AWS Certified Cloud Practitioner CLF-C01 Exam Questions Part 2

Source:

AWS: https://www.awslagi.com

GCP: https://www.gcp-examquestions.com

1. Which service provides a user the ability to warehouse data in the AWS Cloud?

   A. Amazon EFSB. Amazon RedshiftC. Amazon RDSD. Amazon VPC

Answer: B

1. A user is planning to migrate an application workload to the AWS Cloud. Which control becomes the responsibility of AWS once the migration is complete?

   A. Patching the guest operating systemB. Maintaining physical and environmental controlsC. Protecting communications and maintaining zone securityD. Patching specific applications

Answer: B

1. Which AWS service can be used to provide an on-demand, cloud-based contact center?

   A. AWS Direct ConnectB. Amazon ConnectC. AWS Support CenterD. AWS Managed Services

Answer: B

1. What tool enables customers without an AWS account to estimate costs for almost all AWS services?

   A. Cost ExplorerB. TCO CalculatorC. AWS BudgetsD. Simple Monthly Calculator

Answer: D

1. Which component must be attached to a VPC to enable inbound Internet access?

   A. NAT gatewayB. VPC endpointC. VPN connectionD. Internet gateway

Answer: D

1. Which pricing model would result in maximum Amazon Elastic Compute Cloud (Amazon EC2) savings for a database server that must be online for one year?

   A. Spot InstanceB. On-Demand InstanceC. Partial Upfront Reserved InstanceD. No Upfront Reserved Instance

Answer: C

1. A company has a MySQL database running on a single Amazon EC2 instance. The company now requires higher availability in the event of an outage. Which set of tasks would meet this requirement?

   A. Add an Application Load Balancer in front of the EC2 instanceB. Configure EC2 Auto Recovery to move the instance to another Availability ZoneC. Migrate to Amazon RDS and enable Multi-AZD. Enable termination protection for the EC2 instance to avoid outages

Answer: C

1. A company wants to ensure that AWS Management Console users are meeting password complexity requirements. How can the company configure password complexity?

   A. Using an AWS IAM user policyB. Using an AWS Organizations service control policy (SCP)C. Using an AWS IAM account password policyD. Using an AWS Security Hub managed insight

Answer: C

1. Under the AWS shared responsibility model, which of the following is the customers responsibility?

   A. Patching guest OS and applicationsB. Patching and fixing flaws in the infrastructureC. Physical and environmental controlsD. Configuration of AWS infrastructure devices

Answer: A

1. Which of the following tasks is required to deploy a PCI-compliant workload on AWS?

   A. Use any AWS service and implement PCI controls at the application layerB. Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to enable PCI compliance at the application layerC. Use any AWS service and raise an AWS support ticket to enable PCI compliance on that serviceD. Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application layer

Answer: D

1. Which are benefits of using Amazon RDS over Amazon EC2 when running relational databases on AWS? (Choose two.)

   A. Automated backupsB. Schema managementC. Indexing of tablesD. Software patchingE. Extract, transform, and load (ETL) management

Answer: A D

1. What does the Amazon S3 Intelligent-Tiering storage class offer?

   A. Payment flexibility by reserving storage capacityB. Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store (Amazon EBS) volumeC. Automatic cost savings by moving objects between tiers based on access pattern changesD. Secure, durable, and lowest cost storage for data archival

Answer: C

1. A company has multiple data sources across the organization and wants to consolidate data into one data warehouse. Which AWS service can be used to meet this requirement?

   A. Amazon DynamoDBB. Amazon RedshiftC. Amazon AthenaD. Amazon QuickSight

Answer: B

1. Which AWS service can be used to track resource changes and establish compliance?

   A. Amazon CloudWatchB. AWS ConfigC. AWS CloudTrailD. AWS Trusted Advisor

Answer: C

1. A user has underutilized on-premises resources. Which AWS Cloud concept can BEST address this issue?

   A. High availabilityB. ElasticityC. SecurityD. Loose coupling

Answer: C

1. A user has a stateful workload that will run on Amazon EC2 for the next 3 years. What is the MOST cost-effective pricing model for this workload?

   A. On-Demand InstancesB. Reserved InstancesC. Dedicated InstancesD. Spot Instances

Answer: B

1. A cloud practitioner needs an Amazon EC2 instance to launch and run for 7 hours without interruptions. What is the most suitable and cost-effective option for this task?

