Certy IQ

Premium exam material

Get certification quickly with the CertyIQ Premium exam material.
Everything you need to prepare, learn & pass your certification exam easily. Lifetime free updates
First attempt guaranteed success.
https://www.CertyIQ.com
 Amazon

(AWS Certified Cloud Practitioner)

AWS Certified Cloud Practitioner (CLF-C01)

Total: 1013 Questions

Link: https://certyiq.com/papers?provider=amazon&exam=aws-certified-cloud-practitioner
Question: 1 CertyIQ
A company is planning to run a global marketing application in the AWS Cloud. The application will feature videos
that can be viewed by users. The company must ensure that all users can view these videos with low latency.
Which AWS service should the company use to meet this requirement?

A. AWS Auto Scaling

B. Amazon Kinesis Video Streams
C. Elastic Load Balancing
D. Amazon CloudFront

Answer: D

Explanation:

Reduce latency by delivering data through 410+ globally dispersed Points of Presence (PoPs) with automated
network mapping and intelligent routing.

https://aws.amazon.com/cloudfront

Question: 2 CertyIQ
Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from
infrastructure or service disruptions and dynamically acquire computing resources to meet demand?

A. Security
B. Reliability
C. Performance efficiency
D. Cost optimization

Answer: B

Explanation:

B. Reliability

The reliability pillar focuses on workloads performing their intended functions and how to recover quickly
from failure to meet demands. Key topics include distributed system design, recovery planning, and adapting
to changing requirements.

https://aws.amazon.com/architecture/well-architected/

Question: 3 CertyIQ
Which of the following are benefits of migrating to the AWS Cloud? (Choose two.)

A. Operational resilience
B. Discounts for products on Amazon.com
C. Business agility
D. Business excellence
E. Increased staff retention
 Answer: AC

Explanation:

A. Operational resilience

C. Business agility

Question: 4 CertyIQ
A company is planning to replace its physical on-premises compute servers with AWS serverless compute
services. The company wants to be able to take advantage of advanced technologies quickly after the migration.
Which pillar of the AWS Well-Architected Framework does this plan represent?

A. Security
B. Performance efficiency
C. Operational excellence
D. Reliability

Answer: B

Explanation:

From: https://docs.aws.amazon.com/wellarchitected/latest/performance-efficiency-pillar/performance-
efficiency.html

The performance efficiency pillar focuses on the efficient use of computing resources to meet requirements,
and how to maintain efficiency as demand changes and technologies evolve

Question: 5 CertyIQ
A large company has multiple departments. Each department has its own AWS account. Each department has
purchased Amazon EC2 Reserved Instances.
Some departments do not use all the Reserved Instances that they purchased, and other departments need more
Reserved Instances than they purchased.
The company needs to manage the AWS accounts for all the departments so that the departments can share the
Reserved Instances.
Which AWS service or tool should the company use to meet these requirements?

A. AWS Systems Manager

B. Cost Explorer
C. AWS Trusted Advisor
D. AWS Organizations

Answer: D

Explanation:

Correct is D. Because asked "manage the AWS accounts for all the departments

Reference:

https://aws.amazon.com/ru/organizations/
Question: 6 CertyIQ
Which component of the AWS global infrastructure is made up of one or more discrete data centers that have
redundant power, networking, and connectivity?

A. AWS Region
B. Availability Zone
C. Edge location
D. AWS Outposts

Answer: B

Explanation:

Answer is B. An availability zone can be made of one or multiple datacenters. An AWS region has at least 3
availability zones, that are separated by multiple kilometers. Then, a region has at least 3 datacenters.

Question: 7 CertyIQ
Which duties are the responsibility of a company that is using AWS Lambda? (Choose two.)

A. Security inside of code

B. Selection of CPU resources
C. Patching of operating system
D. Writing and updating of code
E. Security of underlying infrastructure

Answer: AD

Explanation:

https://aws.amazon.com/compliance/shared-responsibility-model/

Customer is responsible for security "IN" the cloud. For this question, it means the Company ("Customer") is
responsible for their own code management (updates. CI/CD

Question: 8 CertyIQ
Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)

A. 2¡‫ ׀•׀‬Reserved Instances

B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
D. AWS Shield
E. Amazon GuardDuty

Answer: BC

Explanation:
 https://docs.aws.amazon.com/whitepapers/latest/disaster-recovery-workloads-on-aws/disaster-recovery-
options-in-the-cloud.html

You can back up Amazon EC2 instances used by your workload as Amazon Machine Images (AMIs). The AMI is
created from snapshots of your instance's root volume and any other EBS volumes attached to your instance.
You can use this AMI to launch a restored version of the EC2 instance

Question: 9 CertyIQ
A company is migrating to the AWS Cloud instead of running its infrastructure on premises.
Which of the following are advantages of this migration? (Choose two.)

A. Elimination of the need to perform security auditing

B. Increased global reach and agility
C. Ability to deploy globally in minutes
D. Elimination of the cost of IT staff members
E. Redundancy by default for all compute services

Answer: BC

Explanation:

Additional reference to support the answers B, C.

