1. 2.

A multi-national company has just moved i†s Which of the following is a benefit of using AWS
infrastructure from i†s on-premises data managed services sụch as Amazon
center to AWS Cloud. As part of the shared Relational Database Service (Amazon RDS)?
responsibility model, AWS is responsible for A. The customer needs to manage database
which of the following? backups
A. Configuring customer applications B. The customer needs to patch the underlying
B. Service and Communications Protection or OS
Zone Security C. There is no need to optimize database instance
C. Physical and Environmental controls (Correct) type and size
D. Patching guest OS D.The performance of AWS managed Amazon
Relational Database Service (Amazon RDS)
instance is better than a customer managed
database instance - (Correct)
3. Which AWS Service can be used to mitigate a 4. A medical research startup wants to
Distributed Denial of Service (DDoS) understand the compliance of AWS services
attack? concerning HIPAA guidelines. Which AWS service
can be used †o review the HIPAA
A. AWS Key Management Service (AWS KMS) compliance and governance-related documents
on AWS?
B. AWS Systems Manager A. AWSArtifact (Correct)
B. AWS Trusted Advisor
C. Amazon CloudWatch C. AWS Systems Manager
D. AWS Secrets Manager
D.AWS Shield (Correct)

5. A startup wants to migrate its data and 6. A research group wants †o use EC2 instances
applications from the on-premises data center †o †o run a scientific computation application
AWS Cloud. Which of the following options can that has a fault tolerant architecture. The
be used by the startup to help with this application needs high-performance hardware
migration? (Select †wo) disks that provide fast l⁄O performance. As a
Cloud Practitioner, which of the following
A. Consult moderators on AWS Developer Forums storage options would you recommend as the
B. Utilize AWS Partner Network (APN) to build a MOST cost-effective solution ?
custom solution for this infrastructure migration
(Correct) A. Amazon Simple Storage Service (Amazon S3)
C. Raise a support ticket with AWS Support for
further assistance B. Amazon Elastic Block Store (EBS)
D. Leverage AWS Professional Services to
accelerate the infrastructure migration (Correct) C. Amazon Elastic File System (Amazon EFS)
E. Use AWS Trusted Advisor to automate the
infrastructure migration D. Instance Store (Correct)

7. A cyber forensics team has detected that AWS 8. Which AWS service will help you receive alerts
owned IP-addresses are being used †o when the reservation utilization falls
carry out malicious attacks. As this constitutes below the defined threshold?
prohibited use of AWS services, which of
the following is the correct solution to address @® AWS Budgets (Correct)
this issue?
AWS CloudTrail
A. Write an email to Jeff Bezos, the founder of
Amazon, with the details of the @®) AWES Trusted Advisor
incident
B. Contact AWS Abuse Team (Correct) @® AWS Pricing Calculator
C. Contact AWS Support
D. Contact AWS Developer Forum moderators
Question 9: Skipped Question 1O: Skipped

A big data analytics company is moving its [T Which security service of AWS is enabled for all
infrastructure from an on-premises data AWS customers, by default, at no
center to AWS Cloud. The company has some additional cost?
server-bound software licenses that it
wants †o use on AWS. As a Cloud Practitioner, @ AWS Secrets Manager
which of the following EC2 instance †ypes
would you recommend to the company? AWS Shield Advanced

@®) On-Demand Instance _ AWS Shield Standard (Correct)

B Reserved Instance (RI) @ AWS Web Application Firewall (AWS WAF)

C. Dedicated Host (Correct)

D. Dedicated Instance
Question 11: Skipped Question 12: Skipped

Which of the following are correct statements Which of the following is an INCORRECT
regarding the AWS Global Infrastructure? statement about Scaling, a design principle of
(Select two) Reliability pillar of the AWS Well-Architected
Framework?
A. Each Availability Zone (AZ) consists of two or
more discrete data centers @ A scale out operation implies you scale by
adding more instances to your existing pool of
B. Each AWS Region consists of a minimum of resources
three Availability Zones (A2) (Correct)
@ Fault tolerance is achieved by a scale up
C. Each AWS Region consists of a minimum of operation (Correct)
two Availability Zones (AZ)
@œ Ä scale up operation implies you scale by
D. Each AWS Region consists of two or more Edge adding more power (CPU, RAM) to your existing
Locations machine/node

