AWS Certified Cloud Practitioner Part 3

AWS Certified Cloud Practitioner Practice Exam Part 3

AWS Certified Cloud Practitioner Part 3

This part include 100% real AWS Certified Cloud Practitioner (CLF-C01) Exam Questions version 2021. It’s free for all and we highly recommend you should use this for your exam preparation.

For PDF Format:
Part 1: https://www.awslagi.com/aws-certified-cloud-practitioner/
Part 2: https://www.awslagi.com/aws-certified-cloud-practitioner-p2/
Part 3: https://www.awslagi.com/aws-certified-cloud-practitioner-p3/
Part 4: https://www.awslagi.com/aws-certified-cloud-practitioner-p4/

1. How can a company separate costs for network traffic, Amazon EC2, Amazon S3, and other AWS services by department?

A. Add department-specific tags to each resource
B. Create a separate VPC for each department
C. Create a separate AWS account for each department
D. Use AWS Organizations

Answer: C

2. What is a benefit of consolidated billing for AWS accounts?

A. Access to AWS Personal Health Dashboard
B. Combined usage volume discounts
C. Improved account security
D. Centralized AWS IAM

Answer: B

3. Which AWS service will allow a user to set custom cost and usage limits, and will alert when the thresholds are exceeded?

A. AWS Organizations
B. AWS Budgets
C. Cost Explorer
D. AWS Trusted Advisor

Answer: B

4. Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?

A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Shield

Answer: C

5. Which tool can be used to monitor AWS service limits?

A. AWS Total Cost of Ownership (TCO) Calculator
B. AWS Trusted Advisor
C. AWS Personal Health Dashboard
D. AWS Cost and Usage report

Answer: B

6. A company has distributed its workload on both the AWS Cloud and some on-premises servers. What type of architecture is this?

A. Virtual private network
B. Virtual private cloud
C. Hybrid cloud
D. Private cloud

Answer: C

7. Which of the following describes a security best practice that can be implemented using AWS IAM?

A. Disable AWS Management Console access for all users
B. Generate secret keys for every IAM user
C. Grant permissions to users who are required to perform a given task only
D. Store AWS credentials within Amazon EC2 instances

Answer: C

8. What can be used to automate and manage secure, well-architected, multi-account AWS environments?

A. AWS shared responsibility model
B. AWS Control Tower
C. AWS Security Hub
D. AWS Well-Architected Tool

Answer: B

9. Which AWS service or feature allows a user to easily scale connectivity among thousands of VPCs?

A. VPC peering
B. AWS Transit Gateway
C. AWS Direct Connect
D. AWS Global Accelerator

Answer: B

10. A company needs protection from expanded distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events. Which AWS managed service will meet these requirements?

A. AWS Shield Advanced
B. AWS Firewall Manager
C. AWS WAF
D. Amazon GuardDuty

Answer: A

11. Which AWS service or feature helps restrict the AWS services, resources, and individual API actions the users and roles in each member account can access?

A. Amazon Cognito
B. AWS Organizations
C. AWS Shield
D. AWS Firewall Manager

Answer: B

12. What is the best resource for a user to find compliance-related information and reports about AWS?

A. AWS Artifact
B. AWS Marketplace
C. Amazon Inspector
D. AWS Support

Answer: A

13. Which Amazon S3 storage class is optimized to provide access to data with lower resiliency requirements, but rapid access when needed such as duplicate backups?

A. Amazon S3 Standard
B. Amazon S3 Glacier Deep Archive
C. Amazon S3 One Zone-Infrequent Access
D. Amazon S3 Glacier

Answer: C

14. What is an Availability Zone in AWS?

A. One or more physical data centers
B. A completely isolated geographic location
C. One or more edge locations based around the world
D. A data center location with a single source of power and networking

Answer: A

15. Which AWS services can be used as infrastructure automation tools? (Choose two.)

A. AWS CloudFormation
B. Amazon CloudFront
C. AWS Batch
D. AWS OpsWorks
E. Amazon QuickSight

Answer: A D

16. Which AWS service enables users to create copies of resources across AWS Regions?

A. Amazon ElastiCache
B. AWS CloudFormation
C. AWS CloudTrail
D. AWS Systems Manager

Answer: B

17. A user would like to encrypt data that is received, stored, and managed by AWS CloudTrail. Which AWS service will provide this capability?

