Amazon Exam Practice Questions - Page 5

Amazon Practice Questions, Discussions & Exam Topics by our Authors

Which AWS service or resource can be used to identify services that have been used by a user within ...

To identify services that have been used by a user within a specified date range, we need to focus on AWS services or resources that track user activity and usage across various AWS services. Let's analyze each option based on this criteria: A) Amazon S3 Access Control Lists (ACLs) Description: Amazon S3 ACLs are used to manage permissions for objects in S3. ACLs define who can access specific S3 objects and the level of access they have (e.g., read, write). - Why rejected: S3 ACLs manage access control but do not track usage or activity of services by a user. They are primarily focused on permissions, not on identifying which services were used within a given time frame. Scenario: ACLs are useful for setting permissions on S3 objects but are not relevant for tracking service usage by a user. B) AWS Certificate Manager (ACM) Description: AWS Certificate Manager (ACM) manages SSL/TLS certificates for AWS-based applications. It helps users provision, manage, and deploy certificates. - Why rejected: ACM is focused on managing certificates for securing communications and does not track or report on service usage by a user. It is not designed to monitor or analyze usage within a specified date range. Scenario: ACM is useful when you need to manage SSL/TLS certificates for secure communication but does not provide insights into service usage. C) Network Access Analyzer Description: Network Access Analyzer is a service that helps identify potential network access issues in a VPC by analyzing network configurations and access control rules. - Why rejected: Network Access Analyzer is focused on network security, identifying misconfigurations or overly permissive access within VPCs. It does not track user activity or identify services that have been used by a user within a specific date range. Scenario: Network Access Analyzer is useful for diagnosing VPC-related security issues but not for...

Author: SilverBear · Last updated May 15, 2026

A company needs to engage third-party consultants to help maintain and support its AWS environment and the company=E2=80=99s business needs...

To determine which AWS service or resource will best meet the requirements for engaging third-party consultants to help maintain and support the company's AWS environment, we need to evaluate the options in terms of their ability to facilitate collaboration with third-party consultants, their associated effort, time, cost, and the scope of their services. A) AWS Support AWS Support offers a variety of support plans (Basic, Developer, Business, and Enterprise) to help companies manage their AWS infrastructure. However, AWS Support primarily provides AWS technical support and troubleshooting assistance to the organization. It is not specifically designed to help companies engage or manage third-party consultants. While AWS Support provides valuable resources, it is focused on supporting internal teams and not external consultants. Rejected: AWS Support is not a service for engaging third-party consultants; it's meant for AWS-related technical support. B) AWS Organizations AWS Organizations allows you to create and manage multiple AWS accounts within an organization, which is useful for managing billing, compliance, and access controls at a large scale. However, it does not directly facilitate engaging third-party consultants to maintain or support the AWS environment. AWS Organizations helps manage accounts and permissions within the company but does not provide a direct channel for engaging third-party contractors or consultants. Rejected: AWS Organizations is more focused on account and permission management, not specifically on engaging external consultants. C) AWS Service Catalog AWS Service Catalog allows organizations to create and manage catalogs of approved AWS resources that are available for use within the organization. It helps with governance by controlling what AWS services and co...

Author: Michael · Last updated May 15, 2026

A company wants to create Amazon QuickSight dashboards every week by using its billing data.Which AWS feature or to...

To create Amazon QuickSight dashboards using billing data every week, the most suitable AWS feature is AWS Cost and Usage Report. Explanation: - A) AWS Budgets: AWS Budgets allows you to set custom cost and usage budgets and receive notifications when thresholds are breached. While it provides useful cost control capabilities, it does not generate detailed reports for use in creating dashboards like Amazon QuickSight. It is more focused on alerting and monitoring budget limits rather than providing comprehensive billing data for visualization. - B) AWS Cost Explorer: AWS Cost Explorer helps visualize and analyze your AWS costs and usage over time, providing interactive charts and data exploration features. However, AWS Cost Explorer is intended for interactive data exploration and is not designed for automated weekly reports. Additionally, it doesn’t directly integrate with Amazon QuickSight for automated dashboard generation. While you can manually export data from Cost Explorer, it is not the most efficient tool for weekly report generation in QuickSight. - C) AWS Cost and Usage Report: The AWS Cost and Usage Report (CUR) provides detailed billing data on a daily or hourly basis. It includes resource-level usage and cost data and is the most suitable source for creating custom dashboards in Amazon QuickSight. The CUR can be configured to export billing data automati...

Author: Max · Last updated May 15, 2026

A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises storage with storage that is cloud-based ...

To address the company's requirement of replacing on-premises storage with a cloud-based solution that is locally cached, we need to analyze the available AWS services based on their functionalities, deployment effort, time, cost, and other key factors. A) AWS Storage Gateway Explanation: AWS Storage Gateway is a hybrid cloud storage service that enables on-premises applications to seamlessly use AWS cloud storage. It supports file-based, volume-based, and tape-based storage. The key feature here is that it provides local caching of data, allowing frequently accessed data to be stored locally while also syncing with the cloud. This is a perfect fit for the company's needs to replace on-premises storage with cloud-based storage but still maintain a local cache. - Effort: Moderate. The service involves setting up a virtual or hardware appliance at the on-premises site. - Time: Medium. The setup time is moderate as it involves configuring the gateway and ensuring synchronization with cloud storage. - Cost: Medium to High, depending on the data volume and the amount of storage used both on-premises and in the cloud. Use Case: Best for hybrid cloud storage where local caching of data is necessary, and cloud storage is used for backup and long-term storage. B) AWS Snowcone Explanation: AWS Snowcone is a small, portable edge computing device that enables data transfer to the cloud. It is typically used in scenarios where you need to move large amounts of data offline or need to run edge computing workloads in environments with intermittent internet connectivity. - Effort: Low. It's easy to deploy since it is a physical device. - Time: Medium to High. Since it is a physical device, the time taken will depend on shipping and transfer time to AWS. - Cost: Medium, as Snowcone is a physical device. However, AWS Snowcone is not suitable here because it doesn't provide cloud storage with local caching for ongoing data access. It is more focused on transferring data or running edge workloads. ...

Author: Nia · Last updated May 15, 2026

A company needs to organize its resources and track AWS costs on a detailed level. The company needs to categorize costs by business department, environ...

In this scenario, the company needs to categorize AWS costs by business department, environment, and application, while also tracking these costs in a detailed manner. Let's analyze the provided options: Option A: Access the AWS Cost Management console to organize resources, set an AWS budget, and receive notifications of unintentional usage. - Reasoning: While the AWS Cost Management console is helpful for overall cost monitoring and setting budgets, it does not inherently categorize costs by business department, environment, or application. It is more about tracking and receiving notifications, not organizing resources in the way the company requires. - Rejection: This option lacks the detailed categorization and tracking by specific criteria (like departments or applications) that is needed. Option B: Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level. - Reasoning: Tags are a powerful way to categorize AWS resources by custom criteria such as business department, environment, or application. By enabling cost allocation tags, the company can directly track and break down costs at a granular level, aligning with the company's requirements. This approach allows detailed and specific cost allocation across multiple categories and resources, making it a highly effective solution. - Selection: This is the best solution, as it directly addresses the need to organize resources by department, environment, and application, and allows detailed cost tracking. Option C: Create Amazon CloudWatch dashboards to visually organize and track costs individually. - Reasoning: Amazon CloudWatch is used for monitoring AWS resources and applications, primarily related to performance and operational metrics. While CloudWatch can help visualize performance data, it is not de...

Author: James · Last updated May 15, 2026

A company needs to plan, schedule, and run hundreds of thousands of computing jobs on AWS.Which AWS service...

To plan, schedule, and run hundreds of thousands of computing jobs on AWS, the company needs a service that can efficiently handle large-scale job orchestration, execution, and scheduling in a cost-effective manner. Let's break down each option to determine the best fit: A) AWS Step Functions - Services: AWS Step Functions is a service that enables the coordination of distributed applications and microservices. It allows for creating workflows using different AWS services, often for managing state transitions in serverless applications. - Effort: Step Functions is useful for managing workflows, but it is more suited for orchestrating smaller tasks or processes, rather than directly handling large numbers of compute jobs in parallel. - Time: While efficient for workflow orchestration, Step Functions may not be ideal for the scale of "hundreds of thousands" of computing jobs that need to be run at once. - Cost: Step Functions is charged based on the number of state transitions, which can add up for large-scale workloads, making it less cost-effective for large job processing. - Why rejected: Step Functions is not designed specifically for managing large-scale computing jobs or workloads at the scale mentioned in the question. It’s more about workflow orchestration, not batch job processing. B) AWS Service Catalog - Services: AWS Service Catalog is designed to help organizations create, manage, and distribute catalogs of AWS resources, allowing users to launch predefined sets of AWS services and configurations. - Effort: It’s useful for provisioning resources but not specifically tailored for scheduling and running large numbers of computing jobs. - Time: Service Catalog does not directly help in scheduling or running compute jobs, making it an inappropriate choice for this use case. - Cost: Service Catalog doesn’t charge for executing computing jobs but charges for creating and managing cataloged resources. - Why rejected: While AWS Service Catalog can help organize and provision resources, it does not have the built-in capabilities to efficiently plan, schedule, and execute hundreds of thousands of computing jobs, which makes it unsuitable for this task. C) Amazon Simple Queue Service (Amazon SQS) - Services: Amazon SQS is a fully managed message queuing service used to decouple and scale microservices, distributed systems, and serverless applications. It enables...

