Q601. Which guidelines are key AWS architectural design principles? (Choose two.)

A. Design for fixed resources.
B. Build scalable architectures.
C. Use tightly coupled components.
D. Use managed services when possible.
E. Design for human interaction

Q602. A company has multiple departments. Each department uses its own AWS account. Which AWS service or tool can the company use to combine the billing for all accounts into one bill?

A. Amazon Forecast
B. AWS Budgets
C. AWS Organizations
D. AWS Marketplace

Q603. An IT department provisions more servers than are needed to run a workload. Which cloud architecture design principle supports changing this approach?

A. Protect data in transit and at rest.
B. Stop guessing capacity.
C. Improve through game days.
D. Annotate documentation.

Q604.Which AWS service provides a simple way to set up a new multi-account AWS environment and govern it at scale?

A. AWS Trusted Advisor
B. AWS Security Hub
C. AWS Control Tower
D. AWS Resource Access Manager

Q605.A user needs to identify underutilized Amazon Elastic Block Store (Amazon EBS) volumes to reduce costs. Which AWS service or feature will meet this requirement?

A. AWS CloudTrail
B. AWS Budgets
C. AWS Trusted Advisor
D. AWS Personal Health Dashboard

Q606.A large company has a workload that requires hardware to remain on premises. The company wants to use the same management and control plane services that it currently uses on AWS. Which AWS service should the company use to meet these requirements?

A. AWS Device Farm
B. AWS Fargate
C. AWS Outposts
D. AWS Ground Station

Q607.What is an IAM best practice for AWS account root user access keys?

A. Delete all root user access keys, if possible.
B. Use root user credentials to access sensitive information stored on AWS.
C. Allow the system administrator group to use the root user credentials for daily access.
D. Use root user credentials to access production database instances.

Q608.Which of the following are ways to improve security on AWS? (Choose two.)

A. Using AWS Artifact
B. Granting the broadest permissions to all IAM roles
C. Running application code with AWS Cloud9
D. Enabling multi-factor authentication (MFA) with Amazon Cognito
E. Using AWS Trusted Advisor security checks

Q609.Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation?

A. AWS CLI
B. AWS Developer Center
C. AWS Cloud Development Kit (AWS CDK)
D. AWS CodeStar

Q610.Which pillar of the AWS Well-Architected Framework includes the AWS shared responsibility model?

A. Operational excellence
B. Performance efficiency
C. Reliability
D. Security

Q611.Which AWS service acts as a data extract, transform, and load (ETL) tool to make it easy to prepare data for analytics?

A. Amazon QuickSight
B. Amazon Athena
C. AWS Glue
D. AWS Elastic Beanstalk

Q612.Which AWS service or resource helps on-premises applications connect to AWS Cloud-based storage and caches the data locally for low-latency access?

A. AWS Direct Connect
B. AWS Storage Gateway
C. Amazon S3
D. AWS Snowball Edge

Q613.Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?

A. On-Demand Instances
B. Standard Reserved Instances
C. Spot Instances
D. Convertible Reserved Instances

Q614.What should a user do to deploy an application in geographically separate locations?

A. Deploy the application in different placement groups.
B. Deploy the application to a VPC.
C. Deploy the application to multiple AWS Regions.
D. Deploy the application by using Amazon CloudFront.

Q615.Which AWS service will track user activity on AWS?

A. Amazon GuardDuty
B. AWS Trusted Advisor
C. AWS CloudTrail
D. Amazon CloudWatch

Q616.A developer has an AWS account and needs access to another account’s test database. Which AWS service or feature can the developer use to gain access to the test database?

A. Amazon Macie
B. Security groups
C. IAM roles
D. AWS Trusted Advisor

Q617.A company recently migrated to AWS and wants to enable intelligent threat protection and continuous monitoring across all of its AWS accounts. Which AWS service should the company use to achieve this goal?

A. Amazon Macie
B. Amazon GuardDuty
C. AWS Shield
D. Amazon Detective

Q618.A database administrator is trying to determine who deleted a critical Amazon Redshift cluster. Which AWS service helps with monitoring and retaining this type of account activity?

A. AWS CloudTrail
B. AWS Organizations
C. AWS Identity and Access Management (IAM)
D. AWS Trusted Advisor

Q619.Which AWS service or tool helps identify underutilized Amazon EC2 instances and idle Amazon RDS DB instances at no additional charge?

A. Cost Explorer
B. AWS Budgets
C. AWS Organizations
D. AWS Trusted Advisor

Q620.Which of the following are user authentication services managed by AWS? (Choose two.)

A. Amazon Cognito
B. AWS Lambda
C. AWS License Manager
D. AWS Identity and Access Management (IAM)
E. AWS CodeStar

Q621.Which AWS service will help a company identify the user who deleted an Amazon EC2 instance yesterday?

A. Amazon CloudWatch
B. AWS Trusted Advisor
C. AWS CloudTrail
D. Amazon Inspector

Q622.A network engineer needs to establish a dedicated 10 Gbps network connection from an on-premises environment to AWS. Which AWS service or feature should the engineer use?

A. Amazon Route 53
B. AWS Direct Connect
C. AWS PrivateLink
D. AWS VPN

Q623.Which AWS service or component allows inbound traffic from the internet to access a VPC?

A. Internet gateway
B. NAT gateway
C. AWS WAF
D. VPC peering

Q624.Which AWS service can be used to encrypt data at rest?

A. Amazon GuardDuty
B. AWS Shield
C. AWS Security Hub
D. AWS Key Management Service (AWS KMS)

Q625.A company is building a business intelligence solution and wants to use dashboards for reporting purposes. Which AWS service can be used?

A. Amazon Redshift
B. Amazon Elasticsearch Service (Amazon ES)
C. Amazon QuickSight
D. Amazon Athena

Q626.Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:

A. a loosely coupled architecture.
B. a tightly coupled architecture.
C. a stateless architecture.
D. a stateful architecture.

Q627.A company with AWS Enterprise Support has questions about its consolidated bill. Which AWS service, feature, or tool should the company use for assistance?

A. AWS Pricing Calculator
B. AWS Concierge Support
C. AWS Trusted Advisor
D. AWS Budgets

Q628.Which AWS service or feature allows a user to set up consolidated billing?

A. AWS Billing Management Console
B. AWS Organizations
C. AWS Cost and Usage Report
D. WAS Systems Manager

Q629.A company believes an unauthorized user copied data from an Amazon S3 bucket to their own account. Which AWS service will record the actions taken by the user?

A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Infrastructure Event Management
D. AWS Systems Manager

Q630.A company’s traffic logs show that IP addresses owned by AWS are being used in an attempt to flood ports on system resources. To whom should the cloud practitioner report this issue?

A. AWS Professional Services
B. AWS Abuse team
C. AWS Partner Network (APN)
D. AWS technical account manager (TAM)

Q631.A security officer wants a list of any potential vulnerabilities in Amazon EC2 security groups. Which AWS service should the officer use?

A. Amazon GuardDuty
B. AWS Trusted Advisor
C. AWS CloudTrail
D. AWS Artifact

Q632.A company has defined the AWS resources that it needs for a new application. The company needs to estimate the costs of running the application on AWS. What should the company do to meet this requirement?

A. Take advantage of AWS on-demand pricing.
B. Use the AWS Pricing Calculator to generate an approximate dollar amount.
C. Use Amazon QuickSight to analyze current on-premises spending.
D. Use Amazon AppStream 2.0 for real-time pricing analytics.

Q633.Which are customer responsibilities when using Amazon EC2? (Choose two.)

A. Underlying hardware maintenance
B. File-system-level encryption
C. Guest operating system firewall configuration
D. Hypervisor-level software patching
E. Physical security at data center facilities

Q634.Which of the following is a best practice for creating policies for IAM users?

A. Start with a large set of permissions and remove the permissions that are not required.
B. Use only Amazon managed policies.
C. Start with a minimum set of permissions and grant additional permissions as necessary.
D. Attach policies directly to each user individually.

Q635.A company is moving its office and must establish an encrypted connection to AWS. Which AWS service will help meet this requirement?

A. AWS VPN
B. Amazon Route 53
C. Amazon API Gateway
D. Amazon Connect

Q636.According to the AWS shared responsibility model, which task is the responsibility of AWS for workloads running on Amazon EC2?

A. Updating the physical hardware
B. Updating the operating system
C. Updating the database engine
D. Updating the user data

Q637.Which of the following is a characteristic of the AWS account root user?

A. The root user is the only user that can be configured with multi-factor authentication (MFA).
B. The root user is the only user that can access the AWS Management Console.
C. The root user is the first sign-in identity that is available when an AWS account is created.
D. The root user has a password that cannot be changed.

Q638.To optimize costs and resource usage, a company needs to monitor the operational health of its entire system of AWS Cloud resources. Which AWS service will meet these requirements?

A. AWS Organizations
B. Amazon CloudWatch
C. AWS CloudTrail
D. AWS Config

Q639.Which of the following are economic benefits of using AWS Cloud? (Choose two.)

A. Consumption-based pricing
B. Perpetual licenses
C. Economies of scale
D. AWS Enterprise Support at no additional cost
E. Bring-your-own-hardware model

Q640.Which AWS service should a company use to decouple large monolithic applications into smaller microservices components?

