AWS Certified Cloud Practitioner CLF-C02 (CLF-C02) — Questions 826900

1024 questions total · 14pages · All types, answers revealed

Page 11

Page 12 of 14

Page 13
826
MCQhard

A company is using Amazon EC2 and wants to understand the difference between Compute Savings Plans and EC2 Instance Savings Plans. Which statement is accurate?

A.Compute Savings Plans provide higher discounts than EC2 Instance Savings Plans
B.EC2 Instance Savings Plans are more flexible and apply across all instance families
C.Compute Savings Plans apply to any EC2 instance, Fargate, and Lambda usage, while EC2 Instance Savings Plans apply to a specific instance family and region
D.Both Savings Plans types require specifying the exact instance size at purchase
AnswerC

Compute Savings Plans offer maximum flexibility (any family, any region, includes Fargate and Lambda) at a slightly lower discount. EC2 Instance Plans offer higher discounts for committing to a specific family and region.

Why this answer

Option C is correct because Compute Savings Plans offer the broadest flexibility, automatically applying to any EC2 instance (regardless of family, size, or region), as well as AWS Fargate and AWS Lambda usage. In contrast, EC2 Instance Savings Plans are restricted to a specific instance family within a chosen region, providing a narrower scope of coverage. This distinction is fundamental to understanding how each plan optimizes costs based on workload flexibility.

Exam trap

The trap here is that candidates often assume Compute Savings Plans always provide higher discounts due to their broader scope, but in reality, the discount is lower because flexibility is traded for a reduced rate, while EC2 Instance Savings Plans offer higher discounts for committing to a more specific usage pattern.

How to eliminate wrong answers

Option A is wrong because Compute Savings Plans generally provide lower discounts (up to 66%) compared to EC2 Instance Savings Plans (up to 72%), as the trade-off for greater flexibility is a reduced discount rate. Option B is wrong because EC2 Instance Savings Plans are less flexible—they apply only to a specific instance family (e.g., m5) within a single region, not across all instance families. Option D is wrong because neither Savings Plans type requires specifying the exact instance size at purchase; both plans cover all sizes within the chosen instance family (for EC2 Instance Savings Plans) or across all instances (for Compute Savings Plans), with the discount applied at the instance family or compute level.

827
MCQmedium

A company runs a large fleet of Amazon EC2 instances across multiple environments (development, test, production). The security team requires a centralized, automated solution to apply operating system security patches on a regular schedule (e.g., every Tuesday at 2 AM). The solution must generate compliance reports showing which instances are patched and which are missing patches. The company wants a managed AWS service that works without requiring SSH or RDP access to the instances and does not require installing any custom agents. Which AWS service should the company use to meet these requirements?

A.AWS Systems Manager Patch Manager
B.AWS Config
C.Amazon Inspector
D.AWS OpsWorks
AnswerA

Correct. AWS Systems Manager Patch Manager automates the process of patching managed nodes with both security-related and other types of updates. It uses the SSM Agent, which is preinstalled on many EC2 AMIs, to run patch scans and installations according to a schedule you define. Compliance reports are available directly in the AWS Systems Manager console.

Why this answer

AWS Systems Manager Patch Manager is a managed service that automates the process of patching managed nodes with both security-related and other types of updates. It can be configured to run on a schedule (e.g., every Tuesday at 2 AM) using a Systems Manager maintenance window, and it generates compliance reports via Systems Manager Inventory and Compliance. Patch Manager works without requiring SSH or RDP access because it uses the AWS Systems Manager Agent (SSM Agent), which is pre-installed on many Amazon EC2 AMIs and can be installed without interactive logon, and it does not require custom agents beyond the SSM Agent itself.

Exam trap

The trap here is that candidates often confuse Amazon Inspector (which detects missing patches) with Patch Manager (which applies them), or assume AWS Config can enforce patching when it only evaluates configuration rules, not execute operational actions.

How to eliminate wrong answers

Option B (AWS Config) is wrong because AWS Config is a service for evaluating and auditing the configuration of AWS resources against desired policies (e.g., checking if an EC2 instance has a specific security group rule), not for applying operating system security patches or generating patch compliance reports. Option C (Amazon Inspector) is wrong because Amazon Inspector is a vulnerability assessment service that scans EC2 instances for software vulnerabilities and network exposure, but it does not apply patches or schedule patch installations; it only detects missing patches and reports them. Option D (AWS OpsWorks) is wrong because AWS OpsWorks is a configuration management service that uses Chef or Puppet to manage server configurations, which can apply patches, but it requires installing a Chef or Puppet agent on each instance and typically relies on SSH or RDP for initial setup, contradicting the requirement for a managed service that works without custom agents or interactive access.

828
MCQmedium

A company is evaluating a migration of its on-premises data center to AWS. The CIO wants a detailed report that compares the total cost of ownership (TCO) of the current on-premises infrastructure versus running the equivalent workloads on AWS. The report should include costs for hardware, software, labor, power, cooling, and facilities. Which AWS tool should the company use to generate this comparison?

A.AWS Pricing Calculator
B.AWS Total Cost of Ownership (TCO) Calculator
C.AWS Cost Explorer
D.AWS Trusted Advisor
AnswerB

The AWS TCO Calculator is the correct tool for comparing the total cost of ownership between on-premises infrastructure and AWS. It takes on-premises configuration details and produces a report including hardware, software, labor, power, cooling, and facilities costs alongside projected AWS costs.

Why this answer

The AWS Total Cost of Ownership (TCO) Calculator is specifically designed to compare the costs of on-premises infrastructure with AWS, including hardware, software, labor, power, cooling, and facilities. It generates a detailed report that breaks down these cost categories, making it the correct tool for the CIO's requirement.

Exam trap

The trap here is that candidates confuse the AWS Pricing Calculator (which only estimates AWS service costs) with the TCO Calculator (which includes on-premises cost inputs), leading them to choose Option A for a TCO comparison.

How to eliminate wrong answers

Option A is wrong because the AWS Pricing Calculator estimates the cost of running specific AWS services but does not compare on-premises costs or include labor, power, cooling, and facilities. Option C is wrong because AWS Cost Explorer analyzes historical AWS spending and forecasts future costs, but it cannot compare on-premises infrastructure costs. Option D is wrong because AWS Trusted Advisor provides best-practice recommendations for cost optimization, security, and performance, but it does not generate TCO comparisons or include on-premises cost inputs.

829
MCQmedium

A company runs workloads for multiple teams in a single AWS account and wants to track and report costs per team in their monthly AWS bill. Which feature allows them to categorise and report AWS costs by team?

A.AWS Budgets
B.AWS Cost Allocation Tags
C.AWS Organisations consolidated billing
D.AWS Cost and Usage Report
AnswerB

Cost Allocation Tags let teams tag resources with metadata (e.g., Team=Engineering). After activating these tags in the billing console, AWS includes them in cost reports so spending can be broken down and attributed to each team.

Why this answer

AWS Cost Allocation Tags allow you to tag AWS resources with team-specific metadata (e.g., 'Team: Engineering') and then activate those tags in the Billing and Cost Management console. Once activated, AWS generates cost reports that group and summarize charges by those tags, enabling per-team cost tracking in the monthly bill. This is the correct feature because it directly categorizes costs at the resource level and reports them in billing data.

Exam trap

The trap here is that candidates often confuse AWS Budgets (which only alerts on cost thresholds) with cost categorization features, or assume the Cost and Usage Report inherently groups costs by team without needing tags.

How to eliminate wrong answers

Option A is wrong because AWS Budgets is a tool for setting cost thresholds and sending alerts when spending exceeds a defined amount; it does not categorize or report costs by team. Option C is wrong because AWS Organizations consolidated billing aggregates costs across multiple accounts into a single bill but does not inherently tag or categorize costs by team within a single account. Option D is wrong because the AWS Cost and Usage Report (CUR) provides detailed raw cost and usage data in CSV/Parquet format, but it does not automatically categorize costs by team unless you have already applied and activated cost allocation tags; the CUR itself is a reporting mechanism, not a tagging or categorization feature.

830
MCQmedium

A company runs a web application on Amazon CloudFront and an Application Load Balancer (ALB). The security team wants to protect the application from common web attacks such as SQL injection and cross-site scripting (XSS). Additionally, the company needs to block requests from specific countries due to compliance requirements. The security team prefers a managed service that provides pre-configured rule sets and integrates directly with CloudFront and ALB without requiring additional infrastructure. Which AWS service should the security team use?

A.AWS Network Firewall
B.AWS Shield Advanced
C.AWS WAF
D.AWS Firewall Manager
AnswerC

AWS WAF is a web application firewall that protects against common web exploits like SQL injection and XSS. It supports pre-configured managed rule sets, custom rules, and geographic (geo) blocking. It integrates directly with Amazon CloudFront and Application Load Balancer, meeting all the requirements.

Why this answer

AWS WAF is a managed web application firewall that protects web applications from common exploits like SQL injection and cross-site scripting (XSS) using pre-configured rule sets (e.g., AWS Managed Rules). It integrates natively with both CloudFront and Application Load Balancers (ALBs) without requiring additional infrastructure, and it supports geo-blocking to restrict requests from specific countries, meeting all stated requirements.

Exam trap

The trap here is that candidates may confuse AWS WAF with AWS Shield Advanced, thinking Shield Advanced provides application-layer attack protection, but Shield Advanced focuses on DDoS mitigation at the network and transport layers, not on inspecting HTTP payloads for SQL injection or XSS.

How to eliminate wrong answers

Option A is wrong because AWS Network Firewall is a managed firewall for VPC network traffic (stateful inspection of north-south and east-west traffic) and does not integrate directly with CloudFront or ALB for application-layer protection against SQL injection or XSS. Option B is wrong because AWS Shield Advanced provides DDoS protection and cost protection against scaling, but it does not include pre-configured rule sets for web application attacks like SQL injection or XSS, nor does it offer geo-blocking capabilities. Option D is wrong because AWS Firewall Manager is a policy management service that centrally configures and enforces firewall rules across accounts (including AWS WAF rules), but it is not itself a web application firewall and does not directly protect against SQL injection or XSS; it relies on AWS WAF for that functionality.

831
MCQmedium

Which AWS service provides DDoS protection for all AWS customers at no additional charge and automatically protects resources at Layers 3 and 4?

A.AWS WAF
B.AWS Shield Advanced
C.AWS Shield Standard
D.Amazon CloudFront with geo-restriction
AnswerC

Shield Standard is included at no charge for all AWS customers and automatically protects against Layer 3/4 DDoS attacks on all AWS resources.

Why this answer

AWS Shield Standard is automatically enabled for all AWS customers at no additional cost and provides always-on detection and inline mitigation of DDoS attacks targeting Layers 3 (network) and 4 (transport) of the OSI model. It protects common AWS resources such as Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 from common infrastructure-layer attacks like SYN floods and UDP reflection attacks.

Exam trap

The trap here is that candidates often confuse AWS Shield Standard (free, automatic Layer 3/4 protection) with AWS Shield Advanced (paid, enhanced protection including Layer 7 and cost coverage), or mistakenly think AWS WAF provides Layer 3/4 DDoS protection when it only operates at Layer 7.

How to eliminate wrong answers

Option A is wrong because AWS WAF is a web application firewall that operates at Layer 7 (application layer) and is not designed for Layer 3/4 DDoS protection; it also incurs additional charges. Option B is wrong because AWS Shield Advanced is a paid service that provides enhanced DDoS protection, including cost protection and 24/7 access to the DDoS Response Team, not a free service for all customers. Option D is wrong because Amazon CloudFront with geo-restriction is a content delivery service that can restrict access by geographic location, but it does not provide DDoS protection at Layers 3 and 4 and is not a free service.

832
MCQeasy

Which Amazon EC2 Auto Scaling feature ensures a minimum number of healthy instances are always running, replacing terminated instances automatically?

A.Auto Scaling scheduled scaling
B.Auto Scaling self-healing / instance replacement
C.EC2 Auto Recovery
D.Predictive scaling
AnswerB

Auto Scaling continuously monitors instance health and automatically replaces any instance that fails EC2 or ELB health checks, maintaining the configured minimum capacity.

Why this answer

Amazon EC2 Auto Scaling's self-healing (instance replacement) feature automatically detects and replaces unhealthy instances to maintain a minimum number of healthy instances. When an instance fails a health check, Auto Scaling terminates it and launches a new one to keep the desired capacity, ensuring high availability without manual intervention.

Exam trap

The trap here is that candidates often confuse EC2 Auto Recovery (which recovers a single instance) with Auto Scaling self-healing (which replaces instances across the group to maintain minimum healthy count).

How to eliminate wrong answers

Option A is wrong because scheduled scaling adjusts capacity based on a time-based schedule, not in response to instance health or termination. Option C is wrong because EC2 Auto Recovery recovers an individual instance by restarting it on new hardware, but it does not replace instances or manage the minimum healthy count across an Auto Scaling group. Option D is wrong because predictive scaling uses machine learning to forecast future traffic and adjust capacity proactively, not to reactively replace terminated instances.

833
MCQeasy

A company stores financial reports in Amazon S3. The security team needs to automatically detect whether any of these reports contain sensitive data, such as personally identifiable information (PII) like credit card numbers or social security numbers. The team wants a fully managed service that continuously scans the S3 buckets and reports findings in a centralized dashboard. Which AWS service should the security team use to meet these requirements?

A.Amazon Inspector
B.Amazon Macie
C.AWS Config
D.AWS Security Hub
AnswerB

Amazon Macie is designed to discover and protect sensitive data in S3. It automatically scans objects using ML and pattern matching to find PII, credentials, and other sensitive content, and provides findings in the Macie dashboard.

Why this answer

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to automatically discover, classify, and protect sensitive data such as PII (e.g., credit card numbers, social security numbers) stored in Amazon S3. It continuously scans S3 buckets and provides a centralized dashboard for findings, meeting the requirement for automated detection and reporting without manual intervention.

Exam trap

AWS often tests the distinction between services that inspect resource configurations (AWS Config) versus those that inspect data content (Macie), and candidates may confuse Security Hub as a scanning service when it is actually an aggregator of findings from other services.

How to eliminate wrong answers

Option A is wrong because Amazon Inspector is an automated vulnerability management service that scans workloads (EC2 instances, container images, and Lambda functions) for software vulnerabilities and unintended network exposure, not for sensitive data content in S3 objects. Option C is wrong because AWS Config is a service that evaluates and records resource configurations and compliance against rules (e.g., checking if S3 buckets are publicly accessible), but it does not inspect the content of objects for PII or sensitive data. Option D is wrong because AWS Security Hub is a centralized security posture management service that aggregates findings from multiple AWS services (like Macie, Inspector, GuardDuty) and third-party tools, but it does not perform the actual scanning of S3 objects for sensitive data itself.

834
MCQmedium

A company stores sensitive customer data in an Amazon S3 bucket. The security team wants to record every GetObject and PutObject API call made against the bucket, including the identity of the caller, the source IP address, and the time of the request. They need to store these records in a separate centralized S3 bucket and analyze them using Amazon Athena for security audits. Which AWS feature should the security team enable?

A.AWS Config managed rules
B.Amazon S3 server access logging
C.AWS CloudTrail data events
D.Amazon GuardDuty
AnswerC

Correct. AWS CloudTrail data events capture object-level API operations on Amazon S3 objects, including GetObject and PutObject. These logs include caller identity, source IP, and request time. They can be delivered to an S3 bucket and queried with Amazon Athena for security audits.

Why this answer

AWS CloudTrail data events (Option C) are the correct choice because they capture detailed information about S3 object-level API operations such as GetObject and PutObject, including the caller identity, source IP address, and request time. These logs can be delivered to a centralized S3 bucket and queried using Amazon Athena for security audits, meeting all stated requirements.

Exam trap

AWS often tests the distinction between S3 server access logs (which log requests but lack caller identity) and CloudTrail data events (which capture full API details including identity), leading candidates to mistakenly choose server access logging for security auditing.

