Last Updated on August 28, 2021 by Admin 3

CLF-C01 : AWS Certified Cloud Practitioner : Part 17

  1. Which Amazon VPC feature enables users to capture information about the IP traffic that reaches Amazon EC2 instances?

    • Security groups
    • Elastic network interfaces
    • Network ACLs
    • VPC Flow Logs
    Explanation:
    VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to Amazon CloudWatch Logs or Amazon S3. After you’ve created a flow log, you can retrieve and view its data in the chosen destination.
  2. Which AWS service can be used to automatically scale an application up and down without making capacity planning decisions?

    • Amazon AutoScaling
    • Amazon Redshift
    • AWS CloudTrail
    • AWS Lambda
  3. AWS Enterprise Support users have access to which service or feature that is not available to users with other AWS Support plans?

    • AWS Trusted Advisor
    • AWS Support case
    • Concierge team
    • Amazon Connect
  4. A company wants to migrate a MySQL database to AWS but does not have the budget for Database Administrators to handle routine tasks including provisioning, patching, and performing backups.

    Which AWS service will support this use case?

    • Amazon RDS
    • Amazon DynamoDB
    • Amazon DocumentDB
    • Amazon ElastiCache
    Explanation:
    Amazon RDS makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks, such as hardware provisioning, database setup, patching, and backups. It frees you to focus on your applications, so you can give them the fast performance, high availability, security, and compatibility that they need.
  5. A company wants to expand from one AWS Region into a second AWS Region.

    What does the company need to do to start supporting the new Region?

    • Contact an AWS Account Manager to sign a new contract
    • Move an Availability Zone to the new Region
    • Begin deploying resources in the second Region
    • Download the AWS Management Console for the new Region
  6. A user must meet compliance and software licensing requirements that state a workload must be hosted on a physical server.

    Which Amazon EC2 instance pricing option will meet these requirements?

    • Dedicated Hosts
    • Dedicated Instances
    • Spot Instances
    • Reserved Instances
  7. Which AWS service will provide a way to generate encryption keys that can be used to encrypt data? (Choose two.)

    • Amazon Macie
    • AWS Certificate Manager
    • AWS Key Management Service (AWS KMS)
    • AWS Secrets Manager
    • AWS CloudHSM
  8. A company is planning to migrate from on-premises to the AWS Cloud.

    Which AWS tool or service provides detailed reports on estimated cost savings after migration?

    • AWS Total Cost of Ownership (TCO) Calculator
    • Cost Explorer
    • AWS Budgets
    • AWS Migration Hub
  9. What can assist in evaluating an application for migration to the cloud? (Choose two.)

    • AWS Trusted Advisor
    • AWS Professional Services
    • AWS Systems Manager
    • AWS Partner Network (APN)
    • AWS Secrets Manager
  10. Which AWS service helps users meet contractual and regulatory compliance requirements for data security by using dedicated hardware appliances within the AWS Cloud?

    • AWS Secrets Manager
    • AWS CloudHSM
    • AWS Key Management Service (AWS KMS)
    • AWS Directory Service
    Explanation:
    The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. CloudHSM allows you to securely generate, store, and manage cryptographic keys used for data encryption in a way that keys are accessible only by you.
  11. Under the AWS shared responsibility model, the customer manages which of the following? (Choose two.)

    • Decommissioning of physical storage devices
    • Security group and ACL configuration
    • Patch management of an Amazon RDS instance operating system
    • Controlling physical access to data centers
    • Patch management of an Amazon EC2 instance operating system
  12. Which AWS service is suitable for an event-driven workload?

    • Amazon EC2
    • AWS Elastic Beanstalk
    • AWS Lambda
    • Amazon Lumberyard
    Explanation:
    An easy-to-use service for deploying and scaling web applications and web services developed in a number of programming languages. You can configure event notifications for your Elastic Beanstalk environment so that notable events can be automatically published to an SNS topic, then pushed to topic subscribers. As an example, you may use this event-driven architecture to coordinate your continuous integration pipeline (such as Jenkins CI). That way, whenever an environment is created, Elastic Beanstalk publishes this event to an SNS topic, which triggers a subscribing Lambda function, which then kicks off a CI job against your newly created Elastic Beanstalk environment.
  13. What is a value proposition of the AWS Cloud?

    • AWS is responsible for security in the AWS Cloud
    • No long-term contract is required
    • Provision new servers in days
    • AWS manages user applications in the AWS Cloud
  14. What is a characteristic of Amazon S3 cross-region replication?

    • Both source and destination S3 buckets must have versioning disabled
    • The source and destination S3 buckets cannot be in different AWS Regions
    • S3 buckets configured for cross-region replication can be owned by a single AWS account or by different accounts
    • The source S3 bucket owner must have the source and destination AWS Regions disabled for their account
  15. What is a user responsible for when running an application in the AWS Cloud?

    • Managing physical hardware
    • Updating the underlying hypervisor
    • Providing a list of users approved for data center access
    • Managing application software updates
  16. A company that does business online needs to quickly deliver new functionality in an iterative manner, minimizing the time to market.

    Which AWS Cloud feature can provide this?

    • Elasticity
    • High availability
    • Agility
    • Reliability
  17. Which features or services can be used to monitor costs and expenses for an AWS account? (Choose two.)

    • AWS Cost and Usage report
    • AWS product pages
    • AWS Simple Monthly Calculator
    • Billing alerts and Amazon CloudWatch alarms
    • AWS Price List API
  18. Amazon Route 53 enables users to:

    • encrypt data in transit
    • register DNS domain names
    • generate and manage SSL certificates
    • establish a dedicated network connection to AWS
  19. Which AWS service helps identify malicious or unauthorized activities in AWS accounts and workloads?

    • Amazon Rekognition
    • AWS Trusted Advisor
    • Amazon GuardDuty
    • Amazon CloudWatch
  20. A company wants to try a third-party ecommerce solution before deciding to use it long term.

    Which AWS service or tool will support this effort?

    • AWS Marketplace
    • AWS Partner Network (APN)
    • AWS Managed Services
    • AWS Service Catalog