NEW QUESTION 1

Which credential allows programmatic access to AWS resources for use from the AWS CLI or the AWS API?

• A. User name and password
• B. Access keys
• C. SSH public keys
• D. AWS Key Management Service (AWS KMS) keys

Answer: B

Explanation:
Access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS using the AWS CLI or AWS API1. User name and password are credentials that you use to sign in to the AWS Management Console or the AWS Management Console mobile app2. SSH public keys are credentials that you use to authenticate with EC2 instances that are launched from certain Linux AMIs3. AWS Key Management Service (AWS KMS) keys are customer master keys (CMKs) that you use to encrypt and decrypt your data and to control access to your data across AWS services and in your applications4.

NEW QUESTION 2

Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?

• A. Ensuring network connectivity from AWS to the internet
• B. Patching and fixing flaws within the AWS Cloud infrastructure
• C. Ensuring the physical security of cloud data centers
• D. Ensuring Amazon EBS volumes are backed up

Answer: D

Explanation:
The AWS shared responsibility model describes how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is responsible for the security of the cloud, which includes the physical security of AWS facilities, the infrastructure, hardware, software, and networking that run AWS services. The customer is responsible for security in the cloud, which includes the configuration of security groups, the encryption of customer data on AWS, the management of AWS Lambda infrastructure, and the management of network throughput of each AWS Region. One of the customer responsibilities is to ensure that Amazon EBS volumes are backed up.

NEW QUESTION 3

Which AWS service can a company use to securely store and encrypt passwords for a database?

• A. AWS Shield
• B. AWS Secrets Manager
• C. AWS Identity and Access Management (IAM)
• D. Amazon Cognito

Answer: B

Explanation:
AWS Secrets Manager is an AWS service that can be used to securely store and encrypt passwords for a database. It allows users to manage secrets, such as database credentials, API keys, and tokens, in a centralized and secure way. It also provides features such as automatic rotation, fine-grained access control, and auditing. AWS Shield is an AWS service that provides protection against Distributed Denial of Service (DDoS) attacks for AWS resources and services. It does not store or encrypt passwords for a database. AWS Identity and Access Management (IAM) is an AWS service that allows users to manage access to AWS resources and services. It can be used to create users, groups, roles, and policies that control who can do what in AWS. It does not store or encrypt passwords for a database. Amazon Cognito is an AWS service that provides user identity and data synchronization for web and mobile applications. It can be used to authenticate and authorize users, manage user profiles, and sync user data across devices. It does not store or encrypt passwords for a database.

NEW QUESTION 4

Which AWS service could an administrator use to provide desktop environments for several employees?

• A. AWS Organizations
• B. AWS Fargate
• C. AWS WAF
• D. AWS Workspaces

Answer: D

Explanation:
AWS Workspaces is a service that provides fully managed, secure, and reliable virtual desktops for your employees. You can access your personal Windows environment on various devices, such as Android, iOS, Fire, Mac, PC, Chromebook, and Linux. You can choose from different bundles of CPU, memory, storage, and software options to suit your needs. You can also integrate AWS Workspaces with your existing Active Directory, VPN, and security policies. AWS Workspaces helps you reduce the cost and complexity of managing your desktop infrastructure, while enhancing the productivity and security of your remote workers456. References: 4: Amazon WorkSpaces Client Download, 5: VDI Desktops - Amazon WorkSpaces Family - AWS, 6: Amazon WorkSpaces

NEW QUESTION 5

Which VPC component provides a layer of security at the subnet level?

• A. Security groups
• B. Network ACLs
• C. NAT gateways
• D. Route tables

Answer: B

Explanation:
Network ACLs are a feature that provide a layer of security at the subnet level by acting as a firewall to control traffic in and out of one or more subnets. Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols5. Security groups are a feature that provide a layer of security at the instance level by acting as a firewall to control traffic to and from one or more instances. Security groups can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, protocols, and security groups. NAT gateways are a feature that enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. Route tables are a feature that determine where network traffic from a subnet or gateway is directed.

NEW QUESTION 6

Which of the following is a fully managed graph database service on AWS?