How to eliminate wrong answers

Option A is wrong because AWS Config managed rules evaluate resource configurations for compliance (e.g., checking if S3 bucket is publicly accessible) but do not record individual API calls or provide caller identity, source IP, or timestamps for GetObject/PutObject operations. Option B is wrong because Amazon S3 server access logging provides logs of requests made to a bucket, but it does not include the identity of the caller (IAM user or role) and cannot be directly queried by Athena without additional transformation; it also lacks the granularity of CloudTrail data events for security auditing. Option D is wrong because Amazon GuardDuty is a threat detection service that analyzes VPC flow logs, DNS logs, and CloudTrail management events for malicious activity, but it does not record every GetObject/PutObject API call with caller identity and source IP for audit purposes.

835
MCQmedium

A small company operates a single AWS account and currently uses the Basic Support plan. The company's administrator needs to be able to contact AWS Support by phone for urgent billing and account issues. Additionally, the administrator wants to request service limit increases through the AWS Support console. The company wants to minimize costs while meeting these requirements. Which AWS Support plan should the company choose?

A.AWS Basic Support
B.AWS Developer Support
C.AWS Business Support
D.AWS Enterprise Support
AnswerC

AWS Business Support provides 24/7 phone support for billing and account issues, as well as the ability to open support cases for service limit increases. It is the most cost-effective plan that fully meets the company's requirements.

Why this answer

AWS Business Support is the correct choice because it is the lowest-tier plan that provides phone support for urgent billing and account issues, along with the ability to request service limit increases through the AWS Support console. Basic Support does not offer phone support, and Developer Support only provides email-based support for technical issues, not phone support for billing and account matters. Enterprise Support, while offering these features, is significantly more expensive and not necessary for a small company seeking to minimize costs.

Exam trap

The trap here is that candidates often assume Basic Support includes phone support for billing issues because it is the default plan, or they mistakenly think Developer Support provides phone access, when in fact phone support is only available starting from the Business Support plan.

How to eliminate wrong answers

Option A is wrong because AWS Basic Support does not include phone support or the ability to request service limit increases through the AWS Support console; it only provides access to documentation, whitepapers, and basic account support via email. Option B is wrong because AWS Developer Support offers only email-based support for technical issues and does not include phone support for billing and account issues, nor does it allow service limit increase requests through the console. Option D is wrong because AWS Enterprise Support, while providing phone support and service limit increase capabilities, is designed for large-scale workloads with a dedicated Technical Account Manager (TAM) and a higher cost, which exceeds the company's requirement to minimize costs.

836
MCQmedium

A company is designing a critical web application that must remain available even if an entire data center goes offline due to a power outage. The application will run on Amazon EC2 instances in the us-east-1 Region. Which AWS infrastructure strategy should the company use to meet this high-availability requirement?

A.Launch all EC2 instances in a single Availability Zone to ensure low latency between instances.
B.Deploy the EC2 instances across two or more Availability Zones within the us-east-1 Region.
C.Deploy the EC2 instances in multiple AWS Regions, such as us-east-1 and eu-west-1.
D.Use separate AWS accounts for each EC2 instance to isolate the workload from a data center failure.
AnswerB

This is correct. Availability Zones are physically separate data centers within a Region. Running instances in multiple AZs ensures that the application remains available if one AZ goes offline, because the other AZs continue operating. This is a standard best practice for high availability.

Why this answer

Option B is correct because deploying EC2 instances across two or more Availability Zones (AZs) within a single AWS Region protects against an entire data center failure. Each AZ is physically separated, with independent power, cooling, and networking, so if one AZ goes offline, the application continues running in the other AZs. This design meets the high-availability requirement without the complexity and latency of multi-Region deployment.

Exam trap

The trap here is that candidates often confuse Availability Zones with Regions, thinking that multi-Region deployment is required for high availability, when in fact deploying across multiple AZs within a single Region is sufficient and more cost-effective for surviving a data center failure.

How to eliminate wrong answers

Option A is wrong because launching all EC2 instances in a single Availability Zone creates a single point of failure; if that data center experiences a power outage, the entire application becomes unavailable. Option C is wrong because deploying across multiple Regions (e.g., us-east-1 and eu-west-1) is overkill for this requirement—it introduces cross-Region latency, higher costs, and complexity, while the question only requires surviving a single data center failure within us-east-1. Option D is wrong because separate AWS accounts do not provide any physical infrastructure isolation; they are a billing and security boundary, not a mechanism to survive a data center outage.

837
MCQeasy

A company's sales team uses a cloud-based CRM application. Sales representatives access the CRM from their laptops in the office, from tablets at customer sites, and from their smartphones while traveling, all over the internet. The application works consistently across all devices without requiring any custom client software on each device. Which essential characteristic of cloud computing does this scenario BEST demonstrate?

A.On-demand self-service
B.Resource pooling
C.Broad network access
D.Measured service
AnswerC

This is correct. Broad network access is the ability to access cloud services over the network using standard protocols (e.g., HTTP/HTTPS) from a variety of client devices such as laptops, tablets, and smartphones. The sales team accessing the CRM from different devices via the internet is a textbook example.

Why this answer

The scenario describes sales representatives accessing the CRM application from laptops, tablets, and smartphones over the internet without needing custom client software. This directly illustrates broad network access, which is the cloud computing characteristic that resources are available over the network and can be accessed by standard mechanisms (e.g., HTTPS, REST APIs) from a wide range of heterogeneous client platforms (e.g., mobile phones, tablets, laptops). The consistent experience across devices without custom software is the hallmark of broad network access.

Exam trap

The trap here is that candidates often confuse broad network access with on-demand self-service because both involve user interaction, but broad network access specifically focuses on the variety of client platforms and network-based accessibility, not the ability to self-provision resources.

How to eliminate wrong answers

Option A is wrong because on-demand self-service refers to a user's ability to provision computing resources (e.g., spin up a virtual machine) automatically without requiring human interaction with the service provider, not the ability to access an application from multiple device types. Option B is wrong because resource pooling describes the provider's multi-tenant model where physical and virtual resources are dynamically assigned and reassigned according to consumer demand; it does not relate to client device diversity or network-based access. Option D is wrong because measured service involves the provider's ability to monitor, control, and report resource usage (e.g., metering CPU hours, bandwidth) for billing and optimization, not the capability to access services from various devices over the internet.

838
MCQeasy

Which statement correctly describes how Amazon S3 pricing works?

A.S3 charges a flat monthly fee regardless of storage used
B.S3 charges per GB stored, per request, and for outbound data transfer
C.S3 storage is free; only data transfer is charged
D.S3 charges by the number of files stored, not the size
AnswerB

S3 bills for storage consumed (per GB/month, tiered), requests made (per thousand), and data transferred out of S3 to the internet or other Regions.

Why this answer

Amazon S3 pricing is based on a pay-as-you-go model where you are charged for the amount of storage you use (per GB per month), the number and type of requests (e.g., PUT, GET, LIST), and data transfer out to the internet. This granular billing reflects actual usage, making option B correct.

Exam trap

The trap here is that candidates often assume S3 pricing is purely based on storage volume, forgetting that request costs and data transfer out are significant components, especially for high-traffic or frequently accessed data.

How to eliminate wrong answers

Option A is wrong because S3 does not charge a flat monthly fee; it uses a consumption-based model where costs vary with storage volume, requests, and data transfer. Option C is wrong because S3 storage is not free; you pay for the data stored, and while data transfer out is charged, inbound transfer is typically free, but storage itself incurs costs. Option D is wrong because S3 charges based on the total size of data stored (per GB), not the number of files; the number of objects only affects request costs, not storage costs.

839
MCQmedium

A company has 50 TB of historical data stored on on-premises network-attached storage (NAS). The company wants to transfer this data to Amazon S3. The internet connection provides only 10 Mbps upload speed, and the company wants to complete the transfer within 2 weeks. The data is not sensitive and does not require encryption during transfer. Which AWS service should the company use to meet these requirements?

A.AWS Snowball Edge
B.AWS DataSync
C.AWS Storage Gateway (File Gateway)
D.AWS Direct Connect
AnswerA

Correct. AWS Snowball Edge is a physical device that can be ordered, loaded with data on-premises, and shipped to AWS for ingestion into S3. This bypasses network limitations and meets the 2-week timeline.

Why this answer

AWS Snowball Edge is the correct choice because it is a physical data transport solution designed for large-scale data transfers over slow or unreliable networks. With 50 TB of data and only 10 Mbps upload speed, transferring over the internet would take approximately 50 TB * 8 bits/byte / (10 Mbps) ≈ 11,574 hours (482 days), far exceeding the 2-week window. Snowball Edge allows the company to physically ship the data to AWS, bypassing network constraints entirely.

Exam trap

The trap here is that candidates often choose AWS DataSync or Storage Gateway because they are familiar with online transfer tools, but they fail to calculate the actual transfer time given the bandwidth constraint, overlooking that physical shipping is the only viable option for such large data volumes over slow links.

How to eliminate wrong answers

Option B (AWS DataSync) is wrong because DataSync is an online data transfer service that relies on network bandwidth; at 10 Mbps, it would take far longer than 2 weeks to transfer 50 TB, making it unsuitable for this time constraint. Option C (AWS Storage Gateway, File Gateway) is wrong because File Gateway provides low-latency access to S3 from on-premises via caching, but it still requires the initial data transfer over the network, which would be bottlenecked by the 10 Mbps connection and cannot meet the 2-week deadline. Option D (AWS Direct Connect) is wrong because Direct Connect establishes a dedicated network connection from on-premises to AWS, but it still requires internet-level bandwidth (typically 50 Mbps to 10 Gbps) and provisioning time; even at the lowest 50 Mbps tier, the transfer would take ~96 days, and the setup latency (weeks to months) makes it impractical for a 2-week window.

840
MCQmedium

A company operates a seasonal e-commerce website. During holiday sales, traffic can increase by 500% within minutes. The company uses AWS Auto Scaling to automatically add Amazon EC2 instances when CPU utilization exceeds a threshold and remove instances during off-peak hours. The company pays only for the compute capacity it actually consumes, with no upfront commitment. This scenario best demonstrates which essential characteristics of cloud computing?

A.Rapid elasticity and measured service
B.On-demand self-service and broad network access
C.Resource pooling and high availability
D.Fault tolerance and disaster recovery
AnswerA

Correct. Rapid elasticity allows automatic scaling of resources in response to demand changes, as shown by adding and removing instances. Measured service means the provider meters usage and charges only for consumed resources – the company pays only for actual compute capacity.

Why this answer

The scenario demonstrates rapid elasticity because the Auto Scaling group can instantly add hundreds of EC2 instances to handle a 500% traffic surge, and then remove them when demand drops. It also demonstrates measured service because the company pays only for the compute capacity actually consumed, with no upfront commitment, which is metered and billed based on usage.

Exam trap

The trap here is that candidates confuse 'rapid elasticity' with 'high availability' or 'fault tolerance,' because both involve adding resources, but elasticity specifically refers to scaling up/down based on demand, not maintaining uptime during failures.

How to eliminate wrong answers

Option B is wrong because on-demand self-service refers to users provisioning resources without human interaction (e.g., via AWS Management Console or API), and broad network access refers to resources accessible over the network via standard protocols (e.g., HTTPS, SSH); neither is the primary focus of the auto-scaling and pay-per-use behavior described. Option C is wrong because resource pooling refers to multi-tenant sharing of physical infrastructure across customers, and high availability refers to systems remaining operational despite failures; the scenario does not mention multi-tenancy or fault-tolerant architecture. Option D is wrong because fault tolerance and disaster recovery involve designing systems to withstand component failures or catastrophic events (e.g., multi-AZ deployments, backups); the scenario only describes scaling based on demand and pay-per-use, not resilience or recovery.

841
MCQmedium

A company manages multiple AWS accounts through AWS Organizations. The finance team wants to receive a consolidated view of costs across all accounts and track costs against a monthly budget of $50,000 for the entire organization. They want to be alerted when actual costs reach 90% of the budget and again when they exceed 100%. Which combination of AWS services should the finance team use?

A.AWS Cost Explorer to create a budget alert and AWS Budgets to view consolidated costs.
B.AWS Budgets to create a budget and configure alerts, and AWS Cost Explorer to view consolidated cost data.
C.AWS Trusted Advisor to set a cost optimization budget and AWS Cost Explorer to send alerts.
D.AWS Cost and Usage Report to generate a daily report and Amazon Simple Email Service (Amazon SES) to send email alerts.
AnswerB

Correct. AWS Budgets allows you to set a monthly budget and configure alerts at specified threshold percentages (e.g., 90% and 100%). AWS Cost Explorer provides a consolidated view of costs across multiple accounts in an organization, enabling the finance team to track spending against the budget.

Why this answer

AWS Budgets is the correct service for setting a monthly budget of $50,000 and configuring alerts at 90% and 100% thresholds. AWS Cost Explorer provides the consolidated view of costs across all accounts in AWS Organizations. Together, they meet both requirements: Budgets handles the alerting, and Cost Explorer provides the consolidated cost visualization.

Exam trap

The trap here is confusing the roles of AWS Cost Explorer (analysis/visualization) and AWS Budgets (budget creation/alerting), leading candidates to reverse their responsibilities or choose Trusted Advisor, which is for optimization recommendations, not budget management.

How to eliminate wrong answers

Option A is wrong because it reverses the roles: AWS Cost Explorer is a visualization and analysis tool, not a budget alert creation tool; AWS Budgets is used to create budgets and alerts, not to view consolidated costs. Option C is wrong because AWS Trusted Advisor provides cost optimization recommendations and checks, not budget creation or alerting capabilities. Option D is wrong because while AWS Cost and Usage Report (CUR) can generate detailed cost data, it does not natively support budget alerts; Amazon SES is an email service but requires custom integration, and the combination lacks the budget threshold alerting that AWS Budgets provides natively.

842
MCQmedium

A company stores customer health records in an application database and needs a HIPAA-eligible AWS service for the database tier. Which relational database option on AWS is eligible for HIPAA workloads?

A.Amazon RDS requires no special configuration for HIPAA compliance
B.Amazon RDS with a signed Business Associate Agreement (BAA) with AWS
C.Amazon Redshift only, because RDS does not support HIPAA workloads
D.Only self-managed databases on EC2 can be used for HIPAA workloads on AWS
AnswerB

RDS is a HIPAA-eligible service. Customers handling PHI must sign a BAA with AWS and ensure appropriate encryption, access controls, and audit logging are configured.

Why this answer

Amazon RDS can be used for HIPAA workloads when the customer has signed a Business Associate Agreement (BAA) with AWS and configures the RDS instance with encryption at rest (using AWS KMS) and encryption in transit (using TLS). The BAA is a contractual requirement under HIPAA that makes AWS a business associate, allowing covered entities to store protected health information (PHI) in RDS. Without a signed BAA, no AWS service is automatically HIPAA-eligible, even if technical security controls are in place.

Exam trap

The trap here is that candidates assume RDS is automatically HIPAA-compliant (Option A) or that only self-managed EC2 databases qualify (Option D), when in fact the critical missing piece is the signed Business Associate Agreement (BAA) with AWS, which is a contractual prerequisite for any HIPAA-eligible service.

How to eliminate wrong answers

Option A is wrong because Amazon RDS does require special configuration for HIPAA compliance, including enabling encryption, logging, and access controls, and most critically, the customer must sign a BAA with AWS; it is not automatically compliant. Option C is wrong because Amazon Redshift is also a HIPAA-eligible service when a BAA is in place, but it is not the only option; RDS fully supports HIPAA workloads with proper configuration. Option D is wrong because self-managed databases on EC2 are not the only option; AWS offers multiple managed services (RDS, Redshift, DynamoDB, etc.) that are HIPAA-eligible when a BAA is signed, and EC2-based databases also require a BAA and proper configuration.

