Q721.A company uses Amazon S3 buckets. One of the company’s departments enabled S3 Cross-Region Replication for those buckets to meet new requirements. The company’s bill for that month was larger than usual. Which AWS service or feature can the company use to confirm that the cost increase was caused by the data replication?

A. Consolidated billing
B. Cost Explorer
C. AWS Pricing Calculator
D. AWS Trusted Advisor

Q722.Which AWS service or feature is designed to help companies take advantage of quantity discounts available from AWS?

A. Saving Plans
B. AWS Budgets
C. AWS Organizations
D. AWS Pricing Calculator

Q723.A company is considering a move to the AWS Cloud. The company wants to be able to scale its compute resources as needed to accommodate changing loads. Which benefit of the AWS Cloud does this scenario describe?

A. Global deployments in minutes
B. Cost savings
C. Agility
D. Elasticity

Q724.An ecommerce company recently started using the AWS Cloud. Which security-related tasks are the company’s responsibility? (Choose two.)

A. Restrict who is allowed physical access to the hosts that run the company’s Amazon EC2 instances.
B. Install security patches on Amazon EC2 Linux instances.
C. Choose to encrypt data at rest that is stored on Amazon S3.
D. Wipe Amazon Elastic Block Store (Amazon EBS) volumes clean before they are decommissioned.
E. Conduct database patching for Amazon RDS instances.

Q725.Which benefit is available for Convertible Reserved Instances but NOT Standard Reserved Instances?

A. The instances can be exchanged for instances of a different instance size.
B. The instances can be exchanged for instances of a different instance family.
C. The instances can be changed to a different Availability Zone.
D. The instances can be changed to a different AWS Region.

Q726.How do AWS users trade infrastructure expenses for operational expenses?

A. Secure their physical infrastructure to prevent malicious attacks.
B. Use AWS Budgets to ensure that spending on AWS resources does not exceed preset thresholds.
C. Eliminate the electricity costs that are associated with the hosting of physical servers.
D. Use AWS Auto Scaling to dynamically increase and decrease compute resources as needed.

Q727.Which feature can be used to protect Amazon S3 buckets from accidental overwrites or deletes?

A. Lifecycle policy
B. Object versioning
C. Server-side encryption
D. Bucket ACL

Q728.A company wants to establish a private network connection between AWS and its corporate network. Which AWS service or feature will meet this requirement?

A. Amazon Connect
B. Amazon Route 53
C. AWS Direct Connect
D. VPC peering

Q729.Which AWS Cloud service provides performance recommendations for an AWS account?

A. Amazon Inspector
B. AWS Trusted Advisor
C. Amazon CloudWatch
D. AWS CloudTrail

Q730.Which factors affect costs in the AWS Cloud? (Choose two.)

A. The number of unused AWS Lambda functions
B. The number of configured Amazon S3 buckets
C. Inbound data transfers without acceleration
D. Outbound data transfers without acceleration
E. Compute resources that are currently in use

Q731.A company wants to create templates that the company can reuse to deploy multiple AWS resources. Which AWS service or feature can the company use to meet this requirement?

A. AWS Marketplace
B. Amazon Machine Image (AMI)
C. AWS CloudFormation
D. AWS OpsWorks

Q732.Which of the following enables users to leverage the power of AWS services programmatically?

A. AWS Command Line Interface (AWS CLI)
B. AWS Trusted Advisor
C. AWS CodeDeploy
D. AWS Management Console

Q733.Which of the following are AWS Trusted Advisor support categories? (Choose two.)

A. Operational excellence
B. Cost optimization
C. Security
D. Well-Architected Framework
E. Rightsizing

Q734.Which AWS service or feature is used to troubleshoot network connectivity issues between Amazon EC2 instances?

A. AWS Certificate Manager (ACM)
B. Internet gateway
C. VPC Flow Logs
D. AWS CloudHSM

Q735.A company needs to monitor and forecast AWS costs and usage. The company also must set event-driven alert notifications that occur if spending limits are exceeded. Which AWS service or tool should the company use to meet these requirements?

A. AWS Budgets
B. Amazon CloudWatch
C. AWS Config
D. AWS Service Catalog

Q736.Which AWS service or feature for technical assistance is available to a user who has the AWS Basic Support plan?

A. AWS senior support engineers
B. AWS technical account manager (TAM)
C. AWS Trusted Advisor
D. AWS Discussion Forums

Q737.A company is planning to host a large ecommerce application in the AWS Cloud. The company must create an architecture that provides protection against network-based security issues, such as DDoS attacks. Which AWS services should the company use to meet this requirement? (Choose two.)

A. Amazon Inspector
B. Amazon GuardDuty
C. Amazon CloudFront
D. AWS Shield
E. AWS Identity and Access Management (IAM)

Q738.What is the LEAST expensive AWS Support plan that provides 24-hour access to AWS customer service and AWS communities?

A. AWS Enterprise Support
B. AWS Business Support
C. AWS Developer Support
D. AWS Basic Support

Q739.A retail company wants to provision only the necessary amount of resources to handle the current demand. Which cloud benefit is the company trying to achieve with this goal?

A. Reliability
B. Global reach
C. Scalability
D. High availability

Q740.Which AWS feature grants temporary access to specific AWS resources?

A. AWS IAM Access Analyzer
B. Service control policies (SCPs)
C. Access control lists (ACLs)
D. IAM roles

Q741.A company has all of its servers in the us-east-1 Region. The company is considering the deployment of additional servers in a different Region. Which AWS tool should the company use to find pricing information for other Regions?

A. Cost Explorer
B. AWS Budgets
C. AWS Purchase Order Management
D. AWS Pricing Calculator

Q742.A company has decided to migrate its production workloads to the AWS Cloud.
Which actions can help reduce operational costs as part of the migration? (Choose two.)

A. Reduce over provisioned instances.
B. Rehost all third-party licenses on AWS.
C. Implement a highly available architecture.
D. Use managed services.
E. Improve application security.

Q743.Which AWS services or features give users the ability to create a network connection between two VPCs? (Choose two.)

A. VPC endpoints
B. Amazon Route 53
C. VPC peering
D. AWS Direct Connect
E. AWS Transit Gateway

Q744.A company needs to send time-critical messages to multiple subscribers through a push mechanism. Which AWS service should the company use?

A. Amazon Kinesis
B. Amazon MQ
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon Simple Notification Service (Amazon SNS)

Q745.According to the AWS shared responsibility model, who is responsible for the virtualization layer down to the physical security of the facilities in which AWS services operate?

A. It is the sole responsibility of the customer.
B. It is the sole responsibility of AWS.
C. It is a shared responsibility between AWS and the customer.
D. The customer’s AWS Support plan tier determines who manages the configuration.

Q746.A company has a managed IAM policy that does not grant the necessary permissions for users to accomplish required tasks. How can this be resolved?

A. Enable AWS Shield Advanced
B. Create a custom IAM policy
C. Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace
D. Use AWS Key Management Service (AWS KMS) to create a customer-managed key

Q747.Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.)

A. AWS VPN
B. Elastic Load Balancing
C. AWS Direct Connect
D. VPC peering
E. Amazon CloudFront

Q748.Which task is the customer’s responsibility, according to the AWS shared responsibility model?

A. Maintain the security of the AWS Cloud.
B. Configure firewalls and networks.
C. Patch the operating system of Amazon RDS instances.
D. Implement physical and environmental controls.

Q749.Which AWS service is a relational database compatible with MySQL and PostgreSQL?

A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Neptune

Q750.When an Amazon EC2 instance is terminated, which AWS service can identify the user that made the API call?

A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS X-Ray
D. AWS Identity and Access Management (IAM)

Q751.Making frequent, small, reversible changes is a design principle of which pillar of the AWS Well-Architected Framework?

A. Reliability
B. Operational excellence
C. Performance efficiency
D. Cost optimization

Q752.When using Amazon RDS, what is the customer responsible for?

A. Patching and maintenance of the underlying operating system.
B. Managing automatic backups of the database.
C. Controlling network access through security groups.
D. Replacing failed instances in the event of a hardware failure.

Q753.If a user has an AWS account with an Enterprise-level AWS Support plan, who is the primary point of contact for billing or account inquiries?

