AWS Certified Cloud Practitioner - (CLF-C02) Exam Questions
Total Questions
Last Updated
1st Try Guaranteed
Experts Verified
Question 11 Single Choice
The DevOps team at an IT company is moving 500 GB of data from an EC2 instance to an S3 bucket in the same region. Which of the following scenario captures the correct charges for this data transfer?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
The company would not be charged for this data transfer
There are three fundamental drivers of cost with AWS: compute, storage, and outbound data transfer. In most cases, there is no charge for inbound data transfer or data transfer between other AWS services within the same region. Outbound data transfer is aggregated across services and then charged at the outbound data transfer rate.
Per AWS pricing, data transfer between S3 and EC2 instances within the same region is not charged, so there would be no data transfer charge for moving 500 GB of data from an EC2 instance to an S3 bucket in the same region.
Incorrect options:
The company would only be charged for the outbound data transfer from EC2 instance
The company would only be charged for the inbound data transfer into the S3 bucket
The company would be charged for both the outbound data transfer from EC2 instance as well as the inbound data transfer into the S3 bucket
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
References:
https://aws.amazon.com/s3/pricing/
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
Explanation
Correct option:
The company would not be charged for this data transfer
There are three fundamental drivers of cost with AWS: compute, storage, and outbound data transfer. In most cases, there is no charge for inbound data transfer or data transfer between other AWS services within the same region. Outbound data transfer is aggregated across services and then charged at the outbound data transfer rate.
Per AWS pricing, data transfer between S3 and EC2 instances within the same region is not charged, so there would be no data transfer charge for moving 500 GB of data from an EC2 instance to an S3 bucket in the same region.
Incorrect options:
The company would only be charged for the outbound data transfer from EC2 instance
The company would only be charged for the inbound data transfer into the S3 bucket
The company would be charged for both the outbound data transfer from EC2 instance as well as the inbound data transfer into the S3 bucket
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
References:
https://aws.amazon.com/s3/pricing/
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
Question 12 Single Choice
A web application stores all of its data on Amazon S3 buckets. A client has mandated that data be encrypted before sending it to Amazon S3.
Which of the following is the right technique for encrypting data as needed by the customer?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
Enable client-side encryption using AWS encryption SDK
The act of encrypting data before sending it to Amazon S3 is termed as client-side encryption. The AWS encryption SDK is a client-side encryption library that is separate from the language–specific SDKs. You can use this encryption library to more easily implement encryption best practices in Amazon S3. Unlike the Amazon S3 encryption clients in the language–specific AWS SDKs, the AWS encryption SDK is not tied to Amazon S3 and can be used to encrypt or decrypt data to be stored anywhere.
Incorrect options:
Enable server-side encryption with Amazon S3 Managed Keys (SSE-S3) - When you use server-side encryption with Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key. As an additional safeguard, it encrypts the key itself with a root key that it regularly rotates.
Enable server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) - Server-side encryption with AWS KMS keys (SSE-KMS) is similar to SSE-S3, but with some additional benefits and charges for using this service. There are separate permissions for the use of a KMS key that provides added protection against unauthorized access of your objects in Amazon S3. SSE-KMS also provides you with an audit trail that shows when your KMS key was used and by whom.
Server-side encryption is the encryption of data at its destination by the application or service that receives it. Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. Hence, server-side encryption is not the right answer for the current scenario. So both these options are incorrect.
Encryption is enabled by default for all the objects written to Amazon S3. Additional configuration is not required - Although it's correct that encryption is enabled by default for all the objects written to Amazon S3, however, the given use case mandates that data be encrypted before sending it to Amazon S3, which cannot be accomplished with the given option. So this option is incorrect.
References:
https://docs.aws.amazon.com/en_us/AmazonS3/latest/userguide/UsingClientSideEncryption.html
https://docs.aws.amazon.com/en_us/AmazonS3/latest/userguide/serv-side-encryption.html
Explanation
Correct option:
Enable client-side encryption using AWS encryption SDK
The act of encrypting data before sending it to Amazon S3 is termed as client-side encryption. The AWS encryption SDK is a client-side encryption library that is separate from the language–specific SDKs. You can use this encryption library to more easily implement encryption best practices in Amazon S3. Unlike the Amazon S3 encryption clients in the language–specific AWS SDKs, the AWS encryption SDK is not tied to Amazon S3 and can be used to encrypt or decrypt data to be stored anywhere.
Incorrect options:
Enable server-side encryption with Amazon S3 Managed Keys (SSE-S3) - When you use server-side encryption with Amazon S3-Managed Keys (SSE-S3), each object is encrypted with a unique key. As an additional safeguard, it encrypts the key itself with a root key that it regularly rotates.