843
MCQmedium

A company uses AWS to host its web application. The company's IT manager learns that multiple AWS customers may have virtual machines running on the same physical server within an AWS data center. However, the manager is confident that each customer's data is securely isolated from others and that customers have no visibility into or control over the underlying physical infrastructure. Which essential characteristic of cloud computing does this scenario best demonstrate?

A.Rapid elasticity
B.Resource pooling
C.On-demand self-service
D.Measured service
AnswerB

Resource pooling is the cloud characteristic where the provider's computing resources are pooled to serve multiple consumers using a multi-tenant model, with physical and virtual resources dynamically assigned and reassigned. The customer generally has no control or knowledge over the exact location of the resources. This matches the scenario exactly.

Why this answer

Resource pooling is the correct answer because it describes the cloud characteristic where the provider's computing resources (such as physical servers) are pooled to serve multiple customers using a multi-tenant model. AWS uses hypervisor-based isolation (e.g., Xen or Nitro) to ensure that each customer's virtual machine has no visibility into or control over the underlying physical hardware or other tenants' workloads, while still sharing the same physical server. This directly matches the scenario's description of multiple customers running VMs on the same physical host with secure isolation.

Exam trap

The trap here is that candidates often confuse resource pooling with multi-tenancy or security isolation, but the exam specifically tests the definition of resource pooling as the provider's ability to serve multiple customers from the same physical infrastructure while maintaining logical separation.

How to eliminate wrong answers

Option A is wrong because rapid elasticity refers to the ability to quickly scale resources up or down based on demand, not to the sharing of physical infrastructure among multiple customers. Option C is wrong because on-demand self-service describes a user's ability to provision computing capabilities without requiring human interaction with the service provider, not the multi-tenant isolation of physical resources. Option D is wrong because measured service involves the metering and billing of cloud resource usage (e.g., pay-per-use), not the pooling and isolation of physical hardware across tenants.

844
MCQmedium

A startup is considering moving its infrastructure to AWS. The CTO explains that AWS can offer lower pay-as-you-go prices than what the startup would pay for equivalent on-premises hardware because AWS aggregates usage from millions of customers. Which benefit of the AWS Cloud does this scenario describe?

A.Elasticity
B.High availability
C.Economies of scale
D.Global reach
AnswerC

Economies of scale occur when the per-unit cost of delivering a service decreases as the total volume of service delivery increases. AWS's massive customer base allows it to achieve lower infrastructure costs and pass those savings to customers through lower pay-as-you-go prices.

Why this answer

The scenario describes economies of scale, a core AWS Cloud benefit where AWS aggregates compute and storage usage from millions of customers, allowing it to purchase hardware in bulk at significantly lower per-unit costs. These savings are passed on to customers as lower pay-as-you-go prices compared to what a startup would pay for equivalent on-premises hardware. This is a fundamental economic advantage of cloud computing, distinct from operational benefits like elasticity or high availability.

Exam trap

The trap here is that candidates often confuse economies of scale with elasticity, thinking that lower prices come from scaling resources dynamically, when in fact economies of scale is a separate economic benefit driven by AWS's massive customer base and bulk purchasing power.

How to eliminate wrong answers

Option A is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand, not the cost advantage from aggregated purchasing. Option B is wrong because high availability ensures applications remain accessible during failures through redundancy across Availability Zones, which is a design principle, not a pricing benefit from customer aggregation. Option D is wrong because global reach describes the ability to deploy resources in multiple geographic regions worldwide, not the cost savings from AWS's bulk hardware procurement.

845
MCQmedium

A development team is building a mobile application and needs to add user registration, sign-in, and authentication (including social login via Google and Facebook) without building and managing their own authentication backend. Which AWS service provides managed user authentication for applications?

A.AWS IAM
B.AWS Directory Service
C.Amazon Cognito
D.AWS SSO
AnswerC

Cognito User Pools provide a managed authentication service for applications. They support user registration, sign-in, MFA, and federated authentication via social providers (Google, Facebook) without requiring a custom authentication backend.

Why this answer

Amazon Cognito is the correct choice because it provides a fully managed user identity and authentication service specifically designed for mobile and web applications. It supports user registration, sign-in, and social login via identity providers like Google and Facebook through its user pools and identity pools features, eliminating the need to build and manage a custom authentication backend.

Exam trap

The trap here is that candidates often confuse AWS IAM with user authentication for applications, but IAM is strictly for AWS resource access control, not for end-user identity management in custom apps.

How to eliminate wrong answers

Option A is wrong because AWS IAM is used for managing permissions and access control for AWS resources and services, not for authenticating end-users of an application with social login or user registration. Option B is wrong because AWS Directory Service is designed to set up and run Microsoft Active Directory in the AWS cloud, which is intended for enterprise identity management and not for mobile app user authentication with social providers. Option D is wrong because AWS SSO (now AWS IAM Identity Center) is a service for centrally managing single sign-on access to multiple AWS accounts and business applications, not for building user registration and social login into a custom mobile application.

846
MCQeasy

A new AWS customer wants to explore AWS services for the first time. They launch a t2.micro EC2 instance and use up to 5 GB of Amazon S3 storage. They want to understand if these will incur charges. Which AWS programme provides limited free usage of many services for new accounts during the first 12 months?

A.AWS Enterprise Support
B.AWS Free Tier
C.AWS Credits Programme
D.Reserved Instance discount
AnswerB

The AWS Free Tier provides 12 months of limited free service usage for new accounts. It includes 750 hours/month of t2.micro or t3.micro EC2 and 5 GB of S3 Standard storage, among many other services.

Why this answer

The AWS Free Tier is designed specifically for new AWS customers, offering limited free usage of select services—including t2.micro EC2 instances and 5 GB of Amazon S3 storage—for the first 12 months after account creation. This program allows users to explore AWS services without incurring charges, as long as they stay within the defined usage limits. The scenario matches the Free Tier's eligibility criteria exactly, making option B correct.

Exam trap

The trap here is that candidates may confuse the AWS Free Tier with promotional credits or support plans, mistakenly thinking that any new account automatically receives free usage through credits or that support plans include free service usage, rather than recognizing the Free Tier as the specific program with defined limits and duration.

How to eliminate wrong answers

Option A is wrong because AWS Enterprise Support is a paid support plan that provides technical assistance and architectural guidance, not free usage of services; it does not include any free tier benefits. Option C is wrong because the AWS Credits Programme provides promotional credits that can be applied to service costs, but it is not a standard program for all new accounts and does not guarantee free usage for 12 months. Option D is wrong because Reserved Instance discounts apply to customers who commit to a specific instance configuration for a 1- or 3-year term, reducing costs but not providing free usage; they are not a program for new accounts to explore services without charges.

847
MCQmedium

A company runs a retail website on AWS. During a promotional event, the website's traffic spikes from 1,000 concurrent users to 100,000 concurrent users in under 5 minutes. The AWS infrastructure automatically provisions additional Amazon EC2 instances to handle the increased load and terminates them when the event ends. Which essential characteristic of cloud computing does this scenario best demonstrate?

A.On-demand self-service
B.Broad network access
C.Rapid elasticity
D.Resource pooling
AnswerC

Rapid elasticity is the ability to quickly and automatically scale resources up and down in response to fluctuating demand. The automatic addition and removal of EC2 instances during a traffic spike perfectly illustrates this characteristic, as the system adapts to the workload in near real-time.

Why this answer

The scenario describes the automatic scaling of EC2 instances from 1,000 to 100,000 concurrent users in under 5 minutes, and then terminating them when the event ends. This directly demonstrates rapid elasticity, which is the ability to provision and release cloud resources quickly and automatically in response to demand, a core characteristic defined by the NIST SP 800-145 standard.

Exam trap

The trap here is that candidates confuse 'rapid elasticity' with 'on-demand self-service' because both involve provisioning resources without manual intervention, but on-demand self-service is about the user's ability to provision resources on their own, while rapid elasticity is about the system automatically scaling resources up and down to meet demand.

How to eliminate wrong answers

Option A is wrong because on-demand self-service refers to a user provisioning compute resources without requiring human interaction with the service provider, not the automatic scaling of resources based on load. Option B is wrong because broad network access describes capabilities being available over the network and accessed through standard mechanisms (e.g., HTTPS, SSH), not the dynamic scaling of capacity. Option D is wrong because resource pooling refers to the provider's multi-tenant model where physical and virtual resources are dynamically assigned and reassigned according to consumer demand, but it does not specifically address the rapid scaling up and down of resources in response to traffic spikes.

848
MCQmedium

A gaming company is preparing to launch a new online multiplayer game. The company expects the player traffic to be extremely high on the first few days after launch, but then stabilize at a much lower level. The IT team wants to provision sufficient server capacity to handle the launch spike without over-provisioning and wasting money during the quieter periods. Which benefit of cloud computing most directly addresses this requirement?

A.Trade capital expense for variable expense
B.Stop guessing capacity
C.Increase speed and agility
D.Benefit from massive economies of scale
AnswerB

This benefit exactly matches the scenario. Cloud computing eliminates the need to predict peak capacity requirements. You can provision just enough for current needs and automatically scale based on actual demand, preventing both under-provisioning and over-provisioning.

Why this answer

The requirement is to provision enough capacity for a launch spike without over-provisioning for lower steady-state traffic. AWS Auto Scaling with Elastic Load Balancing directly addresses this by automatically adjusting the number of EC2 instances based on real-time demand, eliminating the need to guess peak capacity. This is the core benefit of 'Stop guessing capacity' — cloud elasticity allows you to match resources to actual usage, not predictions.

Exam trap

The trap here is that candidates confuse 'Stop guessing capacity' with 'Trade capital expense for variable expense' because both involve cost optimization, but the question specifically targets the ability to handle unpredictable demand without manual capacity planning.

How to eliminate wrong answers

Option A is wrong because 'Trade capital expense for variable expense' describes the shift from upfront hardware purchases to pay-as-you-go pricing, but it does not address the specific need to handle unpredictable traffic spikes without over-provisioning. Option C is wrong because 'Increase speed and agility' refers to rapid provisioning of resources (e.g., launching instances in minutes), but it does not inherently solve the capacity planning problem of matching resources to fluctuating demand. Option D is wrong because 'Benefit from massive economies of scale' explains lower per-unit costs due to AWS’s large infrastructure, but it does not provide the dynamic scaling mechanism required to handle a launch spike and then reduce capacity.

849
MCQmedium

A company runs a production web application on Amazon EC2 and Amazon RDS instances. The company's IT team needs technical support from AWS engineers with a guaranteed response time of less than one hour for issues where production systems are impaired. Additionally, the team wants to receive cost optimization recommendations through AWS Trusted Advisor. Which AWS Support plan should the company choose?

A.AWS Basic Support
B.AWS Developer Support
C.AWS Business Support
D.AWS Enterprise Support
AnswerC

AWS Business Support offers a response time of less than one hour for production system impaired cases and includes full access to AWS Trusted Advisor best practice checks, including cost optimization recommendations. This meets all stated requirements.

Why this answer

AWS Business Support provides a response time of less than one hour for production system impaired cases (severity level 'high') and includes full access to AWS Trusted Advisor, which offers cost optimization recommendations. This plan meets both the guaranteed response time and the cost optimization requirements specified in the question.

Exam trap

The trap here is that candidates may confuse the response time tiers between Developer (12 hours for impaired systems) and Business (1 hour for impaired systems), or assume that Enterprise Support is required for any production workload, when Business Support fully satisfies the given requirements at a lower cost.

How to eliminate wrong answers

Option A is wrong because AWS Basic Support does not include any technical support from AWS engineers or guaranteed response times, and it only provides limited Trusted Advisor checks (6 core checks) without cost optimization recommendations. Option B is wrong because AWS Developer Support has a maximum response time of 12 hours for impaired production systems (severity 'high'), which does not meet the sub-one-hour requirement, and it also lacks full Trusted Advisor cost optimization checks. Option D is wrong because AWS Enterprise Support offers a 15-minute response time for business-critical systems and includes a Technical Account Manager (TAM), but it is overkill for the stated requirements and incurs significantly higher costs than necessary; the question asks for the plan that should be chosen, and Business Support is the most cost-effective plan that meets all stated needs.

850
MCQmedium

A company runs a production web application that uses Amazon EC2 instances, AWS Lambda functions, and Amazon ECS tasks. The application runs 24/7 and the company expects steady usage for the next three years. The company wants to commit to a flexible pricing model that provides significant discounts compared to On-Demand and automatically applies to usage across all three compute services. The company also wants the flexibility to change instance families, regions, or even migrate between compute services (e.g., from EC2 to Lambda) without needing to modify the commitment. Which AWS pricing model should the company choose?

A.Amazon EC2 Reserved Instances (Standard)
B.Amazon EC2 Reserved Instances (Convertible)
C.Compute Savings Plans
D.AWS Savings Plans (EC2 Instance Savings Plans)
AnswerC

Compute Savings Plans automatically apply to EC2, AWS Lambda, and AWS Fargate usage. They offer significant discounts and allow flexibility across instance families, sizes, regions, and compute services without any modification to the commitment.

Why this answer

Compute Savings Plans offer the required flexibility: they automatically apply to EC2 instances, Lambda functions, and ECS Fargate usage, provide significant discounts (up to 66%) compared to On-Demand, and allow changes to instance families, regions, or compute services without modifying the commitment. This model is ideal for steady 24/7 workloads over a three-year term, as it combines broad compute coverage with automatic discount application.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans with EC2 Instance Savings Plans, mistakenly thinking the latter also covers Lambda and ECS, but EC2 Instance Savings Plans are restricted to a specific instance family and region, and only apply to EC2 usage.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Reserved Instances (Standard) lock you into a specific instance family and region, and they do not cover Lambda or ECS usage, failing the requirement for cross-service flexibility. Option B is wrong because Amazon EC2 Reserved Instances (Convertible) allow changes to instance families but still require a specific instance type and region, and they do not apply to Lambda or ECS, missing the multi-service coverage. Option D is wrong because AWS Savings Plans (EC2 Instance Savings Plans) only apply to EC2 instance usage within a specific instance family in a given region, and they do not cover Lambda or ECS, thus failing the requirement for automatic application across all three compute services.

851
MCQmedium

A company wants to allow their on-premises employees to access S3 objects using Windows file system operations (drive mapping) without migrating their workflows. Which AWS service provides this capability?

A.Amazon S3 with AWS Direct Connect
B.AWS Storage Gateway File Gateway (SMB)
C.Amazon FSx for Windows File Server
D.Amazon EFS with SMB protocol
AnswerB

Storage Gateway File Gateway presents S3 as an SMB file share that Windows clients can map as a network drive — transparently storing files in S3 while providing native Windows file system access.

Why this answer

AWS Storage Gateway File Gateway with SMB (Server Message Block) support allows on-premises employees to mount S3 buckets as Windows file shares using standard drive mapping. This enables access to S3 objects via Windows file system operations without migrating existing workflows, as the gateway caches frequently accessed data locally while storing the primary data in S3.

Exam trap

The trap here is that candidates confuse FSx for Windows File Server (a native Windows file system) with Storage Gateway File Gateway (which bridges S3 to SMB), or assume Direct Connect alone can expose S3 as a file system, but neither provides the SMB-to-S3 translation required for drive mapping.

How to eliminate wrong answers

Option A is wrong because Amazon S3 with AWS Direct Connect provides a dedicated network connection but does not expose S3 as a Windows file system; S3 natively uses REST API calls, not SMB or NFS protocols, so drive mapping is not possible. Option C is wrong because Amazon FSx for Windows File Server provides a fully managed Windows file server using SMB, but it does not directly back onto S3 objects; it uses its own file system storage, not S3 as the primary data store. Option D is wrong because Amazon EFS with SMB protocol is not supported; EFS uses NFSv4 protocol for Linux instances and does not support SMB, making it incompatible with Windows drive mapping.

852
MCQmedium

A company runs a monolithic web application on Amazon EC2 that processes user-uploaded files synchronously. During peak hours, the application experiences slow response times because the file processing blocks the web server. The company wants to decouple the upload process from the file processing to improve responsiveness and allow each component to scale independently. The file processing backend must poll for new work and handle failures gracefully by retrying failed messages. Which AWS service should the company use to implement this decoupling?

