- (Topic 3)
An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability Zones in the us- east-1 Region.
How should the company respond to the auditor's request?

1. A. Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
2. B. Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company operates.
3. C. Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
4. D. Use AWS Artifact to download the applicable report for AWS security control
5. E. Provide the report to the auditor.

Correct Answer: D
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). You can use AWS Artifact to download the applicable report for AWS security controls and provide it to the auditor.

- (Topic 1)
Which AWS services and features are provided to all customers at no charge? (Select TWO.)

1. A. Amazon Aurora
2. B. VPC
3. C. Amazon SageMaker
4. D. AWS Identity and Access Management (IAM)
5. E. Amazon Polly

Correct Answer: BD
The AWS services and features that are provided to all customers at no charge are VPC and AWS Identity and Access Management (IAM). VPC is a service that allows you to launch AWS resources in a logically isolated virtual network that you define. You can create and use a VPC at no additional charge, and you only pay for the resources that you launch in the VPC, such as EC2 instances or EBS volumes. IAM is a service that allows you to manage access and permissions to AWS resources. You can create and use IAM users, groups, roles, and policies at no additional charge, and you only pay for the AWS resources that the IAM entities access. Amazon Aurora, Amazon SageMaker, and Amazon Polly are not free services, and they charge based on the usage and features that you choose5

- (Topic 3)
A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?

1. A. Security
2. B. Performance efficiency
3. C. Cost optimization
4. D. Operational excellence

Correct Answer: D
The scenario represents the operational excellence pillar of the AWS Well- Architected Framework, which focuses on running and monitoring systems to deliver business value and continually improve supporting processes and procedures1. Security, performance efficiency, cost optimization, and reliability are the other four pillars of the framework1.

- (Topic 1)
Which duties are the responsibility of a company that is using AWS Lambda? (Select TWO.)

1. A. Security inside of code
2. B. Selection of CPU resources
3. C. Patching of operating system
4. D. Writing and updating of code
5. E. Security of underlying infrastructure

Correct Answer: AD
The duties that are the responsibility of a company that is using AWS Lambda are security inside of code and writing and updating of code. AWS Lambda is a serverless compute service that allows you to run code without provisioning or managing servers, scaling, or patching. AWS Lambda takes care of the security of the underlying infrastructure, such as the operating system, the network, and the firewall. However, the company is still responsible for the security of the code itself, such as encrypting sensitive data, validating input, and handling errors. The company is also responsible for writing and updating the code that defines the Lambda function, and choosing the runtime environment, such as Node.js, Python, or Java. AWS Lambda does not require the selection of CPU resources, as it automatically allocates them based on the memory configuration34

- (Topic 1)
A company is running applications on Amazon EC2 instances in the same AWS account for several different projects. The company wants to track the infrastructure costs for each of the projects separately. The company must conduct this tracking with the least possible impact to the existing infrastructure and with no additional cost.
What should the company do to meet these requirements?

1. A. Use a different EC2 instance type for each project.
2. B. Publish project-specific custom Amazon CloudWatch metrics for each application.
3. C. Deploy EC2 instances for each project in a separate AWS account.
4. D. Use cost allocation tags with values that are specific to each project.

Correct Answer: D
The correct answer is D because cost allocation tags are a way to track the infrastructure costs for each of the projects separately. Cost allocation tags are key-value pairs that can be attached to AWS resources, such as EC2 instances, and used to categorize and group them for billing purposes. The other options are incorrect because they do not meet the requirements of the question. Use a different EC2 instance type for each project does not help to track the costs for each project, and may impact the performance and compatibility of the applications. Publish project-specific custom Amazon CloudWatch metrics for each application does not help to track the costs for each project, and may incur additional charges for using CloudWatch. Deploy EC2 instances for each project in a separate AWS account does help to track the costs for each project, but it impacts the existing infrastructure and incurs additional charges for using multiple accounts. Reference: Using Cost Allocation Tags