Refer to: https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-

computing.html

Question: 10 CertyIQ
A user is comparing purchase options for an application that runs on Amazon EC2 and Amazon RDS. The
application cannot sustain any interruption. The application experiences a predictable amount of usage, including
some seasonal spikes that last only a few weeks at a time. It is not possible to modify the application.
Which purchase option meets these requirements MOST cost-effectively?

A. Review the AWS Marketplace and buy Partial Upfront Reserved Instances to cover the predicted and
seasonal load.
B. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to
run on Spot Instances.
C. Buy Reserved Instances for the predicted amount of usage throughout the year. Allow any seasonal usage to
run at an On-Demand rate.
D. Buy Reserved Instances to cover all potential usage that results from the seasonal usage.

Answer: C

Explanation:

C is the correct answer, the question explicitly mentioned that "The application cannot sustain any
interruption" of which Spot Instances are ideal for workloads with flexible start and end times, or that can
withstand interruptions. Ideally we want pricing that doesn't allow interruption in this case it will be On-
Demand
Question: 11 CertyIQ
A company wants to review its monthly costs of using Amazon EC2 and Amazon RDS for the past year.
Which AWS service or tool provides this information?

A. AWS Trusted Advisor

B. Cost Explorer
C. Amazon Forecast
D. Amazon CloudWatch

Answer: B

Explanation:

After you enable Cost Explorer, AWS prepares the data about your costs for the current month and the last 12
months, and then calculates the forecast for the next 12 months. The current month's data is available for
viewing in about 24 hours. The rest of your data takes a few days longer. Cost Explorer updates your cost data
at least once every 24 hours

Question: 12 CertyIQ
A company wants to migrate a critical application to AWS. The application has a short runtime. The application is
invoked by changes in data or by shifts in system state. The company needs a compute solution that maximizes
operational efficiency and minimizes the cost of running the application.
Which AWS solution should the company use to meet these requirements?

A. Amazon EC2 On-Demand Instances

B. AWS Lambda
C. Amazon EC2 Reserved Instances
D. Amazon EC2 Spot Instances

Answer: B

Explanation:

From: https://aws.amazon.com/lambda/

1. Run code without provisioning or managing infrastructure. Simply write and upload code as a .zip file or
container image.

2. Automatically respond to code execution requests at any scale, from a dozen events per day to hundreds of
thousands per second.

3. Save costs by paying only for the compute time you use—by per-millisecond—instead of provisioning
infrastructure upfront for peak capacity

Question: 13 CertyIQ
Which AWS service or feature allows users to connect with and deploy AWS services programmatically?

A. AWS Management Console

B. AWS Cloud9
 C. AWS CodePipeline
D. AWS software development kits (SDKs)

Answer: D

Explanation:

CodePipeline is not necessarily used for deploying AWS services. It is a DevOps service that offers CI/CD that
allows you to deploy code changes to a set codebase given your team/company’s release cycle.

The correct answer is D

Question: 14 CertyIQ
A company plans to create a data lake that uses Amazon S3.
Which factor will have the MOST effect on cost?

A. The selection of S3 storage tiers

B. Charges to transfer existing data into Amazon S3
C. The addition of S3 bucket policies
D. S3 ingest fees for each request

Answer: A

Explanation:

The most "effect" on cost. Transferring the data is going to be a set cost. There's not really multiple options to
effect the price of transferring. Which storage tier they pick out of all the options can largely effect the final
cost.

Question: 15 CertyIQ
A company is launching an ecommerce application that must always be available. The application will run on
Amazon EC2 instances continuously for the next
12 months.
What is the MOST cost-effective instance purchasing option that meets these requirements?

A. Spot Instances
B. Savings Plans
C. Dedicated Hosts
D. On-Demand Instances

Answer: B

Explanation:

Amazon EC2 Savings Plans enable you to reduce your compute costs by committing to a consistent amount of
compute usage for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance
costs. Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an
hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates
Question: 16 CertyIQ
Which AWS service or feature can a company use to determine which business unit is using specific AWS
resources?

A. Cost allocation tags

B. Key pairs
C. Amazon Inspector
D. AWS Trusted Advisor

Answer: A

Question: 17 CertyIQ
A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing.
Which AWS service or feature will help the company with its migration?

A. AWS Trusted Advisor

B. AWS Consulting Partners
C. AWS Artifacts
D. AWS Managed Services

Answer: D

Explanation:

APN Consulting Partners are professional services firms but not AWS service or feature

Question: 18 CertyIQ
Which AWS service or tool should a company use to centrally request and track service limit increases?

A. AWS Config
B. Service Quotas
C. AWS Service Catalog
D. AWS Budgets

Answer: B

Explanation:

https://aws.amazon.com/about-aws/whats-new/2021/04/service-quotas-available-aws-govcloud-us-regions/

Question: 19 CertyIQ
Which documentation does AWS Artifact provide?

A. Amazon EC2 terms and conditions

B. AWS ISO certifications
 C. A history of a company's AWS spending
D. A list of previous-generation Amazon EC2 instance types

Answer: B

Explanation:

B is correct. Here is the description: AWS Artifact provides on-demand downloads of AWS security and
compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service
Organization Control (SOC) reports.

Check this out --> https://docs.aws.amazon.com/artifact/latest/ug/what-is-aws-artifact.html

Question: 20 CertyIQ
Which task requires using AWS account root user credentials?