A. AWS Secrets Manager
B. AWS Systems Manager
C. AWS Key Management Service (AWS KMS)
D. AWS Certificate Manager

Answer: C

18. Which AWS Cloud benefit eliminates the need for users to try estimating future infrastructure usage?

A. Easy and fast deployment of applications in multiple Regions around the world
B. Security of the AWS Cloud
C. Elasticity of the AWS Cloud
D. Lower variable costs due to massive economies of scale

Answer: C

19. What credential components are required to gain programmatic access to an AWS account? (Choose two.)

A. An access key ID
B. A primary key
C. A secret access key
D. A user ID
E. A secondary key

Answer: A C

20. Which of the following are AWS compute services? (Select two.)

A. Amazon Lightsail
B. AWS Systems Manager
C. AWS CloudFormation
D. AWS Batch
E. Amazon Inspector

Answer: A D

21. What is the MINIMUM AWS Support plan level that will provide users with access to the AWS Support API?

A. Developer
B. Enterprise
C. Business
D. Basic

Answer: C

22. A company has deployed several relational databases on Amazon EC2 instances. Every month, the database software vendor releases new security patches that need to be applied to the databases. What is the MOST efficient way to apply the security patches?

A. Connect to each database instance on a monthly basis, and download and apply the necessary security patches from the vendor.
B. Enable automatic patching for the instances using the Amazon RDS console.
C. In AWS Config, configure a rule for the instances and the required patch level.
D. Use AWS Systems Manager to automate database patching according to a schedule.

Answer: D

23. A company wants to use Amazon Elastic Compute Cloud (Amazon EC2) to deploy a global commercial application. The deployment solution should be built with the highest redundancy and fault tolerance. Based on this situation, the Amazon EC2 instances should be deployed:

A. in a single Availability Zone in one AWS Region
B. with multiple Elastic Network Interfaces belonging to different subnets
C. across multiple Availability Zones in one AWS Region
D. across multiple Availability Zones in two AWS Regions

Answer: D

24. A company has an application with users in both Australia and Brazil. All the company infrastructure is currently provisioned in the Asia Pacific (Sydney) Region in Australia, and Brazilian users are experiencing high latency. What should the company do to reduce latency?

A. Implement AWS Direct Connect for users in Brazil
B. Provision resources in the South America (Sao Paulo) Region in Brazil
C. Use AWS Transit Gateway to quickly route users from Brazil to the application
D. Launch additional Amazon EC2 instances in Sydney to handle the demand

Answer: B

25. An Amazon EC2 instance runs only when needed yet must remain active for the duration of the process. What is the most appropriate purchasing option?

A. Dedicated Instances
B. Spot Instances
C. On-Demand Instances
D. Reserved Instances

Answer: C

26. Which AWS dashboard displays relevant and timely information to help users manage events in progress, and provides proactive notifications to help plan for scheduled activities?

A. AWS Service Health Dashboard
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor dashboard
D. Amazon CloudWatch dashboard

Answer: B

27. Which AWS hybrid storage service enables a user’s on-premises applications to seamlessly use AWS Cloud storage?

A. AWS Backup
B. Amazon Connect
C. AWS Direct Connect
D. AWS Storage Gateway

Answer: D

28. Which of the following acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more instances?

A. Access keys
B. Virtual private gateways
C. Security groups
D. Access Control Lists (ACL)

Answer: C

29. What is the most efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS Regions?

A. Use AWS Direct Connect
B. Use AWS VPN
C. Use AWS Client VPN
D. Use an AWS Transit Gateway

Answer: D

30. Which AWS Support plan provides access to architectural and operational reviews, as well as 24/7 access to Senior Cloud Support Engineers through email, online chat, and phone?

A. Basic
B. Business
C. Developer
D. Enterprise

Answer: D

31. Which of the AWS global infrastructure is used to cache copies of content for faster delivery to users across the globe?

A. AWS Regions
B. Availability Zones
C. Edge locations
D. Data centers

Answer: C

32. Using AWS Config to record, audit, and evaluate changes to AWS resources to enable traceability is an example of which AWS Well-Architected Framework pillar?

A. Security
B. Operational excellence
C. Performance efficiency
D. Cost optimization

Answer: A

33. A user needs to quickly deploy a non-relational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service can be used to accomplish this?

A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Aurora
D. Amazon Redshift

Answer: D

34. A Cloud Practitioner is developing a disaster recovery plan and intends to replicate data between multiple geographic area. Which of the following meets these requirements?

A. AWS Accounts
B. AWS Regions
C. Availability Zones
D. Edge locations

Answer: B

35. Which features and benefits does the AWS Organizations service provide? (Choose two.)

A. Establishing real-time communications between members of an internal team
B. Facilitating the use of NoSQL databases
C. Providing automated security checks
D. Implementing consolidated billing
E. Enforcing the governance of AWS accounts

Answer: D E

36. Which AWS service is used to automate configuration management using Chef and Puppet?

A. AWS Config
B. AWS OpsWorks
C. AWS CloudFormation
D. AWS Systems Manager

Answer: B

37. Which tool is best suited for combining the billing of AWS accounts that were previously independent from one another?

