- (Topic 3)
A company wants to ensure that all of its Amazon EC2 instances have compliant operating system patches.
Which AWS service will meet these requirements?

1. A. AWS Compute Optimizer
2. B. AWS Elastic Beanstalk
3. C. AWS AppSync
4. D. AWS Systems Manager

Correct Answer: D
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. You can use Systems Manager to apply OS patches, create system images, configure Windows and Linux operating systems, and execute PowerShell commands5. Systems Manager can help you ensure that all of your Amazon EC2 instances have compliant operating system patches by using the Patch Manager feature.

- (Topic 2)
A company has set up a VPC in its AWS account and has created a subnet in the VPC. The company wants to make the subnet public.
Which AWS features should the company use to meet this requirement? (Select TWO.)

1. A. Amazon VPC internet gateway
2. B. Amazon VPC NAT gateway
3. C. Amazon VPC route tables
4. D. Amazon VPC network ACL
5. E. Amazon EC2 security groups

Correct Answer: AC
To make a subnet public, the company should use an Amazon VPC internet gateway and an Amazon VPC route table. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. To enable internet access for a subnet, you need to attach an internet gateway to your VPC and add a route to the internet gateway in the route table associated with the subnet.

- (Topic 1)
Which AWS service or tool does AWS Control Tower use to create resources?

1. A. AWS CloudFormation
2. B. AWS Trusted Advisor
3. C. AWS Directory Service
4. D. AWS Cost Explorer

Correct Answer: A
AWS Control Tower uses AWS CloudFormation to create resources in your landing zone. AWS CloudFormation is a service that helps you model and set up your AWS resources using templates. AWS Control Tower supports creating AWS::ControlTower::EnabledControl resources in AWS CloudFormation. Therefore, the correct answer is A. You can learn more about AWS Control Tower and AWS CloudFormation from this page.

- (Topic 2)
A company wants to run its production workloads on AWS. The company needs concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week.
Which AWS Support plan will meet these requirements?

1. A. AWS Basic Support
2. B. AWS Enterprise Support
3. C. AWS Business Support
4. D. AWS Developer Support

Correct Answer: B
B is correct because AWS Enterprise Support is the AWS Support plan that provides concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week. This plan is designed for customers who run mission-critical workloads on AWS and need the highest level of support. A is incorrect because AWS Basic Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for a limited set of AWS services. It does not provide concierge service, a designated TAM, or 24/7 technical support. C is incorrect because AWS Business Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for all AWS services, as well as access to AWS Trusted Advisor and AWS Support API. It does not provide concierge service or a designated TAM. D is incorrect because AWS Developer Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for all AWS services, as well as access to AWS Trusted Advisor. It does not provide concierge service, a designated TAM, or 24/7 technical support.

- (Topic 2)
A company needs Amazon EC2 instances for a workload that can tolerate interruptions.
Which EC2 instance purchasing option meets this requirement with the LARGEST discount compared to On-Demand prices?

1. A. Spot Instances
2. B. Convertible Reserved Instances
3. C. Standard Reserved Instances
4. D. Dedicated Hosts

Correct Answer: A
Spot Instances are spare Amazon EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for workloads that can tolerate interruptions, such as batch processing, data analysis, and testing. Spot Instances are allocated based on the current supply and demand, and can be reclaimed by AWS with a two-minute notice when the demand exceeds the supply5. Convertible Reserved Instances are a type of Reserved Instances that provide a significant discount (up to 54%) compared to On-Demand prices and a capacity reservation for Amazon EC2 instances. They are available in 1-year or 3-year terms and allow users to change the instance family, size, operating system, or tenancy during the term. Standard Reserved Instances are another type of Reserved Instances that provide a larger discount (up to 75%) compared to On-Demand prices and a capacity reservation for Amazon EC2 instances. They are available in 1-year or 3-year terms and do not allow users to change the instance attributes during the term. Dedicated Hosts are physical servers with Amazon EC2 instance capacity fully dedicated to the user’s use. They are suitable for users who have specific server- bound software licenses or compliance requirements.