A. Viewing billing information

B. Changing the AWS Support plan
C. Starting and stopping Amazon EC2 instances
D. Opening an AWS Support case

Answer: B

Explanation:

https://aws.amazon.com/premiumsupport/knowledge-center/change-support-plan/?nc1=h_ls

Question: 21 CertyIQ
A company needs to simultaneously process hundreds of requests from different users.
Which combination of AWS services should the company use to build an operationally efficient solution?

A. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda

B. AWS Data Pipeline and Amazon EC2
C. Amazon Kinesis and Amazon Athena
D. AWS Amplify and AWS AppSync

Answer: A

Explanation:

Data pipeline is not relevant for this question - it moves data between AWS compute / storage services and on
prem data

Question: 22 CertyIQ
What is the scope of a VPC within the AWS network?

A. A VPC can span all Availability Zones globally.

 B. A VPC must span at least two subnets in each AWS Region.
C. A VPC must span at least two edge locations in each AWS Region.
D. A VPC can span all Availability Zones within an AWS Region.

Answer: D

Explanation:

* A VPC is a logically isolated piece of AWS cloud dedicated to your company. This means, you can run
applications on overly provisioned, highly available, and redundant infrastructure setup and it is managed by
AWS. All the complexity of setting up a data center with cables, server racks, hardware, power supply, etc. all
are managed by AWS.

* A VPC belongs to a region.

* A VPC spans all availability zones.

* You can have multiple VPCs per region.

* VPC contains one or more subnets.

* A Subnet is tied to a single availability zone.

* EC2 instances launch into subnets

Question: 23 CertyIQ
Which of the following are components of an AWS Site-to-Site VPN connection? (Choose two.)

A. AWS Storage Gateway

B. Virtual private gateway
C. NAT gateway
D. Customer gateway
E. Internet gateway

Answer: BD

Explanation:

The VPC has an attached virtual private gateway, and your on-premises (remote) network includes a customer
gateway device, which you must configure to enable the Site-to-Site VPN connection. You set up the routing
so that any traffic from the VPC bound for your network is routed to the virtual private gateway

Question: 24 CertyIQ
A company needs to establish a connection between two VPCs. The VPCs are located in two different AWS
Regions. The company wants to use the existing infrastructure of the VPCs for this connection.
Which AWS service or feature can be used to establish this connection?

A. AWS Client VPN

B. VPC peering
C. AWS Direct Connect
D. VPC endpoints
 Answer: B

Explanation:

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic
between them using private IPv4 addresses or IPv6 addresses.

Reference:

https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

Question: 25 CertyIQ
According to the AWS shared responsibility model, what responsibility does a customer have when using Amazon
RDS to host a database?

A. Manage connections to the database

B. Install Microsoft SQL Server
C. Design encryption-at-rest strategies
D. Apply minor database patches

Answer: A

Explanation:

Amazon RDS encrypts your databases using keys you manage with the AWS Key Management Service (KMS).
On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is
encrypted, as are its automated backups, read replicas, and snapshots. Amazon RDS encryption uses the
industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon
RDS instance.

Question: 26 CertyIQ
What are some advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on
premises? (Choose two.)

A. EC2 includes operating system patch management.

B. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM).
C. EC2 has a 100% service level agreement (SLA).
D. EC2 has a flexible, pay-as-you-go pricing model.
E. EC2 has automatic storage cost optimization.

Answer: DE

Explanation:

EC2 doesn't have any storage cost optimization options, only S3 has:

https://aws.amazon.com/s3/cost-optimization/

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
 B - Increase speed and agility

D - Stop spending money running and maintaining data centers

Question: 27 CertyIQ
A user needs to determine whether an Amazon EC2 instance's security groups were modified in the last month.
How can the user see if a change was made?

A. Use Amazon EC2 to see if the security group was changed.

B. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group.
C. Use AWS CloudTrail to see if the security group was changed.
D. Use Amazon CloudWatch to see if the security group was changed.

Answer: C

Explanation:

CloudTrail is the correct answer:

https://aws.amazon.com/cloudtrail/features/

"CloudTrail records user activity and API calls across AWS services as events. CloudTrail events help you
answer the questions of "who did what, where, and when?

Question: 28 CertyIQ
Which AWS service will help protect applications running on AWS from DDoS attacks?

A. Amazon GuardDuty
B. AWS WAF
C. AWS Shield
D. Amazon Inspector

Answer: C

Explanation:

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications
running on AWS.

https://aws.amazon.com/shield/?nc1=h_ls&whats-new-cards.sort-
by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Question: 29 CertyIQ
Which AWS service or feature acts as a firewall for Amazon EC2 instances?

A. Network ACL
B. Elastic network interface
 C. Amazon VPC
D. Security group

Answer: D

Explanation:

Security Group is correct per AWS Doc : https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-

security-groups.html

Question: 30 CertyIQ
How does the AWS Cloud pricing model differ from the traditional on-premises storage pricing model?

