.

Each department within a company has its own independent AWS account and its own
payment method. New company leadership wants to centralize departmental
governance and consolidate payments.
How can this be achieved using AWS services or features?

 Forward monthly invoices for each account. Then create IAM roles to allow cross-account
access.
 Create a new AWS account. Then configure AWS Organizations and invite all existing
accounts to join. Correct
 Configure AWS Organizations in each of the existing accounts. Then link all accounts
together.
 Use Cost Explorer to combine costs from all accounts. Then replicate IAM policies across
accounts.

Explanation/Reference:
Reference: https://docs.aws.amazon.com/organizations/latest/userguide/
orgs_manage_accounts.html

2. The ability to horizontally scale Amazon EC2 instances based on demand is an

example of which concept in the AWS Cloud value proposition?
 Economy of scale
 Elasticity Correct
 High availability
 Agility

3. An ecommerce company anticipates a huge increase in web traffic for two very
popular upcoming shopping holidays. Which AWS service or feature can be configured
to dynamically adjust resources to meet this change in demand?
 AWS CloudTrail
 Amazon EC2 Auto Scaling Correct
 Amazon Forecast
 AWS Config

Explanation/Reference:
Reference: https://aws.amazon.com/autoscaling/

4. Which AWS service enables users to securely connect to AWS resources over the
public internet?
 Amazon VPC peering
 AWS Direct Connect
 AWS VPN Correct
 Amazon Pinpoint

5. Which AWS service enables users to securely connect to AWS resources over the
public internet?
 Amazon VPC peering
 AWS Direct Connect
 AWS VPN Correct
 Amazon Pinpoint
Explanation/Reference:

Reference: https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf (36)

6. Which tool is used to forecast AWS spending?

 AWS Trusted Advisor
 AWS Organizations
 Cost Explorer Correct
 Amazon Inspector

Explanation/Reference:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html

7. A company is running an ecommerce application hosted in Europe. To decrease

latency for users who access the website from other parts of the world, the company
would like to cache frequently accessed static content closer to the users.
Which AWS service will support these requirements?

 Amazon ElastiCache
 Amazon CloudFront Correct
 Amazon Elastic File System (Amazon EFS)
 Amazon Elastic Block Store (Amazon EBS)

Explanation/Reference:
Explanation:

Amazon CloudFront employs a global network of edge locations and regional edge caches that
cache copies of your content close to your viewers. Amazon CloudFront ensures that end-user
requests are served by the closest edge location. As a result, viewer requests travel a short
distance, improving performance for your

viewers. For files not cached at the edge locations and the regional edge caches, Amazon
CloudFront keeps persistent connections with your origin servers so that those files can be fetched
from the origin servers as quickly as possible.

Reference: https://aws.amazon.com/cloudfront/faqs/

8. Which of the following is a component of the AWS Global Infrastructure?

 Amazon Alexa
 AWS Regions Correct
 Amazon Lightsail
 AWS Organizations

Explanation/Reference:

Reference: https://aws.amazon.com/about-aws/global-infrastructure/

9. Which AWS service will help users determine if an application running on an Amazon
EC2 instance has sufficient CPU capacity?
 Amazon CloudWatch Correct
  AWS Config
 AWS CloudTrail
 Amazon Inspector

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/faqs/

10. Why is it beneficial to use Elastic Load Balancers with applications?

 They allow for the conversion from Application Load Balancers to Classic Load Balancers.
 They are capable of handling constant changes in network traffic patterns. Correct
 They automatically adjust capacity.
 They are provided at no charge to users.

Explanation/Reference:

Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/what-is-load-
balancing.html

11. Which tasks are the customer’s responsibility in the AWS shared responsibility
model? (Choose two.)
 Infrastructure facilities access management
 Cloud infrastructure hardware lifecycle management
 Configuration management of user’s applications
 Networking infrastructure protection
 Security groups configuration Correct

Explanation/Reference:
Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

12. IT systems should be designed to reduce interdependencies, so that a change or

failure in one component does not cascade to other components.
This is an example of which principle of cloud architecture design?

 Scalability
 Loose coupling Correct
 Automation
 Automatic scaling

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf (20)

13. Which AWS service or feature can enhance network security by blocking requests
from a particular network for a web application on AWS? (Choose two.)
 AWS WAF Correct
 AWS Trusted Advisor
 AWS Direct Connect
 AWS Organizations
 Network ACLs Correct
Explanation/Reference:
Reference: https://aws.amazon.com/waf/ https://docs.aws.amazon.com/vpc/latest/userguide/vpc-
network-acls.html

14. An application runs on multiple Amazon EC2 instances that access a shared file
system simultaneously. Which AWS storage service should be used?
 Amazon EBS
 Amazon EFS Correct
 Amazon S3
 AWS Artifact

Explanation/Reference:
Reference: https://aws.amazon.com/efs/

15. A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon
EC2 instances, and Amazon RDS.
Which security measures fall under the responsibility of AWS? (Choose two.)

 Running a virus scan on EC2 instances

 Protecting against IP spoofing and packet sniffing Correct
 Installing the latest security patches on the RDS instance Correct
 Encrypting communication between the EC2 instances and the Elastic Load Balancer
 Configuring a security group and a network access control list (NACL) for EC2 instances

16. What is the benefit of elasticity in the AWS Cloud?

 Ensure web traffic is automatically spread across multiple AWS Regions.
 Minimize storage costs by automatically archiving log data.
 Enable AWS to automatically select the most cost-effective services.
 Automatically adjust the required compute capacity to maintain consistent performance.
Correct

Explanation/Reference:

Reference: https://aimconsulting.com/insights/blog/the-elastic-cloud-opportunity/

17. The continual reduction of AWS Cloud pricing is due to:

 pay-as-you go pricing
 the AWS global infrastructure
 economies of scale Correct
 reserved storage pricing

Explanation/Reference:
Reference: https://read.acloud.guru/there-are-four-reasons-to-explain-how-using-aws-can-change-
the- economic-model-of-the-it-services-850dcc8ea1aa?gi=3bcf6cd0e1e2

18. A company needs an Amazon S3 bucket that cannot have any public objects due to
compliance requirements. How can this be accomplished?
 Enable S3 Block Public Access from the AWS Management Console. Correct
 Hold a team meeting to discuss the importance if only uploading private S3 objects.
 Require all S3 objects to be manually approved before uploading.
 Create a service to monitor all S3 uploads and remove any public uploads.
Explanation/Reference:

Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-
access.html

19. A Cloud Practitioner identifies a billing issue after examining the AWS Cost and
Usage report in the AWS Management Console.
Which action can be taken to resolve this?

 Open a detailed case related to billing and submit it to AWS Support for help. Correct
 Upload data describing the issue to a new object in a private Amazon S3 bucket.
 Create a pricing application and deploy it to a right-sized Amazon EC2 instance for
moreinformation.
 Proceed with creating a new dashboard in Amazon QuickSight.

