Amazon Exam Practice Questions

Amazon Practice Questions, Discussions & Exam Topics by our Authors

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet be...

To assess application vulnerabilities and identify infrastructure deployments that do not meet best practices, let's evaluate the AWS services mentioned in the question based on their functionality, effort, time, cost, and key factors: 1. AWS Trusted Advisor - Functionality: AWS Trusted Advisor provides real-time guidance to help optimize AWS environments based on best practices in areas such as cost optimization, security, fault tolerance, and performance. However, it focuses more on general best practices for AWS services and infrastructure rather than specifically targeting application vulnerabilities. - Effort: Minimal setup and configuration, as it integrates with AWS accounts and provides recommendations. - Time: Trusted Advisor gives results almost instantly after an AWS environment is scanned. - Cost: Trusted Advisor offers limited free checks, but advanced checks (such as security and performance) require a Business or Enterprise Support plan. - Limitations: It is not specifically focused on assessing application vulnerabilities or identifying security-related issues in applications. Rejected: Not a perfect fit for assessing application vulnerabilities and infrastructure deployments related to security. 2. Amazon Inspector - Functionality: Amazon Inspector is specifically designed for automated security assessments of applications deployed on EC2 instances. It scans for vulnerabilities, security risks, and deviations from best practices in your application environment, making it the best fit for identifying vulnerabilities in applications and infrastructure. - Effort: Moderate effort required for configuring and running assessments on EC2 instances, setting up assessment targets, and applying security rules. - Time: Fast vulnerability scanning; the time depends on the size and complexity of the EC2 instances. - Cost: Amazon Inspector charges based on the number of assessments performed. Costs may vary depending on the frequency and scope of the assessments. - Advantages: It directly addresses the need to assess application vulnerabilities, which is the main requirement of the question. Selected: The best service to assess application vulnerabilities and infrastructur...

Author: Noah · Last updated May 15, 2026

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance ben...

Given the scenario of a centralized group of users with large file storage requirements that have exceeded on-premises space and need to retain the performance benefit of sharing content locally, we will evaluate each option based on its operational efficiency, performance, cost, and scalability. A) Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility. - Explanation: While Amazon S3 is a cost-effective and scalable object storage service, it is not designed to be a high-performance file system for scenarios requiring fast, low-latency access with file-level operations. Using a mounting utility (like S3FS) is a possible solution, but it can introduce latency and lack performance when accessing large files or working with file-based applications, making it unsuitable for performance-sensitive use cases. - Why rejected: S3's object storage is not ideal for high-performance file sharing in this case, as it is not optimized for fast, local-like access to large files and shared work environments. B) Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway. - Explanation: The AWS Storage Gateway file gateway is an excellent solution for extending on-premises file storage capabilities to the cloud. It provides local caching for frequently accessed data, ensuring that users experience low-latency access to files while still benefiting from scalable cloud storage. It offers the advantage of retaining on-premises performance with the ability to scale to the cloud as storage needs grow. This approach would allow for centralized storage that is easy to manage and efficiently scale. - Why selected: This option is the most operationally efficient. It balances performance with scalability by allowing users to continue using local file systems (via SMB or NFS) while integrating seamlessly with scalable cloud storage in Amazon S3. The local caching feature enhances performance for frequently accessed files, and the solution is simple to deploy and maintain. C) Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account...

Author: Kunal · Last updated May 15, 2026

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon...

To evaluate how an Amazon EC2 instance should access an S3 bucket while adhering to security best practices, we need to consider factors such as security, effort, time, cost, and scalability. Option A: Hard code an IAM user’s secret key and access key directly in the application, and upload the file. - Security risk: Hard coding the IAM user’s access key and secret key in the application is considered highly insecure because these credentials can be exposed if the source code is accessed, leading to potential data leaks or unauthorized access. - Maintenance effort: The credentials would need to be updated manually if they are ever compromised or rotated. - Cost: There are no direct costs to this option, but the potential for security breaches can incur significant costs. - Why rejected: This is not a secure practice. AWS best practices emphasize avoiding the embedding of credentials in applications or code. Option B: Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file. - Security risk: Storing IAM credentials in a text file on the EC2 instance still represents a major security risk. If the instance is compromised, the credentials can be extracted from the file, leading to unauthorized access to the S3 bucket. - Maintenance effort: Like option A, the credentials would need to be rotated periodically and managed manually, which increases the maintenance burden. - Cost: No additional cost, but potential security issues may lead to significant indirect costs. - Why rejected: This is also not a secure practice and contradicts best practices regarding key management. Option C: Have the EC2 instance assume a role to obt...

Author: Jack · Last updated May 15, 2026

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibi...

When using Amazon DynamoDB under the AWS Shared Responsibility Model, it’s important to understand the distinction between the responsibilities of AWS (the provider) and the customer. The shared responsibility model divides the security and management tasks between AWS and the customer. Option A: Physical security of DynamoDB - AWS Responsibility: AWS is responsible for the physical security of the data centers that host its services, including DynamoDB. This includes protecting the physical infrastructure, access control, and the environment in which the hardware operates. - Why rejected: Since physical security of the infrastructure is managed by AWS, this is not the customer's responsibility. Option B: Patching of DynamoDB - AWS Responsibility: AWS is responsible for maintaining and patching the underlying infrastructure and services of DynamoDB, ensuring that they are up to date with security updates and performance improvements. - Why rejected: Since AWS manages and patches DynamoDB's infrastructure, customers are not responsible for this aspect. Option C: Access to DynamoDB tables - Customer Responsibility: Customers are responsible for managing and controlling access to their DynamoDB tables. This includes setting up...

Author: Aarav2020 · Last updated May 15, 2026

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Fram...

The AWS Cloud Adoption Framework (AWS CAF) is a comprehensive framework designed to help organizations plan and execute their cloud adoption strategy. It focuses on foundational capabilities that guide organizations through different stages of cloud adoption, from strategy and planning to operational management. The framework is organized into six perspectives: business, people, process, platform, security, and operations. Let's analyze each option to determine which is a foundational capability within AWS CAF. Option A: "Sustainability" - Analysis: While sustainability is becoming an increasingly important factor in cloud adoption and is a focus for AWS, it is not a core foundational perspective of the AWS CAF. Sustainability in the cloud is often addressed by practices like efficient resource utilization, optimizing carbon footprints, and reducing waste. However, it’s not a primary perspective in the AWS CAF framework. - Why rejected: Sustainability is an evolving area but not part of the foundational perspectives in the AWS CAF. - Scenario where it might be used: This would be relevant in scenarios where environmental impact and long-term ecological considerations are primary concerns. Option B: "Performance efficiency" - Analysis: Performance efficiency is a key design principle in the AWS Well-Architected Framework but is not one of the foundational perspectives in the AWS CAF. It focuses on optimizing and scaling applications to ensure that resources are efficiently utilized, but it's more related to technical considerations, which are part of platform and operational perspectives. - Why rejected: Although performance efficiency is crucial for cloud operations, it is not categorized as a foundational perspective within the AWS CAF. - Scenario where it might be used: Best suited for guiding technical teams i...

Author: Sophia Clark · Last updated May 15, 2026

A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, a...

When the company is running and managing its own Docker environment on Amazon EC2 instances, they are looking for an alternative solution that can help with cluster size management, scheduling, and environment maintenance. Let’s evaluate each AWS service option based on these requirements. A) AWS Lambda Explanation: AWS Lambda is a serverless computing service that runs code in response to events, automatically scaling without the need for managing infrastructure. However, Lambda is not suitable for managing Docker containers directly. It’s focused on running small, event-driven functions rather than managing clusters, container scheduling, or maintenance. - Effort: Low for serverless function execution but not relevant for container management. - Cost: Lambda charges based on the number of requests and execution time, which makes it cost-effective for event-driven applications, but it does not fit the use case for managing Docker environments. Rejected: Lambda is not the right choice because it doesn’t provide cluster management or container orchestration. B) Amazon RDS Explanation: Amazon RDS is a managed database service that simplifies database provisioning, patching, backups, and scaling. While it manages databases efficiently, it does not provide features for managing Docker clusters or containerized environments. - Effort: Low for database management, but not applicable for container environments. - Cost: Pricing depends on the database instance type and usage, but it does not apply to container orchestration needs. Rejected: RDS is specific to databases and does not support container management or environment maintenance. C) AWS Fargate Explanation: AWS Fargate is a fully managed container service that works with Amazon ECS (Elastic Container Service) or Amaz...

Author: FrozenWolf2022 · Last updated May 15, 2026

A company wants to run a NoSQL database on Amazon EC2 instances.Which task is the responsibility of ...

