Weekend Special Sales Coupon - 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sbfdisc

CLF-C01 PDF

$44

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CLF-C01 PDF + Testing Engine

$70.4

$175.99

3 Months Free Update

  • Exam Name: AWS Certified Cloud Practitioner
  • Last Update: Aug 12, 2022
  • Questions and Answers: 722
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CLF-C01 Engine

$52.8

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CLF-C01 AWS Certified Cloud Practitioner Questions and Answers

Question # 6

Which of the following is included within the security pillar of the AWS Well-Architected Framework?

A.

Identity federation

B.

Data protection

C.

Incident reporting

D.

Disaster recovery

Full Access
Question # 7

Which AWS service or component allows inbound traffic from the internet to access a VPC?

A.

Internet gateway

B.

NAT gateway

C.

AWS WAF

D.

VPC peering

Full Access
Question # 8

Which of the following are AWS compute services? (Select TWO.)

A.

Amazon Lightsail

B.

AWS Systems Manager

C.

AWS CloudFormation

D.

AWS Batch

E.

Amazon Inspector

Full Access
Question # 9

Which AWS service does AWS Snowball Edge natively support?

A.

AWS Server Migration Service (AWS SMS)

B.

Amazon Aurora

C.

AWS Trusted Advisor

D.

Amazon EC2

Full Access
Question # 10

Which of the following are benefits of running a database on Amazon RDS compared to an on-premises database? (Select TWO )

A.

RDS backups are managed by AWS

B.

RDS supports any relational database

C.

RDS has no database engine licensing costs

D.

RDS database compote capacity can be easily scaled

E.

RDS inbound traffic control (for example, security groups) is managed by AWS

Full Access
Question # 11

Which AWS service does AWS Snowball Edge natively support?

A.

AWS Server Migration Service (AWS SMS)

B.

Amazon Aurora

C.

AWS Trusted Advisor

D.

Amazon EC2

Full Access
Question # 12

A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time. Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?

A.

VPC endpoints

B.

AWS Transit Gateway

C.

Amazon Route 53

D.

AWS Secrets Manager

Full Access
Question # 13

Which AWS service or feature allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud?

A.

AWS Direct Connect

B.

VPC peering

C.

AWS VPN

D.

Amazon Route 53

Full Access
Question # 14

What technology enables compute capacity to adjust as loads change?

A.

Load balancing

B.

Automatic failover

C.

Round robin

D.

Auto Scaling

Full Access
Question # 15

A user is planning to launch two additional Amazon EC2 instances to increase availability. Which action should the user take?

A.

Launch the instances across multiple Availability Zones in a single AWS Region

B.

Launch the instances as EC2 Reserved Instances in the same AWS Region and the same Availability Zone

C.

Launch the instances in multiple AWS Regions but in the same Availability Zone

D.

Launch the instances as EC2 Spot Instances in the same AWS Region but in different Availability Zones

Full Access
Question # 16

A company would like to host its MySQL databases on AWS and maintain full control over the operating system, database installation, and configuration. Which AWS service should the company use to host the databases?

A.

Amazon RDS

B.

Amazon EC2

C.

Amazon DynamoDB

D.

Amazon Aurora

Full Access
Question # 17

Under the AWS shared responsibility model what are the customer's responsibilities? (Select TWO.)

A.

Physical and environmental security

B.

Physical network devices including firewalls

C.

Storage device decommissioning

D.

Security of data in transit

E.

Data integrity authentication

Full Access
Question # 18

Which of the following is a benefit of using the AWS Cloud?

A.

Permissive security removes the administrative burden.

B.

Ability to focus on revenue-generating activities.

C.

Control over cloud network hardware.

D.

Choice of specific cloud hardware vendors.

Full Access
Question # 19

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud. How can these reports be generated?

A.

Contact the AWS Compliance team.

B.

Download the reports from AWS Artifact.

C.

Open a case with AWS Support.

D.

Generate the reports with Amazon Made.

Full Access
Question # 20

Which of the following can be used to identify a specific user who stopped an amazon EC2 instance?

A.

AWS CloudTrail

B.

Amazon Inspector

C.

Amazon CloudWatch

D.

VPC Flow Logs

Full Access
Question # 21

The continual reduction of AWS Cloud pricing is due to:

A.

pay-as-you go pricing.

B.

the AWS global infrastructure.

C.

economies of scale.

