Amazon Exam Practice Questions - Page 4

Amazon Practice Questions, Discussions & Exam Topics by our Authors

A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.Which AWS service will help the company deploy t...

To address the requirement of deploying a hardware-intensive application that must be accessed by students using lightweight, low-cost laptops, we need to choose an AWS service that minimizes the need for high-end client hardware, while also not requiring the company to invest in backend infrastructure. Breakdown of each option: - A) Amazon AppStream 2.0: - Description: Amazon AppStream 2.0 is a fully managed application streaming service that allows applications to run on AWS servers and be accessed from low-cost devices, such as lightweight laptops, through streaming. It provides the required robust infrastructure on the backend to handle the application’s high hardware demands, while the students only need a basic client device to interact with the application. - Key Points: - Effort: Minimal effort for setting up, since it is fully managed. - Time: Fast deployment due to easy scaling and no need for additional infrastructure. - Cost: Typically cost-effective for scaling on demand since you only pay for the resources used. - Best Fit: This is ideal for applications with high hardware requirements since the processing happens on AWS servers. - Why it's selected: Amazon AppStream 2.0 effectively addresses both the requirement of a high-demand application and access by low-cost client hardware, making it the optimal solution for this scenario. - B) AWS AppSync: - Description: AWS AppSync is a managed service that helps developers build scalable applications with real-time data synchronization and offline capabilities. It's generally used for building mobile or web applications that need data synchronization and GraphQL-based APIs. - Key Points: - Effort: It requires development effort to implement the backend for data synchronization. - Time: Not directly related to hardware-intensive application deployment. - Cost: Cost-effective for building APIs and real-time applications, but not suitable for streaming or running high-performance applications. - Why it's rejected: It does not prov...

Author: Scarlett · Last updated May 15, 2026

A company wants to query its server logs to gain insights about its customers=E2=80=99 experiences.Which AWS ser...

To determine the most cost-effective AWS service for storing server logs to gain insights into customer experiences, we need to evaluate each option in terms of cost, effort, time, and how well each service aligns with the use case. Option A: Amazon Aurora - Scope: Amazon Aurora is a fully managed relational database service, optimized for high availability and scalability. It is designed for transactional workloads and relational data, offering SQL-based querying capabilities. - Effort & Time: While Aurora provides excellent performance for transactional databases, setting up and maintaining a relational database for server log data would require more effort and management compared to other options. - Cost: Aurora's pricing is based on instance hours, storage, and I/O requests, which can become expensive for storing large volumes of log data over time. - Suitability: Storing server logs in Aurora is not cost-effective, as it is designed for structured, transactional data rather than unstructured log data. The operational overhead and cost would be higher for this use case. - Rejected because: Aurora is better suited for applications requiring structured data and relational database features, not for cost-effective log storage. Option B: Amazon Elastic File System (Amazon EFS) - Scope: Amazon EFS provides scalable, fully managed file storage that can be used for file-based workloads. It is useful when you need shared access to files across multiple instances or services. - Effort & Time: While EFS provides managed file storage, it’s not optimized for storing log data at scale or for cost-effective long-term storage. It may also require more management than other services tailored for log storage. - Cost: EFS is priced based on the amount of storage used and throughput, which can become costly as log data grows. It’s a good solution for file-based applications but not the most cost-effective choice for log data storage. - Suitability: EFS is more suited for applications that need file sharing and access across multiple instances, rather than for storing large volumes of server logs. - Rejected because: EFS is not the most cost-effective or efficient option for storing log data at scale. Option C: Amazon Elastic Block Store (Amazon EBS) - Scope: Amazon EBS provides persistent block storage that is attached to EC2 instances. It’s designed for workloads that require high-performance storage, like databases or...

Author: Evelyn · Last updated May 15, 2026

Which of the following is a recommended design principle for AWS Cloud architecture?

When designing architectures for AWS Cloud, it’s important to follow best practices that ensure scalability, flexibility, and reliability while minimizing complexity and risk. Let’s evaluate each of the options based on these principles. Option A: Design tightly coupled components - Purpose: Tightly coupled components imply that different parts of the application are highly dependent on each other, requiring frequent updates and making it harder to scale and manage individual components independently. - Relevance: This is generally not a recommended approach in cloud architectures. Tightly coupled systems can lead to bottlenecks, reduced flexibility, and challenges with scaling or updating individual components. - Effort, Time, Cost: Managing tightly coupled components is usually more effort-intensive and time-consuming because changes in one part can affect the entire system, leading to downtime and potential disruptions. - Ideal Scenario: This approach might be applicable in very specific legacy systems or tightly controlled environments, but it's not suitable for cloud-native architectures that require scalability and agility. Option B: Build a single application component that can handle all the application functionality - Purpose: Building a single monolithic application means that all application logic and functionality are packaged together into one large system. - Relevance: This is not a recommended design for AWS Cloud. Monolithic applications can become difficult to scale, manage, and maintain as the system grows, which is in contrast to the flexibility and scalability that cloud-native services offer. - Effort, Time, Cost: While initially simpler to implement, a monolithic design can become cumbersome and costly in terms of scaling, updating, and testing as the system grows. - Ideal Scenario: This approach is best suited for small, simple applications or quick prototypes, but it’s not optimal for cloud-based systems that require scalability, fault tolerance, and high availability. Option C: Make large changes on fewer iterations to reduce chances ...

Author: FrostFalcon88 · Last updated May 15, 2026

Which AWS service helps users audit API activity across their AWS account?

To audit API activity across an AWS account, the correct service is AWS CloudTrail. Selected Option: A) AWS CloudTrail Reasoning: 1. AWS CloudTrail: - Explanation: AWS CloudTrail is the service specifically designed to track and log API activity within an AWS account. It captures all API calls made to AWS services, including details such as who made the call, the source IP, the parameters of the API call, and the response. This allows users to audit and monitor API activity for compliance, security, and troubleshooting purposes. - Effort and Time: Setting up CloudTrail is straightforward and can be done quickly through the AWS Management Console. It provides real-time logs for API activity and can be configured to deliver logs to CloudWatch or an S3 bucket for storage and analysis. - Cost: The cost for CloudTrail is based on the number of events logged and the storage used. CloudTrail provides a free tier for the first 90 days of events, and additional logging costs are minimal compared to other security or monitoring tools. - Scenario: CloudTrail is typically used for auditing and monitoring API calls for compliance, troubleshooting, and security analysis. For example, when a security breach is suspected, CloudTrail logs can be reviewed to identify unauthorized API activity. Rejected Options: 1. B) Amazon Inspector: - Explanation: Amazon Inspector is a security ...

Author: Max · Last updated May 15, 2026

Which task is a customer=E2=80=99s responsibility, according to the AWS shared responsibility model?

To determine which task is the customer’s responsibility according to the AWS shared responsibility model, we must first understand the distinction between AWS's responsibilities and the customer's responsibilities. The shared responsibility model divides responsibilities into two categories: - AWS's Responsibility (Security of the Cloud): This covers the security of the infrastructure, including physical hardware, networking, and the facilities that host AWS resources. - Customer's Responsibility (Security in the Cloud): This involves securing the data, applications, operating systems, and configurations within their AWS environment. Option A) Management of the guest operating systems - Use case: The guest operating systems (the operating systems running on virtual machines or instances, such as EC2 instances) are part of the customer’s responsibility. - Reason for selection: Under the shared responsibility model, customers are responsible for managing the guest operating systems, including patching and securing them. AWS is responsible for the hypervisor and underlying infrastructure, but the customer manages everything above that, including the operating system. Option B) Maintenance of the configuration of infrastructure devices - Use case: This refers to managing hardware infrastructure such as servers, storage devices, and networking equipment. - Reason for rejection: AW...

Author: Amelia · Last updated May 15, 2026

A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynam...

To meet the requirements of dynamically adjusting the number of Amazon EC2 instances based on varying workloads, the best option is Amazon EC2 Auto Scaling. Let's break down the reasoning behind this selection and also analyze why other options don't fit the scenario as well. Analysis of Each Option: 1. Amazon EC2 Auto Scaling: - What it is: EC2 Auto Scaling is a service that automatically adjusts the number of EC2 instances in response to changes in demand. It can scale up (add instances) or scale down (remove instances) based on predefined policies, schedules, or the demand determined by CloudWatch metrics. - Why it works: EC2 Auto Scaling directly addresses the company's need to dynamically scale EC2 instances based on workload, without manual intervention. This solution adjusts automatically to varying workloads, ensuring the right number of instances are running at all times. - Effort: Minimal effort once set up. It requires configuring Auto Scaling groups, defining scaling policies, and ensuring CloudWatch metrics are available to trigger scaling actions. - Cost: The cost is based on the actual EC2 instances used. The company only pays for the instances that are running. - Time: This solution works in real-time to handle varying workloads without delay. - Other factors: Scalable and cost-efficient, especially for workloads that fluctuate over time. 2. Amazon DynamoDB: - What it is: DynamoDB is a managed NoSQL database service. - Why it's not suitable: While DynamoDB is excellent for scaling databases automatically, it is not related to scaling EC2 instances. The question is focused on dynamically adjusting EC2 instances, not on database management. - Cost: DynamoDB is billed based on read/write capacity and storage, but it is irrelevant to scaling EC2 instances. - Time: It would not help meet the dynamic EC2 scaling requirement. 3. AWS Snow Family: - What it is: AWS Snow Family includes a set of physi...

