- (Topic 1)
A company wants to use the AWS Cloud as an offsite backup location for its on-premises infrastructure.
Which AWS service will meet this requirement MOST cost-effectively?

Correct Answer:A
Amazon S3 is the most cost-effective service for storing offsite backups of on-premises infrastructure. Amazon S3 offers low-cost, durable, and scalable storage that can be accessed from anywhere over the internet. Amazon S3 also supports lifecycle policies, versioning, encryption, and cross-region replication to optimize the backup and recovery process. Amazon EFS, Amazon FSx, and Amazon EBS are more suitable for storing data that requires high performance, low latency, and frequent access12

- (Topic 3)
Which AWS services can limit manual errors by consistently provisioning AWS resources in multiple envirom

Correct Answer:CD
AWS CloudFormation and AWS Cloud Development Kit (AWS CDK) are AWS services that can limit manual errors by consistently provisioning AWS resources in multiple environments. AWS CloudFormation is a service that enables you to model and provision AWS resources using templates. You can use AWS CloudFormation to define the AWS resources and their dependencies that you need for your applications, and to automate the creation and update of those resources across multiple environments, such as development, testing, and production. AWS CloudFormation helps you ensure that your
AWS resources are configured consistently and correctly, and that you can easily replicate or modify them as needed. AWS Cloud Development Kit (AWS CDK) is a service that enables you to use familiar programming languages, such as Python, TypeScript, Java, and C#, to define and provision AWS resources. You can use AWS CDK to write code that synthesizes into AWS CloudFormation templates, and to leverage the existing libraries and tools of your preferred language. AWS CDK helps you reduce the complexity and errors of writing and maintaining AWS CloudFormation templates, and to apply the best practices and standards of software development to your AWS infrastructure.

- (Topic 1)
Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?

Correct Answer:C
AWS Storage Gateway file gateway allows companies to use protocols such as NFS and SMB to store and retrieve objects in Amazon S3. File gateway provides a seamless integration between on-premises applications and Amazon S3, and enables low- latency access to data through local caching. File gateway also supports encryption, compression, and lifecycle management of the objects in Amazon S3. For more information, see What is AWS Storage Gateway? and File Gateway.

- (Topic 3)
A company wants to receive alerts to monitor its overall operating costs for its AWS public
cloud infrastructure.
Which AWS offering will meet these requirements?

Correct Answer:C
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1

- (Topic 3)
Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instances?

Correct Answer:B
Security groups are the AWS service or feature that can be used to apply security rules to specific Amazon EC2 instances. Security groups are virtual firewalls that control the inbound and outbound traffic for one or more instances. Customers can create security groups and add rules that reflect the role of the instance that is associated with the security group. For example, a web server instance needs security group rules that allow inbound HTTP and HTTPS access, while a database instance needs rules that allow access for the type of database12. Security groups are stateful, meaning that the responses to allowed inbound traffic are also allowed, regardless of the outbound rules1. Customers can assign multiple security groups to an instance, and the rules from each security group are effectively aggregated to create one set of rules1.
Network ACLs are another AWS service or feature that can be used to control the traffic for a subnet. Network ACLs are stateless, meaning that they do not track the traffic that they allow. Therefore, customers must add rules for both inbound and outbound traffic3. Network ACLs are applied at the subnet level, not at the instance level.
AWS Trusted Advisor is an AWS service that provides best practice recommendations for security, performance, cost optimization, and fault tolerance. AWS Trusted Advisor does not apply security rules to specific Amazon EC2 instances, but it can help customers identify security gaps and improve their security posture4.
AWS WAF is an AWS service that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. AWS WAF does not apply security rules to specific Amazon EC2 instances, but it can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer.

- (Topic 1)
Which AWS service gives users the ability to provision a dedicated and private network connection from their internal network to AWS?

Correct Answer:B
AWS Direct Connect gives users the ability to provision a dedicated and private network connection from their internal network to AWS. AWS Direct Connect links the user’s internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to the user’s router, the other to an AWS Direct Connect router. With this connection in place, the user can create virtual interfaces directly to the AWS cloud and Amazon Virtual Private Cloud (Amazon VPC), bypassing internet service providers in the network path2.