AWS Certified Cloud Practitioner (CLF-C01)Exam K

QUESTION 1 A company is building an application for stock trading. The application needs sub- millisecond latency for processing trade requests. The company uses Amazon DynamoDB to store all the trading data that is used to process each trading request. A development team performs load testing on the application and finds that the data retrieval time is higher than expected. The development team needs a solution that reduces the data retrieval time with the least possible effort. Which solution meets these requirements?

Add local secondary indexes (LSIs) for the trading data
Store the trading data in Amazon S3 and use S3 Transfer Acceleration
Use DynamoDB Accelerator (DAX) to cache the trading data
Add retries with exponential backoff for DynamoDB queries

Correct Answer: c

QUESTION 2 A developer needs to modify an application architecture to meet new functional requirements Application data is stored in Amazon DynamoDB and processed for analysis in a nightly batch. The system analysts do not want to wait until the next day to view the processed data and have asked to have it available in near-real time. Which application architecture pattern would enable the data to be processed as it is received?

Client-server driven
Event driven
Fan-out driven
Schedule driven

Correct Answer: B

QUESTION 3 A developer is adding a feature to a client-side application so that users can upload videos to an Amazon S3 bucket. What is the MOST secure way to give the application the ability to write files to the S3 bucket?

A. Update the S3 bucket policy to allow public write access. Allow any user to upload videos by removing the need to handle user authentication within the client-side application

B. Configure the API layer of the application to have a new endpoint that creates signed URLs that allow an object to be put into the S3 bucket Generate a presigned URL through this API call in the client application. Upload the video by using the signed URL

C. Create a new IAM policy and a corresponding 1AM user with permissions to write to the S3 bucket Store the key and the secret for the user in the application code Use the key to authenticate the video uploads

D. Generate a new 1AM key and a corresponding secret by using the AWS account root user credentials Store the key and the secret for the user in the application code. Use the key to authenticate the video uploads

Correct Answer: C

QUESTION 4 A developer has a legacy application that is hosted on-premises Other applications hosted on AWS depend on the on-premises application for proper functioning In case of any application errors, the developer wants to be able to use Amazon CloudWatch to monitor and troubleshoot all applications from one place. How can the developer accomplish this?

A. Download the CloudWatch agent to the on-premises server Configure the agent to use I AM user credentials with permissions for CloudWatch

B. Install an AWS SDK on the on-premises server to automatically send logs to CloudWatch.

C. Upload log files from the on-premises server to Amazon S3 and have CloudWatch read the files.

D. Upload log files from the on-premises server to an Amazon EC2 instance and have the instance forward the logs to CloudWatch

Correct Answer: A

QUESTION 5 A developer has written code for an application and wants to share it with other developers on the team to receive feedback. The shared application code needs to be stored long-term with multiple versions and batch change tracking. Which AWS service should the developer use?

A. AWS CodeBuild

B. AWS CodeCommit

C. Amazon S3

D. AWS Cloud9

Correct Answer: B

QUESTION 6 An application is using Amazon DynamoDB as its data store, and should be able to read 100 items per second as strongly consistent reads Each item is 5 KB in size.To what value should the table's provisioned read throughput be set?

A. 200 read capacity units

B. 50 read capacity units

C. 100 read capacity units

D. 500 read capacity units

Correct Answer: A

QUESTION 7 A company has a serverless application that uses AWS Lambda functions and AWS Systems Manager parameters to store configuration data The company moves the Lambda functions inside the VPC and into private subnets The Lambda functions are now producing errors in their attempts to access Systems Manager parameters.Which solution will allow the Lambda functions to access Systems Manager parameters inside the VPC?

A. Configure security groups to allow access to Systems Manager

B. Create an interface VPC endpoint for Systems Manager

C. Create a gateway VPC endpoint for Systems Manager

D. Use an internet gateway from inside the VPC

Correct Answer: C

QUESTION 8 An application running on Amazon EC2 opens connections to an Amazon RDS SQL Server database The developer does not want to store the username and password for the database in the code. The developer would also like to automatically rotate the credentials. What is the MOST secure way to store and access the database credentials?

A. Create an IAM role that has permissions to access the database Attach the role to the EC2 instance

B. Store the credentials in an encrypted text file in an Amazon S3 bucket Configure the EC2 instance’s user data to download the credentials from Amazon S3 as the instance boots.

C. Store the username and password credentials directly in the source code No further action is needed because the source code is stored in a private repository

D. Use AWS Secrets Manager to store the credentials Retrieve the credentials from Secrets Manager as needed

Correct Answer: D

QUESTION 9 A developer created a Lambda function for a web application backend When testing the Lambda function from the AWS Lambda console, the developer can see that the function is being run, but there is no log data being generated in Amazon CloudWatch Logs, even after several minutes. What could cause this situation?

A. The Lambda function does not have any explicit log statements for the log data to send it CloudWatch Logs

B. The execution role for the Lambda function is missing permissions to write log data to the CloudWatch Logs

C. The Lambda function is missing CloudWatch Logs as a source trigger to send log data

D. The Lambda function is missing a target CloudWatch Log group

Correct Answer: B

QUESTION 10 A development team is building a new application that will run on Amazon EC2 and use Amazon DynamoDB as a storage layer. The developers all have assigned IAM user accounts in the same IAM group The developers currently can launch EC2 instances, and they need to be able to launch EC2 instances with an instance role allowing access to Amazon DynamoDB. Which AWS 1AM changes are needed when creating an instance role to provide this functionality?

A. Create an IAM permissions policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows Amazon EC2 to assume the role. Attach a permissions policy to the development group in AWS IAM that allows developers to use the i am PassRole permission for the role.

B. Create an i am permission policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows DynamoDB to assume the role Attach a permissions policy to the development group in AWS IAM that allows developers to use the lamGetRole and lamPassRole permissions for the role.

C. Create an IAM permission policy attached to the role that allows access to Amazon EC2. Add a trust policy to the role that allows DynamoDB to assume the role Attach a permissions policy to the development group in AWS IAM that allows developers to use the iam PassRole permission for the role.

D. Create an IAM permissions policy attached to the role that allows access to DynamoDB Add a trust policy to the role that allows Amazon EC2 to assume the role Attach a permissions policy to the development group in AWS IAM that allows developers to use the i am GetRole permission for the role.

Correct Answer: A

QUESTION 11 A company has a website that is developed in PHP and is launched using AWS Elastic Beanstalk. There is a new version of the website that needs to be deployed In the Elastic Beanstalk environment. The company cannot tolerate having the website offline if an update fails Deployments must have minimal impact and rollback as soon as possible. What deployment method should be used?

A. All at once

B. Rolling

C. Immutable

D. Snapshots

Correct Answer: C

QUESTION 12 A developer is deploying an AWS Lambda function that writes to Amazon DynamoDB. Amazon CloudWatch metrics tor the Lambda function show that errors have occurred during some invocations of the function However, there are no entries available in the CloudWatch logs for the function. The source code for the function shows that the function writes to data before saving data.What should the developer do to address the missing CloudWatch log entries of the Lambda function?

A. Enable CloudWatch Lambda insigne Redeploy the Lambda function

B. Assign permissions to the Lambda function’s execution role to send logs to CloudWatch

C. Use AWS X-Ray Enable active tracing

D. Add CloudWatch as the trusted identity to the Lambda function’s execution role

Correct Answer: A

QUESTION 13 A developer is creating an AWS Lambda function that generates a new file each time it runs Each new file must be checked into an AWS CodeCommit repository hosted in the same AWS account. How should the developer accomplish this?

A. When the Lambda function starts, use the Git CLI to clone the repository Check the new file into the cloned repository and push the change.

B. After the new file is created in Lambda, use cURL to invoke the CodeCommit API Send the file to the repository.

C. Upload the new file to an Amazon S3 bucket Create an AWS Step Function to accept S3 events In the Step Function, add the new file to the repository

D. Use an AWS SDK to instantiate a CodeCommit client Invoke the put_file method to add the file to the repository

Correct Answer: D

QUESTION 14 A company is using an AWS Lambda function to process records from an Amazon Kinesis data stream The company recently observed slow processing of the records .A developer notices that the iterator age The metric for the function is increasing and the Lambda run duration is constantly above normal. Which actions should the developer take to increase the processing speed? (Select TWO.)