Author: Olivia · Last updated May 15, 2026

A user wants to securely automate the management and rotation of credentials that are shared between applications, while spending the least amount of time on manag...

The correct option is C) AWS Secrets Manager. Here's why: Selected Option: C) AWS Secrets Manager AWS Secrets Manager is specifically designed to securely store and manage secrets, such as API keys, database credentials, and other sensitive data. It provides features like automatic rotation of credentials, secure storage, and the ability to easily integrate with applications. This service is ideal for securely automating the management and rotation of credentials with minimal manual effort. It also reduces the risk of human error and improves security by automating the process of credential rotation without requiring the user to manage it manually. In terms of effort, time, and cost, Secrets Manager integrates seamlessly with AWS applications, allowing for automatic credential rotation at specified intervals. It reduces the time spent on managing credentials, minimizing administrative overhead and human intervention, making it the best option for securely managing and automating shared credentials between applications. Why other options are rejected: 1. A) AWS CloudHSM: - AWS CloudHSM provides hardware security modules (HSMs) for managing cryptographic keys but is focused more on managing encryption keys for compliance and security. It doesn't provide the s...

Author: Amira99 · Last updated May 15, 2026

Which security service automatically recognizes and classifies sensitive data or intellectual proper...

To address the requirement of automatically recognizing and classifying sensitive data or intellectual property on AWS, the best option is Amazon Macie. Let’s go through the reasoning behind selecting this option and why other options do not fit the need as well. Analysis of Each Option: 1. Amazon Macie: - What it is: Amazon Macie is a fully managed security service that uses machine learning to automatically discover, classify, and protect sensitive data such as Personally Identifiable Information (PII) and intellectual property in AWS. It helps organizations understand where sensitive data resides and who has access to it. - Why it works: Macie is designed specifically for identifying and classifying sensitive data, making it the ideal choice for recognizing and classifying sensitive data or intellectual property. It can help automate data security and privacy management on AWS. - Effort: Minimal effort is needed once Macie is set up. It uses machine learning to classify data, reducing the need for manual intervention. - Cost: Macie costs based on the amount of data processed for classification, making it a cost-efficient way to automate sensitive data classification in the cloud. - Time: Macie operates in real-time to automatically detect sensitive data, providing quick identification and classification. - Other factors: Scalable for large datasets, and it helps ensure compliance with data protection regulations (like GDPR). 2. Amazon GuardDuty: - What it is: Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts, workloads, and data sources. - Why it's not suitable: While GuardDuty is useful for detecting security threats and anomalies, it is not designed to automatically recognize and classify sensitive data. It focuses on detecting potential security risks, such as unusual API calls, but does not handle data classification. - Effort: GuardDuty requires setup and configuration but focuses on security event detection rather than data classification. - Cost: GuardDuty is priced based on the vo...

Author: Leah Davis · Last updated May 15, 2026

Which actions are best practices for an AWS account root user? (Choose two.)

To determine the best practices for an AWS account root user, we must consider security, best practices for account management, and minimizing risk. Let’s evaluate the options provided. Analysis of Each Option: 1. A) Share root user credentials with team members: - Why it’s not recommended: Sharing root user credentials is considered a bad practice. The root user has full access to all AWS resources and services, so sharing these credentials increases the risk of unauthorized access or accidental changes. Security best practices strongly advise against this. - Effort: High effort to manage and mitigate risks when credentials are shared. - Cost: Increased risk of security breaches, leading to potential financial costs due to misuse or unauthorized access. 2. B) Create multiple root users for the account, separated by environment: - Why it’s not recommended: AWS allows only one root user per account. It is not possible to create multiple root users, and doing so would be a misinterpretation of AWS account management. Instead, IAM users should be created for managing different environments or tasks. - Effort: No real effort is required for creating multiple root users, as it is not possible. - Cost: Mismanagement of permissions can lead to security vulnerabilities. 3. C) Enable multi-factor authentication (MFA) on the root user: - Why it’s recommended: Enabling MFA (multi-factor authentication) on the root user is a security best practice. This adds an additional layer of protection to the root user account, making it much harder for unauthorized individuals to access the account, even if the root password is compromised. - Effort: The setup is straightforward, requiring minimal time to enable MFA via the AWS Management Console. - Cost: Low or no cost. MFA is a free security feature provided by AWS. - Other factors: Significantly enhances account security by ensuring an extra authentication step. 4. D) Create an IAM user with administrator privileges for daily admin...

Author: StarlightBear · Last updated May 15, 2026

A company is running a critical workload on an Amazon RDS DB instance. The company needs the DB instance to be highly available with a recovery time of...

To meet the requirements of high availability and a recovery time of less than 5 minutes for an Amazon RDS DB instance, let’s analyze each option in terms of its suitability. Analysis of Each Option: 1. A) Create a read replica of the DB instance: - What it is: A read replica in Amazon RDS is a copy of the DB instance that can serve read traffic. However, it is primarily used to offload read-heavy workloads. - Why it’s not suitable: Read replicas do not automatically promote to a primary DB instance in case of failure. Although you can manually promote a read replica to become the primary instance, this process involves manual intervention and will likely exceed a recovery time of 5 minutes. Additionally, the replication lag could cause data inconsistency. - Effort: High, as it requires manual intervention to promote the read replica in case of failure. - Cost: There will be additional costs for the read replica, but this doesn't ensure automated failover or recovery within 5 minutes. - Time: Manual promotion can take longer than 5 minutes, violating the recovery time objective. 2. B) Create a template of the DB instance by using AWS CloudFormation: - What it is: AWS CloudFormation allows you to define the infrastructure for your AWS resources in a template. While this can automate provisioning, it doesn't solve the problem of ensuring high availability or fast recovery in the event of failure. - Why it’s not suitable: CloudFormation templates can help with infrastructure management but do not address real-time failover or automatic recovery. You would need to re-create the DB instance, which could take longer than 5 minutes and would not meet the high availability requirement. - Effort: High, as it requires rebuilding the environment, which is not suitable for fast recovery in a critical workload scenario. - Cost: CloudFormation itself is free, but rebuilding resources will incur operational costs and may lead to downtime during recovery. - Time: Recovery time would likely exceed 5 minutes, which doesn't meet the requirement. 3. C) Take frequent snapshots o...

Author: Ava · Last updated May 15, 2026

A company plans to migrate its application to AWS and run the application on Amazon EC2 instances. The application will have continuous usage for 1 year.Which EC2 insta...

To determine the most cost-effective Amazon EC2 instance purchasing option for an application with continuous usage for 1 year, we need to evaluate the pricing model, flexibility, commitment, and suitability for the specified use case. 1. A) Reserved Instances - Use Case: Reserved Instances (RIs) allow customers to commit to a specific instance type in a particular region for a 1-year or 3-year term, offering significant savings compared to On-Demand pricing. - Pros: - Cost-effective: RIs offer up to 75% savings compared to On-Demand pricing if you commit to a 1-year or 3-year term. - Predictability: Ideal for applications with stable and continuous usage. - Cons: - Commitment: You must commit to a specific instance type and region, which can reduce flexibility if your needs change. - Limited flexibility: RIs require upfront or partial upfront payments, and you cannot easily adjust the instance type or region once committed. - Why selected: Since the application has continuous usage for a year, Reserved Instances are a highly cost-effective choice. With a 1-year term, the application can achieve significant savings compared to On-Demand pricing while providing predictable costs. 2. B) Spot Instances - Use Case: Spot Instances allow you to bid for unused EC2 capacity, offering significant savings compared to On-Demand instances. - Pros: - Cost savings: Spot Instances can be up to 90% cheaper than On-Demand instances. - Great for flexible, fault-tolerant workloads. - Cons: - Interruption risk: Spot Instances can be interrupted with little notice if AWS needs the capacity back. This makes them unsuitable for applications that require continuous uptime. - Not suitable for predictable, continuous usage: Since the application needs continuous usage for 1 year, Spot Instances would not be ideal due to potential interruptions. - Why not selected: Spot Instances are not a good fit for this use case since the application requires guaranteed continuous usage without interrupt...

Author: Zain · Last updated May 15, 2026

A company needs to transfer data between an Amazon S3 bucket and an on-premises application.Who is responsible for the security of th...

