An e-learning platform needs to run an application for 2 months each year The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.
Which EC2 purchasing option will meet these requirements MOST cost-effectively?
Which of the following is an AWS best practice for managing an AWS account root user?
A bank needs to store recordings of calls made to its contact center for 6 years. The recordings must be accessible within 48 hours from the time they are requested.
Which AWS service will provide a secure and cost-effective solution for retaining these files?
Which AWS service or feature provides an online, managed software catalog that helps users purchase and deploy third-party software?
A company runs Amazon EC2 instances in a research lab The instances run for 3 hours each week and cannot be interrupted What is the MOST cost-effective instance purchasing option to meet these requirements?
Which AWS Weil-Architected Framework design principles support disaster recovery planning? (Select TWO.)
Which documentation does AWS Artifact provide?
A company chooses an Amazon EC2 instance type that fits its usage requirements Which principle of the AWS Well-Architected Framework is the company following?
Which task is a customer's responsibility, according to the AWS shared responsibility model?
A company has set up its first VPC in the AWS Cloud the VPC includes two public subnets. The company needs to block access to all network traffic that destined for one of the two public subnets if the traffic is from a specific IP address that has identified as malicious.
Which AWS service or tool can the company use to meet this requirement?
A company wants to integrate its online shopping website with social media login credentials Which AWS service can the company use to make this integration?
A company is using on-premises Microsoft Active Directory federation to manage user identities and groups.
What AWS Identity and Access Management (IAM) setting maps the permissions for AWS services to the Active Directory user attributes?
How to Connect Your On-Premises Active Directory to AWS Using AD Connector
Assign users to roles
Now that AD Connector is configured and you’ve created a role, your next job is to assign users or groups to those IAM roles. Role mapping is what governs what resources a user has access to within AWS. To do this you’ll need to:
Image of reviewing user or group with corresponding Id
When you’re finished you should see the name of the user or group along with the corresponding Id for that object, as shown in the previous image.
The next time the user signs in to the AWS Management Console from the custom sign-in page, they will be signed in under the EC2ReadOnly security role.
Image of EC2ReadOnly security role
Seamlessly join an instance to an Active Directory domain
Another advantage to using AD Connector is the ability to seamlessly join Windows (EC2) instances to your Active Directory domain. You may have read about this feature in the AWS Blog earlier this year. It’s what allows you to join a Windows Server to the domain while the instance is being provisioned instead of using a script or doing it manually. This section of this blog post will explain the steps necessary to enable this feature in your environment and how the service works.
Step 1: Create a role
Until recently you had to manually create an IAM policy to allow an EC2 instance to access the SSM, an AWS service that allows you to configure Windows instances while they’re running and on first launch. Now, there’s a managed policy called AmazonEC2RoleforSSM that you can use instead. The role you are about to create will be assigned to an EC2 instance when it’s provisioned, which will grant it permission to access the SSM service.
To create the role:
Which guidelines are best practices for using AWS Identity and Access Management (IAM)? (Select TWO.)
Which AWS services can use AWS WAF to protect against common web exploitations? (Select TWO.)
AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync. As part of Amazon CloudFront it can be part of your Content Distribution Network (CDN) protecting your resources and content at the Edge locations.
Which AWS service can identify underutilized Amazon EC2 instances and idle Amazon RDS DB instances in an AWS account?
A social media company allows its public users to upload video content to an Amazon S3 bucket. Some videos are popular and are accessed often. some videos are popular and are accessed often. some videos are accessed infrequently. The company wants to reduce its total storage cost.
Which actions will provide the MOST cost savings? (Select TWO.)
A company sets up its AWS environment and creates eight IAM users for the development team.
Which of the following is a best practice for the company to follow to grant permissions to these IAM users?
A company needs to process data from satellite communications without managing any infrastructure.
Which AWS service should the company use to meet these requirements?
AWS Ground Station is a fully managed service that lets you control satellite communications, process data, and scale your operations without having to worry about building or managing your own ground station infrastructure. Satellites are used for a wide variety of use cases, including weather forecasting, surface imaging, communications, and video broadcasts. Ground stations form the core of global satellite networks. With AWS Ground Station, you have direct access to AWS services and the AWS Global Infrastructure including a low-latency global fiber network. For example, you can use Amazon S3 to store the downloaded data, Amazon Kinesis Data Streams for managing data ingestion from satellites, and Amazon SageMaker for building custom machine learning applications that apply to your data sets. You can save up to 80% on the cost of your ground station operations by paying only for the actual antenna time used, and relying on the global footprint of ground stations to download data when and where you need it. There are no long-term commitments, and you gain the ability to rapidly scale your satellite communications on-demand when your business needs it.
