1. When designing a storage strategy for Amazon S3, which feature should you highlight to your cost center manager due to the additional cost it brings.

A. MFA Delete
B. Versioning
C. Lifecycle Rules
D. S3 Bucket Policies

2. You are working as a Solutions Architect for a large retail company. You are required to create a virtual private cloud which connects to your on-premise environment to create a hybrid cloud. Not all applications from your on-premise datacenter can be migrated to AWS. Which option is best suited to create the most reliable connection with the highest throughput for your hybrid environment?

A. Amazon CloudFront
B. VPN Connectivity
C. Direct Connect
D. VPC Endpoints
E. Internet Gateway

3. You have configured a VPC with 2 subnets, one is to be used as a public subnet and another as a private subnet.  You have already created an Internet Gateway, but what 2 additional steps do you need to configure to ensure this is a public subnet?

A. Add a route from your public subnet that points to 0.0.0.0/0 via the IGW
B. Configure a Bastion Host
C. Attach your IGW to your VPC
D. Add a route from your private subnet that points to 0.0.0.0/0 via the IGW

4. From a disaster recovery perspective, what is the recovery time objective (RTO)?

A. RTO is defined as the maximum amount of time for which a data could be lost for a service.
B. RTO is defined as the amount of time it takes for your core services to meet restart after a failure
C. RTO is defined as the amount of time left between backups in your backup strategy
D. RTO is defined as the maximum amount of time in which a service can remain unavailable before it's classed as damaging to the business

5. You have been asked to ensure that your organization's data is encrypted when stored on S3.  The requirements specify require that encryption must happen before the object is uploaded using keys managed by AWS.  Which S3 encryption options is best suited?

A. SSE-KMS
B. CSE-KMS
C. SSE-S3
D. CSE-C
E. SSE-C

6. You have been asked to design and implement a new disaster recovery strategy for your organization.  The directory has indicated the importance of the service and that it must be available with the lowest RTO.  There are no other requirements for this strategy. Which DR option would meet the of the director?

A. Backup
B. Pilot Method
C. Warm Standby
D. Multi-Site

7. When IAM policies are being evaluated for their logic of access, which 2 of the following statements are incorrect?

A. Explicit denies are always overruled by an explicit allow
B. The order in which the policies are evaluated does not matter to the end result
C. Explicit allows are always overruled by an explicit deny
D. Access to all resources are denied by default until access is granted
E. Access to all resources are allowed by default until access is denied

8. You are investigating an ongoing incident which was caused by an EC2 instance being manually shut down.  You have been asked by your manager to identify who requested the shutdown to ascertain the reasoning behind it.  Which service would you use to identify the identity of the API call which results in the shutdown of the resource?

A. Amazon CloudWatch
B. AWS CloudTrail
C. Amazon Inspector
D. AWS Redshift

9. If your Elastic Load Balancer (ELB) finds an unhealthy instance while performing health checks for your EC2 fleet, what default action does your ELB take?

A. Your ELB with launch new EC2 instances to replace the unhealthy ones
B. You ELB will notify you via SNS to allow you to add an additional healthy instance

C. Your ELB will stop sending requests to the unhealthy instances
D. You ELB will stop sending requests to the fleet until the healthy instance is removed or replaced

10. Your company needs to understand the security provided by AWS Glacier before using it for storage to help enforce regulatory and compliance requirements.  Which of the below statements is true with regards to AWS Glacier data security?

A. You can set up MFA delete against your vaults
B. You can use Vault Lock policies to lock vault access policies
C. AES-128 is used to encrypt all data
D. You can use bucket policies to control who has access to your vaults

11. You have been using AWS Elastic Beanstalk to provision and build your environment, deploying applications quickly and easily.  The finance department has asked how much Elastic Beanstalk is costing per deployment.  Which statement is correct relating to AWS's billing policy for AWS Elastic Beanstalk?

A. You only pay for the cost of resources deployed providing that the resources are located within the same availability zone within a region
B. You are charged $0.10 per resource deployment across all regions in your AWS account
C. You pay a one-time monthly use fee of Elastic Beanstalk allowing you to deploy as many resources as required for the same flat fee
D. You only pay for the cost of resources deployed, there is no additional charge for using Elastic Beanstalk

12. The development team has contacted you explaining that their web instance in the public subnet is no longer able to communicate with the application instance in the private subnet.  Select 2 options that could be the cause of this communication issue between the 2 instances.

