Question 1: Correct

You are working as a site reliability engineer (SRE), which of the following services helps monitor
your applications?

A. Amazon Elastic MapReduce.

B. Amazon CloudSearch

C. Amazon CloudWatch

(Correct)

D. Amazon CloudHSM
Explanation
             Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you
run on AWS. You can use Amazon CloudWatch to collect and track metrics, collect and monitor log
files, set alarms, and automatically react to changes in your AWS resources.
 
Option A is not correct. Amazon Elastic MapReduce (Amazon EMR) provides a managed Hadoop
framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically
scalable Amazon EC2 instances.
Option B is not correct. Amazon CloudSearch is used to set up, manage, and scale a search solution for
your website or application.
Option D is not correct. AWS CloudHSM is a cloud-based hardware security module (HSM) that
enables you to easily generate and use your own encryption keys on the AWS Cloud.
 
References:
https://aws.amazon.com/cloudwatch/
 Question 2: Incorrect
What is the easiest way to launch and manage a virtual private server in AWS?

A. Using Amazon Virtual Private Cloud

B. Using Amazon Lightsail

(Correct)

C. Using AWS Virtual Private Network

(Incorrect)

D. Using Amazon Route 53

Explanation
             Amazon Lightsail is designed to be the easiest way to launch and manage a virtual private server
with AWS. Lightsail plans include everything you need to jumpstart your project –a virtual machine,
SSD-based storage, data transfer, DNS management, and a static IPaddress–for a low, predictable price.
 
Option A is not correct. Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS
resources into a virtual network that you've defined.
Option C is not correct. AWS Virtual Private Network (AWS VPN) is used to establish a secure and
private tunnel from your network or device to the AWS global network.
Option D is not correct. Amazon Route 53 is a Domain Name System (DNS) web service. You can use
Route 53 to perform three main functions: domain registration, DNS routing, and health checking.
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf        page 22
 Question 3: Incorrect
The AWS account administrator of your company has been fired. The administrator had access to
the root user and a personal IAM administrator account. With these accounts, he has generated
other IAM accounts and keys. Which of the following should you do today to protect your AWS
infrastructure? (Choose two)

A. Change the user name and the password and create MFA for the root account.

(Correct)

B. Delete all IAM accounts and recreate others.

C. Download all the attached policies in a safe place.

D. Use the CloudWatch service to check all the API calls that have been made in your account since the
administrator was fired.

E. Put IP restriction on all Users' accounts.

(Correct)

Explanation
To protect your AWS infrastructure in this situation you should lock down your root user and all accounts
that the administrator had access to.
Here are some ways to do that:
1- Change the user name and the password of the root user account and all of the IAM accounts that the
administrator has access to.
2- Rotate (change) all access keys for those accounts.
3- Enable MFA on those accounts.
4- Put IP restriction on all Users' accounts.              
 Option B is not correct. Deleting all IAM accounts is not necessary, and it would cause great disruption to
your operations.
Option C is not correct. IAM policies are used to authorize users to perform actions on AWS resources.
What you should do is rotating all IAM users’ keys and change their passwords. This way you are
protecting those IAM accounts while still retaining the ability to perform their jobs.
Option D is not correct. CloudTrail is the service that gives you  a complete history of the API calls that
have been made in your account from all users.
 
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
Question 4: Correct
Which service can be used to route end users to the nearest datacenter to reduce latency?

A. Amazon Cognito.

B. Amazon Route 53.

(Correct)

C. AWS Systems Manager.

D. Amazon Route Manager.

Explanation
           When you use multiple AWS Regions, you can reduce latency for your users by serving their
requests from the AWS Region for which network latency is lowest. Amazon Route 53 latency-based
routing lets you use Domain Name System (DNS) to route user requests to the AWS Region that will give
your users the fastest response.
Option A is not correct. Amazon Cognito lets you add user sign-up, sign-in, and access control to your
web and mobile apps quickly and easily
Option C is not correct. AWS Systems Manager gives you visibility and control of your infrastructure on
AWS. Systems Manager provides a unified user interface so you can view operational data from multiple
 AWS services and allows you to automate operational tasks across your AWS resources. With Systems
Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS
instances, by application, view operational data for monitoring and troubleshooting, and take action on
your groups of resources.
Option E is not correct. There is nothing called Amazon Route Manager.
 
References:
https://aws.amazon.com/route53/
Question 5: Correct
A company is running a large web application that needs to be available all the time. They want to
ensure that all servers are working perfectly. One of the aspects to consider monitoring is CPU
usage. The application tends to slow down when CPU usage is greater than 60%. How can they
track down when CPU usage goes above 60% for any of the EC2 Instances?

A. Use SNS to monitor the utilization of the server.

B. Use CloudWatch Alarms.

(Correct)

C. Use CloudFront to monitor the CPU usage.

D. Use AWS CPU tracker.

Explanation
           Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications
you run on AWS in real time. You can use CloudWatch to collect and track metrics, which are variables
you can measure for your resources and applications. CloudWatch alarms send notifications or
automatically make changes to the resources you are monitoring based on rules that you define. For
example, you can monitor the CPU usage and disk reads and writes of your Amazon EC2 instances and
then use this data to determine whether you should launch additional instances to handle increased load.
You can also use this data to stop under-used instances to save money. In addition to monitoring the built-
 in metrics that come with AWS, you can monitor your own custom metrics. With CloudWatch, you gain
system-wide visibility into resource utilization, application performance, and operational health.
Option A is not correct. SNS is not used for monitoring. The service can be used in conjunction with
CloudWatch to monitor and send notifications to your Email address. Using Amazon CloudWatch alarms,
you can set up metric thresholds and send alerts to Amazon Simple Notification Service (SNS). SNS can
send notifications using e-mail, HTTP(S) endpoints, and Short Message Service (SMS) messages to
mobile phones.
Option C is not correct. CloudFront is a Caching service that is used to deliver content to end users with
low latency.
Option D is not correct. AWS CPU Tracker is a bogus option.
 
References:
https://aws.amazon.com/cloudwatch/
Question 6: Incorrect
For some services, AWS automatically replicates data across multiple AZs to provide fault
tolerance in the event of a server failure or Availability Zone outage. Select TWO services that
automatically replicate data across AZs.

A. Instance Store

B. Amazon Route 53

(Incorrect)

C. S3

(Correct)

D. DynamoDB

(Correct)


E. AWS VPN
Explanation
             For S3 Standard, S3 Standard-IA, and S3 Glacier storage classes, your objects are automatically
stored across multiple devices spanning a minimum of three Availability Zones, each separated by miles
across an AWS Region. This means your data is available when needed and protected against AZ failures,
errors, and threats.
            All of your data in DynamoDB is stored on solid state disks (SSDs) and is automatically replicated
across multiple Availability Zones within an AWS region, providing built-in high availability and data
durability.
 
Option A is not correct. An instance store provides temporary block-level storage for EC2 instances.
Instance store is ideal for temporary storage of information that changes frequently, such as buffers,
caches, scratch data, and other temporary content.
 
Option B is not correct. Amazon Route 53 is not used for storing data. It is a globally-available, cloud-
based Domain Name System (DNS) web service not tied to Availability Zones.
 
Option E is not correct. AWS Virtual Private Network (AWS VPN) is a service that lets you establish a
secure and private tunnel from your network or device to the AWS global network.
 
References:
https://aws.amazon.com/dynamodb/
https://aws.amazon.com/s3/faqs/
Question 7: Incorrect
What does Amazon SES stand for ?

