NEW QUESTION 1

A company wants to manage its AWS Cloud resources through a web interface. Which AWS service will meet this requirement?

• A. AWS Management Console
• B. AWS CLI
• C. AWS SDK
• D. AWS Cloud

Answer: A

Explanation:
AWS Management Console is a web application that allows you to manage and monitor your AWS Cloud resources through a user-friendly interface. You can use the AWS Management Console to access and experiment with over 150 AWS services, view and modify your account and billing information, get in-console help from AWS Support, and customize your dashboard with widgets that display key metrics and information for your applications567. You can also use the AWS Management Console to launch and configure AWS resources using wizards and templates, without writing any code5. References: 5: Manage AWS Resources - AWS Management Console -AWS, 6: Getting Started with the AWS Management Console, 7: Manage AWS Resources - AWS Management Console Features - AWS

NEW QUESTION 2

Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)

• A. Performance and capacity management
• B. Data engineering
• C. Continuous integration and continuous delivery (CI/CD)
• D. Infrastructure protection
• E. Change and release management

Answer: BC

Explanation:
The platform perspective of the AWS Cloud Adoption Framework (AWS CAF) helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions1. It comprises seven capabilities, two of which are data engineering and CI/CD1.
✑ Data engineering: This capability helps you design and evolve a fit-for-purpose data and analytics architecture that can reduce complexity, cost, and technical debt while enabling you to gain actionable insights from exponentially growing data volumes1. It involves selecting key technologies for each of your architectural layers, such as ingestion, storage, catalog, processing, and consumption. It also involves supporting real-time data processing and adopting a Lake House architecture to facilitate data movements between data lakes and purpose-built data stores1.
✑ CI/CD: This capability helps you automate the delivery of your cloud solutions using a set of practices and tools that enable faster and more reliable deployments1. It involves establishing a pipeline that can build, test, and deploy your code across multiple environments. It also involves adopting a DevOps culture that fosters collaboration, feedback, and continuous improvement among your development and operations teams1.
References:
✑ 1: Platform perspective: infrastructure and applications - An Overview of the AWS Cloud Adoption Framework

NEW QUESTION 3

A company wants to use the latest technologies and wants to minimize its capital investment. Instead of upgrading on-premises infrastructure, the company wants to move to the AWS Cloud.
Which AWS Cloud benefit does this scenario describe?

• A. Increased speed to market
• B. The trade of infrastructure expenses for operating expenses
• C. Massive economies of scale
• D. The ability to go global in minutes

Answer: B

Explanation:
The trade of infrastructure expenses for operating expenses is one of the benefits of the AWS Cloud. By moving to the AWS Cloud, the company can avoid the upfront costs of purchasing and maintaining on-premises infrastructure, such as servers, storage, network, and software. Instead, the company can pay only for the AWS resources and services that they use, as they use them. This reduces the risk and complexity of planning and managing IT infrastructure, and allows the company to focus on innovation and growth. Increased speed to market, massive economies of scale, and the ability to go
global in minutes are also benefits of the AWS Cloud, but they are not the best ones to describe this scenario. Increased speed to market means that the company can launch new products and services faster by using AWS services and tools. Massive economies of scale means that the company can benefit from the lower costs and higher performance that AWS achieves by operating at a large scale. The ability to go global in minutes means that the company can deploy their applications and data in multiple regions and availability zones around the world to reach their customers faster and improve performance and reliability5

NEW QUESTION 4

A company wants to implement controls (guardrails) in a newly created AWS Control Tower landing zone.
Which AWS services or features can the company use to create and define these controls (guardrails)? (Select TWO.)

• A. AWS Config
• B. Service control policies (SCPs)
• C. Amazon GuardDuty
• D. AWS Identity and Access Management (IAM)
• E. Security groups

