NEW QUESTION 1

A company wants to create a set of custom dashboards to collect metrics to monitor its applications.
Which AWS service will meet these requirements?

• A. Amazon CloudWatch
• B. AWS X-Ray
• C. AWS Systems Manager
• D. AWS CloudTrail

Answer: A

Explanation:
Amazon CloudWatch is a service that provides monitoring and observability for AWS resources and applications. Users can create custom dashboards to collect and visualize metrics, logs, alarms, and events from different sources5. AWS X-Ray is a service that provides distributed tracing and analysis for applications. AWS Systems Manager is a service that provides operational management for AWS resources and applications. AWS CloudTrail is a service that provides governance, compliance, and auditing for AWS account activity.

NEW QUESTION 2

Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

• A. AWS Service Catalog
• B. AWS Systems Manager
• C. AWS IAM Access Analyzer
• D. AWS Organizations

Answer: C

Explanation:
AWS IAM Access Analyzer is a service that helps you identify the resources in your organization and accounts, such as Amazon S3 buckets or IAM roles, that are shared with an external entity. This lets you identify unintended access to your resources and data, which is a security risk. IAM Access Analyzer uses logic-based reasoning to analyze the resource-based policies in your AWS environment. For each instance of a resource shared outside of your account, IAM Access Analyzer generates a finding. Findings include information about the access and the external principal granted to it345. References: 3: Using AWS Identity and Access Management Access Analyzer, 4: IAM Access Analyzer - Amazon Web Services (AWS), 5: Welcome - IAM Access Analyzer

NEW QUESTION 3

A company wants to migrate its server-based applications to the AWS Cloud. The company wants to determine the total cost of ownership for its compute resources that will be hosted on the AWS Cloud.
Which combination of AWS services or tools will meet these requirements?

• A. AWS Pricing Calculator
• B. Migration Evaluator
• C. AWS Support Center
• D. AWS Application Discovery Service
• E. AWS Database Migration Service (AWS DMS)

Answer: AD

Explanation:
AWS Pricing Calculator and AWS Application Discovery Service are the best combination of AWS services or tools to meet the requirements of determining the total cost of ownership for compute resources that will be hosted on the AWS Cloud. AWS Pricing Calculator is a tool that enables you to estimate the cost of using AWS services based on your usage scenarios and requirements. You can use AWS Pricing Calculator to compare the costs of running your applications on-premises or on AWS, and to optimize your AWS spending. AWS Application Discovery Service is a service that helps you plan your migration to the AWS Cloud by collecting and analyzing information about your on- premises servers, applications, and dependencies. You can use AWS Application Discovery Service to identify the inventory of your on-premises infrastructure, group servers by applications, and estimate the performance and resource utilization of your applications45

NEW QUESTION 4

A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high end client hardware?

• A. Amazon AppStream 2.0
• B. AWS AppSync
• C. Amazon WorkLink
• D. AWS Elastic Beanstalk

Answer: A

Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access to internal websites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using popular platforms such as Java, .NET, PHP, and Node.js. Reference: [Amazon AppStream 2.0 FAQs]

NEW QUESTION 5

A company wants to create a chatbot and integrate the chatbot with its current web application.
Which AWS service will meet these requirements?

• A. AmazonKendra
• B. Amazon Lex
• C. AmazonTextract
• D. AmazonPolly

Answer: B

Explanation:
The AWS service that will meet the requirements of the company that wants to create a chatbot and integrate the chatbot with its current web application is Amazon Lex. Amazon Lex is a service that helps customers build conversational interfaces using voice and text. The company can use Amazon Lex to create a chatbot that can understand natural language and respond to user requests, using the same deep learning technologies that power Amazon Alexa. Amazon Lex also provides easy integration with other AWS services, such as Amazon Comprehend, Amazon Polly, and AWS Lambda, as well as popular platforms, such as Facebook Messenger, Slack, and Twilio. Amazon Lex helps customers create engaging and interactive chatbots for their web applications. Amazon Kendra, Amazon Textract, and Amazon Polly are not the best services to use for this purpose. Amazon Kendra is a service that helps customers provide accurate and natural answers to natural language queries using machine learning. Amazon Textract is a service that helps customers extract text and data from scanned documents using optical character recognition (OCR) and machine learning. Amazon Polly is a service that helps customers convert text into lifelike speech using deep learning. These services are more useful for different types of natural language processing and generation tasks, rather than creating and integrating chatbots.

NEW QUESTION 6

How can an AWS user conduct security assessments of Amazon EC2 instances, NAT gateways, and Elastic Load Balancers in a way that is approved by AWS?