Enable server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) - Server-side encryption with AWS KMS keys (SSE-KMS) is similar to SSE-S3, but with some additional benefits and charges for using this service. There are separate permissions for the use of a KMS key that provides added protection against unauthorized access of your objects in Amazon S3. SSE-KMS also provides you with an audit trail that shows when your KMS key was used and by whom.
Server-side encryption is the encryption of data at its destination by the application or service that receives it. Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. Hence, server-side encryption is not the right answer for the current scenario. So both these options are incorrect.
Encryption is enabled by default for all the objects written to Amazon S3. Additional configuration is not required - Although it's correct that encryption is enabled by default for all the objects written to Amazon S3, however, the given use case mandates that data be encrypted before sending it to Amazon S3, which cannot be accomplished with the given option. So this option is incorrect.
References:
https://docs.aws.amazon.com/en_us/AmazonS3/latest/userguide/UsingClientSideEncryption.html
https://docs.aws.amazon.com/en_us/AmazonS3/latest/userguide/serv-side-encryption.html
Question 13 Single Choice
A startup wants to provision an EC2 instance for the lowest possible cost for a long-term duration but needs to make sure that the instance would never be interrupted. As a Cloud Practitioner, which of the following options would you recommend?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
EC2 Reserved Instance (RI)
An EC2 Reserved Instance (RI) provides you with significant savings (up to 75%) on your Amazon EC2 costs compared to On-Demand Instance pricing. A Reserved Instance (RI) is not a physical instance, but rather a billing discount applied to the use of On-Demand Instances in your account. You can purchase a Reserved Instance (RI) for a one-year or three-year commitment, with the three-year commitment offering a bigger discount. A reserved instance (RI) cannot be interrupted. So this is the correct option.
EC2 Pricing Options Overview: 
via - https://aws.amazon.com/ec2/pricing/
Incorrect options:
EC2 On-Demand Instance - An EC2 On-Demand Instance is an instance that you use on-demand. You have full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it. There is no long-term commitment required when you purchase On-Demand Instances. There is no upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted. However, On-demand instances are not as cost-effective as Reserved instances, so this option is not correct.
EC2 Spot Instance - An EC2 Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts (up to 90%), you can lower your Amazon EC2 costs significantly. Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. These can be terminated at short notice, so these are not suitable for critical workloads that need to run at a specific point in time. So this option is not correct for the given use-case.
EC2 Dedicated Host - An Amazon EC2 Dedicated Host allows you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirement. It is not cost-efficient compared to an On-Demand instance. So this option is not correct.
Reference:
Explanation
Correct option:
EC2 Reserved Instance (RI)
An EC2 Reserved Instance (RI) provides you with significant savings (up to 75%) on your Amazon EC2 costs compared to On-Demand Instance pricing. A Reserved Instance (RI) is not a physical instance, but rather a billing discount applied to the use of On-Demand Instances in your account. You can purchase a Reserved Instance (RI) for a one-year or three-year commitment, with the three-year commitment offering a bigger discount. A reserved instance (RI) cannot be interrupted. So this is the correct option.
EC2 Pricing Options Overview: via - https://aws.amazon.com/ec2/pricing/
Incorrect options:
EC2 On-Demand Instance - An EC2 On-Demand Instance is an instance that you use on-demand. You have full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it. There is no long-term commitment required when you purchase On-Demand Instances. There is no upfront payment and you pay only for the seconds that your On-Demand Instances are running. The price per second for running an On-Demand Instance is fixed. On-demand instances cannot be interrupted. However, On-demand instances are not as cost-effective as Reserved instances, so this option is not correct.
EC2 Spot Instance - An EC2 Spot Instance is an unused EC2 instance that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts (up to 90%), you can lower your Amazon EC2 costs significantly. Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. These can be terminated at short notice, so these are not suitable for critical workloads that need to run at a specific point in time. So this option is not correct for the given use-case.
EC2 Dedicated Host - An Amazon EC2 Dedicated Host allows you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirement. It is not cost-efficient compared to an On-Demand instance. So this option is not correct.
Reference:
Question 14 Multiple Choice
A startup wants to migrate its data and applications from the on-premises data center to AWS Cloud. Which of the following options can be used by the startup to help with this migration? (Select two)
Explanation
Click "Show Answer" to see the explanation here
Correct options:
Leverage AWS Professional Services to accelerate the infrastructure migration
The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. AWS Professional Services consultants can supplement your team with specialized skills and experience that can help you achieve quick results. Therefore, leveraging AWS Professional Services can accelerate the infrastructure migration for the startup.
Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. The startup can work with experts from APN to build a custom solution for this infrastructure migration.
Incorrect options:
Raise a support ticket with AWS Support for further assistance - AWS Support cannot help with complex infrastructure migration of this nature. Hence this option is incorrect.
Consult moderators on AWS Developer Forums - This is a made-up option and has been added as a distractor.
Use AWS Trusted Advisor to automate the infrastructure migration - AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Trusted Advisor cannot automate the infrastructure migration.
References:
https://aws.amazon.com/partners/
https://aws.amazon.com/professional-services/
https://aws.amazon.com/solutions/implementations/aws-landing-zone/
Explanation
Correct options:
Leverage AWS Professional Services to accelerate the infrastructure migration
The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. AWS Professional Services consultants can supplement your team with specialized skills and experience that can help you achieve quick results. Therefore, leveraging AWS Professional Services can accelerate the infrastructure migration for the startup.
Utilize AWS Partner Network (APN) to build a custom solution for this infrastructure migration
The AWS Partner Network (APN) is the global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. The startup can work with experts from APN to build a custom solution for this infrastructure migration.
Incorrect options:
Raise a support ticket with AWS Support for further assistance - AWS Support cannot help with complex infrastructure migration of this nature. Hence this option is incorrect.
Consult moderators on AWS Developer Forums - This is a made-up option and has been added as a distractor.
Use AWS Trusted Advisor to automate the infrastructure migration - AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Trusted Advisor cannot automate the infrastructure migration.
References:
https://aws.amazon.com/partners/
https://aws.amazon.com/professional-services/
https://aws.amazon.com/solutions/implementations/aws-landing-zone/
Question 15 Multiple Choice
Which AWS services can be used to decouple components of a microservices based application on AWS Cloud? (Select two)
Explanation
Click "Show Answer" to see the explanation here
Correct options:
Amazon Simple Queue Service (SQS)
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.
Amazon Simple Notification Service (SNS)
Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan-out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.
Therefore, both SNS and SQS can be used to decouple components of a microservices-based application.
Please review this reference architecture for building a decoupled order processing system using SNS and SQS: 
via - https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and-amazon-sns/
Incorrect options:
Amazon Elastic Compute Cloud (Amazon EC2) - Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud with support for per-second billing. It is the easiest way to provision servers on AWS Cloud and access the underlying OS. EC2 cannot be used to decouple components of a microservices-based application.
AWS Lambda - AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. Lambda cannot be used to decouple components of a microservices-based application.
AWS Step Functions - AWS Step Functions lets you coordinate multiple AWS services into serverless workflows. You can design and run workflows that stitch together services such as AWS Lambda, AWS Glue and Amazon SageMaker. AWS Step Functions cannot be used to decouple components of a microservices-based application.
Reference:
Explanation
Correct options:
Amazon Simple Queue Service (SQS)
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.
Amazon Simple Notification Service (SNS)
Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. Using Amazon SNS topics, your publisher systems can fan-out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.
Therefore, both SNS and SQS can be used to decouple components of a microservices-based application.
Please review this reference architecture for building a decoupled order processing system using SNS and SQS: via - https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and-amazon-sns/
Incorrect options:
Amazon Elastic Compute Cloud (Amazon EC2) - Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud with support for per-second billing. It is the easiest way to provision servers on AWS Cloud and access the underlying OS. EC2 cannot be used to decouple components of a microservices-based application.
AWS Lambda - AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. Lambda cannot be used to decouple components of a microservices-based application.
AWS Step Functions - AWS Step Functions lets you coordinate multiple AWS services into serverless workflows. You can design and run workflows that stitch together services such as AWS Lambda, AWS Glue and Amazon SageMaker. AWS Step Functions cannot be used to decouple components of a microservices-based application.
Reference:
Question 16 Multiple Choice
An organization needs to securely access AWS services and establish private connectivity between its Virtual Private Clouds (VPCs) and supported AWS services without using the public internet. Which AWS services can meet this requirement? (Select two)
Explanation
Click "Show Answer" to see the explanation here
Correct options:
AWS PrivateLink
AWS PrivateLink enables private connectivity between VPCs and supported AWS services without traffic traversing the public internet. It ensures secure communication for applications and services.
In the following diagram, the VPC on the left has several Amazon EC2 instances in a private subnet and five VPC endpoints - three interface VPC endpoints, a resource VPC endpoint and a service-network VPC endpoint. The first interface VPC endpoint connects to an AWS service. The second interface VPC endpoint connects to a service hosted by another AWS account (a VPC endpoint service). The third interface VPC endpoint connects to an AWS Marketplace partner service. The resource VPC endpoint connects to a database. The service network VPC endpoint connects to a service network.
via - https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html
AWS Transit Gateway
AWS Transit Gateway is a highly scalable service that connects multiple VPCs and on-premises networks through a central hub. It facilitates secure, private connectivity between VPCs and supported services without using the public internet.