20. What does the AWS Simple Monthly Calculator do?

 Compares on-premises costs to colocation environments
 Estimates monthly billing based on projected usage
 Estimates power consumption at existing data centers
 Estimates CPU utilization

Explanation/Reference:

Reference: https://aws.amazon.com/blogs/aws/estimate-your-c

21. Who is responsible for patching the guest operating system for Amazon RDS?
 The AWS Product team Correct
 The customer Database Administrator
 Managed partners
 AWS Support

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

22. Which AWS services may be scaled using AWS Auto Scaling? (Choose two.)
 Amazon EC2 Correct
 Amazon DynamoDB Correct
 Amazon S3
 Amazon Route 53
 Amazon Redshift

Explanation/Reference:
Reference: https://aws.amazon.com/autoscaling/faqs/
23. Which of the following are benefits of AWS Global Accelerator? (Choose two.)
 Reduced cost to run services on AWS
 Improved availability of applications deployed on AWS Correct
 Higher durability of data stored on AWS
 Decreased latency to reach applications deployed on AWS Correct
 Higher security of data stored on AWS

24.
 Reduced cost to run services on AWS
 Improved availability of applications deployed on AWS
 Higher durability of data stored on AWS
 Decreased latency to reach applications deployed on AWS

Explanation/Reference:
Reference: https://aws.amazon.com/global-accelerator/faqs/

25. A user who wants to get help with billing and reactivate a suspended account
should submit an account and billing request to:
 the AWS Support forum
 AWS Abuse
 an AWS Solutions Architect
 AWS Support Correct

Explanation/Reference:

Reference: https://aws.amazon.com/premiumsupport/knowledge-center/reactivate-suspended-
account/

26. Which AWS Cloud best practice uses the elasticity and agility of cloud computing?
 Provision capacity based on past usage and theoretical peaks
 Dynamically and predictively scale to meet usage demands Correct
 Build the application and infrastructure in a data center that grants physical access
 Break apart the application into loosely coupled components

Explanation/Reference:
Explanation:

In a traditional computing environment, you provision capacity based on an estimate of a

theoretical maximum peak. This can result in periods where expensive resources are sitting idle or
occasions of insufficient capacity. With cloud computing, you can access as much or as little
capacity as you need and dynamically scale to meet actual demand, while only paying for what
you use.

27. Which method helps to optimize costs of users moving to the AWS Cloud?
 Paying only for what is used Correct
 Purchasing hardware before it is needed
 Manually provisioning cloud resources
 Purchasing for the maximum possible load
Explanation/Reference:

Reference: https://www.cloudmanagementinsider.com/ways-to-optimize-aws-cost/

28. Under the AWS shared responsibility model, which of the following is a customer
responsibility?
 Installing security patches for the Xen and KVM hypervisors
 Installing operating system patches for Amazon DynamoDB
 Installing operating system security patches for Amazon EC2 databaseinstances Correct
 Installing operating system security patches for Amazon RDS databaseinstances

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model

29. The AWS Cost Management tools give users the ability to do which of the following?
(Choose two.)
 Terminate all AWS resources automatically if budget thresholds are exceeded.
 Break down AWS costs by day, service, and linked AWS account. Correct
 Create budgets and receive notifications if current of forecasted usage exceeds the
budgets. Correct
 Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-
effective.
 Move data stored in Amazon S3 to a more cost-effective storage class.

30. Under the AWS shared responsibility model, the security and patching of the guest
operating system is the responsibility of:
 AWS Support
 the customer Correct
 AWS Systems Manager
 AWS Config

Explanation/Reference:

Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

31. Which AWS service makes it easy to create and manage AWS users and groups, and
provide them with secure access to AWS resources at no charge?
 AWS Direct Connect
 Amazon Connect
 AWS Identity and Access Management (IAM) Correct
 AWS Firewall Manager

Explanation/Reference:
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/console_controlling-access.html htt
ps://aws.amazon.com/iam/

32. Which AWS service provides on-demand of AWS security and compliance
documentation?
 AWS Directory Service
 AWS Artifact Correct
  AWS Trusted Advisor
 Amazon Inspector

Explanation/Reference:
Reference: https://aws.amazon.com/artifact/#:~:text=AWS%20Artifact%20is%20your
%20go,reports%20and% 20select%20online%20agreements.

33. Which AWS service can be used to turn text into life-like speech?
 Amazon Polly Correct
 Amazon Transcribe
 Amazon Rekognition
 Amazon Lex

Explanation/Reference:
Reference: https://aws.amazon.com/polly/#:~:text=Amazon%20Polly%20is%20a
%20service,synthesize% 20natural%20sounding%20human%20speech.

34. What is one of the core principles to follow when designing a highly available
application in the AWS Cloud?
 Design using a serverless architecture
 Assume that all components within an application can fail Correct
 Design AWS Auto Scaling into every application
 Design all components using open-source code

35. A user needs to generate a report that outlines the status of key security checks in
an AWS account. The report must include:
The status of Amazon S3 bucket permissions.

Whether multi-factor authentication is enabled for the AWS account root user. If any
security groups are configured to allow unrestricted access.

Where can all this information be found in one location?

 A. Amazon QuickSight dashboard

 B. AWS CloudTrail trails
 C. AWS Trusted Advisor report
 D. IAM credential report

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-
checklist/ #Security

36. A user needs to generate a report that outlines the status of key security checks in
an AWS account. The report must include:
The status of Amazon S3 bucket permissions.

Whether multi-factor authentication is enabled for the AWS account root user. If any
security groups are configured to allow unrestricted access.

Where can all this information be found in one location?

  A. Amazon QuickSight dashboard
 B. AWS CloudTrail trails
 C. AWS Trusted Advisor report Correct
 D. IAM credential report

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-
checklist/ #Security

37. Which Amazon EC2 pricing model should be used to comply with per-core software
license requirements?
 Dedicated Hosts Correct
 On-Demand Instances
 Spot Instances
 Reserved Instances

Explanation/Reference:

Reference: https://aws.amazon.com/ec2/dedicated-hosts/pricing/

38. Which of the AWS global infrastructure is used to cache copies of content for faster
delivery to users across the globe?
 AWS Regions
 Availability Zones
 Edge locations Correct
 Data centers

Explanation/Reference:
Explanation:

When your web traffic is geo-dispersed, it’s not always feasible and certainly not cost effective to
replicate your entire infrastructure across the globe. A CDN provides you the ability to utilize its
global network of edge locations to deliver a cached copy of web content such as videos,
webpages, images and so on to your customers. To reduce response time, the CDN utilizes the
nearest edge location to the customer or originating request location in order to reduce the
response time. Throughput is dramatically increased given that the web assets are delivered from
cache. For dynamic data, many CDNs can be configured to retrieve data from the origin servers.

Reference: https://aws.amazon.com/caching

39. Which of the AWS global infrastructure is used to cache copies of content for faster
delivery to users across the globe?
 AWS Regions
 Availability Zones
 Edge locations Correct
 Data centers

Explanation/Reference:
Explanation:
When your web traffic is geo-dispersed, it’s not always feasible and certainly not cost effective to
replicate your entire infrastructure across the globe. A CDN provides you the ability to utilize its
global network of edge locations to deliver a cached copy of web content such as videos,
webpages, images and so on to your customers. To reduce response time, the CDN utilizes the
nearest edge location to the customer or originating request location in order to reduce the
response time. Throughput is dramatically increased given that the web assets are delivered from
cache. For dynamic data, many CDNs can be configured to retrieve data from the origin servers.