In the scenario where a company wants to run a NoSQL database on Amazon EC2 instances, the task that is the responsibility of AWS is: C) Patch the physical infrastructure that hosts the EC2 instances. Reasoning: 1. A) Update the guest operating system of the EC2 instances: This is the responsibility of the company, as it involves managing the operating system on the EC2 instances themselves, including installing updates, patches, and configuring the OS for the NoSQL database to work properly. AWS does not handle software or OS management inside EC2 instances. 2. B) Maintain high availability at the database layer: AWS provides the underlying infrastructure and services (like EC2 instances), but maintaining high availability at the database layer (such as replication or failover mechanisms within the database) is the responsibility of the company. The company must configure this for the NoSQL database. While AWS offers features to help with availability (e.g., using multiple Availability Zones), it does not manage database-specific features such as replication. 3. C) Patch the physical infrastructure that hosts the EC2 instances: This is the correct answer because AWS is responsible for maintaining the physical infrastructure, including the hardware, networking, and other elements...

Author: SolarFalcon11 · Last updated May 15, 2026

Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose...

To identify rightsizing opportunities for Amazon EC2 instances, it is crucial to evaluate the current instance configurations in terms of their resource utilization and optimize them based on usage patterns. Let's examine the provided options in the context of this requirement: A) AWS Cost Explorer - AWS Cost Explorer provides detailed reports and analysis of AWS costs and usage. It helps identify cost trends and insights but does not focus directly on identifying rightsizing opportunities for EC2 instances. - Why rejected: While useful for cost management, Cost Explorer is more focused on overall cost analysis rather than EC2 resource optimization or rightsizing. It cannot suggest specific EC2 instance changes based on performance or utilization. B) AWS Billing Conductor - AWS Billing Conductor enables users to manage AWS billing and create custom pricing plans for AWS services. It is geared toward managing and customizing billing for AWS services, not specifically for rightsizing EC2 instances. - Why rejected: This tool is intended for billing management and doesn’t provide any direct functionality for identifying rightsizing opportunities. C) Amazon CodeGuru - Amazon CodeGuru is a developer tool designed to automatically review code for quality and security issues. It helps developers identify inefficiencies in code and offers recommendations for improvements. - Why rejected: While Amazon CodeGuru is ...

Author: Aria · Last updated May 15, 2026

Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

AWS Trusted Advisor is a tool that provides real-time guidance to help AWS users follow best practices for cost optimization, security, performance, and fault tolerance. The benefits it offers are tied to optimizing AWS resources and ensuring a more efficient and secure cloud environment. Option A: Providing high-performance container orchestration - AWS Services: Container orchestration (e.g., Amazon ECS, Amazon EKS) is a separate AWS service and not a direct feature of AWS Trusted Advisor. Trusted Advisor does not provide orchestration of containers; instead, it gives recommendations for optimizing resources like EC2 instances, S3 storage, and security best practices. - Why rejected: Trusted Advisor does not provide high-performance container orchestration. This is not within its scope of capabilities. Option B: Creating and rotating encryption keys - AWS Services: Key creation and rotation are tasks managed by AWS Key Management Service (KMS), not by Trusted Advisor. Trusted Advisor offers recommendations on security best practices, but it does not directly create or rotate encryption keys. - Why rejected: Trusted Advisor is not involved in creating or managing encryption keys. This is a specific responsibility of AWS KMS. Option C: Detecting underutilized resources to save costs - Cost Optimization: One of the key benefits of AWS Trusted Advisor is its ability to detect underutilized resources, such as idle EC2 instances or oversized instances. By identifying these underutilized resources, Trusted Advisor helps organizations save on unnecessary costs by suggesting ways to dow...

Author: MoonlitPantherX · Last updated May 15, 2026

Which of the following is an advantage that users experience when they move on-premises workloads to...

When moving on-premises workloads to the AWS Cloud, users experience a variety of benefits. The decision to move workloads to the cloud is driven by the desire to take advantage of scalable infrastructure, cost savings, and reduced operational overhead. We need to analyze each option to determine the most relevant advantage. Option A: Elimination of expenses for running and maintaining data centers - Cost: One of the most significant benefits of moving workloads to AWS is the reduction of costs related to maintaining physical data centers. Users no longer need to spend money on hardware, power, cooling, physical security, or the management of on-premises infrastructure. - Time and Effort: Managing a data center requires significant resources, including personnel for maintenance, hardware upgrades, and troubleshooting. By migrating to AWS, users free up these resources and reduce the complexity of infrastructure management. - Why selected: This is one of the primary advantages of moving to the cloud, as it directly addresses the cost and operational complexity of running a physical data center. Option B: Price discounts that are identical to discounts from hardware providers - Cost: AWS offers pricing models like Reserved Instances or Savings Plans that can help reduce cloud costs over time. However, price discounts in the cloud may not always directly compare to traditional hardware provider discounts, as the models of cost and purchase are different. AWS provides cost savings based on usage, not hardware discounts. - Why rejected: While AWS offers discounts for long-term commitments, the ...

Author: Rohan · Last updated May 15, 2026

A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.W...

To meet the requirement of managing deployed IT services and governing infrastructure as code (IaC) templates, we need to evaluate the capabilities of each AWS service in the context of infrastructure management and governance. A) AWS Resource Explorer - Explanation: AWS Resource Explorer is a service that allows you to search and view AWS resources across your AWS environment. While it can help find resources and assist in resource management, it does not focus on managing or governing infrastructure as code templates. - Why rejected: This service is more suited for discovering and viewing resources rather than managing or governing infrastructure deployments, making it unsuitable for the requirement of managing IaC templates. B) AWS Service Catalog - Explanation: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. It helps to manage and govern deployed IT services by ensuring that only approved configurations are used, and it can also manage IaC templates for deploying infrastructure in a controlled way. - Why selected: This service is directly aligned with the requirement to govern and manage infrastructure as code templates. With AWS Service Catalog, organizations can define and manage resources through templates, ensuring that deployed services are compliant with internal policies. Service Catalog provides governance, control, and versioning, which is essential for managing IaC templates. C) AWS Organizations - Explanation: AWS O...

Author: Benjamin · Last updated May 15, 2026

Which AWS service or tool helps users visualize, understand, and manage spending and usage over time...

To address the question regarding the AWS service or tool that helps users visualize, understand, and manage spending and usage over time, let's break down the options based on various factors like service capabilities, purpose, and features: A) AWS Organizations: AWS Organizations helps in managing and consolidating multiple AWS accounts within an organization. While it allows for consolidated billing and can help optimize costs across accounts, it does not primarily focus on visualizing or managing spending and usage over time. Instead, it’s more geared toward managing multiple accounts, applying organizational policies, and streamlining account administration. B) AWS Pricing Calculator: The AWS Pricing Calculator is a tool used to estimate the cost of services based on expected usage, helping users calculate costs before deployment. While it is a helpful tool for planning and budgeting, it does not provide ongoing visualization or analysis of past usage or spending over time. It’s more of a one-time cost estimation tool than a tool for managing ongoing usage. C) AWS Cost Explorer: AWS Cost Explorer is specifically designed to help users visualize, understand, and manage their AWS spending and usage over time. It pro...

Author: Zara · Last updated May 15, 2026

A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.Which combinat...

To meet the requirements of discovering, transforming, and visualizing data in a central data platform, the company needs AWS services that enable efficient data processing, storage, and visualization. Let's evaluate each option in the context of these needs: A) AWS Glue - AWS Glue is a fully managed ETL (Extract, Transform, Load) service that helps discover, catalog, and transform data. It automates the data discovery process, allowing users to extract data from various sources, perform transformations, and load it into data storage systems. AWS Glue is a powerful service for transforming and cataloging data in a central data platform. - Why selected: AWS Glue is highly suitable for data transformation and discovery, making it an excellent choice for the first part of the requirement (discovering and transforming data). It can automate and streamline ETL workflows, which is essential for managing customer data efficiently. B) Amazon Elastic File System (Amazon EFS) - Amazon EFS is a scalable file storage service for use with AWS Cloud services and on-premises resources. While it provides a central storage repository, it does not directly handle the discovery, transformation, or visualization of data. EFS is more of a storage solution rather than a data processing or visualization tool. - Why rejected: Amazon EFS is primarily used for file storage and does not provide the necessary capabilities for discovering, transforming, or visualizing data as required by the company. C) Amazon Redshift - Amazon Redshift is a fully managed data warehouse service that can store large volumes of structured data and perform complex queries to analyze and visualize data. It’s a strong choice for storing and analyzing large datasets an...

Author: Aarav2020 · Last updated May 15, 2026

A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with...