A. Simple Engagement Service.

(Incorrect)

B. Simple Email Service.

 (Correct)

C. Simple ElasticSearch.

D. Software Enabled Server

Explanation
                 Amazon Simple Email Service (Amazon SES) is a cost-effective email service built on the
reliable and scalable infrastructure that Amazon.com developed to serve its own customer base. With
Amazon SES, you can send transactional email, marketing messages, or any other type of high-quality
content to your customers. You can also use Amazon SES to receive messages and deliver them to an
Amazon S3 bucket, call your custom code via an AWS Lambda function, or publish notifications to
Amazon SNS. With Amazon SES, you have no required minimum commitments —you pay as you go,
and you only pay for what you use.                 
Other options presented are bogus.
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Question 8: Incorrect
Which of the following AWS services allows you to build a data warehouse in the cloud?

A. Amazon RDS

B. AWS Storage Gateway

C. AWS EMR

(Incorrect)


D. AWS Redshift

(Correct)

Explanation
            Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can
start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use
your data to acquire new insights for your business and customers.
 
Option A is not correct. Amazon Relational Database Service (Amazon RDS) is used to set up and
operate a relational database in the cloud.
Option B is not correct. AWS Storage Gateway is a hybrid cloud storage service.
Option C is not correct. EMR is used to process vast amounts of data easily and securely. Use cases
include: big data,log analysis, web indexing, data transformations (ETL), machine learning, financial
analysis, scientific simulation, and bioinformatics.
 
References:
https://docs.aws.amazon.com/redshift/latest/mgmt/welcome.html
Question 9: Incorrect
Which of the following AWS support plans provides access to only the 7 core Trusted Advisor
checks? (Choose two)

A. Basic

(Correct)

B. Developer

(Correct)


 C. Business

(Incorrect)

D. Enterprise

(Incorrect)

Explanation
             Basic and Developer Support Plans provide access to only 7 core Trusted Advisor checks and
guidance to provision your resources following best practices to increase performance and improve
security. Business and Enterprise level Support Plans provide access to a full set of Trusted Advisor
checks. You can see this full set here: https://aws.amazon.com/premiumsupport/technology/trusted-
advisor/best-practice-checklist/
 
References:
https://aws.amazon.com/premiumsupport/compare-plans/
Question 10: Incorrect
In Amazon RDS, security groups are ideally used to:

A. Define a maintenance period for database engines

B. Launch Amazon RDS instances in a subnet

C. Create, describe, modify, and delete DB instances

(Incorrect)

D. Control what IP addresses or EC2 instances can connect to your database instance.
 (Correct)

Explanation
              In Amazon RDS, security groups are used to control which IP addresses or EC2 instances can
connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents
any database access except through rules specified by an associated security group.
 
References:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html
Question 11: Incorrect
Which of the following affect Amazon EBS costs? (Choose two)

A. Number of cores

(Incorrect)

B. Volumes

(Correct)

C. Snapshots

(Correct)

D. RAM

E. Elastic IP’s
Explanation
 When you want to estimate the costs of Amazon EBS you need to consider the following:
1- Volume types.
2- Input/output operations per second(IOPS).
3- Snapshots.
4- Data Transfer.
 
Other options represent factors of Amazon EC2 pricing.
 
References:
https://aws.amazon.com/ebs/pricing/
Question 12: Correct
Which S3 storage class has the lowest object availability rating?

A. Standard

B. S3 One Zone-IA

(Correct)

C. Infrequent Access

D. All of them have the same availability rating

Explanation
          S3 One Zone-IA has the lowest availability rating 99.5%.
                               
Option A is not correct. Standard has an availability rating of 99.99%.
Option C is not correct. Infrequent Access has an availability rating 99.9%.
  
References:
https://aws.amazon.com/s3/storage-classes/
Question 13: Incorrect
If you want to run an ever-changing database in an Amazon EC2 Instance, what is the most
recommended Amazon storage option?

A. Amazon Instance Storage

B. Amazon EBS

(Correct)

C. You can't run a database inside an Amazon EC2 instance

(Incorrect)

D. Amazon DB storage.
Explanation
                Amazon EBS provides durable, block-level storage volumes that you can attach to a running
instance. You can use Amazon EBS as a primary storage device for data that requires frequent and
granular updates. Amazon EBS is the recommended storage option when you run a database on an
instance. 
Options A & D are bogus options.
Option C is not correct. You can install and run any database software you want on Amazon EC2. In this
case you are responsible for managing everything related to this database.
References:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html
Question 14: Incorrect
 What factors determine how you are charged when using AWS Lambda? (Choose two)

A. Compute capacity consumed

(Incorrect)

B. Compute time consumed

(Correct)

C. Storage consumed

(Incorrect)

D. Number of requests to your functions

(Correct)

Explanation
          With AWS Lambda, you pay only for what you use. You are charged based on the number of
requests for your functions and the time it takes for your code to execute. 
Option A is not correct. With Lambda, there are no servers or compute capacity. It is a serverless service.
Option C is not correct. Lambda is not a storage service. It is a compute service to run your applications.
 
References:
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf    page 9
Question 15: Incorrect
Which service is used during the process of encrypting EBS volumes?


 A. Amazon GuardDuty

(Incorrect)

B. AWS KMS

(Correct)

C. AWS WAF

D. None of the above.

Explanation
              Amazon EBS encryption uses AWS Key Management Service (AWS KMS) customer master
keys (CMKs) when creating encrypted volumes and any snapshots created from them. A unique AWS-
managed CMK is created for you automatically in each region where you store AWS assets. This key is
used for Amazon EBS encryption unless you specify a customer-managed CMK that you created
separately using AWS KMS.                 
                               
Option A is not correct. Amazon GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior to protect your AWS accounts and workloads.
Option C is not correct. AWS WAF is a web application firewall that helps protect your web applications
from common web exploits that could affect application availability, compromise security, or consume
excessive resources.
 
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
Question 16: Incorrect
Which service automatically restarts resources after terminating them? (Choose two)

A. Amazon EC2
 (Incorrect)

B. Amazon Elastic Beanstalk

(Correct)

C. Amazon S3

D. AWS OpsWorks

(Correct)

E. Amazon Elastic File System

Explanation
             Elastic Beanstalk is designed to ensure that all the resources that you need are running, which
means that it automatically relaunches any service that you stop. If you need to permanently delete those
resources you must terminate your Elastic Beanstalk environment before you terminate resources that
Elastic Beanstalk has created.
            If you use the AWS OpsWorks environment to create AWS resources, you must use AWS
OpsWorks to terminate those resources or AWS OpsWorks will restart them. For example, if you use
AWS OpsWorks to create an Amazon EC2 instance, but then stop it by using the Amazon EC2 console,
the AWS OpsWorks auto-healing feature categorizes the instance as failed and restarts it.
Note: To avoid unexpected charges, you have to be aware of such services as they automatically restart
resources without notifying you.
The other services presented cannot restart other resources or services.
 
References:
https://aws.amazon.com/elasticbeanstalk/
https://aws.amazon.com/opsworks/
 Question 17: Correct
Where to go to search for and buy third-party software solutions and services that run on AWS?

A. Resource Groups

B. AWS Application Discovery service.

C. AWS DevPay

D. AWS Marketplace

(Correct)

Explanation
           AWS Marketplace is a curated digital catalog that makes it easy for customers to find, buy, deploy,
and manage third-party software and services that customers need to build solutions and run their
businesses. AWS Marketplace includes thousands of software listings from popular categories such as
security, networking, storage, machine learning, business intelligence, database, and DevOps. AWS
Marketplace also simplifies software licensing and procurement with flexible pricing options and multiple
deployment methods. Customers can quickly launch pre-configured software with just a few clicks, and
choose software solutions in AMI and SaaS formats, as well as other formats. Flexible pricing options
include free trial, hourly, monthly, annual, multi-year, and BYOL, and get billed from one source, AWS.
 