A.Amazon Simple Notification Service (SNS)
B.Amazon Simple Queue Service (SQS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerB

Amazon SQS is a fully managed message queue that enables asynchronous communication between application components. The frontend sends a message to the SQS queue, and the processing backend polls the queue for messages. SQS supports at-least-once delivery and can be configured to retain failed messages for retries, meeting the requirements perfectly.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it provides a fully managed message queue that decouples the upload process from the file processing backend. The web server can immediately return a response after placing a message in the SQS queue, while the backend workers poll the queue for new work. SQS also supports dead-letter queues and configurable redrive policies to handle failures gracefully by retrying failed messages.

Exam trap

The trap here is that candidates often confuse SNS with SQS because both are messaging services, but SNS is a push-based pub/sub model that cannot provide the polling and retry behavior required for decoupling a synchronous processing bottleneck.

How to eliminate wrong answers

Option A is wrong because Amazon SNS is a pub/sub messaging service that pushes messages to subscribers; it does not support polling or built-in retry logic for failed message processing, and it cannot decouple a synchronous request-response flow like a queue does. Option C is wrong because Amazon Kinesis Data Streams is designed for real-time streaming of large volumes of data, not for decoupling a simple work queue with polling and retry semantics; it also requires a consumer to manage checkpointing and does not natively support message-level retries. Option D is wrong because Amazon MQ is a managed message broker for ActiveMQ or RabbitMQ, which is more complex and overkill for this use case; it is typically used when migrating existing applications that rely on standard messaging protocols, not for a simple decoupling pattern that SQS handles more cost-effectively and with less operational overhead.

853
MCQmedium

Which AWS service provides a fully managed extract, transform, and load (ETL) service that automatically discovers data schemas and generates ETL code?

A.Amazon EMR
B.Amazon Kinesis Data Firehose
C.AWS Glue
D.AWS Data Pipeline
AnswerC

Glue provides serverless ETL with automatic schema discovery via Crawlers, a centralized Data Catalog, and auto-generated Spark ETL code through Glue Studio.

Why this answer

AWS Glue is a fully managed ETL service that automatically discovers data schemas using its crawler component and generates ETL code via its code generation engine. It integrates with the AWS Glue Data Catalog to store metadata and provides a serverless Spark environment to run ETL jobs without manual infrastructure management.

Exam trap

The trap here is that candidates confuse AWS Glue's automatic schema discovery and code generation with Amazon EMR's manual big data processing, or they mistake Kinesis Data Firehose's streaming ingestion for ETL capabilities, leading them to overlook Glue's unique serverless ETL features.

How to eliminate wrong answers

Option A is wrong because Amazon EMR is a managed cluster platform for big data frameworks like Apache Spark and Hadoop, but it does not automatically discover schemas or generate ETL code; it requires manual configuration and code writing. Option B is wrong because Amazon Kinesis Data Firehose is a streaming data ingestion service that loads data into destinations like S3 or Redshift, but it does not perform ETL transformations or schema discovery; it only supports simple data format conversions. Option D is wrong because AWS Data Pipeline is a workflow orchestration service for moving and processing data between AWS services and on-premises sources, but it does not automatically discover schemas or generate ETL code; it requires users to define activities and preconditions manually.

854
MCQmedium

A company operates 10 AWS accounts under AWS Organizations. Each account runs multiple projects, and the company tags all resources with a 'Project' tag (e.g., 'Project-A', 'Project-B'). The finance team wants to view the consolidated monthly bill broken down by the value of the 'Project' tag across all accounts. Which AWS feature should the team use to achieve this?

A.Create an AWS Budget for each 'Project' tag value and set cost alerts to track spending per project.
B.Activate the 'Project' tag as a cost allocation tag in the AWS Organizations payer account's Billing and Cost Management console.
C.Use AWS Trusted Advisor to generate a cost optimization report that shows which projects are over-spending based on the 'Project' tag.
D.Configure AWS Compute Optimizer to analyze costs per project and recommend resource downsizing based on the 'Project' tag.
AnswerB

This is the correct approach. In the Billing and Cost Management console, you can activate user-defined cost allocation tags. Once activated, AWS includes the tag in your cost and usage reports, allowing you to view costs grouped by the 'Project' tag value in AWS Cost Explorer and the Cost and Usage Report.

Why this answer

Option B is correct because cost allocation tags in the AWS Organizations payer account's Billing and Cost Management console allow you to activate user-defined tags (like 'Project') so that AWS can break down the consolidated monthly bill by those tag values across all linked accounts. Once activated, the cost data is available in Cost Explorer and the Cost & Usage Report, enabling the finance team to view spending per project without manual aggregation.

Exam trap

The trap here is that candidates confuse AWS Budgets (which only set alerts) with cost allocation tags (which enable actual cost breakdowns by tag), or they mistakenly think Trusted Advisor or Compute Optimizer can generate custom billing reports.

How to eliminate wrong answers

Option A is wrong because AWS Budgets provide cost alerts and notifications based on budget thresholds, but they do not generate a consolidated monthly bill broken down by tag values; they are for proactive monitoring, not retrospective reporting. Option C is wrong because AWS Trusted Advisor offers cost optimization recommendations (e.g., idle resources, reserved instance usage) but does not produce a bill breakdown by custom tags like 'Project'. Option D is wrong because AWS Compute Optimizer analyzes resource utilization to recommend right-sizing for EC2, Auto Scaling, and Lambda, but it does not provide cost breakdowns by tag or generate billing reports.

855
Drag & Dropmedium

Drag and drop the steps to set up an S3 bucket with versioning and public access blocked in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Bucket creation comes first, then enabling versioning, blocking public access, uploading objects, and optionally setting lifecycle rules.

856
MCQmedium

A company wants to improve the performance of their global application by caching API responses closer to end users. Which AWS service provides an API proxy with built-in caching and CloudFront integration?

A.Amazon CloudFront alone
B.Elastic Load Balancing
C.Amazon API Gateway
D.AWS AppSync
AnswerC

API Gateway is a fully managed API service with built-in caching, throttling, authentication, and native CloudFront integration for global edge distribution.

Why this answer

Amazon API Gateway is correct because it provides a fully managed API proxy that can cache responses at the API endpoint level, reducing latency and backend load. It also natively integrates with Amazon CloudFront, allowing cached API responses to be distributed globally via CloudFront's edge locations for even lower latency.

Exam trap

The trap here is that candidates may assume CloudFront alone provides API proxy capabilities, but CloudFront is a CDN and lacks the API management features (e.g., request validation, throttling, caching at the API level) that API Gateway offers.

How to eliminate wrong answers

Option A is wrong because Amazon CloudFront alone is a content delivery network (CDN) that caches static and dynamic content at edge locations, but it does not provide API proxy functionality such as request/response transformation, throttling, or built-in API caching without an origin like API Gateway. Option B is wrong because Elastic Load Balancing distributes incoming traffic across targets (e.g., EC2 instances) but does not offer API-level caching or CloudFront integration as a proxy. Option D is wrong because AWS AppSync is a managed GraphQL service that provides real-time data synchronization and offline capabilities, but it does not serve as a RESTful API proxy with built-in caching and CloudFront integration.

857
MCQmedium

A company is building a web application that requires a fully managed NoSQL database with single-digit millisecond latency at any scale. The application will experience unpredictable traffic spikes, and the database must automatically scale throughput capacity up and down without manual intervention. The developers want to focus on application code rather than database management tasks. Which AWS database service should the company choose?

A.Amazon RDS for MySQL
B.Amazon DynamoDB
C.Amazon Redshift
D.Amazon ElastiCache
AnswerB

Correct. Amazon DynamoDB is a fully managed NoSQL database that offers single-digit millisecond latency at any scale. It supports on-demand capacity mode and auto scaling to automatically handle unpredictable traffic spikes without manual intervention. It is serverless, so developers do not manage servers or clusters.

Why this answer

Amazon DynamoDB is a fully managed NoSQL key-value and document database that delivers single-digit millisecond latency at any scale. It supports automatic scaling of read/write throughput capacity via Auto Scaling policies, eliminating the need for manual intervention. This makes it ideal for web applications with unpredictable traffic spikes, as it offloads all database management tasks to AWS.

Exam trap

The trap here is that candidates may confuse Amazon ElastiCache (a caching layer) with a fully managed NoSQL database, overlooking that ElastiCache is not a persistent database and lacks automatic throughput scaling for unpredictable write-heavy workloads.

How to eliminate wrong answers

Option A is wrong because Amazon RDS for MySQL is a relational database, not NoSQL, and requires manual scaling of instance size or read replicas to handle traffic spikes, which does not meet the automatic throughput scaling requirement. Option C is wrong because Amazon Redshift is a petabyte-scale data warehouse optimized for analytical queries, not a low-latency NoSQL database for transactional web applications. Option D is wrong because Amazon ElastiCache is an in-memory caching service (supporting Redis or Memcached) that is not a fully managed NoSQL database; it is typically used to accelerate existing databases, not as a primary persistent data store with automatic throughput scaling.

858
MCQmedium

A company is considering Reserved Instances to reduce costs. Which type of Reserved Instance provides the flexibility to change the instance family, OS, and tenancy, and can be used across any Region?

A.Standard Reserved Instances
B.Convertible Reserved Instances
C.Scheduled Reserved Instances
D.Compute Savings Plans
AnswerB

Convertible RIs allow exchanging for different instance families, OS types, and tenancies during the term, providing flexibility at a slightly lower discount than Standard RIs.

Why this answer

Convertible Reserved Instances (RIs) allow you to change the instance family, OS, and tenancy during the term, and they can be exchanged across AWS Regions. This flexibility makes them ideal for evolving workloads, though they offer a lower discount (typically 10-20% less) compared to Standard RIs. The question specifically asks for the ability to change instance family, OS, tenancy, and use across any Region, which is a direct match to Convertible RIs.

Exam trap

The trap here is that candidates often confuse Compute Savings Plans (which offer flexibility in instance family, OS, and tenancy but are Region-locked) with Convertible RIs (which additionally allow Region changes), leading them to select Compute Savings Plans when the question explicitly requires cross-Region flexibility.

How to eliminate wrong answers

Option A is wrong because Standard Reserved Instances do not allow changes to instance family, OS, or tenancy; they are locked to the specific attributes purchased and cannot be exchanged across Regions. Option C is wrong because Scheduled Reserved Instances are designed for predictable recurring schedules (e.g., daily or weekly) and do not provide flexibility to change instance family, OS, tenancy, or Region; they are a legacy offering that is not commonly used. Option D is wrong because Compute Savings Plans provide flexibility across instance family, OS, and tenancy, but they are Region-specific and cannot be used across any Region; they apply to compute usage within a single Region.

859
MCQmedium

A company wants to build a serverless application that processes images uploaded to an Amazon S3 bucket. When a user uploads a new image, the application must automatically resize the image to multiple dimensions and store the resized versions in the same bucket under a different prefix. The company wants to minimize operational overhead and pay only for the compute time used. Which AWS service should be used to run the image processing code?

A.Amazon EC2 Auto Scaling group
B.AWS Lambda
C.Amazon ECS with Fargate
D.AWS Batch
AnswerB

AWS Lambda is a serverless compute service that can be triggered directly by Amazon S3 events. It runs code only when an image is uploaded, scales automatically, and bills per millisecond of execution. This matches the requirements for minimal overhead and pay-per-use.

Why this answer

AWS Lambda is the correct choice because it is a serverless compute service that runs code in response to S3 events, such as object creation. It automatically scales with the number of uploads, charges only for the compute time consumed (per 100ms increments), and requires no infrastructure management, making it ideal for event-driven image processing tasks.

Exam trap

The trap here is that candidates may choose Amazon ECS with Fargate because they think 'serverless containers' are always the best option, but they overlook that Lambda is simpler, cheaper, and more appropriate for lightweight, event-driven tasks like image resizing, whereas Fargate adds unnecessary overhead for container orchestration.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 Auto Scaling groups require managing virtual servers, incurring costs even when idle, and add operational overhead for patching and scaling, which contradicts the requirement to minimize overhead and pay only for compute time used. Option C is wrong because Amazon ECS with Fargate, while serverless, is designed for running containerized applications and introduces unnecessary complexity (e.g., container image management, task definitions) for a simple event-driven image resize task that Lambda handles more directly and cost-effectively. Option D is wrong because AWS Batch is optimized for batch computing jobs with dependencies and scheduling, not for real-time event-driven processing triggered by S3 uploads, and it requires more setup and orchestration than needed.

860
MCQmedium

A company is planning to migrate to AWS. Their CTO wants to understand how AWS's massive scale benefits smaller customers. Which AWS cloud economic concept explains this benefit?

A.Elasticity
B.Economies of scale
C.Capital expenditure avoidance
D.Global reach
AnswerB

AWS's massive scale enables bulk purchasing and operational efficiency that individual companies cannot match, with savings passed on as lower prices to all customers.

Why this answer

Economies of scale is the correct answer because it describes how AWS's massive infrastructure investments (data centers, hardware, networking) allow them to spread fixed costs across millions of customers, resulting in lower per-unit costs that are passed down to smaller customers. This is a core cloud economic concept where the provider's scale directly benefits all tenants, unlike elasticity which focuses on resource scaling.

Exam trap

The trap here is that candidates confuse 'economies of scale' with 'elasticity' because both involve scaling, but elasticity is about resource adjustment while economies of scale is about cost reduction from provider size.

How to eliminate wrong answers

Option A is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand, not the cost benefit derived from the provider's large-scale operations. Option C is wrong because capital expenditure avoidance is about shifting from upfront hardware purchases to operational expenses, which is a financial benefit but not the specific concept explaining how AWS's massive scale benefits smaller customers. Option D is wrong because global reach describes the geographic distribution of AWS infrastructure, not the economic advantage of shared infrastructure costs.

861
MCQmedium

A company is designing a highly available application that must remain operational even if a single physical data center fails. The application will be deployed in the us-east-1 Region. The company wants to distribute the application across multiple physical locations within the Region, where each location has independent power, cooling, and networking. Which AWS Global Infrastructure component should the company use to meet this requirement?

A.AWS Region
B.Availability Zone
C.Edge Location
D.Local Zone
AnswerB

Availability Zones are isolated locations within an AWS Region, each with independent power, cooling, and networking. By deploying across multiple Availability Zones, the application can survive a single data center failure, achieving high availability and fault tolerance within the same Region.

Why this answer

Availability Zones (AZs) are distinct physical locations within an AWS Region, each with independent power, cooling, and networking, and are interconnected through low-latency links. By deploying the application across multiple AZs, the company ensures high availability and fault tolerance against the failure of a single physical data center. This directly meets the requirement to remain operational even if one physical data center fails.

Exam trap

The trap here is that candidates confuse an AWS Region (a broad geographic area) with an Availability Zone (the actual isolated data center within that Region), leading them to select 'AWS Region' thinking it provides the required physical separation.

How to eliminate wrong answers

Option A is wrong because an AWS Region is a geographic area containing multiple, isolated Availability Zones; deploying within a single Region does not by itself provide fault isolation against a single data center failure. Option C is wrong because Edge Locations are used for content caching and delivery via Amazon CloudFront, not for hosting application compute or storage with the required fault tolerance. Option D is wrong because a Local Zone is an extension of an AWS Region that places compute, storage, and database services closer to end users for low-latency workloads, but it does not provide the independent power, cooling, and networking redundancy across multiple physical locations within a Region that Availability Zones offer.

862
MCQmedium

A company wants to deploy a web application and have AWS handle the infrastructure, OS, and runtime — they only want to manage the application code and configuration. Which AWS service provides this experience?

A.Amazon EC2
B.AWS Elastic Beanstalk
C.AWS Lambda
D.Amazon ECS
AnswerB

Elastic Beanstalk is PaaS — developers provide the application code and Beanstalk handles provisioning, scaling, load balancing, and health monitoring automatically.

