NEW QUESTION 1

A company needs to set up user authentication for a new application. Users must be able to sign in directly with a user name and password, or through a third-party provider.
Which AWS service should the company use to meet these requirements?

• A. AWS IAM Identity Center (AWS Single Sign-On)
• B. AWS Signer
• C. Amazon Cognito
• D. AWS Directory Service

Answer: C

Explanation:
Amazon Cognito is a service that provides user authentication and authorization for web and mobile applications. You can use Amazon Cognito to enable users to sign in directly with a user name and password, or through a third-party provider, such as Facebook, Google, or Amazon. You can also use Amazon Cognito to manage user profiles, preferences, and security settings3

NEW QUESTION 2

A company manages factory machines in real time. The company wants to use AWS technology to deploy its monitoring applications as close to the factory machines as possible.
Which AWS solution will meet these requirements with the LEAST latency?

• A. AWS Outposts
• B. Amazon EC2
• C. AWS App Runner
• D. AWS Batch

Answer: A

Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on- premises facility for a truly consistent hybrid experience. AWS Outposts enables you to run AWS services in your on-premises data center1.

NEW QUESTION 3

A company has deployed an application in the AWS Cloud. The company wants to ensure that the application is highly resilient.
Which component of AWS infrastructure can the company use to meet this requirement?

• A. Content delivery network (CDN)
• B. Edge locations
• C. Wavelength Zones
• D. Availability Zones

Answer: D

Explanation:
Availability Zones are components of AWS infrastructure that can help the company ensure that the application is highly resilient. Availability Zones are multiple, isolated locations within each AWS Region. Each Availability Zone has independent power, cooling, and physical security, and is connected to the other Availability Zones in the same Region via low-latency, high-throughput, and highly redundant networking. Availability Zones allow you to operate production applications and databases that are more highly available, fault tolerant, and scalable than would be possible from a single data center.

NEW QUESTION 4

Which feature of the AWS Cloud gives users the ability to pay based on current needs rather than forecasted needs?

• A. AWS Budgets
• B. Pay-as-you-go pricing
• C. Volume discounts
• D. Savings Plans

Answer: B

Explanation:
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on current needs rather than forecasted needs. Pay-as-you-go pricing means that users only pay for the AWS services and resources they use, without any upfront or long-term commitments. This allows users to scale up or down their usage depending on their changing business requirements, and avoid paying for idle or unused capacity. Pay-as-you-go pricing also enables users to benefit from the economies of scale and lower costs of AWS as they grow their business5

NEW QUESTION 5

A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.
Which AWS service should the company use to run these queries in the MOST cost- effective manner?

• A. Amazon Redshift
• B. Amazon Athena
• C. Amazon Kinesis
• D. Amazon RDS

Answer: B

Explanation:
Amazon Athena is a serverless, interactive analytics service that allows users to run SQL queries on data stored in Amazon S3. It is ideal for occasional queries on large datasets, as it does not require any server provisioning, configuration, or management. Users only pay for the queries they run, based on the amount of data scanned. Amazon Athena supports various data formats, such as CSV, JSON, Parquet, ORC, and Avro, and integrates with AWS Glue Data Catalog to create and manage schemas. Amazon Athena also supports querying data from other sources, such as on- premises or other cloud systems, using data connectors1.
Amazon Redshift is a fully managed data warehouse service that allows users to run complex analytical queries on petabyte-scale data. However, it requires users to provision and maintain clusters of nodes, and pay for the storage and compute capacity they use. Amazon Redshift is more suitable for frequent and consistent queries on structured or semi-structured data2.
Amazon Kinesis is a platform for streaming data on AWS, enabling users to collect, process, and analyze real-time data. It is not designed for querying data stored in Amazon S3. Amazon Kinesis consists of four services: Kinesis Data Streams, Kinesis Data Firehose, Kinesis Data Analytics, and Kinesis Video Streams3.
Amazon RDS is a relational database service that provides six database engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. It simplifies database administration tasks such as backup, patching, scaling, and replication. However, it is not optimized for querying data stored in Amazon S3. Amazon RDS is more suitable for transactional workloads that require high performance and availability4.
References:
✑ Interactive SQL - Serverless Query Service - Amazon Athena - AWS
✑ [Amazon Redshift – Data Warehouse Solution - AWS]
✑ [Amazon Kinesis - Streaming Data Platform - AWS]
✑ [Amazon Relational Database Service (RDS) – AWS]

NEW QUESTION 6

A company wants to monitor its workload performance. The company wants to ensure that the cloud services are delivered at a level that meets its business needs.
Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?