A. Decrease the timeout of the Lambda function

B. Increase the number of shards of the Kinesis data stream.

C. Decrease the number of shards of the Kinesis data stream

D. Increase the memory that is allocated to the Lambda function

E. Increase the timeout of the Lambda function.

Correct Answer: BD

QUESTION 15 A developer has created an AWS Lambda function lo provide notification through Amazon Simple Notification Service (Amazon SNS) whenever a file is uploaded to Amazon S3 that is larger than 50 MB The developer has deployed and tested the Lambda function by using the CI I However, when the event notification is added to the S3 bucket and a 3.000 MB file is uploaded, the Lambda function does not launch. Which of the following is a possible reason for the Lambda function's inability to launch?

A. The resource based policy for the Lambda function does not have the required permissions to be invoked by Amazon S3

B. The S3 event notification does not activate for files that are larger than 1.000 MB

C. Lambda functions cannot be invoked directly from an S3 event.

D. The S3 bucket needs to be made public

Correct Answer: A

QUESTION 16 A developer uses a single AWS CloudFormation template to configure the test environment and the production environment for an application The developer handles environment- specific requirements in the CloudFormation template. The developer decides to update the Amazon EC2 Auto Scaling launch template with new Amazon Machine Images (AMIs) for each environment The CloudFormation update for the new AMIs is successful in the test environment but the update fails in the production environment. What are the possible causes of the CloudFormation update failure in the production environment? (Select TWO )

A. The security group that is specified in the CloudFormation template does not exist

B. CloudFormation does not recognize the template change as an update

C. CloudFormation does not have sufficient 1AM permissions to make the changes

D. The new AMIs do not fulfil the specified conditions in the CloudFormation template

E. The service quota for the number of EC2 vCPUs in the AWS Region has been exceeded.

Correct Answer: DE

QUESTION 17 A developer is receiving http 400 : ThrorclingExceprion errors intermittently when calling the Amazon CloudWatch API. When a call (ails, no data is retrieved. What best practice should first be applied to address this issue?

A. Contact AWS Support for a limit increase.

B. Use the AWS CLI to get the metrics

C. Retry the call with exponential backoff

D. Analyze the applications and remove the API call

Correct Answer: C

QUESTION 18 A company has dn application that analyses photographs. A developer is preparing the application for deployment to Amazon EC2 instances. The application's image analysis functions require a mix of GPU instances and CPU instances that run on Amazon Linux. The developer needs to add code to the application so that the functions can determine whether they are running on a GPU instance. What should the functions do to obtain this information?

A. Evaluate the GPU_AVA1LABLE environment variable

B. Call the DescribeElasticGpus API operation

C. Call the Describeinstances API operation and filter on the current instance ID Examine the Elastic Gpu Associations property

D. Retrieve the instance type from the instance metadata

Correct Answer: C

QUESTION 19 Given the source code for an AWS Lambda function in the local file store, py containing a handler function called get_store and the following AWS CloudFormation template: What should be done to prepare the template so that it can be deployed using the AWS CLI command aws Cloudformation deploy?

A. Use aws cloudformation compile to base64 encode and embed the source file into a modified CloudFormation template.

B. Use aws lambda zip to package the source file together with the CloudFormation template and deploy the resulting zip archive

C. Use aws cloudformation package to upload the source code to an Amazon S3 bucket and produce a modified CloudFormation template

D. Use aws serverless create-package to embed the source file directly into the existing CloudFormation template

Correct Answer: C

QUESTION 20 A developer wants to run a PHP website with an NGINX proxy and package them as Docker containers in one environment. The developer wants a managed environment with automated provisioning and load balancing. The developer cannot change the configuration and must minimise operational overhead. How should the developer build the website to meet these requirements?

A. Deploy the code on Amazon HC? instances in an Auto Scaling group behind an Application Ipad Balancer

B. Create a new application in AWS Elastic Beanstalk that is preconfigured for a multi container Docker Environment Upload the code, and deploy it to a web server environment.

C. Construct an AWS Cloud Formation template that launches Amazon EC2 instances Install and configure the PHP code by using cfn helper scripts

D. Upload the code for the PHP website into an Amazon S3 bucket Host the website from the S3 bucket.

Correct Answer:B

QUESTION 21 A developer needs to migrate an application from on premises to AWS. The application is written in PHP, uses a MySQL database, and has a small number of users. The application receives a significant load for 1 week each month The developer must minimise the cost of migrating and running the application. Which solution will meet these requirements?

A. Migrate the database to an Amazon Aurora single-instance cluster Deploy the application on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer Set the Auto Scaling group’s minimum capacity to 1 Set up an Amazon ElastiCache for Memcached instance for sessions.

B. Redevelop the application to use serverless capabilities that include AWS Lambda. Aurora Serverless Run the application code by using the standard Lambda PHP runtime environment Migrate the database to Aurora Serverless

C. Migrate the application to an Amazon Aurora two-instance cluster. Deploy the application on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer Set the Auto Scaling group’s minimum capacity to 2 Set up an Amazon ElastiCache for Memcached two-instance cluster.

D. Migrate the database to an Amazon Aurora single-instance cluster Deploy the application on Amazon EC2 instances that are in an Auto Scaling group behind an Application Load Balancer (ALB) Set the Auto Scaling group’s minimum capacity to 1 Enable session affinity (sticky sessions) on the ALB

Correct Answer: D

QUESTION 22 A developer is writing a new AWS Serverless Application Model (AWS SAM) template with a new AWS Lambda function. The Lambda function runs complex code. The developer wants to test the Lambda function with more CPU power. What should the developer do to meet this requirement?

A. Increase the runtime engine version

B. Increase the memory.

C. Increase the timeout

D. Increase the number of Lambda layers

Correct Answer: B

QUESTION 23 An application runs on multiple EC2 instances behind an ELB. Where is the session data best written so that it can be served reliably across multiple requests?

A. Write data to Amazon Elastic Block Store

B. Write data to Amazon EC2 Instance Store

C. Write data to Amazon ElastiCache.

D. Write data to the root filesystem

Correct Answer: C

QUESTION 24 A developer has created a web API that uses Amazon Elastic Container Service (Amazon ECS) and an Application Load Balancer (ALB) An Amazon CloudFront distribution uses the API as an origin for web clients The application has received millions of requests with a JSON Web Token (JWT) that is not valid in the authorization header The developer has scaled out the application to handle the unauthenticated requests. What should the developer do to reduce the number of unauthenticated requests to the API?

A. Add a request routing rule to the ALB to return a 401 status code if the authorization header is missing

B. Add a container to the ECS task definition to validate JWTs Set the new container as a dependency of the application container

C. Add a custom authorizer for AWS Lambda to the CloudFront distribution to validate the JWT

D. Create a CloudFront function for the distribution Use the crypto module in the function to validate the JWT

Correct Answer: C

QUESTION 25 An application needs to encrypt data that is written to Amazon S3 where the keys are managed in an on- premises data centre and the encryption is handled by S3. Which type of encryption should be used?

A. Use server-side encryption with Amazon S3-managed keys

B. Use server-side encryption with customer-provided keys.

C. Use server-side encryption with AWS KMS-managed keys

D. Use client-side encryption with AWS KMS-managed keys

Correct Answer: B

QUESTION 26 A developer is testing a Docker-based application that uses the AWS SDK to interact with Amazon DynamoDB. In the local development environment the application has used 1AM access keys. The application is now ready for deployment onto an ECS cluster. How should the application authenticate with AWS services in production?

A. Refactor the application to call AWS STS AssumeRole based on an instance role

B. Configure an ECS task 1AM role for the application to use

C. Configure AWS access key/secret access key environment variables with new credentials

D. Configure the credentials file with a new access key/secret access key

Correct Answer: B

QUESTION 27 A developer has discovered that an application responsible for processing messages in an Amazon SQS queue is routinely falling behind The application is capable of processing multiple messages in one invocation, but is only receiving one message at a time. What should the developer do to increase the number of messages the application receives?