Reference: https://aws.amazon.com/caching

40. Using AWS Config to record, audit, and evaluate changes to AWS resources to
enable traceability is an example of which AWS Well-Architected Framework pillar?
 Security Correct
 Operational excellence
 Performance efficiency
 Cost optimization

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-
Architected_Framework.pdf (12

41. A user needs to quickly deploy a non-relational database on AWS. The user does not
want to manage the underlying hardware or the database software.
Which AWS service can be used to accomplish this?

 Amazon RDS
 Amazon DynamoDB Correct
 Amazon Aurora
 Amazon Redshift

Explanation/Reference:
Reference: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/
SQLtoNoSQL.html

42. A Cloud Practitioner is developing a disaster recovery plan and intends to replicate
data between multiple geographic areas.
Which of the following meets these requirements?

 AWS Accounts
 AWS Regions Correct
 Availability Zones
 Edge locations

Explanation/Reference:
Reference: https://www.botmetric.com/blog/having-a-disaster-recovery-plan-is-pivotal-the-dos-and-
donts-on- aws-cloud/

43. Which features and benefits does the AWS Organizations service provide? (Choose
two.)
 Establishing real-time communications between members of an internal team
 Facilitating the use of NoSQL databases
 Providing automated security checks
 Implementing consolidated billing Correct
 Enforcing the governance of AWS accounts Correct
Explanation/Reference:
Reference: https://aws.amazon.com/organizations/

44. Which AWS service is used to automate configuration management using Chef and
Puppet?
 AWS Config
 AWS OpsWorks Correct
 AWS CloudFormation
 AWS Systems Manager

Explanation/Reference:
Reference: https://aws.amazon.com/opsworks/

45. Which tool is best suited for combining the billing of AWS accounts that were
previously independent from one another?
 Detailed billing report
 Consolidated billing Correct
 AWS Cost and Usage report
 Cost allocation report

Explanation/Reference:

Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-
billing.html

46. The AWS Total Cost of Ownership (TCO) Calculator is used to:
 receive reports that break down AWS Cloud compute costs by duration, resource, or tags
 estimate savings when comparing the AWS Cloud to an on-premises environment Correct
 estimate a monthly bill for the AWS Cloud resources that will be used
 enable billing alerts to monitor actual AWS costs compared to estimated costs

Explanation/Reference:
Reference: https://aws.amazon.com/tco-calculator/

47. Which AWS services can be used to provide network connectivity between an on-
premises network and a VPC? (Choose two.)
 Amazon Route 53
 AWS Direct Connect Correct
 AWS Data Pipeline
 AWS VPN Correct
 Amazon Connect

Explanation/Reference:
Reference: https://aws.amazon.com/directconnect/faqs/
48. Under the AWS shared responsibility model, which of the following are customer
responsibilities? (Choose two.)
 Setting up server-side encryption on an Amazon S3 bucket Correct
 Amazon RDS instance patching
 Network and firewall configurations Correct
 Physical security of data center facilities
 Compute capacity availability

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

49. What is the MINIMUM AWS Support plan level that will provide users with access to
the AWS Support API?
 Developer
 Enterprise
 Business Correct
 Basic

Explanation/Reference:

Reference: https://aws.amazon.com/premiumsupport/plans/

50. A company has deployed several relational databases on Amazon EC2 instances.
Every month, the database software vendor releases new security patches that need to
be applied to the databases.
What is the MOST efficient way to apply the security patches?

 Connect to each database instance on a monthly basis, and download and apply the
necessary security patches from the vendor.
 Enable automatic patching for the instances using the Amazon RDS console.
 In AWS Config, configure a rule for the instances and the required patch level.
 Use AWS Systems Manager to automate database patching according to a schedule.
Correct

Explanation/Reference:

Reference: https://aws.amazon.com/rds/faqs/

51. A company wants to use Amazon Elastic Compute Cloud (Amazon EC2) to deploy a
global commercial application. The deployment solution should be built with the highest
redundancy and fault tolerance.
Based on this situation, the Amazon EC2 instances should be deployed:

 in a single Availability Zone in one AWS Region

 with multiple Elastic Network Interfaces belonging to different subnets
 across multiple Availability Zones in one AWS Region
 across multiple Availability Zones in two AWS Regions Correct
Explanation/Reference:
Reference: https://jayendrapatil.com/aws-high-availability-fault-tolerance-architecture-certification/

52. A company has an application with users in both Australia and Brazil. All the
company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in
Australia, and Brazilian users are experiencing high latency.
What should the company do to reduce latency?

 Implement AWS Direct Connect for users in Brazil

 Provision resources in the South America (São Paulo) Region in Brazil Correct
 Use AWS Transit Gateway to quickly route users from Brazil to the application
 Launch additional Amazon EC2 instances in Sydney to handle the demand

Explanation/Reference:
Reference: https://aws.amazon.com/transit-gateway/

53. A company has an application with users in both Australia and Brazil. All the
company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in
Australia, and Brazilian users are experiencing high latency.
What should the company do to reduce latency?

 Implement AWS Direct Connect for users in Brazil

 Provision resources in the South America (São Paulo) Region in Brazil Correct
 Use AWS Transit Gateway to quickly route users from Brazil to the application
 Launch additional Amazon EC2 instances in Sydney to handle the demand

Explanation/Reference:
Reference: https://aws.amazon.com/transit-gateway/

54. An Amazon EC2 instance runs only when needed yet must remain active for the
duration of the process. What is the most appropriate purchasing option?
 Dedicated Instances
 Spot Instances
 On-Demand Instances Correct
 Reserved Instances

Explanation/Reference:

Reference: https://jayendrapatil.com/aws-ec2-instance-purchasing

55. Which AWS dashboard displays relevant and timely information to help users
manage events in progress, and provides proactive notifications to help plan for
scheduled activities?
 AWS Service Health Dashboard
 AWS Personal Health Dashboard Correct
 AWS Trusted Advisor dashboard
 Amazon CloudWatch dashboard
Explanation/Reference:

Reference: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

56. Which AWS hybrid storage service enables a user’s on-premises applications to
seamlessly use AWS Cloud storage?
 AWS Backup
 Amazon Connect
 AWS Direct Connect
 AWS Storage Gateway Correct

Explanation/Reference:
Reference: https://aws.amazon.com/storagegateway/?whats-new-cards.sort- by=item.additionalFiel
ds.postDateTime&whats-new-cards.sort-order=desc

57. Which of the following acts as a virtual firewall at the Amazon EC2 instance level to
control traffic for one or more instances?
 Access keys
 Virtual private gateways
 Security groups Correct
 Access Control Lists (ACL)

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html

58. What is the most efficient way to establish network connectivity from on-premises
to multiple VPCs in different AWS Regions?
 Use AWS Direct Connect
 Use AWS VPN
 Use AWS Client VPN
 Use an AWS Transit Gateway Correct

Explanation/Reference:

Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-
network- infrastructure.pdf (11)

59. What is the most efficient way to establish network connectivity from on-premises
to multiple VPCs in different AWS Regions?
 Use AWS Direct Connect
 Use AWS VPN
 Use AWS Client VPN
 Use an AWS Transit Gateway Correct

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-
network- infrastructure.pdf (11)