A. AWS Direct Connect
B. Amazon Lightsail
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon CloudWatch

Q641.Which AWS service should a company use to decouple large monolithic applications into smaller microservices components?

A. AWS Direct Connect
B. Amazon Lightsail
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon CloudWatch

Q642.Which of the following technologies provides a secure network connection from on-premises to AWS?

A. Virtual Private Network
B. AWS Snowball
C. Amazon Virtual Private Cloud (Amazon VPC)
D. AWS Mobile Hub

Q643.Which AWS service or feature can be used to find availability status information on all AWS services?

A. AWS Personal Health Dashboard
B. AWS CloudTrail
C. AWS Service Health Dashboard
D. Amazon CloudWatch

Q644.Which AWS service is always free of charge for users?

A. Amazon S3
B. Amazon Aurora
C. Amazon EC2
D. AWS Identity and Access Management (IAM)

Q645.A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario?

A. Create an Amazon S3 bucket for each users. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

Q646.A company needs to transfer a large volume of data from an on-premises data center to the AWS Cloud. The company’s internet connectivity is slow and unreliable. Which AWS service can facilitate this data transfer?

A. Amazon S3 Glacier
B. AWS Snowball
C. AWS Storage Gateway
D. Amazon Elastic File System (Amazon EFS)

Q647.A company has an application workload that is stateless be design and can sustain occasional downtime. The application performs massively parallel computations. Which Amazon EC2 pricing model should the company choose for its application to reduce cost?

A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Instances

Q648.Which statement explains the benefit of agility in the AWS Cloud?

A. Agility gives users the ability to host applications in multiple AWS Regions around the world.
B. Agility gives users the ability to pay upfront to reduce cost.
C. Agility provides customizable physical hardware at the lowest possible cost.
D. Agility provides the means for users to provision resources in minutes.

Q649.A solutions architect needs to create a cost estimate for running workloads on AWS. The cost estimate must then be exported for management review. Which AWS service or feature should be used to accomplish these task?

A. Cost Explorer
B. Amazon QuickSight
C. AWS Pricing Calculator
D. AWS Budgets

Q650.Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

A. High availability
B. Economies of scale
C. Pay-as-you-go pricing
D. Global reach

Q651.A company’s newly launched application is gaining in popularity very quickly. To improve customer service, the company wants to set up a phone number to manage the increasing volume of calls received by the company’s support staff. Which AWS service should be used to meet this requirement?

A. Amazon Connect
B. Amazon CloudFront
C. Amazon DirectConnect
D. AWS Trusted Advisor

Q652.Which AWS service would identify if unrestricted access to a resource has been allowed by a security group?

A. AWS Trusted Advisor
B. Amazon CloudWatch
C. VPC Flow Logs
D. AWS CloudTrail

Q653.Which AWS service or tool gives a company the ability to release application changes in an automated way?

A. Amazon AppFlow
B. AWS CodeDeploy
C. AWS PrivateLink
D. Amazon EKS Distro

Q654.Which feature can be used to protect Amazon S3 buckets from accidental overwrites or deletes?

A. Lifecycle policy
B. Object versioning
C. Server-side encryption
D. Bucket ACL

Q655.Which AWS service is a relational database compatible with MySQL and PostgreSQL?

A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Neptune

Q656.What does Amazon CloudFront provide?

A. Automatic scaling for all resources to power an application from a single unified interface
B. Secure delivery of data, videos, applications, and APIs to users globally with low latency
C. Ability to directly manage traffic globally through a variety of routing types, including latency-based routing, geo DNS, geoproximity, and weighted round robin
D. Automatic distribution of incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and AWS Lambda functions

Q657.A company wants to store data with high availability, encrypt the data at rest, and have direct access to the data over the internet. Which AWS service will meet these requirements MOST cost-effectively?

A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon S3
C. Amazon Elastic File System (Amazon EFS)
D. AWS Storage Gateway

Q658.A company uses Amazon EC2 infrastructure to host steady-state workloads and needs to achieve significant cost savings. Which EC2 instance pricing model should the company select?

A. Reserved Instances
B. On-Demand Instances
C. Spot Instances
D. Dedicated Hosts

Q659.Which AWS service or feature provides users with recommendations for common billing questions?

A. AWS Marketplace
B. AWS Knowledge Center
C. Amazon Pinpoint
D. Amazon Connect

Q660.A company must keep records of all resource changes that are made through the AWS Management Console and AWS APIs. Which AWS service should the company use to meet this requirement?

A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS X-Ray
D. Amazon Inspector