D.

reserved storage pricing.

Full Access
Question # 22

Which AWS services or features help decrease network latency for a globally dispersed user base? (Select TWO.)

A.

Amazon VPC

B.

Elastic Load Balancer

C.

Amazon CloudFront

D.

AWS Direct Connect

E.

AWS Global Accelerator

Full Access
Question # 23

A company wants to use Amazon Elastic Compute Cloud (Amazon EC2) to deploy a global commercial application. The deployment solution should be built with the highest redundancy and fault tolerance. Based on this situation the Amazon EC2 instances should be deployed:

A.

in a single Availability Zone in one AWS Region

B.

with multiple Elastic Network Interfaces belonging to different subnets

C.

across multiple Availability Zones m one AWS Region

D.

across multiple Availability Zones in two AWS Regions

Full Access
Question # 24

A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service cart be used to accomplish this?

A.

Amazon RDS

B.

Amazon DynamoDB

C.

Amazon Aurora

D.

Amazon Redshift

Full Access
Question # 25

Which AWS service provides a report that enables users to assess AWS infrastructure compliance?

A.

AWS Certificate Manager (ACM)

B.

Amazon DocumentDB (with MongoDB compatibility)

C.

AWS Artifact

D.

AWS Trusted Advisor

Full Access
Question # 26

A retail company is building a new mobile app. The company is evaluating whether to build the app at an on-premises data center or in the AWS Cloud. Which of the following are benefits of building this app in the AWS Cloud? (Select TWO.)

A.

A large, upfront capital expense and low variable expenses

B.

Increased speed for trying out new projects

C.

Complete control over the physical security of the infrastructure

D.

Flexibility to scale up in minutes as the application becomes popular

E.

Ability to pick the specific data centers that will host the application servers

Full Access
Question # 27

A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud.

Which costs will the company eliminate with this migration? (Select TWO.)

A.

Cost of data center operations

B.

Cost of application licensing

C.

Cost of marketing campaigns

D.

Cost of physical server hardware

E.

Cost of network management

Full Access
Question # 28

A company wants to migrate its on-premises Microsoft SQL Server database server to the AWS Cloud. The company has decided to use Amazon EC2 instances to run this database.

Which of the following is the company responsible for managing, according to the AWS shared responsibility model?

A.

EC2 hypervisor

B.

Security patching of the guest operating system

C.

Network connectivity of the host server

D.

Uptime service level agreement (SLA) for the EC2 instances

Full Access
Question # 29

A company discovered unauthorized access to resources in its on-premises data center. Upon investigation, the company found that the requests originated from a resource hosted on AWS. Which AWS team should the company contact to report this issue?

A.

AWS Customer Service team

B.

AWS Sales team

C.

AWS Abuse team

D.

AWS Technical Support team

Full Access
Question # 30

Which tasks are responsibilities of AWS, according to the AWS shared responsibility model? (Select TWO.)

A.

Encrypt client-side data and authenticate data integrity.

B.

Manage customer data.

C.

Perform identity and access management.

D.

Provide physical security for Availability Zones.

E.

Patch the operating system of Amazon S3

Full Access
Question # 31

A developer is working on enhancing applications at AWS. The developer needs a service that can securely host GitHub-based code, repositories, and version controls. Which AWS service should the developer use?

A.

AWS CodeStar

B.

Amazon CodeGuru

C.

AWS CodeCommit

D.

AWS CodePipeline

Full Access
Question # 32

Which duty is a responsibility of AWS under the AWS shared responsibility model?

A.

Identity and access management

B.

Server-side encryption (SSE)

C.

Firewall configuration

D.

Maintaining physical hardware

Full Access
Question # 33

Which AWS service enables the decoupling and scaling of applications?

A.

Amazon Simple Queue Service (Amazon SQS)

B.

AWS Outposts

C.

Amazon S3

D.

Amazon Simple Email Service (Amazon SES)

Full Access
Question # 34

Which AWS service should a company use to create a NoSQL database?

A.

Amazon Aurora

B.

Amazon DynamoDB

C.

Amazon Redshift

D.

Amazon Neptune

Full Access
Question # 35

A company manages global applications that require static IP addresses.

Which AWS service would enable the company to improve the availability and performance of its applications?

A.

Amazon CloudFront

B.

AWS Global Accelerator

C.

Amazon S3 Transfer Acceleration

D.

