NEW QUESTION 1

Which AWS service or feature captures information about the network traffic to and from an Amazon EC2 instance?

• A. VPC Reachability Analyzer
• B. Amazon Athena
• C. VPC Flow Logs
• D. AWS X-Ray

Answer: C

Explanation:
The correct answer is C because VPC Flow Logs is an AWS service or feature that captures information about the network traffic to and from an Amazon EC2 instance. VPC Flow Logs is a feature that enables customers to capture information about the IP traffic going to and from network interfaces in their VPC. VPC Flow Logs can help customers to monitor and troubleshoot connectivity issues, such as traffic not reaching an instance or traffic being rejected by a security group. The other options are incorrect because they are not AWS services or features that capture information about the network traffic to and from an Amazon EC2 instance. VPC Reachability Analyzer is an AWS service or feature that enables customers to perform connectivity testing between resources in their VPC and identify configuration issues that prevent connectivity. Amazon Athena is an AWS service that enables customers to query data stored in Amazon S3 using standard SQL. AWS X-Ray is an AWS service that enables customers to analyze and debug distributed applications, such as those built using a microservices architecture.
Reference: VPC Flow Logs

NEW QUESTION 2

A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?

• A. Security groups
• B. AWS WAF
• C. Network ACLs
• D. AWS Shield

Answer: B

Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.

NEW QUESTION 3

A company has created an AWS Cost and Usage Report and wants to visualize the report. Which AWS service should the company use to ingest and display this information?

• A. Amazon QuickSight
• B. Amazon Pinpoint
• C. Amazon Neptune
• D. Amazon Kinesis

Answer: A

Explanation:
Amazon QuickSight is an AWS service that provides business intelligence and data visualization capabilities. Amazon QuickSight enables you to ingest, analyze, and display data from various sources, such as AWS Cost and Usage Reports, Amazon S3, Amazon Athena, Amazon Redshift, and Amazon RDS. You can use Amazon QuickSight to create interactive dashboards and charts that show insights and trends from your data. You can also share your dashboards and charts with other users or embed them into your applications.

NEW QUESTION 4

Which design principle should be considered when architecting in the AWS Cloud?

• A. Think of servers as non-disposable resources.
• B. Use synchronous integration of services.
• C. Design loosely coupled components.
• D. Implement the least permissive rules for security groups.

Answer: C

Explanation:
Designing loosely coupled components is a design principle that should be considered when architecting in the AWS Cloud. Loose coupling is a way of designing systems to reduce interdependencies and minimize the impact of changes. Loose coupling allows components to interact with each other through well-defined interfaces, rather than direct references. This reduces the risk of failures and errors propagating across the system, and enables greater scalability, availability, and maintainability5.

NEW QUESTION 5

Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format?

• A. AWS Security Hub
• B. AWS Trusted Advisor
• C. Amazon EventBndge
• D. Amazon GuardDuty

Answer: A

Explanation:
AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation. Security Hub collects findings from the security services enabled across your AWS accounts, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings from partner security products using a standardized AWS Security Finding Format, eliminating the need for time-consuming data parsing and normalization efforts. Customers can designate an administrator account that can access all findings across their accounts. References: AWS Security Hub Overview, AWS Security Hub FAQs

NEW QUESTION 6

Which AWS service helps developers use loose coupling and reliable messaging between microservices?

• A. Elastic Load Balancing
• B. Amazon Simple Notification Service (Amazon SNS)
• C. Amazon CloudFront
• D. Amazon Simple Queue Service (Amazon SQS)

Answer: D

Explanation:
Amazon Simple Queue Service (Amazon SQS) is a service that provides fully managed message queues for asynchronous communication between microservices. It helps developers use loose coupling and reliable messaging by allowing them to send, store, and receive messages between distributed components without losing them or requiring each component to be always available1. Elastic Load Balancing is a service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging for event-driven and push-based communication between microservices. Amazon CloudFront is a service that provides a fast and secure content delivery network (CDN) for web applications.

NEW QUESTION 7

Which option is an advantage of AWS Cloud computing that minimizes variable costs?