60. Which AWS Support plan provides access to architectural and operational reviews,
as well as 24/7 access to Senior Cloud Support Engineers through email, online chat,
and phone?
 Basic
 Business
 Developer
 Enterprise Correct

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/plans/enterprise

61. Which AWS service or feature helps restrict the AWS services, resources, and
individual API actions the users and roles in each member account can access?
 Amazon Cognito
 AWS Organizations Correct
 AWS Shield
 AWS Firewall Manager

Explanation/Reference:
Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html

62. What is the best resource for a user to find compliance-related information and
reports about AWS?

 AWS Artifact Correct

 AWS Marketplace
 Amazon Inspector
 AWS Support

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/faq/

63. Which Amazon S3 storage class is optimized to provide access to data with lower
resiliency requirements, but rapid access when needed such as duplicate backups?
 Amazon S3 Standard
 Amazon S3 Glacier Deep Archive
 Amazon S3 One Zone-Infrequent Access Correct
 Amazon S3 Glacier

Explanation/Reference:
Reference: https://aws.amazon.com/s3/storage-classes

64. What is an Availability Zone in AWS?

  One or more physical data centers Correct
 A completely isolated geographic location
 One or more edge locations based around the world
 A data center location with a single source of power and networking

Explanation/Reference:
Reference: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/

65. Which AWS services can be used as infrastructure automation tools? (Choose two.)
 AWS CloudFormation Correct
 Amazon CloudFront
 AWS Batch
 AWS OpsWorks Correct
 Amazon QuickSight

Explanation/Reference:

Reference: https://blog.newrelic.com/engineering/best-cloud-infrastructure-automation-tools/

66. Which AWS service enables users to create copies of resources across AWS
Regions?
 Amazon ElastiCache
 AWS CloudFormation Correct
 AWS CloudTrail
 AWS Systems Manager

Explanation/Reference:
Reference:

https://aws.amazon.com/blogs/aws/use-cloudformation-stacksets-to-provision-resources-across-
multiple-aws- accounts-and-regions/

67.
 Amazon ElastiCache
 AWS CloudFormation Correct
 AWS CloudTrail
 AWS Systems Manager

Explanation/Reference:
Reference:

https://aws.amazon.com/blogs/aws/use-cloudformation-stacksets-to-provision-resources-across-
multiple-aws- accounts-and-regions/

68. A user would like to encrypt data that is received, stored, and managed by AWS
CloudTrail. Which AWS service will provide this capability?
 AWS Secrets Manager
 AWS Systems Manager
 AWS Key Management Service (AWS KMS) Correct
 AWS Certificate Manager
Explanation/Reference:

Reference: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/data-protection.html

69. Which AWS Cloud benefit eliminates the need for users to try estimating future
infrastructure usage?
 Easy and fast deployment of applications in multiple Regions around the world
 Security of the AWS Cloud
 Elasticity of the AWS Cloud Correct
 Lower variable costs due to massive economies of scale

70. What credential components are required to gain programmatic access to an AWS
account? (Choose two.)
 An access key ID Correct
 A primary key
 A secret access key Correct
 A user ID
 A secondary key

Explanation/Reference:
Reference: https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html

71. Which of the following are AWS compute services? (Choose two.)
 Amazon Lightsail Correct
 AWS Systems Manager
 AWS CloudFormation
 AWS Batch Correct
 Amazon Inspector

Explanation/Reference:
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/compute-services.html

72. How can a company separate costs for network traffic, Amazon EC2, Amazon S3, and
other AWS services by department?
 Add department-specific tags to each resource
 Create a separate VPC for each department
 Create a separate AWS account for each department Correct
 Use AWS Organizations

73. What is a benefit of consolidated billing for AWS accounts?

 Access to AWS Personal Health Dashboard
 Combined usage volume discounts Correct
 Improved account security
 Centralized AWS IAM

Explanation/Reference:
Reference: https://jayendrapatil.com/aws-consolidated-billing/

74. Which AWS service will allow a user to set custom cost and usage limits, and will
alert when the thresholds are exceeded?
  AWS Organizations
 AWS Budgets Correct
 Cost Explorer
 AWS Trusted Advisor

Explanation/Reference:
Reference: https://aws.amazon.com/getting-started/hands-on/control-your-costs-free-tier-budgets

75. Which AWS service provides the ability to detect inadvertent data leaks of
personally identifiable information (PII) and user credential data?
 Amazon GuardDuty
 Amazon Inspector
 Amazon Macie Correct
 AWS Shield

Explanation/Reference:
Reference: https://aws.amazon.com/macie/

76. Which tool can be used to monitor AWS service limits?

 AWS Total Cost of Ownership (TCO) Calculator
 AWS Trusted Advisor Correct
 AWS Personal Health Dashboard
 AWS Cost and Usage report

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/mt/monitoring-service-limits-with-trusted-advisor-and-
amazon-

cloudwatch/

77. A company has distributed its workload on both the AWS Cloud and some on-
premises servers. What type of architecture is this?
 Virtual private network
 Virtual private cloud
 Hybrid cloud Correct
 Private cloud

Explanation/Reference:
Reference: https://aws.amazon.com/hybrid/

78. Which of the following describes a security best practice that can be implemented
using AWS IAM?
 Disable AWS Management Console access for all users
 Generate secret keys for every IAM user
 Grant permissions to users who are required to perform a given task only Correct
 Store AWS credentials within Amazon EC2 instances

Explanation/Reference:

Reference: https://cloudcheckr.com/cloud-security/top-5-iam-best-practices/
79. What can be used to automate and manage secure, well-architected, multi-account
AWS environments?
 AWS shared responsibility model
 AWS Control Tower Correct
 AWS Security Hub
 AWS Well-Architected Tool

Explanation/Reference:
Explanation:

Control Tower automates the process of setting up a new baseline multi-account AWS environment
that is secure, well-architected, and ready to use. Control Tower incorporates the knowledge that
AWS Professional Service has gained over the course of thousands of successful customer
engagements.

Reference: https://aws.amazon.com/blogs/aws/aws-control-tower-set-up-govern-a-multi-account-
aws- environment

80. Which AWS service or feature allows a user to easily scale connectivity among
thousands of VPCs?
 VPC peering
 AWS Transit Gateway Correct
 AWS Direct Connect
 AWS Global Accelerator

Explanation/Reference:

Reference: https://aws.amazon.com/blogs/training-and-certification/explore-the-aws-transit-
gateway- networking-and-scaling-digital-course/

81. A company needs protection from expanded distributed denial of service (DDoS)
attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements?

 AWS Shield Advanced Correct

 AWS Firewall Manager
 AWS WAF
 Amazon GuardDuty

Explanation/Reference:
Reference: https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html

82. A company’s application has flexible start and end times.

Which Amazon EC2 pricing model will be the MOST cost-effective?

 On-Demand Instances
 Spot Instances Correct
  Reserved Instances
 Dedicated Hosts

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing

83. Under the AWS shared responsibility model, what are the customer’s
responsibilities? (Choose two.)
 Physical and environmental security
 Physical network devices including firewalls
 Storage device decommissioning
 Security of data in transit Correct
 Data integrity authentication Correct

84. A cloud practitioner has a data analysis workload that is infrequently executed and
can be interrupted without harm.
To optimize for cost, which Amazon EC2 purchasing option should be used?