A. AWS resources do not incur costs

B. There are no infrastructure operating costs
C. There are no upfront cost commitments
D. There are no software licensing costs

Answer: B

Explanation:

B is correct, because in AWS you pay for stroage, compute, etc. You don't pay for infra ops directly. On the
other hand you can make commitments with saving plans or reserved instances

Question: 31 CertyIQ
A company has a single Amazon EC2 instance. The company wants to adopt a highly available architecture.
What can the company do to meet this requirement?

A. Scale vertically to a larger EC2 instance size.

B. Scale horizontally across multiple Availability Zones.
C. Purchase an EC2 Dedicated Instance.
D. Change the EC2 instance family to a compute optimized instance.

Answer: B

Explanation:

Multi AZ for highly available

Question: 32 CertyIQ
A company's on-premises application deployment cycle was 3-4 weeks. After migrating to the AWS Cloud, the
company can deploy the application in 2-3 days.
Which benefit has this company experienced by moving to the AWS Cloud?

A. Elasticity
B. Flexibility
 C. Agility
D. Resilience

Answer: C

Explanation:

Answer is C. This is the definition of agility as per AWS : Increase speed and agility – In a cloud computing
environment, new IT resources are only a click away, which means that you reduce the time to make those
resources available to your developers from weeks to just minutes. This results in a dramatic increase in
agility for the organization, since the cost and time it takes to experiment and develop is significantly lower.

Question: 33 CertyIQ
Which of the following are included in AWS Enterprise Support? (Choose two.)

A. AWS technical account manager (TAM)

B. AWS partner-led support
C. AWS Professional Services
D. Support of third-party software integration to AWS
E. 5-minute response time for critical issues

Answer: AD

Explanation:

https://aws.amazon.com/premiumsupport/plans/enterprise/

Question: 34 CertyIQ
A global media company uses AWS Organizations to manage multiple AWS accounts.
Which AWS service or feature can the company use to limit the access to AWS services for member accounts?

A. AWS Identity and Access Management (IAM)

B. Service control policies (SCPs)
C. Organizational units (OUs)
D. Access control lists (ACLs)

Answer: B

Explanation:

Answer is B. "You can use SCPs to allow or deny access to AWS services for individual AWS accounts with
AWS Organizations member accounts, or for groups of accounts within an organizational unit (OU)."
https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-service-control-policy/

Question: 35 CertyIQ
A company wants to limit its employees' AWS access to a portfolio of predefined AWS resources.
Which AWS solution should the company use to meet this requirement?
 A. AWS Config
B. AWS software development kits (SDKs)
C. AWS Service Catalog
D. AWS AppSync

Answer: C

Explanation:

From: https://aws.amazon.com/servicecatalog/

Apply access controls

Scale and control permissions so you can manage resource access in multi-account AWS environments.

How it works

AWS Service Catalog lets you centrally manage deployed IT services, applications, resources, and metadata
to achieve consistent governance of your infrastructure as code (IaC) templates. With AWS Service Catalog,
you can meet your compliance requirements while making sure your customers can quickly deploy the
approved IT services they need

Question: 36 CertyIQ
An online company was running a workload on premises and was struggling to launch new products and features.
After migrating the workload to AWS, the company can quickly launch products and features and can scale its
infrastructure as required.
Which AWS Cloud value proposition does this scenario describe?

A. Business agility
B. High availability
C. Security
D. Centralized auditing

Answer: A

Question: 37 CertyIQ
Which of the following are advantages of the AWS Cloud? (Choose two.)

A. AWS management of user-owned infrastructure

B. Ability to quickly change required capacity
C. High economies of scale
D. Increased deployment time to market
E. Increased fixed expenses

Answer: BC

Explanation:

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html
Question: 38 CertyIQ
AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of
users.
This describes which advantage of the AWS Cloud?

A. Launch globally in minutes

B. Increase speed and agility
C. High economies of scale
D. No guessing about compute capacity

Answer: C

Explanation:

https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.html

Question: 39 CertyIQ
What is the lowest-cost, durable storage option for retaining database backups for immediate retrieval?

A. Amazon S3
B. Amazon Glacier
C. Amazon EBS
D. Amazon EC2 Instance Store

Answer: A

Explanation:

A. Amazon S3

https://aws.amazon.com/rds/features/backup/

Question: 40 CertyIQ
A company is developing a mobile app that needs a high-performance NoSQL database.
Which AWS services could the company use for this database? (Choose two.)

A. Amazon Aurora
B. Amazon RDS
C. Amazon Redshift
D. Amazon DocumentDB (with MongoDB compatibility)
E. Amazon DynamoDB

Answer: DE

Explanation:

Correct answer is D & E, Amazon DyamoDB it's a NoSQL (Refference: https://aws.amazon.com/es/dynamodb/)

 and algo MongoDB (Reference: https://en.wikipedia.org/wiki/MongoDB &
https://www.mongodb.com/es/nosql-explained)

Question: 41 CertyIQ
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.)

A. Patch the Amazon EC2 guest operating system.

B. Upgrade the firmware of the network infrastructure.
C. Apply password rotation for IAM users.
D. Maintain the physical security of edge locations.
E. Maintain least privilege access to the root user account.

Answer: BD

Question: 42 CertyIQ
Which of the following are features of network ACLs as they are used in the AWS Cloud? (Choose two.)

A. They are stateless.

B. They are stateful.
C. They evaluate all rules before allowing traffic.
D. They process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic.
E. They operate at the instance level.

