Q661.Which VPC component provides a layer of security at the subnet level?

A. Security groups
B. Network ACLs
C. NAT gateways
D. Route tables

Q662.Which AWS services are eligible for a Compute Savings Plan? (Choose two.)

A. AWS Lambda
B. Amazon RDS
C. Amazon VPC
D. Amazon DynamoDB
E. Amazon EC2

Q663.Which of the following are advantages of using AWS for cloud computing? (Choose two.)

A. Users can increase speed and agility by deploying services with just one click.
B. Users receive a discount on hardware that they purchase for their data centers.
C. Users can reserve excess capacity to ensure that resources are always available.
D. Users trade variable expenses for capital expenses.
E. Users benefit from massive economies of scale.

Q664.Which pillar of the AWS Well-Architected Framework focuses on the ability to recover automatically from service interruptions?

A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Q665.Which pillar of the AWS Well-Architected Framework focuses on the ability to recover automatically from service interruptions?

A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Q666.Which AWS service or feature improves network performance by sending traffic through the AWS worldwide network infrastructure?

A. Route table
B. AWS Transit Gateway
C. AWS Global Accelerator
D. Amazon VPC

Q667.Which AWS service provides recommendations for rightsizing AWS resources such as Amazon EC2 instances, Amazon Elastic Block Store (Amazon EBS) volumes, and Amazon RDS databases to help users reduce costs?

A. Amazon Inspector
B. AWS Trusted Advisor
C. AWS Service Health Dashboard
D. Amazon Forecast

Q668.Which AWS service or tool creates an audit log of all AWS resources that have been created?

A. Amazon CloudFront
B. Amazon CloudWatch
C. AWS CloudTrail
D. AWS Application Migration Service (CloudEndure Migration)

Q669.Which Amazon S3 storage class allows users to store data backups for long periods of time at the LOWEST cost?

A. S3 Standard-Infrequent Access (S3 Standard-IA)
B. S3 Standard
C. S3 Glacier
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Q670.Which AWS services or features help decrease network latency for a globally dispersed user base? (Choose two.)

A. Amazon VPC
B. Elastic Load Balancer
C. Amazon CloudFront
D. AWS Direct Connect
E. AWS Global Accelerator

Q671.Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications?

A. AWS Cloud9
B. AWS CodeStar
C. AWS Cloud Map
D. AWS X-Ray

Q672.A company is planning to create a new application that will run on Amazon EC2 instances and back up data on Amazon Elastic Block Store (EBS) volumes to
Amazon S3. The company wants to estimate the monthly costs of running the application before making a deployment decision. Which AWS service or feature can be used to estimate these costs?

A. Cost Explorer
B. AWS Pricing Calculator
C. AWS Cost and Usage Report
D. AWS Budgets

Q673.Which of the following are benefits of using the AWS Cloud? (Choose two.)

A. 100% fault tolerance
B. Total control over underlying infrastructure
C. Fast provisioning of IT resources
D. Outsourcing all application coding to AWS
E. Ability to go global quickly

Q674.Which of the following are AWS security best practices for using AWS Identity and Access Management (IAM) to manage an AWS account root user? (Choose two.)

A. Set up multi-factor authentication (MFA) for the root user.
B. Remove all IAM policies from the root user.
C. Delete the root user access keys.
D. Use the root user for daily tasks.
E. Assign a read-only access policy to the root user.

Q675.Which tasks require using AWS account root user credentials? (Choose two.)

A. Creating an Amazon EC2 key pair
B. Removing an IAM user from the administrators group
C. Changing the AWS Support plan
D. Creating an Amazon CloudFront key pair
E. Granting an IAM user full administrative access

Q676.Which of the following is a recommended design principle of the AWS Well-Architected Framework?

A. Reduce downtime by making infrastructure changes infrequently and in large increments.
B. Invest the time to configure infrastructure manually.
C. Learn to improve from operational failures.
D. Use monolithic application design for centralization.

Q677.A company has performance and regulatory requirements that call for it to run its workload only in its on-premises data center. Which AWS services or resources should the company use? (Choose two.)