Which of the following are characteristics of AWS WAF? (Select TWO.)
AWS WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs. This gives you an additional layer of protection from web attacks that attempt to exploit vulnerabilities in custom or third party web applications. In addition, AWS WAF makes it easy to create rules that block common web exploits like SQL injection and cross site scripting.
AWS WAF allows you to create a centralized set of rules that you can deploy across multiple websites. This means that in an environment with many websites and web applications you can create a single set of rules that you can reuse across applications rather than recreating that rule on every application you want to protect.
Which approach will enhance a user’s security on AWS?
Who can create and manage access keys for an AWS account root user?
Anyone who has root user credentials for your AWS account has unrestricted access to all the resources in your account, including billing information. When you create access keys, you create the access key ID and secret access key as a set.
A company is using AWS Lambda. Which task is the company’s responsibility, according to the AWS shared responsibility model?
Which AWS service can help a company detect an outage of its website servers and redirect users to alternate servers?
Amazon Route 53 with DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is operating properly.
A company plans to create a data lake that uses Amazon S3. Which factor will have the MOST effect on cost?
Which AWS service provides an isolated virtual network to connect AWS services and resources?
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
Which AWS service decouples application components so that the components run independently?
Amazon SQS is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS lets you decouple application components so that they run and fail independently, increasing the overall fault tolerance of the system.
A system automatically recovers from failure when a company launches its workload on the AWS Cloud services platform. Which pillar of the AWS Well-Architected Framework does this situation demonstrate?
Built around six pillars—operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability—AWS Well-Architected provides a consistent approach for customers and partners to evaluate architectures and implement scalable designs.
The Reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. You can find prescriptive guidance on implementation in the Reliability Pillar whitepaper.
What is an AWS Region?
AWS has the concept of a Region, which is a physical location around the world where we cluster data centers. We call each group of logical data centers an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area.
Which of the following describes AWS Local Zones?
AWS Local Zones are a type of AWS infrastructure deployment that place compute, storage, database, and other select services closer to large population, industry, and IT centers, enabling you to deliver applications that require single-digit millisecond latency to end-users.
A company runs applications that process credit card information. Auditors have asked if the AWS environment has changed since the previous audit. If the AWS environment has changed, the auditors want to know how it has changed. Which AWS services can provide this information? (Select TWO.)
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements.
AWS Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
AWS Identity and Access Management (IAM) provides fine-grained access control across all of AWS. With IAM, you can specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure least-privilege permissions.
A company wants to secure its consumer web application by using SSL/TLS to encrypt traffic.
Which AWS service can the company use to meet this goal?
To enable HTTPS connections to your website or application in AWS, you need an SSL/TLS server certificate. For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you use ACM to provision, manage, and deploy your server certificates.
Which of the following is an AWS key-value database offering consistent single-digit millisecond performance at any scale?
Amazon DynamoDB is designed to provide consistent single-digit millisecond latency for any scale of workloads. This consistent performance is a big part of why the Snapchat Stories feature, which includes Snapchat's largest storage write workload, moved to DynamoDB.
Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?
Table Description automatically generated
Which cloud computing benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase volumes?
A company wants a cost-effective option when running its applications in an Amazon EC2 instance for short time periods. The applications can be interrupted. Which EC2 instance type will meet these requirements?
Spot Instances - Spot Instances are the most cost-effective choice if you are flexible about when your applications run and if your applications can be interrupted.
A company discovered unauthorized access to resources in its on-premises data center. Upon investigation, the company found that the requests originated from a resource hosted on AWS. Which AWS team should the company contact to report this issue?
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud. How can these reports be generated?
How does consolidated billing help reduce costs for a company that has multiple AWS accounts?
Consolidated billing for AWS Organizations
You can use the consolidated billing feature in AWS Organizations to consolidate billing and payment for multiple AWS accounts or multiple Amazon Internet Services Pvt. Ltd (AISPL) accounts. Every organization in AWS Organizations has a management account that pays the charges of all the member accounts. For more information about organizations, see the AWS Organizations User Guide.
