AWSCertifiedCloudPractitioner Final

Amazon AWS Certified Cloud Practitioner
AWS Certified Cloud Practitioner

Version: 18.0
QUESTION NO: 1: Under the shared responsibility model, which of the following is the
customer responsible for?
A. Ensuring that disk drives are wiped after use.
B. Ensuring that firmware is updated on hardware devices.
C. Ensuring that data is encrypted at rest.
D. Ensuring that network cables are category six or higher.
Answer: C
Reference: https://www.whizlabs.com/blog/aws-security-shared-responsibility/
QUESTION NO: 2
The use of what AWS feature or service allows companies to track and categorize spending on a
detailed level?
A. Cost allocation tags
B. Consolidated billing
C. AWS Budgets
D. AWS Marketplace
Answer: C
QUESTION NO: 3 :Which service stores objects, provides real-time access to those
objects, and offers versioning and lifecycle capabilities?
A. Amazon Glacier
B. AWS Storage Gateway
C. Amazon S3
D. Amazon EBS
Answer: C
QUESTION NO: 4: What AWS team assists customers with accelerating cloud adoption
through paid engagements in any of several specialty practice areas?
A. AWS Enterprise Support
B. AWS Solutions Architects
C. AWS Professional Services
D. AWS Account Managers
Answer: C
Reference: https://aws.amazon.com/professional-services/
QUESTION NO: 5: A customer would like to design and build a new workload on AWS Cloud
but does not have the AWS-related software technical expertise in-house.
Which of the following AWS programs can a customer take advantage of to achieve that outcome?
A. AWS Partner Network Technology Partners
B. AWS Marketplace
C. AWS Partner Network Consulting Partners
D. AWS Service Catalog
Answer: C
QUESTION NO: 6 : Distributing workloads across multiple Availability Zones supports which cloud
architecture design principle?
A. Implement automation.
B. Design for agility.
C. Design for failure.
D. Implement elasticity.
Answer: C
QUESTION NO: 7: Which AWS services can host a Microsoft SQL Server database? (Choose two.)
A. Amazon EC2
B. Amazon Relational Database Service (Amazon RDS)
C. Amazon Aurora
D. Amazon Redshift
E. Amazon S3
Answer: A,B
QUESTION NO: 8 : Which of the following inspects AWS environments to find opportunities
that can save money for users and also improve system performance?
A. AWS Cost Explorer
B. AWS Trusted Advisor
C. Consolidated billing
D. Detailed billing
Answer: B
QUESTION NO: 9 : Which of the following Amazon EC2 pricing models allow customers to use existing
server-bound software licenses?
A. Spot Instances
B. Reserved Instances
C. Dedicated Hosts
D. On-Demand Instances
Answer: C
QUESTION NO: 10 : Which AWS characteristics make AWS cost effective for a workload with
dynamic user demand? (Choose two.)
A. High availability
B. Shared security model
C. Elasticity
D. Pay-as-you-go pricing
E. Reliability
Answer: C,D
Explanation:
QUESTION NO: 11: Which service enables risk auditing by continuously monitoring and logging account
activity, including user actions in the AWS Management Console and AWS SDKs?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Config
D. AWS Health
Answer: B
QUESTION NO: 12 : Which of the following are characteristics of Amazon S3? (Choose two.)
A. A global file system
B. An object store
C. A local file store
D. A network file system
E. A durable storage system
Answer: B,E
QUESTION NO: 13: Which services can be used across hybrid AWS Cloud architectures? (Choose two.)
A. Amazon Route 53
B. Virtual Private Gateway
C. Classic Load Balancer
D. Auto Scaling
E. Amazon CloudWatch default metrics
Answer: A,B
QUESTION NO: 14: What costs are included when comparing AWS Total Cost of Ownership
(TCO) with on-premises TCO?
A. Project management
B. Antivirus software licensing
C. Data center security
D. Software development
Answer: C
QUESTION NO: 15: A company is considering using AWS for a self-hosted database that requires a
nightly shutdown for maintenance and cost-saving purposes.
Which service should the company use?
A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Elastic Compute Cloud (Amazon EC2) with Amazon EC2 instance store
D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)
Answer: D
QUESTION NO: 16: Which of the following is a correct relationship between regions, Availability Zones,
and edge locations?
A. Data centers contain regions.
B. Regions contain Availability Zones.
C. Availability Zones contain edge locations.
D.Edge locations contain regions.
Answer: B
QUESTION NO: 17: Which AWS tools assist with estimating costs? (Choose three.)
A. Detailed billing report
B. Cost allocation tags
C. AWS Simple Monthly Calculator
D. AWS Total Cost of Ownership (TCO) Calculator
E. Cost Estimator
Answer: B,C,D
QUESTION NO: 18: Which of the following are advantages of AWS consolidated billing? (Choose two.)
A. The ability to receive one bill for multiple accounts
B. Service limits increasing by default in all accounts
C. A fixed discount on the monthly bill
D. Potential volume discounts, as usage in all accounts is combined
E. The automatic extension of the master account’s AWS support plan to all accounts
Answer: A,D
QUESTION NO: 19 : Which of the following Reserved Instance (RI) pricing models provides
the highest average savings compared to On-Demand pricing?
A. One-year, No Upfront, Standard RI pricing
B. One-year, All Upfront, Convertible RI pricing

C. Three-year, All Upfront, Standard RI pricing
D. Three-year, No Upfront, Convertible RI pricing
Answer: C
QUESTION NO: 20 :Compared with costs in traditional and virtualized data centers, AWS
has:
A. greater variable costs and greater upfront costs.
B. fixed usage costs and lower upfront costs.
C. lower variable costs and greater upfront costs.
D. lower variable costs and lower upfront costs.
Answer: D
QUESTION NO: 21: A characteristic of edge locations is that they:
A. host Amazon EC2 instances closer to users.
B. help lower latency and improve performance for users.
C. cache frequently changing data without reaching the origin server.
D. refresh data changes daily.
Answer: C
QUESTION NO: 22: Which of the following can limit Amazon Storage Service (Amazon
S3) bucket access to specific users?
A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups
Answer: C
QUESTION NO: 23: Which of the following security-related actions are available at no cost?
A. Calling AWS Support
B. Contacting AWS Professional Services to request a workshop
C. Accessing forums, blogs, and whitepapers
D. Attending AWS classes at a local university

Answer: C
QUESTION NO 24: Which of the Reserved Instance (RI) pricing models can change the
attributes of the RI as long as the exchange results in the creation of RIs of equal or
greater value?
A. Dedicated RIs
B. Scheduled RIs
C. Convertible RIs
D. Standard RIs
Answer: C
QUESTION NO: 25: Which AWS feature will reduce the customer’s total cost of ownership
(TCO)?
A. Shared responsibility security model
B. Single tenancy
C. Elastic computing
D. Encryption
Answer: C
QUESTION NO: 26: Which of the following services will automatically scale with an expected
increase in web traffic?
A. AWS CodePipeline
B. Elastic Load Balancing
C. Amazon EBS
D. AWS Direct Connect

Answer: B
QUESTION NO: 27: Where are AWS compliance documents, such as an SOC 1 report,
located?
A. Amazon Inspector
B. AWS CloudTrail
C. AWS Artifact
D. AWS Certificate Manager
Answer: C
QUESTION NO: 28: Under the AWS shared responsibility model, which of the following
activities are the customer’s responsibility? (Choose two.)
A. Patching operating system components for Amazon Relational Database Server (Amazon RDS)
B. Encrypting data on the client-side
C. Training the data center staff
D. Configuring Network Access Control Lists (ACL)
E. Maintaining environmental controls within a data center
Answer: B,D
QUESTION NO: 29: Which is a recommended pattern for designing a highly available
architecture on AWS?
A. Ensure that components have low-latency network connectivity.
B. Run enough Amazon EC2 instances to operate at peak load.
D. Ensure that the application is designed to accommodate failure of any single component.
E. Use a monolithic application that handles all operations.
Answer: C
QUESTION NO: 30 : According to best practices, how should an application be designed to

run in the AWS Cloud?
A. Use tightly coupled components.
B. Use loosely coupled components.
C. Use infrequently coupled components.
D. Use frequently coupled components.
Answer: B
QUESTION NO: 31: AWS supports which of the following methods to add security to Identity
and Access Management (IAM) users? (Choose two.)
A. Implementing Amazon Rekognition
B. Using AWS Shield-protected resources
C. Blocking access with Security Groups
D. Using Multi-Factor Authentication (MFA)
E. Enforcing password strength and expiration
Answer: D,E
QUESTION NO: 32: Which AWS services should be used for read/write of constantly changing
data? (Choose two.)
A. Amazon Glacier
B. Amazon RDS
C. AWS Snowball
D. Amazon Redshift
E. Amazon EFS
Answer: B,E
QUESTION NO: 33 What is one of the advantages of the Amazon Relational Database Service
(Amazon RDS)?
A. It simplifies relational database administration tasks.
B. It provides 99.99999999999% reliability and durability.
C. It automatically scales databases for loads.
D. It enables users to dynamically adjust CPU and RAM resources.

Answer: A
QUESTION NO: 34: A customer needs to run a MySQL database that easily scales. Which AWS
service should they use?
A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon ElastiCache
Answer: A
QUESTION NO: 35: Which of the following components of the AWS Global Infrastructure
consists of one or more discrete data centers interconnected through low latency links?
A. Availability Zone
B. Edge location
C. Region
D. Private networking
Answer: A
QUESTION NO: 36: Which of the following is a shared control between the customer and
AWS?
A. Providing a key for Amazon S3 client-side encryption
B. Configuration of an Amazon EC2 instance
C. Environmental controls of physical AWS data centers
D. Awareness and training
Answer: D
QUESTION NO: 37: How many Availability Zones should compute resources be provisioned
across to achieve high availability?
A. A minimum of one
B. A minimum of two
C. A minimum of three
D. A minimum of four or more
Answer: B
QUESTION NO: 38: One of the advantages to moving infrastructure from an on-premises data
center to the AWS Cloud is:
A. it allows the business to eliminate IT bills.
B. it allows the business to put a server in each customer’s data center.
C. it allows the business to focus on business activities.
D. it allows the business to leave servers unpatched.
Answer: C
QUESTION NO: 39: What is the lowest-cost, durable storage option for retaining database backups
for immediate retrieval?
A. Amazon S3
B. Amazon Glacier
C. Amazon EBS
D. Amazon EC2 Instance Store
Answer: A
QUESTION NO: 40: Which AWS IAM feature allows developers to access AWS services through the
AWS CLI?
A. API keys
B. Access keys
C. User names/Passwords
D. SSH keys
Answer: B
QUESTION NO: 41: Which of the following is a fast and reliable NoSQL database service?
A. Amazon Redshift
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon S3
Answer: C
QUESTION NO: 42: What is an example of agility in the AWS Cloud?

A. Access to multiple instance types
B. Access to managed services
C. Using Consolidated Billing to produce one bill
D. Decreased acquisition time for new compute resources
Answer: D
QUESTION NO: 43: Which service should a customer use to consolidate and centrally
manage multiple AWS accounts?
A. AWS IAM
B. AWS Organizations
C. AWS Schema Conversion Tool

D. AWS Config
Answer: B
QUESTION NO: 44: What approach to transcoding a large number of individual video files
adheres to AWS architecture principles?
A. Using many instances in parallel
B. Using a single large instance during off-peak hours
C. Using dedicated hardware
D. Using a large GPU instance type
Answer: A
QUESTION NO: 45: For which auditing process does AWS have sole responsibility?
A. AWS IAM policies
B. Physical security
C. Amazon S3 bucket policies
D. AWS CloudTrail Logs
Answer: B
QUESTION NO: 46: Which feature of the AWS Cloud will support an international company’s
requirement for low latency to all of its customers?
A. Fault tolerance
B. Global reach
C. Pay-as-you-go pricing
D. High availability
Answer: B
QUESTION NO: 47: Which of the following is the customer’s responsibility under the AWS shared
responsibility model?
A. Patching underlying infrastructure

C. Patching Amazon EC2 instances
D. Patching network infrastructure
Answer: C
QUESTION NO: 48: A customer is using multiple AWS accounts with separate billing.
How can the customer take advantage of volume discounts with minimal impact to the AWS
resources?
A. Create one global AWS acount and move all AWS resources to tha account.
B. Sign up for three years of Reserved Instance pricing up front.
C. Use the consolidated billing feature from AWS Organizations.
D. Sign up for the AWS Enterprise support plan to get volume discounts.
Answer: C
QUESTION NO: 49: Which of the following are features of Amazon CloudWatch Logs?
(Choose two.)
A. Summaries by Amazon Simple Notification Service (Amazon SNS)
B. Free Amazon Elasticsearch Service analytics

C. Provided at no charge
D. Real-time monitoring
E. Adjustable retention
Answer: D,E
QUESTION NO: 50: Which of the following is an AWS managed Domain Name System (DNS) web
service?
A. Amazon Route 53
B. Amazon Neptune
C. Amazon SageMaker
D. Amazon Lightsail
Answer: A
QUESTION NO: 51: A customer is deploying a new application and needs to choose an AWS
Region. Which of the following factors could influence the customer’s decision? (Choose
two.)
A. Reduced latency to users
B. The application’s presentation in the local language
C. Data sovereignty compliance
D. Cooling costs in hotter climates
E. Proximity to the customer’s office for on-site visits
Answer: A,C
QUESTION NO: 52: Which storage service can be used as a low-cost option for hosting static
websites?
A. Amazon Glacier
B. Amazon DynamoDB
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Simple Storage Service (Amazon S3)
Answer: D
QUESTION NO: 53: Which Amazon EC2 instance pricing model can provide discounts of up
to 90%?
A. Reserved Instances
B. On-Demand
C. Dedicated Hosts
D. Spot Instances
Answer: D
QUESTION NO: 54: What is the AWS customer responsible for according to the AWS shared
responsibility model?
A. Physical access controls
B. Data encryption
C. Secure disposal of storage devices
D. Environmental risk management
Answer: B
QUESTION NO: 55: Which of the following AWS Cloud services can be used to run a customer-
managed relational database?
A. Amazon EC2
B. Amazon Route 53
C. Amazon ElastiCache
D. Amazon DynamoDB
Answer: A
QUESTION NO: 56: A company is looking for a scalable data warehouse solution. Which of the following
AWS solutions would meet the company’s needs?
A. Amazon Simple Storage Service (Amazon S3)
B. Amazon DynamoDB
C. Amazon Kinesis
D. Amazon Redshift
Answer: D
QUESTION NO: 57: Which statement best describes Elastic Load Balancing?
A. It translates a domain name into an IP address using DNS.
B. It distributes incoming application traffic across one or more Amazon EC2 instances.
C. It collects metrics on connected Amazon EC2 instances.
D. It automatically adjusts the number of Amazon EC2 instances to support incoming traffic.
Answer: B
QUESTION NO: 58: Which of the following are valid ways for a customer to interact with
AWS services? (Choose two.)
A. Command line interface
B. On-premises
C. Software Development Kits
D. Software-as-a-service
E. Hybrid
Answer: A,C
QUESTION NO: 59: The AWS Cloud’s multiple Regions are an example of:
A. agility.
B. global infrastructure.
C. elasticity.
D. pay-as-you-go pricing.
Answer: B
QUESTION NO: 60: Which of the following AWS services can be used to serve large amounts of online
video content with the lowest possible latency? (Choose two.)
A. AWS Storage Gateway
B. Amazon S3
C. Amazon Elastic File System (EFS)
D. Amazon Glacier
E. Amazom CloudFront
Answer: B,E
QUESTION NO: 61: Web servers running on Amazon EC2 access a legacy application
running in a corporate data center.
What term would describe this model?
A. Cloud-native
B. Partner network
C. Hybrid architecture
D. Infrastructure as a service
Answer: C
QUESTION NO: 62: What is the benefit of using AWS managed services, such as Amazon
ElastiCache and Amazon Relational Database Service (Amazon RDS)?
A. They require the customer to monitor and replace failing instances.
B. They have better performance than customer-managed services.
C. They simplify patching and updating underlying OSs.
D. They do not require the customer to optimize instance type or size selections.
Answer: C
QUESTION NO: 63: Which service provides a virtually unlimited amount of online highly durable
object storage?
A. Amazon Redshift
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon S3
Answer: D
QUESTION NO: 64: Which of the following Identity and Access Management (IAM) entities is
associated with an access key ID and secret access key when using AWS Command Line
Interface (AWS CLI)?
A. IAM group
B. IAM user
C. IAM role
D. IAM policy
Answer: B
QUESTION NO: 65: Which of the following security-related services does AWS offer?
(Choose two.)
A. Multi-factor authentication physical tokens
B. AWS Trusted Advisor security checks
C. Data encryption
D. Automated penetration testing
E. Amazon S3 copyrighted content detection
Answer: B,C
QUESTION NO: 66: Which AWS managed service is used to host databases?
A. AWS Batch
B. AWS Artifact
C. AWS Data Pipeline
D. Amazon RDS
Answer: D
QUESTION NO: 67: Which AWS service provides a simple and scalable shared file storage
solution for use with Linux- based AWS and on-premises servers?
A. Amazon S3
B. Amazon Glacier
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon Elastic File System (Amazon EFS)
Answer: D
QUESTION NO: 68: When architecting cloud applications, which of the following are a key
design principle?
A. Use the largest instance possible
B. Provision capacity for peak load
C. Use the Scrum development process
D. Implement elasticity
Answer: D
QUESTION NO: 69: Which AWS service should be used for long-term, low-cost storage of
data backups?
A. Amazon RDS
B. Amazon Glacier
C. AWS Snowball
D. AWS EBS
Answer: B
QUESTION NO: 70: Under the shared responsibility model, which of the following is a
shared control between a customer and AWS?
A. Physical controls
B. Patch management
C. Zone security
D. Data center auditing
Answer: B
QUESTION NO: 71: Which AWS service allows companies to connect an Amazon VPC to an on-
premises data center?
A. AWS VPN
B. Amazon Redshift
C. API Gateway
D. Amazon Connect
Answer: D
QUESTION NO: 72: A company wants to reduce the physical compute footprint that
developers use to run code.
Which service would meet that need by enabling serverless architectures?
A. Amazon Elastic Compute Cloud (Amazon EC2)
B. AWS Lambda
C. Amazon DynamoDB
D. AWS CodeCommit
Answer: B
QUESTION NO: 73: Which AWS service provides alerts when an AWS event may impact a
company’s AWS resources?
A. AWS Personal Health Dashboard
B. AWS Service Health Dashboard
C. AWS Trusted Advisor
D. AWS Infrastructure Event Management
Answer: A
QUESTION NO: 74: Which of the following are categories of AWS Trusted Advisor? (Choose
two.)
A. Fault Tolerance
B. Instance Usage
C. Infrastructure
D. Performance
E. Storage Capacity
Answer: A,D
QUESTION NO: 75: Which task is AWS responsible for in the shared responsibility model for
security and compliance?
A. Granting access to individuals and services
B. Encrypting data in transit
C. Updating Amazon EC2 host firmware
D. Updating operating systems
Answer: C
QUESTION NO: 76: Where should a company go to search software listings from
independent software vendors to find, test, buy and deploy software that runs on AWS?
A. AWS Marketplace
B. Amazon Lumberyard
C. AWS Artifact
D. Amazon CloudSearch
Answer: A
QUESTION NO: 77: Which of the following is a benefit of using the AWS Cloud?
A. Permissive security removes the administrative burden.
B. Ability to focus on revenue-generating activities.
C. Control over cloud network hardware.
D. Choice of specific cloud hardware vendors.
Answer: B
QUESTION NO: 78: When performing a cost analysis that supports physical isolation of a
customer workload, which compute hosting model should be accounted for in the Total Cost
of Ownership (TCO)?
A. Dedicated Hosts
C. On-Demand Instances
D. No Upfront Reserved Instances
Answer: A
QUESTION NO: 79: Which AWS service provides the ability to manage infrastructure as
code?
A. AWS CodePipeline
B. AWS CodeDeploy
C. AWS Direct Connect
D. AWS CloudFormation
Answer: D
QUESTION NO: 80: If a customer needs to audit the change management of AWS resources,
which of the following AWS services should the customer use?
A. AWS Config
C. Amazon CloudWatch
D. Amazon Inspector
Answer: A
QUESTION NO: 81: What is Amazon CloudWatch?

A. A code repository with customizable build and team commit features.
B. A metrics repository with customizable notification thresholds and channels.
C. A security configuration repository with threat analytics.
D. A rule repository of a web application firewall with automated vulnerability prevention features.
Answer: B
QUESTION NO: 82: Which service allows a company with multiple AWS accounts to
combine its usage to obtain volume discounts?
A. AWS Server Migration Service
C. AWS Budgets
D. AWS Trusted Advisor
Answer: B
QUESTION NO: 83: Which of the following services could be used to deploy an application
to servers running on- premises? (Choose two.)
A. AWS Elastic Beanstalk
B. AWS OpsWorks
C. AWS CodeDeploy
D. AWS Batch
E. AWS X-Ray
Answer: B,C
QUESTION NO: 84: Which Amazon EC2 pricing model adjusts based on supply and demand
of EC2 instances?
A. On-Demand Instances
C. Spot Instances
D. Convertible Reserved Instances

Answer: C
QUESTION NO: 85: Which design principles for cloud architecture are recommended when
re-architecting a large monolithic application? (Choose two.)
A. Use manual monitoring.
B. Use fixed servers.
C. Implement loose coupling.
D. Rely on individual components.
E. Design for scalability.

Answer: C,E
Question No: 86: Which is the MINIMUM AWS Support plan that allows for one-hour target
response time for support cases?
A. Enterprise
B. Business
C. Developer
D. Basic
Answer: B
QUESTION NO: 87: Where can AWS compliance and certification reports be downloaded?
A. AWS Artifact
B. AWS Concierge
C. AWS Certificate Manager
Answer: A
QUESTION NO: 88: Which AWS service provides a customized view of the health of specific
AWS services that power a customer’s workloads running on AWS?
A. AWS Service Health Dashboard
B. AWS X-Ray
C. AWS Personal Health Dashboard
D. Amazon CloudWatch
Answer: C
QUESTION NO: 89: Which of the following is an advantage of consolidated billing on AWS?
A. Volume pricing qualification
B. Shared access permissions
C. Multiple bills per account
D. Eliminates the need for tagging
Answer: A
QUESTION NO: 90: Which of the following steps should be taken by a customer when
conducting penetration testing on AWS?
A. Conduct penetration testing using Amazon Inspector, and then notify AWS support.
B. Request and wait for approval from the customer’s internal security team, and then conduct
testing.
C. Notify AWS support, and then conduct testing immediately.
D. Request and wait for approval from AWS support, and then conduct testing.
Answer: D
QUESTION NO: 91: Which of the following AWS features enables a user to launch a pre-
configured Amazon Elastic Compute Cloud (Amazon EC2) instance?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon Machine Image
C. Amazon EC2 Systems Manager
D. Amazon AppStream 2.0
Answer: B
QUESTION NO: 92: How would an AWS customer easily apply common access controls to a
large set of users?
A. Apply an IAM policy to an IAM group.
B. Apply an IAM policy to an IAM role.
C. Apply the same IAM policy to all IAM users with access to the same workload.
D. Apply an IAM policy to an Amazon Cognito user pool.
Answer: A
QUESTION NO: 93: What technology enables compute capacity to adjust as loads change?
A. Load balancing
B. Automatic failover
C. Round robin
D. Auto Scaling
Answer: D
QUESTION NO: 94: Which AWS services are defined as global instead of regional? (Choose
two.)
A. Amazon Route 53
B. Amazon EC2
C. Amazon S3
D. Amazon CloudFront
E. Amazon DynamoDB
Answer: A,D
QUESTION NO: 95: Which AWS service would you use to obtain compliance reports and
certificates?
A. AWS Artifact
B. AWS Lambda
C. Amazon Inspector
Answer: A
QUESTION NO: 96: Under the shared responsibility model, which of the following tasks are
the responsibility of the AWS customer? (Choose two.)
A. Ensuring that application data is encrypted at rest
B. Ensuring that AWS NTP servers are set to the correct time
C. Ensuring that users have received security training in the use of AWS services
D. Ensuring that access to data centers is restricted
E. Ensuring that hardware is disposed of properly
Answer: A,C
QUESTION NO: 97: Which AWS service can be used to manually launch instances based on resource
requirements?
A. Amazon EBS
B. Amazon S3
C. Amazon EC2
D. Amazon ECS
Answer: C
QUESTION NO: 98: A company is migrating an application that is running non-interruptible

workloads for a three-year time frame.
Which pricing construct would provide the MOST cost-effective solution?

A. Amazon EC2 Spot Instances
B. Amazon EC2 Dedicated Instances
C. Amazon EC2 On-Demand Instances
D. Amazon EC2 Reserved Instances

Answer: D
QUESTION NO: 99: The financial benefits of using AWS are: (Choose two.)
A. reduced Total Cost of Ownership (TCO).
B. increased capital expenditure (capex).
C. reduced operational expenditure (opex).
D. deferred payment plans for startups.
E. business credit lines for stratups.
Answer: A,C
QUESTION NO: 100: Which AWS Cost Management tool allows you to view the most granular data about
your AWS bill?
B. AWS Budgets
C. AWS Cost and Usage report

D. AWS Billing dashboard
Answer: C
QUESTION NO: 101: Which of the following can an AWS customer use to launch a new
Amazon Relational Database Service (Amazon RDS) cluster?
A. AWS Concierge
B. AWS CloudFormation
C. Amazon Simple Storage Service (Amazon S3)
D. Amazon EC2 Auto Scaling
E. AWS Management Console
Answer: E
QUESTION NO: 102: Which of the following is an AWS Cloud architecture design principle?
A. Implement single points of failure.
B. Implement loose coupling.
C. Implement monolithic design.
D. Implement vertical scaling.
Answer: B
QUESTION NO: 103: Which of the following security measures protect access to an AWS
account? (Choose two.)
A. Enable AWS CloudTrail.
B. Grant least privilege access to IAM users.
C. Create one IAM user and share with many developers and users.
D. Enable Amazon CloudFront.
E. Activate multi-factor authentication (MFA) for privileged users.
Answer: B,E
QUESTION NO: 104: Which service provides a hybrid storage service that enables on-
premises applications to seamlessly use cloud storage?
A. Amazon Glacier
B. AWS Snowball
C. AWS Storage Gateway
D. Amazon Elastic Block Storage (Amazon EBS)
Answer: C
QUESTION NO: 105: Which of the following services falls under the responsibility of the
customer to maintain operating system configuration, security patching, and networking?
A. Amazon RDS
B. Amazon EC2
D. AWS Fargate
Answer: B
QUESTION NO: 106: Which of the following is an important architectural design principle
when designing cloud applications?
A. Use multiple Availability Zones.
B. Use tightly coupled components.
C. Use open source software.
D. Provision extra capacity.

Answer: A
QUESTION NO: 107: Which AWS support plan includes a dedicated Technical Account
Manager?
A. Developer
B. Enterprise
C. Business
D. Basic
Answer: B
QUESTION NO: 108: Amazon Relational Database Service (Amazon RDS) offers which of the
following benefits over traditional database management?
A. AWS manages the data stored in Amazon RDS tables.
B. AWS manages the maintenance of the operating system.
C. AWS automatically scales up instance types on demand.
D. AWS manages the database type.
Answer: B
QUESTION NO: 109: Which service is best for storing common database query results, which
helps to alleviate database access load?
A. Amazon Machine Learning
B. Amazon SQS
D. Amazon EC2 Instance Store
Answer: C
QUESTION NO: 110: Which of the following is a component of the shared responsibility
model managed entirely by AWS?
A. Patching operating system software
B. Encrypting data
C. Enforcing multi-factor authentication
D. Auditing physical data center assets
Answer: D
QUESTION NO: 111: Which options does AWS make available for customers who want to
learn about security in the cloud in an instructor-led setting? (Choose two.)
A. AWS Trusted Advisor
B. AWS Online Tech Talks
C. AWS Blog
D. AWS Forums
E. AWS Classroom Training
Answer: B,E
QUESTION NO: 112: Which of the following features can be configured through the Amazon Virtual
Private Cloud (Amazon VPC) Dashboard? (Choose two.)
A. Amazon CloudFront distributions
B. Amazon Route 53
C. Security Groups
D. Subnets
E. Elastic Load Balancing
Answer: C,D
QUESTION NO: 113: If each department within a company has its own AWS account, what
is one way to enable consolidated billing?
A. Use AWS Budgets on each account to pay only to budget.
B. Contact AWS Support for a monthly bill.
C. Create an AWS Organization from the payer account and invite the other accounts to join.
D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data into
Amazon Redshift, and then run a billing report.
Answer: C
QUESTION NO: 114: How do customers benefit from Amazon’s massive economies of
scale?
A. Periodic price reductions as the result of Amazon’s operational efficiencies
B. New Amazon EC2 instance types providing the latest hardware
C. The ability to scale up and down when needed
D. Increased reliability in the underlying hardware of Amazon EC2 instances
Answer: A
QUESTION NO: 115 : Which AWS services can be used to gather information about AWS account
activity? (Choose two.)
A. Amazon CloudFront
B. AWS Cloud9
C. AWS CloudTrail
D. AWS CloudHSM
E. Amazon CloudWatch
Answer: C,E
QUESTION NO: 116: Which of the following common IT tasks can AWS cover to free up
company IT resources? (Choose two.)
A. Patching databases software
B. Testing application releases
C. Backing up databases
D. Creating database schema
E. Running penetration tests

Answer: A,C
QUESTION NO: 117: In which scenario should Amazon EC2 Spot Instances be used?
A. A company wants to move its main website to AWS from an on-premises web server.
B. A company has a number of application services whose Service Level Agreement (SLA)
requires 99.999% uptime.
C. A company’s heavily used legacy database is currently running on-premises.
D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand
Instances.
Answer: D
QUESTION NO: 118: Which AWS feature should a customer leverage to achieve high
availability of an application?
A. AWS Direct Connect
B. Availability Zones
C. Data centers
D. Amazon Virtual Private Cloud (Amazon VPC)
Answer: B
QUESTION NO: 119: Which is the minimum AWS Support plan that includes Infrastructure
Event Management without additional costs?
A. Enterprise
B. Business
C. Developer
D. Basic
Answer: A
QUESTION NO: 120: Which AWS service can serve a static website?
A. Amazon S3
B. Amazon Route 53
C. Amazon QuickSight
D. AWS X-Ray
Answer: A
QUESTION NO: 121: How does AWS shorten the time to provision IT resources?
A. It supplies an online IT ticketing platform for resource requests.
B. It supports automatic code validation services.
C. It provides the ability to programmatically provision existing resources.

D. It automates the resource request process from a company’s IT vendor list.
Answer: C
QUESTION NO: 122: What can AWS edge locations be used for? (Choose two.)
A. Hosting applications
B. Delivering content closer to users
C. Running NoSQL database caching services
D. Reducing traffic on the server by caching responses
E. Sending notification messages to end users
Answer: B,D
QUESTION NO: 123: Which of the following can limit Amazon Simple Storage Service
(Amazon S3) bucket access to specific users?
A. A public and private key-pair
B. Amazon Inspector
C. AWS Identity and Access Management (IAM) policies
D. Security Groups
Answer: C
QUESTION NO: 124: A solution that is able to support growth in users, traffic, or data size
with no drop in performance aligns with which cloud architecture principle?
A. Think parallel
B. Implement elasticity
C. Decouple your components
D. Design for failure
Answer: B
QUESTION NO: 125: A company will be moving from an on-premises data center to the AWS
Cloud. What would be one financial difference after the move?
A. Moving from variable operational expense (opex) to upfront capital expense (capex).
B. Moving from upfront capital expense (capex) to variable capital expense (capex).
C. Moving from upfront capital expense (capex) to variable operational expense (opex).
D. Elimination of upfront capital expense (capex) and elimination of variable operational expense
(opex).
Answer: C
QUESTION NO: 126: How should a customer forecast the future costs for running a new web application?
A. Amazon Aurora Backtrack
B. Amazon CloudWatch Billing Alarms
D. AWS Cost and Usage report
Answer: C
QUESTION NO: 127: Which is the MINIMUM AWS Support plan that provides technical
support through phone calls?
A. Enterprise
B. Business
C. Developer
D. Basic
Answer: B
QUESTION NO: 128 Which of the following tasks is the responsibility of AWS?
A. Encrypting client-side data
B. Configuring AWS Identity and Access Management (IAM) roles
C. Securing the Amazon EC2 hypervisor
D. Setting user password policies
Answer: C
QUESTION NO: 129: One benefit of On-Demand Amazon Elastic Compute Cloud (Amazon
EC2) pricing is:
A. the ability to bid for a lower hourly cost.
B. paying a daily rate regardless of time used.
C. paying only for time used.

D. pre-paying for instances and paying a lower hourly rate.
Answer: C
QUESTION NO: 130: An administrator needs to rapidly deploy a popular IT solution and start
using it immediately. Where can the administrator find assistance?
A. AWS Well-Architected Framework documentation
B. Amazon CloudFront
C. AWS CodeCommit
D. AWS Quick Start reference deployments
Answer: D
QUESTION NO: 131: Which of the following services is in the category of AWS serverless
platform?
A. Amazon EMR
C. AWS Lambda
D. AWS Mobile Hub
Answer: C
QUESTION NO: 132: Which services are parts of the AWS serverless platform?
A. Amazon EC2, Amazon S3, Amazon Athena
B. Amazon Kinesis, Amazon SQS, Amazon EMR
C. AWS Step Functions, Amazon DynamoDB, Amazon SNS
D. Amazon Athena, Amazon Cognito, Amazon EC2
Answer: C
QUESTION NO: 133: According to the AWS shared responsibility model, what is the sole
responsibility of AWS?
A. Application security
B. Edge location management
C. Patch management
D. Client-side data
Answer: B
QUESTION NO: 134: Which AWS IAM feature is used to associate a set of permissions with
multiple users?
A. Multi-factor authentication
B. Groups
C. Password policies
D. Access keys
Answer: B
QUESTION NO: 135: Which of the following are benefits of the AWS Cloud? (Choose two.)
A. Unlimited uptime
B. Elasticity
C. Agility
D. Colocation
E. Capital expenses
Answer: B,C
QUESTION NO: 136: Which of the following can a customer use to enable single sign-on
(SSO) to the AWS Console?
A. Amazon Connect
B. AWS Directory Service
C. Amazon Pinpoint
D. Amazon Rekognition
Answer: B
QUESTION NO: 137: What are the multiple, isolated locations within an AWS Region that are
connected by low-latency networks called?
A. AWS Direct Connects
B. Amazon VPCs
C. Edge locations
D. Availability Zones
Answer: D
QUESTION NO: 138: Which of the following benefits does the AWS Compliance program
provide to AWS customers? (Choose two.)
A. It verifies that hosted workloads are automatically compliant with the controls of supported
compliance frameworks.
B. AWS is responsible for the maintenance of common compliance framework documentation.
C. It assures customers that AWS is maintaining physical security and data protection.
D. It ensures the use of compliance frameworks that are being used by other cloud providers.
E. It will adopt new compliance frameworks as they become relevant to customer workloads.
Answer: B,C
QUESTION NO: 139: Which of the following services provides on-demand access to AWS
compliance reports?
A. AWS IAM
B. AWS Artifact
C. Amazon GuardDuty
D. AWS KMS
Answer: B
QUESTION NO: 140: As part of the AWS shared responsibility model, which of the following
operational controls do users fully inherit from AWS?
A. Security management of data center
B. Patch management
C. Configuration management
D. User and access management
Answer: A
QUESTION NO: 141: When comparing AWS Cloud with on-premises Total Cost of
Ownership, which expenses must be considered? (Choose two.)
A. Software development
B. Project management
C. Storage hardware
D. Physical servers
E. Antivirus software license
Answer: C,D
QUESTION NO: 142: Under the shared responsibility model, which of the following tasks are the
responsibility of the customer? (Choose two.)
A. Maintaining the underlying Amazon EC2 hardware.
B. Managing the VPC network access control lists.
C. Encrypting data in transit and at rest.
D. Replacing failed hard disk drives.
E. Deploying hardware in different Availability Zones.
Answer: B,C
QUESTION NO: 143: Which scenarios represent the concept of elasticity on AWS? (Choose
two.)
A. Scaling the number of Amazon EC2 instances based on traffic.
B. Resizing Amazon RDS instances as business needs change.
C. Automatically directing traffic to less-utilized Amazon EC2 instances.
D. Using AWS compliance documents to accelerate the compliance process.
E. Having the ability to create and govern environments using code.
Answer: A,B
QUESTION NO: 144: When is it beneficial for a company to use a Spot Instance?
A. When there is flexibility in when an application needs to run.
B. When there are mission-critical workloads.
C. When dedicated capacity is needed.
D. When an instance should not be stopped.
Answer: A
QUESTION NO: 145: A company is considering moving its on-premises data center to AWS.
What factors should be included in doing a Total Cost of Ownership (TCO) analysis?
(Choose two.)
A. Amazon EC2 instance availability
B. Power consumption of the data center
C. Labor costs to replace old servers
D. Application developer time
E. Database engine capacity
Answer: B,C
QUESTION NO: 146: How does AWS charge for AWS Lambda?
A. Users bid on the maximum price they are willing to pay per hour.
B. Users choose a 1-, 3- or 5-year upfront payment term.
C. Users pay for the required permanent storage on a file system or in a database.
D. Users pay based on the number of requests and consumed compute resources.
Answer: D
QUESTION NO: 147: What function do security groups serve related to Amazon Elastic
Compute Cloud (Amazon EC2) instance security?
A. Act as a virtual firewall for the Amazon EC2 instance.
B. Secure AWS user accounts with AWS Identity and Access Management (IAM) policies.
C. Provide DDoS protection with AWS Shield.
D. Use Amazon CloudFront to protect the Amazon EC2 instance.
Answer: A
QUESTION NO: 148: Which disaster recovery scenario offers the lowest probability of down
time?
A. Backup and restore
B. Pilot light
C. Warm standby
D. Multi-site active-active
Answer: D
QUESTION NO: 149: What will help a company perform a cost benefit analysis of migrating
to the AWS Cloud?
A. Cost Explorer
B. AWS Total Cost of Ownership (TCO) Calculator
Answer: B
QUESTION NO: 150: Which of the following provides the ability to share the cost benefits of
Reserved Instances across AWS accounts?
A. AWS Cost Explorer between AWS accounts
B. Linked accounts and consolidated billing
C. Amazon Elastic Compute Cloud (Amazon EC2) Reserved Instance Utilization Report
D. Amazon EC2 Instance Usage Report between AWS accounts
Answer: B
QUESTION NO: 151: A company has multiple AWS accounts and wants to simplify and
consolidate its billing process. Which AWS service will achieve this?
A. AWS Cost and Usage Reports
C. AWS Cost Explorer
D. AWS Budgets
Answer: B
QUESTION NO: 152: A company is designing an application hosted in a single AWS Region
serving end-users spread across the world. The company wants to provide the end-users
low latency access to the application data.
Which of the following services will help fulfill this requirement?
B. AWS Direct Connect
C. Amazon Route 53 global DNS
D. Amazon Simple Storage Service (Amazon S3) transfer acceleration
Answer: A
QUESTION NO: 153: Which of the following deployment models enables customers to fully
trade their capital IT expenses for operational expenses?
A. On-premises
B. Hybrid
C. Cloud
D. Platform as a service
Answer: C
QUESTION NO: 154: How is asset management on AWS easier than asset management in a
physical data center?
A. AWS provides a Configuration Management Database that users can maintain.
B. AWS performs infrastructure discovery scans on the customer’s behalf.
C. Amazon EC2 automatically generates an asset report and places it in the customer’s specified
Amazon S3 bucket.
D. Users can gather asset metadata reliably with a few API calls.
Answer: B
QUESTION NO: 155: What feature of Amazon RDS helps to create globally redundant
databases?
A. Snapshots
B. Automatic patching and updating
C. Cross-Region read replicas
D. Provisioned IOPS
Answer: C
QUESTION NO: 156: Using AWS Identity and Access Management (IAM) to grant access only
to the resources needed to perform a task is a concept known as:
A. restricted access.
B. as-needed access.
C. least privilege access.
D. token access.
Answer: C
QUESTION NO: 157 Which methods can be used to identify AWS costs by departments?
(Choose two.)
A. Enable multi-factor authentication for the AWS account root user.
B. Create separate accounts for each department.
C. Use Reserved Instances whenever possible.
D. Use tags to associate each instance with a particular department.
E. Pay bills using purchase orders.
Answer: B,D
QUESTION NO: 158
Under the AWS shared responsibility model, customer responsibilities include which one of the
following?
A. Securing the hardware, software, facilities, and networks that run all products and services.
B. Providing certificates, reports, and other documentation directly to AWS customers under NDA.
C. Configuring the operating system, network, and firewall.
D. Obtaining industry certifications and independent third-party attestations.
Answer: C
QUESTION NO: 159: Which managed AWS service provides real-time guidance on AWS
security best practices?
A. AWS X-Ray
D. AWS Systems Manager
Answer: B
QUESTION NO: 160: Which feature adds elasticity to Amazon EC2 instances to handle the
changing demand for workloads?
B. Resource groups
C. Lifecycle policies
D. Application Load Balancer
E. Amazon EC2 Auto Scaling
Answer: D
QUESTION NO: 161: Under the AWS shared responsibility model, customers are responsible
for which aspects of security in the cloud? (Choose two.)
A. Virtualization Management
B. Hardware management
C. Encryption management
D. Facilities management
E. Firewall management
Answer: C,E
QUESTION NO: 162: Which AWS hybrid storage service enables your on-premises
applications to seamlessly use AWS Cloud storage through standard file-storage protocols?
B. AWS Snowball
D. AWS Snowball Edge

Answer: C
QUESTION NO: 163: What is a responsibility of AWS in the shared responsibility model?
A. Updating the network ACLs to block traffic to vulnerable ports.
B. Patching operating systems running on Amazon EC2 instances.
C. Updating the firmware on the underlying EC2 hosts.
D. Updating the security group rules to block traffic to the vulnerable ports.
Answer: C
QUESTION NO: 164

Which architectural principle is used when deploying an Amazon Relational Database Service
(Amazon RDS) instance in Multiple Availability Zone mode?
A. Implement loose coupling.
B. Design for failure.
C. Automate everything that can be automated.
D. Use services, not servers.
Answer: B
QUESTION NO: 165: What does it mean to grant least privilege to AWS IAM users?
A. It is granting permissions to a single user only.
B. It is granting permissions using AWS IAM policies only.

C. It is granting Administrator Access policy permissions to trustworthy users.
D. It is granting only the permissions required to perform a given task.
Answer: D
QUESTION NO: 166: What is a benefit of loose coupling as a principle of cloud architecture
design?
A. It facilitates low-latency request handling.
B. It allows applications to have dependent workflows.
C. It prevents cascading failures between different components.
D. It allows companies to focus on their physical data center operations.
Answer: C
QUESTION NO: 167: A director has been tasked with investigating hybrid cloud architecture.
The company currently accesses AWS over the public internet.
Which service will facilitate private hybrid connectivity?
A. Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway
C. Amazon Simple Storage Service (Amazon S3) Transfer Acceleration
D. AWS Web Application Firewall (AWS WAF)
Answer: B
QUESTION NO: 168: A company’s web application currently has tight dependencies on
underlying components, so when one component fails the entire web application fails.
Applying which AWS Cloud design principle will address the current design issue?
A. Implementing elasticity, enabling the application to scale up or scale down as demand changes.
B. Enabling several EC2 instances to run in parallel to achieve better performance.

C. Focusing on decoupling components by isolating them and ensuring individual components can
function when other components fail.
D. Doubling EC2 computing resources to increase system fault tolerance.
Answer: C
QUESTION NO: 169: How can a customer increase security to AWS account logons? (Choose two.)
A. Configure AWS Certificate Manager
B. Enable Multi-Factor Authentication (MFA)
C. Use Amazon Cognito to manage access
D. Configure a strong password policy
E. Enable AWS Organizations
Answer: B,C
QUESTION NO: 170: What AWS service would be used to centrally manage AWS access
across multiple accounts?
A. AWS Service Catalog
B. AWS Config
D. AWS Organizations
Answer: D
QUESTION NO: 171: Which AWS service can a customer use to set up an alert notification
when the account is approaching a particular dollar amount?
A. AWS Cost and Usage reports
B. AWS Budgets
C. AWS Cost Explorer
Answer: B
QUESTION NO: 172: What can users access from AWS Artifact?
A. AWS security and compliance documents
B. A download of configuration management details for all AWS resources
C. Training materials for AWS services
D. A security assessment of the applications deployed in the AWS Cloud

Answer: A
QUESTION NO: 173: What is the MINIMUM AWS Support plan that provides designated
Technical Account Managers?
A. Enterprise
B. Business
C. Developer
D. Basic
Answer: A
QUESTION NO: 174: Which of the following is an AWS Well-Architected Framework design
principle related to reliability?
A. Deployment to a single Availability Zone
B. Ability to recover from failure
C. Design for cost optimization
D. Perform operations as code

Answer: B
QUESTION NO: 175: Which type of AWS storage is ephemeral and is deleted when an
instance is stopped or terminated?
A. Amazon EBS
B. Amazon EC2 instance store
C. Amazon EFS
D. Amazon S3
Answer: B
QUESTION NO: 176: What is an advantage of using the AWS Cloud over a traditional on-
premises solution?
A. Users do not have to guess about future capacity needs.
B. Users can utilize existing hardware contracts for purchases.
C. Users can fix costs no matter what their traffic is.
D. Users can avoid audits by using reports from AWS.
Answer: A
QUESTION NO: 177: Which of the following is an AWS-managed compute service?