Author: Rahul · Last updated May 15, 2026

Which AWS services or features provide high availability and low latency by enabling failover across...

To address the question, we need to evaluate AWS services that provide high availability and low latency by enabling failover across different AWS regions. The selection criteria must account for services that are designed to provide global reach, resilience, and fault tolerance, particularly across regions, and the ability to handle traffic redirection in case of failures or performance issues. Option A: Amazon Route 53 Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. It enables global traffic management, including routing traffic to the nearest available region, and supports failover routing policies. Route 53 can detect if a resource is unhealthy (for instance, a web server or application) and redirect traffic to a healthy resource in another region, which provides high availability and low latency by enabling region failover. It allows latency-based routing and health checks to ensure traffic is directed to the best-performing region. Scenario: Amazon Route 53 is ideal for applications that require DNS-based failover or latency-based routing, such as global web applications or multi-region services. Option B: Network Load Balancer The Network Load Balancer (NLB) is a highly available load balancer that operates at the transport layer (Layer 4) and is designed to handle millions of requests per second while providing low latency. However, NLBs are designed to distribute traffic across different Availability Zones within the same region, not across different AWS regions. It doesn't inherently support region failover. Scenario: NLB is more suited for applications within a single region, such as those that require ultra-low latency for TCP/UDP traffic. Option C: Amazon S3 Transfer Acceleration Amazon S3 Transfer Acceleration speeds up the upload and download of data to and from Amazon S3 by using Amazon CloudFront’s globally distributed edge locations. However, it is not designed for failover across regions. It improves transfer speed by routing traffi...

Author: Ming · Last updated May 15, 2026

Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS C...

The correct way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS Cloud is A) Scale the number of EC2 instances in or out automatically, based on demand. Breakdown of each option: A) Scale the number of EC2 instances in or out automatically, based on demand: - Amazon EC2 Auto Scaling: This is the core functionality of EC2 Auto Scaling. It automatically adjusts the number of EC2 instances in an Auto Scaling group based on the specified scaling policies, ensuring that the capacity matches the demand. - Scaling In: Decreases the number of EC2 instances when demand drops. - Scaling Out: Increases the number of EC2 instances when demand rises. - Use Case: This is ideal for scenarios where demand fluctuates over time and the company needs to adjust resources accordingly. For example, an application experiencing variable traffic, such as an e-commerce site during sales or marketing campaigns. - Time & Effort: This approach is relatively easy to implement and configure with Auto Scaling policies and CloudWatch alarms. It optimizes resource usage, reducing cost by only running instances when needed. Why Selected: This is the correct and most efficient use of Amazon EC2 Auto Scaling groups, making sure that the infrastructure scales dynamically based on demand, minimizing cost and maintaining application performance. B) Use serverless EC2 instances: - EC2 Instances: EC2 instances are not serverless. "Serverless" is a concept related to services like AWS Lambda, where you don't need to manage servers. EC2 instances require manual management, even if Auto Scaling helps automate scaling. - Serverless Models: AWS Lambda or AWS Fargate (for containerized workloads) are serverless, but EC2 is not considered serverless. - Use Case: Serverless architecture is better suited for short-lived or event-driven workloads, not EC2 instances. EC...

Author: Abigail · Last updated May 15, 2026

Which abilities are benefits of the AWS Cloud? (Choose two.)

To answer the question regarding the benefits of the AWS Cloud, we need to evaluate the listed options in terms of their impact on services, effort, time, cost, and other relevant factors, especially how they align with the key advantages AWS offers to its users. Evaluating the options: A) Trade variable expenses for capital expenses: This option is more relevant to traditional on-premises infrastructure where businesses need to invest in upfront capital expenses for hardware. In the AWS Cloud, the model is typically the opposite: users can trade capital expenses (e.g., buying servers) for variable expenses (e.g., paying for usage). Therefore, this is not a benefit of the AWS Cloud, as it does not reflect the common cloud cost structure. B) Deploy globally in minutes: One of the major benefits of the AWS Cloud is its ability to enable users to deploy applications and services across a global network of AWS data centers in a matter of minutes. AWS allows companies to provision resources in various geographic regions quickly, helping them to scale their operations globally with minimal setup time. This benefit is a key aspect of the cloud, offering agility and speed in deployment. C) Plan capacity in advance of deployments: In the AWS Cloud, one of the benefits is not needing to predict or plan for capacity in advance. Cloud computing allows for on-demand scaling—resources can be provisioned or deprovisioned as needed. Planning capacity in advance is more common in traditional IT environments where users are constrained by physical hardware ...

Author: Ethan Smith · Last updated May 15, 2026

Which AWS security service protects applications from distributed denial of service attacks with always-o...

To protect applications from Distributed Denial of Service (DDoS) attacks with always-on detection and automatic inline mitigations, the solution needs to be focused on detecting and mitigating DDoS attacks in real time without requiring manual intervention. Let's evaluate the options based on these requirements: A) Amazon Inspector - Services: Amazon Inspector is an automated security assessment service designed to help improve the security and compliance of applications by identifying vulnerabilities and deviations from best practices. - Effort: While Amazon Inspector is useful for assessing security risks and vulnerabilities, it is not focused on protecting against DDoS attacks. - Time: The service provides periodic vulnerability assessments rather than real-time attack mitigation. - Cost: Amazon Inspector pricing is based on the number of assessments, but it does not address DDoS attacks. - Why rejected: Amazon Inspector is not designed for real-time attack mitigation, especially for DDoS attacks. It focuses on vulnerabilities, not on protecting against massive traffic-based attacks. B) AWS Web Application Firewall (AWS WAF) - Services: AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection or cross-site scripting. It allows users to define rules to block or allow specific traffic. - Effort: AWS WAF requires rule configuration and is excellent for protecting applications at the HTTP layer from common attacks, but it does not automatically handle DDoS attacks at scale or offer automatic inline mitigation for large traffic spikes. - Time: AWS WAF is highly customizable and can protect applications against specific attack patterns, but it doesn't specifically focus on DDoS attacks or provide always-on detection for massive scale attacks. - Cost: AWS WAF has a cost based on the number of rules and web requests processed, but it doesn’t provide DDoS-specific protection. - Why rejected: While AWS WAF protects against application-level attacks, it is not designed for DDoS protection and does not provide the automatic inline mitigation or always-on detection needed for such attacks. C) Elastic L...

Author: Liam · Last updated May 15, 2026

Which AWS service allows users to model and provision AWS resources using common programming languag...

To model and provision AWS resources using common programming languages, the solution needs to support defining AWS resources with code, providing flexibility and programmability. Let's evaluate each option based on this requirement: A) AWS CloudFormation - Services: AWS CloudFormation is a service that allows users to model and provision AWS resources using a declarative JSON or YAML template. With CloudFormation, users define the desired state of their infrastructure, and AWS takes care of provisioning and maintaining those resources. - Effort: Writing CloudFormation templates can be complex, especially for large environments, and requires learning its template syntax (JSON or YAML). - Time: CloudFormation enables automatic provisioning, but because it uses declarative templates, the effort can be more time-consuming when compared to using common programming languages. - Cost: CloudFormation itself does not incur additional costs for using the service, but there could be costs for the resources created by CloudFormation templates. - Why rejected: While CloudFormation allows provisioning of resources, it uses a declarative syntax (JSON/YAML) rather than common programming languages like Python, JavaScript, or TypeScript. This does not align with the requirement to use common programming languages. B) AWS CodePipeline - Services: AWS CodePipeline is a continuous integration and continuous delivery (CI/CD) service for automating the build, test, and deploy phases of your release pipeline. - Effort: CodePipeline automates workflows but does not directly provide modeling or provisioning of AWS resources using programming languages. - Time: CodePipeline is focused on automating the CI/CD process and does not deal with provisioning infrastructure directly. - Cost: CodePipeline has associated costs based on the number of pipelines and usage, but it does not address the need for provisioning resources with programming languages. - Why rejected: CodePipeline is focused on CI/CD workflows, not on modeling or provisioning infrastructure using programming languages. C) AWS Cloud Development Kit (AWS CDK) - Services: AWS CDK allows users to model and provision AWS resources using common programming languages like Python, JavaScript, TypeScript, Java, and C....

Author: Chloe · Last updated May 15, 2026

Which Amazon EC2 instance pricing model can provide discounts of up to 90%?

