- (Topic 2)
Which encryption types can be used to protect objects at rest in Amazon S3? (Select TWO.)
Correct Answer:
AB
Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) and server-side encryption with AWS KMS managed keys (SSE-KMS) are the encryption types that can be used to protect objects at rest in Amazon S3. Server-side encryption means that Amazon S3 encrypts the objects before saving them on disks and decrypts them when they are downloaded. SSE-S3 uses one master key per bucket that is managed by Amazon S3. SSE-KMS uses a customer master key (CMK) that is stored in AWS Key Management Service (AWS KMS) and provides additional benefits, such as audit trails and key rotation. For more information, see Protecting Data Using Server-Side Encryption and Protecting Data Using Encryption.
- (Topic 1)
Which AWS service or tool does AWS Control Tower use to create resources?
Correct Answer:
A
AWS Control Tower uses AWS CloudFormation to create resources in your landing zone. AWS CloudFormation is a service that helps you model and set up your AWS resources using templates. AWS Control Tower supports creating AWS::ControlTower::EnabledControl resources in AWS CloudFormation. Therefore, the correct answer is A. You can learn more about AWS Control Tower and AWS CloudFormation from this page.
- (Topic 2)
Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?
Correct Answer:
B
Operations is an option that is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF). Operations is one of the six perspectives of the AWS CAF, along with business, people, governance, platform, and security. Operations focuses on the processes and procedures to support the ongoing management and maintenance of the cloud-based IT assets. It covers topics such as monitoring, backup and recovery, change management, incident management, and automation5. Sustainability is not a perspective of the AWS CAF, but a concept that refers to the ability of a system to operate in an environmentally friendly and socially responsible manner. Performance efficiency is not a perspective of the AWS CAF, but a pillar of the AWS Well-Architected Framework. It focuses on using the right resources and services for the workload, monitoring performance, and continuously improving the efficiency of the solution. Reliability is not a perspective of the AWS CAF, but a pillar of the AWS Well- Architected Framework. It focuses on the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues.
- (Topic 3)
To reduce costs, a company is planning to migrate a NoSQL database to AWS.
Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?
Correct Answer:
C
Amazon DynamoDB is a fully managed, serverless, key-value NoSQL database service that can deliver consistent, single-digit millisecond performance at any scale. DynamoDB can automatically scale throughput capacity to meet the demands of the database workload, without requiring any manual intervention. DynamoDB is ideal for NoSQL applications that need high performance, availability, and scalability. DynamoDB also offers features such as encryption at rest, point-in-time recovery, global tables, and in- memory caching. References: What is NoSQL?, Amazon DynamoDB, [AWS Cloud Practitioner Essentials: Module 4 - Databases in the Cloud]
- (Topic 1)
A company uses Amazon Aurora as its database service. The company wants to encrypt its databases and database backups.
Which party manages the encryption of the database clusters and database snapshots, according to the AWS shared responsibility
model?
Correct Answer:
A
AWS manages the encryption of the database clusters and database snapshots for Amazon Aurora, as well as the encryption keys. This is part of the AWS shared responsibility model, where AWS is responsible for the security of the cloud, and the customer is responsible for the security in the cloud. Encryption is one of the security features that AWS provides to protect the data at rest and in transit. For more information, see Amazon Aurora FAQs and AWS Shared Responsibility Model.