Answer: AB

Explanation:
AWS Config and service control policies (SCPs) are AWS services or features that the company can use to create and define controls (guardrails) in a newly created AWS Control Tower landing zone. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of their AWS resources. It can be used to create rules that check for compliance with the desired configurations and report any deviations. AWS Control Tower provides a set of predefined AWS Config rules that can be enabled as guardrails to enforce compliance across the landing zone1. Service control policies (SCPs) are a type of policy that can be used to manage permissions in AWS Organizations. They can be used to restrict the actions that the users and roles in the member accounts can perform on the AWS resources. AWS Control Tower provides a set of predefined SCPs that can be enabled as guardrails to prevent access to certain services or regions across the landing zone2. Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for AWS accounts and resources. It is not a feature that can be used to create and define controls (guardrails) in a landing zone. AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It can be used to create users, groups, roles, and policies that control who can do what in AWS. It is not a feature that can be used to create and define controls (guardrails) in a landing zone. Security groups are virtual firewalls that control the inbound and outbound traffic for Amazon EC2 instances. They can be used to allow or deny access to an EC2 instance based on the port, protocol, and source or destination. They are not a feature that can be used to create and define controls (guardrails) in a landing zone.

NEW QUESTION 5

Which AWS service uses AWS Compute Optimizer to provide sizing recommendations based on workload metrics?

• A. Amazon EC2
• B. Amazon RDS
• C. Amazon Lightsail
• D. AWS Step Functions

Answer: A

Explanation:
Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud. It allows you to launch virtual servers, called instances, with different configurations of CPU, memory, storage, and networking resources. AWS Compute Optimizer analyzes the specifications and utilization metrics of your Amazon EC2 instances and generates recommendations for optimal instance types that can reduce costs and improve performance. You can view the recommendations on the AWS Compute Optimizer console or the Amazon EC2 console12.
Amazon RDS, Amazon Lightsail, and AWS Step Functions are not supported by AWS Compute Optimizer. Amazon RDS is a managed relational database service that lets you set up, operate, and scale a relational database in the cloud. Amazon Lightsail is an easy- to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan. AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly3 .

NEW QUESTION 6

Which AWS service or feature will search for and identify AWS resources that are shared externally?

• A. Amazon OpenSearch Service
• B. AWS Control Tower
• C. AWS IAM Access Analyzer
• D. AWS Fargate

Answer: C

Explanation:
AWS IAM Access Analyzer is an AWS service that helps customers identify and review the resources in their AWS account that are shared with an external entity, such as another AWS account, a root user, an organization, or a public entity. AWS IAM Access Analyzer uses automated reasoning, a form of mathematical logic and inference, to analyze the resource-based policies in the account and generate comprehensive findings that show the access level, the source of the access, the affected resource, and the condition under which the access applies. Customers can use AWS IAM Access Analyzer to audit their shared resources, validate their access policies, and monitor any changes to the resource sharing status. References: AWS IAM Access Analyzer, Identify and review resources shared with external entities, How AWS IAM Access Analyzer works

NEW QUESTION 7

Which AWS service aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services?

• A. Amazon Detective
• B. Amazon Inspector
• C. Amazon Macie
• D. AWS Security Hub

Answer: D

Explanation:
The correct answer is D because AWS Security Hub is a service that aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer. The other options are incorrect because they are not services that aggregate security alerts and findings from multiple AWS services. Amazon Detective is a service that helps users analyze and visualize security data to investigate and remediate potential issues. Amazon Inspector is a service that helps users find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Amazon Macie is a service that helps users discover, classify, and protect sensitive data stored in Amazon S3. Reference: AWS Security Hub FAQs

NEW QUESTION 8

Which of the following is a benefit of operating in the AWS Cloud?

• A. The ability to migrate on-premises network devices to the AWS Cloud
• B. The ability to expand compute, storage, and memory when needed
• C. The ability to host custom hardware in the AWS Cloud
• D. The ability to customize the underlying hypervisor layer for Amazon EC2

Answer: B

Explanation:
One of the benefits of operating in the AWS Cloud is the ability to expand compute, storage, and memory when needed, which enables users to scale their applications and resources up or down based on demand. This also helps users optimize their costs and performance. The ability to migrate on-premises network devices to the AWS Cloud, the ability to host custom hardware in the AWS Cloud, and the ability to customize the underlying hypervisor layer for Amazon EC2 are not benefits of operating in the AWS Cloud, as they are either not possible or not recommended by AWS .

NEW QUESTION 9

What is the purpose of having an internet gateway within a VPC?