To determine which AWS service or resource would best meet the requirements for a global company migrating third-party applications to the AWS Cloud, we need to assess the key factors in the question: migration, global team of experts, speed, reliability, and AWS internal best practices. Option Analysis: A) AWS Support: AWS Support provides a range of support plans that offer access to resources for troubleshooting and resolving technical issues, but it doesn't focus on completing migrations. AWS Support plans help with general technical guidance and issue resolution, but they do not offer dedicated migration services, a global team of experts, or a focus on accelerating the migration process in line with best practices. B) AWS Professional Services: AWS Professional Services is a team of global AWS experts who provide specialized guidance to help businesses with their cloud migration and adoption journey. They help customers design, architect, and implement solutions, often working directly with clients to accelerate migrations. This service aligns well with the company's needs for a global team of experts to migrate third-party applications faster and more reliably. AWS Professional Services uses AWS best practices and accelerates migrations by leveraging extensive expertise in migration projects. C) AWS Launch Wizard: AWS Launch Wizard is a service that automates the deployment of specific workloads (like SAP or Microsoft SQL Server) onto AWS. It provides a step-by-step wiz...

Author: Lucas Carter · Last updated May 15, 2026

An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoi...

To determine which EC2 purchasing option would meet the requirements of running an e-learning platform application for 2 months each year, with a focus on avoiding downtime during the 2-month period, we need to consider factors such as cost-effectiveness, application downtime, duration of usage, and availability. Option Analysis: A) Reserved Instances: Reserved Instances (RIs) provide a significant discount (up to 75%) compared to On-Demand pricing, but they require a commitment to a specific instance type, region, and term (1 or 3 years). RIs are ideal for workloads with predictable and long-term usage. Since the application runs only for 2 months each year, purchasing Reserved Instances may not be cost-effective. The unused capacity for the remaining 10 months would still incur charges, which means this option is not optimal for a short-term, seasonal workload. B) Dedicated Hosts: Dedicated Hosts provide physical servers dedicated to your use. They are primarily used for compliance or licensing requirements that mandate physical isolation of workloads. Dedicated Hosts are generally more expensive than other EC2 purchasing options and would not be suitable for a seasonal application. The added cost and the potential underutilization of the physical servers make this option inefficient for a short, 2-month workload. C) Spot Instances: Spot Instances offer significant cost savings (up to 90%) compared to On-Demand pricing by allowing you to bid for unused EC2 capacity. However, Spot Instances are not guaranteed and can be interrupted by A...

Author: IceDragon2023 · Last updated May 15, 2026

A developer wants to deploy an application quickly on AWS without manually creating the required resources....

To determine which AWS service best meets the requirement of deploying an application quickly without manually creating the required resources, we need to consider automation, deployment speed, and ease of use. Option Analysis: A) Amazon EC2: Amazon EC2 provides virtual servers (instances) to run applications, but it requires the developer to manually configure and set up the necessary infrastructure, such as networking, storage, and load balancing. This would involve significant effort and time for setting up the required resources, making it less suitable for quick and automated deployment without manual intervention. B) AWS Elastic Beanstalk: AWS Elastic Beanstalk is a platform-as-a-service (PaaS) offering that allows developers to deploy and manage applications quickly without having to worry about provisioning infrastructure. Elastic Beanstalk automatically handles resource creation, scaling, load balancing, and monitoring. Developers simply upload their application code, and Elastic Beanstalk takes care of deploying the application and provisioning the necessary resources (EC2 instances, load balancers, etc.). This makes it an ideal choice for quick application deployment without manual configuration. C) AWS CodeBuild: AWS CodeBuild is a fully managed build service used for continuous integration (CI) and continuous de...

Author: Deepak · Last updated May 15, 2026

A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.Wh...

To meet the requirement of protecting sensitive customer data in an Amazon S3 bucket from accidental deletion or overwriting, the best approach is to use a feature that specifically addresses data protection, ensuring that no data can be unintentionally lost or modified. Option Analysis: A) S3 Lifecycle rules: S3 Lifecycle rules allow you to automate the transition of objects between different storage classes or set expiration dates to automatically delete objects after a certain period. While Lifecycle rules help with data management and cost optimization, they do not provide protection against accidental deletion or overwriting. In fact, lifecycle rules can be set to delete objects after a certain time, which could lead to unintentional data loss. B) S3 Versioning: S3 Versioning enables the ability to preserve, retrieve, and restore every version of every object in an S3 bucket. With Versioning enabled, even if an object is accidentally deleted or overwritten, previous versions of the object can still be recovered. This provides an excellent mechanism to protect data from accidental deletion or overwriting, as every change creates a new version, allowing for the restoration of the object to its previous state. C) S3 bucket policies: S3 bucket policies allow you to define access control rules for S3 buckets, such as who...

Author: Akash · Last updated May 15, 2026

Which AWS service provides the ability to manage infrastructure as code?

When considering the ability to manage infrastructure as code (IaC), the primary factor to evaluate is how well the service allows you to define, provision, and manage infrastructure using code or configuration files. Below is the reasoning for each option: A) AWS CodePipeline Explanation: AWS CodePipeline is a continuous integration and continuous delivery (CI/CD) service that automates the build, test, and deploy phases of application development. While it helps in automating application workflows, it does not directly manage infrastructure as code. It is focused on automating software delivery pipelines rather than defining and provisioning infrastructure. Rejected: This service is more suitable for automating application deployment pipelines, not managing infrastructure. B) AWS CodeDeploy Explanation: AWS CodeDeploy is a service for automating code deployment to various compute resources, including Amazon EC2 instances, Lambda functions, and on-premises servers. While it facilitates the deployment of code, it does not manage infrastructure itself, which is a key aspect of infrastructure as code. Rejected: CodeDeploy is more focused on code deployment and automation, rather than provisioning and managing infrastructure resources. C) AWS Direct Connect Ex...

Author: Noah Williams · Last updated May 15, 2026

An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without ...

The online gaming company requires a purchasing option for Amazon EC2 instances that will be cost-effective while ensuring that the instances are available without disruption for a year, and traffic increases are predictable. Let’s analyze each option based on the company's needs: A) On-Demand Instances Explanation: On-Demand Instances allow you to pay for compute capacity by the hour with no long-term commitments. While this provides flexibility and no upfront costs, it tends to be the most expensive option compared to other purchasing models if the instances are required for a long duration like one year. Since the company has predictable traffic, using On-Demand Instances would not be the most cost-effective option for long-term, consistent usage. Rejected because: Higher cost for consistent, predictable workloads over a year, which makes it less cost-effective. B) Reserved Instances Explanation: Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing in exchange for committing to use a specific instance type in a specific region for a one- or three-year term. Given that the web traffic is consistent and predictable, this purchasing option is ideal for long-term use as it guarantees the instances will be available without disruption. The upfront payment for Reserved Instances also ensures a lower total cost compared to On-Demand Instances, and the company will have the flexibility to choose between Standard or Convertible Reserved Instances based on potential future needs. Selected because: Reserved Instances offer significant savings for consistent and predictable workloads over a year while guarante...

Author: Rahul · Last updated May 15, 2026

Which AWS service or feature allows a user to establish a dedicated network connection between a company=E2=8...

Scenario Breakdown: The question asks for the AWS service or feature that allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud. Option Evaluation: --- A) AWS Direct Connect - How it fits: AWS Direct Connect allows a company to establish a dedicated, physical network connection between the on-premises data center and the AWS Cloud. This option is ideal for companies that need high-bandwidth, low-latency, and secure connections to AWS, and it supports various AWS services. Direct Connect is the correct choice when you need dedicated network connectivity rather than relying on the public internet. - Best Fit: Direct Connect is specifically designed to meet this need of establishing a dedicated network connection. --- B) VPC Peering - Rejection: VPC Peering allows communication between two VPCs, either within the same AWS region or across regions. It doesn't provide a dedicated physical network connection between an on-premises data center and the AWS Cloud. VPC peering is useful for internal AWS networking but does not address the requirement for a dedicated connection from on-premises to the cloud. - Not Suitable: VPC Peerin...

Author: Noah Williams · Last updated May 15, 2026

Which option is a physical location of the AWS global infrastructure?

The question asks for the physical location of the AWS global infrastructure. Let's analyze the options: A) AWS DataSync Explanation: AWS DataSync is a data transfer service that simplifies and accelerates moving large amounts of data between on-premises storage and AWS, or between AWS storage services. While it helps with data transfer, it is not a physical location within the AWS global infrastructure. Rejected because: It is a data transfer service, not a physical location. B) AWS Region Explanation: An AWS Region is a physical location around the world where AWS has data centers. Each AWS Region consists of multiple Availability Zones (AZs), which are isolated data centers within that Region. Regions are the physical locations in the AWS global infrastructure where services are deployed, making them the correct choice for this question. Selected because: An AWS Region is a physical location within the AWS global infrastructure, which meets the requirement specified in the question. C) Amazon Connect Explanation:...