• A. Amazon Aurora
• B. Amazon FSx
• C. Amazon DynamoDB
• D. Amazon Neptune

Answer: D

Explanation:
Amazon Neptune is a fully managed graph database service on AWS. A graph database is a type of database that stores and queries data as a network of nodes and edges, representing entities and relationships. Graph databases are useful for applications that deal with highly connected data, such as social networks, recommendation engines, fraud detection, and knowledge graphs45. Amazon Neptune is a fast, reliable, and scalable graph database service that supports two popular graph models: property graphs and RDF. Amazon Neptune also supports two open standards for querying graphs: Apache TinkerPop Gremlin and SPARQL. Amazon Neptune handles the heavy lifting of managing the database, such as provisioning, patching, backup, recovery, encryption, and replication456. References: 4: Managed Graph Database - Amazon Neptune - AWS, 5: Amazon Neptune – A Fully Managed Graph Database
Service, 6: Working with AWS Neptune. Neptune is a fully-managed graph … - Medium

NEW QUESTION 7

A company wants to minimize network latency between its Amazon EC2 instances. The EC2 instances do not need to be highly available.
Which solution meets these requirements?

• A. Use EC2 instances in a single Availability Zone.
• B. Use Amazon CloudFront as the database for the EC2 instances.
• C. Use EC2 instances in the same edge location and the same Availability Zone.
• D. Use EC2 instances in the same edge location and the same AWS Region.

Answer: A

Explanation:
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not needing high availability. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However, EC2 instances in a single Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone

NEW QUESTION 8

A company wants to use the AWS Cloud as an offsite backup location for its on-premises infrastructure.
Which AWS service will meet this requirement MOST cost-effectively?

• A. Amazon S3
• B. Amazon Elastic File System (Amazon EFS)
• C. Amazon FSx
• D. Amazon Elastic Block Store (Amazon EBS)

Answer: A

Explanation:
Amazon S3 is the most cost-effective service for storing offsite backups of on-premises infrastructure. Amazon S3 offers low-cost, durable, and scalable storage that can be accessed from anywhere over the internet. Amazon S3 also supports lifecycle policies, versioning, encryption, and cross-region replication to optimize the backup and recovery process. Amazon EFS, Amazon FSx, and Amazon EBS are more suitable for storing data that requires high performance, low latency, and frequent access12

NEW QUESTION 9

A user has a stateful workload that will run on Amazon EC2 for the next 3 years. What is the MOST cost-effective pricing model for this workload?

• A. On-Demand Instances
• B. Reserved Instances
• C. Dedicated Instances
• D. Spot Instances

Answer: B

Explanation:
Reserved Instances are a pricing model that offers significant discounts on Amazon EC2 usage compared to On-Demand Instances. Reserved Instances are suitable for stateful workloads that have predictable and consistent usage patterns for a long-term period. By committing to a one-year or three-year term, customers can reduce their total cost of ownership and optimize their cloud spend. Reserved Instances also provide capacity reservation, ensuring that customers have access to the EC2 instances they need when they need them. References: AWS Pricing Calculator, Amazon EC2 Pricing, [AWS Cloud Practitioner Essentials: Module 3 - Compute in the Cloud]

NEW QUESTION 10

Which cloud computing advantage is a company applying when it uses AWS Regions to increase application availability to users in different countries?

• A. Pay-as-you-go pricing
• B. Capacity forecasting
• C. Economies of scale
• D. Global reach

Answer: D

Explanation:
Global reach is a cloud computing advantage that a company can apply when it uses AWS Regions to increase application availability to users in different countries. Global reach refers to the ability to deploy applications and services in multiple geographic locations around the world, and to serve customers with low latency and high performance. AWS has the largest and most reliable global infrastructure of any cloud provider, with 25 Regions and 81 Availability Zones across the Americas, Europe, Asia Pacific, Africa, and the Middle East123. By using AWS Regions, a company can choose the best location for its application based on customer proximity, compliance requirements, and disaster recovery strategies23. References: 1: AWS Global Infrastructure - Amazon Web Services (AWS), 2: Regions and Availability Zones - Amazon Elastic Compute Cloud, 3: AWS Infrastructure: Regions and Availability Zones Explained

NEW QUESTION 11

A company wants to migrate its applications to the AWS Cloud. The company plans to identify and prioritize any business transformation opportunities and evaluate its AWS Cloud readiness. Which AWS service or tool should the company use to meet these requirements?

