NEW QUESTION 1

Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?

• A. AWS Pricing Calculator
• B. AWS Compute Optimizer
• C. AWS App Runner
• D. AWS Systems Manager

Answer: B

Explanation:
The AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data is AWS Compute Optimizer. AWS Compute Optimizer is a service that analyzes the configuration and performance of the AWS resources, such as Amazon EC2 instances, and provides recommendations for optimal resource types and sizes based on the workload patterns and metrics. AWS Compute Optimizer helps users improve the performance, availability, and cost efficiency of their AWS resources. AWS Pricing Calculator, AWS App Runner, and AWS Systems Manager are not the best services or tools to use for this purpose. AWS Pricing Calculator is a tool that helps users estimate the cost of using AWS services based on their requirements and preferences. AWS App Runner is a service that helps users easily and quickly deploy web applications and APIs without managing any infrastructure. AWS Systems Manager is a service that helps users automate and manage
the configuration and operation of their AWS resources and applications34

NEW QUESTION 2

A company's IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.
What should the company do to meet these requirements?

• A. Deploy MySQL database server clusters on Amazon EC2 instances.
• B. Use Amazon RDS with a MySQL database.
• C. Use an AWS Cloud Form at ion template to deploy MySQL database servers on Amazon EC2 instances.
• D. Migrate all the MySQL database data to Amazon S3.

Answer: B

Explanation:
The company should use Amazon RDS with a MySQL database to meet the requirements of moving its workload to AWS so that the tasks of patching the database and taking backup snapshots of the data in the clusters will be completed automatically. Amazon RDS is a managed service that simplifies the setup, operation, and scaling of relational databases in the AWS Cloud. Amazon RDS automates common database administration tasks such as patching, backup, and recovery. Amazon RDS also supports MySQL and other popular database engines5

NEW QUESTION 3

What is the total amount of storage offered by Amazon S3?

• A. WOMB
• B. 5 GB
• C. 5 TB
• D. Unlimited

Answer: D

Explanation:
Amazon S3 offers unlimited storage for any amount of data. You can store as many objects as you want, and each object can be as large as 5 terabytes. You pay only for the storage space that you actually use, and there are no minimum commitments or upfront fees. Amazon S3 also provides high durability, availability, scalability, and security for your data.

NEW QUESTION 4

Which of the following is a recommended design principle of the AWS Well-Architected Framework?

• A. Reduce downtime by making infrastructure changes infrequently and in large increments.
• B. Invest the time to configure infrastructure manually.
• C. Learn to improve from operational failures.
• D. Use monolithic application design for centralization.

Answer: C

Explanation:
The correct answer is C because learning to improve from operational failures is a recommended design principle of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. Each pillar has a set of design principles that describe the characteristics of a well-architected system. Learning to improve from operational failures is a design principle of the operational excellence pillar, which focuses on running and monitoring systems to deliver business value and continually improve supporting processes and procedures. The other options are incorrect because they are not recommended design principles of the AWS Well-Architected Framework. Reducing downtime by making infrastructure changes infrequently and in large increments is not a design principle of the AWS Well-Architected Framework, but rather a source of risk and inefficiency. A well-architected system should implement changes frequently and in small increments to minimize the impact and scope of failures. Investing the time to configure infrastructure manually is not a design principle of the AWS Well-Architected Framework, but rather a source of human error and inconsistency. A well-architected system should automate manual tasks to improve the speed and accuracy of operations. Using monolithic application design for centralization is not a design principle of the AWS Well-Architected Framework, but rather a source of complexity and rigidity. A well- architected system should use loosely coupled and distributed components to enable scalability and resilience. Reference: [AWS Well-Architected Framework]

NEW QUESTION 5

Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Select TWO.)

• A. Perform operations as code.
• B. Enable traceability.
• C. Automatically scale to meet demand.
• D. Deploy resources globally to improve response time.
• E. Automatically recover from failure.

Answer: CE

Explanation:
The design principles that support the reliability pillar of the AWS Well- Architected Framework are: automatically scale to meet demand, and automatically recover from failure. These principles help users design systems that can handle changes in load, avoid disruptions, and resume normal operations quickly. Automatically scaling to meet demand means adjusting the capacity of the system based on the current and anticipated workload, using services such as AWS Auto Scaling, Amazon EC2, and AWS
Lambda. Automatically recovering from failure means detecting and resolving issues, using services such as Amazon CloudWatch, AWS CloudFormation, and AWS CloudTrail

NEW QUESTION 6

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which AWS service is used to track, record, and audit configuration changes made to AWS resources?

• A. AWS Shield
• B. AWS Config
• C. AWS IAM
• D. Amazon Inspector

Answer: B

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines3.

NEW QUESTION 7

A company recently migrated to the AWS Cloud. The company needs to determine whether its newly imported Amazon EC2 instances are the appropriate size and type.
Which AWS services can provide this information to the company? {Select TWO.)

