- (Topic 3)
Which AWS service or storage class provides low-cost, long-term data storage?

1. A. Amazon S3 Glacier Deep Archive
2. B. AWS Snowball
3. C. Amazon MQ
4. D. AWS Storage Gateway

Correct Answer: A
Amazon S3 Glacier Deep Archive is a storage class within Amazon S3 that provides the lowest-cost, long-term data storage for data that is rarely accessed. AWS Snowball is a service that provides a physical device for transferring large amounts of data into and out of AWS. Amazon MQ is a service that provides managed message broker service for Apache ActiveMQ. AWS Storage Gateway is a service that provides hybrid cloud storage for on-premises applications.

- (Topic 3)
A company has teams that have different job roles and responsibilities. The company's employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.
Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

1. A. IAM user groups
2. B. IAM roles
3. C. IAM instance profiles
4. D. IAM policies for individual users

Correct Answer: B
IAM roles are a way of granting temporary permissions to entities that need to access AWS resources, such as users, applications, or services. IAM roles allow customers to assign permissions to entities without having to create or manage IAM users or credentials for them. IAM roles can be assumed by different entities depending on the trust policy attached to the role. For example, IAM roles can be assumed by IAM users in the same or different AWS accounts, AWS services such as EC2 or Lambda, or external identities such as federated users or web identities. IAM roles can also be switched by IAM users to temporarily change their permissions. IAM roles are recommended for managing permissions for employees who often change teams, because they allow customers to define permissions based on job roles and responsibilities, and easily assign or revoke them as needed. IAM roles also reduce the operational overhead of creating, updating, or deleting IAM users or credentials for each employee or team change.

- (Topic 3)
How does the AWS Enterprise Support Concierge team help users?

1. A. Supporting application development
2. B. Providing architecture guidance
3. C. Answering billing and account inquiries
4. D. Answering questions regarding technical support cases

Correct Answer: C
The AWS Enterprise Support Concierge team is a group of billing and account experts who specialize in working with enterprise customers. They can help customers with questions about billing, account management, cost optimization, and other non-technical issues. They can also assist customers with navigating and optimizing their AWS environment, such as setting up consolidated billing, applying for service limit increases, or requesting refunds. References:
✑ AWS Support Plan Comparison
✑ AWS Enterprise Support Plan
✑ Answer Explained: Which AWS Support plan provides access to AWS Concierge Support team for account assistance?

- (Topic 2)
A company wants to move its iOS application development and build activities to AWS. Which AWS service or resource should the company use for these activities?

1. A. AWS CodeCommit
2. B. Amazon EC2 M1 Mac instances
3. C. AWS Amplify
4. D. AWS App Runner

Correct Answer: B
Amazon EC2 M1 Mac instances are the AWS service or resource that the company should use for its iOS application development and build activities, as they enable users to run macOS on AWS and access a broad and growing set of AWS services. AWS CodeCommit is a service that provides a fully managed source control service that hosts secure Git-based repositories. AWS Amplify is a set of tools and services that enable developers to build full-stack web and mobile applications using AWS. AWS App Runner is a service that makes it easy for developers to quickly deploy containerized web applications and APIs. These concepts are explained in the AWS Developer Tools page4.

- (Topic 1)
Which AWS network services or features allow Cl DR block notation when providing an IP address range?
(Select TWO.)

1. A. Security groups
2. B. Amazon Machine Image (AMI)
3. C. Network access control list (network ACL)
4. D. AWS Budgets
5. E. Amazon Elastic Block Store (Amazon EBS)

Correct Answer: AC
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied