CLF-C01 : AWS Certified Cloud Practitioner : Part 09

  1. Under the AWS shared responsibility model, customers are responsible for which aspects of security in the cloud? (Choose two.)

    • Virtualization Management
    • Hardware management
    • Encryption management
    • Facilities management
    • Firewall management
    Explanation:
    With the basic Cloud infrastructure secured and maintained by AWS, the responsibility for what goes into the cloud falls on you. This covers both client and server side encryption and network traffic protection, security of the operating system, network, and firewall configuration, followed by application security and identity and access management.
    Firewall configuration remains the responsibility of the end user, which integrates at the platform and application management level. For example, RDS utilizes security groups, which you would be responsible for configuring and implementing.
  2. Which AWS hybrid storage service enables your on-premises applications to seamlessly use AWS Cloud storage through standard file-storage protocols?

    • AWS Direct Connect
    • AWS Snowball
    • AWS Storage Gateway
    • AWS Snowball Edge
    Explanation:
    The AWS Storage Gateway service enables hybrid cloud storage between on-premises environments and the AWS Cloud. It seamlessly integrates on-premises enterprise applications and workflows with Amazon’s block and object cloud storage services through industry standard storage protocols. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. It provides an optimized data transfer mechanism and bandwidth management, which tolerates unreliable networks and minimizes the amount of data being transferred. It brings the security, manageability, durability, and scalability of AWS to existing enterprise environments through native integration with AWS encryption, identity management, monitoring, and storage services. Typical use cases include backup and archiving, disaster recovery, moving data to S3 for in-cloud workloads, and tiered storage.
  3. What is a responsibility of AWS in the shared responsibility model?

    • Updating the network ACLs to block traffic to vulnerable ports.
    • Patching operating systems running on Amazon EC2 instances.
    • Updating the firmware on the underlying EC2 hosts.
    • Updating the security group rules to block traffic to the vulnerable ports.
  4. Which architectural principle is used when deploying an Amazon Relational Database Service (Amazon RDS) instance in Multiple Availability Zone mode?

    • Implement loose coupling.
    • Design for failure.
    • Automate everything that can be automated.
    • Use services, not servers.
    Explanation:
    Amazon RDS Multi-AZ deployments provide enhanced availability and durability for Database (DB) Instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.
  5. What does it mean to grant least privilege to AWS IAM users?

    • It is granting permissions to a single user only.
    • It is granting permissions using AWS IAM policies only.
    • It is granting Administrator Access policy permissions to trustworthy users.
    • It is granting only the permissions required to perform a given task.
    Explanation:
    When you create IAM policies, follow the standard security advicperform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.
  6. What is a benefit of loose coupling as a principle of cloud architecture design?

    • It facilitates low-latency request handling.
    • It allows applications to have dependent workflows.
    • It prevents cascading failures between different components.
    • It allows companies to focus on their physical data center operations.
    Explanation:
    IT systems should ideally be designed in a way that reduces inter-dependencies. Your components need to be loosely coupled to avoid changes or failure in one of the components from affecting others. Your infrastructure also needs to have well defined interfaces that allow the various components to interact with each other only through specific, technology-agnostic interfaces. Modifying any underlying operations without affecting other components should be made possible.
  7. A director has been tasked with investigating hybrid cloud architecture. The company currently accesses AWS over the public internet.

    Which service will facilitate private hybrid connectivity?

    • Amazon Virtual Private Cloud (Amazon VPC) NAT Gateway
    • AWS Direct Connect
    • Amazon Simple Storage Service (Amazon S3) Transfer Acceleration
    • AWS Web Application Firewall (AWS WAF)
    Explanation:
    Amazon VPC provides multiple network connectivity options for you to leverage depending on your current network designs and requirements. These connectivity options include leveraging either the internet or an AWS Direct Connect connection as the network backbone and terminating the connection into either AWS or user-managed network endpoints. Additionally, with AWS, you can choose how network routing is delivered between Amazon VPC and your networks, leveraging either AWS or user-managed network equipment and routes.
  8. A company’s web application currently has tight dependencies on underlying components, so when one component fails the entire web application fails.

