CLF-C01 : AWS Certified Cloud Practitioner : Part 14
-
Which of the following is an AWS database service?
- Amazon Redshift
- Amazon Elastic Block Store (Amazon EBS)
- Amazon S3 Glacier
- AWS Snowball
-
A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports.
What is the SIMPLEST way to do this?
- Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0.
- Run AWS Trusted Advisor and review the findings.
- Open the AWS IAM console and check the inbound rule filters for open access.
- In AWS Config, create a custom rule that invokes an AWS Lambda function to review rules for inbound access.
-
What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Choose two.)
- AWS automatically distributes the data globally for higher durability.
- AWS will take care of operating the application.
- AWS makes it easy to architect for high availability.
- AWS can easily accommodate application demand changes.
- AWS takes care application security patching.
-
A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances.
Which AWS service will provide this assessment report?
- EC2 security groups
- AWS Config
- Amazon Macie
- Amazon Inspector
Explanation:
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. -
How can a company isolate the costs of production and non-production workloads on AWS?
- Create Identity and Access Management (IAM) roles for production and non-production workloads.
- Use different accounts for production and non-production expenses.
- Use Amazon EC2 for non-production workloads and other services for production workloads.
- Use Amazon CloudWatch to monitor the use of services.
-
Where can users find a catalog of AWS-recognized providers of third-party security solutions?
- AWS Service Catalog
- AWS Marketplace
- AWS Quick Start
- AWS CodeDeploy
Explanation:
AWS Service Catalog Delivery Partners are APN Consulting Partners who help create catalogs of IT services that are approved by the customer’s organization for use on AWS. With AWS Service Catalog, customers and partners can centrally manage commonly deployed IT services to help achieve consistent governance and meet compliance requirements while enabling users to self-provision approved services. -
A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements.
Which AWS service will meet this requirement at the LOWEST cost?
- Amazon S3
- AWS Snowball
- Amazon Redshift
- Amazon S3 Glacier
Explanation:
S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. It is designed for customers — particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors — that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. S3 Glacier Deep Archive can also be used for backup and disaster recovery use cases, and is a cost-effective and easy-to-manage alternative to magnetic tape systems, whether they are on-premises libraries or off-premises services. -
What are the immediate benefits of using the AWS Cloud? (Choose two.)
- Increased IT staff.
- Capital expenses are replaced with variable expenses.
- User control of infrastructure.
- Increased agility.
- AWS holds responsibility for security in the cloud.
-
Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?
- Amazon GuardDuty
- Amazon Macie
- Amazon Inspector
- AWS Shield
Explanation
Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property. It provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. -
What is the purpose of AWS Storage Gateway?
- It ensures on-premises data storage is 99.999999999% durable.
- It transports petabytes of data to and from AWS.
- It connects to multiple Amazon EC2 instances.
- It connects on-premises data storage to the AWS Cloud.
Explanation
Moving data to the cloud is not quite as simple as flipping a switch. For companies that have managed their own data centers or server rooms for decades, there are a few steps to consider — and it’s not always wise to pull the plug on an internal infrastructure quite so quickly. If a startup uses on-premise business servers and then experiences unexpected growth, abandoning those servers doesn’t make sense (even if the long-term plan is to do exactly that).AWS Storage Gateway is a way to bridge this gap for companies of any size. It’s a hybrid storage option that connects on-premise storage including age-old tape backup systems to the cloud in a way that also provides one console to access all storage configurations. -
What should users do if they want to install an application in geographically isolated locations?
- Install the application using multiple internet gateways.
- Deploy the application to an Amazon VPC.
- Deploy the application to multiple AWS Regions.
- Configure the application using multiple NAT gateways.
-
A system in the AWS Cloud is designed to withstand the failure of one or more components.
What is this an example of?
- Elasticity
- High Availability
- Scalability
- Agility
-
A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system.
Which AWS service can fulfill this requirement?
- AWS Direct Connect
- AWS VPN
- Amazon Connect
- AWS Data Pipeline
Explanation:
You can use AWS Direct Connect to establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. With multiple virtual interfaces, you can even establish private connectivity to multiple VPCs while maintaining network isolation. -
Within the AWS shared responsibility model, who is responsible for security and compliance?
- The customer is responsible.
- AWS is responsible.
- AWS and the customer share responsibility.
- AWS shares responsibility with the relevant governing body.
Explanation:
Security and Compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. -
To use the AWS CLI, users are required to generate:
- a password policy.
- an access/secret key.
- a managed policy.
- an API key.
-
Which AWS service is used to provide encryption for Amazon EBS?
- AWS Certificate Manager
- AWS Systems Manager
- AWS KMS
- AWS Config
-
How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Choose two.)
- By the time it takes for the Lambda function to execute.
- By the number of versions of a specific Lambda function.
- By the number of requests made for a given Lambda function.
- By the programming language that is used for the Lambda function.
- By the total number of Lambda functions in an AWS account.
-
Which of the following describes the relationships among AWS Regions, Availability Zones, and edge locations? (Choose two.)
- There are more AWS Regions than Availability Zones.
- There are more edge locations than AWS Regions.
- An edge location is an Availability Zone.
- are more AWS Regions than edge locations.
- There are more Availability Zones than AWS Regions.
-
What does AWS Shield Standard provide?
- WAF rules
- DDoS protection
- Identity and Access Management (IAM) permissions and access to resources
- Data encryption
Explanation:
AWS Shield Standard provides protection for all AWS customers from common, most frequently occurring network and transport layer DDoS attacks that target your web site or application at no additional charge. -
A company wants to build its new application workloads in the AWS Cloud instead of using on-premises resources.
What expense can be reduced using the AWS Cloud?
- The cost of writing custom-built Java or Node .js code
- Penetration testing for security
- hardware required to support new applications
- Writing specific test cases for third-party applications.
Subscribe
0 Comments
Newest