AWS Certified Cloud Practitioner Sample Question and Answers Set 12(551-600)

  Click Button To Hide All Answers


QUESTION NO: 551-  Which of the following is an AWS best practice for managing an AWS account root user?

(A)   Keep the root user password with the security team.

(B)   Enable multi-factor authentication (MFA) for the root user.

(C)   Create an access key for the root user.

(D)   Keep the root user password consistent for compliance purposes.

  Answer:  B



QUESTION NO: 552-  A company wants to securely access an Amazon S3 bucket from an Amazon EC2 instance without accessing the internet.
What should the company use to accomplish this goal?

(A)   VPN connection.

(B)   Internet gateway.

(C)   VPC endpoint.

(D)   NAT gateway.

  Answer:  C



QUESTION NO: 553-  Which statement is true about AWS global infrastructure?

(A)   Availability Zones can span multiple AWS Regions.

(B)   A VPC can have different subnets in different AWS Regions.

(C)   AWS Regions consist of multiple Availability Zones.

(D)   A single subnet can span multiple Availability Zones.

  Answer:  C



QUESTION NO: 554-  Which AWS service or feature provides information about ongoing or upcoming scheduled events that can affect an AWS account?

(A)   AWS Config.

(B)   AWS Systems Manager.

(C)   AWS Personal Health Dashboard.

(D)   AWS Trusted Advisor.

  Answer:  C



QUESTION NO: 555-  A bank needs to store recordings of calls made to its contact center for 6 years. The recordings must be accessible within 48 hours from the time they are requested.
Which AWS service will provide a secure and cost-effective solution for retaining these files?

(A)   Amazon DynamoDB.

(B)   Amazon S3 Glacier.

(C)   Amazon Connect.

(D)   Amazon ElastiCache.

  Answer:  C



QUESTION NO: 556-  A media company wants to distribute video content to millions of users worldwide over the internet. The company wants to use the AWS global network backbone to distribute cached content with low latency and high data transfer speeds.
Which AWS service will meet these requirements?

(A)   Amazon CloudFront.

(B)   AWS Global Accelerator.

(C)   AWS Direct Connect.

(D)   Amazon Connect.

  Answer:  A



QUESTION NO: 557-  The AWS global infrastructure consists of Regions, Availability Zones, and what else?

(A)   VPCs.

(B)   Data centers.

(C)   Dark fiber network links.

(D)   Edge locations.

  Answer:  B



QUESTION NO: 558-  Which AWS Trusted Advisor feature is available exclusively to users with AWS Business Support or AWS Enterprise Support?

(A)   Notification setup.

(B)   Refresh checks.

(C)   AWS Support API.

(D)   Action links.

  Answer:  C



QUESTION NO: 559-  A company is required to store its data close to its primary users.
Which benefit of the AWS Cloud supports this requirement?

(A)   Security.

(B)   High availability.

(C)   Elasticity.

(D)   Global footprint.

  Answer:  D



QUESTION NO: 560-  Which of the following contribute to total cost of ownership of a workload running in the AWS Cloud? (Choose two.)

(A)   Hardware maintenance.

(B)   Power and cooling.

(C)   Storage costs.

(D)   Space for data center.

(E)   Network costs.

  Answer:  B, D



QUESTION NO: 561-  Using AWS Identity and Access Management (IAM), what can be attached to an Amazon EC2 instance to make service requests?

(A)   Group.

(B)   Role.

(C)   Policy.

(D)   Access key.

  Answer:  B



QUESTION NO: 562-  A company previously lost data that was stored in an on-premises data center. To protect against future loss of data, the company wants to use AWS to automatically launch thousands of its machines in a fully provisioned state in minutes, in a format that supports data restoration.
Which AWS service should the company use to meet these requirements?

(A)   AWS Direct Connect.

(B)   AWS Storage Gateway.

(C)   CloudEndure Disaster Recovery.

(D)   AWS Backup.

  Answer:  C



QUESTION NO: 563-  Which aspect of AWS infrastructure enables global deployment of compute and storage?

(A)   Availability Zones.

(B)   Regions.

(C)   Tags.