    Applying which AWS Cloud design principle will address the current design issue?

    • Implementing elasticity, enabling the application to scale up or scale down as demand changes.
    • Enabling several EC2 instances to run in parallel to achieve better performance.
    • Focusing on decoupling components by isolating them and ensuring individual components can function when other components fail.
    • Doubling EC2 computing resources to increase system fault tolerance.
  9. How can a customer increase security to AWS account logons? (Choose two.)

    • Configure AWS Certificate Manager
    • Enable Multi-Factor Authentication (MFA)
    • Use Amazon Cognito to manage access
    • Configure a strong password policy
    • Enable AWS Organizations
    Explanation:
    Your root account should always be protected by Multi-Factor Authentication (MFA). This additional layer of security helps protect against unauthorized logins to your account by requiring two factors: something you know (a password) and something you have (for example, an MFA device). AWS supports virtual and hardware MFA devices and U2F security keys. Cognito can be used as an Identity Provider (IdP), where it stores and maintains users and credentials securely for your applications, or it can be integrated with OpenID Connect, SAML, and other popular web identity providers like Amazon.com. Using Amazon Cognito, you can generate temporary access credentials for your clients to access AWS services, eliminating the need to store long-term credentials in client applications.
  10. What AWS service would be used to centrally manage AWS access across multiple accounts?

    • AWS Service Catalog
    • AWS Config
    • AWS Trusted Advisor
    • AWS Organizations
    Explanation:
    To improve control over your AWS environment, you can use AWS Organizations to create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts without requiring custom scripts and manual processes.
  11. Which AWS service can a customer use to set up an alert notification when the account is approaching a particular dollar amount?

    • AWS Cost and Usage reports
    • AWS Budgets
    • AWS Cost Explorer
    • AWS Trusted Advisor
  12. What can users access from AWS Artifact?

    • AWS security and compliance documents
    • A download of configuration management details for all AWS resources
    • Training materials for AWS services
    • A security assessment of the applications deployed in the AWS Cloud
    Explanation:
    You can use AWS Artifact Reports to download AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and System and Organization Control (SOC) reports.
  13. What is the MINIMUM AWS Support plan that provides designated Technical Account Managers?

    • Enterprise
    • Business
    • Developer
    • Basic
  14. Which of the following is an AWS Well-Architected Framework design principle related to reliability?

    • Deployment to a single Availability Zone
    • Ability to recover from failure
    • Design for cost optimization
    • Perform operations as code
  15. Which type of AWS storage is ephemeral and is deleted when an instance is stopped or terminated?

    • Amazon EBS
    • Amazon EC2 instance store
    • Amazon EFS
    • Amazon S3
    Explanation:
    When you stop or terminate an instance, every block of storage in the instance store is reset. Therefore, your data cannot be accessed through the instance store of another instance.
  16. What is an advantage of using the AWS Cloud over a traditional on-premises solution?

    • Users do not have to guess about future capacity needs.
    • Users can utilize existing hardware contracts for purchases.
    • Users can fix costs no matter what their traffic is.
    • Users can avoid audits by using reports from AWS.
  17. Which of the following is an AWS-managed compute service?

    • Amazon SWF
    • Amazon EC2
    • AWS Lambda
    • Amazon Aurora
  18. Which of the following is an important architectural principle when designing cloud applications?

    • Store data and backups in the same region.
    • Design tightly coupled system components.
    • Avoid multi-threading.
    • Design for failure.
    Explanation:
    There are six design principles for operational excellence in the cloud:- Perform operations as code
    – Annotate documentation
    – Make frequent, small, reversible changes
    – Refine operations procedures frequently
    – Anticipate failure
    – Learn from all operational failures
  19. Which mechanism allows developers to access AWS services from application code?

    • AWS Software Development Kit
    • AWS Management Console
    • AWS CodePipeline
    • AWS Config
  20. Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours?

    • On-Demand Instances
    • Reserved Instances
    • Spot Instances
    • Dedicated Instances
    Explanation:
    With On-Demand instances, you pay for compute capacity by the hour or the second depending on which instances you run. No longer-term commitments or upfront payments are needed. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified per hourly rates for the instance you use.
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments