- (Topic 2)
Which AWS service can defend against DDoS attacks?

1. A. AWS Firewall Manager
2. B. AWS Shield Standard
3. C. AWS WAF
4. D. Amazon Inspector

Correct Answer: B
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It automatically detects and mitigates the most common and frequently occurring network and transport layer DDoS attacks that target AWS resources, such as Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS Firewall Manager is a service that allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced protections, and Amazon VPC security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.

- (Topic 3)
A company wants a list of all users in its AWS account, the status of all of the users' access keys, and if multi-factor authentication (MFA) has been configured.
Which AWS service or feature will meet these requirements?

1. A. AWS Key Management Service (AWS KMS)
2. B. IAM Access Analyzer
3. C. IAM credential report
4. D. Amazon CloudWatch

Correct Answer: C
IAM credential report is a feature that allows you to generate and download a report that lists all IAM users in your AWS account and the status of their various credentials, including access keys and MFA devices. You can use this report to audit the security status of your IAM users and ensure that they follow the best practices for using AWS1.
AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys to protect your data. It does not provide information about IAM users or their credentials2.
IAM Access Analyzer is a feature that helps you identify the resources in your AWS account, such as S3 buckets or IAM roles, that are shared with an external entity. It does not provide information about IAM users or their credentials3.
Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications. It does not provide information about IAM users or their credentials4.
References:
✑ Getting credential reports for your AWS account - AWS Identity and Access Management
✑ AWS Key Management Service - Amazon Web Services
✑ IAM Access Analyzer - AWS Identity and Access Management
✑ Amazon CloudWatch - Amazon Web Services

- (Topic 2)
Which group shares responsibility with AWS for security and compliance of AWS accounts and resources?

1. A. Third-party vendors
2. B. Customers
3. C. Reseller partners
4. D. Internet providers

Correct Answer: B
Customers share responsibility with AWS for security and compliance of AWS accounts and resources. This is part of the AWS shared responsibility model, which defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the physical and environmental controls of the AWS global infrastructure, such as power, cooling, fire suppression, and physical access. The customer is responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications, such as identity and access management, encryption, firewall, and backup.
For more information, see AWS Shared Responsibility Model and AWS Cloud Security.

- (Topic 3)
A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance.
Which AWS service meets these requirements?

1. A. AWS Lambda
2. B. Amazon RDS
3. C. AWS Fargate
4. D. Amazon Athena

Correct Answer: C
AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). AWS Fargate allows you to run containers without having to manage servers or clusters of Amazon EC2 instances. With AWS Fargate, you only pay for the compute resources you use to run your containers, and you don’t need to worry about scaling, patching, securing, or maintaining the underlying infrastructure. AWS Fargate simplifies the deployment and management of containerized applications, and enables you to focus on building and running your applications instead of managing the infrastructure. References: AWS Fargate, What is AWS Fargate?

- (Topic 3)
Which database engines does Amazon Aurora support? (Select TWO.)

1. A. Oracle
2. B. Microsoft SQL Server
3. C. MySQL
4. D. PostgreSQL
5. E. MongoDB

Correct Answer: CD
Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL engines. It delivers up to five times the performance of MySQL and up to three times the performance of PostgreSQL. It also provides high availability, scalability, security, and durability1