AWS Techleap Question Answers

QUESTION 56
A solutions architect needs to ensure that all Amazon Elastic Block Store (Amazon EBS) volumes restored
from unencrypted EBS snapshots are encrypted.
What should the solutions architect do to accomplish this?
A. Enable EBS encryption by default for the AWS Region
B. Enable EBS encryption by default for the specific volumes
C. Create a new volume and specify the symmetric customer master key (CMK) to use for encryptionD.
Create a new volume and specify the asymmetric customer master key (CMK) to use for encryption.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 57
A company wants to share forensic accounting data is stored in an Amazon RDS DB instance with an
external auditor. The Auditor has its own AWS account and requires its own copy of the database.
How should the company securely share the database with the auditor?
A. Create a read replica of the database and configure IAM standard database authentication to grant
theauditor access.
B. Copy a snapshot of the database to Amazon S3 and assign an IAM role to the auditor to grant access
tothe object in that bucket.
C. Export the database contents to text files, store the files in Amazon S3, and create a new IAM user
forthe auditor with access to that bucket.
D. Make an encrypted snapshot of the database, share the snapshot, and allow access to the AWS
KeyManagement Service (AWS KMS) encryption key.
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Exam H
QUESTION 1
A company is experiencing growth as demand for its product has increased The company’s existing
purchasing application is slow when traffic spikes The application is a monolithic three tier application that
uses synchronous transactions and sometimes sees bottlenecks in the application tier A solutions architect
needs to design a solution that can meet required application response times while accounting for traffic
volume spikes.
Which solution will meet these requirements?
A. Vertically scale the application instance using a larger Amazon EC2 instance size.
B. Scale the application’s persistence layer horizontally by introducing Oracle RAC on AWS
C. Scale the web and application tiers horizontally using Auto Scaling groups and an Application
LoadBalancer
D. Decouple the application and data tiers using Amazon Simple Queue Service (Amazon SQS)
withasynchronous AWS Lambda calls.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
A company runs an online marketplace web application on AWS. The application serves hundreds of
thousands of users during peak hours. The company needs a scalable, near-real- time solution to share
the details of millions of financial transactions with several other internal applications. Transactions also
need to be processed to remove sensitive data before being stored in a document database for low-latency
retrieval.
What should a solutions architect recommend to meet these requirements?
A. Store the transactions data into Amazon DynamoDB.
Set up a rule in DynamoDB to remove sensitive data from every transaction upon write.
Use DynamoDB Streams to share the transactions data with other applications.
B. Stream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon
DynamoDBand Amazon S3.
Use AWS Lambda integration with Kinesis Data Firehose to remove sensitive data.
Other applications can consume the data stored in Amazon S3.
C. Stream the transactions data into Amazon Kinesis Data Streams.
Use AWS Lambda integration to remove sensitive data from every transaction and then store the
transactions data in Amazon DynamoDB.
Other applications can consume the transactions data off the Kinesis data stream.
D. Store the batched transactions data in Amazon S3 as files.
Use AWS Lambda to process every file and remove sensitive data before updating the files in Amazon
S3.
The Lambda function then stores the data in Amazon DynamoDB.
Other applications can consume transaction files stored in Amazon S3.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:

QUESTION 3
A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two
private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS.
The solutions architect has already created a security group for the load Balancer allowing port 443 from
0.0
0.0/0. Company policy requires that each resource has the least access required to still be able to perform
its tasks. Which additional configuration strategy should the solution architect use to meet these
requirements?
A. Create a security group far the web servers and allow port 443 from 0.0.0.0/0.
Create a security group tor the MySQL serve’s aid allow port 3306 from the web servers security group.
B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0.
Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group
C. Create a security group for the web servers and allow port 443 from the load balancer.
Create a security group tor the MySQL servers and allow port 3306 from the web sewers security group
D. Create a network ACL for the web servers and allow port 443 from the web balancer.
Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 4
A company runs an application on an Amazon EC2 instance Backed by Amazon Elastic Block Store
(Amazon EBS).
The instance needs to be available for 12 hours daily. The company wants to save costs by making the
instance unavailable outside the window required for the application.
However the contents of the instance’s memory must be preserved whenever the instance is unavailable.
What should a solutions architect do lo meet this requirement?
A. Stop the instance outside the application’s availability window.Start up the
Instance again when required.
B. Hibernate tie instance outside the application’s availability window.Start up the
instance again when required.
C. Use Auto Scaling to scale down the instance outside the application’s availability
window.Scale up the instance when required.
D. Terminate the instance outside the application’s availability window.
Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
A company Is migrating lo the AWS Cloud. A file server is the first workload to migrate. Users must be
able to access the file share using the Server Message Block (SMB) protocol. Which AWS managed
service meets these requirements”
A. Amazon EBS
B. Amazon EC2
C. Amazon FSx

D. Amazon S3
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
A solutions architect needs to design a resilient solution for Windows users’ home directories. The solution
must provide fault tolerance, file-level backup and recovery, and access control, based upon the
company’s Active Directory.
Which storage solution meets these requirements?
A. Configure Amazon S3 to store the users’ home directories.Join Amazon S3 to Active
Directory.
B. Configure a Multi-AZ file system with Amazon FSx for Windows File Server.Join
Amazon FSx to Active Directory.
C. Configure Amazon Elastic File System (Amazon EFS) for the users’ home
directories.Configure AWS Single Sign-On with Active Directory.
D. Configure Amazon Elastic Block Store (Amazon EBS) to store the users’ home
directories.Configure AWS Single Sign-On with Active Directory.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
A company has a legacy application that processes data in two parts. The second part of the process takes
longer than the first, so the company has decided to rewrite the application as two microservices running
on Amazon ECS that can scale independently. How should a solutions architect integrate the
microservices?
A. Implement code in microservice 1 to send data to an Amazon S3 bucket.Use S3
event notifications to invoke microservice 2
B. Implement code in microservice 1 to publish data to an Amazon SNS
topic.Implement code In microservice 2 to subscribe to this topic.
C. Implement code in microservice 1 to send data to Amazon Kinesis Data
Firehose.Implement code in microservice 2 to read from Kinesis Data Firehose.
D. Implement code in microservice 1 to send data to an Amazon SOS
queue.Implement code in microservice 2 to process messages from the queue.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to
ensure high availability.
The company wants to be able (o deploy updates to its application even if nodes in one Availability Zone
are not accessible.
The expected request volume for the application is 100 requests per second, and each container task is
able to serve at least 60 requests pet second. The company set up Amazon ECS with a rolling update

deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set lo
100%. Which configuration of tasks and Availability Zones meets these requirements?
A. Deploy the application across two Availability Zones, with one task in each Availability Zone
B. Deploy the application across two Availability Zones, with two tasks in each Availability Zone.
C. Deploy the application across three Availability Zones, with one task in each Availability Zone.
D. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
A web application runs on Amazon EC2 instances behind an Application Load Balancer. The application
allows users to create custom reports of historical weather data.
Generating a report can take up to 5 minutes.
These long-running requests use many of the available incoming connections, making the system
unresponsive to other users.
How can a solutions architect make the system more responsive?
A. Use Amazon SOS with AWS Lambda to generate reports.
B. Increase the Idle timeout on the Application Load Balancer to 5 minutes.
C. Update the client-side application code to increase its request timeout to 5 minutes.
D. Publish the reports to Amazon S3 and use Amazon CloudFront for downloading lo the user.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
A company is planning to use Amazon S3 to store images uploaded by its users.
The images must be encrypted at rest in Amazon S3.
The company does not want to spend time managing and rotating the keys, but it does want to control who
can access those keys.
What should a solutions architect use to accomplish this?
A. Server-Side Encryption with keys stored in an S3 bucket
B. Server-Side Encryption with Customer-Provided Keys (SSE-C)
C. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
D. Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
A company’s application is running on Amazon EC2 instances within an Auto Scaling group behind an
Elastic Load Balancer.
Based on the application’s history, the company anticipates a spike in traffic during a holiday each
year. A solutions architect must design a strategy to ensure that the Auto Scaling group proactively

increases capacity lo minimize any performance impact on application users. Which solution will meet
these requirements?
A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization
exceeds90%.
B. Create a recurring scheduled action to scale up the Auto Scaling group before the expected period
ofpeak demand.
C. Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during
thepeak demand period.
D. Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when
thereate autoscaling:EC2_INSTANCE_LAUNCH events.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
A website runs a web application that receives a burst of traffic each day at noon. The users upload new
pictures and content daily, but have been complaining of timeouts. The architecture uses Amazon EC2
Auto Seating groups, and the custom application consistently takes 1 minute to initiate upon boot up before
responding to user requests How should a solutions architect redesign the architecture to better respond to
changing traffic?
A. Configure a Network Load Balancer with a slow start configuration.
B. Configure AWS ElastiCache for Redis to offload direct requests to the serversC. Configure
an Auto Scaling step scaling policy with an instance warmup condition.
D. Configure Amazon CloudFront to use an Application Load Balancer as the origin.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
A solutions architect needs to design a managed storage solution for a company’s application that includes
high-performance machine learning.
This application runs on AWS Fargate. and the connected storage needs to have concurrent access to files
and deliver high performance.
Which storage option should the solutions architect recommend?
A. Create an Amazon S3 bucket for the application and establish an 1AM role for Fargate to
communicatewith Amazon S3.
B. Create an Amazon FSx for Lustre file share and establish an 1AM role that allows Fargate
tocommunicate with FSx for Lustre
C. Create an Amazon Elastic File System (Amazon EFS> file share and establish an 1AM role that
allowsFargate to communicate with Amazon EFS.
D. Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an
1AMrole that allows Fargate to communicate with Amazon EBS.
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
QUESTION 14
A company Is launching an ecommerce website on AWS.
This website is built with a three-tier architecture that includes a MySQL database.
In a Multi-AZ deployment of Amazon Aurora MySQL.
The website application must be highly available and will initially be launched in an AWS Region with three
Availability Zones.
The application produces a metric that describes the load the application experiences.
Which solution meets these requirements?
A. Configure an Application Load Balancer (ALB( with Amazon EC2 Auto Scaling behind the ALB
withscheduled scaling
B. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with
asimple scaling policy.
C. Configure a Network Load Balancer (NLB) and launch a Spot Fleet with Amazon EC2 Auto
Scalingbehind the NL8.
D. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a
target tracking scaling policy.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 15
A company Is designing an internet-facing web application. The application runs on Amazon EC2 for
Linuxbased instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances.
The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The
security team has mandated that the DB instances be secured against web-based attacks. What should
a solutions architect recommend?
A. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application
LoadBalancer.
Configure the EC2 instance iptables rules to drop suspicious web traffic.
Create a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
B. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application
LoadBalancer.
Move DB instances to the same subnets that EC2 instances are located in.
Create a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.
C. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application
LoadBalancer.
Use AWS WAF to monitor inbound web traffic for threats.
Create a security group for the web application servers and a security group for the DB instances.
Configure the RDS security group to only allow port 3306 inbound from the web application server
security group.
D. Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application
LoadBalancer.
Use AWS WAF to monitor inbound web traffic for threats.
Configure the Auto Scaling group lo automatically create new DB instances under heavy traffic.
Create a security group for the RDS DB instances. Configure the RDS security group to only allow
port 3306 inbound.