• A. To create a VPN connection to the VPC
• B. To allow communication between the VPC and the internet
• C. To impose bandwidth constraints on internet traffic
• D. To load balance traffic from the internet across Amazon EC2 instances

Answer: B

Explanation:
An internet gateway is a service that allows for internet traffic to enter into a VPC. Otherwise, a VPC is completely segmented off and then the only way to get to it is potentially through a VPN connection rather than through internet connection. An internet gateway is a logical connection between an AWS VPC and the internet. It supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic1. An internet gateway enables resources in your public subnets (such as EC2 instances) to connect to the internet if the resource has a public IPv4 address or an IPv6 address. Similarly, resources on the internet can initiate a connection to resources in your subnet using the public IPv4 address or IPv6 address2. An internet gateway also provides a target in your VPC route tables for internet-routable traffic. For communication using IPv4, the internet gateway also performs network address translation (NAT). For communication using IPv6, NAT is not needed because IPv6 addresses are public2. To enable access to or from the internet for instances in a subnet in a VPC using an internet gateway, you must create an internet gateway and attach it to your VPC, add a route to your subnet’s route table that directs internet-bound traffic to the internet gateway, ensure that instances in your subnet have a public IPv4 address or an IPv6 address, and ensure that your network access control lists and security group rules allow the desired internet traffic to flow to and from your instance2. References: Connect to the internet using an internet gateway, AWS Internet Gateway and VPC Routing

NEW QUESTION 10

A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities.
Which AWS service will meet these requirements?

• A. Amazon GuardDuty
• B. Amazon Inspector
• C. Amazon Detective
• D. Amazon Cognito

Answer: B

Explanation:
Amazon Inspector is the AWS service that can be used to perform vulnerability scans on AWS EC2 instances for software vulnerabilities automatically in a periodic fashion. Amazon Inspector automatically discovers EC2 instances and scans them for software vulnerabilities and unintended network exposure. Amazon Inspector uses AWS Systems Manager (SSM) and the SSM Agent to collect information about the software application inventory of the EC2 instances. This data is then scanned by Amazon Inspector for software vulnerabilities12. Amazon Inspector also integrates with other AWS services, such as Amazon EventBridge and AWS Security Hub, to automate discovery, expedite vulnerability routing, and shorten mean time to remediate (MTTR) vulnerabilities2.

NEW QUESTION 11

A company's headquarters is located on a different continent from where the majority of the company's customers live. The company wants an AWS Cloud environment setup that will provide the lowest latency to the customers.
A company wants to automate the creation of new AWS accounts and automatically prevent all users from creating Amazon EC2 instances.
Which AWS service provides this functionality?

• A. AWS Service Catalog
• B. AWS Organizations
• C. EC2 Image Builder
• D. AWS Systems Manager

Answer: B

Explanation:
AWS Organizations is a service that enables you to create and manage multiple AWS accounts centrally. You can use AWS Organizations to automate account creation, apply policies to control access and permissions, and consolidate billing across your accounts. You can also use AWS Organizations to prevent users from creating Amazon EC2 instances in certain regions or with certain configurations2

NEW QUESTION 12

Which AWS service or resource provides answers to the most frequently asked security- related questions that AWS receives from its users'?

• A. AWS Artifact
• B. Amazon Connect
• C. AWS Chatbot
• D. AWS Knowledge Center

Answer: A

Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’s security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) attestation of compliance, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). AWS Artifact helps you answer the most frequently asked security and compliance questions that AWS receives from its users. References: Compliance FAQ, Compliance Solutions Guide

NEW QUESTION 13

A company wants to migrate a database from an on-premises environment to Amazon RDS.
After the migration is complete, which management task will the company still be responsible for?

• A. Hardware lifecycle management
• B. Application optimization
• C. Server maintenance
• D. Power, network, and cooling provisioning

Answer: B

Explanation:
Amazon RDS is a managed database service that handles most of the common database administration tasks, such as hardware provisioning, server maintenance, backup and recovery, patching, scaling, and replication. However, Amazon RDS does not optimize the application that interacts with the database. The company is still responsible for tuning the performance, security, and availability of the application according to its business requirements and best practices12. References:
✑ What is Amazon Relational Database Service (Amazon RDS)?
✑ Perform common DBA tasks for Amazon RDS DB instances

NEW QUESTION 14

Which benefit does AWS offer exclusively to users who have an AWS Enterprise Support plan?

• A. Access to a technical project manager
• B. Access to a technical account manager (TAM)
• C. Access to a cloud support engineer
• D. Access to a solutions architectA company wants to automatically set up and govern a multi-account AWS environment.

