A company needs an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities. Which AWS service will meet these requirements?
A. Amazon GuardDuty B. Amazon Inspector C. AWS Security Hub D. AWS Shield
Answer: B Explanation:The correct answer is B. Amazon Inspector.Amazon Inspector is an automated vulnerability management service that continually scansAWS workloads for software vulnerabilities and unintended network exposure. AmazonInspector automatically discovers workloads, such as Amazon EC2 instances, containers,and Lambda functions, and scans them for software vulnerabilities and unintended networkexposure12.Amazon GuardDuty is a threat detection service that monitors your AWS accounts andworkloads for malicious or unauthorized activity. Amazon GuardDuty does not scan forsoftware vulnerabilities, but rather analyzes AWS CloudTrail, Amazon VPC Flow Logs, andDNS logs to detect threats such as compromised credentials, backdoors, or cryptomining3.AWS Security Hub is a security and compliance service that aggregates and prioritizessecurity findings from multiple AWS services and partner solutions. AWS Security Hubdoes not scan for software vulnerabilities, but rather provides a comprehensive view ofyour security posture across your AWS accounts4.AWS Shield is a managed service that protects your web applications and networkresources from distributed denial-of-service (DDoS) attacks. AWS Shield does not scan forsoftware vulnerabilities, but rather provides detection and mitigation of DDoS attacks at thenetwork and application layers5.References:1: Automated Software Vulnerability Management - Amazon Inspector - AWS 3: [AmazonGuardDuty – Intelligent Threat Detection Made Easy] 2: AWS Re-Launches AmazonInspector with New Architecture and Features - InfoQ 4: [AWS Security Hub – UnifiedSecurity and Compliance Center] 5: [AWS Shield – Managed DDoS Protection]
Question # 162
For which AWS service is the customer responsible for maintaining the underlying operating system?
A. Amazon DynamoDB B. Amazon S3 C. Amazon EC2 D. AWS Lambda
Answer: C Explanation: Amazon EC2 is a service that provides resizable compute capacity in thecloud. Users can launch and manage virtual servers, known as instances, that run on theAWS infrastructure. Users are responsible for maintaining the underlying operating systemof the instances, as well as any applications or software that run on them. AmazonDynamoDB is a service that provides a fully managed NoSQL database that delivers fastand consistent performance at any scale. Users do not need to manage the underlyingoperating system or the database software. Amazon S3 is a service that provides scalableand durable object storage in the cloud. Users do not need to manage the underlyingoperating system or the storage infrastructure. AWS Lambda is a service that allows usersto run code without provisioning or managing servers. Users only need to upload their codeand configure the triggers and parameters. AWS Lambda takes care of the underlyingoperating system and the execution environment.
Question # 163
A company wants to use the latest technologies and wants to minimize its capital investment. Instead of upgrading on-premises infrastructure, the company wants to move to the AWS Cloud. Which AWS Cloud benefit does this scenario describe?
A. Increased speed to market B. The trade of infrastructure expenses for operating expenses C. Massive economies of scale D. The ability to go global in minutes
Answer: B Explanation: The trade of infrastructure expenses for operating expenses is one of thebenefits of the AWS Cloud. By moving to the AWS Cloud, the company can avoid theupfront costs of purchasing and maintaining on-premises infrastructure, such as servers,storage, network, and software. Instead, the company can pay only for the AWS resourcesand services that they use, as they use them. This reduces the risk and complexity ofplanning and managing IT infrastructure, and allows the company to focus on innovationand growth. Increased speed to market, massive economies of scale, and the ability to goglobal in minutes are also benefits of the AWS Cloud, but they are not the best ones todescribe this scenario. Increased speed to market means that the company can launch new products and services faster by using AWS services and tools. Massive economies ofscale means that the company can benefit from the lower costs and higher performancethat AWS achieves by operating at a large scale. The ability to go global in minutes meansthat the company can deploy their applications and data in multiple regions and availabilityzones around the world to reach their customers faster and improve performance andreliability5
Question # 164
A company has deployed an application in the AWS Cloud. The company wants to ensure that the application is highly resilient. Which component of AWS infrastructure can the company use to meet this requireme
A. Content delivery network (CDN) B. Edge locations C. Wavelength Zones D. Availability Zones
Answer: D Explanation: Availability Zones are components of AWS infrastructure that can help thecompany ensure that the application is highly resilient. Availability Zones are multiple,isolated locations within each AWS Region. Each Availability Zone has independent power,cooling, and physical security, and is connected to the other Availability Zones in the sameRegion via low-latency, high-throughput, and highly redundant networking. AvailabilityZones allow you to operate production applications and databases that are more highlyavailable, fault tolerant, and scalable than would be possible from a single data center.