A. Detailed billing report
B. Consolidated billing
C. AWS Cost and Usage report
D. Cost allocation report

Answer: B

38. The AWS Total Cost of Ownership (TCO) Calculator is used to:

A. receive reports that break down AWS Cloud compute costs by duration, resource, or tags
B. estimate savings when comparing the AWS Cloud to an on-premises environment
C. estimate a monthly bill for the AWS Cloud resources that will be used
D. enable billing alerts to monitor actual AWS costs compared to estimated costs

Answer: B

39. Which AWS services can be used to provide network connectivity between an on-premises network and a VPC? (Choose two.)

A. Amazon Route 53
B. AWS Direct Connect
C. AWS Data Pipeline
D. AWS VPN
E. Amazon Connect

Answer: B D

40. Under the AWS shared responsibility model, which of the following are customer responsibilities? (Choose two.)

A. Setting up server-side encryption on an Amazon S3 bucket
B. Amazon RDS instance patching
C. Network and firewall configurations
D. Physical security of data center facilities
E. Compute capacity availability

Answer: C E

41. Which method helps to optimize costs of users moving to the AWS Cloud?

A. Paying only for what is used
B. Purchasing hardware before it is needed
C. Manually provisioning cloud resources
D. Purchasing for the maximum possible load

Answer: A

42. Under the AWS shared responsibility model, which of the following is a customer responsibility?

A. Installing security patches for the Xen and KVM hypervisors
B. Installing operating system patches for Amazon DynamoDB
C. Installing operating system security patches for Amazon EC2 database instances
D. Installing operating system security patches for Amazon RDS database instances

Answer: C

43. The AWS Cost Management tools give users the ability to do which of the following? (Choose two.)

A. Terminate all AWS resources automatically if budget thresholds are exceeded.
B. Break down AWS costs by day, service, and linked AWS account.
C. Create budgets and receive notifications if current of forecasted usage exceeds the budgets.
D. Switch automatically to Reserved Instances or Spot Instances, whichever is most cost-effective.
E. Move data stored in Amazon S3 to a more cost-effective storage class.

Answer: B C

44. Under the AWS shared responsibility model, the security and patching of the guest operating system is the responsibility of:

A. AWS Support
B. the customer
C. AWS Systems Manager
D. AWS Config

Answer: B

45. Which AWS service makes it easy to create and manage AWS users and groups, and provide them with secure access to AWS resources at no charge?

A. AWS Direct Connect
B. Amazon Connect
C. AWS Identity and Access Management (IAM)
D. AWS Firewall Manager

Answer: C

46. Which AWS service provides on-demand of AWS security and compliance documentation?

A. AWS Directory Service
B. AWS Artifact
C. AWS Trusted Advisor
D. Amazon Inspector

Answer: B

47. Which AWS service can be used to turn text into life-like speech?

A. Amazon Polly
B. Amazon Transcribe
C. Amazon Rekognition
D. Amazon Lex

Answer: A

48. What is one of the core principles to follow when designing a highly available application in the AWS Cloud?

A. Design using a serverless architecture
B. Assume that all components within an application can fail
C. Design AWS Auto Scaling into every application
D. Design all components using open-source code

Answer: B

49. A user needs to generate a report that outlines the status of key security checks in an AWS account. The report must include:
– The status of Amazon S3 bucket permissions.
– Whether multi-factor authentication is enabled for the AWS account root user.
– If any security groups are configured to allow unrestricted access.
Where can all this information be found in one location?

A. Amazon QuickSight dashboard
B. AWS CloudTrail trails
C. AWS Trusted Advisor report
D. IAM credential report

Answer: C

50. Which Amazon EC2 pricing model should be used to comply with per-core software license requirements?

A. Dedicated Hosts
B. On-Demand Instances
C. Spot Instances
D. Reserved Instances

Answer: A

51. What is the benefit of elasticity in the AWS Cloud?

A. Ensure web traffic is automatically spread across multiple AWS Regions.
B. Minimize storage costs by automatically archiving log data.
C. Enable AWS to automatically select the most cost-effective services.
D. Automatically adjust the required compute capacity to maintain consistent performance.

Answer: D

52. The continual reduction of AWS Cloud pricing is due to:

A. pay-as-you go pricing
B. the AWS global infrastructure
C. economies of scale
D. reserved storage pricing

Answer: C

53. A company needs an Amazon S3 bucket that cannot have any public objects due to compliance requirements. How can this be accomplished?

A. Enable S3 Block Public Access from the AWS Management Console.
B. Hold a team meeting to discuss the importance if only uploading private S3 objects.
C. Require all S3 objects to be manually approved before uploading.
D. Create a service to monitor all S3 uploads and remove any public uploads.

