AWS Certified Cloud Practitioner Sample Question and Answers Set
11(501-550)
Click Button To Hide All Answers
QUESTION NO: 501- Which tool can be used
to create alerts when the actual or forecasted cost of AWS services
exceeds a certain threshold?
(A) Cost Explorer.
(B) AWS Budgets.
(C) AWS Cost and Usage Report.
(D) AWS CloudTrail.
Answer: B
QUESTION NO: 502- A user has limited
knowledge of AWS services, but wants to quickly deploy a scalable Node.js
application in the AWS Cloud. Which service should be used to deploy the application?
(A) AWS CloudFormation.
(B) AWS Elastic Beanstalk.
(C) Amazon EC2.
(D) AWS OpsWorks.
Answer: B
QUESTION NO: 503- Which AWS Trusted
Advisor check is available to all AWS users?
(A) Core checks.
(B) All checks.
(C) Cost optimization checks.
(D) Fault tolerance checks.
Answer: C
QUESTION NO: 504- A web developer is
concerned that a DDoS attack could target an application. Which AWS services or features can help protect against such an attack? (Choose two.)
(A) AWS Shield.
(B) AWS CloudTrail.
(C) Amazon CloudFront.
(D) AWS Support Center.
(E) AWS Service Health Dashboard.
Answer: A, B
QUESTION NO: 505- Which AWS service gives
users on-demand, self-service access to AWS compliance control
reports?
(A) AWS Config.
(B) Amazon GuardDuty.
(C) AWS Trusted Advisor.
(D) AWS Artifact.
Answer: D
QUESTION NO: 506- A company wants to
provide one of its employees with access to Amazon RDS. The company
also wants to limit the interaction to only the AWS CLI and AWS software development kits
(SDKs). Which combination of actions should the company take to meet these requirements while following the
principles of least privilege? (Choose two.)
(A) Create an IAM user and provide AWS Management Console access only.
(B) Create an IAM user and provide programmatic access only.
(C) Create an IAM role and provide AWS Management Console access only.
(D) Create an IAM policy with administrator access and attach it to the IAM user.
(E) Create an IAM policy with Amazon RDS access and attach it to the IAM user.
Answer: B, E
QUESTION NO: 507- A company has a
compliance requirement to record and evaluate configuration changes, as well
as perform remediation actions on AWS resources. Which AWS service should the company use?
(A) AWS Config.
(B) AWS Secrets Manager.
(C) AWS CloudTrail.
(D) AWS Trusted Advisor.
Answer: A
QUESTION NO: 508- What are the advantages
of deploying an application with Amazon EC2 instances in multiple
Availability Zones? (Choose two.)
(A) Preventing a single point of failure.
(B) Reducing the operational costs of the application.
(C) Allowing the application to serve cross-region users with low latency.
(D) Increasing the availability of the application.
(E) Increasing the load of the application.
Answer: A, D
QUESTION NO: 509- A workload on AWS will
run for the foreseeable future by using a consistent number of Amazon
EC2 instances. What pricing model will minimize cost while ensuring that compute resources remain
available?
(A) Dedicated Hosts.
(B) On-Demand Instances.
(C) Spot Instances.
(D) Reserved Instances.
Answer: D
QUESTION NO: 510- Which tool can be used
to identify scheduled changes to the AWS infrastructure?
(A) AWS Personal Health Dashboard.
(B) AWS Trusted Advisor.
(C) Billing Dashboard.
(D) AWS Config.
Answer: A
QUESTION NO: 511- Which of the following
is the customer’s responsibility when using Amazon RDS?
(A) Patching the operating system of underlying hardware.
(B) Controlling traffic to and from the database through security groups.
(C) Running backups that enable point-in-time recovery of a DB instance.
(D) Replacing failed DB instances.
Answer: D
QUESTION NO: 512- What is the customer’s
responsibility when using AWS Lambda?
(A) Operating system configuration.
(B) Application management.
(C) Platform management.
(D) Code encryption.
Answer: D
QUESTION NO: 513- A company wants to be
notified when its AWS Cloud costs or usage exceed defined thresholds. Which AWS service will support these
requirements?
(A) AWS Budgets.
(B) Cost Explorer.
(C) AWS CloudTrail.
(D) Amazon Macie.
Answer: A
QUESTION NO: 514- Which AWS service
provides the ability to host a NoSQL database in the AWS Cloud?
(A) Amazon Aurora.
(B) Amazon DynamoDB.
(C) Amazon RDS.
(D) Amazon Redshift.
Answer: B
QUESTION NO: 515- Which AWS service
allows customers to purchase unused Amazon EC2 capacity at an often
discounted rate?
(A) Reserved Instances.
(B) On-Demand Instances.
(C) Dedicated Instances.
(D) Spot Instances.
Answer: D
QUESTION NO: 516- Which AWS service or
feature requires an internet service provider (ISP) and a colocation facility to be implemented?
QUESTION NO: 518- Which AWS service can
be used to privately store and manage versions of source code?
(A) AWS CodeBuild.
(B) AWS CodeCommit.