(D)   Resource groups.

  Answer:  A



QUESTION NO: 564-  A security officer wants to enable IPsec communications to securely connect users from on-premises networks to AWS.
Which AWS service or feature should the officer use?

(A)   Amazon VPC.

(B)   AWS VPN.

(C)   AWS Direct Connect.

(D)   Amazon Connect.

  Answer:  B



QUESTION NO: 565-  Which of the following can be used to describe infrastructure as code in the AWS Cloud?

(A)   AWS CLI.

(B)   AWS CloudFormation.

(C)   AWS CodeDeploy.

(D)   AWS Amplify.

  Answer:  B



QUESTION NO: 566-  Which of the following are benefits of running a database on Amazon RDS compared to an on-premises database? (Choose two.)

(A)   RDS backups are managed by AWS.

(B)   RDS supports any relational database.

(C)   RDS has no database engine licensing costs.

(D)   RDS database compute capacity can be easily scaled.

(E)   RDS inbound traffic control (for example, security groups) is managed by AWS.

  Answer:  A, D



QUESTION NO: 567-  Which AWS service is designed to help users who want to use machine learning for natural language processing (NLP) but do not have experience in machine learning?

(A)   Amazon Comprehend.

(B)   Amazon SageMaker.

(C)   AWS Deep Learning AMIs (DLAMI).

(D)   Amazon Rekognition.

  Answer:  A



QUESTION NO: 568-  Which AWS service or feature allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud?

(A)   AWS Direct Connect.

(B)   VPC peering.

(C)   AWS VPN.

(D)   Amazon Route 53.

  Answer:  A



QUESTION NO: 569-  A company needs 24/7 phone, email, and chat access, with a response time of less than 1 hour if a production system has a service interruption.
Which AWS Support plan meets these requirements at the LOWEST cost?

(A)   Basic.

(B)   Developer.

(C)   Business.

(D)   Enterprise.

  Answer:  C



QUESTION NO: 570-  How can a user achieve high availability for a web application hosted on AWS?

(A)   Use a Classic Load Balancer across multiple AWS Regions.

(B)   Use an Application Load Balancer across multiple Availability Zones in one AWS Region.

(C)   Use an Application Load Balancer across multiple Availability Zones in one AWS Region.

(D)   Use the AWS Region with the highest number of Availability Zones.

  Answer:  B



QUESTION NO: 571-  A company would like to host its MySQL databases on AWS and maintain full control over the operating system, database installation, and configuration.
Which AWS service should the company use to host the databases?

(A)   Amazon RDS.

(B)   Amazon EC2.

(C)   Amazon DynamoDB.

(D)   Amazon Aurora.

  Answer:  B



QUESTION NO: 572-  What AWS billing support resource is available to all support levels?

(A)   AWS Support concierge.

(B)   AWS Customer Service.

(C)   AWS technical account manager.

(D)   AWS Business Support.

  Answer:  B



QUESTION NO: 573-  Which AWS services help to improve application performance by reducing latency while accessing content globally? (Choose two.)

(A)   Amazon CloudFront.

(B)   AWS VPN.

(C)   AWS Direct Connect.

(D)   AWS Global Accelerator.

(E)   Amazon S3 Glacier.

  Answer:  A, D



QUESTION NO: 574-  Which AWS service provides the ability to quickly run one-time queries on data in Amazon S3?

(A)   Amazon EMR.

(B)   Amazon DynamoDB.

(C)   Amazon Redshift.

(D)   Amazon Athena.

  Answer:  D



QUESTION NO: 575-  Which task requires the use of AWS account root account user credentials?

(A)   Closing an AWS account.

(B)   Creating a log file.

(C)   Modifying IAM user permissions.

(D)   Deleting IAM users.

  Answer:  A



QUESTION NO: 576-  Which AWS service does AWS Snowball Edge natively support?

(A)   AWS Server Migration Service (AWS SMS).

(B)   Amazon Aurora.

(C)   AWS Trusted Advisor.

(D)   Amazon EC2.

  Answer:  D



QUESTION NO: 577-  A company is building a new archiving system on AWS that will store terabytes of data. The company will NOT retrieve the data often.
Which Amazon S3 storage class will MINIMIZE the cost of the system?