 On-Demand Instances
 Reserved Instances
 Spot Instances Correct
 Dedicated Hosts

Explanation/Reference:

Reference: https://aws.amazon.com/ec2/pricing/

85. Which AWS container service will help a user install, operate, and scale the cluster
management infrastructure?
 Amazon Elastic Container Registry (Amazon ECR)
 AWS Elastic Beanstalk
 Amazon Elastic Container Service (Amazon ECS) Correct
 Amazon Elastic Block Store (Amazon EBS)

86. Which of the following allows an application running on an Amazon EC2 instance to
securely write data to an Amazon S3 bucket without using long term credentials?
 Amazon Cognito
 AWS Shield
 AWS IAM role Correct
 AWS IAM user access key

87. A company with a Developer-level AWS Support plan provisioned an Amazon RDS
database and cannot connect to it.
Who should the developer contact for this level of support?

 AWS Support using a support case Correct

 AWS Professional Services
 AWS technical account manager
 AWS consulting partners
88. What is the purpose of having an internet gateway within a VPC?
 To create a VPN connection to the VPC
 To allow communication between the VPC and the Internet Correct
 To impose bandwidth constraints on internet traffic
 To load balance traffic from the Internet across Amazon EC2 instances

89. A company must ensure that its endpoint for a database instance remains the same
after a single Availability Zone service interruption. The application needs to resume
database operations without the need for manual administrative intervention.
How can these requirements be met?

 Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted
on AWS Storage Gateway.
 Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the
standby. Correct
 Add multiple Application Load Balancers and deploy the database instance with AWS
Elastic Beanstalk.
 Deploy a single Network Load Balancer to distribute incoming traffic across multiple
Amazon CloudFront origins.

90. Which AWS managed service can be used to distribute traffic between one or more
Amazon EC2 instances?
 NAT gateway
 Elastic Load Balancing Correct
 Amazon Athena
 AWS PrivateLink

91. AWS Trusted Advisor provides recommendations on which of the following? (Choose
two.)
 Cost optimization Correct
 Auditing
 Serverless architecture
 Performance Correct
 Scalability

92. Which of the following tasks can only be performed after signing in with AWS
account root user credentials? (Choose two.)
 Closing an AWS account Correct
 Creating a new IAM policy
 Changing AWS Support plans Correct
 Attaching a role to an Amazon EC2 instance
 Generating access keys for IAM users

93. Fault tolerance refers to:

 the ability of an application to accommodate growth without changing design
 how well and how quickly an application’s environment can have lost data restored
Correct
 how secure your application is
 the built-in redundancy of an application’s components

94. A company operating in the AWS Cloud requires separate invoices for specific
environments, such as development, testing, and production.
How can this be achieved?

 Use multiple AWS accounts

 Use resource tagging Correct
 Use multiple VPCs
 Use Cost Explorer

95. Which AWS service can be used in the application deployment process?
 AWS AppSync
 AWS Batch
 AWS CodePipeline Correct
 AWS DataSync

96. What can be used to reduce the cost of running Amazon EC2 instances? (Choose
two.)
 Spot Instances for stateless and flexible workloads Correct
 Memory optimized instances for high-compute workloads
 On-Demand Instances for high-cost and sustained workloads
 Reserved Instances for sustained workloads Correct
 Spend limits set using AWS Budgets

97. A company is launching an e-commerce site that will store and process credit card
data. The company requires information about AWS compliance reports and AWS
agreements.
Which AWS service provides on-demand access to these items?

 AWS Certificate Manager

 AWS Config
 AWS Artifact Correct
 AWS CloudTrail

98. Which AWS service or feature allows the user to manager cross-region application
traffic?
 Amazon AppStream 2.0 Correct
 Amazon VPC
 Elastic Load Balancer
 Amazon Route 53

99. Which AWS service can be used to track unauthorized API calls?
 AWS Config
 AWS CloudTrail Correct
 AWS Trusted Advisor
 Amazon Inspector

100. A user needs to regularly audit and evaluate the setup of all AWS resources,
identify non-compliant accounts, and be notified when a resource changes.
Which AWS service can be used to meet these requirements?

 AWS Trusted Advisor

 AWS Config Correct
 AWS Resource Access Manager
  AWS Systems Manager

101. A user is planning to launch two additional Amazon EC2 instances to increase
availability. Which action should the user take?
 Launch the instances across multiple Availability Zones in a single AWS Region. Correct
 Launch the instances as EC2 Reserved Instances in the same AWS Region and the same
Availability Zone.
 Launch the instances in multiple AWS Regions, but in the same Availability Zone.
 Launch the instances as EC2 Spot Instances in the same AWS Region, but in different
Availability Zones.

102. A company must store critical business data in Amazon S3 with a backup to
another AWS Region. How can this be achieved?
 Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally
 Set up Amazon S3 cross-region replication to another AWS Region Correct
 Configure the AWS Backup service to back up to the data to another AWS Region
 Take Amazon S3 bucket snapshots and copy that data to another AWS Region

103. Which AWS Cloud service can send alerts to customers if custom spending
thresholds are exceeded?
 AWS Budgets Correct
 AWS Cost Explorer
 AWS Cost Allocation Tags
 AWS Organizations

104. What is the recommended method to request penetration testing on AWS

resources?
 Open a support case
 Fill out the Penetration Testing Request Form Correct
 Request a penetration test from your technical account manager
 Contact your AWS sales representative

105. A user needs to automatically discover, classify, and protect sensitive data stored
in Amazon S3. Which AWS service can meet these requirements?
 Amazon Inspector
 Amazon Macie Correct
 Amazon GuardDuty
 AWS Secrets Manager

106. Which components are required to build a successful site-to-site VPN connection
on AWS? (Choose two.)
 Internet gateway
 NAT gateway
 Customer gateway Correct
 Transit gateway Correct
 Virtual private gateway

107. Which Amazon EC2 pricing option is best suited for applications with short-term,
spiky, or unpredictable workloads that cannot be interrupted?
 Spot Instances
  Dedicated Hosts
 On-Demand Instances Correct
 Reserved Instances

108. Which AWS cloud architecture principle states that systems should reduce
interdependencies?
 Scalability
 Services, not servers
 Removing single points of failure
 Loose coupling Correct

109. What is the MOST effective resource for staying up to date on AWS security
announcements?
 AWS Personal Health Dashboard
 AWS Secrets Manager
 AWS Security Bulletins Correct
 Amazon Inspector

110. Which AWS service offers persistent storage for a file system?
 Amazon S3
 Amazon EC2 instance store
 Amazon Elastic Block Store (Amazon EBS) Correct
 Amazon ElastiCache

111. Which of the following allows AWS users to manage cost allocations for billing?
 Tagging resources Correct
 Limiting who can create resources
 Adding a secondary payment method
 Running all operations on a single AWS account

112. Which AWS service allows users to download security and compliance reports
about the AWS infrastructure on demand?
 Amazon GuardDuty
 AWS Security Hub
 AWS Artifact Correct
 AWS Shield

113. Which of the following AWS services are serverless? (Choose two.)
 AWS Lambda Correct
 Amazon Elasticsearch Service
 AWS Elastic Beanstalk
 Amazon DynamoDB Correct
 Amazon Redshift