• A. Flood a target with requests.
• B. Use Amazon Inspector.
• C. Perform penetration testing.
• D. Use the AWS Service Health Dashboard.

Answer: B

Explanation:
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity2.

NEW QUESTION 7

A company is planning to migrate to the AWS Cloud and wants to become more responsive to customer inquiries and feedback. The company wants to focus on organizational transformation.
A company wants to give its customers the ability to view specific data that is hosted in Amazon S3 buckets. The company wants to keep control over the full datasets that the company shares with the customers.
Which S3 feature will meet these requirements?

• A. S3 Storage Lens
• B. S3 Cross-Region Replication (CRR)
• C. S3 Versioning
• D. S3 Access Points

Answer: D

Explanation:
S3 Access Points are a feature of Amazon S3 that allows you to easily manage access to specific data that is hosted in S3 buckets. S3 Access Points are unique hostnames that customers can use to access data in S3 buckets. You can create multiple access points for a single bucket, each with its own name and permissions. You can use S3 Access Points to provide different levels of access to different groups of customers, such as read-only or write-only access. You can also use S3 Access Points to enforce encryption or logging requirements for specific data. S3 Access Points help you keep control over the full datasets that you share with your customers, while simplifying the access management and improving the performance and scalability of your applications.

NEW QUESTION 8

A company needs to configure rules to identify threats and protect applications from malicious network access.
Which AWS service should the company use to meet these requirements?

• A. AWS Identity and Access Management (IAM)
• B. Amazon QuickSight
• C. AWS WAF
• D. Amazon Detective

Answer: C

Explanation:
AWS WAF is the AWS service that the company should use to configure rules to identify threats and protect applications from malicious network access. AWS WAF is a web application firewall that helps to filter, monitor, and block malicious web requests based on customizable rules. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer. For more information, see What is AWS WAF? and How AWS WAF Works.

NEW QUESTION 9

An IT engineer needs to access AWS services from an on-premises application. Which credentials or keys does the application need for authentication?

• A. AWS account user name and password
• B. IAM access key and secret
• C. Amazon EC2 key pairs
• D. AWS Key Management Service (AWS KMS) keys

Answer: B

Explanation:
IAM access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account user name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH. AWS Key Management Service (AWS KMS) keys are used to encrypt and decrypt your data using the AWS Encryption SDK or the AWS CLI.

NEW QUESTION 10

A company wants to push VPC Flow Logs to an Amazon S3 bucket.
A company wants to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances.
Which AWS purchasing option should the company choose to meet these requirements?

• A. Dedicated Hosts
• B. Compute Savings Plans
• C. Reserved Instances
• D. Spot Instances

Answer: B

Explanation:
Compute Savings Plans are a flexible and cost-effective way to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances. With Compute Savings Plans, customers can commit to a consistent amount of compute usage (measured in $/hour) for a 1-year or 3-year term and receive a discount of up to 66% compared to On-Demand prices3. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to the customer’s use. They are suitable for customers who have specific server-bound software licenses or compliance requirements4. Reserved Instances are a pricing model that provides a significant discount (up to 75%) compared to On-Demand pricing and a capacity reservation for EC2 instances. They are available in 1-year or 3-year terms and different payment options5. Spot Instances are spare EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for customers who have flexible start and end times, can withstand interruptions, and can handle excess capacity.

NEW QUESTION 11

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

• A. Sustainability
• B. Operations
• C. Performance efficiency
• D. Reliability

Answer: B

Explanation:
Operations is an option that is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF). Operations is one of the six perspectives of the AWS CAF, along with business, people, governance, platform, and security. Operations focuses on the processes and procedures to support the ongoing management and maintenance of the cloud-based IT assets. It covers topics such as monitoring, backup and recovery, change management, incident management, and automation5. Sustainability is not a perspective of the AWS CAF, but a concept that refers to the ability of a system to operate in an environmentally friendly and socially responsible manner. Performance efficiency is not a perspective of the AWS CAF, but a pillar of the AWS Well-Architected Framework. It focuses on using the right resources and services for the workload, monitoring performance, and continuously improving the efficiency of the solution. Reliability is not a perspective of the AWS CAF, but a pillar of the AWS Well- Architected Framework. It focuses on the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.

NEW QUESTION 12

Which AWS service will help protect applications running on AWS from DDoS attacks?

• A. Amazon GuardDuty
• B. AWS WAF
• C. AWS Shield
• D. Amazon Inspector

Answer: C

Explanation:
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection3.

NEW QUESTION 13

A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to minimize the complexity that is related to the management of AWS resources.
Which AWS service should the company use to meet these requirements?

