AWS Certified Cloud Practitioner Sample Question and Answers Set
10(451-500)
Click Button To Hide All Answers
QUESTION NO: 451- Which components are
required to build a successful site-to-site VPN connection on AWS?
(Choose two.)
(A) Internet gateway.
(B) NAT gateway.
(C) Customer gateway.
(D) Transit gateway.
(E) Virtual private gateway.
Answer: C, D
QUESTION NO: 452- Which Amazon EC2
pricing option is best suited for applications with short-term, spiky, or unpredictable workloads that cannot be
interrupted?
(A) Spot Instances.
(B) Dedicated Hosts.
(C) On-Demand Instances.
(D) Reserved Instances.
Answer: C
QUESTION NO: 453- Which AWS cloud
architecture principle states that systems should reduce interdependencies?
(A) Scalability.
(B) Services, not servers.
(C) Removing single points of failure.
(D) Loose coupling.
Answer: D
QUESTION NO: 454- What is the MOST
effective resource for staying up to date on AWS security announcements?
(A) AWS Personal Health Dashboard.
(B) AWS Secrets Manager.
(C) AWS Security Bulletins.
(D) Amazon Inspector.
Answer: C
QUESTION NO: 455- Which AWS service
offers persistent storage for a file system?
(A) Amazon S3.
(B) Amazon EC2 instance store.
(C) Amazon Elastic Block Store (Amazon EBS).
(D) Amazon ElastiCache.
Answer: C
QUESTION NO: 456- Which of the following
allows AWS users to manage cost allocations for billing?
(A) Tagging resources.
(B) Limiting who can create resources.
(C) Adding a secondary payment method.
(D) Running all operations on a single AWS account.
Answer: A
QUESTION NO: 457- Which AWS service
allows users to download security and compliance reports about the AWS infrastructure on demand?
(A) Amazon GuardDuty.
(B) AWS Security Hub.
(C) AWS Artifact.
(D) AWS Shield.
Answer: C
QUESTION NO: 458- Which of the following
AWS services are serverless? (Choose two.)
(A) AWS Lambda.
(B) Amazon Elasticsearch Service.
(C) AWS Elastic Beanstalk.
(D) Amazon DynamoDB.
(E) Amazon Redshift.
Answer: A, D
QUESTION NO: 459- Which AWS managed
services can be used to extend an on-premises data center to the AWS
network? (Choose two.)
(A) AWS VPN.
(B) NAT gateway.
(C) AWS Direct Connect.
(D) Amazon Connect.
(E) Amazon Route 53.
Answer: A,S
QUESTION NO: 460- Which requirement must
be met for a member account to be unlinked from an AWS Organizations account?
(A) The linked account must be actively compliant with AWS System and Organization Controls
(SOC).
(B) The payer and the linked account must both create AWS Support cases to request that the
member account be unlinked from the organization.
(C) The member account must meet the requirements of a standalone account.
(D) The payer account must be used to remove the linked account from the organization.
Answer: D
QUESTION NO: 461- What AWS benefit refers
to a customer’s ability to deploy applications that scale up and down the meet variable demand?
(A) Elasticity.
(B) Agility.
(C) Security.
(D) Scalability.
Answer: D
QUESTION NO: 462- During a compliance
review, one of the auditors requires a copy of the AWS SOC 2 report. Which service should be used to submit
this request?
(A) AWS Personal Health Dashboard.
(B) AWS Trusted Advisor.
(C) AWS Artifact.
(D) Amazon S3.
Answer: C
QUESTION NO: 463- A company wants to set
up a highly available workload in AWS with a disaster recovery plan that will allow the company to recover in
case of a regional service interruption. Which configuration will meet these requirements?
(A) Run on two Availability Zones in one AWS Region, using the additional Availability Zones in the AWS Region for
the disaster recovery site.
(B) Run on two Availability Zones in one AWS Region, using another AWS Region for the disaster
recovery site.
(C) Run on two Availability Zones in one AWS Region, using a local AWS Region for the disaster
recovery site.
(D) Run across two AWS Regions, using a third AWS Region for the disaster recovery site.
Answer: A
QUESTION NO: 464- A company has a 500 TB
image repository that needs to be transported to AWS for processing. Which AWS service can import this data
MOST cost-effectively?
(A) AWS Snowball.
(B) AWS Direct Connect.
(C) AWS VPN.
(D) Amazon S3.
Answer: D
QUESTION NO: 465- Which AWS service can
run a managed PostgreSQL database that provides online transaction processing (OLTP)?
(A) Amazon DynamoDB.
(B) Amazon Athena.
(C) Amazon RDS.
(D) Amazon EMR.
Answer: C
QUESTION NO: 466- Which of the following
assist in identifying costs by department? (Choose two.)
(A) Using tags on resources.
(B) Using multiple AWS accounts.
(C) Using an account manager.
(D) Using AWS Trusted Advisor.
(E) Using Consolidated Billing.
Answer: B, E
QUESTION NO: 467- A company wants to
allow full access to an Amazon S3 bucket for a particular user. Which element in the S3 bucket policy holds
the user details that describe who needs access to the S3 bucket?
(A) Principal.
(B) Action.
(C) Resource.
(D) Statement.
Answer: C
QUESTION NO: 468- Which AWS service
allows for effective cost management of multiple AWS accounts?
(A) AWS Organizations.
(B) AWS Trusted Advisor.
(C) AWS Direct Connect.
(D) Amazon Connect.
Answer: A
QUESTION NO: 469- A company is piloting a
new customer-facing application on Amazon Elastic Compute Cloud (Amazon EC2) for one month. What pricing model
is appropriate?
QUESTION NO: 471- Under the AWS shared
responsibility model, which of the following is a responsibility of AWS?
(A) Enabling server-side encryption for objects stored in S3.
(B) Applying AWS IAM security policies.
(C) Patching the operating system on an Amazon EC2 instance.
(D) Applying updates to the hypervisor.
Answer: D
QUESTION NO: 472- A user is able to set
up a master payer account to view consolidated billing reports through:
(A) AWS Budgets.
(B) Amazon Macie.
(C) Amazon QuickSight.
(D) AWS Organizations.
Answer: D
QUESTION NO: 473- Performing operations
as code is a design principle that supports which pillar of the AWS Well-Architected Framework?
(A) Performance efficiency.
(B) Operational excellence.
(C) Reliability.
(D) Security.
Answer: B
QUESTION NO: 474- Which design principle
is achieved by following the reliability pillar of the AWS Well-Architected Framework?
(A) Vertical scaling.
(B) Manual failure recovery.
(C) Testing recovery procedures.
(D) Changing infrastructure manually.
Answer: C
QUESTION NO: 475- What is a
characteristic of Convertible Reserved Instances (RIs)?
(A) Users can exchange Convertible RIs for other Convertible RIs from a different instance family.
(B) Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.
(C) Users can sell and buy Convertible RIs on the AWS Marketplace.
(D) Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs.
Answer: A
QUESTION NO: 476- The user is fully
responsible for which action when running workloads on AWS?
(A) Patching the infrastructure components.
(B) Implementing controls to route application traffic.
(C) Maintaining physical and environmental controls.
(D) Maintaining the underlying infrastructure components.
Answer: B
QUESTION NO: 477- An architecture design
includes Amazon EC2, an Elastic Load Balancer, and Amazon RDS. What is the BEST way to get a monthly cost
estimation for this architecture?
(A) Open an AWS Support case, provide the architecture proposal, and ask for a monthly cost
estimation.
(B) Collect the published prices of the AWS services and calculate the monthly estimate.
(C) Use the AWS Simple Monthly Calculator to estimate the monthly cost.