A. Call the SetQueue Attributes API for the queue and set MaxNumberOfMessages to a value greater than the default of 1

B. Call the ChangeMessageVisibility API for the queue and set MaxNumberOfMessages to a value greater than the default of

C. Call the Add Permission API to set MaxNumberOfMessages for the ReceiveMessage action to a value greater than the default of 1

D. Call the ReceiveMessage API to set MaxNumberOfM ess ages to a value greater than the default of 1.

Correct Answer: A

QUESTION 28 An application running on multiple Amazon EC2 instances pulls messages from a standard Amazon SQS queue. A requirement for the application is that all messages must be encrypted at rest. Developers are instructed to use methods that allow tor centralised key management and minimise possible support requirements whenever possible. Which of the following solutions supports these requirements?

A. Encrypt individual messages by using client-side encryption with customer managed keys, then write to the SQS queue

B. Create an SQS queue and encrypt the queue by using server-side encryption with AWS KMS

C. Encrypt individual messages by using SQS Extended Client and the Amazon S3 encryption client

D. Create an SQS queue, and encrypt the queue by using client-record encryption

Correct Answer: B

QUESTION 29 A developer has a stateful web server on-premises that is being migrated to AWS. The developer must have greater elasticity in the new design. How should the developer re-factor the application to make it more elastic? (Select TWO.)

A. Store session state data m an Amazon DynamoDB table.

B. Use an ELB with an Auto Scaling group

C. Use pessimistic concurrency on Amazon DynamoDB

D. Use Amazon CloudFront with an Auto Scaling group.

E. Use Amazon CloudFront with an AWS Web Application Firewall

Correct Answer: AB

QUESTION 30 An ecommerce application is running behind an Application Load Balancer. A developer observes some unexpected load on the application during non-peak hours. The developer wants to analyse patterns for the client IP addresses that use the application. Which HTTP header should the developer use for this analysis?

A. The X-Forwarded-Proto header

B. The X Forwarded For header

C. The X-Forwarded-Host header

D. The X-Forwarded-Port header

Correct Answer: B

QUESTION 31 A developer creates an AWS Lambda function to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic All message content must be encrypted in transit and at rest between Lambda and Amazon SNS. A part of the Lambda execution role is as follows: Which combination of steps should the developer take to meet these requirements? (Select TWO.)

A. Add a Deny statement to the Lambda execution role Specify the SNS topic ARN as the resource Specify “aws.SecureTransport” “true” as the condition.

B. Enable server-side encryption on the SNS topic

C. Create a VPC endpoint for Amazon SNS

D. Add a Deny statement to the Lambda execution role Specify the SNS topic ARN as the resource Specify “aws.SecureTransport” “false” as the condition.

E. Add a StringEquals condition of “sns Protocol” “https” to the Lambda execution role

Correct Answer: BD

QUESTION 32 A developer is making changes to a custom application that uses AWS Elastic Beanstalk. Which solutions will update the Elastic Beanstalk environment with the new application version after the developer completes the changes? (Select TWO)

A. Package the application code into a tar file Use the AWS Management Console to create a new application version from the tar file. Update the environment by using the AWS CLI.

B. Package the application code into a zip file. Use the AWS Management Console to upload the .zip file and deploy the packaged application.

C. Package the application code into a tar file Use the AWS Management Console to upload the tar file and deploy the packaged application

D. Package the application code into a zip file Use the AWS CLI to create a new application version from the zip file and to update the environment

E. Package the application code into a zip file. Use the AWS Management Console to create a new application version from the .zip file. Rebuild the environment by using the AWS CLI.

Correct Answer: BD

QUESTION 33 A Lambda function processes data before sending it to a downstream service. Each piece of data is approximately 1MB in size. After a security audit, the function is now required to encrypt the data before sending it downstream. Which API call is required to perform the encryption?

A. Pass the data to the KMS ReEncrypt API for encryption

B. Use the KMS GeneraceDaraHeywithoutPlainTexr API to get an encryption key

C. Use the KMS GenerateDataKeyAPi to get an encryption key

D. Pass the data to KMS as part of the Encrypt API for encryption.

Correct Answer: C

QUESTION 34 A company wants to migrate an existing on-premises web application to AWS. The existing technology stacks consist of configuration files, application code that connects to a MySQL database by using a language-specific MySQL API, and a source code repository that holds configuration files and program code A developer uses an Amazon RDS for MySQL DB instance as the target database The developer uses a container as the compute engine for the web application program code. The developer wants to configure the database connection from the web application code to the new RDS for MySQL DB instance without refactoring the existing code The developer also must maximise security for the storage of the database username and password pair that the application code uses. Which combination of steps should the developer take to meet these requirements? (Select TWO )

A. Keep the existing database connectivity API code unchanged Change the database connection string URL to the endpoint of the RDS for MySQL DB instance

B. Use the RDS software development kit (SDK) to construct a database client.

C. Use AWS Secrets Manager to store the database’s username and password pair Use the

GetSecretValue API operation to retrieve the username and password pair when the application makes MySQL DB API calls

D. Store the database’s username and password pair in the configuration files

E. Use the environment variables of the container definition to pass the database’s username and password pair to the application code

Correct Answer: AC

QUESTION 35 A developer manages an application that interacts with Amazon RDS. Alter observing slow performance with read queries, the developer Implements Amazon ElastiCache to update the cache immediately following the primary database update. What will be the result of this approach to caching?

A. Caching will increase the load on the database instance because the cache is updated for every database update.
B. The cache will become large and expensive because the infrequently requested data is also written to the cache
C. Caching will slow performance of the read queries because the cache is updated when the cache cannot find the requested data
D. Overhead will be added to the initial response time because the cache is updated only after a cache miss
Correct Answer: B

QUESTION 36 An ecommerce company manages its application's infrastructure by using AWS Elastic Beanstalk. A the developer wants to deploy the new version of the application with the least possible application downtime. The developer also must minimise the application's rollback time if there are issues with the deployment. Which approach will meet these requirements?

A. Use a rolling deployment to deploy the new version

B. Use a rolling deployment with additional batches to deploy the new version

C. Deploy the new version to a new environment Use a blue/green deployment

D. Use an all-at-once deployment to deploy the new version

Correct Answer: C

QUESTION 37 A company is hosting a workshop for external users and wants to share the reference documents with the external users for 7 days. The company stores the reference documents In an Amazon S3 bucket that the company owns.What is the MOST secure way to share the documents with the external users?

A. Move the documents to an Amazon WorkDocs folder. Share the links of the WorkDocs folder with the external users.

B. Use S3 presigned URLs to share the documents with the external users Set an expiration time of 7 days

C. Create temporary 1AM users that have read only access to the S3 bucket Share the access keys with the external users Expire the credentials alter 7 days

D. Create a role that has read-only access to the S3 bucket Share the Amazon Resource Name (ARN) of this role with the external users

Correct Answer: B

QUESTION 38 A developer has created a Java application that runs on AWS Elastic Beanstalk with the default Elastic Beanstalk instance profile. The developer needs to visualise a map of the application's interactions with AWS services to help identify and debug issues with the application. Which combination of steps should the developer take to meet this requirement with the LEAST operational effort? (Select TWO.)

A. Create an Elastic Beanstalk configuration file to download and install the AWS X-Ray daemon on the underlying Amazon FC2 instances

B. Instrument the code by using the AWS X-Ray software development kit (SDK) for Java

C. Enable Elastic Beanstalk enhanced health reporting

D. Enable the AWS X-Ray daemon in the Elastic Beanstalk console

E. Configure AWS CloudTrail to visualise the services map

Correct Answer: AD

QUESTION 39 A developer is writing an application in Python. The application runs on AWS Lambda. The application generates a file and needs to upload this file to Amazon S3. The developer must implement this upload functionality with the least possible change to the application code. Which solution meets these requirements?

