- (Topic 1)
A company wants to manage access and permissions for its third-party software as a service (SaaS)
applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications.
Which AWS service should the company use to meet these requirements?

1. A. Amazon Cognito
2. B. AWS IAM Identity Center (AWS Single Sign-On)
3. C. AWS Identity and Access Management (IAM)
4. D. AWS Directory Service for Microsoft Active Directory

Correct Answer: B
AWS IAM Identity Center (AWS Single Sign-On) is the AWS service that the company should use to meet the requirements of managing access and permissions for its third-party SaaS applications. AWS Single Sign-On is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. You can use AWS Single Sign-On to enable your users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place4.

- (Topic 3)
A company wants to minimize network latency between its Amazon EC2 instances. The EC2 instances do not need to be highly available.
Which solution meets these requirements?

1. A. Use EC2 instances in a single Availability Zone.
2. B. Use Amazon CloudFront as the database for the EC2 instances.
3. C. Use EC2 instances in the same edge location and the same Availability Zone.
4. D. Use EC2 instances in the same edge location and the same AWS Region.

Correct Answer: A
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not needing high availability. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However, EC2 instances in a single Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone

- (Topic 3)
A company wants to design a reliable web application that is hosted on Amazon EC2. Which approach will achieve this goal?

1. A. Launch large EC2 instances in the same Availability Zone.
2. B. Spread EC2 instances across more than one security group.
3. C. Spread EC2 instances across more than one Availability Zone.
4. D. Use an Amazon Machine Image (AMI) from AWS Marketplace.

Correct Answer: C
The approach that will achieve the goal of designing a reliable web application that is hosted on Amazon EC2 is to spread EC2 instances across more than one Availability Zone. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. By spreading EC2 instances across multiple Availability Zones, users can increase the fault tolerance and availability of their web applications, as well as reduce latency for end users2. Launching large EC2 instances in the same Availability Zone, spreading EC2 instances across more
than one security group, or using an Amazon Machine Image (AMI) from AWS Marketplace are not sufficient to ensure reliability, as they do not provide redundancy or resilience in case of an outage in one Availability Zone.

- (Topic 2)
Which credential allows programmatic access to AWS resources for use from the AWS CLI or the AWS API?

1. A. User name and password
2. B. Access keys
3. C. SSH public keys
4. D. AWS Key Management Service (AWS KMS) keys

Correct Answer: B
Access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS using the AWS CLI or AWS API1. User name and password are credentials that you use to sign in to the AWS Management Console or the AWS Management Console mobile app2. SSH public keys are credentials that you use to authenticate with EC2 instances that are launched from certain Linux AMIs3. AWS Key Management Service (AWS KMS) keys are customer master keys (CMKs) that you use to encrypt and decrypt your data and to control access to your data across AWS services and in your applications4.

- (Topic 2)
A company needs to launch an Amazon EC2 instance.
Which of the following can the company use during the launch process to configure the root volume of the EC2 instance?

1. A. Amazon EC2 Auto Scaling
2. B. Amazon Data Lifecycle Manager (Amazon DLM)
3. C. Amazon Machine Image (AMI)
4. D. Amazon Elastic Block Store (Amazon EBS) volume

Correct Answer: C
Amazon Machine Image (AMI) is the option that the company can use during the launch process to configure the root volume of the EC2 instance. An AMI is a template that contains the software configuration, such as the operating system, applications, and
settings, required to launch an EC2 instance. An AMI also specifies the volume size and type of the root device for the instance. The company can choose an AMI provided by AWS, the AWS Marketplace, or the AWS community, or create a custom AMI. For more information, see [Amazon Machine Images (AMI)] and [Launching an Instance Using the Launch Instance Wizard].