To identify which Amazon EC2 instance pricing model can provide discounts of up to 90%, we need to assess each pricing model based on its potential cost savings, flexibility, and use case suitability. A) Reserved Instances Explanation: Reserved Instances (RIs) provide a significant discount over On-Demand pricing (up to 75%) when you commit to using EC2 instances for a 1- or 3-year term. While RIs offer discounts, they do not provide discounts up to 90%. Reserved Instances are suited for predictable workloads where you know in advance how much capacity you need. - Effort: Medium. You need to commit to a term (1-3 years), and the instance type must match your needs. - Time: Medium. Discounts apply as soon as the instance is launched and the commitment is made. - Cost: Medium to High. You pay for the commitment upfront, or in some cases, can choose an hourly payment option. Use Case: Best for workloads with steady usage that will not vary significantly over time, but the discount does not reach 90%. B) On-Demand Explanation: On-Demand pricing allows you to pay for compute capacity by the hour or second with no long-term commitments. There are no discounts associated with On-Demand instances, so this option does not offer cost savings beyond standard pricing. - Effort: Low. On-Demand instances are flexible and simple to use with no upfront commitments. - Time: Low. Charges are based on the amount of time the instance runs, and you can scale quickly. - Cost: High. This pricing model is the most expensive because you pay for usage as you go, without any discounts. Use Case: Best for short-term or unpredictable workloads where flexibility is a priority, but it does not offer up to 90% discounts. C) Dedicated Hosts Explanation: Dedicated Hosts are physical servers dedicated to your use, providing more control over instance placement. While Dedicated Hosts can help optimize costs for specific use cases (such as compliance or licensing r...

Author: Vikram · Last updated May 15, 2026

Which of the following acts as an instance-level firewall to control inbound and outbound access?

To address the question of which option acts as an instance-level firewall to control inbound and outbound access, we need to evaluate the roles and purposes of each option with respect to firewall functionality, cost, effort, time, and other key factors. A) Network Access Control List (NACL) - NACLs provide a stateless firewall at the subnet level, controlling inbound and outbound traffic to/from a subnet. While they can filter traffic to/from resources in a subnet, they do not function at the instance level but rather apply rules across all resources in the subnet. This means NACLs are used for broader network control rather than specific instance-level firewalling. - Usage scenario: NACLs are best for controlling access to an entire subnet and are often used in conjunction with other methods for granular control. B) Security Groups - Security Groups are stateful firewalls designed specifically for controlling inbound and outbound traffic at the instance level. They act as virtual firewalls for EC2 instances, managing what traffic is allowed to reach or leave an instance. Since they are stateful, they track the state of connections and automatically allow return traffic. - Usage scenario: Security Groups are ideal when you want to control the traffic flow to and from individual EC2 instances. For example, you could create a security group for web servers to only allow HTTP/HTTPS access from specific IPs or networks, while denying all other inbound connections. C) AWS Trusted Advisor - AWS Trusted Advisor is a recommendation service that provides insights into best practices related to cost optimizati...

Author: Amira · Last updated May 15, 2026

A company must be able to develop, test, and launch an application in the AWS Cloud quickly.Which advantage o...

To meet the requirement of developing, testing, and launching an application quickly in the AWS Cloud, the most relevant advantage of cloud computing is "Increase speed and agility." Explanation: - A) Stop guessing capacity: This refers to the ability to scale resources based on actual demand, which is an advantage of cloud computing. However, the primary focus of the question is on the speed of development, testing, and launch, not the capacity planning or scaling aspect. While it's true that AWS allows you to dynamically adjust resources, this isn't the most direct solution to the requirement of rapid application deployment. - B) Trade fixed expense for variable expense: This option highlights the financial flexibility provided by cloud computing, where companies only pay for what they use. This can reduce upfront costs, but it does not directly address the speed of development or launching the application. It's more of a cost benefit and does not fully align with the need for quick application development and testing. - C) Achieve economies of scale: This option refers to the ability of cloud providers to achieve cost savings due to the large scale at which they operate. While it’s a significant benefit of cloud computing, it doesn’...

Author: CrimsonViperX · Last updated May 15, 2026

A company has teams that have different job roles and responsibilities. The company=E2=80=99s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilit...

To address the need of managing permissions for employees with changing job roles and responsibilities while ensuring that the solution has minimal operational overhead, let's evaluate the options with respect to effort, time, cost, and ease of maintenance: A) IAM User Groups - IAM User Groups are collections of IAM users that allow you to assign common permissions to multiple users at once. However, user groups are static, meaning that if an employee frequently switches teams or roles, the permissions associated with the group might not be suitable for their new role, leading to constant updates and manual changes. - Usage scenario: IAM User Groups can work in environments where employees have long-term, stable roles and don’t frequently change teams. But for a dynamic workforce, managing permissions using groups may involve significant overhead as user roles change. B) IAM Roles - IAM Roles are ideal for situations where an entity (e.g., users, EC2 instances, or services) needs temporary permissions. A role can be assumed by a user, group, or service to gain specific permissions based on the current need or responsibility. Roles are flexible because permissions can be easily attached or removed, and employees can switch roles without requiring permanent changes to their individual settings. - Usage scenario: IAM Roles are perfect for dynamic environments where employees frequently change teams. For example, when an employee switches teams, they can assume a different role with the appropriate permissions for their new job, without needing to manually adjust their permissions every time. This offers the least operational overhead and flexibility. C) IAM Instance Profiles - IAM Instance Profiles are a specific use case of IAM roles used to assign permissions to EC2 instances rather than users. Instance profiles are not designed to manage permissions for indivi...

Author: Suresh · Last updated May 15, 2026

Which AWS service can a company use to securely store and encrypt passwords for a database?

To securely store and encrypt passwords for a database, it's essential to focus on a service that is designed specifically for managing sensitive credentials such as passwords, while also ensuring security, ease of use, cost-effectiveness, and minimal operational overhead. Let's evaluate the options: A) AWS Shield - AWS Shield is a DDoS (Distributed Denial of Service) protection service, designed to protect applications from DDoS attacks. While AWS Shield enhances the security of your infrastructure by providing protection against large-scale DDoS attacks, it does not help with storing or encrypting database passwords. - Usage scenario: AWS Shield is valuable for protecting AWS resources from DDoS threats, but it is irrelevant for managing passwords, so it’s not suitable for this specific requirement. B) AWS Secrets Manager - AWS Secrets Manager is specifically designed to securely store and manage sensitive information like API keys, database credentials, and passwords. It encrypts secrets at rest using AWS KMS (Key Management Service) and allows for easy retrieval and rotation of secrets. This service is tailored for storing database passwords and securely managing them with minimal overhead. - Usage scenario: This service is perfect for managing database credentials, as it allows automated password rotation, encryption, and safe storage. It is designed for use cases like the one described in the question—ensuring that sensitive data is kept secure and accessible only to authorized users and services. C) AWS Identity and Access Management (IAM) - IAM is primarily used to manage permissions for AWS users, groups, roles, and resources. While IAM helps in controlling access to AWS se...

Author: Oliver · Last updated May 15, 2026

What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them ...

To retrieve AWS security and compliance documents and submit them as evidence to an auditor or regulator, the key requirement is to use a service that provides access to documentation related to AWS compliance programs and security audits. Let’s evaluate the options based on this need: A) AWS Certificate Manager - AWS Certificate Manager (ACM) is used for provisioning, managing, and deploying SSL/TLS certificates for securing network communications. While it plays a vital role in securing web traffic and managing certificates, it does not provide security or compliance documentation or act as an evidence repository for auditors. - Usage scenario: ACM is useful for managing certificates but not for retrieving security or compliance documentation. This is not relevant to the question. B) AWS Systems Manager - AWS Systems Manager is a service that helps with operational management tasks, such as automating workflows, managing configurations, and patching systems. It’s a powerful tool for managing infrastructure and application resources but does not specifically provide access to AWS security or compliance documents. - Usage scenario: Systems Manager is great for managing and automating operations but does not serve as a repository for compliance documents or security audit evidence. It is not the correct choice for this use case. C) AWS Artifact - AWS Artifact is a service designed specifically to retrieve AWS compliance reports and security documentation. It provides access to AWS compliance reports such as SOC reports, ISO certifications, PCI reports, and other security documentation. AWS Artifact allows you to download and share th...

Author: Samuel · Last updated May 15, 2026

Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)

Let's carefully examine each encryption option available for protecting objects at rest in Amazon S3, while considering services, effort, time, cost, and other key factors. Option A: Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) - Encryption Type: SSE-S3 is a method of server-side encryption where Amazon S3 manages the encryption keys. It is one of the simplest and most cost-effective ways to encrypt data at rest in S3. - Cost and Effort: SSE-S3 is easy to configure and requires no additional management effort since Amazon S3 handles the keys automatically. The encryption is transparent to users. - Use Case: Suitable for users who want automatic, seamless encryption of their data without managing key infrastructure. Selection Justification: SSE-S3 is a valid and commonly used encryption method for protecting data at rest in Amazon S3. It meets the requirement for object encryption with minimal management effort. --- Option B: Server-side encryption with AWS KMS managed keys (SSE-KMS) - Encryption Type: SSE-KMS provides encryption at rest using AWS Key Management Service (KMS) for managing the encryption keys. With SSE-KMS, you have more control over key policies, access, and auditing of encryption operations. - Cost and Effort: SSE-KMS is more powerful than SSE-S3 because it provides fine-grained control over key management and auditing, but it requires more setup effort and incurs additional costs associated with KMS usage (key requests, key storage, etc.). - Use Case: Ideal for customers who need advanced control over key management, compliance requirements, or need to audit encryption actions. Selection Justification: SSE-KMS is a valid encryption method for objects at rest in Amazon S3. It provides more control and security over the encryption keys, making it suitable for scenarios where compliance and auditing are crucial. --- Option C: TLS - Encryption Type: TLS (Transpo...

