Question No:-21

Which AWS service will help protect applications running on AWS from DDoS attacks?   1. Amazon GuardDuty   2. AWS WAF   3. AWS Shield   4. Amazon Inspector  View Answer Answer:-3. AWS Shield

Question No:-22

What are some advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises? (Choose two.)   1. EC2 includes operating system patch management.   2. EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM).   3. EC2 has a 100% service level agreement (SLA).   4. EC2 has a flexible, pay-as-you-go pricing model.   5. EC2 has automatic storage cost optimization.  View Answer Answer:-4 and 5

Question No:-23

A company needs to establish a connection between two VPCs. The VPCs are located in two different AWS Regions. The company wants to use the existing infrastructure of the VPCs for this connection. Which AWS service or feature can be used to establish this connection?   1. AWS Client VPN   2. VPC peering   3. AWS Direct Connect   4. VPC endpoints  View Answer Answer:-2. VPC peering Reference:-https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html

Question No:-24

How does the AWS Cloud pricing model differ from the traditional on-premises storage pricing model?   1. AWS resources do not incur costs   2. There are no infrastructure operating costs   3. There are no upfront cost commitments   4. There are no software licensing costs  View Answer Answer:-2. There are no infrastructure operating costs

Question No:-25

Which AWS service or feature acts as a firewall for Amazon EC2 instances?   1. Network ACL   2. Elastic network interface   3. Amazon VPC   4. Security group  View Answer Answer:-4. Security group

Question No:-26

A user needs to determine whether an Amazon EC2 instance's security groups were modified in the last month. How can the user see if a change was made?   1. Use Amazon EC2 to see if the security group was changed.   2. Use AWS Identity and Access Management (IAM) to see which user or role changed the security group.   3. Use AWS CloudTrail to see if the security group was changed.   4. Use Amazon CloudWatch to see if the security group was changed.  View Answer Answer:-3. Use AWS CloudTrail to see if the security group was changed.

Question No:-27

According to the AWS shared responsibility model, what responsibility does a customer have when using Amazon RDS to host a database?   1. Manage connections to the database   2. Install Microsoft SQL Server   3. Design encryption-at-rest strategies   4. Apply minor database patches  View Answer Answer:-1. Manage connections to the database

Question No:-28

A company needs to simultaneously process hundreds of requests from different users. Which combination of AWS services should the company use to build an operationally efficient solution?   1. Amazon Simple Queue Service (Amazon SQS) and AWS Lambda   2. AWS Data Pipeline and Amazon EC2   3. Amazon Kinesis and Amazon Athena   4. AWS Amplify and AWS AppSync  View Answer Answer:-2. AWS Data Pipeline and Amazon EC2

Question No:-29

What is the scope of a VPC within the AWS network?   1. A VPC can span all Availability Zones globally.   2. A VPC must span at least two subnets in each AWS Region.   3. A VPC must span at least two edge locations in each AWS Region.   4. A VPC can span all Availability Zones within an AWS Region.  View Answer 4. A VPC can span all Availability Zones within an AWS Region.

Question No:-30

Which of the following are components of an AWS Site-to-Site VPN connection? (Choose two.)   1. AWS Storage Gateway   2. Virtual private gateway   3. NAT gateway   4. Customer gateway   5. Internet gateway  View Answer Answer:-2 and 4