(D) Use the AWS Total Cost of Ownership (TCO) Calculator to estimate the monthly cost.
Answer: C
QUESTION NO: 478- Which are benefits of
using Amazon RDS over Amazon EC2 when running relational databases on AWS? (Choose two.)
(A) Automated backups.
(B) Schema management.
(C) Indexing of tables.
(D) Software patching.
(E) Extract, transform, and load (ETL) management.
Answer: A, D
QUESTION NO: 479- What does the Amazon S3
Intelligent-Tiering storage class offer?
(A) Payment flexibility by reserving storage capacity.
(B) Long-term retention of data by copying the data to an encrypted Amazon Elastic Block Store
(Amazon EBS) volume.
(C) Automatic cost savings by moving objects between tiers based on access pattern changes
.
(D) Secure, durable, and lowest cost storage for data archival.
Answer: C
QUESTION NO: 480- A company has multiple
data sources across the organization and wants to consolidate data into one data warehouse. Which AWS service
can be used to meet this requirement?
(A) Amazon DynamoDB.
(B) Amazon Redshift.
(C) Amazon Athena.
(D) Amazon QuickSight.
Answer: B
QUESTION NO: 481- Which AWS service can
be used to track resource changes and establish compliance?
(A) Amazon CloudWatch.
(B) AWS Config.
(C) AWS CloudTrail.
(D) AWS Trusted Advisor.
Answer: B
QUESTION NO: 482- A user has
underutilized on-premises resources. Which AWS Cloud concept can BEST address this issue?
(A) High availability.
(B) Elasticity.
(C) Security.
(D) Loose coupling.
Answer: B
QUESTION NO: 483- A user has a stateful
workload that will run on Amazon EC2 for the next 3 years. A user has a stateful workload that will run on
Amazon EC2 for the next 3 years
(A) On-Demand Instances.
(B) Reserved Instances.
(C) Dedicated Instances.
(D) Spot Instances.
Answer: A
QUESTION NO: 484- A cloud practitioner
needs an Amazon EC2 instance to launch and run for 7 hours without interruptions. What is the most suitable
and cost-effective option for this task?
(A) On-Demand Instance.
(B) Reserved Instance.
(C) Dedicated Instances.
(D) Spot Instances.
Answer: D
QUESTION NO: 485- Which of the following
are benefits of using AWS Trusted Advisor? (Choose two.)
(C) Detecting underutilized resources to save costs.
(D) Improving security by proactively monitoring the AWS environment.
(E) Implementing enforced tagging across AWS resources.
Answer: D, E
QUESTION NO: 486- A developer has been
hired by a large company and needs AWS credentials. A developer has been hired by a large company and needs AWS credentials.
(A) Grant the developer access to only the AWS resources needed to perform the job.
(B) Share the AWS account root user credentials with the developer.
(C) Add the developer to the administrator's group in AWS IAM.
(D) Configure a password policy that ensures the developer's password cannot be changed.
(E) Ensure the account password policy requires a minimum length.
Answer: A, E
QUESTION NO: 487- Which AWS storage
service is designed to transfer petabytes of data in and out of the cloud?
(A) AWS Storage Gateway.
(B) Amazon S3 Glacier Deep Archive.
(C) Amazon Lightsail.
(D) AWS Snowball.
Answer: D
QUESTION NO: 488- Which service provides
a user the ability to warehouse data in the AWS Cloud?
(A) Amazon EFS.
(B) Amazon Redshift.
(C) Amazon RDS.
(D) Amazon VPC.
Answer: B
QUESTION NO: 489- A user is planning to
migrate an application workload to the AWS Cloud. A user is planning to migrate an application workload to the
AWS Cloud.
(A) Patching the guest operating system.
(B) Maintaining physical and environmental controls.
(C) Protecting communications and maintaining zone security.
(D) Patching specific applications.
Answer: B
QUESTION NO: 490- Which services can be
used to deploy applications on AWS? (Choose two.)