A. Amazon SWF
B. Amazon EC2
C. AWS Lambda
D. Amazon Aurora
Answer: B
QUESTION NO: 178: Which of the following is an important architectural principle when designing
cloud applications?
A. Store data and backups in the same region.
B. Design tightly coupled system components.
C. Avoid multi-threading.
D. Design for failure.
Answer: D
QUESTION NO: 179: Which mechanism allows developers to access AWS services from
application code?
A. AWS Software Development Kit
B. AWS Management Console
C. AWS CodePipeline
D. AWS Config
Answer: A
QUESTION NO: 180: Which Amazon EC2 pricing model is the MOST cost efficient for an
uninterruptible workload that runs once a year for 24 hours?
C. Spot Instances
D. Dedicated Instances
Answer: A
QUESTION NO: 181: Which of the following services is a MySQL-compatible database that
automatically grows storage as needed?
A. Amazon Elastic Compute Cloud (Amazon EC2)
B. Amazon Relational Database Service (Amazon RDS) for MySQL
C. Amazon Lightsail
D. Amazon Aurora
Answer: D
QUESTION NO: 182: Which Amazon Virtual Private Cloud (Amazon VPC) feature enables
users to connect two VPCs together?
A. Amazon VPC endpoints
B. Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink
C. Amazon VPC peering

Answer: C
QUESTION NO: 183: Which service’s PRIMARY purpose is software version control?
A. Amazon CodeStar
B. AWS Command Line Interface (AWS CLI)
C. Amazon Cognito
D. AWS CodeCommit
Answer: D
QUESTION NO: 184: A company is considering migrating its applications to AWS. The
company wants to compare the cost of running the workload on-premises to running the
equivalent workload on the AWS platform.
Which tool can be used to perform this comparison?
A. AWS Simple Monthly Calculator
C. AWS Billing and Cost Management console
D. Cost Explorer
Answer: B
QUESTION NO: 185: Which AWS service provides a secure, fast, and cost-effective way to
migrate or transport exabyte-scale datasets into AWS?
A. AWS Batch
B. AWS Snowball
C. AWS Migration Hub
D. AWS Snowmobile
Answer: D
QUESTION NO: 186: Which of the following BEST describe the AWS pricing model? (Choose
two.)
A. Fixed-term
B. Pay-as-you-go
C. Colocation
D. Planned
E. Variable cost
Answer: B,E
QUESTION NO: 187: Which load balancer types are available with Elastic Load Balancing
(ELB)? (Choose two.)
A. Public load balancers with AWS Application Auto Scaling capabilities
B. F5 Big-IP and Citrix NetScaler load balancers
C. Classic Load Balancers
D. Cross-zone load balancers with public and private IPs
E. Application Load Balancers
Answer: C,E
QUESTION NO: 188: Why should a company choose AWS instead of a traditional data
center?
A. AWS provides users with full control over the underlying resources.
B. AWS does not require long-term contracts and provides a pay-as-you-go model.
C. AWS offers edge locations in every country, supporting global reach.
D. AWS has no limits on the number of resources that can be created.
Answer: B
QUESTION NO: 189: Which solution provides the FASTEST application response times to
frequently accessed data to users in multiple AWS Regions?
A. AWS CloudTrail across multiple Availability Zones
B. Amazon CloudFront to edge locations
C. AWS CloudFormation in multiple regions
D. A virtual private gateway over AWS Direct Connect
Answer: B
QUESTION NO: 190: Which AWS service provides a self-service portal for on-demand
access to AWS compliance reports?
A. AWS Config
B. AWS Certificate Manager
C. Amazon Inspector
D. AWS Artifact
Answer: D
QUESTION NO: 191: Which of the following AWS services can be used to run a self-
managed database?
A. Amazon Route 53
B. AWS X-Ray
C. AWS Snowmobile
D. Amazon Elastic Compute Cloud (Amazon EC2)
Answer: D
QUESTION NO: 192: What exclusive benefit is provided to users with Enterprise Support?
A. Access to a Technical Project Manager
B. Access to a Technical Account Manager
C. Access to a Cloud Support Engineer
D. Access to a Solutions Architect
Answer: B
QUESTION NO: 193: How can a user protect against AWS service disruptions if a natural
disaster affects an entire geographic area?
A. Deploy applications across multiple Availability Zones within an AWS Region.
B. Use a hybrid cloud computing deployment model within the geographic area.
C. Deploy applications across multiple AWS Regions.
D. Store application artifacts using AWS Artifact and replicate them across multiple AWS Regions.
Answer: C
QUESTION NO: 194: How does AWS MOST effectively reduce computing costs for a growing
start-up company?
A. It provides on-demand resources for peak usage.
B. It automates the provisioning of individual developer environments.
C. It automates customer relationship management.
D. It implements a fixed monthly computing budget.
Answer: A
QUESTION NO: 195: A startup is working on a new application that needs to go to market
quickly. The application requirements may need to be adjusted in the near future. Which of
the following is a characteristic of the AWS Cloud that would meet this specific need?
A. Elasticity
B. Reliability
C. Performance
D. Agility
Answer: D
QUESTION NO: 196: Which AWS Support plan provides a full set of AWS Trusted Advisor
checks?
A. Business and Developer Support
B. Business and Basic Support
C. Enterprise and Developer Support
D. Enterprise and Business Support
Answer: D
QUESTION NO: 197: Which of the following services have Distributed Denial of Service (DDoS) mitigation
features? (Choose two.)
A. AWS WAF
B. Amazon DynamoDB
C. Amazon EC2
E. Amazon Inspector
Answer: A,D
QUESTION NO: 198: When building a cloud Total Cost of Ownership (TCO) model, which
cost elements should be considered for workloads running on AWS? (Choose three.)
A. Compute costs
B. Facilities costs
C. Storage costs
D. Data transfer costs
E. Network infrastructure costs
F. Hardware lifecycle costs
Answer: A,C,E
QUESTION NO: 199: What time-savings advantage is offered with the use of Amazon
Recognition?
A. Amazon Rekognition provides automatic watermarking of images.
B. Amazon Rekognition provides automatic detection of objects appearing in pictures.
C. Amazon Rekognition provides the ability to resize millions of images automatically.
D. Amazon Rekognition uses Amazon Mechanical Turk to allow humans to bid on object detection
jobs.
Answer: B
Question No:200: When comparing AWS with on-premises Total Cost of Ownership (TCO),
what costs are included?
A. Data center security
B. Business analysis
C. Project management
D. Operating system administration
Answer: A
QUESTION NO: 201: According to the AWS shared responsibility model, what is AWS
responsible for? Configuring Amazon VPC
A. Managing application code
B. Maintaining application traffic
C. Managing the network infrastructure
Answer: D
QUESTION NO: 202: Which service should be used to estimate the costs of running a new
project on AWS?
A. AWS TCO Calculator
B. AWS Simple Monthly Calculator
C. AWS Cost Explorer API
D. AWS Budgets
Answer: B
QUESTION NO: 203: Which AWS tool will identify security groups that grant unrestricted
Internet access to a limited list of ports?
A. AWS Organizations
C. AWS Usage Report

D. Amazon EC2 dashboard
Answer: B
QUESTION NO: 204: Which AWS service can be used to generate alerts based on an
estimated monthly bill?
A. AWS Config
B. Amazon CloudWatch
C. AWS X-Ray
D. AWS CloudTrail
Answer: B
QUESTION NO: 205: Which Amazon EC2 pricing model offers the MOST significant discount
when compared to On- Demand Instances?
A. Partial Upfront Reserved Instances for a 1-year term
B. All Upfront Reserved Instances for a 1-year term
C. All Upfront Reserved Instances for a 3-year term
D. No Upfront Reserved Instances for a 3-year term
Answer: C
QUESTION NO: 206: Which of the following is the responsibility of AWS?

A. Setting up AWS Identity and Access Management (IAM) users and groups
B. Physically destroying storage media at end of life
C. Patching guest operating systems
D. Configuring security settings on Amazon EC2 instances
Answer: B
QUESTION NO: 207: Which of the following is an advantage of using AWS?

A. AWS audits user data.
B. Data is automatically secure.
C. There is no guessing on capacity needs.
D. AWS manages compliance needs.
Answer: C
QUESTION NO: 208: Which AWS service would a customer use with a static website to
achieve lower latency and high transfer speeds?
A. AWS Lambda
B. Amazon DynamoDB Accelerator
C. Amazon Route 53
Answer: D
QUESTION NO: 209: Which services manage and automate application deployments on
AWS? (Choose two.)
B. AWS CodeCommit
E. AWS Config
Answer: A,D
QUESTION NO: 210: A user wants guidance on possible savings when migrating from on-
premises to AWS. Which tool is suitable for this scenario?
A. AWS Budgets
B. Cost Explorer
C. AWS Total Cost of Ownership (TCO) Calculator
D. AWS Well-Architected Tool
Answer: C
QUESTION NO: 211: Which principles are used to architect applications for reliability on the
AWS Cloud? (Choose two.)
A. Design for automated failure recovery
B. Use multiple Availability Zones
C. Manage changes via documented processes
D. Test for moderate demand to ensure reliability
E. Backup recovery to an on-premises environment
Answer: A,B
QUESTION NO: 212: What tasks should a customer perform when that customer suspects
an AWS account has been compromised? (Choose two.)
A. Rotate passwords and access keys.
B. Remove MFA tokens.
C. Move resources to a different AWS Region.
D. Delete AWS CloudTrail Resources.
E. Contact AWS Support.
Answer: A,E
QUESTION NO: 213: What is an example of high availability in the AWS Cloud?
A. Consulting AWS technical support at any time day or night
B. Ensuring an application remains accessible, even if a resource fails
C. Making any AWS service available for use by paying on demand
D. Deploying in any part of the world using AWS Regions
Answer: B
QUESTION NO: 214: Which AWS security service protects applications from distributed
denial of service attacks with always-on detection and automatic inline mitigations?
A. Amazon Inspector
B. AWS Web Application Firewall (AWS WAF)
C. Elastic Load Balancing (ELB)
D. AWS Shield
Answer: D
QUESTION NO: 215: A company wants to monitor the CPU usage of its Amazon EC2
resources. Which AWS service should the company use?
A. AWS CloudTrail
D. Amazon Simple Notification Service (Amazon SNS)
Answer: B
QUESTION NO: 216: What is an AWS Identity and Access Management (IAM) role?
A. A user associated with an AWS resource
B. A group associated with an AWS resource

C. An entity that defines a set of permissions for use with an AWS resource
D. An authentication credential associated with a multi-factor authentication (MFA) token

Answer: C
QUESTION NO: 217: What are the advantages of Reserved Instances? (Choose two.)
A. They provide a discount over on-demand pricing.
B. They provide access to additional instance types.
C. They provide additional networking capability.
D. Customers can upgrade instances as new types become available.
E. Customers can reserve capacity in an Availability Zone.
Answer: A,E
QUESTION NO: 218: How do Amazon EC2 Auto Scaling groups help achieve high availability
for a web application?
A. They automatically add more instances across multiple AWS Regions based on global demand
of the application.
B. They automatically add or replace instances across multiple Availability Zones when the
application needs it.
C. They enable the application's static content to reside closer to end users.
D. They are able to distribute incoming requests across a tier of web server instances.
Answer: B
QUESTION NO: 219: How can one AWS account use Reserved Instances from another AWS
account?
A. By using Amazon EC2 Dedicated Instances
B. By using AWS Organizations consolidated billing
C. By using the AWS Cost Explorer tool
D. By using AWS Budgets
Answer: B
QUESTION NO: 220: A customer runs an On-Demand Amazon Linux EC2 instance for 3
hours, 5 minutes, and 6 seconds.
For how much time will the customer be billed?
A. 3 hours, 5 minutes
B. 3 hours, 5 minutes, and 6 seconds

C. 3 hours, 6 minutes
D. hours
Answer: B
QUESTION NO: 221: Which of the following AWS services provide compute resources?
(Choose two.)
A. AWS Lambda
B. Amazon Elastic Container Service (Amazon ECS)
C. AWS CodeDeploy
D. Amazon Glacier
E. AWS Organizations
Answer: A,B
QUESTION NO: 222: Which AWS service enables users to deploy infrastructure as code by
automating the process of provisioning resources?
A. Amazon GameLift
D. AWS Glue
Answer: B
QUESTION NO: 223: Which AWS services provide a way to extend an on-premises
architecture to the AWS Cloud? (Choose two.)
A. Amazon EBS
C. Amazon CloudFront
D. AWS Storage Gateway
E. Amazon Connect
Answer: B,D
QUESTION NO: 224: Which of the following allows users to provision a dedicated network
connection from their internal network to AWS?
A. AWS CloudHSM
C. AWS VPN
D. Amazon Connect
Answer: B
QUESTION NO: 225: Which services use AWS edge locations? (Choose two.)
B. AWS Shield
C. Amazon EC2
D. Amazon RDS
E. Amazon ElastiCache
Answer: A,B
QUESTION NO: 226: Which service would provide network connectivity in a hybrid
architecture that includes the AWS Cloud?
A. Amazon VPC
C. AWS Directory Service
D. Amazon API Gateway

Answer: B
QUESTION NO: 227: Which tool can be used to compare the costs of running a web
application in a traditional hosting environment to running it on AWS?
B. AWS Budgets
D. AWS Total Cost of Ownership (TCO) Calculator
Answer: D
QUESTION NO: 228: What is the value of using third-party software from AWS Marketplace
instead of installing third- party software on Amazon EC2? (Choose two.)
A. Users pay for software by the hour or month depending on licensing.
B. AWS Marketplace enables the user to launch applications with 1-Click.
C. AWS Marketplace data encryption is managed by a third-party vendor.
D. AWS Marketplace eliminates the need to upgrade to newer software versions.
E. Users can deploy third-party software without testing.

Answer: A,B
QUESTION NO: 229: Which of the following is a cloud architectural design principle?
A. Scale up, not out.
B. Loosely couple components.
C. Build monolithic systems.
D. Use commercial database software.
Answer: B
QUESTION NO: 230: Under the shared responsibility model; which of the following areas are
the customer's responsibility? (Choose two.)
A. Firmware upgrades of network infrastructure
B. Patching of operating systems
C. Patching of the underlying hypervisor
D. Physical security of data centers
E. Configuration of the security group
Answer: B,E
QUESTION NO: 231: Which service enables customers to audit and monitor changes in AWS
resources?
B. B.Amazon GuardDuty
C. Amazon Inspector
D. AWS Config
Answer: D
QUESTION NO: 232: Which AWS service identifies security groups that allow unrestricted
access to a user’s AWS resources?
A. AWS CloudTrail
D. Amazon Inspector
Answer: B
QUESTION NO: 233: According to the AWS shared responsibility model, who is responsible
for configuration management?
A. It is solely the responsibility of the customer.
B. It is solely the responsibility of AWS.
C. It is shared between AWS and the customer.
D. It is not part of the AWS shared responsibility model.
Answer: C
QUESTION NO: 234: Which AWS service is a content delivery network that securely delivers
data, video, and applications to users globally with low latency and high speeds?
A. AWS CloudFormation
D. Amazon Pinpoint
Answer: C
QUESTION NO: 235: Which benefit of the AWS Cloud supports matching the supply of
resources with changing workload demands?
A. Security
B. Reliability
C. Elasticity
Answer: C
QUESTION NO: 236: A user is running an application on AWS and notices that one or more
AWS-owned IP addresses is involved in a distributed denial-of-service (DDoS) attack.
Who should the user contact FIRST about this situation?
A. AWS Premium Support
B. AWS Technical Account Manager
C. AWS Solutions Architect
D. AWS Abuse team

Answer: D
QUESTION NO: 237: Which of the following are benefits of hosting infrastructure in the AWS
Cloud? (Choose two.)
A. There are no upfront commitments.
B. AWS manages all security in the cloud.
C. Users have the ability to provision resources on demand.
D. Users have access to free and unlimited storage.
E. Users have control over the physical infrastructure.
Answer: A,C
Question No:238: Access keys in AWS Identity and Access Management (IAM) are used to:
A. log in to the AWS Management Console.
B. make programmatic calls to AWS from AWS APIs.
C. log in to Amazon EC2 instances.
D. authenticate to AWS CodeCommit repositories.
Answer: B
QUESTION NO: 239: What is AWS Trusted Advisor?

A. It is an AWS staff member who provides recommendations and best practices on how to use
AWS.
B. It is a network of AWS partners who provide recommendations and best practices on how to use
AWS.
C. It is an online tool with a set of automated checks that provides recommendations on cost
optimization, performance, and security.
D. It is another name for AWS Technical Account Managers who provide recommendations on cost
optimization, performance, and security.
Answer: C
QUESTION NO: 240: Which AWS service or feature allows a company to visualize,
understand, and manage AWS costs and usage over time?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Organizations
D. Consolidated billing
Answer: B
QUESTION NO: 241: Which AWS service offers on-demand access to AWS security and
compliance reports?
A. AWS CloudTrail
B. AWS Artifact
C. AWS Health
Answer: B
QUESTION NO: 242: What are the benefits of using the AWS Cloud for companies with
customers in many countries around the world? (Choose two.)
A. Companies can deploy applications in multiple AWS Regions to reduce latency.
B. Amazon Translate automatically translates third-party website interfaces into multiple

languages.
C. Amazon CloudFront has multiple edge locations around the world to reduce latency.
E. Amazon Comprehend allows users to build applications that can respond to user requests in
many languages.
F. Elastic Load Balancing can distribute application web traffic to multiple AWS Regions around
the world, which reduces latency.
Answer: A,C
QUESTION NO: 243: Which AWS service handles the deployment details of capacity
provisioning, load balancing, Auto Scaling, and application health monitoring?
A. AWS Config
B. AWS Elastic Beanstalk
C. Amazon Route 53
Answer: B
QUESTION NO: 244: Which AWS service provides inbound and outbound network ACLs to
harden external connectivity to Amazon EC2?
A. AWS IAM
B. Amazon Connect
C. Amazon VPC
D. Amazon API Gateway
Answer: C
QUESTION NO: 245: When a company provisions web servers in multiple AWS Regions,
what is being increased?
A. Coupling
B. Availability
C. Security
D. Durability
Answer: B
QUESTION NO: 246: The pay-as-you-go pricing model for AWS services:
A. reduces capital expenditures.
B. requires payment up front for AWS services.
C. is relevant only for Amazon EC2, Amazon S3, and Amazon RDS.
D. reduces operational expenditures.
Answer: A
QUESTION NO: 247: Under the AWS shared responsibility model, AWS is responsible for
which security-related task?
A. Lifecycle management of IAM credentials
B. Physical security of global infrastructure
C. Encryption of Amazon EBS volumes
D. Firewall configuration
Answer: B
QUESTION NO: 248: Which AWS service enables users to consolidate billing across multiple
accounts?
A. Amazon QuickSight
C. AWS Budgets
D. Amazon Forecast
Answer: B
QUESTION NO: 249: Under the AWS shared responsibility model, which of the following is
an example of security in the AWS Cloud?
A. Managing edge locations
C. Firewall configuration
D. Global infrastructure
Answer: B
QUESTION NO: 250: How can an AWS user with an AWS Basic Support plan obtain technical
assistance from AWS?
A. AWS Senior Support Engineers
B. AWS Technical Account Managers

D. AWS Discussion Forums
Answer: D
QUESTION NO: 251: Which of the following are pillars of the AWS Well-Architected
Framework? (Choose two.)
A. Multiple Availability Zones
B. Performance efficiency
C. Security
D. Encryption usage
E. High availability
Answer: B,C
QUESTION NO: 252: After selecting an Amazon EC2 Dedicated Host reservation, which
pricing option would provide the largest discount?
A. No upfront payment
B. Hourly on-demand payment
C. Partial upfront payment
D. All upfront payment
Answer: D
QUESTION NO: 253: What is an advantage of deploying an application across multiple

Availability Zones?
A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given
AWS Region.
B. The application will have higher availability because it can withstand a service disruption in one
Availability Zone.
C. There will be better coverage as Availability Zones are geographically distant and can serve a
wider area.
E. There will be decreased application latency that will improve the user experience.
Answer: B
QUESTION NO: 254: A Cloud Practitioner is asked how to estimate the cost of using a new
application on AWS. What is the MOST appropriate response?
A. Inform the user that AWS pricing allows for on-demand pricing.
B. Direct the user to the AWS Simple Monthly Calculator for an estimate.
C. Use Amazon QuickSight to analyze current spending on-premises.
D. Use Amazon AppStream 2.0 for real-time pricing analytics.
Answer: B
QUESTION NO: 255: A company wants to migrate its applications to a VPC on AWS. These
applications will need to access on-premises resources. What combination of actions will
enable the company to accomplish this goal? (Choose two.)
A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated.
B. Build a VPN connection between an on-premises device and a virtual private gateway in the
new VPC.
C. Use Amazon Athena to query data from the on-premises database servers.
D. Connect the company’s on-premises data center to AWS using AWS Direct Connect.
E. Leverage Amazon CloudFront to restrict access to static web content provided through the
company’s on-premises web servers.
Answer: B,D
QUESTION NO: 256: A web application running on AWS has been spammed with malicious
requests from a recurring set of IP addresses. Which AWS service can help secure the
application and block the malicious traffic?
A. AWS IAM
B. Amazon GuardDuty
C. Amazon Simple Notification Service (Amazon SNS)
D. AWS WAF
Answer: D
QUESTION NO: 257: Treating infrastructure as code in the AWS Cloud allows users to:
A. automate migration of on-premises hardware to AWS data centers.
B. let a third party automate an audit of the AWS infrastructure.
C. turn over application code to AWS so it can run on the AWS infrastructure.
D. automate the infrastructure provisioning process.
Answer: D
QUESTION NO: 258: A company requires a dedicated network connection between its on-
premises servers and the AWS Cloud. Which AWS service should be used?
A. AWS VPN
C. Amazon API Gateway
D. Amazon Connect
Answer: B
QUESTION NO: 259: Which AWS service can be used to query stored datasets directly from
Amazon S3 using standard SQL?
A. AWS Glue
B. AWS Data Pipeline
C. Amazon CloudSearch
D. Amazon Athena
Answer: D
QUESTION NO: 260: AWS CloudFormation is designed to help the user:

A. model and provision resources.
B. update application code.
C. set up data lakes.
D. create reports for billing.
Answer: A
QUESTION NO: 261: Which of the following is an AWS database service?

A. Amazon Redshift
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3 Glacier
D. AWS Snowball
Answer: A
QUESTION NO: 262: A Cloud Practitioner must determine if any security groups in an AWS
account have been provisioned to allow unrestricted access for specific ports. What is the
SIMPLEST way to do this?
A. Review the inbound rules for each security group in the Amazon EC2 management console to
check for port 0.0.0.0/0.
B. Run AWS Trusted Advisor and review the findings.
C. Open the AWS IAM console and check the inbound rule filters for open access.
D. In AWS Config, create a custom rule that invokes an AWS Lambda function to review rules for
inbound access.
Answer: B
QUESTION NO: 263: What are the benefits of developing and running a new application in
the AWS Cloud compared to on-premises? (Choose two.)
A. AWS automatically distributes the data globally for higher durability.
B. AWS will take care of operating the application.

C. AWS makes it easy to architect for high availability.
D. AWS can easily accommodate application demand changes.
E. AWS takes care application security patching.
Answer: C,D
QUESTION NO: 264: A user needs an automated security assessment report that will identify
unintended network access to Amazon EC2 instances and vulnerabilities on those
instances. Which AWS service will provide this assessment report?
A. EC2 security groups
B. AWS Config
C. Amazon Macie
D. Amazon Inspector
Answer: D
QUESTION NO: 265: How can a company isolate the costs of production and non-production
workloads on AWS?
A. Create Identity and Access Management (IAM) roles for production and non-production
workloads.
B. Use different accounts for production and non-production expenses.
C. Use Amazon EC2 for non-production workloads and other services for production workloads.
D. Use Amazon CloudWatch to monitor the use of services.
Answer: B
QUESTION NO: 266: Where can users find a catalog of AWS-recognized providers of third-
party security solutions?
A. AWS Service Catalog

B. AWS Marketplace
C. AWS Quick Start
D. AWS CodeDeploy
Answer: A
QUESTION NO: 267: A Cloud Practitioner needs to store data for 7 years to meet regulatory
requirements. Which AWS service will meet this requirement at the LOWEST cost?
A. Amazon S3
B. AWS Snowball
C. Amazon Redshift
D. Amazon S3 Glacier
Answer: D
QUESTION NO: 268: What are the immediate benefits of using the AWS Cloud? (Choose
two.)
A. Increased IT staff.
B. Capital expenses are replaced with variable expenses.
C. User control of infrastructure.
D. Increased agility.
E. AWS holds responsibility for security in the cloud.
Answer: B,D
QUESTION NO: 269: Which security service automatically recognizes and classifies
sensitive data or intellectual property on AWS?
A. Amazon GuardDuty
B. Amazon Macie
C. Amazon Inspector
D. AWS Shield
Answer: B
QUESTION NO: 270: What is the purpose of AWS Storage Gateway?