Question # 165
A company wants an AWS service to provide product recommendations based on its customer data. Which AWS service will meet this requirement?
A. Amazon Polly B. Amazon Personalize C. Amazon Comprehend D. Amazon Rekognition
Answer: B Explanation: Amazon Personalize is an AWS service that helps developers quickly build and deploy acustom recommendation engine with real-time personalization and user segmentation1. Ituses machine learning (ML) to analyze customer data and provide relevantrecommendations based on their preferences, behavior, and context. Amazon Personalizecan be used for various use cases such as optimizing recommendations, targetingcustomers more accurately, maximizing the value of unstructured text, and promoting itemsusing business rules1.The other options are not suitable for providing product recommendations based oncustomer data. Amazon Polly is a service that converts text into lifelike speech. AmazonComprehend is a service that uses natural language processing (NLP) to extract insightsfrom text and documents. Amazon Rekognition is a service that uses computer vision (CV)to analyze images and videos for faces, objects, scenes, and activities.References:1: Cloud Products - Amazon Web Services (AWS)2: Recommender System – Amazon Personalize – Amazon Web Services3: Top 25 AWS Services List 2023 - GeeksforGeeks4: AWS to Azure services comparison - Azure Architecture Center5: The 25+ Best AWS Cost Optimization Tools (Updated 2023) - CloudZero6: Amazon Polly – Text-to-Speech Service - AWS7: Natural Language Processing - Amazon Comprehend - AWS8: Image and Video Analysis - Amazon Rekognition - AWS
Question # 166
A company needs to set a maximum spending limit on AWS services each month. The company also needs to set up alerts for when the company reaches its spending limit. Which AWS service or tool should the company use to meet these requirements?
A. Cost Explorer B. AWS Trusted Advisor C. Service Quotas D. AWS Budgets
Answer: D Explanation: AWS Budgets is a service that helps you plan your service usage, service costs, and instance reservations, and track how close your plan is to your budgetedamount. You can set custom budgets that alert you when you exceed (or are forecasted toexceed) your budgeted thresholds. You can also use AWS Budgets to set a maximumspending limit on AWS services each month and set up alerts for when you reach yourspending limit. Cost Explorer is a service that enables you to visualize, understand, andmanage your AWS costs and usage over time. You can use Cost Explorer to view chartsand graphs that show how your costs are trending, identify areas that need further inquiry,and see the impact of your cost management actions. However, Cost Explorer does notallow you to set a maximum spending limit or alerts for your AWS services. AWS TrustedAdvisor is a service that provides you real time guidance to help you provision yourresources following AWS best practices, including security and performance. It can helpyou monitor for cost optimization opportunities, such as unused or underutilized resources,but it does not allow you to set a maximum spending limit or alerts for your AWS services.Service Quotas is a service that enables you to view and manage your quotas, alsoreferred to as limits, from a central location. Quotas, also referred to as limits, are themaximum number of resources that you can create in your AWS account. However,Service Quotas does not allow you to set a maximum spending limit or alerts for your AWSservices.
Question # 167
A company is migrating to the AWS Cloud to meet storage needs. The company wants to optimize costs based on the amount of storage that the company uses. Which AWS offering or benefit will meet these requirements MOST cost-effectively?
