181. Which AWS service can a company use to store and manage Docker images?
A.Amazon DynamoDB
B.Amazon Kinesis Data Streams
C.Amazon Elastic Container Registry (Amazon ECR)
D.Amazon Elastic File System (Amazon EFS)
=> C. Amazon Elastic Container Registry (Amazon ECR)
182. A company needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances. The report also must identify operating system vulnerabilities on those instances. Which AWS service or feature should the company use to meet this requirement?
A.AWS Trusted Advisor
B.Security groups
C.Amazon Macie
D.Amazon Inspector
=> D. Amazon Inspector
183. A global company is building a simple time-tracking mobile app. The app needs to operate globally and must store collected data in a database. Data must be accessible from the AWS Region that is closest to the user. What should the company do to meet these data storage requirements with the LEAST amount of operational overhead?
A.Use Amazon EC2 in multiple Regions to host separate databases
184. Which of the following are economic advantages of the AWS Cloud? (Choose two.)
A.Increased workforce productivity
B.Decreased need to encrypt user data
C.Manual compliance audits
D.Simplified total cost of ownership (TCO) accounting
E.Faster product launches
=> A,E
workforce 인력
정답이 많이 갈린다 .
185.
Which controls does the customer fully inherit from AWS in the AWS shared responsibility model?
A.Patch management controls
B.Awareness and training controls
C.Physical and environmental controls
D.Configuration management controls
=> C. Physical and environmental controls
잘모르겠다.
고객이 aws 부터 물려받는 책임이라 ... 음
186. Which task is a customer's responsibility, according to the AWS shared responsibility model?
A.Management of the guest operating systems
B.Maintenance of the configuration of infrastructure devices
C.Management of the host operating systems and virtualization
D.Maintenance of the software that powers Availability Zones
=> A. Management of the guest operating systems
guest os는 관련해서는 사용자 책임
187. A company needs to deliver new website features quickly in an iterative manner to minimize the time to market. Which AWS Cloud concept does this requirement represent?
A.Reliability
B.Elasticity
C.Agility
D.High availability
=> C. Agility
빠르게 무엇을 한다? agile
188. A company wants to increase its ability to recover its infrastructure in the case of a natural disaster. Which pillar of the AWS Well-Architected Framework does this ability represent?
A.Cost optimization
B.Performance efficiency
C.Reliability
D.Security
=> C. Reliability
189. Which AWS service tracks API calls and user activity?
A.AWS Organizations
B.AWS Config
C.Amazon CloudWatch
D.AWS CloudTrail
=> D. AWS CloudTrail
190. Which AWS service, feature, or tool uses machine learning to continuously monitor cost and usage for unusual cloud spending?
A.Amazon Lookout for Metrics
B.AWS Budgets
C.Amazon CloudWatch
D.AWS Cost Anomaly Detection
=> D. AWS Cost Anomaly Detection
AWS Cost Anomaly Detection is an AWS cost management feature that uses machine learning to continually monitor your cost and usage to detect unusual spends.
cost anomaly detection
머신 러닝을 이용하여 비용 모니터링
#191~200
191. A company deployed an application on an Amazon EC2 instance. The application ran as expected for 6 months in the past week, users have reported latency issues. A system administrator found that the CPU utilization was at 100% during business hours. The company wants a scalable solution to meet demand. Which AWS service or feature should the company use to handle the load for its application during periods of high demand?
A.Auto Scaling groups
B.AWS Global Accelerator
C.Amazon Route 53
D.An Elastic IP address
=> A. Auto Scaling groups
192. A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS. Where can the company purchase the security solution?
A.AWS Partner Solutions Finder
B.AWS Support Center
C.AWS Management Console
D.AWS Marketplace
=> D. AWS Marketplace
193. A company is generating large sets of critical data in its on-premises data center. The company needs to securely transfer the data to AWS for processing. These transfers must occur daily over a dedicated connection. Which AWS service should the company use to meet these requirements?
A.AWS Backup
B.AWS DataSync
C.AWS Direct Connect
D.AWS Snowball
=> C. AWS Direct Connect
194. A company wants to run production workloads on AWS. The company wants access to technical support from engineers 24 hours a day, 7 days a week. The company also wants access to the AWS Health API and contextual architectural guidance for business use cases. The company has a strong IT support team and does not need concierge support. Which AWS Support plan will meet these requirements at the LOWEST cost?
