- (Topic 2)
A company wants to migrate its on-premises application to the AWS Cloud. The company is legally obligated to retain certain data in its onpremises data center.
Which AWS service or feature will support this requirement?

1. A. AWS Wavelength
2. B. AWS Local Zones
3. C. VMware Cloud on AWS
4. D. AWS Outposts

Correct Answer: D
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on- premises facility for a truly consistent hybrid experience. AWS Outposts enables you to run AWS services in your on-premises data center, which can support the requirement of retaining certain data on-premises due to legal obligations5.

- (Topic 3)
An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability Zones in the us- east-1 Region.
How should the company respond to the auditor's request?

1. A. Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
2. B. Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company operates.
3. C. Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
4. D. Use AWS Artifact to download the applicable report for AWS security control
5. E. Provide the report to the auditor.

Correct Answer: D
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). You can use AWS Artifact to download the applicable report for AWS security controls and provide it to the auditor.

- (Topic 3)
A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the AWS Cloud.
Which AWS service or tool will meet these requirements?

1. A. AWS Trusted Advisor
2. B. Amazon Inspector
3. C. AWS Control Tower
4. D. Migration Evaluator

Correct Answer: D
Migration Evaluator is an AWS service that provides a customized assessment of your current on-premises environment and helps you build a data-driven business case for migration to AWS. Migration Evaluator collects and analyzes data from your on-premises servers, such as CPU, memory, disk, network, and utilization metrics, and compares them with the most cost-effective AWS alternatives. Migration Evaluator also helps you understand your existing software licenses and running costs, and provides recommendations for Bring Your Own License (BYOL) and License Included (LI) options in AWS. Migration Evaluator generates a detailed report that shows your projected running costs in the AWS Cloud, along with potential savings and benefits. You can use this report to support your decision-making and planning for cloud migration. References: Cloud Business Case & Migration Plan - Amazon Migration Evaluator - AWS, Getting started with Migration Evaluator

- (Topic 2)
A company has set up a VPC in its AWS account and has created a subnet in the VPC. The company wants to make the subnet public.
Which AWS features should the company use to meet this requirement? (Select TWO.)

1. A. Amazon VPC internet gateway
2. B. Amazon VPC NAT gateway
3. C. Amazon VPC route tables
4. D. Amazon VPC network ACL
5. E. Amazon EC2 security groups

Correct Answer: AC
To make a subnet public, the company should use an Amazon VPC internet gateway and an Amazon VPC route table. An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. To enable internet access for a subnet, you need to attach an internet gateway to your VPC and add a route to the internet gateway in the route table associated with the subnet.

- (Topic 3)
A company processes personally identifiable information (Pll) and must keep data in the country where it was generated. The company wants to use Amazon EC2 instances for these workloads.
Which AWS service will meet these requirements?

1. A. AWS Outposts
2. B. AWS Storage Gateway
3. C. AWS DataSync
4. D. AWS OpsWorks

Correct Answer: A
AWS Outposts is an AWS service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility. AWS Outposts enables you to run Amazon EC2 instances and other AWS services locally, while maintaining a consistent and seamless connection to the AWS Cloud. AWS Outposts is ideal for workloads that require low latency, local data processing, or data residency. By using AWS Outposts, the company can process personally identifiable information (PII) and keep data in the country where it was generated, while leveraging the benefits of AWS