- (Topic 1)
Which of the following are advantages of moving to the AWS Cloud? (Select TWO.)

1. A. The ability to turn over the responsibility for all security to AWS.
2. B. The ability to use the pay-as-you-go model.
3. C. The ability to have full control over the physical infrastructure.
4. D. No longer having to guess what capacity will be required.
5. E. No longer worrying about users access controls.

Correct Answer: BD
The advantages of moving to the AWS Cloud are the ability to use the pay- as-you-go model and no longer having to guess what capacity will be required. The pay-as- you-go model allows the user to pay only for the resources they use, without any upfront or long-term commitments. This reduces the cost and risk of over-provisioning or under- provisioning resources. No longer having to guess what capacity will be required means that the user can scale their resources up or down according to the demand, without wasting money on idle resources or losing customers due to insufficient capacity4.

- (Topic 3)
A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.
Which AWS service will meet this requirement?

1. A. IAM group
2. B. IAM role
3. C. IAM tag
4. D. IAM Access Analyzer

Correct Answer: B
IAM roles are a way to delegate access to resources in different AWS accounts. IAM roles allow users to assume a set of permissions for a limited time without having to create or share long-term credentials. IAM roles can be used to grant cross- account access by creating a trust relationship between the accounts and specifying the permissions that the role can perform. Users can then switch to the role and access the resources in the other account using temporary security credentials provided by the
role. References: Cross account resource access in IAM, IAM tutorial: Delegate access across AWS accounts using IAM roles, How to Enable Cross-Account Access to the AWS Management Console

- (Topic 1)
Which of the following acts as an instance-level firewall to control inbound and outbound access?

1. A. Network access control list
2. B. Security groups
3. C. AWS Trusted Advisor
4. D. Virtual private gateways

Correct Answer: B
The correct answer is B because security groups are AWS features that act as instance-level firewalls to control inbound and outbound access. Security groups are virtual firewalls that can be attached to one or more Amazon EC2 instances. Users can configure rules for security groups to allow or deny traffic based on protocols, ports, and source or destination IP addresses. The other options are incorrect because they are not AWS features that act as instance-level firewalls to control inbound and outbound access. Network access control list is an AWS feature that acts as a subnet-level firewall to control inbound and outbound access. AWS Trusted Advisor is an AWS service that provides real- time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. Virtual private gateways are AWS features that enable users to create a secure and encrypted connection between their VPC and their on- premises network. Reference: Security Groups for Your VPC

- (Topic 1)
Which task is the responsibility of a company that is using Amazon RDS?

1. A. Provision the underlying infrastructure.
2. B. Create IAM policies to control administrative access to the service.
3. C. Install the cables to connect the hardware for compute and storage.
4. D. Install and patch the RDS operating system.

Correct Answer: B
The correct answer is B because AWS IAM policies can be used to control administrative access to the Amazon RDS service. The other options are incorrect because they are the responsibilities of AWS, not the company that is using Amazon RDS. AWS manages the provisioning, cabling, installation, and patching of the underlying infrastructure for Amazon RDS. Reference: Amazon RDS FAQs

- (Topic 3)
Which AWS service uses AWS Compute Optimizer to provide sizing recommendations based on workload metrics?

1. A. Amazon EC2
2. B. Amazon RDS
3. C. Amazon Lightsail
4. D. AWS Step Functions

Correct Answer: A
Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud. It allows you to launch virtual servers, called instances, with different configurations of CPU, memory, storage, and networking resources. AWS Compute Optimizer analyzes the specifications and utilization metrics of your Amazon EC2 instances and generates recommendations for optimal instance types that can reduce costs and improve performance. You can view the recommendations on the AWS Compute Optimizer console or the Amazon EC2 console12.
Amazon RDS, Amazon Lightsail, and AWS Step Functions are not supported by AWS Compute Optimizer. Amazon RDS is a managed relational database service that lets you set up, operate, and scale a relational database in the cloud. Amazon Lightsail is an easy- to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan. AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly3 .