Which AWS service or feature can simplify the management of hundreds of VPC connections across AWS Regions worldwide?
A. AWS Transit Gateway
B. Amazon Connect
C. Security groups
D. VPC peering
A cloud practitioner wants information on the state of an existing AWS environment compared against established best practices.
Which AWS services or features should the cloud practitioner use to obtain this information? (Choose two.)
A. AWS Artifact
B. AWS Solutions Library
C. AWS Trusted Advisor
D. AWS Well-Architected Tool
E. AWS Personal Health Dashboard
Which task is shared between AWS and the customer, according to the AWS shared responsibility model?
A. Physical and environmental controls
B. Server hardware management and encryption
C. Application security
D. Patch management and configuration management
What is an example of a decoupled, scalable, cloud-based application?
A. A mail and log application that runs on a single Amazon EC2 instance
B. A webpage that is hosted on Amazon S3 and uses AWS Lambda to update an Amazon DynamoDB database
C. An Application Load Balancer, web server, and database server that support a monolithic application
D. A legacy database server that is running on the maximum instance size supported by its license
A company needs to securely store important credentials that an application uses to connect users to a database.
Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?
A. AWS Key Management Service (AWS KMS)
B. AWS Config
C. AWS Secrets Manager
D. Amazon GuardDuty
A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read- heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries. How can this objective be met?
A. Add database retries to effectively use RDS with vertical scaling
B. Use RDS with multi-AZ deployment
C. Add a connection string to use an RDS read replica for read queries.
D. Add a connection string to use a read replica on an EC2 instance
A developer needs to deploy an application running on AWS Fargate using Amazon ECS The application has environment variables that must be passed to a container for the application to initialize How should the environment variables be passed to the container?
A. Define an array that includes the environment variables under the environment parameter within the service definition
B. Define an array that includes the environment variables under the environment parameter within the task definition
C. Define an array that includes the environment variables under the entryPoint parameter within the task definition
D. Define an array that includes the environment variables under the entryPoint parameter within the service definition.
A developer needs to create an application that supports Security Assertion Markup Language (SAML) and authentication with social media providers. It must also allow access to AWS services such as Amazon DynamoDB. Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?
A. AWS AppSync
B. Amazon Cognito identrtv pools
C. Amazon Cognito user pools
D. Amazon Lambda@Edge
A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25.000 users and is growing. Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Select TWO.)
A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.
B. Use S3 bucket policies to restrict read access to specific IAM users
C. Use Amazon Cognito to provide access using authenticated and unauthenticated roles
D. Create a new 1AM user for each user and grant read access
E. Use the AWS 1AM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.
A developer needs to use the AWS CLI on an on-premises development server temporarily to access AWS services while performing maintenance. The developer needs to authenticate to AWS with their identity for several hours. What is the MOST secure way to call AWS CLI commands with the developer's IAM identity?
A. Specify the developer's IAM access key ID and secret access key as parameters for each CLI command
B. Run the aws configure CLI command Provide the developer's IAM access key ID and secret access key
C. Specify the developer's IAM profile as a parameter for each CLI command
D. Run the get-session-token CLI command with the developer's IAM user. Use the returned credentials to call the CLI
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CLF-C01 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.