A. It ensures on-premises data storage is 99.999999999% durable.
B. It transports petabytes of data to and from AWS.
C. It connects to multiple Amazon EC2 instances.
D. It connects on-premises data storage to the AWS Cloud.
Answer: D
QUESTION NO: 271: What should users do if they want to install an application in
geographically isolated locations?
A. Install the application using multiple internet gateways.
B. Deploy the application to an Amazon VPC.
C. Deploy the application to multiple AWS Regions.
D. Configure the application using multiple NAT gateways.
Answer: C
QUESTION NO: 272: A system in the AWS Cloud is designed to withstand the failure of one
or more components. What is this an example of?
A. Elasticity
B. High Availability
C. Scalability
D. Agility
Answer: B
QUESTION NO: 273: A Cloud Practitioner needs a consistent and dedicated connection
between AWS resources and an on-premises system. Which AWS service can fulfill this
requirement?
B. AWS VPN
C. Amazon Connect
D. AWS Data Pipeline
Answer: A
QUESTION NO: 274: Within the AWS shared responsibility model, who is responsible for
security and compliance?
A. The customer is responsible.
B. AWS is responsible.
C. AWS and the customer share responsibility.
D. AWS shares responsibility with the relevant governing body.
Answer: C
QUESTION NO: 275: To use the AWS CLI, users are required to generate:
A. a password policy.
B. an access/secret key.
C. a managed policy.
D. an API key.
Answer: B
QUESTION NO: 276: Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config
Answer: C
QUESTION NO: 277: How does AWS charge for AWS Lambda usage once the free tier has
been exceeded? (Choose two.)
A. By the time it takes for the Lambda function to execute.
B. By the number of versions of a specific Lambda function.
C. By the number of requests made for a given Lambda function.
D. By the programming language that is used for the Lambda function.
E. By the total number of Lambda functions in an AWS account.
Answer: A,C
QUESTION NO: 278: Which of the following describes the relationships among AWS
Regions, Availability Zones, and edge locations? (Choose two.)
A. There are more AWS Regions than Availability Zones.
B. There are more edge locations than AWS Regions.
C. An edge location is an Availability Zone.
D. There are more AWS Regions than edge locations.
E. There are more Availability Zones than AWS Regions.
Answer: B,E
QUESTION NO: 279: What does AWS Shield Standard provide?

A. WAF rules
B. DDoS protection
C. Identity and Access Management (IAM) permissions and access to resources

D. Data encryption
Answer: B
QUESTION NO: 280: A company wants to build its new application workloads in the AWS
Cloud instead of using on- premises resources. What expense can be reduced using the
AWS Cloud?
A. The cost of writing custom-built Java or Node .js code
B. Penetration testing for security
C. hardware required to support new applications
D. Writing specific test cases for third-party applications.
Answer: C
QUESTION NO: 281: What does AWS Marketplace allow users to do? (Choose two.)
A. Sell unused Amazon EC2 Spot Instances.
B. Sell solutions to other AWS users.
C. Buy third-party software that runs on AWS.
D. Purchase AWS security and compliance documents.
E. Order AWS Snowball.
Answer: B,C
QUESTION NO: 282: What does it mean if a user deploys a hybrid cloud architecture on
AWS?
A. All resources run using on-premises infrastructure.
B. Some resources run on-premises and some run in a colocation center.
C. All resources run in the AWS Cloud.
D. Some resources run on-premises and some run in the AWS Cloud.
Answer: D
QUESTION NO: 283: Which AWS service allows users to identify the changes made to a
resource over time?
A. Amazon Inspector
B. AWS Config
C. AWS Service Catalog
D. AWS IAM
Answer: B
QUESTION NO: 284: How can a company reduce its Total Cost of Ownership (TCO) using
AWS?
A. By minimizing large capital expenditures
B. By having no responsibility for third-party license costs
C. By having no operational expenditures
D. By having AWS manage applications
Answer: A
QUESTION NO: 285: Which activity is a customer responsibility in the AWS Cloud according
to the AWS shared responsibility model?
A. Ensuring network connectivity from AWS to the internet
B. Patching and fixing flaws within the AWS Cloud infrastructure
C. Ensuring the physical security of cloud data centers

D. Ensuring Amazon EBS volumes are backed up
Answer: D
QUESTION NO: 286: What are the advantages of the AWS Cloud? (Choose two.)
A. Fixed rate monthly cost
B. No need to guess capacity requirements
C. Increased speed to market
D. Increased upfront capital expenditure
E. Physical access to cloud data centers

Answer: B,C
QUESTION NO: 287: When comparing the total cost of ownership (TCO) of an on-premises
infrastructure to a cloud architecture, what costs should be considered? (Choose two.)
A. The credit card processing fees for application transactions in the cloud.
B. The cost of purchasing and installing server hardware in the on-premises data.
C. The cost of administering the infrastructure, including operating system and software
installations, patches, backups, and recovering from failures.
D. The costs of third-party penetration testing.
E. The advertising costs associated with an ongoing enterprise-wide campaign.
Answer: B,C
QUESTION NO: 288: Which AWS feature allows a company to take advantage of usage tiers
for services across multiple member accounts?
A. Service control policies (SCPs)
C. All Upfront Reserved Instances
D. AWS Cost Explorer
Answer: B
QUESTION NO: 289: What is one of the customer’s responsibilities according to the AWS
shared responsibility model?
A. Virtualization infrastructure
B. Network infrastructure
C. Application security
D. Physical security of hardware
Answer: C
QUESTION NO: 290What helps a company provide a lower latency experience to its users
globally?
A. Using an AWS Region that is central to all users
B. Using a second Availability Zone in the AWS Region that is using used
C. Enabling caching in the AWS Region that is being used

D. Using edge locations to put content closer to all users
Answer: D
QUESTION NO: 291: How can the AWS Cloud increase user workforce productivity after
migration from an on-premises data center?
A. Users do not have to wait for infrastructure provisioning.
B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure.
C. AWS takes over application configuration management on behalf of users.
D. Users do not need to address security and compliance issues.
Answer: A
QUESTION NO: 292: Which AWS service provides a quick and automated way to create and
manage AWS accounts?
A. AWS QuickSight
B. Amazon Lightsail
D. Amazon Connect
Answer: C
QUESTION NO: 293: Which Amazon RDS feature can be used to achieve high availability?
A. Multiple Availability Zones
B. Amazon Reserved Instances
C. Provisioned IOPS storage
D. Enhanced monitoring
Answer: A
QUESTION NO: 294: Where should users report that AWS resources are being used for
malicious purposes?
A. AWS Abuse team
B. AWS Shield
C. AWS Support
D. AWS Developer Forums

Answer: A
QUESTION NO: 295: Which AWS service needs to be enabled to track all user account
changes within the AWS Management Console?
A. AWS CloudTrail
B. Amazon Simple Notification Service (Amazon SNS)
C. VPC Flow Logs
D. AWS CloudHSM
Answer: A
QUESTION NO: 296: What is an AWS Cloud design best practice?

A. Tight coupling of components
B. Single point of failure
C. High availability
D. Overprovisioning of resources
Answer: C
QUESTION NO: 297: Which of the following is an example of how moving to the AWS Cloud
reduces upfront cost?
A. By replacing large variable costs with lower capital investments
B. By replacing large capital investments with lower variable costs
C. By allowing the provisioning of compute and storage at a fixed level to meet peak demand
D. By replacing the repeated scaling of virtual servers with a simpler fixed-scale model
Answer: B Explanation:
QUESTION NO: 298: When designing a typical three-tier web application, which AWS
services and/or features improve availability and reduce the impact failures? (Choose two.)
A. AWS Auto Scaling for Amazon EC2 instances
B. Amazon VPC subnet ACLs to check the health of a service
C. Distributed resources across multiple Availability Zones
D. AWS Server Migration Service (AWS SMS) to move Amazon EC2 instances into a different
Region
E. Distributed resources across multiple AWS points of presence
Answer: A,C
QUESTION NO: 299:Which cloud design principle aligns with AWS Cloud best practices?
A. Create fixed dependencies among application components
B. Aggregate services on a single instance
C. Deploy applications in a single Availability Zone
D. Distribute the compute load across multiple resources
Answer: D
QUESTION NO: 300: Which of the following are recommended practices for managing IAM
users? (Choose two.)
A. Require IAM users to change their passwords after a specified period of time
B. Prevent IAM users from reusing previous passwords
C. Recommend that the same password be used on AWS and other sites
D. Require IAM users to store their passwords in raw text
E. Disable multi-factor authentication (MFA) for IAM users
Answer: A,B
QUESTION NO: 301: A company is migrating from on-premises data centers to the AWS
Cloud and is looking for hands-on help with the project. How can the company get this
support? (Choose two.)
A. Ask for a quote from the AWS Marketplace team to perform a migration into the company’s
AWS account.
B. Contact AWS Support and open a case for assistance
C. Use AWS Professional Services to provide guidance and to set up an AWS Landing Zone in the
company’s AWS account
D. Select a partner from the AWS Partner Network (APN) to assist with the migration
E. Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in
migrating to the AWS Cloud.
Answer: C,D
QUESTION NO: 302: How does the AWS Enterprise Support Concierge team help users?
A. Supporting application development
B. Providing architecture guidance
C. Answering billing and account inquires

D. Answering questions regarding technical support cases
Answer: C
QUESTION NO: 303 : An application designed to span multiple Availability Zones is
described as:
A. being highly available
B. having global reach
C. using an economy of scale
D. having elasticity
Answer: A
QUESTION NO: 304: A new service using AWS must be highly available. Yet, due to
regulatory requirements, all of its Amazon EC2 instances must be located in a single
geographic area. According to best practices, to meet these requirements, the EC2
instances must be placed in at least two:
A. AWS Regions
C. subnets
D. placement groups
Answer: B
QUESTION NO: 305: Which AWS tool is used to compare the cost of running an application
on-premises to running the application in the AWS Cloud?
B. AWS Simple Monthly Calculator
C. AWS Total Cost of Ownership (TCO) Calculator
D. Cost Explorer
Answer: C
QUESTION NO: 306: A company has multiple AWS accounts within AWS Organizations and
wants to apply the Amazon EC2 Reserved Instances benefit to a single account only. Which
action should be taken?
A. Purchase the Reserved Instances from master payer account and turn off Reserved Instance
sharing.
B. Enable billing alerts in the AWS Billing and Cost Management console.
C. Purchase the Reserved Instances in individual linked accounts and turn off Reserved Instance
sharing from the payer level.
D. Enable Reserved Instance sharing in the AWS Billing and Cost Management console.
Answer: A
QUESTION NO: 307: Which situation should be reported to the AWS Abuse team?
A. In Availability Zone has a service disruption
B. An intrusion attempt is made from an AWS IP address
C. A user has trouble accessing an Amazon S3 bucket from an AWS IP address
D. A user needs to change payment methods due to a compromise
Answer: B
QUESTION NO: 308: A company is planning to launch an ecommerce site in a single AWS
Region to a worldwide user base. Which AWS services will allow the company to reach
users and provide low latency and high transfer speeds? (Choose two.)
A. Application Load Balancer
B. AWS Global Accelerator
E. AWS Lambda
Answer: B,D
QUESTION NO: 309: Which AWS service or resource is serverless?

A. AWS Lambda
B. Amazon EC2 instances
C. Amazon Lightsail
Answer: A
QUESTION NO: 310: Which of the following are components of Amazon VPC? (Choose two.)
A. Objects
B. Subnets
C. Buckets
D. Internet gateways
E. Access key
Answer: B,D
QUESTION NO: 311: AWS Budgets can be used to:

A. prevent a given user from creating a resource
B. send an alert when the utilization of Reserved Instances drops below a certain percentage
C. set resource limits in AWS accounts to prevent overspending

D. split an AWS bill across multiple forms of payment
Answer: B
Explanation:
QUESTION NO: 312: Which of the following will enhance the security of access to the AWS
Management Console? (Choose two.)
A. AWS Secrets Manager
C. AWS Multi-Factor Authentication (AWS MFA)
D. Security groups
E. Password policies
Answer: C,E
QUESTION NO: 313: The AWS Trusted Advisor checks include recommendations regarding
which of the following? (Choose two.)
A. Information on Amazon S3 bucket permissions
C. AWS service outages
D. Multi-factor authentication enabled on the AWS account root user
E. Available software patches
F. Number of users in the account
Answer: A,C
QUESTION NO: 314: Which functions can users perform using AWS KMS?
A. Create and manage AWS access keys for the AWS account root user
B. Create and manage AWS access keys for an AWS account IAM user
C. Create and manage keys for encryption and decryption of data
D. Create and manage keys for multi-factor authentication

Answer: C
QUESTION NO: 315How does AWS Trusted Advisor provide guidance to users of the AWS :
A. It identifies software vulnerabilities in applications running on AWS
B. It provides a list of cost optimization recommendations based on current AWS usage
C. It detects potential security vulnerabilities caused by permissions settings on account resources
D.It automatically corrects potential security issues caused by permissions settings on account
resources
D. It provides proactive alerting whenever an Amazon EC2 instance has been compromised
Answer: B,C
QUESTION NO: 316: Which of the following are advantages of the AWS Cloud? (Choose
two.)
A. AWS manages the maintenance of the cloud infrastructure
B. AWS manages the security of applications built on AWS
C. AWS manages capacity planning for physical servers
D. AWS manages the development of applications on AWS
E. AWS manages cost planning for virtual servers
Answer: A,C
QUESTION NO: 317A user deploys an Amazon RDS DB instance in multiple Availability
Zones. This strategy involves which pillar of the AWS Well-Architected Framework?
A. Performance efficiency
B. Reliability
C. Cost optimization
D. Security
Answer: B
QUESTION NO: 318: Which AWS services provide a user with connectivity between the AWS
Cloud and on-premises resources? (Choose two.)
A. AWS VPN
B. Amazon Connect
C. Amazon Cognito
E. AWS Managed Services

Answer: A,D
QUESTION NO: 319: Which AWS service is used to pay AWS bills, and monitor usage and
budget costs?
A. AWS Billing and Cost Management
D. Amazon QuickSight
Answer: A
QUESTION NO: 320: Which element of the AWS global infrastructure consists of one or
more discrete data centers, each with redundant power, networking, and connectivity, which
are housed in separate facilities?
A. AWS Regions
C. Edge locations
Answer: B
QUESTION NO: 321: Which Amazon VPC feature enables users to capture information about
the IP traffic that reaches Amazon EC2 instances?
A. Security groups
B. Elastic network interfaces
C. Network ACLs
D. VPC Flow Logs

Answer: D
QUESTION NO: 322: Which AWS service can be used to automatically scale an application
up and down without making capacity planning decisions?
A. Amazon AutoScaling
B. Amazon Redshift
C. AWS CloudTrail
D. AWS Lambda
Answer: D
QUESTION NO: 323: AWS Enterprise Support users have access to which service or feature
that is not available to users with other AWS Support plans?
B. AWS Support case
C. Concierge team
D. Amazon Connect
Answer: C
QUESTION NO: 324: A company wants to migrate a MySQL database to AWS but does not
have the budget for Database Administrators to handle routine tasks including provisioning,
patching, and performing backups. Which AWS service will support this use case?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon DocumentDB
Answer: A
QUESTION NO: 325: A company wants to expand from one AWS Region into a second AWS
Region. What does the company need to do to start supporting the new Region?
A. Contact an AWS Account Manager to sign a new contract
B. Move an Availability Zone to the new Region
C. Begin deploying resources in the second Region
D. Download the AWS Management Console for the new Region
Answer: C
QUESTION NO: 326: A user must meet compliance and software licensing requirements that
state a workload must be hosted on a physical server. Which Amazon EC2 instance pricing
option will meet these requirements?
A. Dedicated Hosts
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances
Answer: A
QUESTION NO: 327: Which AWS service will provide a way to generate encryption keys that
can be used to encrypt data? (Choose two.)
A. Amazon Macie
C. AWS Key Management Service (AWS KMS)
D. AWS Secrets Manager
E. AWS CloudHSM
Answer: C,E
QUESTION NO: 328: A company is planning to migrate from on-premises to the AWS Cloud.
Which AWS tool or service provides detailed reports on estimated cost savings after
migration?
A. AWS Total Cost of Ownership (TCO) Calculator
B. Cost Explorer
C. AWS Budgets
D. AWS Migration Hub

Answer: A
QUESTION NO: 329: What can assist in evaluating an application for migration to the cloud?
(Choose two.)
B. AWS Professional Services
C. AWS Systems Manager
D. AWS Partner Network (APN)
E. AWS Secrets Manager

Answer: B,D
QUESTION NO: 330: Which AWS service helps users meet contractual and regulatory
compliance requirements for data security by using dedicated hardware appliances within
the AWS Cloud?
B. AWS CloudHSM
D. AWS Directory Service
Answer: B
QUESTION NO: 331: Under the AWS shared responsibility model, the customer manages
which of the following? (Choose two.)
A. Decommissioning of physical storage devices
B. Security group and ACL configuration
C. Patch management of an Amazon RDS instance operating system
D. Controlling physical access to data centers
E. Patch management of an Amazon EC2 instance operating system

Answer: B,E
QUESTION NO: 332: Which AWS service is suitable for an event-driven workload?
A. Amazon EC2
C. AWS Lambda
D. Amazon Lumberyard
Answer: C
QUESTION NO: 333: What is a value proposition of the AWS Cloud?

A. AWS is responsible for security in the AWS Cloud
B. No long-term contract is required

C. Provision new servers in days
D. AWS manages user applications in the AWS Cloud

Answer: B
QUESTION NO: 334: What is a characteristic of Amazon S3 cross-region replication?

A. Both source and destination S3 buckets must have versioning disabled
B. The source and destination S3 buckets cannot be in different AWS Regions
C. S3 buckets configured for cross-region replication can be owned by a single AWS account or by
different accounts
D. The source S3 bucket owner must have the source and destination AWS Regions disabled for
their account
Answer: C
QUESTION NO: 335: What is a user responsible for when running an application in the AWS
Cloud?
A. Managing physical hardware
B. Updating the underlying hypervisor
C. Providing a list of users approved for data center access
D. Managing application software updates

Answer: D
QUESTION NO: 336: A company that does business online needs to quickly deliver new
functionality in an iterative manner, minimizing the time to market. Which AWS Cloud
feature can provide this?
A. Elasticity
B. High availability
C. Agility
D. Reliability
Answer: C
QUESTION NO: 337: Which features or services can be used to monitor costs and expenses
for an AWS account? (Choose two.)
A. AWS Cost and Usage report
B. AWS product pages

D. Billing alerts and Amazon CloudWatch alarms
E. AWS Price List API
Answer: A,D
QUESTION NO: 338: Amazon Route 53 enables users to:
A. encrypt data in transit
B. register DNS domain names
C. generate and manage SSL certificates
D. establish a dedicated network connection to AWS
Answer: B
QUESTION NO: 339: Which AWS service helps identify malicious or unauthorized activities
in AWS accounts and workloads?
A. Amazon Rekognition
C. Amazon GuardDuty
Answer: C
QUESTION NO: 340: A company wants to try a third-party ecommerce solution before
deciding to use it long term. Which AWS service or tool will support this effort?
A. AWS Marketplace
B. AWS Partner Network (APN)
C. AWS Managed Services
Answer: A
QUESTION NO: 341: Which AWS service is a managed NoSQL database?

B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon Aurora
E. Amazon RDS for MariaDB
Answer: B
QUESTION NO: 342: Which AWS service should be used to create a billing alarm?
B. AWS CloudTrail
Answer: C
QUESTION NO: 343: A company is hosting a web application in a Docker container on
Amazon EC2. AWS is responsible for which of the following tasks?
A. Scaling the web application and services developed with Docker
B. Provisioning or scheduling containers to run on clusters and maintain their availability
C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud
D. Managing the guest operating system, including updates and security patches
Answer: C
QUESTION NO: 344: Users are reporting latency when connecting to a website with a global
customer base. Which AWS service will improve the customer experience by reducing
latency?
C. Amazon EC2 Auto Scaling
D. AWS Transit Gateway
Answer: A
QUESTION NO: 345: Which actions represent best practices for using AWS IAM? (Choose
two.)
A. Configure a strong password policy
B. Share the security credentials among users of AWS accounts who are in the same Region
C. Use access keys to log in to the AWS Management Console
D. Rotate access keys on a regular basis
E. Avoid using IAM roles to delegate permissions
Answer: A,D
QUESTION NO: 346: Which AWS feature or service can be used to capture information about
incoming and outgoing traffic in an AWS VPC infrastructure?
A. AWS Config
B. VPC Flow Logs
D. AWS CloudTrail
Answer: B
QUESTION NO: 347: A company wants to use an AWS service to monitor the health of
application endpoints, with the ability to route traffic to healthy regional endpoints to
improve application availability. Which service will support these requirements?
A. Amazon Inspector
C. AWS Global Accelerator
Answer: C
QUESTION NO: 348: According to the AWS Well-Architected Framework, what change
management steps should be taken to achieve reliability in the AWS Cloud? (Choose two.)
A. Use AWS Config to generate an inventory of AWS resources
B. Use service limits to prevent users from creating or making changes to AWS resources
C. Use AWS CloudTrail to record AWS API calls into an auditable log file
D. Use AWS Certificate Manager to whitelist approved AWS resources and services
E. Use Amazon GuardDuty to validate configuration changes made to AWS resources
Answer: A,C
QUESTION NO: 349: Which service can be used to monitor and receive alerts for AWS account root user
AWS Management Console sign-in events?
B. AWS Config
D. AWS IAM
Answer: A
QUESTION NO: 350: Which design principle should be considered when architecting in the
AWS Cloud?
A. Think of servers as non-disposable resources
B. Use synchronous integration of services
C. Design loosely coupled components
D. Implement the least permissive rules for security groups
Answer: C
QUESTION NO: 351: Which AWS services can be used to move data from on-premises data
centers to AWS? (Choose two.)
A. AWS Snowball
B. AWS Lambda
D. AWS Database Migration Service (AWS DMS)
E. Amazon API Gateway
Answer: A,D
QUESTION NO: 352: A batch workload takes 5 hours to finish on an Amazon EC2 instance.
The amount of data to be processed doubles monthly and the processing time is
proportional. What is the best cloud architecture to address this consistently growing
demand?
A. Run the application on a bigger EC2 instance size.
B. Switch to an EC2 instance family that better matches batch requirements.
C. Distribute the application across multiple EC2 instances and run the workload in parallel.
D. Run the application on a bare metal EC2 instance.
Answer: C
QUESTION NO: 353: Each department within a company has its own independent AWS account
and its own payment method. New company leadership wants to centralize departmental governance
and consolidate payments. How can this be achieved using AWS services or features?
A. Forward monthly invoices for each account. Then create IAM roles to allow cross-account
access.
B. Create a new AWS account. Then configure AWS Organizations and invite all existing accounts
to join.
C. Configure AWS Organizations in each of the existing accounts. Then link all accounts together.
D. Use Cost Explorer to combine costs from all accounts. Then replicate IAM policies across
accounts.
Answer: B
QUESTION NO: 354: The ability to horizontally scale Amazon EC2 instances based on
demand is an example of which concept in the AWS Cloud value proposition?
A. Economy of scale
B. Elasticity
C. High availability
D. Agility
Answer: B
QUESTION NO: 355: An ecommerce company anticipates a huge increase in web traffic for two
very popular upcoming shopping holidays. Which AWS service or feature can be configured to
dynamically adjust resources to meet this change in demand?
A. AWS CloudTrail
B. Amazon EC2 Auto Scaling
C. Amazon Forecast
D. AWS Config
Answer: B
QUESTION NO: 356: Which AWS service enables users to securely connect to AWS
resources over the public internet?
A. Amazon VPC peering
C. AWS VPN
D. Amazon Pinpoint
Answer: C
QUESTION NO: 357: Which tool is used to forecast AWS spending?