Answer: C

54. A Cloud Practitioner identifies a billing issue after examining the AWS Cost and Usage report in the AWS Management Console. Which action can be taken to resolve this?

A. Open a detailed case related to billing and submit it to AWS Support for help.
B. Upload data describing the issue to a new object in a private Amazon S3 bucket.
C. Create a pricing application and deploy it to a right-sized Amazon EC2 instance for more information.
D. Proceed with creating a new dashboard in Amazon QuickSight.

Answer: A

55. What does the AWS Simple Monthly Calculator do?

A. Compares on-premises costs to colocation environments
B. Estimates monthly billing based on projected usage
C. Estimates power consumption at existing data centers
D. Estimates CPU utilization

Answer: B

56. Who is responsible for patching the guest operating system for Amazon RDS?

A. The AWS Product team
B. The customer Database Administrator
C. Managed partners
D. AWS Support

Answer: B

57. Which AWS services may be scaled using AWS Auto Scaling? (Choose two.)

A. Amazon EC2
B. Amazon DynamoDB
C. Amazon S3
D. Amazon Route 53
E. Amazon Redshift

Answer: A B

58. Which of the following are benefits of AWS Global Accelerator? (Choose two.)

A. Reduced cost to run services on AWS
B. Improved availability of applications deployed on AWS
C. Higher durability of data stored on AWS
D. Decreased latency to reach applications deployed on AWS
E. Higher security of data stored on AWS

Answer: B D

59. A user who wants to get help with billing and reactivate a suspended account should submit an account and billing request to:

A. the AWS Support forum
B. AWS Abuse
C. an AWS Solutions Architect
D. AWS Support

Answer: D

60. Which AWS Cloud best practice uses the elasticity and agility of cloud computing?

A. Provision capacity based on past usage and theoretical peaks
B. Dynamically and predictively scale to meet usage demands
C. Build the application and infrastructure in a data center that grants physical access
D. Break apart the application into loosely coupled components

Answer: D

61. Which tool is used to forecast AWS spending?

A. AWS Trusted Advisor
B. AWS Organizations
C. Cost Explorer
D. Amazon Inspector

Answer: C

62. A company is running an ecommerce application hosted in Europe. To decrease latency for users who access the website from other parts of the world, the company would like to cache frequently accessed static content closer to the users. Which AWS service will support these requirements?

A. Amazon ElastiCache
B. Amazon CloudFront
C. Amazon Elastic File System (Amazon EFS)
D. Amazon Elastic Block Store (Amazon EBS)

Answer: B

63. Which of the following is a component of the AWS Global Infrastructure?

A. Amazon Alexa
B. AWS Regions
C. Amazon Lightsail
D. AWS Organizations

Answer: B

64. Which AWS service will help users determine if an application running on an Amazon EC2 instance has sufficient CPU capacity?

A. Amazon CloudWatch
B. AWS Config
C. AWS CloudTrail
D. Amazon Inspector

Answer: A

65. Why is it beneficial to use Elastic Load Balancers with applications?

A. They allow for the conversion from Application Load Balancers to Classic Load Balancers.
B. They are capable of handling constant changes in network traffic patterns.
C. They automatically adjust capacity.
D. They are provided at no charge to users.

Answer: B

66. Which tasks are the customer’s responsibility in the AWS shared responsibility model? (Choose two.)

A. Infrastructure facilities access management
B. Cloud infrastructure hardware lifecycle management
C. Configuration management of user’s applications
D. Networking infrastructure protection
E. Security groups configuration

Answer: C E

67. IT systems should be designed to reduce interdependencies, so that a change or failure in one component does not cascade to other components. This is an example of which principle of cloud architecture design?

A. Scalability
B. Loose coupling
C. Automation
D. Automatic scaling

Answer: B

68. Which AWS service or feature can enhance network security by blocking requests from a particular network for a web application on AWS? (Choose two.)

A. AWS WAF
B. AWS Trusted Advisor
C. AWS Direct Connect
D. AWS Organizations
E. Network ACLs

Answer: A E

69. An application runs on multiple Amazon EC2 instances that access a shared file system simultaneously. Which AWS storage service should be used?

A. Amazon EBS
B. Amazon EFS
C. Amazon S3
D. AWS Artifact

Answer: B

70. A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2 instances, and Amazon RDS. Which security measures fall under the responsibility of AWS? (Choose two.)

A. Running a virus scan on EC2 instances
B. Protecting against IP spoofing and packet sniffing
C. Installing the latest security patches on the RDS instance
D. Encrypting communication between the EC2 instances and the Elastic Load Balancer
E. Configuring a security group and a network access control list (NACL) for EC2

Answer: B C

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *