A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario"?
A. Update the guest operating system of the EC2 instances B. Maintain high availability at the database layer C. Patch the physical infrastructure that hosts the EC2 instances D. Configure the security group firewall
Answer: C Explanation: When you run a NoSQL database on Amazon EC2 instances, you areresponsible for managing the database layer and the guest operating system of theinstances. This means that you need to perform tasks such as updating the operatingsystem, maintaining high availability, and configuring the security group firewall. AWS isresponsible for managing the physical infrastructure that hosts the EC2 instances. Thismeans that AWS ensures that the hardware and firmware of the servers, routers, switches,and other devices are updated and secure. AWS also handles the power, cooling,networking, and security of the data centers12. References: CLF-C02: Which task isresponsibility of AWS to run NoSQL database on …, Best Practices for Hosting NoSQLDatabases on Amazon EC2
Question # 82
Which service enables customers to audit API calls in their AWS accounts'?
A. AWS CloudTrail B. AWS Trusted Advisor C. Amazon Inspector D. AWS X-Ray
Answer: A Explanation: AWS CloudTrail is a service that provides a record of actions taken by auser, role, or an AWS service in your AWS account. CloudTrail captures all API calls forAWS services as events, including calls from the AWS Management Console, AWS SDKs,command line tools, and higher-level AWS services. You can use CloudTrail to monitor,audit, and troubleshoot your AWS account activity34. AWS Trusted Advisor is a servicethat provides best practices recommendations for cost optimization, performance, security,and fault tolerance in your AWS account5. Amazon Inspector is a service that helps youimprove the security and compliance of your applications deployed on AWS byautomatically assessing them for vulnerabilities and deviations from best practices6. AWSX-Ray is a service that helps you analyze and debug your applications by collecting dataabout the requests that your application serves, and providing tools to view, filter, and gaininsights into that data7. References: Logging AWS Audit Manager API calls withCloudTrail, Logging AWS Account Management API calls using AWS CloudTrail, ReviewAPI calls in your AWS account using CloudTrail, Monitor the usage of AWS API calls usingAmazon CloudWatch, Which service enables customers to audit API calls in their AWS …
Question # 83
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Select TWO.)
A. Observability B. Incident and problem management C. Incident response D. Infrastructure protection E. Availability and continuity
Answer: C,D Explanation:The AWS Cloud Adoption Framework (AWS CAF) security perspective helps users achievethe confidentiality, integrity, and availability of their data and cloud workloads. It comprisesnine capabilities that are grouped into three categories: preventive, detective, andresponsive. Incident response and infrastructure protection are two of the capabilities in theresponsive and preventive categories, respectively. Incident response helps users preparefor and respond to security incidents in a timely and effective manner, using tools andprocesses that leverage AWS features and services. Infrastructure protection helps usersimplement security controls and mechanisms to protect their cloud resources, such asnetwork, compute, storage, and database, from unauthorized access or maliciousattacks. References: Security perspective: compliance and assurance, AWS CloudAdoption Framework
Question # 84
A company is migrating its applications from on-premises to the AWS Cloud. The company wants to ensure that the applications are assigned only the minimum permissions that are needed to perform all operations. Which AWS service will meet these requirements'?
A. AWS Identity and Access Management (IAM) B. Amazon CloudWatch C. Amazon Macie D. Amazon GuardDuty
Answer: A Explanation: AWS Identity and Access Management (IAM) is a service that helps yousecurely control access to AWS resources for your users. You use IAM to control who canuse your AWS resources (authentication) and what resources they can use and in whatways (authorization). IAM also enables you to follow the principle of least privilege, whichmeans granting only the permissions that are necessary to perform atask1. References: AWS Identity and Access Management (IAM) - AWS Documentation
Question # 85
Which AWS service could an administrator use to provide desktop environments for several employees?
A. AWS Organizations B. AWS Fargate C. AWS WAF D. AWS Workspaces
Answer: D Explanation: AWS Workspaces is a service that provides fully managed, secure, andreliable virtual desktops for your employees. You can access your personal Windowsenvironment on various devices, such as Android, iOS, Fire, Mac, PC, Chromebook, andLinux. You can choose from different bundles of CPU, memory, storage, and softwareoptions to suit your needs. You can also integrate AWS Workspaces with your existingActive Directory, VPN, and security policies. AWS Workspaces helps you reduce the costand complexity of managing your desktop infrastructure, while enhancing the productivityand security of your remote workers456. References: 4: Amazon WorkSpaces ClientDownload, 5: VDI Desktops - Amazon WorkSpaces Family - AWS, 6: Amazon WorkSpaces
Question # 86
A company needs to block SQL injection attacks. Which AWS service or feature can meet this requirement?
A. AWS WAF B. AWS Shield C. Network ACLs D. Security groups
Answer: A Explanation: AWS WAF is a web application firewall that helps protect web applicationsfrom common web exploits, such as SQL injection attacks. It allows customers to createcustom rules that block malicious requests. AWS Shield is a managed service that protectsagainst distributed denial of service (DDoS) attacks, not SQL injection attacks. NetworkACLs and security groups are network-level security features that filter traffic based on IPaddresses and ports, not web requests or SQL queries. References: [AWS WAF], [AWSShield], [Network ACLs], [Security groups]
Question # 87
A company wants durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost. Which AWS service should the company choose?
