CLF-C01 Exam - AWS Certified Cloud Practitioner

NEW QUESTION 1

A company is building a serverless architecture that connects application data from multiple data sources. The company needs a solution that does not require additional code.
Which AWS service meets these requirements?

• A. AWS Lambda
• B. Amazon Simple Queue Service (Amazon SQS)
• C. Amazon CloudWatch
• D. Amazon EventBridge

Answer: D

Explanation:
Amazon EventBridge is the service that meets the requirements of building a serverless architecture that connects application data from multiple data sources without requiring additional code. Amazon EventBridge is a serverless event bus service that allows you to easily connect your applications with data from AWS services, SaaS applications, and your own applications. You can use Amazon EventBridge to create rules that match events and route them to targets such as AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, or other AWS services. Amazon EventBridge handles the event ingestion, delivery, security, authorization, and error handling for you34

NEW QUESTION 2

A company has an Amazon S3 bucket containing images of scanned financial invoices. The company is building an artificial intelligence (Al)-based application on AWS. The company wants the application to identify and read total balance amounts on the invoices.
Which AWS service will meet these requirements?

• A. Amazon Forecast
• B. Amazon Textract
• C. Amazon Rekognition
• D. Amazon Lex

Answer: B

Explanation:
Amazon Textract is a service that automatically extracts text and data from scanned documents. Amazon Textract goes beyond simple optical character recognition (OCR) to also identify the contents of fields in forms and information stored in tables. Amazon Textract can analyze images of scanned financial invoices and extract the total balance amounts, as well as other relevant information, such as invoice number, date, vendor name, etc5.

NEW QUESTION 3

A company wants to create a chatbot and integrate the chatbot with its current web application.
Which AWS service will meet these requirements?

• A. AmazonKendra
• B. Amazon Lex
• C. AmazonTextract
• D. AmazonPolly

Answer: B

Explanation:
The AWS service that will meet the requirements of the company that wants to create a chatbot and integrate the chatbot with its current web application is Amazon Lex. Amazon Lex is a service that helps customers build conversational interfaces using voice and text. The company can use Amazon Lex to create a chatbot that can understand natural language and respond to user requests, using the same deep learning technologies that power Amazon Alexa. Amazon Lex also provides easy integration with other AWS services, such as Amazon Comprehend, Amazon Polly, and AWS Lambda, as well as popular platforms, such as Facebook Messenger, Slack, and Twilio. Amazon Lex helps customers create engaging and interactive chatbots for their web applications. Amazon Kendra, Amazon Textract, and Amazon Polly are not the best services to use for this purpose. Amazon Kendra is a service that helps customers provide accurate and natural answers to natural language queries using machine learning. Amazon Textract is a service that helps customers extract text and data from scanned documents using optical character recognition (OCR) and machine learning. Amazon Polly is a service that helps customers convert text into lifelike speech using deep learning. These services are more useful for different types of natural language processing and generation tasks, rather than creating and integrating chatbots.

NEW QUESTION 4

A company is running its application in the AWS Cloud and wants to protect against a DDoS attack. The company's security team wants near real-time visibility into DDoS attacks.
Which AWS service or traffic filter will meet these requirements with the MOST features for DDoS protection?

• A. AWS Shield Advanced
• B. AWS Shield
• C. Amazon GuardDuty
• D. Network ACLs

Answer: A

Explanation:
AWS Shield Advanced is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield Advanced
provides you with 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration. AWS Shield Advanced also provides near real-time visibility into attacks, advanced attack mitigation capabilities, and integration with AWS WAF and AWS Firewall Manager1. AWS Shield is a standard service that provides always-on detection and automatic inline mitigations to minimize application downtime and latency, but it does not offer the same level of features and support as AWS Shield Advanced2. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it does not provide DDoS protection3. Network ACLs are stateless filters that can be associated with a subnet to control the traffic to and from the subnet, but they are not designed to protect against DDoS attacks

NEW QUESTION 5

Which AWS service provides the ability to manage infrastructure as code?

• A. AWS CodePipeline
• B. AWS CodeDeploy
• C. AWS Direct Connect
• D. AWS CloudFormation

Answer: D

Explanation:
The AWS service that provides the ability to manage infrastructure as code is AWS CloudFormation. Infrastructure as code is a process of defining and provisioning AWS resources using code or templates, rather than manual actions or scripts. AWS CloudFormation allows you to create and update stacks of AWS resources based on predefined templates that describe the desired state and configuration of the resources. AWS CloudFormation automates and simplifies the deployment and management of AWS resources, and ensures consistency and repeatability across different environments and regions. AWS CloudFormation also supports rollback, change sets, drift detection, and nested stacks features that help you to monitor and control the changes to your infrastructure1.