C. Cost Explorer
D. Amazon Inspector
Answer: C
QUESTION NO: 358: A company is running an ecommerce application hosted in Europe. To

decrease latency for users who access the website from other parts of the world, the
company would like to cache frequently accessed static content closer to the users. Which
AWS service will support these requirements?
A. Amazon ElastiCache
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Elastic Block Store (Amazon EBS)

Answer: B
QUESTION NO: 359: Which of the following is a component of the AWS Global
Infrastructure?
A. Amazon Alexa
B. AWS Regions
C. Amazon Lightsail
Answer: B
QUESTION NO: 360: Which AWS service will help users determine if an application running
on an Amazon EC2 instance has sufficient CPU capacity?
B. AWS Config
C. AWS CloudTrail
D. Amazon Inspector
Answer: A
QUESTION NO: 361: Why is it beneficial to use Elastic Load Balancers with applications?
A. They allow for the conversion from Application Load Balancers to Classic Load Balancers.
B. They are capable of handling constant changes in network traffic patterns.
C. They automatically adjust capacity.
D. They are provided at no charge to users.
Answer: B
QUESTION NO: 362: Which tasks are the customer’s responsibility in the AWS shared
responsibility model? (Choose two.)
A. Infrastructure facilities access management
B. Cloud infrastructure hardware lifecycle management
C. Configuration management of user’s applications
D Networking infrastructure protection
D. Security groups configuration

Answer: C,E
QUESTION NO: 363: IT systems should be designed to reduce interdependencies, so that a

change or failure in one component does not cascade to other components. This is an
example of which principle of cloud architecture design?
A. Scalability
B. Loose coupling
C. Automation
D. Automatic scaling
Answer: B
QUESTION NO: 364: Which AWS service or feature can enhance network security by
blocking requests from a particular network for a web application on AWS? (Choose two.)
A. AWS WAF
E. Network ACLs
Answer: A,E
QUESTION NO: 365: An application runs on multiple Amazon EC2 instances that access a
shared file system simultaneously. Which AWS storage service should be used?
A. Amazon EBS
B. Amazon EFS
C. Amazon S3
D. AWS Artifact
Answer: B
QUESTION NO: 366: A web application is hosted on AWS using an Elastic Load Balancer,
multiple Amazon EC2 instances, and Amazon RDS. Which security measures fall under the
responsibility of AWS? (Choose two.)
A. Running a virus scan on EC2 instances
B. Protecting against IP spoofing and packet sniffing
C. Installing the latest security patches on the RDS instance
D. Encrypting communication between the EC2 instances and the Elastic Load Balancer
E. Configuring a security group and a network access control list (NACL) for EC2 instances
Answer: B,C
QUESTION NO: 367: What is the benefit of elasticity in the AWS Cloud?
A. Ensure web traffic is automatically spread across multiple AWS Regions.
B. Minimize storage costs by automatically archiving log data.
C. Enable AWS to automatically select the most cost-effective services.
D. Automatically adjust the required compute capacity to maintain consistent performance.

Answer: D
QUESTION NO: 368: The continual reduction of AWS Cloud pricing is due to:
A. pay-as-you go pricing
B. the AWS global infrastructure
C. economies of scale
D. reserved storage pricing
Answer: C
QUESTION NO: 369: A company needs an Amazon S3 bucket that cannot have any public
objects due to compliance requirements. How can this be accomplished?
A. Enable S3 Block Public Access from the AWS Management Console.
B. Hold a team meeting to discuss the importance if only uploading private S3 objects.
C. Require all S3 objects to be manually approved before uploading.
D. Create a service to monitor all S3 uploads and remove any public uploads.
Answer: A
QUESTION NO: 370: A Cloud Practitioner identifies a billing issue after examining the AWS
Cost and Usage report in the AWS Management Console. Which action can be taken to
resolve this?
A. Open a detailed case related to billing and submit it to AWS Support for help.
B. Upload data describing the issue to a new object in a private Amazon S3 bucket.
C. Create a pricing application and deploy it to a right-sized Amazon EC2 instance for more
information.
D. Proceed with creating a new dashboard in Amazon QuickSight.
Answer: A
QUESTION NO: 371 What does the AWS Simple Monthly Calculator do?
A. Compares on-premises costs to colocation environments
B. Estimates monthly billing based on projected usage
C. Estimates power consumption at existing data centers
D. Estimates CPU utilization
Answer: B
QUESTION NO: 372: Who is responsible for patching the guest operating system for
Amazon RDS?
A. The AWS Product team
B. The customer Database Administrator
C. Managed partners
D. AWS Support
Answer: A
QUESTION NO: 373: Which AWS services may be scaled using AWS Auto Scaling? (Choose
two.)
A. Amazon EC2
B. Amazon DynamoDB
C. Amazon S3
D. Amazon Route 53
E. Amazon Redshift
Answer: A,B
QUESTION NO: 374: Which of the following are benefits of AWS Global Accelerator?
(Choose two.)
A. Reduced cost to run services on AWS
B. Improved availability of applications deployed on AWS
C. Higher durability of data stored on AWS
D. Decreased latency to reach applications deployed on AWS
E. Higher security of data stored on AWS
Answer: B,D
QUESTION NO: 375: A user who wants to get help with billing and reactivate a suspended
account should submit an account and billing request to:
A. the AWS Support forum
B. AWS Abuse
C. an AWS Solutions Architect
D. AWS Support
Answer: D
QUESTION NO: 376: Which AWS Cloud best practice uses the elasticity and agility of cloud
computing?
A. Provision capacity based on past usage and theoretical peaks
B. Dynamically and predictively scale to meet usage demands
C. Build the application and infrastructure in a data center that grants physical access
D. Break apart the application into loosely coupled components
Answer: B
QUESTION NO: 377: Which method helps to optimize costs of users moving to the AWS
Cloud?
A. Paying only for what is used
B. Purchasing hardware before it is needed
C. Manually provisioning cloud resources
D. Purchasing for the maximum possible load
Answer: A
QUESTION NO: 378: Under the AWS shared responsibility model, which of the following is a
customer responsibility?
A. Installing security patches for the Xen and KVM hypervisors
B. Installing operating system patches for Amazon DynamoDB
C. Installing operating system security patches for Amazon EC2 database instances
D. Installing operating system security patches for Amazon RDS database instances
Answer: C
QUESTION NO: 379: The AWS Cost Management tools give users the ability to do which of
the following? (Choose two.)
A. Terminate all AWS resources automatically if budget thresholds are exceeded.
B. Break down AWS costs by day, service, and linked AWS account.
C. Create budgets and receive notifications if current of forecasted usage exceeds the budgets.
D. Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective.
E. Move data stored in Amazon S3 to a more cost-effective storage class.
Answer: B,C
QUESTION NO: 380: Under the AWS shared responsibility model, the security and patching
of the guest operating system is the responsibility of:
A. AWS Support
B. the customer
C. AWS Systems Manager
D. AWS Config
Answer: B
QUESTION NO: 381: Which AWS service makes it easy to create and manage AWS users
and groups, and provide them with secure access to AWS resources at no charge?
B. Amazon Connect
C. AWS Identity and Access Management (IAM)
D. AWS Firewall Manager
Answer: C
QUESTION NO: 382: Which AWS service provides on-demand of AWS security and
compliance documentation?
A. AWS Directory Service
B. AWS Artifact
D. Amazon Inspector
Answer: B
QUESTION NO: 383: Which AWS service can be used to turn text into life-like speech?
A. Amazon Polly
B. Amazon Transcribe
C. Amazon Rekognition
D. Amazon Lex
Answer: A
QUESTION NO: 384: What is one of the core principles to follow when designing a highly
available application in the AWS Cloud?
A. Design using a serverless architecture
B. Assume that all components within an application can fail
C. Design AWS Auto Scaling into every application
D. Design all components using open-source code
Answer: B
QUESTION NO: 385: A user needs to generate a report that outlines the status of key
security checks in an AWS account. The report must include: The status of Amazon S3
bucket permissions. Whether multi-factor authentication is enabled for the AWS account
root user. If any security groups are configured to allow unrestricted access. Where can all
this information be found in one location?
A. Amazon QuickSight dashboard
B. AWS CloudTrail trails
C. AWS Trusted Advisor report

D. IAM credential report
Answer: C
QUESTION NO: 386: Which Amazon EC2 pricing model should be used to comply with per-
core software license requirements?
A. Dedicated Hosts
B. On-Demand Instances
C. Spot Instances
Answer: A
QUESTION NO: 387: Which of the AWS global infrastructure is used to cache copies of
content for faster delivery to users across the globe?
A. AWS Regions
C. Edge locations
D. Data centers
Answer: C
QUESTION NO: 388: Using AWS Config to record, audit, and evaluate changes to AWS
resources to enable traceability is an example of which AWS Well-Architected Framework
pillar?
A. Security
B. Operational excellence
C. Performance efficiency
D. Cost optimization
Answer: A
QUESTION NO: 389: A user needs to quickly deploy a non-relational database on AWS. The
user does not want to manage the underlying hardware or the database software. Which
AWS service can be used to accomplish this?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Redshift
Answer: B
QUESTION NO: 390: A Cloud Practitioner is developing a disaster recovery plan and intends
to replicate data between multiple geographic areas. Which of the following meets these
requirements?
A. AWS Accounts
B. AWS Regions
C. Availability Zones
D. Edge locations
Answer: B
QUESTION NO: 391: Which features and benefits does the AWS Organizations service
provide? (Choose two.)
A. Establishing real-time communications between members of an internal team
B. Facilitating the use of NoSQL databases
C. Providing automated security checks
D. Implementing consolidated billing
E. Enforcing the governance of AWS accounts

Answer: D,E
QUESTION NO: 392: Which AWS service is used to automate configuration management
using Chef and Puppet?
A. AWS Config
B. AWS OpsWorks
C. AWS CloudFormation
Answer: B
QUESTION NO: 393: Which tool is best suited for combining the billing of AWS accounts
that were previously independent from one another?
A. Detailed billing report
D. Cost allocation report

Answer: B
QUESTION NO: 394: The AWS Total Cost of Ownership (TCO) Calculator is used to:
A. receive reports that break down AWS Cloud compute costs by duration, resource, or tags
B. estimate savings when comparing the AWS Cloud to an on-premises environment
C. estimate a monthly bill for the AWS Cloud resources that will be used
D. enable billing alerts to monitor actual AWS costs compared to estimated costs
Answer: B
QUESTION NO: 395: Which AWS services can be used to provide network connectivity
between an on-premises network and a VPC? (Choose two.)
A. Amazon Route 53
D. AWS VPN
E. Amazon Connect
Answer: B,D
QUESTION NO: 396: Under the AWS shared responsibility model, which of the following are
customer responsibilities? (Choose two.)
A. Setting up server-side encryption on an Amazon S3 bucket
B. Amazon RDS instance patching
C. Network and firewall configurations
D. Physical security of data center facilities
E. Compute capacity availability
Answer: A,C
QUESTION NO: 397: What is the MINIMUM AWS Support plan level that will provide users
with access to the AWS Support API?
A. Developer
B. Enterprise
C. Business
D. Basic
Answer: C
QUESTION NO: 398: A company has deployed several relational databases on Amazon EC2
instances. Every month, the database software vendor releases new security patches that
need to be applied to the databases. What is the MOST efficient way to apply the security
patches?
A. Connect to each database instance on a monthly basis, and download and apply the necessary
security patches from the vendor.
B. Enable automatic patching for the instances using the Amazon RDS console.
C. In AWS Config, configure a rule for the instances and the required patch level.
D. Use AWS Systems Manager to automate database patching according to a schedule.
Answer: D
QUESTION NO: 399: A company wants to use Amazon Elastic Compute Cloud (Amazon EC2)
to deploy a global commercial application. The deployment solution should be built with the
highest redundancy and fault tolerance. Based on this situation, the Amazon EC2 instances
should be deployed:
A. in a single Availability Zone in one AWS Region
B. with multiple Elastic Network Interfaces belonging to different subnets
C. across multiple Availability Zones in one AWS Region
D. across multiple Availability Zones in two AWS Regions
Answer: D
QUESTION NO: 400: A company has an application with users in both Australia and Brazil.
All the company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region
in Australia, and Brazilian users are experiencing high latency. What should the company do
to reduce latency?
A. Implement AWS Direct Connect for users in Brazil
B. Provision resources in the South America (São Paulo) Region in Brazil
C. Use AWS Transit Gateway to quickly route users from Brazil to the application
D. Launch additional Amazon EC2 instances in Sydney to handle the demand
Answer: B
QUESTION NO: 401: An Amazon EC2 instance runs only when needed yet must remain
active for the duration of the process. What is the most appropriate purchasing option?
A. Dedicated Instances
B. Spot Instances
Answer: C
QUESTION NO: 402: Which AWS dashboard displays relevant and timely information to help
users manage events in progress, and provides proactive notifications to help plan for
scheduled activities?
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor dashboard
D. D. Amazon CloudWatch dashboard
Answer: B
QUESTION NO: 403: Which AWS hybrid storage service enables a user’s on-premises
applications to seamlessly use AWS Cloud storage?
A. AWS Backup
B. Amazon Connect

D. AWS Storage Gateway
Answer: D
QUESTION NO: 404: Which of the following acts as a virtual firewall at the Amazon EC2
instance level to control traffic for one or more instances?
A. Access keys
B. Virtual private gateways
C. Security groups
D. Access Control Lists (ACL)

Answer: C
QUESTION NO: 405: What is the most efficient way to establish network connectivity from
on-premises to multiple VPCs in different AWS Regions?
A. Use AWS Direct Connect
B. Use AWS VPN
C. Use AWS Client VPN
D. Use an AWS Transit Gateway
Answer: D
QUESTION NO: 406: Which AWS Support plan provides access to architectural and
operational reviews, as well as 24/7 access to Senior Cloud Support Engineers through
email, online chat, and phone?
A. Basic
B. Business
C. Developer
D. Enterprise
Answer: D
QUESTION NO: 407: Which AWS service or feature helps restrict the AWS services,
resources, and individual API actions the users and roles in each member account can
access?
A. Amazon Cognito
C. AWS Shield
D. AWS Firewall Manager
Answer: B
QUESTION NO: 408: What is the best resource for a user to find compliance-related
information and reports about AWS?
A. AWS Artifact
B. AWS Marketplace
C. Amazon Inspector
D. AWS Support
Answer: A
QUESTION NO: 409: Which Amazon S3 storage class is optimized to provide access to data
with lower resiliency requirements, but rapid access when needed such as duplicate
backups?
A. Amazon S3 Standard
B. Amazon S3 Glacier Deep Archive
C. Amazon S3 One Zone-Infrequent Access
Answer: C
QUESTION NO: 410: What is an Availability Zone in AWS?

A. One or more physical data centers
B. A completely isolated geographic location
C. One or more edge locations based around the world
D. A data center location with a single source of power and networking

Answer: A
QUESTION NO: 411: Which AWS services can be used as infrastructure automation tools?
(Choose two.)
C. AWS Batch
D. AWS OpsWorks
E. Amazon QuickSight
Answer: A,D
QUESTION NO: 412: Which AWS service enables users to create copies of resources across
AWS Regions?
A. Amazon ElastiCache
C. AWS CloudTrail
Answer: B
QUESTION NO: 413: A user would like to encrypt data that is received, stored, and
managed by AWS CloudTrail. Which AWS service will provide this capability?
Answer: C
QUESTION NO: 414: Which AWS Cloud benefit eliminates the need for users to try
estimating future infrastructure usage?
A. Easy and fast deployment of applications in multiple Regions around the world
B. Security of the AWS Cloud
C. Elasticity of the AWS Cloud
D. Lower variable costs due to massive economies of scale
Answer: C
QUESTION NO: 415: What credential components are required to gain programmatic access
to an AWS account? (Choose two.)
A. An access key ID
B. A primary key
C. A secret access key
D. A user ID
E. A secondary key
Answer: A,C
QUESTION NO: 416: Which of the following are AWS compute services? (Choose two.)
A. Amazon Lightsail
C. AWS CloudFormation
D. AWS Batch
E. Amazon Inspector
Answer: A,D
QUESTION NO: 417: How can a company separate costs for network traffic, Amazon EC2,
Amazon S3, and other AWS services by department?
A. Add department-specific tags to each resource
B. Create a separate VPC for each department
C. Create a separate AWS account for each department
D. Use AWS Organizations
Answer: C
QUESTION NO: 418: What is a benefit of consolidated billing for AWS accounts?
A. Access to AWS Personal Health Dashboard

B. Combined usage volume discounts
C. Improved account security
D. Centralized AWS IAM
Answer: B
QUESTION NO: 419: Which AWS service will allow a user to set custom cost and usage
limits, and will alert when the thresholds are exceeded?
B. AWS Budgets
C. Cost Explorer

Answer: B
QUESTION NO: 420: Which AWS service provides the ability to detect inadvertent data leaks
of personally identifiable information (PII) and user credential data?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Shield
Answer: C
QUESTION NO: 421: Which tool can be used to monitor AWS service limits?
A. AWS Total Cost of Ownership (TCO) Calculator
D. AWS Cost and Usage report
Answer: B
QUESTION NO: 422: A company has distributed its workload on both the AWS Cloud and
some on-premises servers. What type of architecture is this?
A. Virtual private network
B. Virtual private cloud
C. Hybrid cloud
D. Private cloud
Answer: C
QUESTION NO: 423: Which of the following describes a security best practice that can be
implemented using AWS IAM?
A. Disable AWS Management Console access for all users
B. Generate secret keys for every IAM user
C. Grant permissions to users who are required to perform a given task only
D. Store AWS credentials within Amazon EC2 instances
Answer: C
QUESTION NO: 424: What can be used to automate and manage secure, well-architected,
multi-account AWS environments?
A. AWS shared responsibility model
B. AWS Control Tower
C. AWS Security Hub
D. AWS Well-Architected Tool
Answer: B
QUESTION NO: 425: Which AWS service or feature allows a user to easily scale connectivity
among thousands of VPCs?
A. VPC peering
B. AWS Transit Gateway
D. AWS Global Accelerator
Answer: B
QUESTION NO: 426: A company needs protection from expanded distributed denial of
service (DDoS) attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements?
A. AWS Shield Advanced

B. AWS Firewall Manager
C. AWS WAF
D. Amazon GuardDuty
Answer: A
QUESTION NO: 427: A company’s application has flexible start and end times. Which
Amazon EC2 pricing model will be the MOST cost-effective?
B. Spot Instances
C. Reserved Instances
D. Dedicated Hosts
Answer: B
QUESTION NO: 428: Under the AWS shared responsibility model, what are the customer’s
responsibilities? (Choose two.)
A. Physical and environmental security
B. Physical network devices including firewalls
C. Storage device decommissioning
D. Security of data in transit
E. Data integrity authentication

Answer: D,E
QUESTION NO: 429: A cloud practitioner has a data analysis workload that is infrequently
executed and can be interrupted without harm. To optimize for cost, which Amazon EC2
purchasing option should be used?
C. Spot Instances
D. Dedicated Hosts
Answer: C
QUESTION NO: 430: Which AWS container service will help a user install, operate, and scale
the cluster management infrastructure?
A. Amazon Elastic Container Registry (Amazon ECR)
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon Elastic Block Store (Amazon EBS)

Answer: C
QUESTION NO: 431: Which of the following allows an application running on an Amazon
EC2 instance to securely write data to an Amazon S3 bucket without using long term
credentials?
A. Amazon Cognito
B. AWS Shield
C. AWS IAM role
D. AWS IAM user access key

Answer: C
QUESTION NO: 432: A company with a Developer-level AWS Support plan provisioned an
Amazon RDS database and cannot connect to it. Who should the developer contact for this
level of support?
A. AWS Support using a support case
B. AWS Professional Services
C. AWS technical account manager
D. AWS consulting partners

Answer: A
QUESTION NO: 433: What is the purpose of having an internet gateway within a VPC?
A. To create a VPN connection to the VPC
B. To allow communication between the VPC and the Internet
C. To impose bandwidth constraints on internet traffic
D. To load balance traffic from the Internet across Amazon EC2 instances
Answer: B
QUESTION NO: 434: A company must ensure that its endpoint for a database instance
remains the same after a single Availability Zone service interruption. The application needs
to resume database operations without the need for manual administrative intervention. How
can these requirements be met?
A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on
AWS Storage Gateway.
B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the
standby.
C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic
Beanstalk.
D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon
CloudFront origins.
Answer: B
QUESTION NO: 435: Which AWS managed service can be used to distribute traffic between
one or more Amazon EC2 instances?
A. NAT gateway
C. Amazon Athena
D. AWS PrivateLink
Answer: B
QUESTION NO: 436: AWS Trusted Advisor provides recommendations on which of the
following? (Choose two.)
A. Cost optimization
B. Auditing
C. Serverless architecture
D. Performance
E. Scalability
Answer: A,D
QUESTION NO: 437: Which of the following tasks can only be performed after signing in with
AWS account root user credentials? (Choose two.)
A. Closing an AWS account
B. Creating a new IAM policy
C. Changing AWS Support plans
D. Attaching a role to an Amazon EC2 instance
E. Generating access keys for IAM users

Answer: A,C
QUESTION NO: 438: Fault tolerance refers to:

A. the ability of an application to accommodate growth without changing design
B. how well and how quickly an application’s environment can have lost data restored
C. how secure your application is
D. the built-in redundancy of an application’s components

Answer: B
QUESTION NO: 439: A company operating in the AWS Cloud requires separate invoices for
specific environments, such as development, testing, and production. How can this be
achieved?
A. Use multiple AWS accounts
B. Use resource tagging
C. Use multiple VPCs
D. Use Cost Explorer

Answer: B
QUESTION NO: 440: Which AWS service can be used in the application deployment
process?
A. AWS AppSync
B. AWS Batch
C. AWS CodePipeline
D. AWS DataSync
Answer: C
QUESTION NO: 441: What can be used to reduce the cost of running Amazon EC2
instances? (Choose two.)
A. Spot Instances for stateless and flexible workloads
B. Memory optimized instances for high-compute workloads
C. On-Demand Instances for high-cost and sustained workloads
D. Reserved Instances for sustained workloads
E. Spend limits set using AWS Budgets

Answer: A,D
QUESTION NO: 442: A company is launching an e-commerce site that will store and process
credit card data. The company requires information about AWS compliance reports and
AWS agreements. Which AWS service provides on-demand access to these items?
A. AWS Certificate Manager
B. AWS Config
C. AWS Artifact
D. AWS CloudTrail
Answer: C
QUESTION NO: 443: Which AWS service or feature allows the user to manager cross-region
application traffic?
A. Amazon AppStream 2.0
B. Amazon VPC
C. Elastic Load Balancer
D. Amazon Route 53
Answer: A
QUESTION NO: 444: Which AWS service can be used to track unauthorized API calls?
A. AWS Config
B. AWS CloudTrail
D. Amazon Inspector
Answer: B
QUESTION NO: 445: A user needs to regularly audit and evaluate the setup of all AWS
resources, identify non- compliant accounts, and be notified when a resource changes.
Which AWS service can be used to meet these requirements?
B. AWS Config
C. AWS Resource Access Manager

Answer: B
QUESTION NO: 446: A user is planning to launch two additional Amazon EC2 instances to
increase availability. Which action should the user take?
A. Launch the instances across multiple Availability Zones in a single AWS Region.
B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same
Availability Zone.
C. Launch the instances in multiple AWS Regions, but in the same Availability Zone.
D. Launch the instances as EC2 Spot Instances in the same AWS Region, but in different
Availability Zones.
Answer: A
QUESTION NO: 447: A company must store critical business data in Amazon S3 with a
backup to another AWS Region. How can this be achieved?
A. Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally
B. Set up Amazon S3 cross-region replication to another AWS Region
C. Configure the AWS Backup service to back up to the data to another AWS Region
D. Take Amazon S3 bucket snapshots and copy that data to another AWS Region
Answer: B
QUESTION NO: 448: Which AWS Cloud service can send alerts to customers if custom
spending thresholds are exceeded?
A. AWS Budgets
B. AWS Cost Explorer
C. AWS Cost Allocation Tags
Answer: A
QUESTION NO: 449: What is the recommended method to request penetration testing on
AWS resources?
A. Open a support case
B. Fill out the Penetration Testing Request Form

C. Request a penetration test from your technical account manager
D. Contact your AWS sales representative
Answer: B QUESTION NO: 450: A user needs to automatically discover, classify, and protect
sensitive data stored in Amazon S3. Which AWS service can meet these requirements?
A. Amazon Inspector
B. Amazon Macie
C. Amazon GuardDuty
D. AWS Secrets Manager
Answer: B
QUESTION NO: 451: Which components are required to build a successful site-to-site VPN
connection on AWS? (Choose two.)
A. Internet gateway
B. NAT gateway
C. Customer gateway
D. Transit gateway
E. Virtual private gateway
Answer: C,D
QUESTION NO: 452: Which Amazon EC2 pricing option is best suited for applications with
short-term, spiky, or unpredictable workloads that cannot be interrupted?
A. Spot Instances
B. Dedicated Hosts
Answer: C
QUESTION NO: 453: Which AWS cloud architecture principle states that systems should
reduce interdependencies?
A. Scalability
B. Services, not servers
C. Removing single points of failure
D. Loose coupling
Answer: D
QUESTION NO: 454: What is the MOST effective resource for staying up to date on AWS
security announcements?
B. AWS Secrets Manager
C. AWS Security Bulletins
D. Amazon Inspector
Answer: C
QUESTION NO: 455: Which AWS service offers persistent storage for a file system?
A. Amazon S3
B. Amazon EC2 instance store
Answer: C
QUESTION NO: 456: Which of the following allows AWS users to manage cost allocations for
billing?
A. Tagging resources
B. Limiting who can create resources
C. Adding a secondary payment method
D. Running all operations on a single AWS account

Answer: A
QUESTION NO: 457: Which AWS service allows users to download security and compliance
reports about the AWS infrastructure on demand?
A. Amazon GuardDuty
B. AWS Security Hub
C. AWS Artifact
D. AWS Shield
Answer: C
QUESTION NO: 458: Which of the following AWS services are serverless? (Choose two.)
A. AWS Lambda
B. Amazon Elasticsearch Service
C. AWS Elastic Beanstalk

D. Amazon DynamoDB
E. Amazon Redshift
Answer: A,D
QUESTION NO: 459: Which AWS managed services can be used to extend an on-premises
data center to the AWS network? (Choose two.)
A. AWS VPN
B. NAT gateway
D. Amazon Connect
E. Amazon Route 53
Answer: A,C
QUESTION NO: 460: Which requirement must be met for a member account to be unlinked
from an AWS Organizations account?
A. The linked account must be actively compliant with AWS System and Organization Controls
(SOC).
B. The payer and the linked account must both create AWS Support cases to request that the
member account be unlinked from the organization.
C. The member account must meet the requirements of a standalone account.
D. The payer account must be used to remove the linked account from the organization.
Answer: D
QUESTION NO: 461: What AWS benefit refers to a customer’s ability to deploy applications
that scale up and down the meet variable demand?
A. Elasticity
B. Agility
C. Security
D. Scalability
Answer: D
QUESTION NO: 462: During a compliance review, one of the auditors requires a copy of the
AWS SOC 2 report. Which service should be used to submit this request?
C. AWS Artifact
D. Amazon S3
Answer: C
QUESTION NO: 463: A company wants to set up a highly available workload in AWS with a
disaster recovery plan that will allow the company to recover in case of a regional service
interruption. Which configuration will meet these requirements?
A. Run on two Availability Zones in one AWS Region, using the additional Availability Zones in the
AWS Region for the disaster recovery site.
B. Run on two Availability Zones in one AWS Region, using another AWS Region for the disaster
recovery site.
C. Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster
recovery site.
D. Run across two AWS Regions, using a third AWS Region for the disaster recovery site.
Answer: A
QUESTION NO: 464: A company has a 500 TB image repository that needs to be transported
to AWS for processing. Which AWS service can import this data MOST cost-effectively?
A. AWS Snowball
C. AWS VPN
D. Amazon S3
Answer: D
QUESTION NO: 465: Which AWS service can run a managed PostgreSQL database that
provides online transaction processing (OLTP)?
A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR
Answer: C
QUESTION NO: 466: Which of the following assist in identifying costs by department?
(Choose two.)
A. Using tags on resources
B. Using multiple AWS accounts
C. Using an account manager
D. Using AWS Trusted Advisor
E. Using Consolidated Billing

Answer: B,E
QUESTION NO: 467: A company wants to allow full access to an Amazon S3 bucket for a
particular user. Which element in the S3 bucket policy holds the user details that describe
who needs access to the S3 bucket?
A. Principal
B. Action
C. Resource
D. Statement
Answer: C
QUESTION NO: 468: Which AWS service allows for effective cost management of multiple
AWS accounts?
D. Amazon Connect
Answer: A
QUESTION NO: 469: A company is piloting a new customer-facing application on Amazon

Elastic Compute Cloud (Amazon EC2) for one month. What pricing model is appropriate?
B. Spot Instances
D. Dedicated Hosts
Answer: C
QUESTION NO: 470: Which AWS tools automatically forecast future AWS costs?
A. AWS Support Center
D. Cost Explorer
Answer: D
QUESTION NO: 471: Under the AWS shared responsibility model, which of the following is a
responsibility of AWS?
A. Enabling server-side encryption for objects stored in S3
B. Applying AWS IAM security policies
C. Patching the operating system on an Amazon EC2 instance

D. Applying updates to the hypervisor
Answer: D
QUESTION NO: 472: A user is able to set up a master payer account to view consolidated
billing reports through:
A. AWS Budgets.
B. Amazon Macie.
C. Amazon QuickSight.
D. AWS Organizations.
Answer: D
QUESTION NO: 473: Performing operations as code is a design principle that supports
which pillar of the AWS Well- Architected Framework?
A. Performance efficiency
B. Operational excellence
C. Reliability
D. Security
Answer: B
QUESTION NO: 474: Which design principle is achieved by following the reliability pillar of
the AWS Well-Architected Framework?
A. Vertical scaling
B. Manual failure recovery
C. Testing recovery procedures
D. Changing infrastructure manually

Answer: C
QUESTION NO: 475: What is a characteristic of Convertible Reserved Instances (RIs)?

A. Users can exchange Convertible RIs for other Convertible RIs from a different instance family.
B. Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.
C. Users can sell and buy Convertible RIs on the AWS Marketplace.
D. Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs.
Answer: A
QUESTION NO: 476: The user is fully responsible for which action when running workloads
on AWS?
A. Patching the infrastructure components
B. Implementing controls to route application traffic

C. Maintaining physical and environmental controls
D. Maintaining the underlying infrastructure components

Answer: B
QUESTION NO: 477: An architecture design includes Amazon EC2, an Elastic Load
Balancer, and Amazon RDS. What is the BEST way to get a monthly cost estimation for this
architecture?
A. Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost
estimation.
B. Collect the published prices of the AWS services and calculate the monthly estimate.
C. Use the AWS Simple Monthly Calculator to estimate the monthly cost.
D. Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.
Answer: C
QUESTION NO: 478: Which are benefits of using Amazon RDS over Amazon EC2 when
running relational databases on AWS? (Choose two.)
A. Automated backups
B. Schema management
C. Indexing of tables
D. Software patching
E. Extract, transform, and load (ETL) management

Answer: A,D
QUESTION NO: 479: What does the Amazon S3 Intelligent-Tiering storage class offer?
A. Payment flexibility by reserving storage capacity
B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store
(Amazon EBS) volume
C. Automatic cost savings by moving objects between tiers based on access pattern changes
D. Secure, durable, and lowest cost storage for data archival

Answer: C
QUESTION NO: 480: A company has multiple data sources across the organization and
wants to consolidate data into one data warehouse. Which AWS service can be used to meet
this requirement?
A. Amazon DynamoDB
B. Amazon Redshift
C. Amazon Athena
Answer: B
QUESTION NO: 481: Which AWS service can be used to track resource changes and
establish compliance?
B. AWS Config
C. AWS CloudTrail

Answer: B
QUESTION NO: 482: A user has underutilized on-premises resources. Which AWS Cloud
concept can BEST address this issue?
B. Elasticity
C. Security
D. Loose coupling
Answer: B
QUESTION NO: 483: A user has a stateful workload that will run on Amazon EC2 for the next
3 years. What is the MOST cost-effective pricing model for this workload?
C. Dedicated Instances
D. Spot Instances
Answer: A
QUESTION NO: 484: A cloud practitioner needs an Amazon EC2 instance to launch and run
for 7 hours without interruptions. What is the most suitable and cost-effective option for this
task?
A. On-Demand Instance
B. Reserved Instance
C. Dedicated Host
D. Spot Instance
Answer: D
QUESTION NO: 485: Which of the following are benefits of using AWS Trusted Advisor?
(Choose two.
A. Providing high-performance container orchestration
B. Creating and rotating encryption keys

C. Detecting underutilized resources to save costs
D. Improving security by proactively monitoring the AWS environment
E. Implementing enforced tagging across AWS resources
Answer: D,E
QUESTION NO: 486: A developer has been hired by a large company and needs AWS
credentials. Which are security best practices that should be followed? (Choose two.)
A. Grant the developer access to only the AWS resources needed to perform the job.
B. Share the AWS account root user credentials with the developer.
C. Add the developer to the administrator's group in AWS IAM.
D. Configure a password policy that ensures the developer's password cannot be changed.
E. Ensure the account password policy requires a minimum length.
Answer: A,E
QUESTION NO: 487: Which AWS storage service is designed to transfer petabytes of data in
and out of the cloud?
A. AWS Storage Gateway
B. Amazon S3 Glacier Deep Archive
C. Amazon Lightsail
D. AWS Snowball
Answer: D
QUESTION NO: 488: Which service provides a user the ability to warehouse data in the AWS
Cloud?
A. Amazon EFS
B. Amazon Redshift
C. Amazon RDS
D. Amazon VPC
Answer: B
QUESTION NO: 489: A user is planning to migrate an application workload to the AWS
Cloud. Which control becomes the responsibility of AWS once the migration is complete?
A. Patching the guest operating system
B. Maintaining physical and environmental controls
C. Protecting communications and maintaining zone security
D. Patching specific applications

Answer: B
QUESTION NO: 490: Which services can be used to deploy applications on AWS? (Choose
two.)
B. AWS Config
C. AWS OpsWorks
D. AWS Application Discovery Service
E. Amazon Kinesis
Answer: A,C
QUESTION NO: 491: Which AWS service can be used to provide an on-demand, cloud-based
contact center?
B. Amazon Connect
C. AWS Support Center
D. AWS Managed Services
Answer: B
QUESTION NO: 492: What tool enables customers without an AWS account to estimate
costs for almost all AWS services?
A. Cost Explorer
B. TCO Calculator
C. AWS Budgets
D. Simple Monthly Calculator

Answer: A
QUESTION NO: 493: Which component must be attached to a VPC to enable inbound
Internet access?
A. NAT gateway
B. VPC endpoint
C. VPN connection
D. Internet gateway
Answer: C
QUESTION NO: 494: Which pricing model would result in maximum Amazon Elastic Compute
Cloud (Amazon EC2) savings for a database server that must be online for one year?
A. Spot Instance
B. On-Demand Instance
C. Partial Upfront Reserved Instance
D. No Upfront Reserved Instance

Answer: C
QUESTION NO: 495: A company has a MySQL database running on a single Amazon EC2
instance. The company now requires higher availability in the event of an outage. Which set
of tasks would meet this requirement?
A. Add an Application Load Balancer in front of the EC2 instance
B. Configure EC2 Auto Recovery to move the instance to another Availability Zone
C. Migrate to Amazon RDS and enable Multi-AZ
D. Enable termination protection for the EC2 instance to avoid outages
Answer: C
QUESTION NO: 496: A company wants to ensure that AWS Management Console users are
meeting password complexity requirements. How can the company configure password
complexity?
A. Using an AWS IAM user policy
B. Using an AWS Organizations service control policy (SCP)
C. Using an AWS IAM account password policy
D. Using an AWS Security Hub managed insight
Answer: A
QUESTION NO: 497: Under the AWS shared responsibility model, which of the following is
the customer’s responsibility?
A. Patching guest OS and applications
B. Patching and fixing flaws in the infrastructure
C. Physical and environmental controls
D. Configuration of AWS infrastructure devices

Answer: A
QUESTION NO: 498: Which of the following tasks is required to deploy a PCI-compliant
workload on AWS?
A. Use any AWS service and implement PCI controls at the application layer
B. Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to
enable PCI compliance at the application layer
C. Use any AWS service and raise an AWS support ticket to enable PCI compliance on that
service
D. Use an AWS service that is in scope for PCI compliance and apply PCI controls at the
application layer
Answer: D
QUESTION NO: 499: A company is building an application that requires the ability to send,
store, and receive messages between application components. The company has another
requirement to process messages in first-in, first-out (FIFO) order. Which AWS service
should the company use?
A. AWS Step Functions
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon Kinesis Data Streams
D. Amazon Simple Queue Service (Amazon SQS)
Answer: D
QUESTION NO: 500: AnyCompany recently purchased Example Corp. Both companies use
AWS resources, and AnyCompany wants a single aggregated bill. Which option allows
AnyCompany to receive a single bill?
A. Example Corp. must submit a request to its AWS solutions architect or AWS technical account
manager to link the accounts and consolidate billing.
B. AnyCompany must create a new support case in the AWS Support Center requesting that both
bills be combined.
C. Send an invitation to join the organization from AnyCompany’s AWS Organizations master
account to Example Corp.
D. Migrate the Example Corp. VPCs, Amazon EC2 instances, and other resources into the
AnyCompany AWS account.
Answer: D
QUESTION NO: 501: Which tool can be used to create alerts when the actual or forecasted
cost of AWS services exceeds a certain threshold?
A. Cost Explorer
B. AWS Budgets
C. AWS Cost and Usage Report
D. AWS CloudTrail
Answer: B
QUESTION NO: 502: A user has limited knowledge of AWS services, but wants to quickly
deploy a scalable Node.js application in the AWS Cloud. Which service should be used to
deploy the application?
C. Amazon EC2
D. AWS OpsWorks
Answer: B
QUESTION NO: 503: Which AWS Trusted Advisor check is available to all AWS users?
A. Core checks
B. All checks
C. Cost optimization checks
D. Fault tolerance checks
Answer: C
QUESTION NO: 504: A web developer is concerned that a DDoS attack could target an
application. Which AWS services or features can help protect against such an attack?
(Choose two.)
A. AWS Shield
B. AWS CloudTrail
D. AWS Support Center
E. AWS Service Health Dashboard

Answer: A,B
QUESTION NO: 505: Which AWS service gives users on-demand, self-service access to AWS
compliance control reports?
A. AWS Config
B. Amazon GuardDuty
D. AWS Artifact
Answer: D
QUESTION NO: 506: A company wants to provide one of its employees with access to
Amazon RDS. The company also wants to limit the interaction to only the AWS CLI and AWS
software development kits (SDKs). Which combination of actions should the company take to
meet these requirements while following the principles of least privilege? (Choose two.)
A. Create an IAM user and provide AWS Management Console access only.
B. Create an IAM user and provide programmatic access only.
C. Create an IAM role and provide AWS Management Console access only.
D. Create an IAM policy with administrator access and attach it to the IAM user.
E. Create an IAM policy with Amazon RDS access and attach it to the IAM user.
Answer: B,E
QUESTION NO: 507: A company has a compliance requirement to record and evaluate
configuration changes, as well as perform remediation actions on AWS resources. Which
AWS service should the company use?
A. AWS Config
C. AWS CloudTrail

Answer: A
QUESTION NO: 508: What are the advantages of deploying an application with Amazon EC2
instances in multiple Availability Zones? (Choose two.)
A. Preventing a single point of failure
B. Reducing the operational costs of the application
C. Allowing the application to serve cross-region users with low latency
D. Increasing the availability of the application
E. Increasing the load of the application

Answer: A,D
QUESTION NO: 509: A workload on AWS will run for the foreseeable future by using a
consistent number of Amazon EC2 instances. What pricing model will minimize cost while
ensuring that compute resources remain available?
A. Dedicated Hosts
C. Spot Instances
Answer: D
QUESTION NO: 510: Which tool can be used to identify scheduled changes to the AWS
infrastructure?
C. Billing Dashboard
D. AWS Config
Answer: A
QUESTION NO: 511: Which of the following is the customer’s responsibility when using
Amazon RDS?
A. Patching the operating system of underlying hardware
B. Controlling traffic to and from the database through security groups
C. Running backups that enable point-in-time recovery of a DB instance
D. Replacing failed DB instances
Answer: D
QUESTION NO: 512: What is the customer’s responsibility when using AWS Lambda?
A. Operating system configuration
B. Application management
C. Platform management
D. Code encryption
Answer: D
QUESTION NO: 513: A company wants to be notified when its AWS Cloud costs or usage
exceed defined thresholds. Which AWS service will support these requirements?
A. AWS Budgets
B. Cost Explorer
C. AWS CloudTrail
D. Amazon Macie
Answer: A
QUESTION NO: 514: Which AWS service provides the ability to host a NoSQL database in the
AWS Cloud?
A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift
Answer: B
QUESTION NO: 515: Which AWS service allows customers to purchase unused Amazon EC2
capacity at an often discounted rate?
C. Dedicated Instances
D. Spot Instances
Answer: D
QUESTION NO: 516: Which AWS service or feature requires an internet service provider
(ISP) and a colocation facility to be implemented?
A. AWS VPN
B. Amazon Connect
D. Internet gateway
Answer: C
QUESTION NO: 517: Which AWS services offer compute capabilities? (Choose two.)
A. Amazon EC2
B. Amazon S3
D. Amazon Cognito
E. AWS Lambda
Answer: A,E
QUESTION NO: 518: Which AWS service can be used to privately store and manage versions
of source code?
A. AWS CodeBuild
B. AWS CodeCommit
C. AWS CodePipeline
D. AWS CodeStar
Answer: B
QUESTION NO: 519: Which AWS service should a cloud practitioner use to identify security
vulnerabilities of an AWS account?
B. Amazon Cognito
C. Amazon Macie
Answer: D
QUESTION NO: 520: A company wants to ensure its infrastructure is designed for fault
tolerance and business continuity in the event of an environmental disruption. Which AWS
infrastructure component should the company replicate across?
A. Edge locations
C. Regions
D. Amazon Route 53
Answer: B
QUESTION NO: 521: Which AWS service or feature is used to send both text and email
messages from distributed applications?
A. Amazon Simple Notification Service (Amazon SNS)
B. Amazon Simple Email Service (Amazon SES)
C. Amazon CloudWatch alerts
D. Amazon Simple Queue Service (Amazon SQS)
Answer: D
QUESTION NO: 522: Which AWS Cloud design principles can help increase reliability?
(Choose two.)
A. Using monolithic architecture
B. Measuring overall efficiency
C. Testing recovery procedures
D. Adopting a consumption model
E. Automatically recovering from failure

Answer: C,E
QUESTION NO: 523: A company has an AWS environment that consists of a VPC, multiple
subnets, and many Amazon EC2 instances in the subnets. An engineer wants to restrict
inbound traffic to one particular EC2 instance without affecting the other EC2 instances.
Which AWS service or feature should the engineer use to meet this requirement?
A. Network ACLs
B. Security groups
C. Amazon GuardDuty
D. AWS Shield
Answer: A
QUESTION NO: 524: A company wants to connect to AWS over a private, low-latency
connection from its remote office. What is the recommended method to meet these
requirements?
A. Create a VPN tunnel
B. Connect across the public internet
C. Use VPC peering to create a connection.
D. Use AWS Direct Connect.

Answer: D
QUESTION NO: 525: Which AWS service can be used to retrieve compliance reports on
demand?
B. AWS Artifact
C. AWS Security Hub
Answer: B
QUESTION NO: 526: A company has an AWS-hosted website located behind an Application
Load Balancer. The company wants to safeguard the website from SQL injection or cross-site
scripting. Which AWS service should the company use?
A. Amazon GuardDuty
B. AWS WAF
D. Amazon Inspector
Answer: B
QUESTION NO: 527: How should a web application be deployed to ensure high availability in
the AWS Cloud?
A. Deploy multiple instances of the application in multiple Availability Zones.
B. Deploy multiple instances of the application in a single Availability Zone.
C. Deploy the application to a compute-optimized Amazon EC2 instance in a single Availability

Zone.
D. Deploy the application in one Amazon EC2 instance in an Auto Scaling group.
Answer: A
QUESTION NO: 528: A company is running a self-managed Oracle database directly on

Amazon EC2 for its steady- state database. The company wants to reduce compute costs.
Which option should the company use to maximize savings over a 3-year term?
A. EC2 Dedicated Instances
B.EC2 Spot Instances
B. EC2 Reserved Instances

C. EC2 On-Demand Instances
Answer: C
QUESTION NO: 529: An external auditor has requested that a company provide a list of all
its IAM users, including the status of users’ credentials and access keys. What it the
SIMPLEST way to provide this information?
A. Create an IAM user account for the auditor, granting the auditor administrator permissions.
B. Take a screenshot of each user’s page in the AWS Management Console, then provide the
screenshots to the auditor.
C. Download the IAM credential report, then provide the report to the auditor.
D. Download the AWS Trusted Advisor report, then provide the report to the auditor.
Answer: C
QUESTION NO: 530: What are the benefits of consolidated billing for AWS Cloud services?
(Choose two.)
A. Volume discounts
B. A minimal additional fee for use
C. One bill for multiple accounts
D. Installment payment options
E. Custom cost and usage budget creation
Answer: C,E
QUESTION NO: 531: A company is expecting a short-term spike in internet traffic for its
application. During the traffic increase, the application cannot be interrupted. The company
also needs to minimize cost and maximize flexibility. Which Amazon EC2 instance type
should the company use to meet these requirements?
B. Spot Instances
D. Dedicated Hosts
Answer: B
QUESTION NO: 532: A company wants to track AWS resource configuration changes for
compliance reasons. Which AWS feature can be used to meet this requirement?
A. AWS Cost and Usage Report
B. AWS Organizations service control policies (SCPs)
C. AWS Config rules
D. VPC Flow Logs
Answer: C
QUESTION NO: 533: A company is building an application that needs to deliver images and
videos globally with minimal latency. Which approach can the company use to accomplish
this in a cost effective manner?
A. Deliver the content through Amazon CloudFront.
B. Store the content on Amazon S3 and enable S3 cross-region replication.
C. Implement a VPN across multiple AWS Regions.
D. Deliver the content through AWS PrivateLink.

