A company wants to launch multiple workloads on AWS. Each workload is related to a different business unit. The company wants to separate and track costs for each business unit. Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS Organizations and create one account for each business unit. B. Use a spreadsheet to control the owners and cost of each resource. C. Use an Amazon DynamoDB table to record costs for each business unit. D. Use the AWS Billing console to assign owners to resources and track costs.
Answer: A Explanation: AWS Organizations is a service that helps you centrally manage and governyour AWS environment. You can use AWS Organizations to create multiple accounts fordifferent business units, and group them into organizational units (OUs) that reflect yourorganizational structure1. By doing so, you can separate and track costs for each businessunit using the account ID as a cost allocation tag2. You can also use AWS Organizations toapply policies and controls to your accounts, such as service control policies (SCPs) andtag policies1.The other options are not suitable for meeting the requirements with the least operational
Question # 192
A company has all of its servers in the us-east-1 Region. The company is considering the deployment of additional servers different Region. Which AWS tool should the company use to find pricing information for other Regions?
A. Cost Explorer B. AWS Budgets C. AWS Purchase Order Management D. AWS Pricing Calculator
Answer: D Explanation: AWS Pricing Calculator lets customers explore AWS services, and create anestimate for the cost of their use cases on AWS. AWS Pricing Calculator can also comparethe costs of different AWS Regions and configurations. Cost Explorer is a tool that enablescustomers to visualize, understand, and manage their AWS costs and usage over time.AWS Budgets gives customers the ability to set custom budgets that alert them when theircosts or usage exceed (or are forecasted to exceed) their budgeted amount. AWSPurchase Order Management is a feature that allows customers to pay for their AWSinvoices using purchase orders.
Question # 193
A company wants its Amazon EC2 instances to share the same geographic area but use multiple independent underlying power sources. Which solution achieves this goal?
A. Use EC2 instances in a single Availability Zone. B. Use EC2 instances in multiple AWS Regions. C. Use EC2 instances in multiple Availability Zones in the same AWS Region. D. Use EC2 instances in the same edge location and the same AWS Region.
Answer: C Explanation: The solution that achieves the goal of having Amazon EC2 instances sharethe same geographic area but use multiple independent underlying power sources is to useEC2 instances in multiple Availability Zones in the same AWS Region. An AvailabilityZone is a physically isolated location within an AWS Region that has its own power,cooling, and network connectivity. An AWS Region is a geographical area that consists oftwo or more Availability Zones. By using multiple Availability Zones, users can increase thefault tolerance and resilience of their applications, as well as reduce latency for end users3.Using EC2 instances in a single Availability Zone, multiple AWS Regions, or the sameedge location and the same AWS Region would not meet the requirement of havingmultiple independent power sources.
Question # 194
Which company needs to apply security rules to a subnet for Amazon EC2 instances. Which AWS service or feature provides this functionality?
A. Network ACLs B. Security groups C. AWS Certificate Manager (ACM) D. AWS Config
Answer: A Explanation: Network ACLs (network access control lists) are an AWS service or feature that provides the functionality of applying security rules to a subnet for EC2 instances. Asubnet is a logical partition of an IP network within a VPC (virtual private cloud). A VPC is alogically isolated section of the AWS Cloud where the company can launch AWS resourcesin a virtual network that they define. A network ACL is a virtual firewall that controls theinbound and outbound traffic for one or more subnets. The company can use networkACLs to allow or deny traffic based on protocol, port, or source and destination IP address.Network ACLs are stateless, meaning that they do not track the traffic that flows throughthem. Therefore, the company must create rules for both inbound and outbound traffic4
Question # 195
A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely. Which AWS service or framework should the company use for operational support?
A. AWS Support B. AWS Cloud Adoption Framework (AWS CAF) C. AWS Managed Services (AMS) D. AWS Well-Architected Framework
Answer: D Explanation: The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating workloads on AWS. It helps customers achieveoperational excellence, security, reliability, performance efficiency, cost optimization, andsustainability. The framework is based on six pillars, each with its own design principles,best practices, and questions. Customers can use the framework to assess their currentstate, identify gaps, and implement improvements12.AWS Support is a service that provides technical assistance, guidance, and resources forAWS customers. It offers different plans with varying levels of access to AWS experts,response times, and features3. AWS Support does not provide a comprehensiveframework for operational support.AWS Cloud Adoption Framework (AWS CAF) is a guidance tool that helps customers planand execute their cloud migration journey. It provides a set of perspectives, capabilities,and best practices to align the business and technical aspects of cloud adoption4. AWSCAF does not focus on operational support for existing workloads on AWS.AWS Managed Services (AMS) is a service that operates AWS infrastructure on behalf ofcustomers. It provides a secure and compliant environment, automates common activities,and applies best practices for provisioning, patching, backup, recovery, and monitoring5.AMS does not provide a framework for customers to operate their own workloads on AWS.
Question # 196
Which AWS Support plan is the minimum recommended tier for users who have production workloads on AWS?
A. AWS Developer Support B. AWS Enterprise Support C. AWS Business Support D. AWS Enterprise On-Ramp Support
Answer: C Explanation: AWS Business Support is the minimum recommended tier for users whohave production workloads on AWS. AWS Business Support provides 24x7 access tocloud support engineers via phone, chat, or email, as well as a guaranteed response timeof less than one hour for urgent issues. AWS Business Support also includes access toAWS Trusted Advisor, a tool that provides real-time guidance to help you provision yourresources following AWS best practices4.