A. The security groups associated for each instance could be misconfigured
B. There is no bastion host configured within the public subnet to allow the connection to the private subnet

C. The internet gateway has been created for the VPC but it has NOT yet been attached to the VPC
D. The Network Access Control Lists might be blocking the traffic at a network level
E. The Security group rule set associated to the application instance has been set to allow ANY protocol from ANY source

13. As the administrator of your VPC configuration you are refining the access of your private instances access to the internet.  Looking at the difference between NAT instances and NAT gateway you see there are additional benefits with a Gateway. What additional benefits do Gateways have over NAT instances? (Choose 3).

A. You can launch more than one NAT Gateway for scalability
B. Increased level of performance optimized for NAT traffic
C. Uniform offering of instance size and type
D. Increased Bandwidth over NAT instances
E. Can be used as a Bastion Server

14. Working as an architect you highlight the importance of high availability with their AWS RDS database and suggest that they implement Multi-AZ.  The customer ask you what benefit they gain from implementing this feature. How does Multi-AZ help to maintain a level of high availability?

A. Multi-AZ allows a secondary RDS instance in a different availability zone to that of the primary to take the role of the primary DB in the event of it failing
B. Multi-AZ allows a secondary read replica in a different availability zone to that of the primary to take the role of the primary DB in the event of it failing
C. Multi-AZ allows a secondary RDS instance in a different region to that of the primary to take the role of the primary DB in the event of it failing
D. Multi-AZ allows another primary RDS instance in a different AWS account to that of the primary to take the role of the primary DB in the event of it failing

15. You have been hired to help implement a static website for a pharmaceutical company which is projected to expand at a high rate over the next 2 years.  The customer base of the company has a global reach and the customer has explained it must remain highly available. After reviewing the operations of business you suggest that Amazon S3 is used to host the website.  What advantages does S3 have to help you implement this solution and the demands upon it over the next 2 years?

A. S3 has integration with AWS Config to help with worldwide distribution of content traffic
B. S3 is highly scalable and highly available due to its design
C. S3 can scale to handle almost any load automatically
D. S3 has integration with Amazon CloudFront to help with worldwide distribution of content traffic
E. S3 can be configured through an AWS support ticket to have increased throughput to handle unexpected loads

16. After configuring your EC2 instance you are required to select a _______ to enable you to connect to your instance securely.

A. Secret Access Key
B. Key Pair
C. IAM Role
D. Security Group

17. You are discussing EC2 options with a customer who has concerns over security when using shared tenancy.  Which other tenancy options might be preferable to this customer? (Choose 2)

A. VMware on AWS instances
B. Dedicated Hosts
C. Dedicated Servers
D. Isolated Instances
E. Dedicated Instances

18. You are designing storage requirements for a client and you suggest EBS as a storage solution.  During conversations with your client you explain your reasoning but they have queries and concerns over EBS scalability and resiliency.  What features of EBS can you explain to your client to reassure them? (Choose 3)

A. EBS volumes are automatically replicated across other hosts within the same availability zone for resiliency

B. EBS volumes are easily provisioned to offer additional storage as and when required
C. By creating a snapshot of a volume you can launch a larger volume using the same snapshot.
D. EBS replicates all volumes writes to S3 for additional resiliency
E. EBS volume are automatically backed up by default to at least 2 other regions

19. You are explaining the differences between Security Groups and Network Access Control Lists to a customer.  What 2 key points are important to understand when understanding how these 2 security controls differ from each other? (Choose 3)

A. Security groups are stateful by design and NACLs are not
B. NACLs are stateful by design and security groups are not
C. Security groups allow you to add a ‘Deny’ action within the rule set
D. NACLs allow you to add a ‘Deny’ action within the rule set
E. Security groups control access at the instance level
F. NACLs control access as the instance level

20. You notice that one of your EC2 instances has a failed system status check. Which action should you take to resolve the issue as quickly as possible?

A. Reboot the instance to perform the System Status check again
B. Increase the instance size for better performance
C. Stop and start the instance causing it to launch on a different host
D. Troubleshoot the network configuration of the instance to find the cause

21. As a part of a distributed and secure document repository, you are using Amazon S3 with Amazon CloudFront.  What is the best method of ensuring all web requests to the documents traverse your CloudFront infrastructure rather than the S3 public URL?