• A. AWS Auto Scaling
• B. AWS Control Tower
• C. AWS Trusted Advisor
• D. AWS Compute Optimizer
• E. Amazon Forecast

Answer: CD

Explanation:
AWS Trusted Advisor and AWS Compute Optimizer are the AWS services that can provide information to the company about whether its newly imported Amazon EC2 instances are the appropriate size and type. AWS Trusted Advisor is an online tool that provides best practices recommendations in five categories: cost optimization, performance, security, fault tolerance, and service limits. AWS Trusted Advisor can help users identify underutilized or idle EC2 instances, and suggest ways to reduce costs and improve performance. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of EC2 instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized resources

NEW QUESTION 8

A company deployed an application on an Amazon EC2 instance. The application ran as expected for 6 months. In the past week, users have reported latency issues. A system administrator found that the CPU utilization was at 100% during business hours. The company wants a scalable solution to meet demand.
Which AWS service or feature should the company use to handle the load for its application during periods of high demand?

• A. Auto Scaling groups
• B. AWS Global Accelerator
• C. Amazon Route 53
• D. An Elastic IP address

Answer: A

Explanation:
Auto Scaling groups are a feature that allows users to automatically scale the number of Amazon EC2 instances up or down based on demand or a predefined schedule. Auto Scaling groups can help improve the performance and availability of applications by adjusting the capacity in response to traffic fluctuations1. AWS Global Accelerator is a service that improves the availability and performance of applications by routing traffic through AWS edge locations2. Amazon Route 53 is a service that provides scalable and reliable domain name system (DNS) service3. An Elastic IP address is a static IPv4 address that can be associated with an Amazon EC2 instance4.

NEW QUESTION 9

A company wants an in-memory data store that is compatible with open source in the cloud.
Which AWS service should the company use?

• A. Amazon DynamoDB
• B. Amazon ElastiCache
• C. Amazon Elastic Block Store (Amazon EBS)
• D. Amazon Redshift

Answer: B

Explanation:
Amazon ElastiCache is a fully managed in-memory data store service that is compatible with open source engines such as Redis and Memcached1. It provides fast and scalable performance for applications that require high throughput and low latency1. Amazon DynamoDB is a fully managed NoSQL database service that provides consistent and single-digit millisecond latency at any scale2. Amazon EBS is a block storage service that provides persistent and durable storage volumes for Amazon EC2 instances3. Amazon Redshift is a fully managed data warehouse service that allows users to run complex analytic queries using SQL4.

NEW QUESTION 10

A company has set up a VPC on AWS. The company needs a dedicated connection between the VPC and the company’s on-premises network.
Which action should the company take to meet this requirement?

• A. Establish a VPN connection between the VPC and the company's on-premises network.
• B. Establish an AWS Direct Connect connection between the VPC and the company's on- premisesnetwork.
• C. Attach an internet gateway to the VP
• D. Use the AWS public endpoints for connectivity.
• E. Configure Amazon Connect to provide connectivity between the VPC and the company's on-premisesnetwork.

Answer: B

Explanation:
Establishing an AWS Direct Connect connection between the VPC and the company’s on-premises network is the action that the company should take to meet the requirement of having a dedicated connection between the VPC and the company’s on- premises network. AWS Direct Connect is a service that lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using AWS Direct Connect, you can create a private connection between AWS and your datacenter, office, or colocation environment, which can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. Establishing a VPN connection between the VPC and the company’s on-premises network is an action that the company can take to create a secure and encrypted connection between the VPC and the company’s on-premises network, but it is not a dedicated connection, as it uses the public internet as the transport mechanism. Attaching an internet gateway to the VPC and using the AWS public endpoints for connectivity is an action that the company can take to enable communication between the VPC and the internet, but it is not a dedicated connection, as it also uses the public internet as the transport mechanism. Configuring Amazon Connect to provide connectivity between the VPC and the company’s on-premises network is not an action that the company can take, because Amazon Connect is a service that lets you set up and manage a contact center in the cloud, but it does not provide network connectivity between the VPC and the company’s on-premises network.

NEW QUESTION 11

A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.
Which AWS service will meet this requirement?

• A. IAM group
• B. IAM role
• C. IAM tag
• D. IAM Access Analyzer

Answer: B

Explanation:
IAM roles are a way to delegate access to resources in different AWS accounts. IAM roles allow users to assume a set of permissions for a limited time without having to create or share long-term credentials. IAM roles can be used to grant cross- account access by creating a trust relationship between the accounts and specifying the permissions that the role can perform. Users can then switch to the role and access the resources in the other account using temporary security credentials provided by the
role. References: Cross account resource access in IAM, IAM tutorial: Delegate access across AWS accounts using IAM roles, How to Enable Cross-Account Access to the AWS Management Console

NEW QUESTION 12

Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?