• A. AWS config
• B. AWS Elastic Beanstalk
• C. Amazon EC2
• D. Amazon Personalize

Answer: B

Explanation:
AWS Elastic Beanstalk is the AWS service that allows customers to deploy applications in the AWS Cloud as quickly as possible. AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring. Customers can upload their code and Elastic Beanstalk will take care of the rest1. AWS Elastic Beanstalk also minimizes the complexity that is related to the management of AWS resources. Customers can retain full control of the underlying AWS resources powering their applications and adjust the settings to suit their needs1. Customers can also use the AWS Management Console, the AWS Command Line Interface (AWS CLI), or APIs to manage their applications1.
AWS Config is the AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Config continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations or best practices2. AWS Config does not help customers deploy applications in the AWS Cloud as quickly as possible or minimize the complexity that is related to the management of AWS resources.
Amazon EC2 is the AWS service that provides secure, resizable compute capacity in the cloud. Customers can launch virtual servers called instances and choose from various configurations of CPU, memory, storage, and networking resources3. Amazon EC2 does not automatically handle the deployment or management of AWS resources for customers. Customers have to manually provision, configure, monitor, and scale their instances and other related resources.
Amazon Personalize is the AWS service that enables customers to create personalized recommendations for their users based on their behavior and preferences. Amazon Personalize uses machine learning to analyze data and deliver real-time recommendations4. Amazon Personalize does not help customers deploy applications in the AWS Cloud as quickly as possible or minimize the complexity that is related to the management of AWS resources.

NEW QUESTION 14

Which AWS Well-Architected Framework concept represents a system's ability to remain functional when the system encounters operational problems?

• A. Consistency
• B. Elasticity
• C. Durability
• D. Latency

Answer: B

Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating systems in the cloud. The framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. The concept of elasticity represents a system’s ability to adapt to changes in demand by scaling resources up or down automatically. Therefore, the correct answer is B. You can learn more about the AWS Well-Architected Framework and its pillars from this page.

NEW QUESTION 15

Which AWS service provides the ability to host a NoSQL database in the AWS Cloud?

• A. Amazon Aurora
• B. Amazon DynamoDB
• C. Amazon RDS
• D. Amazon Redshift

Answer: B

Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both key- value and document data models, and allows you to create tables that can store and retrieve any amount of data, and serve any level of request traffic. You can also use DynamoDB Streams to capture data modification events in DynamoDB tables.

NEW QUESTION 16

A company’s IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.
What should the company do to meet these requirements?

• A. Deploy MySQL database server clusters on Amazon EC2 instances.
• B. Use Amazon RDS with a MySQL database.
• C. Use an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances.
• D. Migrate all the MySQL database data to Amazon S3.

Answer: B

Explanation:
Amazon RDS is a service that makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS supports MySQL as one of the database engines. By using Amazon RDS with a MySQL database, the company can offload the tasks of patching the database and taking backup snapshots to AWS. Amazon RDS automatically patches the database software and operating system of the database instances. Amazon RDS also automatically backs up the database and retains the backups for a user-defined retention period. The company can also restore the database to any point in time within the retention period. Deploying MySQL database server clusters on Amazon EC2 instances, using an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances, or migrating all the MySQL database data to Amazon S3 are not the best options to meet the requirements. These options would not automate the tasks of patching the database and taking backup snapshots, and would require more operational overhead from the company3

NEW QUESTION 17

Which task can only an AWS account root user perform?

• A. Changing the AWS Support plan
• B. Deleting AWS resources
• C. Creating an Amazon EC2 instance key pair
• D. Configuring AWS WAF

Answer: A

Explanation:
The AWS account root user is the email address that you use to sign up for AWS. The root user has complete access to all AWS services and resources in the account. The root user can perform tasks that only the root user can do, such as changing the AWS Support plan, closing the account, and restoring IAM user permissions34

NEW QUESTION 18

Which AWS services allow users to monitor and retain records of account activities that include governance, compliance, and auditing?
(Select TWO.)

• A. Amazon CloudWatch
• B. AWS CloudTrail
• C. Amazon GuardDuty
• D. AWS Shield
• E. AWS WAF

Answer: AB

Explanation:
Amazon CloudWatch and AWS CloudTrail are the AWS services that allow users to monitor and retain records of account activities that include governance, compliance, and auditing. Amazon CloudWatch is a service that collects and tracks metrics, collects and monitors log files, and sets alarms. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. Amazon GuardDuty, AWS Shield, and AWS WAF are AWS services that provide security and protection for AWS resources, but they do not monitor and retain records of
account activities. These concepts are explained in the AWS Cloud Practitioner Essentials course3.

NEW QUESTION 19
......