Transit Gateway enables customers to connect thousands of VPCs. You can attach all your hybrid connectivity (VPN and Direct Connect connections) to a single gateway, consolidating and controlling your organization's entire AWS routing configuration in one place (refer to the following figure). Transit Gateway controls how traffic is routed among all the connected spoke networks using route tables. This hub-and-spoke model simplifies management and reduces operational costs because VPCs only connect to the Transit Gateway instance to gain access to the connected networks.
via - Incorrect options:
Amazon Inspector - Amazon Inspector is a security tool that assesses applications for vulnerabilities and deviations from best practices. It does not facilitate private connectivity between VPCs or AWS services.
Amazon Connect - Amazon Connect is a contact center service designed to facilitate customer communication. It does not provide private networking capabilities.
AWS Internet Gateway - AWS Internet Gateway is designed for internet connectivity, allowing VPC resources to communicate with the public internet. This contradicts the requirement to avoid using the public internet for connectivity.
References:
https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html
https://docs.aws.amazon.com/vpc/latest/privatelink/concepts.html
Explanation
Correct options:
AWS PrivateLink
AWS PrivateLink enables private connectivity between VPCs and supported AWS services without traffic traversing the public internet. It ensures secure communication for applications and services.
In the following diagram, the VPC on the left has several Amazon EC2 instances in a private subnet and five VPC endpoints - three interface VPC endpoints, a resource VPC endpoint and a service-network VPC endpoint. The first interface VPC endpoint connects to an AWS service. The second interface VPC endpoint connects to a service hosted by another AWS account (a VPC endpoint service). The third interface VPC endpoint connects to an AWS Marketplace partner service. The resource VPC endpoint connects to a database. The service network VPC endpoint connects to a service network.
via - https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html
AWS Transit Gateway
AWS Transit Gateway is a highly scalable service that connects multiple VPCs and on-premises networks through a central hub. It facilitates secure, private connectivity between VPCs and supported services without using the public internet.
Transit Gateway enables customers to connect thousands of VPCs. You can attach all your hybrid connectivity (VPN and Direct Connect connections) to a single gateway, consolidating and controlling your organization's entire AWS routing configuration in one place (refer to the following figure). Transit Gateway controls how traffic is routed among all the connected spoke networks using route tables. This hub-and-spoke model simplifies management and reduces operational costs because VPCs only connect to the Transit Gateway instance to gain access to the connected networks.
Incorrect options:
Amazon Inspector - Amazon Inspector is a security tool that assesses applications for vulnerabilities and deviations from best practices. It does not facilitate private connectivity between VPCs or AWS services.
Amazon Connect - Amazon Connect is a contact center service designed to facilitate customer communication. It does not provide private networking capabilities.
AWS Internet Gateway - AWS Internet Gateway is designed for internet connectivity, allowing VPC resources to communicate with the public internet. This contradicts the requirement to avoid using the public internet for connectivity.
References:
https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html
https://docs.aws.amazon.com/vpc/latest/privatelink/concepts.html
Question 17 Single Choice
An intern at an IT company provisioned a Linux based On-demand EC2 instance with per-second billing but terminated it within 30 seconds as he wanted to provision another instance type. What is the duration for which the instance would be charged?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
60 seconds
There is a one-minute minimum charge for Linux based EC2 instances, so this is the correct option.
Incorrect options:
30 seconds
300 seconds
600 seconds
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
Reference:
https://aws.amazon.com/blogs/aws/new-per-second-billing-for-ec2-instances-and-ebs-volumes/
Explanation
Correct option:
60 seconds
There is a one-minute minimum charge for Linux based EC2 instances, so this is the correct option.
Incorrect options:
30 seconds
300 seconds
600 seconds
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
Reference:
https://aws.amazon.com/blogs/aws/new-per-second-billing-for-ec2-instances-and-ebs-volumes/
Question 18 Single Choice
A cyber forensics team has detected that AWS owned IP-addresses are being used to carry out malicious attacks. As this constitutes prohibited use of AWS services, which of the following is the correct solution to address this issue?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
Contact AWS Abuse Team
The AWS Abuse team can assist you when AWS resources are used to engage in abusive behavior.
Please see details of the various scenarios that the AWS Abuse team can address: 
via - https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/
Incorrect options:
Contact AWS Support - You need to contact the AWS Abuse team for prohibited use of AWS services.
