Amazon CLF-C01 Online Practice
Questions and Exam Preparation
CLF-C01 Exam Details
Exam Code
:CLF-C01
Exam Name
:AWS Certified Cloud Practitioner (CLF-C01)
Certification
:Amazon Certifications
Vendor
:Amazon
Total Questions
:2149 Q&As
Last Updated
:Jun 01, 2026
Amazon CLF-C01 Online Questions &
Answers
Question 1601:
When AWS tool acts as a firewall to control traffic in and out of subnets within a VPC?
A. Security group B. Route table C. VPC endpoint D. Network access control list (ACL)
D. Network access control list (ACL)
Question 1602:
An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on- premises data center and the encryption is handled by S3. Which type of encryption should be used?
A. Use server-side encryption with Amazon S3-managed keys B. Use server-side encryption with AWS KMS-managed keys C. Use client-side encryption with AWS KMS-managed keys D. Use server-side encryption with customer-provided keys.
D. Use server-side encryption with customer-provided keys.
Question 1603:
Which AWS services should be used for read/write of constantly changing data? (Choose two.)
A. Amazon Glacier B. Amazon RDS C. AWS Snowball D. Amazon Redshift E. Amazon EFS
A. Amazon Glacier B. Amazon RDS
Question 1604:
A company wants to automatically set up and govern a multi-account AWS environment.
Which AWS service provides this functionality?
A. AWS IAM Identity Center (AWS Single Sign-On) B. AWS Systems Manager C. AWS Config D. AWS Control Tower
D. AWS Control Tower
Question 1605:
A company must archive Amazon S3 data that the company's business units no longer need to access. Which S3 storage class will meet this requirement MOST cost-effectively?
A. S3 Glacier Instant Retrieval B. S3 Glacier Flexible Retrieval C. S3 Glacier Deep Archive D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
C. S3 Glacier Deep Archive
Explanation/Reference:
S3 Glacier Flexible Retrieval (Formerly S3 Glacier)***- For long-term backups and archives with retrieval option from 1 minute to 12 hours All Storage / Month $0.0036 per GB S3 Glacier Deep Archive***- For long-term data archiving that is accessed once or twice in a year and can be restored within 12 hours All Storage / Month $0.00099 per GB
Question 1606:
Which of the following allows users to provision a dedicated network connection from their internal network to AWS?
A. AWS CloudHSM B. AWS Direct Connect C. AWS VPN D. Amazon Connect
B. AWS Direct Connect
Explanation/Reference:
AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs.
Reference: https://aws.amazon.com/directconnect/
Question 1607:
A user needs a dedicated private connection between a colocation facility and a VPC. Which AWS service or feature should the user choose?
A. AWS VPN B. AWS PrivateLink C. AWS Direct Connect D. AWS Client VPN
C. AWS Direct Connect
Explanation/Reference:
The AWS service or feature that a user should choose for a dedicated private connection between a colocation facility and a VPC is C. AWS Direct Connect.
AWS Direct Connect is a service that provides dedicated, private network connections from an on- premises environment to AWS. It allows the user to establish a dedicated network connection from their premises to AWS, which can help to reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections.
Question 1608:
Which AWS service provides users with recommendations for improving the quality of an application's code, and identifies the most expensive lines of code?
A. AWS CodeBuild B. AWS CodeStar C. Amazon CodeGuru D. AWS CodeDeploy
C. Amazon CodeGuru
Explanation/Reference:
Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identifying an application's most expensive lines of code.
Question 1609:
A company provides a web-based ecommerce service that runs in two Availability Zones within a single AWS Region. The web service distributes content that is stored in the Amazon S3 Standard storage class. The company wants to improve the web service's performance globally.
What should the company do to meet this requirement?
A. Change the S3 storage class to S3 Intelligent-Tiering. B. Deploy an Amazon CloudFront distribution to cache web server content in edge locations. C. Use Amazon API Gateway for the web service D. Migrate the website ecommerce servers to Amazon EC2 with enhanced networking.
B. Deploy an Amazon CloudFront distribution to cache web server content in edge locations.
Question 1610:
Which type of AWS infrastructure deployment puts AWS compute, storage database, and other select services closer to end users to run latency-sensitive applications?
A. AWS Regions B. Availability Zones C. Local Zones D. Edge locations
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Amazon exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your CLF-C01 exam preparations
and Amazon certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.