A. Amazon Elastic Block Store (Amazon EBS) B. Amazon S3 C. AWS Storage Gateway D. Amazon Elastic File System (Amazon EFS)
Answer: B Explanation: Amazon S3 is a service that provides durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost. Amazon S3 is an objectstorage service that allows you to store and retrieve any amount of data from anywhere onthe internet. Amazon S3 offers industry-leading scalability, availability, and performance, aswell as 99.999999999% (11 9s) of durability and multi-AZ resilience. Amazon S3 alsoprovides various storage classes that offer different levels of performance and costoptimization, such as S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access(S3 Standard-IA), S3 One Zone-Infrequent Access (S3 One Zone-IA), and S3Glacier456. Amazon S3 is ideal for storing static content, such as images, videos,documents, and web pages, as well as building data lakes, backup and archive solutions,big data analytics, and machine learning applications456. References: 4: Cloud Storage onAWS, 5: Object Storage - Amazon Simple Storage Service (S3) - AWS, 6: Amazon S3Documentation
Question # 88
A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible. Which AWS service or resource should the company use to select its Amazon RDS deployment area?
A. Amazon Connect B. AWS Wavelength C. AWS Regions D. AWS Direct Connect
Answer: C Explanation: AWS Regions are the AWS service or resource that the company should use to select itsAmazon RDS deployment area. AWS Regions are separate geographic areas where AWSclusters its data centers. Each AWS Region consists of multiple, isolated, and physicallyseparate Availability Zones within a geographic area. Each AWS Region is designed to beisolated from the other AWS Regions to achieve the highest possible fault tolerance andstability. AWS provides a more extensive global footprint than any other cloud provider, andto support its global footprint and ensure customers are served across the world, AWSopens new Regions rapidly. AWS maintains multiple geographic Regions, includingRegions in North America, South America, Europe, China, Asia Pacific, South Africa, andthe Middle East. Amazon RDS is available in several AWS Regions worldwide. To createor work with an Amazon RDS DB instance in a specific AWS Region, you must use thecorresponding regional service endpoint. You can choose the AWS Region that meets yourlatency or legal requirements. You can also use multiple AWS Regions to design a disasterrecovery solution or to distribute your read workload. References: Global InfrastructureRegions & AZs - aws.amazon.com, Regions, Availability Zones, and Local Zones - AmazonRelational Database Service
Question # 89
What does the concept of agility mean in AWS Cloud computing? (Select TWO.)
A. The speed at which AWS resources are implemented B. The speed at which AWS creates new AWS Regions C. The ability to experiment quickly D. The elimination of wasted capacity E. The low cost of entry into cloud computing
Answer: A,C Explanation: Agility in AWS Cloud computing means the ability to rapidly provision anddeprovision AWS resources as needed, and the ability to experiment quickly with newideas and solutions. Agility helps businesses to respond to changing customer demands,market opportunities, and competitive threats, and to innovate faster and cheaper. Agilityalso reduces the risk of failure, as businesses can test and validate their assumptionsbefore committing to large-scale deployments. Some of the benefits of agility in AWS Cloudcomputing are:The speed at which AWS resources are implemented: AWS provides a variety ofservices and tools that allow you to create, configure, and launch AWS resourcesin minutes, using the AWS Management Console, the AWS Command LineInterface (AWS CLI), the AWS Software Development Kits (AWS SDKs), or theAWS CloudFormation templates. You can also use the AWS Cloud DevelopmentKit (AWS CDK) to define your AWS resources as code using familiar programminglanguages, and synthesize them into AWS CloudFormation templates. You canalso use the AWS Service Catalog to create and manage standardized portfoliosof AWS resources that meet your organizational policies and best practices. AWSalso offers on-demand, pay-as-you-go pricing models, so you only pay for theresources you use, and you can scale them up or down as your needschange12345The ability to experiment quickly: AWS enables you to experiment quickly with newideas and solutions, without having to invest in upfront capital or long-termcommitments. You can use AWS to create and test multiple prototypes,hypotheses, and minimum viable products (MVPs) in parallel, and measure theirperformance and feedback. You can also use AWS to leverage existing servicesand solutions, such as AWS Marketplace, AWS Solutions, and AWS Quick Starts,that can help you accelerate your innovation process. AWS also supports a cultureof experimentation and learning, by providing tools and resources for continuousintegration and delivery (CI/CD), testing, monitoring, and analytics.References: Six advantages of cloud computing - Overview of Amazon WebServices, AWS Cloud Development Kit (AWS CDK), AWS Service Catalog, AWSPricing, AWS CloudFormation, [Experimentation and Testing - AWS Well-ArchitectedFramework], [AWS Marketplace], [AWS Solutions], [AWS Quick Starts], [AWS DeveloperTools]
Question # 90
A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS. Where can the company purchase the security solution?
A. AWS Partner Solutions Finder B. AWS Support Center C. AWS Management Console D. AWS Marketplace
Answer: D Explanation: AWS Marketplace is an online store that helps customers find, buy, andimmediately start using the software and services that run on AWS. Customers can choosefrom a wide range of software products in popular categories such as security, networking,storage, machine learning, business intelligence, database, and DevOps. Customers canalso use AWS Marketplace to purchase software as a service (SaaS) solutions that areintegrated with AWS. Customers can benefit from simplified procurement, billing, anddeployment processes, as well as flexible pricing options and free trials. Customers canalso leverage AWS Marketplace to discover and subscribe to solutions offered by AWSPartners, such as the security software vendor mentioned in thequestion. References: AWS Marketplace, [AWS Marketplace: Software as a Service(SaaS)], [AWS Cloud Practitioner Essentials: Module 6 - AWS Pricing, Billing, and Support]