Author: Lucas · Last updated May 15, 2026

A company wants to integrate its online shopping website with social media login credentials.Which AWS servic...

The company wants to integrate its online shopping website with social media login credentials. This means the company needs a service that supports authentication through social media platforms (e.g., Facebook, Google, etc.). Let's break down each AWS service and analyze which one best meets these requirements: A) AWS Directory Service: - Purpose: Primarily designed to enable Active Directory (AD) services for AWS, allowing integration with on-premises or cloud-based Microsoft Active Directory. - Social Media Integration: Does not support social media login credentials natively. - Effort: Requires a separate Active Directory infrastructure and is not focused on integrating social media logins. - When to use: Suitable for enterprise scenarios that require Active Directory integration, but not for integrating social media login credentials for websites. B) AWS Identity and Access Management (IAM): - Purpose: IAM is used for managing permissions and access to AWS services and resources, not for handling social media logins. - Social Media Integration: Does not directly support integrating social media login credentials. It is more for managing internal AWS resource access. - Effort: Requires manual setup for managing permissions but does not address the need for third-party authentication services (like social media logins). - When to use: Used for internal user access to AWS resources, not for third-party social media login integration. C) Amazon Cognito: - Purpose: Amazon Cognito is a user authentication and management service that supports both custom and third-party identity providers (like social media logins from Google, Facebook, Amazon, etc.). - Social Media Integration: Fully supports social identity providers (e.g., Google, Facebook, Apple) for logging in users to your applications. - Effort: Minimal effort needed. Amazon Cognito simplifies the integration of social media login through built-in functionality and SDKs. - Time: Quick setup for social media login integration via the AWS Management Console or APIs. ...

Author: Ava · Last updated May 15, 2026

Which AWS service is used to track, record, and audit configuration changes made to AWS resources?

To track, record, and audit configuration changes made to AWS resources, AWS Config is the most appropriate service. Explanation: 1. AWS Config is designed specifically for tracking and auditing the configuration changes made to AWS resources. It continuously monitors and records configurations of AWS resources, allowing you to assess changes over time, ensuring compliance, and providing detailed logs of what configuration changes have occurred. This helps organizations meet compliance requirements and track the historical configuration of their resources. - Effort: The effort required to set up AWS Config involves enabling it on the account and configuring it to track changes on specific resources. AWS Config can automatically record and store configuration changes with minimal manual intervention. - Time: It works in real-time to track changes to resources, offering historical snapshots of configuration. - Cost: Costs are generally based on the number of configuration items tracked and the frequency of snapshots taken. However, AWS Config is very cost-efficient when it comes to tracking configuration changes over time compared to other methods. 2. Other Options: - A) AWS Shield: AWS Shield is a service for DDoS protection, not for tracking or auditing configuration chan...

Author: Ella · Last updated May 15, 2026

A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.For how...

Scenario Breakdown: The question asks for the billing duration of an On-Demand Amazon Linux EC2 instance that runs for 3 hours, 5 minutes, and 6 seconds. The key consideration here is how AWS bills for EC2 instances—which is based on increments of 1 second, but with a minimum billing duration of 1 minute. Option Evaluation: --- A) 3 hours, 5 minutes - Rejection: This option does not account for the full 3 hours, 5 minutes, and 6 seconds. While the duration might seem close, AWS bills based on complete minutes, and even a few seconds past a minute would lead to a rounded-up billing for the next full minute. - Not Suitable: This would be an incomplete billing period compared to the AWS billing model. --- B) 3 hours, 5 minutes, and 6 seconds - How it fits: AWS bills in one-minute increments for On-Demand instances. Since the usage lasted for 3 hours, 5 minutes, and 6 seconds, this means the EC2 instance would be billed for the next full minute after the 5 minutes and 6 seconds. Thus, the customer would be billed for 3 hours and 6 minutes. - Best Fit: This option correctly represents the total duration of the EC2 ins...

Author: Olivia · Last updated May 15, 2026

A company website is experiencing DDoS attacks.Which AWS service can help protect the company websit...

To protect a company website against DDoS (Distributed Denial of Service) attacks, the most suitable AWS service is AWS Shield. Explanation: - A) AWS Resource Access Manager: This service is used for sharing AWS resources across accounts. It does not provide any protection against DDoS attacks. Therefore, it is not relevant to the scenario described, where the need is to protect a website from DDoS attacks. - B) AWS Amplify: AWS Amplify is a development platform for building and deploying web and mobile applications. While Amplify may help in the development and deployment of the website, it does not provide protection against DDoS attacks. Thus, it is not a suitable solution for mitigating DDoS attacks. - C) AWS Shield: AWS Shield is a managed DDoS protection service designed specifically to protect AWS resources, including websites, against DDoS attacks. It provides two tiers of protection: - AWS Shield Standard: This automatically protects against the most common types of DDoS attacks, which is the most likely protection needed for a company website under attack. - AWS Shield Advanced: This offers enhanced protection with additional features such as real-time attack visibility, DDoS...

Author: James · Last updated May 15, 2026

A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the A...

To address the company's need for a customized assessment of its current on-premises environment, with a focus on understanding projected running costs in the AWS Cloud, we must analyze each option in terms of services, effort, time, cost, and other key factors. Option A: AWS Trusted Advisor AWS Trusted Advisor provides real-time guidance to help you provision resources following AWS best practices. It reviews your AWS account for potential cost savings, security vulnerabilities, performance improvements, and operational efficiencies. However, it is more focused on evaluating your existing AWS environment after migration rather than assessing on-premises environments or estimating cloud running costs in detail. This makes it less suitable for the specific scenario where the company needs a detailed cost projection of running workloads in AWS from an on-premises environment. Rejection Reason: AWS Trusted Advisor is more geared toward AWS account optimization and is not designed for in-depth assessments of on-premises environments or specific cost projections for migration. Option B: Amazon Inspector Amazon Inspector is a security assessment service that helps identify vulnerabilities in your AWS environment. It focuses on assessing the security of applications deployed in the cloud, identifying flaws, and recommending remediation steps. It does not provide a cost estimation or migration assessment for an on-premises environment. Rejection Reason: Amazon Inspector is focused on security, not cost projection, and is irrelevant for estimating the projected running...

Author: Emily · Last updated May 15, 2026

A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify...

To meet the company's requirements of centrally managing and governing AWS Cloud environments, automating the creation of AWS accounts, applying service control policies (SCPs), and simplifying billing processes, let’s evaluate the options based on their functionality, effort, time, and relevance. A) AWS Organizations: AWS Organizations is the best fit for this scenario. It allows a company to centrally manage and govern multiple AWS accounts in a hierarchical structure, applying service control policies (SCPs) for fine-grained governance. AWS Organizations simplifies billing processes by consolidating accounts into a single billing entity, automates account creation, and provides centralized management of access permissions across accounts. It is specifically designed to handle the requirements of multi-account environments, making it the most comprehensive and suitable service to achieve the company's goals. B) Cost Explorer: AWS Cost Explorer is primarily used for visualizing and analyzing AWS spending patterns. It helps users track and manage costs and usage across their AWS environment but does not offer functionalities like central account management, automation of account creation, or the application of service control policies (SCPs). It is focused on cost tracking, not governance or automation, so it is not relevant to the company’s broader needs for centralized management and governance. C) AWS Budgets: AWS Budgets allows users to set custom cost...

Author: ElectricLionX · Last updated May 15, 2026

A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services and general AWS infrastructure are operating normally.Which combination of A...

The question asks which combination of AWS services the company can use to verify that underlying AWS services and general AWS infrastructure are operating normally. The key factors to consider here are monitoring, status checks, and operational health of AWS services and infrastructure. Option A: AWS Personal Health Dashboard - Reasoning: The AWS Personal Health Dashboard provides alerts and notifications about the health of AWS resources that are tied to your specific account. It offers a personalized view of the health status of the resources you're using (including EC2 instances, RDS databases, and other services). It helps to track the health of the AWS services that directly impact your application, notifying you of any disruptions or planned maintenance. - Selection: This is a good choice for monitoring the health of AWS services that the company is using, as it provides detailed, personalized information related to the specific services and resources in your account. Option B: AWS Systems Manager - Reasoning: AWS Systems Manager is a comprehensive management service that can help with operations tasks such as automation, patch management, and resource inventory. While it offers operational insights and can be used for monitoring the health of instances and applications, it is not directly focused on monitoring the overall AWS infrastructure’s operational status. It is more focused on the management of resources within your AWS environment, such as EC2 instances. - Rejection: While Systems Manager is useful for operational management and resource monitoring, it does not directly provide information about the health of AWS services or infrastructure in the same way that a health dashboard would. Option C: AWS Trusted Advisor - Reasoning: AWS Trusted Advisor provides best practice recommendations related to cost optimization, security, fault tolerance, and performance. It checks for issues in the environment based on AWS best practices, but it doesn't directly monitor or report on the operational health of AWS services or infrastructure. Trusted Advisor is more about configuration optimization and cost mana...

