, SQL Server,
and Amazon Aurora5.
NEW QUESTION 8
- (Topic 1)
A cloud practitioner is analyzing Amazon EC2 instance performance and usage to provide recommendations for potential cost savings.
Which cloud concept does this analysis demonstrate?
A. Auto scaling
B. Rightsizing
C. Load balancing
D. High availability
Answer: B
Explanation:

Rightsizing is the cloud concept that this analysis demonstrates. Rightsizing is the process of optimizing the performance and cost of your AWS resources by
selecting the most appropriate type, size, and configuration based on your workload requirements and usage patterns. Rightsizing can help you achieve potential
cost savings by reducing the over-provisioning or under-utilization of your resources. You can use various AWS tools and services, such as AWS Cost Explorer,
AWS Compute Optimizer, and AWS Trusted Advisor, to analyze your resource utilization and performance metrics, and receive recommendations for rightsizing.
NEW QUESTION 9
- (Topic 1)
A company needs to run code in response to an event notification that occurs when objects are uploaded to an Amazon S3 bucket.
Which AWS service will integrate directly with the event notification?
A. AWS Lambda
B. Amazon EC2
C. Amazon Elastic Container Registry (Amazon ECR)
D. AWS Elastic Beanstalk
Answer: A
Explanation:
AWS Lambda is a service that lets you run code without provisioning or managing servers. You can use Lambda to process event notifications from Amazon S3
when objects are uploaded or deleted. Lambda integrates directly with the event notification and invokes your code automatically. Therefore, the correct answer is
A.
NEW QUESTION 10
- (Topic 1)
Which AWS service can report how AWS resource configurations have changed over time?
A. AWS CloudTrail
B. Amazon CloudWatch
C. AWS Config
D. Amazon Inspector
Answer: C
Explanation:
AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records the
configuration changes of the resources and evaluates them against desired configurations and best practices. It also provides a detailed view of the resource
configuration history and relationships, as well as compliance reports and notifications. AWS Config can help users maintain consistent and secure configurations,
troubleshoot issues, and simplify compliance auditing. AWS Config OverviewAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 10
- (Topic 1)
Which benefit does Amazon Rekognition provide?
A. The ability to place watermarks on images

B. The ability to detect objects that appear in pictures
C. The ability to resize millions of images automatically
D. The ability to bid on object detection jobs
Answer: B
Explanation:
Amazon Rekognition is a service that provides deep learning-based image and video analysis. One of the benefits of Amazon Rekognition is the ability to detect
objects that appear in pictures, such as faces, landmarks, animals, text, and scenes. This can enable applications to perform tasks such as face recognition, face
verification, face comparison, face search, celebrity recognition, emotion detection, age range estimation, gender identification, facial analysis, facial expression
recognition, and more. Amazon Rekognition OverviewAWS Certified Cloud Practitioner - aws.amazon.com
NEW QUESTION 15
SIMULATION - (Topic 1)
A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.
Which pricing model enables the company to optimize costs and meet these requirements?
A. Reserved Instances
B. Spot Instances
C. On-Demand Instances
D. Dedicated Instances
Answer: B
Explanation:
The correct answer is B because Spot Instances enable the company to optimize costs and meet the requirements. Spot Instances are spare EC2 instances that
are available at up to 90% discount compared to On-Demand prices. Spot Instances are suitable for stateless, fault-tolerant, and flexible applications that can run
for any duration. The other options are incorrect because they do not enable the company to optimize costs and meet the requirements. Reserved Instances are
EC2 instances that are reserved for a specific period of time (one or three years) in exchange for a lower hourly rate. Reserved Instances are suitable for steady-
state or predictable workloads that run for a long duration. On- Demand Instances are EC2 instances that are launched and billed at a fixed hourly rate.
On-Demand Instances are suitable for short-term, irregular, or unpredictable workloads that cannot be interrupted. Dedicated Instances are EC2 instances that run
on hardware that is dedicated to a single customer. Dedicated Instances are suitable for workloads that require regulatory compliance or data isolation. Reference:
[Amazon EC2 Instance Purchasing Options]

NEW QUESTION 17
- (Topic 1)
A company needs to use dashboards and charts to analyze insights from business data. Which AWS service will provide the dashboards and charts for these
insights?
A. Amazon Macie
B. Amazon Aurora
C. Amazon QuickSight
D. AWS CloudTrail
Answer: C
Explanation:
The correct answer is C because Amazon QuickSight is an AWS service that will provide the dashboards and charts for the insights from business data. Amazon
QuickSight is a fully managed, scalable, and serverless business intelligence service that enables users to create and share interactive dashboards and charts.
Amazon QuickSight can connect to various data sources, such as Amazon S3, Amazon RDS, Amazon Redshift, and more. Amazon QuickSight also provides
users with machine learning insights, such as anomaly detection, forecasting, and natural language narratives. The other options are incorrect because they are
not AWS services that will provide the dashboards and charts for the insights from business data. Amazon Macie is an AWS service that helps users discover,
classify, and protect sensitive data stored in Amazon S3. Amazon Aurora is an AWS service that provides a relational database that is compatible with MySQL and
PostgreSQL. AWS CloudTrail is an AWS service that enables users to track user activity and API usage across their AWS account. Reference: Amazon
QuickSight FAQs
NEW QUESTION 21
- (Topic 1)
Which AWS service or tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?
A. AWS Identity and Access Management (IAM)

B. AWS Organizations
C. AWS Cost Explorer
D. AWS Budgets
Answer: B
Explanation:
AWS Organizations helps to centrally manage billing and allow controlled access to resources across AWS accounts. AWS Organizations is a service that
enables the user to consolidate multiple AWS accounts into an organization that can be managed as a single unit. AWS Organizations allows the user to create
groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access in the
accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization
into a single bill.
NEW QUESTION 24
- (Topic 1)
Which feature of the AWS Cloud gives users the ability to pay based on current needs rather than forecasted needs?
A. AWS Budgets
B. Pay-as-you-go pricing
C. Volume discounts
D. Savings Plans
Answer: B
Explanation:
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on current needs rather than forecasted needs. Pay-as-you-go
pricing means that users only pay for the AWS services and resources they use, without any upfront or long-term commitments. This allows users to scale up or
down their usage depending on their changing business requirements, and avoid paying for idle or unused capacity. Pay-as-you-go pricing also enables users to
benefit from the economies of scale and lower costs of AWS as they grow their business5
NEW QUESTION 28
- (Topic 1)
Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?
A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune
Answer: A
Explanation:
The correct answer is A because Amazon DynamoDB is a key-value database that provides sub-millisecond latency on a large scale. Amazon DynamoDB is a
fully managed, serverless, and scalable NoSQL database service that supports both key- value and document data models. The other options are incorrect
because they are not key-value databases. Amazon Aurora is a relational database that is compatible with MySQL and PostgreSQL. Amazon DocumentDB (with
MongoDB compatibility) is a document database that is compatible with MongoDB. Amazon Neptune is a graph database that supports property graph and RDF
models. Reference: Amazon DynamoDB FAQs
NEW QUESTION 29
- (Topic 1)
company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.
Which pillar of the AWS Well-Architected Framework is supported by these goals?

A. Reliability
B. Security
C. Operational excellence
D. Performance efficiency
Answer: B
Explanation:
The pillar of the AWS Well-Architected Framework that is supported by the goals of protecting AWS Cloud information, systems, and assets while performing risk
assessment and mitigation tasks is security. Security is the ability to protect information, systems, and assets while delivering business value through risk
assessments and mitigation strategies. The security pillar covers topics such as identity and access management, data protection, infrastructure protection,
detective controls, incident response, and compliance
NEW QUESTION 34
- (Topic 1)
Which AWS service or tool can be used to consolidate payments for a company with multiple AWS accounts?
A. AWS Cost and Usage Report

B. AWS Organizations
C. Cost Explorer
D. AWS Budgets
Answer: B
Explanation:
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally
manage. AWS Organizations includes consolidated billing and account management capabilities that enable you to better meet the budgetary, security, and
compliance needs of your business1.
NEW QUESTION 36
- (Topic 1)
Which of the following are customer responsibilities under the AWS shared responsibility model? (Select TWO.)
A. Physical security of AWS facilities

B. Configuration of security groupsQ
C. Encryption of customer data on AWS
D. Management of AWS Lambda infrastructureQ
E. Management of network throughput of each AWS Region
Answer: BC
Explanation:
The AWS shared responsibility model describes how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is
responsible for the security of the cloud, which includes the physical security of AWS facilities, the infrastructure, hardware, software, and networking that run AWS
services. The customer is responsible for security in the cloud, which includes the configuration of security groups, the encryption of customer data on AWS, the
management of AWS Lambda infrastructure, and the management of network throughput of each AWS Region.
NEW QUESTION 38
- (Topic 1)
Which duties are the responsibility of a company that is using AWS Lambda? (Select TWO.)
A. Security inside of code

B. Selection of CPU resources
C. Patching of operating system
D. Writing and updating of code
E. Security of underlying infrastructure
Answer: AD
Explanation:
The duties that are the responsibility of a company that is using AWS Lambda are security inside of code and writing and updating of code. AWS Lambda is a
serverless compute service that allows you to run code without provisioning or managing servers, scaling, or patching. AWS Lambda takes care of the security of
the underlying infrastructure, such as the operating system, the network, and the firewall. However, the company is still responsible for the security of the code
itself, such as encrypting sensitive data, validating input, and handling errors. The company is also responsible for writing and updating the code that defines the
Lambda function, and choosing the runtime environment, such as Node.js, Python, or Java. AWS Lambda does not require the selection of CPU resources, as it
automatically allocates them based on the memory configuration34
NEW QUESTION 41
- (Topic 1)
A company wants to manage access and permissions for its third-party software as a service (SaaS)
applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications.
Which AWS service should the company use to meet these requirements?
A. Amazon Cognito
B. AWS IAM Identity Center (AWS Single Sign-On)
C. AWS Identity and Access Management (IAM)
D. AWS Directory Service for Microsoft Active Directory
Answer: B

Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is the AWS service that the company should use to meet the requirements of managing access and permissions
for its third-party SaaS applications. AWS Single Sign-On is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple
AWS accounts and business applications. You can use AWS Single Sign-On to enable your users to sign in to a user portal with their existing corporate
credentials and access all of their assigned accounts and applications from one place4.
NEW QUESTION 42
- (Topic 1)
A user wants to identify any security group that is allowing unrestricted incoming SSH traffic.
Which AWS service can be used to accomplish this goal?
A. Amazon Cognito
B. AWS Shield
C. Amazon Macie
D. AWS Trusted Advisor
Answer: D
Explanation:
The correct answer to the question is D because AWS Trusted Advisor is an AWS service that can be used to accomplish the goal of identifying any security
group that is allowing unrestricted incoming SSH traffic. AWS Trusted Advisor is a service that provides customers with recommendations that help them follow
AWS best practices. Trusted Advisor evaluates the customer’s AWS environment and identifies ways to optimize their AWS infrastructure, improve security and
performance, reduce costs, and monitor service quotas. One of the checks that Trusted Advisor performs is the Security Groups - Specific Ports Unrestricted
check, which flags security groups that allow unrestricted access to specific ports, such as port 22 for SSH. Customers can use this check to review and modify
their security group rules to restrict SSH access to only authorized sources. Reference: Security Groups - Specific Ports Unrestricted
NEW QUESTION 47
- (Topic 1)
A large company has a workload that requires hardware to remain on premises. The company wants to use the same management and control plane services that
it currently uses on AWS.
Which AWS service should the company use to meet these requirements?
A. AWS Device Farm

B. AWS Fargate
C. AWS Outposts
D. AWS Ground Station
Answer: C
Explanation:
The correct answer is C because AWS Outposts is an AWS service that enables the company to meet the requirements. AWS Outposts is a fully managed
service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, colocation space, or on-premises facility. AWS Outposts allows
customers to run their workloads on the same hardware and software that AWS uses in its cloud, while maintaining local access and control. The other options are
incorrect because they are not AWS services that enable the company to meet the requirements. AWS Device Farm is an AWS service that enables customers to
test their mobile and web applications on real devices in the AWS Cloud. AWS Fargate is an AWS service that enables customers to run containers without having
to manage servers or clusters. AWS Ground Station is an AWS service that enables customers to communicate with satellites and downlink data from orbit.
Reference: AWS Outposts FAQs
NEW QUESTION 49
- (Topic 1)
Which AWS network services or features allow Cl DR block notation when providing an IP address range?
(Select TWO.)
A. Security groups
B. Amazon Machine Image (AMI)
C. Network access control list (network ACL)
D. AWS Budgets
E. Amazon Elastic Block Store (Amazon EBS)
Answer: AC
Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP
address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network
ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR
block notation to specify the IP address ranges that are allowed or denied
NEW QUESTION 53
- (Topic 3)
A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve
supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?
A. Security
B. Performance efficiency
C. Cost optimization
D. Operational excellence
Answer: D

Explanation:
The scenario represents the operational excellence pillar of the AWS Well- Architected Framework, which focuses on running and monitoring systems to deliver
business value and continually improve supporting processes and procedures1. Security, performance efficiency, cost optimization, and reliability are the other
four pillars of the framework1.
NEW QUESTION 55
- (Topic 3)
Which VPC component provides a layer of security at the subnet level?
A. Security groups
B. Network ACLs
C. NAT gateways
D. Route tables
Answer: B
Explanation:
Network ACLs are a feature that provide a layer of security at the subnet level by acting as a firewall to control traffic in and out of one or more subnets. Network
ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols5. Security groups are a feature
that provide a layer of security at the instance level by acting as a firewall to control traffic to and from one or more instances. Security groups can be configured
with rules that allow or deny traffic based on the source and destination IP addresses, ports, protocols, and security groups. NAT gateways are a feature that
enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
Route tables are a feature that determine where network traffic from a subnet or gateway is directed.
NEW QUESTION 60
- (Topic 3)
A company needs to securely store important credentials that an application uses to connect users to a database.
Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?
A. AWS Key Management Service (AWS KMS)

B. AWS Config
C. AWS Secrets Manager
D. Amazon GuardDuty
Answer: C
Explanation:
AWS Secrets Manager is a service that helps you protect secrets needed to access your applications, services, and IT resources. You can use AWS Secrets
Manager to store, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. AWS Secrets Manager eliminates the need to
hardcode sensitive information in plain text, and reduces the risk of unauthorized access or leakage. AWS Secrets Manager also integrates with other AWS
services, such as AWS Lambda, Amazon RDS, and AWS CloudFormation, to simplify the management of secrets across your environment5
NEW QUESTION 65
- (Topic 3)
Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?
A. Go global in minutes
B. Make frequent, small, reversible changes
C. Implement a strong foundation of identity and access management
D. Stop spending money on hardware infrastructure for data center operations
Answer: B
Explanation:
Making frequent, small, reversible changes is one of the design principles for operational excellence in the AWS Cloud, as defined by the AWS Well-Architected
Framework. This principle means that you should design your workloads to allow for rapid and safe changes, such as deploying updates, rolling back failures, and
experimenting with new features. By making small and reversible changes, you can reduce the risk of errors,
minimize the impact of failures, and increase the speed of recovery2. References: 2: AWS Documentation - AWS Well-Architected Framework - Operational
Excellence Pillar
NEW QUESTION 66
- (Topic 3)
Which AWS Cloud benefit describes the ability to acquire resources as they are needed and release resources when they are no longer needed?
A. Economies of scale
B. Elasticity
C. Agility
D. Security
Answer: B
Explanation:
The AWS Cloud benefit that describes the ability to acquire resources as they are needed and release resources when they are no longer needed is elasticity.
Elasticity means that users can quickly add and remove resources to match the demand of their applications, and only pay for what they use. Elasticity enables
users to handle unpredictable workloads, reduce costs, and improve performance1. Economies of scale, agility, and security are other benefits of the AWS Cloud,
but they do not describe the specific ability of acquiring and releasing resources on demand.
NEW QUESTION 69

- (Topic 3)
A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed?
A. 3 hours, 5 minutes
B. 3 hours, 5 minutes, and 6 seconds
C. 3 hours, 6 minutes
D. 4 hours
Answer: C
Explanation:
Amazon EC2 usage is calculated by either the hour or the second based on the size of the instance, operating system, and the AWS Region where the instances
are launched. Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it’s terminated or stopped. Each partial
instance-hour consumed is billed per-second for Linux instances and as a full hour for all other instance types1. Therefore, the customer will be billed for 3 hours
and 6 minutes for running an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds. References: Understand Amazon EC2 instance-
hours billing
NEW QUESTION 72
- (Topic 3)
Which AWS Cloud deployment model uses AWS Outposts as part of the application deployment infrastructure?
A. On-premises
B. Serverless
C. Cloud-native
D. Hybrid
Answer: D
Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS
managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions,
while using local compute and storage resources for lower latency and local data processing needs. An Outpost is a pool of AWS compute and storage capacity
deployed at a customer site. AWS operates, monitors, and manages this capacity as part of an AWS Region. You can create subnets on your Outpost and specify
them when you create AWS resources such as EC2 instances, EBS volumes, ECS clusters, and RDS instances. Instances in Outpost subnets communicate with
other instances in the AWS Region using private IP addresses, all within the same VPC. Outposts solutions allow you to extend and run native AWS services on
premises, and is available in a variety of form factors, from 1U and 2U Outposts servers to 42U Outposts racks, and multiple rack deployments. With AWS
Outposts, you can run some AWS services locally and connect to a broad range of services available in the local AWS Region2. AWS Outposts is a hybrid cloud
deployment model that uses AWS Outposts as part of the application deployment infrastructure. Hybrid cloud is a cloud computing environment that uses a mix of
on-premises, private cloud, and public cloud services with orchestration between the platforms. Hybrid cloud provides businesses with greater flexibility, more
deployment options, and optimized costs. By using AWS Outposts, customers can benefit from the fully managed infrastructure, services, APIs, and tools of AWS
on premises, while still having access to the full range of AWS services available in the Region for a truly consistent hybrid experience3. References: On-Premises
Private Cloud - AWS Outposts Family - AWS, What is AWS Outposts? - AWS Outposts
NEW QUESTION 73
- (Topic 2)
A company wants to migrate its application to AWS. The company wants to replace upfront expenses with variable payment that is based on usage.
What should the company do to meet these requirements?
A. Use pay-as-you-go pricing.

B. Purchase Reserved Instances.
C. Pay less by using more.
D. Rightsize instances.
Answer: A
Explanation:
Pay-as-you-go pricing is one of the main benefits of AWS. With pay-as-you- go pricing, you pay only for what you use, when you use it. There are no long-term
contracts, termination fees, or complex licensing. You replace upfront expenses with lower variable costs and pay only for the resources you consume.
NEW QUESTION 75
- (Topic 2)
Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Select TWO.)
A. Maximize utilization of Amazon EC2 instances.

B. Minimize utilization of Amazon EC2 instances.
C. Minimize usage of managed services.
D. Force frequent application reinstallations by users.
E. Reduce the need for users to reinstall applications.
Answer: AE
Explanation:
To maximize sustainability and minimize environmental impact, a company should apply the following design principles to AWS Cloud workloads: maximize
utilization of Amazon EC2 instances and reduce the need for users to reinstall applications. Maximizing utilization of Amazon EC2 instances means that the
company can optimize the performance and efficiency of their compute resources, and avoid wasting energy and money on idle or underutilized instances. The
company can use features such as Amazon EC2 Auto Scaling, Amazon EC2 Spot Instances, and AWS Compute Optimizer to automatically adjust the number and
type of instances based on demand, cost, and performance. Reducing the need for users to reinstall applications means that the company can minimize the
amount of data and bandwidth required to deliver their applications to users, and avoid unnecessary downloads and updates that consume energy and resources.
The company can use services such as Amazon CloudFront, AWS AppStream 2.0, and AWS Amplify to deliver their applications faster, more securely, and more

efficiently to users across the globe. Minimizing utilization of Amazon EC2 instances, minimizing usage of managed services, and forcing frequent application
reinstallations by users are not design principles that would maximize sustainability and minimize environmental impact. Minimizing utilization of Amazon EC2
instances would reduce the performance and efficiency of the compute resources, and potentially increase the costs and complexity of the cloud workloads.
Minimizing usage of managed services would increase the operational overhead and responsibility of the company, and potentially expose them to more security
and reliability risks. Forcing frequent application reinstallations by users would increase the amount of data and bandwidth required to deliver the applications to
users, and potentially degrade the user experience and satisfaction.
NEW QUESTION 78
- (Topic 2)
Which AWS solution provides the ability for a company to run AWS services in the company's on-premises data center?
A. AWS Direct Connect

B. AWS Outposts
C. AWS Systems Manager hybrid activations
D. AWS Storage Gateway
Answer: B
Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-
premises facility for a truly consistent hybrid experience. AWS Outposts enables you to run AWS services in your on-premises data center1.
NEW QUESTION 82
- (Topic 2)
A company needs help managing multiple AWS linked accounts that are reported on a consolidated bill.
Which AWS Support plan includes an AWS concierge whom the company can ask for assistance?
A. AWS Developer Support

