Q901.Which AWS service or tool helps companies measure the environmental impact of their AWS usage?

A. AWS customer carbon footprint tool
B. AWS Compute Optimizer
C. Sustainability pillar
D. OS-Climate (Open Source Climate Data Commons)

Q902.Which pillar of the AWS Well Architected Framework includes the design principle of defining workloads, applications, and infrastructure as code (IaC)?

A. Operational excellence
B. Reliability
C. Performance efficiency
D. Security

Q903.A company needs to track the relationships among AWS resources. The company also needs to review resource dependencies before the company makes any changes to the resources. Which AWS service can the company use to meet these requirements?

A. AWS Trusted Advisor
B. AWS Config
C. AWS Resource Access Manager (AWS RAM)
D. AWS Systems Manager

Q904.A company is moving its on-premises database to the AWS Cloud. Which AWS service will support this use case?

A. Amazon RDS
B. Amazon ElastiCache
C. Amazon DynamoDB
D. Amazon Redshift

Q905.A company wants to access a report about the estimated environmental impact of the company’s AWS usage. Which AWS service or feature should the company use to meet this requirement?

A. AWS Organizations
B. IAM policy
C. AWS Billing console
D. Amazon Simple Metrication Service (Amazon SNS)

Q906.Which of the following is a benefit of using an AWS managed service?

A. Reduced operational overhead for a company’s IT staff
B. Increased fixed costs that can be predicted by a finance team
C. Removal of the need to have a backup strategy
D. Removal of the need to follow compliance standards

Q907.Which of the following is a benefit of deploying workloads in multiple AWS Regions?

A. It increases the performance of Amazon EC2 instances
B. It is the most cost-effective deployment model
C. It is faster to deploy workloads across multiple AWS Regions than in a single Region
D. It reduces latency for users who are in different geographic areas

Q908.Which AWS service or feature provides high availability and low latency within an AWS Region?

A. Edge locations
B. Availability Zones
C. AWS Outposts
D. Amazon Route 53

Q909.A company is running an order processing system on Amazon EC2 instances. The company wants to migrate to an event-driven, microservices-based application. Which combination of AWS services can the application use to meet these requirements? (Choose two.)

A. Amazon Simple Queue Service (Amazon SQS)
B. AWS Lambda
C. AWS Migration Hub
D. AWS AppSync
E. AWS Application Migration Service

Q910.Which AWS service or feature can a company use to create a private, secured and scalable network environment in the AWS Cloud?

A. Amazon Elastic Container Service (Amazon ECS)
B. Amazon S3
C. Amazon VPC
D. Route tables

Q911.Which AWS service or resource is serverless?

A. AWS Snowball Edge
B. Amazon EC2
C. Amazon Elastic Kubernetes Service (Amazon EKS)
D. Amazon API Gateway

Q912.Which AWS service or feature can be used to control inbound and outbound traffic on an Amazon EC2 instance?

A. Internet gateways
B. AWS Identity and Access Management (IAM)
C. Network ACLs
D. Security groups

Q913.A company plans to migrate complex legacy systems to AWS. The company will use several operating systems multiple databases and multiple programming languages. Which benefit of the AWS Cloud does this scenario represent?

A. Scalability
B. Flexibility
C. Reliability
D. Security

Q914.A new AWS user who has little cloud experience wants to build an application by using AWS services. The user wants to learn how to implement specific AWS services from other customer examples. The user also wants to ask questions to AWS experts. Which AWS service or resource will meet these requirements?

A. AWS Online Tech Talks
B. AWS documentation
C. AWS Marketplace
D. AWS Health Dashboard

Q915.A company wants to design its cloud architecture so that its workloads are resilient, can consistently perform their intended functions correctly, and can recover from failure quickly. Which pillar of the AWS Well-Architected Framework does this architecture represent?

A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Q916.A company wants to move petabytes of historical data into the AWS Cloud. The company needs to transfer the data from a remote location that does not have reliable network services. Which AWS service will meet these requirements?