A. Make an HTTP request directly to the S3 API to upload the file

B. Include the AWS SDK for Python in the Lambda function Use the SDK to upload the file

C. Use the AWS CLI that is installed in the Lambda environment to upload the file

D. Use the AWS SDK for Python that is installed in the Lambda environment to upload the file

Correct Answer: D

QUESTION 40 A company has a web application that runs on Amazon EC2 instances with a custom Amazon Machine Image (AMI) The company uses AWS CloudFormation to provision the application. The application runs in the us-east-1 Region, and the company needs to deploy the application to the us-west-1 Region. An attempt to create the AWS CloudFormation stack in us-west-1 fails An error message states that the AMI ID does not exist A developer must resolve this error with a solution that uses the least amount of operational overhead. Which solution meets these requirements?

A. Change the AWS CloudFormation templates for us-east-1 and us-west-1 to use an AWS AMI Relaunch the stack for both Regions

B. Build the custom AMI in us-west-1 Create a new AWS CloudFormation template to launch the stack in us-west-1 with the new AMI ID

C. Copy the custom AMI from us-east-1 to us-west-1 Update the AWS CloudFormation template for us-west-1 to refer to AMI ID for the copied AMI. Relaunch the stack.

D. Manually deploy the application outside AWS CloudFormation in us-west-1

Correct Answer: C

QUESTION 41 A company stores documents in Amazon S3 with default settings A new regulation requires the company to encrypt the documents at rest, rotate the encryption keys annually, and keep a record of when the encryption keys were rotated. The company does not want to manage the encryption keys outside of AWS. Which solution will meet these requirements?

A. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3).

B. Use server-side encryption with customer-provided encryption keys (SSE-C)

C. Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS)

D. Use client-side encryption before sending the data to Amazon S3

Correct Answer: B

QUESTION 42 A developer is creating a serverless web application and maintains different branches of code. The developer wants to avoid updating the Amazon API Gateway target endpoint each time a new code push is performed. What solution would allow the developer to perform a code push efficiently, without the need to update the API Gateway?

A. Associate different AWS Lambda functions to an API Gateway target endpoint

B. Create aliases and versions in AWS Lambda

C. Create different stages in API Gateway then associate API Gateway with AWSLambda.

D. Tag the AWS Lambda functions with different names

Correct Answer: B

QUESTION 43 A software company is using AWS CodeBuild to build an application. The buildspec runs the application build and creates a Docker imago that contains the application The company needs to push the Docker imago to Amazon Elastic Container Registry (Amazon ECR) only upon the completion of each successful build. Which solution meets these requirements?

A. Change the buildspec by adding a post_build phase that uses the finally block to push the Docker image

B. Specify the Docker image in the buildspec’s artefacts sequence with an action lo push the image

C. Use a batch build to define a build matrix Use the batch build to push the Docker image

D. Change the buildspec by adding a post_build phase that uses the commands block to push the Docker image

Correct Answer: D

QUESTION 44 A company is running a web application that is using Amazon Cognito for authentication The company does not want to use multi-factor authentication (MFA) for all the visitors every time, but the company's security team has concerns about compromised credentials The development team needs to configure mandatory MFA only when suspicious sign in attempts are detected. Which Amazon Cognito feature will meet these requirements?

A. Short message service (SMS) text message MFA

B. Advanced security metrics

C. Adaptive authentication

D. Time-based one-time password (TOTP) software token MFA

Correct Answer: C

QUESTION 45 A company is using Amazon RDS as the backend database for its application After a recent marketing campaign, a surge of read requests to the database increased the latency of data retrieval from the Database. The company has decided to implement a caching layer in front of the database. The cached content must be encrypted and must be highly available. Which solution will meet these requirements?

A. Amazon CloudFront

B. Amazon ElastiCache for Redis in cluster mode

C. Amazon ElastiCache for Memcached

D. Amazon DynamoDB Accelerator (DAX)

Correct Answer: B

QUESTION 46 A developer must extend an existing application that is based on the AWS Serverless Application Model (AWS SAM) The developer has used the AWS SAM CLI to create the project. The project contains different AWS Lambda functions. Which combination of commands must the developer use to redeploy the AWS SAM application? (Select TWO.)

A. sam build

B. sam deploy

C. sam mit

D. sam validate

E. sam publish

Correct Answer: AB

QUESTION 47 A company has a two-tier application running on an Amazon EC2 server that handles all of its AWS based e-commerce activity. During peak times, the backend servers that process orders are overloaded with requests This results in some orders falling to process A developer needs to create a solution that will re factor the application, Which steps will allow for more flexibility during peak times, while still remaining cost- effective? (Select TWO.)

A. Increase the backend T2 EC2 instance sizes to xi to handle the largest possible load throughout the year

B. Implement an Amazon SQS queue to decouple the front-end and backend servers.

C. Modify the backend servers to pull from an Amazon SQS queue.

D. Use an Amazon SNS queue to the couple the front-end and backend servers

E. Migrate the backend servers to on-premises and pull from an Amazon SNS queue

Correct Answer: BC

QUESTION 48 A company has a website that displays a daily newsletter. When a user visits the website, an AWS Lambda function processes the browser's request and queries the company's on- premises database to obtain the current newsletter. The newsletters are stored in English. The Lambda function uses the Amazon Translate TranslateText API operation to translate the newsletters and the translation is displayed to the user. Due to an increase in popularity, the website's response time has slowed. The database is overloaded The company cannot change the database and needs a solution that improves the response time of the Lambda function. Which solution meets these requirements?

A. Cache the translated newsletters in the Lambda /tmp directory

B. Change to asynchronous Lambda function invocation

C. Enable TranslateText API caching.

D. Change the Lambda function to use parallel processing

Correct Answer: A

QUESTION 49 A static website is hosted in an Amazon S3 bucket Several HTML pages on the site use JavaScript to download images from another Amazon S3 bucket These images are not displayed when users browse the site. What is the possible cause for the issue?

A. The referenced Amazon S3 bucket is in another region

B. The images must be stored in the same Amazon S3 bucket

C. Cross Origin Resource Sharing must be enabled on the Amazon S3 bucket

B. Port 80 must be opened on the security group in which the Amazon S3 bucket is located

Correct Answer: C

QUESTION 50 A developer needs to build and deploy a serverless application that has an API that mobile clients will use. The API will use Amazon DynamoDB and Amazon OpenSearch Service (Amazon Elasticsearch Service) as data sources Responses that are sent to the clients will contain aggregated data from both data sources. The developer must minimise the number of API endpoints and must minimise the number of API calls that are required to retrieve the necessary data. Which solution should the developer use to meet these requirements?

A. GraphQI. API on AWS AppSync

B. GraphGL API on an Amazon EC2 instance

C. REST API on Amazon API Gateway

D. REST API on AWS Elastic Beanstalk

Correct Answer: C

QUESTION 51 A developer is writing an application to analyse the traffic to a fleet of Amazon EC2 instances. The EC2 instances run behind a public Application Load Balancer (ALB) An HTTP server runs on each of the EC2 instances, logging all requests to a log file. The developer wants to capture the client's public IP addresses. The developer analyses the log files and notices only the IP address of the ALB. What must the developer do to capture the client's public IP addresses in the log file?

A. Add a Host header to the HTTP server log configuration file.

B. Install the Amazon CloudWatch Logs agent on each EC2 instance Configure the agent to write to the log file

C. Add an X-Forwarded-For header to the HTTP server log configuration file

D. Install the AWS X-Ray daemon on each EC2 instance. Configure the daemon to write to the log file

Correct Answer: C

QUESTION 52 A company is developing a report implemented using AWS Step Functions. Amazon CloudWatch shows errors in the Step Functions task state machine. To troubleshoot each task the state input needs to be included along with the error message in the state output. Which coding practice can preserve both the original input and the error for the state?

A. Use InputPath in a Catch statement and set the value to null.

D. Use ErrorEquals in a Retry statement to include the error with the original input

C. Use ResultPath in a Catch statement to include the error with the original input

D. Use OutputPath in a Retry statement and set the value to $.

Correct Answer: C

QUESTION 53 A developer received the following error message during an AWS Cloud Formation deployment. Which action should the developer lake lo resolve this error?