B. AWS Enterprise Support
C. AWS Business Support
D. AWS Basic Support
Answer: B
Explanation:
AWS Enterprise Support is the AWS Support plan that includes an AWS concierge whom the company can ask for assistance. According to the AWS Support
Plans page, AWS Enterprise Support provides "a dedicated Technical Account Manager (TAM) who provides advocacy and guidance to help plan and build
solutions using best practices, coordinate access to subject matter experts, and proactively keep your AWS environment operationally healthy."2 AWS Business
Support, AWS Developer Support, and AWS Basic Support do not include a TAM or a concierge service.
NEW QUESTION 87
- (Topic 2)
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an
Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
A. Security groups
B. AWS WAF
C. Network ACLs
D. AWS Shield
Answer: B
Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise
security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that
block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to
create a custom rule that blocks SQL injection attacks on your website.
NEW QUESTION 92
- (Topic 2)
Which AWS service is used to temporarily provide federated security credentials to a
A. Amazon GuardDuty
B. AWS Simple Token Service (AWS STS)
C. AWS Secrets Manager
D. AWS Certificate Manager
Answer: B
Explanation:
The AWS service that is used to temporarily provide federated security credentials to a user is AWS Security Token Service (AWS STS). AWS STS is a service
that enables customers to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that they
authenticate (federated users). The company can use AWS STS to grant federated users access to AWS resources without creating permanent IAM users or
sharing long-term credentials. AWS STS helps customers manage and secure access to their AWS resources for federated users. Amazon GuardDuty, AWS
Secrets Manager, and AWS Certificate Manager are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for
malicious activity and unauthorized behavior across the AWS accounts and resources. AWS Secrets Manager is a service that helps customers manage and
rotate secrets, such as database credentials, API keys, and passwords. AWS Certificate Manager is a service that helps customers provision, manage, and deploy
public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources. These

services are more useful for different types of security and compliance tasks, rather than providing temporary federated security credentials to a user.
NEW QUESTION 97
- (Topic 2)
A company has an environment that includes Amazon EC2 instances, Amazon Lightsail, and on-premises servers. The company wants to automate the security
updates for its operating systems and applications.
Which solution will meet these requirements with the LEAST operational effort?
A. Use AWS Shield to identify and manage security events.

B. Connect to each server by using a remote desktop connectio
C. Run an update script.
D. Use the AWS Systems Manager Patch Manager capability.
E. Schedule Amazon GuardDuty to run on a nightly basis.
Answer: C
Explanation:
AWS Systems Manager Patch Manager is a capability that allows users to automate the security updates for their operating systems and applications. It enables
users to scan their instances for missing patches, define patch baselines, schedule patching windows, and monitor patch compliance. It supports Amazon EC2
instances, Amazon Lightsail instances, and on-premises servers. AWS Shield is a service that provides protection against Distributed Denial of Service (DDoS)
attacks for AWS resources and services. It does not automate the security updates for operating systems and applications. Connecting to each server by using a
remote desktop connection and running an update script is a manual and time-consuming solution that requires a lot of operational effort. It is not a recommended
best practice for automating the security updates for operating systems and applications. Amazon GuardDuty is a service that provides intelligent threat detection
and continuous monitoring for AWS accounts and resources. It does not automate the security updates for operating systems and applications.
NEW QUESTION 102

- (Topic 2)
Which AWS service can defend against DDoS attacks?
A. AWS Firewall Manager

B. AWS Shield Standard
C. AWS WAF
D. Amazon Inspector
Answer: B
Explanation:
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It
automatically detects and mitigates the most common and frequently occurring network and transport layer DDoS attacks that target AWS resources, such as
Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS Firewall Manager is a service that
allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced
protections, and Amazon VPC security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as
SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security assessment service that helps improve the security and compliance
of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.
NEW QUESTION 107

- (Topic 2)
A company is reviewing the design of an application that will be migrated from on premises to a single Amazon EC2 instance.
What should the company do to make the application highly available?
A. Provision additional EC2 instances in other Availability Zones.

B. Configure an Application Load Balancer (ALB). Assign the EC2 instance as the ALB's target.
C. Use an Amazon Machine Image (AMI) to create the EC2 instance.
D. Provision the application by using an EC2 Spot Instance.
Answer: A
Explanation:
Provisioning additional EC2 instances in other Availability Zones is a way to make the application highly available, as it reduces the impact of failures and
increases fault tolerance. Configuring an Application Load Balancer and assigning the EC2 instance as the ALB’s target is a way to distribute traffic among
multiple instances, but it does not make the application highly available if there is only one instance. Using an Amazon Machine Image to create the EC2 instance
is a way to launch a virtual server with a preconfigured operating system and software, but it does not make the application highly available by itself. Provisioning
the application by using an EC2 Spot Instance is a way to use spare EC2 capacity at up to 90% off the On-Demand price, but it does not make the application
highly available, as Spot Instances can be interrupted by EC2 with a two-minute notification.
NEW QUESTION 110

- (Topic 2)
A company wants its workload to perform consistently and correctly. Which benefit of AWS Cloud computing does this goal represent?
A. Security
B. Elasticity
C. Pay-as-you-go pricing
D. Reliability
Answer: D
Explanation:
Reliability is the benefit of AWS Cloud computing that ensures the workload performs consistently and correctly. According to the AWS Cloud Practitioner
Essentials course, reliability means "the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet

demand, and mitigate disruptions such as misconfigurations or transient network issues."1 Elasticity, security, and pay-as-you-go pricing are also benefits of AWS
Cloud computing, but they do not directly relate to the goal of consistent and correct performance.
NEW QUESTION 112

- (Topic 2)
A company is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads.
Which AWS tool will meet these requirements?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Pricing Calculator
D. AWS Cost and Usage Report
Answer: C
Explanation:
The AWS tool that will meet the requirements of the company that is planning a migration to the AWS Cloud and wants to examine the costs that are associated
with different workloads is AWS Pricing Calculator. AWS Pricing Calculator is a tool that helps customers estimate the cost of using AWS services based on their
requirements and preferences. The company can use AWS Pricing Calculator to compare the costs of different AWS services and configurations, such as Amazon
EC2, Amazon S3, Amazon RDS, and more. AWS Pricing Calculator also provides detailed breakdowns of the cost components, such as compute, storage,
network, and data transfer. AWS Pricing Calculator helps customers plan and optimize their cloud budget and migration strategy. AWS Budgets, AWS Cost
Explorer, and AWS Cost and Usage Report are not the best tools to use for this purpose. AWS Budgets is a tool that helps customers monitor and manage their
AWS spending and usage against predefined budget limits and thresholds. AWS Cost Explorer is a tool that helps customers analyze and visualize their AWS
spending and usage trends over time. AWS Cost and Usage Report is a tool that helps customers access comprehensive and granular information about their
AWS costs and usage in a CSV or Parquet file. These tools are more useful for tracking and optimizing the existing AWS costs and usage, rather than estimating
the costs of different workloads34
NEW QUESTION 115

- (Topic 2)
A company has developed a distributed application that recovers gracefully from interruptions. The application periodically processes large volumes of data by
using multiple Amazon EC2 instances. The application is sometimes idle for months.
Which EC2 instance purchasing option is MOST cost-effective for this use case?
A. Reserved Instances
B. Spot Instances
C. Dedicated Instances
D. On-Demand Instances
Answer: B
Explanation:
Spot Instances are instances that use spare EC2 capacity that is available for up to 90% off the On-Demand price. Because Spot Instances can be interrupted by
EC2 with two minutes of notification when EC2 needs the capacity back, you can use them for applications that have flexible start and end times, or that can
withstand interruptions5. This option is most cost-effective for the use case described in the question. Reserved Instances are instances that you purchase for a
one-year or three-year term, and pay a lower hourly rate compared to On-Demand Instances. This option is suitable for applications that have steady state or
predictable usage. Dedicated Instances are instances that run on hardware that’s dedicated to a single customer within an Amazon VPC. This option is suitable
for applications that have stringent regulatory or compliance requirements. On-Demand Instances are instances that you pay for by the second, with no long-term
commitments or upfront payments. This option is suitable for applications that have unpredictable or intermittent workloads.
NEW QUESTION 116

- (Topic 2)
A manufacturing company has a critical application that runs at a remote site that has a slow internet connection. The company wants to migrate the workload to
AWS. The application is sensitive to latency and interruptions in connectivity. The company wants a solution that can host this application with minimum latency.
Which AWS service or feature should the company use to meet these requirements?
A. Availability Zones
B. AWS Local Zones
C. AWS Wavelength
D. AWS Outposts
Answer: D
Explanation:
AWS Outposts is a service that offers fully managed and configurable compute and storage racks built with AWS-designed hardware that allow you to run your
workloads on premises and seamlessly connect to AWS services in the cloud. AWS Outposts is ideal for workloads that require low latency, local data processing,
or local data storage. With AWS Outposts, you can use the same AWS APIs, tools, and infrastructure across on premises and the cloud to deliver a truly
consistent hybrid experience5. Availability Zones are isolated locations within each AWS Region that are engineered to be fault-tolerant and provide high
availability. AWS Local Zones are extensions of AWS Regions that are placed closer to large population, industry, and IT centers where no AWS Region exists
today. AWS Wavelength is a service that enables developers to build applications that deliver ultra-low latency to mobile devices and users by deploying AWS
compute and storage at the edge of the 5G network. None of these services or features can help you host a critical application with minimum latency at a remote
site that has a slow internet connection.
NEW QUESTION 117

- (Topic 2)
Which perspective of the AWS Cloud Adoption Framework (AWS CAF) connects technology and business?
A. Operations
B. People
C. Security

D. Governance
Answer: D
Explanation:
The perspective of the AWS Cloud Adoption Framework (AWS CAF) that connects technology and business is governance. The governance perspective focuses
on the alignment of the IT strategy and processes with the business strategy and goals, as well as the management of the IT budget, risk, and compliance. The
governance perspective capabilities are portfolio management, business performance management, and IT governance. The governance perspective helps
organizations ensure that their cloud adoption delivers the expected business value and outcomes, and that their cloud solutions are secure, reliable, and
compliant. Operations, people, and security are other perspectives of the AWS CAF, but they do not directly connect technology and business. The operations
perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational
processes. The people perspective focuses on the development and empowerment of the human resources, as well as the transformation of the organizational
culture and structure. The security perspective focuses on the protection of the information assets and systems in the cloud, as well as the implementation of the
security policies and controls.
NEW QUESTION 122

- (Topic 2)
A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. AWSWAF
C. Amazon Macie
D. AWS Shield
Answer: B
Explanation:
The AWS service that will meet the requirements of the company that is hosting a web application on Amazon EC2 instances and wants to implement custom
conditions to filter and control inbound web traffic is AWS WAF. AWS WAF is a web application firewall that helps protect web applications from common web
exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block
malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an
Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, Amazon Macie, and AWS Shield are not the best services to use
for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and
resources. Amazon Macie is a data security and data privacy service that uses machine learning and pattern matching to discover, classify, and protect sensitive
data stored in Amazon S3. AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS.
These services are more useful for detecting and preventing different types of threats and attacks, rather than filtering and controlling inbound web traffic based on
custom conditions.
NEW QUESTION 126

- (Topic 2)
Which AWS solution should the company use to meet this requirement?
A. AWS Config
B. AWS software development kits (SDKs)
C. AWS Service Catalog
D. AWS AppSync
Answer: C
Explanation:
AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS. You can use AWS Service
Catalog to centrally manage commonly deployed IT services and help your organization achieve consistent governance and meet your compliance requirements,
while enabling users to quickly deploy only the approved IT services they need1. AWS Config is a service that enables you to assess, audit, and evaluate the
configurations of your AWS resources. AWS software development kits (SDKs) are tools that enable you to easily integrate your applications with AWS services
using your preferred programming language. AWS AppSync is a service that simplifies application development by letting you create a flexible API to securely
access, manipulate, and combine data from one or more data sources. None of these services can help you limit your employees’ AWS access to a portfolio of
predefined AWS resources.
NEW QUESTION 128

- (Topic 2)
A company has an Amazon S3 bucket containing images of scanned financial invoices. The company is building an artificial intelligence (Al)-based application on
AWS. The company wants the application to identify and read total balance amounts on the invoices.
A. Amazon Forecast
B. Amazon Textract
C. Amazon Rekognition
D. Amazon Lex
Answer: B
Explanation:
Amazon Textract is a service that automatically extracts text and data from scanned documents. Amazon Textract goes beyond simple optical character
recognition (OCR) to also identify the contents of fields in forms and information stored in tables. Amazon Textract can analyze images of scanned financial
invoices and extract the total balance amounts, as well as other relevant information, such as invoice number, date, vendor name, etc5.
NEW QUESTION 133

- (Topic 2)

A company is using Amazon RDS.

A company is launching a critical business application in an AWS Region. How can the company increase resilience for this application?
A. Deploy a copy of the application in another AWS account.

B. Deploy the application by using multiple VPCs.
C. Deploy the application by using multiple subnets.
D. Deploy the application by using multiple Availability Zones.
Answer: D
Explanation:
Deploying the application by using multiple Availability Zones is the best way to increase resilience for the application. According to the Amazon RDS User Guide,
"Amazon RDS provides high availability and failover support for DB instances using Multi- AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically
provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability
Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups."4 Deploying a copy of the
application in another AWS account, using multiple VPCs, or using multiple subnets do not provide the same level of resilience as using multiple Availability Zones.
NEW QUESTION 134

- (Topic 2)
A company is building an application that will receive millions of database queries each second. The company needs the data store for the application to scale to
meet these needs.
Which AWS service will meet this requirement?
A. Amazon DynamoDB
B. AWS Cloud9
C. Amazon ElastiCache for Memcached
D. Amazon Neptune
Answer: A
Explanation:
Amazon DynamoDB is the AWS service that will meet the requirement of building an application that will receive millions of database queries each second.
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and consistent performance, scalability, and durability. Amazon DynamoDB
can handle any level of request traffic and automatically scale up or down the capacity based on the demand. Amazon DynamoDB also supports in-memory
caching with Amazon DynamoDB Accelerator (DAX) to improve the response time and reduce the cost. For more information, see What is Amazon DynamoDB?
and Amazon DynamoDB Features.
NEW QUESTION 135

- (Topic 2)
In which categories does AWS Trusted Advisor provide recommended actions? (Select TWO.)
A. Operating system patches

B. Cost optimization
C. Repetitive tasks
D. Service quotas
E. Account activity records
Answer: BD
Explanation:
AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor
provides recommended actions in five categories: cost optimization, performance, security, fault tolerance, and service quotas. Cost optimization helps you reduce
your overall AWS costs by identifying idle and underutilized resources. Service quotas helps you monitor and manage your usage of AWS service quotas and
request quota increases. Operating system patches, repetitive tasks, and account activity records are not categories that AWS Trusted Advisor provides
recommended actions for. Source: [AWS Trusted Advisor]
NEW QUESTION 139

- (Topic 1)
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)
A. AWS Trusted Advisor

B. AWS Online Tech Talks
C. AWS Blog
D. AWS Forums
E. AWS Classroom Training
Answer: BE
Explanation:
The correct answers are B and E because AWS Online Tech Talks and AWS Classroom Training are options that AWS makes available for customers who want
to learn about security in the cloud in an instructor-led setting. AWS Online Tech Talks are live, online presentations that cover a broad range of topics at varying
technical levels. AWS Online Tech Talks are delivered by AWS experts and feature live Q&A sessions with the audience. AWS Classroom Training are in-person
or virtual courses that are led by accredited AWS instructors. AWS Classroom Training offer hands-on labs, exercises, and best practices to help customers gain
confidence and skills on AWS. The other options are incorrect because they are not options that AWS makes available for customers who want to learn about
security in the cloud in an instructor-led setting. AWS Trusted Advisor is an AWS service that provides real-time guidance to help customers follow AWS best
practices for security, performance, cost optimization, and fault tolerance. AWS Blog is an AWS resource that provides news, announcements, and insights from
AWS experts and customers. AWS Forums are AWS resources that enable customers to interact with other AWS users and get feedback and support. Reference:
AWS Online Tech Talks, AWS Classroom Training

NEW QUESTION 141

- (Topic 1)
Which pillar of the AWS Well-Architected Framework focuses on the return on investment of moving into the AWS Cloud?
A. Sustainability
B. Cost optimization
C. Operational excellence
D. Reliability
Answer: B
Explanation:
Cost optimization is the pillar of the AWS Well-Architected Framework that focuses on the return on investment of moving into the AWS Cloud. Cost optimization
means that users can achieve the desired business outcomes at the lowest possible price point, while maintaining high performance and reliability. Cost
optimization can be achieved by using various AWS features and best practices, such as pay-as-you-go pricing, rightsizing, elasticity, reserved instances, spot
instances, cost allocation tags, cost and usage reports, and AWS Trusted Advisor. [AWS Well-Architected Framework] AWS Certified Cloud Practitioner -
aws.amazon.com
NEW QUESTION 143

- (Topic 1)
A company wants to track its AWS account's service costs. The company also wants to receive notifications when costs are forecasted to reach a specific level.
Which AWS service or tool provides this functionality?
A. AWS Budgets
B. AWS Cost Explorer
C. Savings Plans
D. AWS Billing Conductor
Answer: A
Explanation:
AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define2.
NEW QUESTION 146

- (Topic 1)
What is a benefit of moving to the AWS Cloud in terms of improving time to market?
A. Decreased deployment speed

B. Increased application security
C. Increased business agility
D. Increased backup capabilities
Answer: C
Explanation:
Increased business agility is a benefit of moving to the AWS Cloud in terms of improving time to market. Business agility refers to the ability of a company to adapt
to changing customer needs, market conditions, and competitive pressures. Moving to the AWS Cloud enables business agility by providing faster access to
resources, lower upfront costs, and greater scalability and flexibility. By using the AWS Cloud, companies can launch new products and services, experiment with
new ideas, and respond to customer feedback more quickly and efficiently. For more information, see [Benefits of Cloud Computing] and [Business Agility].
NEW QUESTION 148

- (Topic 1)
A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements
for data security.
Which AWS service should the engineer use?

B. AWS Certificate Manager (ACM)
C. AWS CloudHSM
D. AWS Systems Manager
Answer: C
Explanation:
The correct answer is C because AWS CloudHSM is an AWS service that enables the security engineer to meet the requirements. AWS CloudHSM is a service
that provides customers with dedicated hardware security modules (HSMs) to create, control, and manage their own cryptographic keys in the AWS Cloud. AWS
CloudHSM allows customers to meet strict regulatory compliance requirements for data security, such as FIPS 140-2 Level 3, PCI-DSS, and HIPAA. The other
options are incorrect because they are not AWS services that enable the security engineer to meet the requirements. AWS Key Management Service (AWS KMS)
is a service that provides customers with a fully managed, scalable, and integrated key management system to create and control encryption keys for AWS
services and applications. AWS KMS does not provide customers with single-tenant or dedicated HSMs. AWS Certificate Manager (ACM) is a service that
provides customers with a simple and secure way to provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS)
certificates for use with AWS services and internal connected resources. ACM does not provide customers with HSMs or cryptographic keys. AWS Systems
Manager is a service that provides customers with a unified user interface to view operational data from multiple AWS services and automate operational tasks
across their AWS resources. AWS Systems Manager does not provide customers with HSMs or cryptographic keys. Reference: AWS CloudHSM FAQs
NEW QUESTION 153

- (Topic 1)
A company is configuring its AWS Cloud environment. The company's administrators need to group users together and apply permissions to the group.

Which AWS service or feature can the company use to meet these requirements?
B. Resource groups
C. Resource tagging
D. AWS Identity and Access Management (IAM)
Answer: D
Explanation:
The AWS service or feature that the company can use to group users together and apply permissions to the group is AWS Identity and Access Management
(IAM). AWS IAM is a service that enables users to create and manage users, groups, roles, and permissions for AWS services and resources. Users can use IAM
groups to organize multiple users that have similar access requirements, and attach policies to the groups that define the permissions for the users in the group.
This simplifies the management and administration of user access
NEW QUESTION 156

- (Topic 1)
A retail company is building a new mobile app. The company is evaluating whether to build the app at an on-premises data center or in the AWS Cloud.
responsibility model?
A. Amazon FSx for Windows File Server

B. Amazon Workspaces virtual Windows desktop
C. AWS Directory Service for Microsoft Active Directory
D. Amazon RDS for Microsoft SQL Server
Answer: C
Explanation:
AWS Directory Service for Microsoft Active Directory is the AWS service that provides a managed Microsoft Active Directory in the AWS Cloud. It enables the user
to use their existing Active Directory users, groups, and policies to access AWS resources, such as Amazon EC2 instances, Amazon S3 buckets, and AWS Single
Sign-On. It also integrates with other Microsoft applications and services, such as Microsoft SQL Server, Microsoft Office 365, and Microsoft SharePoint
NEW QUESTION 160

- (Topic 1)
A company wants to migrate its on-premises data warehouse to AWS. The information in the data warehouse is used to populate analytics dashboards.
Which AWS service should the company use for the data warehouse?
A. Amazon ElastiCache
B. Amazon Aurora
C. Amazon RDS
D. Amazon Redshift
Answer: D
Explanation:
The AWS service that the company should use for the data warehouse is Amazon Redshift. Amazon Redshift is a fully managed, petabyte-scale data warehouse
service that is optimized for analytical queries. It can integrate with various data sources and business intelligence tools to provide fast and cost-effective insights.
Amazon Redshift also offers high availability, scalability, security, and compliance features. [Amazon Redshift Overview]
NEW QUESTION 161

- (Topic 1)
A cloud engineer wants to know the percentage of the allocated compute units that are in use for a specific Amazon EC2 instance.
Which AWS service can provide this information?
A. AWS CloudTrail
B. AWS Config
C. Amazon CloudWatch
D. AWS Artifact
Answer: C
Explanation:
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers.
CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource
utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you
with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers
NEW QUESTION 162

- (Topic 1)
A company is reviewing its operating policies.
Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?
A. Ensure that employees have access to all company data.

B. Expand employees' permissions as they gain more experience.
C. Grant all privileges and access to all users.
D. Apply security requirements at all layers of a process.
Answer: D

Explanation:
Applying security requirements at all layers of a process is a policy that complies with guidance in the security pillar of the AWS Well-Architected Framework. The
security pillar of the AWS Well-Architected Framework provides best practices for securing the user’s data and systems in the AWS Cloud. One of the design
principles of the security pillar is to apply security at all layers, which means that the user should implement defense-in-depth strategies and avoid relying on a
single security mechanism. For example, the user should use multiple security controls, such as encryption, firewalls, identity and access management, and
logging and monitoring, to protect their data and resources at different layers.
NEW QUESTION 167

- (Topic 1)
Which task is the responsibility of AWS, according to the AWS shared responsibility model?
A. Set up multi-factor authentication (MFA) for each Workspaces user account.

B. Ensure the environmental safety and security of the AWS infrastructure that hosts Workspaces.
C. Provide security for Workspaces user accounts through AWS Identity and Access Management (IAM).
D. Configure AWS CloudTrail to log API calls and user activity.A company stores data in an Amazon S3 bucke
E. The company must control who has permission to read, write, or delete objects that the company stores in the S3 bucket.
Answer: B
Explanation:
The correct answer is B because ensuring the environmental safety and security of the AWS infrastructure that hosts Workspaces is the responsibility of AWS,
according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS
and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions,
availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the
customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the
applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are the
responsibility of the customer, according to the AWS shared responsibility model. Setting up multi-factor authentication (MFA) for each Workspaces user account,
providing security for Workspaces user accounts through AWS Identity and Access Management (IAM), configuring AWS CloudTrail to log API calls and user
activity, and encrypting data at rest and in transit are all tasks that the customer has to perform to secure their Workspaces environment. Reference: AWS Shared
Responsibility Model, Amazon WorkSpaces Security
NEW QUESTION 168

- (Topic 1)
A company is designing a web application that will run on Amazon EC2 instances.
Which AWS services and features will improve availability and reduce the impact of failures for this application?
(Select TWO.)
A. Amazon EC2 Auto Scaling for the EC2 instances

B. VPC subnet ACLs to check the health of a service
C. Resources that are distributed across multiple Availability Zones
D. Configuration of AWS Server Migration Service (AWS SMS) to move the EC2 instances to a differentAWS Region
E. Resources that are distributed across multiple AWS points of presence
Answer: AC
Explanation:
The correct answers are A and C because Amazon EC2 Auto Scaling and resources that are distributed across multiple Availability Zones are AWS services and
features that will improve availability and reduce the impact of failures for the web application. Amazon EC2 Auto Scaling is a service that enables users to
automatically adjust the number of Amazon EC2 instances in response to changes in demand or performance. Amazon EC2 Auto Scaling helps users to maintain
optimal availability and performance of their applications by adding or removing instances as needed. Resources that are distributed across multiple Availability
Zones are AWS features that enable users to increase the fault tolerance and resilience of their applications. Availability Zones are isolated locations within an
AWS Region that have independent power, cooling, and networking. Users can launch their resources, such as Amazon EC2 instances, in multiple Availability
Zones to protect their applications from the failure of a single location. The other options are incorrect because they are not AWS services and features that will
improve availability and reduce the impact of failures for the web application. VPC subnet ACLs are AWS features that enable users to control the inbound and
outbound traffic to and from their subnets within a VPC. VPC subnet ACLs do not check the health of a service, but rather filter the network traffic based on rules.
Configuration of AWS Server Migration Service (AWS SMS) is an AWS service that enables users to migrate their on-premises servers to AWS. Configuration of
AWS SMS does not help to move the Amazon EC2 instances to a different AWS Region, but rather to migrate the servers from the source environment to AWS.
Resources that are distributed across multiple AWS points of presence are AWS features that enable users to deliver content to their end users with low latency
and high performance. AWS points of presence are edge locations that are part of the AWS Global Infrastructure. Users can use services such as Amazon
CloudFront and AWS Global Accelerator to distribute their content across multiple AWS points of presence. Reference: Amazon EC2 Auto Scaling, [Regions,
Availability Zones, and Local Zones]
NEW QUESTION 172

- (Topic 1)
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:
A. a loosely coupled architecture.

B. a tightly coupled architecture.
C. a stateless architecture.
D. a stateful architecture.
Answer: A
Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled
architecture. A loosely coupled architecture is one where the components are independent and can communicate with each other through well-defined interfaces.
This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are interdependent and rely on each other
for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected
Framework

NEW QUESTION 175

- (Topic 1)
Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?
A. AWS Pricing Calculator

B. AWS Compute Optimizer
C. AWS App Runner
D. AWS Systems Manager
Answer: B
Explanation:
AWS Compute Optimizer is the AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical
workload usage data. AWS Compute Optimizer analyzes the configuration and performance characteristics of the EC2 instances and delivers recommendations
for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized
resources
NEW QUESTION 178

- (Topic 3)
Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-
location environments, or on-premises facilities?
A. AWS Snowmobile
B. AWS Local Zones
C. AWS Outposts
D. AWS Fargate
Answer: C
Explanation:
AWS Outposts is a service that delivers AWS infrastructure and services to virtually any on-premises or edge location for a truly consistent hybrid experience.
AWS Outposts allows you to extend and run native AWS services on premises, and is available in a variety of form factors, from 1U and 2U Outposts servers to
42U Outposts racks, and multiple rack deployments. With AWS Outposts, you can run some AWS services locally and connect to a broad range of services
available in the local AWS Region. Run applications and workloads on premises using familiar AWS services, tools, and APIs2.
AWS Outposts is the only AWS service that supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools
to data centers, colocation environments, or on-premises facilities. References: On-Premises Infrastructure - AWS Outposts Family
NEW QUESTION 180

- (Topic 3)
Which AWS Support plan is the minimum recommended tier for users who have production workloads on AWS?
A. AWS Developer Support

B. AWS Enterprise Support
C. AWS Business Support
D. AWS Enterprise On-Ramp Support
Answer: C
Explanation:
AWS Business Support is the minimum recommended tier for users who have production workloads on AWS. AWS Business Support provides 24x7 access to
cloud support engineers via phone, chat, or email, as well as a guaranteed response time of less than one hour for urgent issues. AWS Business Support also
includes access to AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your resources following AWS best practices4.
NEW QUESTION 181

- (Topic 3)
A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynamically.
Which service or feature will meet these requirements?
A. Amazon DynamoDB
B. Amazon EC2 Spot Instances
C. AWS Snow Family
D. Amazon EC2 Auto Scaling
Answer: D
Explanation:
Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to
definable conditions. You can create collections of EC2 instances, called Auto Scaling groups, and specify the minimum and maximum number of instances in
each group. You can also define scaling policies that adjust the number of instances based on the demand on your application. Amazon EC2 Auto Scaling helps
you improve the performance,
reliability, and cost-efficiency of your EC2 workloads123. References: 1: VDI Desktops - Amazon WorkSpaces Family - AWS, 2: What is Amazon EC2 Auto
Scaling? - Amazon EC2 Auto Scaling, 3: Discover Amazon EC2 Auto Scaling Unit | Salesforce Trailhead
NEW QUESTION 185

- (Topic 3)
Which of the following is a fully managed MySQL-compatible database?
A. Amazon S3
B. Amazon DynamoDB

C. Amazon Redshift
D. Amazon Aurora
Answer: D
Explanation:
Amazon Aurora is a fully managed MySQL-compatible database that combines the performance and availability of traditional enterprise databases with the
simplicity and cost-effectiveness of open-source databases. Amazon Aurora is part of the Amazon Relational Database Service (Amazon RDS) family, which
means it inherits the benefits of a fully managed service, such as automated backups, patches, scaling, monitoring, and security. Amazon Aurora also offers up to
five times the throughput of
standard MySQL, as well as high availability, durability, and fault tolerance with up to 15 read replicas, cross-Region replication, and self-healing storage. Amazon
Aurora is compatible with the latest versions of MySQL, as well as PostgreSQL, and supports various features and integrations that enhance its functionality and
usability123 References: Amazon Aurora, Amazon RDS, AWS — Amazon Aurora Overview
NEW QUESTION 188

- (Topic 3)
Which Amazon S3 storage class is the MOST cost-effective for long-term storage?
A. S3 Glacier Deep Archive

B. S3 Standard
C. S3 Standard-Infrequent Access (S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
Answer: A
Explanation:
Amazon S3 Glacier Deep Archive is the lowest-cost storage class in the cloud. It is designed for long-term data archiving that is rarely accessed. It offers a
retrieval time of 12 hours and a durability of 99.999999999% (11 9’s). It is ideal for data that must be retained for 7 years or longer to meet regulatory compliance
requirements.
NEW QUESTION 190

- (Topic 3)
Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture?
A. Security
B. Governance
C. Operations
D. Platform
Answer: D
Explanation:
The correct answer is D. Platform.
The Platform perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture. This capability
helps you design, implement, and optimize your data and analytics solutions on AWS, using services such as Amazon S3, Amazon Redshift, Amazon EMR,
Amazon Kinesis, Amazon Athena, and Amazon QuickSight. A well-designed data and analytics architecture enables you to collect, store, process, analyze, and
visualize data from various sources, and derive insights that can drive your business decisions12.
The Security perspective does not include a capability for data and analytics architecture, but it does include a capability for data protection, which helps you
secure your data at rest and in transit using encryption, key management, access control, and auditing13.
The Governance perspective does not include a capability for data and analytics architecture, but it does include a capability for data governance, which helps you
manage the quality, availability, usability, integrity, and security of your data assets14.
The Operations perspective does not include a capability for data and analytics architecture, but it does include a capability for data operations, which helps you
monitor, troubleshoot, and optimize the performance and availability of your data pipelines and workloads1 .
References:
1: Foundational capabilities - An Overview of the AWS Cloud Adoption Framework 2: [AWS Cloud Adoption Framework: Platform Perspective] 3: [AWS Cloud
Adoption Framework: Security Perspective] 4: [AWS Cloud Adoption Framework: Governance Perspective] : [AWS Cloud Adoption Framework: Operations
Perspective]
NEW QUESTION 194

