Q151. A company is using AWS Identity and Access Management (IAM). Who can manage the access keys of the AWS account root user?
A. IAM users in the same account that have been granted permission
B. IAM roles in any account that have been granted permission
C. IAM users and roles that have been granted permission
D. The AWS account owner
Answer
D
Q152. A company needs an event history of which AWS resources the company has created. Which AWS service will provide this information?
A. Amazon CloudWatch
B. AWS CloudTrail
C. Amazon Aurora
D. Amazon EventBridge
Answer
B
Q153. A company’s cloud environment includes Amazon EC2 instances and Application Load Balancers. The company wants to improve protections for its cloud resources against DDoS attacks. The company also wants to have real-time visibility into any DDoS attacks. Which AWS service will meet these requirements?
A. AWS Shield Standard
B. AWS Firewall Manager
C. AWS Shield Advanced
D. Amazon GuardDuty
Answer
C
Q154. A company wants to update its online data processing application by implementing container-based services that run for 4 hours at a time. The company does not want to provision or manage server instances. Which AWS service will meet these requirements?
A. AWS Lambda
B. AWS Fargate
C. Amazon EC2
D. AWS Elastic Beanstalk
Answer
B
Q155. A user needs to perform a one-time backup of an Amazon Elastic Block Store (Amazon EBS) volume that is attached to an Amazon EC2 instance. What is the MOST operationally efficient way to perform this backup?
A. Attach another EBS volume to the EC2 instance, and copy the contents.
B. Copy the EBS volume to a server that is running outside AWS and is connected with AWS Direct Connect.
C. Create an EBS snapshot of the volume.
D. Create a custom script to copy the EBS file contents to Amazon S3.
Answer
C
Q156. A company wants to manage access and permissions for its third-party software as a service (SaaS) applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications. Which AWS service should the company use to meet these requirements?
A. Amazon Cognito
B. AWS IAM Identity Center (AWS Single Sign-On)
C. AWS Identity and Access Management (IAM)
D. AWS Directory Service for Microsoft Active Directory
Answer
B
Q157. Which AWS Cloud Adoption Framework (AWS CAF) perspective focuses on organizing an inventory of data products in a data catalog?
A. Operations
B. Governance
C. Business
D. Platform
Answer
B
Q158. A company runs its production workload in the AWS Cloud. The company needs to choose one of the AWS Support Plans. Which of the AWS Support Plans will meet these requirements at the LOWEST cost?
A. Developer
B. Enterprise On-Ramp
C. Enterprise
D. Business
Answer
D
Q159. Which VPC component can a company use to set up a virtual firewall at the Amazon EC2 instance level?
A. Network ACL
B. Security group
C. Route table
D. NAT gateway
Answer
B
Q160. A developer needs to interact with AWS by using the AWS CLI. Which security feature or AWS service must be provisioned in the developer’s account to meet this requirement?
A. User name and password
B. AWS Systems Manager
C. Root password access
D. AWS access key
Answer
D