Which AWS service or feature enables users to encrypt data at rest in Amazon S3?
Correct Answer: B
Explanation Server-side encryption is an encryption option that Amazon S3 provides to encrypt data at rest in Amazon S3. With server-side encryption, Amazon S3 encrypts an object before saving it to disk in its data centers and decrypts it when you download the objects. You have three server-side encryption options to choose from: SSE-S3, SSE-C, and SSE-KMS. SSE-S3 uses keys that are managed by Amazon S3. SSE-C allows you to manage your own encryption keys. SSE-KMS uses keys that are managed by AWS Key Management Service (AWS KMS)5.
Question 438
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
Correct Answer: B,C
Change and release management Explanation: These are two of the seven capabilities that are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF). The platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions1. The other five capabilities are: Platform architecture - Establish and maintain guidelines, principles, patterns, and guardrails for your cloud environment. Platform engineering - Build a compliant multi-account cloud environment with enhanced security features, and packaged, reusable cloud products. Platform operations - Manage and optimize your cloud environment with automation, monitoring, and incident response. Application development - Develop and deploy cloud-native applications using modern architectures and best practices. Application migration - Migrate your existing applications to the cloud using proven methodologies and tools. Performance and capacity management, infrastructure protection, and change and release management are not capabilities of the platform perspective. They are part of the operations perspective, which helps you achieve operational excellence in the cloud2. The operations perspective comprises six capabilities: Performance and capacity management - Monitor and optimize the performance and capacity of your cloud workloads. Infrastructure protection - Protect your cloud infrastructure from unauthorized access, malicious attacks, and data breaches. Change and release management - Manage changes and releases to your cloud workloads using automation and governance. Configuration management - Manage the configuration of your cloud resources and applications using automation and version control. Incident management - Respond to incidents affecting your cloud workloads using best practices and tools. Service continuity management - Ensure the availability and resilience of your cloud workloads using backup, recovery, and disaster recovery strategies.
Question 439
Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?
Correct Answer: D
Explanation The AWS shared responsibility model describes how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is responsible for the security of the cloud, which includes the physical security of AWS facilities, the infrastructure, hardware, software, and networking that run AWS services. The customer is responsible for security in the cloud, which includes the configuration of security groups, the encryption of customer data on AWS, the management of AWS Lambda infrastructure, and the management of network throughput of each AWS Region. One of the customer responsibilities is to ensure that Amazon EBS volumes are backed up.
Question 440
A user is moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud. Which type of migration is this?
Correct Answer: C
Explanation C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