A. Solutions architect
B. AWS Concierge Support team
C. An AWS Marketplace seller
D. AWS Partner Network (APN) partner

Q754.Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model?

A. IAM access and secret keys are static, so there is no need to rotate them.
B. The customer is responsible for rotating keys.
C. AWS will rotate the keys whenever required.
D. The AWS Support team will rotate keys when requested by the customer.

Q755.A company is moving its on-premises key-value database to the AWS Cloud. Which AWS service will support this use case?

A. Amazon RDS
B. Amazon ElastiCache
C. Amazon DynamoDB
D. Amazon Redshift

Q756.A user should contact the AWS Abuse team to report which situations? (Choose two.)

A. A DDoS attack is being made on an AWS resource.
B. A SQL injection attack is being made from an IP address that is not an AWS address.
C. AWS resources are being used to host objectionable or illegal content.
D. A company’s resources are being used in a way that is inconsistent with corporate policy.
E. A company is receiving HTTPS requests on a web server that is serving HTTP.

Q757.A user can optimize Amazon EC2 costs by performing which of the following tasks? (Choose two.)

A. Implementing Auto Scaling groups to add and remove instances based on demand.
B. Creating a policy to restrict IAM users from creating new instances.
C. Setting a budget to limit spending on EC2 instances using AWS Budgets.
D. Purchasing Reserved Instances.
E. Adding EC2 instances to a second AWS Region that is geographically close to the end users.

Q758.Which task is shared between AWS and the customer, according to the AWS shared responsibility model?

A. Physical and environmental controls
B. Server hardware management and encryption
C. Application security
D. Patch management and configuration management

Q759. How quickly an Amazon EC2 instance can be restarted

A. The ability to rightsize resources as demand shifts
B. The maximum amount of RAM an Amazon EC2 instance can use
C. The pay-as-you-go billing model
D. How easily resources can be produced when they are needed

Q760.AWS Trusted Advisor can monitor and provide advice on what characteristics of an AWS account? (Choose two.)

A. Compliance with security best practices
B. Application performance
C. Network utilization
D. Cost optimization
E. Compliance status

Q761.Which AWS service or feature can help a company determine if it has Amazon S3 buckets that are publicly available?

A. AWS Service Health Dashboard
B. Amazon CloudWatch Logs
C. AWS Trusted Advisor
D. AWS Service Catalog

Q762.Which statement explains the benefit of agility in the AWS Cloud?

A. Agility gives users the ability to host applications in multiple AWS Regions around the world.
B. Agility gives users the ability to pay upfront to reduce cost.
C. Agility provides customizable physical hardware at the lowest possible cost.
D. Agility provides the means for users to provision resources in minutes.

Q763.Which AWS services or features provide high availability and low latency by enabling failover across different AWS Regions? (Choose two.)

A. Amazon Route 53
B. Network Load Balancer
C. Amazon S3 Transfer Acceleration
D. AWS Global Accelerator
E. Application Load Balancer

Q764.Which tasks should a user perform if the user suspects that an AWS account has been compromised? (Choose two.)

A. Remove any multi-factor authentication (MFA) tokens.
B. Rotate and delete all AWS access keys.
C. Move resources to a different AWS Region.
D. Delete AWS CloudTrail resources.
E. Contact AWS Support.

Q765.Which duty is a responsibility of AWS under the AWS shared responsibility model?

A. Identity and access management (IAM)
B. Server-side encryption (SSE)
C. Firewall configuration
D. Maintaining physical hardware

Q766.A user wants to move legacy applications to the AWS Cloud to reduce the total cost. Which option is the MOST cost-effective according to best practices?

A. Rewrite the legacy applications in an open-source language, such as Python.
B. Right-size the Amazon EC2 instances to prevent over-provisioning in terms of compute and memory.
C. Migrate relational databases to Amazon DynamoDB.
D. Reserve a data center facility with an upfront payment, which provides an additional discount.

Q767.A user has an AWS Business Support plan and requires detailed billing information. Which AWS resource will help?

A. AWS Concierge Support
B. AWS Service Catalog
C. AWS Budgets
D. AWS Cost and Usage Report

Q768.Which options are available to a user who wants to contact AWS Support? (Choose two.)

