- (Topic 1)
Which tasks are customer responsibilities according to the AWS shared responsibility model? (Select TWO.)

1. A. Determine application dependencies with operating systems.
2. B. Provide user access with AWS Identity and Access Management (IAM).
3. C. Secure the data center in an Availability Zone.
4. D. Patch the hypervisor.
5. E. Provide network availability in Availability Zones.

Correct Answer: B
The correct answer to the question is B because providing user access with AWS Identity and Access Management (IAM) is a customer responsibility according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. IAM is an AWS service that enables customers to manage access and permissions to AWS resources and services. Customers are responsible for creating and managing IAM users, groups, roles, and policies, and ensuring that they follow the principle of least privilege. Reference: AWS Shared Responsibility Model

- (Topic 3)
Which AWS services or features can a company use to connect the network of its on- premises data center to AWS? (Select TWO.)

1. A. AWS VPN
2. B. AWS Directory Service
3. C. AWS Data Pipeline
4. D. AWS Direct Connect
5. E. AWS CloudHSM

Correct Answer: AD
AWS VPN and AWS Direct Connect are two services that enable customers to connect their on-premises data center network to the AWS Cloud. AWS VPN establishes a secure and encrypted connection over the public internet, while AWS Direct Connect establishes a dedicated and private connection through a partner network. You can learn more about AWS VPN from [this webpage] or [this digital course]. You can learn more about AWS Direct Connect from [this webpage] or [this digital course].

- (Topic 2)
Which option is a pillar of the AWS Well-Architected Framework?

1. A. Patch management
2. B. Cost optimization
3. C. Business technology strategy
4. D. Physical and environmental controls

Correct Answer: B
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework, you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The Framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization2.

- (Topic 1)
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)

1. A. AWS Trusted Advisor
2. B. AWS Online Tech Talks
3. C. AWS Blog
4. D. AWS Forums
5. E. AWS Classroom Training

Correct Answer: BE
The correct answers are B and E because AWS Online Tech Talks and AWS Classroom Training are options that AWS makes available for customers who want to learn about security in the cloud in an instructor-led setting. AWS Online Tech Talks are live, online presentations that cover a broad range of topics at varying technical levels. AWS Online Tech Talks are delivered by AWS experts and feature live Q&A sessions with the audience. AWS Classroom Training are in-person or virtual courses that are led by accredited AWS instructors. AWS Classroom Training offer hands-on labs, exercises, and best practices to help customers gain confidence and skills on AWS. The other options are incorrect because they are not options that AWS makes available for customers who want to learn about security in the cloud in an instructor-led setting. AWS Trusted Advisor is an AWS service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. AWS Blog is an AWS resource that provides news, announcements, and insights from AWS experts and customers. AWS Forums are AWS resources that enable customers to interact with other AWS users and get feedback and support. Reference: AWS Online Tech Talks, AWS Classroom Training

- (Topic 3)
A company wants to migrate its workloads to AWS, but it lacks expertise in AWS Cloud computing.
Which AWS service or feature will help the company with its migration?

1. A. AWS Trusted Advisor
2. B. AWS Consulting Partners
3. C. AWS Artifacts
4. D. AWS Managed Services

Correct Answer: D
AWS Managed Services is a service that provides operational management for AWS infrastructure and applications. It helps users migrate their workloads to AWS and provides ongoing support, security, compliance, and automation. AWS Trusted Advisor is a service that provides best practices and recommendations for cost optimization, performance, security, and fault tolerance. AWS Consulting Partners are professional services firms that help customers design, architect, build, migrate, and manage their workloads and applications on AWS. AWS Artifacts is a service that provides on-demand access to AWS compliance reports and select online agreements.