A.AWS Basic Support
B.AWS Developer Support
C.AWS Business Support
D.AWS Enterprise Support
195. Which of the following is a managed AWS service that is used specifically for extract, transform, and load (ETL) data?
A.Amazon Athena
B.AWS Glue
C.Amazon S3
D.AWS Snowball Edge
=> B. AWS Glue
AWS Glue is another offering from AWS and is a serverless ETL (Extract, Transform, and Load) service on the cloud. It is fully managed, cost-effective service to categorize your data, clean and enrich it and finally move it from source systems to target systems.
196. Which of the following actions are controlled with AWS Identity and Access Management (IAM)? (Choose two.)
A.Control access to AWS service APIs and to other specific resources.
B.Provide intelligent threat detection and continuous monitoring.
C.Protect the AWS environment using multi-factor authentication (MFA).
D.Grant users access to AWS data centers.
E.Provide firewall protection for applications from common web attacks.
=> A,C
197. Which of the following are shared controls that apply to both AWS and the customer, according to the AWS shared responsibility model? (Choose two.)
A.Resource configuration management
B.Network data integrity
C.Employee awareness and training
D.Physical and environmental security
E.Replacement and disposal of disk drives
=> A,C
198.
What information is found on an AWS Identity and Access Management (IAM) credential report? (Choose two.)
A.The date and time when an IAM user's password was last used to sign in to the AWS Management Console.
B.The type of multi-factor authentication (MFA) device assigned to an IAM user.
C.The User-Agent browser identifier for each IAM user currently logged in.
D.Whether multi-factor authentication (MFA) has been enabled for an IAM user.
E.The number of incorrect login attempts by each IAM user in the previous 30 days.
=> a,d
199. What is the LEAST expensive AWS Support plan that contains a full set of AWS Trusted Advisor best practice checks?
A.AWS Enterprise Support
B.AWS Business Support
C.AWS Developer Support
D.AWS Basic Support
=> B. AWS Business Support
200. Which AWS service provides domain registration, DNS routing, and service health checks?
151. A company would like to host its MySQL databases on AWS and maintain full control over the operating system, database installation, and configuration. Which AWS service should the company use to host the databases?
A.Amazon RDS
B.Amazon EC2
C.Amazon DynamoDB
D.Amazon Aurora
=> A. Amazon RDS
152. How does the AWS global infrastructure offer high availability and fault tolerance to its users?
A.The AWS infrastructure is made up of multiple AWS Regions within various Availability Zones located in areas that have low flood risk, and are interconnected with low-latency networks and redundant power supplies.
B.The AWS infrastructure consists of subnets containing various Availability Zones with multiple data centers located in the same geographic location.
C.AWS allows users to choose AWS Regions and data centers so that users can select the closest data centers in different Regions.
D.The AWS infrastructure consists of isolated AWS Regions with independent Availability Zones that are connected with low-latency networking and redundant power supplies.
=> D
A가 아닌 이유
AWS Regions within various Availability Zones
리전이 여러 az 에 속한 것이 아닌 그 반대임.
영어 조심
153. A company is using Amazon EC2 Auto Scaling to scale its Amazon EC2 instances. Which benefit of the AWS Cloud does this example illustrate?
A.High availability
B.Elasticity
C.Reliability
D.Global reach
=> B. Elasticity
가용성: 시스템이 서비스를 정상적으로 제공할 수 있는 상태
탄력성: 요구사항이 변화함에 따라 확장 및 축소하는 것
가용성이 나올려면 failure 키워드가 나와야한다.
154. Which AWS service or feature is used to send both text and email messages from distributed applications?
A.Amazon Simple Notification Service (Amazon SNS)
B.Amazon Simple Email Service (Amazon SES)
C.Amazon CloudWatch alerts
D.Amazon Simple Queue Service (Amazon SQS)
=> A. Amazon Simple Notification Service (Amazon SNS)
155. A user is able to set up a master payer account to view consolidated billing reports through:
A.AWS Budgets.
B.Amazon Macie.
C.Amazon QuickSight.
D.AWS Organizations.
=> D. AWS Organizations.
통합 청구서 -> organizations
"You can track the charges across multiple accounts and download the combined cost and usage data."
