CLF-C01 Exam - AWS Certified Cloud Practitioner

NEW QUESTION 1

A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of credentials.
Which AWS service or resource will meet this requirement?

• A. AWS Organizations
• B. IAM user
• C. AWS IAM Identity Center (AWS Single Sign-On)
• D. AWS Control Tower

Answer: C

Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. You can use AWS SSO to enable your users to sign in to the AWS Management Console or the AWS Command Line Interface (AWS CLI) with their existing corporate credentials2. You can also manage SSO access and user permissions across all your AWS accounts in AWS Organizations3. References: AWS Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation

NEW QUESTION 2

Which AWS service uses a combination of publishers and subscribers?

• A. AWS Lambda
• B. Amazon Simple Notification Service (Amazon SNS)
• C. Amazon CloudWatch
• D. AWS CloudFormation

Answer: B

Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 3

A company wants to establish a private network connection between AWS and its corporate network.
Which AWS service or feature will meet this requirement?

• A. Amazon Connect
• B. Amazon Route 53
• C. AWS Direct Connect
• D. VPC peering

Answer: C

Explanation:
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet- based connections12. References: 1: Dedicated Network Connection - AWS Direct Connect - AWS, 2: What is AWS Direct Connect? - AWS Direct Connect

NEW QUESTION 4

Which AWS service provides the ability to host a NoSQL database in the AWS Cloud?

• A. Amazon Aurora
• B. Amazon DynamoDB
• C. Amazon RDS
• D. Amazon Redshift

Answer: B

Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both key- value and document data models, and allows you to create tables that can store and retrieve any amount of data, and serve any level of request traffic. You can also use DynamoDB Streams to capture data modification events in DynamoDB tables.

NEW QUESTION 5

A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud How can these reports be generated?

• A. Contact the AWS Compliance team
• B. Download the reports from AWS Artifact
• C. Open a case with AWS Support
• D. Generate the reports with Amazon Made

Answer: B

Explanation:
AWS Artifact is a service that provides on-demand access to security and compliance reports from AWS and Independent Software Vendors (ISVs) who sell their products on AWS Marketplace. You can use AWS Artifact to download auditor-issued reports, certifications, accreditations, and other third-party attestations of AWS compliance with various standards and regulations, such as PCI-DSS, HIPAA, FedRAMP, GDPR, and more1234. You can also use AWS Artifact to review, accept, and manage your agreements with AWS and apply them to current and future accounts within your organization2. References: 1: Cloud Compliance - Amazon Web Services
(AWS), 2: Security Compliance Management - AWS Artifact - AWS, 3: AWS Compliance Contact Us - Amazon Web Services, 4: AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

NEW QUESTION 6

Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)

• A. Patch AWS network devices.
• B. Set user password rules.
• C. Provide physical security for compute resources.
• D. Configure security groups.
• E. Patch the operating system of an Amazon EC2 instance.

Answer: AC

Explanation:
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment. Reference: AWS Shared Responsibility Model

NEW QUESTION 7

A company needs a repository that stores source code. The company needs a way to update the running software when the code changes.
Which combination of AWS services will meet these requirements? (Select TWO.)

• A. AWS CodeCommit
• B. AWS CodeDeploy
• C. Amazon DynamoDB
• D. Amazon S3
• E. Amazon Elastic Container Service (Amazon ECS)

Answer: AB

Explanation:
A and B are correct because AWS CodeCommit is the AWS service that provides a fully managed source control service that hosts secure Git-based repositories1, and AWS CodeDeploy is the AWS service that automates code deployments to any instance, including Amazon EC2 instances and servers running on-premises2. These two services can be used together to store source code and update the running software when the code changes. C is incorrect because Amazon DynamoDB is the AWS service that provides a fully managed NoSQL database service that supports key-value and document data models3. It is not related to storing source code or updating software. D is incorrect because Amazon S3 is the AWS service that provides object storage through a web service interface4. It can be used to store source code, but it does not provide source control features or update software. E is incorrect because Amazon Elastic Container Service (Amazon ECS) is the AWS service that allows users to run, scale, and secure Docker container applications. It can be used to deploy containerized software, but it does
not store source code or update software.

NEW QUESTION 8

A company moves its infrastructure from on premises to the AWS Cloud. The company can now provision additional Amazon EC2 instances whenever the instances are required. With this ability, the company can launch new marketing campaigns in 3 days instead of 3 weeks.
Which benefit of the AWS Cloud does this scenario demonstrate?

• A. Cost savings
• B. Improved operational resilience
• C. Increased business agility
• D. Enhanced security

Answer: C

Explanation:
Increased business agility is the benefit of the AWS Cloud that this scenario demonstrates. Business agility refers to the ability of a company to adapt to changing customer needs, market conditions, and competitive pressures. Moving to the AWS Cloud enables business agility by providing faster access to resources, lower upfront costs, and greater scalability and flexibility. By using the AWS Cloud, the company can launch new marketing campaigns in 3 days instead of 3 weeks, which shows that it can respond to customer feedback more quickly and efficiently. For more information, see Benefits of Cloud Computing and [Business Agility].