- (Topic 3)
Which AWS service is a continuous delivery and deployment solution?
A. AWSAppSync
B. AWS CodePipeline
C. AWS Cloud9
D. AWS CodeCommit
Answer: B
Explanation:
AWS CodePipeline is a continuous delivery and deployment service that automates the release process of software applications across different stages, such as
source code, build, test, and deploy2. AWSAppSync, AWS Cloud9, and AWS CodeCommit are other AWS services related to application development, but they
do not provide continuous delivery and deployment solutions34 .
NEW QUESTION 195

- (Topic 3)
Which of the following is a fully managed graph database service on AWS?
A. Amazon Aurora

B. Amazon FSx
C. Amazon DynamoDB
D. Amazon Neptune
Answer: D
Explanation:
Amazon Neptune is a fully managed graph database service on AWS. A graph database is a type of database that stores and queries data as a network of nodes
and edges, representing entities and relationships. Graph databases are useful for applications that deal with highly connected data, such as social networks,
recommendation engines, fraud detection, and knowledge graphs45. Amazon Neptune is a fast, reliable, and scalable graph database service that supports two
popular graph models: property graphs and RDF. Amazon Neptune also supports two open standards for querying graphs: Apache TinkerPop Gremlin and
SPARQL. Amazon Neptune handles the heavy lifting of managing the database, such as provisioning, patching, backup, recovery, encryption, and replication456.
References: 4: Managed Graph Database - Amazon Neptune - AWS, 5: Amazon Neptune – A Fully Managed Graph Database
Service, 6: Working with AWS Neptune. Neptune is a fully-managed graph … - Medium
NEW QUESTION 196

- (Topic 3)
How does the AWS Enterprise Support Concierge team help users?
A. Supporting application development

B. Providing architecture guidance
C. Answering billing and account inquiries
D. Answering questions regarding technical support cases
Answer: C
Explanation:
The AWS Enterprise Support Concierge team is a group of billing and account experts who specialize in working with enterprise customers. They can help
customers with questions about billing, account management, cost optimization, and other non-technical issues. They can also assist customers with navigating
and optimizing their AWS environment, such as setting up consolidated billing, applying for service limit increases, or requesting refunds. References:
? AWS Support Plan Comparison
? AWS Enterprise Support Plan
? Answer Explained: Which AWS Support plan provides access to AWS Concierge Support team for account assistance?
NEW QUESTION 201

- (Topic 3)
Which AWS service requires the customer to be fully responsible for applying operating system patches?
A. Amazon DynamoDB
B. AWS Lambda
C. AWS Fargate
D. Amazon EC2
Answer: D
Explanation:
Amazon EC2 is the AWS service that requires the customer to be fully responsible for applying operating system patches. Amazon EC2 is a service that provides
secure, resizable compute capacity in the cloud. Customers can launch virtual servers called instances and choose from various configurations of CPU, memory,
storage, and networking resources1. Customers have full control and access to their instances, which means they are also responsible for managing and
maintaining them, including applying
operating system patches2. Customers can use AWS Systems Manager Patch Manager, a feature of AWS Systems Manager, to automate the process of patching
their EC2 instances with both security-related updates and other types of updates3.
NEW QUESTION 206

- (Topic 3)
Which service enables customers to audit API calls in their AWS accounts'?
A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon Inspector
D. AWS X-Ray
Answer: A
Explanation:
AWS CloudTrail is a service that provides a record of actions taken by a user, role, or an AWS service in your AWS account. CloudTrail captures all API calls for
AWS services as events, including calls from the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services. You can use
CloudTrail to monitor, audit, and troubleshoot your AWS account activity34. AWS Trusted Advisor is a service that provides best practices recommendations for
cost optimization, performance, security, and fault tolerance in your AWS account5. Amazon Inspector is a service that helps you improve the security and
compliance of your applications deployed on AWS by automatically assessing them for vulnerabilities and deviations from best practices6. AWS X-Ray is a service
that helps you analyze and debug your applications by collecting data about the requests that your application serves, and providing tools to view, filter, and gain
insights into that data7. References: Logging AWS Audit Manager API calls with CloudTrail, Logging AWS Account Management API calls using AWS CloudTrail,
Review API calls in your AWS account using CloudTrail, Monitor the usage of AWS API calls using Amazon CloudWatch, Which service enables customers to
audit API calls in their AWS …
NEW QUESTION 207

- (Topic 3)
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)

A. Performance and capacity management

B. Data engineering
C. Continuous integration and continuous delivery (CI/CD)
D. Infrastructure protection
E. Change and release management
Answer: BC
Explanation:
The platform perspective of the AWS Cloud Adoption Framework (AWS CAF) helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize
existing workloads, and implement new cloud-native solutions1. It comprises seven capabilities, two of which are data engineering and CI/CD1.
? Data engineering: This capability helps you design and evolve a fit-for-purpose data and analytics architecture that can reduce complexity, cost, and technical
debt while enabling you to gain actionable insights from exponentially growing data volumes1. It involves selecting key technologies for each of your architectural
layers, such as ingestion, storage, catalog, processing, and consumption. It also involves supporting real-time data processing and adopting a Lake House
architecture to facilitate data movements between data lakes and purpose-built data stores1.
? CI/CD: This capability helps you automate the delivery of your cloud solutions using a set of practices and tools that enable faster and more reliable
deployments1. It involves establishing a pipeline that can build, test, and deploy your code across multiple environments. It also involves adopting a DevOps
culture that fosters collaboration, feedback, and continuous improvement among your development and operations teams1.
References:
? 1: Platform perspective: infrastructure and applications - An Overview of the AWS Cloud Adoption Framework
NEW QUESTION 212

- (Topic 3)
A company wants to define a central data protection policy that works across AWS services for compute, storage, and database resources.
Which AWS service will meet this requirement?
A. AWS Batch
B. AWS Elastic Disaster Recovery
C. AWS Backup
D. Amazon FSx
Answer: C
Explanation:
The AWS service that will meet this requirement is C. AWS Backup.
AWS Backup is a service that allows you to define a central data protection policy that works across AWS services for compute, storage, and database resources.
You can use AWS Backup to create backup plans that specify the frequency, retention, and lifecycle of your backups, and apply them to your AWS resources
using tags or resource IDs. AWS Backup supports various AWS services, such as Amazon EC2, Amazon EBS, Amazon RDS, Amazon DynamoDB, Amazon EFS,
Amazon FSx, and AWS Storage Gateway12. AWS Batch is a service that allows you to run batch computing workloads on AWS. AWS Batch does not provide a
central data protection policy, but rather enables you to optimize the allocation and utilization of your compute resources3.
AWS Elastic Disaster Recovery is a service that allows you to prepare for and recover from disasters using AWS. AWS Elastic Disaster Recovery does not provide
a central data protection policy, but rather helps you minimize downtime and data loss by replicating your applications and data to AWS4.
Amazon FSx is a service that provides fully managed file storage for Windows and Linux applications. Amazon FSx does not provide a central data protection
policy, but rather offers features such as encryption, snapshots, backups, and replication to protect your file systems5.
References:
1: AWS Backup – Centralized backup across AWS services 3: AWS Batch – Run Batch Computing Jobs on AWS 2: Data Protection Reference Architectures with
AWS Backup 4: AWS Elastic Disaster Recovery – Prepare for and recover from disasters using AWS 5: Amazon FSx – Fully managed file storage for Windows
and Linux applications
NEW QUESTION 214

- (Topic 3)
A company wants to use the latest technologies and wants to minimize its capital investment. Instead of upgrading on-premises infrastructure, the company wants
to move to the AWS Cloud.
Which AWS Cloud benefit does this scenario describe?
A. Increased speed to market

B. The trade of infrastructure expenses for operating expenses
C. Massive economies of scale
D. The ability to go global in minutes
Answer: B
Explanation:
The trade of infrastructure expenses for operating expenses is one of the benefits of the AWS Cloud. By moving to the AWS Cloud, the company can avoid the
upfront costs of purchasing and maintaining on-premises infrastructure, such as servers, storage, network, and software. Instead, the company can pay only for
the AWS resources and services that they use, as they use them. This reduces the risk and complexity of planning and managing IT infrastructure, and allows the
company to focus on innovation and growth. Increased speed to market, massive economies of scale, and the ability to go
global in minutes are also benefits of the AWS Cloud, but they are not the best ones to describe this scenario. Increased speed to market means that the company
can launch new products and services faster by using AWS services and tools. Massive economies of scale means that the company can benefit from the lower
costs and higher performance that AWS achieves by operating at a large scale. The ability to go global in minutes means that the company can deploy their
applications and data in multiple regions and availability zones around the world to reach their customers faster and improve performance and reliability5
NEW QUESTION 216

- (Topic 3)
According to the AWS shared responsibility model, who is responsible for the virtualization layer down to the physical security of the facilities in which AWS
services operate?
A. It is the sole responsibility of the customer.

B. It is the sole responsibility of AWS.
C. It is a shared responsibility between AWS and the customer.

D. The customer's AWS Support plan tier determines who manages the configuration.
Answer: B
Explanation:
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, which includes the virtualization layer down to the physical
security of the facilities in which AWS services operate1. The customer is responsible for the security in the cloud, which includes the configuration and
management of the AWS resources and applications that they use1.
NEW QUESTION 218

- (Topic 3)
Which of the following is a benefit of operating in the AWS Cloud?
A. The ability to migrate on-premises network devices to the AWS Cloud

B. The ability to expand compute, storage, and memory when needed
C. The ability to host custom hardware in the AWS Cloud
D. The ability to customize the underlying hypervisor layer for Amazon EC2
Answer: B
Explanation:
One of the benefits of operating in the AWS Cloud is the ability to expand compute, storage, and memory when needed, which enables users to scale their
applications and resources up or down based on demand. This also helps users optimize their costs and performance. The ability to migrate on-premises network
devices to the AWS Cloud, the ability to host custom hardware in the AWS Cloud, and the ability to customize the underlying hypervisor layer for Amazon EC2 are
not benefits of operating in the AWS Cloud, as they are either not possible or not recommended by AWS .
NEW QUESTION 223

- (Topic 3)
A company wants to create a globally accessible ecommerce platform for its customers. The company wants to use a highly available and scalable DNS web
service to connect users to the platform.
A. Amazon EC2
B. Amazon VPC
C. Amazon Route 53
D. Amazon RDS
Answer: C
Explanation:
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service that can route internet traffic to the company’s ecommerce
platform1. Route 53 can also register domain names, check the health of resources, and provide global DNS features2. Route 53 can connect users to the
platform by translating human-readable names like www.example.com into the numeric IP addresses that computers use to communicate with each other2.
References: 1: Amazon Route 53 | DNS Service | AWS; 2: What is Amazon Route 53? - Amazon Route 53
NEW QUESTION 228

