AWS Certified Cloud Practitioner CLF-C01 Exam Question 261-300


Question 1. Under the AWS shared responsibility model, AWS is responsible for which security-related task?

A. Lifecycle management of IAM credentials
B. Physical security of global infrastructure
C. Encryption of Amazon EBS volumes
D. Firewall configuration

Question 2. Which AWS service enables users to consolidate billing across multiple accounts?

A. Amazon QuickSight
B. AWS Organizations
C. AWS Budgets
D. Amazon Forecast

Question 3. Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud?

A. Managing edge locations
B. Physical security
C. Firewall configuration
D. Global infrastructure

Question 4. How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS?

A. AWS Senior Support Engineers
B. AWS Technical Account Managers
C. AWS Trusted Advisor
D. AWS Discussion Forums

Question 5. Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

A. Multiple Availability Zones
B. Performance efficiency
C. Security
D. Encryption usage
E. High availability

Question 6. After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount?

A. No upfront payment
B. Hourly on-demand payment
C. Partial upfront payment
D. All upfront payment

Question 7. What is an advantage of deploying an application across multiple Availability Zones?

A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS Region.
B. The application will have higher availability because it can withstand a service disruption in one Availability Zone.
C. There will be better coverage as Availability Zones are geographically distant and can serve a wider area.
D. There will be decreased application latency that will improve the user experience.

Question 8. A Cloud Practitioner is asked how to estimate the cost of using a new application on AWS. What is the MOST appropriate response?

A. Inform the user that AWS pricing allows for on-demand pricing.
B. Direct the user to the AWS Simple Monthly Calculator for an estimate.
C. Use Amazon QuickSight to analyze current spending on-premises.
D. Use Amazon AppStream 2.0 for real-time pricing analytics.

Question 9. A company wants to migrate its applications to a VPC on AWS. These applications will need to access on-premises resources.
What combination of actions will enable the company to accomplish this goal? (Choose two.)

A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated.
B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC.
C. Use Amazon Athena to query data from the on-premises database servers.
D. Connect the company’s on-premises data center to AWS using AWS Direct Connect.
E. Leverage Amazon CloudFront to restrict access to static web content provided through the company’s on-premises web servers.

Question 10. A web application running on AWS has been spammed with malicious requests from a recurring set of IP addresses. Which AWS service can help secure the application and block the malicious traffic?

B. Amazon GuardDuty
C. Amazon Simple Notification Service (Amazon SNS)

Question 11. Treating infrastructure as code in the AWS Cloud allows users to:

A. automate migration of on-premises hardware to AWS data centers.
B. let a third party automate an audit of the AWS infrastructure.
C. turn over application code to AWS so it can run on the AWS infrastructure.
D. automate the infrastructure provisioning process.

Question 12. A company requires a dedicated network connection between its on-premises servers and the AWS Cloud. Which AWS service should be used?

B. AWS Direct Connect
C. Amazon API Gateway
D. Amazon Connect

Question 13. Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL?

A. AWS Glue
B. AWS Data Pipeline
C. Amazon CloudSearch
D. Amazon Athena

Question 14. AWS CloudFormation is designed to help the user:

A. model and provision resources.
B. update application code.
C. set up data lakes.
D. create reports for billing.

Question 15. A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports. What is the SIMPLEST way to do this?

A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port
B. Run AWS Trusted Advisor and review the findings.
C. Open the AWS IAM console and check the inbound rule filters for open access.
D. In AWS Config, create a custom rule that invokes an AWS Lambda function to review rules for inbound access.

Question 16. What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Choose two.)

A. AWS automatically distributes the data globally for higher durability.
B. AWS will take care of operating the application.
C. AWS makes it easy to architect for high availability.
D. AWS can easily accommodate application demand changes.
E. AWS takes care application security patching.

Question 17. A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report?

A. EC2 security groups
B. AWS Config
C. Amazon Macie
D. Amazon Inspector

Question 18. How can a company isolate the costs of production and non-production workloads on AWS?

A. Create Identity and Access Management (IAM) roles for production and non-production workloads.
B. Use different accounts for production and non-production expenses.
C. Use Amazon EC2 for non-production workloads and other services for production workloads.
D. Use Amazon CloudWatch to monitor the use of services.

Question 19. Where can users find a catalog of AWS-recognized providers of third-party security solutions?

A. AWS Service Catalog
B. AWS Marketplace
C. AWS Quick Start
D. AWS CodeDeploy

Question 20. A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements. Which AWS service will meet this requirement at the LOWEST cost?

A. Amazon S3
B. AWS Snowball
C. Amazon Redshift
D. Amazon S3 Glacier

Question 21. What are the immediate benefits of using the AWS Cloud? (Choose two.)