• A. Business
• B. Governance
• C. Platform
• D. Operations

Answer: D

Explanation:
The Operations perspective helps you monitor and manage your cloud workloads to ensure that they are delivered at a level that meets your business needs. Common stakeholders include chief operations officer (COO), cloud director, cloud operations manager, and cloud operations engineers1. The Operations perspective covers capabilities such as workload health monitoring, incident management, change management, release management, configuration management, and disaster recovery2. The Business perspective helps ensure that your cloud investments accelerate your digital transformation ambitions and business outcomes. Common stakeholders include chief executive officer (CEO), chief financial officer (CFO), chief information officer (CIO), and chief technology officer (CTO). The Business perspective covers capabilities such as business case development, value realization, portfolio management, and stakeholder management3.
The Governance perspective helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks. Common stakeholders include chief transformation officer, CIO, CTO, CFO, chief data officer (CDO), and chief risk officer (CRO). The Governance perspective covers capabilities such as governance framework, budget and cost management, compliance management, and data governance4.
The Platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions. Common stakeholders include CTO, technology leaders, architects, and engineers. The Platform perspective covers capabilities such as platform design and implementation, workload migration and modernization, cloud-native development, and DevOps5. References:
✑ AWS Cloud Adoption Framework: Operations Perspective
✑ AWS Cloud Adoption Framework - Operations Perspective
✑ AWS Cloud Adoption Framework: Business Perspective
✑ AWS Cloud Adoption Framework: Governance Perspective
✑ AWS Cloud Adoption Framework: Platform Perspective

NEW QUESTION 7

Which task must a user perform by using the AWS account root user credentials?

• A. Make changes to AWS production resources.
• B. Change AWS Support plans.
• C. Access AWS Cost and Usage Reports.
• D. Grant auditors’ access to an AWS account for a compliance audit.

Answer: B

Explanation:
Changing AWS Support plans is a task that must be performed by using the AWS account root user credentials. The root user is the email address that you used to sign up for AWS. It has complete access to all AWS services and resources in the account. You should use the root user only to perform a few account and service management tasks, such as changing AWS Support plans, closing the account, or changing the account name or email address. Making changes to AWS production resources, accessing AWS Cost and Usage Reports, and granting auditors access to an AWS account for a compliance audit are tasks that can be performed by using IAM users or roles, which are entities that you create in AWS to delegate permissions to access AWS services and resources.

NEW QUESTION 8

Which options are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)

• A. Sustainability
• B. Security
• C. Operations
• D. Performance efficiency
• E. Reliability

Answer: CD

Explanation:
The options that are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF) are operations and performance efficiency. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The operations perspective capabilities are operations support, operations integration, and service management. The performance efficiency perspective focuses on the selection and configuration of the right cloud resources and services to meet the performance requirements of the applications, as well as the continuous improvement and innovation of the cloud solutions. The performance efficiency perspective capabilities are selection, review, and monitoring. Sustainability, security, and reliability are not perspectives of the AWS CAF, but they are aspects of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a guidance that helps users build and operate secure, reliable, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars, which are operational excellence, security, reliability, performance efficiency, and cost optimization. Sustainability is a cross-cutting theme that applies to all the pillars, and refers to the environmental and social impact of the cloud solutions.

NEW QUESTION 9

What are the characteristics of Availability Zones? (Select TWO.)

• A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low- latency networking
• B. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).
• C. All traffic between Availability Zones is encrypted.
• D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.
• E. Every Availability Zone contains a single data center.

