What is true about Regions?

(Choose 2) 
A. All regions are located in one specific geographic area 
B. Resources are replicated across all regions by default 
C. Physical location of your customers 
D. Physical location with multiple availability zones 
E. Each region is located in separate geographic area

Which of the following AWS tools help your application scale up or down based on demand? (Choose 2) 
A. AWS CloudFormation 
B. Auto Scaling 
C. Auto Availability Zones 
D. Agile Load Balancing 
E. Elastic Load Balancing

Which of the following are NOT a benefit of AWS cloud computing? (Choose 2) 
A. Multiple procurement cycles 
B. Fault tolerant databases 
C. High latency 
D. Temporary and disposable resources 
E. High availability

Which of the following is NOT an advantage of cloud computing over on-premise computing? 
A. Pay for racking, stacking and powering servers 
B. Trade capital expense for variable expense 
C. Eliminate guessing on your infrastructure capacity needs 
D. Benefit from massive economies of scale increase speed and agility

Which of the following are advantages of AWS cloud security? (Choose 2) 
A. AWS retains complete control and ownership of your data region 
B. You retain complete control and ownership of your data region 
C. AWS infrastructure security auditing is periodic and manual 
D. AWS uses multi-factor access control systems
E. AWS uses single-factor access control systems

What is the number one reason customers are switching to cloud computing? 
A. Automation
B. Overprovisioning 
C. Finite infrastructure 
D. Agility 
E. Instant Configuration
What is the pricing model that allows AWS customers to pay for resources on an as needed basis? 
A. Pay as you go 
B. Pay as you reserve 
C. Pay as you use 
D. Pay as you buy 
E. Pay as you own

Which of the following is true about security groups? (Choose 2)

A. Acts as a virtual firewall to control inbound and outbound traffic
B. Acts as a virtual firewall to control outbound traffic only
C. Acts as a virtual firewall to control inbound traffic only
D. All inbound traffic is allowed and outbound traffic is denied by default
E. All inbound traffic is denied and outbound traffic is allowed by default

Which of the following statements are true about Availability Zones? (Choose 2)
A. A single zone equals a single data center
B. Multiple zones are physically connected on the same grid
C. Multiple zones are connected by low latency network links
D. Multiple zones will fail if one zone fails
E. A single zone can span multiple data centers

Which of the following is NOT an AWS region?

A. Oregon
B. Ireland
C. Moscow
D. Frankfurt
E. Virginia

How does an edge location help end users?

A. Increases latency
B. Reduces power consumption
C. Increases storage
D. Reduces latency
E. Reduces scaling

What AWS tool utilizes edge location to cache content and reduce latency>
A. EC2 Instances
B. AWS CloudFront
C. EBS storage
D. RDS
E. VPCs

Which service should an administrator use to register a new domain name with AWS?
A. Amazon Route 53
B. Amazon CloudFront
C. Elastic load Balancing 
D. Amazon Virtual Private Cloud (Amazon VPC)

Which of the following is a benefit of running an application across two Availability Zones?
A. Performance is improved over running in a single Availability Zone
B. It is more secure than running in a single Availability Zone
C. It significantly reduces the total cost of ownership versus running in a single Availability Zone
D. It increases the availability of an application compared to running in a single Availability Zone

Which service allows an administrator to create and modify AWS user Permissions?
A. AWS Config
B. AWS CloudTrail
C. AWS Key Management Service (AWS KMS)
D. AWS Identity and Access Management (IAM)

Where can a customer go to get more detail about Amazon Elastic Cloud (Amazon EC2) billing activity that
took place 3 months ago?
A. Amazon EC2 dashboard
B. AWS Cost and Usage reports
C. AWS Trusted Advisor dashboard
D. AWs CloudTrail logs stored in Amazon Simple Storage Service (Amazon S3)

Which of the following security requirements are managed by AWS customer? (Select 2) 
A. Password policies 
B. User permissions
C. Physical Security
D. Disk disposal 
E. Hardware patching

Which of the following services uses AWS edge locations?

A. Amazon Virtual Private Cloud (Amazon VPC)
B. Amazon CloudFront
C. Amazon Elastic Compute Cloud (Amazon EC2)
D. AWS Storage Gateway
The main benefit of decoupling an application is to 
A. Create a tightly integrated application
B. Reduce inter-dependencies so failures do not impact other components
C. Enable data synchronization across the web application layer
D. Have the ability to execute automated bootstrapping actions

What is the value of having AWS Cloud services accessible through an Application Programming interface
(API)?
A. Cloud resources can be managed programmatically
B. AWS infrastructure use will always be cost-optimized.
C. Al application testing is managed by AWS
D. Customer-owned, on-premises infrastructure becomes programmable

Which service allows for the collection and tracking of metrics for AWS services?
A. Amazon CloudFront
B. Amazon CloudSearch
C. Amazon CloudWatch
D. Amazon Machine Learning (Amazon ML)

Which AWS services can be used to store files? (Select Two)

A. Amazon CloudWatch
B. Amazon Simple Storage Service (Amazon S3)
C. Amazon Elastic Block Store (Amazon EBS)
D. AWS config
E. Amazon Athena

Which AWS Cloud service is used to turn on Multi-Factor Authentication (MFA)?

A. AWS Identity and Access Management (IAM)
B. Amazon Elastic Compute Cloud (Amazon EC2)
C. AWS Config
D. Amazon Inspector

What AWS feature enables a user to manage services through a web-based user interface?
A. AWS Management Console
B. AWS Application Programming interface (API)
C. AWS Software Development Kit (SDK)
D. Amazon CloudWatch
Amazon Elastic Compute Cloud (Amazon EC2) Spot instances are appropriate for which of the following
workloads?
A. Workloads that are only run in the morning and stopped at night
B. Workloads where the availability of the Amazon EC2 instances can be flexible
C. Workloads that need to run for long periods of time without interruption
D. Workloads that are critical and need Amazon EC2 instances with termination protection

Which AWS service provides infrastructure security optimization recommendations?

A. AWS Price List Application Programming interface (API)
B. Reserved instances
C. AWS Trusted Advisor
D. Amazon Elastic Compute Cloud (Amazon EC2) Spot Fleet

Which AWS service automates infrastructure provisioning and administrative tasks for an analytical data
warehouse?
A. Amazon Redshift 
B. Amazon DynamoDB
C. Amazon ElasticCache
D. Amazon Aurora

A company needs to know which user was responsible for terminating several critical Amazon Elastic
Compute Cloud (Amazon EC2) instances.
A. AWS Trusted Advisor 
B. Amazon EC2 instance usage report
C. Amazon CloudWatch
D. AWS CloudTrail logs

Which of the following is the responsibility of the AWS customer according to the Shared Security Model?
A. Managing AWS Identity and Access Management (IAM)
B. Securing edge locations
C. Monitoring physical device security
D. Implementing Service Organization Control (SOC) standards

Which tool can display the distribution of AWS spending?

A. AWS Organizations
B. Amazon DevPay
C. AWS Trusted Advisor
D. AWS Cost Explorer
Which of the following is a benefit of Amazon Elastic Compute Cloud (Amazon EC2) over physical servers?
A. Automated backup
B. Paying only for what you use
C. The ability to choose hardware vendors 
D. Root/administrator access

How can the AWS Management Console be secured against unauthorized access?
A. Apply Multi-Factor Authentication (MFA)
B. Set up a secondary password
C. Request root access privileges
D. Disable AWS console access

Systems applying the cloud architecture principle of elasticity will

A. Minimize storage requirements by reducing logging and auditing activities 
B. Create systems that scale to the required capacity based on changes in demand
C. Enable AWS to automatically select the most cost-effective services
D. Accelerate the design process because recovery from failure is automated, reducing the need for testing

Which of the following is a factor when calculating Total Cost of Ownership (TCO)
A. The number of servers migrated to AWS
B. The number of users migrated to AWS 
C. The number of passwords migrated to AWS 
D. The number of keys migrated to AWS

Who has control of the data in an AWS account?