Author: RadiantJaguar56 · Last updated May 15, 2026

A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS.Which AWS service or tool s...

To migrate a PostgreSQL database from on-premises to Amazon RDS, the company needs a tool specifically designed to handle database migrations with minimal downtime and disruption. Let's break down each option to determine the most suitable solution: A) Cloud Adoption Readiness Tool - Purpose: The Cloud Adoption Readiness Tool (CART) helps organizations assess their readiness to move to the cloud, focusing on areas like governance, skills, and planning. - Reason for rejection: This tool is primarily for overall cloud adoption strategy and not specific to database migrations. It does not help directly in migrating databases like PostgreSQL to Amazon RDS. B) AWS Migration Hub - Purpose: AWS Migration Hub provides a central place to track and manage migrations, offering visibility into the migration status of various resources, including servers, databases, and applications. - Reason for rejection: While AWS Migration Hub can track the migration process, it is not a specific migration tool for databases. It doesn’t directly help in performing database migrations; it is a monitoring and tracking tool that complements other migration services. C) AWS Database Migration Service (AWS DMS) - Purpose: AWS Database Migration Service (DMS) is designed specifically for migrating databases, including PostgreSQL, to Amazon RDS. It supports minimal downtime migrations by replicating data in real-time from the source to the target data...

Author: Scarlett · Last updated May 15, 2026

Which cloud concept is demonstrated by using AWS Compute Optimizer?

To determine which cloud concept is demonstrated by using AWS Compute Optimizer, we need to understand what the service does and how it relates to various cloud principles. Let's analyze the options: A) Security validation - Services: Security validation typically involves ensuring that the systems are secure, that best practices for data protection are followed, and that compliance requirements are met. - Effort: Security validation might involve regular assessments, audits, or penetration testing, which isn't the focus of AWS Compute Optimizer. - Time: This is an ongoing process, but it's unrelated to the compute resource optimization that AWS Compute Optimizer focuses on. - Cost: Security validation incurs costs depending on the tools and practices employed but is unrelated to AWS Compute Optimizer. - Why rejected: AWS Compute Optimizer is not focused on security or validation. It deals with optimizing compute resources, not security. B) Rightsizing - Services: AWS Compute Optimizer helps identify the most cost-effective and efficient EC2 instance types for your workloads. It recommends resizing instances to align better with performance and utilization, which is exactly what rightsizing is about—matching resource capacity to demand in order to save costs and optimize performance. - Effort: Rightsizing with AWS Compute Optimizer is automated, reducing the manual effort required to select optimal instance types and sizes. - Time: The time savings come from the automated recommendations that AWS Compute Optimizer provides, which significantly speeds up the process of optimizing compute resources. - Cost: Rightsizing directly impacts cost optimization by ensuring that you are using appropriately sized resources for your needs, avoiding overprovisioning and unnecessary costs. - Why selected: AWS Compute Optimizer helps with rightsizing by recommending the best EC2 instance types for your workloads based on actual usage data, thus minimizing waste and optimizing...

Author: Maya · Last updated May 15, 2026

A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered se...

To identify if any of the data hosted in AWS should be considered sensitive, the company would need a service specifically designed to discover, classify, and protect sensitive data like personally identifiable information (PII), financial data, or other confidential data. Let's go through each of the options in the context of this requirement. Detailed Explanation: 1. Option A: Amazon Inspector Amazon Inspector is a security assessment service that helps identify vulnerabilities in applications deployed on Amazon EC2 instances. While it scans for security weaknesses, it does not focus on identifying sensitive data within the hosted data. It is more geared toward identifying vulnerabilities in the operating system and application layer. Therefore, Amazon Inspector does not meet the requirement of identifying sensitive data. 2. Option B: Amazon Macie Amazon Macie is the ideal service for identifying sensitive data within AWS. It uses machine learning to automatically discover, classify, and protect sensitive data such as PII (Personally Identifiable Information). Macie analyzes the data stored in AWS services like Amazon S3, scans it for sensitive content, and provides insights into potential risks related to data exposure. Macie helps identify sensitive data that may require special handling, such as encryption or restricted access, thus perfectly meeting the company's requirement of identifying sensitive data. 3. Option C: AWS Identity and Access Management (IAM) IAM is a service that helps manage access control to AWS resources, defining who can access which services and resources and with what permissions. While IAM plays a crucial role in securing data by controlling access, it does not identify or classify sensitive data. IAM ensures only authorized users can access certain resources, but it doesn't ...

Author: NebulaEagle11 · Last updated May 15, 2026

A user has a stateful workload that will run on Amazon EC2 for the next 3 years.What is the MOST cos...

To determine the most cost-effective pricing model for a stateful workload that will run on Amazon EC2 for the next 3 years, we need to evaluate the options based on cost, time commitment, flexibility, and suitability for stateful applications. A) On-Demand Instances - Purpose: On-Demand Instances allow you to pay for compute capacity by the hour or second, with no long-term commitment. - Cost: This option provides flexibility but is generally the most expensive in terms of hourly rates compared to other pricing models, especially for workloads with a predictable or long-term nature. - Suitability: While On-Demand offers high flexibility, it's not the most cost-effective for a stateful workload that will run for 3 years. If the workload is continuous and predictable, On-Demand will result in unnecessary higher costs over time. B) Reserved Instances - Purpose: Reserved Instances (RIs) offer a significant discount (up to 75%) compared to On-Demand prices in exchange for committing to a specific instance type in a specific region for a term of 1 or 3 years. - Cost: Reserved Instances are highly cost-effective for workloads that are predictable and will run continuously over a long period (like the 3 years mentioned in the scenario). - Suitability: Given that the workload will run for 3 years and is stateful (likely requiring consistent availability), Reserved Instances would provide substantial cost savings with the ability to reserve capacity for the duration of the term. - Key Factors: With Reserved Instances, the upfront cost is higher, but the long-term savings over 3 years are significant. For predictable workloads like t...

Author: Aditya · Last updated May 15, 2026

Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?

When enabling encryption of data at rest for Amazon Elastic Block Store (Amazon EBS), it is primarily the responsibility of AWS customers. However, the process of enabling encryption often involves using other services to manage encryption keys, such as AWS Key Management Service (AWS KMS). Detailed Explanation: 1. Option A: AWS Support AWS Support provides assistance to customers but does not directly enable encryption. Support is available to guide you through the process or resolve issues but does not manage the encryption configuration. Therefore, this option is not the right answer. 2. Option B: AWS Customers AWS customers are the ones who actually enable encryption for their EBS volumes. While AWS offers tools and services to manage encryption (like AWS KMS), it is up to the customer to configure encryption as part of their setup process, typically when creating an EBS volume. The customer must choose whether to enable encryption and configure encryption keys (using AWS KMS). This makes the customer the responsible party in enabling encryption at rest. 3. Option C: AWS Key Management Service (AWS KMS) AWS KMS is a service that helps customers manage encryption keys. KMS can be used to create and store keys for encrypting data at rest. While KMS plays a critical role in managing the encryption keys, it does not directly enable encryption itself. It is an essential tool for the customer in ensuring that encryption is managed securely, but the customer still enables the encryption by choosing to encrypt the EBS volume and associating it with keys from KMS. Therefore, KMS is important but is not the entity that "enables" encryption. 4. Opt...

Author: Julian · Last updated May 15, 2026

What can a user accomplish using AWS CloudTrail?

To determine what a user can accomplish using AWS CloudTrail, let's examine the provided options in the context of AWS CloudTrail's functionality: Option A) Generate an IAM user credentials report - Use case: IAM user credentials reports provide details about IAM users and their credentials status. This is a separate IAM functionality, not part of AWS CloudTrail. - Reason for rejection: AWS CloudTrail is primarily used for logging and monitoring API calls made to AWS services, not for generating user credentials reports. This is an IAM-specific task. Option B) Record API calls made to AWS services - Use case: AWS CloudTrail logs API calls made to AWS services, capturing detailed information about who made the call, from where, and when. It records API activity across AWS services, helping with monitoring, security analysis, and troubleshooting. - Reason for selection: This is exactly what AWS CloudTrail is designed to do. It tracks API activity, providing an audit trail for actions taken within an AWS environment. This is the core functionality of CloudTrail. Option C) Assess the compli...

Author: Emma · Last updated May 15, 2026

A company is planning to host its workloads on AWS.Which AWS service requires the company to update ...

To determine which AWS service requires the company to update and patch the guest operating system, let's examine each option based on the involvement of operating systems and maintenance responsibilities: A) Amazon DynamoDB - Purpose: Amazon DynamoDB is a fully managed NoSQL database service. It abstracts away the underlying infrastructure and takes care of patching, scaling, and managing the database backend. - Reason for rejection: Since DynamoDB is fully managed by AWS, the company does not need to manage any operating systems or infrastructure directly. It does not require updating or patching any guest OS, as AWS handles all of that. B) Amazon S3 - Purpose: Amazon S3 (Simple Storage Service) is a scalable object storage service that is fully managed by AWS. It does not involve a guest operating system, as it is not based on virtual machines or instances that the user needs to manage. - Reason for rejection: Like DynamoDB, Amazon S3 is fully managed and abstracts away any infrastructure concerns, including operating system patching or updates. There is no OS to maintain in this service. C) Amazon EC2 - Purpose: Amazon EC2 (Elastic Compute Cloud) allows you to provision virtual servers (instances) to run workloads on AWS. You can choose the operating system and configure it to your needs. - Key Factors: - Effort: The company is respo...