Amazon API Gateway

Full Access
Question # 36

Which AWS service provides storage that can be mounted across multiple Amazon EC2 instances?

A.

Amazon WorkSpaces

B.

Amazon Elastic File System (Amazon EFS)

C.

AWS Database Migration Service (AWS DMS)

D.

AWS Snowball Edge

Full Access
Question # 37

Which tasks require use of the AWS account root user? (Select TWO.)

A.

Changing an AWS Support plan

B.

Modifying an Amazon EC2 instance type

C.

Grouping resources in AWS Systems Manager

D.

Running applications in Amazon Elastic Kubernetes Service (Amazon EKS)

E.

Closing an AWS account

Full Access
Question # 38

Which AWS service decouples application components so that the components run independently?

A.

Amazon Simple Notification Service (Amazon SNS)

B.

Amazon Simple Workflow Service (Amazon SWF)

C.

AWS Glue

D.

Amazon Simple Queue Service (Amazon SQS)

Full Access
Question # 39

A company needs to report on events that involve the specific AWS services that the company uses.

Which AWS service or resource can the company use with Amazon CloudWatch to meet this requirement?

A.

Amazon Inspector

B.

AWS Personal Health Dashboard

C.

AWS Trusted Advisor

D.

AWS Cloud Trail logs

Full Access
Question # 40

A company needs steady and predictable performance from its Amazon EC2 instances at the lowest possible cost. The company also needs the ability to scale resources to ensure that it has the right resources available at the right time.

Which AWS service or resource will meet these requirements?

A.

Amazon CloudWatch

B.

Application Load Balancer

C.

AWS Batch

D.

Amazon EC2 Auto Scaling

Full Access
Question # 41

A company wants to analyze streaming user data and respond to customer queries in real time.

Which AWS service can meet these requirements?

A.

Amazon QuickSight

B.

Amazon Redshift

C.

Amazon Kinesis Data Analytics

D.

AWS Data Pipeline

Full Access
Question # 42

A company wants to secure its consumer web application by using SSL/TLS to encrypt traffic.

Which AWS service can the company use to meet this goal?

A.

AWS WAF

B.

AWS Shield

C.

Amazon VPC

D.

AWS Certificate Manager (ACM)

Full Access
Question # 43

Which combination of steps will enable multi-factor authentication (MFA) on an AWS account? (Select TWO.)

A.

Contact AWS Support to initiate MFA activation.

B.

Activate AWS Shield on an MFA-compatible device.

C.

Acquire an MFA-compatible device.

D.

Activate the MFA device by using Amazon GuardDuty.

E.

Activate the MFA device in the IAM console or by using the AWS CLI.

Full Access
Question # 44

Which approach will enhance a user’s security on AWS?

A.

Use Multi-AZ deployments with Amazon RDS.

B.

Create a hybrid architecture by using AWS Direct Connect.

C.

Monitor application-specific information with AWS X-Ray.

D.

Encrypt data by using AWS Key Management Service (AWS KMS).

Full Access
Question # 45

What is a benefit of using AWS serverless computing?

A.

Application deployment and management are not required.

B.

Application security will be fully managed by AWS.

C.

Monitoring and logging are not needed.

D.

Management of infrastructure is offloaded to AWS.

Full Access
Question # 46

Which AWS benefit enables users to deploy cloud infrastructure that consists of multiple geographic regions connected by a network with low latency, high throughput, and redundancy?

A.

Economies of scale

B.

Security

C.

Elasticity

D.

Global reach

Full Access
Question # 47

Which AWS services or features can a company use to connect the network of its on-premises data center to AWS? (Select Two.)

A.

AWS VPN

B.

AWS Directory Service

C.

AWS Data Pipeline

D.

AWS Direct Connect

E.

AWS CloudHSM

Full Access
Question # 48

Which AWS service provides an isolated virtual network to connect AWS services and resources?

A.

Amazon EC2

B.

Amazon DynamoDB

C.

Amazon Lightsail

D.

Amazon VPC

Full Access
Question # 49

Which AWS service acts as a data extract transform and load (ETL) tool to make it easy to prepare data for analytics?

A.

Amazon QuickSight

B.

Amazon Athena

C.

AWS Glue

D.

AWS Elastic Beanstalk

Full Access
Question # 50

A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to continue to grow for years.

What is the MOST cost-effective EC2 instance purchasing model to meet these requirements?