Author: Sara · Last updated May 15, 2026

A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.Which pillar of ...

The question asks which pillar of the AWS Well-Architected Framework supports protecting information, systems, and assets while performing risk assessment and mitigation tasks. Let's analyze the options in this context: A) Reliability Explanation: The Reliability pillar focuses on ensuring that a system is able to recover from failures and meet customer expectations for uptime. It involves planning for failure, designing systems to be resilient, and automatically recovering from disruptions. While reliability is important for maintaining operational continuity, it does not directly address the specific goals of protecting information and performing risk assessments. Rejected because: Reliability focuses more on system resilience rather than risk assessment or protecting information. B) Security Explanation: The Security pillar of the AWS Well-Architected Framework is focused on protecting data, systems, and assets by implementing strong security practices, risk assessments, and mitigation strategies. It emphasizes confidentiality, integrity, and availability (CIA), as well as identifying and managing risks. This directly aligns with the company's goals of protecting AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks. Selected because: Security is directly focused on the protection of information, systems, and assets, as well as risk mitigation and assessment, aligning with the company’s requirements. C) Operational Excellence Explanation: Th...

Author: NightmareDragon2025 · Last updated May 15, 2026

What is the purpose of having an internet gateway within a VPC?

To evaluate the purpose of having an internet gateway within a VPC (Virtual Private Cloud), let's first clarify what an internet gateway is and how it interacts with VPCs and other AWS services. The internet gateway enables communication between instances in your VPC and the internet. With this in mind, let’s review each option: A) To create a VPN connection to the VPC Explanation: A VPN connection (Virtual Private Network) connects a VPC to an on-premises data center or remote network, allowing secure communication over the internet. This is not the primary role of an internet gateway. A VPN connection involves using VPN gateway services, not an internet gateway. The internet gateway does not facilitate VPN connections. Rejected: This is not the correct answer because VPN connections are unrelated to the role of an internet gateway, which focuses on internet connectivity. B) To allow communication between the VPC and the internet Explanation: The primary purpose of an internet gateway is to allow communication between resources within a VPC (such as Amazon EC2 instances) and the internet. The internet gateway routes traffic from the VPC to the internet and vice versa. It is essential for enabling instances to access web services, APIs, or other internet resources. Selected: This is the correct answer because the internet gateway’s main function is to provide connectivi...

Author: CrimsonViperX · Last updated May 15, 2026

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.Which...

The company plans to migrate its monolithic on-premises application to AWS, and divide it into microservices. The goal of this migration is to make the application more scalable and easier to maintain. Let’s analyze the best practices based on this goal: A) Integrate functional testing as part of AWS deployment Explanation: This best practice involves incorporating testing (like functional, integration, or unit testing) into the deployment pipeline to ensure that changes do not break existing functionality. While important for maintaining quality during deployment, it does not directly address the goal of breaking a monolithic application into microservices or making the system more scalable and maintainable. Rejected because: This practice focuses on testing, not the architectural transformation of the application into microservices. B) Use automation to deploy changes Explanation: Using automation to deploy changes helps streamline updates and reduces the risk of human error. While automation is essential for ensuring consistent and repeatable deployments, it does not specifically address the company’s goal of dividing a monolithic application into microservices. This is more about the deployment process than about scaling or restructuring the application architecture. Rejected because: Although important, automation does not focus on architectural changes like moving to microservices. C) Deploy the application to multiple locations Explanation: Deploying the application to multiple locations involves ensuring high availability and disaster recovery by distributing the application across different regions or availability zones. W...

Author: Amelia · Last updated May 15, 2026

A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes...

To meet the requirement of auditing password and access key rotation details for compliance purposes, we need to consider AWS services or tools that specifically provide auditing or reporting on IAM credentials (such as passwords and access keys). Let's analyze each option based on its capabilities, effort, cost, and time considerations: Analyzing Each Option: A) IAM Access Analyzer - Purpose: IAM Access Analyzer helps you identify resources in your account that are shared with external entities. It generates findings based on resource policies and helps you review IAM roles, permissions, and access patterns. - Audit for Passwords and Access Keys: IAM Access Analyzer does not provide information specifically about password or access key rotation. It is primarily concerned with access control and identifying unintended access to resources, not the auditing of credentials like passwords or access keys. - Conclusion: Not suitable for auditing password and access key rotation details. B) AWS Artifact - Purpose: AWS Artifact is a service that provides access to compliance reports and security and compliance documentation (such as SOC reports, ISO certifications, etc.). It is designed for accessing audit reports and regulatory compliance documents. - Audit for Passwords and Access Keys: AWS Artifact does not provide detailed auditing or reports on specific IAM credential activities, such as password or access key rotation. It focuses more on obtaining external compliance reports rather than internal security audits. - Conclusion: Not suitable for auditing password and access key rotation details. C) IAM Credential Report - Purpose: The IAM credential report is a built-in AWS feature that provides a detailed CSV report of all IAM users in the account, including information about their password and access key status. It includes data such as when passwords and access keys were last used, when they were last rotated, and whether they are active or inactive. - Audit for Passwords and Access Keys: The IAM credential report directly meets the requirement of auditing password and access key rotation ...

Author: Benjamin · Last updated May 15, 2026

A company wants to receive a notification when a specific AWS cost threshold is reached.Which AWS services or tools can th...

To receive a notification when a specific AWS cost threshold is reached, the company needs a solution that allows for monitoring and alerting based on AWS cost data. Let's examine each option: A) Amazon Simple Queue Service (Amazon SQS) - Amazon SQS is a fully managed message queue service. It is designed for decoupling microservices or distributed systems, enabling asynchronous communication. SQS can be used to send and receive messages, but it doesn’t have built-in cost monitoring or alerting functionality. - Why rejected: SQS is not designed for monitoring AWS costs or sending notifications based on thresholds. It could be used as part of a custom solution (e.g., triggering a process), but it's not the right tool by itself for this use case. B) AWS Budgets - AWS Budgets is a service designed to track your AWS costs and usage. It allows users to set custom cost and usage thresholds, and when these thresholds are breached, it can trigger notifications via email or SMS. - Why selected: AWS Budgets is specifically built to alert users when certain cost thresholds are reached. This service is directly aligned with the requirement to send notifications when a cost threshold is exceeded, making it a perfect fit for the scenario. C) Cost Explorer - Cost Explorer allows you to visualize, analyze, and explore AWS costs and usage over time. It provides detailed reports and can help identify cost trends and anomalies. However, it does not provide built-in alerting capabilities. - Why rejected: Cost Explorer is a powerful tool for analyzing costs, but it does not have the functionality to send notifications or alerts when a ...

Author: Olivia · Last updated May 15, 2026

Which AWS service or resource provides answers to the most frequently asked security-related questio...

To answer the most frequently asked security-related questions that AWS receives from its users, we need a service or resource that specifically provides answers, guidance, or documentation related to security topics. Let's analyze the available options. Detailed Explanation: 1. Option A: AWS Artifact AWS Artifact is a service that provides on-demand access to AWS's compliance reports and security and compliance documentation. It is primarily used to help customers with audits, compliance, and regulatory requirements, offering resources like certifications, SOC reports, and security documentation. While useful for compliance and security documentation, it is not specifically designed to answer frequently asked security-related questions. Therefore, it does not meet the specific requirement of answering FAQs. 2. Option B: Amazon Connect Amazon Connect is a cloud-based contact center service that enables companies to deliver customer service at scale. It helps set up a call center for customer support but is not focused on answering frequently asked security-related questions from users. This service is more suited to customer service and contact management, not security FAQs. Hence, it is not relevant to the task of providing answers to security-related questions. 3. Option C: AWS Chatbot AWS Chatbot is a service that integrates with messaging platforms like Slack and Amazon Chime to allow users to interact with AWS resources, receive notifications, and even execute AWS commands. While it can help automate alerts and interact with AWS services, it is not focused on answering security-related questions or providing general guidance on security best practices. It’s more about notifications and automation, not directly answering security FAQs. 4. Option D: AWS Knowledge Center AWS Knowledge Center is an online reso...

Author: Ahmed97 · Last updated May 15, 2026

Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose...