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2
instances running behind an Application Load Balancer across multiple Availability Zones. As the
company’s user base grows in the us-west-1 Region, it needs 3 solution with low latency and high
availability.
What should a solutions architect do to accomplish this?
A. Provision EC2 instances in us-west-1.
Switch me Application Load Balancer to a Network Load Balancer to achieve cross-Region load
balancing.
B. Provision EC2 instances and an Application Load Balancer in us-west-1.
Make the load balancer distribute the traffic based on the location of the request
C. Provision EC2 instances and configure an Application Load Balancer in us-west-1.
Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load
balancer endpoints in both Regions.
D. Provision EC2 Instances and configure an Application Load Balancer in us-wesl-1.Configure Amazon
Route 53 with a weighted routing policy.
Create alias records in Route 53 that point to the Application Load Balancer
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: https://aws.amazon.com/globalaccelerator/faqs/
QUESTION 17 A company has a custom application running on an Amazon
EC2 instance that:

Reads a large amount of data from Amazon S3 – Performs a multi-stage
analysis.
Writes the results to Amazon DynamoDB.
The application writes a significant number of large, temporary files during the multi-stage analysis.
The process performance depends on the temporary storage performance. What would be the fastest
storage option for holding the temporary files?
A. Multiple Amazon S3 buckets with Transfer Acceleration for storage
B. Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization.
C. Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol.D.
Multiple instance store volumes with software RAID 0
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 18 A company built a food ordering application that captures user data and stores it for future analysis. The
application’s static front end is deployed on an Amazon EC? instance. The front-end application sends the
requests to the backend application running on separate EC2 instance.
The backend application then stores the data in Amazon RDS. What should a solutions architect do to
decouple the architecture and make it scalable?
A. Use Amazon S3 to serve the front-end application, which sends requests to Amazon EC2 to
executethe backend application.
The backend application will process and store the data in Amazon RDS.
B. Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple
NotificationService (Amazon SNS) topic.
Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint o( the topic, and process and store
the data in Amazon RDS.
C. Use an EC2 instance lo serve the front end and write requests to an Amazon SOS queue.
Place the backend Instance in an Auto Scaling group, and scale based on the queue depth to process
and store the data in Amazon RDS.
D. Use Amazon S3 to serve the static front-end application and send requests lo Amazon API
Gatewaywhich writes the requests to an Amazon SQS queue.
Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process
and store the data in Amazon RDS.
Correct Answer: D

QUESTION 19
A company has an on-premises application that collects data and stores it to an on-premises NFS server.
The company recently set up a 10 Gbps AWS Direct Connect connection. The company is running out of
storage capacity on premises. The company needs to migrate the application data from on premises to the
AWS Cloud while maintaining low-latency access to the data from the on- premises application. What
should a solutions architect do to meet these requirements?
A. Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data
inAmazon S3.
Connect the on-premises application servers to the file gateway using NFS.
B. Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy
theapplication data to the EFS file system.
Then connect the on-premises application to Amazon EFS.
C. Configure AWS Storage Gateway as a volume gateway.
Make the application data available to the on-premises application from the NFS server and with
Amazon Elastic Block Store (Amazon EBS) snapshots.
D. Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic
FileSystem (Amazon EFS) file system as the destination for application data transfer. Connect the onpremises application to the EFS file system.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 20
A company wants to migrate a high performance computing (HPC) application and data from on- premises
to the AWS Cloud.

The company uses tiered storage on-premises with hoi high-performance parallel storage to support the
application during periodic runs of the application, and more economical cold storage to hold the data when
the application is not actively running. Which combination of solutions should a solutions architect
recommend to support the storage needs of the application? (Select TWO)
A. Amazon S3 for cold data storage
B. Amazon EFS for cold data storage
C. Amazon S3 for high-performance parallel storage
D. Amazon FSx for clustre tor high-performance parallel storage
E. Amazon FSx for Windows for high-performance parallel storage
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Explanation:
https://aws.amazon.com/fsx/lustre/
Amazon FSx for Lustre makes it easy and cost effective to launch and run the world’s most popular
highperformance file system. Use it for workloads where speed matters, such as machine learning, high
performance computing (HPC), video processing, and financial modeling.
QUESTION 21
A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many
AWS users.
The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide
access to this service to users with the least amount of administrative overhead and without exposing the
service to the public internet. What should a solutions architect do to accomplish this goal?
A. Create a peering VPC connection from each user’s VPC to the software vendor s VPC.
B. Deploy a transit VPC in the software vendor’s AWS account.Create a VPN connection
with each user account
C. Connect the service in the VPC with an AWS PrivateLink endpoint.Have users
subscribe to the endpoint.
D. Deploy a transit VPC in the software vendor’s AWS account.
Create an AWS Direct Connect connection with each user account.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 22
A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies
to restrict access to audit team 1AM user credentials according to the principle of least privilege.
Company managers are worried about accidental deletion of documents in the S3 bucket and want a more
secure solution.
What should a solutions architect do to secure the audit documents?
A. Enable the versioning and MFA Delete features on the S3 bucket
B. Enable multi-factor authentication (MFA) on the 1AM user credentials for each audit team 1AM
useraccount.
C. Add an S3 Lifecycle policy to the audit team’s 1AM user accounts to deny the s3:DeleteOb|ect
actionduring audit dates.

D. Use AWS Key Management Service (AWS KMS> to encrypt the S3 bucket and restrict audit team
1AMuser accounts from accessing the KMS key.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS
services.
The developer is unsure of the current database schema and expects to make changes as the ecommerce
site grows.
The solution needs to be highly resilient and capable of automatically scaling read and write capacity.
Which database solution meets these requirements?
A. Amazon Aurora PostgreSQL
B. Amazon DynamoDB with on-demand enabled
C. Amazon DynamoDB with DynamoDB Streams enabled
D. Amazon SQS and Amazon Aurora PostgreSQL
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 24
A company Is seeing access requests by some suspicious IP addresses. The security team discovers the
requests are horn different IP addresses under the same CIDR range. What should a solutions architect
recommend to the team?
A. Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.
B. Add a rule In the outbound table of the security group to deny the traffic from that CIDR range
C. Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.
D. Add a deny rule in the outbound table of the network ACL with a tower rule number than other rules.
Correct Answer: C

QUESTION 25
A company wants to run a hybrid workload for data processing. The data needs to be accessed by
onpremises applications for local data processing using an NFS protocol, and must also be accessible
from the AWS Cloud for further analytics and batch processing. Which solution will meet these
requirements?
A. Use an AWS Storage Gateway fife gateway to provide file storage to AWS.Then perform analytics
on the data in the AWS Cloud.
B. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS.Then
perform analytics on this data in the AWS Cloud.

C. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly
takesnapshots of the local data, then copy the data to AWS.
D. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all
thelocal storage in the AWS Cloud, then perform analytics on this data in the cloud.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
https://docs.aws.amazon.com/storagegateway/latest/userguide/WhatIsStorageGateway.html
QUESTION 26
A solutions architect is designing a solution that requires frequent updates to a website that is hosted on
Amazon S3 with versioning enabled.
For compliance reasons, older versions of the objects will not be accessed frequently and will need to be
deleted after 2 years.
What should the solutions architect recommend to meet these requirements at the LOWEST cost?
A. Use S3 batch operations to replace object tags.Expire the objects based on the modified tags
B. Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier.Expire the
objects after 2 years
C. Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple
QueueService (Amazon SOS) queue for further processing.
D. Replicate older object versions to a new bucket.
Use an S3 Lifecycle policy to expire the objects In the new bucket after 2 years
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
A company receives 10 TB of instrumentation data each day from several machines located at a single
factory.
The data consists of JSON files stored on a storage area network (SAN) in an on- premises data center
located within the factory.
The company wants to send this data to Amazon S3 where it can be accessed by several additional
systems that provide critical near-real-lime analytics. A secure transfer is important because the data is
considered sensitive. Which solution offers the MOST reliable data transfer?
A. AWS DataSync over public internet
B. AWS DataSync over AWS Direct Connect
C. AWS Database Migration Service (AWS DMS) over public internet
D. AWS Database Migration Service (AWS DMS) over AWS Direct Connect
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
A company’s web application is running on Amazon EC2 instances behind an Application Load Balancer.
The company recently changed its policy, which now requires the application to be accessed from one
specific country only.

Which configuration will meet this requirement?
A. Configure the security group for the EC2 instances.
B. Configure the security group on the Application Load Balancer.
C. Configure AWS WAF on the Application Load Balancer in a VPC.
D. Configure the network ACL for the subnet that contains the EC2 instances.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation: https://aws.amazon.com/es/blogs/security/how-to-use-aws-waf-to-filter-incoming-trafficfrom- embargoedcountries/
QUESTION 29
A leasing company generates and emails POF statements every month for all its customers. Each
statement is about 400 KB in size. Customers can download their statements from the website for up to 30
days from when the statements were generated. At the end of their 3-year lease, the customers are
emailed a ZIP file that contains all the statements.
What is the MOST cost-effective storage solution for this situation?
A. Store the statements using the Amazon S3 Standard storage class.
Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.
B. Store the statements using the Amazon S3 Glacier storage class.
Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30
days.
C. Store the statements using the Amazon S3 Standard storage class.
Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One
Zone-IA) storage after 30 days.
D. Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage
class.Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
A company is using a third-party vendor to manage its marketplace analytics. The vendor needs limited
programmatic access to resources in the company’s account. All the needed policies have been created to
grant appropriate access. Which additional component will provide the vendor with the MOST secure
access to the account?
A. Create an 1AM user.
B. Implement a service control policy (SCP)
C. Use a cross-account role with an external ID.
D. Configure a single sign-on (SSO) identity provider.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:

QUESTION 31
A recently acquired company is required to build its own infrastructure on AWS and migrate multiple
applications to the cloud within a month.
Each application has approximately 50 TB of data to be transferred After the migration ts complete this
company and its parent company will Doth require secure network connectivity with consistent throughput
from their data centers to the applications. A solutions architect must ensure one-time data migration and
ongoing network connectivity.
Which solution will meet these requirements?
A. AWS Direct Connect for both the initial transfer and ongoing connectivity.
B. AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity.
C. AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.
D. AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon
ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and
memory usage because it is expecting high traffic to the application upon its launch.
However, the company wants to reduce costs when utilization decreases.
What should a solutions architect recommend?
A. Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.
B. Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an
AmazonCloudWatch alarm.
C. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches
triggeran Amazon CloudWatch alarm.
D. Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric
breachestrigger an Amazon CloudWatch alarm.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage.
The chief information security officer has directed that no application traffic between the two services
should traverse the public internet.
Which capability should the solutions architect use to meet the compliance requirements?
A. AWS Key Management Service (AWS KMS) )
B. VPC endpoint
C. Private subnet
D. Virtual private gateway
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 34
A solutions architect must design a database solution for a high-traffic ecommerce web application. The
database stores customer profiles and shopping cart information. The database must support a peak
load of several million requests each second and deliver responses in milliseconds.
The operational overhead for managing and scaling the database must be minimized. Which database
solution should the solutions architect recommend?
A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 35
A company stores 200 GB of data each month in Amazon S3. The company needs to perform analytics on
this data at the end of each month to determine the number of items sold in each sales region for the
previous month. Which analytics strategy is MOST cost-effective for the company to use?
A. Create an Amazon Elasticsearch Service (Amazon ES) cluster.
Query the data in Amazon ES.
Visualize the data by using Kibana.
B. Create a table in the AWS Glue Data Catalog.
Query the data in Amazon S3 by using Amazon Athena.
Visualize the data in Amazon QuickSight
C. Create an Amazon EMR cluster.
Query the data by using Amazon EMR, and store the results in Amazon S3.
Visualize the data in Amazon QuickSight.
D. Create an Amazon Redshift cluster.
Query the data in Amazon Redshift, and upload the results to Amazon S3.
Visualize the data in Amazon QuickSight.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 36
A company wants a storage option that enables its data science team to analyze its data on premises and
in the AWS Cloud.
The team needs to be able to run statistical analyses by using the data on premises and by using a fleet of
Amazon EC2 instances across multiple Availability Zones. What should a solutions architect do to meet
these requirements?
A. Use an AWS Storage Gateway tape gateway to copy the on-premises files into Amazon S3.
B. Use an AWS Storage Gateway volume gateway to copy the on-premises files into Amazon S3.
C. Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block
Store(Amazon EBS).

D. Attach an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers.Copy the
files to Amazon EFS.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
A company is planning on deploying a newly built application on AWS in a default VPC The application will
consist of a web layer and database layer. The web server was created in public subnets, and the MySQL
database was created in private subnets. All subnets are created with the default network ACL settings,
and the default security group in the VPC will be replaced with new custom security groups. The following
are the key requirements:

The web servers must be accessible only to users on an SSL connection.
The database should be accessible to the web layer, which is created in a public subnet only.- All
traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.
Which combination of steps meets these requirements? (Select TWO.)
A. Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic
toand from anywhere (0 0.0.0/0)
B. Create a database server security group with an inbound rule for MySQL port 3306 and specify
thesource as a web server security group.
C. Create a web server security group with an inbound allow rule for HTTPS port 443 traffic from
anywhere(0.0.0.0/0) and an inbound deny rule for IP range 182.20.0 0/16.
D. Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere
(0.00 0/0).
Create network ACL inbound and outbound deny rules for IP range 182 20.00/16
E. Create a web server security group with inbound and outbound rules for HTTPS port 443 traffic to
andfrom anywhere (0.0.0.0/0).
Create a network ACL inbound deny rule for IP range 182.20.0.0/16.
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
A solutions architect wants all new users to have specific complexity requirements and mandatory rotation
periods for 1AM user passwords.
What should the solutions architect do to accomplish this?
A. Set an overall password policy for the entire AWS account B.
Set a password policy for each 1AM user in the AWS account.
C. Use third-party vendor software to set password requirements, D. Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with
theappropriate requirements.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 39
The following IAM policy is attached to an IAM group. This is the only policy applied to the group. What are the effective IAM permissions of this policy for group members?

A. Group members are permitted any Amazon EC2 action within the uss-east-1 Region.Statements
after The Allow permission are not applied
B. Group member are denied any Amazon EC2 permissions in the us-east-1 Region unless they
aretagged in with multi-factor authentication (MFA).
C. Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances permissions for
allRegions when logged in with multi-factor authentication (MFA). Group members authorized any
other Amazon EC2 action.
D. Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for
theus-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are
permitted any other Amazon EC2 action within the us-east-1 Region
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
A new employee has joined a company as a deployment engineer. The deployment engineer will be using
AWS CloudFormation templates to create multiple AWS resources.
A solutions architect wants the deployment engineer to perform job activities. While following the principle
of least privilege.
Which combination of actions should the solutions architect take to accomplish this goal? (Select TWO.)
A. Have the deployment engineer use AWS account roof user credentials for performing
AWSCloudFormation stack operations.
B. Create a new IAM user for the deployment engineer and add the IAM user to a group that has
thePowerUsers IAM policy attached
C. Create a new IAM user for the deployment engineer and add the IAM user to a group that has the
D. Create a new IAM User for the deployment engineer and add the IAM user to a group that has an
IAMpolicy that allows AWS CloudFormation actions only
E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the
AWSCloudFormation stack and launch stacks using Dial IAM role.
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
A solutions architect is working on optimizing a legacy document management application running on
Microsoft a network file share.
The chief information officer wants to reduce the on-premises data center footprint and minimize storage by
moving on-premises storage to AWS.
What should the solution architect do to meet these requirements?

A. Sat up an AWS Storage Gateway file gateway.
B. Set up Amazon Elastic File System (Amazon EFS).
C. Set up AWS Storage Gateway as a volume gateway.
D. Set up an Amazon Elastic Block Store (Amazon EBS) volume.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 42
A company is moving Its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has
several applications that write to the same tables. The applications need to be migrated one by one with a
month in between each migration Management has expressed concerns that the database has a high
number of reads and writes. The data must be kept in sync across both databases throughout tie
migration. What should a solutions architect recommend?
A. Use AWS DataSync tor the initial migration.
Use AWS Database Migration Service (AWS DMS] to create a change data capture (CDC) replication
task and a table mapping to select all cables.
B. UseAVVS DataSync for the initial migration.
Use AWS Database Migration Service (AWS DMS) to create a full load plus change data capture
(CDC) replication task and a table mapping to select ail tables.
C. Use the AWS Schema Conversion led with AWS DataBase Migration Service (AWS DMS) using
amemory optimized replication instance.
Create a tui load plus change data capture (CDC) replication task and a table mapping lo select all
tables.
D. Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using
acompute optimized implication instance.
Create a full load plus change data capture (CDC) replication task and a table mapping to select the
largest tables.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 43
A company wants to migrate its web application to AWS. The legacy web aoplication consists of a web tier,
an appfccation tier, and a MySQL database.
The re-architectod application must consist of technologies that do not require the administration team to
manage instances or clusters.
Which combination of services should a solutions architect include in Ihe overall architecture? (Select
TWO)
A. Amazon Aurora Serverless
B. Amazon EC2 Spot Instances
C. Amazon Elasticsearch Service (Amazon ES)
D. Amazon RDS for MySQL
E. AWS Fargate
Correct Answer: DE
Section: (none)

Explanation
Explanation/Reference:
QUESTION 44
A company has multiple applications that use Amazon RDS lor MySQL as is database. The company
recently discovered that a new custom reporting application has Increased the number of Queries on the
database.
This is slowing down performance.
How should a solutions architect resolve this issue with the LEAST amount of application changes?
A. Add a secondary DB instance using Multi-AZ
B. Set up a road replica ana Multi-AZ on Amazon RDS.
C. Set up a standby replica and Multi-AZ on Amazon RDS
D. Use caching on Amazon RDS to improve the overall performance
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 45
A company owns an asynchronous API that is used to ingest use requests and, based on the request type,
dispatch requests to the appropriate microservice for processing. The company is using Amazon API
Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to
store user requests before dispatching them to the processing microservices.
The company provisioned as much DynamoDB throughput as its budget allows, but the company is still
experiencing availability issues and is losing user requests. What should a solutions architect do to
address this Issue without impacting existing users?
A. Add throttling on the API Gateway with server-side throttling limits
B. Use DynamoDB Accelerator (DAX) and LamDda to buffer writes to DynamoDB
C. Create a secondary index in DynamoDB for the label with the user requests.
D. Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes
toDynamoDB.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
A company is running a multi-tier ecommerce web application In the AWS Cloud. The application runs on
Amazon EC2 Instances with an Amazon RDS MySQL Mutt>AZ DB instance. Amazon RDS is configured
with the latest generation instance with 2,000 GB of storage in an Amazon EBS General Purpose SSD
(gp2) volume.
The database performance impacts the application during periods of high demand.
After analyzing the logs in Amazon CloudWatch Logs, a database administrator finds that the
application performance always degrades when the number of read and write IOPS is higher than 6.000
What should a solutions architect do to improve the application performance?
A. Replace the volume with a Magnetic volume
B. Increase the number of IOPS on the gp2 volume
C. Replace the volume with a Provisioned IOPS (PIOPS) volume.

D. Replace the 2,000 GB gp2 volume with two 1,000 GBgp2 volumes.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
A company is using AWS Organizations with two AWS accounts: Logistics and Sales. The Logistics
account operates an Amazon Redshift cluster. The Sales account includes Amazon EC2 instances. The
Sales account needs to access the Logistics account’s Amazon Redshift cluster.
What should a solutions architect recommend to meet this requirement MOST cost-effectively?
A. Set up VPC sharing with the Logistics account as the owner and the Sales account as the participant
totransfer the data.
B. Create an AWS Lambda function in the Logistics account to transfer data to the Amazon EC2
instancesin the Sales account.
C. Create a snapshot of the Amazon Redshift cluster, and share the snapshot with the Sales account.
Inthe Sales account, restore the cluster by using the snapshot ID that is shared by the Logistics
account. D. Run COPY commands to load data from Amazon Redshift into Amazon S3 buckets in the
Logistics account. Grant permissions to the Sales account to access the S3 buckets of the Logistics
account.
Correct Answer: C

QUESTION 48
A company is using Amazon Redshift for analytics and to generate customer reports. The company
recently acquired 50 TB of additional customer demographic data. The data is stored in .csv files in
Amazon S3. The company needs a solution that joins the data and visualizes the results with the least
possible cost and effort.
What should a solutions architect recommend to meet these requirements?
A. Use Amazon Redshift Spectrum to query the data in Amazon S3 directly and join that data with
theexisting data in Amazon Redshift. Use Amazon QuickSight to build the visualizations.
B. Use Amazon Athena to query the data in Amazon S3. Use Amazon QuickSight to join the data
fromAthena with the existing data in Amazon Redshift and to build the visualizations.
C. Increase the size of the Amazon Redshift cluster, and load the data from Amazon S3. Use
AmazonEMR Notebooks to query the data and build the visualizations in Amazon Redshift.
D. Export the data from the Amazon Redshift cluster into Apache Parquet files in Amazon S3. Use
AmazonElasticsearch Service (Amazon ES) to query the data. Use Kibana to visualize the results.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49

A solutions architect must provide a fully managed replacement for an on-premises solution that allows
employees and partners to exchange files. The solution must be easily accessible to employees
connecting from on-premises systems, remote employees, and external partners. Which solution meets
these requirements?
A. Use AWS Transfer for SFTP to transfer files into and out of Amazon S3.
B. Use AWS Snowball Edge for local storage and large-scale data transfers.
C. Use Amazon FSx to store and transfer files to make them available remotely.
D. Use AWS Storage Gateway to create a volume gateway to store and transfer files to Amazon S3.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://aws.amazon.com/aws-transfer-family/?whats-newcards.sortby=item.additionalFields.postDateTime&whats-new-cards.sortorder=desc
QUESTION 50
A company’s database is hosted on an Amazon Aurora MySQL DB cluster in the us-east-1 Region. The
database is 4 TB in size. The company needs to expand its disaster recovery strategy to the us-west-2
Region. The company must have the ability to fail over to us-west-2 with a recovery time objective (RTO) of
15 minutes.
What should a solutions architect recommend to meet these requirements?
A. Create a Multi-Region Aurora MySQL DB cluster in us-east-1 and use-west-2. Use an Amazon
Route53 health check to monitor us-east-1 and fail over to us- west-2 upon failure.
B. Take a snapshot of the DB cluster in us-east-1. Configure an Amazon EventBridge
(AmazonCloudWatch Events) rule that invokes an AWS Lambda function upon receipt of resource
events. Configure the Lambda function to copy the snapshot to us-west-2 and restore the snapshot in
us-west-2 when failure is detected.
C. Create an AWS CloudFormation script to create another Aurora MySQL DB cluster in us-west-2 in
caseof failure. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an
AWS Lambda function upon receipt of resource events. Configure the Lambda function to deploy the
AWS CloudFormation stack in us-west-2 when failure is detected.
D. Recreate the database as an Aurora global database with the primary DB cluster in us-east-1 and
asecondary DB cluster in us-west-2. Configure an Amazon EventBridge (Amazon CloudWatch Events)
rule that invokes an AWS Lambda function upon receipt of resource events. Configure the Lambda
function to promote the DB cluster in us-west-2 when failure is detected.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
A company is migrating its applications to AWS. Currently, applications that run on premises generate
hundreds of terabytes of data that is stored on a shared file system. The company is running an analytics
application in the cloud that runs hourly to generate insights from this data.
The company needs a solution to handle the ongoing data transfer between the on-premises shared file
system and Amazon S3. The solution also must be able to handle occasional interruptions in internet
connectivity.
Which solutions should the company use for the data transfer to meet these requirements?
A. AWS DataSync

B. AWS Migration Hub
C. AWS Snowball Edge Storage Optimized
D. AWS Transfer for SFTP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Reference: https://aws.amazon.com/cloud-datamigration/
QUESTION 52
A solutions architect is designing the architecture for a new web application. The application will run on
AWS Fargate containers with an Application Load
Balancer (ALB) and an Amazon Aurora PostgreSQL database. The web application will perform primarily
read queries against the database.
What should the solutions architect do to ensure that the website can scale with increasing traffic? (Choose
two.)
A. Enable auto scaling on the ALB to scale the load balancer horizontally.
B. Configure Aurora Auto Scaling to adjust the number of Aurora Replicas in the Aurora
clusterdynamically.
C. Enable cross-zone load balancing on the ALB to distribute the load evenly across containers in
allAvailability Zones.
D. Configure an Amazon Elastic Container Service (Amazon ECS) cluster in each Availability Zone
todistribute the load across multiple Availability Zones.
E. Configure Amazon Elastic Container Service (Amazon ECS) Service Auto Scaling with a target
trackingscaling policy that is based on CPU utilization.
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 53
A company captures ordered clickstream data from multiple websites and uses batch processing to
analyze the data. The company receives 100 million event records, all approximately 1 KB in size, each
day. The company loads the data into Amazon Redshift each night, and business analysts consume the
data. The company wants to move toward near-real-time data processing for timely insights. The solution
should process the streaming data while requiring the least possible operational overhead.
Which combination of AWS services will meet these requirements MOST cost-effectively? (Choose two.)
A. Amazon EC2
B. AWS Batch
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Kinesis Data Firehose
E. Amazon Kinesis Data Analytics
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:

QUESTION 54
A company has a customer relationship management (CRM) application that stores data in an Amazon
RDS DB instance that runs Microsoft SQL Server. Theynapmoc ‫ג‬€™s IT staff has administrative access
to the database. The database contains sensitive data. The company wants to ensure that the data is not
accessible to the IT staff and that only authorized personnel can view the data. What should a solutions
architect do to secure the data?
A. Use client-side encryption with an Amazon RDS managed key.
B. Use client-side encryption with an AWS Key Management Service (AWS KMS) customer managed
key.C. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) default
encryption key.
D. Use Amazon RDS encryption with an AWS Key Management Service (AWS KMS) customer managed
key.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 55
A company with a single AWS account runs its internet-facing containerized web application on an Amazon
Elastic Kubernetes Service (Amazon EKS) cluster.
The EKS cluster is placed in a private subnet of a VPC. System administrators access the EKS cluster
through a bastion host on a public subnet.
A new corporate security policy requires the company to avoid the use of bastion hosts. The company also
must not allow internet connectivity to the EKS cluster.
Which solution meets these requirements MOST cost-effectively?
A. Set up an AWS Direct Connect connection.
B. Create a transit gateway.
C. Establish a VPN connection.D. Use AWS Storage Gateway.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 56
A company has deployed a multiplayer game for mobile devices. The game requires live location tracking
of players based on latitude and longitude. The data store for the game must support rapid updates and
retrieval of locations.
The game uses an Amazon RDS for PostgreSQL DB instance with read replicas to store the location data.
During peak usage periods, the database is unable to maintain the performance that is needed for reading
and writing updates. The game’s user base is increasing rapidly.
What should a solutions architect do to improve the performance of the data tier?
A. Take a snapshot of the existing DB instance. Restore the snapshot with Multi-AZ enabled.
B. Migrate from Amazon RDS to Amazon Elasticsearch Service (Amazon ES) with Kibana.
C. Deploy Amazon DynamoDB Accelerator (DAX) in front of the existing DB instance. Modify the game
touse DAX.
D. Deploy an Amazon ElastiCache for Redis cluster in front of the existing DB instance. Modify the game
touse Redis.
Correct Answer: C

Section: (none)
Explanation
Explanation/Reference:
QUESTION 57
A company is migrating a large, mission-critical database to AWS. A solutions architect has decided to use
an Amazon RDS for MySQL Multi-AZ DB instance that is deployed with 80,000 Provisioned IOPS for
storage. The solutions architect is using AWS Database Migration Service (AWS DMS) to perform the data
migration. The migration is taking longer than expected, and the company wants to speed up the process.
ynapmoc ehT‫ג‬€™s network team has ruled out bandwidth as a limiting factor.
Which actions should the solutions architect take to speed up the migration? (Choose two.)
A. Disable Multi-AZ on the target DB instance.
B. Create a new DMS instance that has a larger instance size.
C. Turn off logging on the target DB instance until the initial load is complete.
D. Restart the DMS task on a new DMS instance with transfer acceleration enabled.
E. Change the storage type on the target DB instance to Amazon Elastic Block Store (Amazon
EBS)General Purpose SSD (gp2).
Correct Answer: CD

A company wants to re architect a large monolithic application. Which of the
following design principles should be considered when re-architecting such an
application? Choose 2 answers from the options given below

Options are :
Make use of fixed servers
Ensure to implement loose coupling
Ensure to rely on individual components
Ensure to design for scalability

Answer :Ensure to implement loose coupling Ensure to design for scalability

Which of the following is an AWS(Amazon Web Service) service that can be used as
a scalable file storage solution that can be used by both Linux based AWS(Amazon
Web Service) servers and on-premise servers?

Options are :
Amazon S3
Amazon Glacier
Amazon EBS
Amazon EFS

In-store shopping

Answer :Amazon EFS

Which of the following are two services that AWS(Amazon Web Service) offers from
a security perspective?

Options are :
Multi-factor authentication tokens
AWS Trusted Advisor security checks
Data Encryption
Automated penetration testing

Answer :AWS Trusted Advisor security checks Data Encryption

In-store shopping

when
Toolsusing the AWS(Amazon Web Service) command line interface?

Topicsx

Options are :
IAM group
IAM user
IAM role
IAM policy

Answer :IAM user

Which of the following are ways that can be used to interact with AWS(Amazon Web
Service) services? Choose 2 answers from the options given below

Options are :
Command line interface
Software development kits
On-premise
Software-as-a-service

Answer :Command line interface Software development kits

A company is planning on deploying an application onto AWS(Amazon Web Service)
in different AWS(Amazon Web Service) regions. Which of the following factors can
influence the company’s decision on which regions to choose for hosting the
application? Choose 2 answers from the options given below

Options are :
Reduced latency for users
Data sovereignty compliance
The applications local language settings

Answer :Reduced latency for users Data sovereignty compliance

Which of the following are features of Amazon CloudWatch Logs? Choose 2 answers
from the options given below

Options are :
This service is provided at no charge
This service provides real time monitoring
This service provides adjustable retention periods
This service provides summaries sent via the Simple Notification Service

Answer :This service provides real time monitoring This service provides

In-store shopping

Toolsof the following auditing process does AWS(Amazon Web Service) have
Topics
Which
the
sole responsibility for?

Options are :
AWS IAM Policies
AWS IAM users
Amazon S3 bucket policies
Physical security

Answer :Physical security

Which of the following is required for developers to access AWS(Amazon Web
Service) services via the AWS(Amazon Web Service) CLI?

Options are :
Tools

Topicsx

Username and password
SSH keys
Access keys
API keys

Answer :Access keys

Which of the following is a shared control between the customer and AWS?

Options are :
Awareness and training
Using a key for Amazon S3 client-side encryption
Configuration of several EC2 Instances
Physical controls for the AWS(Amazon Web Service) Data centers

Answer :Awareness and training

A company wants to have a data store in place where-in reads and writes on the
data would happen frequently. Which of the following are services that can be used
for this requirement? Choose 2 answers from the options given below

Options are :
Amazon RDS
Amazon Glacier
Amazon Redshift
Amazon EFS

In-store shopping

Answer :Amazon RDS Amazon EFS

A company is planning on creating multiple AWS(Amazon Web Service) Accounts.
Which of the following are services that can be used across hybrid AWS(Amazon
Web Service) Cloud Architectures? Choose 2 answers from the options given below

Options are :
Amazon Route 53
Classic Load Balancer
Autoscaling
Virtual Private Gateway

Answer :Amazon Route 53 Virtual Private Gateway

A company wants to use AWS(Amazon Web Service) for a self-hosted database. The

In-store shopping

database has the following requirements

Tools

a) Have the ability to shutdown every night for maintenance purposes

Topicsx

b) Save on costs
Which of the following would you use for this purpose?