156. According to the AWS shared responsibility model, which task is the customer's responsibility?
A.Maintaining the infrastructure needed to run AWS Lambda
B.Updating the operating system of Amazon DynamoDB instances
C.Maintaining Amazon S3 infrastructure
D.Updating the guest operating system on Amazon EC2 instances
=> D. Updating the guest operating system on Amazon EC2 instances
guest os 업데이트가 사용자의 몫?
157. A company wants to migrate a small website and database quickly from on-premises infrastructure to the AWS Cloud. The company has limited operational knowledge to perform the migration. Which AWS service supports this use case?
A.Amazon EC2
B.Amazon Lightsail
C.Amazon S3
D.AWS Lambda
=> B. Amazon Lightsail
the point of Lightsail is to quickly provision ready-to-use AWS resources instead of deeping into th technical details of EC2, S3, DynamoDB etc.
저렴한 비용의 사전 구성된 클라우드 리소스를 통해 애플리케이션 및 웹 사이트를 빠르게 구축
lightsail 로 간단하게 웹사이트를 구축할 수 있다.
158. A company is moving multiple applications to a single AWS account. The company wants to monitor the AWS Cloud costs incurred by each application. What can the company do to meet this requirement?
A.Set up invoiced billing.
B.Use AWS Artifact.
C.Set budgets in Cost Explorer.
D.Create cost allocation tags.
=> D. Create cost allocation tags.
You can use tags to organize your resources, and cost allocation tags to track your AWS costs on a detailed level. You can apply tags that represent business categories (such as cost centers, application names, or owners) to organize your costs across multiple services.
할당 태그를 달아서 모니터링 할 수 있다.
159. Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework?
A.Vertical scaling
B.Manual failure recovery
C.Testing recovery procedures
D.Changing infrastructure manually
=> C. Testing recovery procedures
160. A user needs to quickly deploy a non-relational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service can be used to accomplish this?
A.Amazon RDS
B.Amazon DynamoDB
C.Amazon Aurora
D.Amazon Redshift
=> B. Amazon DynamoDB
#161~170
161. Which task is an AWS responsibility when a workload is running in Amazon RDS?
A.Creating the database table
B.Updating the database schema
C.Installing the database engine
D.Dropping the database records
=> C. Installing the database engine
162. A development team wants to publish and manage web services that provide REST APIs. Which AWS service will meet this requirement?
A.AWS App Mesh
B.Amazon API Gateway
C.Amazon CloudFront
D.AWS Cloud Map
=> B. Amazon API Gateway
163. A company has a social media platform in which users upload and share photos with other users. The company wants to identify and remove inappropriate photos. The company has no machine learning (ML) scientists and must build this detection capability with no ML expertise. Which AWS service should the company use to build this capability?
A.Amazon SageMaker
B.Amazon Textract
C.Amazon Rekognition
D.Amazon Comprehend
=> C. Amazon Rekognition
comprehend는 text 와 관련된 것
164. Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances?
A.Database backups
B.Database software patches
C.Operating system patches
D.Operating system installations.
=> D. Operating system installations.
좀 헷갈린다 .
165. A company wants to use Amazon S3 to store its legacy data. The data is rarely accessed. However, the data is critical and cannot be recreated. The data needs to be available for retrieval within seconds. Which S3 storage class meets these requirements MOST cost-effectively?
A.S3 Standard
B.S3 One Zone-Infrequent Access (S3 One Zone-IA)
C.S3 Standard-Infrequent Access (S3 Standard-IA)
D.S3 Glacier
=> C. S3 Standard-Infrequent Access (S3 Standard-IA)
166. An online retail company wants to migrate its on-premises workload to AWS. The company needs to automatically handle a seasonal workload increase in a cost- effective manner. Which AWS Cloud features will help the company meet this requirement? (Choose two.)
A.Cross-Region workload deployment
B.Pay-as-you-go pricing
C.Built-in AWS CloudTrail audit capabilities
D.Auto Scaling policies
E.Centralized logging
=> B, D
167. Which AWS service helps developers use loose coupling and reliable messaging between microservices?
A.Elastic Load Balancing
B.Amazon Simple Notification Service (Amazon SNS)
C.Amazon CloudFront
D.Amazon Simple Queue Service (Amazon SQS)
=> D. Amazon Simple Queue Service (Amazon SQS)
168. A company needs to build an application that uses AWS services. The application will be delivered to residents in European Counties. The company must abide by regional regulatory requirements. Which AWS service or program should the company use to determine which AWS services meet the regional requirements?