Why this answer

AWS Elastic Beanstalk is a Platform as a Service (PaaS) offering that automatically handles the provisioning of underlying infrastructure (EC2 instances, load balancers, auto-scaling groups), the operating system, and the runtime environment (e.g., Java, Python, Node.js). The customer only needs to upload their application code and configuration, and Elastic Beanstalk manages the deployment, capacity provisioning, load balancing, and health monitoring, matching the requirement exactly.

Exam trap

The trap here is that candidates confuse AWS Elastic Beanstalk with AWS Lambda, thinking both are 'serverless' — but Elastic Beanstalk is a PaaS that runs on provisioned servers (EC2 instances), while Lambda is truly serverless and event-driven, making Lambda unsuitable for hosting a full web application with persistent runtime requirements.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 is an Infrastructure as a Service (IaaS) offering where the customer is responsible for managing the OS, runtime, and infrastructure — the opposite of the desired experience. Option C is wrong because AWS Lambda is a Function as a Service (FaaS) for running stateless, event-driven code without managing servers, but it does not handle full web application deployment with a runtime environment; it runs individual functions, not a complete web app stack. Option D is wrong because Amazon ECS is a container orchestration service that requires the customer to define and manage container images, task definitions, and cluster configurations, still leaving OS and runtime management to the customer unless combined with Fargate, but even then it does not provide the turnkey PaaS experience described.

863
MCQmedium

A company recently signed up for AWS and is using the 12-month Free Tier offer. In the first month, they launched a single Amazon EC2 t2.micro instance and used it for exactly 750 hours. In the second month, they launched a second t2.micro instance and ran both instances simultaneously for 500 hours each (a total of 1,000 instance-hours for the month). Which statement accurately describes the charges for the second month under the Free Tier?

A.The entire 1,000 hours are free because each instance is eligible for 750 free hours per month.
B.The first 500 hours of each instance are free, and the remaining 500 hours are charged.
C.The first 750 hours of combined usage across both instances are free, and the remaining 250 hours are charged.
D.The entire 1,000 hours are charged because the Free Tier only applies to the first month.
AnswerC

This is correct. The Free Tier provides 750 free hours per month aggregated across all t2.micro instances. 750 of the 1,000 hours are free; the additional 250 hours incur charges.

Why this answer

Option C is correct because the AWS Free Tier for EC2 provides 750 hours of t2.micro (or t3.micro) instance usage per month across all regions, aggregated across all instances. In the second month, the combined usage of both instances is 1,000 hours, so the first 750 hours are free, and the remaining 250 hours are charged at standard On-Demand rates. The Free Tier applies each month for the first 12 months, not just the first month, and the 750-hour limit is a pool shared by all eligible instances.

Exam trap

The trap here is that candidates mistakenly believe the 750 free hours apply per instance rather than as a shared monthly pool, or that the Free Tier only applies to the first month of account creation.

How to eliminate wrong answers

Option A is wrong because it incorrectly assumes each instance receives its own 750 free hours per month; the Free Tier provides a total of 750 hours per month across all t2.micro instances, not per instance. Option B is wrong because it suggests a per-instance pro-rata allocation (first 500 hours free per instance), which is not how the aggregated 750-hour pool works; the free hours are consumed from a single monthly bucket. Option D is wrong because the Free Tier offer applies for the full 12 months, not only the first month; the second month is still within the 12-month window.

864
MCQmedium

A security team needs to demonstrate to auditors that no AWS infrastructure has been modified between two audit periods. Which AWS service provides a continuous record of configuration changes with before-and-after state for all resources?

A.AWS CloudTrail
B.AWS Config
C.Amazon CloudWatch
D.Amazon GuardDuty
AnswerB

AWS Config provides a complete configuration history for each resource with before-and-after states — auditors can review exactly how resources were configured at any point in time and what changed.

Why this answer

AWS Config is the correct service because it continuously records configuration changes to AWS resources and provides a detailed history of each change, including the before-and-after state. This allows the security team to demonstrate to auditors that no infrastructure modifications occurred between two audit periods by reviewing the configuration timeline and compliance snapshots.

Exam trap

The trap here is that candidates often confuse AWS CloudTrail (which logs API calls) with AWS Config (which records resource configuration states), but CloudTrail does not provide the before-and-after configuration state that auditors require for demonstrating no infrastructure changes.

How to eliminate wrong answers

Option A is wrong because AWS CloudTrail records API activity and events (who did what, when, and from where), but it does not capture the before-and-after configuration state of resources; it logs actions, not the resulting resource configuration. Option C is wrong because Amazon CloudWatch is a monitoring service for metrics, logs, and alarms, not a configuration tracking service; it cannot provide a historical record of resource configuration changes with state details. Option D is wrong because Amazon GuardDuty is a threat detection service that analyzes logs and network traffic for malicious activity, not a configuration change recorder; it does not track or store resource configuration states.

865
MCQmedium

A company is migrating a legacy monolithic e-commerce application to AWS. The application has three tightly integrated modules: user authentication, payment processing, and inventory management. In the current design, a failure in the payment processing module often causes the entire application to crash. The company wants to redesign the application so that each module runs independently, and a failure in one module does not cascade to other modules. Which cloud computing concept should the company apply to achieve this goal?

A.Elasticity
B.High availability
C.Loose coupling
D.Disaster recovery
AnswerC

Loose coupling is an architectural principle where components are designed to have minimal dependencies on each other. They communicate asynchronously (e.g., via queues, events, or APIs) so that a failure in one component does not cascade to others. This approach directly solves the company's problem of isolating module failures.

Why this answer

The correct answer is C, loose coupling. Loose coupling is a cloud computing concept where components are designed to have minimal dependencies on each other, communicating through well-defined interfaces or APIs. By decoupling the user authentication, payment processing, and inventory management modules, a failure in one module (e.g., payment processing) will not cascade and crash the entire application, as each module can operate independently and handle its own failures gracefully.

Exam trap

The trap here is that candidates often confuse high availability with fault isolation, thinking that making a system highly available (e.g., with multiple instances) will prevent cascading failures, but high availability does not address the tight coupling between modules that causes one failure to bring down others.

How to eliminate wrong answers

Option A is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand, not to the architectural independence of modules. Option B is wrong because high availability focuses on ensuring that a system remains operational and accessible despite failures, typically through redundancy and failover mechanisms, but it does not inherently prevent a failure in one component from crashing another. Option D is wrong because disaster recovery involves plans and processes to restore IT infrastructure and data after a catastrophic event, not the day-to-day isolation of module failures.

866
MCQmedium

A company runs a legacy on-premises file server that stores 10 TB of shared documents used by a team of 50 employees. The company wants to migrate this data to Amazon S3 to benefit from durable, scalable storage. However, the team requires low-latency access to frequently used files (less than 5 milliseconds latency) because the application reads and writes files multiple times per second. The company also wants to maintain a local cache of recently accessed files on premises to reduce latency and minimize egress costs. The entire solution should be managed through the AWS Management Console and support standard file-sharing protocols like SMB. Which AWS service should the company use to meet these requirements?

A.AWS Storage Gateway File Gateway
B.Amazon FSx for Windows File Server
C.AWS DataSync
D.Amazon S3 with AWS Direct Connect
AnswerA

This service is designed exactly for this use case: it provides a local VM that caches frequently accessed files on premises, presents SMB/NFS shares to applications, and stores the primary data in Amazon S3. It offers low-latency access through the cache and is managed from the AWS Management Console.

Why this answer

AWS Storage Gateway File Gateway is the correct choice because it provides a hybrid cloud storage service that enables low-latency, on-premises access to frequently used files by maintaining a local cache of recently accessed data. It supports the SMB protocol for standard file sharing, integrates with Amazon S3 for durable, scalable storage, and can be managed through the AWS Management Console. The local cache reduces both latency (targeting sub-5 ms for cached data) and egress costs by serving reads from the on-premises cache instead of fetching from S3.

Exam trap

The trap here is that candidates often confuse AWS Storage Gateway File Gateway with Amazon FSx for Windows File Server, assuming both provide on-premises caching, but FSx is a cloud-only service without a local cache, making it unsuitable for sub-5 ms latency requirements from on-premises clients.

How to eliminate wrong answers

Option B (Amazon FSx for Windows File Server) is wrong because it is a fully managed native Windows file server in the cloud, not a hybrid solution with an on-premises local cache; it would require all data to be accessed over the network, introducing latency that cannot guarantee sub-5 ms for on-premises users. Option C (AWS DataSync) is wrong because it is a data transfer and synchronization tool, not a storage service; it does not provide ongoing low-latency file access or an on-premises cache for frequently used files. Option D (Amazon S3 with AWS Direct Connect) is wrong because while Direct Connect reduces network latency, S3 does not natively support the SMB protocol or provide an on-premises local cache, and accessing S3 directly over Direct Connect still incurs higher latency than a local cache and does not meet the sub-5 ms requirement for frequent reads/writes.

867
MCQmedium

A company has multiple AWS accounts that are consolidated under AWS Organizations. The company uses cost allocation tags to track costs by project. The finance team now wants an interactive tool that can visualize the company's AWS spending over the past 6 months, break down costs by the 'Project' tag, and allow filtering by service, region, and linked account. The team also wants to forecast future spending based on historical trends. Which AWS service or feature should the finance team use?

A.AWS Budgets
B.AWS Cost Explorer
C.AWS Cost and Usage Report (CUR)
D.AWS Trusted Advisor
AnswerB

AWS Cost Explorer is the correct service. It offers an interactive graph-based interface to explore historical cost and usage data, filter by tags (e.g., Project) and other dimensions, and generate forecasts up to 12 months ahead based on past usage.

Why this answer

AWS Cost Explorer is the correct choice because it provides an interactive, pre-built dashboard that visualizes cost and usage data over customizable time periods (up to 12 months), supports filtering by service, region, and linked account, and includes a forecasting feature that uses machine learning to predict future spending based on historical trends. It directly meets the finance team's requirement for an interactive tool with filtering and forecasting capabilities.

Exam trap

The trap here is that candidates often confuse AWS Cost Explorer's interactive visualization and forecasting capabilities with AWS Budgets' alerting functionality, or mistakenly think the raw data from AWS Cost and Usage Report (CUR) is an interactive tool, when in fact CUR requires additional services to build dashboards.

How to eliminate wrong answers

Option A is wrong because AWS Budgets is a cost monitoring and alerting service that notifies you when spending exceeds or is forecasted to exceed a threshold, but it does not provide an interactive visualization dashboard with filtering by service, region, and linked account, nor does it offer a dedicated forecasting tool for historical trend analysis. Option C is wrong because AWS Cost and Usage Report (CUR) delivers raw, detailed CSV or Parquet files of your cost and usage data, which require additional tools (e.g., Amazon Athena, QuickSight) to visualize and filter interactively; it is not an interactive visualization tool itself. Option D is wrong because AWS Trusted Advisor is an advisory service that inspects your AWS environment for best practices in cost optimization, security, fault tolerance, and performance, but it does not provide cost visualization, filtering by tags or dimensions, or spending forecasting.

868
MCQmedium

A company's data analytics team needs to process log files immediately after they are uploaded to an Amazon S3 bucket. The processing logic is implemented as a custom Python script that runs for about 10 seconds per file. The team wants a fully managed solution that does not require provisioning or managing servers, automatically scales with the number of incoming log files, and executes the script only when new files are uploaded. Which AWS service should the team use to meet these requirements?

A.Amazon EC2 with an Auto Scaling group configured to launch instances based on S3 events
B.AWS Lambda with an S3 bucket notification trigger
C.AWS Elastic Beanstalk configured with a worker environment
D.Amazon EMR with a scheduled step to process new files
AnswerB

Correct. AWS Lambda is a serverless compute service that runs code in response to events, such as S3 object creation. It automatically scales, requires no server management, and executes the function only when new files are uploaded, making it the best fit for this use case.

Why this answer

AWS Lambda is the correct choice because it is a fully managed, serverless compute service that can be triggered directly by S3 bucket notifications (e.g., s3:ObjectCreated:* events). The custom Python script runs within the Lambda function, which automatically scales to handle concurrent invocations for each new log file, and the 10-second execution time is well within the 15-minute maximum duration for Lambda functions. This meets all requirements without provisioning or managing servers.

Exam trap

The trap here is that candidates may confuse 'fully managed' with services like EC2 Auto Scaling or Elastic Beanstalk, which still require server management, or think EMR is suitable for small, event-driven tasks, when in fact Lambda is the only serverless option that directly integrates with S3 events for immediate, per-file processing.

How to eliminate wrong answers

Option A is wrong because Amazon EC2 with Auto Scaling requires provisioning and managing server instances, even if scaling is based on S3 events, which violates the 'fully managed' and 'no provisioning or managing servers' requirement. Option C is wrong because AWS Elastic Beanstalk worker environments still run on underlying EC2 instances that must be provisioned and managed, and they are not directly triggered by S3 events without additional configuration (e.g., SQS polling). Option D is wrong because Amazon EMR is designed for big data processing using Hadoop/Spark clusters, not for lightweight, event-driven processing of individual log files, and scheduled steps would not execute immediately upon file upload.

869
MCQmedium

A company runs a set of steady-state workloads on Amazon EC2 instances and Amazon ECS Fargate tasks. The company expects consistent usage for the next 3 years and wants to reduce compute costs. The company prefers flexibility to move workloads between different instance families and across different AWS compute services (EC2, ECS, and Lambda) without committing to a specific instance type or family. Which AWS pricing model meets these requirements?

A.Compute Savings Plans (3-year, partial upfront)
B.EC2 Instance Savings Plans (3-year, no upfront)
C.Standard Reserved Instances (1-year, all upfront)
D.Convertible Reserved Instances (3-year, all upfront)
AnswerA

Compute Savings Plans provide discounts on compute usage across EC2, Fargate, and Lambda, with flexibility across instance families and regions. This matches the company's need for cross-service flexibility and a 3-year commitment.

Why this answer

Compute Savings Plans (3-year, partial upfront) is correct because it provides the highest flexibility, allowing workloads to move between EC2 instances, ECS Fargate, and Lambda without committing to a specific instance family or compute service. The 3-year term with partial upfront offers the maximum discount (up to 66%) for steady-state workloads while still enabling the required flexibility across compute services. This pricing model automatically applies the lowest price across any region and compute option, making it ideal for the described steady-state but flexible workload.

Exam trap

The trap here is that candidates often confuse EC2 Instance Savings Plans (which lock to a family) with Compute Savings Plans (which offer cross-service flexibility), or they assume Convertible RIs provide the same flexibility as Compute Savings Plans, but Convertible RIs cannot cover Fargate or Lambda and require manual exchanges.

How to eliminate wrong answers

Option B (EC2 Instance Savings Plans) is wrong because it locks you into a specific instance family within a region (e.g., m5), which prevents moving workloads between different instance families or to ECS Fargate/Lambda without losing the discount. Option C (Standard Reserved Instances) is wrong because it commits to a specific instance type and family (e.g., m5.large) in a specific Availability Zone, offering no flexibility to change instance families or move to other compute services. Option D (Convertible Reserved Instances) is wrong because although it allows changing instance families, it requires a manual exchange process and still cannot be applied to ECS Fargate or Lambda, and the 3-year all upfront option has higher upfront cost with less flexibility compared to Compute Savings Plans.

870
MCQmedium

A company's finance team wants to forecast their AWS spending for the next 12 months to set accurate budget targets. Which AWS service provides cost forecasting based on historical usage patterns?

A.AWS Pricing Calculator
B.AWS Cost Explorer
C.AWS Budgets
D.Amazon QuickSight
AnswerB

Cost Explorer's forecasting feature projects future costs based on historical AWS usage data, providing month-by-month predictions with confidence intervals for budget planning.

Why this answer

AWS Cost Explorer provides cost forecasting based on historical usage patterns, allowing you to project your AWS spending for the next 12 months. It uses machine learning to analyze past consumption and generate future cost estimates, which directly supports the finance team's need for accurate budget targets.