In the AWS shared responsibility model, security is divided between AWS and the customer (the company). Let's break down the options to determine who is responsible for the security of data transferred between an Amazon S3 bucket and an on-premises application. Analysis of Each Option: 1. A) The company: - Why it’s correct: According to the AWS shared responsibility model, the customer (the company) is responsible for the security of their data, including data in transit between on-premises applications and AWS services such as Amazon S3. This includes protecting the data during transfer, such as using encryption, securing access through IAM roles, and ensuring the integrity and confidentiality of the data being transferred. - Effort: The company needs to configure and manage security measures such as encryption (e.g., using SSL/TLS during transfer), data access controls, and IAM permissions. - Cost: Minimal additional cost if proper tools (such as AWS Key Management Service for encryption) are already in place. - Time: Effort required to configure security (e.g., encryption) but this is a standard practice in securing data transfers. 2. B) AWS: - Why it’s incorrect: While AWS is responsible for securing the underlying infrastructure and the services (such as Amazon S3), AWS is not responsible for the security of data in transit between on-premises applications and Amazon S3. AWS provides the tools and services that enable secure data transfer, but the responsibility to ensure data security (like encryption, access control, etc.) during the transfer lies with the customer. - Effort: AWS provides security services (e.g., KMS, IAM), but they cannot enforce the customer's data security practices during transfer. - Cost: There is no additional cost for AWS providing the infrastructure, but customers must implement security measures. - Time: AWS offers the tools...

Author: NebulaEagle11 · Last updated May 15, 2026

Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions...

The pillar of the AWS Well-Architected Framework that refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand is Reliability. Explanation: 1. Reliability: - This pillar focuses on ensuring a system can recover from failures and disruptions, which includes the ability to automatically scale resources based on demand. - Key aspects include the ability to withstand failures (e.g., network issues, service outages), automated recovery, fault tolerance, and dynamic scaling. - This directly aligns with the ability to recover from infrastructure disruptions and dynamically acquire resources to meet demand. 2. Security: - Security focuses on protecting systems, data, and applications through measures like encryption, access control, and monitoring. - It does not specifically address recovery from service disruptions or dynamic resource scaling. 3. Performance Efficiency: - This pillar focuses on optimizing system performance while maintaining reso...

Author: Sam · Last updated May 15, 2026

A company wants to identify Amazon S3 buckets that are shared with another AWS account.Which AWS serv...

To identify Amazon S3 buckets that are shared with another AWS account, the most appropriate AWS service or feature is IAM Access Analyzer. Explanation: 1. IAM Access Analyzer: - IAM Access Analyzer helps you identify resources in your account that are shared with other AWS accounts. It automatically analyzes the policies associated with your resources (including S3 buckets) and identifies any external access. - IAM Access Analyzer generates findings that show the resources (such as S3 buckets) that are shared with external accounts, which directly aligns with the requirement to identify S3 buckets shared with other AWS accounts. - This service is designed specifically for identifying permissions and access across AWS accounts, making it the most accurate and efficient option for the given use case. 2. AWS Lake Formation: - AWS Lake Formation is a service used to manage and govern data lakes on AWS. While it can be used to manage access permissions for data, it is more focused on creating and managing data lakes rather than identifying shared S3 buckets across accounts. - Lake Formation is not designed specifically to identify S3 buckets shared with other accounts, so it does not meet the requirements in the context of this question. 3. IAM Credential Report: - The IAM credential report provides deta...

Author: VenomousSerpent42 · Last updated May 15, 2026

Which AWS service gives users the ability to build interactive business intelligence dashboards that...

The key requirements in this question are: building interactive business intelligence dashboards that include machine learning insights. To meet these requirements, we need a service that allows both data visualization and the integration of machine learning capabilities for insights. Let's evaluate the options: A) Amazon Athena: - Explanation: Amazon Athena is an interactive query service that allows users to analyze data stored in Amazon S3 using SQL. While it’s useful for querying large datasets, it does not offer the ability to build interactive dashboards or integrate machine learning insights directly. Athena is more focused on data analysis and querying, rather than visualization or ML-driven insights. - Rejected: Athena is primarily a query service and lacks the specific capabilities to build interactive dashboards or embed machine learning insights into them. B) Amazon Kendra: - Explanation: Amazon Kendra is an intelligent search service powered by machine learning, designed to provide more accurate search results from large data repositories. While Kendra excels at search and content discovery, it does not focus on building interactive business intelligence dashboards or integrating ML insights into visualizations. - Rejected: Kendra is focused on search and not on building dashboards or displaying business intelligence visualizations, making it unsuitable for the stated need. C) Amazon QuickSight: - Explanation: Amazon QuickSight is a fully managed business intelligence service that enables users to...

Author: Olivia · Last updated May 15, 2026

Which of the following is an AWS value proposition that describes a user=E2=80=99s ability to scale ...

The AWS value proposition that describes a user’s ability to scale infrastructure based on demand is Resource Elasticity. Explanation: 1. Resource Elasticity: - Resource Elasticity refers to the ability to automatically scale your infrastructure up or down based on the demand for resources. - AWS provides services such as Amazon EC2 Auto Scaling, Amazon Elastic Load Balancer (ELB), and others that enable applications to scale automatically to accommodate varying workloads. This is exactly what the question is asking about—scaling infrastructure dynamically based on demand. 2. Speed of Innovation: - Speed of Innovation refers to how quickly AWS customers can launch new features, products, or services by leveraging AWS technologies. - While AWS enables rapid innovation, it does not directly describe the ability to scale infrastructure based on demand, so it is not the correct answer for the question. 3. Decoupled Architecture: - Decoupled Architecture refers to the design principle of breaking down applications into smaller, independent components that communicate over well-defined interfaces (such as APIs). - While decou...

Author: SolarFalcon11 · Last updated May 15, 2026

Which action is a security best practice for access to sensitive data that is stored in an Amazon S3...

The security best practice for access to sensitive data stored in an Amazon S3 bucket is Use IAM roles for applications that require access to the S3 bucket. Explanation: 1. Use IAM roles for applications that require access to the S3 bucket: - IAM roles are the recommended way to provide secure and temporary access to AWS resources like S3. By assigning an IAM role to an application or service, you can grant permissions based on the principle of least privilege, ensuring that only authorized applications or users have access to sensitive data. - IAM roles can be associated with specific permissions, and these roles can be used by applications (such as EC2 instances, Lambda functions, etc.) to access the S3 bucket in a controlled and secure manner. This minimizes the risk of unauthorized access and ensures that only applications that need access to the data can get it. - This aligns directly with the best practice of controlling access to sensitive data. 2. Enable S3 Cross-Region Replication (CRR) on the S3 bucket: - S3 Cross-Region Replication (CRR) is a feature that automatically replicates objects between S3 buckets in different regions. While this can be useful for disaster recovery or improving access to data in different geographic regions, it does not directly address secure access control to sensitive data. In fact, enabling CRR without proper access control could inadvertently expose sensitive data in the replicated buckets. - CRR is not specifically focused on securing access to sensitive data, and therefore, it is not the best practice in this context. 3. Configure AWS WAF to prevent unauthorized access to the S3 bucket: - AWS WAF (Web Application Firewall) is typically used to protect web application...

Author: Arjun · Last updated May 15, 2026

A company wants to know more about the benefits offered by cloud computing. The company wants to understand the operational advan...

AWS provides agility to users by enabling them to respond quickly to changing business needs and conditions, with minimal friction and effort. Let's evaluate each option and determine which best aligns with the operational advantage of agility. A) The ability to ensure high availability by deploying workloads to multiple regions: This option focuses on availability and disaster recovery. While ensuring high availability is critical for maintaining uptime and reducing risks, it does not directly address agility. Agility refers more to the speed and flexibility of adapting to new requirements, rather than just ensuring high availability. Therefore, this option is not the best fit for explaining agility. B) A pay-as-you-go model for many services and resources: The pay-as-you-go model allows companies to only pay for the resources they actually use. While this contributes to cost efficiency, it doesn't directly explain agility in terms of provisioning, time, or effort involved in adapting to new business needs. Agility is more about the ability to quickly scale or modify resources based on demand, rather than just managing costs. C) The ability to transfer infrastructure management to the AWS Cloud: This option is about shifting infrastructure management from on-premises to the cloud, which can reduce some operational overhead. However, t...

Author: Emily · Last updated May 15, 2026

A company needs a central user portal so that users can log in to third-party business applications that support Security Assertion Markup Lan...

To meet the requirement of providing a central user portal for users to log in to third-party business applications that support Security Assertion Markup Language (SAML) 2.0, the best AWS service is AWS IAM Identity Center (AWS Single Sign-On). Explanation: - A) AWS Identity and Access Management (IAM): AWS IAM is primarily used for managing AWS users and permissions to AWS resources. While IAM supports SAML 2.0 for federated authentication, it does not provide a user portal for logging into third-party business applications. IAM is focused on controlling access to AWS resources rather than providing a central portal for third-party applications. It’s not suited for managing third-party application logins directly. - B) Amazon Cognito: Amazon Cognito provides user authentication, authorization, and user management for applications, but it is more suited for user authentication within custom applications (web and mobile). It can integrate with SAML 2.0 for identity federation, but it does not provide a central user portal for accessing third-party business applications. Therefore, while it can authenticate users, it is not the best fit for this specific requirement of a central portal for third-party apps. - C) AWS IAM Identity Center (AWS Single Sign-On): AWS IAM Identity Center (formerly AWS Single Sign-On) is designed specifically to provide centralized access management across multiple business applications, including third-party applications that suppor...

Author: Siddharth · Last updated May 15, 2026

Which AWS service should users use to learn about AWS service availability and operations?