A. Configure S3 Bucket permissions to ensure access is granted via the CloudFront distribution
B. Configure an Origin Access Identity (OAI) and associate that to the relevant CloudFront Distribution

C. Set the principal of the S3 bucket policy as the CloudFront distribution
D. Create an IAM user with the relevant permissions to access the bucket and share this identity for permitted users only.

22. By default which metric of EC2 is not monitored and measured by Amazon CloudWatch?

A. CPU Utilization
B. Disk Read Operations
C. Network In
D. Memory Utilization

23. As an administrator, you have configured an AWS Topic to notify engineers when a threshold is met from a metric within CloudWatch to allow them to proactively respond.  After adding the engineers to the topic using the Email endpoint, one of the engineers explains that they are not receiving topic notifications. What is the likely cause of the problem?

A. The engineer does not have the sns:notify permission against his IAM user account
B. The engineer has not accepted the subscription confirmation
C. The engineer has exceeded his inbound quota for SNS notifications
D. The total number of subscribers has been exceeded resulting in some engineers not receiving notifications

24. As the CTO of a fast-paced gaming company you are looking to migrate your infrastructure to AWS.  You have a requirement to use a database that can deliver reliable performance at scale which provides consistent single-digit millisecond latency and in-memory caching.  You aim to use this to store high scores, dynamic content and query game data. Which of the following services would be best suited for this environment?

A. Amazon Redshift
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon EMR

25. You manager has explained that the cost of your fleet of instances is too high and that resources are being wasted on each instance.  As a result, you need to implement a more effective and efficient method of deploying resources. What are the best methods to help minimize the costs of your instances? (Choose 2)

A. Increase the size of your EC2 instances but reduce the quantity
B. Implement Auto Scaling to manage the size of your fleet with demand
C. Use small instances to reduce resource wastage
D. Manually shut down your instances at the end of the day
E. Reduce the size of the ephemeral storage on each instance

26. As a user of a KMS CMK you need to delegate a subset of your own permissions to another principal within the security team.  What element of KMS allows you to do this as a form of resource-based access control?

A. KMS Grants
B. KMS Key Policies
C. KMS Data Encryption Keys
D. KMS CMK Principal delegation

27. You are a cloud support engineer for a large retail organization, and your security and compliance team has expressed the requirement of a configuration management solution in your AWS environment. You have suggested that AWS Config would be the best solution to meet all requirements. What two features does AWS Config provide as a benefit to configuration management solution? (Choose 2)

A. Automatic deployment of patch fixes
B. IAM permission summaries
C. Identify cost savings through best practices
D. History of configurational changes
E. Compliance checks

28. As a solutions architect you are looking for a service that can act as a lightning fast in-memory data store, you settle on AWS Elasticache but are unsure about which engine to use, Memcached or Redis.  You decide to go with Redis as it offers a richer set of features. Which features below does Redis offer that Memcached does not? (Choose 3)

A. Data partitioning
B. Replication
C. Snapshots
D. Sum-millisecond latency
E. Advanced data structures

29. Select the features which best describe the Simple Queue Service FIFO queues over standard queues. (Choose 3)

A. Exactly-once processing
B. At-least-once delivery
C. Best-effort ordering
D. First In First Out delivery
E. 300 transaction per second (TPS)

30. Which of the following services does CloudFormation not support?

A. AWS CloudTrail
B. Amazon CloudWatch
C. Amazon Glacier
D. Amazon EBS

31. As a part of designing your new application uses best practices of a decoupled environment you have implement SQS to manage messages between multiple AWS services.  In addition to your standard and FIFO queues, you decide that implement dead letter queues are a good idea. What benefits do dead letter queues provide? (Choose 2)
32. One of your S3 bucket policies has the following entry:

{
 "Version": "2012-10-17",
"Id": "S3BucketPolicy",
 "Statement": [
   {
     "Sid": "IPAddress",
     "Effect": "Allow",
     "Principal": "*",
     "Action": "s3:*",
     "Resource": "arn:aws:s3:::packtbucket/*",
     "Condition": {
        "IpAddress": {"aws:SourceIp": "54.240.143.0/24"},
        "NotIpAddress": {"aws:SourceIp": "54.240.143.188/32"}
     }
   }
 ]
}

Which statement is true about the bucket policy?