Contact AWS Developer Forum moderators - You need to contact the AWS Abuse team for prohibited use of AWS services.
Write an email to Jeff Bezos, the founder of Amazon, with the details of the incident - This has been added as a distractor. For the record, please let us know if you do get a reply from Mr. Bezos.
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/
Explanation
Correct option:
Contact AWS Abuse Team
The AWS Abuse team can assist you when AWS resources are used to engage in abusive behavior.
Please see details of the various scenarios that the AWS Abuse team can address: via - https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/
Incorrect options:
Contact AWS Support - You need to contact the AWS Abuse team for prohibited use of AWS services.
Contact AWS Developer Forum moderators - You need to contact the AWS Abuse team for prohibited use of AWS services.
Write an email to Jeff Bezos, the founder of Amazon, with the details of the incident - This has been added as a distractor. For the record, please let us know if you do get a reply from Mr. Bezos.
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/
Question 19 Single Choice
Which AWS Route 53 routing policy would you use to route traffic to multiple resources and also choose how much traffic is routed to each resource?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
Weighted routing
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
Weighted routing lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software. To configure weighted routing, you create records that have the same name and type for each of your resources. You assign each record a relative weight that corresponds with how much traffic you want to send to each resource. Amazon Route 53 sends traffic to a resource based on the weight that you assign to the record as a proportion of the total weight for all records in the group.
Route 53 Routing Policy Overview: 
via - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
Incorrect options:
Failover routing - This routing policy is used when you want to configure active-passive failover.
Simple routing - With simple routing, you typically route traffic to a single resource, for example, to a web server for your website.
latency-based routing - This routing policy is used when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.
Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
Explanation
Correct option:
Weighted routing
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.
Weighted routing lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software. To configure weighted routing, you create records that have the same name and type for each of your resources. You assign each record a relative weight that corresponds with how much traffic you want to send to each resource. Amazon Route 53 sends traffic to a resource based on the weight that you assign to the record as a proportion of the total weight for all records in the group.
Route 53 Routing Policy Overview: via - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
Incorrect options:
Failover routing - This routing policy is used when you want to configure active-passive failover.
Simple routing - With simple routing, you typically route traffic to a single resource, for example, to a web server for your website.
latency-based routing - This routing policy is used when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.
Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
Question 20 Single Choice
Which of the following is the MOST cost-effective option to purchase an EC2 Reserved Instance (RI)?
Explanation
Click "Show Answer" to see the explanation here
Correct option:
Partial upfront payment option with standard 3-years term
You can use Amazon EC2 Reserved Instances (RI) to reserve capacity and receive a discount on your instance usage compared to running On-Demand instances. The discounted usage price is reserved for the duration of your contract, allowing you to predict compute costs over the term of the Reserved Instance (RI).
Please review this pricing comparison for EC2 Reserved Instances (RI): 
via - https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
So the percentage savings for each option is as follows:
"No upfront payment option with the standard 1-year term" - 36%
"All upfront payment option with the standard 1-year term" - 40%
"No upfront payment option with the standard 3-years term" - 56%
"Partial upfront payment option with the standard 3-years term" - 59%
Exam Alert:
For the exam, there is no need to memorize these savings numbers. All you need to remember is that a 3 years term would always be more cost-effective than a 1-year term. Then within a term, "all upfront" is better than "partial upfront" which in turn is better than "no upfront" from a cost savings perspective.
Incorrect options:
All upfront payment option with the standard 1-year term
No upfront payment option with standard 1-year term
No upfront payment option with standard 3-years term
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
Reference:
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
Explanation
Correct option:
Partial upfront payment option with standard 3-years term
You can use Amazon EC2 Reserved Instances (RI) to reserve capacity and receive a discount on your instance usage compared to running On-Demand instances. The discounted usage price is reserved for the duration of your contract, allowing you to predict compute costs over the term of the Reserved Instance (RI).
Please review this pricing comparison for EC2 Reserved Instances (RI): via - https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
So the percentage savings for each option is as follows:
"No upfront payment option with the standard 1-year term" - 36%
"All upfront payment option with the standard 1-year term" - 40%
"No upfront payment option with the standard 3-years term" - 56%
"Partial upfront payment option with the standard 3-years term" - 59%
Exam Alert:
For the exam, there is no need to memorize these savings numbers. All you need to remember is that a 3 years term would always be more cost-effective than a 1-year term. Then within a term, "all upfront" is better than "partial upfront" which in turn is better than "no upfront" from a cost savings perspective.
Incorrect options:
All upfront payment option with the standard 1-year term
No upfront payment option with standard 1-year term
No upfront payment option with standard 3-years term
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
Reference:
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