Author: Sophia · Last updated May 15, 2026

Which AWS service or feature will search for and identify AWS resources that are shared externally?

In the context of identifying AWS resources that are shared externally, we need a solution that helps in discovering resources and permissions that are shared with external entities. Let's break down each option and evaluate how they align with this requirement: A) Amazon OpenSearch Service: - Explanation: Amazon OpenSearch Service is a fully managed search and analytics service that helps you search, analyze, and visualize large amounts of data. While it's great for log data, application performance metrics, and similar use cases, it does not focus on identifying resources shared externally in the AWS environment. - Rejected: OpenSearch is more suited for data analysis and search, rather than specifically identifying externally shared AWS resources. It doesn't directly help in finding and managing resource sharing configurations. B) AWS Control Tower: - Explanation: AWS Control Tower is a service that provides a prescriptive approach to setting up and governing a multi-account AWS environment based on AWS best practices. It offers a way to establish a secure and compliant multi-account architecture, but it does not specialize in identifying resources shared externally across accounts or with the public. - Rejected: While Control Tower can help in managing multi-account setups and governance, it does not provide specific functionality to identify externally shared resources. It’s more about setting up an organized environment with guardrails. C) AWS IAM Access Analyzer: - Explanation: AWS IAM Access Analyzer helps identify resources in yo...

Author: VenomousSerpent42 · Last updated May 15, 2026

A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its applicati...

To meet the company's requirement of retaining full control of patch management for the guest operating systems that host its applications, we need to evaluate AWS services that provide the ability to control and manage operating systems directly. Option A: Amazon DynamoDB - Purpose: Amazon DynamoDB is a fully managed NoSQL database service. It does not involve managing operating systems and is not relevant to patch management or controlling guest operating systems. - Relevance: DynamoDB is focused on database management, not on providing control over virtual machines or operating systems. - Effort, Time, Cost: This service is unrelated to the needs for managing guest OS patches and thus does not help in this scenario. - Ideal Scenario: Best used for NoSQL database workloads, not for controlling operating system patches. Option B: Amazon EC2 - Purpose: Amazon EC2 (Elastic Compute Cloud) provides scalable compute capacity in the cloud. It allows you to launch virtual machines (instances) with the operating system of your choice, where you have full control over the guest OS. - Relevance: EC2 allows full control of the guest operating systems, including the ability to perform patch management, install software, and manage updates. This matches the requirement of retaining full control over patch management. - Effort, Time, Cost: EC2 instances require manual patching unless automated tools like Systems Manager are used. While it gives full control, managing patches may require more effort and resources, but it provides the flexibility needed by the company. - Ideal Scenario: Perfect for scenarios where full control over the operating system, including patch manage...

Author: Sofia2021 · Last updated May 15, 2026

At what support level do users receive access to a support concierge?

To determine at what support level users receive access to a Support Concierge, let's examine each of the available AWS support plans in detail: A) Basic Support - Purpose: The Basic Support plan provides access to AWS documentation, whitepapers, and the AWS Trusted Advisor (for limited checks), but it does not include any direct support or technical assistance. This plan does not include a Support Concierge. - Reason for rejection: Users on the Basic Support plan do not receive access to personalized support, including the Support Concierge. This plan is typically intended for users who need minimal support and have basic queries. B) Developer Support - Purpose: Developer Support is designed for users who are experimenting with AWS or building non-production workloads. It offers 24/7 access to Cloud Support Engineers via email for general guidance and troubleshooting. - Reason for rejection: Developer Support includes basic assistance for development-related queries, but it does not provide access to a Support Concierge. It focuses on providing a lower level of support for developers working on non-critical workloads. C) Business Support - Purpose: Business Support is intended for production workloads and provides 24/7 access to AWS Cloud Support Engineers via email, chat, and phone. It also includes AWS Trusted Advisor checks and third-party software support. - Reason for rejection: While ...

Author: Chloe · Last updated May 15, 2026

Which AWS service can a company use to visually design and build serverless applications?

Let’s analyze each option based on the requirement of visually designing and building serverless applications. Key Requirements: - The company wants to visually design and build serverless applications. - This implies a need for a graphical interface to design the architecture without manually configuring services. Option A: AWS Lambda - Service Description: AWS Lambda is a serverless compute service that runs code in response to events, such as file uploads or API requests. While Lambda enables serverless computing, it does not provide a visual design interface for building serverless applications. - Use Case: Lambda is used for executing code, but developers must manually set up triggers and integrate it with other AWS services. - Operational Overhead: Lambda is essential for serverless execution but does not meet the requirement of visually designing applications. Rejection: AWS Lambda does not provide a graphical interface for building or designing serverless applications. --- Option B: AWS Batch - Service Description: AWS Batch is a fully managed service that enables you to run batch processing workloads on AWS. It’s primarily used for running large-scale batch jobs, rather than designing serverless applications. - Use Case: AWS Batch is best suited for high-performance computing and data processing tasks, not for designing serverless applications. - Operational Overhead: Batch jobs typically require configuration of compute environments and job queues, but it doesn't help with visually designing applications. Rejection: AWS Batch is not designed for visual application building or serverless architectures. --- Option C: AWS Application Composer - Service Description: AWS Application Composer is a service designed specifically for visually building serverless applicat...

Author: Olivia Johnson · Last updated May 15, 2026

A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a s...

In the scenario where a company wants to migrate to AWS and use the same security software it uses on-premises, which is offered as a service on AWS by the vendor, the company should look for a platform where they can purchase or subscribe to this software directly. Reasoning for each option: 1. A) AWS Partner Solutions Finder - Purpose: The AWS Partner Solutions Finder is a tool for finding AWS Partner Network (APN) partners that provide various solutions, including third-party software solutions. - Pros: Useful for identifying partners who offer security solutions as part of the AWS ecosystem. - Cons: While it can help find the security solution vendor, it does not serve as a platform for purchasing or directly subscribing to the solution. - Scenario: This tool is best used when looking for vendor recommendations or partner information, not directly purchasing the solution. 2. B) AWS Support Center - Purpose: The AWS Support Center is a place for managing AWS accounts, support cases, and billing. - Pros: Provides support and case management for AWS-related issues. - Cons: It does not provide a platform for purchasing third-party software. - Scenario: This is useful for support but irrelevant for purchasing third-party security software. 3. C) AWS Management Console - Purpose: The AWS Management Console is the primary interface for managing AWS resources and services. - Pros: Essen...

Author: Sophia Clark · Last updated May 15, 2026

A company has deployed an Amazon EC2 instance.Which option is an AWS responsibility under the AWS sh...

Under the AWS shared responsibility model, AWS manages the infrastructure and security of the cloud itself, while the customer is responsible for managing their own applications and data within the cloud. Selected Option: C) Configuration of infrastructure devices Reasoning: 1. C) Configuration of infrastructure devices: - Explanation: AWS is responsible for the underlying physical infrastructure that powers services like Amazon EC2, including the hardware, network, storage, and the virtualization layer. This includes ensuring the availability, scaling, and security of the physical servers and network devices that support EC2 instances. - Effort and Time: AWS handles this infrastructure management without requiring any action from the user. Customers do not need to worry about the configuration or maintenance of physical hardware or the virtualization layer, which saves significant time and effort for the user. - Cost: This responsibility is part of the AWS services, and there is no additional cost to customers for AWS maintaining and securing infrastructure devices. Rejected Options: 1. A) Managing and encrypting application data: - Explanation: Managing and encrypting application data is a responsibility of the customer, not AWS. While AWS provides tools (like AWS KMS) to help with encryption, it is the customer’s responsibility to ensure that their application data is properly encrypted. - Scenario: The custo...

Author: Ming88 · Last updated May 15, 2026

A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.Which AWS service or resource wil...

When a company wants to migrate its PostgreSQL database to AWS, and the database is not used frequently, the ideal solution should minimize management overhead while considering cost-efficiency and ease of use. Let's analyze each option: A) PostgreSQL on Amazon EC2: - Management overhead: High. Managing PostgreSQL on EC2 requires setting up, configuring, patching, backing up, and handling scaling manually. - Effort: High. The user is responsible for everything, including database administration, security, and maintenance tasks. - Time: Longer initial setup time due to the need for manual configuration and ongoing maintenance. - Cost: While you can choose smaller EC2 instances to reduce costs, it requires manual effort to optimize. - When to use: This option is suitable for highly customized environments where full control over the database and instance configuration is needed, but it is not ideal for scenarios with low usage or minimal management resources. B) Amazon RDS for PostgreSQL: - Management overhead: Moderate. Amazon RDS automates many management tasks like backups, patching, and scaling, but users still need to manage database configurations and optimizations. - Effort: Lower than EC2 as Amazon handles the infrastructure aspects. - Time: Faster to set up compared to EC2, as AWS handles most administrative tasks. - Cost: More expensive than EC2 because of managed service overhead but still reasonably cost-effective for consistent database usage. - When to use: A good option if the database usage is regular, requiring less overhead but still needing some level of management. C) Amazon Aurora PostgreSQL-Compatible Edition: - Management overhead: Low. Aurora automates management tasks like backups, patching, and scaling but offers high availability and replication. - Effort: Aurora manages a lot of database maintenance, making it ...