Answer: A
QUESTION NO: 534: The AWS IAM best practice for granting least privilege is to:
A. apply an IAM policy to an IAM group and limit the size of the group.
B. require multi-factor authentication (MFA) for all IAM users.
C. require each IAM user who has different permissions to have multiple passwords.
D. apply an IAM policy only to IAM users who require it.
Answer: D
QUESTION NO: 535: Which cloud computing benefit does AWS demonstrate with its ability to
offer lower variable costs as a result of high purchase volumes?
A. Pay-as-you-go pricing
C. Global reach
D. Economies of scale
Answer: D
QUESTION NO: 536: A pharmaceutical company operates its infrastructure in a single AWS
Region. The company has thousands of VPCs in a various AWS accounts that it wants to
interconnect. Which AWS service or feature should the company use to help simplify
management and reduce operational costs?
A. VPC endpoint
C. AWS Transit Gateway
D. VPC peering
Answer: C
QUESTION NO: 537: How can AWS enable a company to control expenses as an
application’s usage changes unpredictably?
A. AWS will refund the cost difference if a customer moves to larger servers.
B. The application can be built to scale up or down automatically as resources are needed
C. Spot instances will automatically be used if the price is lower than on-demand instances.
D. Amazon CloudWatch will automatically predict what resources are needed.
Answer: B
QUESTION NO: 538: Which AWS service or feature can be used to prevent SQL injection
attacks?
A. Security groups
B. Network ACLs
C. AWS WAF
D. IAM policy
Answer: C
QUESTION NO: 539: Which AWS service can help a company detect an outage of its website
servers and redirect users to alternate servers?
B. Amazon GuardDuty
C. Amazon Route 53

Answer: C
QUESTION NO: 540: Which of the following IT tasks does AWS perform to offload a
company’s IT resource management responsibilities? (Choose two.)
A. Configuring operating system firewalls
B. Setting up access controls for data
C. Backing up databases
D. Configuring database user accounts
E. Installing operating systems
Answer: C,E
QUESTION NO: 541: According to security best practices, how should an Amazon EC2
instance be given access to an Amazon S3 bucket?
A. Hard code an IAM user’s secret key and access key directly in the application, and upload the
file.
B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys,
then upload the file.
C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
D. Modify the S3 bucket policy so that any service can upload to it at any time.
Answer: C
QUESTION NO: 542: A user can increase operational efficiency in the AWS Cloud by:
A. leveraging AWS managed services.
B. right-sizing AWS infrastructure.
C. manually creating all necessary resources.
D. managing their own software licenses.

Answer: A
QUESTION NO: 543: Which AWS service automatically handles application health
monitoring?
A. Amazon API Gateway
C. AWS Lambda
D. AWS Config
Answer: B
QUESTION NO: 544: Under the AWS shared responsibility model, which task is the
customer’s responsibility when managing AWS Lambda functions?
A. Creating versions of Lambda functions
B. Maintaining server and operating systems
C. Scaling Lambda resources according to demand
D. Updating the Lambda runtime environment

Answer: C
QUESTION NO: 545: A company needs to track the activity in its AWS accounts, and needs to
know when an API call is made against its AWS resources. Which AWS tool or service can be
used to meet these requirements?
B. Amazon Inspector
C. AWS Cloud Trail
D. AWS IAM
Answer: C
QUESTION NO: 546: According to the AWS shared responsibility model, which of the
following are AWS responsibilities? (Choose two.)
A. Network infrastructure and virtualization of infrastructure
B. Security of application data
C. Guest operating systems
D. Physical security of hardware
E. Credentials and policies

Answer: A,D
QUESTION NO: 547: Which of the following services can be used to block network traffic to
an instance? (Choose two.)
A. Security groups
B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
C. Network ACLs
E. AWS CloudTrail
Answer: A,C
QUESTION NO: 548: A company wants to transfer petabytes of data as quickly as possible
from on-premises locations to the AWS Cloud. Which AWS service should the company use?
A. AWS Snowball
C. Amazon S3 Transfer Acceleration
D. Amazon Connect
Answer: A
QUESTION NO: 549: A company has refined its workload to use specific AWS services to
improve efficiency and reduce cost. Which best practice for cost governance does this
example show?
A. Resource controls
B. Cost allocation
C. Architecture optimization
D. Tagging enforcement
Answer: B
QUESTION NO: 550: A company hosts images in an Amazon S3 bucket for a public-facing
website that is viewed by millions of users around the globe. Which AWS service will deliver
this content with reduced latency?
A. AWS WAF
C. Amazon Cloud Front
Answer: C
QUESTION NO: 551: Which of the following is an AWS best practice for managing an AWS
account root user?
A. Keep the root user password with the security team.
B. Enable multi-factor authentication (MFA) for the root user.
C. Create an access key for the root user.
D. Keep the root user password consistent for compliance purposes.
Answer: B
QUESTION NO: 552: A company wants to securely access an Amazon S3 bucket from an
Amazon EC2 instance without accessing the internet. What should the company use to
accomplish this goal?
A. VPN connection
B. Internet gateway
C. VPC endpoint
D. NAT gateway
Answer: C
QUESTION NO: 553: Which statement is true about AWS global infrastructure?
A. Availability Zones can span multiple AWS Regions.
B. A VPC can have different subnets in different AWS Regions.
C. AWS Regions consist of multiple Availability Zones.
D. A single subnet can span multiple Availability Zones.

Answer: C
QUESTION NO: 554: Which AWS service or feature provides information about ongoing or
upcoming scheduled events that can affect an AWS account?
A. AWS Config

Answer: C
QUESTION NO: 555: A bank needs to store recordings of calls made to its contact center for
6 years. The recordings must be accessible within 48 hours from the time they are requested.
Which AWS service will provide a secure and cost-effective solution for retaining these files?
A. Amazon DynamoDB
B. Amazon S3 Glacier
C. Amazon Connect
Answer: C
QUESTION NO: 556: A media company wants to distribute video content to millions of users
worldwide over the internet. The company wants to use the AWS global network backbone to
distribute cached content with low latency and high data transfer speeds. Which AWS service
will meet these requirements?
D. Amazon Connect
Answer: A
QUESTION NO: 557: The AWS global infrastructure consists of Regions, Availability Zones,
and what else?
A. VPCs
B. Data centers
C. Dark fiber network links
D. Edge locations
Answer: B
QUESTION NO: 558: Which AWS Trusted Advisor feature is available exclusively to users
with AWS Business Support or AWS Enterprise Support?
A. Notification setup
B. Refresh checks
C. AWS Support API
D. Action links
Answer: C
QUESTION NO: 559: A company is required to store its data close to its primary users. Which
benefit of the AWS Cloud supports this requirement?
A. Security
C. Elasticity
D. Global footprint
Answer: D
QUESTION NO: 560: Which of the following contribute to total cost of ownership of a
workload running in the AWS Cloud? (Choose two.)
A. Hardware maintenance
B. Power and cooling
C. Storage costs
D. Space for data center
E. Network costs
Answer: B,D
QUESTION NO: 561: Using AWS Identity and Access Management (IAM), what can be
attached to an Amazon EC2 instance to make service requests?
A. Group
B. Role
C. Policy
D. Access key
Answer: B
QUESTION NO: 562: A company previously lost data that was stored in an on-premises data
center. To protect against future loss of data, the company wants to use AWS to
automatically launch thousands of its machines in a fully provisioned state in minutes, in a
format that supports data restoration. Which AWS service should the company use to meet
these requirements?
C. CloudEndure Disaster Recovery
D. AWS Backup
Answer: C
QUESTION NO: 563: Which aspect of AWS infrastructure enables global deployment of
compute and storage?
A. Availability Zones
B. Regions
C. Tags
D. Resource groups
Answer: A
QUESTION NO: 564: A security officer wants to enable IPsec communications to securely
connect users from on- premises networks to AWS. Which AWS service or feature should the
officer use?
A. Amazon VPC
B. AWS VPN
D. Amazon Connect
Answer: B
QUESTION NO: 565: Which of the following can be used to describe infrastructure as code in
the AWS Cloud?
A. AWS CLI
C. AWS CodeDeploy
D. AWS Amplify
Answer: B
QUESTION NO: 566: Which of the following are benefits of running a database on Amazon
RDS compared to an on- premises database? (Choose two.)
A. RDS backups are managed by AWS.
B. RDS supports any relational database.
C. RDS has no database engine licensing costs.
D. RDS database compute capacity can be easily scaled.
E. RDS inbound traffic control (for example, security groups) is managed by AWS.
Answer: A,D
QUESTION NO: 567: Which AWS service is designed to help users who want to use machine
learning for natural language processing (NLP) but do not have experience in machine
learning?
A. Amazon Comprehend
B. Amazon SageMaker
C. AWS Deep Learning AMIs (DLAMI)
D. Amazon Rekognition
Answer: A
QUESTION NO: 568: Which AWS service or feature allows a user to establish a dedicated
network connection between a company's on-premises data center and the AWS Cloud?
B. VPC peering
C. AWS VPN
D. Amazon Route 53
Answer: A
QUESTION NO: 569: A company needs 24/7 phone, email, and chat access, with a response
time of less than 1 hour if a production system has a service interruption. Which AWS
Support plan meets these requirements at the LOWEST cost?
A. Basic
B. Developer
C. Business
D. Enterprise
Answer: C
QUESTION NO: 570: How can a user achieve high availability for a web application hosted on
AWS?
A. Use a Classic Load Balancer across multiple AWS Regions.
B. Use an Application Load Balancer across multiple Availability Zones in one AWS Region.
C. Set up automatic scaling and load balancing with another application instance running on
premises.
D. Use the AWS Region with the highest number of Availability Zones.
Answer: B
QUESTION NO: 571: A company would like to host its MySQL databases on AWS and
maintain full control over the operating system, database installation, and configuration.
Which AWS service should the company use to host the databases?
A. Amazon RDS
B. Amazon EC2
C. Amazon DynamoDB
D. Amazon Aurora
Answer: B
QUESTION NO: 572: What AWS billing support resource is available to all support levels?
A. AWS Support concierge
B. AWS Customer Service
C. AWS technical account manager

D. AWS Business Support
Answer: B
QUESTION NO: 573: Which AWS services help to improve application performance by
reducing latency while accessing content globally? (Choose two.)
B. AWS VPN
E. Amazon S3 Glacier
Answer: A,D
QUESTION NO: 574: Which AWS service provides the ability to quickly run one-time queries
on data in Amazon S3?
A. Amazon EMR
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon Athena
Answer: D
QUESTION NO: 575: Which task requires the use of AWS account root account user
credentials?
A. Closing an AWS account
B. Creating a log file
C. Modifying IAM user permissions
D. Deleting IAM users
Answer: A
QUESTION NO: 576: Which AWS service does AWS Snowball Edge natively support?
A. AWS Server Migration Service (AWS SMS)
B. Amazon Aurora
D. Amazon EC2
Answer: D
QUESTION NO: 577: A company is building a new archiving system on AWS that will store
terabytes of data. The company will NOT retrieve the data often. Which Amazon S3 storage
class will MINIMIZE the cost of the system?
A. S3 Standard-Infrequent Access (S3 Standard-IA)
B. S3 Glacier
C. S3 Intelligent-Tiering
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: A
QUESTION NO: 578: Which type of AWS infrastructure deployment puts AWS compute,
storage, database, and other select services closer to end users to run latency-sensitive
applications?
A. AWS Regions
C. Local Zones
D. Edge locations
Answer: C
QUESTION NO: 579: Which AWS service enables users to monitor for specific phrases,
values, or patterns and set up alarms based on metrics?
A. AWS IQ
B. Amazon Comprehend
C. AWS CloudTrail
D. Amazon CloudWatch Logs

Answer: D
QUESTION NO: 580: A company wants durable storage for static content and infinitely
scalable data storage infrastructure at the lowest cost. Which AWS service should the
company choose?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon S3

Answer: B
QUESTION NO: 581: Which cloud computing advantage is a company applying when it uses
AWS Regions to increase application availability to users in different countries?
B. Capacity forecasting
C. Economies of scale
D. Global reach
Answer: C
QUESTION NO: 582: A user has an AWS account with a Business-level AWS Support plan
and needs assistance with handling a production service disruption. Which action should the
user take?
A. Contact the dedicated AWS technical account manager (TAM).
B. Contact the dedicated AWS Concierge Support team.
C. Open a business-critical system down support case.
D. Open a production system down support case.
Answer: D
QUESTION NO: 583: A company is looking for a way to encrypt data stored on Amazon S3.
Which AWS managed service can be used to help to accomplish this?
A. AWS Certificate Manager (ACM)
C. AWS Resource Access Manager
D. AWS Key Management Service (AWS KMS)
Answer: D
QUESTION NO: 584: When a user wants to utilize their existing per-socket, per-core, or per-
virtual machine software licenses for a Microsoft Windows server running on AWS, which
Amazon EC2 instance type is required?
A. Spot Instances
B. Dedicated Instances
C. Dedicated Hosts
Answer: C
QUESTION NO: 585: How can consolidated billing within AWS Organizations help lower
overall monthly expenses?
A. By providing a consolidated view of monthly billing across multiple accounts
B. By pooling usage across multiple accounts to achieve a pricing tier discount
C. By automating the creation of new accounts through APIs

D. By leveraging service control policies (SCPs) for centralized service management
Answer: A
QUESTION NO: 586: A solutions architect needs to maintain a fleet of Amazon EC2 instances
so that any impaired instances are replaced with new ones. Which AWS service should the
solutions architect use?
A. Amazon Elastic Container Service (Amazon ECS)
B. Amazon GuardDuty
C. AWS Shield
D. AWS Auto Scaling

Answer: D
QUESTION NO: 587: An application deployed in the AWS Cloud has unpredictable usage
patterns and is running workloads that cannot be interrupted. What is the MOST cost-
effective Amazon EC2 pricing option for this application?
A. Dedicated Instances
B. Spot Instances
D. On-Demand Instances
Answer: D
QUESTION NO: 588: A company is migrating its on-premises data center to AWS and wants
to provide NFS access to its Linux clients. Which AWS service should the company use?
A. Amazon S3
B. Amazon Elastic File System (Amazon EFS)
Answer: B
QUESTION NO: 589: An application is receiving SQL injection attacks from multiple external
resources. Which AWS service or feature can help automate mitigation against these
attacks?
A. AWS WAF
B. Security groups
C. Elastic Load Balancer
D. Network ACL
Answer: A
QUESTION NO: 590: Which AWS service enables risk auditing of an AWS account by tracking
and recording user actions and source IP addresses?
A. AWS X-Ray
B. AWS Shield
D. AWS CloudTrail
Answer: D
QUESTION NO: 591: According to the AWS shared responsibility model, which task is the
customer's responsibility?
A. Maintaining the infrastructure needed to run AWS Lambda
B. Updating the operating system of Amazon DynamoDB instances
C. Maintaining Amazon S3 infrastructure
D. Updating the guest operating system on Amazon EC2 instances

Answer: D
QUESTION NO: 592: A company must process a large amount of data from social media
accounts by making graphical queries with high throughput. Which AWS service will help the
company design a cloud architecture that will meet these requirements?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Neptune
D. Amazon Redshift
Answer: C
QUESTION NO: 593: Which databases are available on Amazon RDS? (Choose two.)
A. Sybase
B. Microsoft SQL Server
C. IBM Db2
D. MongoDB
E. PostgreSQL
Answer: D,E
QUESTION NO: 594:Under the AWS shared responsibility model, what is the customer's
responsibility when using an AWS managed service?
A. Physical security of the data centers
B. Server-side encryption
C. Customer data
D. Operating system patching
Answer: C
QUESTION NO: 595: Which service is an AWS-managed Hadoop framework that makes it
easy, fast, and cost-effective to process large amounts of data across dynamically scalable
Amazon EC2 instances?
A. Amazon EMR
B. Amazon EC2
D. Amazon Redshift
Answer: A
QUESTION NO: 596: A company with AWS Enterprise Support needs help understanding its
monthly AWS bill and wants to implement billing best practices. Which AWS tool or resource
is available to accomplish these goals?
A. Resource tagging
B. AWS Concierge Support team
C. AWS Abuse team
D. AWS Support
Answer: D
QUESTION NO: 597: A company spends several months upgrading its on-premises
infrastructure every few years. The company wants to reduce infrastructure procurement
time by migrating to the AWS Cloud. What is the main benefit of migrating to the AWS Cloud
for this use case?
A. AWS will help move the existing hardware to the AWS data centers.
B. The company will have increased agility with on-demand access to IT resources.
C. Enterprise support will be available to help with recurring application installation and setup.
D. The company will experience less downtime with Multi-AZ deployments.

Answer: B
QUESTION NO: 598: According to the AWS shared responsibility model, when using Amazon
RDS, who is responsible for scheduling and performing backups?
A. AWS is responsible for both tasks.
B. The customer is responsible for scheduling and AWS is responsible for performing backups.
C. The customer is responsible for both tasks.
D. AWS is responsible for scheduling and the user is responsible for performing backups.
Answer: C
QUESTION NO: 599: Which of the following can be used to identify a specific user who
stopped an Amazon EC2 instance?
A. AWS CloudTrail
B. Amazon Inspector
D. VPC Flow Logs

Answer: C
QUESTION NO: 600: A company has a managed IAM policy that does not grant the necessary
permissions for users to accomplish required tasks. How can this be resolved?
A. Enable AWS Shield Advanced
B. Create a custom IAM policy
C. Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace
D. Use AWS Key Management Service (AWS KMS) to create a customer-managed key
Answer: B
QUESTION NO: 601: Which pricing model will interrupt a running Amazon EC2 instance if
capacity becomes temporarily unavailable?
B. Standard Reserved Instances

C. Spot Instances
D. Convertible Reserved Instances

Answer: C
QUESTION NO: 602: Which security-related task is the responsibility of the customer in the
AWS Cloud?
A. Securing infrastructure at data centers
B. Maintaining firewall configurations at a hardware level
C. Maintaining networking among hardware components
D. Maintaining server-side encryption
Answer: D
QUESTION NO: 603: Which AWS service acts as a data extract, transform, and load (ETL) tool
to make it easy to prepare data for analytics?
A. Amazon QuickSight
B. Amazon Athena
C. AWS Glue
D. AWS Elastic Beanstalk

Answer: C
QUESTION NO: 604: A company recently migrated to AWS and wants to enable intelligent
threat protection and continuous monitoring across all of its AWS accounts. Which AWS
service should the company use to achieve this goal?
A. Amazon Macie
B. Amazon GuardDuty
C. AWS Shield
D. Amazon Detective
Answer: B
QUESTION NO: 605: A user can optimize Amazon EC2 costs by performing which of the
following tasks? (Choose two.)
A. Implementing Auto Scaling groups to add and remove instances based on demand.
B. Creating a policy to restrict IAM users from creating new instances.
C. Setting a budget to limit spending on EC2 instances using AWS Budgets.
D. Purchasing Reserved Instances.
E. Adding EC2 instances to a second AWS Region that is geographically close to the end users.
Answer: B,C
QUESTION NO: 606: Which AWS services or features help decrease network latency for a
globally dispersed user base? (Choose two.)
A. Amazon VPC
B. Elastic Load Balancer
E. AWS Global Accelerator

Answer: B,D
QUESTION NO: 607: AWS Trusted Advisor can monitor and provide advice on what
characteristics of an AWS account? (Choose two.)
A. Compliance with security best practices
B. Application performance
C. Network utilization
D. Cost optimization
E. Compliance status
Answer: B,D
QUESTION NO: 608: Which AWS service would identify if unrestricted access to a resource
has been allowed by a security group?
C. VPC Flow Logs
D. AWS CloudTrail
Answer: A
QUESTION NO: 609: Which AWS service or component allows inbound traffic from the
internet to access a VPC?
A. Internet gateway
B. NAT gateway
C. AWS WAF
D. VPC peering
Answer: A
QUESTION NO: 610: Which architecture concept describes the ability to deploy resources
on demand and release resources when they are no longer needed?
B. Decoupled architecture
C. Resilience
D. Elasticity
Answer: D
QUESTION NO: 611: When using Amazon RDS, what is the customer responsible for?
A. Patching and maintenance of the underlying operating system.
B. Managing automatic backups of the database.
C. Controlling network access through security groups.
D. Replacing failed instances in the event of a hardware failure.
Answer: C
QUESTION NO: 612: Which controls are shared under the AWS shared responsibility model?
(Choose two.)
A. Awareness and training
B. Patching of Amazon RDS
C. Configuration management
D. Physical and environmental controls
E. Service and communications protection or security
Answer: A,C
QUESTION NO: 613: A company has decided to migrate its production workloads to the AWS
Cloud. Which actions can help reduce operational costs as part of the migration? (Choose
two.)
A. Reduce overprovisioned instances.
B. Rehost all third-party licenses on AWS.
C. Implement a highly available architecture.
D. Use managed services.
E. Improve application security.
Answer: D,E
QUESTION NO: 614: Which design principles are enabled by the AWS Cloud to improve the operation of
workloads? (Choose two.)
A. Minimize upfront design
B. Loose coupling
C. Disposable resources
D. Server design and concurrency
E. Minimal viable product
Answer: B,C
QUESTION NO: 615: To optimize costs and resource usage, a company needs to monitor the
operational health of its entire system of AWS Cloud resources. Which AWS service will meet
these requirements?
C. AWS CloudTrail
D. AWS Config
Answer: B
QUESTION NO: 616: If a user has an AWS account with an Enterprise-level AWS Support
plan, who is the primary point of contact for billing or account inquiries?
A. Solutions architect
B. AWS Concierge Support team
C. An AWS Marketplace seller
D. AWS Partner Network (APN) partner
Answer: B
QUESTION NO: 617: Which AWS service will track user activity on AWS?
A. Amazon GuardDuty
C. AWS CloudTrail
Answer: C
QUESTION NO: 618: A cloud practitioner needs an effective method to decrease application
latency and increase performance for end users. Which services will help? (Choose two.)
A. Amazon Elastic Container Service (Amazon ECS) for Kubernetes
B. Amazon S3
C. Amazon AppStrearn 2.0
E. Amazon CloudFront
Answer: D,E
QUESTION NO: 619: A company is building a business intelligence solution and wants to use
dashboards for reporting purposes. Which AWS service can be used?
A. Amazon Redshift
B. Amazon Elasticsearch Service (Amazon ES)
C. Amazon QuickSight
D. Amazon Athena
Answer: C
QUESTION NO: 620: A company needs to transfer a large volume of data from an on-
premises data center to the AWS Cloud. The company’s internet connectivity is slow and
unreliable. Which AWS service can facilitate this data transfer?
A. Amazon S3 Glacier
B. AWS Snowball
Answer: B
QUESTION NO: 621: A security officer wants a list of any potential vulnerabilities in Amazon
EC2 security groups. Which AWS service should the officer use?
A. Amazon GuardDuty
C. AWS CloudTrail
D. AWS Artifact
Answer: B
QUESTION NO: 622: A company has multiple departments. Each department uses its own
AWS account. Which AWS service or tool can the company use to combine the billing for all
accounts into one bill?
A. Amazon Forecast
B. AWS Budgets
D. AWS Marketplace
Answer: C
QUESTION NO: 623: A cloud practitioner needs to obtain AWS compliance reports before
migrating an environment to the AWS Cloud. How can these reports be generated?
A. Contact the AWS Compliance team
B. Download the reports from AWS Artifact
C. Open a case with AWS Support
D. Generate the reports with Amazon Macie

Answer: A
QUESTION NO: 624: A large company has a workload that requires hardware to remain on
premises. The company wants to use the same management and control plane services that
it currently uses on AWS. Which AWS service should the company use to meet these
requirements?
A. AWS Device Farm
B. AWS Fargate
C. AWS Outposts
D. AWS Ground Station

Answer: C
QUESTION NO: 625: Which tasks require using AWS account root user credentials? (Choose
two.
A. Creating an Amazon EC2 key pair
B. Removing an IAM user from the administrators group
C. Changing the AWS Support plan
D. Creating an Amazon CloudFront key pair
E. Granting an IAM user full administrative access

Answer: C,E
QUESTION NO: 626: Which of the following are advantages of using Amazon EC2 instances
over traditional on- premises servers? (Choose two.)
B. Automation
C. Self-maintenance of servers
D. Agility
E. Access to physical hosts

Answer: B,D
QUESTION NO: 627: To avoid malicious compute activities, a user needs a quick way to
determine if any Amazon EC2 instances have ports that allow unrestricted access. Which
AWS service will support this requirement?
A. VPC Flow Logs
B. AWS WAF
C. AWS CloudTrail

Answer: D
QUESTION NO: 628: What are the market advantages of running workloads in the AWS
A. Less staff time is required to deploy new workloads.
B. Increased time to market for new application features.
C. Higher acquisition costs to support peak workloads.
D. Increased productivity for application development teams.
E. A decrease in the average server CPU utilization.