A.

Spot Instances

B.

On-Demand Instances

C.

Savings Plans

D.

Dedicated Hosts

Full Access
Question # 51

Which AWS service or feature provides information about ongoing or upcoming scheduled events that can affect an AWS account?

A.

AWS Config

B.

AWS Systems Manager

C.

AWS Personal Health Dashboard

D.

AWS Trusted Advisor

Full Access
Question # 52

According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO)

A.

Network infrastructure and visualization of infrastructure

B.

Security of application data

C.

Guest operating systems

D.

Physical security of hardware

E.

Credentials and policies

Full Access
Question # 53

A company needs a persistent cloud environment for development and testing for a project that will run for 3 months.

Which Amazon EC2 instance purchasing option meets these requirements MOST cost-effectively?

A.

Reserved Instances

B.

Spot Instances

C.

Dedicated Hosts

D.

On-Demand Instances

Full Access
Question # 54

Which cloud characteristics enable a company to provision or release computing capacity as required? (Select Two.)

A.

Scalability

B.

Economies of scale

C.

Elasticity

D.

Agility

E.

Reliability

Full Access
Question # 55

A company’s traffic logs show that IP addresses owned by AWS are being used in an attempt to flood ports on system resources.

To whole should the cloud practitioner report this issue?

A.

AWS Professional Services

B.

AWS Abuse team

C.

AWS Partner Network (APN)

D.

AWS technical account manager (TAM)

Full Access
Question # 56

Which is a recommended pattern for designing a highly available architecture on AWS?

A.

Ensure that components have low-latency network connectivity.

B.

Run enough Amazon EC2 instances to operate at peak load.

C.

Ensure that the application is designed to accommodate failure of any single component.

D.

Use a monolithic application that handles all operations.

Full Access
Question # 57

A user has underutilized on-premises resources. Which AWS Cloud concept can BEST address this Issue?

A.

High availability

B.

Elasticity

C.

Security

D.

Loose coupling

Full Access
Question # 58

Which AWS service or feature is used to troubleshoot network connectivity issues between Amazon EC2 instances?

A.

AWS Certificate Manager (ACM)

B.

Internet gateway

C.

VPC Flow Logs

D.

AWS CloudHSM

Full Access
Question # 59

Which of the following are advantages of using Amazon EC2 instances over traditional on-premses servers? (Select TWO.)

A.

Pay-as-you-go pricing

B.

Automation

C.

Self-maintenance of servers

D.

Agility

E.

Access to physical hosts

Full Access
Question # 60

A company runs its business-critical web application on Amazon Elastic Container Service (Amazon ECS) and Amazon DynamoDB. The workload spikes up to 10 times the normal workload multiple times during the day.

Which AWS Cloud feature enables the company to meet these changes in demand?

A.

Agility

B.

Global reach

C.

Scalability

D.

Security

Full Access
Question # 61

A company uses Amazon S3 buckets. One of the company’s dependents enabled S3 Cross-Region Replication for those buckets to meet new requirements. The company’s bill for that month was larger than usual.

Which AWS service or feature can the company use to confirm that the cost increase was caused by the data replication?

A.

Consolidated billing

B.

Cost Explorer

C.

AWS Pricing Calculator

D.

AWS Trusted Advisor

Full Access
Question # 62

Which of the following will help a user determine if they need to request a VPC service limit increase?

A.

AWS Personal Health Dashboard

B.

AWS Trusted Advisor

C.

AWS Cost and Usage Report

D.

AWS Service Catalog

Full Access
Question # 63

Which AWS services or features enable users to connect on-premises networks to a VPC? (Select Two.)

A.

AWS VPN

B.

Elastic Load Balancing

C.

AWS Direct Connect

D.

VPC peering

E.

Amazon CloudFront

Full Access
Question # 64

A user wants to move legacy applications to the AWS Cloud to reduce the total cost. Which option is the MOST cost-effective according to best practices?

A.

Rewrite the legacy applications in an open-source language, such as Python.

B.

Right-size the Amazon EC2 instances to prevent over-provisioning in terms of compute and memory.

C.

Migrate relational databases to Amazon DynamoDB

D.

Reserve a data center facility with an upfront payment, which provides an additional discount

Full Access
Question # 65

What can users access from AWS Artifact?

A.

AWS security and compliance documents

B.

A download of configuration management details for all AWS resources

C.