(C) AWS CodePipeline.
(D) AWS CodeStar.
Answer: B
QUESTION NO: 519- Which AWS service
should a cloud practitioner use to identify security vulnerabilities of an AWS account?
(A) AWS Secrets Manager.
(B) Amazon Cognito.
(C) Amazon Macie.
(D) AWS Trusted Advisor.
Answer: D
QUESTION NO: 520- A company wants to
ensure its infrastructure is designed for fault tolerance and business
continuity in the event of an environmental disruption. Which AWS infrastructure component should the company
replicate across?
(A) Edge locations.
(B) Availability Zones.
(C) Regions.
(D) Amazon Route 53.
Answer: B
QUESTION NO: 521- Which AWS service or
feature is used to send both text and email messages from distributed
applications?
(A) Amazon Simple Notification Service (Amazon SNS).
(B) Amazon Simple Email Service (Amazon SES).
(C) Amazon CloudWatch alerts.
(D) Amazon Simple Queue Service (Amazon SQS).
Answer: D
QUESTION NO: 522- Which AWS Cloud design
principles can help increase reliability? (Choose two.)
(A) Using monolithic architecture.
(B) Measuring overall efficiency.
(C) Testing recovery procedures.
(D) Adopting a consumption model.
(E) Automatically recovering from failure.
Answer: C, E
QUESTION NO: 523- A company has an AWS
environment that consists of a VPC, multiple subnets, and many Amazon
EC2 instances in the subnets. An engineer wants to restrict inbound traffic to one particular EC2 instance
without affecting the other EC2 instances. Which AWS service or feature should the engineer use to meet this
requirement?
(A) Network ACLs.
(B) Security groups.
(C) Amazon GuardDuty.
(D) AWS Shield.
Answer: A
QUESTION NO: 524- A company wants to
connect to AWS over a private, low-latency connection from its remote office. What is the recommended method
to meet these requirements?
(A) Create a VPN tunnel.
(B) Connect across the public internet.
(C) Use VPC peering to create a connection.
(D) Use AWS Direct Connect.
Answer: D
QUESTION NO: 525- Which AWS service can
be used to retrieve compliance reports on demand?
(A) AWS Secrets Manager.
(B) AWS Artifact.
(C) AWS Security Hub.
(D) AWS Certificate Manager.
Answer: B
QUESTION NO: 526- A company has an
AWS-hosted website located behind an Application Load Balancer. The
company wants to safeguard the website from SQL injection or cross-site scripting. Which AWS service should
the company use?
(A) Amazon GuardDuty.
(B) AWS WAF.
(C) AWS Trusted Advisor.
(D) Amazon Inspector.
Answer: B
QUESTION NO: 527- How should a web
application be deployed to ensure high availability in the AWS Cloud?
(A) Deploy multiple instances of the application in multiple Availability Zones.
(B) Deploy multiple instances of the application in a single Availability Zone
(C) Deploy the application to a compute-optimized Amazon EC2 instance in a single Availability Zone.
(D) Deploy the application in one Amazon EC2 instance in an Auto Scaling group.
Answer: A
QUESTION NO: 528- A company is running a
self-managed Oracle database directly on Amazon EC2 for its steady-state database. The company wants to reduce
compute costs. Which option should the company use to maximize savings over a 3-year term?
(A) EC2 Dedicated Instances.
(B) EC2 Spot Instances.
(C) EC2 Reserved Instances.
(D) EC2 On-Demand Instances.
Answer: C
QUESTION NO: 529- An external auditor has
requested that a company provide a list of all its IAM users, including the status of users’ credentials and
access keys. What it the SIMPLEST way to provide this information?
(A) Create an IAM user account for the auditor, granting the auditor administrator permissions.
(B) Take a screenshot of each user’s page in the AWS Management Console, then provide the
screenshots to the auditor.
(C) Download the IAM credential report, then provide the report to the auditor.
(D) Download the AWS Trusted Advisor report, then provide the report to the auditor.
Answer: C
QUESTION NO: 530- What are the benefits
of consolidated billing for AWS Cloud services? (Choose two.)
(A) Volume discounts.
(B) A minimal additional fee for use.
(C) One bill for multiple accounts.
(D) Installment payment options.
(E) Custom cost and usage budget creation.
Answer: C, E
QUESTION NO: 531- A company is expecting
a short-term spike in internet traffic for its application. During the traffic increase, the application cannot
be interrupted. The company also needs to minimize cost and maximize flexibility. Which Amazon EC2 instance
type should the company use to meet these requirements?
(A) On-Demand Instances.
(B) Spot Instances.
(C) Reserved Instances.
(D) Dedicated Hosts.
Answer: B
QUESTION NO: 532- A company wants to
track AWS resource configuration changes for compliance reasons.
Which AWS feature can be used to meet this requirement?
(A) AWS Cost and Usage Report.
(B) AWS Organizations service control policies (SCPs).
(C) AWS Config rules.
(D) VPC Flow Logs.