• A. AWS Cloud Adoption Framework (AWS CAF)
• B. AWS Managed Services (AMS)
• C. AWS Well-Architected Framework
• D. AWS Migration Hub

Answer: A

Explanation:
AWS Cloud Adoption Framework (AWS CAF) is a service or tool that helps users migrate their applications to the AWS Cloud. It provides guidance and best practices to identify and prioritize any business transformation opportunities and evaluate their AWS Cloud readiness. It also helps users align their business and technical perspectives, create an actionable roadmap, and measure their progress. AWS Managed Services (AMS) is a service that provides operational services for AWS infrastructure and applications. It helps users reduce their operational overhead and risk, and focus on their core business. It does not help users identify and prioritize any business transformation opportunities and evaluate their AWS Cloud readiness. AWS Well-Architected Framework is a tool that helps users design and implement secure, high-performing, resilient, and efficient solutions on AWS. It provides a set of questions and best practices across five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. It does not help users identify and prioritize any business transformation opportunities and evaluate their AWS Cloud readiness. AWS Migration Hub is a service that provides a single location to track and manage the migration of applications to AWS. It helps users discover their on- premises servers, group them into applications, and choose the right migration tools. It does not help users identify and prioritize any business transformation opportunities and evaluate their AWS Cloud readiness.

NEW QUESTION 12

A company deploys its application to multiple AWS Regions and configures automatic failover between those Regions.
Which cloud concept does this architecture represent?

• A. Security
• B. Reliability
• C. Scalability
• D. Cost optimization

Answer: B

Explanation:
Reliability is the cloud concept that this architecture represents. Reliability is the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. Deploying an application to multiple AWS Regions and configuring automatic failover between those Regions enhances the reliability of the application by reducing the impact of regional failures and increasing the availability of the application4

NEW QUESTION 13

To reduce costs, a company is planning to migrate a NoSQL database to AWS.
Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?

• A. Amazon Redshift
• B. Amazon Aurora
• C. Amazon DynamoDB
• D. Amazon RDS

Answer: C

Explanation:
Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database service that can deliver consistent, single-digit millisecond performance at any scale. DynamoDB can automatically scale throughput capacity to meet the demands of the database workload, without requiring any manual intervention. DynamoDB is ideal for NoSQL applications that need high performance, availability, and scalability. DynamoDB also offers features such as encryption at rest, point-in-time recovery, global tables, and in- memory caching. References: What is NoSQL?, Amazon DynamoDB, [AWS Cloud Practitioner Essentials: Module 4 - Databases in the Cloud]

NEW QUESTION 14

A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Select TWO.)

• A. Spot Instances
• B. On-Demand Instances
• C. Reserved Instances
• D. Savings Plans
• E. Dedicated Hosts

Answer: CD

Explanation:
Reserved Instances (RIs) are a pricing model that allows you to reserve EC2 instances for a specified period of time (one or three years) and receive a significant discount compared to On-Demand pricing. RIs are suitable for workloads that have predictable usage patterns and require a long-term commitment. You can choose between three payment options: All Upfront, Partial Upfront, or No Upfront. The more you pay upfront, the greater the discount1.
Savings Plans are a flexible pricing model that can help you reduce your EC2 costs by up to 72% compared to On-Demand pricing, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one or three year term. Savings Plans apply to usage across EC2, AWS Lambda, and AWS Fargate. You can choose between two types of Savings Plans: Compute Savings Plans and EC2 Instance Savings Plans. Compute Savings Plans offer the most flexibility and apply to any instance family, size, OS, tenancy, or region. EC2 Instance Savings Plans offer the highest discount and apply to a specific instance family within a region2.
Spot Instances are a pricing model that allows you to bid for unused EC2 capacity in the AWS cloud and are available at a discount of up to 90% compared to On-Demand pricing. Spot Instances are suitable for fault-tolerant or stateless workloads that can run on heterogeneous hardware and have flexible start and end times. However, Spot Instances are not guaranteed and can be interrupted by AWS at any time if the demand for capacity increases or your bid price is lower than the current Spot price3.
On-Demand Instances are a pricing model that allows you to pay for compute capacity by the hour or second with no long-term commitments. On-Demand Instances are suitable for short-term, spiky, or unpredictable workloads that cannot be interrupted, or for applications that are being developed or tested on EC2 for the first time. However, On-Demand Instances are the most expensive option among the four pricing models4.
Dedicated Hosts are physical EC2 servers fully dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, such as Windows Server, SQL Server, and SUSE Linux Enterprise Server. Dedicated Hosts can be purchased On-Demand or as part of Savings Plans. Dedicated Hosts are suitable for workloads that need to run on dedicated physical servers or have strict licensing requirements. However, Dedicated Hosts are not the lowest cost option among the four pricing models.

