- (Topic 2)
Which of the following is the customer's responsibility, according to the AWS shared responsibility model?

1. A. Identity and access management
2. B. Hard drive initialization
3. C. Protection of data center hardware
4. D. Security of Availability Zones

Correct Answer: A
Identity and access management is the customer’s responsibility, according to the AWS shared responsibility model. This means that the customer is responsible for managing user access to the AWS resources, using tools such as AWS Identity and Access Management (IAM), AWS Single Sign-On (SSO), and AWS Organizations. The customer is also responsible for securing their data in transit and at rest, using encryption, key management, and other methods. Hard drive initialization, protection of data center hardware, and security of Availability Zones are AWS’s responsibility, as they are part of the infrastructure, physical security, and network security that AWS provides to the customer12

- (Topic 2)
A user discovered that an Amazon EC2 instance is missing an Amazon Elastic Block Store (Amazon EBS) data volume. The user wants to determine when the EBS volume was removed.
Which AWS service will provide this information?

1. A. AWS Config
2. B. AWS Trusted Advisor
3. C. Amazon Timestream
4. D. Amazon QuickSight

Correct Answer: A
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config can help you determine when an EBS volume was removed from an EC2 instance by providing a timeline of configuration changes and compliance status. AWS Trusted Advisor, Amazon Timestream, and Amazon QuickSight do not provide the same level of configuration tracking and auditing as AWS Config. Source: AWS Config

- (Topic 3)
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud How can these reports be generated?

1. A. Contact the AWS Compliance team
2. B. Download the reports from AWS Artifact
3. C. Open a case with AWS Support
4. D. Generate the reports with Amazon Made

Correct Answer: B
AWS Artifact is a service that provides on-demand access to security and compliance reports from AWS and Independent Software Vendors (ISVs) who sell their products on AWS Marketplace. You can use AWS Artifact to download auditor-issued reports, certifications, accreditations, and other third-party attestations of AWS compliance with various standards and regulations, such as PCI-DSS, HIPAA, FedRAMP, GDPR, and more1234. You can also use AWS Artifact to review, accept, and manage your agreements with AWS and apply them to current and future accounts within your organization2. References: 1: Cloud Compliance - Amazon Web Services
(AWS), 2: Security Compliance Management - AWS Artifact - AWS, 3: AWS Compliance Contact Us - Amazon Web Services, 4: AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

- (Topic 2)
A company wants to use Amazon EC2 instances for a stable production workload that will run for 1 year.
Which instance purchasing option meets these requirements MOST cost-effectively?

1. A. Dedicated Hosts
2. B. Reserved Instances
3. C. On-Demand Instances
4. D. Spot Instances

Correct Answer: B
B is correct because Reserved Instances are the instance purchasing option that offers the most cost-effective way to use Amazon EC2 instances for a stable production workload that will run for 1 year, as they provide significant discounts compared to On-Demand Instances in exchange for a commitment to use a specific amount of computing power for a period of time. A is incorrect because Dedicated Hosts are the instance purchasing option that allows customers to use physical servers that are fully dedicated to their use, which is more expensive and less flexible than Reserved Instances. C is incorrect because On-Demand Instances are the instance purchasing option that allows customers to pay for compute capacity by the hour or second with no long-term commitments, which is more suitable for short-term, variable, and unpredictable workloads. D is incorrect because Spot Instances are the instance purchasing option that allows customers to bid on spare Amazon EC2 computing capacity, which is more suitable for flexible, scalable, and fault-tolerant workloads that can tolerate interruptions.

- (Topic 3)
According to the AWS shared responsibility model, which task is the customer's responsibility?

1. A. Maintaining the infrastructure needed to run AWS Lambda
2. B. Updating the operating system of Amazon DynamoDB instances
3. C. Maintaining Amazon S3 infrastructure
4. D. Updating the guest operating system on Amazon EC2 instances

Correct Answer: D
The AWS shared responsibility model describes the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the hardware, software, networking, and facilities that run AWS services. The customer is responsible for security in the cloud, which includes the customer data, applications, operating systems, and network and firewall configurations. Therefore, updating the guest operating system on Amazon EC2 instances is the customer’s responsibility2