Options are :
Amazon Redshift
Amazon DynamoDB
Amazon EC2 with Amazon EC2 Instance store
Amazon EC2 with Elastic Block storage

Answer :Amazon EC2 with Elastic Block storage

A company is planning on setting up multiple AWS(Amazon Web Service) accounts.
They are planning on implementing consolidated billing. Which of the following are
advantages of consolidated billing? Choose 2 answers from the options given below

Options are :
Having the ability to receive one bill for multiple accounts
Ability to having the default service limits increased in every account
A fixed discount that is applied every month
The potential for having volume discounts when the usage of all accounts is combined

Answer :Having the ability to receive one bill for multiple accounts The
potential for having volume discounts when the usage of all accounts is combined

A company is planning on purchasing Reserved Instances as part of their
AWS(Amazon Web Service) account. Which of the following pricing model will give
the highest discount when compared to On-demand pricing?

Options are :
One-year , No Upfront and Standard Reserved Instance pricing
One-year , All Upfront and Convertible Reserved Instance pricing
Three-year, All Upfront and Standard Reserved Instance pricing
Three-year, No Upfront and Convertible Reserved Instance pricing

Answer :Three-year, All Upfront and Standard Reserved Instance pricing

You are planning on creating an S3 bucket in your AWS(Amazon Web Service)
account. You need to limit access to the bucket to specific users. Which of the
following could be used for this requirement?

In-store shopping

Options are :

A public and private key pair

AWS Identity and Access Management policies
Security Groups

Answer :AWS Identity and Access Management policies

Which of the following Reserved Instance pricing model allows for one to change
the attributes of the Reserved Instance as long as the exchange results in the
creation of Reserved Instances of equal or greater value?

Options are :
Dedicated Reserved Instance
Scheduled Reserved Instance
Convertible Reserved Instance
Standard Reserved Instance

Answer :Convertible Reserved Instance

Which service records API activity on your account and delivers log files to an
Amazon S3 bucket?

Options are :
Amazon S3 Event Notifications
Amazon CloudTrail
Amazon CloudWatch Logs
Amazon CloudWatch

Answer :Amazon CloudTrail

Which statement below is incorrect in relation to Network ACLs?

Tools

Topicsx

Options are :
Process rules in order
Support allow and deny rules
Operate at the Availability Zone level
Stateless

Answer :Operate at the Availability Zone level

What is the scope of a VPC within a region?

Options are :
At least 2 subnets per region
At least 2 data centers per region
Spans all Availability Zones globally
Spans all Availability Zones within the region

Answer :Spans all Availability Zones within the region

Which AWS(Amazon Web Service) support plan should you use if you need a
response time of < 15 minutes for a business-critical system failure?

Options are :
Basic
Business
Enterprise
Developer

In-store shopping

Answer :Enterprise

Which AWS(Amazon Web Service) service can be used to convert video and audio
files from their source format into versions that will playback on devices like
smartphones, tablets and PC?

Options are :
Elastic Beanstalk
Elastic Load Balancer
Elastic Transcoder
Auto Scaling

Answer :Elastic Transcoder

AWS Certified Cloud Practitioner 6 full practice tests Set 4

Tools

Options are :

Topicsx

Key pairs
Roles
Access policies
Security groups
Network ACLs

Answer :Roles Access policies

Which AWS(Amazon Web Service) service can you use to install a third-party
database?

Options are :
Amazon DynamoDB
Amazon EMR
Amazon EC2
Amazon RDS

Answer :Amazon EC2

When instantiating compute resources, what are two techniques for using
automated, repeatable processes that are fast and avoid human error? (choose 2)

Options are :
Infrastructure as code
Performance monitoring
Bootstrapping
Fault tolerance
Snapshotting

Answer :Infrastructure as code Bootstrapping

Under the shared responsibility model, what are examples of shared controls?
(choose 2)

Options are :
Service and Communications Protection
Physical and environmental
Patch management
Storage system patching

Configuration management

Which service can you use to provision a preconfigured server with little to no
AWS(Amazon Web Service) experience?

Options are :
Amazon Lightsail
Amazon EC2
AWS Lambda
Amazon Elastic Beanstalk

Answer :Amazon Lightsail

Which of the following is a method of backup available in the AWS(Amazon Web
Service) cloud?

Options are :
Tools

Topicsx

EFS File Systems
EBS Snapshots
Route 53 Alias Record
Availability Zones

Answer :EBS Snapshots

Under the AWS(Amazon Web Service) shared responsibility model what is the
customer responsible for? (choose 2)

Options are :
Replacement and disposal of disk drives
Patch management of infrastructure
Encryption of customer data
Physical security of the data center
Configuration of security groups

Answer :Encryption of customer data Configuration of security groups

Which database service is a NoSQL type of database that is fully managed?

Options are :
Amazon ElastiCache
Amazon DynamoDB
Amazon RedShift
Amazon RDS

Answer :Amazon DynamoDB

Which of the statements below is accurate regarding Amazon S3 buckets? (choose
2)

Options are :
Bucket names must be unique regionally
Bucket names must be unique globally
Buckets are replicated globally
Buckets can contain other buckets
Buckets are region-specific

Answer :Bucket names must be unique globally Buckets are region-specific

Which AWS(Amazon Web Service) services are used for analytics? (choose 2)

Amazon Athena
Amazon ElastiCache
Amazon S3
Amazon RDS
Amazon EMR

Answer :Amazon Athena Amazon EMR

Which AWS(Amazon Web Service) service can an organization use to automate
operational tasks on EC2 instances using existing Chef cookbooks?

Options are :
AWS OpsWorks
AWS Service Catalog
AWS CodeDeploy
AWS Config

Answer :AWS OpsWorks

Which feature of Amazon Rekognition can assist with saving time?

Options are :
Provides on-demand access to compliance-related information
Identification of the language of text in a document
Adds automatic speech recognitions (ASR) to applications
Identification of objects in images and videos

Answer :Identification of objects in images and videos

Which service can be used for building and integrating loosely-coupled, distributed
applications?

Options are :
Amazon EFS
Amazon EBS
Amazon SNS
Amazon RDS

Answer :Amazon SNS

Which tool enables you to visualize your usage patterns over time and to identify In-store shopping your underlying cost drivers?

AWS Cost Explorer
AWS Simple Monthly Calculator
Total Cost of Ownership (TCO) Calculator
AWS Budgets

Answer :AWS Cost Explorer

What method can you use to take a backup of an Amazon EC2 instance using
AWS(Amazon Web Service) tools?

Options are :

Take a snapshot to capture the point-in-time state of the instance
Take full and incremental file-level backups using the backup console

Take application-consistent backups using the EC2 API

Use Cross Region Replication (CRR) to copy the instance to another region

Answer :Take a snapshot to capture the point-in-time state of the instance

Which service allows you to automatically expand and shrink your application in
response to demand?

Options are :
Amazon Elastic Load Balancing
Amazon DynamoDB
AWS Auto Scaling
AWS ElastiCache

Answer :AWS Auto Scaling

Which types of pricing policies does AWS(Amazon Web Service) offer? (choose 2)

Options are :
Save when you reserve
Pay-as-you-go
Global usage discounts
Non-peak hour discounts
Enterprise license agreement (ELA)

Answer :Save when you reserve Pay-as-you-go

What advantages does deploying Amazon CloudFront provide? (choose 2)

Options are :
Provides serverless compute services
Reduced latency
Improved performance for end users
A private network link to the AWS(Amazon Web Service) cloud
Automated deployment of resources

Answer :Reduced latency Improved performance for end users

Which services are integrated with KMS encryption? (choose 2)

AWS CloudFormation
Amazon EBS

ToolsAmazon EC2
Amazon SWF
Amazon RDS

Answer :Amazon EBS Amazon RDS

Which of the following are features of Amazon CloudWatch? (choose 2)

Options are :
Used for auditing of API calls
Can be accessed via API, command-line interface, AWS(Amazon Web Service) SDKs, and
the AWS(Amazon Web Service) Management Console
Provides visibility into user activity by recording actions taken on your account
Used to gain system-wide visibility into resource utilization
Records account activity and service events from most AWS(Amazon Web Service)
services

Answer :Can be accessed via API, command-line interface, AWS(Amazon
Web Service) SDKs, and the AWS(Amazon Web Service) Management Console
Used to gain system-wide visibility into resource utilization

Which service can be used to track the CPU usage of an EC2 instance?

Options are :
Amazon CloudWatch
Amazon CloudFront
Amazon CloudTrail
Amazon CloudFormation

Answer :Amazon CloudWatch

A company would like to maximize their potential volume and RI discounts across
multiple accounts and also apply service control policies on member accounts.
What can they use gain these benefits?

Options are :
AWS Cost Explorer
AWS Budgets
AWS IAM
AWS Organizations

Answer :AWS Organizations

Which AWS(Amazon Web Service) service allows you to connect to storage from onpremise servers using standard file protocols?

premise servers using standard file protocols?

Tools

Options are :
Amazon Glacier
Amazon EFS
Amazon EBS
Amazon S3

Answer :Amazon EFS

A company is planning to introduce a new product to their customers. They are
expecting high traffic to their web application. As part of the Enterprise support
plan, which of the following could provide them with architectural and scaling
guidance?

Options are :
AWS Support API
Infrastructure Event Management
AWS Management Support
AWS Support Concierge Service

Answer :Infrastructure Event Management

Which of the following is not a benefit of Amazon S3? (Choose TWO)

Options are :
Amazon S3 provides unlimited storage for any type of data.
Amazon S3 can be scaled manually to store and retrieve any amount of data from
anywhere.
Amazon S3 provides 99.999999999% (11 9’s) of data durability.
Amazon S3 can run any type of application or backend system.
Amazon S3 stores any number of objects, but with object size limits.

Answer :Amazon S3 can be scaled manually to store and retrieve any amount
of data from anywhere. Amazon S3 can run any type of application or backend
system.

Which of the following AWS(Amazon Web Service) services are free to use? (Choose
two)

Options are :
CloudWatch
CloudFormation Auto-scaling

Answer :CloudFormation Auto-scaling

Which of the following can help protect your EC2 instances from DDoS attacks?
(Choose two)

Options are :
AWS Batch
CloudHSM
Network Access Control Lists
Security Groups
AWS IAM

Answer :Network Access Control Lists Security Groups

An organization runs many systems and uses many AWS(Amazon Web Service)
products. Which of the following services allow them to control how each developer
interacts with these products?

Options are :
Network Access Control Lists
AWS Identity and Access Management
Amazon EMR
Amazon RDS

Answer :AWS Identity and Access Management

Which of the following AWS(Amazon Web Service) Cloud services is designed with
native Multi-AZ fault tolerance in mind? (Choose two)

Options are :
Amazon Redshift
Amazon EBS
Amazon Virtual Private Cloud
Amazon DynamoDB
Amazon Simple Storage Service

Answer :Amazon DynamoDB Amazon Simple Storage Service

Select the services that can be used to build hybrid cloud architectures. (Choose
two)

Options are :
AWS Identity and Access Management
AWS Cloud9
AWS CloudTrail
AWS Artifact
Amazon Virtual Private Cloud

Answer :AWS Identity and Access Management Amazon Virtual Private
Cloud

What information is required to calculate the Total Cost of Ownership for the
AWS(Amazon Web Service) Cloud?