A. Access is allowed to all S3 buckets in the account with a source IP address of 54.240.143.188/32
B. Access is allowed to the packtbucket as long as the source IP address is 54.240.143.188/32
C. Access is allowed to all buckets for all IP addresses within the subnet of 54.240.143.0/24 except 54.240.143.188/32
D. Access is allowed to the packtbucket for all IP addresses within the subnet of 54.240.143.0/24 except 54.240.143.188/32
E. Access is allowed for the IAM principal account to the packtbucket if its source IP address is 54.240.143.0/24

33. Which of the following statements relating to security groups is incorrect?

A. They are stateful by design
B. You are able to explicitly deny traffic that meets specific rules
C. They offer security at the instance level
D. All rules are read before an action is taken

34. You have designed a multi VPC configuration for your organization to operate different services. However, you need some EC2 instances to communicate with each other between the VPCs. VPC Peering will enable this functionality, however, what important factors do you need to consider when configuring the connectivity. (Choose 2)

A. The EC2 instance types need to be within the same family for EC2 peering
B. The VPC CIDR Blocks of each VPC need to be the same size
C. The VPC CIDR Blocks of each VPC can't overlap

D. Both VPCs need to have public subnets to allow the connectivity
E. Security groups of the EC2 instances need to be updated to allow access

35. Working as the security administrator of your AWS Account for an AI and robotics organization, you want to grant access for the development to be able to administer and manage AWS resources programmatically through SDKs, REST, and Query API operations. What should you configure within IAM to allows these user to carry out this task?

A. Issues access keys to each IAM user
B. Issue Key Pairs to each IAM user
C. Configure the IAM users for MFA access
D. Add an inline policy for each IAM user granting programmatic access

36. Your team need to have programmatic access to AWS through the AWS CLI. You have contacted your IAM administrator and they have issued access keys to all the users. What command needs to be run on their client to set up the AWS CLI with the corresponding access keys?

A. AWS Setup
B. AWS CLI Configure
C. AWS CLI Setup
D. AWS Configure
E. AWS Configure Setup

37. An incident occurs against one of your applications, immediately you use CloudTrail to help you identify who or what was happening at the time of the incident. However, you can’t find any log information at the time of the incident. Which statement is correct regarding AWS CloudTrails log files?

A. Log files are delivered by CloudTrail to S3 within 24 hours of an API call
B. Log files are delivered by CloudTrail to S3 within 1 hour of an API call
C. Log files are delivered by CloudTrail to S3 within 30 minutes of an API call
D. Log files are delivered by CloudTrail to S3 within 15 minutes of an API call

38. You are looking to implement an element of automation within your AWS environment for your web infrastructure to ensure specific standards and compliance are met from both internal and external governance controls. You want to ensure that all EBS volumes deployed are encrypted and that you are only using specific instance types. If EBS volumes are deployed without encryption or the wrong instance type is used, you want to be automatically notified. What service would you use to implement the compliance requirements?

A. AWS CloudTrail
B. AWS CloudFormation
C. AWS Config
D. AWS Systems Manager
E. AWS Trusted Advisor

39. You have decided to use an AWS VPN to connect your AWS environment to your corporate network via a customer gateway with two tunnels. For DR purposes and resiliency you have configured a second customer gateway in case the first customer gateway fails. What statement is false when configuring customer gateways?

A. You must update your routing tables for your subnets
B. Specify the routing type required, either static or dynamic
C. The IP address associated to the customer gateway needs to be private
D. Enable route propagation

40. Working for a large financial organization, encryption of data is key. KMS is heavily within your environment and you have set up access controls to allow certain users to access specific CMKs. You want to use IAM to control these permissions rather than key policies in KMS. What statement needs to be added to you CMK key policy to enable you to perform these actions?

A.

{
 "Sid": "Enable IAM User Permissions",
 "Effect": "Allow",
 "Principal": {"AWS": "arn:aws:iam::123456789123:root"},
 "Action": "kms:*",
 "Resource": "*"
}

B.

{
 "Sid": "Enable IAM User Permissions",
 "Effect": "Deny",
 "Principal": {"AWS": "arn:aws:iam::123456789123:root"},
 "Action": "kms:*",
 "Resource": "*"
}

C.

{
 "Sid": "Enable IAM User Permissions",
 "Effect": "Allow",
 "Principal": {"AWS": "arn:aws:iam::123456789123:IAM"},
 "Action": "kms:*",
 "Resource": "*"
}

D.