NEW QUESTION 15

A user needs a relational database but does not have the resources to manage the hardware, resiliency, and replication.
Which AWS service option meets the user's requirements'?

• A. Run MySQL on Amazon Elastic Container Service (Amazon ECS)
• B. Run MySQL on Amazon EC2
• C. Choose Amazon RDS for MySQL
• D. Choose Amazon ElastiCache for Redis

Answer: C

Explanation:
Amazon RDS for MySQL is a fully managed, open-source cloud database service that allows you to easily operate and scale your relational database of choice, including MySQL. With Amazon RDS for MySQL, you don’t have to worry about the hardware, resiliency, and replication of your database, as Amazon RDS handles these tasks for you. Amazon RDS for MySQL also provides features such as automated backups, multi-AZ deployments, read replicas, encryption, monitoring, and more. Amazon RDS for MySQL is compatible with the MySQL Community Edition versions 5.7 and 8.0, which means that you can use the same code, applications, and tools that you already use with MySQL4567. References: 4: Hosted MySQL - Amazon RDS for MySQL - AWS, 5: Amazon RDS for MySQL - Amazon Relational Database Service, 6: Amazon RDS for MySQL —, 7: Managed SQL Database - Amazon Relational Database Service (RDS) - AWS

NEW QUESTION 16

Who is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS?

• A. Customer
• B. AWS
• C. Account creator
• D. Auditing team

Answer: B

Explanation:
AWS is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS. AWS follows strict and audited data destruction processes to ensure that customer data is not exposed to unauthorized individuals or devices when an AWS storage device reaches the end of its useful life. AWS uses techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual”) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process3.

NEW QUESTION 17

A company is setting up AWS Identity and Access Management (IAM) on an AWS account. Which recommendation complies with IAM security best practices?

• A. Use the account root user access keys for administrative tasks.
• B. Grant broad permissions so that all company employees can access the resources they need.
• C. Turn on multi-factor authentication (MFA) for added security during the login process.
• D. Avoid rotating credentials to prevent issues in production applications.

Answer: C

Explanation:
C is correct because turning on multi-factor authentication (MFA) for added security during the login process is one of the IAM security best practices recommended by AWS. MFA adds an extra layer of protection on top of the user name and password, making it harder for attackers to access the AWS account. A is incorrect because using the account root user access keys for administrative tasks is not a good practice, as the root user has full access to all the resources in the AWS account and can cause irreparable damage if compromised. AWS recommends creating individual IAM users with the least privilege principle and using roles for applications that run on Amazon EC2 instances. B is incorrect because granting broad permissions so that all company employees can access the resources they need is not a good practice, as it increases the risk of unauthorized or accidental actions on the AWS resources. AWS recommends granting only the permissions that are required to perform a task and using groups to assign permissions to IAM users. D is incorrect because avoiding rotating credentials to prevent issues in production applications is not a good practice, as it increases the risk of credential leakage or compromise. AWS recommends rotating credentials regularly and using temporary security credentials from AWS STS when possible.

NEW QUESTION 18

A team of researchers is going to collect data at remote locations around the world Many locations do not have internet connectivity. The team needs to capture the data in the field, and transfer it to the AWS Cloud later
Which AWS service will support these requirements?

• A. AWS Outposts
• B. AWS Transfer Family
• C. AWS Snow Family
• D. AWS Migration Hub

Answer: C

Explanation:
AWS Snow Family is a group of devices that transport data in and out of AWS. AWS Snow Family devices are physical devices that can transfer up to exabytes of data. One exabyte is 1 000 000 000 000 megabytes. AWS Snow Family devices are designed for use in remote locations where internet connectivity is limited or unavailable. You can use these devices to collect and process data at the edge, and then ship them back to AWS for data upload. AWS Snow Family consists of three types of devices: AWS Snowcone, AWS Snowball, and AWS Snowmobile1234. References: 1: Edge Computing Devices, Secure Data Transfer - AWS Snow Family - AWS, 2: AWS Snow Family Documentation, 3: AWS Snow Family - W3Schools, 4: AWS Snow Family: Data Storage, Migration, and Computation

NEW QUESTION 19
......