Training materials for AWS services

D.

A security assessment of the applications deployed in the AWS Cloud

Full Access
Question # 66

Which AWS service or tool should a company use to centrally request and track service limit increases?

A.

AWS Config

B.

Service Quotas

C.

AWS Service Catalog

D.

AWS Budgets

Full Access
Question # 67

A company's security team requires that all Amazon EC2 workloads use approved Amazon Machine Images (AMIs). Which AWS service should the company use to verify that the EC2 instances are using approved AMIs?

A.

Amazon CloudWatch

B.

Amazon Inspector

C.

AWS Config

D.

AWS Trusted Advisor

Full Access
Question # 68

A developer wants to use an Amazon S3 bucket to store application logs that contain sensitive data. Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?

A.

Security groups

B.

Amazon CloudWatch

C.

AWS CloudTrail

D.

ACLs

Full Access
Question # 69

A customer is deploying a new serverless application running on AWS Lambda.

Which of the following are the customer's responsibilities under the AWS shared responsibility model? (Select TWO.)

A.

Application management

B.

Platform management

C.

Application identity and access

D.

Storage infrastructure

E.

AWS global infrastructure

Full Access
Question # 70

A development learn wants to deploy multiple test environments for an application in a fast, repeatable manner.

Which AWS service should the learn use?

A.

Amazon EC2

B.

AWS Cloudformation

C.

Amazon QuickSight

D.

Amazon Elastic Container Service (Amazon ECS)

Full Access
Question # 71

A company has a serverless application that includes an Amazon API Gateway DynamoDB database a function, and an Amazon Which AWS service can the company use to trace user requests as they move through the application s components ?

A.

AWS CloudTrail

B.

Amazon CloudWatch

C.

Amazon Inspector

D.

AWS X-Ray

Full Access
Question # 72

What information is found on an AWS Identity and Access Management (IAM) credential report? (Select TWO.)

A.

The date and time when an IAM user's password was last used to sign in to the AWS Management Console

B.

The type of multi-factor authentication (MFA) device assigned to an IAM user.

C.

The User-Agent browser identifier for each IAM user currently logged in B

D.

Whether multi-factor authentication (MFA) has been enabled for an IAM user.

E.

The number of incorrect login attempts by each IAM user in the previous 30 days.

Full Access
Question # 73

A company wants to be notified when its AWS Cloud costs or usage exceed defined thresholds. Which AWS service will support these requirements?

A.

AWS Budgets

B.

Cost Explorer

C.

AWS CloudTrail

D.

Amazon Made

Full Access
Question # 74

Which of the following security resources are supplied by AWS? (Select TWO.)

A.

Trusted Advisor checks

B.

Service intrusion metrics

C.

Penetration testing

D.

Educational webinars

E.

Peer-to-peer file-sharing detection

Full Access
Question # 75

An e-learning platform needs to run an application for 2 months each year The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.

Which EC2 purchasing option will meet these requirements MOST cost-effectively?

A.

Reserved Instances

B.

Dedicated Hosts

C.

Spot Instances

D.

On-Demand instances

Full Access
Question # 76

A company sets up its AWS environment and creates eight IAM users for the development team.

Which of the following is a best practice for the company to follow to grant permissions to these IAM users?

A.

Apply the principle of least privilege. Create one password, and set the password for each user.

B.

Provide the development team members with AWS account root user access.

C.

Apply the principle of least privilege. Attach a separate IAM policy for each individual user.

D.

Apply the principle of least privilege. Grant access to an IAM group, and add the eight users to that group.

Full Access
Question # 77

What tasks should a customer perform when that customer suspects an AWS account has been compromised? (Choose two.)

A.

Rotate and delete all AWS access keys.

B.

Remove any multi-factor authentication (MFA) tokens

C.

Move resources to a different AWS Region.

D.

Delete AWS CloudTrail Resources.

E.

Contact AWS Support.

Full Access
Question # 78

Which benefit is always free of charge with AWS, regardless of a user’s AWS support plan?

A.

AWS Developer Support

B.

AWS Developer Forums

C.

Programmatic case management

D.

AWS technical account manager (TAM)

Full Access
Question # 79

Which action will provide documentation to help a company evaluate whether its use of the AWS Cloud is compliant with local regulatory standards?

A.

Running Amazon GuardDuty

B.

Using AWS Artifact

C.

Creating an AWS Support ticket

D.