The AWS shared responsibility model divides the responsibilities of security and management between AWS (the provider) and the customer. While AWS manages the security of the cloud infrastructure, the customer is responsible for managing security within the cloud, including configuring and managing services and data. Let's go through each option and determine which tasks fall under the customer's responsibilities. Option A: Configure the AWS provided security group firewall Security groups are virtual firewalls that control inbound and outbound traffic to AWS resources, such as EC2 instances. The customer is responsible for configuring security groups to ensure that the right access controls are in place to protect their instances. - Effort: The customer must configure security groups properly, based on the desired network access. - Time: Configuration happens when setting up EC2 instances, and changes may be made as needed. - Cost: There is no direct cost for security group configuration, but improper configurations can lead to security vulnerabilities, potentially leading to indirect costs. - Other Key Factors: This is a clear responsibility of the customer in securing the resources in their AWS account. Scenario: This option is relevant when a customer wants to control and manage network access to their resources, like EC2 instances, and needs to configure security group rules. Option B: Classify company assets in the AWS Cloud The classification of assets, such as identifying sensitive data or classifying the importance of resources, is a responsibility that belongs to the customer. AWS provides the tools and services (like Amazon Macie) for this classification, but it is up to the customer to define the classification and manage it. - Effort: The customer must invest effort in defining policies and classifying their data. - Time: Depending on the scale of the company’s assets, this can take time to review and categorize data appropriately. - Cost: Costs may arise if services like Macie are used to classify data. - Other Key Factors: This is entirely the customer's responsibility as it relates to data governance and compliance. Scenario: This option is applicable when the customer needs to manage sensitive data and establish classification policies for compliance or organizational purposes. Option C: Determine which Availability Zones to use for Amazon S3 buckets AWS automatically manages the Availability Zones for Amazon S3 and replicates data across multiple locations to ensure high avai...

Author: VioletCheetah55 · Last updated May 15, 2026

Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

The AWS Well-Architected Framework is a set of best practices designed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. It consists of five pillars, each focusing on a different aspect of architecture design. Let's evaluate the provided options: A) Availability - Availability refers to the ability of a system to remain operational and accessible even during failures or interruptions. While high availability is an important consideration, availability itself is not one of the official pillars of the AWS Well-Architected Framework. - Why rejected: The concept of availability is part of Reliability, one of the official pillars, but it's not a standalone pillar in the Well-Architected Framework. B) Reliability - Reliability is one of the five pillars of the AWS Well-Architected Framework. It focuses on ensuring that a system can recover from failures and meet the desired performance over time. It includes considerations such as monitoring, failure recovery, and backup strategies to ensure that the system remains functional even when components fail. - Why selected: Reliability is directly related to designing systems that are resilient and can withstand disruptions, which is a core aspect of AWS best practices for system architecture. C) Scalability - Scalability refers to the system's ability to handle increasing workloads by adding resources (scaling up) or distributing the load across multiple resources (scaling out). While scalability is crucial for building effective cloud systems, it is not one of the AWS Well-Architected Fra...

Author: StarryEagle42 · Last updated May 15, 2026

Which AWS service or feature is used to send both text and email messages from distributed applicati...

To evaluate the AWS service or feature used to send both text and email messages from distributed applications, we need to consider the different services that can handle messaging and notifications in the AWS ecosystem. Below is the reasoning for each option: A) Amazon Simple Notification Service (Amazon SNS) Explanation: Amazon SNS is a fully managed messaging service that enables the delivery of both text (SMS) messages and email messages to users or applications. SNS supports multiple message formats, including SMS, email, and even push notifications. It allows users to send messages to a large number of recipients and can be integrated into distributed applications to notify users about specific events. - Effort: Low, as it supports multiple communication channels (SMS, email, etc.) without needing additional setup. - Cost: The pricing is based on the number of messages sent, making it cost-effective for scalable messaging. - Time: Quick to implement with minimal configuration. Selected: SNS is the best option because it directly supports both text (SMS) and email notifications. B) Amazon Simple Email Service (Amazon SES) Explanation: Amazon SES is primarily focused on sending email messages at scale, such as transactional emails, newsletters, or marketing campaigns. While SES is great for sending emails, it does not support sending text (SMS) messages. If you are only interested in email notifications, SES is suitable. However, since the question asks for both text and email messages, SES would be insufficient on its own. - Effort: Medium, primarily for email setup but requires integration with other services for SMS. - Cost: SES is very cost-effective for sending large volumes of email. - Time: Quick for email, but lacks SMS support. Rejected: SES is designed only for emails and does not meet the requirement of s...

Author: Ethan · Last updated May 15, 2026

A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.Which option will ...

To provide programmatic access to AWS resources through the AWS CLI or the AWS API, the appropriate option is Access keys. Reasoning: - Access keys are used to authenticate and authorize users or applications to interact with AWS resources programmatically. These keys consist of an Access Key ID and a Secret Access Key. They are specifically designed to enable secure, programmatic access to AWS via the AWS CLI, SDKs, or APIs. Access keys are essential for a user to perform actions in AWS through command-line tools or API calls. - Amazon Inspector is a security assessment service that helps identify vulnerabilities in applications deployed on AWS. It doesn't provide access to AWS resources programmatically. Therefore, it is not suited for the requirement described in the question. - SSH public keys are used for secure access to instances via SSH, typically for EC2 instances. While SSH keys are important for accessing virt...

Author: Ava · Last updated May 15, 2026

A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.Which pricing mo...

To optimize costs for running thousands of simultaneous simulations in AWS Batch, the most appropriate pricing model is Spot Instances. Reasoning: 1. Reserved Instances: - Function: Reserved Instances are a billing discount model that provides significant savings in exchange for committing to use specific instance types in a specific region over a 1- or 3-year term. - Relevance: While Reserved Instances offer cost savings, they are best suited for predictable, long-term workloads that require a continuous presence. Since the simulations in the question are stateless, fault-tolerant, and run for up to 3 hours, Reserved Instances are not cost-effective because they would require a long-term commitment for workloads that are not continuous. - Conclusion: Not ideal for optimizing costs in this scenario. 2. Spot Instances: - Function: Spot Instances allow customers to bid for unused EC2 capacity at a significantly reduced price (up to 90% off the On-Demand price). Spot Instances are ideal for flexible, stateless, and fault-tolerant workloads that can handle interruptions. - Relevance: The simulations are stateless and fault-tolerant, making them a perfect fit for Spot Instances, which may be interrupted. Since the simulations only run for up to 3 hours, Spot Instances can be used effectively without the need for long-term commitments. The ability to run thousands of simulations at a low cost is a strong advantage here. - Time, Cost, and Effort: Spot Instances offer the lowest cost option, but they may be interrupted if AWS needs the capacity back. Given the stateless and fault-tolerant nature of the simulations, they can continue without significant issues if an interru...

Author: Sofia · Last updated May 15, 2026

What does the concept of agility mean in AWS Cloud computing? (Choose two.)

In the context of AWS Cloud computing, agility refers to the ability to quickly adapt, experiment, and efficiently use cloud resources. This involves aspects like rapid resource deployment, quick iteration, cost efficiency, and eliminating waste. Let's evaluate each option: Selected Options: C) The ability to experiment quickly - Explanation: Agility in AWS Cloud refers to the ability to quickly iterate on ideas, deploy solutions, and test them at scale. AWS provides a variety of services like AWS Lambda, Amazon EC2, and Amazon S3 that allow organizations to experiment without long lead times. This supports the fast prototyping of solutions with minimal setup, giving organizations flexibility to quickly change or pivot based on findings. - Key factors: - Services: AWS offers a wide range of flexible services that can be spun up quickly (e.g., AWS Lambda for serverless computing). - Time: Reduced time-to-market as companies can launch, test, and iterate rapidly. - Cost: Pay-as-you-go model means companies can experiment without large upfront costs. D) The elimination of wasted capacity - Explanation: In cloud computing, agility involves scaling resources up or down based on demand. AWS enables organizations to only pay for what they use, preventing over-provisioning or wasted capacity. This allows businesses to avoid inefficiencies that would normally occur in traditional infrastructure, where fixed capacity might lead to unused resources or capacity shortages. - Key factors: - Services: Auto Scaling, Elastic Load Balancing, and EC2 instances allow capacity to be adjusted dynamically. - Effort: Reduces the need for manual intervention to scale resources. - Cost: Only pay for the resources that are in use, reducing waste and optimizing costs. Rejected Options: A)...

Author: Aria · Last updated May 15, 2026

A company needs to block SQL injection attacks.Which AWS service or feature can meet this requiremen...