A. Amazon Pinpoint
B. Amazon WorkLink
C. AWS Outposts
D. AWS Snowball Edge
E. AWS AppSync

Q678.A user is designing a service to align with the operational excellence pillar of the AWS Well-Architected Framework. Which design principle should the user follow?

A. Anticipate failure
B. Make large-scale changes
C. Perform manual operations
D. Create static operational procedures

Q679.A company needs to use AWS Identity and Access Management (IAM) to attach an IAM policy to all IAM users in an AWS account. Which solution meets this requirement?

A. Attach the IAM policy to each IAM user.
B. Attach the IAM policy to the IAM group containing all the IAM users.
C. Attach the IAM policy to the IAM role containing all the IAM users.
D. Apply the IAM policy to the entire AWS account.

Q680.A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants to alternate to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements?

A. AWS Lambda
B. Amazon RDS
C. AWS Fargate
D. Amazon Athena

Q681.Which AWS service is an in-memory data store service?

A. Amazon Aurora
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon ElastiCache

Q682.Which of the following are advantages of using Amazon EC2 instances over traditional on-premises servers? (Choose two.)

A. Pay-as-you-go pricing
B. Automation
C. Self-maintenance of servers
D. Agility
E. Access to physical hosts

Q683.Which of the following is a best practice for creating policies for IAM users?

A. Start with a large set of permissions and remove the permissions that are not required.
B. Use only Amazon managed policies.
C. Start with a minimum set of permissions and grant additional permissions as necessary.
D. Attach policies directly to each user individually.

Q684.Amazon Elastic File System (Amazon EFS) and Amazon FSx offer which type of storage?

A. File storage
B. Object storage
C. Block storage
D. Instance store

Q685.An Elastic Load Balancer allows the distribution of web traffic across multiple:

A. AWS Regions.
B. Availability Zones.
C. Dedicated Hosts.
D. Amazon S3 buckets.

Q686.A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections. Which AWS services can the company use to meet these requirements? (Choose two.)

A. Amazon Connect
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. AWS Site-to-Site VPN
E. Amazon Elastic Container Service (Amazon ECS)

Q687.Which guideline is a well-architected design principle for building cloud applications?

A. Keep static data closer to compute resources.
B. Provision resources for peak capacity.
C. Design for automated recovery from failure.
D. Use tightly coupled components.

Q688.A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages.
Which AWS service or feature will give the application permission to access required AWS services?

A. AWS Certificate Manager (ACM)
B. IAM roles
C. AWS Security Hub
D. Amazon GuardDuty

Q689.According to the AWS shared responsibility model, which of the following is the responsibility of AWS?

A. Data encryption in transit
B. Firmware updates on hardware
C. Operating system patching on Amazon EC2 instances
D. Data encryption at rest

Q690.Which AWS service or feature enables users to encrypt data at rest in Amazon S3?

A. IAM policies
B. Server-side encryption
C. Amazon GuardDuty
D. Client-side encryption

Q691.A company has a globally distributed user base. The company needs its application to be highly available and have low latency for end users. Which AWS architectural approach will MOST effectively support these requirements?

A. Single-Region, Multi-AZ architecture
B. Multi-Region, active-active architecture
C. Multi-Region, active-passive architecture
D. Single-Region, Single-AZ architecture

Q692.Which pillar of the AWS Well-Architected Framework specifies that resources be provisioned in a timely manner and scale as needed to maintain effectiveness as demand changes?

A. Cost optimization
B. Security
C. Operational excellence
D. Performance efficiency

Q693.Which pillar of the AWS Well-Architected Framework specifies that resources be provisioned in a timely manner and scale as needed to maintain effectiveness as demand changes?

A. Cost optimization
B. Security
C. Operational excellence
D. Performance efficiency

Q694.Which AWS service or feature can simplify the management of hundreds of VPC connections across AWS Regions worldwide?