Exam trap

The trap here is that candidates often confuse AWS Cost Explorer's forecasting capability with AWS Budgets' alerting feature, assuming Budgets can predict future costs when it only monitors against predefined thresholds.

How to eliminate wrong answers

Option A is wrong because AWS Pricing Calculator is a tool for estimating costs for new or planned architectures, not for forecasting based on historical usage. Option C is wrong because AWS Budgets is used to set spending limits and send alerts, but it does not generate forecasts from historical data. Option D is wrong because Amazon QuickSight is a business intelligence service for visualizing data, not a dedicated cost forecasting tool for AWS spending.

871
MCQmedium

A company runs a fleet of production Amazon EC2 instances that operate 24/7 throughout the year. The CFO wants to reduce compute costs by committing to a consistent usage level. The finance team needs a tool that analyzes the company's historical EC2 usage and provides recommendations for the most cost-effective purchase options, including recommendations for both Reserved Instances and Savings Plans, with support for instance size flexibility. Which AWS tool should the finance team use?

A.AWS Budgets
B.AWS Cost Explorer
C.AWS Trusted Advisor
D.AWS Pricing Calculator
AnswerB

Correct. AWS Cost Explorer has a built-in tool that analyzes your historical EC2 (and other service) usage and provides recommendations for purchasing Reserved Instances and Savings Plans, including options with size flexibility to maximize savings.

Why this answer

AWS Cost Explorer provides a comprehensive analysis of historical EC2 usage and generates tailored recommendations for both Reserved Instances (RI) and Savings Plans, including support for instance size flexibility. This directly meets the CFO's requirement to commit to a consistent usage level while optimizing costs based on actual usage patterns.

Exam trap

The trap here is that candidates confuse AWS Cost Explorer (an analysis and recommendation tool) with AWS Budgets (a cost tracking and alerting tool), or assume Trusted Advisor covers purchase recommendations when it only provides generic optimization checks.

How to eliminate wrong answers

Option A is wrong because AWS Budgets is a cost monitoring and alerting tool, not an analysis tool that provides purchase recommendations or historical usage analysis. Option C is wrong because AWS Trusted Advisor offers general best-practice checks (e.g., idle instances, security groups) but does not provide detailed RI or Savings Plan recommendations with instance size flexibility. Option D is wrong because AWS Pricing Calculator is a manual estimation tool for future costs, not an automated analyzer of historical EC2 usage or a recommender for purchase options.

872
MCQmedium

A company runs a critical database on a single Amazon EC2 instance in a single Availability Zone. To increase fault tolerance and minimize downtime, the architecture team decides to deploy the database across multiple Availability Zones using a primary/standby configuration. This design pattern of distributing resources across isolated locations to ensure continuous operation even if an entire data center fails best demonstrates which fundamental concept of cloud computing?

A.Elasticity
B.High availability
C.Scalability
D.Security
AnswerB

Correct. Deploying resources across multiple Availability Zones to withstand the failure of an entire data center is the definition of high availability in cloud computing. It ensures that the application remains accessible despite infrastructure failures.

Why this answer

Deploying a critical database across multiple Availability Zones in a primary/standby configuration ensures that if one data center (AZ) fails, the standby instance can take over with minimal downtime. This design directly implements high availability (HA), which is the ability of a system to remain operational despite component failures. The scenario specifically describes fault tolerance through geographic redundancy, which is the core of HA in cloud computing.

Exam trap

AWS often tests the distinction between high availability (fault tolerance across AZs) and scalability (handling increased load), so the trap here is confusing the ability to survive failures with the ability to grow capacity.

How to eliminate wrong answers

Option A is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand, not to distributing resources for fault tolerance. Option C is wrong because scalability is the capacity to handle increased load by adding resources (vertical or horizontal scaling), not the ability to survive infrastructure failures. Option D is wrong because security involves protecting data and systems through encryption, access controls, and compliance measures, not ensuring continuous operation during a data center outage.

873
MCQmedium

A financial services company is preparing for an annual third-party audit. The auditor has requested a copy of the AWS SOC 2 Type II report to evaluate the security controls of the AWS infrastructure. The company needs to retrieve the report as quickly as possible without raising a support ticket. Which AWS service should they use?

A.AWS Security Hub
B.AWS Config
C.AWS Artifact
D.AWS Trusted Advisor
AnswerC

AWS Artifact is the correct service because it provides on-demand access to AWS compliance reports, including SOC, PCI, and ISO reports, which can be downloaded directly from the AWS Management Console.

Why this answer

AWS Artifact is the correct service because it provides on-demand, self-service access to AWS compliance reports, including SOC reports, PCI reports, and ISO certifications, without needing to open a support ticket. The auditor's request for a SOC 2 Type II report is exactly the use case AWS Artifact is designed for, allowing the company to download the report immediately from the AWS Management Console or via the AWS CLI.

Exam trap

The trap here is that candidates may confuse AWS Artifact with AWS Security Hub or AWS Config, thinking those services provide compliance reports, when in fact AWS Artifact is the only service that directly serves downloadable audit documentation without requiring a support ticket.

How to eliminate wrong answers

Option A is wrong because AWS Security Hub is a cloud security posture management service that aggregates security alerts and compliance checks from multiple AWS services, but it does not provide downloadable compliance reports like SOC 2 reports. Option B is wrong because AWS Config is a service for evaluating, auditing, and recording configuration changes of AWS resources, not for retrieving compliance documentation or audit reports. Option D is wrong because AWS Trusted Advisor provides best-practice recommendations for cost optimization, performance, security, and fault tolerance, but it does not offer access to compliance reports such as SOC 2 Type II reports.

874
MCQmedium

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses a custom domain name and requires HTTPS for all traffic. The security team provisions an SSL/TLS certificate using AWS Certificate Manager (ACM) and associates it with the ALB. Which of the following is an advantage of using ACM over manually managing certificates?

A.ACM automatically renews the certificate before it expires, and the renewed certificate is automatically applied to the associated load balancer.
B.ACM encrypts the traffic between the ALB and the EC2 instances, ensuring end-to-end encryption.
C.ACM provides a certificate that can be exported and installed on any on-premises server for free.
D.ACM requires the company to store the private key in a secure location outside of AWS.
AnswerA

Correct. When DNS validation is configured, ACM automatically renews certificates before expiration and applies the renewed certificate to the associated AWS resources such as an ALB, eliminating the need for manual renewal and reducing the risk of certificate expiration.

Why this answer

Option A is correct because AWS Certificate Manager (ACM) automatically renews SSL/TLS certificates before they expire, and the renewed certificate is seamlessly applied to the associated AWS resources, such as an Application Load Balancer (ALB). This eliminates the manual effort of tracking expiration dates, generating new certificates, and re-associating them, which is a key operational advantage over self-managed certificates.

Exam trap

The trap here is that candidates may confuse ACM's automatic renewal with encryption capabilities or assume ACM certificates are portable, when in fact ACM only manages certificates for AWS services and does not provide encryption between the load balancer and backend instances.

How to eliminate wrong answers

Option B is wrong because ACM does not encrypt traffic between the ALB and EC2 instances; it only handles the SSL/TLS certificate termination at the ALB. End-to-end encryption between the ALB and backend instances requires separate configuration, such as using HTTPS listeners on the target group or self-signed certificates on the instances. Option C is wrong because ACM certificates cannot be exported for use on on-premises servers; they are region-specific and tied to AWS-integrated services like ALB, CloudFront, or API Gateway, and ACM does not provide free certificates for external use.

875
MCQmedium

A company's security team needs to run automated vulnerability scans on all Amazon EC2 instances in their production environment. They require a managed service that checks for common vulnerabilities and exposures (CVEs) and identifies insecure network configurations. The scans must be scheduled to run weekly and the results must be viewable in the AWS Management Console. Which AWS service should the team use?

A.Amazon Inspector
B.AWS Shield
C.Amazon GuardDuty
D.AWS WAF
AnswerA

Amazon Inspector is the correct service. It is a vulnerability management service that automatically scans EC2 instances for software vulnerabilities and network exposure, providing a managed solution for scheduling scans and viewing findings in the AWS Management Console.

Why this answer

Amazon Inspector is a managed vulnerability management service that automatically scans EC2 instances for software vulnerabilities (CVEs) and unintended network exposure. It supports scheduled recurring scans (e.g., weekly) and integrates with the AWS Management Console to display findings, making it the correct choice for the team's requirements.

Exam trap

The trap here is confusing Amazon Inspector (vulnerability scanning) with Amazon GuardDuty (threat detection) or AWS Shield (DDoS protection), as all three are security services but serve fundamentally different purposes—candidates often pick GuardDuty because it 'detects threats' without realizing it does not scan for CVEs or network configurations.

How to eliminate wrong answers

Option B (AWS Shield) is wrong because it is a DDoS protection service, not a vulnerability scanner; it mitigates network-layer attacks but does not check for CVEs or insecure configurations. Option C (Amazon GuardDuty) is wrong because it is a threat detection service that analyzes VPC flow logs, DNS logs, and CloudTrail events for malicious activity, not a vulnerability scanner for CVEs or network configurations. Option D (AWS WAF) is wrong because it is a web application firewall that filters HTTP/HTTPS traffic based on rules, not a service for scanning EC2 instances for vulnerabilities or insecure network configurations.

876
MCQmedium

A company runs a production workload on Amazon EC2 instances that must be available continuously. The workload has predictable usage patterns. The company wants to minimize compute costs while maintaining high availability. Which pricing model should they choose?

A.On-Demand Instances
B.Reserved Instances
C.Spot Instances
D.Dedicated Hosts
AnswerB

Reserved Instances offer a substantial discount over On-Demand for a commitment of one or three years. They are ideal for steady-state, continuously running workloads because they lower costs without sacrificing availability.

Why this answer

Reserved Instances (RIs) are the correct choice because the workload requires continuous availability and has predictable usage patterns. By committing to a 1- or 3-year term, the company can receive a significant discount (up to 72%) compared to On-Demand pricing, while still ensuring the EC2 instances are always running and highly available. This model directly aligns with the need to minimize compute costs for a steady-state, always-on production workload.

Exam trap

The trap here is that candidates often choose On-Demand Instances because they assume 'continuous availability' requires the flexibility of no commitment, overlooking that Reserved Instances provide the same availability at a much lower cost for predictable workloads.

How to eliminate wrong answers

Option A is wrong because On-Demand Instances are billed per second with no upfront commitment, which is the most expensive pricing model for continuous workloads and does not minimize costs. Option C is wrong because Spot Instances can be terminated by AWS with a 2-minute warning when capacity is reclaimed, making them unsuitable for a production workload that must be available continuously. Option D is wrong because Dedicated Hosts provide physical server isolation for licensing or compliance requirements, but they are significantly more expensive than Reserved Instances and do not offer cost optimization for predictable, always-on usage.

877
MCQmedium

A company traditionally purchases physical servers every three years to host its internal applications. The company is migrating these applications to AWS and will pay a monthly fee based on the actual compute capacity consumed. The company no longer needs to make large upfront hardware purchases and can instead budget for smaller monthly payments. Which benefit of cloud computing does this scenario BEST describe?

A.Scalability
B.Elasticity
C.Conversion of capital expense to operational expense
D.Economies of scale
AnswerC

The company is moving from purchasing servers upfront (capital expense) to paying monthly for only what they use (operational expense). This is a fundamental benefit of cloud computing, often referred to as pay-as-you-go or variable expense.

Why this answer

This scenario describes the conversion of capital expense (CapEx) to operational expense (OpEx). Traditionally, purchasing physical servers requires a large upfront capital investment, which is a capital expense. By migrating to AWS and paying a monthly fee based on actual compute capacity consumed, the company shifts to a pay-as-you-go model, which is an operational expense.

This allows the company to budget for smaller, predictable monthly payments instead of large, infrequent hardware purchases.

Exam trap

The trap here is that candidates often confuse the financial benefit of CapEx-to-OpEx conversion with the operational benefits of scalability or elasticity, but the question specifically focuses on the change in payment structure from large upfront purchases to monthly consumption-based fees.

How to eliminate wrong answers

Option A is wrong because scalability refers to the ability to increase or decrease resources to meet demand, which is not the primary focus of this scenario; the company is not described as adjusting capacity based on load. Option B is wrong because elasticity specifically refers to automatically scaling resources up and down in response to real-time demand, which is not mentioned; the scenario is about changing the payment model from upfront to monthly, not about dynamic resource adjustment.

878
MCQmedium

A DevOps team needs to deploy a multi-tier web application on AWS. The application consists of Amazon EC2 instances, an Application Load Balancer, an Amazon RDS database, and security groups. The team wants to define all these resources in a single declarative template, automatically manage the creation order and dependencies, and version control the template for repeatable deployments. Which AWS service should the team use to meet these requirements?

A.AWS CloudFormation
B.AWS Elastic Beanstalk
C.AWS OpsWorks
D.AWS CodePipeline
AnswerA

CloudFormation is the correct choice because it provides infrastructure as code using declarative templates, automatically manages resource dependencies and creation order, and supports version control.

Why this answer

AWS CloudFormation is the correct service because it allows you to define all AWS resources (EC2, ALB, RDS, security groups) in a single declarative JSON or YAML template. It automatically manages the creation order based on resource dependencies (e.g., EC2 instances depend on security groups), supports version control of templates, and enables repeatable, consistent deployments across environments.

Exam trap

The trap here is that candidates often confuse AWS Elastic Beanstalk (a PaaS service) with CloudFormation, thinking it can also define all resources declaratively, but Elastic Beanstalk only manages the environment and does not give you control over individual resource dependencies or a single version-controlled template.

How to eliminate wrong answers

Option B (AWS Elastic Beanstalk) is wrong because it is a PaaS service that abstracts infrastructure management and does not provide a declarative template for fine-grained resource definition; it uses environment configurations and application code, not a single template for all resources. Option C (AWS OpsWorks) is wrong because it is a configuration management service based on Chef/Puppet, not a declarative infrastructure-as-code template; it focuses on server configuration and automation, not on defining resource dependencies and order. Option D (AWS CodePipeline) is wrong because it is a CI/CD service for automating build, test, and deploy pipelines, not a service for defining or provisioning infrastructure resources; it does not manage creation order or dependencies of resources.

879
MCQmedium

A company runs a critical e-commerce application on Amazon EC2 instances distributed across multiple Availability Zones in a single AWS Region. The application is designed so that if an entire Availability Zone experiences an outage, the application continues to serve traffic from the remaining Availability Zones without interruption. Which benefit or characteristic of cloud computing does this scenario BEST represent?

A.Elasticity
B.High availability
C.Scalability
D.Fault tolerance
AnswerB

High availability is the correct characteristic. By deploying across multiple Availability Zones, the application can withstand the failure of an entire AZ and continue serving users, which is the essence of high availability.

Why this answer

The scenario describes an application that continues to serve traffic without interruption when an entire Availability Zone fails. This is the definition of high availability, which is achieved by distributing EC2 instances across multiple Availability Zones and using an Elastic Load Balancer to route traffic away from failed instances. High availability ensures fault tolerance and minimal downtime, which is a core benefit of cloud computing.

Exam trap

The trap here is that candidates confuse high availability with elasticity or scalability, because both involve multiple instances, but high availability specifically addresses fault tolerance and uptime during failures, not dynamic scaling or load handling.

How to eliminate wrong answers

Option A is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand, not to withstand an Availability Zone failure. Option C is wrong because scalability is the ability to handle increased load by adding resources, which is unrelated to maintaining service during an infrastructure failure.

880
MCQmedium

A company has a serverless application built with AWS Lambda. The application requires a series of functions to run in a specific order: after a user uploads a file, a validation function must run, then a processing function, and finally a metadata storage function. The company needs a service to coordinate these steps, manage state, handle errors, and automatically retry failed functions based on defined conditions. Which AWS service should the company use to meet these requirements?