E. Each Availability Zone (AZ) consists of one or } Fault tolerance is achieved by a scale out
more discrete data centers (Correct) operation
Question 13: Skipped Question 14: Skipped
Which of the following is CORRECT regarding
removing an AWS account from AWS Which of the following are the storage services
Organizations? offered by the AWS Cloud? (Select two)

l@) The AWS account must not have any Service A. Amazon Simple Storage Service (Amazon S3)
Control Policies (SCPs) (Correct)
attached to ï¡t. Only then it can be removed from
AWS organizations B. Amazon Simple Queue Service (SOS)

The AWS account must be able to operate as a C. Amazon Elastic File System (Amazon EFS)
standalone (Correct)

account. Only then it can be removed from AWS D. Amazon Elastic Compute Cloud (Amazon EC2)
organizations (Correct)
E. Amazon Simple Notification Service (SNS)
l@) The AWS account can be removed from AWS
Systems Manager

@œ Raise a support ticket with AWS Support to

remove the account
Question 15: Skipped Question 16: Skipped

Which of the following is an AWS database AWS Shield Advanced provides expanded DDoS
service? attack protection for web applications
running on which of the following resources?
A. AWSGlue (Select two)

AWS Storage Gateway A. Amazon API Gateway

@® AWS Database Migration Service (AWS DMS) B. AWS Elastic Beanstalk

Amazon Redshift (Correct) C. AWS Global Accelerator (Correct)

D. Amazon Route 53 (Correct)
E. AWS CloudFormation
Question 17: Skipped Question 18: Skipped
Which of the following is the MOST cost-effective
A multi-national corporation wants †o get expert option to purchase an EC2 Reserved
professional advice on migrating †o Instance (Rl)?
AWS and managing their applications on AWS
Cloud. Which of the following entities A. Partial upfront payment option with
would you recommend for this engagement? standard 3-years term (Correct)

@®) Concierge Support Team B. All upfront payment option with the standard
1-year term
@®) APN Technology Partner
C. No upfront payment option with standard 1-
C .AWSTrusted Advisor year term

@ APN Consulting Partner (Correct) D. No upfront payment option with standard 3-

 years term
Question 19: Skipped Question 2O: _Skipped

A startup wants to set up its IT infrastructure on A company needs a storage solution for a project
AWS Cloud. The CTO would like to get wherein the data is accessed less
an estimate of the monthly AWS bill based on the †requently but needs rapid access when
AWS services that the s†artup wants †o required. Which S3 s†orage class is the MOST
use. As a Cloud Practitioner, which AWS service cost-effective for the given use-case?
would you suggest for this use-case?
@ Amazon S3 Glacier (S3 Glacier)
@ AWS Cost Explorer
@ Amazon S3 Intelligent-Tiering (S3 Intelligent-
@ AWS Pricing Calculator (Correct) Tiering)

@ AWS Cost 8 Usage Report (AWS CUR) @ Amazon S3 Standard

C3 AWS Budgets @ Amazon S3 Standard-Infrequent Access (S3

Standard-IA) (Correct)
Question 21: Skipped Question 22: Skipped

Which of the following statements are CORRECT A silicon valley based healthcare startup stores
regarding the Availability Zone (AZ) anonymized patient health data on
specific characteristics of Amazon Elastic Block Amazon S3. The CTO further wants †o ensure
Store (EBS) and Amazon Elastic File that any sensitive data on S3 is discovered
System (Amazon EFS) storage types? and identified to prevent any sensitive data leaks.
As a Cloud Practitioner, which AWS
A. EBS volume can be attached to a single service would you recommend addressing this
instance in the same Availability Zone (AZ) use-case?
whereas EFS file system can be mounted
on instances across multiple Availability Zones @®) Amazon Macie (Correct)
(A2) (Correct)
AWS Secrets Manager
B. EBS volume can be attached to one or more
instances in multiple Availability Zones (AZ) and @®) Amazon Polly
EFS file system can be mounted on instances
across multiple Availability Zones (AZ) @ΠAWSGlue

EBS volume can be attached to one or more

instances in multiple Availability Zones (AZ) and
EFS file system can be mounted on instances in
the same Availability Zone (AZ)
D. EBS volume can be attached to a single
instance in the same Availability Zone (A2) and
EFS file system can only be mounted on instances
in the same Availability Zone (AZ)
Question 23: Skipped Question 24: Skipped
Compared to the on-demand instance prices, A company runs an application on a fleet of EC2
what is the highes† possible discount instances. The company wants to
offered for spot instances? automate the traditional maintenance job of
running timely assessments and checking
@®) 90 (Correct) for OS vulnerabilities. As a Cloud Practitioner,
which service will you suggest for this use
@€ 10 case?