A.AWS Audit Manager
B.AWS Shield
C.AWS Compliance Program
D.AWS Artifact
=> D. AWS Artifact
abide 머무르다.
나라마다 규정 준수하기 artifact
답이 c,d 나뉘는데 난 d라고 생각한다 .
169. A company needs to implement identity management for a fleet of mobile apps that are running in the AWS Cloud. Which AWS service will meet this requirement?
A.Amazon Cognito
B.AWS Security Hub
C.AWS Shield
D.AWS WAF
=> A. Amazon Cognito
A – Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily.
170. A company needs an Amazon EC2 instance for a rightsized database server that must run constantly for 1 year. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
A.Standard Reserved Instance
B.Convertible Reserved Instance
C.On-Demand Instance
D.Spot Instance
=> A. Standard Reserved Instance
컨버터블 RI는 추후에 속성을 변경할 수 있지만 할인율이 떨어진다 .
#171~180
171. A company has multiple applications and is now building a new multi-tier application. The company will host the new application on Amazon EC2 instances. The company wants the network routing and traffic between the various applications to follow the security principle of least privilege. Which AWS service or feature should the company use to enforce this principle?
A.Security groups
B.AWS Shield
C.AWS Global Accelerator
D.AWS Direct Connect gateway
=>A. Security groups
인스턴스 단위으 보안 sg
172. A company's web application requires AWS credentials and authorizations to use an AWS service. Which IAM entity should the company use as best practice?
A.IAM role
B.IAM user
C.IAM group
D.IAM multi-factor authentication (MFA)
=> A. IAM role
173. A company is creating a document that defines the operating system patch routine for all the company's systems. Which AWS resources should the company include in this document? (Choose two.)
A.Amazon EC2 instances
B.AWS Lambda functions
C.AWS Fargate tasks
D.Amazon RDS instances
E.Amazon Elastic Container Service (Amazon ECS) instances
=> A.,E
Option E, Amazon Elastic Container Service (Amazon ECS) instances, are not a valid AWS resource. Amazon ECS is a container orchestration service that allows customers to run and manage containerized applications in the cloud, but it does not have instances as a concept.
ecs의 os 는 고객이 관리해야한다.
174. Which AWS service or feature gives a company the ability to control incoming traffic and outgoing traffic for Amazon EC2 instances?
A.Security groups
B.Amazon Route 53
C.AWS Direct Connect
D.Amazon VPC
=> A. Security groups
175. A company is starting to build its infrastructure in the AWS Cloud. The company wants access to technical support during business hours. The company also wants general architectural guidance as teams build and test new applications. Which AWS Support plan will meet these requirements at the LOWEST cost?
A.AWS Basic Support
B.AWS Developer Support
C.AWS Business Support
D.AWS Enterprise Support
=> B. AWS Developer Support
We recommend AWS Developer Support if you are testing or doing early development on AWS and want the ability to get technical support during business hours as well as general architectural guidance as you build and test. In addition to enhanced technical support and architectural guidance, Developer Support provides access to documentation and forums, AWS Trusted Advisor, and AWS Personal Health Dashboard.
처음에 설계한다면 developer support를 사용하자.
176. A company is migrating its public website to AWS. The company wants to host the domain name for the website on AWS. Which AWS service should the company use to meet this requirement?
A.AWS Lambda
B.Amazon Route 53
C.Amazon CloudFront
D.AWS Direct Connect
=> B. Amazon Route 53
177. A company needs to evaluate its AWS environment and provide best practice recommendations in five categories: cost, performance, service limits, fault tolerance, and security. Which AWS service can the company use to meet these requirements?
A.AWS Shield
B.AWS WAF
C.AWS Trusted Advisor
D.AWS Service Catalog
=> C. AWS Trusted Advisor
178. Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications?
A.AWS Cloud9
B.AWS CodeStar
C.AWS Cloud Map
D.AWS X-Ray
=> D. AWS X-Ray
AWS X-Ray는 애플리케이션이 처리하는 요청에 대한 데이터를 수집하는 서비스이며, 해당 데이터를 보고, 필터링하고, 통찰을 얻어 문제와 최적화 기회를 식별할 수 있는 도구를 제공합니다. 애플리케이션에 대한 모든 트레이스된 요청에서, 요청 및 응답뿐 아니라 애플리케이션이 다운스트림AWS 리소스, 마이크로서비스, 데이터베이스 및 웹 API에 대해 하는 호출에 대해서도 상세한 정보를 확인할 수 있습니다.
