Which of the following is an AWS Cloud architecture design principle?
A. Implement single points of failure.
B. Implement loose coupling.
C. Implement monolithic design.
D. Implement vertical scaling.
Correct Answer: B
Loose coupling between services can also be done through asynchronous integration. It involves one component that generates events and another that consumes them. The two components do not integrate through direct point-to-point interaction, but usually through an intermediate durable storage layer. This approach decouples the two components and introduces additional resiliency. So, for example, if a process that is reading messages from the queue fails, messages can still be added to the queue to be processed when the system recovers.
Which AWS service can be used to manually launch instances based on resource requirements?
A. Amazon EBS
B. Amazon S3
C. Amazon EC2
D. Amazon ECS
Correct Answer: C
Question 2053:
A company is migrating an application that is running non-interruptible workloads for a three-year time frame.
Which pricing construct would provide the MOST cost-effective solution?
A. Amazon EC2 Spot Instances
B. Amazon EC2 Dedicated Instances
C. Amazon EC2 On-Demand Instances
D. Amazon EC2 Reserved Instances
Correct Answer: D
Question 2054:
Which AWS service would you use to obtain compliance reports and certificates?
A. AWS Artifact
B. AWS Lambda
C. Amazon Inspector
D. AWS Certificate Manager
Correct Answer: A
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
Reference: https://aws.amazon.com/artifact/
Question 2055:
Under the shared responsibility model, which of the following tasks are the responsibility of the AWS customer? (Choose two.)
A. Ensuring that application data is encrypted at rest
B. Ensuring that AWS NTP servers are set to the correct time
C. Ensuring that users have received security training in the use of AWS services
D. Ensuring that access to data centers is restricted
E. Ensuring that hardware is disposed of properly
Correct Answer: AC
Question 2056:
Which AWS services are defined as global instead of regional? (Choose two.)
What technology enables compute capacity to adjust as loads change?
A. Load balancing
B. Automatic failover
C. Round robin
D. Auto Scaling
Correct Answer: D
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it's easy to setup application scaling for multiple resources across multiple services in minutes. The service provides a simple, powerful user interface that lets you build scaling plans for resources including Amazon EC2 instances and Spot Fleets, Amazon ECS tasks, Amazon DynamoDB tables and indexes, and Amazon Aurora Replicas. AWS Auto Scaling makes scaling simple with recommendations that allow you to optimize performance, costs, or balance between them. If you're already using Amazon EC2 Auto Scaling to dynamically scale your Amazon EC2 instances, you can now combine it with AWS Auto Scaling to scale additional resources for other AWS services. With AWS Auto Scaling, your applications always have the right resources at the right time.
Reference: https://aws.amazon.com/autoscaling/
Question 2058:
How would an AWS customer easily apply common access controls to a large set of users?
A. Apply an IAM policy to an IAM group.
B. Apply an IAM policy to an IAM role.
C. Apply the same IAM policy to all IAM users with access to the same workload.
D. Apply an IAM policy to an Amazon Cognito user pool.
Correct Answer: A
Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to.
Which of the following steps should be taken by a customer when conducting penetration testing on AWS?
A. Conduct penetration testing using Amazon Inspector, and then notify AWS support.
B. Request and wait for approval from the customer's internal security team, and then conduct testing.
C. Notify AWS support, and then conduct testing immediately.
D. Request and wait for approval from AWS support, and then conduct testing.
Correct Answer: B
AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services. Reference: https://aws.amazon.com/security/penetration-testing/
Question 2060:
Which of the following AWS features enables a user to launch a pre-configured Amazon Elastic Compute Cloud (Amazon EC2) instance?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon Machine Image
C. Amazon EC2 Systems Manager
D. Amazon AppStream 2.0
Correct Answer: B
To use Amazon EC2, you simply:
Select a pre-configured, templated Amazon Machine Image (AMI) to get up and running immediately. Or create an AMI containing your applications, libraries, data, and associated configuration settings.
Configure security and network access on your Amazon EC2 instance.
Choose which instance type(s) you want, then start, terminate, and monitor as many instances of your AMI as needed, using the web service APIs or the variety of management tools provided. Determine whether you want to run in multiple
locations, utilize static IP endpoints, or attach persistent block storage to your instances.
Pay only for the resources that you actually consume, like instance-hours or data transfer.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CLF-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.