Consolidated billing has the following benefits:
*One bill – You get one bill for multiple accounts.
*Easy tracking – You can track the charges across multiple accounts and download the combined cost and usage data.
*Combined usage – You can combine the usage across all accounts in the organization to share the volume pricing discounts, Reserved Instance discounts, and Savings Plans. This can result in a lower charge for your project, department, or company than with individual standalone accounts. For more information, see Volume discounts.
*No extra fee – Consolidated billing is offered at no additional cost.
The member account bills are for informational purpose only. The management account might reallocate the additional volume discounts, Reserved Instance, or Savings Plans discounts that your account receives.
If you have access to the management account, you can see a combined view of the AWS charges that the member accounts incur. You also can get a cost report for each member account.
AWS and AISPL accounts can't be consolidated together. If your contact address is in India, you can use AWS Organizations to consolidate AISPL accounts within your organization.
When a member account leaves an organization, the member account can no longer access Cost Explorer data that was generated when the account was in the organization. The data isn't deleted, and the management account in the organization can still access the data. If the member account rejoins the organization, the member account can access the data again.
Which service is an AWS-managed Hadoop framework that makes it easy, fast, and cost-effective to process large amounts of data across dynamically scalable Amazon EC2 instances?
Which design principles are enabled by the AWS cloud to improve the operation of workloads?
A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service cart be used to accomplish this?
A company uses AWS Direct Conned and wants to establish connectivity that spans VPCs across multiple AWS Regions.
Which AWS service or feature should the company use to meet these requirements?
Which task requires the use of AWS account root account user credentials?
AWS trusted advisor can monitor and provide advice on what characteristics of an AWS account?
When comparing AWS cloud with premises total cost of ownership which expenses must be considered?
A company needs 24/7 phone email and chat access with a response time of less than 1 hour if a production system has a service interruption.
Which AWS Support plan meets these requirements at the LOWEST cost?
The continual reduction of AWS Cloud pricing is due to:
A company is building a business intelligence solution and wants to use dashboards for reporting purposes.
Which AWS service can be used?
Which aspect of AWS infrastructure enables global deployment of compute and storage?
A user an optimize Amazon EC2 costs by performing which of the following tasks? (Select TWO )
What credential components are required to gain programmatic access to an AWS account? (Select TWO.)
Which duty is a responsibility of AWS under the AWS shared responsibility model?
A company would like to host its MySQL databases on AWS and maintain full control over the operating system, database installation, and configuration. Which AWS service should the company use to host the databases?
Using AWS Identity and Access Management (IAM) what can be attached to an Amazon EC2 instance to make service requests?
Which AWS service allows customers to purchase unused Amazon EC2 capacity at an often discounted rate?
Which AWS service does AWS Snowball Edge natively support?
What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Select TWO.)
Which AWS service should a company use to continuously monitor the compliance of AWS resource configurations?
Which of the following is an AWS value proportion that describes a user's ability to scale infrastructure based on demand?
Which AWS service or tool provides a visualization of historical AWS spending patterns and projections of future AWS costs?
A company is undergoing a security audit. The audit includes security validation and compliance validation of the AWS infrastructure and services that the company uses. The auditor needs to locate compliance-related information and must download AWS security and compliance documents. These documents include the System and Organization Control (SOC) reports.
Which AWS service or group can provide these documents?
A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment the application has used 1AM access keys. The application is now ready for deployment onto an ECS cluster
How should the application authenticate with AWS services in production?
A company deployed an Amazon EC2 instance last week. A developer realizes that the EC2 instance is no longer running. The developer reviews a list of provisioned EC2 instances, and the EC2 instance is no longer on the list.
What can the developer do to generate a recent history of the EC2 instance?
A developer is writing an application in Python. The application runs on AWS Lambda. The application generates a file and needs to upload this file to Amazon S3.
The developer must implement this upload functionality with the least possible change to the application code
Which solution meets these requirements?
A company wants an in-memory data store that is compatible with open source in the cloud. Which AWS service should the company use?
A company has a global website with static content.
Which AWS service will deliver the static content with low latency?
A company's ecommerce website is experiencing sudden and significant traffic changes that are causing performance problems in the company database. Users report that attempts to access the website are taking too long.
A developer needs to implement a caching layer by using Amazon ElastiCache. The website must be responsive, no matter which product a user views Updates to product information and prices must be strongly consistent.