• A. High availability
• B. Economies of scale
• C. Global reach
• D. Agility

Answer: B

Explanation:
Economies of scale is the advantage of AWS Cloud computing that minimizes variable costs. Economies of scale refers to the reduction in the cost per unit as the output increases. AWS Cloud computing leverages economies of scale by providing a large pool of shared resources that can be accessed on demand and paid for as needed. AWS Cloud computing also passes the cost savings to the customers by offering lower prices and discounts. For more information, see Economies of Scale and AWS Pricing.

NEW QUESTION 8

Which of the following are design principles for reliability in the AWS Cloud? (Select TWO.)

• A. Build architectures with tightly coupled resources.
• B. Use AWS Trusted Advisor to meet security best practices.
• C. Use automation to recover immediately from failure.
• D. Rightsize Amazon EC2 instances to ensure optimal performance.
• E. Simulate failures to test recovery processes.

Answer: CE

Explanation:
The design principles for reliability in the AWS Cloud are:
✑ Test recovery procedures. The best way to ensure that systems can recover from failures is to regularly test them using simulated scenarios. This can help identify gaps and improve the recovery process.
✑ Automatically recover from failure. By using automation, systems can detect and correct failures without human intervention. This can reduce the impact and duration of failures and improve the availability of the system.
✑ Scale horizontally to increase aggregate system availability. By adding more redundant resources to the system, the impact of individual resource failures can be reduced. This can also improve the performance and scalability of the system.
✑ Stop guessing capacity. By using monitoring and automation, systems can adjust the capacity based on the demand and performance metrics. This can prevent failures due to insufficient or excessive capacity and optimize the cost and efficiency of the system.
✑ Manage change in automation. By using automation, changes to the system can be applied in a consistent and controlled manner. This can reduce the risk of human errors and configuration drifts that can cause failures. AWS Well- Architected Framework

NEW QUESTION 9

A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.
Which AWS services will meet these requirements? (Select TWO)

• A. Amazon Athena
• B. Amazon RDS
• C. Amazon EC2
• D. Amazon DynamoDB
• E. Amazon Aurora

Answer: BE

Explanation:
Amazon RDS and Amazon Aurora are both managed AWS services that support the PostgreSQL database engine. Amazon RDS makes it easier to set up, operate, and scale PostgreSQL deployments on the cloud, while Amazon Aurora is a cloud-native database engine that is compatible with PostgreSQL and offers higher performance and availability. Amazon Athena is a serverless query service that does not support PostgreSQL, but can analyze data in Amazon S3 using standard SQL. Amazon EC2 is a compute service that allows users to launch virtual machines, but does not provide any database management features. Amazon DynamoDB is a NoSQL database service that is not compatible with PostgreSQL, but offers fast and consistent performance at any scale. References: Hosted PostgreSQL - Amazon RDS for PostgreSQL - AWS, Amazon RDS for PostgreSQL - Amazon Relational Database Service, AWS PostgreSQL: Managed or Self-Managed? - NetApp, AWS Announces Amazon Aurora Supports PostgreSQL 12 - InfoQ, Amazon Aurora vs PostgreSQL | What are the differences? - StackShare

NEW QUESTION 10

Which AWS service is a continuous delivery and deployment solution?

• A. AWSAppSync
• B. AWS CodePipeline
• C. AWS Cloud9
• D. AWS CodeCommit

Answer: B

Explanation:
AWS CodePipeline is a continuous delivery and deployment service that automates the release process of software applications across different stages, such as source code, build, test, and deploy2. AWSAppSync, AWS Cloud9, and AWS CodeCommit are other AWS services related to application development, but they do not provide continuous delivery and deployment solutions34 .

NEW QUESTION 11

A company is designing an identity access management solution for an application. The company wants users to be able to use their social media, email, or online shopping accounts to access the application.
Which AWS service provides this functionality?

• A. AWS IAM Identity Center (AWS Single Sign-On)
• B. AWS Config
• C. Amazon Cognito
• D. AWS Identity and Access Management (IAM)

Answer: C

Explanation:
The correct answer is C because Amazon Cognito provides identity federation and user authentication for web and mobile applications. Amazon Cognito allows users to sign in with their social media, email, or online shopping accounts. The other options are incorrect because they do not provide identity federation or user authentication. AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to access multiple AWS accounts and applications with a single sign-on experience. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of their AWS resources. AWS Identity and Access Management (IAM) is a service that enables users to manage access to AWS resources using users, groups, roles, and policies.
Reference: Amazon Cognito FAQs

NEW QUESTION 12

A company is using Amazon RDS.
A company is launching a critical business application in an AWS Region. How can the company increase resilience for this application?