Option A is not correct. Resource Groups helps you organize multiple AWS resources in groups. By
default, the AWS Management Console is organized by AWS service. But with the Resource Groups
tool, you can create a custom console that organizes and consolidates information based on your project
and the resources that you use.
Option B is not correct. AWS Application Discovery Service helps enterprise customers plan migration
projects by gathering information about their on-premises data centers.
Option C is not correct. Amazon DevPay is a cloud-based billing and account management service that
enables developers to collect payment for their AWS applications.
 
 References:
https://aws.amazon.com/partners/aws-marketplace/
Question 18: Incorrect
Under what circumstances would someone want to use ElastiCache? (Choose two)

A. They need an in-memory data store service.

(Correct)

B. They need to improve the performance of their web application.

(Correct)

C. They need to reduce delivery costs using Edge Locations.

D. They need to distribute requests to multiple instances.

E. They need a Chef-compatible cache to speed up their applications.

Explanation
               Amazon ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis
protocol-compliant server nodes in the cloud. Amazon ElastiCache improves the performance of web
applications by allowing you to retrieve information from a fast, managed, in-memory system, instead of
relying entirely on slower disk-based databases. Amazon ElastiCache works as an in-memory data store
and cache to support the most demanding applications requiring sub-millisecond response times.
Option C is not correct. Edge Locations are used for caching content with the CloudFront service.
Option D is not correct. Elastic Load Balancing is the service that can be used to distribute requests to
multiple instances.
 Option E is not correct. ElastiCache is not “Chef-compatible”. Chef and Puppet are automation platforms
that allow you to use code to automate the configurations of your servers. The AWS service that uses
Chef and Puppet is AWS OpsWorks.
References:
https://aws.amazon.com/elasticache/
Question 19: Correct
Where to go to find more information about prohibited uses of the web services offered by AWS?

A. AWS Artifact

B. AWS Budgets

C. AWS CloudTrail

D. AWS Acceptable Use Policy

(Correct)

Explanation
             The AWS Acceptable Use Policy describes prohibited uses of the web services offered by
Amazon Web Services, Inc. and its affiliates (the “Services”) and the website located at
http://aws.amazon.com (the “AWS Site”). The examples described in this Policy are not exhaustive. AWS
may modify this Policy at any time by posting a revised version on the AWS Site. By using the Services
or accessing the AWS Site, you agree to the latest version of this Policy. If you violate the Policy or
authorize or help others to do so, AWS may suspend or terminate your use of the Services.
Option A is not correct. AWS Artifact provides on-demand access to AWS’ security and compliance
reports and select online agreements. Reports available in AWS Artifact include our Service Organization
Control (SOC) reports, Payment Card Industry (PCI) reports.
Option B is not correct. AWS Budgets gives you the ability to set custom budgets that alert you when
your costs or usage exceed (or are forecasted to exceed) your budgeted amount.
Option C is not correct. AWS CloudTrail is used to track and log all user’s interactions with AWS
services.
  
References:
https://aws.amazon.com/aup/
Question 20: Skipped
Availability Zones within a Region are connected over low-latency links. Which of the following is a
benefit of these links?

A. Make synchronous replication of your data possible

(Correct)

B. Automate the process of provisioning new compute resources

C. Achieve global high availability

D. Create private connection to your data center

Explanation
          Each AWS Region contains multiple distinct locations, or Availability Zones. Each Availability
Zone is engineered to be independent from failures in other Availability Zones. An Availability Zone is a
data center, and in some cases, an Availability Zone consists of multiple data centers. Availability Zones
within a Region provide inexpensive, low-latency network connectivity to other zones in the same
Region. This allows you to replicate data across data centers in a synchronous manner so that failover can
be automated and appear transparent to your users.
Option B is not correct. There is no relation between low-latency links and provisioning new resources.
Auto Scaling is the service that can be used to automate the process of creating new compute resources.
Option C is not correct.  You cannot achieve global high availability by merely using Availability Zones
within the same Region. You should deploy your application in multiple regions closest to your users or
use the AWS CloudFront service to achieve high global availability.
Option D is not correct. The AWS Direct Connect service is the service that can be used to establish a
private connection between AWS and your datacenter.
 
 References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
Question 21: Skipped
You have been tasked with auditing the security of your VPC. As part of this process, you need to
start by analyzing what traffic is allowed to and from various EC2 instances. What two parts of the
VPC do you need to check to accomplish this task?

A. NACLs and Traffic Manager

B. Security Groups and Internet Gateways

C. NACLs and Subnets

D. Security Groups and NACLs

(Correct)

Explanation
           Security Groups and NACLs are the two parts of the VPC Security Layer. Security Groups are a
firewall at the instance layer, and NACLs are a firewall at the subnet layer.                         
 
References:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Security.html
Question 22: Skipped
What can you access by visiting the URL: http://status.aws.amazon.com/?

A. Amazon Cloud Watch



B. Status of your Amazon RDS DB

C. AWS Service Health Dashboard

(Correct)

D. AWS Cloud Monitor

Explanation
        The AWS Service Health Dashboard publishes AWS’ most up-to-the-minute information on service
availability. The dashboard provides access to current status and historical data about each and every
Amazon Web Service. Just copy the URL to your browser and see the result.
 
References:
http://status.aws.amazon.com/
Question 23: Skipped
Who is responsible for scaling the DynamoDB databases?

A. The DevOps team

B. AWS

(Correct)

C. The development team.



D. None of the above

Explanation
          DynamoDB is a fully managed NoSQL database service that provides fast and predictable
performance with seamless scalability. DynamoDB enables customers to offload the administrative
burdens of operating and scaling distributed databases to AWS so that they don’t have to worry about
hardware provisioning, setup and configuration, throughput capacity planning, replication, software
patching, or cluster scaling. 
 
References:
https://aws.amazon.com/dynamodb/faqs/
Question 24: Skipped
The concept of elasticity is most closely associated with which of the following?

A. Auto Scaling

(Correct)

B. Network Security

C. Serverless Computing

D. Elastic Load Balancing

Explanation
             Another way you can save money with AWS is by taking advantage of the platform’s elasticity.
Elasticity means the ability to scale up or down when needed. This concept is most closely associated
with the AWS Auto Scaling which monitors your applications and automatically adjusts capacity (up or
down) to maintain steady, predictable performance at the lowest possible cost.
  
References:
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
Question 25: Skipped
Which of the following could you use to find a paid AMI? (Choose three)

A. Amazon EC2 console

(Correct)

B. AWS Marketplace

(Correct)

C. AWS CLI

(Correct)

D. Amazon DevPay

E. AWS Organization
Explanation
You can find a paid AMI using the Amazon EC2 console, AWS Marketplace  and AWS CLI.
Option D is not correct. Amazon DevPay is a simple-to-use online billing and account management
service that makes it easy for businesses to sell applications that are built in, or run on top of, Amazon
Web Services.
Option E is not correct. AWS Organizations helps you centrally govern your environment across multiple
AWS accounts.
  
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/paid-amis.html
Question 26: Skipped
Which of the following is true regarding Data Transfer between Amazon DynamoDB and other
Amazon Web Services?  (Choose two)

A. Data transferred across Regions will be free of charge.

B. Data transferred across Regions will be charged on both sides of the transfer.

(Correct)

C. Data transferred across Availability zones within the same Region will be charged on both sides of the
transfer.

D. Data transferred across Availability zones within the same Region will be free of charge.

(Correct)

Explanation
                   There is no additional charge for data transferred between Amazon DynamoDB and other
Amazon Web Services within the same Region. Data transferred across Regions (For example between
Amazon DynamoDB in the US East (Northern Virginia) Region and Amazon EC2 in the EU (Ireland)
Region) will be charged on both sides of the transfer.
 
