- (Topic 2)
Which AWS service is always free of charge for users?

1. A. Amazon S3
2. B. Amazon Aurora
3. C. Amazon EC2
4. D. AWS Identity and Access Management (IAM)

Correct Answer: D
AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It enables users to create and manage users, groups, roles, and policies that control who can do what in AWS. IAM is always free of charge for users, as there is no additional cost for using IAM with any AWS service1. Amazon S3 is a storage service that provides scalable, durable, and secure object storage. Amazon S3 has a free tier that offers 5 GB of storage, 20,000 GET requests, and 2,000 PUT requests per month for one year. However, users are charged for any additional usage beyond the free tier limits2. Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL. Amazon Aurora has a free tier that offers 750 hours of Aurora Single-AZ db.t2.small database usage and 20 GB of storage per month for one year. However, users are charged for any additional usage beyond the free tier limits3. Amazon EC2 is a compute service that provides resizable virtual servers. Amazon EC2 has a free tier that offers 750 hours of Linux and Windows t2.micro instances per month for one year. However, users are charged for any additional usage beyond the free tier limits4.

- (Topic 2)
A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic.
Which AWS service will meet these requirements?

1. A. Amazon GuardDuty
2. B. AWSWAF
3. C. Amazon Macie
4. D. AWS Shield

Correct Answer: B
The AWS service that will meet the requirements of the company that is hosting a web application on Amazon EC2 instances and wants to implement custom conditions to filter and control inbound web traffic is AWS WAF. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, Amazon Macie, and AWS Shield are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. Amazon Macie is a data security and data privacy service that uses machine learning and pattern matching to discover, classify, and protect sensitive data stored in Amazon S3. AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS. These services are more useful for detecting and preventing different types of threats and attacks, rather than filtering and controlling inbound web traffic based on custom conditions.

- (Topic 3)
A company needs to store data from a recommendation engine in a database.
Which AWS service provides this functionality with the LEAST operational overhead?

1. A. Amazon RDS for PostgreSQL
2. B. Amazon DynamoDB
3. C. Amazon Neptune
4. D. Amazon Aurora

Correct Answer: B
Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. It’s a fully managed, multi-region, multi- active, durable database with built-in security, backup and restore, and in-memory caching for internet-scale applications. DynamoDB can handle more than 10 trillion requests per day and can support peaks of more than 20 million requests per second. DynamoDB provides the least operational overhead for storing data from a recommendation engine, as it does not require any server provisioning, patching, or maintenance3

- (Topic 1)
Which of the following is a characteristic of the AWS account root user?

1. A. The root user is the only user that can be configured with multi-factor authentication (MFA).
2. B. The root user is the only user that can access the AWS Management Console.
3. C. The root user is the first sign-in identity that is available when an AWS account is created.
4. D. The root user has a password that cannot be changed.

Correct Answer: C
The AWS account root user is the first sign-in identity that is available when an AWS account is created. It has complete access to all AWS services and resources in the account. The root user email address and password are the same credentials that are used to sign in to the AWS Management Console4. The root user should be used only to perform a few account and service management tasks. For day-to-day tasks, it is recommended to use AWS Identity and Access Management (IAM) users or roles instead.

- (Topic 1)
Which of the following is a cost efficiency principle related to the AWS Cloud?

1. A. Right-size services based on capacity requirements.
2. B. Use the Billing Dashboard to access information about monthly bills.
3. C. Use AWS Organizations to combine the expenses of multiple accounts into a single bill.
4. D. Tag all AWS resources.

Correct Answer: A
One of the cost efficiency principles related to the AWS Cloud is to right-size services based on capacity requirements. This means choosing the most appropriate type
and size of AWS resources to meet the performance and scalability needs of the applications, while avoiding over-provisioning or under-provisioning. By right-sizing services, users can optimize the costs and benefits of using the AWS Cloud1