The question asks about the AWS service users should use to learn about AWS service availability and operations. Let's evaluate the options based on this requirement. A) Amazon EventBridge - Relevance: Amazon EventBridge is an event bus service that allows you to connect different applications using events. It is used for event-driven architectures, enabling applications to react to events across AWS services. While it is useful for monitoring events within applications, it is not specifically designed to track service availability or operational status. - Reason for Rejection: Amazon EventBridge is not focused on tracking service availability or operational issues in AWS services. It helps with event-driven workflows and integrations, rather than monitoring service status or providing operational insights. B) AWS Service Catalog - Relevance: AWS Service Catalog allows organizations to manage and deploy approved AWS services and resources. It helps with organizing and managing AWS resources in an environment, ensuring governance and compliance for deployments. - Reason for Rejection: While useful for managing services and ensuring compliance in a cloud environment, AWS Service Catalog does not provide information on the availability or operational status of AWS services. C) AWS Control Tower - Relevance: AWS Control Tower provides a set of governance services to set up and manage...

Author: Noah Williams · Last updated May 15, 2026

Which AWS service or tool can be used to capture information about inbound and outbound traffic in a...

To capture information about inbound and outbound traffic in an Amazon VPC, the correct service is VPC Flow Logs. Selected Option: A) VPC Flow Logs Reasoning: 1. VPC Flow Logs: - Explanation: VPC Flow Logs is the AWS service specifically designed to capture and log information about the IP traffic going to and from network interfaces in a VPC. It records details such as source and destination IP addresses, ports, protocols, and whether the traffic was allowed or denied. This data is valuable for monitoring, security auditing, and troubleshooting network connectivity issues. - Effort and Time: Setting up VPC Flow Logs is relatively simple through the AWS Management Console, CLI, or SDK. You can specify the traffic to capture and where the log data should be delivered (e.g., to CloudWatch Logs or an S3 bucket). - Cost: The cost for VPC Flow Logs is based on the volume of data logged. While the cost is generally low, it can grow with the amount of traffic being logged, so careful monitoring of the logs' volume is advised. - Scenario: Use VPC Flow Logs in scenarios where you need detailed visibility into the traffic patterns within your VPC, such as for security auditing, troubleshooting network issues, or understanding traffic patterns for optimization. Rejected Options: 1. B) Amazon Inspector: - Explanation: Amazon Inspector is a security ...

Author: Aarav · Last updated May 15, 2026

What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility mod...

According to the AWS shared responsibility model, the customer is always responsible for managing Customer data. Explanation: 1. Customer data: - Under the AWS shared responsibility model, customers are always responsible for managing their own data. This includes ensuring the data's confidentiality, integrity, and availability. - Customers must decide how data is stored, encrypted, and protected, and they are responsible for ensuring that only authorized users have access to their data. - The customer must also manage data governance policies such as retention and deletion. - This aligns directly with the shared responsibility model where AWS manages the security of the cloud infrastructure, but customers manage security in the cloud, which includes their data. 2. Software licenses: - While customers are responsible for ensuring they comply with software licensing requirements when using software in AWS, this is not part of the core security responsibility. It refers to compliance and licensing management for software they choose to use (e.g., BYOL—bring your own license). - However, it is a separate concern from the core responsibilities associated with data security and access management, which the question specifically asks about. 3. Networking: - Networking responsibilities are shared. AWS is responsible for securing the underlying ne...

Author: Ava · Last updated May 15, 2026

Which AWS service can be used to retrieve compliance reports on demand?

To retrieve compliance reports on demand, the most suitable AWS service is AWS Artifact. Breakdown of each option: A) AWS Secrets Manager: - Purpose: AWS Secrets Manager is primarily used for managing and rotating secrets like API keys, passwords, and other sensitive information. - Compliance Reports: AWS Secrets Manager does not provide a mechanism for retrieving compliance reports. - Use Case: Best suited for securing secrets, not for compliance documentation. - Time & Effort: It is easy to implement but does not relate to compliance reports. - Cost: Pricing depends on the number of secrets managed but irrelevant for compliance reporting. Why Rejected: It does not offer any compliance report functionality. B) AWS Artifact: - Purpose: AWS Artifact is a service specifically designed to provide on-demand access to AWS compliance reports, such as SOC, ISO, PCI DSS, and other regulatory compliance documentation. - Compliance Reports: It directly allows customers to download compliance reports that detail AWS's adherence to various standards. - Use Case: Ideal for customers looking to retrieve compliance reports on demand. - Time & Effort: It provides direct access to compliance reports with minimal configuration. - Cost: AWS Artifact is available at no additional cost; users only pay for the resources they use (e.g., services they may be using in AWS). Why Selected: AWS Artifact is the best service to retrieve compliance reports on demand, as it is explicitly designed for this purpose. C) AWS Security Hub: - Purpose: AWS Security Hub aggregates and analyzes security data fr...

Author: Zara1234 · Last updated May 15, 2026

Which AWS service enables users to check for vulnerabilities on Amazon EC2 instances by using predef...

To answer this question, let’s break down each option and evaluate its relevance to checking for vulnerabilities on Amazon EC2 instances by using predefined assessment templates. Option A: AWS WAF (Web Application Firewall) - Purpose: AWS WAF is a security service designed to protect web applications from common web exploits like SQL injection, cross-site scripting (XSS), and other threats. It does not focus on assessing vulnerabilities in EC2 instances. - Relevance to EC2 instances: While AWS WAF is useful for protecting web applications, it does not scan EC2 instances for vulnerabilities. It is more related to traffic filtering and application layer security. - Time/Cost/Effort: WAF requires custom rules to be set up for web application protection but does not directly involve vulnerability assessments on EC2. - When to use: Use AWS WAF when you need to protect web applications, not for vulnerability scanning on EC2 instances. Option B: AWS Trusted Advisor - Purpose: AWS Trusted Advisor offers recommendations for optimizing AWS infrastructure across five categories: cost optimization, performance, security, fault tolerance, and service limits. - Relevance to EC2 instances: Trusted Advisor does check for security misconfigurations, such as exposing EC2 instances with unnecessary open ports. However, it is not specialized for detailed vulnerability scanning using predefined templates. - Time/Cost/Effort: Trusted Advisor can help with overall security best practices but does not provide a full vulnerability assessment or scans like specialized security services. - When to use: Use Trusted Advisor for general AWS infrastructure optimization and security advice but not for in-depth vulnerability scanning on EC2. Option C: Amazon Inspector - Purpose: Amazon Inspector is a security...

Author: MoonlitPantherX · Last updated May 15, 2026

A company plans to migrate to the AWS Cloud. The company is gathering information about its on-premises infrastructure and requires information such as the hostname, IP...

To determine the appropriate AWS service for gathering information such as hostname, IP address, and MAC address from the company's on-premises infrastructure, let's evaluate each option based on the provided requirements. Option A: AWS DataSync - Purpose: AWS DataSync is a service designed for transferring large amounts of data between on-premises storage and AWS storage services such as Amazon S3 or Amazon EFS. It focuses on data migration, not infrastructure discovery. - Relevance to the requirement: AWS DataSync does not provide detailed information about on-premises infrastructure like hostnames, IP addresses, or MAC addresses. It is a data transfer tool rather than a discovery tool. - Time/Cost/Effort: This service is not useful for the information required in the question and would lead to unnecessary costs and effort. - When to use: Use AWS DataSync for efficient data transfer, but not for infrastructure discovery. Option B: AWS Application Migration Service - Purpose: AWS Application Migration Service is primarily designed to help migrate applications from on-premises to AWS by converting them to AWS-compatible formats. - Relevance to the requirement: While it facilitates migration of applications, it doesn't focus on discovering infrastructure details like hostnames, IP addresses, or MAC addresses. - Time/Cost/Effort: It would involve unnecessary complexity and costs if used just for gathering infrastructure details. - When to use: Use this service when migrating applications, but not for infrastructure discovery. Option C: AWS Application Discovery Service - Purpose: AWS Application Discovery Service helps to gather detailed information about your on-premises data centers before migrating to AWS. It collects hardware and software details including hostnames, IP addresse...

Author: Emma · Last updated May 15, 2026

Which action will help increase security in the AWS Cloud?

To determine which action will increase security in the AWS Cloud, we need to evaluate each option based on best practices for securing AWS resources, minimizing risk, and enhancing security posture. Option A: Enable programmatic access for all IAM users - Purpose: Enabling programmatic access for IAM users allows users to interact with AWS resources via the AWS CLI, SDKs, and APIs. This option would enable API access for all IAM users. - Security Impact: Enabling programmatic access for all IAM users could significantly increase the risk of unauthorized access, especially if the access keys are compromised. It is not recommended to enable programmatic access for every user unless absolutely necessary. - Time/Cost/Effort: Managing access keys for a large number of users increases complexity and administrative overhead. - When to use: This option should only be used for specific IAM users who need programmatic access and when strict monitoring and key management policies are in place. Option B: Use IAM users instead of IAM roles to delegate permissions - Purpose: IAM users represent individual identities, while IAM roles are used to delegate permissions to services or users in a more temporary and controlled manner. - Security Impact: Using IAM users instead of IAM roles for delegating permissions is not considered a best practice. IAM roles are more secure because they provide temporary security credentials and can limit access to specific resources or tasks. IAM users are static, which increases the risk of privilege escalation. - Time/Cost/Effort: Managing IAM users for delegation is more cumbersome and less secure than using roles, as roles can automatically expire and have fine-grained access controls. - When to use: Use IAM roles for service-to-service access or temporary access needs, and only use IAM users for specific identities that require long-term access. Option C: Rotate access keys on a reoccurring basis - Purpose: Regularly rotating access keys (especially for IAM users) helps mitigate the risk of key compromise. It ensures that old or potentially compromised keys are no longer valid. - Security Im...

