AWS CLF-C01 Cloud Practicioner

Which AWS service provides infrastructure security optimization recommendations?. AWS Application Programming Interface(API). Reserved Instances. AWS Trusted Advisor. Amazon Elastic Compute Cloud (Amazon EC2) SpotFleet.

A file-sharing service uses Amazon S3 to store files uploaded by users. Files are accessed with random frequency. Popular ones are downloaded every day whilst others not so often and some rarely. What is the most cost-effective Amazon S3 object storage class to implement?. Amazon S3 Standard. Amazon S3 Glacier. Amazon S3 One Zone-Infrequently Accessed. Amazon S3 Intelligent-Tiering.

Which AWS service can be deployed to enhance read performance for applications while reading data from NoSQL database?. Amazon Route 53. Amazon DynamoDB Accelerator. Amazon CloudFront. AWS Greengrass.

An organization utilizes a software suite that consists of a multitude of underlying microservices hosted on the cloud. The application is frequently giving runtime errors. Which service will help in the troubleshooting process?. AWS CloudTrail. AWS CloudWatch. AWS X-Ray. Amazon OpenSearch Service.

According to the AWS, what is the benefit of Elasticity?. Minimize storage requirements by reducing logging and auditing activities. Create systems that scale to the required capacity based on changes in demand. Enable AWS to automatically select the most cost-effective services. Accelerate the design process because recovery from failure is automated, reducing the need for testing.

Which tool can you use to forecast your AWS spending?. AWS Organizations. Amazon Dev Pay. AWS Trusted Advisor. AWS Cost Explorer.

Which of the following is an optional Security layer attached to a subnet within a VPC for controlling traffic in & out of the VPC?. VPC Flow Logs. Web Application Firewall. Security Group. Network ACL.

Which of the following is a customer responsibility under AWS Shared Responsibility Model?. Patching of host OS deployed on Amazon S3. Logical Access controls for underlying infrastructure. Physical security of the facilities. Patching of guest OS deployed on Amazon EC2 instance.

What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?. File Transfer. HTTP Transfer. Amazon S3 Transfer Acceleration. S3 Acceleration.

Which of the following services can be used to optimize performance for global users to transfer large-sized data objects to a centralized Amazon S3 bucket in us-west-1 region?. Enable S3 Transfer Acceleration on Amazon S3 bucket. Use Amazon CloudFront Put/Post commands. Use Multipart upload. Use Amazon ElastiCache.

There is a requirement to store objects. The objects must be downloadable via a URL. Which storage option would you choose? Answers. Amazon S3. Amazon Glacier. Amazon Storage Gateway. Amazon EBS.

There is a requirement to host a database server for a minimum period of one year. Which of the following would result in the least cost? Answers. Spot Instances. On-Demand. No Upfront costs Reserved. Partial Upfront costs Reserved.

During an organization's information systems audit, the administrator is requested to provide a dossier of security and compliance reports and online service agreements between the organization and AWS. Which service can they utilize to acquire this information?. AWS Artifact. AWS Resource Center. AWS Service Catalog. AWS Directory Service.

A new department has recently joined the organization and the administrator needs to compose access permissions for the group of users. Given that they have various roles and access needs, what is the best-practice approach when granting access?. After gathering information on their access needs, the administrator should allow every user to access the most common resources and privileges on the system. The administrator should grant all users the same permissions and then grant more upon request. The administrator should grant all users the least privilege and add more privileges to only to those who need it. Users should have no access and be granted temporary access on the occasions that they need to execute a task.

There is an external audit being carried out on your company. The IT auditor needs to have a log of 'who made the requests' to the AWS resources in the company's account. Which of the below services can assist in providing these details?. AWS Cloudwatch. AWS CloudTrail. AWS EC2. AWS SNS.

Which of the following features can be used to preview changes to be made to an AWS resource which will be deployed using the AWS CloudFormation template?. AWS CloudFormation Drift Detection. AWS CloudFormation Change Sets. AWS CloudFormation Stack Sets. AWS CloudFormation Intrinsic Functions.

Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?. Delete the data and create a new EBS volume. Create EBS snapshots. Attach new volumes to EC2 Instances. Create copies of EBS Volumes.

When designing a highly available architecture, what is the difference between vertical scaling (scaling-up) and horizontal scaling (scaling-out)?. Scaling up provides for high availability whilst scaling out brings fault-tolerance. Scaling out is not cost-effective compared to scaling up. Scaling up adds more resources to an instance, scaling out adds more instances. Autoscaling groups require scaling up whilst launch configurations use scaling out.

Your company is planning to move to the AWS Cloud. You need to give a presentation on the cost perspective when moving existing resources to the AWS Cloud. Considering Amazon EC2, which of the following is an advantage from the cost perspective?. Having the ability of automated backups of the EC2 instance, so that you don’t need to worry about the maintenance costs. The ability to choose low cost AMI’s to prepare the EC2 Instances. The ability to only pay for what you use. Ability to tag instances to reduce the overall cost.

When designing a system, you use the principle of “design for failure and nothing will fail” Which of the following services/features of AWS can assist in supporting this design principle? Choose 3 answers from the options given below. Answers. Availability Zones. Regions. Elastic Load Balancer. Pay as you go.

Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below: Reduce inter-dependencies so failures do not impact other components. Which of the following concepts does this requirement relate to? Answers. Integration. Decoupling. Aggregation. Segregation.

Which of the following security requirements are managed by AWS? Select 3 answers from the options given below. Password Policies. User permissions. Physical security. Disk disposal. Hardware patching.

You are planning on deploying a video-based application onto the AWS Cloud. Users across the world will access these videos. Which of the below services can help efficiently stream the content to the users across the globe? Answers. Amazon SES. Amazon Cloudtrail. Amazon CloudFront. Amazon S3.

Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?. Amazon Inspector. AWS CloudFormation. AWS Trusted Advisor. AWS Config.

An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test and one for Production. The Security team has some concerns about the VPC configuration. It requires to restrict the communication across the EC2 instances using Security Groups. Which of the following options is true for Security Groups? Answers. You can change a Security Group associated to an instance if the instance state is stopped or running. You can change a Security Group associated to an instance if the instance state is stopped but not if the instance state is running. You can change a Security Group only if there are no instances associated to it. The only Security Group you can change is the Default Security Group. None of the above.

Your company is planning to pay for an AWS Support plan. They have the following requirements as far as the support plan goes: 24x7 access to Cloud Support Engineers via email, chat & phone Response time of less than 15 minutes for any business-critical system faults Which of the following plans will suffice to keep in mind the above requirement?. Basic. Developer. Business. Enterprise.

Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move? Answers. AWS Database Migration Service. AWS VM Migration Service. AWS Inspector. AWS Trusted Advisor.

On which of the following resources does Amazon Inspector perform network accessibility checks?. Amazon CloudFront. Amazon VPN. Amazon EC2 instance. Amazon VPC.

Which of the following services helps to achieve the computing elasticity in AWS? Answers. AWS RDS. VPC Endpoint. AWS EC2 Auto Scaling Group. Amazon S3.

A live online game uses DynamoDB instances in the backend to store real-time scores of the participants as they compete against each other from various parts of the world. Which data consistency option is the most appropriate to implement? Answers B. Eventually consistent C. Strong Eventual consistency. A. Strongly consistent. D. Optimistic consistency.

Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities? Answers. AWS Trusted Advisor. AWS Inspector. AWS WAF. AWS Shield.

You are planning to serve a web application on the AWS Platform by using EC2 Instances. Which of the below principles would you adopt to ensure that even if some of the EC2 Instances crash, you still have a working application?. Using a scalable system. Using an elastic system. Using a regional system. Using a fault tolerant system.

Which of the following are best practices when designing cloud-based systems? Choose 2 answers from the options below. A. Build Tightly-coupled components. B. Build loosely-coupled components. C. Assume everything will fail. D. Use as many services as possible.