A. Contact AWS Support to report an Issue with the Auto Scaling Groups (ASG) service

B. Modify the CloudFormation template to retain the ASGInstanceRole12345678 resource Then manually delete the resource after deployment

C. Add a DependsOn attribute to the ASGInstanceRole12345678 resource in the Cloud Formation template Then delete the stack

D. Add a force parameter when calling CloudFormation with the role-am of ASGInstanceRoiei2345678

Correct Answer: C

QUESTION 54 A developer is building a serverless application that is based on AWS Lambda. The developer initialises the AWS software development kit (SDK) outside of the Lambda handler function. What is the PRIMARY benefit of this action?

A. Takes advantage of runtime environment reuse

B. Improves legibility and stylistic convention

C. Provides better error handling

D. Creates a new SDK instance for each invocation

Correct Answer: A

QUESTION 55 A company's ecommerce website is experiencing sudden and significant traffic changes that are causing performance problems in the company database. Users report that attempts to access the website are taking too long. A developer needs to implement a caching layer by using Amazon ElastiCache. The website must be responsive, no matter which product a user views Updates to product information and prices must be strongly consistent. Which cache-writing strategy will meet these requirements?

A. Write to the cache directly Synchronise the backend later

B. Write to the cache and the backend at the same time

C. Write to the backend first Wait for the cache to expire

D. Write to the backend first. Then update the TTL of the item in the cache=

Correct Answer: B

QUESTION 56 A company created an application to consume and process data. The application uses Amazon Simple Queue Service (Amazon SQS) and AWS Lambda functions. The application is currently working as expected, but it occasionally receives several messages that it cannot process properly The company needs to clear these messages to prevent the queue from becoming blocked. A developer must implement a solution that makes queue processing always operational. The solution must give the company the ability to defer the messages with errors and save these messages for further analysis. What is the MOST operationally efficient solution that meets these requirements?

A. Create a new SQS queue. Set the new queue as a dead-letter queue for the application queue

B. Configure Amazon CloudWatch Logs to save the error messages to a separate log stream

Configure the Maximum Receives setting.

C. Change the SQS queue to a FIFO queue Configure the message retention penod to 0 seconds

D. Configure an Amazon CloudWatch alarm for Lambda function errors Publish messages to an Amazon

Simple Notification Service (Amazon SNS) topic to notify administrator users

Correct Answer: A

QUESTION 57 A developer needs to create an application that supports Security Assertion Markup Language (SAML) and authentication with social media providers. It must also allow access to AWS services such as Amazon DynamoDB. Which AWS service or feature will meet these requirements with the LEAST amount of additional coding?

A. Amazon Cognito identity pools

B. AWS AppSync

C. Amazon Cognito user pools

D. Amazon Lambda@Edge

Correct Answer: A

QUESTION 58 A company has an application where reading objects from Amazon S3 is based on the type of user. The User types are registered user and guest user. The company has 25.000 users and is growing. Information is pulled from an S3 bucket depending on the user type. Which approaches are recommended to provide access to both user types? (Select TWO.)

A. Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.

B. Use Amazon Cognito to provide access using authenticated and unauthenticated roles

C. Use S3 bucket policies to restrict read access to specific IAM users

D. Create a new 1AM user for each user and grant read access

E. Use the AWS 1AM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.

Correct Answer: BE

QUESTION 59 A developer needs to use the AWS CLI on an on-premises development server temporarily to access AWS services while performing maintenance. The developer needs to authenticate to AWS with their identity for several hours. What is the MOST secure way to call AWS CLI commands with the developer's IAM identity?

A. Run the aws configure CLI command Provide the developer’s IAM access key ID and secret access key

B. Specify the developer’s IAM access key ID and secret access key as parameters for each CLI command

C. Specify the developer’s IAM profile as a parameter for each CLI command

D. Run the get-session-token CLI command with the developer’s IAM user. Use the returned credentials to call the CLI

Correct Answer: A

QUESTION 60 A global company has a mobile app with static data stored in an Amazon S3 bucket in the us-east-1 Region. The company serves the content through an Amazon CloudFront distribution The company is launching the mobile app In South Africa The data must reside in the af south 1 Region The company does not want to deploy a specific, mobile client for South Africa. What should the company do to meet these requirements?

A. Use the CloudFront geographic restriction feature to block access to users in South Africa

B. Create a Lambda@Edge function. Associate the Lambda@Edge function as a viewer response trigger

with the CloudFront distribution to change the S3 origin Region

C. Include af-south-1 in the alternate domain name (CNAME) of the CloudFront distribution

D. Create a Lambda@Edge function Associate the Lambda@Edge function as an origin request trigger with the CloudFront distribution to change the S3 origin Region

Correct Answer: D

QUESTION 61 A company is migrating its on-premises database to Amazon RDS for MySQL. The company has read- heavy workloads, and wants to make sure it re-factors its code to achieve optimum read performance for its queries. How can this objective be met?

A. Add database retries to effectively use RDS with vertical scaling

B. Add a connection string to use an RDS read replica for read queries.

C. Use RDS with multi-AZ deployment

D. Add a connection string to use a read replica on an EC2 instance

Correct Answer: B

QUESTION 62 A developer needs to deploy an application running on AWS Fargate using Amazon ECS The application has environment variables that must be passed to a container for the application to initialise. How should the environment variables be passed to the container?

A. Define an array that includes the environment variables under the environment parameter within the service definition

B. Define an array that includes the environment variables under the entryPoint parameter within the task definition

C. Define an array that includes the environment variables under the environment parameter within the task definition

D. Define an array that includes the environment variables under the entryPoint parameter within the service definition.

Correct Answer: D

QUESTION 63 Which AWS service or feature improves network performance by sending traffic through the AWS worldwide network infrastructure?

A. Route table

B. AWS Global Accelerator

C. AWS Transit Gateway

D. Amazon VPC

Correct Answer: B

QUESTION 64 A company is designing a new application that will store and retrieve millions of photos and videos. Which AWS service or feature can provide the underlying storage at the LOWEST cost?

A. Amazon Elastic Block Store (Amazon EBS)

B. Amazon EC2 instance store

C. Amazon S3

D. Amazon Simple Queue Service (Amazon SQS)

Correct Answer: B

QUESTION 65 Which AWS service or feature can simplify the management of hundreds of VPC connections across AWS Regions worldwide?

A. Amazon Connect

B. Security groups

C. AWS Transit Gateway

D. VPC peering

Correct Answer: C

QUESTION 66 A cloud practitioner wants information on the state of an existing AWS environment compared against established best practices. Which AWS services or features should the cloud practitioner use to obtain this information? (Choose two.)

A. AWS Solutions Library

B. AWS Artefact

C. AWS Well-Architected Tool

D. AWS Trusted Advisor

E. AWS Personal Health Dashboard

Correct Answer: AC

QUESTION 67 Which task is shared between AWS and the customer, according to the AWS shared responsibility model?

A. Physical and environmental controls

B. Server hardware management and encryption

C. Patch management and configuration management

D. Application security

Correct Answer: C

QUESTION 68 What is an example of a decoupled, scalable, cloud-based application?

B. A webpage that is hosted on Amazon S3 and uses AWS Lambda to update an Amazon DynamoDB database

C. A legacy database server that is running on the maximum instance size supported by its licence

D. An Application Load Balancer, web server, and database server that support a monolithic application

Correct Answer: D

QUESTION 69 A company needs to securely store important credentials that an application uses to connect users to a database. Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?

A. AWS Key Management Service (AWS KMS)

B. AWS Secrets Manager

C. AWS Config

D. Amazon GuardDuty

Correct Answer: B

QUESTION 70 An ecommerce company wants to design a highly available application that will be hosted on multiple Amazon EC2 instances. How should the company deploy the EC2 instances to meet these requirements?

A. Across multiple edge locations

B. Across multiple Availability Zones

C. Across multiple VPCs

D. Across multiple AWS accounts

Correct Answer: B

QUESTION 71 Which characteristics are advantages of using the AWS Cloud? (Choose two.)