Options are :
The number of end users you are currently serving

The number of on-premise virtual machines

ToolsThe number of active databases

The number of on-premise applications

Answer :The number of on-premise virtual machines

Which AWS(Amazon Web Service) network feature can establish a private network
connection between AWS(Amazon Web Service) and your datacenter?

Options are :
AWS Direct Connect
Amazon CloudFront
AWS Snowball
AWS Route 53

Answer :AWS Direct Connect

What does S3 stand for?

Options are :
Simple Storage Service
Simplified Storage Service
Service for Simple Storage
Simple Store Service

Answer :Simple Storage Service

Which of the following will impact the price paid for an EC2 instance? (Choose two)

Options are :
Storage capacity
The IAM identity that uses the instance
Compute time consumed
The Availability Zone where the instance is provisioned
Instance Type

Answer :Storage capacity Instance Type

What does Amazon Elastic Beanstalk provide?

Options are :
A NoSQL database service
A long-term data storage.
A compute engine for Amazon ECS.

Answer :A PaaS solution to automate application deployment.

Using Amazon RDS falls under the shared responsibility model. Which of the
following are customer responsibilities? (Choose two)

Options are :
Performing backups.
Patching the database software.
Installing the database software.
Managing the database settings.
Building the relational database schema.

Answer :Managing the database settings. Building the relational database x
schema.

What is the AWS(Amazon Web Service) service that provides automated network
assessment of your Amazon EC2 instances to check for vulnerabilities?

Options are :
AWS Network Access Control Lists
AWS Inspector
Amazon Kinesis
Security groups

Answer :AWS Inspector

An organization has an on-premises application that serves users from all around
the world. If instead the application was deployed in AWS, what is the AWS(Amazon
Web Service) characteristic that could help reduce latency to their users?

Options are :
High Availability
Fault tolerance
Elasticity
Global reach

Answer :Global reach

A company created a solution that will help AWS(Amazon Web Service) customers
improve their architectures on AWS. Which AWS(Amazon Web Service) program
may support this company?

Options are :
APN Technology Partners
APN Consulting Partners
AWS TAM
AWS Professional Services

Answer :APN Consulting Partners

Based on the AWS(Amazon Web Service) shared responsibility model, which of the
following is the responsibility of AWS? (Choose two)

Options are :
Creating hypervisors.
Hardware maintenance.
Installing software on EC2.

Monitoring network performance.
Configuring ACLs

Answer :Creating hypervisors. Hardware maintenance.

What are your options for protecting the confidentiality of data in transit in Amazon
S3? (Choose two)

Options are :
Use Client-Side Encryption
Use RDS Encryption
Use SSL
Use Server-Side Encryption

Answer :Use Client-Side Encryption Use SSL

Which
Toolsof the following are important design principles you should adopt when
Topicsx
architecting cloud-based systems? (Choose two)

Options are :
Remove single points of failure
Build as much automation as possible
Always choose to pay as you go
Treat servers as fixed resources

Answer :Remove single points of failure Build as much automation as
possible

What is the Amazon RDS feature that allows for data redundancy across regions and
improves disaster recovery?

Options are :
Multi-AZ
Write Replicas
Read Replicas
Multi-region replication

Answer :Read Replicas

What is the AWS(Amazon Web Service) service that gives you full control over the
underlying virtual infrastructure?

Options are :
Amazon Redshift

Amazon DynamoDB

ToolsAmazon EC2
Amazon RDS

Answer :Amazon EC2

Which of the following AWS(Amazon Web Service) offerings is a MySQL-compatible
relational database that can scale capacity automatically based on demand?

Options are :
Amazon Neptune
Amazon Aurora
RDS PostgreSQL

Answer :Amazon Aurora

What is the Amazon RDS feature that can you use to improve the availability of your
database? (Choose two)

Options are :
Automatic patching
Read Replicas
Edge Locations
Multi-AZ Deployment
AWS Regions

Answer :Read Replicas Multi-AZ Deployment

Which of the following services allows you to run containerized applications on a
cluster of EC2 instances?

Options are :
Amazon Elastic Container Service
AWS Docker Manager
Amazon Elastic Docker Service
Amazon Elastic Compute Service

Answer :Amazon Elastic Container Service

Under the Shared Responsibility Model, which of the following are controls which a
customer fully inherits from AWS? (Choose two)

Options are :
Awareness & Training
Environmental controls
Patch management controls
Database controls
Physical controls

Answer :Environmental controls Physical controls

What are two advantages of using Cloud Computing over using traditional data
centers? (Choose two)

Options are :
Reserved Compute Capacity

Virtualized compute resources
Distributed infrastructure

Distributed infrastructure

Eliminating SPOFs.
Dedicated hosting

Answer :Distributed infrastructure Eliminating SPOFs.

You are working on two projects that require a completely different network
configuration. Which of the following would allow you to isolate resources and
network configurations for each of them?

Options are :
Virtual Public Cloud
Security Groups
Edge Locations
Virtual Private Cloud

Answer :Virtual Private Cloud

Which Cloud Computing model removes the need for your organization to manage
operating systems?

Options are :
MaaS
IaaS
PaaS
GaaS

Answer :PaaS

What are the security credentials that are required to access the AWS(Amazon Web
Service) management console of an IAM user account?

Options are :
MFA
Security tokens
A user name and password.
Access keys

Answer :A user name and password.

Which of the following reserved instance payment options result in you paying a
discounted hourly rate throughout the duration of the term? (Choose two)

ToolsPartial Upfront option.

No Upfront option.
All Upfront option.

Answer :Partial Upfront option. No Upfront option.

Which statement best describes the operational excellence pillar of the
AWS(Amazon Web Service) Well-Architected Framework?

Options are :
The ability to monitor and improve system processes and procedures
The ability of a system to recover gracefully from failure
The ability to provision resources on-demand

The ability to manage datacenter operations more efficiently

Answer :The ability to monitor and improve system processes and

Topicsx

procedures

Which of the following aspects of security are managed by AWS? (Choose two)

Options are :
Hardware patching
Access permissions
Encryption of EBS volumes
VPC security
Securing global physical infrastructure

Answer :Hardware patching Securing global physical infrastructure

What is the AWS(Amazon Web Service) feature that takes advantage of Amazon
CloudFront’s globally distributed edge locations to transfer files to S3 with higher
upload speeds?

Options are :
Snowball Transfer Acceleration
SnowMobile transfer Accelerator
AWS WAF
S3 Transfer Acceleration

Answer :S3 Transfer Acceleration

AWS has created a huge number of Edge Locations as part of its global
infrastructure. Which of the following is NOT a benefit of using an edge location?

Options are :
Edge locations are used by CloudFront to improve your end users’ experience when
uploading files
Edge locations are used by CloudFront to distribute content to global users with low
latency
Edge locations are used by CloudFront to distribute traffic across multiple instances to
reduce latency
Edge locations are used by CloudFront to cache the most recent responses

Answer :Edge locations are used by CloudFront to distribute traffic across
multiple instances to reduce latency

Which of the following enables you to monitor and collect log files from your

In-store shopping

Amazon EC2 instances?

AWS Storage Gateway
CloudWatch Logs
Amazon Inspector
CloudTrail

Answer :CloudWatch Logs

Which of the following procedures may reduce your Amazon S3 costs?

Options are :
Move all the data stored in S3 standard to EBS.
Pick the right Availability Zone for your S3 bucket.
Use the Import/Export feature to move old files automatically to Amazon Glacier.
Use the right combination of storage classes based on the different use cases.

Answer :Use the right combination of storage classes based on the different
use cases.

There is a need to automate the creation of sandbox accounts for developers and
granting entities in those accounts access only to the necessary AWS(Amazon Web
Service) services. Which of the following services would help?

Options are :
AWS WAF
AWS Organizations
AWS Trusted Advisor
Amazon Config

Answer :AWS Organizations

How much data can you store in S3?

Options are :
You can store up to 1 PetaByte of data.
Storage capacity is virtually unlimited.
You can store up to 1 PetaByte of data, then you are required to pay an additional fee.
There is a soft limit of 100 TB for each AWS(Amazon Web Service) account.

Answer :Storage capacity is virtually unlimited.

Which of the following is one of the benefits of AWS(Amazon Web Service) security?

Tools

Scales quickly

Starts automatically once you upload your data
Free for AWS(Amazon Web Service) premium members
Reduces Capital expenditure (CapEx)

Answer :Scales quickly

Which of the following services can help protect your web applications from SQL
injection and other vulnerabilities in your application code?

Options are :
Amazon Aurora
IAM

Answer :AWS WAF

There are performance issues with your under-development application, being built
using microservices architecture. Which of the following AWS(Amazon Web
Service) services would help you analyze these issues?

Options are :
AWS Inspector
AWS CodePipeline
AWS CloudTrail
X-Ray

Answer :X-Ray

Which of the following runs your application only when needed, without having to
provision servers all the time?

Options are :
AWS RDS instances
AWS LightSail
AWS EC2 instances
AWS Lambda

Answer :AWS Lambda

Ensuring compliance is a key priority for most businesses. Which of the following
AWS(Amazon Web Service) services will help them achieve this?

Options are :
CloudEndure
CloudFront
CloudWatch
CloudTrail

Answer :CloudTrail

Where can you store files in AWS? (Choose two)

Options are :
Amazon EFS
Amazon SNS
A

EMR

Amazon EBS
Amazon ECS

Answer :Amazon EFS Amazon EBS

Sarah has deployed her web application in the N. California (US-West-1) region.
Later on, she notices that much of her website’s traffic is coming from China. What
can she do to reduce latency for her users in China?

Options are :
Create a CDN using CloudFront, so that content is cached at Edge Locations close to and
in China
Migrate the application to a Chinese hosting service
Replicate the current resources across multiple Availability Zones within the same region
Recreate the website content

Answer :Create a CDN using CloudFront, so that content is cached at Edge
Locations close to and in China

Amazon Glacier is an Amazon S3 storage class that is suitable for storing _
& ___. (Choose two)

Options are :
Active archives
Dynamic websites’ assets
Cached data
Active databases
Long-term analytics

Answer :Active archives Long-term analytics

Which statement is correct with regards to service limits? (Choose two)

Options are :
There are no service limits on AWS.
Each IAM user has the same service limits.
You can use the AWS(Amazon Web Service) Trusted Advisor to monitor your service
limits.
You can contact support to increase the service limits.
The AWS(Amazon Web Service) Simple Email Service is responsible for sending email
notifications when usage approaches a service limit.

Answer :You can use the AWS(Amazon Web Service) Trusted Advisor to

An
entertainment company performs image and video processing jobs fromTopics
time to
time. If time is flexible for these jobs to complete, which instance type would be the
most cost-effective to use?