{
 "Sid": "Enable IAM User Permissions",
 "Effect": "Allow",
 "Principal": {"AWS": "arn:aws:iam::123456789123:root"},
 "Action": "kms:decrypt",
 "Resource": "*"
}

41. To help manage resource with demand for your web application you have implemented an internet facing elastic load balancer and Auto Scaling across your EC2 fleet within your VPC. The VPC configuration consists of 1 public subnet and 2 private subnets. Your EC2 fleet resides within the public subnet. Which statement is false relating to the ELB in this scenario?

A. The ELB must reside in the public subnet
B. The ELB and all the EC2 fleet should be in the same subnet
C. The ELB should have a route to the internet gateway
D. The ELB can detect unhealthy targets

42. Your client is experiencing issues with his resources not being able to quickly meet the demand of traffic. You have explained that configuring Auto Scaling and ELB will help to resolve their issues. What elements of Auto Scaling need to be configured? (Choose 3)

A. Scaling Policy
B. Launch Configuration
C. Auto Scaling Group
D. Scaling Permissions
E. Launch Policy

43. You are using EBS volumes as block storage for your EC2 fleets across your VPC which spans multiple AZs. To resolve an ongoing incident you need to detach an EBS volume from an instance in AZ-1 and reattach it to an instance in AZ-2. What is the best method to achieve this outcome?

A. Stop both instances in AZ-1 and AZ-2. Detach the EBS volume from the instance in AZ-1. Reattach the EBS volume to the instance in AZ-2
B. Stop the instance in AZ-1. Create a snapshot of the EBS volume. Create a new instance from the snapshot in AZ-2
C. Stop the instance in AZ-1. Create a snapshot of the EBS volume. Create a new volume from the snapshot in AZ-2. Attach to the instance in AZ-2
D. Create a new EBS volume in AZ-2 pointing to the target EBS volume in AZ-1. Attach the new EBS volume to the instance in AZ-2

44. Which features do the Application load balancer and Network load balancer have that the Class load balancer does not? (Select 3)

A. Health Checks
B. Load Balancing to multiple ports on the same instance
C. CloudWatch Metrics
D. IP address as targets
E. Load balancer deletion protection

45. What is the default limit of reserved Elasticache nodes that you can have without having to contact AWS Support to request an increase?

A. 10
B. 20
C. 30
D. 40

46. You work for a large enterprise that requires hundreds of users to gain access to the AWS Management console. As the solution architect, you propose the quickest and best approach to allow authentication for that many users would be to use SSO with SAML 2.0 based federation using your MS Active Directory server. Before federated access can be configured, what must be in place first?

A. A trust between your organisation Idp and AWS
B. The configuration of the Security Token Service (STS)
C. A role with associated permissions
D. Imported user accounts from the MS AD server to IAM
E. MFA activation on all IAM accounts

47. When IAM evaluates policies it follows specific logic to ascertain the permissions allowed. Which of the following statements is false?

A. The order in which the policies are evaluated is not important
B. All IAM users have a default access to deny except the root account
C. An explicit allow overrides any default denies
D. An explicit deny will be overridden by an explicit allow

48. To increase the high availability of your RDS databases you decide to implement Multi-AZ for your MySQL databases. What prerequisites need to be in place before you can configure and setup Multi-AZ for these databases? (Choose 2)

A. All I/O operations on the MySQL DB need to be stopped
B. The source DB must be running MySQL 5.6 or later
C. The retention value of the automatic backups needs to set to a value of 1 or more
D. You must be running the MyISAM storage engine
E. You must assign an IAM role to the standby DB instance

49. You are running a DynamoDB database when you start to receive 400 error codes, what could be the cause of the issue?

A. The request has failed due to a temporary failure of the server
B. The request processing has failed because of an unknown error, exception or failure.
C. The query string contains a syntax error.
D. Read or write requests have exceeded the provisioned throughput for the table, therefore throttling the requests

50. Within your AWS environment, you are using IAM roles attached to EC2 instances for best practice security. A new administrator who manages your IAM controls deleted a number of IAM roles believed to be not in use. However, one of these roles was associated to some of your EC2 instances. What effect does this have on the EC2 instances that have associations with that role?