- (Topic 3)
Which option is the default pricing model for Amazon EC2 instances?
A. On-Demand Instances
B. Savings Plans
C. Spot Instances
D. Reserved Instances
Answer: A
Explanation:
On-Demand Instances are the default pricing model for Amazon EC2 instances. They allow users to pay for compute capacity by the second, with no long-term
commitments or upfront payments. They are suitable for applications with short-term, irregular, or unpredictable workloads that cannot be interrupted3. Savings
Plans are a pricing model that offer significant savings on Amazon EC2 and AWS Fargate usage, in exchange for a commitment to a consistent amount of usage
(measured in $/hour) for a 1- year or 3-year term. Spot Instances are a pricing model that offer spare Amazon EC2 compute capacity at up to 90% discount
compared to On-Demand prices, but they can be interrupted by AWS with a two-minute notice when the demand exceeds the supply. Reserved Instances are a
pricing model that offer up to 75% discount compared to On- Demand prices, in exchange for a commitment to use a specific instance type and size in a specific
region for a 1-year or 3-year term.
NEW QUESTION 233

- (Topic 3)
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Select TWO.)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity
Answer: CD
Explanation:

The AWS Cloud Adoption Framework (AWS CAF) security perspective helps users achieve the confidentiality, integrity, and availability of their data and cloud
workloads. It comprises nine capabilities that are grouped into three categories: preventive, detective, and responsive. Incident response and infrastructure
protection are two of the capabilities in the responsive and preventive categories, respectively. Incident response helps users prepare for and respond to security
incidents in a timely and effective manner, using tools and processes that leverage AWS features and services. Infrastructure protection helps users implement
security controls and mechanisms to protect their cloud resources, such as network, compute, storage, and database, from unauthorized access or malicious
attacks. References: Security perspective: compliance and assurance, AWS Cloud Adoption Framework
NEW QUESTION 235

- (Topic 3)
Which AWS services are connectivity services for a VPC? (Select TWO.)
A. AWS Site-to-Site VPN

B. AWS Direct Connect
C. Amazon Connect
D. AWS Key Management Service (AWS KMS)
E. AWS Identity and Access Management (IAM)
Answer: A
Explanation:
AWS Site-to-Site VPN and AWS Direct Connect are AWS services that are connectivity services for a VPC. AWS Site-to-Site VPN is a service that enables you to
securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). You can establish VPN connections over
the internet or over AWS Direct Connect1. AWS Direct Connect is a service that lets you establish a dedicated network connection between your network and one
of the AWS Direct Connect locations. Using AWS Direct Connect, you can create a private connection between AWS and your datacenter, office, or colocation
environment, which can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based
connections2. Amazon Connect is a service that lets you set up and manage a contact center in the cloud, but it does not provide network connectivity between
the VPC and your on-premises network. AWS Key Management Service (AWS KMS) is a service that makes it easy for you to create and manage cryptographic
keys and control their use across a wide range of AWS services and in your applications, but it does not provide network connectivity between the VPC and your
on-premises network. AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely, but
it does not provide network connectivity between the VPC and your on-premises network.
NEW QUESTION 237

- (Topic 3)
A company wants its Amazon EC2 instances to share the same geographic area but use multiple independent underlying power sources.
Which solution achieves this goal?
A. Use EC2 instances in a single Availability Zone.

B. Use EC2 instances in multiple AWS Regions.
C. Use EC2 instances in multiple Availability Zones in the same AWS Region.
D. Use EC2 instances in the same edge location and the same AWS Region.
Answer: C
Explanation:
The solution that achieves the goal of having Amazon EC2 instances share the same geographic area but use multiple independent underlying power sources is
to use EC2 instances in multiple Availability Zones in the same AWS Region. An Availability Zone is a physically isolated location within an AWS Region that has
its own power, cooling, and network connectivity. An AWS Region is a geographical area that consists of two or more Availability Zones. By using multiple
Availability Zones, users can increase the fault tolerance and resilience of their applications, as well as reduce latency for end users3.
Using EC2 instances in a single Availability Zone, multiple AWS Regions, or the same edge location and the same AWS Region would not meet the requirement of
having multiple independent power sources.
NEW QUESTION 242

- (Topic 3)
Which task must a user perform by using the AWS account root user credentials?
A. Make changes to AWS production resources.

B. Change AWS Support plans.
C. Access AWS Cost and Usage Reports.
D. Grant auditors’ access to an AWS account for a compliance audit.
Answer: B
Explanation:
The AWS account root user is the email address that you used to sign up for AWS. The root user has complete access to all AWS services and resources in the
account. You should use the root user only to perform a few account and service management tasks. One of these tasks is changing AWS Support plans, which
requires root user credentials. For other tasks, you should create an IAM user or role with the appropriate permissions and use that instead of the root user.
NEW QUESTION 244

- (Topic 3)
Which options are AWS Cloud Adoption Framework (AWS CAF) people perspective capabilities? (Select TWO.)
A. Organizational alignment
B. Portfolio management
C. Organization design
D. Risk management
E. Modern application development
Answer: AC

Explanation:
The AWS Cloud Adoption Framework (AWS CAF) people perspective capabilities are the organizational skills and processes that enable effective cloud adoption.
According to the AWS CAF people perspective whitepaper1, there are seven capabilities in this perspective, two of which are:
? Organizational alignment: This capability helps you align your organizational structure, roles, and responsibilities to support your cloud transformation goals and
objectives. It involves assessing your current and desired state of alignment, identifying gaps and misalignments, and designing and implementing changes to
optimize your cloud performance1.
? Organization design: This capability helps you design and evolve your organization to enable agility, innovation, and collaboration in the cloud. It involves
defining your cloud operating model, identifying the skills and competencies needed for cloud roles, and creating career paths and development plans for your
cloud workforce1.
The other options are not capabilities in the AWS CAF people perspective. Portfolio management, risk management, and modern application development are
capabilities in the AWS CAF business perspective, governance perspective, and platform perspective respectively2.
References:
? 1: AWS Cloud Adoption Framework: People Perspective - AWS Cloud Adoption Framework: People Perspective
? 2: AWS Cloud Adoption Framework - AWS Cloud Adoption Framework
NEW QUESTION 249

- (Topic 3)
A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical
location as possible.
Which AWS service or resource should the company use to select its Amazon RDS deployment area?
A. Amazon Connect
B. AWS Wavelength
C. AWS Regions
D. AWS Direct Connect
Answer: C
Explanation:
AWS Regions are the AWS service or resource that the company should use to select its Amazon RDS deployment area. AWS Regions are separate geographic
areas where AWS clusters its data centers. Each AWS Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area.
Each AWS Region is designed to be isolated from the other AWS Regions to achieve the highest possible fault tolerance and stability. AWS provides a more
extensive global footprint than any other cloud provider, and to support its global footprint and ensure customers are served across the world, AWS opens new
Regions rapidly. AWS maintains multiple geographic Regions, including Regions in North America, South America, Europe, China, Asia Pacific, South Africa, and
the Middle East. Amazon RDS is available in several AWS Regions worldwide. To create or work with an Amazon RDS DB instance in a specific AWS Region, you
must use the corresponding regional service endpoint. You can choose the AWS Region that meets your latency or legal requirements. You can also use multiple
AWS Regions to design a disaster recovery solution or to distribute your read workload. References: Global Infrastructure Regions & AZs - aws.amazon.com,
Regions, Availability Zones, and Local Zones - Amazon Relational Database Service
NEW QUESTION 251

- (Topic 3)
A company is launching a mobile app. The company wants customers to be able to use the app without upgrading their mobile devices.
Which pillar of the AWS Well-Architected Framework does this goal represent?
A. Security
B. Reliability
C. Cost optimization
D. Sustainability
Answer: C
Explanation:
Cost optimization is one of the five pillars of the AWS Well-Architected Framework. It focuses on avoiding unnecessary costs, understanding and controlling where
money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without
overspending.
NEW QUESTION 254

- (Topic 3)
A company is looking for a managed machine learning (ML) service that can recommend products based on a customer's previous behaviors.
Which AWS service meets this requirement?
A. Amazon Personalize
B. Amazon SageMaker
C. Amazon Pinpoint
D. Amazon Comprehend
Answer: A
Explanation:
The AWS service that meets the requirement of providing a managed machine learning (ML) service that can recommend products based on a customer’s
previous behaviors is Amazon Personalize. Amazon Personalize is a fully managed service that enables developers to create personalized recommendations for
customers using their own data. Amazon Personalize can automatically process and examine the data, identify what is meaningful, select the right algorithms, and
train and optimize a personalized recommendation model2. Amazon SageMaker, Amazon Pinpoint, and Amazon Comprehend are other AWS services related to
machine learning, but they do not provide the specific functionality of product recommendation.
NEW QUESTION 258

- (Topic 3)
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

A. AWS Service Catalog

B. AWS Systems Manager
C. AWS IAM Access Analyzer
D. AWS Organizations
Answer: C
Explanation:
AWS IAM Access Analyzer is a service that helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are
shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses logic-based
reasoning to analyze the resource-based policies in your AWS environment. For each instance of a resource shared outside of your account, IAM Access Analyzer
generates a finding. Findings include information about the access and the external principal granted to it345. References: 3: Using AWS Identity and Access
Management Access Analyzer, 4: IAM Access Analyzer - Amazon Web Services (AWS), 5: Welcome - IAM Access Analyzer
NEW QUESTION 262

- (Topic 3)
A company wants to use guidelines from the AWS Well-Architected Framework to limit human error and facilitate consistent responses to events.
Which of the following is a Well-Architected design principle that will meet these requirements?
A. Use AWS CodeDeploy.