A. Pay-as-you-go pricing B. Savings Plans C. AWS Free Tier D. Volume-based discounts
Answer: D Explanation: Volume-based discounts are an AWS offering or benefit that can help thecompany optimize costs based on the amount of storage that the company uses. Volume- based discounts are discounts that AWS provides for some storage services, such asAmazon S3 and Amazon EBS, when the company stores a large amount of data. The moredata the company stores, the lower the price per GB. For example, Amazon S3 offers sixstorage classes, each with a different price per GB. The price per GB decreases as theamount of data stored in each storage class increases
Question # 168
A company has a MySQL database running on a single Amazon EC2 instance. The company now requires higher availability in the event of an outage. Which set of tasks would meet this requirement?
A. Add an Application Load Balancer in front of the EC2 instance. B. Configure EC2 Auto Recovery to move the instance to another Availability Zone. C. Migrate to Amazon RDS and enable Multi-AZ. D. Enable termination protection for the EC2 instance to avoid outages.
Answer: C Explanation: The set of tasks that would meet the requirement of having higher availabilityfor a MySQL database running on a single Amazon EC2 instance is to migrate to AmazonRDS and enable Multi-AZ. Amazon RDS is a fully managed relational database service thatsupports MySQL and other popular database engines. By enabling Multi-AZ, users canhave a primary database in one Availability Zone and a synchronous standby replica inanother Availability Zone. In case of a planned or unplanned outage of the primarydatabase, Amazon RDS automatically fails over to the standby replica with minimaldisruption3. Adding an Application Load Balancer in front of the EC2 instance, configuringEC2 Auto Recovery to move the instance to another Availability Zone, or enablingtermination protection for the EC2 instance would not provide higher availability for thedatabase, as they do not address the single point of failure or data replication issues.
Question # 169
A company is building an application in the AWS Cloud. The company wants to use temporary credentials for the application to access other AWS resources. Which AWS service will meet these requirements?
A. AWS Key Management Service (Aws KMS) B. AWS CloudHSM C. Amazon Cognito D. AWS Security Token Service (Aws STS)
Answer: D Explanation: AWS Security Token Service (AWS STS) is a service that providestemporary security credentials to users or applications that need to access AWS resources.The temporary credentials have a limited lifetime and can be configured to last from a fewminutes to several hours. The credentials are not stored with the user or application, butare generated dynamically and provided on request. The credentials work almostidentically to long-term access key credentials, but have the advantage of not requiringdistribution, rotation, or revocation1.AWS Key Management Service (AWS KMS) is a service that provides encryption anddecryption services for data and keys. It does not provide temporary security credentials2.AWS CloudHSM is a service that provides hardware security modules (HSMs) forcryptographic operations and key management. It does not provide temporary securitycredentials3.Amazon Cognito is a service that provides user authentication and authorization for weband mobile applications. It can also provide temporary security credentials forauthenticated users, but not for applications4.
Question # 170
Which AWS service uses AWS Compute Optimizer to provide sizing recommendations based on workload metrics?
A. Amazon EC2 B. Amazon RDS C. Amazon Lightsail D. AWS Step Functions
Answer: A Explanation:Amazon EC2 is a web service that provides secure, resizable compute capacity in thecloud. It allows you to launch virtual servers, called instances, with different configurationsof CPU, memory, storage, and networking resources. AWS Compute Optimizer analyzesthe specifications and utilization metrics of your Amazon EC2 instances and generatesrecommendations for optimal instance types that can reduce costs and improveperformance. You can view the recommendations on the AWS Compute Optimizer consoleor the Amazon EC2 console12.Amazon RDS, Amazon Lightsail, and AWS Step Functions are not supported by AWSCompute Optimizer. Amazon RDS is a managed relational database service that lets youset up, operate, and scale a relational database in the cloud. Amazon Lightsail is an easyto-use cloud platform that offers everything you need to build an application or website,plus a cost-effective, monthly plan. AWS Step Functions lets you coordinate multiple AWSservices into serverless workflows so you can build and update apps quickly3 .