References:
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf    page 15  
Question 27: Skipped
Amazon EC2 instances are conceptually very similar to traditional servers. However, using
Amazon EC2 server instances in the same manner as traditional hardware server instances is only
 a starting point. What are the main benefits of using the AWS EC2 instances instead of traditional
servers? (Choose two)

A. Improves Fault-Tolerance.

(Correct)

B. Provides your business with a seamless remote accessibility.

C. Prevents unauthorized users from getting into your network.

D. Provides automatic data backups.

E. Can be scaled manually in a shorter period of time.

(Correct)

Explanation
Option A:
                AWS has unique set of services that you can use to build fault-tolerant applications in the cloud.
For example you can get improved fault tolerance by placing your compute instances behind an Elastic
Load Balancer, as it can automatically balance traffic across multiple instances and multiple Availability
Zones and ensure that only healthy Amazon EC2 instances receive traffic. You can setup an Elastic Load
Balancer to balance incoming application traffic across Amazon EC2 instances in a single Availability
Zone or multiple Availability Zones. Elastic Load Balancing can detect the health of Amazon EC2
instances. When it detects unhealthy Amazon EC2 instances, it no longer routes traffic to those unhealthy
instances. Instead, it spreads the load across the remaining healthy instances. If all of your Amazon EC2
instances in a particular Availability Zone are unhealthy, but you have set up instances in multiple
Availability Zones, Elastic Load Balancing will route traffic to your healthy Amazon EC2 instances in
those other zones. It will resume load balancing to the original Amazon EC2 instances when they have
been restored to a healthy state. Also, using Auto Scaling enables you to greatly reduce the amount of
time and resources you need to monitor your servers –if a failure occurs, a replacement will be
 automatically launched for you. Diagnosing an unhealthy server can be as simple as terminating it and
letting Auto Scaling launch a new one for you.
Option E:
             Amazon EC2 reduces the time required to obtain and boot new server instances to minutes,
allowing you to quickly scale capacity (manually or automatically), both up and down, as your computing
requirements change.
Option B is not correct. Both Amazon EC2 instances and the traditional servers can provide access from
any geographic area.
Option C is not correct. Both AWS and on-premises include built-in firewall protection to help prevent
unauthorized users from getting into your network.
Option D is not correct. Both AWS and on-premises provide automatic data backups to prevent data
losses.
 
References:
https://aws.amazon.com/elasticloadbalancing/
https://aws.amazon.com/ec2/
Question 28: Skipped
What are the main differences between an IAM user and an IAM role? (Choose two)

A. An IAM user is uniquely associated with only one person however a role is intended to be assumable
by anyone who needs it.

(Correct)

B. A role is uniquely associated with only one person however an IAM user is intended to be assumable
by anyone who needs it.

C. An IAM user has permanent credentials associated with it however a role has temporary credentials
associated with it.

(Correct)


D. An IAM user has temporary credentials associated with it however a role has permanent credentials
associated with it.
Explanation
              An IAM role is similar to a user, in that it is an AWS identity with permission policies that
determine what the identity can and cannot do in AWS. However, instead of being uniquely associated
with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have
standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a
role, temporary security credentials are created dynamically and provided to the user.
 
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
Question 29: Skipped
How can you increase your application’s fault-tolerance?

A. By saving a copy of your application code in a separate region

D. By deploying the underlying resources across multiple Availability Zones

(Correct)

C. By deploying the underlying resources across multiple subnets

D. By scanning the application code for errors using the AWS X-Ray service.
Explanation
          The fault tolerance of an application involves its ability to recover gracefully from failures.
Deploying the application resources across multiple availability zones will guarantee that even if one
availability zone goes down, there will still be other availability zones to run the application efficiently.
  
References:
https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/global-infrastructure.html
Question 30: Skipped
Which of the following AWS Support Plans gives you 24/7 access to Cloud Support Engineers via
email & phone? (Choose two)

A. Premium

B. Developer

C. Business

(Correct)

D. Enterprise

(Correct)

E. Standard
Explanation
        For Technical Support, each of the Business and the Enterprise support plans provides 24x7 phone,
email, and chat access to Support Engineers.
References:
https://aws.amazon.com/premiumsupport/compare-plans/
Question 31: Skipped
Which of the following security resources are available for free? (Choose three)


A. AWS Security Blog

(Correct)

B. Provable Security

(Correct)

C. AWS re:Invent

D. AWS security support

E. AWS Bulletins

(Correct)

Explanation
         The AWS free security resources include AWS Security Blog, Provable Security, Whitepapers,
Advanced Innovation, Developer Documents, Articles and Tutorials, Training, Security Bulletins,
Compliance Resources and Testimonials.
References:
https://aws.amazon.com/security/security-resources/
Question 32: Skipped
You need to permanently prevent anyone from terminating running instances in your production
environment. What steps should you do?

A. Create a role document that allows EC2 termination and attach it to all existing IAM identities.


B. Create a role document that denies EC2 termination and attach it to all existing IAM identities.

C. Create a policy document that allows EC2 termination and attach it to all existing IAM identities.

D. Create a policy document that denies EC2 termination and attach it to all existing IAM identities.

(Correct)

Explanation
            You create IAM identities to provide authentication for people and processes in your AWS
account. If you want to prevent those identities from performing any action in your production
environment simply create a policy document that denies this action and attach it to the identities you
want.                
 
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html
Question 33: Skipped
According to the AWS shared responsibility model, what are the controls that customers fully
inherit from AWS? (Choose two)

A. Communications controls.

B. Environmental controls.

(Correct)


 C. Patch Management.

D. Resource Configuration Management.

E. Physical controls.

(Correct)

Explanation
           Inherited Controls are controls which a customer fully inherits from AWS such as physical controls
and environmental controls.
           As a customer deploying an application on AWS infrastructure, you inherit security controls
pertaining to the AWS physical, environmental and media protection, and no longer need to provide a
detailed description of how you comply with these control families.
Option A is not correct. Communications controls are the responsibility of the customer.
Options C & D are not correct. Patch Management and Configuration Management are shared controls. In
a shared control, AWS provides the requirements for the infrastructure and the customer must provide
their own control implementation within their use of AWS services.
Patch Management: AWS is responsible for patching and fixing flaws within the infrastructure, but
customers are responsible for patching their guest OS and applications.
Configuration Management:  AWS maintains the configuration of its infrastructure devices, but a
customer is responsible for configuring their own guest operating systems, databases, and applications.
 
References:
https://aws.amazon.com/compliance/shared-responsibility-model/
Question 34: Skipped
What are the benefits of AWS Organizations? (Choose two)

A. Help organizations achieve their desired business outcomes with AWS.


 B. Control access to AWS services.

(Correct)

C. Manage your organization’s payment methods.

D. Consolidate billing across multiple AWS accounts.

(Correct)

E. Help organizations design and travel an accelerated path to successful cloud adoption.
Explanation
       AWS Organizations has four main benefits:
1) Centrally manage access polices across multiple AWS accounts.
2) Automate AWS account creation and management.
3) Control access to AWS services
4) Consolidate billing across multiple AWS accounts.
** Control access to AWS services: AWS Organizations allows you to restrict what services and actions
are allowed in your accounts. You can use Service Control Policies (SCPs) to apply permission guardrails
on AWS Identity and Access Management (IAM) users and roles. For example, you can apply an SCP
that restricts users in accounts in your organization from launching any resources in regions that you do
not explicitly allow.
** Consolidate billing across multiple AWS accounts: You can use AWS Organizations to set up a single
payment method for all the AWS accounts in your organization through consolidated billing. With
consolidated billing, you can see a combined view of charges incurred by all your accounts, as well as
take advantage of pricing benefits from aggregated usage, such as volume discounts for Amazon EC2 and
Amazon S3.
Option A is not correct. AWS Professional Services is the service that helps organizations achieve their
desired business outcomes with AWS.
Option C is not correct. AWS Billing and Cost Management is the service that allows you to manage your
organization’s payment methods.
Option E is not correct.AWS Professional Services is the service that helps organizations design and
travel an accelerated path to successful cloud adoption
 References:
https://aws.amazon.com/organizations/
Question 35: Skipped
Which of the following services allows you to store your application assets, like images and
libraries, along with your code?