Author: Michael · Last updated May 15, 2026

A company is using Amazon DynamoDB for its application database.Which tasks are the responsibility of AWS, according t...

In the AWS shared responsibility model, responsibilities are divided between AWS and the customer. AWS is responsible for securing the cloud infrastructure, while the customer is responsible for securing what they put in the cloud. Let’s evaluate each option based on this model and which tasks are AWS’s responsibility. 1. A) Classify data: - Explanation: Classifying data is typically the responsibility of the customer, not AWS. The customer decides the type of data (sensitive, confidential, etc.) and how it should be handled, especially in terms of compliance and privacy. - Why Rejected: AWS does not classify the data; it provides the tools (e.g., IAM, encryption) for customers to manage their data securely. 2. B) Configure access permissions: - Explanation: The customer is responsible for configuring access permissions using services such as AWS Identity and Access Management (IAM) or DynamoDB’s own access control features. - Why Rejected: Access control and permissions are part of customer responsibilities to ensure proper security and access management for the application and its users. 3. C) Manage encryption options: - Explanation: AWS provides tools for data encryption at rest (e.g., using AWS KMS) and in transit (e.g., using TLS), but the customer is responsible for enabling encryption and managing the associated keys for their own data. - Why Rejected: While AWS offers encryption features, customers must configure them based on their needs. This is a shared responsibility: AWS manages the encryption at the infrastructure level, but customers must manage encryption settings for their own data. 4. D) Provide p...

Author: Emma · Last updated May 15, 2026

A company wants to create a globally accessible ecommerce platform for its customers. The company wants to use a highly available and scalable DNS web service to conne...

In this case, the company is aiming to create a globally accessible e-commerce platform and needs a highly available and scalable DNS web service to connect users to the platform. Let's analyze the options in the context of these specific requirements: Reasoning for each option: 1. A) Amazon EC2 - Purpose: Amazon EC2 (Elastic Compute Cloud) provides scalable computing capacity in the cloud. It's primarily used to run virtual machines and applications. - Pros: It offers high scalability and flexibility for running applications but is not specifically designed to manage DNS. - Cons: EC2 does not provide DNS services. It focuses on computing resources, not domain name resolution or traffic routing to a platform. - Scenario: While EC2 is a critical service for hosting applications or running servers, it is not a suitable solution for managing DNS traffic or domain resolution needs. 2. B) Amazon VPC - Purpose: Amazon VPC (Virtual Private Cloud) allows the creation of a logically isolated network within the AWS cloud. It is used to manage networking components like subnets, IP addressing, and security. - Pros: VPC is necessary for controlling network flow, securing traffic, and hosting resources like EC2 instances. - Cons: VPC is primarily focused on networking and infrastructure management, not DNS services or highly available domain routing. - Scenario: VPC is important for setting up a secure and isolated network for hosting the e-commerce platform, but it does not provide scalable DNS management for users accessing the platform globally. 3. C) Amazon Route 53 - Purpose: Amazon Route 53 is a highly available and scalable DNS w...

Author: Ahmed · Last updated May 15, 2026

Which maintenance task is the customer=E2=80=99s responsibility, according to the AWS shared respons...

The AWS Shared Responsibility Model defines the security responsibilities of both AWS and the customer. AWS is responsible for the security "of" the cloud (hardware, network, and facilities), while the customer is responsible for the security "in" the cloud (such as their data, configurations, and software). Reasoning for each option: 1. A) Physical connectivity among Availability Zones - AWS Responsibility: AWS manages the physical connectivity between Availability Zones. This includes ensuring redundancy, high availability, and fault tolerance across zones. - Customer Responsibility: The customer does not manage physical network connections in AWS. - Scenario: This would be AWS's responsibility, as it directly involves infrastructure management in the cloud. 2. B) Network switch maintenance - AWS Responsibility: AWS handles the maintenance of network switches in the cloud infrastructure, including the management of hardware, software, and updates related to networking hardware. - Customer Responsibility: Customers don’t manage or maintain network switches in AWS. - Scenario: AWS manages all networking hardware in its data centers, including switches. 3. C) Hardware updates and firmware patches - AWS Responsibility: AWS is responsible for hardware maintenance, firmware updates, and patching to ensur...

Author: FlamePhoenix2025 · Last updated May 15, 2026

A company wants to improve its security posture by reviewing user activity through API calls.Which A...

To improve security posture by reviewing user activity through API calls, the company needs a service that can track and log API activity. Let’s analyze each option: Reasoning for each option: 1. A) AWS WAF (Web Application Firewall) - Purpose: AWS WAF helps protect applications from common web exploits that could affect availability, security, or consume excessive resources. It operates by filtering web traffic based on predefined security rules. - Pros: AWS WAF is great for blocking malicious web requests and preventing attacks, such as SQL injection or cross-site scripting. - Cons: It does not track or log user API activity; it focuses on filtering HTTP(S) traffic at the application layer. - Scenario: AWS WAF is suited for web security but not for tracking user activity or API calls. 2. B) Amazon Detective - Purpose: Amazon Detective helps to investigate and analyze security issues or suspicious activities by visualizing and analyzing AWS CloudTrail logs, VPC Flow Logs, and other security-related data. - Pros: It can help with deep security investigations, offering insights into the source and timeline of suspicious activities. - Cons: While useful for deeper security analysis, Amazon Detective is more about investigation after an event has occurred and does not provide real-time API tracking or logging by itself. - Scenario: Amazon Detective is better suited for after-the-fact security analysis rather than continuous tracking of API calls. ...

Author: Scarlett · Last updated May 15, 2026

A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to 6 months on AWS.Wh...

Author: IceDragon2023 · Last updated May 15, 2026

A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instan...

In this scenario, the company is preparing for a large increase in traffic to its website, which is hosted on Amazon EC2 instances. The goal is to assess its readiness to scale for the upcoming product launch, taking into account factors such as traffic increase, scalability, and reliability. Let's evaluate each option in this context: A) Replace the EC2 instances with AWS Lambda functions: - Explanation: AWS Lambda allows running code in response to events without managing servers, which can scale automatically. However, replacing EC2 instances with Lambda functions would require significant re-architecting of the application, especially for a popular product launch with a tight timeline of 2 months. This would involve substantial development and testing effort, and might not be the most cost-effective or time-efficient approach for this particular situation. - Rejected: This is not a practical solution given the time constraint, the need for re-architecture, and the specific use case of hosting a website, where EC2 instances are more suited to handling the traffic load and managing dynamic content. B) Use AWS Infrastructure Event Management (IEM) support: - Explanation: AWS Infrastructure Event Management (IEM) is a support offering available with AWS Enterprise Support. IEM provides a proactive approach to planning and scaling infrastructure for high-traffic events. The service helps assess infrastructure readiness, provide guidance on scaling strategies, and ensures that systems are appropriately sized to handle traffic spikes. This aligns well with the company's need to assess readiness for the anticipated increase in website traffic. - Selected: IEM is specifically designed to assess infrastructure readiness for high-traffic events. It provides tailored guidance and recommendations to ensure the infrastructure scales effectively, making it the m...

Author: Lucas Carter · Last updated May 15, 2026

A company wants to launch multiple workloads on AWS. Each workload is related to a different business unit. The company wants to separate and track costs for each business unit.Wh...

To determine the best solution for separating and tracking costs for multiple workloads, let’s evaluate each option based on operational overhead, scalability, and suitability to track costs efficiently: A) Use AWS Organizations and create one account for each business unit AWS Organizations is a service that allows users to manage multiple AWS accounts under a single organization. By creating a separate account for each business unit, you can easily track costs and usage on a per-business-unit basis using AWS Cost Explorer, AWS Budgets, and AWS Cost and Usage Reports. Each account can be individually tagged, and the consolidated billing feature of AWS Organizations allows the central management of these accounts while keeping cost tracking isolated per business unit. This solution is highly scalable and offers minimal operational overhead once the accounts are set up, with the added benefit of centralized cost management. B) Use a spreadsheet to control the owners and cost of each resource Using a spreadsheet to track costs is manual and prone to errors, especially as the number of resources and workloads grows. This solution introduces significant operational overhead as it requires constant manual updates and reconciliation of costs. It is not scalable or efficient for tracking AWS costs, as it doesn’t leverage AWS's built-in tools for cost tracking and reporting. Therefore, this option is not ideal for separating and tracking costs effectively. C) Use an Amazon DynamoDB table to record costs for each business unit Using Amazon DynamoDB to record costs manually involves significant custom development effort. While DynamoDB is a fast and scalable NoSQL database, ...