B. Perform operations as code.
C. Migrate workloads to a Dedicated Host.
D. Use AWS Compute Optimizer.
Answer: B
Explanation:
This is a design principle of the operational excellence pillar of the AWS Well-Architected Framework. Performing operations as code means using scripts,
templates, or automation tools to perform routine tasks, such as provisioning, configuration, deployment, and monitoring. This reduces human error, increases
consistency, and enables faster recovery from failures. You can learn more about the operational excellence pillar from this whitepaper or this digital course.
NEW QUESTION 263

- (Topic 3)
Which pillar of the AWS Well-Architected Framework includes the AWS shared responsibility model?
A. Operational excellence
B. Performance efficiency
C. Reliability
D. Security
Answer: D
Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in
the cloud. The framework consists of five pillars: operational excellence, performance efficiency, reliability, security, and cost optimization. The security pillar
covers the AWS shared responsibility model, which defines the security and compliance responsibilities of AWS and the customers. You can learn more about the
AWS Well-Architected Framework from [this whitepaper] or [this digital course].
NEW QUESTION 268

- (Topic 3)
A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of credentials.
Which AWS service or resource will meet this requirement?
B. IAM user
C. AWS IAM Identity Center (AWS Single Sign-On)
D. AWS Control Tower
Answer: C
Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS
accounts and business applications. You can use AWS SSO to enable your users to sign in to the AWS Management Console or the AWS Command Line
Interface (AWS CLI) with their existing corporate credentials2. You can also manage SSO access and user permissions across all your AWS accounts in AWS
Organizations3. References: AWS Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation
NEW QUESTION 271

- (Topic 3)
Which of the following are general AWS Cloud design principles described in the AWS Well-Architected Framework?
A. Consolidate key components into monolithic architectures.

B. Test systems at production scale.
C. Provision more capacity than a workload is expected to need.
D. Drive architecture design based on data collected about the workload behavior and requirements.
E. Make AWS Cloud architectural decisions static, one-time events.
Answer: BD
Explanation:

These are two of the general AWS Cloud design principles described in the AWS Well-Architected Framework. Testing systems at production scale means using
tools such as AWS CloudFormation, AWS CodeDeploy, and AWS X-Ray to simulate real-world scenarios and measure the performance, scalability, and
availability of the system. Driving architecture design based on data means using tools such as Amazon CloudWatch, AWS CloudTrail, and AWS Config to collect
and analyze metrics, logs, and events about the system and use the insights to optimize the system’s design and operation. You can learn more about the AWS
Well-Architected Framework from this whitepaper or [this digital course].
NEW QUESTION 274

- (Topic 3)
A company simulates workflows to review and validate that all processes are effective and that staff are familiar with the processes.
Which design principle of the AWS Well-Architected Framework is the company following with this practice?
A. Perform operations as code.

B. Refine operation procedures frequently.
C. Make frequent, small, reversible changes.
D. Structure the company to support business outcomes.
Answer: B
Explanation:
Refining operation procedures frequently is one of the design principles of the operational excellence pillar of the AWS Well-Architected Framework. It means that
you should review and validate your processes regularly to ensure they are effective and that staff are familiar with them. Performing operations as code, making
frequent, small, reversible changes, and structuring the company to support business outcomes are design principles of other pillars of the AWS Well-Architected
Framework.
NEW QUESTION 275

- (Topic 3)
A company wants a list of all users in its AWS account, the status of all of the users' access keys, and if multi-factor authentication (MFA) has been configured.
Which AWS service or feature will meet these requirements?

B. IAM Access Analyzer
C. IAM credential report
D. Amazon CloudWatch
Answer: C
Explanation:
IAM credential report is a feature that allows you to generate and download a report that lists all IAM users in your AWS account and the status of their various
credentials, including access keys and MFA devices. You can use this report to audit the security status of your IAM users and ensure that they follow the best
practices for using AWS1.
AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys to protect your data. It does not provide information
about IAM users or their credentials2.
IAM Access Analyzer is a feature that helps you identify the resources in your AWS account, such as S3 buckets or IAM roles, that are shared with an external
entity. It does not provide information about IAM users or their credentials3.
Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications. It does not provide information
about IAM users or their credentials4.
References:
? Getting credential reports for your AWS account - AWS Identity and Access Management
? AWS Key Management Service - Amazon Web Services
? IAM Access Analyzer - AWS Identity and Access Management
? Amazon CloudWatch - Amazon Web Services
NEW QUESTION 279

- (Topic 3)
A company deployed an application on an Amazon EC2 instance. The application ran as expected for 6 months. In the past week, users have reported latency
issues. A system administrator found that the CPU utilization was at 100% during business hours. The company wants a scalable solution to meet demand.
Which AWS service or feature should the company use to handle the load for its application during periods of high demand?
A. Auto Scaling groups

B. AWS Global Accelerator
C. Amazon Route 53
D. An Elastic IP address
Answer: A
Explanation:
Auto Scaling groups are a feature that allows users to automatically scale the number of Amazon EC2 instances up or down based on demand or a predefined
schedule. Auto Scaling groups can help improve the performance and availability of applications by adjusting the capacity in response to traffic fluctuations1. AWS
Global Accelerator is a service that improves the availability and performance of applications by routing traffic through AWS edge locations2. Amazon Route 53 is
a service that provides scalable and reliable domain name system (DNS) service3. An Elastic IP address is a static IPv4 address that can be associated with an
Amazon EC2 instance4.
NEW QUESTION 282

- (Topic 3)
Which cloud concept is demonstrated by using AWS Compute Optimizer?
A. Security validation
B. Rightsizing
C. Elasticity

D. Global reach
Answer: B
Explanation:
Rightsizing is the cloud concept that is demonstrated by using AWS Compute Optimizer. Rightsizing is the process of adjusting the type and size of your cloud
resources to match the optimal performance and cost for your workloads. AWS Compute Optimizer is a service that analyzes the configuration and utilization
metrics of your AWS resources, such as Amazon EC2 instances, Amazon EBS volumes, AWS Lambda functions, and Amazon ECS services on AWS Fargate. It
reports whether your resources are optimal, and generates optimization recommendations to reduce the cost and improve the performance of your workloads.
AWS Compute Optimizer uses machine learning to analyze your historical utilization data and compare it with the most cost-effective AWS alternatives. You can
use the recommendations to evaluate the trade-offs between cost and performance, and decide when to move or resize your resources to achieve the best results.
References: Workload Rightsizing - AWS Compute Optimizer - AWS, What is AWS Compute Optimizer? - AWS Compute Optimizer
NEW QUESTION 284

- (Topic 3)
A company wants to query its server logs to gain insights about its customers' experiences. Which AWS service will store this data MOST cost-effectively?
A. Amazon Aurora
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon S3
Answer: D
Explanation:
Amazon S3 is an AWS service that provides scalable, durable, and cost- effective object storage in the cloud. Amazon S3 can store any amount and type of data,
such as server logs, and offers various storage classes with different performance and pricing characteristics. Amazon S3 is the most cost-effective option for
storing server logs, as it offers low-cost storage classes, such as S3 Standard-Infrequent Access (S3 Standard-IA) and S3 Intelligent-Tiering, that are suitable for
infrequently accessed or changing access patterns data. Amazon S3 also integrates with other AWS services, such as Amazon Athena and Amazon OpenSearch
Service, that can query the server logs directly from S3 without requiring any additional data loading or transformation. References: Amazon S3, Amazon S3
Storage Classes, Querying Data in Amazon S3
NEW QUESTION 287

- (Topic 3)
Which AWS service provides a single location to track the progress of application migrations?
A. AWS Application Discovery Service

B. AWS Application Migration Service
C. AWS Service Catalog
D. AWS Migration Hub
Answer: D
Explanation:
AWS Migration Hub is a service that provides a single location to track the progress of application migrations across multiple AWS and partner solutions. It allows
you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of
applications1. AWS Migration Hub supports migration status updates from the following tools: AWS Application Migration Service, AWS Database Migration
Service, CloudEndure Migration, Server Migration Service, and Migrate for Compute Engine1.
The other options are not correct for the following reasons:
? AWS Application Discovery Service is a service that helps you plan your migration projects by automatically identifying servers, applications, and dependencies
in your on-premises data centers2. It does not track the progress of application migrations, but rather provides information to help you plan and scope your
migrations.
? AWS Application Migration Service is a service that helps you migrate and modernize applications from any source infrastructure to AWS with minimal downtime
and disruption3. It is one of the migration tools that can send status updates to AWS Migration Hub, but it is not the service that provides a single location to track
the progress of application migrations.
? AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS4. It does not track the
progress of application migrations, but rather helps you manage the provisioning and governance of your IT services.
References:
? 1: What Is AWS Migration Hub? - AWS Migration Hub
? 2: What Is AWS Application Discovery Service? - AWS Application Discovery Service
? 3: App Migration Tool - AWS Application Migration Service - AWS
? 4: What Is AWS Service Catalog? - AWS Service Catalog
NEW QUESTION 289

......

THANKS FOR TRYING THE DEMO OF OUR PRODUCT
Visit Our Site to Purchase the Full Set of Actual AWS-Certified-Cloud-Practitioner Exam Questions With
Answers.
We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the AWS-
Certified-Cloud-Practitioner Product From:
https://www.2passeasy.com/dumps/AWS-Certified-Cloud-Practitioner/
Money Back Guarantee
AWS-Certified-Cloud-Practitioner Practice Exam Features:
* AWS-Certified-Cloud-Practitioner Questions and Answers Updated Frequently
* AWS-Certified-Cloud-Practitioner Practice Questions Verified by Expert Senior Certified Staff
* AWS-Certified-Cloud-Practitioner Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* AWS-Certified-Cloud-Practitioner Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Powered by TCPDF (www.tcpdf.org)

aws-certified-cloud-practitioner_1

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

aws-certified-cloud-practitioner_1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

aws-certified-cloud-practitioner_1

Uploaded by

Copyright:

Available Formats

Welcome to download the Newest 2passeasy AWS-Certified-Cloud-Practitioner dumps

https://www.2passeasy.com/dumps/AWS-Certified-Cloud-Practitioner/ (370 New Questions)

Exam Questions AWS-Certified-Cloud-Practitioner

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Amazon Elastic Container Service (Amazon ECS)

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Edge locations contain multiple AWS Regions.

A. Amazon AppStream 2.0

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. The ability to place watermarks on images

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. AWS Identity and Access Management (IAM)

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. AWS Cost and Usage Report

A. Physical security of AWS facilities

A. Security inside of code

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. AWS Device Farm

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. AWS Key Management Service (AWS KMS)

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Use pay-as-you-go pricing.

A. Maximize utilization of Amazon EC2 instances.

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. AWS Direct Connect

A. AWS Developer Support

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A. Use AWS Shield to identify and manage security events.

NEW QUESTION 102

A. AWS Firewall Manager

NEW QUESTION 107

A. Provision additional EC2 instances in other Availability Zones.

NEW QUESTION 110

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 112

NEW QUESTION 115

NEW QUESTION 116

NEW QUESTION 117

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 122

NEW QUESTION 126

NEW QUESTION 128

NEW QUESTION 133

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

A company is using Amazon RDS.

A. Deploy a copy of the application in another AWS account.

NEW QUESTION 134

NEW QUESTION 135

A. Operating system patches

NEW QUESTION 139

A. AWS Trusted Advisor

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

NEW QUESTION 141

NEW QUESTION 143

NEW QUESTION 146

A. Decreased deployment speed

NEW QUESTION 148

A. AWS Key Management Service (AWS KMS)