• A. Deploy a copy of the application in another AWS account.
• B. Deploy the application by using multiple VPCs.
• C. Deploy the application by using multiple subnets.
• D. Deploy the application by using multiple Availability Zones.

Answer: D

Explanation:
Deploying the application by using multiple Availability Zones is the best way to increase resilience for the application. According to the Amazon RDS User Guide, "Amazon RDS provides high availability and failover support for DB instances using Multi- AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups."4 Deploying a copy of the application in another AWS account, using multiple VPCs, or using multiple subnets do not provide the same level of resilience as using multiple Availability Zones.

NEW QUESTION 13

Which task is the responsibility of AWS when using AWS services?

• A. Management of IAM user permissions
• B. Creation of security group rules for outbound access
• C. Maintenance of physical and environmental controls
• D. Application of Amazon EC2 operating system patches

Answer: C

Explanation:
AWS is responsible for maintaining the physical and environmental controls of the AWS Cloud, such as power, cooling, fire suppression, and physical security1. The customer is responsible for managing the IAM user permissions, creating security group rules for outbound access, applying Amazon EC2 operating system patches, and other aspects of security in the cloud1.

NEW QUESTION 14

A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.
Which combination of AWS services should the company use to meet these requirements?
(Select TWO.)

• A. AWS Glue
• B. Amazon Elastic File System (Amazon EFS)
• C. Amazon Redshift
• D. Amazon QuickSight
• E. Amazon Quantum Ledger Database (Amazon QLDB)

Answer: AC

Explanation:
AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load data for analytics. AWS Glue can discover data sources, transform data, and make it available for analysis by using data catalogs and workflows. Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud that enables customers to analyze data using standard SQL and existing business intelligence tools. Amazon Redshift can also integrate with other AWS services to visualize and transform data. Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on- premises resources. Amazon QuickSight is a fast, cloud-powered business intelligence service that makes it easy to deliver insights to everyone in an organization. Amazon Quantum Ledger Database (Amazon QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority.

NEW QUESTION 15

Which AWS service or feature is used to Troubleshoot network connectivity issues between Amazon EC2 instances?

• A. AWS Certificate Manager (ACM)
• B. Internet gateway
• C. VPC Flow Logs
• D. AWS CloudHSM

Answer: C

Explanation:
VPC Flow Logs is the AWS service or feature that is used to troubleshoot network connectivity issues between Amazon EC2 instances. VPC Flow Logs is a feature that enables users to capture information about the IP traffic going to and from network interfaces in their VPC. VPC Flow Logs can help users monitor and diagnose network- related issues, such as traffic not reaching an instance, or an instance not responding to requests. VPC Flow Logs can be published to Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose for analysis and storage.

NEW QUESTION 16

A developer needs to build an application for a retail company. The application must provide real-time product recommendations that are based on machine learning.
Which AWS service should the developer use to meet this requirement?

• A. AWS Health Dashboard
• B. Amazon Personalize
• C. Amazon Forecast
• D. Amazon Transcribe

Answer: B

Explanation:
Amazon Personalize is a fully managed machine learning service that customers can use to generate personalized recommendations for their users. It can also generate user segments based on the users’ affinity for certain items or item metadata. Amazon Personalize uses the customers’ data to train and deploy custom recommendation models that can be integrated into their applications. Therefore, the correct answer is B. You can learn more about Amazon Personalize and its use cases from this page.

NEW QUESTION 17

Which AWS service uses a combination of publishers and subscribers?

• A. AWS Lambda
• B. Amazon Simple Notification Service (Amazon SNS)
• C. Amazon CloudWatch
• D. AWS CloudFormation

Answer: B

Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 18

Which AWS service or feature is an example of a relational database management system?

• A. Amazon Athena
• B. Amazon Redshift
• C. Amazon S3 Select
• D. Amazon Kinesis Data Streams

Answer: B

Explanation:
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers. Amazon Redshift is a relational database management system (RDBMS), so it is compatible with other RDBMS applications. You can use standard SQL to query the data.

NEW QUESTION 19
......