A. Increased IT staff.
B. Capital expenses are replaced with variable expenses.
C. User control of infrastructure.
D. Increased agility.
E. AWS holds responsibility for security in the cloud.

Question 22. Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?

A. Amazon GuardDuty
B. Amazon Macie
C. Amazon Inspector
D. AWS Shield

Question 23. What is the purpose of AWS Storage Gateway?

A. It ensures on-premises data storage is 99.999999999% durable.
B. It transports petabytes of data to and from AWS.
C. It connects to multiple Amazon EC2 instances.
D. It connects on-premises data storage to the AWS Cloud.

Question 24. What should users do if they want to install an application in geographically isolated locations?

A. Install the application using multiple internet gateways.
B. Deploy the application to an Amazon VPC.
C. Deploy the application to multiple AWS Regions.
D. Configure the application using multiple NAT gateways.

Question 25. A system in the AWS Cloud is designed to withstand the failure of one or more components. What is this an example of?

A. Elasticity
B. High Availability
C. Scalability
D. Agility

Question 26. A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system. Which AWS service can fulfill this requirement?

A. AWS Direct Connect
C. Amazon Connect
D. AWS Data Pipeline

Question 27. Within the AWS shared responsibility model, who is responsible for security and compliance?

A. The customer is responsible.
B. AWS is responsible.
C. AWS and the customer share responsibility.
D. AWS shares responsibility with the relevant governing body.

Question 28. To use the AWS CLI, users are required to generate:

A. a password policy.
B. an access/secret key.
C. a managed policy.
D. an API key.

Question 29. Which AWS service is used to provide encryption for Amazon EBS?

A. AWS Certificate Manager
B. AWS Systems Manager
D. AWS Config

Question 30. How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Choose two.)

A. By the time it takes for the Lambda function to execute.
B. By the number of versions of a specific Lambda function.
C. By the number of requests made for a given Lambda function.
D. By the programming language that is used for the Lambda function.
E. By the total number of Lambda functions in an AWS account.

Question 31. Which of the following describes the relationships among AWS Regions, Availability Zones, and edge locations? (Choose two.)

A. There are more AWS Regions than Availability Zones.
B. There are more edge locations than AWS Regions.
C. An edge location is an Availability Zone.
D. There are more AWS Regions than edge locations.
E. There are more Availability Zones than AWS Regions.

Question 32. What does AWS Shield Standard provide?

A. WAF rules
B. DDoS protection
C. Identity and Access Management (IAM) permissions and access to resources
D. Data encryption

Question 33. A company wants to build its new application workloads in the AWS Cloud instead of using on-premises resources. What expense can be reduced using the AWS Cloud?

A. The cost of writing custom-built Java or Node .js code
B. Penetration testing for security
C. hardware required to support new applications
D. Writing specific test cases for third-party applications.

Question 34. What does AWS Marketplace allow users to do? (Choose two.)

A. Sell unused Amazon EC2 Spot Instances.
B. Sell solutions to other AWS users.
C. Buy third-party software that runs on AWS.
D. Purchase AWS security and compliance documents.
E. Order AWS Snowball.

Question 35. What does it mean if a user deploys a hybrid cloud architecture on AWS?

A. All resources run using on-premises infrastructure.
B. Some resources run on-premises and some run in a location center.
C. All resources run in the AWS Cloud.
D. Some resources run on-premises and some run in the AWS Cloud.

Question 36. Which AWS service allows users to identify the changes made to a resource over time?

A. Amazon Inspector
B. AWS Config
C. AWS Service Catalog

Question 37. How can a company reduce its Total Cost of Ownership (TCO) using AWS?

A. By minimizing large capital expenditures
B. By having no responsibility for third-party license costs
C. By having no operational expenditures
D. By having AWS manage applications

Question 38. Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?

A. Ensuring network connectivity from AWS to the internet
B. Patching and fixing flaws within the AWS Cloud infrastructure
C. Ensuring the physical security of cloud data centers
D. Ensuring Amazon EBS volumes are backed up

Question 39. What are the advantages of the AWS Cloud? (Choose two.)

A. Fixed rate monthly cost
B. No need to guess capacity requirements
C. Increased speed to market
D. Increased upfront capital expenditure
E. Physical access to cloud data centers

Question 40. When comparing the total cost of ownership (TCO) of an on-premises infrastructure to a cloud architecture, what costs should be considered? (Choose two.)

A. The credit card processing fees for application transactions in the cloud.
B. The cost of purchasing and installing server hardware in the on-premises data.
C. The cost of administering the infrastructure, including operating system and software installations, patches, backups, and recovering from failures.
D. The costs of third-party penetration testing.
E. The advertising costs associated with an ongoing enterprise-wide campaign.