- (Topic 2)
A company suspects that its AWS resources are being used for illegal activities. Which AWS group or team should the company notify?

1. A. AWS Abuse team
2. B. AWS Support team
3. C. AWS technical account managers
4. D. AWS Professional Services team

Correct Answer: A
AWS Abuse team is the AWS group or team that the company should notify if it suspects that its AWS resources are being used for illegal activities. AWS Abuse team is a dedicated team that handles reports of abuse, such as spam, phishing, malware, denial-of-service attacks, and unauthorized access, involving AWS resources. The company can contact the AWS Abuse team by filling out the [Report Abuse of AWS Resources form] or sending an email to abuse@amazonaws.com. The company should provide as much information as possible, such as the source and destination IP addresses, timestamps, log files, and screenshots, to help the AWS Abuse team investigate and take appropriate actions. For more information, see [Reporting Abuse] and [AWS Acceptable Use Policy].

- (Topic 1)
Which AWS service will help a company identify the user who deleted an Amazon EC2 instance yesterday?

1. A. Amazon CloudWatch
2. B. AWS Trusted Advisor
3. C. AWS CloudTrail
4. D. Amazon Inspector

Correct Answer: C
The correct answer is C because AWS CloudTrail is a service that will help a company identify the user who deleted an Amazon EC2 instance yesterday. AWS CloudTrail is a service that enables users to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Users can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not services that will help a company identify the user who deleted an Amazon EC2 instance yesterday. Amazon CloudWatch is a service that enables users to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Trusted Advisor is a service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps users find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: AWS CloudTrail FAQs

- (Topic 3)
A company is running its application in the AWS Cloud and wants to protect against a DDoS attack. The company's security team wants near real-time visibility into DDoS attacks.
Which AWS service or traffic filter will meet these requirements with the MOST features for DDoS protection?

1. A. AWS Shield Advanced
2. B. AWS Shield
3. C. Amazon GuardDuty
4. D. Network ACLs

Correct Answer: A
AWS Shield Advanced is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield Advanced
provides you with 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration. AWS Shield Advanced also provides near real-time visibility into attacks, advanced attack mitigation capabilities, and integration with AWS WAF and AWS Firewall Manager1. AWS Shield is a standard service that provides always-on detection and automatic inline mitigations to minimize application downtime and latency, but it does not offer the same level of features and support as AWS Shield Advanced2. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it does not provide DDoS protection3. Network ACLs are stateless filters that can be associated with a subnet to control the traffic to and from the subnet, but they are not designed to protect against DDoS attacks

- (Topic 2)
In which categories does AWS Trusted Advisor provide recommended actions? (Select TWO.)

1. A. Operating system patches
2. B. Cost optimization
3. C. Repetitive tasks
4. D. Service quotas
5. E. Account activity records

Correct Answer: BD
AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor provides recommended actions in five categories: cost optimization, performance, security, fault tolerance, and service quotas. Cost optimization helps you reduce your overall AWS costs by identifying idle and underutilized resources. Service quotas helps you monitor and manage your usage of AWS service quotas and request quota increases. Operating system patches, repetitive tasks, and account activity records are not categories that AWS Trusted Advisor provides recommended actions for. Source: [AWS Trusted Advisor]

- (Topic 3)
Which of the following is a benefit of operating in the AWS Cloud?

1. A. The ability to migrate on-premises network devices to the AWS Cloud
2. B. The ability to expand compute, storage, and memory when needed
3. C. The ability to host custom hardware in the AWS Cloud
4. D. The ability to customize the underlying hypervisor layer for Amazon EC2

Correct Answer: B
One of the benefits of operating in the AWS Cloud is the ability to expand compute, storage, and memory when needed, which enables users to scale their applications and resources up or down based on demand. This also helps users optimize their costs and performance. The ability to migrate on-premises network devices to the AWS Cloud, the ability to host custom hardware in the AWS Cloud, and the ability to customize the underlying hypervisor layer for Amazon EC2 are not benefits of operating in the AWS Cloud, as they are either not possible or not recommended by AWS .