A. AWS Transit Gateway
B. Amazon Connect
C. Security groups
D. VPC peering

Q695.What is an example of a decoupled, scalable, cloud-based application?

A. A mail and log application that runs on a single Amazon EC2 instance
B. A webpage that is hosted on Amazon S3 and uses AWS Lambda to update an Amazon DynamoDB database
C. An Application Load Balancer, web server, and database server that support a monolithic application
D. A legacy database server that is running on the maximum instance size supported by its license

Q696.Which of the following technologies provides a secure network connection from on-premises to AWS?

A. Virtual Private Network
B. AWS Snowball
C. Amazon Virtual Private Cloud (Amazon VPC)
D. AWS Mobile Hub

Q697.A company is moving its development and test environments to AWS to increase agility and reduce cost. Because these are not production workloads and the servers are not fully utilized, occasional unavailability is acceptable. What is the MOST cost-effective Amazon EC2 pricing model that will meet these requirements?

A. Reserved Instances
B. On-Demand Instances
C. Spot Instances
D. Dedicated Instances

Q698.Which of the following are customer responsibilities under the AWS shared responsibility model? (Choose two.)

A. Physical security of AWS facilities
B. Configuration of security groups
C. Encryption of customer data on AWS
D. Management of AWS Lambda infrastructure
E. Management of network throughput of each AWS Region

Q699.A company has enabled billing alerts in its AWS account and wants to receive a notification through Amazon Simple Notification Service (Amazon SNS) whenever its monthly bill exceeds a set amount. Which AWS service or tool should the company use to achieve this?

A. Amazon CloudWatch
B. Cost Explorer
C. AWS Cost and Usage Report
D. AWS Pricing Calculator

Q700.A company has enabled billing alerts in its AWS account and wants to receive a notification through Amazon Simple Notification Service (Amazon SNS) whenever its monthly bill exceeds a set amount. Which AWS service or tool should the company use to achieve this?

A. Amazon CloudWatch
B. Cost Explorer
C. AWS Cost and Usage Report
D. AWS Pricing Calculator

Q701.Which network security features are supported by Amazon VPC? (Choose two.)

A. Network ACLs
B. Internet gateways
C. VPC peering
D. Security groups
E. Firewall rules

Q702.A user needs the ability to access as many resources as are needed. The user also needs the ability to scale up and scale down with only a few minutes of notice.
Which benefit of the AWS Cloud describes these abilities?

A. Reliability
B. Economy of scale
C. Elasticity
D. Pay-as-you-go pricing

Q703.Which of the following are responsibilities of the customer in the AWS Cloud? (Choose two.)

A. Security in the cloud
B. Configuration of AWS infrastructure devices
C. Configuration of security groups on Amazon EC2 instances
D. Security of the cloud
E. Patches for the operating system of Amazon DynamoDB

C
Q704.A user with an AWS Basic Support plan has determined that illegal activities are being run on their AWS resources. What is the recommended method for the user to report the activity to AWS?

A. Contact the AWS Concierge Support team.
B. Contact an AWS technical account manager.
C. Contact the AWS Abuse team.
D. Contact the AWS Support team.

Q705.A company is moving multiple applications to a single AWS account. The company wants to monitor the AWS Cloud costs incurred by each application.
What can the company do to meet this requirement?

A. Set up invoiced billing.
B. Use AWS Artifact.
C. Set the budgets in Cost Explorer.
D. Create cost allocation tags.

Q706.A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports. Which AWS service or group can provide these documents?

A. AWS Abuse team
B. AWS Artifact
C. AWS Support
D. AWS Config

Q707.A company hosts a large on-premises MySQL database at its main office that supports an issue tracking system used by employees around the world. The company already uses AWS for some workloads and has created an Amazon Route 53 entry for the database endpoint that points to the on-premises database. Management is concerned about the database being a single point of failure and wants a solutions architect to migrate the database to AWS without any data loss or downtime.
Which set of actions should the solutions architect implement?

