1. Which AWS service or resource helps on-premises applications connect to AWS Cloud-based storage and caches the data locally for low-latency access? Show A. AWS Direct Connect Reveal Answer: B 2. An online retail company has seasonal sales spikes several times a year, primarily around holidays. Demand is lower at other times. The company finds it difficult to predict the increasing infrastructure demand for each season. Which advantages of moving to the AWS Cloud would MOST benefit the company? (Choose two.) A. Global footprint Reveal Answer: B E 3. A company wants to ensure that two Amazon EC2 instances are in separate data centers with minimal communication latency between the data centers. How can the company meet this requirement? A. Place the EC2 instances in two separate AWS Regions connected with a VPC peering connection. Reveal Answer: D 4. Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-location environments, or on premises facilities? A. AWS Snowmobile Reveal Answer: C 5. A company wants to eliminate the need to guess infrastructure capacity before deployments. The company also wants to spend its budget on cloud resources only as the company uses the resources. Which advantage of the AWS Cloud matches the company’s requirements? A. Reliability Reveal Answer: A 6. A retail company wants to provision only the necessary amount of resources to handle the current demand. Which cloud benefit is the company trying to achieve with this goal? A. Reliability Reveal Answer: C 7. A company wants to migrate a small website and database quickly from on-premises infrastructure to the AWS Cloud. The company has limited operational knowledge to perform the migration. Which AWS service supports this use case? A. Amazon EC2 Reveal Answer: C 8. Which AWS service or feature allows a user to set up consolidated billing? A. AWS Billing Management Console Reveal Answer: B 9. Which AWS service can be used to encrypt data at rest? A. Amazon GuardDuty Reveal Answer: D 10. What is an IAM best practice for AWS account root user access keys? A. Delete all root user access keys, if possible. Reveal Answer: A 11. A company has performance and regulatory requirements that call for it to run its workload only in its on-premises data center. Which AWS services or resources should the company use? (Choose two.) A. Amazon Pinpoint Reveal Answer: B C 12. Elasticity in the AWS Cloud refers to which of the following? (Choose two.) A. How quickly an Amazon EC2 instance can be restarted Reveal Answer: B E 13. A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS. Where can the company purchase the security solution? A. AWS Partner Solutions Finder Reveal Answer: D 14. A company needs to improve the response rate of high-volume queries to its relational database. Which AWS service should the company use to offload requests to the database and improve overall response times? A. Amazon DynamoDB Accelerator (DAX) Reveal Answer: A 15. Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.) A. AWS VPN Reveal Answer: A D 16. Which pillar of the AWS Well-Architected Framework specifies that resources be provisioned in a timely manner and scale as needed to maintain effectiveness as demand changes? A. Cost optimization Reveal Answer: D 17. An IT department provisions more servers than are needed to run a workload. Which cloud architecture design principle supports changing this approach? A. Protect data in transit and at rest. Reveal Answer: B 18. A solutions architect needs to create a cost estimate for running workloads on AWS. The cost estimate must then be exported for management review. Which AWS service or feature should be used to accomplish these tasks? A. Cost Explorer Reveal Answer: C 19. Which AWS service should a company use to decouple large monolithic applications into smaller microservices components? A. AWS Direct Connect Reveal Answer: C 20. A company has defined the AWS resources that it needs for a new application. The company needs to estimate the costs of running the application on AWS. What should the company do to meet this requirement? A. Take advantage of AWS on-demand pricing. Reveal Answer: B 21. A company has a globally distributed user base. The company needs its application to be highly available and have low latency for end users. Which AWS architectural approach will MOST effectively support these requirements? A. Single-Region, Multi-AZ architecture Reveal Answer: B 22. Which AWS service or feature for technical assistance is available to a user who has the AWS Basic Support plan? A. AWS senior support engineers Reveal Answer: A 23. A company needs to migrate its on-premises data to the AWS Cloud. The company requires elastic, highly optimized connectivity. Which AWS service meets these requirements? A. Amazon S3 Glacier Reveal Answer: B 24. When an Amazon EC2 instance is terminated, which AWS service can identify the user that made the API call? A. Amazon CloudWatch Reveal Answer: B 25. Which controls does the customer fully inherit from AWS in the AWS shared responsibility model? A. Patch management controls Reveal Answer: C 26. Which feature can be used to protect Amazon S3 buckets from accidental overwrites or deletes? A. Lifecycle policy Reveal Answer: B 27. Which of the following are AWS security best practices for using AWS Identity and Access Management (IAM) to manage an AWS account root user? (Choose two.) A. Set up multi-factor authentication (MFA) for the root user. Reveal Answer: A E 28. Service control policies (SCPs) manage permissions for which of the following? A. Availability Zones Reveal Answer: C 29. A database administrator is trying to determine who deleted a critical Amazon Redshift cluster. Which AWS service helps with monitoring and retaining this type of account activity? A. AWS CloudTrail Reveal Answer: A 30. Which pillar of the AWS Well-Architected Framework includes the AWS shared responsibility model? A. Operational excellence Reveal Answer: D 31. A company runs its business-critical web application on Amazon Elastic Container Service (Amazon ECS) and Amazon DynamoDB. The workload spikes up to 10 times the normal workload multiple times during the day. Which AWS Cloud feature enables the company to meet these changes in demand? A. Agility Reveal Answer: C 32. A company’s traffic logs show that IP addresses owned by AWS are being used in an attempt to flood ports on system resources. To whom should the cloud practitioner report this issue? A. AWS Professional Services Reveal Answer: B 33. An Amazon EC2 instance previously used for