179. Which cloud computing benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase volumes?
A.Pay-as-you-go pricing
B.High availability
C.Global reach
D.Economies of scale
=> A. Pay-as-you-go pricing
180. Which AWS service provides threat detection by monitoring for malicious activities and unauthorized actions to protect AWS accounts, workloads, and data that is stored in Amazon S3?
121. Which AWS service provides a feature that can be used to proactively monitor and plan for the service quotas of AWS resources?
A.AWS CloudTrail
B.AWS Personal Health Dashboard
C.AWS Trusted Advisor
D.Amazon CloudWatch
=> D. Amazon CloudWatch
proactively: 능동적으로
122. Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
A.Elimination of expenses for running and maintaining data centers
B.Price discounts that are identical to discounts from hardware providers
C.Distribution of all operational controls to AWS
D.Elimination of operational expenses
=> A.Elimination of expenses for running and maintaining data centers
데이터 센터 운영비를 줄일 수 있다.
123. Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework?
A.Create annotated documentation.
B.Anticipate failure.
C.Ensure performance efficiency.
D.Optimize costs.
=> B. Anticipate failure
실패를 예측한다 -> 운영 오류가 적다. -> 운영 우수성이 올라간다.
124. Which AWS services offer gateway VPC endpoints that can be used to avoid sending traffic over the internet? (Choose two.)
A.Amazon Simple Notification Service (Amazon SNS)
B.Amazon Simple Queue Service (Amazon SQS)
C.AWS CodeBuild
D.Amazon S3
E.Amazon DynamoDB
인터넷을 통한 트래픽 전송을 방지하는 데 사용할 수 있는 게이트웨이 VPC 엔드포인트를 제공하는 AWS 서비스는 무엇입니까?
=> D,E
Gateway type endpoints are available only for AWS services including S3 and DynamoDB. These endpoints will add an entry to your route table you selected and route the traffic to the supported services through Amazon’s private network.
게이트웨이 타입 엔드포인트는 s3와 dynamoDB 에서 가능하다고 한다.
125. Which of the following is the customer responsible for updating and patching, according to the AWS shared responsibility model?
A.Amazon FSx for Windows File Server
B.Amazon WorkSpaces virtual Windows desktop
C.AWS Directory Service for Microsoft Active Directory
D.Amazon RDS for Microsoft SQL Server
=> B. Amazon WorkSpaces virtual Windows desktop
We recommend that you regularly patch, update, and secure the operating system and applications on your WorkSpaces. You can configure your WorkSpaces to be updated by WorkSpaces during a regular maintenance window or you can update them yourself.
workspace 패치, 업데이트는 사용자의 몫이다.
126. Who has the responsibility to patch the host operating system of an Amazon EC2 instance, according to the AWS shared responsibility model?
A.Both AWS and the customer
B.The customer only
C.The EC2 hardware manufacturer
D.AWS only
=> D.AWS only
AWS updates the EC2 host and user updates the EC2 guest
127. A company is using an Amazon RDS DB instance for an application that is deployed in the AWS Cloud. The company needs regular patching of the operating system of the server where the DB instance runs. What is the company's responsibility in this situation, according to the AWS shared responsibility model?
A.Open a support case to obtain administrative access to the server so that the company can patch the DB instance operating system.
B.Open a support case and request that AWS patch the DB instance operating system.
C.Use administrative access to the server, and apply the operating system patches during the regular maintenance window that is defined for the DB instance.
D.Establish a regular maintenance window that tells AWS when to patch the DB instance operating system.
=> D.
Some maintenance items require that Amazon RDS take your DB instance offline for a short time. Maintenance items that require a resource to be offline include required operating system or database patching. Required patching is automatically scheduled only for patches that are related to security and instance reliability. Such patching occurs infrequently (typically once every few months) and seldom requires more than a fraction of your maintenance window.
maintenance window? 이건 실습을 해봐야알 것 같다.
128. Why is an AWS Well-Architected review a critical part of the cloud design process?
A.A Well-Architected review is mandatory before a workload can run on AWS.