To block SQL injection attacks, we need to identify the most appropriate AWS service or feature. Let's evaluate each option based on the criteria provided — such as effectiveness, ease of implementation, time, cost, and suitability for the specific requirement of blocking SQL injection attacks. Option A: AWS WAF (Web Application Firewall) - Effectiveness: AWS WAF is specifically designed to protect web applications from common web exploits such as SQL injection and cross-site scripting (XSS) attacks. It has built-in rules to detect and block SQL injection attempts, making it highly effective for this use case. - Effort: Setting up AWS WAF to protect against SQL injection is straightforward, especially with managed rule sets that provide default protections. Custom rules can also be added. - Time: It requires minimal time to set up with pre-configured rule sets. If customizations are needed, it may take some additional configuration time. - Cost: AWS WAF pricing is based on the number of web access control lists (ACLs) and the number of requests processed, making it scalable and cost-effective depending on traffic. - Other Key Factors: AWS WAF integrates well with other AWS services like CloudFront and Application Load Balancer, which is useful for web applications. Conclusion: AWS WAF is specifically designed to handle threats such as SQL injection attacks. Its ability to filter HTTP requests makes it the ideal choice for this scenario. Option B: AWS Shield - Effectiveness: AWS Shield provides protection against DDoS (Distributed Denial of Service) attacks, not SQL injection attacks. While it enhances availability and security, it does not provide specific defense against SQL injection. - Effort: The setup for AWS Shield is automatic for AWS services, but it won't directly mitigate SQL injection. - Time: It's a managed service, but doesn't address SQL injection concerns. - Cost: AWS Shield offers two tiers — Standard (free) and Advanced (paid). Even the advanced version would not address SQL injection attacks. - Other Key Factors: AWS ...

Author: MysticJaguar44 · Last updated May 15, 2026

Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared w...

The AWS service that identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity is AWS IAM Access Analyzer. Reasoning: - AWS IAM Access Analyzer is specifically designed to help identify and analyze the access permissions of IAM roles, S3 buckets, and other AWS resources. It performs an analysis of resource policies to determine whether any external entities (such as other AWS accounts or the public) have access to a resource. This service is particularly focused on identifying unintended access to resources, such as when an S3 bucket or an IAM role is shared with an external entity. - AWS Service Catalog is used for organizing and managing catalogs of AWS resources, allowing users to create and manage collections of AWS resources. However, it does not focus on identifying access permissions or whether resources have been shared with external entities. - AWS Systems Manager helps manage and automate AWS infrastructure but is not spec...

Author: Benjamin · Last updated May 15, 2026

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the A...

To obtain AWS compliance reports before migrating an environment to the AWS Cloud, the correct option is Download the reports from AWS Artifact. Reasoning: - AWS Artifact is a service that provides on-demand access to AWS’s compliance reports and security and privacy certifications. It is the centralized location for obtaining the necessary reports and documentation related to compliance frameworks (e.g., SOC 2, ISO 27001, PCI DSS, etc.). These reports are crucial for organizations that need to assess the security and compliance posture of AWS before migration. AWS Artifact allows users to directly download these reports without requiring interaction with other teams or support. - Contact the AWS Compliance team is not the best option. While the AWS Compliance team can assist with questions, AWS Artifact is the self-service portal specifically designed for obtaining compliance reports. The process of contacting a team is less efficient and timely than downloading reports directly from AWS Artifact. - Open a case ...

Author: David · Last updated May 15, 2026

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.Which cos...

The direct responsibility of the ecommerce company after migrating its IT infrastructure to the AWS Cloud is the Cost of application software licenses. Reasoning: - Cost of application software licenses is the company’s direct responsibility. After migrating to the AWS Cloud, the company is still responsible for purchasing and managing licenses for any software applications it uses, whether they run on-premises or in the cloud. This includes any proprietary software or commercial licenses that the company has chosen to use in their cloud environment. While AWS offers some services that are licensed by the hour or under subscription models (like managed databases), the company would still be responsible for any third-party application licenses they need for their workloads. - Cost of the hardware infrastructure on AWS is not the company's responsibility. AWS operates under a shared responsibility model. AWS handles the physical hardware and infrastructure within its data centers, including servers, storage, and networking equipment. The company’s responsibility lies in managing its data, applications, and security on top of ...

Author: Abigail · Last updated May 15, 2026

A company is setting up AWS Identity and Access Management (IAM) on an AWS account.Which recommendatio...

When setting up AWS Identity and Access Management (IAM) for an AWS account, it's crucial to adhere to security best practices to ensure that resources are properly secured while minimizing risk. Let's break down each of the options and evaluate them based on IAM security best practices, including services, effort, time, cost, and other key factors. Option A: Use the account root user access keys for administrative tasks Reasoning: Using the root user’s access keys for administrative tasks is strongly discouraged in IAM best practices. The root user has unrestricted access to all AWS resources and settings, and using its keys increases the security risk if those keys are compromised. The best practice is to avoid using the root account for everyday administrative tasks and instead create and assign IAM roles or users with the necessary permissions. Rejected because: This approach violates the security principle of least privilege and increases the risk of unauthorized access. Scenario where it could be used: In rare cases where an operation requires root account permissions (e.g., modifying certain billing information or closing an AWS account), the root user might need to be used, but its keys should not be used for routine tasks. --- Option B: Grant broad permissions so that all company employees can access the resources they need Reasoning: Granting broad permissions violates the principle of least privilege, where users should only have access to the resources necessary for their specific role. While broad permissions might seem convenient, they create a significant security risk, as unauthorized users might inadvertently or maliciously access sensitive data. Rejected because: This option does not align with IAM best practices for controlling and minimizing access to sensitive resources. Scenario where it could be used: This might be used in environments with a very small team or highly trusted users, but this is not recommended for production environments where security is a priority. --- Option C: Turn on multi-factor authentication (MFA) for added secur...

Author: Mia · Last updated May 15, 2026

Elasticity in the AWS Cloud refers to which of the following? (Choose two.)

The correct options are B) The ability to rightsize resources as demand shifts and E) How easily resources can be procured when they are needed. Here's why: Selected Option: B) The ability to rightsize resources as demand shifts Elasticity in the AWS Cloud refers to the ability to automatically scale resources up or down based on demand. Right-sizing resources means adjusting the amount of compute, storage, or other cloud resources to match the specific workload requirements, optimizing costs and performance. For example, if a website sees a surge in traffic, AWS can automatically allocate more resources to handle the load, and scale back when demand decreases. This helps businesses manage costs efficiently while maintaining performance. Selected Option: E) How easily resources can be procured when they are needed Elasticity also refers to how quickly and easily cloud resources can be provisioned or released when needed. With AWS, resources like Amazon EC2 instances, storage, and databases can be provisioned almost instantly or within minutes. This instant scalability is a key feature of cloud computing, allowing businesses to quickly adjust their infrastructure based on changing demand, without needing to pre-plan or manage physical hardware. This capability supports both cost optimization and operational agility. Why other options are rejected: 1. A) How quickly an Amazon EC2 instance can be restarted: - Elasticity refers to scaling resources (e.g., adding or removing instances) based on demand, not the speed of restarting an instance. Restarting an EC2 instance is a different aspect of managing instances, but it doesn't directly ...

Author: GlowingTiger · Last updated May 15, 2026

Which service enables customers to audit API calls in their AWS accounts?

To enable customers to audit API calls in their AWS accounts, the correct AWS service is AWS CloudTrail. Reasoning: 1. AWS CloudTrail: - Function: AWS CloudTrail is specifically designed to capture and log API calls made within your AWS environment. It provides a history of API calls, including details like who made the call, what actions were performed, and from where (IP address), which makes it the ideal service for auditing API calls. - Relevance: CloudTrail directly addresses the need to audit API calls in AWS accounts. It records API calls from AWS services, IAM users, and federated identities, and stores logs in S3, making it the go-to tool for auditing and compliance. - Time, Cost, and Effort: Setting up CloudTrail is relatively straightforward, and it provides continuous logging of API calls with minimal cost based on the amount of data processed and stored. The effort to configure is low, and once set up, it continuously tracks API activities. - Conclusion: CloudTrail is the best fit for auditing API calls. 2. AWS Trusted Advisor: - Function: AWS Trusted Advisor is a tool that provides recommendations to optimize AWS accounts based on best practices for cost optimization, performance, security, fault tolerance, and service limits. - Relevance: Trusted Advisor helps with cost-saving and infrastructure best practices, but it does not log or audit API calls. It focuses more on resource optimization and doesn't serve as an auditing tool...

Author: Leah Davis · Last updated May 15, 2026

What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility m...