Answer: AD

Explanation:

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

Network ACLs are stateless, which means that responses to allowed inbound traffic are subject to the rules
for outbound traffic (and vice versa).

Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it's applied
regardless of any higher-numbered rule that might contradict it

Question: 43 CertyIQ
A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has
protocols in place to continuously improve supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?

A. Security
B. Performance efficiency
C. Cost optimization
D. Operational excellence

Answer: D
 Explanation:

The Operational Excellence pillar includes the ability to support development and run workloads effectively,
gain insight into their operations, and to continuously improve supporting processes and procedures to deliver
business value

Question: 44 CertyIQ
Which AWS service or feature can be used to create a private connection between an on-premises workload and
an AWS Cloud workload?

A. Amazon Route 53
B. Amazon Macie
C. AWS Direct Connect
D. AWS PrivateLink

Answer: C

Explanation:

Correct answer is C- Direct connect is for private dedicated connection between on premise and AWS.

PrivateLink provides direct secure connections from VPCs to other AWS services.

VPC Private Link is a way of making your service available to set of consumers. You can expose a service and
the consumers can consume your service by creating an endpoint for your service.With PrivateLink, endpoints
are instead created directly inside of your VPC, using Elastic Network Interfaces (ENIs) and IP addresses in
your VPC's subnets.To use AWS PrivateLink, create a VPC endpoint in your VPC, specifying the name of the
service and a subnet. This creates an elastic network interface in the subnet that serves as an entry point for
traffic destined to the service. The service is now in your VPC, enabling connectivity to AWS services via
private IP addresses.

Question: 45 CertyIQ
A company needs to graphically visualize AWS billing and usage over time. The company also needs information
about its AWS monthly costs.
Which AWS Billing and Cost Management tool provides this data in a graphical format?

A. AWS Bills
B. Cost Explorer
C. AWS Cost and Usage Report
D. AWS Budgets

Answer: B

Question: 46 CertyIQ
A company wants to run production workloads on AWS. The company needs concierge service, a designated AWS
technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week.
Which AWS Support plan will meet these requirements?
 A. AWS Basic Support
B. AWS Enterprise Support
C. AWS Business Support
D. AWS Developer Support

Answer: B

Question: 47 CertyIQ
Which architecture design principle describes the need to isolate failures between dependent components in the
AWS Cloud?

A. Use a monolithic design.

B. Design for automation.
C. Design for single points of failure.
D. Loosely couple components.

Answer: D

Question: 48 CertyIQ
Which AWS services are managed database services? (Choose two.)

A. Amazon Elastic Block Store (Amazon EBS)

B. Amazon S3
C. Amazon RDS
D. Amazon Elastic File System (Amazon EFS)
E. Amazon DynamoDB

Answer: CE

Explanation:

Except for C & E, none of them is DB services so, the answer is C & E

Question: 49 CertyIQ
A company is using the AWS Free Tier for several AWS services for an application.
What will happen if the Free Tier usage period expires or if the application use exceeds the Free Tier usage limits?

A. The company will be charged the standard pay-as-you-go service rates for the usage that exceeds the Free
Tier usage.
B. AWS Support will contact the company to set up standard service charges.
C. The company will be charged for the services it consumed during the Free Tier period, plus additional
charges for service consumption after the Free Tier period.
D. The company's AWS account will be frozen and can be restarted after a payment plan is established.

Answer: A
Question: 50 CertyIQ
A company recently deployed an Amazon RDS instance in its VPC. The company needs to implement a stateful
firewall to limit traffic to the private corporate network.
Which AWS service or feature should the company use to limit network traffic directly to its RDS instance?

A. Network ACLs
B. Security groups
C. AWS WAF
D. Amazon GuardDuty

Answer: B

Explanation:

Amazon RDS security groups enable you to manage network access to your Amazon RDS instances. With
security groups, you specify sets of IP addresses using CIDR notation, and only network traffic originating
from these addresses is recognized by your Amazon RDS instance.

Although they function in a similar way, Amazon RDS security groups are different from Amazon EC2 security
groups. It is possible to add an EC2 security group to your RDS security group. Any EC2 instances that are
members of the EC2 security group are then able to access the RDS instances that are members of the RDS
security group.

https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/rds-security-groups.html

Question: 51 CertyIQ
Which AWS service uses machine learning to help discover, monitor, and protect sensitive data that is stored in
Amazon S3 buckets?

A. AWS Shield
B. Amazon Macie
C. AWS Network Firewall
D. Amazon Cognito

Answer: B

Question: 52 CertyIQ
A company wants to improve the overall availability and performance of its applications that are hosted on AWS.
Which AWS service should the company use?

A. Amazon Connect
B. Amazon Lightsail
C. AWS Global Accelerator
D. AWS Storage Gateway

Answer: C

Explanation:
 https://aws.amazon.com/global-accelerator/?blogs-global-accelerator.sort-
by=item.additionalFields.createdDate&blogs-global-accelerator.sort-order=desc&aws-global-accelerator-
wn.sort-by=item.additionalFields.postDateTime&aws-global-accelerator-wn.sort-order=desc

Question: 53 CertyIQ
Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an
external entity?