Author: RadiantPhoenixX · Last updated May 15, 2026

A company is planning to migrate its application to the AWS Cloud.Which AWS tool or set of resources should the company u...

To determine the most appropriate AWS tool or set of resources for analyzing and assessing the company's readiness for migration, we need to evaluate each option based on how well they align with migration preparation, assessing readiness, and ensuring the process is efficient and cost-effective. Option A: AWS Cloud Adoption Framework (AWS CAF) - Purpose: The AWS Cloud Adoption Framework (AWS CAF) provides a structured approach for organizations to assess and improve their cloud adoption readiness. It focuses on the people, process, and technology aspects of migration. AWS CAF helps organizations evaluate their current capabilities, understand what skills are needed, and assess whether their organization is ready to move to the cloud. - Relevance to the Requirement: AWS CAF is designed specifically for assessing readiness for migration, covering various pillars such as business, people, governance, platform, security, and operations. It is directly aimed at helping organizations assess their cloud readiness, making it an ideal tool for this scenario. - Time/Cost/Effort: The AWS CAF provides a comprehensive approach, but it might require some effort and time to go through the framework's different areas. However, the benefits in terms of thorough readiness assessment and minimizing migration risks outweigh the effort. - When to use: Use AWS CAF when starting a migration journey to evaluate the organization's readiness in various areas, including people, processes, and technology. Option B: AWS Pricing Calculator - Purpose: The AWS Pricing Calculator is used to estimate the costs of running workloads on AWS. It helps organizations estimate the cost of AWS services based on expected usage. - Relevance to the Requirement: While the AWS Pricing Calculator is useful for cost estimation, it does not assess migration readiness or evaluate factors such as organizational preparedness, skills, and processes. It focuses solely on cost, which is a part of the migration process but not sufficient for a comprehensive readiness assessment. - Time/Cost/Effort: The calculator is useful for estimating costs but does not help with assessing readiness for migration, which requires a broader evaluation. - When to use: Use the AWS Pricing Calculator when planning migration costs but not fo...

Author: Lucas Carter · Last updated May 15, 2026

Which of the following describes some of the core functionality of Amazon S3?

Let's analyze each option carefully to determine the core functionality of Amazon S3, considering the use case, services, effort, time, cost, and key characteristics. Option A: Amazon S3 is a high-performance block storage service that is designed for use with Amazon EC2. - Scope: This option describes block storage, which refers to services like Amazon Elastic Block Store (EBS). Block storage provides low-latency, persistent volumes for EC2 instances, but this is not the functionality of Amazon S3. - Effort & Time: The effort and time to manage block storage are typically different from object storage, but it is irrelevant here since it doesn't apply to S3. - Cost: Block storage is generally more expensive than object storage, especially for large-scale data storage. - Suitability: This description does not match Amazon S3. S3 is not a block storage service like EBS, but an object storage service. - Rejected because: Amazon S3 is not a block storage service; instead, it is an object storage service designed for different use cases. Option B: Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability. - Scope: This is a correct description of Amazon S3. S3 is an object storage service, meaning it stores data as objects (files) rather than as blocks, and it is designed to provide high scalability, performance, security, and availability. - Effort & Time: S3 is fully managed and offers scalable storage solutions without the need for heavy maintenance, making it a cost-effective and efficient option. - Cost: S3 offers a pay-as-you-go pricing model that is cost-effective for storing vast amounts of data. Its durability, availability, and security features come at a competitive price point. - Suitability: This option accurately describes the core functionality of Amazon S3. It supports diverse use cases such as backup, big data analytics, website hosting, and more. - Selected because: This option correctly explains the core functionalities of Amazon S3 as an object storage service designed for hi...

Author: Charlotte · Last updated May 15, 2026

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace up...

The key benefit demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses is Pay-as-you-go pricing. Here's the reasoning: - Services: AWS allows companies to access on-demand resources without the need to make large upfront investments in hardware or infrastructure. This aligns with the pay-as-you-go model, where companies only pay for what they use, and can scale resources up or down based on demand. - Effort: The effort required from companies is reduced, as they no longer need to manage or maintain fixed infrastructure. They can focus more on their core business needs rather than upfront planning and investment in IT resources. - Time: Time is saved because businesses don't need to wait for infrastructure setup, and they can start using services immediately, paying only for the resources they consume. - Cost: On-demand services enable businesses to manage their costs more effectively by converting large fixed capital expenditures into smaller, variable operational expenses that align more closely with actual usage and demand. Rejected optio...

Author: Harper · Last updated May 15, 2026

Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.)

When connecting on-premises networks to a Virtual Private Cloud (VPC), AWS offers several options depending on factors such as performance, cost, and security needs. Let’s evaluate each option in detail to identify which services or features are relevant to the requirement. Detailed Explanation: 1. Option A: AWS VPN AWS VPN is one of the core services that enable secure connections from on-premises networks to a VPC. It establishes an encrypted Virtual Private Network (VPN) tunnel over the internet. The service provides an easy way for users to securely connect their on-premises infrastructure to their AWS environment. It is commonly used for secure, cost-effective connectivity when high bandwidth is not critical. VPNs typically provide a lower-cost, lower-latency solution for smaller-scale, non-performance-intensive use cases. 2. Option B: Elastic Load Balancing Elastic Load Balancing (ELB) is used to distribute incoming traffic across multiple targets, such as EC2 instances, within a VPC. However, ELB does not provide connectivity between on-premises networks and a VPC. Instead, it focuses on load balancing within AWS infrastructure. Therefore, ELB is not relevant to connecting on-premises networks to a VPC. 3. Option C: AWS Direct Connect AWS Direct Connect is another key service for connecting on-premises networks to a VPC. It establishes a dedicated, private network connection between the on-premises data center and AWS. Direct Connect offers higher performance, lower latency, and more consistent bandwidth compared to VPN connections, making it ideal for large-scale enterprise applications that require a stable and fast connection. This is particularly useful for businesses that need reliable, high-bandwidth connections to their AWS resources. 4. Option D: VPC Peering VPC Peering allows two VPCs to communicate with each other using private IP addresses, but it is used to connect different VPCs within AWS rather than connecting an on-premises network to a VPC. Since this option does not facilitate on-premises connectivity, it is not suitable ...

Author: Emma Brown · Last updated May 15, 2026

A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the underlying hardware or the database...

To determine which AWS service is best suited for deploying a non-relational database without managing the underlying hardware or database software, we need to evaluate each option based on its characteristics and how it aligns with the requirements outlined in the question. Option A: Amazon RDS - Purpose: Amazon RDS (Relational Database Service) is a managed service for relational databases such as MySQL, PostgreSQL, MariaDB, SQL Server, and Oracle. It provides automated backups, patch management, and scaling of relational databases. - Relevance to the Requirement: While Amazon RDS is a fully managed service that takes care of the underlying hardware and database software, it is designed for relational databases. The user needs a non-relational database, making RDS unsuitable for this requirement. - Time/Cost/Effort: RDS offers a lot of automation for relational databases but would not meet the needs for a non-relational database. - When to use: Use Amazon RDS for relational databases, not for non-relational ones. Option B: Amazon DynamoDB - Purpose: Amazon DynamoDB is a fully managed, serverless, key-value and document database service. It is designed for non-relational (NoSQL) databases and automatically scales to accommodate large volumes of traffic. - Relevance to the Requirement: DynamoDB is a non-relational database, and it is fully managed, meaning the user does not need to manage hardware or database software. It is ideal for applications that need fast and scalable database solutions. - Time/Cost/Effort: DynamoDB is serverless and requires minimal effort to deploy and scale. It is cost-effective, especially when dealing with unpredictable workloads. Additionally, there are no concerns about managing the underlying hardware or software. - When to use: Use DynamoDB for quickly deploying a non-relational database, especially for applications requiring high scalabilit...

Author: VenomousSerpent42 · Last updated May 15, 2026

Which actions are examples of a company=E2=80=99s effort to rightsize its AWS resources to control c...

To address the company's effort to rightsize its AWS resources to control cloud costs, we need to focus on actions that directly contribute to optimizing resource utilization and cost-efficiency. Let’s evaluate each option based on how it impacts cost, resource management, and efficiency: 1. A) Switch from Amazon RDS to Amazon DynamoDB to accommodate NoSQL datasets: - Explanation: Switching from Amazon RDS (which supports relational databases) to Amazon DynamoDB (a NoSQL database) could be a strategic move if the data is more suited to a NoSQL model (e.g., key-value pairs or document-based data). However, this is not directly about right-sizing existing resources. It’s a re-architecture decision that may or may not result in cost savings. - Why Rejected: While this action could help lower costs in specific scenarios (e.g., NoSQL workloads), it's not an example of right-sizing, which involves adjusting existing resources based on usage patterns rather than migrating to a different type of resource. 2. B) Base the selection of Amazon EC2 instance types on past utilization patterns: - Explanation: Right-sizing EC2 instances involves analyzing past usage data and selecting the appropriate instance types based on actual performance and utilization metrics. For example, using Amazon CloudWatch or the AWS Cost Explorer to determine if an instance is overprovisioned or underutilized and adjusting it accordingly helps optimize costs. - Why Accepted: This is a classic example of right-sizing, as it involves optimizing resource allocation (EC2 instance types) based on historical data, ensuring that the company is not overpaying for unnecessary capacity. 3. C) Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers: - Explanation: S3 Lifecycle policies allow the automation of moving data to cheaper storage classes (e.g., from S3 Standard to S3 Infrequent Access or S3 Glacier) based on access patterns. This is a good example of optimizing storage costs by using the appropriate storage tiers based on how frequently data is accessed. - Why Accepted: This is an example of right-sizing storage resources, as it helps reduce storage costs by automatically transitioning data to ...

Author: Joseph · Last updated May 15, 2026

Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instan...

Author: Aditya · Last updated May 15, 2026

Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Choos...

The reliability pillar of the AWS Well-Architected Framework emphasizes the ability of a system to recover from failures and meet the customer needs with minimal interruptions. It focuses on building systems that can automatically adjust to disruptions, scale effectively, and handle demand changes seamlessly. Let's evaluate each option in this context: A) Perform operations as code: - Explanation: Performing operations as code (such as using Infrastructure as Code tools like AWS CloudFormation or Terraform) can help automate the deployment and configuration of resources, ensuring that systems are consistent and repeatable. However, this primarily supports efficiency and repeatability rather than directly enhancing reliability in terms of handling failures, scaling, or recovering from disruptions. - Rejected: While it is an important design practice, it doesn't directly support the reliability pillar in the context of automatically handling failures or scaling to meet demand. B) Enable traceability: - Explanation: Enabling traceability (e.g., using AWS CloudTrail for logging and monitoring) is key to understanding system behavior, debugging issues, and identifying the root causes of failures. However, while it supports operational excellence and security, it doesn’t directly enhance the ability of the system to recover from failures or automatically scale to meet demand. - Rejected: Traceability is important, but it doesn’t directly contribute to system reliability in the context of proactive failure recovery or scaling. C) Automatically scale to meet demand: - Explanation: Automatically scaling to meet demand (using services like AWS Auto Scaling) is a core principle of the reliability pillar. Systems that scale automatically can handle fluctuations in traffic and load, ensuring that the application remains responsive and functional during bot...

Author: James · Last updated May 15, 2026

A company that uses AWS needs to transfer 2 TB of data.Which type of transfer of that data would res...

To determine the type of data transfer that results in no cost for the company, we need to understand AWS's pricing model for different types of data transfers. The options involve varying factors such as direction of data transfer, AWS Region context, and availability zone positioning. Let's break down each option: A) Inbound data transfer from the internet - Services: Inbound data transfer refers to data that is coming into AWS from the internet. This includes when data is uploaded from an external source into an AWS service like S3 or EC2. - Effort: The effort here involves simply uploading data to AWS, which is straightforward. - Time: Time to transfer depends on internet bandwidth and the transfer method. - Cost: Inbound data transfer from the internet is free in AWS. AWS does not charge for data entering AWS services from external sources. - Why selected: This is the option that results in no cost, as inbound transfers are always free. B) Outbound data transfer to the internet - Services: Outbound data transfer refers to data that is leaving AWS to the internet. This could be when an application in AWS is sending data to an external user or system. - Effort: Setting up outbound data transfers may require configuring services to deliver data, but it's still relatively straightforward. - Time: Time for outbound transfers depends on data size and internet bandwidth. - Cost: Outbound data transfer to the internet does incur charges. AWS charges for data leaving AWS to the internet, so transferring 2 TB of data outbound would result in a significant cost. - Why rejected: Since outbound data transfer to the internet is charged, it does not meet the requirement of "no cost." C) Data transfer between AWS Regions - Services:...

Author: Nia · Last updated May 15, 2026

A company wants to create templates that the company can reuse to deploy multiple AWS resources.Which AWS service or f...

The company wants to create templates that can be reused to deploy multiple AWS resources. Let’s evaluate the options based on the requirements of creating reusable deployment templates. A) AWS Marketplace - Description: AWS Marketplace is an online store where you can buy or sell software solutions that integrate with AWS services. - Why it's not a good fit: While the AWS Marketplace offers various third-party software solutions, it is not designed for creating reusable templates for deploying AWS resources. It is focused on purchasing applications or infrastructure solutions rather than creating custom deployment templates for AWS resources. B) Amazon Machine Image (AMI) - Description: An AMI is a pre-configured virtual machine image that contains the operating system, application server, applications, and other configurations to launch EC2 instances. - Why it's not a good fit: While AMIs allow for easy reuse of EC2 configurations, they are limited to EC2 instances and are not a general solution for deploying multiple AWS resources across different services (e.g., VPCs, databases, etc.). It doesn't provide a complete solution for reusable templates for multiple AWS resources. C) AWS CloudFormation - Description: AWS CloudFormation is a service that allows users to define and provision AWS infrastructure using code. CloudFormation templates are written in JSON or YAML and describe the AWS resources needed for an application. These templates are reusable and can automate the deployment of multiple AWS resources, making it an ideal choice for the company’s needs. - Why it's a good fit: AWS CloudFormati...

Author: Grace · Last updated May 15, 2026

A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messag...

To meet the requirement of sending, storing, and receiving messages with first-in, first-out (FIFO) processing, the most appropriate AWS service is D) Amazon Simple Queue Service (Amazon SQS). Reasoning: 1. Amazon SQS: - Amazon SQS is a fully managed message queue service that supports both standard and FIFO queues. For this scenario, the company can use FIFO queues in SQS, which ensures that messages are processed in the exact order they are sent. This is important for applications where the order of message processing is critical. - Effort and Time: Setting up an SQS FIFO queue is straightforward and involves minimal configuration. You just need to specify the FIFO queue type when creating the queue. - Cost: SQS is generally cost-effective for message queuing, and while FIFO queues are more expensive than standard queues, the cost is still reasonable compared to other options. Charges are based on the number of requests and the amount of data transferred. - Use Case: SQS FIFO queues are ideal for scenarios where message order is critical, such as order processing systems, financial transactions, and other workflows that depend on strict sequencing of message...

Author: Nia · Last updated May 15, 2026

Which AWS service or feature is a browser-based, pre-authenticated service that can be launched dire...

The most appropriate AWS service that is a browser-based, pre-authenticated service that can be launched directly from the AWS Management Console is D) AWS CloudShell. Reasoning: 1. AWS CloudShell: - AWS CloudShell is a browser-based shell that provides a pre-authenticated environment to access AWS services directly from the AWS Management Console. It allows users to run commands, scripts, and interact with AWS resources via a command-line interface (CLI) without needing to configure local environments or credentials. - Effort and Time: CloudShell is easy to use because it comes pre-authenticated with the AWS account’s IAM credentials, requiring no additional setup. It saves time as it's ready to use directly from the console. - Cost: AWS CloudShell is free for use within certain resource limits (such as 1 GB of persistent storage). Additional charges may apply for the AWS resources used within CloudShell, but the service itself is cost-effective. - Use Case: CloudShell is ideal for developers or administrators who need a quick, convenient way to run AWS CLI commands and scripts without setting up a local environment. It's perfect for troubleshooting, ...

Author: ElectricLionX · Last updated May 15, 2026

A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.Which AWS ser...

The goal here is to migrate a PostgreSQL-compatible database to a managed AWS service. To meet the requirements, we need services that are fully managed, support PostgreSQL, and can simplify database management. A) Amazon Athena: - Explanation: Amazon Athena is a managed query service primarily used for querying large datasets stored in Amazon S3 using SQL. It does not function as a relational database service and does not support PostgreSQL or any other traditional relational databases. Athena is not suitable for migrating a database. - Rejected: Athena is not a database service and is not compatible with PostgreSQL. It is more suited for querying data stored in object storage (S3) rather than hosting or migrating databases. B) Amazon RDS: - Explanation: Amazon RDS (Relational Database Service) is a fully managed database service that supports several relational databases, including PostgreSQL. RDS automatically handles tasks such as backups, patching, scaling, and failover, making it an excellent choice for managing a PostgreSQL-compatible database with minimal effort. - Selected: Amazon RDS is the most appropriate service for migrating a PostgreSQL-compatible database. It offers a fully managed environment, simplifying database management while supporting PostgreSQL. C) Amazon EC2: - Explanation: Amazon EC2 provides compute instances that can be used to host virtually any software, including PostgreSQL. However, EC2 requires manual configuration, patching, backup, and management of the database software, making it less "managed" compared to AWS-native database services. - Rejected:...

Author: Sofia · Last updated May 15, 2026

A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and ...

The most appropriate AWS service to meet the requirements of collecting, formatting, and processing data at sea with intermittent or no internet connectivity, and moving the data to AWS later, is D) AWS Snowball Edge. Reasoning: 1. AWS Snowball Edge: - AWS Snowball Edge is a physical device that allows for edge computing and data storage. It can be used to process, store, and move data in environments with limited or no internet connectivity, such as at sea. Snowball Edge devices are rugged, portable, and designed to function in remote locations. They have local processing capabilities to format and process data before being transferred to AWS once connectivity is restored. - Effort and Time: The Snowball Edge device can be pre-configured with the necessary processing software, making it easy to deploy in remote locations. Once data is collected and processed at sea, the device can be shipped back to AWS to upload the data. - Cost: The cost is mainly associated with the device rental and shipping, but it is more cost-effective than maintaining continuous internet connectivity. The ability to process data locally reduces the need for constant high-bandwidth internet access. - Use Case: This ...

Author: Ravi Patel · Last updated May 15, 2026

A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages.Which AWS service or fe...

To give the application permission to access required AWS services like Amazon SNS from Amazon EC2 instances, the most appropriate AWS service or feature is IAM roles. Here's the reasoning: Selected Option: B) IAM roles - Explanation: IAM roles (Identity and Access Management roles) are used to grant permissions to AWS services or resources. When you host an application on EC2 instances that needs to access other AWS services (like SNS), you assign an IAM role to the EC2 instances that has the necessary permissions. This enables the EC2 instances to securely interact with services such as SNS without needing to manually manage AWS credentials within the application. - Key factors: - Services: IAM roles are the primary method for granting EC2 instances access to AWS services such as SNS, S3, DynamoDB, etc. - Effort: IAM roles simplify access management by applying permissions to EC2 instances at the role level, avoiding the need for manual credential management. - Time: With IAM roles, permissions can be granted and adjusted quickly, allowing rapid configuration of access controls. - Cost: There is no additional cost for using IAM roles beyond the typical resource usage (e.g., EC2 instance costs), and they streamline security management. Rejected Options: A) AWS Certificate Manager (ACM) - Explanation: AWS Certificate Manager is used to provision, manage, and deploy SSL/TLS certificates for securing communications over the internet. While useful for encr...

Author: Layla · Last updated May 15, 2026

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud.W...

The user has limited knowledge of AWS services and wants to quickly deploy a scalable Node.js application in the AWS Cloud. The key factors are the user’s limited experience and the need for a solution that minimizes effort, time, and complexity. Let’s analyze each option: A) AWS CloudFormation - Description: AWS CloudFormation is a service that allows you to define your AWS infrastructure as code using templates. It is ideal for automating and managing complex infrastructures but requires knowledge of CloudFormation templates (JSON or YAML). - Why it’s not a good fit: CloudFormation is not ideal for a user with limited AWS knowledge. It involves writing templates and managing infrastructure as code, which could be challenging for someone without experience. This service is better suited for users who need to deploy complex infrastructure with fine-grained control. B) AWS Elastic Beanstalk - Description: AWS Elastic Beanstalk is a platform-as-a-service (PaaS) that allows you to easily deploy and manage applications, including Node.js applications. Elastic Beanstalk abstracts away much of the underlying infrastructure management, such as scaling, load balancing, and instance management, enabling users to focus on the application itself. - Why it’s a good fit: Elastic Beanstalk is perfect for users with limited AWS knowledge because it provides an easy-to-use interface, automatic scaling, and minimal setup. The user can simply upload their Node.js application, and Elastic Beanstalk handles the deployment, scaling, and management of the environment. It reduces complexity and operational overhead, which is exactly what the user needs. C) Amazon EC2 - Description: Amazon EC2 provides virtual servers (instances) that ...

Author: Ahmed · Last updated May 15, 2026

A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and...

To meet the requirements of securely delivering data, videos, applications, and APIs to users globally with low latency and high transfer speeds, we need to assess each AWS service based on performance, security, scalability, and cost-efficiency for this specific scenario. Option A: Amazon CloudFront - Service Description: Amazon CloudFront is a Content Delivery Network (CDN) service that caches content in edge locations globally, providing secure, fast delivery of data, videos, applications, and APIs. CloudFront integrates with other AWS services like S3, Elastic Load Balancer, and AWS Shield for DDoS protection. - Performance: Low latency due to the presence of numerous edge locations worldwide. - Security: Supports SSL/TLS encryption, and integrates with AWS Web Application Firewall (WAF) for additional security. You can also use signed URLs for secure content delivery. - Scalability: Automatically scales to handle high traffic. - Cost: CloudFront’s pricing is pay-as-you-go, making it cost-effective depending on usage patterns. - Use Case: Ideal for distributing content globally with high performance and security. It's the best fit for delivering videos, static content, APIs, and applications with low latency. Option B: Elastic Load Balancing (ELB) - Service Description: ELB is used for distributing incoming application traffic across multiple targets such as EC2 instances, containers, and IP addresses. - Performance: ELB provides high availability and fault tolerance but does not focus on content delivery or global distribution. - Security: Integrates with AWS WAF for security, but it is mainly used for balancing traffic across application layers rather than content delivery. - Cost: ELB pricing depends on the number of requests and data processed, but it is generally more costly when used for global content delivery. - Use Case: ELB is best for load balancing within specific regions or applications and not for CDN-style delivery across a global audience. - Rejection Reason: Not a CDN solution and does...

Author: Ahmed · Last updated May 15, 2026

A company needs to use third-party software for its workload on AWS.Which AWS service or feature can...

To determine the most appropriate AWS service for purchasing third-party software, it's essential to evaluate each option in terms of time, effort, cost, and how they align with the company’s requirement of acquiring third-party software for their AWS workloads. A) AWS Resource Access Manager (RAM) AWS RAM allows organizations to share AWS resources between accounts within the same organization. It is designed for sharing AWS resources like VPC subnets, Transit Gateways, and more, but not for purchasing third-party software. This option would not meet the need for acquiring third-party software from external vendors. Rejected: This option is not suitable for the task of purchasing software. B) AWS Managed Services AWS Managed Services helps customers operate their AWS infrastructure with minimal overhead. It is an option for managing AWS workloads but does not specifically cater to purchasing third-party software. This service is more focused on operational management of AWS environments rather than acquiring software from third parties. Rejected: This service is not designed for purchasing software. C) AWS License Manager AWS License Manager helps customers manage software licenses for AWS resources, ensuring compliance and...

Author: Ella · Last updated May 15, 2026

A company needs fully managed, highly reliable, and scalable file storage that is accessible over the Server Message Block (SMB) ...

To meet the requirement of fully managed, highly reliable, and scalable file storage that is accessible over the Server Message Block (SMB) protocol, let's evaluate each option: A) Amazon S3 - Explanation: Amazon S3 is an object storage service designed for storing large amounts of data in an easy-to-use, highly scalable environment. However, S3 does not support SMB protocol natively. It is mainly accessed via REST APIs, and while there are solutions like AWS Storage Gateway to integrate S3 with SMB, S3 itself does not directly meet the SMB protocol requirement. - Conclusion: S3 does not support SMB directly and is not suitable for the requirement. B) Amazon Elastic File System (Amazon EFS) - Explanation: Amazon EFS is a fully managed file system that provides NFS (Network File System) protocol access, not SMB. While it supports NFS for Linux-based applications, EFS does not support SMB, which is required for Windows-based applications or environments that rely on SMB. - Conclusion: EFS is not suitable because it does not support the SMB protocol. C) Amazon FSx for Windows File Server - Explanation: Amazon FSx for Windows File Server is a fully managed Windows file system that supports the SMB protocol. It is designed to provide highly reliable, scalable, and secure file storage for Windows-based applications...

Author: Arjun · Last updated May 15, 2026

A company needs to centrally configure and manage Amazon VPC security groups across multiple AWS accounts within an organization in AWS Organizations.Wh...

To determine the most appropriate AWS service for centrally configuring and managing Amazon VPC security groups across multiple AWS accounts within an organization in AWS Organizations, we need to consider the specific use case and the capabilities of each option. The goal is to manage VPC security groups, and we should evaluate the services based on their relevance, complexity, and cost. A) AWS Firewall Manager AWS Firewall Manager is a centralized security management service that allows you to configure and manage security rules across multiple AWS accounts in AWS Organizations. It supports managing AWS WAF rules, AWS Shield Advanced protections, and also security group policies for Amazon EC2 instances across multiple accounts. This makes AWS Firewall Manager highly suited to the requirement of centrally managing and configuring VPC security groups across multiple accounts. - Effort: AWS Firewall Manager simplifies management by providing a single point of configuration. - Time: Using Firewall Manager reduces the time it takes to manually configure security groups across accounts, automating the process. - Cost: While there is a cost associated with using AWS Firewall Manager, it provides the tools necessary to enforce security at scale, which justifies the cost for large organizations. Selected: AWS Firewall Manager is the best choice to centrally manage VPC security groups across multiple accounts within an AWS Organization. B) Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS environments. It is designed for detecting ...

