- (Topic 1)
A company wants to use the AWS Cloud as an offsite backup location for its on-premises infrastructure.
Which AWS service will meet this requirement MOST cost-effectively?
Correct Answer:
A
Amazon S3 is the most cost-effective service for storing offsite backups of on-premises infrastructure. Amazon S3 offers low-cost, durable, and scalable storage that can be accessed from anywhere over the internet. Amazon S3 also supports lifecycle policies, versioning, encryption, and cross-region replication to optimize the backup and recovery process. Amazon EFS, Amazon FSx, and Amazon EBS are more suitable for storing data that requires high performance, low latency, and frequent access12
- (Topic 3)
A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities.
Which AWS service will meet these requirements?
Correct Answer:
B
Amazon Inspector is the AWS service that can be used to perform vulnerability scans on AWS EC2 instances for software vulnerabilities automatically in a periodic fashion. Amazon Inspector automatically discovers EC2 instances and scans them for software vulnerabilities and unintended network exposure. Amazon Inspector uses AWS Systems Manager (SSM) and the SSM Agent to collect information about the software application inventory of the EC2 instances. This data is then scanned by Amazon Inspector for software vulnerabilities12. Amazon Inspector also integrates with other AWS services, such as Amazon EventBridge and AWS Security Hub, to automate discovery, expedite vulnerability routing, and shorten mean time to remediate (MTTR) vulnerabilities2.
- (Topic 3)
A company wants to migrate its server-based applications to the AWS Cloud. The company wants to determine the total cost of ownership for its compute resources that will be hosted on the AWS Cloud.
Which combination of AWS services or tools will meet these requirements?
Correct Answer:
AD
AWS Pricing Calculator and AWS Application Discovery Service are the best combination of AWS services or tools to meet the requirements of determining the total cost of ownership for compute resources that will be hosted on the AWS Cloud. AWS Pricing Calculator is a tool that enables you to estimate the cost of using AWS services based on your usage scenarios and requirements. You can use AWS Pricing Calculator to compare the costs of running your applications on-premises or on AWS, and to optimize your AWS spending. AWS Application Discovery Service is a service that helps you plan your migration to the AWS Cloud by collecting and analyzing information about your on- premises servers, applications, and dependencies. You can use AWS Application Discovery Service to identify the inventory of your on-premises infrastructure, group servers by applications, and estimate the performance and resource utilization of your applications45
- (Topic 1)
Which AWS services or features can control VPC traffic? (Select TWO.)
Correct Answer:
AD
The AWS services or features that can control VPC traffic are security groups and network ACLs. Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level. You can associate one network ACL with each subnet in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. AWS Direct Connect, Amazon GuardDuty, and Amazon Connect are not services or features that can control VPC traffic. AWS Direct Connect is a service that establishes a dedicated network connection between your premises and AWS. Amazon GuardDuty is a service that monitors your AWS account and workloads for malicious or unauthorized activity. Amazon Connect is a service that provides a cloud-based contact center solution.
- (Topic 1)
A company has an online shopping website and wants to store customers' credit card data. The company must meet Payment Card Industry (PCI) standards.
Which service can the company use to access AWS compliance documentation?
Correct Answer:
B
The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: [AWS Artifact FAQs]