A. AWS Service Catalog

B. AWS Systems Manager
C. AWS IAM Access Analyzer
D. AWS Organizations

Answer: C

Explanation:

Access Analyzer helps you identify the resources in your organization and accounts, such as Amazon S3
buckets or IAM roles, shared with an external entity. This lets you identify unintended access to your
resources and data, which is a security risk.

https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html

Question: 54 CertyIQ
A company does not want to rely on elaborate forecasting to determine its usage of compute resources. Instead,
the company wants to pay only for the resources that it uses. The company also needs the ability to increase or
decrease its resource usage to meet business requirements.
Which pillar of the AWS Well-Architected Framework aligns with these requirements?

A. Operational excellence
B. Security
C. Reliability
D. Cost optimization

Answer: D

Explanation:

To optimize costs, you should only pay for the computing resources you consume and increase or decrease
usage depending on your business requirements, not with elaborate forecasting.

https://emergencetek.com/aws-five-pillars-of-a-well-architected-framework/

Question: 55 CertyIQ
A company wants to launch its workload on AWS and requires the system to automatically recover from failure.
Which pillar of the AWS Well-Architected Framework includes this requirement?

A. Cost optimization
 B. Operational excellence
C. Performance efficiency
D. Reliability

Answer: D

Question: 56 CertyIQ
A large enterprise with multiple VPCs in several AWS Regions around the world needs to connect and centrally
manage network connectivity between its VPCs.
Which AWS service or feature meets these requirements?

A. AWS Direct Connect

B. AWS Transit Gateway
C. AWS Site-to-Site VPN
D. VPC endpoints

Answer: B

Explanation:

https://aws.amazon.com/transit-gateway/?whats-new-cards.sort-
by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Question: 57 CertyIQ
Which AWS service supports the creation of visual reports from AWS Cost and Usage Report data?

A. Amazon Athena
B. Amazon QuickSight
C. Amazon CloudWatch
D. AWS Organizations

Answer: B

Explanation:

Please refer to: https://aws.amazon.com/athena/?whats-new-cards.sort-

by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using
standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries
that you run.

Athena is easy to use. Simply point to your data in Amazon S3, define the schema, and start querying using
standard SQL. Most results are delivered within seconds. With Athena, there’s no need for complex ETL jobs
to prepare your data for analysis. This makes it easy for anyone with SQL skills to quickly analyze large-scale
datasets.

Athena is out-of-the-box integrated with AWS Glue Data Catalog, allowing you to create a unified metadata
repository across various services, crawl data sources to discover schemas and populate your Catalog with
new and modified table and partition definitions, and maintain schema versioning
Question: 58 CertyIQ
Which AWS service should be used to monitor Amazon EC2 instances for CPU and network utilization?

A. Amazon Inspector
B. AWS CloudTrail
C. Amazon CloudWatch
D. AWS Config

Answer: C

Question: 59 CertyIQ
A company is preparing to launch a new web store that is expected to receive high traffic for an upcoming event.
The web store runs only on AWS, and the company has an AWS Enterprise Support plan.
Which AWS resource will provide guidance about how the company should scale its architecture and operational
support during the event?

A. AWS Abuse team

B. The designated AWS technical account manager (TAM)
C. AWS infrastructure event management
D. AWS Professional Services

Answer: C

Explanation:

https://aws.amazon.com/premiumsupport/programs/iem/

AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational
support during the preparation and execution of planned events, such as shopping holidays, product launches,
and migrations. For these events, AWS Infrastructure Event Management will help you assess operational
readiness, identify and mitigate risks, and execute your event confidently with AWS experts by your side. The
program is included in the Enterprise Support plan and is available to Business Support customers for an
additional fee.

Question: 60 CertyIQ
A user wants to deploy a service to the AWS Cloud by using infrastructure-as-code (IaC) principles.
Which AWS service can be used to meet this requirement?

A. AWS Systems Manager

B. AWS CloudFormation
C. AWS CodeCommit
D. AWS Config

Answer: B

Explanation:
 Correct answer is B: AWS CloudFormation.

Question: 61 CertyIQ
A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments.
The company wants to automate the creation of
AWS accounts, apply service control policies (SCPs), and simplify billing processes.
Which AWS service or tool should the company use to meet these requirements?

A. AWS Organizations
B. Cost Explorer
C. AWS Budgets
D. AWS Trusted Advisor

Answer: A

Question: 62 CertyIQ
Which IT controls do AWS and the customer share, according to the AWS shared responsibility model? (Choose
two.)

A. Physical and environmental controls

B. Patch management
C. Cloud awareness and training
D. Zone security
E. Application data encryption

Answer: BC

Explanation:

Shared Controls – Controls which apply to both the infrastructure layer and customer layers, but in
completely separate contexts or perspectives. In a shared control, AWS provides the requirements for the
infrastructure and the customer must provide their own control implementation within their use of AWS
services. Examples include:

Patch Management – AWS is responsible for patching and fixing flaws within the infrastructure, but
customers are responsible for patching their guest OS and applications.

Configuration Management – AWS maintains the configuration of its infrastructure devices, but a customer is
responsible for configuring their own guest operating systems, databases, and applications.