A. AWS Support Team 
B. AWS Account Owner
C. AWS Security Team
D. AWS Technical Account Manager (TAM)

A disaster recovery strategy on AWS should be based on launching infrastructure in a separate

A. Subnet
B. AWS Region
C. AWS edge location 
D. Amazon Virtual Private Cloud (Amazon VPC)

Which of the following examples supports the cloud design principle "design for failure and nothing will
fail?"
A. Adding an elastic load balancer in front of a single B. Amazon Elastic Compute Cloud (Amazon EC2)
instance 
B. Creating and deploying the most cost-effective solution
C. Deploying an application in multiple Availability Zones
D. Using Amazon CloudWatch alerts to monitor performance

Why is AWS more economical than traditional data centers for applications with varying compute
workloads?
A. Amazon Elastic Compute Cloud (Amazon EC2) costs are billed on a monthly basis.
B. Customers retain full administrative access to their Amazon EC2 instances.
C. Amazon EC2 instances can be launched on-demand when needed.
D.Customers can permanently run enough instances to handle peak workloads.

Which AWS service would simplify migration of a database to AWS?

A. AWS Storage Gateway
B. AWS Database Migration Service (AWS DMS)
C. Amazon Elastic Compute Cloud (Amazon EC2)
D. Amazon AppStream 2.0

Which AWS offering enables customers to find, buy, and immediately start using software solutions in their
AWS environment?
A. AWS Config
B. AWS OpsWorks
C. AWS SDK
D. AWS Marketplace

Which AWS networking service enables a company to create a virtual network within AWS?
A. AWS Config
B. Amazon Route 53
C. AWS Direct Connect
D. Amazon Virtual Private Cloud (Amazon VPC)

Which of the following is AWS's responsibility under the AWS shared responsibility model?
A. Configuring third-party applications
B. Maintaining physical hardware
C. Securing application access and data
D. Managing custom Amazon Machine Images (AMIs)

Which component of AWS global infrastructure does Amazon CloudFront use to ensure low-latency
delivery?
A. AWS Regions
B. AWS edge locations
C. AWS Availability Zones
D. Amazon Virtual Private Cloud (Amazon VPC)

How would a system administrator add an additional layer of login security to a user's AWS Management
Console?
A. Use AWS Cloud Directory
B. Audit AWS Identity and Access Management (IAM) roles
C. Enable Multi-Factor Authentication
D. Enable AWS CloudTrail

Which service can identify the user that made the API call when an Amazon Elastic Compute Cloud (Amazon
EC2) instance is terminated?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS X-Ray
D. AWS Identity and Access Management (AWS IAM)

Which service would you use to send alerts based on Amazon CloudWatch alarms?
A. Amazon Simple Notification Service (Amazon SNS)
B. AWS CloudTrail
C. AWS Trusted Advisor
D. Amazon Route 53

Where can a customer find information about prohibited actions on AWS infrastructure?
A. AWS Trusted Advisor
B. AWS Identity and Access Management (IAM)
C. AWS Billing Console
D. AWS Acceptable Use Policy

Which of the following best describes EBS?

A. A managed database service
B. A NoSQL database service
C. A bitcoin-mining service
D. A virtual hard-disk in the cloud

Which of the following best describes Availability Zones?

A. Two zones containing compute resources that are designed to automatically maintain synchronized
copies of each other's data.
B. A Content Distribution Network used to deliver content to users.
C. Distinct locations from within an AWS region that are engineered to be isolated from failures.
D. Restricted areas designed specifically for the creation of Virtual Private Clouds.

There are at least _______ Availability Zones per AWS Region.

A. 3
B. 4
C. 2
D. 1

IAM policies are written using ________.