Answer: C
QUESTION NO: 533- A company is building
an application that needs to deliver images and videos globally with minimal latency. Which approach can the
company use to accomplish this in a cost effective manner?
(A) Deliver the content through Amazon CloudFront.
(B) Store the content on Amazon S3 and enable S3 cross-region replication.
(C) Implement a VPN across multiple AWS Regions.
(D) Deliver the content through AWS PrivateLink.
Answer: A
QUESTION NO: 534- The AWS IAM best
practice for granting least privilege is to:
(A) apply an IAM policy to an IAM group and limit the size of the group.
(B) require multi-factor authentication (MFA) for all IAM users.
(C) require each IAM user who has different permissions to have multiple passwords.
(D) apply an IAM policy only to IAM users who require it..
Answer: D
QUESTION NO: 535- Which cloud computing
benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase
volumes?
(A) Pay-as-you-go pricing.
(B) High availability.
(C) Global reach.
(D) Economies of scale.
Answer: D
QUESTION NO: 536- A pharmaceutical
company operates its infrastructure in a single AWS Region. The company has
thousands of VPCs in a various AWS accounts that it wants to interconnect.
Which AWS service or feature should the company use to help simplify management and reduce operational costs?
(A) VPC endpoint.
(B) AWS Direct Connect.
(C) AWS Transit Gateway.
(D) VPC peering.
Answer: C
QUESTION NO: 537- How can AWS enable a
company to control expenses as an application’s usage changes
unpredictably?
(A) AWS will refund the cost difference if a customer moves to larger servers.
(B) The application can be built to scale up or down automatically as resources are needed.
(C) Spot instances will automatically be used if the price is lower than on-demand instances.
(D) Amazon CloudWatch will automatically predict what resources are needed.
Answer: B
QUESTION NO: 538- Which AWS service or
feature can be used to prevent SQL injection attacks?
(A) Security groups.
(B) Network ACLs.
(C) AWS WAF.
(D) IAM policy.
Answer: C
QUESTION NO: 539- Which AWS service can
help a company detect an outage of its website servers and redirect
users to alternate servers?
(A) Amazon CloudFront.
(B) Amazon GuardDuty.
(C) Amazon Route 53.
(D) AWS Trusted Advisor.
Answer: C
QUESTION NO: 540- Which of the following
IT tasks does AWS perform to offload a company’s IT resource
management responsibilities? (Choose two.)
(A) Configuring operating system firewalls.
(B) Setting up access controls for data.
(C) Backing up databases.
(D) Configuring database user accounts.
(E) Installing operating systems.
Answer: C, E
QUESTION NO: 541- According to security
best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?
(A) According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3
bucket?
(B) Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the
file.
(C) Have the EC2 instance assume a role to obtain the privileges to upload the file.
(D) Modify the S3 bucket policy so that any service can upload to it at any time.
Answer: C
QUESTION NO: 542- A user can increase
operational efficiency in the AWS Cloud by:
(A) leveraging AWS managed services.
(B) right-sizing AWS infrastructure.
(C) manually creating all necessary resources.
(D) managing their own software licenses.
Answer: A
QUESTION NO: 543- Which AWS service
automatically handles application health monitoring?
(A) Amazon API Gateway.
(B) AWS Elastic Beanstalk.
(C) AWS Lambda.
(D) AWS Config.
Answer: B
QUESTION NO: 544- Under the AWS shared
responsibility model, which task is the customer’s responsibility when managing AWS Lambda functions?
(A) Creating versions of Lambda functions.
(B) Maintaining server and operating systems.
(C) Scaling Lambda resources according to demand.
(D) Updating the Lambda runtime environment.
Answer: C
QUESTION NO: 545- A company needs to
track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources.
Which AWS tool or service can be used to meet these requirements?
(A) Amazon CloudWatch.
(B) Amazon Inspector.
(C) AWS Cloud Trail.
(D) AWS IAM.
Answer: C
QUESTION NO: 546- According to the AWS
shared responsibility model, which of the following are AWS
responsibilities? (Choose two.)
(A) Network infrastructure and virtualization of infrastructure.
(B) Security of application data.
(C) Guest operating systems.
(D) Physical security of hardware.
(E) Credentials and policies.
Answer: A, D
QUESTION NO: 547- Which of the following
services can be used to block network traffic to an instance? (Choose two.)
QUESTION NO: 548- A company wants to
transfer petabytes of data as quickly as possible from on-premises locations to the AWS Cloud. Which AWS
service should the company use?
(A) AWS Snowball.
(B) AWS Global Accelerator.
(C) Amazon S3 Transfer Acceleration.
(D) Amazon Connect.
Answer: A
QUESTION NO: 549- A company has refined
its workload to use specific AWS services to improve efficiency and reduce cost. Which best practice for cost
governance does this example show?
(A) Resource controls.
(B) Cost allocation.
(C) Architecture optimization.
(D) Tagging enforcement.
Answer: B
QUESTION NO: 550- A company hosts images
in an Amazon S3 bucket for a public-facing website that is viewed by millions of users around the globe. Which
AWS service will deliver this content with reduced latency?