Awareness & Training - AWS trains AWS employees, but a customer must train their own employees

Question: 63 CertyIQ
A company is launching an application in the AWS Cloud. The application will use Amazon S3 storage. A large
team of researchers will have shared access to the data. The company must be able to recover data that is
accidentally overwritten or deleted.
Which S3 feature should the company turn on to meet this requirement?
 A. Server access logging
B. S3 Versioning
C. S3 Lifecycle rules
D. Encryption in transit and at rest

Answer: B

Question: 64 CertyIQ
A manufacturing company has a critical application that runs at a remote site that has a slow internet connection.
The company wants to migrate the workload to
AWS. The application is sensitive to latency and interruptions in connectivity. The company wants a solution that
can host this application with minimum latency.
Which AWS service or feature should the company use to meet these requirements?

A. Availability Zones
B. AWS Local Zones
C. AWS Wavelength
D. AWS Outposts

Answer: D

Explanation:

AWS Outposts is designed for workloads that need to remain on-premises due to latency requirements, where
customers want that workload to run seamlessly with the rest of their other workloads in AWS.

AWS Local Zones are a new type of AWS infrastructure designed to run workloads that require single-digit
millisecond latency, like video rendering and graphics intensive, virtual desktop applications. Not every
customer wants to operate their own on-premises data center, while others may be interested in getting rid of
their local data center entirely. Local Zones allow customers to gain all the benefits of having compute and
storage resources closer to end-users, without the need to own and operate their own data center
infrastructure.

(D) AWS Outposts would be the best fit here. Since the client is migrating only the workloads on AWS while
(B) AWS Local Zone wants to get rid of hosting its on-prem data center

Question: 65 CertyIQ
A company wants to migrate its applications from its on-premises data center to a VPC in the AWS Cloud. These
applications will need to access on-premises resources.
Which actions will meet these requirements? (Choose two.)

A. Use AWS Service Catalog to identify a list of on-premises resources that can be migrated.
B. Create a VPN connection between an on-premises device and a virtual private gateway in the VPC.
C. Use an Amazon CloudFront distribution and configure it to accelerate content delivery close to the on-
premises resources.
D. Set up an AWS Direct Connect connection between the on-premises data center and AWS.
E. Use Amazon CloudFront to restrict access to static web content provided through the on-premises web
servers.
 Answer: BD

Explanation:

Regarding Service Catalog (SC), 'This helps you achieve consistent governance and meet your compliance
requirements, while enabling users to quickly deploy only the approved IT services they need (link below).'
The question never said anything about requiring the services SC provides. The customer may benefit from SC
but it's not needed to meet their requirements.

https://aws.amazon.com/servicecatalog/?aws-service-catalog.sort-
by=item.additionalFields.createdDate&aws-service-catalog.sort-order=desc

Question: 66 CertyIQ
A company wants to use the AWS Cloud to provide secure access to desktop applications that are running in a
fully managed environment.
Which AWS service should the company use to meet this requirement?

A. Amazon S3
B. Amazon AppStream 2.0
C. AWS AppSync
D. AWS Outposts

Answer: B

Explanation:

Amazon AppStream 2.0 is a fully managed non-persistent desktop and application service for remotely
accessing your work.

Deliver Software as a Service (SaaS) versions of applications without rewrites, special hardware, or device
installs; ideal for training, trials and software demonstrations.

Question: 67 CertyIQ
A company wants to implement threat detection on its AWS infrastructure. However, the company does not want
to deploy additional software.
Which AWS service should the company use to meet these requirements?

A. Amazon VPC
B. Amazon EC2
C. Amazon GuardDuty
D. AWS Direct Connect

Answer: C

Explanation:

https://aws.amazon.com/guardduty/

1. Continuously monitor your AWS accounts, instances, container workloads, users, and storage for potential
threats.
 2. Expose threats quickly using anomaly detection, machine learning, behavioral modeling, and threat
intelligence feeds from AWS and leading third-parties.

3. Mitigate threats early by initiating automated responses.

Question: 68 CertyIQ
Which AWS service uses edge locations?

A. Amazon Aurora
B. AWS Global Accelerator
C. Amazon Connect
D. AWS Outposts

Answer: B

Explanation:

Reference:
https://aws.amazon.com/global-accelerator/

Question: 69 CertyIQ
A company needs to install an application in a Docker container.
Which AWS service eliminates the need to provision and manage the container hosts?

A. AWS Fargate
B. Amazon FSx for Windows File Server
C. Amazon Elastic Container Service (Amazon ECS)
D. Amazon EC2

Answer: C

Explanation:

AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container
Service (ECS) and Amazon Elastic Kubernetes Service (EKS). AWS Fargate makes it easy to focus on building
your applications. Fargate eliminates the need to provision and manage servers, lets you specify and pay for
resources per application, and improves security through application isolation by design.

Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service
that supports Docker containers and Amazon Elastic Kubernetes Service (EKS) is a fully managed Kubernetes
service. Both ECS and EKS use containers provisioned by Fargate to automatically scale, load balance, and
optimize container availability through managed scheduling, providing an easier way to build and operate
containerized applications.

URL:https://aws.amazon.com/fargate/faqs/

Question: 70 CertyIQ
Which AWS service or feature checks access policies and offers actionable recommendations to help users set
secure and functional policies?