Answer: B

Explanation:
AWS Enterprise Support plan is the highest level of support that AWS offers to its customers. One of the exclusive benefits of this plan is the access to a technical account manager (TAM), who is a dedicated point of contact for guidance, advocacy, and support2. A technical project manager, a cloud support engineer, and a solutions architect are not exclusive benefits of the AWS Enterprise Support plan, as they are also available to customers with lower-tier support plans or through other AWS services or programs345.

NEW QUESTION 15

A company wants a list of all users in its AWS account, the status of all of the users' access keys, and if multi-factor authentication (MFA) has been configured.
Which AWS service or feature will meet these requirements?

• A. AWS Key Management Service (AWS KMS)
• B. IAM Access Analyzer
• C. IAM credential report
• D. Amazon CloudWatch

Answer: C

Explanation:
IAM credential report is a feature that allows you to generate and download a report that lists all IAM users in your AWS account and the status of their various credentials, including access keys and MFA devices. You can use this report to audit the security status of your IAM users and ensure that they follow the best practices for using AWS1.
AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys to protect your data. It does not provide information about IAM users or their credentials2.
IAM Access Analyzer is a feature that helps you identify the resources in your AWS account, such as S3 buckets or IAM roles, that are shared with an external entity. It does not provide information about IAM users or their credentials3.
Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications. It does not provide information about IAM users or their credentials4.
References:
✑ Getting credential reports for your AWS account - AWS Identity and Access Management
✑ AWS Key Management Service - Amazon Web Services
✑ IAM Access Analyzer - AWS Identity and Access Management
✑ Amazon CloudWatch - Amazon Web Services

NEW QUESTION 16

Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Select TWO.)

• A. Maximize utilization of Amazon EC2 instances.
• B. Minimize utilization of Amazon EC2 instances.
• C. Minimize usage of managed services.
• D. Force frequent application reinstallations by users.
• E. Reduce the need for users to reinstall applications.

Answer: AE

Explanation:
To maximize sustainability and minimize environmental impact, a company should apply the following design principles to AWS Cloud workloads: maximize utilization of Amazon EC2 instances and reduce the need for users to reinstall applications. Maximizing utilization of Amazon EC2 instances means that the company can optimize the performance and efficiency of their compute resources, and avoid wasting energy and money on idle or underutilized instances. The company can use features such as Amazon EC2 Auto Scaling, Amazon EC2 Spot Instances, and AWS Compute Optimizer to automatically adjust the number and type of instances based on demand, cost, and performance. Reducing the need for users to reinstall applications means that the company can minimize the amount of data and bandwidth required to deliver their applications to users, and avoid unnecessary downloads and updates that consume energy and resources. The company can use services such as Amazon CloudFront, AWS AppStream 2.0, and AWS Amplify to deliver their applications faster, more securely, and more efficiently to users across the globe. Minimizing utilization of Amazon EC2 instances, minimizing usage of managed services, and forcing frequent application reinstallations by users are not design principles that would maximize sustainability and minimize environmental impact. Minimizing utilization of Amazon EC2 instances would reduce the performance and efficiency of the compute resources, and potentially increase the costs and complexity of the cloud workloads. Minimizing usage of managed services would increase the operational overhead and responsibility of the company, and potentially expose them to more security and reliability risks. Forcing frequent application reinstallations by users would increase the amount of data and bandwidth required to deliver the applications to users, and potentially degrade the user experience and satisfaction.

NEW QUESTION 17

A company wants to establish a private network connection between AWS and its corporate network.
Which AWS service or feature will meet this requirement?

• A. Amazon Connect
• B. Amazon Route 53
• C. AWS Direct Connect
• D. VPC peering

Answer: C

Explanation:
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet- based connections12. References: 1: Dedicated Network Connection - AWS Direct Connect - AWS, 2: What is AWS Direct Connect? - AWS Direct Connect

NEW QUESTION 18

Which aspect of security is the customer's responsibility, according to the AWS shared responsibility model?

• A. Patch and configuration management
• B. Service and communications protection or zone security
• C. Physical and environmental controls
• D. Awareness and training

Answer: A

Explanation:
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS provides the physical and environmental controls, the service and communications protection, and the awareness and training for its employees, while the customer provides the patch and configuration management, the identity and access management, the data encryption, and the firewall configuration for its resources3.

NEW QUESTION 19
......