Answer: AD

Explanation:
Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. Each Availability Zone has independent power, cooling, and physical security, and is connected to other Availability Zones in the same Region by a low-latency network. Therefore, the correct answers are A and D. You can learn more about Availability Zones and their characteristics from this page.

NEW QUESTION 10

Which group shares responsibility with AWS for security and compliance of AWS accounts and resources?

• A. Third-party vendors
• B. Customers
• C. Reseller partners
• D. Internet providers

Answer: B

Explanation:
Customers share responsibility with AWS for security and compliance of AWS accounts and resources. This is part of the AWS shared responsibility model, which defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the physical and environmental controls of the AWS global infrastructure, such as power, cooling, fire suppression, and physical access. The customer is responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications, such as identity and access management, encryption, firewall, and backup.
For more information, see AWS Shared Responsibility Model and AWS Cloud Security.

NEW QUESTION 11

Which AWS services can limit manual errors by consistently provisioning AWS resources in multiple envirom

• A. AWS Config
• B. AWS CodeStar
• C. AWS CloudFormation
• D. AWS Cloud Development Kit (AWS CDK)
• E. AWS CodeBuild

Answer: CD

Explanation:
AWS CloudFormation and AWS Cloud Development Kit (AWS CDK) are AWS services that can limit manual errors by consistently provisioning AWS resources in multiple environments. AWS CloudFormation is a service that enables you to model and provision AWS resources using templates. You can use AWS CloudFormation to define the AWS resources and their dependencies that you need for your applications, and to automate the creation and update of those resources across multiple environments, such as development, testing, and production. AWS CloudFormation helps you ensure that your
AWS resources are configured consistently and correctly, and that you can easily replicate or modify them as needed. AWS Cloud Development Kit (AWS CDK) is a service that enables you to use familiar programming languages, such as Python, TypeScript, Java, and C#, to define and provision AWS resources. You can use AWS CDK to write code that synthesizes into AWS CloudFormation templates, and to leverage the existing libraries and tools of your preferred language. AWS CDK helps you reduce the complexity and errors of writing and maintaining AWS CloudFormation templates, and to apply the best practices and standards of software development to your AWS infrastructure.

NEW QUESTION 12

Which of the following services can be used to block network traffic to an instance? (Select TWO.)

• A. Security groups
• B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
• C. Network ACLs
• D. Amazon CloudWatch
• E. AWS CloudTrail

Answer: AC

Explanation:
Security groups and network ACLs are two AWS services that can be used to block network traffic to an instance. Security groups are virtual firewalls that control the inbound and outbound traffic for your instances at the instance level. You can specify which protocols, ports, and source or destination IP addresses are allowed or denied for each instance. Security groups are stateful, which means that they automatically allow return traffic for any allowed inbound or outbound traffic123. Network ACLs are virtual firewalls that control the inbound and outbound traffic for your subnets at the subnet level. You can create rules to allow or deny traffic based on protocols, ports, and source or destination IP addresses. Network ACLs are stateless, which means that you have to explicitly allow return traffic for any allowed inbound or outbound traffic456. References: 1: Security groups for your VPC - Amazon Virtual Private Cloud, 2: Security Groups for Your VPC - Amazon Elastic Compute Cloud, 3: AWS Security Groups: Everything You Need to
Know, 4: Network ACLs - Amazon Virtual Private Cloud, 5: Control traffic to subnets using network ACLs - Amazon Virtual Private Cloud, 6: AWS Network ACLs: Everything You
Need to Know

NEW QUESTION 13

A company wants to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud.
Which AWS service should the company use to reduce management overhead for this environment?

• A. Amazon Elastic Container Service (Amazon ECS)
• B. Amazon SageMaker
• C. Amazon RDS
• D. Amazon Athena

Answer: C

Explanation:
Amazon Relational Database Service (Amazon RDS) is the AWS service that the company should use to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud. Amazon RDS is a fully managed service that provides a scalable, secure, and high-performance relational database platform. Amazon RDS supports several database engines, including Microsoft SQL Server. Amazon RDS reduces the management overhead for the database environment by taking care of tasks such as provisioning, patching, backup, recovery, and monitoring. For more information, see What is Amazon Relational Database Service (Amazon RDS)? and Amazon RDS for SQL Server.

NEW QUESTION 14

Which design principle is achieved by following the reliability pillar of the AWS Well- Architected Framework?

• A. Vertical scaling
• B. Manual failure recovery
• C. Testing recovery procedures
• D. Changing infrastructure manually

Answer: C

Explanation:
Testing recovery procedures is the design principle that is achieved by following the reliability pillar of the AWS Well-Architected Framework. The reliability pillar focuses on the ability of a system to recover from failures and prevent disruptions. Testing recovery procedures helps to ensure that the system can handle different failure scenarios and restore normal operations as quickly as possible. Testing recovery procedures also helps to identify and mitigate any risks or gaps in the system design and implementation. For more information, see [Reliability Pillar] and [Testing for Reliability].

NEW QUESTION 15

Which AWS Support plan provides customers with access to an AWS technical account manager (TAM)?

• A. AWS Basic Support
• B. AWS Developer Support
• C. AWS Business Support
• D. AWS Enterprise Support

Answer: D

Explanation:
The correct answer is D because AWS Enterprise Support is the support plan that provides customers with access to an AWS technical account manager (TAM). AWS Enterprise Support is the highest level of support plan offered by AWS, and it provides customers with the most comprehensive and personalized support experience. An AWS TAM is a dedicated technical resource who works closely with customers to understand their business and technical needs, provide proactive guidance, and coordinate support across AWS teams. The other options are incorrect because they are not support plans that provide customers with access to an AWS TAM. AWS Basic Support is the default and free support plan that provides customers with access to online documentation, forums, and account information. AWS Developer Support is the lowest level of paid support plan that provides customers with access to technical support during business hours, general guidance, and best practice recommendations. AWS Business Support is the intermediate level of paid support plan that provides customers with access to technical support 24/7, system health checks, architectural guidance, and case management. Reference: AWS Support Plans

NEW QUESTION 16

Which Amazon S3 storage class is the MOST cost-effective for long-term storage?

• A. S3 Glacier Deep Archive
• B. S3 Standard
• C. S3 Standard-Infrequent Access (S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: A

Explanation:
Amazon S3 Glacier Deep Archive is the lowest-cost storage class in the cloud. It is designed for long-term data archiving that is rarely accessed. It offers a retrieval time of 12 hours and a durability of 99.999999999% (11 9’s). It is ideal for data that must be retained for 7 years or longer to meet regulatory compliance requirements.

NEW QUESTION 17

Which of the following is a fully managed MySQL-compatible database?

• A. Amazon S3
• B. Amazon DynamoDB
• C. Amazon Redshift
• D. Amazon Aurora

Answer: D

Explanation:
Amazon Aurora is a fully managed MySQL-compatible database that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Amazon Aurora is part of the Amazon Relational Database Service (Amazon RDS) family, which means it inherits the benefits of a fully managed service, such as automated backups, patches, scaling, monitoring, and security. Amazon Aurora also offers up to five times the throughput of
standard MySQL, as well as high availability, durability, and fault tolerance with up to 15 read replicas, cross-Region replication, and self-healing storage. Amazon Aurora is compatible with the latest versions of MySQL, as well as PostgreSQL, and supports various features and integrations that enhance its functionality and usability123 References: Amazon Aurora, Amazon RDS, AWS — Amazon Aurora Overview

NEW QUESTION 18

An auditor needs to find out whether a specific AWS service is compliant with specific compliance frameworks.
Which AWS service will provide this information?

• A. AWS Artifact
• B. AWS Trusted Advisor
• C. Amazon GuardDuty
• D. AWS Certificate Manager (ACM)

Answer: A

Explanation:
AWS Artifact is the service that will provide the information about whether a specific AWS service is compliant with specific compliance frameworks. AWS Artifact is a self-service portal that allows you to access, review, and download AWS security and compliance reports and agreements. You can use AWS Artifact to verify the compliance status of AWS services across various regions and compliance programs, such as ISO, PCI, SOC, FedRAMP, HIPAA, and more12

NEW QUESTION 19
......