A. AWS CodePipeline

B. AWS X-Ray

C. AWS CodeCommit

(Correct)

D. None of the above.

Explanation
               AWS CodeCommit is a fully managed source control service that makes it easy for companies to
host secure and highly scalable private Git repositories. AWS CodeCommit eliminates the need to operate
your own source control system or worry about scaling its infrastructure. You can use AWS CodeCommit
to securely store anything from source code to binaries, and it works seamlessly with your existing Git
tools.    
 
Option A is not correct. AWS CodePipeline is a fully managed continuous delivery service that helps you
automate your release pipelines for fast and reliable application and infrastructure updates.
Option B is not correct. AWS X-Ray is a service that collects data about requests that your application
serves, and provides tools you can use to view, filter, and gain insights into that data to identify issues and
opportunities for optimization.
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf         page 32
 Question 36: Skipped
You have just finished writing your application code. Which service can be used to automate the
deployment and scaling of your application?

A. AWS Simple Storage Service.

B. AWS Elastic File System.

C. AWS Elastic Beanstalk.

(Correct)

D. AWS CodeCommit.
Explanation
                  AWS Elastic Beanstalk is considered a Platform as a Service (PaaS). it is an easy-to-use
service for deploying, scaling and updating web applications and services developed with Java, .NET,
PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and
IIS. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from
capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time,
you retain full control over the AWS resources powering your application and can access the underlying
resources at any time.

Options A & B are not correct. S3 and EFS are storage services.
Option D is not correct. AWS CodeCommit is a source code control service that hosts secure Git-based
repositories. You can use CodeCommit to securely store anything from source code to binaries, and it
works seamlessly with your existing Git tools.

References:
https://aws.amazon.com/elasticbeanstalk/
Question 37: Skipped
Which of the following makes it easier for you to manage and filter your resources?


A. AWS Directory Service

B. AWS Tagging

(Correct)

C. Amazon CloudWatch

D. AWS Service Catalog

Explanation
              Amazon Web Services (AWS) allows customers to assign metadata to their AWS resources in the
form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that
can make it easier to manage, search for, and filter resources. Although there are no inherent types of
tags, they enable customers to categorize resources by purpose, owner, environment, or other criteria.
Option A is not correct. AWS Directory Service for Microsoft Active Directory, also known as AWS
Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed
Active Directory in the AWS Cloud.
Option C is not correct. Amazon CloudWatch is a monitoring service for resource utilization.
Option D is not correct. AWS Service Catalog is not used to filter your resources. It is used to create and
manage catalogs of IT services that are approved for use on AWS. This helps you achieve consistent
governance and meet your compliance requirements, while enabling users to quickly deploy only the
approved IT services they need.
References:
https://aws.amazon.com/answers/account-management/aws-tagging-strategies/
Question 38: Skipped
Before moving and/or storing an object in AWS Glacier, what considerations should be taken into
account regarding the data you want to store?


 A. It is faster to upload your data using the console.

B. Be aware that it takes at least few minutes to retrieve the data once stored on Glacier.

(Correct)

C. Attach Glacier to an EC2 Instance to be able to store data.

D. Determine frequently accessed data and data archives.

Explanation
          Objects stored in Glacier take time to retrieve. You can pay for expedited retrieval, which will take
several minutes or wait several hours for normal retrieval.
 
Option A is not correct. You cannot upload data to Glacier by using the management console. To upload
data, such as photos, videos, and other documents, you must either use the AWS CLI or write code to
make requests, by using either the REST API directly or by using the AWS SDKs.
Option C is not correct. Glacier cannot be attached to EC2 instances. Glacier is a storage class of S3.
Option D is not correct. Glacier is not for frequently accessed data.
 
References:
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf
Question 39: Skipped
AWS provides excellent cloud-based disaster recovery services utilizing their multiple
_____________ .

A. Regions 

(Correct)


B. Transportation devices

C. Support plans

D. Edge locations
Explanation
        Businesses are using the AWS cloud to enable faster disaster recovery of their critical IT systems
without incurring the infrastructure expense of a second physical site. The AWS cloud supports many
popular disaster recovery (DR) architectures from “pilot light” environments that may be suitable for
small customer workload data center failures to “hot standby” environments that enable rapid failover at
scale. With data centers in Regions all around the world, AWS provides a set of cloud-based disaster
recovery services that enable rapid recovery of your IT infrastructure and data.  
 
Option B is not correct. AWS uses storage transportation devices, like AWS Snowball and Snowmobile
to allow companies transfer data to the cloud.
Option C is not correct. AWS provides multiple support plans to meet the different requirements of its
customers.
Option D is not correct. AWS edge locations are used by the CloudFront service to cache content to end
users to reduce latency.
 
References:
https://aws.amazon.com/disaster-recovery/
Question 40: Skipped
Which of the following services allows you to install and run your custom relational database
software?

A. Amazon Inspector


 B. Amazon Cognito

C. Amazon RDS

D. Amazon EC2

(Correct)

Explanation
           If you need a full control over your database, AWS provides a wide range of Amazon EC2
instances—with different hardware characteristics—on which you can install and run your custom
relational database software.
Please note that if you use EC2 instead of RDS to run your relational database, you will be responsible for
managing everything related to this database.
 
Option A is not correct. Amazon Inspector is an automated security assessment service to help improve
the security and compliance of applications deployed on AWS
Option B is not correct. Amazon Cognito lets you add user sign-up, sign-in, and access control to your
web and mobile apps quickly and easily.
Option C is not correct. Amazon RDS provides you with only six database engines to choose from,
including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. These
engines are already installed and ready to be used. You cannot install your custom database software on
RDS.
 
References:
https://aws.amazon.com/ec2
Question 41: Skipped
You are working as a web app developer. You are currently facing issues in media playback for
mobile devices. The problem is that the current format of your media does not support playback on
mobile devices. Which of the following AWS services can help you in this regard?

A. Amazon Elastic Transcoder

 (Correct)

B. Amazon Pinpoint

C. Amazon Rekognition

D. None of the above.

Explanation
              Amazon Elastic Transcoder is media transcoding in the cloud. It is designed to be a highly
scalable, easy-to-use, and cost-effective way for developers and businesses to convert (or transcode)
media files from their source format into versions that will play back on devices like smartphones, tablets,
and PCs.
 
Option B is not correct. Amazon Pinpoint is used by marketers to engage their customers by sending them
targeted and transactional email, SMS, push notifications, and voice messages.
Option C is not correct. Amazon Rekognition allows you to add image and video analysis to your
applications. For example you can use it detect faces in the uploaded images.
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf        page 60
Question 42: Skipped
Which Amazon EC2 Reserved Instance type is ideal for an application that runs 3 hours a day, 5
days a week?

A. Standard RIs

B. Convertible RIs


C. Scheduled RIs

(Correct)

D. Mixed RIs
Explanation
          Scheduled RIs are available to launch within the time windows you reserve. This option allows you
to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a
day, a week, or a month.
Option A is not correct. Standard RIs are best suited for steady-state usage.
Option B is not correct. Like Standard RIs, Convertible RIs are best suited for steady-state usage. But this
option allows you to change the attributes of the RI as long as the exchange results in the creation of
Reserved Instances of equal or greater value.
Option D is not correct. Mixed RIs is not a valid RI type.
 
