Amazon Amazon Certifications CLF-C01 Questions & Answers

• Question 1971:

  What is a responsibility of AWS in the shared responsibility model?

  A. Updating the network ACLs to block traffic to vulnerable ports.

  B. Patching operating systems running on Amazon EC2 instances.

  C. Updating the firmware on the underlying EC2 hosts.

  D. Updating the security group rules to block traffic to the vulnerable ports.

  Correct Answer: C

  Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

• Question 1972:

  Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode?

  A. Implement loose coupling.

  B. Design for failure.

  C. Automate everything that can be automated.

  D. Use services, not servers.

  Correct Answer: B

  Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.

  Reference: https://aws.amazon.com/rds/details/multi-az/

• Question 1973:

  Which AWS hybrid storage service enables your on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols?

  A. AWS Direct Connect

  B. AWS Snowball

  C. AWS Storage Gateway

  D. AWS Snowball Edge

  Correct Answer: C

  The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon's block and object cloud storage services through industry standard storage protocols. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage.

  Reference: https://aws.amazon.com/storagegateway/faqs/

• Question 1974:

  Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? (Choose two.)

  A. Visualization management

  B. Hardware management

  C. Encryption management

  D. Facilities management

  E. Firewall management

  Correct Answer: CE

  With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system,

  network, and firewall configuration, followed by application security and identity and access management.

  Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and

  implementing.

  Reference: https://cloudacademy.com/blog/aws-shared-responsibility-model-security/

• Question 1975:

  Which managed AWS service provides real-time guidance on AWS security best practices?

  A. AWS X-Ray

  B. AWS Trusted Advisor

  C. Amazon CloudWatch

  D. AWS Systems Manager

  Correct Answer: B

  AWS offers premium services such as AWS Trusted Advisor, which provides real-time guidance to help you reduce cost, increase performance, and improve security. Reference: https://www.ibm.com/downloads/cas/2N40X4PQ

• Question 1976:

  Which feature adds elasticity to Amazon EC2 instances to handle the changing demand for workloads?

  A. Resource groups

  B. Lifecycle policies

  C. Application Load Balancer

  D. Amazon EC2 Auto Scaling

  Correct Answer: D

  Support for monitoring the health of each service independently, as health checks are defined at the target group level and many CloudWatch metrics are reported at the target group level. Attaching a target group to an Auto Scaling group enables you to scale each service dynamically based on demand.

  Reference: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html

• Question 1977:

  Under the AWS shared responsibility model, customer responsibilities include which one of the following?

  A. Securing the hardware, software, facilities, and networks that run all products and services.

  B. Providing certificates, reports, and other documentation directly to AWS customers under NDA.

  C. Configuring the operating system, network, and firewall.

  D. Obtaining industry certifications and independent third-party attestations.

  Correct Answer: C

  Reference: https://aws.amazon.com/compliance/shared-responsibility-model/

• Question 1978:

  Which methods can be used to identify AWS costs by departments? (Choose two.)

  A. Enable multi-factor authentication for the AWS account root user.

  B. Create separate accounts for each department.

  C. Use Reserved Instances whenever possible.

  D. Use tags to associate each instance with a particular department.

  E. Pay bills using purchase orders.

  Correct Answer: BE

  Tags are key-value pairs that allow you to organize your AWS resources into groups. You can use tags to:

  Visualize information about tagged resources in one place, in conjunction with Resource Groups.

  View billing information using Cost Explorer and the AWS Cost and Usage report.

  Send notifications about spending limits using AWS Budgets.

  Use logical groupings of your resources that make sense for your infrastructure or business. For example, you could organize your resources by:

  Project

  Cost center

  Development environment

  Application

  Department

  Reference: https://aws.amazon.com/premiumsupport/knowledge-center/tags-billing-cost-center-project/

• Question 1979:

  What feature of Amazon RDS helps to create globally redundant databases?

  A. Snapshots

  B. Automatic patching and updating

  C. Cross-Region read replicas

  D. Provisioned IOPS

  Correct Answer: A

  Reference: https://docs.amazonaws.cn/en_us/AmazonRDS/latest/UserGuide/rds-ug.pdf

• Question 1980:

  Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:

  A. restricted access.

  B. as-needed access.

  C. least privilege access.

  D. token access.

  Correct Answer: C

  When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks. Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html