A.AWS Step Functions
B.Amazon Simple Queue Service (SQS)
C.AWS Batch
D.Amazon EventBridge
AnswerA

Correct. AWS Step Functions is a fully managed service that lets you coordinate multiple AWS services into stateful, scalable workflows. It supports sequencing, parallel execution, error handling, and retries, making it ideal for orchestrating a series of Lambda functions in a defined order.

Why this answer

AWS Step Functions is a serverless orchestration service that lets you coordinate multiple AWS services into a flexible, visual workflow. It directly meets the requirement to run Lambda functions in a specific order, manage state between steps, handle errors with built-in retry logic, and define conditions for automatic retries using Amazon States Language (ASL). This makes it the ideal choice for orchestrating a multi-step serverless application with error handling and state management.

Exam trap

AWS often tests the distinction between orchestration (Step Functions) and simple messaging (SQS) or batch processing (AWS Batch), so the trap here is that candidates might choose SQS thinking it can coordinate steps, but SQS lacks workflow state management and built-in retry conditions.

How to eliminate wrong answers

Option B (Amazon SQS) is wrong because it is a message queuing service that decouples components and does not provide workflow orchestration, state management, or built-in retry logic based on defined conditions; it simply stores messages for consumers to poll. Option C (AWS Batch) is wrong because it is designed for batch computing jobs on EC2 or Fargate, not for orchestrating serverless functions in a defined sequence with error handling and state tracking.

881
MCQmedium

A company wants to accelerate their machine learning workloads using purpose-built ML chips instead of general-purpose GPUs. Which AWS compute option provides custom ML accelerator chips?

A.EC2 GPU instances (P and G family)
B.EC2 Inf and Trn instances (AWS Inferentia and Trainium)
C.EC2 Compute-optimized instances (C family)
D.AWS Lambda with extended memory
AnswerB

AWS Inferentia (Inf instances) and Trainium (Trn instances) are custom AWS-designed ML chips that provide high-throughput, cost-effective ML inference and training.

Why this answer

Option B is correct because AWS Inferentia and Trainium are purpose-built ML accelerator chips designed specifically to optimize machine learning inference and training workloads, respectively. Unlike general-purpose GPUs, these custom chips provide higher performance per watt and lower cost for ML tasks, making them the ideal choice for accelerating ML workloads with dedicated hardware.

Exam trap

The trap here is that candidates often assume GPU instances (like P3 or G4) are the best choice for all ML workloads, overlooking that AWS offers purpose-built ML chips (Inferentia and Trainium) specifically designed to outperform GPUs in cost and efficiency for dedicated ML tasks.

How to eliminate wrong answers

Option A is wrong because EC2 GPU instances (P and G families) use general-purpose NVIDIA GPUs, not custom ML accelerator chips, and are optimized for a broader range of compute-intensive tasks like graphics rendering and scientific simulations, not specifically for ML acceleration with purpose-built chips. Option C is wrong because EC2 Compute-optimized instances (C family) rely on standard Intel or AMD CPUs with high clock speeds, lacking any specialized ML accelerator hardware, and are designed for general compute-bound applications rather than ML workloads. Option D is wrong because AWS Lambda with extended memory is a serverless compute service that uses standard CPU resources and cannot provide custom ML accelerator chips, as it is intended for short-running, event-driven functions without dedicated hardware acceleration.

882
MCQmedium

A company is using AWS Organizations to manage multiple AWS accounts. The security team wants to ensure that users in the development accounts cannot disable AWS CloudTrail logging or delete CloudTrail trails, even if those users have full administrator permissions within their own accounts. The team needs a central mechanism that is enforced across all development accounts regardless of individual IAM policies. Which AWS feature should the security team use to meet this requirement?

A.Service control policies (SCPs)
B.IAM policies
C.AWS Config rules
D.Amazon CloudWatch Events
AnswerA

Correct. SCPs are used within AWS Organizations to set permission guardrails for member accounts. They are evaluated before IAM policies, so they can block actions even for users with full administrative IAM permissions, making them ideal for centrally enforcing restrictions like preventing CloudTrail from being disabled.

Why this answer

Service control policies (SCPs) are a feature of AWS Organizations that allow you to centrally control the maximum available permissions for all accounts in an organization. SCPs act as a guardrail, restricting what actions users and roles in member accounts can perform, even if they have full administrator permissions via IAM policies. By applying an SCP that denies the `cloudtrail:DeleteTrail` and `cloudtrail:StopLogging` actions, the security team can enforce that CloudTrail cannot be disabled or deleted across all development accounts, regardless of individual IAM configurations.

Exam trap

The trap here is that candidates often confuse SCPs with IAM policies, thinking IAM policies can centrally restrict actions across accounts, but SCPs are the only mechanism that can enforce a deny across all accounts in an AWS Organization regardless of local administrator privileges.

How to eliminate wrong answers

Option B is wrong because IAM policies are account-specific and can be overridden by a user with full administrator permissions within their own account; they cannot enforce restrictions across multiple accounts from a central point. Option C is wrong because AWS Config rules are used for evaluating resource compliance and triggering remediation actions, but they do not prevent actions from being taken—they only detect and report non-compliance after the fact, and they cannot block an administrator from disabling CloudTrail.

883
MCQmedium

A company wants to receive alerts when their AWS spend exceeds a specific threshold. Which AWS service should they use to configure these alerts?

A.AWS Cost Explorer
B.AWS Budgets
C.AWS Cost and Usage Report
D.Amazon CloudWatch Billing alarms
AnswerB

AWS Budgets enables creation of cost, usage, and reservation budgets with automated alerts when thresholds are exceeded.

Why this answer

AWS Budgets allows you to set custom cost and usage budgets and receive alerts when your actual or forecasted spend exceeds a defined threshold. It is the primary service designed for proactive cost monitoring and alerting, supporting both monthly and daily budget tracking with configurable actions such as email notifications or automated responses via AWS Chatbot.

Exam trap

The trap here is that candidates often confuse CloudWatch Billing alarms (which only monitor total estimated charges) with AWS Budgets (which supports per-service, custom threshold, and forecast-based alerts), leading them to select the legacy option D instead of the more capable and recommended service B.

How to eliminate wrong answers

Option A is wrong because AWS Cost Explorer is a visualization and analytics tool for exploring historical cost data, not a service for setting threshold-based alerts. Option C is wrong because AWS Cost and Usage Report (CUR) provides detailed, granular billing data for analysis in external tools like Amazon Athena or QuickSight, but it does not generate real-time alerts. Option D is wrong because Amazon CloudWatch Billing alarms are a legacy feature that only monitor estimated charges for the total AWS bill and cannot be used for per-service or custom budget thresholds; AWS Budgets is the recommended and more flexible alternative.

884
MCQeasy

Which AWS service provides detailed billing reports that can be delivered hourly to Amazon S3 for custom analysis with tools like Amazon Athena or Redshift?

A.AWS Cost Explorer
B.AWS Budgets
C.AWS Cost and Usage Report (CUR)
D.Amazon CloudWatch Billing Metrics
AnswerC

CUR provides the most granular billing data available, including resource-level line items, delivered to S3 hourly — the standard foundation for custom billing analytics.

Why this answer

AWS Cost and Usage Report (CUR) is the correct service because it provides the most granular billing data, including hourly usage and cost details, which can be delivered to an Amazon S3 bucket. This allows you to use analytics tools like Amazon Athena or Amazon Redshift to run custom queries and perform in-depth analysis on the raw billing data.

Exam trap

The trap here is that candidates often confuse AWS Cost Explorer (which provides visual reports) with the Cost and Usage Report (which provides raw data for custom analysis), or they mistakenly think CloudWatch Billing Metrics offer the same level of detail as CUR.

How to eliminate wrong answers

Option A is wrong because AWS Cost Explorer provides visual dashboards and pre-built reports for cost analysis, but it does not deliver raw billing data to S3 for custom querying with Athena or Redshift. Option B is wrong because AWS Budgets is used to set spending limits and receive alerts, not to generate detailed billing reports for custom analysis. Option D is wrong because Amazon CloudWatch Billing Metrics only publish basic billing metrics (e.g., estimated charges) to CloudWatch, not the detailed hourly usage data required for custom analysis with Athena or Redshift.

885
MCQmedium

A company hosts an e-commerce website on Amazon EC2 instances behind an Application Load Balancer in the us-east-1 Region. The website includes both static assets (product images, CSS files) and dynamic content (user-specific cart data). The company has customers all over the world who complain about slow page load times. The company wants to reduce latency by caching static content closer to users while still allowing dynamic requests to reach the origin. Which AWS service should the company use to meet these requirements?

A.Amazon CloudFront with Application Load Balancer as the origin
B.Amazon Route 53 with latency-based routing
C.AWS Global Accelerator with static IP addresses
D.Amazon S3 Transfer Acceleration
AnswerA

Correct. Amazon CloudFront is a global content delivery network (CDN) that can cache static content at edge locations closer to users. It also supports dynamic content by forwarding requests to the origin, which can be an Application Load Balancer. This meets both the caching and origin integration requirements.

Why this answer

Amazon CloudFront is a content delivery network (CDN) that caches static content (e.g., images, CSS) at edge locations worldwide, reducing latency for users. By configuring the Application Load Balancer as the origin, CloudFront forwards dynamic requests (e.g., cart data) to the ALB, which then routes them to the EC2 instances. This hybrid approach meets the requirement to cache static assets globally while allowing dynamic content to be processed by the origin servers.

Exam trap

The trap here is that candidates confuse AWS Global Accelerator's network optimization (which only reduces latency for all traffic via the AWS backbone) with CloudFront's caching capability, mistakenly thinking Global Accelerator can cache static content when it cannot.

How to eliminate wrong answers

Option B is wrong because Amazon Route 53 with latency-based routing only directs DNS queries to the lowest-latency endpoint (e.g., an ALB in a different region), but it does not cache content at edge locations; it still requires the user to fetch all content from the origin, failing to reduce latency for static assets. Option C is wrong because AWS Global Accelerator improves performance by routing traffic over the AWS global network and providing static IP addresses, but it does not cache content; it only optimizes the network path to the origin, so static assets are still served from the origin without edge caching.

886
MCQmedium

A company wants to deliver its web application content to users across North America, Europe, and Asia with minimal latency. The application runs on Amazon EC2 instances and serves static and dynamic content. Which AWS Cloud concept is most directly supported by using AWS Regions and edge locations to meet this requirement?

A.High availability
B.Global reach
C.Elasticity
D.Fault tolerance
AnswerB

Global reach is the ability to deploy resources and serve content from multiple AWS Regions and edge locations around the world, bringing applications closer to users and minimizing latency. This directly matches the scenario's requirement.

Why this answer

AWS Regions and edge locations are geographically distributed infrastructure components that enable global reach. By deploying the application in multiple Regions (e.g., us-east-1, eu-west-1, ap-southeast-1) and using edge locations via Amazon CloudFront, the company can serve static and dynamic content from locations closer to users, reducing latency across North America, Europe, and Asia. This directly supports the concept of global reach, which is the ability to serve a worldwide user base with low latency.

Exam trap

The trap here is that candidates confuse 'global reach' with 'high availability' or 'fault tolerance,' because both involve multiple locations, but global reach specifically addresses geographic distribution for latency reduction, not redundancy for failure recovery.

How to eliminate wrong answers

Option A is wrong because high availability focuses on ensuring application uptime through redundancy within a single Region (e.g., Multi-AZ deployments), not on reducing latency across geographically dispersed users. Option C is wrong because elasticity refers to the ability to automatically scale resources up or down based on demand (e.g., using Auto Scaling groups), not on distributing content to multiple geographic locations. Option D is wrong because fault tolerance is the ability to continue operating without interruption despite component failures (e.g., using standby replicas or multiple Availability Zones), not on minimizing latency for a global user base.

887
Drag & Dropmedium

Drag and drop the steps to recover an EC2 instance from a snapshot in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Recovery involves creating a volume from snapshot, detaching old volume, attaching new one, and starting the instance.

888
Matchingmedium

Match each AWS networking service to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Isolated cloud network

Dedicated network connection to AWS

DNS and domain registration

Content delivery network (CDN)

Improve application availability and performance

Why these pairings

Networking services connect and optimize traffic.

889
MCQmedium

A company expects a steady baseline usage of AWS compute services (Amazon EC2, AWS Lambda, and AWS Fargate) over the next three years. They want to reduce costs compared to On-Demand pricing while maintaining the flexibility to change instance families, regions, or even switch between compute services (e.g., from EC2 to Lambda) without losing their discount. Which AWS pricing option should the company choose?

A.Reserved Instances (Standard)
B.Reserved Instances (Convertible)
C.Compute Savings Plan
D.EC2 Instance Savings Plan
AnswerC

The Compute Savings Plan offers the highest flexibility among AWS savings options. It applies to all compute services (EC2, Lambda, Fargate), all regions, and all instance families. The discount applies to usage up to the committed amount ($/hour), and any usage beyond the commitment is charged at On-Demand rates. This matches the company's need for both savings and flexibility across compute services.

Why this answer

The Compute Savings Plan offers the highest flexibility, automatically applying discounts to any compute usage across EC2, Lambda, and Fargate, regardless of instance family, region, or compute service. It provides up to 66% savings over On-Demand while allowing the company to change instance types, regions, or switch between compute services without losing the discount. This matches the requirement for steady baseline usage with maximum flexibility.

Exam trap

The trap here is that candidates often confuse Convertible Reserved Instances with Compute Savings Plans, thinking that Convertible RIs offer similar flexibility, but they are limited to EC2 and cannot switch to Lambda or Fargate, nor change regions.

How to eliminate wrong answers

Option A is wrong because Standard Reserved Instances lock the company into a specific instance family and region for the entire term, and they do not apply to AWS Lambda or AWS Fargate, so switching compute services would forfeit the discount. Option B is wrong because Convertible Reserved Instances allow changes to instance families but only within the same EC2 service and region, and they still do not cover Lambda or Fargate, nor do they allow region changes without losing the discount.

890
MCQmedium

A company runs a variety of workloads on AWS and wants to be notified when their monthly spending behaves unusually compared to past patterns. They want a managed service that uses machine learning to detect cost anomalies and provides root cause analysis. Which AWS service or feature should they use?

A.AWS Budgets
B.AWS Cost Anomaly Detection
C.AWS Cost Explorer
D.AWS Trusted Advisor
AnswerB

AWS Cost Anomaly Detection uses machine learning to analyze historical cost and usage data, detect unusual spending patterns, and provide root cause analysis with actionable alerts.

Why this answer

AWS Cost Anomaly Detection is a managed service that leverages machine learning to continuously monitor your cost and usage patterns, detect anomalies, and provide root cause analysis. It automatically establishes a baseline from historical spending data and alerts you when actual spending deviates from expected patterns, making it the correct choice for this use case.

Exam trap

The trap here is that candidates often confuse AWS Budgets (a simple threshold alerting tool) with AWS Cost Anomaly Detection (an ML-driven anomaly detection service), because both can send cost alerts, but only the latter provides automated root cause analysis and pattern-based detection.

How to eliminate wrong answers

Option A is wrong because AWS Budgets allows you to set custom cost and usage thresholds and receive alerts when you exceed them, but it does not use machine learning to detect anomalies or provide root cause analysis—it is purely threshold-based. Option C is wrong because AWS Cost Explorer provides interactive charts and reports for visualizing and analyzing your cost and usage data, but it does not proactively detect anomalies using ML or offer root cause analysis; it is a manual analysis tool. Option D is wrong because AWS Trusted Advisor inspects your AWS environment and provides best practice recommendations in categories like cost optimization, performance, and security, but it does not monitor spending patterns with ML or detect cost anomalies.

891
MCQmedium

A company requires all IAM users to have multi-factor authentication (MFA) enabled for AWS Management Console access. The security team needs an automated way to continuously detect any IAM user without an MFA device and generate a compliance report. The solution must not require custom code. Which AWS service should the team use?