A. SGML
B. XML
C. SAML
D. JSON

True or False: Access Control Lists are used to make entire buckets (like one hosting an S3 website) public.
A. False
B. True

True or False: To restrict access to an entire bucket, you use bucket control lists; and to restrict access to an
individual object, you use object policies.
A. False
B. True

Which of the following are types of cloud computing deployments? (Choose 3)

A. Hybrid cloud
B. Mixed cloud
C. Public cloud
D. Private cloud

True or False: Objects stored in S3 are stored in a single, central location within AWS.
A. True
B. False

True or False: S3 can be used to host a dynamic website, like one that runs on a LAMP stack.
A. True
B. False

In which of the following is CloudFront content cached?

A. Availability Zone
B. Region
C. Edge Location
D. Data Center

Which of the following are advantages of cloud computing? (Choose 4)

A. Elasticity - you need not worry about capacity.
B. Requires large amounts of capital
C. Variable expense
D. Increased speed and agility
E. The ability to 'go global' in minutes

True or False: There are more Regions than there are Availability Zones.
A. True
B. False

True or False: S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc.
A. True
B. False

Which of the following are characteristics of cloud computing? (Choose 3)

A. On-demand delivery
B. Cloud charges are capital expenditures.
C. Services are delivered via the Internet.
D. Pay-as-you-go pricing

Which of the following is correct?

A. # of Availability Zones > # of Regions > # of Edge Locations
B.# of Availability Zones > # of Edge Locations > # of Regions
C. # of Edge Locations > # of Availability Zones > # of Regions
D. # of Regions > # of Availability Zones > # of Edge Locations

Which of the following best describes an AWS Region?

A. A collection of data centers that is spread evenly around a specific continent.
B. A console that gives you a quick, global picture of your cloud computing environment.
C. A collection of databases that can only be accessed from a specific geographic region.
D. A distinct location within a geographic area designed to provide high availability to a specific
geography.
True or False: Both you and a friend can have an S3 bucket called 'mytestbucket'.
A. True
B. False

Which of the following AWS Support levels offers the assistance of a Technical Account Manager?
A. Elite
B. Enterprise
C. Business
D. Developer

True or False: A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route
53.
A. True
B. False

Which of the following are valid access types for an IAM user? (Choose 3)
A. Emergency access via Identity Access Management (IAM)
B. Using the AWS Software Developers Kit
C. Security Group access via the AWS command line
D. Programmatic access via the command line
E. AWS Management Console access

Which of the following is the document used to grant permissions to users, groups, and roles?
A. Paradigm
B. Passbook
C. Policy
D. Protocol

True or False: S3 Transfer Acceleration uses AWS' network of Availability Zones to more quickly get your
data into AWS.
A. False
B. True

True or False: Identity Access Management (IAM) is a Regional service.

A. True
B. False

Which of the following EC2 options is best for long-term workloads with predictable usage patterns?
A. Reserved instances
B. On-Demand instances
C. Spot instances
D. Dedicated Host

True or False: A Distribution is what we call a series of Edge Locations that make up CDN.
A. True
B. False

Which of the following AWS Support levels offers 24x7 support via phone or chat?
A. Developer
B. Basic
C. Business
D. Individual

Which of the following are steps you should take in securing your AWS account? (Choose 3)
A. Use Groups to assign permissions to IAM users.
B. Activate Multifactor Authentication (MFA) on your root account.
C. Create individual IAM users.
D. Create a Root IAM role.

Which of the following data archival services is extremely inexpensive, but has a several hour data-retrieval
window?
A. S3-1Zone-IA
B. S3-IA
C. Glacier
D. S3
E. S3-RRS

Amazon Lightsail is an example of which of the following?