References:
https://aws.amazon.com/ec2/pricing/reserved-instances/
Question 43: Skipped
Which of the following is a benefit of the "Loose Coupling" approach?

A. Reduces Privileged Access to your resources.

B. The development team can modify the underlying implementation without affecting other components
of the application.

(Correct)


 C. Enables users to quickly deploy only the approved IT services they need.

D. Allows you to bid on spare Amazon EC2 computing capacity.

Explanation
             As application complexity increases, a desirable attribute of an IT system is that it can be broken
into smaller, loosely coupled components. This means that IT systems should be designed in a way that
reduces interdependencies—a change or a failure in one component should not cascade to other
components.              
 
References:
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf        page14
Question 44: Skipped
Which of the following statements is correct regarding Availability Zones?

A. A collection of regions make up an Availability Zone.

B. An Availability Zone is a distinct location within a region that is insulated from failures in other
Availability Zones.

(Correct)

C. The timeframe a particular service is available for use by authorized users is an Availability Zone.

D. “Availability Zone” is another name for an entire region which contains AWS instances.
Explanation
               Availability Zones are distinct locations within a region that are insulated from failures in other
Availability Zones.
Note:
 Although Availability Zones are insulated from failures in other Availability Zones,  they are connected
through private, low-latency links to other Availability Zones in the same region.         
 
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
Question 45: Skipped
Which of the following is NOT a benefit of using AWS Lambda?

A. AWS Lambda runs code without provisioning or managing servers.

B. There is no charge when your AWS Lambda code is not running.

C. AWS Lambda provides resizable compute capacity in the cloud.

(Correct)

D. AWS Lambda can be called directly from any mobile app.

Explanation
                 Option C is not a benefit of AWS Lambda, and thus is the correct choice. AWS Lambda
automatically runs your code without requiring you to adjust capacity or manage servers. AWS Lambda
automatically scales your application by running code in response to each trigger. Your code runs in
parallel and processes each trigger individually, scaling precisely with the size of the workload.
Other options represent benefits of AWS Lambda, and thus are not correct. AWS Lambda lets you run
code without provisioning or managing servers. You pay only for the compute time you consume—there
is no charge when your code is not running. With Lambda, you can run code for virtually any type of
application or backend service—all with zero administration. Just upload your code, and Lambda takes
care of everything required to run and scale your code with high availability. You can set up your code to
automatically trigger from other AWS services, or you can call it directly from any web or mobile app. 
 
References:
 https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Question 46: Skipped
Your company is running an online sale over the coming weekend. You will need additional
compute resources to handle the additional load. The availability of these additional instances must
be guaranteed for the duration of the sale, what is the most cost-effective EC2 instance pricing
option for this job?

A. On-Demand Instances

(Correct)

B. Spot Instances

C. Dedicated Instances

D.  Reserved Instances.

Explanation
             On Demand instances would help provision any extra capacity that the application may need
without any interruptions.
Option B is not correct. Spot instances may be cost effective but AWS does not guarantee the availability
of the instances.
Option C is not correct. Dedicated instances are used when you want your instances to be isolated at the
host hardware level from instances that belong to other customers (and also it has a greater cost).
Option D is not correct. Using Reserved instances requires a contract of at least one year.
 
References:
https://aws.amazon.com/ec2/pricing/
Question 47: Skipped
Which feature enables users to sign in to their AWS accounts with their existing corporate
credentials?


A. Amazon Cognito

B. Federation

(Correct)

C. IAM Permissions

D. Access keys
Explanation
             With Federation, you can use single sign-on (SSO) to access your AWS accounts using credentials
from your corporate directory. Federation uses open standards, such as Security Assertion Markup
Language 2.0 (SAML), to exchange identity and security information between an identity provider (IdP)
and an application.
Option A is not correct. Amazon Cognito lets you add user sign-up, sign-in, and access control to web
and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with
social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via
SAML 2.0.
Option C is not correct. IAM Permissions let you specify the desired access to AWS resources.
Permissions are granted to IAM entities (users, groups, and roles) and by default these entities start with
no permissions. In other words, IAM entities can do nothing in AWS until you grant them your desired
permissions.
Option D is not correct. Access keys are long-term credentials for an AWS IAM user or the AWS account
root user. Access keys are not used for signing in to your account. You can use access keys to sign
programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).
 
References:
https://aws.amazon.com/identity/federation/
Question 48: Skipped
You have multiple standalone accounts and you want to decrease your AWS charges. What should
you do ?


A. Add the accounts to an organization and use Consolidated Billing.

(Correct)

B. Try to remove unnecessary accounts.

C. Track the AWS charges that are incurred by the member accounts.

D. None of the above can help.

Explanation
 Consolidated billing has the following benefits: 
* One bill – You get one bill for multiple accounts.
** Easy tracking – You can track each account's charges, and download the cost data in .csv format.
*** Combined usage – If you have multiple standalone accounts, your charges might decrease if you add
the accounts to an organization. AWS combines usage from all accounts in the organization to qualify
you for volume pricing discounts.
**** No extra fee – Consolidated billing is offered at no additional cost. 
 
Option B is not correct. Removing accounts or resources depend on your needs.
Option C is not correct. Tracking the AWS charges will not decrease your charges.
 
References:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html
Question 49: Skipped
Which of the following are part of the seven design principles for security in the cloud? (Choose
three)


A. Scale horizontally to protect from failures.   

B. Allow manual processing of data in order to reduce the risk of errors when handling sensitive data.

C. Implement a strong identity foundation

(Correct)

D. Enable traceability

(Correct)

E. Protect data in transit and at rest

(Correct)

Explanation
There are seven design principles for security in the cloud: 

 Implement a strong identity foundation: Implement the principle of least privilege and enforce
separation of duties with appropriate authorization for each interaction with your AWS resources.
Centralize privilege management and reduce or even eliminate reliance on long-term credentials.
 Enable traceability: Monitor, alert, and audit actions and changes to your environment in real
time. Integrate logs and metrics with systems to automatically respond and take action.
 Apply security at all layers: Rather than just focusing on protection of a single outer layer, apply
a defense-in-depth approach with other security controls. Apply to all layers (e.g., edge network, VPC,
subnet, load balancer, every instance, operating system, and application).
 Automate security best practices: Automated software-based security mechanisms improve your
ability to securely scale more rapidly and cost effectively. Create secure architectures, including the
implementation of controls that are defined and managed as code in version-controlled templates.
 Protect data in transit and at rest: Classify your data into sensitivity levels and use mechanisms,
such as encryption, tokenization, and access control where appropriate.
 Keep people away from data: Create mechanisms and tools to reduce or eliminate the need for
direct access or manual processing of data. This reduces the risk of loss or modification and human error
when handling sensitive data.
 Prepare for security events: Prepare for an incident by having an incident management process
that aligns to your organizational requirements. Run incident response simulations and use tools with
automation to increase your speed for detection, investigation, and recovery.

                               
Option A is not correct. Protecting from networking failures due to hardware issues or mis-configuration
is not related to security. Protecting from failures and scaling horizontally are much more related to the
reliability of your system.
Option B is not correct. When dealing with sensitive data, you should allow as much automation as
possible to reduce the risk of errors.
 
References:
https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf
Question 50: Skipped
A company needs to host a big data application on AWS. Which of the following AWS Storage
services would they choose to automatically get high throughput to multiple compute nodes?

A. Amazon Elastic Block Store.

B. S3.

C. Amazon Elastic File System.

(Correct)

D. AWS Storage Gateway.

 Explanation
       Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with
AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows
you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on
demand without disrupting applications, growing and shrinking automatically as you add and remove
files, so your applications have the storage they need, when they need it. It is designed to provide
massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to
achieve high levels of aggregate throughput and IOPS that scale as a file system grows, with consistent
low latencies. As a regional service, Amazon EFS is designed for high availability and durability storing
data redundantly across multiple Availability Zones. With these capabilities, Amazon EFS is well suited
to support a broad spectrum of use cases, including web serving and content management, enterprise
applications, media and entertainment processing workflows, home directories, database backups,
developer tools, container storage, and big data analytics workloads.
 