A. Create an email case in the AWS Support Center.
B. Visit a local AWS Support Center.
C. Use live chat functionality.
D. Call the customer service phone number.
E. Use the video conference functionality of the AWS Support console.

Q769.Which AWS Trusted Advisor checks are available to users with AWS Basic Support? (Choose two.)

A. Service limits
B. High utilization Amazon EC2 instances
C. Security groups ג€” specific ports unrestricted
D. Load balancer optimization
E. Large number of rules in an EC2 security groups

Q770.Which phase describes agility as a benefit of building in the AWS Cloud?

A. The ability to pay only when computing resources are consumed, based on the volume of resources that are consumed
B. The ability to eliminate guessing about infrastructure capacity needs
C. The ability to support innovation through a reduction in the time that is required to make IT resources available to developers
D. The ability to deploy an application in multiple AWS Regions around the world in minutes

Q771.A company has infrastructure in one AWS Region and is expanding operations to a second AWS Region. The company is using the same AWS CloudFormation template in the second Region that the company uses in the original Region. The company attempts to launch Amazon EC2 On-Demand Instances in the second
Region and receives error messages. What could cause these error messages?

A. A new EC2 key pair has not been created for the EC2 instances.
B. The requested EC2 instance types are not available in the second Region.
C. The company cannot operate in a second Region until it updates its AWS contract.
D. The company has not configured AWS Budgets to monitor the budget for the EC2 instances.

Q772.A company is launching a new application in the AWS Cloud. The application will run on an Amazon EC2 instance. More EC2 instances will be needed when the workload increases. Which AWS service or tool can the company use to launch the number of EC2 instances that will be needed to handle the workload?

A. Elastic Load Balancing
B. Amazon EC2 Auto Scaling
C. AWS App2Container (A2C)
D. AWS Systems Manager

Q773.A company wants to eliminate the need to guess infrastructure capacity before deployments. The company also wants to spend its budget on cloud resources only as the company uses the resources. Which advantage of the AWS Cloud matches the company’s requirements?

A. Reliability
B. Global reach
C. Economies of scale
D. Pay-as-you-go pricing

Q774.What does the AWS Cloud provide to increase the speed and agility of execution for customers? (Choose two.)

A. Readily available resources with low provisioning times
B. Scalable compute capacity
C. Free Tier services usage
D. Access to AWS data centers
E. Lower resource provisioning cost

Q775.Which security-related task is the responsibility of the customer in the AWS Cloud?

A. Securing infrastructure at data centers
B. Maintaining firewall configurations at a hardware level
C. Maintaining networking among hardware components
D. Maintaining server-side encryption

Q776.Which security credentials are required to run commands by using the AWS Command Line Interface (AWS CLI)?

A. Access Key ID and Secret Access Key
B. AWS root user email and password
C. Amazon Elastic Compute Cloud (Amazon EC2) key pairs
D. AWS Identity and Access Management (IAM) user name and password

Q777.A web developer has limited knowledge of AWS networking services such as Amazon VPC, Elastic Load Balancing, and Auto Scaling, but wants to host a highly available web application. Which AWS service would automatically handle the deployment and reduce the complexity for the developer?

A. AWS CodeDeploy
B. AWS Resource Access Manager
C. AWS Elastic Beanstalk
D. AWS CloudFormation

Q778.A company wants to route its traffic directly and privately to a VPC without going over the public internet. Which connectivity option provides this capability?

A. AWS VPN
B. AWS Direct Connect
C. VPC NAT gateway
D. VPC internet gateway

Q779.A company wants to build an application for a new line of business. According to the AWS Well-Architected Framework, what design principles should be implemented? (Choose two.)

A. Consolidate multiple AWS accounts into a single account.
B. Buy and host hardware in the AWS Cloud.
C. Decouple the AWS Cloud architecture to break up monolithic deployments.
D. Move on-premises network hardware to VPCs.
E. Design elasticity into the AWS Cloud design.

Q780.Which credentials used to sign in to the AWS Management Console meet security best practices? (Choose two.)

A. An access key
B. Multi-factor authentication
C. X.509 certificates
D. A secret key
E. User name and password