(A) AWS Elastic Beanstalk.
(B) AWS Config.
(C) AWS OpsWorks.
(D) AWS Application Discovery Service.
(E) Amazon Kinesis.
Answer: A, C
QUESTION NO: 491- Which AWS service can
be used to provide an on-demand, cloud-based contact center?
(A) AWS Direct Connect.
(B) Amazon Connect.
(C) AWS Support Center.
(D) AWS Managed Services.
Answer: B
QUESTION NO: 492- What tool enables
customers without an AWS account to estimate costs for almost all AWS services?
(A) Cost Explorer.
(B) TCO Calculator.
(C) AWS Budgets.
(D) Simple Monthly Calculator.
Answer: A
QUESTION NO: 493- Which component must be
attached to a VPC to enable inbound Internet access?
(A) NAT gateway.
(B) VPC endpoint.
(C) VPN connection.
(D) Internet gateway.
Answer: C
QUESTION NO: 494- Which pricing model
would result in maximum Amazon Elastic Compute Cloud (Amazon EC2) savings for a database server that must be
online for one year?
(A) Spot Instance.
(B) On-Demand Instance.
(C) Partial Upfront Reserved Instance.
(D) No Upfront Reserved Instance.
Answer: C
QUESTION NO: 495- A company has a MySQL
database running on a single Amazon EC2 instance. The company now requires higher availability in the event of
an outage. Which set of tasks would meet this requirement?
(A) Add an Application Load Balancer in front of the EC2 instance.
(B) Configure EC2 Auto Recovery to move the instance to another Availability Zone.
(C) Migrate to Amazon RDS and enable Multi-AZ.
(D) Enable termination protection for the EC2 instance to avoid outages.
Answer: C
QUESTION NO: 496- A company wants to
ensure that AWS Management Console users are meeting password
complexity requirements. How can the company configure password complexity?
(A) Using an AWS IAM user policy.
(B) Using an AWS Organizations service control policy (SCP).
(C) Using an AWS IAM account password policy.
(D) Using an AWS Security Hub managed insight.
Answer: A
QUESTION NO: 497- Under the AWS shared
responsibility model, which of the following is the customer’s responsibility?
(A) Patching guest OS and applications.
(B) Patching and fixing flaws in the infrastructure.
(C) Physical and environmental controls.
(D) Configuration of AWS infrastructure devices.
Answer: A
QUESTION NO: 498- Which of the following
tasks is required to deploy a PCI-compliant workload on AWS?
(A) Use any AWS service and implement PCI controls at the application layer.
(B) Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket to
enable PCI compliance at the application layer.
(C) Use any AWS service and raise an AWS support ticket to enable PCI compliance on that service.
(D) Use an AWS service that is in scope for PCI compliance and apply PCI controls at the application
layer.
Answer: D
QUESTION NO: 499- A company is building
an application that requires the ability to send, store, and receive messages between application components.
The company has another requirement to process messages in first-in, first-out (FIFO) order. Which AWS service
should the company use?
(A) AWS Step Functions.
(B) Amazon Simple Notification Service (Amazon SNS).
(C) Amazon Kinesis Data Streams.
(D) Amazon Simple Queue Service (Amazon SQS).
Answer: D
QUESTION NO: 500- AnyCompany recently
purchased Example Corp. Both companies use AWS resources, and AnyCompany wants a single aggregated bill. Which
option allows AnyCompany to receive a single bill?
(A) Example Corp. must submit a request to its AWS solutions architect or AWS technical account
manager to link the accounts and consolidate billing.
(B) Example Corp. must submit a request to its AWS solutions architect or AWS technical account
manager to link the accounts and consolidate billing.
(C) Send an invitation to join the organization from AnyCompany’s AWS Organizations master
account to Example Corp.
(D) Migrate the Example Corp. VPCs, Amazon EC2 instances, and other resources into the
AnyCompany AWS account.