NEW QUESTION 6

Which AWS services allow users to monitor and retain records of account activities that include governance, compliance, and auditing?
(Select TWO.)

• A. Amazon CloudWatch
• B. AWS CloudTrail
• C. Amazon GuardDuty
• D. AWS Shield
• E. AWS WAF

Answer: AB

Explanation:
Amazon CloudWatch and AWS CloudTrail are the AWS services that allow users to monitor and retain records of account activities that include governance, compliance, and auditing. Amazon CloudWatch is a service that collects and tracks metrics, collects and monitors log files, and sets alarms. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. Amazon GuardDuty, AWS Shield, and AWS WAF are AWS services that provide security and protection for AWS resources, but they do not monitor and retain records of
account activities. These concepts are explained in the AWS Cloud Practitioner Essentials course3.

NEW QUESTION 7

Which task is a customer's responsibility, according to the AWS shared responsibility model?

• A. Management of the guest operating systems
• B. Maintenance of the configuration of infrastructure devices
• C. Management of the host operating systems and virtualization
• D. Maintenance of the software that powers Availability ZonesA company has refined its workload to use specific AWS services to improve efficiency and reduce cost.

Answer: A

Explanation:
Management of the guest operating systems is a customer’s responsibility, according to the AWS shared responsibility model. The AWS shared responsibility model defines the different security and compliance responsibilities of AWS and the customer. AWS is responsible for the security of the cloud, which includes the physical infrastructure, hardware, software, and facilities that run the AWS Cloud. The customer is responsible for security in the cloud, which includes the configuration and management of the guest operating systems, applications, data, and network traffic protection

NEW QUESTION 8

A company needs a fully managed file server that natively supports Microsoft workloads and file systems The file server must also support the SMB protocol.
Which AWS service should the company use to meet these requirements?

• A. Amazon Elastic File System (Amazon EFS)
• B. Amazon FSx for Lustre
• C. Amazon FSx for Windows File Server
• D. Amazon Elastic Block Store (Amazon EBS)

Answer: C

Explanation:
Amazon FSx for Windows File Server is a fully managed file server that supports Microsoft workloads and file systems, including the SMB protocol. It provides features such as user quotas, end-user file restore, and Microsoft Active Directory integration. Amazon EFS is a fully managed file system that supports the NFS protocol, not SMB. Amazon FSx for Lustre is a fully managed file system that supports high- performance computing workloads, not Microsoft workloads. Amazon EBS is a block
storage service that does not provide a file system or SMB support. References: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon EFS, Amazon EBS

NEW QUESTION 9

Which AWS service can defend against DDoS attacks?

• A. AWS Firewall Manager
• B. AWS Shield Standard
• C. AWS WAF
• D. Amazon Inspector

Answer: B

Explanation:
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It automatically detects and mitigates the most common and frequently occurring network and transport layer DDoS attacks that target AWS resources, such as Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS Firewall Manager is a service that allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced protections, and Amazon VPC security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.

NEW QUESTION 10

Which AWS service requires the customer to patch the guest operating system?

• A. AWS Lambda
• B. Amazon OpenSearch Service
• C. Amazon EC2
• D. Amazon ElastiCache

Answer: C

Explanation:
The AWS service that requires the customer to patch the guest operating system is Amazon EC2. Amazon EC2 is a service that provides scalable compute capacity in the cloud, and allows customers to launch and run virtual servers, called instances, with a variety of operating systems, configurations, and specifications. The customer is responsible for patching and updating the guest operating system and any applications that run on the EC2 instances, as part of the security in the cloud. AWS Lambda, Amazon
OpenSearch Service, and Amazon ElastiCache are not services that require the customer to patch the guest operating system. AWS Lambda is a serverless compute service that allows customers to run code without provisioning or managing servers. Amazon OpenSearch Service is a fully managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Amazon ElastiCache is a fully managed service that provides in-memory data store and cache solutions, such as Redis and Memcached. These services are managed by AWS, and AWS is responsible for patching and updating the underlying infrastructure and software.

NEW QUESTION 11

A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library's capacity to the AWS Cloud.
Which AWS service should the company use to meet this requirement?

