Which AWS service can a company use to find security and compliance reports, including International Organization for Standardization (ISO) reports?
A. AWS Artifact B. Amazon CloudWatch C. AWS Config D. AWS Audit Manager
Answer: A Explanation: AWS Artifact is a self-service portal that provides on-demand access to AWSsecurity and compliance reports and select online agreements. You can use AWS Artifactto download AWS service audit reports, such as ISO, PCI, and SOC, and to accept andmanage agreements with AWS, such as the Business Associate Addendum (BAA).
Question # 142
Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture?
A. Security B. Governance C. Operations D. Platform
Answer: D Explanation:The correct answer is D. Platform.The Platform perspective in the AWS Cloud Adoption Framework (AWS CAF) includes acapability for well-designed data and analytics architecture. This capability helps youdesign, implement, and optimize your data and analytics solutions on AWS, using servicessuch as Amazon S3, Amazon Redshift, Amazon EMR, Amazon Kinesis, Amazon Athena,and Amazon QuickSight. A well-designed data and analytics architecture enables you tocollect, store, process, analyze, and visualize data from various sources, and deriveinsights that can drive your business decisions12.The Security perspective does not include a capability for data and analytics architecture,but it does include a capability for data protection, which helps you secure your data at restand in transit using encryption, key management, access control, and auditing13.The Governance perspective does not include a capability for data and analyticsarchitecture, but it does include a capability for data governance, which helps you manage the quality, availability, usability, integrity, and security of your data assets14.The Operations perspective does not include a capability for data and analyticsarchitecture, but it does include a capability for data operations, which helps you monitor,troubleshoot, and optimize the performance and availability of your data pipelines andworkloads1 .References:1: Foundational capabilities - An Overview of the AWS Cloud Adoption Framework 2: [AWSCloud Adoption Framework: Platform Perspective] 3: [AWS Cloud Adoption Framework:Security Perspective] 4: [AWS Cloud Adoption Framework: Governance Perspective] :[AWS Cloud Adoption Framework: Operations Perspective]
Question # 143
A company has set up a VPC on AWS. The company needs a dedicated connection between the VPC and the company’s on-premises network. Which action should the company take to meet this requirement?
A. Establish a VPN connection between the VPC and the company's on-premises network. B. Establish an AWS Direct Connect connection between the VPC and the company's onpremisesnetwork. C. Attach an internet gateway to the VPC. Use the AWS public endpoints for connectivity. D. Configure Amazon Connect to provide connectivity between the VPC and thecompany's on-premisesnetwork.
Answer: B Explanation: Establishing an AWS Direct Connect connection between the VPC and thecompany’s on-premises network is the action that the company should take to meet therequirement of having a dedicated connection between the VPC and the company’s onpremisesnetwork. AWS Direct Connect is a service that lets you establish a dedicatednetwork connection between your network and one of the AWS Direct Connect locations.Using AWS Direct Connect, you can create a private connection between AWS and yourdatacenter, office, or colocation environment, which can reduce your network costs,increase bandwidth throughput, and provide a more consistent network experience thaninternet-based connections. Establishing a VPN connection between the VPC and the company’s on-premises network is an action that the company can take to create a secureand encrypted connection between the VPC and the company’s on-premises network, butit is not a dedicated connection, as it uses the public internet as the transport mechanism.Attaching an internet gateway to the VPC and using the AWS public endpoints forconnectivity is an action that the company can take to enable communication between theVPC and the internet, but it is not a dedicated connection, as it also uses the public internetas the transport mechanism. Configuring Amazon Connect to provide connectivity betweenthe VPC and the company’s on-premises network is not an action that the company cantake, because Amazon Connect is a service that lets you set up and manage a contactcenter in the cloud, but it does not provide network connectivity between the VPC and thecompany’s on-premises network.
Question # 144
Which AWS service is an in-memory data store service?
A. Amazon Aurora B. Amazon RDS C. Amazon DynamoDB D. Amazon ElastiCache
Answer: D Explanation: Amazon ElastiCache is a fully managed in-memory data store and cacheservice that delivers sub-millisecond response times to applications. You can useElastiCache as a primary data store for your applications, or as a cache to improve theperformance of your existing databases. ElastiCache supports two popular open-source inmemoryengines: Redis and Memcached5.
Question # 145
Which option is the default pricing model for Amazon EC2 instances?