Question # 197
A developer has been hired by a large company and needs AWS credentials. Which are security best practices that should be followed? (Select TWO.)
A. Grant the developer access to only the AWS resources needed to perform the job. B. Share the AWS account root user credentials with the developer. C. Add the developer to the administrator's group in AWS IAM. D. Configure a password policy that ensures the developer's password cannot be changed. E. Ensure the account password policy requires a minimum length.
Answer: A,E Explanation: The security best practices that should be followed are A and E.A. Grant the developer access to only the AWS resources needed to perform the job. Thisis an example of the principle of least privilege, which means giving the minimumpermissions necessary to achieve a task. This reduces the risk of unauthorized access,data leakage, or accidental damage to AWS resources. You can use AWS Identity andAccess Management (IAM) to create users, groups, roles, and policies that grant finegrainedaccess to AWS resources12.E. Ensure the account password policy requires a minimum length. This is a basic securitymeasure that helps prevent brute-force attacks or guessing of passwords. A longerpassword is harder to crack than a shorter one. You can use IAM to configure a passwordpolicy that enforces a minimum password length, as well as other requirements such ascomplexity, expiration, and history34.B. Share the AWS account root user credentials with the developer. This is a bad practicethat should be avoided. The root user has full access to all AWS resources and services,and can perform sensitive actions such as changing billing information, closing the account,or deleting all resources. Sharing the root user credentials exposes your account topotential compromise or misuse. You should never share your root user credentials withanyone, and use them only for account administration tasks5 .C. Add the developer to the administrator’s group in IAM. This is also a bad practice thatshould be avoided. The administrator’s group has full access to all AWS resources andservices, which is more than what a developer needs to perform their job. Adding thedeveloper to the administrator’s group violates the principle of least privilege and increasesthe risk of unauthorized access, data leakage, or accidental damage to AWS resources.You should create a custom group for the developer that grants only the necessary permissions for their role12.D. Configure a password policy that ensures the developer’s password cannot be changed.This is another bad practice that should be avoided. Preventing the developer fromchanging their password reduces their ability to protect their credentials and comply withsecurity policies. For example, if the developer’s password is compromised, they cannotchange it to prevent further unauthorized access. Or if the company requires periodicpassword rotation, they cannot update their password to meet this requirement. You shouldallow the developer to change their password as needed, and enforce a password policythat sets reasonable rules for password management34.
Question # 198
A company uses AWS for its web application. The company wants to minimize latency and perform compute operations for the application as close to end users as possible. Which AWS service or infrastructure component will provide this functionality?
A. AWS Regions B. Availability Zones C. Edge locations D. AWS Direct Connect
Answer: C Explanation: Edge locations are sites that Amazon CloudFront uses to cache copies ofyour content for faster delivery to users at any location. You can use Amazon CloudFront todeliver your entire website, including dynamic, static, streaming, and interactive contentusing a global network of edge locations. Requests for your content are automaticallyrouted to the nearest edge location, so content is delivered with the best possibleperformance3. Edge locations can also host AWS Lambda functions to perform computeoperations for your web application as close to end users as possible4.
Question # 199
Which AWS services can be used to store files? (Select TWO.)
A. Amazon S3 B. AWS Lambda C. Amazon Elastic Block Store (Amazon EBS) D. Amazon SageMaker E. AWS Storage Gateway
Answer: A,C Explanation: Amazon S3 and Amazon EBS are two AWS services that can be used tostore files . Amazon S3 is an object storage service that offers high scalability, durability,availability, and performance. Amazon EBS is a block storage service that providespersistent and low-latency storage volumes for Amazon EC2 instances. AWS Lambda,Amazon SageMaker, and AWS Storage Gateway are other AWS services that havedifferent purposes, such as serverless computing, machine learning, and hybrid cloudstorage .
Question # 200
A company wants to define a central data protection policy that works across AWS services for compute, storage, and database resources. Which AWS service will meet this requirement?
A. AWS Batch B. AWS Elastic Disaster Recovery C. AWS Backup D. Amazon FSx
Answer: C Explanation: The AWS service that will meet this requirement is C. AWS Backup.AWS Backup is a service that allows you to define a central data protection policy thatworks across AWS services for compute, storage, and database resources. You can useAWS Backup to create backup plans that specify the frequency, retention, and lifecycle ofyour backups, and apply them to your AWS resources using tags or resource IDs. AWSBackup supports various AWS services, such as Amazon EC2, Amazon EBS, AmazonRDS, Amazon DynamoDB, Amazon EFS, Amazon FSx, and AWS Storage Gateway12.AWS Batch is a service that allows you to run batch computing workloads on AWS. AWSBatch does not provide a central data protection policy, but rather enables you to optimizethe allocation and utilization of your compute resources3.AWS Elastic Disaster Recovery is a service that allows you to prepare for and recover fromdisasters using AWS. AWS Elastic Disaster Recovery does not provide a central dataprotection policy, but rather helps you minimize downtime and data loss by replicating yourapplications and data to AWS4.Amazon FSx is a service that provides fully managed file storage for Windows and Linuxapplications. Amazon FSx does not provide a central data protection policy, but ratheroffers features such as encryption, snapshots, backups, and replication to protect your filesystems5.References:1: AWS Backup – Centralized backup across AWS services 3: AWS Batch – Run BatchComputing Jobs on AWS 2: Data Protection Reference Architectures with AWS Backup 4:AWS Elastic Disaster Recovery – Prepare for and recover from disasters using AWS 5:Amazon FSx – Fully managed file storage for Windows and Linux applications