Which AWS service or feature allows users to securely store encrypted credentials and retrieve these credentials when required?
A. AWS Encryption SDK
B. AWS Security Hub
C. AWS Secrets Manager
D. AWS Artifact
Correct Answer: C
The AWS service that allows users to securely store encrypted credentials and retrieve these credentials when required is AWS Secrets Manager (Option C).
AWS Secrets Manager is a secrets management service that enables the storage and retrieval of secrets such as database credentials, API keys, and other secrets. It stores the secrets securely using encryption and also provides an API to retrieve the secrets when required. The secrets can be rotated automatically, and access to secrets can be managed using AWS Identity and Access Management (IAM) policies.
Question 472:
What is an AWS responsibility under the AWS shared responsibility model?
A. configure the security group rules that determine which ports are open on an Amazon EC2 Linux instance.
B. Ensure the security of the internal network in the AWS data centers.
C. Patch the guest operating system with the latest security patches on Amazon EC2.
D. Turn on server-side encryption for Amazon S3 buckets.
Correct Answer: B
Under the AWS shared responsibility model, an AWS responsibility is to ensure the security of the internal network in the AWS data centers (Option B).
The AWS shared responsibility model defines the security responsibilities between AWS and the customer. AWS is responsible for the security of the underlying infrastructure, including the physical security of the data centers, the security of the network infrastructure, and the security of the hypervisor. The customer is responsible for the security of their applications and data in the cloud.
Question 473:
A company needs to set a maximum spending limit on AWS services each month. The company also needs to set up alerts for when the company reaches its spending limit. Which AWS service or tool should the company use to meet these requirements?
A. Cost Explorer
B. AWS Trusted Advisor
C. Service Quotas
D. AWS Budgets
Correct Answer: D
The AWS service or tool that the company should use to set a maximum spending limit on AWS services each month and set up alerts for when the company reaches its spending limit is AWS Budgets (Option D).
AWS Budgets is a free tool that allows customers to set custom cost and usage budgets that notify them when costs or usage exceed (or are forecasted to exceed) their budgeted amounts. AWS Budgets provides alerts via email and/or SMS when actual or forecasted costs exceed the thresholds set by the customer.
Question 474:
What are characteristics of Availability Zones? (Choose two.)
A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking.
B. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).
C. All traffic between Availability Zones is encrypted.
D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.
E. Every Availability Zone contains a single data center.
Correct Answer: AD
The characteristics of Availability Zones are:
A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking.
D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.
Option A is true. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low- latency networking. This enables customers to design and deploy highly available and fault-tolerant applications across multiple
Availability Zones.
Option D is true. Availability Zones within an AWS Region share redundant power, networking, and connectivity, which increases their availability and fault tolerance.
Question 475:
A company runs business applications in an on-premises data center and in the AWS Cloud. The company needs a shared file system that can be available to both environments. Which AWS service meets these requirements?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon S3
C. Amazon ElastiCache
D. Amazon Elastic File System (Amazon EFS)
Correct Answer: D
The correct answer is D, Amazon Elastic File System (Amazon EFS) provides a simple, scalable, and fully managed shared file system that can be accessed from multiple instances across different availability zones, regions, and VPCs. This makes it ideal for hybrid cloud environments where resources are located in both on-premises data centers and the AWS Cloud.
Question 476:
A company needs to host a highly available application in the AWS Cloud. The application runs infrequently for short periods of time. Which AWS service will meet these requirements with the LEAST amount of operational overhead?
A. Amazon EC2
B. AWS Fargate
C. AWS Lambda
D. Amazon Aurora
Correct Answer: C
C. AWS Lambda is a serverless computing service that runs code in response to events and automatically manages the compute resources required by that code. It is designed to run small pieces of code, such as individual functions, and does not require any infrastructure management from the user. Since the application runs infrequently for short periods of time, AWS Lambda is a good fit as it automatically scales and provisions resources based on the incoming traffic, without the need for the user to manage any infrastructure.
Question 477:
Which AWS service can a company use to rotate, manage, and retrieve database credentials?
A. AWS Certificate Manager (ACM)
B. AWS Secrets Manager
C. Amazon GuardDuty
D. AWS Shield
Correct Answer: B
Answer is B, a company can use AWS Secrets Manager to rotate, manage, and retrieve database credentials
Question 478:
Which AWS service can defend against DDoS attacks?
A. AWS Firewall Manager
B. AWS Shield Standard
C. AWS WAF
D. Amazon Inspector
Correct Answer: B
B. AWS Shield Standard is a free service that is automatically included with all AWS accounts, and it provides protection against common network and transport layer DDoS attacks. AWS Firewall Manager is used to centrally configure and manage firewall rules across multiple accounts and resources, while AWS WAF (Web Application Firewall) is used to protect web applications from common web-based attacks such as SQL injection and cross-site scripting (XSS). Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
Question 479:
A company uses AWS Organizations. The company wants to apply security best practices from the AWS Well-Architected Framework to all of its AWS accounts. Which AWS service will meet these requirements?
A. Amazon Macie
B. Amazon Detective
C. AWS Control Tower
D. AWS Secrets Manager
Correct Answer: C
C. AWS Control Tower is a service that enables you to set up and govern a new, secure, and compliant multi-account environment. It provides a set of preconfigured policies and guardrails that align with the AWS Well-Architected Framework's best practices for security and compliance. By using AWS Control Tower, you can enforce these policies and guardrails across all of your AWS accounts in a consistent and scalable way.
Question 480:
A company needs a history report about how its Amazon EC2 instances were modified last month. Which AWS service can be used to meet this requirement?
A. AWS Service Catalog
B. AWS config
C. Amazon CloudWatch
D. AWS Artifact
Correct Answer: B
B. AWS Config is a fully managed service that provides a detailed history of the configuration of AWS resources in an account. It can track changes and compliance of EC2 instances, as well as other AWS resources, and provides a configuration history report that can be used for auditing, compliance, and troubleshooting purposes. This feature can be used to meet the requirement of the company needing a report of modifications to its EC2 instances.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CLF-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.