WGU Cloud Deployment and Operations Exam Questions Instant Access

Question 1

(Which two retention periods are supported by Performance Insights? Choose 2 answers.)

A1 day

B7 days

C1 year

D2 years

Answer : B, C

Amazon RDS Performance Insights supports retention periods of 7 days and 1 year for storing performance data, depending on the configuration and edition. The default retention is 7 days for standard monitoring, while enabling enhanced monitoring or the Performance Insights extended retention feature allows data to be retained for up to 1 year. The WGU Cloud Deployment and Operations Study Guide (Section 7.2, Performance Insights) states, 'Performance Insights offers a 7-day retention period by default, with an option to extend to 1 year for detailed historical analysis, supporting cost and performance optimization.' Options A (1 day) and D (2 years) are not supported retention periods.

Question 2

(Which AWS solution can send email based on CloudWatch alarms?)

ASimple Queue Service (SQS)

BSimple Notification Service (SNS)

CAmplify

DKinesis

Answer : B

Amazon CloudWatch alarms can trigger notifications when a metric breaches a defined threshold. The AWS solution designed to send emails based on these alarms is Amazon Simple Notification Service (SNS). SNS supports sending notifications via email, SMS, and other protocols when subscribed endpoints are triggered by CloudWatch alarms. The WGU Cloud Deployment and Operations Study Guide (Section 4.3, Monitoring and Alarms) states that SNS is the primary service for delivering notifications from CloudWatch, allowing users to configure email subscriptions for alarm states. Other options like SQS, Amplify, and Kinesis are not designed for this purpose.

Question 3

(An administrator needs to deploy a NAT gateway in an existing VPC subnet. Which two tasks should this administrator perform during deployment? Choose 2 answers.)

AConfigure the route table associated with the subnet

BAssign a private IP address to the NAT gateway

CConfigure the access control list associated with the subnet

DAssign an elastic IP address to the NAT gateway

Answer : A, D

To deploy a NAT gateway in an existing VPC subnet, the administrator must assign an elastic IP address to the NAT gateway for public internet access and configure the route table associated with the subnet to route traffic through the NAT gateway. The WGU Cloud Deployment and Operations Study Guide (Section 3.2, NAT Gateway) states, 'Deployment of a NAT gateway requires an elastic IP address for outbound internet connectivity and a route table update to direct private subnet traffic to the NAT gateway (e.g., 0.0.0.0/0 via NAT).' Private IP assignment and ACL configuration are not required steps.

Question 4

(A company uses SQS and EC2 to convert videos uploaded by users. In the evenings, videos take several hours to convert when they normally take minutes. The user base is expected to grow a hundredfold in the next 12 months. Which solution should be used to reduce the conversion delays?)

AUse spot instances instead of on-demand

BImplement a dead-letter queue

CConfigure an alarm to scale the fleet based on queue length

DSwitch from t2.medium to t2.xlarge instance type

Answer : C

To reduce conversion delays caused by increased demand, the company should configure a CloudWatch alarm to scale the EC2 fleet based on the SQS queue length. This auto-scaling approach dynamically adjusts the number of EC2 instances to handle the workload, especially during peak evening hours and anticipated growth. The WGU Cloud Deployment and Operations Study Guide (Section 3.3, Auto Scaling and SQS) explains, 'Auto Scaling can be triggered by a CloudWatch alarm monitoring SQS queue depth, ensuring the EC2 fleet scales out to process video conversion tasks efficiently as the queue length increases.' Spot instances, dead-letter queues, and instance type upgrades do not directly address dynamic scaling needs.

Question 5

(Which service enables a company to enforce and manage governance rules across multiple AWS accounts?)

AControl Tower

BSecurity Hub

CGuardDuty

DSystems Manager

Answer : A

AWS Control Tower enables a company to enforce and manage governance rules across multiple AWS accounts by setting up a landing zone with preconfigured policies for security, compliance, and operations. It simplifies multi-account management. The WGU Cloud Deployment and Operations Study Guide (Section 6.5, Control Tower) states, 'Control Tower provides a centralized solution to establish and enforce governance rules across multiple accounts, using guardrails and a landing zone to ensure compliance with organizational policies.' Security Hub, GuardDuty, and Systems Manager do not offer this multi-account governance capability.

Question 6

(A company has implemented multifactor authentication (MFA) for access to its AWS tenant. Which API call is needed to perform MFA before accessing a resource?)

AGetCallerIdentity

BGetSessionToken

CGetFederationToken

DDecodeAuthorizationMessage

Answer : B

The `GetSessionToken` API call is needed to perform MFA before accessing a resource, as it generates temporary security credentials for an IAM user after MFA validation. This ensures secure access to AWS resources. The WGU Cloud Deployment and Operations Study Guide (Section 6.2, IAM and MFA) states, 'The `GetSessionToken` API is used with MFA to obtain temporary credentials, requiring a valid MFA code to authenticate the user before resource access is granted.' GetCallerIdentity, GetFederationToken, and DecodeAuthorizationMessage serve different purposes and do not handle MFA authentication.

Question 7

(An administrator plans to deploy a database to AWS that supports the following: multiple Availability Zones, a standby database instance that provides failover support, a database instance that allows only read-only connections. Which two database solutions should the administrator use? Choose 2 answers.)

AAmazon Aurora DB cluster with multi-master replication

BAmazon Aurora DB instance with Aurora Replica

CAmazon RDS Multi-AZ DB instance

DAmazon RDS Multi-AZ DB cluster

Answer : B, C

To meet the requirements, the administrator should use an Amazon RDS Multi-AZ DB instance for multiple Availability Zones and failover support, and an Amazon Aurora DB instance with Aurora Replica for a read-only connection. The RDS Multi-AZ configuration automatically provisions a standby instance in a different AZ for failover, while Aurora Replicas provide read-only instances for scaling read traffic. The WGU Cloud Deployment and Operations Study Guide (Section 7.1, RDS and Aurora) states, 'RDS Multi-AZ deploys a standby instance across AZs for failover, and Aurora Replicas are read-only instances that enhance performance by offloading read traffic from the primary instance.' Options A and D are incorrect as multi-master replication and Multi-AZ clusters do not align with the read-only requirement.