Amazon CLF-C01 Online Practice Questions and Exam Preparation

Amazon CLF-C01 Online Questions & Answers

• Question 1391:

  Which AWS service provides managed DDoS protection?

  A. AWS Firewall Manager
  B. AWS Shield
  C. Amazon GuardDuty
  D. Amazon Inspector
  B. AWS Shield

• Question 1392:

  Which AWS service or tool should a company use to forecast AWS spending?

  A. Amazon DevPay
  B. AWS Organizations
  C. AWS Trusted Advisor
  D. Cost Explorer
  D. Cost Explorer

  ---

  Explanation/Reference:

  To forecast AWS spending, a company should use AWS Cost Explorer. Therefore, option D is the correct answer.

  AWS Cost Explorer is a tool that allows customers to visualize and forecast their AWS spending based on their usage patterns. It provides a set of predefined reports and dashboards that help customers analyze their costs and usage across different AWS services. Cost Explorer also allows customers to create custom reports and set up cost alerts to notify them when their spending exceeds a certain threshold. Overall, it is a powerful tool for managing and optimizing AWS costs.

• Question 1393:

  A company is building a new application on AWS. The company needs the application to remain available if an individual application component fails. Which design principle should the company use to meet this requirement?

  A. Disposable resources
  B. Automation
  C. Rightsizing
  D. Loose coupling
  D. Loose coupling

  ---

  Explanation/Reference:

  D. Loose coupling is the design principle that should be used to meet the requirement of the application remaining available if an individual application component fails.

• Question 1394:

  A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket. What is the MOST secure way to give the application the ability to write files to the S3 bucket?

  A. Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user authentication within the client-side application
  B. Create a new IAM policy and a corresponding 1AM user with permissions to write to the S3 bucket Store the key and the secret for the user in the application code Use the key to authenticate the video uploads
  C. Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL
  D. Generate a new 1AM key and a corresponding secret by using the AWS account root user credentials Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads
  B. Create a new IAM policy and a corresponding 1AM user with permissions to write to the S3 bucket Store the key and the secret for the user in the application code Use the key to authenticate the video uploads

• Question 1395:

  A static website is hosted in an Amazon S3 bucket Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket These images are not displayed when users browse the site. What is the possible cause for the issue?

  A. The referenced Amazon S3 bucket is in another region
  B. The images must be stored in the same Amazon S3 bucket
  C. Port 80 must be opened on the security group in which the Amazon S3 bucket is located
  D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket
  D. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket

• Question 1396:

  A company requires an isolated environment within AWS for security purposes. Which action can be taken to accomplish this?

  A. Create a separate Availability Zone to host the resources.
  B. Create a separate VPC to host the resources.
  C. Create a placement group to host the resources.
  D. Create an AWS Direct Connect connection between the company and AWS.
  B. Create a separate VPC to host the resources.

  ---

  Explanation/Reference:

  Network isolation A virtual private cloud (VPC) is a virtual network in your own logically isolated area in the AWS Cloud. Use separate VPCs to isolate infrastructure by workload or organizational entity. A subnet is a range of IP addresses in a VPC. When you launch an instance, you launch it into a subnet in your VPC. Use subnets to isolate the tiers of your application (for example, web, application, and database) within a single VPC. Use private subnets for your instances if they should not be accessed directly from the internet. To call the Amazon EC2 API from your VPC without sending traffic over the public internet, use AWS PrivateLink.

  Reference: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/infrastructure-security.html

• Question 1397:

  In which scenario should Amazon EC2 Spot Instances be used?

  A. A company wants to move its main website to AWS from an on-premises web server.
  B. A company has a number of application services whose Service Level Agreement (SLA) requires 99.999% uptime.
  C. A company's heavily used legacy database is currently running on-premises.
  D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances.
  D. A company has a number of infrequent, interruptible jobs that are currently using On-Demand Instances.

  ---

  Explanation/Reference:

  Reference: https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-leveraging-ec2-spot-instances/spot-instance-interruptions.html

• Question 1398:

  How can a company isolate the costs of production and non-production workloads on AWS?

  A. Create Identity and Access Management (IAM) roles for production and non-production workloads.
  B. Use different accounts for production and non-production expenses.
  C. Use Amazon EC2 for non-production workloads and other services for production workloads.
  D. Use Amazon CloudWatch to monitor the use of services.
  B. Use different accounts for production and non-production expenses.

  ---

  Explanation/Reference:

  Reference: https://aws.amazon.com/answers/account-management/aws-multi-account-billing-strategy/

• Question 1399:

  A developer has been hired by a large company and needs AWS credentials. Which are security best practices that should be followed? (Choose two.)

  A. Grant the developer access to only the AWS resources needed to perform the job.
  B. Share the AWS account root user credentials with the developer.
  C. Add the developer to the administrator's group in AWS IAM.
  D. Configure a password policy that ensures the developer's password cannot be changed.
  E. Ensure the account password policy requires a minimum length.
  A. Grant the developer access to only the AWS resources needed to perform the job.
  E. Ensure the account password policy requires a minimum length.

• Question 1400:

  Which AWS service monitors CPU utilization on Amazon EC2 instances?

  A. AWS CloudTrail
  B. Amazon Inspector
  C. AWS config
  D. Amazon CloudWatch
  D. Amazon CloudWatch

  ---

  Explanation/Reference:

  AWS CloudTrail-monitors and records account activity Amazon Inspector-vulnerability management AWS Config-assess, audit, and evaluate the configurations and relationships of your resources. Amazon CloudWatch-CPU