B.A Well-Architected review helps identify design gaps and helps evaluate design decisions and related documents.
C.A Well-Architected review is an audit mechanism that is a part of requirements for service level agreements.
D.A Well-Architected review eliminates the need for ongoing auditing and compliance tests.
=> B. A Well-Architected review helps identify design gaps and helps evaluate design decisions and related documents.
Well-Architected 검토는 설계 격차를 식별하고 설계 결정 및 관련 문서를 평가하는 데 도움이 됩니다.
음??? 무슨말인지 모르겠다.
129. A company implements an Amazon EC2 Auto Scaling policy along with an Application Load Balancer to automatically recover unhealthy applications that run on Amazon EC2 instances. Which pillar of the AWS Well-Architected Framework does this action cover?
A.Security
B.Performance efficiency
C.Operational excellence
D.Reliability
=> D. Reliability
130. Which AWS Cloud benefit is shown by an architecture's ability to withstand failures with minimal downtime?
A.Agility
B.Elasticity
C.Scalability
D.High availability
=> D. High availability
D is right. High availability = minimal downtime = recovery quickly from failure.
고가용성과 minimal downtime 과 연관이 있다?
가용성 : 시스템이 서비스를 정상적으로 제공할 수 있는 상태
#131~140
Under the AWS shared responsibility model, which task is the customer's responsibility when managing AWS Lambda functions?
A.Creating versions of Lambda functions
B.Maintaining server and operating systems
C.Scaling Lambda resources according to demand
D.Updating the Lambda runtime environment
=> A. Creating versions of Lambda functions
람다 함수의 버전 생성?
조금 애매하지만 그나마 사용자가 할 수 있는 것
132. What does the AWS Concierge Support team provide?
A.A technical expert dedicated to the user
B.A primary point of contact for AWS Billing and AWS Support
C.A partner to help provide scaling guidance for an event launch
D.A dedicated AWS staff member who reviews the user's application architecture
=> B. A primary point of contact for AWS Billing and AWS Support
AWS Concierge: B2B 지원
133. A company needs to generate reports that can break down cloud costs by product, by company-defined tags, and by hour, day, and month. Which AWS tool should the company use to meet these requirements?
A.Reserved Instance utilization and coverage reports
B.Savings Plans utilization reports
C.AWS Budgets reports
D.AWS Cost and Usage Reports
=> D. AWS Cost and Usage Reports
134. A company has a serverless application that includes an Amazon API Gateway API, an AWS Lambda function, and an Amazon DynamoDB database. Which AWS service can the company use to trace user requests as they move through the application's components?
A.AWS CloudTrail
B.Amazon CloudWatch
C.Amazon Inspector
D.AWS X-Ray
=:> A. AWS CloudTrail
135. A company needs to set up a petabyte-scale data warehouse in the AWS Cloud. Which AWS service will meet this requirement?
A.Amazon DynamoDB
B.Amazon RDS
C.Amazon Redshift
D.Amazon ElastiCache
=> C. Amazon Redshift
redshift로 데이터 웨어하우스
136. Which AWS service is always provided at no charge?
A.Amazon S3
B.AWS Identity and Access Management (IAM)
C.Elastic Load Balancers
D.AWS WAF
=> B. AWS Identity and Access Management (IAM)
137. A company needs to design an AWS disaster recovery plan to cover multiple geographic areas. Which action will meet this requirement?
A.Configure multiple AWS accounts.
B.Configure the architecture across multiple Availability Zones in an AWS Region.
C.Configure the architecture across multiple AWS Regions.
D.Configure the architecture among many edge locations.
=> C. Configure the architecture across multiple AWS Regions.
138. Which of the following is a benefit of moving from an on-premises data center to the AWS Cloud?
A.Compute instances can be launched and terminated as needed to optimize costs.
B.Compute costs can be viewed in the AWS Billing and Cost Management console.
C.Users retain full administrative access to their compute instances.
D.Users can optimize costs by permanently running enough instances at peak load.
=> A. Compute instances can be launched and terminated as needed to optimize costs.
139. In which ways does the AWS Cloud offer lower total cost of ownership (TCO) of computing resources than on-premises data centers? (Choose two.)
A.AWS replaces upfront capital expenditures with pay-as-you-go costs.
B.AWS is designed for high availability, which eliminates user downtime.
C.AWS eliminates the need for on-premises IT staff.