A. Compute capacity that is adjusted on demand

B. A 100% service level agreement (SLA) for all AWS services

C. Enhanced security

D. Availability of AWS Support for code development

E. Increases in cost and complexity

Correct Answer: AC

QUESTION 72 A retail company is building a new mobile app. The company is evaluating whether to build the app at an on-premises data centre or in the AWS Cloud. Which of the following are the benefits of building this app in the AWS Cloud? (Choose two.)

A. Increased speed for trying out new projects

B. A large, upfront capital expense and low variable expenses

C. Flexibility to scale up in minutes as the application becomes popular

D. Complete control over the physical security of the infrastructure

E. Ability to pick the specific data centres that will host the application servers

Correct Answer: BC

QUESTION 73 Which of the following are advantages of using AWS for cloud computing? (Choose two.)

A. Users receive a discount on hardware that they purchase for their data centres.

B. Users can reserve excess capacity to ensure that resources are always available.

C. Users can increase speed and agility by deploying services with just one click.

D. Users benefit from massive economies of scale.

E. Users trade variable expenses for capital expenses.

Correct Answer: CD

QUESTION 74 Which AWS services or features provide high availability and low latency by enabling failover across different AWS Regions? (Choose two.)

A. Network Load Balancer

B. Amazon Route 53

C. AWS Global Accelerator

D. Amazon S3 Transfer Acceleration

E. Application Load Balancer

Correct Answer: BC

QUESTION 75 Which action is consistent with the principle of least privilege in terms of AWS Cloud architecture?

Allow users the minimum access that is needed to do a task.
Provide only the permissions that are needed for users to do their jobs in the current month.
Prevent managers from accessing important source code.
Assign permissions that are based on job titles.

Correct Answer: B

QUESTION 76 Which AWS services can use AWS WAF to protect against common web exploitations? (Choose two.)

A. Amazon CloudFront

B. Amazon API Gateway

C. Amazon Route 53

D. AWS Transfer Family

E. AWS Site-to-Site VPN

Correct Answer: AB

QUESTION 77 An ecommerce company recently started using the AWS Cloud. Which security-related tasks are the company's responsibility? (Choose two.)

A. Restrict who is allowed physical access to the hosts that run the company’s Amazon EC2 instances.

B. Choose to encrypt data at rest that is stored on Amazon S3.

C. Install security patches on Amazon EC2 Linux instances.

D. Conduct database patching for Amazon RDS instances.

E. Wipe Amazon Elastic Block Store (Amazon EBS) volumes clean before they are decommissioned.

Correct Answer: BD

QUESTION 78 Which AWS service or tool creates an audit log of all AWS resources that have been created?

A. Amazon CloudFront

B. AWS CloudTrail

C. Amazon CloudWatch

D. AWS Application Migration Service (CloudEndure Migration)

Correct Answer: B

QUESTION 79 According to the AWS shared responsibility model, who is responsible for the virtualization layer down to the physical security of the facilities in which AWS services operate?

A. It is the sole responsibility of the customer.

B. It is a shared responsibility between AWS and the customer.

C. It is the sole responsibility of AWS.

D. The customer’s AWS Support plan tier determines who manages the configuration.

Correct Answer: B

QUESTION 80 Which AWS services are eligible for a Compute Savings Plan? (Choose two.)

A. Amazon RDS

B. AWS Lambda

C. Amazon VPC

D. Amazon EC2

E. Amazon DynamoDB

Correct Answer: AD

QUESTION 81 A company needs to use AWS Identity and Access Management (IAM) to attach an IAM policy to all IAM users in an AWS account. Which solution meets this requirement?

A. Attach the IAM policy to each IAM user.

B. Attach the IAM policy to the IAM role containing all the IAM users.

C. Attach the IAM policy to the IAM group containing all the IAM users.

D. Apply the IAM policy to the entire AWS account.

Correct Answer: B

QUESTION 82 A social media company needs to launch a new feature. The feature will give users the ability to share images that can be viewed by other users across the world with low latency. Which AWS service or feature should the company use to meet this requirement MOST cost-effectively?

A. Amazon DynamoDB global tables

B. Amazon CloudFront

C. AWS Direct Connect

D. AWS Outposts

Correct Answer: B

QUESTION 83 Which AWS service is an in-memory data store service?

A. Amazon Aurora

B. Amazon RDS

C. Amazon ElastiCache

D. Amazon DynamoDB

Correct Answer: C

QUESTION 84 A company wants to have one AWS account for the entire company and individual accounts for each department. Which AWS service should the company use to aggregate and manage all accounts?

A. AWS Organizations

B. AWS Billing and Cost Management

C. AWS Identity and Access Management (IAM)

D. AWS Resource Access Manager

Correct Answer: A

QUESTION 85 What is an Availability Zone?

A. A location where users can deploy compute, storage, database, and other select AWS services where no AWS Region currently exists.

B. One or more clusters of servers where new workloads can be deployed

C. One or more discrete data centres with redundant power, networking, and connectivity

D. A fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to users globally

Correct Answer: C

QUESTION 86 Which AWS service is a continuous delivery and deployment solution?

A. AWS CodePipeline

B. AWS AppSync

C. AWS Cloud9

D. AWS CodeCommit

Correct Answer: A

QUESTION 87 Making frequent, small, reversible changes is a design principle of which pillar of the AWS Well-Architected Framework?

A. Reliability

B. Performance efficiency

C. Operational excellence

D. Cost optimization

Correct Answer: C

QUESTION 88 Which factors affect costs in the AWS Cloud? (Choose two.)

A. Inbound data transfers without acceleration

B. Outbound data transfers without acceleration

C. The number of unused AWS Lambda functions

D. The number of configured Amazon S3 buckets

E. Compute resources that are currently in use

Correct Answer: AB

QUESTION 89 A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages. Which AWS service or feature will give the application permission to access required AWS services?

A. AWS Certificate Manager (ACM)

B. AWS Security Hub

C. Amazon GuardDuty

D. IAM roles

Correct Answer: D

QUESTION 90 A company has a business-critical Amazon RDS for MySQL DB instance that resides in a single Availability Zone. Which solution will improve the availability of the DB instance?

A. Convert the DB instance into a multi-Region deployment.

B. Convert the DB instance into a Multi-AZ deployment.

C. Create an Amazon Simple Queue Service (Amazon SQS) queue in the same AWS Region to manage writes to the DB instance.

D. Create an Amazon Simple Queue Service (Amazon SQS) queue in a different AWS Region to manage writes to the DB instance.

Correct Answer: B

QUESTION 91 A company wants to analyse streaming user data and respond to customer queries in real time. Which AWS service can meet these requirements?

A. Amazon QuickSight

B. Amazon Redshift

C. AWS Data Pipeline

D. Amazon Kinesis Data Analytics

Correct Answer: D

QUESTION 92 A company is moving its on-premises key-value database to the AWS Cloud. Which AWS service will support this use case?

A. Amazon RDS

B. Amazon DynamoDB

C. Amazon ElastiCache

D. Amazon Redshift

Correct Answer: B

QUESTION 93 According to the AWS shared responsibility model, which of the following is the responsibility of AWS?

A. Firmware updates on hardware

B. Data encryption in transit

C. Operating system patching on Amazon EC2 instances

D. Data encryption at rest

Correct Answer: A

QUESTION 94 An independent software vendor (ISV) wants to deploy its application on AWS. The ISV's customers must be able to access the application securely from their own AWS accounts. Which AWS service or feature can the ISV use to securely provide access to its application?

A. Virtual private gateway

B. Internet gateway

C. AWS Client VPN

D. AWS PrivateLink

Correct Answer: C

QUESTION 95 A company has all of its servers in the us-east-1 Region. The company is considering the deployment of additional servers in a different Region. Which AWS tool should the company use to find pricing information for other Regions?

A. Cost Explorer

B. AWS Purchase Order Management

C. AWS Budgets

D. AWS Pricing Calculator

Correct Answer: B

QUESTION 96 A user is designing a service to align with the operational excellence pillar of the AWS Well-Architected Framework. Which design principle should the user follow?

A. Make large-scale changes

B. Anticipate failure

C. Perform manual operations

D. Create static operational procedures

Correct Answer: B

QUESTION 97 A company wants to configure a dedicated connection between its on-premises IT infrastructure and resources in an AWS Region. The company also wants to reduce network latency and congestion. Which AWS service or feature should the company choose?