@ 75 A. AWS Shield
B.Amazon Macie
€@ 50 C. Amazon GuardDuty
D.Amazon lInspector (Correct)
Question 25: Skipped Question 26: Skipped

The DevObps team at an e-commerce company is Which of the following AWS services support VPC
trying to debug performanece issues for Endpoint Gateway for a private connection from
i†ts serverless application built using a a VPC? (Select two)
microservices architecture. As a Cloud A. Amazon DynamoDB (Correct)
Practitioner, which AWS service would you B. Amazon Elastic Compute Cloud (Amazon EC2)
recommend addressing this use-case? C.Amazon Simple Storage Service (Amazon S3)
(Correct)
@®) AWS Trusted Advisor D. Amazon Simple Queue Service (SQS)
E. Amazon Simple Notification Service (SNS)
@ AWSX-Ray (Correct)

_ AWS CloudFormation

@®) Amazon Pinpoint

Question 27: Skipped Question 28: Skipped

Which AWS services can be used †o decouple A company wants to have control over creating
components of a microservices based and using its own keys for encryption on
application on AWS Cloud? (Select two) AWS services. Which of the following can be used
for this use-case?
A. AWS Lambda
B.Amazon Simple Notification Service (SNS) @œ customer managed key (CMK) (Correct)
(Correct)
C. AWS Step Functions @œ AWS Secrets Manager
D.Amazon Elastic Compute Cloud (Amazon EC2)
E. Amazon Simple Queue Service (SQS) (Correct) _ AWS managed key

@®) AWS owned key

Question 29: Skipped Question 30: Skipped

Which tool/service will help you access AWS AWS Web Application Firewall (WAF) offers
services using programmiing language- protection from common web exploits at
specific APIs2 which layer?
l@) AWS Management Console Layer4

l@) AWS Software Developer Kit (SDK) (Correct) Layer3

l@) Integrated Development Environments (IDE) @œ Layer 4 and 7

@) AWS Command Line Interface (CLI) l@) Layer 7 (Correct)

Question 31: Skipped Question 32: Skipped
Which of the following AWS Support plans
provide access †o only core checks from the A company uses reserved EC2 ins†ances across
AWS Trusted Advisor Best Practice Checks? multiple units with each unit having its
(Select two} own AWS account. However, some of the units
A. AWS Enterprise Support under-utilize their reserved instances
B. AWS Enterprise On-Ramp Support while other units need more reserved instances.
C. AWS Business Support As a Cloud Practitioner, which of the
D. AWS Basic Support (Correct) following would you recommend as the most
E. AWS Developer Support (Correct) cost-optimal solution ?

@®) Use AWS Organizations to manage AWS

accounts of all units and then share the reserved
EC2 instances amongst all units (Correct)

@®) Use AWS Trusted Advisor to manage AWS

accounts of all units and then share the reserved
EC2 instances amongst all units

C. Use AWS Systems Manager to manage AWS

accounts of all units and then share the reserved
EC2 instances amongst all units
D. Use AWS Cost Explorer to manage AWS
accounts of all units and then share the reserved
EC2 instances amongst all units
Question 33: Skipped Question 34: Skipped

A company wants to improve the resiliency of its Under the AWS Shared Responsibility Model,
flagship application so it wants to move which of the following is a shared
†rom its traditional database system to a responsibility of both AWS and the customer?
managed AWS NoSQL database service †o
support active-active configuration in both the A.Guarantee data separation among various
East and West US AWS regions. The AWS customers
active-active configuration with cross-region B. Infrastructure maintenance of Amazon Simple
support is the prime criteria for any Storage Service (Amazon S3) storage servers
database solution that the company considers. C. Availability Zone (A2) infrastructure
maintenance
Which AWS database service is the right fit for
this requirement? @®) Configuration Management (Correct)
A. Amazon DynamoDB with global tables
(Correct)