Author: Olivia · Last updated May 15, 2026

A company wants a time-series database service that makes it easier to store and analyze trillions of events each ...

The AWS service that best meets the requirement for a time-series database service to store and analyze trillions of events each day is Amazon Timestream. Breakdown of each option: A) Amazon Neptune: - Purpose: Amazon Neptune is a fully managed graph database service designed for storing and querying relationships between data points (graph-based data), not specifically optimized for time-series data. - Use Case: Ideal for applications involving social networks, recommendation engines, fraud detection, etc., where relationships between entities are key. - Key Factors: It does not provide specialized support for high-volume time-series data. - Why Rejected: Neptune is not suitable for storing and analyzing time-series data like events occurring over time. B) Amazon Timestream: - Purpose: Amazon Timestream is a fully managed time-series database designed for storing and analyzing time-series data, such as sensor data, application logs, and other event-driven data. - Use Case: Perfect for applications that require high ingestion rates, fast queries, and the ability to analyze trillions of time-series events daily. Timestream automatically scales to accommodate large volumes of data and provides features for both real-time and historical analytics. - Time & Effort: Easy to set up and manage with built-in functionalities for time-series data, reducing operational overhead. - Cost: Amazon Timestream is cost-effective for time-series workloads because it is designed to optimize storage and query performance for time-series data. - Why Selected: Timestream is built specifically for high-volume time-series data and is ideal for use cases involving trillions of events per day, making it the best fit for the requirem...

Author: Aria · Last updated May 15, 2026

Which option is a shared control between AWS and the customer, according to the AWS shared responsib...

According to the AWS shared responsibility model, the correct option is A) Configuration management. Here's why: Option A: Configuration Management - Shared control: Configuration management is a shared responsibility between AWS and the customer. AWS is responsible for managing the cloud infrastructure, while the customer is responsible for configuring and managing their resources and applications running on AWS. For example, customers are responsible for the configurations of EC2 instances, operating systems, application settings, patches, etc. AWS takes care of the security and health of the cloud infrastructure but does not configure the customer’s specific applications or instances. - Effort, time, and cost: Configuration management typically involves regular updates, patching, and setting configurations for deployed services. The customer will need to allocate time, effort, and possibly additional cost for managing configurations of resources like EC2, RDS, etc. Option B: Physical and Environmental Controls - AWS's responsibility: Physical and environmental controls (such as physical data center security, climate control, and hardware management) are entirely managed by AWS. This is not shared with the customer. The customer does not need to handle physical security or environmental controls at the data center level. Option C: Data Integrity Authentication - Shared responsibility: While customers must ensure the integrity and security of their data, AWS provides the tools and services (such as encryption and access controls) to help with data integrity. However, customers are ultimately responsible for implementing authentication measures for their data in their applicat...

Author: IceDragon2023 · Last updated May 15, 2026

A company often does not use all of its current Amazon EC2 capacity to run stateless workloads. The company wants to optimize its EC2 c...

To address the company's need to optimize EC2 costs for stateless workloads, we should consider different EC2 instance options based on cost, flexibility, and usage patterns. Let's evaluate each option: 1. Spot Instances (Option A): - Cost: Spot Instances offer significant cost savings (up to 90% compared to On-Demand pricing) because they utilize unused EC2 capacity. - Flexibility: Spot Instances can be interrupted by AWS with little notice, making them suitable for stateless workloads where interruptions are acceptable. - Use Case: This option is ideal when workloads can tolerate interruptions, such as batch processing, data analysis, or temporary tasks. However, Spot Instances are not ideal when guaranteed availability is needed, or if workloads cannot tolerate sudden interruptions. 2. Dedicated Instances (Option B): - Cost: Dedicated Instances run on physical servers dedicated to your account, which typically comes at a higher cost compared to On-Demand Instances. - Flexibility: While Dedicated Instances offer isolation from other tenants (useful for compliance or security reasons), they are not cost-effective for stateless workloads that don't require dedicated hardware. - Use Case: Best for scenarios requiring compliance with strict regulatory requirements (e.g., running sensitive applications that need physical isolation). This option would not be cost-effective for stateless workloads that do not need dedicated physical hardware. 3. Reserved Instances (Option C): - Cost: Reserved Instances offer significant discounts (up to 75%) over On-Demand pricing in exchange for committing to use instances for a 1- or 3-year term. - Flexibility: While cost-effective for predictable workloads, Reserved Instances require long-term commitment, which is not ideal for workloads that fluctuate or are stateless....

Author: Andrew · Last updated May 15, 2026

A company wants to store data in Amazon S3. The company rarely access the data, and the data can be regenerated if necessary. The company wants to store the data in the most cos...

To determine the most cost-effective storage class for the company’s needs, let's evaluate each option carefully based on the scenario described: Scenario Overview: - Rare access to data: This means the data is infrequently accessed. - Data can be regenerated: This suggests that the data is not critical, and it can be recreated if lost. - Cost-effectiveness is a priority: The company wants the most economical solution. Option A) S3 Standard - Use case: Designed for frequently accessed data. - Storage cost: High, as it is optimized for low-latency and high-throughput access. - Reason for rejection: This option is not cost-effective for data that is rarely accessed, as it is the most expensive storage class in terms of storage costs. Option B) S3 Intelligent-Tiering - Use case: Automatically moves data between two access tiers (frequent and infrequent) based on access patterns. It is useful when access patterns are unpredictable. - Storage cost: Higher than other infrequent access classes because it incurs additional costs for monitoring and automatic tiering. - Reason for rejection: The company’s data rarely needs to be accessed, and since the data can be regenerated if necessary, paying extra for automatic tiering and monitoring is not justified. The use of Intelligent-Tiering would lead to unnecessary costs. Option C) S3 Standard-Infrequent Access (S3 Sta...

Author: Layla · Last updated May 15, 2026

What Our Friends Say

What Our Friends Say

Amazon Practice Questions, Discussions & Exam Topics by our Authors

Which AWS service or resource can be used to identify services that have been used by a user within ...

A company needs to engage third-party consultants to help maintain and support its AWS environment and the company=E2=80=99s business needs...

A company wants to create Amazon QuickSight dashboards every week by using its billing data.Which AWS feature or to...

A company is planning to move data backups to the AWS Cloud. The company needs to replace on-premises storage with storage that is cloud-based ...

A company needs to organize its resources and track AWS costs on a detailed level. The company needs to categorize costs by business department, environ...

A company needs to plan, schedule, and run hundreds of thousands of computing jobs on AWS.Which AWS service...

Which AWS services or features provide high availability and low latency by enabling failover across...

Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS C...

Which abilities are benefits of the AWS Cloud? (Choose two.)

Which AWS security service protects applications from distributed denial of service attacks with always-o...

Which AWS service allows users to model and provision AWS resources using common programming languag...

Which Amazon EC2 instance pricing model can provide discounts of up to 90%?

Which of the following acts as an instance-level firewall to control inbound and outbound access?

A company must be able to develop, test, and launch an application in the AWS Cloud quickly.Which advantage o...

A company has teams that have different job roles and responsibilities. The company=E2=80=99s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilit...

Which AWS service can a company use to securely store and encrypt passwords for a database?

What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them ...

Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)

A company wants to integrate its online shopping website with social media login credentials.Which AWS servic...

Which AWS service is used to track, record, and audit configuration changes made to AWS resources?

A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds.For how...

A company website is experiencing DDoS attacks.Which AWS service can help protect the company websit...

A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the A...

A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify...

A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services and general AWS infrastructure are operating normally.Which combination of A...

A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS.Which AWS service or tool s...

Which cloud concept is demonstrated by using AWS Compute Optimizer?

A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered se...

A user has a stateful workload that will run on Amazon EC2 for the next 3 years.What is the MOST cos...

Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?

What can a user accomplish using AWS CloudTrail?

A company is planning to host its workloads on AWS.Which AWS service requires the company to update ...

Which AWS service or feature will search for and identify AWS resources that are shared externally?

A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its applicati...

At what support level do users receive access to a support concierge?

Which AWS service can a company use to visually design and build serverless applications?

A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a s...

A company has deployed an Amazon EC2 instance.Which option is an AWS responsibility under the AWS sh...

A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.Which AWS service or resource wil...

A company is using Amazon DynamoDB for its application database.Which tasks are the responsibility of AWS, according t...

A company wants to create a globally accessible ecommerce platform for its customers. The company wants to use a highly available and scalable DNS web service to conne...

Which maintenance task is the customer=E2=80=99s responsibility, according to the AWS shared respons...

A company wants to improve its security posture by reviewing user activity through API calls.Which A...

A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to 6 months on AWS.Wh...

A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instan...

A company wants to launch multiple workloads on AWS. Each workload is related to a different business unit. The company wants to separate and track costs for each business unit.Wh...

A company wants a time-series database service that makes it easier to store and analyze trillions of events each ...

Which option is a shared control between AWS and the customer, according to the AWS shared responsib...

A company often does not use all of its current Amazon EC2 capacity to run stateless workloads. The company wants to optimize its EC2 c...

A company wants to store data in Amazon S3. The company rarely access the data, and the data can be regenerated if necessary. The company wants to store the data in the most cos...