development is inaccessible and no longer appears in the AWS Management Console. Which AWS service should be used to determine what action made this EC2 instance inaccessible? A. Amazon CloudWatch Logs Reveal Answer: D 34. Which AWS service is a highly available and scalable DNS web service? A. Amazon VPC Reveal Answer: C 35. A company is moving its office and must establish an encrypted connection to AWS. Which AWS service will help meet this requirement? A. AWS VPN Reveal Answer: A 36. Which statement explains the benefit of agility in the AWS Cloud? A. Agility gives users the ability to host applications in multiple AWS Regions around the world. Reveal Answer: D 37. Which of the following are user authentication services managed by AWS? (Choose two.) A. Amazon Cognito Reveal Answer: A D 38. Which AWS service or tool helps identify underutilized Amazon EC2 instances and idle Amazon RDS DB instances at no additional charge? A. Cost Explorer Reveal Answer: D 39. Which of the following are customer responsibilities under the AWS shared responsibility model? (Choose two.) A. Physical security of AWS facilities Reveal Answer: D E 40. A user should contact the AWS Abuse team to report which situations? (Choose two.) A. A DDoS attack is being made on an AWS resource. Reveal Answer: A C 41. A company uses Amazon DynamoDB in its AWS Cloud architecture. According to the AWS shared responsibility model, which of the following are responsibilities of the company? (Choose two.) A. Operating system patching and upgrades Reveal Answer: B D 42. What should a user do to deploy an application in geographically separate locations? A. Deploy the application in different placement groups. Reveal Answer: C 43. A company wants to rightsize its infrastructure to control costs. At which points should the company rightsize? (Choose two.) A. Rightsize before a migration occurs to the cloud. Reveal Answer: D E 44. Which tasks should a user perform if the user suspects that an AWS account has been compromised? (Choose two.) A. Remove any multi-factor authentication (MFA) tokens. Reveal Answer: B E 45. A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speed. Which AWS service meets these requirements? A. Amazon CloudFront Reveal Answer: A 46. Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime? A. Agility Reveal Answer: D 47. A company is moving its development and test environments to AWS to increase agility and reduce cost. Because these are not production workloads and the servers are not fully utilized, occasional unavailability is acceptable. What is the MOST cost-effective Amazon EC2 pricing model that will meet these requirements? A. Reserved Instances Reveal Answer: C 48. Which guidelines are key AWS architectural design principles? (Choose two.) A. Design for fixed resources. Reveal Answer: B D 49. What is the LEAST expensive AWS Support plan that provides 24-hour access to AWS customer service and AWS communities? A. AWS Enterprise Support Reveal Answer: D 50. A company with AWS Enterprise Support has questions about its consolidated bill. Which AWS service, feature, or tool should the company use for assistance? A. AWS Pricing Calculator Reveal Answer: C 51. A company needs to perform a one-time migration of 40TB of data from its on-premises storage servers to Amazon S3. The transfer must happen as quickly as possible while keeping costs to a minimum. The company has 100 Mbps internet connectivity. Which AWS service will meet these requirements? A. AWS Snowball Reveal Answer: A 52. A company uses Amazon S3 buckets. One of the company’s departments enabled S3 CrossRegion Replication for those buckets to meet new requirements. The company’s bill for that month was larger than usual. Which AWS service or feature can the company use to confirm that the cost increase was caused by the data replication? A. Consolidated billing Reveal Answer: B 53. A company wants to store data with high availability, encrypt the data at rest, and have direct access to the data over the internet. Which AWS service will meet these requirements MOST cost-effectively? A. Amazon Elastic Block Store (Amazon EBS) Reveal Answer: B 54. How do AWS users trade infrastructure expenses for operational expenses? A. Secure their physical infrastructure to prevent malicious attacks. Reveal Answer: D 55. A network engineer needs to establish a dedicated 10 Gbps network connection from an on premises environment to AWS. Which AWS service or feature should the engineer use? A. Amazon Route 53 Reveal Answer: B 56. Which AWS service or feature provides an online, managed software catalog that helps users purchase and deploy third-party software? A. AWS Support Reveal Answer: B 57. A company has a Java web application. The company wants to use auto deployment to create the AWS environment and deploy new versions of its application. Which AWS service will meet these requirements? A. AWS Auto Scaling Reveal Answer: B 58. Which action will provide documentation to help a company evaluate whether its use of the AWS Cloud is compliant with local regulatory standards? A. Running Amazon GuardDuty Reveal Answer: B 59. A company is launching a new application in the AWS Cloud. The application will run on an Amazon EC2 instance. More EC2 instances will be needed when the workload increases. Which AWS service or tool can the company use to launch the number of EC2 instances that will be needed to handle the workload? Is data automatically encrypted in AWS?All data flowing across AWS Regions over the AWS global network is automatically encrypted at the physical layer before it leaves AWS secured facilities. All traffic between AZs is encrypted. Additional layers of encryption, including those listed in this section, may provide additional protections.
Which AWS services or features provide data encryption by default?AES-256 is the technology we use to encrypt data in AWS, including Amazon Simple Storage Service (S3) server-side encryption.
Is encryption enabled by default in S3?Default encryption works with all existing and new Amazon S3 buckets. Without default encryption, to encrypt all objects stored in a bucket, you must include encryption information with every object storage request.
Does AWS automatically encrypt data at rest?Note: By default, an instance type that includes an NVMe instance store encrypts data at rest using an XTS-AES-256 block cipher. See this FAQ about NVMe-supported instance types. If you're using an NVMw instance type, then data at rest is encrypted by default, and this post doesn't apply to your situation.
|