NEW QUESTION 9

Which AWS services are supported by Savings Plans? (Select TWO.)

• A. Amazon EC2
• B. Amazon RDS
• C. Amazon SageMaker
• D. Amazon Redshift
• E. Amazon DynamoDB

Answer: AC

Explanation:
The AWS services that are supported by Savings Plans are:
✑ Amazon EC2: Amazon EC2 is a service that provides scalable computing capacity in the AWS cloud. You can use Amazon EC2 to launch virtual servers, configure security and networking, and manage storage. Amazon EC2 is eligible for both Compute Savings Plans and EC2 Instance Savings Plans12.
✑ Amazon SageMaker: Amazon SageMaker is a service that helps you build and deploy machine learning models. You can use Amazon SageMaker to access Jupyter notebooks, use common machine learning algorithms, train and tune models, and deploy them to a hosted environment. Amazon SageMaker is eligible for SageMaker Savings Plans13.
The other options are not supported by Savings Plans. Amazon RDS, Amazon Redshift, and Amazon DynamoDB are database services that are eligible for Reserved Instances, but not Savings Plans4.

NEW QUESTION 10

Which database engines does Amazon Aurora support? (Select TWO.)

• A. Oracle
• B. Microsoft SQL Server
• C. MySQL
• D. PostgreSQL
• E. MongoDB

Answer: CD

Explanation:
Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL engines. It delivers up to five times the performance of MySQL and up to three times the performance of PostgreSQL. It also provides high availability, scalability, security, and durability1

NEW QUESTION 11

A company wants to create multiple isolated networks in the same AWS account. Which AWS service or component will provide this functionality?

• A. AWS Transit Gateway
• B. Internet gateway
• C. Amazon VPC
• D. Amazon EC2

Answer: C

Explanation:
Amazon Virtual Private Cloud (Amazon VPC) is the AWS service that allows customers to create multiple isolated networks in the same AWS account. A VPC is a logically isolated section of the AWS Cloud where customers can launch AWS resources in a virtual network that they define. Customers can create multiple VPCs within an AWS account, each with its own IP address range, subnets, route tables, security groups, network access control lists, gateways, and other components. AWS Transit Gateway, Internet gateway, and Amazon EC2 are not services or components that provide the functionality of creating multiple isolated networks in the same AWS account. AWS Transit Gateway is a service that enables customers to connect their Amazon VPCs and their on- premises networks to a single gateway. An Internet gateway is a component that enables communication between instances in a VPC and the Internet. Amazon EC2 is a service that provides scalable compute capacity in the cloud34

NEW QUESTION 12

Which AWS service or feature can the company use to limit the access to AWS services for member accounts?

• A. AWS Identity and Access Management (IAM)
• B. Service control policies (SCPs)
• C. Organizational units (OUs)
• D. Access control lists (ACLs)

Answer: B

Explanation:
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines2. SCPs are available only in an organization that has all features enabled2.

NEW QUESTION 13

Which of the following is a characteristic of the AWS account root user?

• A. The root user is the only user that can be configured with multi-factor authentication (MFA).
• B. The root user is the only user that can access the AWS Management Console.
• C. The root user is the first sign-in identity that is available when an AWS account is created.
• D. The root user has a password that cannot be changed.

Answer: C

Explanation:
The AWS account root user is the first sign-in identity that is available when an AWS account is created. It has complete access to all AWS services and resources in the account. The root user email address and password are the same credentials that are used to sign in to the AWS Management Console4. The root user should be used only to perform a few account and service management tasks. For day-to-day tasks, it is recommended to use AWS Identity and Access Management (IAM) users or roles instead.

NEW QUESTION 14

Which pillar of the AWS Well-Architected Framework includes the AWS shared responsibility model?

• A. Operational excellence
• B. Performance efficiency
• C. Reliability
• D. Security

Answer: D

Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The framework consists of five pillars: operational excellence, performance efficiency, reliability, security, and cost optimization. The security pillar covers the AWS shared responsibility model, which defines the security and compliance responsibilities of AWS and the customers. You can learn more about the AWS Well-Architected Framework from [this whitepaper] or [this digital course].

NEW QUESTION 15

How can an AWS user conduct security assessments of Amazon EC2 instances, NAT gateways, and Elastic Load Balancers in a way that is approved by AWS?

• A. Flood a target with requests.
• B. Use Amazon Inspector.
• C. Perform penetration testing.
• D. Use the AWS Service Health Dashboard.

Answer: B

Explanation:
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity2.

NEW QUESTION 16

Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:

• A. a loosely coupled architecture.
• B. a tightly coupled architecture.
• C. a stateless architecture.
• D. a stateful architecture.

Answer: A

Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled architecture. A loosely coupled architecture is one where the components are independent and can communicate with each other through well-defined interfaces. This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are interdependent and rely on each other for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected Framework

NEW QUESTION 17
......