- (Topic 1)
A company has a workload that requires data to be collected, analyzed, and stored on premises. The company wants to extend the use of AWS services to run on premises with access to the company network and the company's VPC.
Which AWS service meets this requirement?
Correct Answer:A
AWS Outposts is an AWS service that meets the requirement of running AWS services on premises with access to the company network and the company’s VPC.
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience. AWS Outposts is ideal for workloads that require low latency access to on-premises systems, local data processing, or local data storage2.
- (Topic 2)
A company needs to host a web server on Amazon EC2 instances for at least 1 year. The web server cannot tolerate interruption.
Which EC2 instance purchasing option will meet these requirements MOST cost- effectively?
Correct Answer:B
The most cost-effective EC2 instance purchasing option for the company that needs to host a web server on Amazon EC2 instances for at least 1 year and cannot tolerate interruption is Partial Upfront Reserved Instances. Reserved Instances are a pricing model that offer significant discounts compared to On-Demand Instances in exchange for a commitment to use a specific amount of compute capacity for a fixed period of time (1 or 3 years). Partial Upfront Reserved Instances require customers to pay a portion of the total cost upfront, and the remaining cost in monthly installments over the term. This option offers a lower effective hourly rate than No Upfront Reserved Instances, which require no upfront payment but have higher monthly payments. On-Demand Instances and Spot Instances are not the best options for the company. On-Demand Instances are a pricing model that offer the most flexibility and no long-term commitment, but have the highest hourly rate. Spot Instances are a pricing model that offer the lowest cost, but are subject to interruption based on supply and demand34
- (Topic 1)
A company is using a third-party service to back up 10 TB of data to a tape library. The on- premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing backup workflows.
Which AWS service should the company use to meet these requirements?
Correct Answer:B
The correct answer is B because AWS Storage Gateway is a service that should be used by the company to meet the requirements. AWS Storage Gateway is a service that connects on-premises software applications with cloud-based storage. AWS Storage Gateway supports three types of gateways: file gateway, volume gateway, and tape gateway. The tape gateway type enables users to back up and archive data to virtual tapes in AWS without changing their existing backup workflows. Users can use their existing backup applications and tape libraries to store data on virtual tapes in Amazon S3 or Amazon S3 Glacier. The other options are incorrect because they are not services that should be used by the company to meet the requirements. Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes for Amazon EC2 instances. Amazon Elastic Container Service (Amazon ECS) is a service that enables users to run, scale, and secure containerized applications on AWS. AWS Lambda is a service that enables users to run code without provisioning or managing servers. Reference: AWS Storage Gateway FAQs
- (Topic 1)
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)
Correct Answer:AC
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment. Reference: AWS Shared Responsibility Model
- (Topic 3)
A company wants to migrate its on_premises workloads to the AWS Cloud. The company wants to separate workloads for chargeback to different departments.
Which AWS services or features will meet these requirements? (Select TWO.)
Correct Answer:BE
Consolidated billing is a feature of AWS Organizations that enables customers to consolidate billing and payment for multiple AWS accounts. With consolidated billing, customers can group multiple AWS accounts under one payer account, making it easier to manage billing and track costs across multiple accounts. Consolidated billing also offers benefits such as volume discounts, Reserved Instance discounts, and Savings Plans discounts. Consolidated billing is offered at no additional cost.
Multiple AWS accounts is a feature of AWS Organizations that enables customers to create and manage multiple AWS accounts from a central location. With multiple AWS accounts, customers can isolate workloads for different departments, projects, or environments, and apply granular access controls and policies to each account. Multiple AWS accounts also helps customers improve security, compliance, and governance of their AWS resources56. References: 5: Consolidated billing for AWS Organizations - AWS
Billing, 6: Understanding Consolidated Bills - AWS Billing, 7: AWS Consolidated Billing: Tutorial & Best Practices, 8: Simplifying Your Bills With Consolidated Billing on AWS - Aimably, 9: AWS Consolidated Billing - W3Schools
- (Topic 3)
A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.
Which AWS service will meet this requirement?
Correct Answer:B
IAM roles are a way to delegate access to resources in different AWS accounts. IAM roles allow users to assume a set of permissions for a limited time without having to create or share long-term credentials. IAM roles can be used to grant cross- account access by creating a trust relationship between the accounts and specifying the permissions that the role can perform. Users can then switch to the role and access the resources in the other account using temporary security credentials provided by the
role. References: Cross account resource access in IAM, IAM tutorial: Delegate access across AWS accounts using IAM roles, How to Enable Cross-Account Access to the AWS Management Console