Evaluating AWS CloudTrail logs

Full Access
Question # 80

Which of the following are included in AWS Enterprise Support? (Select TWO.)

A.

AWS technical account manager (TAM)

B.

AWS partner-led support

C.

AWS Professional Services

D.

Support of third-party software integration to AWS.

E.

5-minute response time for critical issues

Full Access
Question # 81

A company wants guidance to optimize the cost and performance of its current AWS environment. Which AWS service or tool should the company use to identify areas for optimization?

A.

Amazon QuickSight

B.

AWS Trusted Advisor

C.

AWS Organizations

D.

AWS Budgets

Full Access
Question # 82

A company wants to establish an encrypted network connection between applications at its on-premises data center and the applications that run in its AWS account. The connection must be over the public internet.

Which AWS service can the company use to meet these requirements?

A.

AWS Direct Connect

B.

Amazon Route 53

C.

AWS Site-to-Site VPN

D.

AWS Snowball

Full Access
Question # 83

Which tool can be used to create alerts when the actual or forecasted cost of AWS services exceeds a certain threshold?

A.

Cost Explorer

B.

AWS Budgets

C.

AWS Cost and Usage Report

D.

AWS CloudTrail

Full Access
Question # 84

Which task is a customer's responsibility, according to the AWS shared responsibility model?

A.

Management of the guest operating systems

B.

Maintenance of the configuration of infrastructure devices

C.

Management of the host operating systems and virtualization

D.

Maintenance of the software that powers Availability Zones

Full Access
Question # 85

A company is building a mobile app to provide shopping recommendations lo its customers. The company wants to use a graph database as part of the shopping recommendation engine.

Which AWS database service should the company choose?

A.

Amazon DynamoDB

B.

Amazon Aurora

C.

Amazon Neptune

D.

Amazon DocumentDB (with MongoDB compatibility)

Full Access
Question # 86

Which statement describes a characteristic of the AWS global infrastructure?

A.

Edge locations contain multiple AWS Regions

B.

AWS Regions contain multiple Regional edge caches

C.

Availability Zones contain multiple data centers

D.

Each data center contains multiple edge locations

Full Access
Question # 87

Which actions should a company take to avoid failure in an AWS architecture design? (Select TWO)

A.

Separate Amazon EC2 instances into different Availability Zones.

B.

Enable Alexa for Business for business applications

C.

Use Amazon Workspaces to reduce the need for operating system patching

D.

Use AWS Glue to prepare and load failover data

E.

Enable Amazon S3 Cross-Region Replication

Full Access
Question # 88

Which of the following are aspects of the AWS shared responsibility model? (Select Two.)

A.

Configuration management of infrastructure devices is the customer’s responsibility

B.

For Amazon S3, AWS operates the infrastructure layer, the operating systems, and the platforms

C.

AWS is responsible for protecting the physical cloud infrastructure

D.

AWS is responsible for training the customer’s employees on AWS product and services

E.

For Amazon EC2, AWS is responsible for maintaining the guest operating system

Full Access
Question # 89

Which Amazon EC2 pricing model provides the MOST cost savings for an always-up, right-sized database server running for a project that will last 1 year?

A.

On-Demand Instances

B.

Convertible Reserved Instances

C.

Spot Instances

D.

Standard Reserved Instances

Full Access
Question # 90

A company wants to configure its AWS resources so that the resources can be easily deployed across different AWS Regions. The company wants the deployment to be as automated as. Which AWS service will meet these requirements?

A.

AWS CodeBuild

B.

AWS CodePipeline

C.

AWS CloudFormation

D.

Amazon CloudWatch

Full Access
Question # 91

A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment the application has used 1AM access keys. The application is now ready for deployment onto an ECS cluster

How should the application authenticate with AWS services in production?

A.

Configure an ECS task 1AM role for the application to use

B.

Refactor the application to call AWS STS AssumeRole based on an instance role

C.

Configure AWS access key/secret access key environment variables with new credentials

D.

Configure the credentials file with a new access key/secret access key

Full Access
Question # 92

A company wants an in-memory data store that is compatible with open source in the cloud. Which AWS service should the company use?

A.

Amazon DynamoDB

B.

Amazon ElastlCache

C.

Amazon Elastic Block Store (Amazon EBS)

D.

Amazon Redshift

Full Access
Question # 93

How does AWS Cloud computing help businesses reduce costs? (Select TWO.)