114. Which AWS managed services can be used to extend an on-premises data center to
the AWS network? (Choose two.)
 A. AWS VPN Correct
 B. NAT gateway
 C. AWS Direct Connect Correct
 D. Amazon Connect
  E. Amazon Route 53

115. Which requirement must be met for a member account to be unlinked from an AWS
Organizations account?
 The linked account must be actively compliant with AWS System and Organization Controls
(SOC).
 The payer and the linked account must both create AWS Support cases to request that the
member account be unlinked from the organization.
 The member account must meet the requirements of a standalone account.
 The payer account must be used to remove the linked account from the organization.
Correct

116. What AWS benefit refers to a customer’s ability to deploy applications that scale
up and down the meet variable demand?
 Elasticity
 Agility
 Security
 Scalability Correct

117. During a compliance review, one of the auditors requires a copy of the AWS SOC 2
report. Which service should be used to submit this request?
 AWS Personal Health Dashboard
 AWS Trusted Advisor
 AWS Artifact Correct
 Amazon S3

118. A company wants to set up a highly available workload in AWS with a disaster
recovery plan that will allow the company to recover in case of a regional service
interruption.
Which configuration will meet these requirements?

 Run on two Availability Zones in one AWS Region, using the additional Availability Zones in
the AWS Region for the disaster recovery site. Correct
 Run on two Availability Zones in one AWS Region, using another AWS Region for the
disaster recovery site.
 Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster
recovery site.
 Run across two AWS Regions, using a third AWS Region for the disaster recovery site.

119. A company wants to set up a highly available workload in AWS with a disaster
recovery plan that will allow the company to recover in case of a regional service
interruption.
Which configuration will meet these requirements?

 Run on two Availability Zones in one AWS Region, using the additional Availability Zones in
the AWS Region for the disaster recovery site. Correct
 Run on two Availability Zones in one AWS Region, using another AWS Region for the
disaster recovery site.
 Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster
recovery site.
 Run across two AWS Regions, using a third AWS Region for the disaster recovery site.
Explanation/Reference:
Reference: https://aws.amazon.com/blogs/startups/large-scale-disaster-recovery-using-aws-
regions/

120. A company has a 500 TB image repository that needs to be transported to AWS for
processing. Which AWS service can import this data MOST cost-effectively?
 A. AWS Snowball
 B. AWS Direct Connect
 C. AWS VPN
 D. Amazon S3 Correct

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/storage/migrating-hundreds-of-tb-of-data-to-amazon-s3-
with-aws- datasync/

121. A company has a 500 TB image repository that needs to be transported to AWS for
processing. Which AWS service can import this data MOST cost-effectively?
 AWS Snowball
 AWS Direct Connect
 AWS VPN
 Amazon S3 Correct

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/storage/migrating-hundreds-of-tb-of-data-to-amazon-s3-
with-aws- datasync/

122. Which AWS service can run a managed PostgreSQL database that provides online
transaction processing (OLTP)?
 Amazon DynamoDB
 Amazon Athena
 Amazon RDS Correct
 Amazon EMR

Explanation/Reference:

Reference: https://aws.amazon.com/rds/postgresql/

123. Which of the following assist in identifying costs by department? (Choose two.)
 Using tags on resources
 Using multiple AWS accounts Correct
 Using an account manager
 Using AWS Trusted Advisor
 Using Consolidated Billing Correct

124. A company wants to allow full access to an Amazon S3 bucket for a particular user.
Which element in the S3 bucket policy holds the user details that describe who needs
access to the S3 bucket?

 Principal
 Action
 Resource Correct
  Statement

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/walkthrough1.html

125. Which AWS service allows for effective cost management of multiple AWS
accounts?
 AWS Organizations Correct
 AWS Trusted Advisor
 AWS Direct Connect
 Amazon Connect

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/aws/aws-organizations-policy-based-management-for-
multiple-aws- accounts/

126. A company is piloting a new customer-facing application on Amazon Elastic

Compute Cloud (Amazon EC2) for one month.
What pricing model is appropriate?

 Reserved Instances
 Spot Instances
 On-Demand Instances Correct
 Dedicated Hosts

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/pricing

127. Which AWS tools automatically forecast future AWS costs?

 AWS Support Center
 AWS Total Cost of Ownership (TCO) Calculator
 AWS Simple Monthly Calculator
 Cost Explorer Correct

Explanation/Reference:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-forecast.html

128. Under the AWS shared responsibility model, which of the following is a
responsibility of AWS?
 Enabling server-side encryption for objects stored in S3
 Applying AWS IAM security policies
 Patching the operating system on an Amazon EC2 instance
 Applying updates to the hypervisor Correct

Explanation/Reference:
Reference: https://aws.amazon.com/compliance/shared-responsibility-model/?ref=wellarchitected

129. A user is able to set up a master payer account to view consolidated billing reports
through:
  AWS Budgets.
 Amazon Macie.
 Amazon QuickSight.
 AWS Organizations. Correct

Explanation/Reference:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-
billing.html

130. Performing operations as code is a design principle that supports which pillar of
the AWS Well-Architected Framework?
 Performance efficiency
 Operational excellence Correct
 Reliability
 Security

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

131. Which design principle is achieved by following the reliability pillar of the AWS
Well-Architected Framework?
 Vertical scaling
 Manual failure recovery
 Testing recovery procedures Correct
 Changing infrastructure manually

Explanation/Reference:
Reference: https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

132. What is a characteristic of Convertible Reserved Instances (RIs)?

 Users can exchange Convertible RIs for other Convertible RIs from a different instance
family. Correct
 Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.
 Users can sell and buy Convertible RIs on the AWS Marketplace.
 Users can shorten the term of their Convertible RIs by merging them with other Convertible
RIs.

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ri-convertible-exchange.html

133. The user is fully responsible for which action when running workloads on AWS?
 Patching the infrastructure components
 Implementing controls to route application traffic Correct
 Maintaining physical and environmental controls
 Maintaining the underlying infrastructure components
134. An architecture design includes Amazon EC2, an Elastic Load Balancer, and
Amazon RDS. What is the BEST way to get a monthly cost estimation for this
architecture?
 Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost
estimation.
 Collect the published prices of the AWS services and calculate the monthly estimate.
 Use the AWS Simple Monthly Calculator to estimate the monthly cost. Correct
 Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.

Explanation/Reference:
Reference: https://docs.aws.amazon.com/pricing-calculator/latest/userguide/aws-pc.pdf

135. Which are benefits of using Amazon RDS over Amazon EC2 when running relational
databases on AWS? (Choose two.)
 Automated backups Correct
 Schema management
 Indexing of tables
 Software patching Correct
 Extract, transform, and load (ETL) management

Explanation/Reference:

Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

136. Which are benefits of using Amazon RDS over Amazon EC2 when running relational
databases on AWS? (Choose two.)
 Automated backups Correct
 Schema management
 Indexing of tables
 Software patching Correct

Explanation/Reference:

Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html

137. What does the Amazon S3 Intelligent-Tiering storage class offer?

 Payment flexibility by reserving storage capacity
 Long-term retention of data by copying the data to an encrypted Amazon Elastic Block
Store (Amazon EBS) volume
 Automatic cost savings by moving objects between tiers based on access pattern changes
Correct
 Secure, durable, and lowest cost storage for data archival

Explanation/Reference:
Reference: https://aws.amazon.com/about-aws/whats-new/2018/11/s3-intelligent-tiering/
138. A company has multiple data sources across the organization and wants to
consolidate data into one data warehouse.
Which AWS service can be used to meet this requirement?

 Amazon DynamoDB
 Amazon Redshift Correct
 Amazon Athena
 Amazon QuickSight

Explanation/Reference:
Reference: https://aws.amazon.com/redshift/faqs

139. Which AWS service can be used to track resource changes and establish
compliance?
 Amazon CloudWatch
 AWS Config Correct
 AWS CloudTrail
 AWS Trusted Advisor

Explanation/Reference:
Reference: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config.html

140. A user has underutilized on-premises resources.

Which AWS Cloud concept can BEST address this issue?

 High availability
 Elasticity Correct
 Security
 Loose coupling

Explanation/Reference:
Reference: https://www.gremlin.com/blog/implementing-cost-saving-strategies-on-amazon-ec-2-
with-chaos- engineering/

141. A user has a stateful workload that will run on Amazon EC2 for the next 3 years.
What is the MOST cost-effective pricing model for this workload?
 On-Demand Instances Correct
 Reserved Instances
 Dedicated Instances
 Spot Instances

Explanation/Reference:
Explanation:

On-demand instances are useful for running stateful workloads without making a long-term
commitment, but if your workloads are stateless or can tolerate shorter run cycles, there’s a more
cost-effective instance type called a Spot Instance.

Reference: https://www.gremlin.com/blog/implementing-cost-saving-strategies-on-amazon-ec-2-
with-chaos- engineering/
142. A cloud practitioner needs an Amazon EC2 instance to launch and run for 7 hours
without interruptions. What is the most suitable and cost-effective option for this task?
 A. On-Demand Instance
 B. Reserved Instance
 C. Dedicated Host
 D. Spot Instance Correct

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/spot/details/

143. Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
 Providing high-performance container orchestration
 Creating and rotating encryption keys
 Detecting underutilized resources to save costs
 Improving security by proactively monitoring the AWS environment Correct
 Implementing enforced tagging across AWS resources Correct

144. Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)
 Providing high-performance container orchestration
 Creating and rotating encryption keys
 Detecting underutilized resources to save costs
 Improving security by proactively monitoring the AWS environment

Explanation/Reference:

Reference: https://aws.amazon.com/about-aws/whats-new/2016/06/aws-support-enables-tagging-
capabilities- for- trusted-advisor/

145. A developer has been hired by a large company and needs AWS credentials. Which
are security best practices that should be followed? (Choose two.)
 Grant the developer access to only the AWS resources needed to perform the job. Correct
 Share the AWS account root user credentials with the developer.
 Add the developer to the administrator's group in AWS IAM.
 Configure a password policy that ensures the developer's password cannot be changed.
 Ensure the account password policy requires a minimum length. Correct

146. Which AWS storage service is designed to transfer petabytes of data in and out of
the cloud?
 AWS Storage Gateway
 Amazon S3 Glacier Deep Archive
 Amazon Lightsail
 AWS Snowball Correct

Explanation/Reference:

Reference: https://docs.aws.amazon.com/snowball/latest/ug/transfer-petabytes.html
147. Which service provides a user the ability to warehouse data in the AWS Cloud?
 Amazon EFS
 Amazon Redshift Correct
 Amazon RDS
 Amazon VPC

Explanation/Reference:
Reference: https://aws.amazon.com/redshift/

148. A user is planning to migrate an application workload to the AWS Cloud.

Which control becomes the responsibility of AWS once the migration is complete?

 Patching the guest operating system

 Maintaining physical and environmental controls Correct
 Protecting communications and maintaining zone security
 Patching specific applications

149. Which services can be used to deploy applications on AWS? (Choose two.)
 AWS Elastic Beanstalk Correct
 AWS Config
 AWS OpsWorks Correct
 AWS Application Discovery Service
 Amazon Kinesis

Explanation/Reference:
Reference: https://d0.awsstatic.com/whitepapers/overview-of-deployment-options-on-aws.pdf

150. Which AWS service can be used to provide an on-demand, cloud-based contact
center?
 AWS Direct Connect
 Amazon Connect Correct
 AWS Support Center
 AWS Managed Services

Explanation/Reference:
Reference: https://aws.amazon.com/connect/customers

151. What tool enables customers without an AWS account to estimate costs for almost
all AWS services?
 Cost Explorer Correct
 TCO Calculator
 AWS Budgets
 Simple Monthly Calculator

Explanation/Reference:

Reference: https://aws.amazon.com/aws-cost-management/aws-cost-explorer/

152. Which component must be attached to a VPC to enable inbound Internet access?
  NAT gateway
 VPC endpoint
 VPN connection Correct
 Internet gateway

Explanation/Reference:
Reference: https://d1.awsstatic.com/whitepapers/aws-security-whitepaper.pdf (41, 42, 43

153. Which pricing model would result in maximum Amazon Elastic Compute Cloud
(Amazon EC2) savings for a database server that must be online for one year?
 Spot Instance
 On-Demand Instance
 Partial Upfront Reserved Instance Correct
 No Upfront Reserved Instance

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-reserved-instances.html

154. A company has a MySQL database running on a single Amazon EC2 instance. The
company now requires higher availability in the event of an outage.
Which set of tasks would meet this requirement?

 Add an Application Load Balancer in front of the EC2 instance

 Configure EC2 Auto Recovery to move the instance to another Availability Zone
 Migrate to Amazon RDS and enable Multi-AZ Correct
 Enable termination protection for the EC2 instance to avoid outages

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

155. A company wants to ensure that AWS Management Console users are meeting
password complexity requirements. How can the company configure password
complexity?
 Using an AWS IAM user policy Correct
 Using an AWS Organizations service control policy (SCP)
 Using an AWS IAM account password policy
 Using an AWS Security Hub managed insight

Explanation/Reference:

Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-
policy.html

156. Under the AWS shared responsibility model, which of the following is the
customer’s responsibility?
 Patching guest OS and applications Correct
 Patching and fixing flaws in the infrastructure
 Physical and environmental controls
 Configuration of AWS infrastructure devices
157. Which of the following tasks is required to deploy a PCI-compliant workload on
AWS?
 Use any AWS service and implement PCI controls at the application layer
 Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to
enable PCI compliance at the application layer
 Use any AWS service and raise an AWS support ticket to enable PCI compliance on that
service
 Use an AWS service that is in scope for PCI compliance and apply PCI controls at the
application layer Correct

Explanation/Reference:

Reference: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-pci-
controls.html

158. A company is building an application that requires the ability to send, store, and
receive messages between application components. The company has another
requirement to process messages in first-in, first-out (FIFO) order.
Which AWS service should the company use?

 AWS Step Functions

 Amazon Simple Notification Service (Amazon SNS)
 Amazon Kinesis Data Streams
 Amazon Simple Queue Service (Amazon SQS) Correct

Explanation/Reference:
Reference: https://aws.amazon.com/sqs/faqs/

159. AnyCompany recently purchased Example Corp. Both companies use AWS
resources, and AnyCompany wants a single aggregated bill.
Which option allows AnyCompany to receive a single bill?