A. AWS VPN

B. AWS PrivateLink

C. AWS Direct Connect

D. Amazon Connect

Correct Answer: C

QUESTION 98 Which AWS Cloud service provides performance recommendations for an AWS account?

A. Amazon Inspector

B. Amazon CloudWatch

C. AWS Trusted Advisor

D. AWS CloudTrail

Correct Answer: B

QUESTION 99 A company is planning to create a new application that will run on Amazon EC2 instances and back up data on Amazon Elastic Block Store (EBS) volumes to Amazon S3. The company wants to estimate the monthly costs of running the application before making a deployment decision. Which AWS service or feature can be used to estimate these costs?

A. Cost Explorer

B. AWS Cost and Usage Report

C. AWS Budgets

D. AWS Pricing Calculator

Correct Answer: D

QUESTION 100 Which AWS services or features give users the ability to create a network connection between two VPCs? (Choose two.)

A. Amazon Route 53

B. VPC endpoints

C. AWS Direct Connect

D. VPC peering

E. AWS Transit Gateway

Correct Answer: BD

QUESTION 101 A company is planning to host a large ecommerce application in the AWS Cloud. The company must create an architecture that provides protection against network-based security issues, such as DDoS attacks. Which AWS services should the company use to meet this requirement? (Choose two.)

A. Amazon CloudFront

B. AWS Shield

C. Amazon Inspector

D. Amazon GuardDuty

E. AWS Identity and Access Management (IAM)

Correct Answer: AB

QUESTION 102 A user has a stateless and restartable application that will run on an Amazon EC2 instance for 2 hours at a time.Which purchase option is the MOST cost-effective?

A. On-Demand Instances

B. Reserved Instances

C. Spot Instances

D. Dedicated Instances

Correct Answer: C

QUESTION 103 Which AWS service is a fully managed source control service that hosts secure Git-based repositories?

A. AWS CodeStar

B. AWS CodeCommit

C. Amazon CodeGuru

D. AWS CodePipeline

Correct Answer: B

QUESTION 104 A company needs to send time-critical messages to multiple subscribers through a push mechanism. Which AWS service should the company use?

A. Amazon Kinesis

B. Amazon MQ

C. Amazon Simple Notification Service (Amazon SNS)

D. Amazon Simple Queue Service (Amazon SQS)

Correct Answer: C

QUESTION 105 Which of the following is a recommended design principle of the AWS Well-Architected Framework?

A. Reduce downtime by making infrastructure changes infrequently and in large increments.

B. Learn to improve from operational failures.

C. Invest the time to configure infrastructure manually.

D. Use monolithic application design for centralization.

Correct Answer: B

QUESTION 106 A company wants to create templates that the company can reuse to deploy multiple AWS resources. Which AWS service or feature can the company use to meet this requirement?

A. AWS Marketplace

B. AWS CloudFormation

C. Amazon Machine Image (AMI)

D. AWS OpsWorks

Correct Answer: B

QUESTION 107 A company's solutions architect wants to provision a few Amazon EC2 instances in an existing AWS account. The company requires a cost estimate before the company can approve the request. Which AWS tool should the solutions architect use to produce the cost estimate?

A. AWS Pricing Calculator

B. AWS Cost and Usage Report

C. Cost Explorer

D. AWS Budgets

Correct Answer: B

QUESTION 108 A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud. Which costs will the company eliminate with this migration? (Select TWO.)

A. Cost of application licensing

B. Cost of data centre operations

C. Cost of physical server hardware

D. Cost of marketing campaigns

E. Cost of network management

Correct Answer: BC

QUESTION 109 Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Select TWO.)

A. Use the AWS account root user for daily access.

B. Rotate credentials on a regular basis.

C. Use access keys and secret access keys on Amazon EC2.

D. Configure multi-factor authentication (MFA).

E. Create a shared set of access keys for system administrators.

Correct Answer: BD

QUESTION 110 Which of the following are characteristics of AWS WAF? (Select TWO.)

A. Acts as a firewall that controls inbound and outbound traffic between Amazon EC2 instances

B. Protects websites that are not hosted on AWS

C. Scans Amazon EC2 instances for common vulnerabilities

D. Acts as a firewall that controls inbound and outbound traffic between subnets

E. Gives users the ability to block traffic that has specific HTTP headers

Correct Answer: DE

QUESTION 111 A company needs to run an application on Amazon EC2 instances. The instances cannot be interrupted at any time. The company needs an instance purchasing option that requires no long-term commitment or upfront payment. Which instance purchasing option will meet these requirements MOST cost-effectively?

A. Spot Instances

B. On-Demand Instances

C. Dedicated Hosts

D. Reserved Instances

Correct Answer: B

QUESTION 112 Which task can a company complete by using AWS Organizations?

A. Track application deployment statuses globally.

B. Activate DDoS protection across all accounts.

C. Remove unused and underutilised AWS resources across all accounts.

D. Share pre-purchased Amazon EC2 resources across accounts.

Correct Answer: C

QUESTION 113 A company is using AWS Lambda. Which task is the company's responsibility, according to the AWS shared responsibility model?

A. Update the Lambda runtime language.

B. Maintain the networking infrastructure.

C. Maintain the runtime environment.

D. Configure the resource.

Correct Answer: B

QUESTION 114 A system automatically recovers from failure when a company launches its workload on the AWS Cloud services platform. Which pillar of the AWS Well-Architected Framework does this situation demonstrate?

A. Reliability

B. Operational excellence.

C. Cost optimization

D. Performance efficiency

Correct Answer: B

QUESTION 115 A company needs to process data from satellite communications without managing any infrastructure. Which AWS service should the company use to meet these requirements?

A. Amazon CloudWatch

B. Amazon Aurora

C. AWS Ground Station

D. Amazon Athena

Correct Answer: C

QUESTION 116 Which of the following is an AWS key-value database offering consistent single-digit millisecond performance at any scale?

A. Amazon RDS

B. Amazon DynamoDB

C. Amazon Aurora

D. Amazon Redshift

Correct Answer: B

QUESTION 117 Which combination of steps will enable multi-factor authentication (MFA) on an AWS account? (Select TWO.)

A. Contact AWS Support to initiate MFA activation.

B. Activate the MFA device by using Amazon GuardDuty.

C. Activate the MFA device in the IAM console or by using the AWS CLI.

D. Activate AWS Shield on an MFA-compatible device.

E. Acquire an MFA-compatible device.

Correct Answer: DE

QUESTION 118 Which tasks are responsibilities of AWS, according to the AWS shared responsibility model? (Select TWO.)

A. Manage customer data.

B. Encrypt client-side data and authenticate data integrity.

C. Provide physical security for Availability Zones.

D. Perform identity and access management.

E. Patch the operating system of Amazon S3

Correct Answer: BC

QUESTION 119 A company needs to report on events that involve the specific AWS services that the company uses. Which AWS service or resource can the company use with Amazon CloudWatch to meet this requirement?

A. Amazon Inspector

B. AWS Trusted Advisor

C. AWS Personal Health Dashboard

D. AWS Cloud Trail logs

Correct Answer: C

QUESTION 120 A company plans to launch an application that will run in multiple locations within the United States. The company needs to identify the two AWS Regions where the application can operate at the lowest price. Which AWS service or feature should the company use to determine the Regions that offer the lowest price?

A. Cost Explorer

B. AWS Trusted Advisor

C. AWS Budgets

D. AWS Pricing Calculator

Correct Answer: B

QUESTION 121 A company runs applications that process credit card information. Auditors have asked if the AWS environment has changed since the previous audit. If the AWS environment has changed, the auditor's i want to know how it has changed. Which AWS services can provide this information? (Select TWO.)

A. AWS Config

B. AWS Cloud Trail

C. AWS Artefact

D. AWS Trusted Advisor

E. AWS Identity and Access Management (IAM)

Correct Answer: AB

QUESTION 122 What is an AWS Region?