   A. On-Demand InstanceB. Reserved InstanceC. Dedicated HostD. Spot Instance

Answer: A

1. Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

   A. Providing high-performance container orchestrationB. Creating and rotating encryption keysC. Detecting underutilized resources to save costsD. Improving security by proactively monitoring the AWS environmentE. Implementing enforced tagging across AWS resources

Answer: C D

1. A developer has been hired by a large company and needs AWS credentials. Which are security best practices that should be followed? (Choose two.)

   A. Grant the developer access to only the AWS resources needed to perform the job.B. Share the AWS account root user credentials with the developer.C. Add the developer to the administrators group in AWS IAM.D. Configure a password policy that ensures the developers password cannot be changed.E. Ensure the account password policy requires a minimum length.

Answer: A E

1. Which AWS storage service is designed to transfer petabytes of data in and out of the cloud?

   A. AWS Storage GatewayB. Amazon S3 Glacier Deep ArchiveC. Amazon LightsailD. AWS Snowball

Answer: D

1. Which AWS service allows for effective cost management of multiple AWS accounts?

   A. AWS OrganizationsB. AWS Trusted AdvisorC. AWS Direct ConnectD. Amazon Connect

Answer: A

1. A company is piloting a new customer-facing application on Amazon Elastic Compute Cloud (Amazon EC2) for one month. What pricing model is appropriate?

   A. Reserved InstancesB. Spot InstancesC. On-Demand InstancesD. Dedicated Hosts

Answer: C

1. Which AWS tools automatically forecast future AWS costs?

   A. AWS Support CenterB. AWS Total Cost of Ownership (TCO) CalculatorC. AWS Simple Monthly CalculatorD. Cost Explorer

Answer: D

1. Under the AWS shared responsibility model, which of the following is a responsibility of AWS?

   A. Enabling server-side encryption for objects stored in S3B. Applying AWS IAM security policiesC. Patching the operating system on an Amazon EC2 instanceD. Applying updates to the hypervisor

Answer: D

1. A user is able to set up a master payer account to view consolidated billing reports through:

   A. AWS Budgets.B. Amazon Macie.C. Amazon QuickSight.D. AWS Organizations.

Answer: D

1. Performing operations as code is a design principle that supports which pillar of the AWS Well-Architected Framework?

   A. Performance efficiencyB. Operational excellenceC. ReliabilityD. Security

Answer: B

1. Which design principle is achieved by following the reliability pillar of the AWS Well-Architected Framework?

   A. Vertical scalingB. Manual failure recoveryC. Testing recovery proceduresD. Changing infrastructure manually

Answer: C

1. What is a characteristic of Convertible Reserved Instances (RIs)?

   A. Users can exchange Convertible RIs for other Convertible RIs from a different instance family.B. Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.C. Users can sell and buy Convertible RIs on the AWS Marketplace.D. Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs.

Answer: A

1. The user is fully responsible for which action when running workloads on AWS?

   A. Patching the infrastructure componentsB. Implementing controls to route application trafficC. Maintaining physical and environmental controlsD. Maintaining the underlying infrastructure components

Answer: B

1. An architecture design includes Amazon EC2, an Elastic Load Balancer, and Amazon RDS. What is the BEST way to get a monthly cost estimation for this architecture?

   A. Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost estimation.B. Collect the published prices of the AWS services and calculate the monthly estimate.C. Use the AWS Simple Monthly Calculator to estimate the monthly cost.D. Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.

Answer: C

1. Which AWS service allows users to download security and compliance reports about the AWS infrastructure on demand?

   A. Amazon GuardDutyB. AWS Security HubC. AWS ArtifactD. AWS Shield

Answer: C

1. Which AWS managed services can be used to extend an on-premises data center to the AWS network? (Choose two.)

   A. AWS VPNB. NAT gatewayC. AWS Direct ConnectD. Amazon ConnectE. Amazon Route 53

Answer: A C

1. Which requirement must be met for a member account to be unlinked from an AWS Organizations account?

   A. The linked account must be actively compliant with AWS System and Organization Controls (SOC).B. The payer and the linked account must both create AWS Support cases to request that the member account be unlinked from the organization.C. The member account must meet the requirements of a standalone account.D. The payer account must be used to remove the linked account from the organization.

Answer: C

1. What AWS benefit refers to a customers ability to deploy applications that scale up and down the meet variable demand?

   A. ElasticityB. AgilityC. SecurityD. Scalability

Answer: D

1. During a compliance review, one of the auditors requires a copy of the AWS SOC 2 report. Which service should be used to submit this request?

   A. AWS Personal Health DashboardB. AWS Trusted AdvisorC. AWS ArtifactD. Amazon S3

Answer: C

1. A company wants to set up a highly available workload in AWS with a disaster recovery plan that will allow the company to recover in case of a regional service interruption. Which configuration will meet these requirements?