 Example Corp. must submit a request to its AWS solutions architect or AWS technical
account manager to link the accounts and consolidate billing.
 AnyCompany must create a new support case in the AWS Support Center requesting that
both bills be combined.
 Send an invitation to join the organization from AnyCompany’s AWS Organizations master
account to Example Corp.
 Migrate the Example Corp. VPCs, Amazon EC2 instances, and other resources into the
AnyCompany AWS account. Correct

Explanation/Reference:
Reference: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/awsaccountbilling-
aboutv2.pdf

160. Which tool can be used to create alerts when the actual or forecasted cost of AWS
services exceeds a certain threshold?
 Cost Explorer
 AWS Budgets Correct
  AWS Cost and Usage Report
 AWS CloudTrail

Explanation/Reference:

Reference: https://aws.amazon.com/getting-started/hands-on/control-your-costs-free-tier-budgets/

161. A user has limited knowledge of AWS services, but wants to quickly deploy a
scalable Node.js application in the AWS Cloud.
Which service should be used to deploy the application?

 AWS CloudFormation
 AWS Elastic Beanstalk Correct
 Amazon EC2
 AWS OpsWorks

Explanation/Reference:
Reference: https://aws.amazon.com/elasticbeanstalk/

162. Which AWS Trusted Advisor check is available to all AWS users?
 Core checks
 All checks
 Cost optimization checks Correct
 Fault tolerance checks

Explanation/Reference:

Reference: https://www.amazonaws.cn/en/support/trustedadvisor/faq/#checks

163. A web developer is concerned that a DDoS attack could target an application.
Which AWS services or features can help protect against such an attack? (Choose two.)

 AWS Shield Correct

 AWS CloudTrail Correct
 Amazon CloudFront
 AWS Support Center
 AWS Service Health Dashboard

Explanation/Reference:
Reference: https://aws.amazon.com/shield/

164. Which AWS service gives users on-demand, self-service access to AWS compliance
control reports?
 AWS Config
 Amazon GuardDuty
 AWS Trusted Advisor
 AWS Artifact Correct
Explanation/Reference:
Reference: https://aws.amazon.com/artifact

165. A company wants to provide one of its employees with access to Amazon RDS. The
company also wants to limit the interaction to only the AWS CLI and AWS software
development kits (SDKs).
Which combination of actions should the company take to meet these requirements
while following the principles of least privilege? (Choose two.)

 Create an IAM user and provide AWS Management Console access only.
 Create an IAM user and provide programmatic access only. Correct
 Create an IAM role and provide AWS Management Console access only.
 Create an IAM policy with administrator access and attach it to the IAM user.
 Create an IAM policy with Amazon RDS access and attach it to the IAM user. Correct

166. A company has a compliance requirement to record and evaluate configuration

changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use?

 AWS Config Correct

 AWS Secrets Manager
 AWS CloudTrail
 AWS Trusted Advisor

Explanation/Reference:
Reference: https://aws.amazon.com/config/

167. What are the advantages of deploying an application with Amazon EC2 instances in
multiple Availability Zones? (Choose two.)
 Preventing a single point of failure Correct
 Reducing the operational costs of the application
 Allowing the application to serve cross-region users with low latency
 Increasing the availability of the application Correct
 Increasing the load of the application

Explanation/Reference:

Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-increase-availability.html

168. A workload on AWS will run for the foreseeable future by using a consistent
number of Amazon EC2 instances. What pricing model will minimize cost while ensuring
that compute resources remain available?
 Dedicated Hosts
 On-Demand Instances
 Spot Instances
 Reserved Instances Correct

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-reserved-instances.html
169. Which tool can be used to identify scheduled changes to the AWS infrastructure?
 AWS Personal Health Dashboard Correct
 AWS Trusted Advisor
 Billing Dashboard
 AWS Config

Explanation/Reference:
Reference: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

170. Which of the following is the customer’s responsibility when using Amazon RDS?
 Patching the operating system of underlying hardware
 Controlling traffic to and from the database through security groups
 Running backups that enable point-in-time recovery of a DB instance
 Replacing failed DB instances Correct

Explanation/Reference:
Reference: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.html

171. What is the customer’s responsibility when using AWS Lambda?

 Operating system configuration
 Application management
 Platform management
 Code encryption Correct

Explanation/Reference:
Reference: https://aws.amazon.com/lambda/security-overview-of-aws-lambda/

172. A company wants to be notified when its AWS Cloud costs or usage exceed defined
thresholds. Which AWS service will support these requirements?
 AWS Budgets Correct
 Cost Explorer
 AWS CloudTrail
 Amazon Macie

Explanation/Reference:
Reference: https://aws.amazon.com/aws-cost-management/aws-budgets/

173. Which AWS service provides the ability to host a NoSQL database in the AWS
Cloud?
 Amazon Aurora
 Amazon DynamoDB Correct
 Amazon RDS
 Amazon Redshift

Explanation/Reference:

Reference: https://aws.amazon.com/nosql/
174. Which AWS service allows customers to purchase unused Amazon EC2 capacity at
an often discounted rate?
 Reserved Instances
 On-Demand Instances
 Dedicated Instances
 Spot Instances Correct

Explanation/Reference:
Reference: https://aws.amazon.com/ec2/spot

175. Which AWS service or feature requires an internet service provider (ISP) and a
colocation facility to be implemented?
 AWS VPN
 Amazon Connect
 AWS Direct Connect Correct
 Internet gateway

Explanation/Reference:
Reference: https://aws.amazon.com/directconnect/partners/

176. Which AWS services offer compute capabilities? (Choose two.)

 Amazon EC2 Correct
 Amazon S3
 Amazon Elastic Block Store (Amazon EBS)
 Amazon Cognito
 AWS Lambda Correct

Explanation/Reference:
Reference: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/compute-services.html

177. Which AWS service can be used to privately store and manage versions of source
code?
 AWS CodeBuild
 AWS CodeCommit Correct
 AWS CodePipeline
 AWS CodeStar

Explanation/Reference:

Reference: https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html

178. Which AWS service should a cloud practitioner use to identify security
vulnerabilities of an AWS account?
 AWS Secrets Manager
 Amazon Cognito
 Amazon Macie
 AWS Trusted Advisor Correct
Explanation/Reference:
Reference: https://www.coalfire.com/the-coalfire-blog/march-2019/aws-trusted-advisor-for-security-
compliance

179. A company wants to ensure its infrastructure is designed for fault tolerance and
business continuity in the event of an environmental disruption.
Which AWS infrastructure component should the company replicate across?

 Edge locations
 Availability Zones Correct
 Regions
 Amazon Route 53

Explanation/Reference:

Reference: https://d36cz9buwru1tt.cloudfront.net/AWS_Building_Fault_Tolerant_Applications.pdf (3)

180. Which AWS service or feature is used to send both text and email messages from
distributed applications?
 Amazon Simple Notification Service (Amazon SNS)
 Amazon Simple Email Service (Amazon SES)
 Amazon CloudWatch alerts
 Amazon Simple Queue Service (Amazon SQS) Correct