Which services allow the customer to retain full administrative privileges of the underlying virtual infrastructure?. Amazon EC2. Amazon S3. Amazon Lambda. Amazon DynamoDB.

You have a mission-critical application that must be globally available at all times. If this is the case, which of the below deployment mechanisms would you employ?. Deployment to multiple edge locations. Deployment to multiple Availability Zones. Deployment to multiple Data Centers. Deployment to multiple Regions.

Which of the following can be used to protect against DDoS attacks? Choose 2 answers from the options given below. Answers. AWS EC2. AWS RDS. AWS Shield. AWS Shield Advanced.

Which of the following is a serverless compute offering from AWS?. AWS EC2. AWS Lambda. AWS SNS. AWS SQS.

Which of the following security services can be used to detect users' personal credit card numbers from data stored in Amazon S3? Answers. A. Amazon Macie. B. Amazon GuardDuty C. Amazon Inspector D. AWS Shield.

An online streaming company is prohibited from broadcasting its content in certain countries and regions in the world. Which Amazon Route 53 routing policy would be the most suitable in guaranteeing their compliance?. Geoproximity. Geolocation. Multi-value answer. Failover.

Which AWS service provides a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability?. AWS RDS. DynamoDB. Oracle RDS. Elastic Map Reduce.

In the AWS Billing and Management service, which tool can provide usage-based forecasts of estimated billing costs and usage for the coming months?. AWS Cost Explorer. AWS Bills. AWS Reports. Cost & Usage Reports.

Which of the following AWS managed database service provides processing power that is up to 5X faster than a traditional MySQL database?. MariaDB. Aurora. PostgreSQL. DynamoDB.

In the AWS Well-Architected Framework, which of the following is NOT a Security design principle to design solutions in AWS?. Apply Security only at the edge of the network. Protect Data at rest & in transit. Implement a strong Identity foundation. Enable Traceability.

Which of the following options is TRUE for AWS Database Migration Service (AWS DMS)?. AWS DMS can migrate databases from on-premise to AWS. AWS DMS can migrate databases from AWS to on-premise. AWS DMS can migrate databases from EC2 to Amazon RDS. AWS DMS can have Amazon Redshift and Amazon DynamoDB as target databases. All the above.

Which of the following services helps in governance, compliance, and risk auditing in AWS?. AWS CloudFormation. AWS CloudTrail. AWS CloudWatch. AWS SNS.

Project team enhancing the security features of a banking application, requires implementing a threat detection service that continuously monitors malicious activities and unauthorized behaviors to protect AWS accounts, workloads, and data stored in Amazon S3 Which AWS services should the project team select? Answers. AWS Shield. AWS Firewall Manager. Amazon GuardDuty. Amazon Inspector.

Which of the following are benefits of the AWS's Relational Database Service (RDS)? Choose the 2 correct answers from the options below. Automated patches and backups. DB owner can resize the capacity accordingly. It allows you to store unstructured data. It allows you to store NoSQL data.

Which AWS product provides a unified user interface, enabling easy management of software development activities in one place, along with, quick development, build, and deployment of applications on AWS?. Amazon CodeGuru. AWS CodeBuild. AWS CodeArtifact. AWS CodeStar.

If you want to take a backup of an EBS Volume, what would you do?. Store the EBS volume in S3. Store the EBS volume in an RDS database. Create an EBS snapshot. Store the EBS volume in Dynamo.

Your Security Team has some security concerns about the application data stored on S3 The team requires you to introduce two improvements: (i) add “encryption at rest” and (ii) give them the possibility to monitor who has accessed the data and when the data have been accessed. Which of the following AWS solution would you adopt to satisfy the requirement?. AWS Certificate Manager with CloudTrail. Server-Side Encryption managed by S3 (SSE-S3) with CloudTrail. Server-Side Encryption managed by customer (SSE-C) with CloudTrail. Server-Side Encryption managed by KMS (SSE-KMS) with CloudTrail.