A. AWS Snowball
B. AWS DataSync
C. AWS Direct Connect
D. AWS Site-to-Site VPN

Q917.Which AWS service or feature allows users to securely store encrypted credentials and retrieve these credentials when required?

A. AWS Encryption SDK
B. AWS Security Hub
C. AWS Secrets Manager
D. AWS Artifact

Q918.A company wants help from AWS Certified freelance consultants to complete several AWS Cloud projects. Which AWS service should the company use to find this support?

A. AWS IQ
B. AWS Support
C. AWS Trusted Advisor
D. AWS Marketplace

Q919.Which AWS services can a company use to transfer on-premises data to the AWS Cloud? (Choose two.)

A. AWS Snowcone
B. AWS Transit Gateway
C. AWS DataSync
D. AWS Backup
E. Amazon Connect

Q920.A company has an application that stores a high volume of unstructured data and session history. The company needs to scale the application reliably to millions of concurrent users while ensuring consistent low latency. Which AWS service meets these requirements?

A. Amazon RDS for MariaDB
B. Amazon DynamoDB
C. Amazon RDS for SQL Server
D. Amazon Redshift

Q921.Which credential allows programmatic access to AWS resources for use from toe AWS CLI or the AWS API?

A. User name and password
B. Access keys
C. SSH public keys
D. AWS Key Management Service (AWS KMS) keys

Q922.Which AWS service should a cloud practitioner use to identify security vulnerabilities of an AWS account?

A. AWS Secrets Manager
B. Amazon Cognito
C. Amazon Macie
D. AWS Trusted Advisor

Q923.An application is receiving SQL injection attacks from multiple external resources. Which AWS service or feature can help automate mitigation against these attacks?

A. AWS WAF
B. Security groups
C. Elastic Load Balancer
D. Network ACL

Q924.A company needs a repository that stores source code. The company needs a way to update the running software when the code changes. Which combination of AWS services will meet these requirements? (Choose two.)

A. AWS CodeCommit
B. AWS CodeDeploy
C. Amazon DynamoDB
D. Amazon S3
E. Amazon Elastic Container Service (Amazon ECS)

Q925.According to the AWS shared responsibility model, who is responsible for the virtualization layer down to the physical security of the facilities in which AWS services operate?

A. It is the sole responsibility of the customer
B. It is the sole responsibility of AWS
C. It is a shared responsibility between AWS and the customer
D. The customer’s AWS Support plan tier determines who manages the configuration

Q926.A company has an Amazon S3 bucket containing images of scanned financial invoices. The company is building an artificial intelligence (Al)-based application on AWS. The company wants the application to identify and read total balance amounts on the invoices. Which AWS service will meet these requirements?

A. Amazon Forecast
B. Amazon Textract
C. Amazon Rekogmtion
D. Amazon Lex

Q927.An ecommerce company plans to move its data center workload to the AWS Cloud to support highly dynamic usage patterns. Which benefits make the AWS Cloud cost-effective for the migration of this type of workload? (Choose two.)

A. Reliability
B. Security
C. Elasticity
D. Pay-as-you-go resource pricing
E. High availability

Q928.Which task is the customer’s responsibility, according to the AWS shared responsibility model?

A. Patch a guest operating system that is deployed on an Amazon EC2 instance.
B. Control physical access to an AWS data center.
C. Control access to AWS underlying hardware.
D. Patch a host operating system that is deployed on Amazon S3.

Q929.A company must archive Amazon S3 data that the company’s business units no longer need to access. Which S3 storage class will meet this requirement MOST cost-effectively?

A. S3 Glacier Instant Retrieval
B. S3 Glacier Flexible Retrieval
C. S3 Glacier Deep Archive
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Q930.A company runs Amazon EC2 instances in a research lab. The instances run for 3 hours each week and cannot be interrupted. What is the MOST cost-effective instance purchasing option to meet these requirements?

A. Compute Savings Plan
B. On-Demand Instances
C. Convertible Reserved Instances
D. Spot Instances

Q931.Which aspect of security is the customer’s responsibility, according to the AWS shared responsibility model?

A. Patch and configuration management
B. Service and communications protection or zone security
C. Physical and environmental controls
D. Awareness and training

Q932.A company is running workloads for multiple departments within a single VPC. The company needs to be able to bill each department for its resource usage. Which action should the company take to accomplish this goal with the LEAST operational overhead?

A. Add a department tag to each resource and configure cost allocation tags.
B. Move each department resource to its own VPC.
C. Move each department resource to its own AWS account.
D. Use AWS Organizations to get a billing report for each department.

Q933.Which design principles should a company apply to AWS Cloud workloads to maximize sustainability and minimize environmental impact? (Choose two.)

A. Maximize utilization of Amazon EC2 instances.
B. Minimize utilization of Amazon EC2 instances.
C. Minimize usage of managed services.
D. Force frequent application reinstallations by users.
E. Reduce the need for users to reinstall applications.

Q934.Which AWS compute service automatically scales resources up or down to meet application workload demands?

A. Amazon Simple Queue Service (Amazon SQS)
B. Amazon EC2
C. Amazon Aurora
D. AWS Lambda

Q935.A company’s application is running on Amazon EC2 instances. The company is planning a partial migration to a serverless architecture in the next year and wants to pay for resources up front. Which AWS purchasing option will optimize the company’s costs?

A. Convertible Reserved Instances
B. Spot Instances
C. EC2 Instance Savings Plans
D. Compute Savings Plan

Q936.A company wants to migrate its high performance computing (HPC) application to Amazon EC2 instances. The application has multiple components. The application must have fault tolerance and must have the ability to fail over automatically. Which AWS infrastructure solution will meet these requirements with the LEAST latency between components?

A. Multiple AWS Regions
B. Multiple edge locations
C. Multiple Availability Zones
D. Regional edge caches

Q937.A company stores data in an Amazon S3 bucket The company must control who has permission to read, write, or delete objects that the company stores in the S3 bucket. Which AWS features will meet these requirements? (Choose two.)

A. Security groups
B. Network ACLs
C. S3 bucket policies
D. IAM user policies
E. S3 bucket versioning

Q938.Which AWS service or feature is an example of a relational database management system?

A. Amazon Athena
B. Amazon Redshift
C. Amazon S3 Select
D. Amazon Kinesis Data Streams

Q939.A company wants to build an application that consists entirely of microservices. Which AWS Cloud architecture design principle supports this goal?

A. Think parallel
B. Implement elasticity
C. Stop guessing capacity
D. Decouple components

Q940.A company needs to use standard SQL to query and combine exabytes of structured and semi-structured data across a data warehouse, operational database, and data lake. Which AWS service meets these requirements?

A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon Athena
D. Amazon Redshift

Q941.A company is reviewing its operating policies. Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?

A. Ensure that employees have access to all company data.
B. Expand employees’ permissions as they gain more experience.
C. Grant all privileges and access to all users.
D. Apply security requirements at all layers of a process.

Q942.Which AWS services or features can a company use to connect the network of its on-premises data center to AWS? (Choose two.)

A. AWS VPN
B. AWS Directory Service
C. AWS Data Pipeline
D. AWS Direct Connect
E. AWS CloudHSM

Q943.What is an AWS responsibility under the AWS shared responsibility model?

A. Configure the security group rules that determine which ports are open on an Amazon EC2 Linux instance.
B. Ensure the security of the internal network in the AWS data centers.
C. Patch the guest operating system with the latest security patches on Amazon EC2.
D. Turn on server-side encryption for Amazon S3 buckets.

Q944.Which activity is considered out of scope for AWS Support?

A. Solving problems detected by Amazon EC2 health checks
B. Answering “how to” questions on AWS services and features
C. Troubleshooting AWS APIs
D. Tuning database queries

Q945.A company wants to migrate its main application to Amazon EC2. The application must provide low latency to users residing in two different geographic locations. The architecture of the application must have disaster recovery capabilities. How can these requirements be met?

A. Deploy the application on an EC2 instance and set up EC2 automatic recovery
B. Deploy the application on multiple EC2 instances running in one Availability Zone
C. Deploy the application on EC2 instances in Multi-AZs in a single AWS Region
D. Deploy the application on EC2 instances in multiple AWS Regions.

Q946.A company wants to use Amazon EC2 instances for a stable production workload that will run for 1 year. Which instance purchasing option meets these requirements MOST cost-effectively?

A. Dedicated hosts
B. Reserved Instances
C. On-Demand Instances
D. Spot Instances

Q947.Which AWS service, tool, or feature helps companies reduce costs by identifying underutilized Amazon EC2 instances?

A. Amazon Inspector
B. AWS Trusted Advisor
C. Consolidated billing
D. Cost Explorer

Q948.An online retail company recently deployed a production web application. The system administrator needs to block common attack patterns such as SQL injection and cross-site scripting. Which AWS service should the administrator use to address these concerns?

A. AWS WAF
B. Amazon VPC
C. Amazon GuardDuty
D. Amazon CloudWatch

Q949.In which categories does AWS Trusted Advisor provide recommended actions? (Choose two.)

A. Operating system patches
B. Cost optimization
C. Repetitive tasks
D. Service quotas
E. Account activity records

Q950.A company needs to centralize its operational data. The company also needs to automate tasks across all of its Amazon EC2 instances. Which AWS service can the company use to meet these requirements?

A. AWS Trusted Advisor
B. AWS Systems Manager
C. AWS CodeDeploy
D. AWS Elastic Beanstalk

Q951.Which option is an AWS Cloud Adoption Framework (AWS CAF) perspective?

A. Cloud fluency
B. Change acceleration
C. Architecture
D. Business

Q952.Which AWS service is used to temporarily provide federated security credentials to access AWS resources?

A. Amazon GuardDuty
B. AWS Simple Token Service (AWS STS)
C. AWS Secrets Manager
D. AWS Certificate Manager

Q953.A company provides a software as a service (SaaS) application. The company has a new customer that is based in a different country. The new customer’s data needs to be hosted in that country. Which AWS service or infrastructure component should the company use to meet this requirement?

A. AWS Shield
B. Amazon S3 Object Lock
C. AWS Regions
D. Placement groups

Q954.A user has a stateless and restartable application that will run on an Amazon EC2 instance for 2 hours at a time. Which purchase option is the MOST cost-effective?

A. On-Demand Instances
B. Reserved Instances
C. Dedicated Instances
D. Spot Instances

Q955.Which AWS service can a company use to control permissions to AWS services in the cloud?

A. Amazon EC2
B. AWS Lambda
C. Amazon Elastic Container Service (Amazon ECS)
D. AWS Identity and Access Management (IAM)

Q956.Which AWS service is designed to help users orchestrate a workflow process for a set of AWS Lambda functions?

A. Amazon DynamoDB
B. AWS CodePipeline
C. AWS Batch
D. AWS Step Functions

Q957.A company has developed a distributed application that recovers gracefully from Interruptions. The application periodically processes large volumes of data by using multiple Amazon EC2 Instances. The application is sometimes idle for months. Which EC2 instance purchasing option is MOST cost-effective for this use case?

A. Reserved Instances
B. Spot Instances
C. Dedicated Instances
D. On-Demand Instances

Q958.Which AWS service is always available free of charge to users?

A. Amazon Athena
B. AWS Identity and Access Management (IAM)
C. AWS Secrets Manager
D. Amazon ElastiCache

Q959.A company has deployed an application in the AWS Cloud. The company wants to ensure that the application is highly resilient. Which component of AWS infrastructure can the company use to meet this requirement?

A. Content delivery network (CDN)
B. Edge locations
C. Wavelength Zones
D. Availability Zones

Q960.A company wants to automate the creation of new AWS accounts and automatically prevent all users from creating Amazon EC2 instances. Which AWS service provides this functionally?

A. AWS Service Catalog
B. AWS Organizations
C. EC2 Image Builder
D. AWS Systems Manager