Author: Aditya · Last updated May 15, 2026

Which task is a responsibility of AWS, according to the AWS shared responsibility model?

The AWS shared responsibility model divides the responsibilities between AWS and its customers. AWS is responsible for the security of the cloud infrastructure, while customers are responsible for securing their data, applications, and configurations within the cloud. Let’s evaluate each of the options based on the shared responsibility model: A) Configure identity and access management for applications Configuring identity and access management (IAM) for applications is the responsibility of the customer. Customers are expected to manage their IAM roles, policies, and user permissions, ensuring proper access control to their applications and resources. Rejected: This is a customer responsibility, not AWS’s responsibility. B) Manage encryption options for data that is stored on AWS Encryption of data is a shared responsibility. AWS manages the encryption of data at rest by providing tools such as the AWS Key Management Service (KMS). However, customers are responsible for managing their own encryption keys (if using their own keys) and ensuring that the data is encrypted according to their specific requirements. Rejected: While AWS provides tools for encryption, the customer is typically res...

Author: Kai99 · Last updated May 15, 2026

A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the ...

To determine which AWS managed service allows an Amazon EC2 instance in a private subnet to initiate a connection to the internet for updates while preventing incoming traffic from the internet to the EC2 instance, we need to evaluate each option based on its functionality and alignment with the requirements. A) VPC Endpoint A VPC endpoint enables private connections between your VPC and supported AWS services without using the public internet. However, VPC endpoints are typically used for connecting to AWS services like S3 or DynamoDB privately, and not for general internet access. This option does not support initiating outbound internet traffic from the EC2 instance for general internet access like OS updates. Rejected: VPC endpoints are not meant for enabling internet access, so they do not meet the need to allow the EC2 instance to access the internet for updates. B) NAT Gateway A NAT gateway allows instances in a private subnet to initiate outbound traffic to the internet while preventing inbound traffic from the internet. This perfectly fits the requirement of allowing the EC2 instance to pull operating system updates from the internet while ensuring it remains inaccessible from the internet. The NAT gateway works by forwarding the traffic from the private subnet to the internet and vice versa, making it an ideal solution for this use case. - Effort: Setting up a NAT gateway involves creating it in a public subnet and configuring route tables. - Time: Setting up a NAT gateway is relatively quick and easy. - Cost: There ...

Author: Aarav2020 · Last updated May 15, 2026

Which actions are the responsibility of AWS, according to the AWS shared responsibility model? (Choo...

In the AWS Shared Responsibility Model, responsibilities are divided between AWS and the customer based on the level of control and management they have over the environment. Let's analyze the options to determine which actions fall under AWS's responsibility: Option A) Securing the virtualization layer: - Use case: AWS is responsible for securing the underlying physical infrastructure, including the virtualization layer, which consists of hardware, hypervisors, and virtualization management software. This is part of AWS's responsibility in the shared responsibility model. - Why selected: AWS manages the security of the infrastructure and virtualization layer, ensuring that the physical hardware and the virtual environment (e.g., hypervisors) are protected and isolated. This responsibility lies entirely with AWS. Option B) Patching the operating system on Amazon EC2 instances: - Use case: The customer is responsible for managing and maintaining their EC2 instances, including patching the operating system (OS). This is a customer responsibility because they have control over the OS installed on their EC2 instances. - Why rejected: Patching the OS on EC2 instances falls under the customer’s responsibilities, as they have full control over the instance’s operating system. Option C) Enforcing a strict password policy for IAM users: - Use case: This is a customer responsibility. AWS provides the IAM (Identity and Access Management) service, but it is the customer's job to configure and enforce password policies, user permissions, and roles in their A...

Author: Sophia · Last updated May 15, 2026

A company is storing data that will not be frequently accessed in the AWS Cloud. If the company needs to access the data, the data needs to be retrieved within 12 hours. The company wants a solution that is cost-effective...

The company is storing data that will not be frequently accessed and needs a solution that ensures the data can be retrieved within 12 hours. Additionally, the solution must be cost-effective for storage. Let’s analyze the available options based on these requirements: A) S3 Standard: - Access Frequency: Designed for frequently accessed data. - Retrieval time: Instant retrieval. - Cost: Higher storage costs compared to other options designed for infrequent access. - Effort: Minimal, but it is not cost-effective for infrequently accessed data. - When to use: Best for frequently accessed or dynamic data, which does not match the company's requirement of infrequent access. - Not ideal for: Infrequent access use cases, as it will result in unnecessary costs for storage. B) S3 Glacier Flexible Retrieval: - Access Frequency: Designed for long-term archival storage, with infrequent access. - Retrieval time: Retrieval can take minutes to hours, but within the 12-hour retrieval time frame. - Cost: Very low storage costs, ideal for cold storage and long-term archival. - Effort: Slightly higher, as data retrieval can take a few hours to complete and requires managing retrieval requests (e.g., via lifecycle policies or retrieval jobs). - When to use: Ideal for archival data that is rarely accessed, but still falls within the 12-hour retrieval window. - Not ideal for: Data that needs immediate or frequent access, as the retrieval time can be slow for urgent needs. C) S3 One Zone-Infrequent Access (S3 One Zone-IA): - Access Frequency: Suitable for infrequent access data. - Retrieval time: Standard retrieval times similar to S3 Standard-IA, but data is stored in a single availability zone (AZ). - Cost: Lower cost than S3 Standard-IA, but slightly higher than Glacier, and it offers reduced durability (data is stored in a single AZ). - Effort: Easy to use, and cost-effective for infrequent access but less durable than other storage classes (data could be lost if the AZ experiences a failure). - When to use...

Author: Lucas · Last updated May 15, 2026

What Our Friends Say

What Our Friends Say

Amazon Practice Questions, Discussions & Exam Topics by our Authors

A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.Which AWS service will help the company deploy t...

A company wants to query its server logs to gain insights about its customers=E2=80=99 experiences.Which AWS ser...

Which of the following is a recommended design principle for AWS Cloud architecture?

Which AWS service helps users audit API activity across their AWS account?

Which task is a customer=E2=80=99s responsibility, according to the AWS shared responsibility model?

A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynam...

A user wants to securely automate the management and rotation of credentials that are shared between applications, while spending the least amount of time on manag...

Which security service automatically recognizes and classifies sensitive data or intellectual proper...

Which actions are best practices for an AWS account root user? (Choose two.)

A company is running a critical workload on an Amazon RDS DB instance. The company needs the DB instance to be highly available with a recovery time of...

A company plans to migrate its application to AWS and run the application on Amazon EC2 instances. The application will have continuous usage for 1 year.Which EC2 insta...

A company needs to transfer data between an Amazon S3 bucket and an on-premises application.Who is responsible for the security of th...

Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions...

A company wants to identify Amazon S3 buckets that are shared with another AWS account.Which AWS serv...

Which AWS service gives users the ability to build interactive business intelligence dashboards that...

Which of the following is an AWS value proposition that describes a user=E2=80=99s ability to scale ...

Which action is a security best practice for access to sensitive data that is stored in an Amazon S3...

A company wants to know more about the benefits offered by cloud computing. The company wants to understand the operational advan...

A company needs a central user portal so that users can log in to third-party business applications that support Security Assertion Markup Lan...

Which AWS service should users use to learn about AWS service availability and operations?

Which AWS service or tool can be used to capture information about inbound and outbound traffic in a...

What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility mod...

Which AWS service can be used to retrieve compliance reports on demand?

Which AWS service enables users to check for vulnerabilities on Amazon EC2 instances by using predef...

A company plans to migrate to the AWS Cloud. The company is gathering information about its on-premises infrastructure and requires information such as the hostname, IP...

Which action will help increase security in the AWS Cloud?

A company is planning to migrate its application to the AWS Cloud.Which AWS tool or set of resources should the company u...

Which of the following describes some of the core functionality of Amazon S3?

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace up...

Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.)

A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the underlying hardware or the database...

Which actions are examples of a company=E2=80=99s effort to rightsize its AWS resources to control c...

Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instan...

Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Choos...

A company that uses AWS needs to transfer 2 TB of data.Which type of transfer of that data would res...

A company wants to create templates that the company can reuse to deploy multiple AWS resources.Which AWS service or f...

A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messag...

Which AWS service or feature is a browser-based, pre-authenticated service that can be launched dire...

A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.Which AWS ser...

A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and ...

A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages.Which AWS service or fe...

A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud.W...

A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and...

A company needs to use third-party software for its workload on AWS.Which AWS service or feature can...

A company needs fully managed, highly reliable, and scalable file storage that is accessible over the Server Message Block (SMB) ...

A company needs to centrally configure and manage Amazon VPC security groups across multiple AWS accounts within an organization in AWS Organizations.Wh...

Which task is a responsibility of AWS, according to the AWS shared responsibility model?

A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the ...

Which actions are the responsibility of AWS, according to the AWS shared responsibility model? (Choo...

A company is storing data that will not be frequently accessed in the AWS Cloud. If the company needs to access the data, the data needs to be retrieved within 12 hours. The company wants a solution that is cost-effective...