A.AWS Config
B.IAM Access Analyzer
C.AWS Trusted Advisor
D.Amazon Inspector
AnswerA

AWS Config uses managed rules like iam-user-mfa-enabled to continuously evaluate IAM users and report non-compliance. This matches the requirement for automated detection and reporting without custom code.

Why this answer

AWS Config is correct because it provides a managed, rules-based evaluation of AWS resource configurations. By enabling the 'iam-user-mfa-enabled' managed rule, AWS Config continuously checks all IAM users for the presence of an MFA device and can automatically trigger remediation actions or generate compliance reports via AWS Config aggregators, all without any custom code.

Exam trap

The trap here is that candidates often confuse AWS Trusted Advisor's root account MFA check with the broader requirement to check all IAM users, or they mistakenly think IAM Access Analyzer can audit user-level security settings like MFA.

How to eliminate wrong answers

Option B (IAM Access Analyzer) is wrong because it focuses on analyzing resource-based policies to identify unintended public or cross-account access, not on detecting missing MFA configurations on IAM users. Option C (AWS Trusted Advisor) is wrong because while it does check for MFA on the root account, it does not continuously monitor or report on MFA status for all IAM users; it only provides a point-in-time check for the root user. Option D (Amazon Inspector) is wrong because it is designed for vulnerability assessment of EC2 instances and container workloads, not for auditing IAM user configurations or MFA compliance.

892
MCQmedium

A company suspects that an IAM role used by an EC2 instance has been granted excessive permissions. Which AWS service can generate a policy that includes only the permissions actually used over the last 90 days?

A.AWS Trusted Advisor
B.Amazon GuardDuty
C.AWS IAM Access Analyzer
D.AWS Config
AnswerC

IAM Access Analyzer generates least-privilege policies by analyzing CloudTrail activity logs to identify which permissions were actually used within the analysis period.

Why this answer

AWS IAM Access Analyzer can generate a policy based on the access activity recorded in AWS CloudTrail logs over the trailing 90 days. This generated policy includes only the permissions that were actually used by the IAM role, allowing you to replace an overly permissive policy with a least-privilege version.

Exam trap

The trap here is that candidates confuse AWS IAM Access Analyzer's policy generation feature with its external access analysis feature, or mistakenly think AWS Config or Trusted Advisor can generate usage-based policies when they cannot.

How to eliminate wrong answers

Option A is wrong because AWS Trusted Advisor provides best-practice checks and recommendations (e.g., security groups open to 0.0.0.0/0) but cannot generate a policy based on historical usage. Option B is wrong because Amazon GuardDuty is a threat detection service that monitors for malicious activity using anomaly detection and threat intelligence; it does not analyze IAM permissions usage to generate policies. Option D is wrong because AWS Config evaluates resource configurations against rules and tracks configuration changes, but it does not analyze CloudTrail access logs to produce a usage-based policy.

893
MCQmedium

Which AWS service provides a fully managed API for building conversational interfaces (chatbots) using natural language understanding powered by the same technology as Amazon Alexa?

A.Amazon Polly
B.Amazon Transcribe
C.Amazon Lex
D.Amazon Comprehend
AnswerC

Lex provides ASR and NLU capabilities to build chatbots and voice interfaces, using the same technology as Alexa — developers define intents and utterances through the API.

Why this answer

Amazon Lex is the correct answer because it is a fully managed AWS service that provides APIs for building conversational interfaces (chatbots) using automatic speech recognition (ASR) and natural language understanding (NLU), leveraging the same deep learning technology that powers Amazon Alexa. This enables developers to create applications that can understand and respond to natural language input.

Exam trap

The trap here is that candidates often confuse Amazon Lex (conversational interfaces/NLU) with Amazon Polly (speech output) or Amazon Transcribe (speech-to-text), not realizing that Lex combines both ASR and NLU to build chatbots, while the others are single-purpose services.

How to eliminate wrong answers

Option A is wrong because Amazon Polly is a text-to-speech (TTS) service that converts text into lifelike speech, not a service for building conversational interfaces or understanding natural language. Option B is wrong because Amazon Transcribe is an automatic speech recognition (ASR) service that converts audio to text, but it does not provide NLU capabilities or APIs for building chatbots. Option D is wrong because Amazon Comprehend is a natural language processing (NLP) service that extracts insights from text (e.g., sentiment, entities), but it is not a managed API for building conversational interfaces or chatbots.

894
MCQmedium

A company tags all Amazon EC2 instances with a 'Project' tag to track costs. The finance team reviews cost data in AWS Cost Explorer but cannot filter or group by the 'Project' tag. The tags are visible in the EC2 console. What is the most likely reason the tags are not appearing in Cost Explorer?

A.The tags are not applied to the root volumes of the EC2 instances.
B.The tags have not been activated as cost allocation tags in the Billing and Cost Management console.
C.Cost Explorer requires at least 30 days of tag usage data before tags become available.
D.The finance team does not have the iam:ListAccountAliases permission.
AnswerB

Correct. Tags that you apply to resources are not automatically available for cost tracking. You must activate them as cost allocation tags in the Billing and Cost Management console. After activation, tags appear in Cost Explorer and other cost management tools.

Why this answer

B is correct because cost allocation tags must be explicitly activated in the Billing and Cost Management console before they appear in AWS Cost Explorer. Even though the 'Project' tag is applied to EC2 instances and visible in the EC2 console, AWS does not automatically treat resource tags as cost allocation tags; activation is a separate, required step. Without activation, Cost Explorer cannot filter or group by that tag.

Exam trap

The trap here is that candidates assume that because tags are visible in the EC2 console, they are automatically available for cost tracking in Cost Explorer, but AWS requires an explicit activation step in the Billing console to designate them as cost allocation tags.

How to eliminate wrong answers

Option A is wrong because tags applied to EC2 instances are inherited by their root volumes automatically; the root volume does not need separate tagging, and this is not related to Cost Explorer visibility. Option C is wrong because Cost Explorer can display tag data as soon as tags are activated and resources are tagged, though historical data may take up to 24 hours to appear; there is no mandatory 30-day waiting period. Option D is wrong because the iam:ListAccountAliases permission is unrelated to viewing tags in Cost Explorer; it controls the ability to list account aliases in the IAM console, not cost allocation tag filtering.

895
MCQmedium

A company runs a microservices-based e-commerce application on AWS. During peak hours, the order processing service often gets overwhelmed because the web frontend sends requests directly to it. This causes delays and occasional failures. The architecture team needs to decouple the frontend from the order processing service by introducing a fully managed, highly available, and durable message queue. The queue must automatically replicate messages across multiple Availability Zones and allow the order processing service to pull messages at its own pace. Which AWS service should the company use?

A.Amazon Simple Queue Service (SQS)
B.Amazon Simple Notification Service (SNS)
C.Amazon Kinesis Data Streams
D.Amazon MQ
AnswerA

Correct. Amazon SQS is a fully managed message queuing service that decouples application components. It is highly available and durable, automatically replicating messages across multiple Availability Zones. It supports polling mechanisms, allowing the order processing service to consume messages at its own pace.

Why this answer

Amazon Simple Queue Service (SQS) is the correct choice because it is a fully managed, highly available, and durable message queue service that automatically replicates messages across multiple Availability Zones (AZs) to ensure fault tolerance. It decouples the web frontend from the order processing service, allowing the latter to poll and process messages at its own pace, which prevents overload during peak hours. SQS provides at-least-once delivery and supports standard queues with high throughput, making it ideal for this use case.

Exam trap

The trap here is that candidates often confuse SNS (push-based) with SQS (pull-based) because both are messaging services, but the requirement for the consumer to pull messages at its own pace eliminates SNS, which pushes messages immediately to subscribers.

How to eliminate wrong answers

Option B (Amazon Simple Notification Service) is wrong because SNS is a pub/sub messaging service that pushes messages to subscribers (e.g., HTTP endpoints, Lambda, SQS) and does not provide a pull-based queue where the consumer controls the processing pace; it would still overwhelm the order processing service if subscribed directly. Option C (Amazon Kinesis Data Streams) is wrong because it is designed for real-time streaming of large-scale data (e.g., clickstreams, logs) with shard-based processing, not for simple decoupling with a durable, pull-based message queue; it requires more complex consumer management and is not optimized for decoupling a request-response pattern. Option D (Amazon MQ) is wrong because it is a managed message broker for protocols like AMQP and MQTT, but it is not automatically replicated across multiple AZs by default (requires manual configuration) and is less fully managed and durable than SQS for this specific decoupling need.

896
MCQmedium

A company runs a high-traffic e-commerce application. During peak holiday season, database read performance degrades. They want to offload read traffic from their RDS primary database. What should they implement?

A.RDS Multi-AZ
B.RDS Read Replicas
C.Increase the RDS instance size
D.Enable RDS Automated Backups
AnswerB

Read Replicas serve read-only queries, offloading read traffic from the primary database and allowing it to focus on writes during peak periods.

Why this answer

B is correct because RDS Read Replicas are specifically designed to offload read traffic from the primary database instance. By creating one or more read-only replicas, the application can direct SELECT queries to the replicas, reducing the load on the primary RDS instance and improving overall read performance during peak traffic.

Exam trap

The trap here is that candidates often confuse Multi-AZ (which provides failover but not read scaling) with Read Replicas, assuming that a standby in another AZ can serve reads, but AWS explicitly prevents read traffic to the Multi-AZ standby to maintain consistency and failover integrity.

How to eliminate wrong answers

Option A is wrong because RDS Multi-AZ provides high availability and automatic failover by maintaining a standby replica in a different Availability Zone, but it does not offload read traffic—the standby is not used for reads unless a failover occurs. Option C is wrong because increasing the RDS instance size (scaling up) can improve performance but is a vertical scaling approach that does not specifically offload read traffic; it also incurs higher cost and may still hit limits under extreme load. Option D is wrong because RDS Automated Backups are for point-in-time recovery and disaster recovery, not for read scaling; they do not serve read requests from the application.

897
MCQmedium

Which AWS service provides a finding-based security recommendations service that uses AI to identify operational issues and anomalies, going beyond simple rule-based Config checks?

A.AWS Config
B.Amazon GuardDuty
C.Amazon DevOps Guru
D.Amazon Inspector
AnswerC

DevOps Guru uses ML to continuously analyze operational data and detect anomalies indicating potential issues — providing proactive recommendations before customers are impacted.

Why this answer

Amazon DevOps Guru is the correct answer because it is an ML-powered service that automatically detects operational issues and anomalies, such as anomalous application behavior or resource contention, and provides finding-based security recommendations. Unlike rule-based services, DevOps Guru analyzes historical and real-time metrics, logs, and events to identify patterns that deviate from normal behavior, going beyond simple compliance checks.

Exam trap

The trap here is that candidates confuse Amazon GuardDuty's threat detection with operational anomaly detection, but GuardDuty focuses on security threats (e.g., unusual API calls) while DevOps Guru addresses operational issues like performance degradation and resource saturation.

How to eliminate wrong answers

Option A is wrong because AWS Config is a service that evaluates resource configurations against predefined rules (e.g., managed or custom Config rules) and provides compliance status, but it does not use AI to detect anomalies or operational issues—it is purely rule-based. Option B is wrong because Amazon GuardDuty is a threat detection service that uses machine learning to identify malicious activity and unauthorized behavior, but it focuses on security threats (e.g., compromised credentials, API abuse) rather than operational issues and anomalies in application performance. Option D is wrong because Amazon Inspector is a vulnerability management service that scans workloads for software vulnerabilities and unintended network exposure, but it does not use AI to detect operational anomalies or provide finding-based security recommendations beyond vulnerability assessments.

898
MCQeasy

Which statement about Amazon EC2 On-Demand pricing is accurate?

A.On-Demand instances require a minimum commitment of one month
B.On-Demand instances are billed per second with no upfront commitment or termination fees
C.On-Demand instances are the cheapest pricing option for all workloads
D.On-Demand instances must be running continuously once launched
AnswerB

Linux EC2 On-Demand instances are billed by the second with a 60-second minimum — no upfront fees, no long-term commitment, and no termination charges.

Why this answer

Amazon EC2 On-Demand instances are billed per second (with a minimum of 60 seconds) for Linux instances, and per hour for other operating systems, with no upfront payment or termination fees. This model provides maximum flexibility, allowing you to launch and stop instances as needed without any long-term commitment or penalty.

Exam trap

The trap here is that candidates often assume On-Demand instances require a minimum commitment (like one month) or that they must run continuously, confusing them with Reserved Instances or forgetting the per-second billing flexibility for Linux instances.

How to eliminate wrong answers

Option A is wrong because On-Demand instances require no upfront commitment or minimum term (e.g., one month); you pay only for what you use. Option C is wrong because On-Demand pricing is typically the most expensive per-hour cost; Savings Plans, Reserved Instances, and Spot Instances offer lower rates for steady-state or flexible workloads. Option D is wrong because On-Demand instances can be stopped and started at any time; they do not need to run continuously once launched.

899
MCQmedium

A company's website serves static content—such as images, videos, and CSS files—to a global audience. The company wants to reduce load times for users located far from the primary AWS Region where the application is hosted. Which component of the AWS global infrastructure is specifically designed to cache and deliver this content with low latency from locations close to end users?

A.Regional Edge Caches
B.Availability Zones
C.Edge Locations
D.AWS Outposts
AnswerC

Edge locations are a key part of the AWS global infrastructure, used by services like Amazon CloudFront to cache content geographically close to end users, minimizing latency and improving performance.

Why this answer

Edge Locations are part of AWS CloudFront, a content delivery network (CDN) that caches static content (e.g., images, videos, CSS) at geographically distributed points of presence (PoPs). When a user requests content, CloudFront serves it from the nearest Edge Location, reducing latency and improving load times for global audiences. This makes Edge Locations the correct choice for caching and delivering static content with low latency.

Exam trap

The trap here is that candidates confuse Regional Edge Caches with Edge Locations, thinking that Regional Edge Caches are the primary caching layer for end users, when in fact Edge Locations are the outermost, lowest-latency layer in the CloudFront hierarchy.

How to eliminate wrong answers

Option A is wrong because Regional Edge Caches are a separate layer within CloudFront that sit between the origin and Edge Locations; they are designed to cache content with a longer time-to-live (TTL) to reduce load on the origin, but they are not the primary component for delivering content with the lowest latency to end users—Edge Locations are closer and serve that purpose. Option B is wrong because Availability Zones are distinct, isolated data centers within an AWS Region that provide high availability and fault tolerance for compute and storage resources; they do not cache or deliver content globally and are not designed for content distribution or latency reduction for end users.

900
MCQmedium

A company runs a business-critical workload on AWS. The workload must have a 15-minute response time from AWS Support if it becomes unavailable. Additionally, the company wants a dedicated technical account manager (TAM) who will proactively review the architecture and provide best practice recommendations. Which AWS Support plan should the company choose?

A.Basic Support
B.Developer Support
C.Business Support
D.Enterprise Support
AnswerD

The Enterprise Support plan is designed for customers running business-critical workloads. It offers a 15-minute response time for critical system down issues, a dedicated Technical Account Manager (TAM) who provides proactive architectural guidance, and access to a Concierge Support Team. This plan meets all stated requirements.

Why this answer

The Enterprise Support plan is the only AWS Support plan that provides a 15-minute response time for business-critical workloads and includes a dedicated Technical Account Manager (TAM). The TAM proactively reviews the architecture and offers best practice recommendations, which directly matches the company's requirements.

Exam trap

The trap here is that candidates often confuse the Business Support plan's 1-hour response time for production system down with the Enterprise plan's 15-minute response time, and overlook that only Enterprise includes a dedicated TAM.

How to eliminate wrong answers

Option A is wrong because Basic Support provides only account and billing support with no technical support, no defined response times, and no TAM. Option B is wrong because Developer Support offers a 12-hour response time for impaired systems and does not include a dedicated TAM. Option C is wrong because Business Support provides a 1-hour response time for production system down but does not include a dedicated TAM or the 15-minute response time for business-critical workloads.

Page 11

Page 12 of 14

Page 13