Options are :
Reserved – No Upfront
On-Demand
Reserved – All Upfront
Spot

Answer :Spot

What are the services/features that can help you maintain a highly available and

fault-tolerant architecture in AWS? (Choose two)

AWS Direct Connect
CloudFormation
Elastic Load Balancer
AWS NACL
Amazon EC2 Auto Scaling

Answer :Elastic Load Balancer Amazon EC2 Auto Scaling

Jessica is managing an e-commerce web application in AWS. The application is
hosted on six EBS-backed EC2 instances. One day, three of those instances crashed;
however, none of her customers were affected. What has Jessica done correctly in
this scenario?

Options are :
She has properly built a scalable system.
She has properly built an elastic system.
She has properly built a durable system.
She has properly built a fault tolerant system.

Answer :She has properly built a fault tolerant system.

You have developed a microservices-based application. Which of the following
should you use to make sure that each EC2 instance in the system gets the same
amount of traffic?

Options are :

ToolsAuto Scaling
Amazon EC2 Auto Recovery

Answer :Application Load Balancer

Which of the following AWS(Amazon Web Service) services can be used as a
compute resource? (Choose two)

Options are :
Amazon EC2

AWS Lambda
Amazon S3
Amazon VPC

Answer :Amazon EC2 AWS Lambda

A company needs to host a database in Amazon RDS for at least twelve months.
Which of the below options would be the most cost-effective solution?

Options are :
Reserved instances – No Upfront
On-Demand instances
Reserved instances – Partial Upfront
Spot Instances

Answer :Reserved instances – Partial Upfront

What is the primary storage service used by Amazon RDS DB instances?

Options are :
Amazon S3
Amazon Glacier
Amazon EFS
Amazon EBS

Answer :Amazon EBS

What is the AWS(Amazon Web Service) data warehouse service that supports a very
high level of query performance on large amounts of datasets?

Options are :
Amazon DynamoDB
Amazon Redshift
Amazon Kinesis
Amazon RDS

Answer :Amazon Redshift

Which of the following AWS(Amazon Web Service) security features is associated
with an EC2 instance and functions to filter incoming traffic requests?

Options are :
Security Groups
NACL
AWS X-Ray
AWS WAF

Answer :Security Groups

You are currently working on an application that uses Lambda as its computeTopics
Tools
resource. You need a storage resource to store and retrieve photos and videos.
Which of the following services can best be used as the underlying storage
mechanism?

Options are :
Amazon EBS
Amazon SQS
AWS Instance store
Amazon S3

Answer :Amazon S3

There is a need to analyze and process a large number of data sets. Which service
can help in this regard?

Tools
Options are :
Amazon SQS
Amazon SNS
Amazon MQ
Amazon EMR

Answer :Amazon EMR

There is a need to import a large amount of structured data into a database service.
What is the AWS(Amazon Web Service) database service that best achieves this?

Options are :
RDS
ElastiCache
Neptune
DynamoDB

Answer :RDS

Which of the following can be used to automate the management of multiple
AWS(Amazon Web Service) services through scripts?

Options are :
AWS OpsWorks
AWS Console
AWS Service Catalog
AWS CLI

Answer :AWS CLI

Your company is planning to host its applications in the AWS(Amazon Web Service)
Cloud. Which of the following services can be used to help decouple distributed
software systems and components? (Choose two)

Options are :
AWS EBS
AWS SQS
AWS SES
Amazon Athena
AWS SNS

Answer :AWS SQS AWS SNS

You have decided to pay a low upfront fee in order to get a significantly discounted
hourly rate. What payment model are you planning to use?

Options are :
Pay as you go
Pay less by using more
Pay less as AWS(Amazon Web Service) grows
Save when you reserve

Answer :Save when you reserve

In your on-premises environment, you can create as many virtual servers as you
need from a single template. What can you use to perform the same in AWS?

Options are :
AWS AMI
AWS IAM
AWS Snapshot
An internet gateway

Answer :AWS AMI

Which AWS(Amazon Web Service) service uses Edge Locations to cache content?

Options are :
AWS KMS
AWS Direct Connect
AWS CloudFront
AWS Glacier

Answer :AWS CloudFront

Which of the following is required to connect to Amazon EC2 instances?

Options are :
MFA
Instance Password
Key pairs
Route Tables

Answer :Key pairs

Which service can be used to store and reliably deliver messages across distributed

systems?

Options are :
Amazon Simple Email Service
AWS Storage Gateway
Amazon Simple Storage Service
Amazon Simple Queue Service

Answer :Amazon Simple Queue Service
Take Quiz :
Also Read : AWS Develops Engineer Professional Practice Final File Exam Set
11

What does Amazon ElastiCache provide?

ToolsA domain name system in the cloud.

Topicsx

A database instance with elastic cache memory.
An Ehcache compatible in-memory data store.

Answer :In-memory caching for read-heavy applications.

A company has a web application that is running on a number of Amazon EC2
instances. The app is approaching 100% CPU Utilization on one of them. How can
they reduce the load on that instance?

Options are :
Recreate the app to handle such huge traffic.
Terminate the instance and recreate new one.
Create a load balancer, and register the Amazon EC2 instances with it.
Use a CloudFront distribution.

Answer :Create a load balancer, and register the Amazon EC2 instances with
it.

What is the DynamoDB replication technology that provides fast read/write
performance for globally-deployed applications?

Options are :
Point-in-time recovery
Global Tables
DynamoDB DAX
Global PITR

Answer :Global Tables

Which services does AWS(Amazon Web Service) offer for free? (Choose two)

Options are :
Amazon EC2
Elastic Load Balancing
Amazon RDS
Elastic Beanstalk
AWS IAM

Answer :Elastic Beanstalk AWS IAM

What can you use as a common file system for multiple EC2 instances?

Amazon Elastic File Manager
AWS Storage Gateway
Simple Storage Service

Answer :Amazon Elastic File System

What is the main characteristic that makes Amazon cloud directory a better option
than traditional directory systems?

Options are :
Cloud Directory has a flexible schema so your applications remain secure

It allows you to register and manage domain names in the cloud
It allows you to use the actual Microsoft Active Directory

ToolsIt allows you to organize hierarchies of data across multiple dimensions

Topicsx

Answer :It allows you to organize hierarchies of data across multiple
dimensions

You are developing a document generator application that helps users create and
modify PDFs. Which of the following allows you to publish your application?

Options are :
Amazon AppStream
Amazon Publisher
AWS Serverless Application Repository
Amazon API Gateway

Answer :AWS Serverless Application Repository

A company needs to migrate their web application to AWS. Most of the compute
capacity is continually utilized throughout the year. Which of the following would be
the most cost-effective solution?

Options are :
On-demand instances
Spot instances
Reserved instances
Extended instances

Answer :Reserved instances

What can you do to best make your application on AWS(Amazon Web Service)
highly available?

Options are :
Deploy to at least two Availability Zones
Rewrite the application code to handle all incoming requests
Use more AWS(Amazon Web Service) servers
Use AWS(Amazon Web Service) Direct Connect

Answer :Deploy to at least two Availability Zones

Where does one go to find and download AWS(Amazon Web Service) SOC& PCI
reports?

ToolsAWS Chime
AWS Polly
AWS Glue
AWS Artifact

Answer :AWS Artifact

Which of the following are examples of the customer’s responsibility to implement
“security in the cloud”? (Choose two)

Options are :
Build an application’s schema
Patch management of the infrastructure
Replacing physical hardware
Analyzing network performance
Creating a new hypervisor

Answer :Build an application’s schema Analyzing network performance

A company is using EC2 Instances to run their e-commerce site on the AWS(Amazon
Web Service) platform. A busy e-commerce site could lose thousands of dollars
every minute it is unavailable. Which of the principles below should they adopt to
ensure that even if some of their EC2 Instances stop working, their site will continue
to run as usual?

Options are :
Use an elastic system.
Use a scalable system.
Use an adaptive system.
Use a fault tolerant system.

Answer :Use a fault tolerant system.

For mobile applications, which of the following allows client devices access to
AWS(Amazon Web Service) resources?

Options are :
Amazon Cognito
Amazon Inspector
Amazon EBS
Amazon GuardDuty

Answer :Amazon Cognito

Which of the following can be used to process a large number of binary files while x

following the AWS(Amazon Web Service) well-architected design principles?

Options are :
Use a number of vertically scalable EC2 instances
Use a number of parallel RDS instances
Use a number of parallel EC2 instances
Use a number of vertically scalable RDS instances

Answer :Use a number of parallel EC2 instances

save them in a new Amazon S3 bucket. However, the new member reports back that

he is unable to create neither EBS snapshots nor S3 buckets. What might prevent
him from doing this simple job?

Options are :
EBS and S3 are accessible only to the account owner.
There is a non-explicit deny to all new users.
There is not enough space in S3 to store the snapshots.
The new user didn’t receive his user name and password.

Answer :There is a non-explicit deny to all new users.

How long does the AWS(Amazon Web Service) free-tier last for?

Options are :
Forever
24 Months upon signup
12 Months upon signup
36 Months upon signup

Answer :12 Months upon signup

Which of the following features of Amazon RDS allows for the offloading of database
read activity?

Options are :
Automated backups
Multi-AZ

Database snapshots
Read Replicas

Select three methods you can use to interact with the AWS(Amazon Web Service)
Identity and Access Management: (Choose three)

Options are :
AWS CLI
ENI interface
IAM HTTPS API
Step Functions
AWS SDKs

Answer :AWS CLI IAM HTTPS API AWS SDKs

You want to store some objects in AWS(Amazon Web Service) and make them
downloadable via a URL. Which service can you use to achieve this goal?

Options are :
Amazon EBS
Amazon S3
Amazon EFS
AWS Instance Store

Answer :Amazon S3

How does AWS(Amazon Web Service) notify customers about the latest security
and privacy events within AWS(Amazon Web Service) services?

Options are :
Using Compliance Resources
Using the AWS(Amazon Web Service) ACM service
Using the AWS(Amazon Web Service) Management Console
Using Security Bulletins

Answer :Using Security Bulletins

What are the use cases of the AWS(Amazon Web Service) Route 53 service?
(Choose two)

Options are :
Provides infrastructure security optimization recommendations
Domain Registration
Allows you to connect your premises datacenter to AWS(Amazon Web Service) privately
Responsible for all security issues
DNS service

Answer :Domain Registration DNS service

Which pillar of the AWS(Amazon Web Service) Well-Architected Framework focuses
on using infrastructure as code?

Options are :
Performance Efficiency.
Security.

Operational Excellence.
Reliability.

Which of the following is true regarding the languages that AWS(Amazon Web
Service) Lambda supports? (Choose two)

Options are :
Lambda natively supports a number of programming languages such as Java and C#.
Lambda doesn’t support any programming language; it is a serverless compute service.
Lambda has its own language to author your functions and build any type of application
or backend service.
Lambda only supports the Python language, and you can use a third party software to
convert code from other languages.
Lambda can support any programming language using an API.