Option A is not correct. An Amazon Elastic Block Store volume cannot be attached to multiple compute
resources at a time.
Option B is not correct. S3 is an object level storage. S3 cannot be attached to compute resources.
Option D is not correct. AWS Storage Gateway is a hybrid storage service that enables your on-premises
applications to seamlessly use AWS cloud storage. You can use the service for backup and archiving,
disaster recovery, cloud data processing, storage tiering, and migration.
 
References:
https://aws.amazon.com/efs/
Question 51: Skipped
Which of the following affects Amazon CloudFront costs? (Choose two)

A. Traffic Distribution

(Correct)

B. Volumes

C. Requests
 (Correct)

D. Instance type
Explanation
When you want to estimate the costs of Amazon CloudFront you need to consider the following:
** Data Transfer Out.
** Traffic Distribution.
** Requests.
Option B is not correct. CloudFront is a caching service not a storage service.
Option D is not correct. Instance type is a factor that affects Amazon EC2 not CloudFront.
 
References:
https://aws.amazon.com/cloudfront/pricing/
Question 52: Skipped
Which of the following services enables you to easily generate and use your own encryption keys in
the AWS Cloud?

A. AWS Certificate Manager

B. AWS Shield

C. AWS WAF

D. AWS CloudHSM
 (Correct)

Explanation
              AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily
generate and use your own encryption keys on the AWS Cloud.
 
Option A is not correct. AWS Certificate Manager is a service that lets you provision, manage, and
deploy (SSL/TLS) certificates for use with AWS services and your internal connected resources.
Option B is not correct. AWS Shield is a managed Distributed Denial of Service (DDoS) protection
service.
Option C is not correct. AWS WAF is a web application firewall that helps protect your web applications
from common web exploits that could affect application availability, compromise security, or consume
excessive resources.
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf    page 80
Question 53: Skipped
What are the benefits of using on-demand EC2 instances? (Choose two)

A. You can increase or decrease your compute capacity depending on the demands of your application.

(Correct)

B. They are the cheapest buying option.

C. They remove the need to buy “safety net” capacity to handle periodic traffic spikes

(Correct)

D. They require only 1-2 days for setup and configuration.



E. They provide free capacity when testing your new applications.

Explanation
             With On-Demand instances, you pay for compute capacity by the hour with no long-term
commitments. You can increase or decrease your compute capacity depending on the demands of your
application and only pay the specified hourly rate for the instances you use. The use of On-Demand
instances frees you from the costs and complexities of planning, purchasing, and maintaining hardware
and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand
instances also remove the need to buy “safety net” capacity to handle periodic traffic spikes. 
 
Option B is not correct. Spot instances are the cheapest EC2 buying option.        
Option D is not correct. You can configure and launch your EC2 instances in minutes.
Option E is not correct. There is no free capacity for application testing. You can only have specific types
of instances for free during the free tier period (12 months).
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Question 54: Skipped
What are the access time options provided by Amazon Glacier that keep costs low yet suitable for
varying retrieval needs? (Choose two)

A. Expedited

(Correct)

B. Rapid

C. Enterprise


D. Bulk

(Correct)

E. Medium
Explanation
         To keep costs low yet suitable for varying retrieval needs, Amazon Glacier provides three options
for access to archives that span a few minutes to several hours: (Access option : Data access time)
1- Expedited : 1–5 minutes
2- Standard : 3–5 hours
3- Bulk : 5–12 hours
Tip: Do not memorize any numbers.
References:
https://d1.awsstatic.com/whitepapers/aws_pricing_overview.pdf    page 12
Question 55: Skipped
Which of the following actions may reduce Amazon EBS costs? (Choose two)

A. Changing the type of the volume.

(Correct)

B. Deleting unnecessary snapshots.

(Correct)

C. Deleting unused buckets.



D. Distributing requests to multiple volumes.

E. Using reservations.
Explanation
           With Amazon EBS, it’s important to keep in mind that you are paying for provisioned capacity and
performance—even if the volume is unattached or has very low write activity. To optimize storage
performance and costs for Amazon EBS, monitor volumes periodically to identify ones that are
unattached or appear to be underutilized or overutilized, and adjust provisioning to match actual usage.
When you want to reduce the costs of Amazon EBS consider the following:
1- Delete Unattached Amazon EBS Volumes:
An easy way to reduce wasted spend is to find and delete unattached volumes. However, when EC2
instances are stopped or terminated, attached EBS volumes are not automatically deleted and will
continue to accrue charges since they are still operating.
2- Resize or Change the EBS Volume Type:
Another way to optimize storage costs is to identify volumes that are underutilized and downsize them or
change the volume type.
3- Delete Stale Amazon EBS Snapshots:
If you have a backup policy that takes EBS volume snapshots daily or weekly, you will quickly
accumulate snapshots. Check for stale snapshots that are over 30 days old and delete them to reduce
storage costs.
Option C is not correct. Amazon EBS doesn’t use buckets.
Option D is not correct. Amazon EBS is a storage service not a compute service.
Option E is not correct. There are no reservations in Amazon EBS independently of Amazon EC2.
References:
https://docs.aws.amazon.com/aws-technical-content/latest/cost-optimization-storage-
optimization/optimizing-amazon-ebs-storage.html
Question 56: Skipped
A company wants to reduce their overall AWS costs but they don’t know where the high costs come
from. What should they do? (Choose two)

A. Activate cost allocation tags to categorize and track their costs.

 (Correct)

B. Use the Budget Explorer to estimate and plan their AWS costs.

C. Use CloudWatch to create billing alerts that notify them when their usage of their services exceeds
thresholds that they define.

(Correct)

D. Use the AWS Price List API.

Explanation
             A tag is a label that you or AWS assigns to an AWS resource. Each tag consists of a key and a
value. A key can have more than one value. You can use tags to organize your resources, and cost
allocation tags to track your AWS costs on a detailed level. After you activate cost allocation tags, AWS
uses the cost allocation tags to organize your resource costs on your cost allocation report, to make it
easier for you to categorize and track your AWS costs.
             Enabling billing alerts using CloudWatch will make it easier to track and manage your spending.
The alarm triggers when your account billing exceeds the threshold you specify. Billing alerts can help
prevent unexpected spend increases which may be due to unauthorized AWS account or Unknown EC2
instance usage, resources which have been provisioned in your account but are no longer in use or due to
higher traffic load that can increase the utilization of all of your resources.
Option B is not correct. There is nothing called Budget Explorer.
Option D is not correct. The AWS Price List API is used to know the prices of the AWS services.
 
References:
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cl
oudwatch.html
Question 57: Skipped
Engineers are wasting a lot of time and effort when installing and managing batch computing
software in traditional data centers. Which of the following AWS services allows them to easily run
hundreds of thousands of batch computing jobs?


A. Amazon EC2

B. AWS Fargate

C. AWS Batch

(Correct)

D. None of the above

Explanation
          AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of
thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity
and type of compute resources (e.g., CPU or memory-optimized instances) based on the volume and
specific resource requirements of the batch jobs submitted. With AWS Batch, there is no need to install
and manage batch computing software or server clusters that you use to run your jobs, allowing you to
focus on analyzing results and solving problems. AWS Batch plans, schedules, and executes your batch
computing workloads across the full range of AWS compute services and features, such as Amazon EC2
and Spot Instances.
                               