Which cache-writing strategy will meet these requirements?
A developer manages an application that interacts with Amazon RDS. Alter observing slow performance with read queries, the developer Implements Amazon ElastiCache to update the cache immediately following the primary database update.
What will be the result of this approach to caching?
How does AWS Cloud computing help businesses reduce costs? (Select TWO.)
Which of the following is a fully managed graph database service on AWS?
An IT manager needs to monitor company AWS resources and collect utilization metrics from Amazon EC2 instances and Amazon DynamoDB. Which AWS service can the IT manager use to meet these requirements?
A company plans to move its on-premises servers to Amazon EC2 instances. The company has 50 different business units and wants to separate each billing for each unit.
What should a cloud practitioner recommend?
A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket.
What is the MOST secure way to give the application the ability to write files to the S3 bucket?
Which AWS service is a relational database compatible with MySQL and PostgreSOL?
An ecommerce company has Amazon EC2 instances running as web servers. There is a predictable pattern of peak traffic load that occurs two times each day, always at the same time. The EC2 instances are idle for the remainder of the day.
What is the MOST cost-effective way to manage these resources while maintaining fault tolerance?
A developer needs to build and deploy a serverless application that has an API that mobile clients will use. The API will use Amazon DynamoDB and Amazon OpenSearch Service (Amazon Elasticsearch Service) as data sources Responses that are sent to the clients will contain aggregated data from both data sources
The developer must minimize the number of API endpoints and must minimize the number of API calls that are required to retrieve the necessary data
Which solution should the developer use to meet these requirements?
A developer has a stateful web server on-premises that is being migrated to AWS. The developer must have greater elasticity in the new design
How should the developer re-factor the application to make it more elastic? (Select TWO.)
Which AWS compute service automatically scales resources up or down to meet application workload demands?
When designing AWS workloads to be operational even when there are component failures, what is an AWS best practice?
Which terms describe the on-demand AWS pricing model? (Select TWO.)
Which AWS service can be used to run Amazon EC2 instances on-premises at a user site?
Which AWS benefit enables users to deploy cloud infrastructure that consists of multiple geographic regions connected by a network with low latency high throughput, and redundancy?
Which of the following are general AWS Cloud design principles described in the AWS Well-Architected Framework? (Select TWO.)
A company has a business-critical Amazon RDS for MySQL DB instance that resides in a single Availability Zone. Which solution will improve the availability of the DB instance?
A company has performance and regulatory requirements that call for it to run its workload only in its on-premises data center.
Which AWS services or resources should the company use? (Select Two.)
Which cloud characteristics enable a company to provision or release computing capacity as required? (Select Two.)
Which AWS service will track user activity on AWS?
Which controls are shared under the AWS shared responsibility model? (Select TWO.)
Which tool or feature provides a report to forecast AWS billing costs for the next 3 months?
Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?
A company has a compliance requirement to encrypt data in transit and at rest The company is serving the content through Amazon EC2 instances behind an Elastic Load Balancer and is storing data in Amazon Elastic Block Store (Amazon EBS) volumes.
Which combination of AWS services should the company use to stay compliant with this requirement? (Select TWO.)
Which AWS service should a cloud practitioner use to identify security vulnerabilities of an AWS account?
Which AWS services can be used to gather information about AWS account activity? (Select TWO.)
AWS offers a solution that uses AWS CloudTrail to log account activity, Amazon Kinesis to compute and stream metrics in real-time, and Amazon DynamoDB to durably store the computed data. Metrics are calculated for create, modify, and delete API calls for more than 60 supported AWS services. The solution also features a dashboard that visualizes your account activity in real-time.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud. With CloudHSM, you can manage your own encryption keys using FIPS 140-2 Level 3 validated HSMs.
Which AWS Support plan is recommended for business and mission-critical workloads in AWS environments?
AWS trusted advisor provides recommendations on which of the following?
Which AWS service or tool simplifies the creation, maintenance, validation, sharing and deployment of Linux or Windows Server templates for use with Amazon EC2 and on premises VMs?
A company is required to store its data close to its primary users.
Which benefit of the AWS Cloud supports this requirement?
A company's security team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). Which AWS service should the company use to verify that the EC2 instances are using approved AMIs?
According to the AWS shared responsibility model what is the sole responsibility of AWS?