@œ Amazon DynamoDB with DynamoDB

Accelerator

@œ Amazon Relational Database Service

(Amazon RDS) for MYSQL

@œ Amazon Aurora with multi-master clusters

Question 35: Skipped Ouestion 36: Skipped

According to the AWS Shared Responsibility Which AWS services can be used to facilitate
Model, which of the following are responsibilities organizational change management, par† of
of AWS? (Select two) the Reliability pillar of AWS Well-Architected
A. Creating S3 bucket policies for appropriate Framework? (Select three)
user access
B. Creating IAM role for accessing Amazon EC2 A. Amazon Inspector
instances
C.Operating the infrastructure layer, the B. AWS CloudTrail (Correct)
operating system and the platform for the
Amazon S3 service (Correct) C. Amazon CloudWatch (Correct)
D. AWS Trusted Advisor
D. Replacing faulty hardware of Amazon EC2 E. AWS Config (Correct)
instances (Correct) F. Amazon GuardDuty
E. Enabling Multi Factor Authentication on AWS
accounts in your organization
Question 37: Skipped Question 38: Skipped

Which of the following Amazon S3 storage classes A financial services company wants to ensure
takes the most time to retrieve data that its AWS account activity meets the
(also known as first byte latency)? governance, compliance and auditing norms. As a
Cloud Practitioner, which AWS service
@ Amazon S3 Glacier Deep Archive (Correct) would you recommend for this use-case?

_ Amazon S3 Standard A. AWSConfig

B. AWS CloudTrail (Correct)
_ Amazon S3 Glacier Flexible Retrieval C. AWS Trusted Advisor
D. Amazon CloudWatch
@œ Amazon S3 Intelligent-Tiering
Question 39: Skipped Question 40: Skipped

According to the AWS Cloud Adoption Which of the following AWS services should be
Framework (AWS CAF), what are two tasks that a used to automatically distribute incoming
company should perform when planning to traffic across multiple targets?
migrate to the AWS Cloud and aiming †o
become more responsive to customer inquiries _ AWS Elastic Beanstalk
and feedback as part of their
organizational transformation? (Select two) @œ AWS Elastic Load Balancing (ELB) (Correct)

A. Leverage legacy infrastructure for cost AWS Auto Scaling

efficiencies
B. Create new analytical insights with existing @®) Amazon OpenSearch Service
products and services
C. Leverage agile methods to rapidly iterate and
evolve (Correct)
D. Organize your teams around bureaucratic
design principles
E. Organize your teams around produc†ts and
value streams (Correct)
Question 42: Skipped
Question 41: Skipped
An IT company is planning to migrate from an on-
A data analytics company is running a proprietary premises environment to AWS Cloud.
batch analytics application on AWS Which of the following expense areas would
and wants to use a sforage service which would result in cos† savings when the company
be accessed by hundreds of EC2 moves to AWS Cloud? (Select two)
instances simultaneously to append data to
existing files. As a Cloud Practitioner, which A. Project manager salary
AWS service would you suggest for this use-case?
B. Data center hardware infrastructure
A. Amazon Elastic File System (Amazon EFS) expenditure (Correct)
(Correct) C. Data center physical security expenditure
(Correct)
@®) Amazon Elastic Block Store (Amazon EBS) D. SaaS application license fee

@ Amazon Simple Storage Service (Amazon S3) E. Developer salary

D.Instance Store
Question 43: Skipped Question 44: Skipped

Which option is a common stakeholder role for A company wants to identify the optimal AWS
the AWS Cloud Adoption Framework resource configuration for its workloads so
(AWS CAF) platform perspective? (Select two) that the company can reduce costs and increase
workload performance. Which of the
L] Chief Data Officer (CDO) following services can be used to meet this
requirement?
L] Chief Product Officer (CPO)
@®) AWS Cost Explorer
Chief Technology Officer (CTO) (Correct)
@®) AWS Compute Optimizer (Correct)
L] Chief Information Officer (CIO)
@®) AWS Systems Manager

D. AWS Budgets
Question 45: Skipped Question 46: _Skipped

A Project Manager, working on AWS for the first Which of the following AWS services can be used
time, is confused about how credi†s are to connect a company's on-premises
used in AWS. There are †wo credits available in environment to a VPC without using the public
the manager's account. Credit one is for internet?
$100, expires July 2022, and can be used for
either Amazon S3 or Amazon EC2. Credit @ Internet Gateway
two is for $50, expires December 2022, and can
be used only for Amazon EC2. The B. VPC Endpoint
manager's AWS account has incurred two
charges: $1000 for Amazon EC2 and $500 for l@) AWS Direct Connect (Correct)
Amazon S3.
D. AWS Site-to-Site VPN
What will be the outcome on the overall bill once
the credits are used ? (Select two)

A. Credit one is applied, which expires ỉn July, to

the Amazon EC2 charge which leaves you with a
$900 Amazon EC2 chargeanda $500 Amazon S3
charge (Correct)
B.Only one credit can be used in one billing cycle
and the customer has a choice to choose from
the available ones
C. Credit one is applied, which expires in July, to
Amazon S3 usage whicheaves you with a $1000
Amazon EC2 charge and a $400 Amazon S3
charge

D. Then, credit two is applied to the remaining

$900 of Amazon EC2 usage (Correct)
E. Then, credit two is applied to S500 for Amazon
S3 usage
Question 47: Skipped Question 48: Skipped

Which of the following AWS Support plans Which of the following are the advantages of
provide access to guidance, configuration, cloud computing? (Select three)
and troubleshooting of AWS interoperability with A. Trade capital expense for variable expense
third-party software? (Select two) (Correct)
A. AWS Corporate Support B. Benefit from massive economies of scale
B. AWS Developer Support (Correct)
C. AWS Basic Support C. Go global in minutes and deploy applications in
D. AWS Enterprise Support (Correct) multiple regions around the world with just a few
E. AWS Business Support (Correct) clicks (Correct)
D. Spend money on building and maintaining
data centers
E. Trade variable expense for capital expense
F. Rllocate a few months of planning for your
 infrastructure capacity needs
Question 49: Skipped Question 5O: Skipped

Which of the following entities applies patches to What are the advantages that AWS Cloud offers
the underlying OS for Amazon Aurora? over a traditional on-premises IT infrastructure?
(Select two)
@ The AWS Product Team automatically
(Correct) A. Eliminate guessing on your infrastructure
capacity needs (Correct)
@œ The AWS customer by SSHing on the B. lncrease speed and agility by keeping servers
instances and other required resources ready before time
in your data centers
œ The AWS customer by using AWS Systems C. Provide lower latency to applications by
Manager maintaining servers on-premises

@ The AWS Support after receiving a request D. Make a capacity decision before deploying an
from the customer application, to reduce costs
E. Trade capital expense for variable expense
(Correct)
Question 51: Skipped Question 52: Skipped

Which type of cloud computing does Amazon An e-commerce company has deployed an RDS
Elastic Compute Cloud (EC2) represen†t? database in a single Availability Zone
(A2). The engineering team wants to ensure that
®) Software as a Service (SaaS) in case of an AZ outage, the database
should continue working on the same endpoin†t
@ Network as a Service (NaaS) without any manual administrative
Intervention. Which of the following solutions
@®) Infrastructure as a Service (laaS) (Correct) can address this use-case?
A. Deploy the database via AWS Elastic Beanstalk
® Platform as a Service (PaaS) B. Configure the database in RDS Multi-AZ
deployment with automatic failover to the
standby (Correct)
C. Configure the database in RDS read replica
mode with automatic failover
to the standby
D. C3 Provision the database via AWS
CloudFormation
Question 53: Skipped Question 54: Skipped

An intern at an IT company provisioned a Linux Which AWS Route 53 routing policy would you
based On-demand EC2 instance with use to route traffic to multiple resources
per-second billing but terminated it within 30 and also choose how much traffic is routed to
seconds as he wanted †o provision another each resource?
Iinstance type. What is the duration for which the
instance would be charged? @œ@ Weighted routing (Correct)
@œ 30 seconds @ Failover routing

@®) 60 seconds (Correct) @ latency-based routing

600 seconds @ Simple routing

300 seconds
Question 55: Skipped Question 56: _Skipped

Which of the following is a recommended way †o Which of the following AWS services has
provide programmatic access to AWS encryption enabled by default?
resources? A.Amazon Relational Database Service (Amazon
RDS)
A. Create a new IAM user and share the
username and password Amazon Elastic Block Store (Amazon EBS)

@® Use Access Key ID and Secret Access Key to Amazon Elastic File System (Amazon EFS)
access AWS resources programmatically
(Correct) AWS CloudTrail Logs (Correct)

@ Use [AM user group to access AWS resources

programmatically

@œ Use AWS Multi-Factor Authentication (AWS

MFA) to access AWS resources programmatically
Question 57: Skipped Question 58: Skipped

The DevOps team at an IT company is moving 500 Which of the following is a serverless AWS
GB of data from an EC2 instance to service?
an S3 bucket in the same region. Which of the
following scenario captures the correct @ Amazon Elastic Compute Cloud (Amazon EC2)
charges for this data transfer?
)_ AWS Elastic Beanstalk
A.The company would only be charged for the
outbound data transfer from EC2 instance ) Amazon EMR
B. The company would only be charged for the
inbound data transfer into the S3 bucket 3 AWS Lambda (Correct)
C.The company would not be charged for this
data transfer (Correct)
D. The company would be charged for both the
outbound data transfer from EC2 instance as well
as the inbound data transfer into the S3 bucket
Question 59: _ Skipped Question 6O: _Skipped

Which AWS Support plan provides architectural Which of the following statements are CORRECT
guidance contextual to your specific use-cases? regarding the AWS VPC service?
(Select two)
A. AWS Enterprise On-Ramp Support A. A Security Group can have both allow and
deny rules
®) AWS Enterprise Support
B. A Security Group can have allow rules only
@) AWS Developer Support (Correct)
C. A Network Address Translation gateway (NAT
D. AWS Business Support (Correct) gateway) is managed by AWS (Correct)
D. A network access control list (network ACL)
can have allow rules only
E. A Network Address Translation instance (NAT
instance) is managed by AWS
Question 61: Skipped Question 62: _Skipped

Which of the following AWS services support A web application stores all of its data on Amazon
reservations to optimize costs? (Select three) S3 buckets. A client has mandated
that data be encrypted before sending it to
A. Amazon Elastic Compute Cloud (Amazon EC2) Amazon S3.
(Correct)
B. Amazon DocumentDB Which of the following ¡s the right technique for
C. Amazon Relational Database Service (Amazon encrypting data as needed by the
RDS) (Correct) customer?
D. AWS Lambda
E. Amazon Simple Storage Service (Amazon S3) @®) Enable server-side encryption with AWS Key
F. Amazon DynamoDB (Correct) Management Service (AWS
KMS) keys (SSE-KMS)

@®) Enable server-side encryption with Amazon

S3 Managed Keys (SSE-S3)

@®) Encryption is enabled by default for all the

objects written to Amazon S3. Additional
configuration is not required

@œ Enable client-side encryption using AWS

encryption SDK (Correct)
Question 63: Skipped
Question 64: Skipped
Aunicorn startup is building an analytics
application with support for a speech-based A company wants to move to AWS cloud and
interface. The application will accept speech- release new features with quick iterations
based input from users and then convey by utilizing relevant AWS services whenever
results via speech. As a Cloud Practitioner, which required. Which of the following
solution would you recommend for the characteristics of AWS Cloud does it want to
given use-case? leverage?

@®) Use Amazon Polly to convert speech to text @ Elasticity

for downstream analysis. Then use Amazon
Transcribe to convey the text results via speech B. Agility (Correct)
B. Use Amazon Transcribe to convert speech to C. Scalability
text for downstream analysis. Then use Amazon D. Reliability
Polly to convey the text results via speech
(Correct)
C. Use Amazon Polly to convert speech to text for
downstream analysis. Then use Amazon Translate
to convey the text results via speech
D. Use Amazon Translate to convert speech to
text for downstream analysis.Then use Amazon
Polly to convey the text results via speech
Ouestion 65 _ Skipped

A startup wants to provision an EC2 instance for

the lowest possible cost for a long-term
duration but needs to make sure that the
instance would never be interrupted. As a
Cloud Practitioner, which of the following options
would you recommend?

A. EC2 Dedicated Host

@ EC2 Reserved Instance (RI) (Correct)

C. EC2 Spot lnstance

@ EC2 On-Demand lnstance