Amazon Amazon Certifications CLF-C01 Questions & Answers

• Question 881:

  An application running on multiple Amazon EC2 instances pulls messages from a standard Amazon SQS queue. A requirement for the application is that all messages must be encrypted at rest.

  Developers are instructed to use methods that allow tor centralized key management and minimize possible support requirements whenever possible.

  Which of the following solutions supports these requirements?

  A. Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue

  B. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client

  C. Create an SQS queue and encrypt the queue by using server-side encryption with AWS KMS

  D. Create an SQS queue, and encrypt the queue by using client-record encryption

  Correct Answer: C

• Question 882:

  A developer has created a web API that uses Amazon Elastic Container Service (Amazon ECS) and an Application Load Balancer (ALB) An Amazon CloudFront distribution uses the API as an origin for web clients The application has received millions of requests with a JSON Web Token (JWT) that is not valid in the authorization header The developer has scaled out the application to handle the unauthenticated requests.

  What should the developer do to reduce the number of unauthenticated requests to the API?

  A. Add a request routing rule to the ALB to return a 401 status code if the authorization header is missing

  B. Add a container to the ECS task definition to validate JWTs Set the new container as a dependency of the application container

  C. Create a CloudFront function for the distribution Use the crypto module in the function to validate the JWT

  D. Add a custom authorizer for AWS Lambda to the CloudFront distribution to validate the JWT

  Correct Answer: D

• Question 883:

  An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on- premises data center and the encryption is handled by S3. Which type of encryption should be used?

  A. Use server-side encryption with Amazon S3-managed keys

  B. Use server-side encryption with AWS KMS-managed keys

  C. Use client-side encryption with AWS KMS-managed keys

  D. Use server-side encryption with customer-provided keys.

  Correct Answer: D

• Question 884:

  A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment the application has used 1AM access keys. The application is now ready for deployment onto an ECS cluster.

  How should the application authenticate with AWS services in production?

  A. Configure an ECS task 1AM role for the application to use

  B. Refactor the application to call AWS STS AssumeRole based on an instance role

  C. Configure AWS access key/secret access key environment variables with new credentials

  D. Configure the credentials file with a new access key/secret access key

  Correct Answer: A

• Question 885:

  A developer is writing a new AWS Serverless Application Model (AWS SAM) template with a new AWS Lambda function. The Lambda function runs complex code. The developer wants to test the Lambda function with more CPU power. What should the developer do to meet this requirement?

  A. Increase the runtime engine version

  B. Increase the timeout

  C. Increase the number of Lambda layers

  D. Increase the memory.

  Correct Answer: D

• Question 886:

  An application runs on multiple EC2 instances behind an ELB.

  Where is the session data best written so that it can be served reliably across multiple requests?

  A. Write data to Amazon ElastiCache.

  B. Write data to Amazon Elastic Block Store

  C. Write data to Amazon EC2 Instance Store

  D. Write data to the root filesystem

  Correct Answer: A

• Question 887:

  Given the source code for an AWS Lambda function in the local file store, py containing a handler function called get_store and the following AWS CloudFormation template:

  

  What should be done to prepare the template so that it can be deployed using the AWS CLI command aws cloudforroation deploy?

  A. Use aws cloudformacion compile to base64 encode and embed the source file into a modified CloudFormation template.

  B. Use aws cloudformacion package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template

  C. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive

  D. Use aws serveriess create-package to embed the source file directly into the existing CloudFormation template

  Correct Answer: B

• Question 888:

  A developer wants to run a PHP website with an NGINX proxy and package them as Docker containers in one environment. The developer wants a managed environment with automated provisioning and load balancing. The developer cannot change the configuration and must minimize operational overhead.

  How should the developer build the website to meet these requirements?

  A. Create a new application in AWS Elastic Beanstalk that is preconfigured for a multicontamer Docker environment Upload the code, and deploy it to a web server environment.

  B. Deploy the code on Amazon HC? instances in an Auto Scaling group behind an Application I oad Balancer

  C. Construct an AWS Cloud Formation template that launches Amazon EC2 instances Install and configure the PHP code by using cfn helper scripts

  D. Upload the code for the PHP website into an Amazon S3 bucket Host the website from the S3 bucket.

  Correct Answer: A

• Question 889:

  A developer needs to migrate an application from on premises to AWS. The application is written m PHP, uses a MySQL database, and has a small number of users. The application receives a significant load for 1 week each month The developer must minimize the cost of migrating and running the application.

  Which solution will meet these requirements?

  A. Migrate the database to an Amazon Aurora single-instance cluster Deploy the application on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer Set the Auto Scaling group's minimum capacity to 1 Set up an Amazon ElastiCache for Memcached instance for sessions.

  B. Redevelop the application to use serverless capabilities that include AWS Lambda. Aurora Serverless Run the application code by using the standard Lambda PHP runtime environment Migrate the database to Aurora Serverless

  C. Migrate the database to an Amazon Aurora single-instance cluster Deploy the application on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer (ALB) Set the Auto Scaling group's minimum capacity to 1 Enable session affinity (sticky sessions) on the ALB

  D. Migrate the application to an Amazon Aurora two-instance cluster. Deploy the application on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer Set the Auto Scaling group's minimum capacity to 2 Set up an Amazon ElastiCache for Memcached two-instance cluster.

  Correct Answer: C

• Question 890:

  A developer uses a single AWS CloudFormation template to configure the test environment and the production environment for an application The developer handles environment- specific requirements in the CloudFormation template.

  The developer decides to update the Amazon EC2 Auto Scaling launch template with new Amazon Machine Images (AMIs) for each environment The CloudFormation update for the new AMIs is successful in the test environment but the

  update fails in the production environment.

  What are the possible causes of the CloudFormation update failure in the production environment? (Select TWO )

  A. The new AMIs do not fulfill the specified conditions in the CloudFormation template

  B. The service quota for the number of EC2 vCPUs in the AWS Region has been exceeded. .

  C. The security group that is specified in the CloudFormation template does not exist

  D. CloudFormation does not recognize the template change as an update

  E. CloudFormation does not have sufficient 1AM permissions to make the changes

  Correct Answer: AB