The AWS shared responsibility model defines the division of security responsibilities between AWS and the customer. In the context of AWS Lambda, the customer’s responsibilities pertain to managing aspects of the Lambda function itself, while AWS manages the infrastructure, such as the operating system, security patches, and hardware. Let's analyze each option to identify the customer’s responsibility in the AWS Lambda scenario: Option A: Managing the code within the Lambda function Reasoning: Customers are responsible for managing the code within their Lambda functions. This includes writing, testing, and deploying the function code to Lambda, as well as ensuring that the code behaves as intended. This aligns directly with the shared responsibility model, where AWS takes care of the infrastructure and execution environment, while customers are responsible for their application-level code. Selected because: This is a clear customer responsibility, and directly pertains to managing and updating the code within Lambda functions. The customer’s role is to develop and maintain the logic of the Lambda function, which is critical for its functionality. Scenario where it can be used: This applies to any Lambda function in which the customer writes and maintains the code to fulfill specific application requirements, such as data processing, API integration, or event-driven functions. --- Option B: Confirming that the hardware is working in the data center Reasoning: The hardware and data center infrastructure are managed entirely by AWS. This responsibility includes ensuring the physical servers and network infrastructure are operational and secure. Customers do not need to manage or confirm the status of AWS hardware. Rejected because: This is an AWS responsibility, not a customer responsibility, and therefo...

Author: Isabella · Last updated May 15, 2026

A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.Which AWS service should the co...

When selecting the most cost-effective AWS service for running queries on 5 TB of data stored in Amazon S3, it’s essential to consider the nature of the data, the query patterns, scalability, and cost. Let's break down each service option, evaluate its suitability for this specific scenario, and understand why one option is the most cost-effective. Option A: Amazon Redshift Reasoning: Amazon Redshift is a fully managed data warehouse service optimized for fast querying and analytics over large datasets. While Redshift can store and query data, it is primarily designed for structured data that requires complex analytics across massive datasets. It’s best suited for scenarios where you need persistent storage for data and highly complex querying capabilities. Rejected because: Redshift is typically used for more permanent, structured datasets, and comes with higher costs associated with maintaining the data warehouse infrastructure, even when it's not being actively queried. For a scenario where data is stored in Amazon S3 and queries are run occasionally, Redshift would be overkill in terms of both cost and effort, as you’d be paying for a provisioned cluster regardless of usage. Scenario where it could be used: Amazon Redshift is suitable for regular, high-performance querying of structured data, especially when the data is already loaded into Redshift tables and not primarily stored in Amazon S3. --- Option B: Amazon Athena Reasoning: Amazon Athena is a serverless, interactive query service that enables you to analyze data directly in Amazon S3 using standard SQL queries. Since Athena is serverless, you only pay for the queries you run, based on the amount of data scanned. There is no need to set up or manage infrastructure, making it a highly cost-effective choice for running occasional queries on large datasets stored in S3. Selected because: Athena is the most cost-effective option in this scenario. It allows the company to run SQL queries on data directly in S3 without needing to move or load the data into another service. Athena’s pricing model is based on the amount of data scanned during queries, which is ideal for occasional queries. The company will only pay when they query the data, making it very cost-efficient for sporadic or on-demand analysis of large datasets. Scenario where it c...

Author: Kai · Last updated May 15, 2026

Which AWS service can be used at no additional cost?

To determine which AWS service can be used at no additional cost, we need to evaluate each service in terms of their pricing models and features. Some AWS services have free tiers or come at no charge for basic usage, while others incur costs even with limited usage. Option A: Amazon SageMaker Reasoning: Amazon SageMaker is a fully managed service for building, training, and deploying machine learning models. While it offers a free tier for certain basic features, in most cases, usage of SageMaker incurs costs, such as for training models, hosting endpoints, or using data storage. Therefore, using Amazon SageMaker generally involves ongoing costs. Rejected because: While there is a free tier, extensive usage of SageMaker, especially for model training and deployment, incurs charges. This makes it unsuitable for use "at no additional cost." Scenario where it could be used: Amazon SageMaker is used for machine learning projects and research that require a comprehensive managed service for model development and deployment. --- Option B: AWS Config Reasoning: AWS Config is a service that provides configuration history, compliance auditing, and change management across AWS resources. While it offers basic functionality, AWS Config typically incurs costs based on the number of resources and configuration snapshots being tracked. Therefore, it is not free after certain limits are reached. Rejected because: AWS Config is not free beyond its basic capabilities. Costs can accrue based on resource tracking and configuration evaluations. Scenario where it could be used: AWS Config is useful for governance, compliance, and auditing, but for ongoing usage, there are costs associated with tracking resources and storing configuration data. --- Option C...

Author: Aarav2020 · Last updated May 15, 2026

Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?

The AWS Cloud Adoption Framework (AWS CAF) helps organizations understand how to plan, execute, and manage their cloud adoption journey. It categorizes different capabilities into six perspectives: business, people, governance, platform, security, and operations. In this case, we are asked to identify which capability falls under the people perspective. Option A: Data architecture Reasoning: Data architecture refers to the design and management of data systems, including storage, processing, and governance of data. This capability primarily focuses on the technical aspects of cloud adoption and is related to the platform and governance perspectives, not the people perspective. Rejected because: Data architecture is a technical focus and not directly related to the people involved in cloud adoption, such as the organizational culture, training, and skill development of employees. Scenario where it could be used: This would be relevant in the platform perspective for organizations designing and implementing the technical infrastructure to manage data in the cloud. --- Option B: Event management Reasoning: Event management is typically associated with operational processes, such as managing incidents, events, or service disruptions in the cloud environment. This is more related to the operations perspective, which focuses on monitoring, response, and managing the environment. Rejected because: Event management is not directly tied to the people perspective. It concerns operational readiness and monitoring of cloud services, which is more technical and process-oriented. Scenario where it could be used: Event management fits the operations perspective, especially when dealing with incident response and operational workflows in the cloud. --- Option C: Cloud fluency Reasoning: Cloud fluency is a key capability under the people perspective of the AWS Cl...

Author: Aria · Last updated May 15, 2026

A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.Which pricing ...

The company is looking for the lowest cost option in exchange for an upfront commitment. To meet this requirement, the best options are C) Reserved Instances and D) Savings Plans. Here’s why: A) Spot Instances: - Rejected: Spot Instances offer a significantly lower cost compared to On-Demand Instances, but they are based on unused EC2 capacity and can be terminated by AWS with little notice when capacity is needed elsewhere. This makes them less suitable for situations requiring long-term, consistent, and predictable use. It doesn’t fit the need for an "upfront commitment" with reliability, as it’s more about cost-saving in unpredictable scenarios. B) On-Demand Instances: - Rejected: On-Demand Instances allow for flexibility, as the company can pay for compute capacity by the second, with no long-term commitment. However, they are the most expensive option on an ongoing basis. The company would not benefit from any upfront commitment or a reduced overall cost, which is specifically what the question is asking for. C) Reserved Instances: - Selected: Reserved Instances require a commitment for a one- or three-year term, which provides a significant discount compared to On-Demand pricing (up to 75% depending on the instance type and payment plan). The company can pay for Reserved Instances upfront or commit to long-term usage, securing a lower overall cost. Reserved Instances are ideal for workloads with predictable and steady usage over time, making them a perfect ...

Author: Matthew · Last updated May 15, 2026

A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.Which AWS s...

To address the need of migrating on-premises relational databases to AWS Cloud with a preference for proximity to the company's current geographical location, we need to focus on a service or resource that allows the company to select a deployment area for Amazon RDS. Option A: Amazon Connect Amazon Connect is a cloud-based contact center service. It is designed to provide customer service solutions and does not relate to database deployment or selection of geographical deployment areas for services like Amazon RDS. - Effort: Not relevant to database deployment. - Time: No impact on database migration or deployment. - Cost: Costs associated with Amazon Connect are unrelated to RDS deployments. - Other Key Factors: Amazon Connect is not suitable for selecting geographical areas for database deployments. Scenario: This option is not applicable as it deals with contact center solutions. Option B: AWS Wavelength AWS Wavelength extends AWS infrastructure to telecom networks to deliver ultra-low latency applications. It is mainly used for applications requiring low-latency processing near end-users, such as gaming, IoT, and video streaming. - Effort: Wavelength is focused on ultra-low-latency use cases rather than typical database migrations. - Time: Wavelength is not intended for migrating relational databases. - Cost: Wavelength services are more expensive due to the edge infrastructure. - Other Key Factors: AWS Wavelength is not designed for database migrations or selecting regions for database services. Scenario: This option is suited for edge computing or low-latency apps but is irrelevant for relational database migration. Option C: AWS Regions AWS Regions are geographical locations where AWS data centers are situated. When deploying services like Amazon RDS, the company can select the region that is geographically closest to their on-premises data center or target market, ensuring low latency and high performance. The company can choose a specific AWS Region to deploy its Amazon RDS instance bas...