Option A is not correct. Amazon EC2 can be used to run any number of batch processing jobs but you are
responsible for installing and managing a batch computing software and creating the server clusters.
Option B is not correct. AWS Fargate is a compute engine for Amazon ECS that allows you to run
containers without having to manage servers or clusters.
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf         page 22
Question 58: Skipped
Which of the following is the responsibility of AWS according to the Shared Security Model?


 A. Securing regions and edge locations

(Correct)

B. Securing access to AWS resources

C. Monitoring AWS resources usage

D. Performing auditing tasks

Explanation
According to the Shared Security Model, AWS’ responsibility is the Security of the Cloud. AWS is
responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This
infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud
services.
 
All other options represent responsibilities of the customer.
 
References:
https://aws.amazon.com/compliance/shared-responsibility-model/
Question 59: Skipped
Which statement is true in relation to AWS pricing? (Choose two)

A. With AWS, you don’t have to pay any money upfront.

(Correct)

B. For some services, you have to pay a startup fee in order to get the service running.


C. There are no reservations on AWS, you only pay for what you use.

D. You are responsible for buying a license for any software not developed by AWS.

E. You only pay for the individual services that you need with no long term contracts.

(Correct)

Explanation
          With AWS, you only pay for what you consume, you don’t have to pay any money upfront and
there are no long term contracts.
Option B is not correct. There are no startup fees for any AWS service.
Option C is not correct. You have the choice to reserve capacity on AWS. If you are committed to use a
service for a long time, then it is better to reserve to get large discounts. For example Amazon EC2
Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand
instance pricing.
Option D is not correct. AWS is responsible for setting up the software licenses used in their platform.
AWS makes it is easy for you by partnering with vendors like Microsoft, IBM and other vendors to
simplify running many commercial software packages on your EC2 instances. For some commercial
software packages that AWS does not provide such as Oracle applications you still need to obtain a
license directly from the vendors.
 
References:
https://aws.amazon.com/pricing/
Question 60: Skipped
Which statement is true in relation to security?

A. AWS manages everything related to the operating system.


 B. AWS cannot access users’ data.

(Correct)

C. AWS is responsible for the security of your application.

D. Server side encryption is the responsibility of AWS.

Explanation
            AWS has no idea about the user data and cannot read any data even if they wanted to. All data are
protected by the customer access keys and secret access keys and the user’s encryption methods.
Option A is not correct. It is the responsibility of the customer to choose and mange the operating system.
Option C is not correct. It is the responsibility of the customer to build secure applications.
Option D is not correct. It is the responsibility of the customer to encrypt data either on the client side or
on the server side.
References:
https://aws.amazon.com/compliance/shared-responsibility-model/
Question 61: Skipped
Which database should you use if your application requires joins or complex transactions?

A. Amazon DynamoDB

B. Amazon DocumentDB

C. Amazon RDS

(Correct)


D. Amazon ElastiCache
Explanation
             If your database’s schema cannot be denormalized, and your application requires joins or complex
transactions, consider using a relational database such as Amazon RDS.
 
Option A is not correct. A key-value database such as Amazon DynamoDB is a type of non-relational
database that uses a simple key-value method to store and retrieve data. DynamoDB does not support
complex relational queries such as joins or complex transactions.
Option B is not correct. Document databases such as Amazon DocumentDB are designed to store semi-
structured data as documents.
Option D is not correct. In-memory databases such as Amazon ElastiCache are used for applications that
require microsecond latency where millisecond latency is not enough.
 
References:
https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
https://aws.amazon.com/products/databases/
Question 62: Skipped
Which of the following requires an access key and a security access key to get programmatic access
to AWS resources? (Choose two)

A. IAM user

(Correct)

B. IAM group

C. AWS account root user

(Correct)


D. IAM role

E. TAM
Explanation
           An AWS IAM user might need to make API calls or use the AWS CLI. In that case, you need to
create an access key (access key ID and a secret access key) for that user. You can create IAM user access
keys with the IAM console, AWS CLI,or AWS API.
          To create access keys for your AWS account root user, you must use the AWS Management
Console.
Option B & D are not correct. An IAM group and IAM role represent other IAM Identities that serve
different purposes in the AWS IAM.
Option E is not correct. TAM refers to the AWS technical account manager.
 
References:
https://d1.awsstatic.com/whitepapers/aws-overview.pdf
Question 63: Skipped
Amazon EBS volumes are automatically replicated within the same availability zone. What is the
benefit of this?

A. Elasticity

B. Durability

(Correct)

C. Traceability


D. Accessibility
Explanation
         Durability refers to the ability of a system to assure data is stored and data remains consistent in the
system as long as it is not changed by legitimate access. This means that data should not become
corrupted or disappear due to a system malfunction. The replication of data makes EBS volumes 20 times
more durable than typical commodity disk drives, which fail with an AFR (annual failure rate) of around
4%. For example, if you have 1,000 EBS volumes running for 1 year, you should expect 1 to 2 will have a
failure.
Option A is not correct. Elasticity refers to the ability of a system to scale its resources up or down based
on demand.
Option C is not correct. Traceability is related to the tracking of changes made throughout a system, and
not related to replicating EBS data.
Option D is not correct. Replicating the volume doesn’t impact how you can access it. You can access
EBS volumes using EC2 after mounting them to the operating system.
 
References:
https://aws.amazon.com/ebs/
Question 64: Skipped
Where can AWS customers find their historical billing information?

A. AWS Billing History

B. Billing and Cost Management console

(Correct)

C. AWS Simple Monthly calculator


 D. AWS TCO
Explanation
          To view your AWS bill, open the “Bills” pane of the Billing and Cost Management console, and
then choose the month you want to view from the drop-down menu.
Option A is not correct. “AWS Billing History” is a bogus option.
Option C and D are not correct. AWS Simple Monthly Calculator and AWS TCO are calculators to
estimate your AWS costs.
 
References:
https://aws.amazon.com/premiumsupport/knowledge-center/view-aws-payments/
Question 65: Skipped
Which of the following procedures can reduce latency to your end users? (Choose two)

A. Store media assets in S3 and use CloudFront to distribute these assets

(Correct)

B. Store media assets on an additional EBS volume and increase the capacity of your server

C. Store media assets in the region closest to your end users

(Correct)

D. Replicate media assets to at least two availability zones

E. Reduce the size of media assets using the Amazon Elastic Transcoder
Explanation
             Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data,
videos, applications, and APIs to customers globally with low latency and high transfer speeds.
CloudFront is the best solution to reduce latency if you have users from different places around the world.
             Storing media assets in a region closer to the end-users can help reduce latency for those users.
This is because these assets will travel a shorter distance over the network.
Option B is not correct. Storing media assets on an additional EBS volume or increasing the capacity of
your server does nothing with regards to latency. The question doesn’t mention that you are facing heavy
workloads. Therefore increasing the capacity of your EC2 instances to higher types will be a waste of
money in this scenario.
Option D is not correct. Replicating your media assets on at least two availability zones may improve the
availability of your application but will not reduce latency especially if these AZs exist in the same
region.
Option E is not correct. Amazon Elastic Transcoder lets you convert media files that you have stored in
Amazon S3 into media files in the formats required by consumer playback devices. For example, you can
convert large, high-quality digital media files into formats that users can play back on mobile devices,
tablets, web browsers, and connected televisions.
 
References:
https://aws.amazon.com/cloudfront/
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.ht
ml
lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily
Option C is not correct. AWS Systems Manager gives you visibility and control of your infrastructure on
AWS. Systems Manager provides a unified user interface so you can view operational data from multiple
AWS services and allows you to automate operational tasks across your AWS resources. With Systems
Manager, you can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS
instances, by application, view operational data for monitoring and troubleshooting, and take action on
your groups of resources.
Option E is not correct. There is nothing called Amazon Route Manager.

References:
https://aws.amazon.com/route53/