A. Infrastructure as a Service
B. Platform as a Service
C. Software as a Service
D. Functions as a Service

Which of the following are Support Levels offered by AWS? (Choose 3)

A. Individual
B. Business
C. Developer
D. Start-up
E. Basic
Which of the following are not valid CloudFormation template sections?
A. Outputs
B. Options
C. Parameters
D. Resources

Choose the features of Consolidated Billing. (Choose 3)

A. Account charges can be tracked individually
B. Multiple standalone accounts are combined and may reduce your overall bill
C. Charging is based per VPC
D. A single bill is issued containing the charges for all AWS Accounts

Which of the following EC2 instance types will realize a savings over time in exchange for a contracted term-
of-service?
A. On-demand instances
B. Reserved instances
C. Spot instances
D. Discount instances

Which of the following Route 53 policies allow you to a) route data to a second resource if the first is
unhealthy, and b) route data to resources that have better performance?
A. Failover Routing and Latency-based Routing
B. Failover Routing and Simple Routing
C. Geoproximity Routing and Geolocation Routing
D. Geolocation Routing and Latency-based Routing

Which of the following support plans features access to AWS Support during business hours via email?
A. Enterprise
B. Business
C. Developer
D. Basic

True or False: With Consolidated Billing, the Paying Account can make changes to any of the resources
owned by a Linked Account.
A. False
B. True

Which of the following support plans features a < 4-hour response time in the event of an impaired
production system?
A. Developer
B. Basic
C. Business
D. Individual

Which of the following is not a fundamental AWS charge?

A. Data-in
B. Storage
C. Compute
D. Data-out

Which of the following AWS services are free to use? (Choose 5)

A. EC2
B. RDS
C. S3
D. CloudFormation
E. Elastic Beanstalk
F. Route53
G. Auto-Scaling
H. VPC
I. EBS
J. IAM

Which of the following are criteria affecting your billing for RDS? (Choose 3)
A. Standby time
B. Data transfer in
C. Additional storage
D. Number of requests
E. Clock hours of server time

Which of the following best describes a Resource Group?

A. A resource group is a collection of resources that are deployed in the same AWS Region.
B. A resource group is a collection of resources that share one or more tags (or portions of tags.)
C. A resource group is a collection of resources of the same type (EC2, S3, etc.) that are deployed in the same
Availability Zone.
D. A resource group is a collection of resources of the same type (EC2, S3, etc.) that share one or more tags or
portions of tags.

Which of the following are valid EC2 pricing options? (Choose 2)

A. Enterprise
B. On-Demand
C. Stop
D. Reserved

By default, what is the maximum number of Linked Accounts per Paying Account under Consolidated
Billing?
A. 10
B. 50
C. 20
D. 100

True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring.
A. True
B. False

You need to use an AWS service to assess the security and compliance of your EC2 instances. Which of the
following services should you use?
A. AWS Trusted Advisor
B. AWS Inspector
C. AWS Shield
D. AWS WAF

Which of the following Compliance certifications attests to the security of the AWS platform regarding credit
card transactions?
A. SOC 1
B. ISO 27001
C. SOC 2
D. PCI DSS Level 1

The AWS Web Application Firewall can go down to which of the following OSI layers?
A. 7
B. 6
C. 4
D. 5

Which of the following AWS services can help you assess the fault-tolerance of your AWS environment?
A. AWS Trusted Advisor
B. AWS Inspector
C. AWS WAF
D. AWS Shield
True or False: It's safer to use Access Keys than it is to use IAM roles.
A. False
B. True

Which of the following Compliance guarantees attests to the fact that the AWS Platform has met the standard
required for the secure storage of medical records in the US?
A. HITECH
B. HIPPA
C. GLBA
D. FERPA

True or False: Security in the cloud is the responsibility of AWS.

A. True
B. False

Which of the following is AWS' managed DDoS protection service?

A. AWS WAF
B. Security Groups
C. AWS Shield
D. Access Control Lists

Which of the following services will help you optimize your entire AWS environment in real time following
AWS best practices?
A. AWS Trusted Advisor
B. AWS Shield
C. AWS WAF
D. AWS Inspector

True or False: With AWS Organizations, you can use either just the Consolidated Billing feature, or all the
offered features.
A. True
B. False

You have a project that will require 90 hours of computing time. There is no deadline, and the work can be
stopped and restarted without adverse effect. Which of the following computing options offers the most
cost-effective solution?
A. Reserved instances
B. On-demand instances
C. ECS instances
D. Spot instances
Which of the following are AWS compute services? (Choose 2)
A. SNS
B. Lambda
C. EBS
D. EC2

Which of the following is AWS' Data Warehousing service?

A. Elastic Map Reduce
B. Snowball
C. S3 Big Data
D. Redshift

You have a mission-critical application which must be globally available at all times. Which deployment
strategy should you follow?
A. Multi-VPC in two AWS Regions
B. Deploy to all Availability Zones in your home region.
C. Multi-Availability Zone
D. Multi-Region

Which of the following are principles of sound cloud design? (Choose 4)

A. Disposable resources
B. Infrastructure as code
C. Assume everything will fail.
D. Treat your servers like pets, not cattle.
E. Limit the number of 3rd-party services.
F. Tightly-coupled components
G. Scalability

Your Development team uses four on-demand EC2 instances and your QA team has 5 reserved instances,
only three of which are being used. Assuming all AWS accounts are under a single AWS Organization, how
will the Development team's instances be billed?
A. The pricing for the reserved instances will shift from QA to Dev.
B. All the Dev team's instances will be billed at the on-demand rate.
C. All the Dev instances will be billed at the reserved instance rate.
D. The Dev team will be billed for two instances at on-demand prices and two instances at the
reserved instance price.

You need to implement an automated service that will scan your AWS environment with the goal of both
improving security and reducing costs. Which service should you use?
A. Config Rules
B. Trusted Advisor
C. Service Catalog
D. CloudTrail

Which of the following AWS services can assist you with cost optimization?
A. AWS WAF
B. AWS Inspector
C. AWS Trusted Advisor
D. AWS Shield

Which of the following support services do all accounts receive as standard?

A. 24/7 support via phone and chat
B. Technical support
C. Billing support
D. Technical Account Manager

Which of the following AWS services should you use to migrate an existing database to AWS?
A. Route 53
B. Storage Gateway
C. SNS
D. DMS

Which of the following AWS services should you use if you'd like to be notified when you have crossed a
billing threshold? (Choose 2)
A. AWS Bugdet
B. Trusted Advisor
C. CloudWatch
D. AWS Cost Allocation

Which of the following support plans features unlimited (customer-side) contacts and unlimited support
cases? (Choose 2)
A. Basic
B. Enterprise
C. Developer
D. Business

Which native AWS service will act as a file system mounted on an S3 bucket?
A. Amazon Elastic File System
B. AWS Storage Gateway
C. Amazon S3
D. Amazon Elastic Block Store

Which of the following is AWS' managed database service that is up to 5X faster than a traditional MySQL
database.
A. MariaDB
B. PostgreSQL
C. Aurora
D. DynamoDB

Which AWS service allows you to run code without having to worry about provisioning any underlying
resources (such as virtual machines, databases etc.)
A. EC2
B. Lambda
C. DynamoDB
D. EC2 Container Service

Under the Shared Responsibility model, for which of the following does AWS not assume responsibility?
A. Hypervisors
B. Networking
C. Customer data
D. Physical security of AWS facilities

Which of the following is not a feature of AWS Organizations?

A. Grouping all of your AWS accounts into Organisational Units (OUs) as part of a hierarchy
B. Hierarchical based control over groups of IAM users and roles, within multiple Accounts
C. AWS accounts which are members of an Organization can have the benefit of Consolidated Billing
D. Granular configuration of Security Groups within a VPC

You need to host a file in a location that's publicly accessible from anywhere in the world. Which AWS
service would best meet that need?
A. S3
B. EC2
C. EBS
D. RDS

Which AWS service is specifically designed to assist you in processing large data sets?
A. AWS Big Data Processing C. EMR
B. EC2 D. ElastiCache