A. AWS Systems Manager

B. AWS IAM Access Analyzer
C. AWS Trusted Advisor
D. Amazon GuardDuty

Answer: B

Question: 71 CertyIQ
A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is
intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and
move the data to AWS later.
Which AWS service should the company use to meet these requirements?

A. AWS IoT Core

B. Amazon Lightsail
C. AWS Storage Gateway
D. AWS Snowball Edge

Answer: D

Explanation:

AWS Snow Family - The AWS Snow Family is a collection of physical devices that help migrate large amounts
of data into and out of the cloud without depending on networks. This helps you apply the wide variety of AWS
services for analytics, file systems, and archives to your data. You can use AWS Snow Family services for data
transfer and occasional pre-processing on location. Some large data transfer examples include cloud
migration, disaster recovery, data center relocation, and/or remote data collection projects. These projects
typically require you to migrate large amounts of data in the shortest, and most cost-effective, amount of time

Question: 72 CertyIQ
A retail company needs to build a highly available architecture for a new ecommerce platform. The company is
using only AWS services that replicate data across multiple Availability Zones.
Which AWS services should the company use to meet this requirement? (Choose two.)

A. Amazon EC2
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon Aurora
D. Amazon DynamoDB
E. Amazon Redshift

Answer: CD

Explanation:
1. data replication with th these two.
2. "using only AWS services for data replication" so i think C and D
Question: 73 CertyIQ
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?

A. Agility
B. Elasticity
C. Reliability
D. Durability

Answer: B

Question: 74 CertyIQ
Service control policies (SCPs) manage permissions for which of the following?

A. Availability Zones
B. AWS Regions
C. AWS Organizations
D. Edge locations

Answer: C

Explanation:

Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html

Question: 75 CertyIQ
Which AWS service can be used to encrypt data at rest?

A. Amazon GuardDuty
B. AWS Shield
C. AWS Security Hub
D. AWS Key Management Service (AWS KMS)

Answer: D

Explanation:

Reference:
https://aws.amazon.com/blogs/security/how-to-protect-data-at-rest-with-amazon-ec2-instance-store-encryp
tion/
" target="_blank" style="word-break: break-all;">
Question: 76 CertyIQ
Which characteristics are advantages of using the AWS Cloud? (Choose two.)

A. A 100% service level agreement (SLA) for all AWS services

B. Compute capacity that is adjusted on demand
C. Availability of AWS Support for code development
D. Enhanced security
E. Increases in cost and complexity

Answer: BD

Explanation:

Reference:
https://intellipaat.com/blog/aws-benefits-and-drawbacks/

Question: 77 CertyIQ
A user is storing objects in Amazon S3. The user needs to restrict access to the objects to meet compliance
obligations.
What should the user do to meet this requirement?

A. Use AWS Secrets Manager.

B. Tag the objects in the S3 bucket.
C. Use security groups.
D. Use network ACLs.

Answer: B

Explanation:

Secrets Manager is for secrets (passwords)

Network ACL is a statekless firewall working on IPs, not users.

Security Groups are stateful firewall, not for user permissions.

In this case I'd say tags:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-tagging.html

"Object tags enable fine-grained access control of permissions. For example, you could grant an IAM user
permissions to read-only objects with specific tags."
Question: 78 CertyIQ
A company wants to convert video files and audio files from their source format into a format that will play on
smartphones, tablets, and web browsers.
Which AWS service will meet these requirements?

A. Amazon Elastic Transcoder

B. Amazon Comprehend
C. AWS Glue
D. Amazon Rekognition

Answer: A

Question: 79 CertyIQ
Which of the following are benefits of Amazon EC2 Auto Scaling? (Choose two.)

A. Improved health and availability of applications

B. Reduced network latency
C. Optimized performance and costs
D. Automated snapshots of data
E. Cross-Region Replication

Answer: AC

Explanation:

https://aws.amazon.com/ec2/autoscaling/faqs

here's a description of the two types of auto scaling confirming the answer is AC.

• • • Vertical Scaling (C. Optimized performance and costs)

○ You 'scale up' your instance type to a larger instance type with additional resources.

○ Requires shutting the server down.

○ Doesn't rely on ELB.

• • • Horizontal Scaling (A. Improved health and availability of applications)

○ You 'scale out' and add additional instances to handle the demand of your application.

○ Utilizes ELB.

Question: 80 CertyIQ
A company has several departments. Each department has its own AWS accounts for its applications. The
company wants all AWS costs on a single invoice to simplify payment, but the company wants to know the costs
that each department is incurring.
Which AWS tool or feature will provide this functionality?

A. AWS Cost and Usage Reports

B. Consolidated billing
C. Savings Plans
D. AWS Budgets

Answer: B
 Thank you
Thank you for being so interested in the premium exam material.
I'm glad to hear that you found it informative and helpful.

But Wait

I wanted to let you know that there is more content available in the full version.
The full paper contains additional sections and information that you may find helpful,
and I encourage you to download it to get a more comprehensive and detailed view of
all the subject matter.

Download Full Version Now

Total: 1013 Questions

Link: https://certyiq.com/papers?provider=amazon&exam=aws-certified-cloud-practitioner