• A. Amazon FSx for Lustre
• B. AWS Storage Gateway volume gateway
• C. AWS Storage Gateway file gateway
• D. Amazon Elastic File System (Amazon EFS)

Answer: C

Explanation:
AWS Storage Gateway file gateway allows companies to use protocols such as NFS and SMB to store and retrieve objects in Amazon S3. File gateway provides a seamless integration between on-premises applications and Amazon S3, and enables low- latency access to data through local caching. File gateway also supports encryption, compression, and lifecycle management of the objects in Amazon S3. For more information, see What is AWS Storage Gateway? and File Gateway.

NEW QUESTION 13

What does the Amazon S3 Intelligent-Tiering storage class offer?

• A. Payment flexibility by reserving storage capacity
• B. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (AmazonEBS) volume
• C. Automatic cost savings by moving objects between tiers based on access pattern changes
• D. Secure, durable, and lowest cost storage for data archival

Answer: C

Explanation:
The Amazon S3 Intelligent-Tiering storage class offers automatic cost savings by moving objects between tiers based on access pattern changes. This storage class is designed for data with unknown or changing access patterns. It has two access tiers: frequent access and infrequent access. Objects are stored in the frequent access tier by default, and are moved to the infrequent access tier after 30 consecutive days of no access. If an object in the infrequent access tier is accessed, it is moved back to the frequent access tier. There are no retrieval fees in S3 Intelligent-Tiering, and no additional tiering fees when objects are moved between access tiers within the S3 Intelligent-Tiering storage class1.

NEW QUESTION 14

A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of credentials.
Which AWS service or resource will meet this requirement?

• A. AWS Organizations
• B. IAM user
• C. AWS IAM Identity Center (AWS Single Sign-On)
• D. AWS Control Tower

Answer: C

Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. You can use AWS SSO to enable your users to sign in to the AWS Management Console or the AWS Command Line Interface (AWS CLI) with their existing corporate credentials2. You can also manage SSO access and user permissions across all your AWS accounts in AWS Organizations3. References: AWS Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation

NEW QUESTION 15

Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)

• A. Patch AWS network devices.
• B. Set user password rules.
• C. Provide physical security for compute resources.
• D. Configure security groups.
• E. Patch the operating system of an Amazon EC2 instance.

Answer: AC

Explanation:
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment. Reference: AWS Shared Responsibility Model

NEW QUESTION 16

Which of the following is available to a company that has an AWS Business Support plan?

• A. AWS Support concierge
• B. AWS DDoS Response Team (DRT)
• C. AWS technical account manager (TAM)
• D. AWS Health API

Answer: D

Explanation:
AWS Health API is available to a company that has an AWS Business Support plan. The AWS Health API provides programmatic access to the AWS Health information that is presented in the AWS Personal Health Dashboard. The AWS Health API can help users get timely and personalized information about events that can affect the availability and performance of their AWS resources, such as scheduled maintenance, network issues, or service disruptions. The AWS Health API can also integrate with other AWS services, such as Amazon CloudWatch Events and AWS Lambda, to enable automated actions and notifications. AWS Health API OverviewAWS Support Plans

NEW QUESTION 17

A company is building an application in the AWS Cloud. The company wants to use temporary credentials for the application to access other AWS resources.
Which AWS service will meet these requirements?

• A. AWS Key Management Service (Aws KMS)
• B. AWS CloudHSM
• C. Amazon Cognito
• D. AWS Security Token Service (Aws STS)

Answer: D

Explanation:
AWS Security Token Service (AWS STS) is a service that provides temporary security credentials to users or applications that need to access AWS resources. The temporary credentials have a limited lifetime and can be configured to last from a few minutes to several hours. The credentials are not stored with the user or application, but are generated dynamically and provided on request. The credentials work almost identically to long-term access key credentials, but have the advantage of not requiring distribution, rotation, or revocation1.
AWS Key Management Service (AWS KMS) is a service that provides encryption and decryption services for data and keys. It does not provide temporary security credentials2. AWS CloudHSM is a service that provides hardware security modules (HSMs) for cryptographic operations and key management. It does not provide temporary security credentials3.
Amazon Cognito is a service that provides user authentication and authorization for web and mobile applications. It can also provide temporary security credentials for authenticated users, but not for applications4.

NEW QUESTION 18

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

• A. High availability
• B. Economies of scale
• C. Pay-as-you-go pricing
• D. Global reach

Answer: C

Explanation:
Pay-as-you-go pricing is an AWS benefit that demonstrates the ability of users to replace upfront fixed expenses with variable expenses. With pay-as-you-go pricing, users only pay for the resources they consume, without any long-term contracts or commitments. This can lower the total cost of ownership and increase the return on investment. Pay-as-you-go pricing also provides flexibility and scalability, as users can adjust their resource usage according to their changing needs and demands. AWS Cloud Value FrameworkAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 19
......