Answer: D,E
QUESTION NO: 629: Which Amazon S3 storage class allows users to store data backups for
long periods of time at the LOWEST cost?
A. S3 Standard-Infrequent Access (S3 Standard-IA)
B. S3 Standard
C. S3 Glacier
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: C
QUESTION NO: 630: Which of the following technologies provides a secure network
connection from on-premises to AWS?
A. Virtual Private Network
B. AWS Snowball
C. Amazon Virtual Private Cloud (Amazon VPC)

D. AWS Mobile Hub
Answer: C
QUESTION NO: 631: When comparing AWS Cloud with on-premises Total Cost of Ownership,
which expenses must be considered? (Choose two.)
A. Physical storage hardware
B. Operating system administration
C. Network infrastructure of data center
D. Project management
E. Database schema development

Answer: A,C
QUESTION NO: 632: A company uses Amazon EC2 infrastructure to host steady-state
workloads and needs to achieve significant cost savings. Which EC2 instance pricing model
should the company select?
A.
Reserved Instances
On-Demand Instances
C.
Spot Instances
D.
Dedicated Hosts
Answer: A
QUESTION NO: 633: Which guideline is a well-architected design principle for building cloud
applications?
A. Keep static data closer to compute resources.
B. Provision resources for peak capacity.
C. Design for automated recovery from failure.
D. Use tightly coupled components.
Answer: B
QUESTION NO: 634: What does the AWS Cloud provide to increase the speed and agility of
execution for customers? (Choose two.)
A. Readily available resources with low provisioning times.
B. Scalable compute capacity
C. Free Tier services usage
D. Access to AWS data centers
E. Lower resource provisioning cost
Answer: A,D
QUESTION NO: 635: A company believes an unauthorized user copied data from an Amazon
S3 bucket to their own account. Which AWS service will record the actions taken by the
user?
B. AWS CloudTrail
C. AWS Infrastructure Event Management
Answer: B
QUESTION NO: 636: Which AWS service provides a simple way to set up a new multi-account
AWS environment and govern it at scale?
B. AWS Security Hub
C. AWS Control Tower
D. AWS Resource Access Manager

Answer: C
QUESTION NO: 637: How does the AWS global infrastructure offer high availability and fault
tolerance to its users?
A. The AWS infrastructure is made up of multiple AWS Regions within various Availability Zones
located in areas that have low flood risk, and are interconnected with low-latency networks and
redundant power supplies.
B. The AWS infrastructure consists of subnets containing various Availability Zones with multiple
data centers located in the same geographic location.
C. AWS allows users to choose AWS Regions and data centers so that users can select the
closest data centers in different Regions.
D. The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones
that are connected with low-latency networking and redundant power supplies.
Answer: D
QUESTION NO: 638: How can moving to the AWS Cloud help users reduce the time dedicated
to operating system patching? (Choose two.)
A. Users can take advantage of managed services on AWS.
B. Users can outsource operating system patching to the AWS Support team.
C. AWS Professional Services will upgrade instances to the latest operating system versions.
D. Users have the ability to use license-included Amazon EC2 instances.
E. Users can take advantage of AWS Systems Manager features.

Answer: A,E
QUESTION NO: 639: A user has an AWS Business Support plan and requires detailed billing
information. Which AWS resource will help?
A. AWS Concierge Support
B. AWS Service Catalog

C. AWS Budgets
D. AWS Cost and Usage Report
Answer: A
QUESTION NO: 640: A company has enabled billing alerts in its AWS account and wants to
receive a notification through Amazon Simple Notification Service (Amazon SNS) whenever
its monthly bill exceeds a set amount. Which AWS service or tool should the company use
to achieve this?
B. Cost Explorer
D. AWS Pricing Calculator

Answer: A
QUESTION NO: 641: A user wants to move legacy applications to the AWS Cloud to reduce
the total cost. Which option is the MOST cost-effective according to best practices?
A. Rewrite the legacy applications in an open-source language, such as Python.
B. Right-size the Amazon EC2 instances to prevent over-provisioning in terms of compute and
memory.
C. Migrate relational databases to Amazon DynamoDB.
D. Reserve a data center facility with an upfront payment, which provides an additional discount.
Answer: B
QUESTION NO: 642: According to the AWS shared responsibility model, which task is the
responsibility of AWS for workloads running on Amazon EC2?
A. Updating the physical hardware
B. Updating the operating system
C. Updating the database engine
D. Updating the user data

Answer: A
QUESTION NO: 643: A user needs to identify underutilized Amazon Elastic Block Store
(Amazon EBS) volumes to reduce costs. Which AWS service or feature will meet this
requirement?
A. AWS CloudTrail
B. AWS Budgets
D. AWS Personal Health Dashboard
Answer: C
QUESTION NO: 644: Which AWS service will help a company identify the user who deleted an
Amazon EC2 instance yesterday?
C. AWS CloudTrail
D. Amazon Inspector
Answer: C
QUESTION NO: 645: A company has existing software licenses that it wants to bring to AWS,
but the licensing model requires licensing physical cores. How can the company meet this
requirement in the AWS Cloud?
A. Launch an Amazon EC2 instance with default tenancy.
B. Launch an Amazon EC2 instance on a Dedicated Host.
C. Create an On-Demand Capacity Reservation.
D. Purchase Dedicated Reserved Instances.
Answer: A
QUESTION NO: 646: A company must keep records of all resource changes that are made
through the AWS Management Console and AWS APIs. Which AWS service should the
company use to meet this requirement?
B. AWS CloudTrail
C. AWS X-Ray
D. Amazon Inspector
Answer: B
QUESTION NO: 647: A company requires an isolated environment within AWS for security
purposes. Which action can be taken to accomplish this?
A. Create a separate Availability Zone to host the resources.
B. Create a separate VPC to host the resources.
C. Create a placement group to host the resources.
D. Create an AWS Direct Connect connection between the company and AWS.
Answer: B
QUESTION NO: 648: A company needs to monitor and forecast AWS costs and usage. The
company also must set event-driven alert notifications that occur if spending limits are
exceeded. Which AWS service or tool should the company use to meet these requirements?
A. AWS Budgets
C. AWS Config

Answer: A
QUESTION NO: 649: Which of the following is a best practice for creating policies for IAM
users?
A. Start with a large set of permissions and remove the permissions that are not required.
B. Use only Amazon managed policies.
C. Start with a minimum set of permissions and grant additional permissions as necessary.
D. Attach policies directly to each user individually.

Answer: C
QUESTION NO: 650: A user with an AWS Basic Support plan has determined that illegal
activities are being run on their AWS resources What is the recommended method for the
user to report the activity to AWS?
A. Contact the AWS Concierge Support team.
B. Contact an AWS technical account manager.
C. Contact the AWS Abuse team.
D. Contact the AWS Support team.

Answer: C
QUESTION NO: 651: AWS can relieve a company's IT staff of which of the following IT tasks?
(Choose two.)
A. Patching database software
B. Storage capacity planning
C. Creating database schemas
D. Setting up access controls for data
E. Writing application code

Answer: A,C
QUESTION NO: 652: A company’s security team requires that all Amazon EC2 workloads use
approved Amazon Machine Images (AMIs). Which AWS service should the company use to verify
that the EC2 instances are using approved AMIs?
B. Amazon Inspector
C. AWS Config
Answer: C
QUESTION NO: 653: Which of the following are benefits of using the AWS Cloud? (Choose
two.)
A. 100% fault tolerance
B. Total control over underlying infrastructure
C. Fast provisioning of IT resources
D. Outsourcing all application coding to AWS
E. Ability to go global quickly

Answer: C,E
QUESTION NO: 654: Which of the following security-related aspects of running an Amazon
Elastic Compute Cloud (Amazon EC2) instance is the responsibility of AWS?
A. Security of private keys
B. Hypervisor software updates
C. Security updates to software running on the instance
D. Policies controlling instance access

Answer: B
QUESTION NO: 655: Which AWS service aggregates, organizes, and prioritizes security alerts
and findings from multiple AWS services?
A. Amazon Detective
B. Amazon Inspector
C. Amazon Macie
D. AWS Security Hub

Answer: D
QUESTION NO: 656: A developer has an AWS account and needs access to another
account's test database. Which AWS service or feature can the developer use to gain access
to the test database?
A. Amazon Macie
B. Security groups
C. IAM roles

Answer: C
QUESTION NO: 657: Using Amazon Elastic Container Service (Amazon ECS) to break down a
monolithic architecture into microservices is an example of:
A. a loosely coupled architecture.
B. a tightly coupled architecture.
C. a stateless architecture.
D. a stateful architecture.
Answer: A
QUESTION NO: 658: Which service enables customers to audit API calls in their AWS
accounts?
A. AWS CloudTrail
C. Amazon Inspector
D. AWS X-Ray
Answer: A
QUESTION NO: 659: Which VPC component provides a layer of security at the subnet level?
A. Security groups
B. Network ACLs
C. NAT gateways
D. Route tables
Answer: A
QUESTION NO: 660: Which benefit is available for Convertible Reserved Instances but NOT
Standard Reserved Instances?
A. The instances can be exchanged for instances of a different instance size.
B. The instances can be exchanged for instances of a different instance family.
C. The instances can be changed to a different Availability Zone.
D. The instances can be changed to a different AWS Region.

Answer: C
QUESTION NO: 661: Which of the following enables users to leverage the power of AWS
services programmatically?
A. AWS Command Line Interface (AWS CLI)

C. AWS CodeDeploy
D. AWS Management Console

Answer: D
QUESTION NO: 662: Which security credentials are required to run commands by using the
AWS Command Line Interface (AWS CLI)?
A. Access Key ID and Secret Access Key
B. AWS root user email and password
C. Amazon Elastic Compute Cloud (Amazon EC2) key pairs
D. AWS Identity and Access Management (IAM) user name and password
Answer: A
QUESTION NO: 663: Which are customer responsibilities when using Amazon EC2? (Choose
two.)
A. Underlying hardware maintenance
B. File-system-level encryption
C. Guest operating system firewall configuration
D. Hypervisor-level software patching
E. Physical security at data center facilities

Answer: B,C
QUESTION NO: 664: A web developer has limited knowledge of AWS networking services
such as Amazon VPC, Elastic Load Balancing, and Auto Scaling, but wants to host a highly
available web application. Which AWS service would automatically handle the deployment
and reduce the complexity for the developer?
A. AWS CodeDeploy
B. AWS Resource Access Manager
Answer: C
QUESTION NO: 665: A company wants to route its traffic directly and privately to a VPC
without going over the public internet. Which connectivity option provides this capability?
A. AWS VPN
C. VPC NAT gateway
D. VPC internet gateway

Answer: D
QUESTION NO: 666: A company wants to build an application for a new line of business.
According to the AWS Well-Architected Framework, what design principles should be
implemented? (Choose two.)
A. Consolidate multiple AWS accounts into a single account.
B. Buy and host hardware in the AWS Cloud.
C. Decouple the AWS Cloud architecture to break up monolithic deployments.
D. Move on-premises network hardware to VPCs.
E. Design elasticity into the AWS Cloud design.

Answer: D,E
QUESTION NO: 667: A company wants to forecast its AWS Cloud costs for the upcoming
year by analyzing its past AWS Cloud spending trends. Which AWS service should the
company use to meet this requirement?
A. AWS Control Tower
B. Cost Explorer
C. AWS OpsWorks
Answer: B
QUESTION NO: 668: Which AWS service or feature can help a company determine if it has
Amazon S3 buckets that are publicly available?
B. Amazon CloudWatch Logs

Answer: C
QUESTION NO: 669: A company’s newly launched application is gaining in popularity very
quickly. To improve customer service, the company wants to set up a phone number to
manage the increasing volume of calls received by the company's support staff.
A. Amazon Connect
C. Amazon DirectConnect

Answer: A
QUESTION NO: 670: Which credentials used to sign in to the AWS Management Console
meet security best practices? (Choose two.)
A. An access key
B. Multi-factor authentication
C. X.509 certificates
D. A secret key
E. User name and password

Answer: B,E
QUESTION NO: 671: Which of the following are ways to improve security on AWS? (Choose
two.)
A. Using AWS Artifact
B. Granting the broadest permissions to all IAM roles
C. Running application code with AWS Cloud9
D. Enabling multi-factor authentication (MFA) with Amazon Cognito
E. Using AWS Trusted Advisor security checks

Answer: D,E
QUESTION NO: 672: Which AWS service or resource helps on-premises applications connect
to AWS Cloud-based storage and caches the data locally for low-latency access?
C. Amazon S3
Answer: B
QUESTION NO: 673: An online retail company has seasonal sales spikes several times a year,
primarily around holidays. Demand is lower at other times. The company finds it difficult to
predict the increasing infrastructure demand for each season. Which advantages of moving
to the AWS Cloud would MOST benefit the company? (Choose two.)
A. Global footprint
B. Elasticity
C. AWS service quotas
D. AWS shared responsibility model
E. Pay-as-you-go pricing
Answer: B,E
QUESTION NO: 674: A company wants to ensure that two Amazon EC2 instances are in
separate data centers with minimal communication latency between the data centers. How
can the company meet this requirement?
A. Place the EC2 instances in two separate AWS Regions connected with a VPC peering
connection.
B. Place the EC2 instances in two separate Availability Zones within the same AWS Region.
C. Place one EC2 instance on premises and the other in an AWS Region. Then connect them by
using an AWS VPN connection.
D. Place both EC2 instances in a placement group for dedicated bandwidth.

Answer: D
QUESTION NO: 675: Which AWS service supports a hybrid architecture that gives users the
ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-
location environments, or on- premises facilities?
A. AWS Snowmobile
B. AWS Local Zones
C. AWS Outposts
D. AWS Fargate
Answer: C
QUESTION NO: 676: A company wants to eliminate the need to guess infrastructure capacity
before deployments. The company also wants to spend its budget on cloud resources only
as the company uses the resources. Which advantage of the AWS Cloud matches the
company’s requirements?
A. Reliability
B. Global reach
C. Economies of scale
D. Pay-as-you-go pricing
Answer: A
QUESTION NO: 677: A retail company wants to provision only the necessary amount of
resources to handle the current demand. Which cloud benefit is the company trying to
achieve with this goal?
A. Reliability
B. Global reach
C. Scalability
Answer: C
QUESTION NO: 678: A company wants to migrate a small website and database quickly from
on-premises infrastructure to the AWS Cloud. The company has limited operational
knowledge to perform the migration. Which AWS service supports this use case?
A. Amazon EC2
B. Amazon Lightsail
C. Amazon S3
D. AWS Lambda
Answer: C
QUESTION NO: 679: Which AWS service or feature allows a user to set up consolidated
billing?
A. AWS Billing Management Console
D. WAS Systems Manager

Answer: B
QUESTION NO: 680: Which AWS service can be used to encrypt data at rest?
A. Amazon GuardDuty
B. AWS Shield
C. AWS Security Hub
D. AWS Key Management Service (AWS KMS)
Answer: D
QUESTION NO: 681: What is an IAM best practice for AWS account root user access keys?
A. Delete all root user access keys, if possible.
B. Use root user credentials to access sensitive information stored on AWS.
C. Allow the system administrator group to use the root user credentials for daily access.
D. Use root user credentials to access production database instances.
Answer: A
QUESTION NO: 682: A company has performance and regulatory requirements that call for it
to run its workload only in its on-premises data center. Which AWS services or resources
should the company use? (Choose two.)
A. Amazon Pinpoint
B. Amazon WorkLink
C. AWS Outposts
E. AWS AppSync
Answer: B,C
QUESTION NO: 683: Elasticity in the AWS Cloud refers to which of the following? (Choose
two.)
A. How quickly an Amazon EC2 instance can be restarted
B. The ability to rightsize resources as demand shifts
C. The maximum amount of RAM an Amazon EC2 instance can use
D. The pay-as-you-go billing model
E. How easily resources can be produced when they are needed

Answer: B,E
QUESTION NO: 684: A company wants to migrate to AWS and use the same security software
it uses on premises. The security software vendor offers its security software as a service on
AWS. Where can the company purchase the security solution?
A. AWS Partner Solutions Finder
B. AWS Support Center
C. AWS Management Console
D. AWS Marketplace
Answer: D
QUESTION NO: 685: A company needs to improve the response rate of high-volume queries
to its relational database. Which AWS service should the company use to offload requests to
the database and improve overall response times?
A. Amazon DynamoDB Accelerator (DAX)
B. Amazon ElastiCache
C. Elastic Load Balancing
Answer: A
QUESTION NO: 686: Which AWS services or features enable users to connect on-premises
networks to a VPC? (Choose two.)
A. AWS VPN
D. VPC peering
E. Amazon CloudFront
Answer: A,D
QUESTION NO: 687: Which pillar of the AWS Well-Architected Framework specifies that
resources be provisioned in a timely manner and scale as needed to maintain effectiveness
as demand changes?
A. Cost optimization
B. Security
C. Operational excellence
D. Performance efficiency
Answer: D
QUESTION NO: 688: An IT department provisions more servers than are needed to run a
workload. Which cloud architecture design principle supports changing this approach?
A. Protect data in transit and at rest.
B. Stop guessing capacity.
C. Improve through game days.
D. Annotate documentation.
Answer: B
QUESTION NO: 689: A solutions architect needs to create a cost estimate for running
workloads on AWS. The cost estimate must then be exported for management review. Which
AWS service or feature should be used to accomplish these task?
A. Cost Explorer
B. Amazon QuickSight
C. AWS Pricing Calculator
D. AWS Budgets
Answer: C
QUESTION NO: 690: Which AWS service should a company use to decouple large monolithic
applications into smaller microservices components?
B. Amazon Lightsail
C. Amazon Simple Queue Service (Amazon SQS)
Answer: C
QUESTION NO: 691: A company has defined the AWS resources that it needs for a new
application. The company needs to estimate the costs of running the application on AWS.
What should the company do to meet this requirement?
A. Take advantage of AWS on-demand pricing.
B. Use the AWS Pricing Calculator to generate an approximate dollar amount.
C. Use Amazon QuickSight to analyze current on-premises spending.
D. Use Amazon AppStream 2.0 for real-time pricing analytics.

Answer: B

AWSCertifiedCloudPractitioner Final

Uploaded by

Copyright:

Available Formats

AWSCertifiedCloudPractitioner Final

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWSCertifiedCloudPractitioner Final

Uploaded by

Copyright:

Available Formats

Amazon AWS Certified Cloud Practitioner

AWS Certified Cloud Practitioner

A. Ensuring that disk drives are wiped after use.

B. Ensuring that firmware is updated on hardware devices.

C. Ensuring that data is encrypted at rest.

D. Ensuring that network cables are category six or higher.

A. Cost allocation tags

B. AWS Storage Gateway

A. AWS Enterprise Support

B. AWS Solutions Architects

C. AWS Professional Services

D. AWS Account Managers

A. AWS Partner Network Technology Partners

C. AWS Partner Network Consulting Partners

D. AWS Service Catalog

B. Design for agility.

C. Design for failure.

B. Amazon Relational Database Service (Amazon RDS)

A. AWS Cost Explorer

B. AWS Trusted Advisor

B. Shared security model

A. A global file system

C. A local file store

D. A network file system

E. A durable storage system

B. Virtual Private Gateway

C. Classic Load Balancer

E. Amazon CloudWatch default metrics

D. Amazon EC2 with Amazon Elastic Block Store (Amazon EBS)

A. Detailed billing report

B. Cost allocation tags

C. AWS Simple Monthly Calculator

D. AWS Total Cost of Ownership (TCO) Calculator

A. The ability to receive one bill for multiple accounts

B. Service limits increasing by default in all accounts

C. A fixed discount on the monthly bill

D. Potential volume discounts, as usage in all accounts is combined

B. One-year, All Upfront, Convertible RI pricing

D. Three-year, No Upfront, Convertible RI pricing

A. greater variable costs and greater upfront costs.

B. fixed usage costs and lower upfront costs.

C. lower variable costs and greater upfront costs.

D. lower variable costs and lower upfront costs.

QUESTION NO: 21: A characteristic of edge locations is that they:

A. host Amazon EC2 instances closer to users.

B. help lower latency and improve performance for users.

C. cache frequently changing data without reaching the origin server.

D. refresh data changes daily.

A. A public and private key-pair

C. AWS Identity and Access Management (IAM) policies

A. Calling AWS Support

B. Contacting AWS Professional Services to request a workshop

C. Accessing forums, blogs, and whitepapers

D. Attending AWS classes at a local university

A. Shared responsibility security model

B. Elastic Load Balancing

D. AWS Direct Connect

D. AWS Certificate Manager

B. Encrypting data on the client-side

C. Training the data center staff