Author: Maya2022 · Last updated May 15, 2026

A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned.Which AWS s...

To estimate costs before deployment, the best AWS service is B) AWS Pricing Calculator. Here's the reasoning behind selecting this option and why the others are rejected: A) AWS Free Tier: - Rejected: The AWS Free Tier provides limited free usage for certain AWS services for the first 12 months, but it is not a tool for estimating costs for a project before deployment. The Free Tier is intended to allow users to try AWS services for free or at a very low cost, and it doesn't provide a way to calculate the total cost of a custom infrastructure setup or estimate the cost of services beyond the Free Tier offerings. B) AWS Pricing Calculator: - Selected: The AWS Pricing Calculator is the most suitable tool for estimating costs before deploying an infrastructure. It allows users to estimate the costs based on the services they intend to use, their anticipated usage, and various configurations (e.g., instance types, storage options, etc.). The calculator provides an accurate estimate based on real-time AWS pricing data and is designed specifically to help companies understand the potential costs before committing to deployment. This is perfect for the scenario where the company needs to know the cost of a project in...

Author: Amira · Last updated May 15, 2026

A company discovers a billing anomaly in its AWS account. A security consultant investigates the anomaly and discovers that an employee who left the company 30 days ago still has access to the account. The company has not monitored account activity in the past.The security consultant needs to determine wh...

To determine which resources have been deployed or reconfigured by the employee who left the company, the solution must allow for tracking and analyzing activities such as deployments, configurations, and modifications over the past 30 days. Let’s analyze the provided options based on their ability to fulfill this need: A) In AWS Cost Explorer, filter chart data to display results from the past 30 days. Export the results to a data table. Group the data table by resource. - Functionality: AWS Cost Explorer helps with cost analysis and can show trends, resource usage, and billing data over time. However, it does not track or log specific activities (like resource deployments or configurations) in real-time or by user. - Services: Cost Explorer primarily helps identify spending anomalies rather than activity tracking related to resource creation or modifications. - Effort and Cost: Moderate effort to analyze costs, but not relevant for detecting resource deployment or reconfiguration activities. - Time: May help in tracking billing issues but won't provide specific information on who made changes or what resources were configured. - Suitability: While useful for understanding cost anomalies, it does not track resource-level activity or deployments, which is required in this case. - Conclusion: Rejected, as it does not provide insight into who deployed or reconfigured resources. B) Use AWS Cost Anomaly Detection to create a cost monitor. Access the detection history. Set the time frame to Last 30 days. In the search area, choose the service category. - Functionality: AWS Cost Anomaly Detection is designed to detect and alert users to unexpected cost changes. It focuses on billing anomalies and can be useful for detecting unusual cost spikes, but it does not provide detailed activity or resource-level information. - Services: It is focused on cost anomalies, not on tracking resource deployment or configuration. - Effort and Cost: Easy to set up and monitor, but again, it won’t tell you which specific resources have been deployed or modified. - Time: Quick setup, but it does not track specific resource-level activity, so it is not ideal for determining what resources were modified or deployed. - Suitability: Useful for identifying cost-related anomalies but does not track detailed activities. - Conclusion: Rejected, as it does not give the required insight into the actions of the employee (deployment or modification of resources). C) In AWS CloudTrail, filter the event history to display results from the past 30 days. Create an Amazon Athena table that contains the data. Partition the table by event source. - Functionality: AWS CloudTrail logs API activity in your AWS account, capturi...

Author: Joseph · Last updated May 15, 2026

Which option is a benefit of the economies of scale based on the advantages of cloud computing?

To determine the benefit of economies of scale based on the advantages of cloud computing, we need to analyze how cloud services help organizations achieve cost efficiency and scalability. Economies of scale in cloud computing refer to the ability to reduce costs as the scale of service usage increases, due to shared infrastructure and resources across multiple customers. Let’s review each option in detail: A) The ability to trade variable expense for fixed expense: - Explanation: In cloud computing, companies typically move from a capital expenditure (CapEx) model to an operational expenditure (OpEx) model. The ability to trade a fixed cost (e.g., owning and maintaining physical servers) for a variable cost (e.g., pay-per-use cloud services) is one of the benefits of cloud computing, but it is not specifically tied to economies of scale. - Reasoning: This statement describes a general shift in how expenses are managed but doesn't directly reflect how economies of scale work in cloud computing. - Rejection: This is not the most relevant answer for the specific benefit of economies of scale in cloud computing. B) Increased speed and agility: - Explanation: Cloud computing allows businesses to quickly deploy and scale applications, which leads to increased agility and faster time to market. However, this benefit is more related to the flexibility and scalability of cloud services rather than the cost advantages of economies of scale. - Reasoning: While increased speed and agility are significant advantages of cloud computing, they do not directly address the cost-saving aspect of economies of scale. - Rejection: This does not directly represent a benefit of economies of scale in terms of cost reduction. ...

Author: Ella · Last updated May 15, 2026

Which of the following is a software development framework that a company can use to define cloud resources as code and...

The question asks about a software development framework that a company can use to define cloud resources as code and provision them through AWS CloudFormation. To address this, let's break down each option: Option A: AWS CLI The AWS Command Line Interface (CLI) is a tool for managing AWS services through commands in the terminal or command prompt. It allows users to interact with AWS services but is not a framework for defining cloud resources as code or provisioning them through AWS CloudFormation. - Effort: The AWS CLI requires manual commands to interact with AWS services, but it doesn't define infrastructure as code. - Time: It’s more suited for scripting individual tasks rather than defining and provisioning infrastructure. - Cost: There is no specific cost for using the AWS CLI itself; you only pay for the AWS services you interact with. - Other Key Factors: The AWS CLI is not a software development framework for managing cloud infrastructure as code. Scenario: The AWS CLI is useful for managing AWS resources interactively or automating tasks, but it is not a framework for defining cloud resources as code or provisioning them. Option B: AWS Developer Center The AWS Developer Center provides resources, tools, and information for developers working with AWS, including SDKs, APIs, and learning materials. While it offers helpful information, it is not a software development framework for defining and provisioning cloud resources as code via AWS CloudFormation. - Effort: It provides learning resources and documentation but doesn't help in defining cloud resources as code. - Time: It is useful for gaining knowledge and finding tools but does not focus on provisioning resources. - Cost: There is no direct cost for using the AWS Developer Center, as it is an educational hub. - Other Key Factors: This is more about developer resources than infrastructure management. Scenario: This is useful for learning and finding developer tools but not for defining cloud resources as code. Option C: AWS Cloud Development Kit (AWS CDK) The AWS Cloud Development Kit (AWS CDK) is a software development framework that allows developers to define cloud ...

Author: Lucas Carter · Last updated May 15, 2026

Amazon Practice Questions, Discussions & Exam Topics by our Authors

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet be...

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance ben...

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon...

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibi...

Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Fram...

A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, a...

A company wants to run a NoSQL database on Amazon EC2 instances.Which task is the responsibility of ...

Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose...

Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

Which of the following is an advantage that users experience when they move on-premises workloads to...

A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.W...

Which AWS service or tool helps users visualize, understand, and manage spending and usage over time...

A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.Which combinat...

A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with...

An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoi...

A developer wants to deploy an application quickly on AWS without manually creating the required resources....

A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.Wh...

Which AWS service provides the ability to manage infrastructure as code?

An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without ...

Which AWS service or feature allows a user to establish a dedicated network connection between a company=E2=8...

Which option is a physical location of the AWS global infrastructure?

A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks.Which pillar of ...

What is the purpose of having an internet gateway within a VPC?

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.Which...

A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes...

A company wants to receive a notification when a specific AWS cost threshold is reached.Which AWS services or tools can th...

Which AWS service or resource provides answers to the most frequently asked security-related questio...

Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose...

Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

Which AWS service or feature is used to send both text and email messages from distributed applicati...

A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.Which option will ...

A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.Which pricing mo...

What does the concept of agility mean in AWS Cloud computing? (Choose two.)

A company needs to block SQL injection attacks.Which AWS service or feature can meet this requiremen...

Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared w...

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the A...

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.Which cos...

A company is setting up AWS Identity and Access Management (IAM) on an AWS account.Which recommendatio...

Elasticity in the AWS Cloud refers to which of the following? (Choose two.)

Which service enables customers to audit API calls in their AWS accounts?

What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility m...

A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.Which AWS service should the co...

Which AWS service can be used at no additional cost?

Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?

A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.Which pricing ...

A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.Which AWS s...

A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned.Which AWS s...

Which option is a benefit of the economies of scale based on the advantages of cloud computing?

Which of the following is a software development framework that a company can use to define cloud resources as code and...

What Our Friends Say