D.AWS uses economies of scale to continually reduce prices.
E.AWS offers a single pricing model for Amazon EC2 instances.
=> A, D
140. Which AWS service monitors AWS accounts for security threats?
A.Amazon GuardDuty
B.AWS Secrets Manager
C.Amazon Cognito
D.AWS Certificate Manager (ACM)
=> A. Amazon GuardDuty
Amazon GuardDuty: intelligent threat protection for accounts and workloads
지능형 위협 감지
#141~150
141. Which benefit is included with an AWS Enterprise Support plan?
A.AWS Partner Network (APN) support at no cost.
B.Designated support from an AWS technical account manager (TAM)
C.On-site support from AWS engineers
D.AWS managed compliance as code with AWS Config
=> B. Designated support from an AWS technical account manager (TAM)
142. Which task does AWS perform automatically?
A.Encrypt data that is stored in Amazon DynamoDB.
B.Patch Amazon EC2 instances.
C.Encrypt user network traffic.
D.Create TLS certificates for users' websites.
=> A. Encrypt data that is stored in Amazon DynamoDB.
All user data stored in Amazon DynamoDB is fully encrypted at rest. DynamoDB encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS)
=> dynamoDB 에 저장되는 데이터는 자동으로 암호화가 된다.
143. Which AWS service or tool can a company use to visualize, understand, and manage AWS spending and usage over time?
A.AWS Trusted Advisor
B.Amazon CloudWatch
C.Cost Explorer
D.AWS Budgets
=> C. Cost Explorer
AWS Cost Explorer는 시간에 따른 AWS 비용과 사용량을 시각화, 이해 및 관리할 수 있는 손쉬운 인터페이스를 제공합니다. 비용 및 사용량 데이터를 분석하는 사용자 지정 보고서를 작성하여 신속하게 시작합니다.
cost explorer도 시각화를 보여준다 .
144. A company wants to deploy some of its resources in the AWS Cloud. To meet regulatory requirements, the data must remain local and on premises. There must be low latency between AWS and the company resources. Which AWS service or feature can be used to meet these requirements?
A.AWS Local Zones
B.Availability Zones
C.AWS Outposts
D.AWS Wavelength Zones
=> C. AWS Outposts
하이브리드 -> outposts
145. A company requires an isolated environment within AWS for security purposes. Which action can be taken to accomplish this?
A.Create a separate Availability Zone to host the resources.
B.Create a separate VPC to host the resources.
C.Create a placement group to host the resources.
D.Create an AWS Direct Connect connection between the company and AWS.
=> B. Create a separate VPC to host the resources.
vpc를 이용해 리소스를 분리한다.
146. Which AWS service is a highly available and scalable DNS web service?
A.Amazon VPC
B.Amazon CloudFront
C.Amazon Route 53
D.Amazon Connect
=> C. Amazon Route 53
dns? route53이지.
147. Which of the following is an AWS best practice for managing an AWS account root user?
A.Keep the root user password with the security team.
B.Enable multi-factor authentication (MFA) for the root user.
C.Create an access key for the root user.
D.Keep the root user password consistent for compliance purposes.
=> B. Enable multi-factor authentication (MFA) for the root user.
rootuser와 mfa는 셋트로 나온다 .
148. A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access. What should the company use to access instances remotely instead of opening inbound SSH ports and managing SSH keys?
A.EC2 key pairs
B.AWS Systems Manager Session Manager
C.AWS Identity and Access Management (IAM)
D.Network ACLs
=> B. AWS Systems Manager Session Manager
AWS Systems Manager Session Manager is a new interactive shell and CLI that helps to provide secure, access-controlled, and audited Windows and Linux EC2 instance management. Session Manager removes the need to open inbound ports, manage SSH keys, or use bastion hosts.
system manager 로 ssh 원격 관리할 수 있다.
149. After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount?
A.No upfront payment
B.Hourly on-demand payment
C.Partial upfront payment
D.All upfront payment
=> D. All upfront payment
150. A company has refined its workload to use specific AWS services to improve efficiency and reduce cost. Which best practice for cost governance does this example show?
A.Resource controls
B.Cost allocation
C.Architecture optimization
D.Tagging enforcement
=> C. Architecture optimization
"Architecture optimization focuses on the need to continually refine workloads to be more cost-conscious to create better architected systems."