Answer :Lambda natively supports a number of programming languages
such as Java and C#. Lambda can support any programming language using an
API.

AWS allows you to create a “Golden Environment”, where you can capture your
security policies (such as firewall rules, network access controls, internal/external
subnets, and operating system hardening), reuse it among multiple projects, and
have it become part of your continuous integration pipeline. Which of the following
AWS(Amazon Web Service) services is most involved in creating such an
environment?

Options are :
AWS Auto Scaling
AWS CloudTrail
AWS CloudFormation
AWS Config

Answer :AWS CloudFormation

You are planning to use the Microsoft SQL Server as your database engine. Which
service allows you to run this commercial database on AWS? (Choose two)

Options are :
AWS Batch.
Amazon Elastic Container Service.
Amazon Elastic Compute Cloud.
Amazon RDS.
AWS Lambda.

Answer :Amazon Elastic Compute Cloud. Amazon RDS.
Tools

What are the features of the AWS(Amazon Web Service) Business support plan?
(Choose two)

Options are :
Access to Cloud Support Engineers via email only during business hours.
24×7 access to the TAM feature.
24×7 access to customer service.
Access to the IEM feature for additional fee.

Answer :24×7 access to customer service. Access to the IEM feature for
additional fee.

You need to select an EC2 Instance type to service your workloads. If you have

flexibility about the availability of the Amazon EC2 Instances, which of the following
EC2 Instances would be most cost-effective?

Options are :
Spot instances
Reserved Instances
On-demand instances
Dedicated instances

Answer :Spot instances

Spending some time tagging your resources leads to many benefits. What are some
of those benefits? (Choose two)

Options are :
Quickly search for software solutions on AWS
Track your AWS(Amazon Web Service) spending across multiple resources
Track API calls in your AWS(Amazon Web Service) account
Quickly search for the resources that belong to a specific project
Find deleted resources and their metadata more quickly

Answer :Track your AWS(Amazon Web Service) spending across multiple
resources Quickly search for the resources that belong to a specific project

Which of the following services can be used to secure network communications and
establish the identity of websites over the Internet?

Options are :

AWS Certificate Manager

Which of the following statements describes what a placement group is?

Options are :
It is a group of EC2 instances within a single Availability Zone.
It is a group of edge locations within a single region.
It is a group of IAM users that are granted to use EC2.
It is a group of network components that helps protect your traffic.

Answer :It is a group of EC2 instances within a single Availability Zone.

Which of the following is NOT a benefit of using Amazon VPC?

Options are :
Amazon VPC allows you to control user interactions with various AWS(Amazon Web
Service) resources.
Subnets and IP ranges are automatically created for you.
You have complete control over your virtual networking environment.
You can select your own IP address range.

Answer :Amazon VPC allows you to control user interactions with various
AWS(Amazon Web Service) resources.

The TCO gap between AWS(Amazon Web Service) infrastructure and traditional
infrastructure has widened over the recent years. Which of the following could be
the reason for that?

Options are :
AWS secures your AWS(Amazon Web Service) resources at no additional charge.
AWS helps their customers invest more in capital expenditures.
AWS continues to lower the cost of cloud computing for its customers.
AWS automates all infrastructure operations, so you save more on human resources
costs.

Answer :AWS continues to lower the cost of cloud computing for its
customers.

What does AWS(Amazon Web Service) offer to protect your data? (Select three)

Options are :
Data Encryption.
Logging.
Unlimited storage.
Smart analytics.
Access control.

Answer :Data Encryption. Logging. Access control.

You work for a hospital that needs to store patients’ medical records for a minimum
of 10 years. Most of these records will never be accessed but must be made
available upon request (within a few hours).What is the most cost-effective storage
option?

ToolsAmazon Elastic File System (EFS)

Amazon Simple Storage Service (S3)
Amazon Glacier
Amazon Elastic Block Store (EBS)

Answer :Amazon Glacier

What is the most cost-effective EC2 Instance purchasing option for companies with
large computing needs for a non-production environment?

Options are :
Reserved instances
On-demand instances
Spot instances
Dedicated instances

Answer :Spot instances

Which of the following is a serverless service in AWS? (Choose two)

Options are :
Amazon DynamoDB
AWS EC2
Amazon Lightsail
AWS Lambda
AWS RDS

Answer :Amazon DynamoDB AWS Lambda

You have bought 4 Amazon EC2 reserved instances for a 1 year term. After 7 months
you decide to sell 2 of your instances on the Amazon EC2 Reserved Instance
Marketplace. Which of the following is true regarding this scenario?

Options are :
Each Reserved Instance sold on the Amazon EC2 Reserved Instance Marketplace will be
charged a service fee of 12% monthly.
The buyer can modify the instance type, Availability Zone, platform and the other
configurations at any time.
You can set only the upfront price for your reserved instances.
You cannot sell your reserved instances as there are only 5 months remaining in the term
of the Reserved Instances you are listing.

Answer :You can set only the upfront price for your reserved instances.

What are the different types of identities in AWS? (Choose two)

Options are :
Resource Groups
IAM Users
IAM Roles
IAM Policies
IAM Organizations

Answer :IAM Users IAM Roles

Due to the nature of the traditional infrastructure environments and their upfront
cost model, they involve using fixed, long-running servers that can become
problematic as heterogeneous system configurations emerge from continual

changes and software patches being applied overtime. Which of the following
approaches solves these problems in the AWS(Amazon Web Service) environment?

approaches solves these problems in the AWS(Amazon Web Service) environment?

Options are :
Use provisional resources instead of fixed servers
Use disposable resources instead of fixed servers
Use continual resources instead of fixed servers
Use fixed resources instead of disposable servers

Answer :Use disposable resources instead of fixed servers

You need to improve the security of your AWS(Amazon Web Service) service APIs
against unauthorized access. What activity best achieves this goal?

Options are :
Restrict any API call made through SDKs or CLI
Use only one private e-mail address to access the console
Set up two login passwords
Apply Multi-Factor Authentication

Answer :Apply Multi-Factor Authentication

Which of the following is NOT a factor when estimating the cost of Amazon EC2?
(Choose two)

Options are :
Elastic Load Balancing
Number of instances
Number of Hosted Zones

Answer :Number of Hosted Zones Number of security groups

You have a need to build a tool for searching and comparing faces in your
application.Which of the following AWS(Amazon Web Service) services could help?

Options are :
AWS IAM
Amazon Kinesis
Amazon Rekognition
Amazon Polly

Answer :Amazon Rekognition

Which
to a “Well-Architected Review” for business critical workloads?

Options are :
Enterprise
Developer
Business
Basic

Answer :Enterprise

Which of the following is true regarding the AWS(Amazon Web Service) availability
zones and edge locations?

Options are :
An availability zone exists within an edge location to distribute content globally with low
latency
Edge locations are located in separate Availability Zones worldwide to serve global
customers
An Availability Zone is a geographic location where AWS(Amazon Web Service) provides
multiple, physically separated and isolated edge locations
An AWS(Amazon Web Service) Availability Zone is an isolated location within an
AWS(Amazon Web Service) Region, however edge locations are located in multiple cities
worldwide

Answer :An AWS(Amazon Web Service) Availability Zone is an isolated
location within an AWS(Amazon Web Service) Region, however edge locations are
located in multiple cities worldwide

What are the benefits of using AWS(Amazon Web Service) X-Ray? (Choose two)

Options are :
Discovering application issues.
Offers powerful auto scaling for all search domains.
Provides automatic monitoring and recovery for your search domains.
Reviewing request behavior.

Answer :Discovering application issues. Reviewing request behavior.

Who can help your organization achieve their desired business outcomes with
AWS?

Options are :
AWS Security team
AWS Trusted Advisor

Answer :AWS Professional Services

Which of the following are advantages of using AWS(Amazon Web Service) as a
cloud computing provider? (Choose two)

Options are :
Customizable hardware at low prices
There is no longer a need to monitor or audit
Helps companies get customers fast
Eliminates guessing on your infrastructure capacity needs
Trades capital expense for variable expense

Answer :Eliminates guessing on your infrastructure capacity needs Trades
capital expense for variable expense

Which of the following is true regarding the “Server Side Encryption” option in
Amazon S3?

Options are :
Server Side Encryption automatically encrypts all files as they are uploaded to S3.
Server Side Encryption involves uploading encrypted files through private connections.
Server Side Encryption is available only for Amazon EBS.
Server Side Encryption involves encrypting files sent to Amazon S3 on the server side.

Answer :Server Side Encryption involves encrypting files sent to Amazon S3
on the server side.

You are building an online cloud storage platform. You are unsure about the storage
capacity requirements. Which AWS(Amazon Web Service) storage service would
you use?

Options are :
AWS Elastic Container Service.
AWS Storage Gateway.
Elastic Block Store.
Simple Storage Service.

Answer :Simple Storage Service.

Which statement is true regarding Amazon EC2 On-demand charges for Linux-

based instances?

You are charged per minute, based on an hourly rate, and there are no termination fees.
You are charged per second, based on an hourly rate, and there are termination fees.
You are charged per second, based on a daily rate, and there are no termination fees.
You are charged per second, based on an hourly rate, and there are no termination fees.

Answer :You are charged per second, based on an hourly rate, and there are
no termination fees.

Which of the following services can be used to monitor the HTTP and HTTPS
requests that are forwarded to Amazon CloudFront?

Options are :

NAT Gateways

AWS CloudTrail

ToolsAWS CloudWatch

Topicsx

AWS WAF

Answer :AWS WAF

Which service can be used to monitor the health of your web server?

Options are :
Amazon Chime
Amazon Aurora
AWS CloudFormation
Amazon Route 53

Answer :Amazon Route 53

Which of the following is the most cost-effective AWS(Amazon Web Service) service
that can be used for long-term data backup and archiving?

Options are :
Amazon Aurora
AWS Data Pipeline
Amazon EFS
AWS Storage Gateway

Answer :AWS Storage Gateway

You decide to buy one reserved instance for one year. Which of the below options
provides the largest discount?

Options are :
Partial up-front.
No up-front.
All up-front.
All Reserved instance payment options provide the same discount value to all customers.

Answer :All up-front.

Which of the following AWS(Amazon Web Service) services uses tiered pricing?

Options are :
AWS Cost Explorer
lightsail
VPC

Tools

Answer :S3

Which of the following tools can be used to estimate your monthly bill?

Options are :
AWS Advanced Monthly Cost Explorer
Advanced Monthly Calculator
AWS Monthly Cost Explorer
Simple Monthly Calculator

Answer :Simple Monthly Calculator

AWS Techleap Question Answers

Like this:

INFRASTRUCTRE AS CODE MCQ with Answer

SAP MM MCQ with Answers

Agile Multiple choice question

Leave a Reply Cancel reply

Share this:

Like this:

Related Posts

Leave a Reply Cancel reply