c. Cloud

D. Security group

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied.

a. Number of requests to your functions

e. Compute time consumed

With AWS Lambda, you pay only for what you use. You are charged based on the number of requests for your functions and the time it takes for your code to execute.

a. With the AWS pay-as-you-go pricing model, you do not have to pay any upfront fee 

d. You only pay for the individual services that you need with no long-term contracts

With the AWS pay-as-you-go model, you only pay for what you consume, you do not have to pay any money upfront and there are no long term contracts. The AWS pay-as-you-go pricing is similar to how you pay for utilities like water and electricity. You only pay for the services you consume, and once you stop using them, there are no additional costs or termination fees.  

c. Control access to AWS services 

e. Consolidate billing across multiple AWS accounts 

AWS Organizations has five main benefits:

1) Centrally manage access polices across multiple AWS accounts.

2) Automate AWS account creation and management.

3) Control access to AWS services.

4) Consolidate billing across multiple AWS accounts.

5) Configure AWS services across multiple accounts.

b. Environmental controls 

d. Data center security controls 

As mentioned in the AWS Shared Responsibility Model page, Inherited Controls are controls which a customer fully inherits from AWS such as physical controls and environmental controls.

B. A service that provides intelligent threat detection for AWS infrastructure and resources

AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within an AWS environment.

The other response options are incorrect because:

• A service that helps protect applications against distributed denial-of-service (DDoS) attacks - This response option describes AWS Shield.
• A service that checks applications for security vulnerabilities and deviations from security best practices - This response option describes Amazon Inspector.
• A service that monitors network requests for web applications - This response option describes AWS WAF.

D. Amazon Simple Queue Service (Amazon SQS)

Amazon SQS is a message queuing service. Using Amazon SQS, an application developer can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.

D. AWS Cost Explorer

With AWS Cost Explorer, businesses can quickly create custom reports to analyze their AWS cost and usage data.

The other response options are incorrect because:

• AWS Budgets lets businesses set custom alerts that will notify individuals when a service usage exceeds (or is forecasted to exceed) the amount that has been budgeted.
• AWS Pricing Calculator creates an estimate for the cost of a business' use cases on AWS. In the AWS Pricing Calculator, a person can enter details for their cloud computing requirements and then receive a detailed estimate that can be exported and shared. 
• AWS Artifact is a service that provides access to AWS security and compliance reports and special online agreements.

C. Operations Perspective

The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.

The other response options are incorrect because: 

• The Business Perspective helps moves a business from a model that separates business and IT strategies into a business model that integrates IT strategy.
• The People Perspective helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
• The Governance Perspective provides the capability to update the staff skills and organizational processes that are necessary to ensure business governance in the cloud.

A. A fully isolated portion of the AWS global infrastructure

An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

D. Network ACL

A network access control list (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC.

D. Instance store

Instance stores are ideal for temporary data that does not need to be kept long term. When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

C. EC2 Instance Savings Plans

EC2 Instance Savings Plans reduces compute costs by committing to a consistent hourly spend for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any EC2 usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any EC2 usage beyond the commitment is charged at regular On-Demand Instance rates.

D. S3 Lifecycle Policy

You can add rules in an S3 Lifecycle configuration to tell Amazon S3 to transition objects to another Amazon S3 storage class. For example:

When you know that objects are infrequently accessed, you might transition them to the S3 Standard-IA storage class.

You might want to archive objects that you don't need to access in real time to the S3 Glacier storage class.