(A)   S3 Standard-Infrequent Access (S3 Standard-IA).

(B)   S3 Glacier.

(C)   S3 Intelligent-Tiering.

(D)   S3 One Zone-Infrequent Access (S3 One Zone-IA).

  Answer:  A



QUESTION NO: 578-  Which type of AWS infrastructure deployment puts AWS compute, storage, database, and other select services closer to end users to run latency-sensitive applications?

(A)   AWS Regions.

(B)   Availability Zones.

(C)   Local Zones.

(D)   Edge locations.

  Answer:  C



QUESTION NO: 579-  Which AWS service enables users to monitor for specific phrases, values, or patterns and set up alarms based on metrics?

(A)   AWS IQ.

(B)   Amazon Comprehend.

(C)   AWS CloudTrail.

(D)   Amazon CloudWatch Logs.

  Answer:  D



QUESTION NO: 580-  A company wants durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost.
Which AWS service should the company choose?

(A)   Amazon Elastic Block Store (Amazon EBS).

(B)   Amazon S3.

(C)   AWS Storage Gateway.

(D)   Amazon Elastic File System (Amazon EFS).

  Answer:  B



QUESTION NO: 581-  Which cloud computing advantage is a company applying when it uses AWS Regions to increase application availability to users in different countries?

(A)   Pay-as-you-go pricing.

(B)   Capacity forecasting.

(C)   Economies of scale.

(D)   Global reach.

  Answer:  C



QUESTION NO: 582-  A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption.
Which action should the user take?

(A)   Contact the dedicated AWS technical account manager (TAM).

(B)   Contact the dedicated AWS Concierge Support team.

(C)   Open a business-critical system down support case.

(D)   Open a production system down support case.

  Answer:  D



QUESTION NO: 583-  A company is looking for a way to encrypt data stored on Amazon S3.
Which AWS managed service can be used to help to accomplish this?

(A)   AWS Certificate Manager (ACM).

(B)   AWS Secrets Manager.

(C)   AWS Resource Access Manager.

(D)   AWS Key Management Service (AWS KMS).

  Answer:  D



QUESTION NO: 584-  When a user wants to utilize their existing per-socket, per-core, or per-virtual machine software licenses for a Microsoft Windows server running on AWS, which Amazon EC2 instance type is required?

(A)   Spot Instances.

(B)   Dedicated Instances.

(C)   Dedicated Hosts.

(D)   Reserved Instances.

  Answer:  C



QUESTION NO: 585-  How can consolidated billing within AWS Organizations help lower overall monthly expenses?

(A)   By providing a consolidated view of monthly billing across multiple accounts.

(B)   By pooling usage across multiple accounts to achieve a pricing tier discount.

(C)   By automating the creation of new accounts through APIs.

(D)   By leveraging service control policies (SCPs) for centralized service management.

  Answer:  A



QUESTION NO: 586-  A solutions architect needs to maintain a fleet of Amazon EC2 instances so that any impaired instances are replaced with new ones.
Which AWS service should the solutions architect use?

(A)   Amazon Elastic Container Service (Amazon ECS).

(B)   Amazon GuardDuty.

(C)   AWS Shield.

(D)   AWS Auto Scaling.

  Answer:  D



QUESTION NO: 587-  An application deployed in the AWS Cloud has unpredictable usage patterns and is running workloads that cannot be interrupted.
What is the MOST cost-effective Amazon EC2 pricing option for this application?

(A)   Dedicated Instances.

(B)   Spot Instances.

(C)   Reserved Instances.

(D)   On-Demand Instances.

  Answer:  D



QUESTION NO: 588-  A company is migrating its on-premises data center to AWS and wants to provide NFS access to its Linux clients.
Which AWS service should the company use?

(A)   Amazon S3.

(B)   Amazon Elastic File System (Amazon EFS).

(C)   Amazon Elastic Block Store (Amazon EBS).

(D)   Amazon S3 Glacier.