A. The EC2 instance continues to operate as normal as the role is attached to the EC2 instance itself
B. The EC2 instance no longer has access to any resources that the role permitted
C. The EC2 instance automatically restarts in an attempt to reassociate the IAM role
D. The EC2 instance adopts the role of another EC2 instance in the same security group

51. Your organization has over 500 EC2 instances and in an effort to reduce the time it takes to coordinate and manage patch and maintenance updates for your instances you decide to use the Patch Manager feature from which AWS service?

A. AWS Systems Manager
B. Amazon EC2
C. AWS Service Catalog
D. AWS OpsWorks

52. Can 2 or more EC2 instances be attached to the same the EBS volume in the same availability zone?

A. Only when the EC2 instances are of the same type
B. No, only 1 EC2 instance can attach to a single EBS volume
C. Only if the EC2 instances reside on the same dedicated host
D. No, the instances have to be in a different AZs to connect to the same EBS volume

53. You have a configured an Amazon S3 bucket for website hosting to store a static website and you want to use Route53 to route traffic to that website, however, the name of the bucket does not appear in the alias target list. What could be the likely cause of this issue?

A. You have configured the bucket in a region not supported by Route 53
B. The Route 53 health check has failed for the S3 bucket
C. The bucket name must exactly match the name of the record in Route 53
D. You do not have the relevant permissions to modify Route 53 recordsets

54. When using Route 53, what do you need to configure to route end users’ requests to one of your application’s endpoints?

A. A Traffic Policy
B. A Policy Record
C. A Hosted Zone
D. Latency Based Routing (LBR)

55. You have a fleet of EC2 instances across 3 AZ’s within a single region. You decide to use Auto Scaling to help balance the traffic based on a single scaling adjustment. Which scaling policy types best suits this requirement?

A. Target Tracking Scaling
B. Step Scaling
C. Simple Scaling
D. Metric-based scaling

56. You have been asked by a customer to use a specific AMI when configuring their Auto Scaling solution for their EC2 fleet. In which element of Auto Scaling do you set the AMI selection?

A. Scaling Policy
B. Launch Configuration
C. Launch Policy
D. Scaling Permissions
E. Auto Scaling Group

57. Which EC2 instance family is best suited to deliver a balance of compute, memory, and networking resources, and can be used for a variety of workloads?

A. General Purpose
B. Storage Optimized
C. Compute Optimized
D. Memory Optimized

58. What component of Amazon CloudWatch allows you to monitor and troubleshoot your applications using custom log files?

A. CloudWatch Alarms
B. CloudWatch Metrics
C. CloudWatch Graphed Metrics
D. CloudWatch Logs

59. What are the three different states of a CloudWatch Alarm? (Choose 3)

A. Off
B. OK
C. On
D. Alarm
E. Insufficient_Data
F. Error

60. You have just finished setting up a number of alarms within Amazon CloudWatch, however, when reviewing them you notice that the last alarm you created has a status of INSUFFICIENT_DATA. What is the most likely cause of this state?

A. The alarm was configured incorrectly and is unable to determine the result
B. You do not have access to view the status of the Alarm
C. The Alarm has just started so it doesn’t have enough information to determine the state of the alarm
D. The metric is outside of the defined threshold

61. You have designed a new mobile app that that sends notification to end users regarding leaderboard information and when new releases are becoming available. Which service can help you implement this solution?

A. S3
B. EMR
C. Redshift
D. SNS
E. Storage Gateway

62. You operations support team wants to be notified every time an EC2 instance is started to terminated within your Auto Scaling solution. Is this feature available within the configuration of Auto Scaling?

A. No, Auto Scaling does not provide any means of notification
B. Yes, if you configure SNS within the Auto Scaling group
C. No, you will need to configure SNS outside of the Auto Scaling group based on AS metrics
D. Yes, this is configured by default for all Auto Scaling groups

63. As a part of your organization's disaster recovery and business continuity you are looking for a solution that will backup your on-premise data to AWS while ensuring the same data remains on your local storage volumes within your data center for low latency access. You look at the Storage Gateway service as a solution, which option would be best suited for your requirements?

A. Cached volume gateways
B. Gateway VTL
C. Stored Volume Gateways
D. File Gateway

64. By default, CloudTrail logs that are stored on S3 are encrypted. Which method of encryption is selected by default?

A. SSE-KMS
B. CSE-KMS
C. SSE-S3
D. SSE-C
E. CSE-C

65. Which of the following is NOT a regional component of the AWS global infrastructure?

A. Edge Location
B. Availability Zone
C. Region
D. Landing Zone
E. Regional Edge Caches