A. On-Demand Instances B. Savings Plans C. Spot Instances D. Reserved Instances
Answer: A Explanation: On-Demand Instances are the default pricing model for Amazon EC2instances. They allow users to pay for compute capacity by the second, with no long-termcommitments or upfront payments. They are suitable for applications with short-term,irregular, or unpredictable workloads that cannot be interrupted3. Savings Plans are apricing model that offer significant savings on Amazon EC2 and AWS Fargate usage, inexchange for a commitment to a consistent amount of usage (measured in $/hour) for a 1-year or 3-year term. Spot Instances are a pricing model that offer spare Amazon EC2compute capacity at up to 90% discount compared to On-Demand prices, but they can beinterrupted by AWS with a two-minute notice when the demand exceeds the supply.Reserved Instances are a pricing model that offer up to 75% discount compared to On-Demand prices, in exchange for a commitment to use a specific instance type and size in aspecific region for a 1-year or 3-year term.
Question # 146
Which AWS service will allow a user to set custom cost and usage limits, and will alert when the thresholds are exceeded?
A. AWS Organizations B. AWS Budgets C. Cost Explorer D. AWS Trusted Advisor
Answer: B Explanation: AWS Budgets allows you to set custom budgets that alert you when yourcosts or usage exceed (or are forecasted to exceed) your budgeted amount. You can alsouse AWS Budgets to set reservation utilization or coverage targets and receive alerts whenyour utilization drops below the threshold you define. AWS Budgets provides you with acomprehensive view of your cost and usage, as well as your reservation utilization andcoverage1.
Question # 147
A company's headquarters is located on a different continent from where the majority of the company's customers live. The company wants an AWS Cloud environment setup that will provide the lowest latency to the customers. A company wants to automate the creation of new AWS accounts and automatically prevent all users from creating Amazon EC2 instances. Which AWS service provides this functionality?
A. AWS Service Catalog B. AWS Organizations C. EC2 Image Builder D. AWS Systems Manager
Answer: B Explanation: AWS Organizations is a service that enables you to create and managemultiple AWS accounts centrally. You can use AWS Organizations to automate accountcreation, apply policies to control access and permissions, and consolidate billing acrossyour accounts. You can also use AWS Organizations to prevent users from creatingAmazon EC2 instances in certain regions or with certain configurations2
Question # 148
A company is moving to the AWS Cloud to reduce operational overhead for its application infrastructure. Which IT operation will the company still be responsible for after the migration to AWS?
A. Security patching of AWS Elastic Beanstalk B. Backups of data that is stored in Amazon Aurora C. Termination of Amazon EC2 instances that are managed by AWS Auto Scaling D. Configuration of 1AM access controls
Answer: D Explanation: AWS Elastic Beanstalk, Amazon Aurora, and AWS Auto Scaling aremanaged services that reduce the operational overhead for the customers. AWS isresponsible for security patching, backups, and termination of these services. However, thecustomers are still responsible for configuring IAM access controls to manage thepermissions and policies for their AWS resources. This is part of the AWS sharedresponsibility model, which defines the security and compliance responsibilities of AWSand the customers. You can learn more about the AWS shared responsibility modelfrom this whitepaper or this digital course.
Question # 149
Which AWS Cloud benefit describes the ability to acquire resources as they are needed and release resources when they are no longer needed?
A. Economies of scale B. Elasticity C. Agility D. Security
Answer: B Explanation: The AWS Cloud benefit that describes the ability to acquire resources asthey are needed and release resources when they are no longer needed is elasticity.Elasticity means that users can quickly add and remove resources to match the demand oftheir applications, and only pay for what they use. Elasticity enables users to handleunpredictable workloads, reduce costs, and improve performance1. Economies of scale,agility, and security are other benefits of the AWS Cloud, but they do not describe thespecific ability of acquiring and releasing resources on demand.
Question # 150
Which AWS service provides storage that can be mounted across multiple Amazon EC2 instances?
A. Amazon Workspaces B. Amazon Elastic File System (Amazon EFS) C. AWS Database Migration Service (AWS DMS) D. AWS Snowball Edge
Answer: B Explanation: Amazon EFS is a fully managed service that provides scalable and elasticfile storage for multiple Amazon EC2 instances. Amazon EFS supports the Network FileSystem (NFS) protocol, which allows multiple EC2 instances to access the same filesystem concurrently. You can learn more about Amazon EFS from this webpage or thisdigital course.