A. A broad set of global, cloud-based products that include compute, storage, and databases

B. One or more discrete data centres with redundant power, networking, and connectivity

C. A physical location around the world where data centres are clustered

D. A service that developers use to build applications that deliver latencies of single-digit milliseconds to users

Correct Answer: C

QUESTION 123 Which AWS service should a company use to create a NoSQL database?

A. Amazon Aurora

B. Amazon Redshift

C. Amazon DynamoDB

D. Amazon Neptune

Correct Answer: C

QUESTION 124 A company needs to schedule the rotation of database credentials in the AWS Cloud. Which AWS service should the company use to perform this task?

A. AWS Identity and Access Management (IAM)

B. AWS Managed Services (AMS)

C. AWS Secrets Manager

D. Amazon RDS

Correct Answer: C

QUESTION 125 A developer is working on enhancing applications at AWS. The developer needs a service that can Securely host GitHub-based code, repositories, and version controls. Which AWS service should the developer use?

A. AWS CodeCommit

B. AWS CodeStar

C. Amazon CodeGuru

D. AWS CodePipeline

Correct Answer: A

QUESTION 126 A company discovered unauthorised access to resources in its on-premises data centre. Upon investigation, the company found that the requests originated from a resource hosted on AWS. Which AWS team should the company contact to report this issue?

A. AWS Customer Service team

B. AWS Technical Support team

C. AWS Sales team

D. AWS Abuse team

Correct Answer: B

QUESTION 127 Who can create and manage access keys for an AWS account root user?

A. An IAM user that has administrator permissions

B. The AWS account owner

C. IAM users within a designated group

D. An IAM user that has the required role

Correct Answer: B

Toggle Title

A. An IAM user that has administrator permissions

B. The AWS account owner

C. IAM users within a designated group

D. An IAM user that has the required role

Correct Answer: B

QUESTION 128 A company wants a cost-effective option when running its applications in an Amazon EC2 instance for short time periods. The applications can be interrupted. Which EC2 instance type will meet these requirements?

A. On-Demand Instances

B. Reserved Instances

C. Spot Instances

D. Dedicated Instances

Correct Answer: C

QUESTION 129 A company needs a centralised, secure way to create and manage cryptographic keys. The company will use the keys across a wide range of AWS services and applications. The company needs to track and document when the keys are created, used, and deleted. Which AWS service or feature will meet these requirements?

A. AWS Secrets Manager

B. AWS License Manager

C. AWS Key Management Service (AWS KMS)

D. AWS Systems Manager Parameter Store

Correct Answer: C

QUESTION 130 Which AWS service provides storage that can be mounted across multiple Amazon EC2 instances?

A. Amazon Elastic File System (Amazon EFS)

B. Amazon WorkSpaces

C. AWS Database Migration Service (AWS DMS)

D. AWS Snowball Edge

Correct Answer: A

QUESTION 131 What is a benefit of moving to the AWS Cloud in terms of improving time to market?

A. Decreased deployment speed

B. Increased application security

C. Increased backup capabilities

D. Increased business agility

Correct Answer: D

QUESTION 132 A company needs real-time guidance to follow AWS best practices to save money, improve system performance, and close security gaps. Which AWS service should the company use?

A. AWS Trusted Advisor

B. Amazon GuardDuty

C. AWS Management Console

D. AWS Systems Manager

Correct Answer: A

QUESTION 133 A company runs a web application on Amazon EC2 instances. The application must run constantly and is expected to run indefinitely without interruption. Which EC2 instance purchasing options will meet these requirements MOST cost- effectively? (Select TWO.)

A. Reserved Instances

B. Savings Plans

C. On-Demand Instances

D. Spot Instances.

E. Dedicated Hosts

Correct Answer: AB

QUESTION 134 A company needs steady and predictable performance from its Amazon EC2 instances at the lowest possible cost. The company also needs the ability to scale resources to ensure that it has the right resources available at the right time. Which AWS service or resource will meet these requirements?

A. Amazon CloudWatch

B. Application Load Balancer

C. Amazon EC2 Auto Scaling

D. AWS Batch

Correct Answer: C

QUESTION 135 Which of the following is an AWS Well-Architected Framework design principle for operational excellence in the AWS Cloud?

A. Make frequent, small, reversible changes.

B. Go global in minutes.

C. Implement a strong foundation of identity and access management.

D. Stop spending money on hardware infrastructure for data centre operations.

Correct Answer: A

QUESTION 136 Which AWS service provides an isolated virtual network to connect AWS services and resources?

A. Amazon EC2

B. Amazon DynamoDB

C. Amazon VPC

D. Amazon Lightsail

Correct Answer: C

QUESTION 137 A company needs an AWS Support plan that provides programmatic case management through the AWS Support API. Which support plan will meet this requirement MOST cost-effectively?

A. AWS Business Support

B. AWS Developer Support

C. AWS Enterprise Support

D. AWS Basic Support

Correct Answer: D

QUESTION 138 Which of the following describes some of the core functionality of Amazon S3?

A. Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability.

B. Amazon S3 is a high-performance block storage service that is designed for use with Amazon EC2

C. Amazon S3 is a fully managed, highly reliable, and scalable file storage system that is accessible over the industry-standard SMB protocol.

D. Amazon S3 is a scalable, fully managed elastic NFS for use with AWS Cloud services and on-premises resources.

Correct Answer: A

QUESTION 139 Which approach will enhance a user's security on AWS?

A. Use Multi-AZ deployments with Amazon RDS.

B. Encrypt data by using AWS Key Management Service (AWS KMS).

C. Create a hybrid architecture by using AWS Direct Connect.

D. Monitor application-specific information with AWS X-Ray.

Correct Answer: B

QUESTION 140 A company with AWS Enterprise Support needs help understanding its monthly AWS bill and wants to implement billing best practices. Which AWS tool or resource is available to accomplish these goals?

A. AWS Concierge Support team

B. Resource tagging

C. AWS Abuse team

D. AWS Support

Correct Answer: A

QUESTION 141 A company manages global applications that require static IP addresses. Which AWS service would enable the company to improve the availability and performance of its applications?

A. Amazon CloudFront

B. Amazon S3 Transfer Acceleration

C. AWS Global Accelerator

D. Amazon API Gateway

Correct Answer: C

QUESTION 142 A company wants to migrate its on-premises Microsoft SQL Server database server to the AWS Cloud. The company has decided to use Amazon EC2 instances to run this database. Which of the following is the company responsible for managing, according to the AWS shared responsibility model?

A. Security patching of the guest operating system

B. EC2 hypervisor

C. Network connectivity of the host server

D. Uptime service level agreement (SLA) for the EC2 instances

Correct Answer: A

QUESTION 143 Which of the following are characteristics of a serverless application that runs in the AWS Cloud? (Select TWO.)

A. Users must manually configure Amazon EC2 instances.

B. The application has built-in fault tolerance.

C. Users have a choice of operating systems.

D. The application can scale based on demand.

E. Users can run Amazon EC2 Spot Instances.

Correct Answer: BD

QUESTION 144 Which AWS service decouples application components so that the components run independently?

A. Amazon Simple Notification Service (Amazon SNS)

B. Amazon Simple Workflow Service (Amazon SWF)

C. Amazon Simple Queue Service (Amazon SQS)

D. AWS Glue

Correct Answer: C

QUESTION 145 A company needs to use machine learning and pattern matching to identify and protect sensitive data that The company stores in the AWS Cloud. Which AWS service will meet these requirements?

A. Amazon Macie

B. Amazon Inspector

C. Amazon GuardDuty

D. AWS Audit Manager

Correct Answer: A

QUESTION 146 A company stores configuration files in an Amazon S3 bucket. These configuration files must be accessed by applications that are running on Amazon EC2 instances. According to AWS security best practices, how should the company grant permissions to allow the applications to access the S3 bucket?

A. Use the AWS account root user access keys.

B. Use an IAM role with the necessary permissions.

C. Use the AWS access key ID and the EC2 secret access key.

D. Activate multi-factor authentication (MFA) and versioning on the S3 bucket.

Correct Answer: B

techinsightslabs

AWS Certified Cloud Practitioner (CLF-C01)Exam K

Solverwp- WordPress Theme and Plugin