A. Create an Amazon Aurora DB cluster. Use AWS Database Migration Service (AWS DMS) to do a full load from the on-premises database to Aurora. Update the Route 53 entry for the database to point to the Aurora cluster endpoint, and shut down the on-premises database.
B. During nonbusiness hours, shut down the on-premises database and create a backup. Restore this backup to an Amazon Aurora DB cluster. When the restoration is complete, update the Route 53 entry for the database to point to the Aurora cluster endpoint, and shut down the on-premises database.
C. Create an Amazon Aurora DB cluster. Use AWS Database Migration Service (AWS DMS) to do a full load with continuous replication from the on-premises database to Aurora. When the migration is complete, update the Route 53 entry for the database to point to the Aurora cluster endpoint, and shut down the on- premises database.
D. Create a backup of the database and restore it to an Amazon Aurora multi-master cluster. This Aurora cluster will be in a master-master replication configuration with the on-premises database. Update the Route 53 entry for the database to point to the Aurora cluster endpoint, and shut down the on- premises database.

Q708.A company wants to configure a dedicated connection between its on-premises IT infrastructure and resources in an AWS Region. The company also wants to reduce network latency and congestion. Which AWS service or feature should the company choose?

A. AWS VPN
B. AWS PrivateLink
C. Amazon Connect
D. AWS Direct Connect

Q709.An Amazon EC2 instance previously used for development is inaccessible and no longer appears in the AWS Management Console. Which AWS service should be used to determine what action made this EC2 instance inaccessible?

A. Amazon CloudWatch Logs
B. AWS Security Hub
C. Amazon Inspector
D. AWS CloudTrail

Q710.When comparing AWS Cloud with on-premises Total Cost of Ownership, which expenses must be considered? (Choose two.)

A. Physical storage hardware
B. Operating system administration
C. Network infrastructure of data center
D. Project management
E. Database schema development

Q711.A company runs its business-critical web application on Amazon Elastic Container Service (Amazon ECS) and Amazon DynamoDB. The workload spikes up to 10 times the normal workload multiple times during the day. Which AWS Cloud feature enables the company to meet these changes in demand?

A. Agility
B. Global reach
C. Scalability
D. Security

Q712.Which of the following is entirely the responsibility of AWS, according to the AWS shared responsibility model?

A. Patching of the guest operating system
B. Security awareness and training
C. Physical and environmental controls
D. Development of an IAM password policy

Q713.Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

A. High availability
B. Economies of scale
C. Pay-as-you-go pricing
D. Global reach

Q714.A company is running a Microsoft SQL Server instance on premises and is migrating its application to AWS. The company lacks the resources need to refactor the application, but management wants to reduce operational overhead as part of the migration. Which database service would MOST effectively support these requirements?

A. Amazon DynamoDB
B. Amazon Redshift
C. Microsoft SQL Server on Amazon EC2
D. Amazon RDS for SQL Server

Q715.Which VPC component provides a layer of security at the subnet level?

A. Security groups
B. Network ACLs
C. NAT gateways
D. Route tables

Q716.What is the LEAST expensive AWS Support plan that provides a designated AWS technical account manager (TAM)?

A. AWS Developer Support
B. AWS Enterprise Support
C. AWS Basic Support
D. AWS Business Support

Q717.Which AWS service uses edge locations?

A. Amazon Aurora
B. AWS Global Accelerator
C. Amazon Connect
D. AWS Outposts

Q718.To avoid malicious compute activities, a user needs a quick way to determine if any Amazon EC2 instances have ports that allow unrestricted access. Which AWS service will support this requirement?

A. VPC Flow Logs
B. AWS WAF
C. AWS CloudTrail
D. AWS Trusted Advisor

Q719.A company’s compliance officer wants to review the AWS Service Organization Control (SOC) reports. Which AWS service or feature should the compliance officer use to complete this task?

A. AWS Artifact
B. AWS Concierge Support
C. AWS Support
D. AWS Trusted Advisor

Q720.A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speed. Which AWS service meets these requirements?

A. Amazon CloudFront
B. Elastic Load Balancing
C. Amazon S3
D. Amazon Elastic Transcoder