A.

AWS charges the same prices for services in every AWS Region.

B.

AWS enables capacity to be adjusted on demand.

C.

AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week.

D.

AWS does not charge for data sent from the AWS Cloud to the internet.

E.

AWS eliminates many of the costs of building and maintaining on-premises data centers.

Full Access
Question # 94

A company wants to increase its ability to recover its infrastructure in the case of a natural disaster. Which pillar of the AWS Well-Architected Framework does this ability represent?

A.

Cost optimization

B.

Performance efficiency

C.

Reliability

D.

Security

Full Access
Question # 95

A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket.

What is the MOST secure way to give the application the ability to write files to the S3 bucket?

A.

Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle

user authentication within the client-side application

B.

Create a new IAM policy and a corresponding 1AM user with permissions to write to the S3 bucket Store the key and the

secret for the user in the application code Use the key to authenticate the video uploads

C.

Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put

into the S3 bucket Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL

D.

Generate a new 1AM key and a corresponding secret by using the AWS account root user credentials Store the key and the

secret for the user in the application code. Use the key to authenticate the video uploads

Full Access
Question # 96

A company has dn application that analyzes photographs. A developer is preparing the application for deployment to Amazon EC2 instances. The application's image analysis functions require a mix of GPU instances and CPU instances that run on Amazon Linux. The developer needs to add code to the application so that the functions can determine whether they are running on a GPU instance

What should the functions do to obtain this information?

A.

Call the Descnbeinstances API operation and filter on the current instance ID Examine the EiasticGpuAssociations property

B.

Evaluate the GPU_AVA1LABLE environment variable

C.

Call the DescribeElasticGpus API operation

D.

Retrieve the instance type from the instance metadata

Full Access
Question # 97

A developer needs to use the AWS CLI on an on-premises development server temporarily to access AWS services while performing maintenance. The developer needs to authenticate to AWS with their identity for several hours.

What is the MOST secure way to call AWS CLI commands with the developer's IAM identity?

A.

Specify the developer's IAM access key ID and secret access key as parameters for each CLI command

B.

Run the aws configure CLI command Provide the developer's IAM access key ID and secret access key

C.

Specify the developer's IAM profile as a parameter for each CLI command

D.

Run the get-session-token CLI command with the developer's IAM user. Use the returned credentials to call the CLI

Full Access
Question # 98

An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on-premises data center and the encryption is handled by S3

Which type of encryption should be used?

A.

Use server-side encryption with Amazon S3-managed keys

B.

Use server-side encryption with AWS KMS-managed keys

C.

Use client-side encryption with AWS KMS-managed keys

D.

Use server-side encryption with customer-provided keys.

Full Access
Question # 99

A developer has created a web API that uses Amazon Elastic Container Service (Amazon ECS) and an Application Load Balancer (ALB) An Amazon CloudFront distribution uses the API as an origin for web clients The application has received millions of requests with a JSON Web Token (JWT) that is not valid in the authorization header The developer has scaled out the application to handle the unauthenticated requests

What should the developer do to reduce the number of unauthenticated requests to the API?

A.

Add a request routing rule to the ALB to return a 401 status code if the authorization header is missing

B.

Add a container to the ECS task definition to validate JWTs Set the new container as a dependency of the application container

C.

Create a CloudFront function for the distribution Use the crypto module in the function to validate the JWT

D.

Add a custom authorizer for AWS Lambda to the CloudFront distribution to validate the JWT

Full Access
Question # 100

Which network security features are supported by Amazon VPC? (Select TWO.)

A.

Network ACLs

B.

Internet gateways

C.

VPC peering

D.

Security groups

E.

Firewall rules

Full Access
Question # 101

A company is using continuous integration/continuous delivery (CI/CD) systems A developer must automate the deployment of an application software package to Amazon EC2 instances and virtual servers that run on premises

Which AWS service should the developer use to meet these requirements?

A.

AWS Cloud9

B.

AWS CodeBuild

C.

AWS Elastic Beanstalk

D.

AWS CodeDeploy

Full Access
Question # 102

A company needs to generate reports that will describe its usage of Amazon EC2 Reserved Instances across AWS accounts for the past month. Which AWS service or tool can the company use to meet this requirement?

A.

AWS Organizations

B.

Amazon S3

C.

Cost Explorer

D.

Amazon EC2 dashboard

Full Access