Amazon Amazon Certifications CLF-C01 Questions & Answers

• Question 1121:

  A company has a workload that requires data to be collected, analyzed and stored on premises The company wants to extend the use of AWS services to run on premises with access to the company network and the company's VPC.

  Which AWS service meets this requirement?

  A. AWS Outposts

  B. AWS Storage Gateway

  C. AWS Direct Connect

  D. AWS Snowball

  Correct Answer: A

  I would go with AWS outposts for this one as more than storage services are needed. AWS Outposts: Run AWS infrastructure and services on premises for a truly consistent hybrid experience AWS Storage Gateway: Provide on-premises applications with access to virtually unlimited cloud storage

• Question 1122:

  A company wants to use AWS storage services that support data lifecycle management to reduce the cost of storing files that are not accessed frequently.

  Which AWS services meets these requirements? (Select TWO.)

  A. Amazon FSx

  B. Amazon Elastic Block Store (Amazon EBS)

  C. Amazon Elastic File System (Amazon EFS)

  D. Amazon S3

  E. AWS Snowball

  Correct Answer: DE

• Question 1123:

  Which AWS service is a fully hosted version control service?

  A. AWS CodeCommit

  B. AWS CodeBuild

  C. AWS CodeDeploy

  D. AWS CodeStar

  Correct Answer: A

  CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. CodeCommit eliminates the need for you to manage your own source control system or worry about scaling its infrastructure. You can use CodeCommit to store anything from code to binaries. It supports the standard functionality of Git, so it works seamlessly with your existing Git-based tools.

• Question 1124:

  Which AWS service gives users the ability to find, buy, and immediately start using third- party software solutions in their AWS environments?

  A. AWS Config

  B. AWS OpsWorks

  C. AWS Systems Manager

  D. AWS Marketplace

  Correct Answer: D

• Question 1125:

  A company needs to set up a notification that provides an alert when the company's AWS account reaches a present spending limit. Which AWS service or tool can meet this requirement?

  A. AWS Cost and Usage Report

  B. AWS Budgets

  C. Cost Explorer

  D. AWS Trusted Advisor

  Correct Answer: B

• Question 1126:

  A company is using on-premises Microsoft Active Directory federation to manage user identities and groups.

  What AWS Identity and Access Management (IAM) setting maps the permissions for AWS services to the Active Directory user attributes?

  A. IAM users

  B. IAM access keys

  C. IAM roles

  D. IAM groups

  Correct Answer: C

  How to Connect Your On-Premises Active Directory to AWS Using AD Connector Assign users to roles

  Now that AD Connector is configured and you've created a role, your next job is to assign users or groups to those IAM roles. Role mapping is what governs what resources a user has access to within AWS. To do this you'll need to:

  Open the Directory Service console, and click the link to Manage Access.Image of Manage Access link

  Click Create New Role.Image of Create New Role button Click Use Existing Role. Note: If you've already assigned Active Directory users or groups to a role, you will be able to modify their membership by clicking the link for the role in the

  Directory Service console.Select a role Select a role from the list, and then click Next Step.Image of selecting a role from the list Type the name of an Active Directory user or group in the search field.

  Click Next Step.

  Click Create Role Assignments.

  

  Image of reviewing user or group with corresponding Id When you're finished you should see the name of the user or group along with the corresponding Id for that object, as shown in the previous image. The next time the user signs in to the AWS Management Console from the custom sign-in page, they will be signed in under the EC2ReadOnly security role.

  

  Image of EC2ReadOnly security role

  Seamlessly join an instance to an Active Directory domain Another advantage to using AD Connector is the ability to seamlessly join Windows (EC2) instances to your Active Directory domain. You may have read about this feature in the

  AWS Blog earlier this year. It's what allows you to join a Windows Server to the domain while the instance is being provisioned instead of using a script or doing it manually. This section of this blog post will explain the steps necessary to

  enable this feature in your environment and how the service works.

  Step 1: Create a role

  Until recently you had to manually create an IAM policy to allow an EC2 instance to access the SSM, an AWS service that allows you to configure Windows instances while they're running and on first launch. Now, there's a managed policy

  called AmazonEC2RoleforSSM that you can use instead. The role you are about to create will be assigned to an EC2 instance when it's provisioned, which will grant it permission to access the SSM service.

  To create the role:

  Open the IAM console.

  Click Roles in the navigation pane.

  Click Create Role.

  Type a name for your role in the Role Name field. Under AWS Service Roles, select Amazon EC2 and then click Select. On the Attach Policy page, select AmazonEC2RoleforSSM and then click Next Step.

  On the Review page, click Create Role.

• Question 1127:

  A company wants to integrate its online shopping website with social media login credentials Which AWS service can the company use to make this integration?

  A. AWS Directory Service

  B. AWS Identity and Access Management (IAM)

  C. Amazon Cognito

  D. AWS Single Sign-On

  Correct Answer: C

• Question 1128:

  A company is building a web application and needs to test the application across different mobile devices and desktop browsers Which AWS service should the company use for this testing?

  A. AWS Amplify

  B. AWS AppSync

  C. Amazon Pinpoint

  D. AWS Device Farm

  Correct Answer: D

• Question 1129:

  A developer needs to access AWS resources from the AWS CLI.

  Which feature in AWS Identity and Access Management (IAM) can the developer use for authentication?

  A. IAM access keys

  B. IAM policy

  C. IAM role

  D. Account password policy

  Correct Answer: A

• Question 1130:

  Which AWS services or features enable a user to establish a network connection from on premises to the AWS Cloud? (Select TWO.)

  A. AWS Direct Connect

  B. AWS Snowball

  C. Amazon S3

  D. VPN connection

  E. Amazon Connect

  Correct Answer: AD