   A. Run on two Availability Zones in one AWS Region, using the additional Availability Zones in the AWS Region for the disaster recovery site.B. Run on two Availability Zones in one AWS Region, using another AWS Region for the disaster recovery site.C. Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster recovery site.D. Run across two AWS Regions, using a third AWS Region for the disaster recovery site.

Answer: B

1. A company has a 500 TB image repository that needs to be transported to AWS for processing. Which AWS service can import this data MOST cost-effectively?

   A. AWS SnowballB. AWS Direct ConnectC. AWS VPND. Amazon S3

Answer: A

1. Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)?

   A. Amazon DynamoDBB. Amazon AthenaC. Amazon RDSD. Amazon EMR

Answer: C

1. Which of the following assist in identifying costs by department? (Choose two.)

   A. Using tags on resourcesB. Using multiple AWS accountsC. Using an account managerD. Using AWS Trusted AdvisorE. Using Consolidated Billing

Answer: A B

1. A company wants to allow full access to an Amazon S3 bucket for a particular user. Which element in the S3 bucket policy holds the user details that describe who needs access to the S3 bucket?

   A. PrincipalB. ActionC. ResourceD. Statement

Answer: A

1. A company must store critical business data in Amazon S3 with a backup to another AWS Region. How can this be achieved?

   A. Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globallyB. Set up Amazon S3 cross-region replication to another AWS RegionC. Configure the AWS Backup service to back up to the data to another AWS RegionD. Take Amazon S3 bucket snapshots and copy that data to another AWS Region

Answer: B

1. Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded?

   A. AWS BudgetsB. AWS Cost ExplorerC. AWS Cost Allocation TagsD. AWS Organizations

Answer: A

1. What is the recommended method to request penetration testing on AWS resources?

   A. Open a support caseB. Fill out the Penetration Testing Request FormC. Request a penetration test from your technical account managerD. Contact your AWS sales representative

Answer: B

1. A user needs to automatically discover, classify, and protect sensitive data stored in Amazon S3. Which AWS service can meet these requirements?

   A. Amazon InspectorB. Amazon MacieC. Amazon GuardDutyD. AWS Secrets Manager

Answer: B

1. Which components are required to build a successful site-to-site VPN connection on AWS? (Choose two.)

   A. Internet gatewayB. NAT gatewayC. Customer gatewayD. Transit gatewayE. Virtual private gateway

Answer: D E

1. Which Amazon EC2 pricing option is best suited for applications with short-term, spiky, or unpredictable workloads that cannot be interrupted?

   A. Spot InstancesB. Dedicated HostsC. On-Demand InstancesD. Reserved Instances

Answer: C

1. Which AWS cloud architecture principle states that systems should reduce interdependencies?

   A. ScalabilityB. Services, not serversC. Removing single points of failureD. Loose coupling

Answer: D

1. What is the MOST effective resource for staying up to date on AWS security announcements?

   A. AWS Personal Health DashboardB. AWS Secrets ManagerC. AWS Security BulletinsD. Amazon Inspector

Answer: C

1. Which AWS service offers persistent storage for a file system?

   A. Amazon S3B. Amazon EC2 instance storeC. Amazon Elastic Block Store (Amazon EBS)D. Amazon ElastiCache

Answer: C

1. Which of the following allows AWS users to manage cost allocations for billing?

   A. Tagging resourcesB. Limiting who can create resourcesC. Adding a secondary payment methodD. Running all operations on a single AWS account

Answer: A

1. Which of the following tasks can only be performed after signing in with AWS account root user credentials? (Choose two.)

   A. Closing an AWS accountB. Creating a new IAM policyC. Changing AWS Support plansD. Attaching a role to an Amazon EC2 instanceE. Generating access keys for IAM users

Answer: A C

1. Fault tolerance refers to:

   A. the ability of an application to accommodate growth without changing designB. how well and how quickly an applications environment can have lost data restoredC. how secure your application isD. the built-in redundancy of an applications components

Answer: D

1. A company operating in the AWS Cloud requires separate invoices for specific environments, such as development, testing, and production. How can this be achieved?

   A. Use multiple AWS accountsB. Use resource taggingC. Use multiple VPCsD. Use Cost Explorer

Answer: A

1. Which AWS service can be used in the application deployment process?

   A. AWS AppSyncB. AWS BatchC. AWS CodePipelineD. AWS DataSync

Answer: B

1. What can be used to reduce the cost of running Amazon EC2 instances? (Choose two.)

   A. Spot Instances for stateless and flexible workloadsB. Memory optimized instances for high-compute workloadsC. On-Demand Instances for high-cost and sustained workloadsD. Reserved Instances for sustained workloadsE. Spend limits set using AWS Budgets

Answer: A D

1. A company is launching an e-commerce site that will store and process credit card data. The company requires information about AWS compliance reports and AWS agreements. Which AWS service provides on-demand access to these items?

   A. AWS Certificate ManagerB. AWS ConfigC. AWS ArtifactD. AWS CloudTrail

Answer: C

1. Which AWS service or feature allows the user to manager cross-region application traffic?

   A. Amazon AppStream 2.0B. Amazon VPCC. Elastic Load BalancerD. Amazon Route 53

Answer: C

1. Which AWS service can be used to track unauthorized API calls?

   A. AWS ConfigB. AWS CloudTrailC. AWS Trusted AdvisorD. Amazon Inspector

Answer: B

1. A user needs to regularly audit and evaluate the setup of all AWS resources, identify non-compliant accounts, and be notified when a resource changes. Which AWS service can be used to meet these requirements?

   A. AWS Trusted AdvisorB. AWS ConfigC. AWS Resource Access ManagerD. AWS Systems Manager

Answer: B

1. A user is planning to launch two additional Amazon EC2 instances to increase availability. Which action should the user take?

   A. Launch the instances across multiple Availability Zones in a single AWS Region.B. Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability Zone.C. Launch the instances in multiple AWS Regions, but in the same Availability Zone.D. Launch the instances as EC2 Spot Instances in the same AWS Region, but in different Availability Zones.

Answer: A

1. A companys application has flexible start and end times. Which Amazon EC2 pricing model will be the MOST cost-effective?

   A. On-Demand InstancesB. Spot InstancesC. Reserved InstancesD. Dedicated Hosts

Answer: B

1. Under the AWS shared responsibility model, what are the customers responsibilities? (Choose two.)

   A. Physical and environmental securityB. Physical network devices including firewallsC. Storage device decommissioningD. Security of data in transitE. Data integrity authentication

Answer: D E

1. A cloud practitioner has a data analysis workload that is infrequently executed and can be interrupted without harm. To optimize for cost, which Amazon EC2 purchasing option should be used?

   A. On-Demand InstancesB. Reserved InstancesC. Spot InstancesD. Dedicated Hosts

Answer: C

1. Which AWS container service will help a user install, operate, and scale the cluster management infrastructure?

   A. Amazon Elastic Container Registry (Amazon ECR)B. AWS Elastic BeanstalkC. Amazon Elastic Container Service (Amazon ECS)D. Amazon Elastic Block Store (Amazon EBS)

Answer: C

1. Which of the following allows an application running on an Amazon EC2 instance to securely write data to an Amazon S3 bucket without using long term credentials?

   A. Amazon CognitoB. AWS ShieldC. AWS IAM roleD. AWS IAM user access key

Answer: D

1. A company with a Developer-level AWS Support plan provisioned an Amazon RDS database and cannot connect to it. Who should the developer contact for this level of support?

   A. AWS Support using a support caseB. AWS Professional ServicesC. AWS technical account managerD. AWS consulting partners

Answer: A

1. What is the purpose of having an internet gateway within a VPC?

   A. To create a VPN connection to the VPCB. To allow communication between the VPC and the InternetC. To impose bandwidth constraints on internet trafficD. To load balance traffic from the Internet across Amazon EC2 instances

Answer: B

1. A company must ensure that its endpoint for a database instance remains the same after a single Availability Zone service interruption. The application needs to resume database operations without the need for manual administrative intervention. How can these requirements be met?

   A. Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS Storage Gateway.B. Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the standby.C. Add multiple Application Load Balancers and deploy the database instance with AWS Elastic Beanstalk.D. Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon CloudFront origins.

Answer: B

1. Which AWS managed service can be used to distribute traffic between one or more Amazon EC2 instances?

   A. NAT gatewayB. Elastic Load BalancingC. Amazon AthenaD. AWS PrivateLink

Answer: B

1. AWS Trusted Advisor provides recommendations on which of the following? (Choose two.)

   A. Cost optimizationB. AuditingC. Serverless architectureD. PerformanceE. Scalability

Answer: A D

1. How can a company separate costs for network traffic, Amazon EC2, Amazon S3, and other AWS services by department?

   A. Add department-specific tags to each resourceB. Create a separate VPC for each departmentC. Create a separate AWS account for each departmentD. Use AWS Organizations

Answer: C