  Answer:  B



QUESTION NO: 589-  An application is receiving SQL injection attacks from multiple external resources.
Which AWS service or feature can help automate mitigation against these attacks?

(A)   AWS WAF.

(B)   Security groups.

(C)   Elastic Load Balancer.

(D)   Network ACL.

  Answer:  A



QUESTION NO: 590-  Which AWS service enables risk auditing of an AWS account by tracking and recording user actions and source IP addresses?

(A)   AWS X-Ray.

(B)   AWS Shield.

(C)   AWS Trusted Advisor.

(D)   AWS CloudTrail.

  Answer:  D



QUESTION NO: 591-  According to the AWS shared responsibility model, which task is the customer's responsibility?

(A)   Maintaining the infrastructure needed to run AWS Lambda.

(B)   Updating the operating system of Amazon DynamoDB instances.

(C)   Maintaining Amazon S3 infrastructure.

(D)   Updating the guest operating system on Amazon EC2 instances.

  Answer:  D



QUESTION NO: 592-  A company must process a large amount of data from social media accounts by making graphical queries with high throughput.
Which AWS service will help the company design a cloud architecture that will meet these requirements?

(A)   Amazon RDS.

(B)   Amazon DynamoDB.

(C)   Amazon Neptune.

(D)   Amazon Redshift.

  Answer:  C



QUESTION NO: 593-  Which databases are available on Amazon RDS? (Choose two.)

(A)   Sybase.

(B)   Microsoft SQL Server.

(C)   IBM Db2.

(D)   MongoDB.

(E)   PostgreSQL.

  Answer:  D, E



QUESTION NO: 594-  Under the AWS shared responsibility model, what is the customer's responsibility when using an AWS managed service?

(A)   Physical security of the data centers.

(B)   Server-side encryption.

(C)   Customer data.

(D)   Operating system patching.

  Answer:  C



QUESTION NO: 595-  Which service is an AWS-managed Hadoop framework that makes it easy, fast, and cost-effective to process large amounts of data across dynamically scalable Amazon EC2 instances?

(A)   Amazon EMR.

(B)   Amazon EC2.

(C)   AWS Elastic Beanstalk.

(D)   Amazon Redshift.

  Answer:  A



QUESTION NO: 596-  A company with AWS Enterprise Support needs help understanding its monthly AWS bill and wants to implement billing best practices.
Which AWS tool or resource is available to accomplish these goals?

(A)   Resource tagging.

(B)   AWS Concierge Support team.

(C)   AWS Abuse team.

(D)   AWS Support.

  Answer:  D



QUESTION NO: 597-  A company spends several months upgrading its on-premises infrastructure every few years. The company wants to reduce infrastructure procurement time by migrating to the AWS Cloud.
What is the main benefit of migrating to the AWS Cloud for this use case?

(A)   AWS will help move the existing hardware to the AWS data centers.

(B)   The company will have increased agility with on-demand access to IT resources.

(C)   Enterprise support will be available to help with recurring application installation and setup.

(D)   The company will experience less downtime with Multi-AZ deployments.

  Answer:  B



QUESTION NO: 598-  According to the AWS shared responsibility model, when using Amazon RDS, who is responsible for scheduling and performing backups?

(A)   AWS is responsible for both tasks.

(B)   The customer is responsible for scheduling and AWS is responsible for performing backups.

(C)   The customer is responsible for both tasks.

(D)   AWS is responsible for scheduling and the user is responsible for performing backups.

  Answer:  C



QUESTION NO: 599-  Which of the following can be used to identify a specific user who stopped an Amazon EC2 instance?

(A)   AWS CloudTrail.

(B)   Amazon Inspector.

(C)   Amazon CloudWatch.

(D)   VPC Flow Logs.

  Answer:  C



QUESTION NO: 600-  A company has a managed IAM policy that does not grant the necessary permissions for users to accomplish required tasks.
How can this be resolved?

(A)   Enable AWS Shield Advanced.

(B)   Create a custom IAM policy.

(C)   Use a third-party web application firewall (WAF) managed rule from the AWS Marketplace.

(D)   Use AWS Key Management Service (AWS KMS) to create a customer-managed key.

  Answer:  B