• A. Amazon Elastic File System (Amazon EFS)
• B. Amazon Elastic Block Store (Amazon EBS)
• C. Amazon S3
• D. AWS Storage Gateway

Answer: D

Explanation:
AWS Storage Gateway is a hybrid cloud storage service that provides on- premises access to virtually unlimited cloud storage. You can use AWS Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. One of these use cases is tape-based backup, which allows you to store data backups on virtual tapes in the AWS Cloud. You can use the Tape Gateway feature of AWS Storage Gateway to extend your existing physical tape library to the AWS Cloud. Tape Gateway provides a virtual tape infrastructure that scales seamlessly with your backup needs and eliminates the operational burden of provisioning, scaling, and maintaining a physical tape infrastructure123. References: 1: Cloud Storage Appliances, Hybrid Device - AWS Storage Gateway - AWS, 2: AWS Storage Gateway Documentation, 3: AWS Storage Gateway Features | Amazon Web Services

NEW QUESTION 12

A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use?

• A. AWS Config
• B. AWS Secrets Manager
• C. AWS CloudTrail
• D. AWS Trusted Advisor

Answer: A

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This can help you simplify compliance auditing,
security analysis, change management, and operational troubleshooting1.

NEW QUESTION 13

Which of the following services can be used to block network traffic to an instance? (Select TWO.)

• A. Security groups
• B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
• C. Network ACLs
• D. Amazon CloudWatch
• E. AWS CloudTrail

Answer: AC

Explanation:
Security groups and network ACLs are two AWS services that can be used to block network traffic to an instance. Security groups are virtual firewalls that control the inbound and outbound traffic for your instances at the instance level. You can specify which protocols, ports, and source or destination IP addresses are allowed or denied for each instance. Security groups are stateful, which means that they automatically allow return traffic for any allowed inbound or outbound traffic123. Network ACLs are virtual firewalls that control the inbound and outbound traffic for your subnets at the subnet level. You can create rules to allow or deny traffic based on protocols, ports, and source or destination IP addresses. Network ACLs are stateless, which means that you have to explicitly allow return traffic for any allowed inbound or outbound traffic456. References: 1: Security groups for your VPC - Amazon Virtual Private Cloud, 2: Security Groups for Your VPC - Amazon Elastic Compute Cloud, 3: AWS Security Groups: Everything You Need to
Know, 4: Network ACLs - Amazon Virtual Private Cloud, 5: Control traffic to subnets using network ACLs - Amazon Virtual Private Cloud, 6: AWS Network ACLs: Everything You
Need to Know

NEW QUESTION 14

A company wants an in-memory data store that is compatible with open source in the cloud.
Which AWS service should the company use?

• A. Amazon DynamoDB
• B. Amazon ElastiCache
• C. Amazon Elastic Block Store (Amazon EBS)
• D. Amazon Redshift

Answer: B

Explanation:
Amazon ElastiCache is a fully managed in-memory data store service that is compatible with open source engines such as Redis and Memcached1. It provides fast and scalable performance for applications that require high throughput and low latency1. Amazon DynamoDB is a fully managed NoSQL database service that provides consistent and single-digit millisecond latency at any scale2. Amazon EBS is a block storage service that provides persistent and durable storage volumes for Amazon EC2 instances3. Amazon Redshift is a fully managed data warehouse service that allows users to run complex analytic queries using SQL4.

NEW QUESTION 15

Which company needs to apply security rules to a subnet for Amazon EC2 instances. Which AWS service or feature provides this functionality?

• A. Network ACLs
• B. Security groups
• C. AWS Certificate Manager (ACM)
• D. AWS Config

Answer: A

Explanation:
Network ACLs (network access control lists) are an AWS service or feature that provides the functionality of applying security rules to a subnet for EC2 instances. A subnet is a logical partition of an IP network within a VPC (virtual private cloud). A VPC is a logically isolated section of the AWS Cloud where the company can launch AWS resources in a virtual network that they define. A network ACL is a virtual firewall that controls the inbound and outbound traffic for one or more subnets. The company can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not track the traffic that flows through them. Therefore, the company must create rules for both inbound and outbound traffic4

NEW QUESTION 16

A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?

• A. Security
• B. Performance efficiency
• C. Cost optimization
• D. Operational excellence

Answer: D

Explanation:
The scenario represents the operational excellence pillar of the AWS Well- Architected Framework, which focuses on running and monitoring systems to deliver business value and continually improve supporting processes and procedures1. Security, performance efficiency, cost optimization, and reliability are the other four pillars of the framework1.

NEW QUESTION 17
......