AWS Certified Cloud Practitioner Sample Question and Answers Set
7(301-350)
Click Button To Hide All Answers
QUESTION NO: 301- A company is migrating
from on-premises data centers to the AWS Cloud and is looking for
hands-on help with the project. How can the company get this support? (Choose two.)
(A) Ask for a quote from the AWS Marketplace team to perform a migration into the company’s AWS
account.
(B) Contact AWS Support and open a case for assistance.
(C) Use AWS Professional Services to provide guidance and to set up an AWS Landing Zone in the
company’s AWS account.
(D) Select a partner from the AWS Partner Network (APN) to assist with the migration.
(E) Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in
migrating to the AWS Cloud.
Answer: C, D
QUESTION NO: 302- How does the AWS
Enterprise Support Concierge team help users?
(A) Supporting application development.
(B) Providing architecture guidance.
(C) Answering billing and account inquires.
(D) Answering questions regarding technical support cases.
Answer: C
QUESTION NO: 303- An application designed
to span multiple Availability Zones is described as:
(A) being highly available.
(B) having global reach.
(C) using an economy of scale.
(D) having elasticity.
Answer: A
QUESTION NO: 304- A new service using AWS
must be highly available. Yet, due to regulatory requirements, all of its
Amazon EC2 instances must be located in a single geographic area. According to best practices, to meet these
requirements, the EC2 instances must be placed in at
least two:
(A) AWS Regions.
(B) Availability Zones.
(C) subnets.
(D) placement groups.
Answer: B
QUESTION NO: 305- Which AWS tool is used
to compare the cost of running an application on-premises to running the
application in the AWS Cloud?
(A) AWS Trusted Advisor.
(B) AWS Simple Monthly Calculator.
(C) AWS Total Cost of Ownership (TCO) Calculator.
(D) Cost Explorer.
Answer: C
QUESTION NO: 306- A company has multiple
AWS accounts within AWS Organizations and wants to apply the Amazon
EC2 Reserved Instances benefit to a single account only. Which action should be taken?
(A) Purchase the Reserved Instances from master payer account and turn off Reserved Instance
sharing.
(B) Enable billing alerts in the AWS Billing and Cost Management console.
(C) Purchase the Reserved Instances in individual linked accounts and turn off Reserved Instance
sharing from the payer level.
(D) Enable Reserved Instance sharing in the AWS Billing and Cost Management console.
Answer: A
QUESTION NO: 307- Which situation should
be reported to the AWS Abuse team?
(A) In Availability Zone has a service disruption.
(B) An intrusion attempt is made from an AWS IP address.
(C) A user has trouble accessing an Amazon S3 bucket from an AWS IP address.
(D) A user needs to change payment methods due to a compromise.
Answer: B
QUESTION NO: 308- A company is planning
to launch an ecommerce site in a single AWS Region to a worldwide user
base. Which AWS services will allow the company to reach users and provide low latency and high
transfer speeds? (Choose two.)
(A) Application Load Balancer.
(B) AWS Global Accelerator.
(C) AWS Direct Connect.
(D) Amazon CloudFront.
(E) AWS Lambda.
Answer: B, D
QUESTION NO: 309- Which AWS service or
resource is serverless?
(A) AWS Lambda.
(B) Amazon EC2 instances.
(C) Amazon Lightsail.
(D) Amazon ElastiCache.
Answer: A
QUESTION NO: 310- Which of the following
are components of Amazon VPC? (Choose two.)
(A) Objects.
(B) Subnets.
(C) Buckets.
(D) Internet gateways.
(E) Access key.
Answer: B, D
QUESTION NO: 311- AWS Budgets can be used
to:
(A) prevent a given user from creating a resource.
(B) send an alert when the utilization of Reserved Instances drops below a certain percentage.
(C) set resource limits in AWS accounts to prevent overspending.
(D) split an AWS bill across multiple forms of payment.
Answer: B
QUESTION NO: 312- Which of the following
will enhance the security of access to the AWS Management Console?
(Choose two.)
(A) AWS Secrets Manager.
(B) AWS Certificate Manager.
(C) AWS Multi-Factor Authentication (AWS MFA).
(D) Security groups.
(E) Password policies.
Answer: C, E
QUESTION NO: 313- The AWS Trusted Advisor
checks include recommendations regarding which of the following?
(Choose two.)
(A) Information on Amazon S3 bucket permissions.
(B) AWS service outages.
(C) Multi-factor authentication enabled on the AWS account root user.
(D) Available software patches.
(E) Number of users in the account.
Answer: A, C
QUESTION NO: 314- Which functions can
users perform using AWS KMS?
(A) Create and manage AWS access keys for the AWS account root user.
(B) Create and manage AWS access keys for an AWS account IAM user.
(C) Create and manage keys for encryption and decryption of data.
(D) Create and manage keys for multi-factor authentication.
Answer: C
QUESTION NO: 315- How does AWS Trusted
Advisor provide guidance to users of the AWS Cloud? (Choose two.)
(A) It identifies software vulnerabilities in applications running on AWS.
(B) It provides a list of cost optimization recommendations based on current AWS usage.
(C) It detects potential security vulnerabilities caused by permissions settings on account resources.
(D) It automatically corrects potential security issues caused by permissions settings on account
resources.
(E) It provides proactive alerting whenever an Amazon EC2 instance has been compromised.
Answer: B, C
QUESTION NO: 316- Which of the following
are advantages of the AWS Cloud? (Choose two.)
(A) AWS manages the maintenance of the cloud infrastructure.
(B) AWS manages the security of applications built on AWS.
(C) AWS manages capacity planning for physical servers.
(D) AWS manages the development of applications on AWS.
(E) AWS manages cost planning for virtual servers.
Answer: A, C
QUESTION NO: 317- A user deploys an
Amazon RDS DB instance in multiple Availability Zones. This strategy involves which pillar of the AWS
Well-Architected Framework?
(A) Performance efficiency.
(B) Reliability.
(C) Cost optimization.
(D) Security.
Answer: B
QUESTION NO: 318- Which AWS services
provide a user with connectivity between the AWS Cloud and on-premises
resources? (Choose two.)
(A) AWS VPN.
(B) Amazon Connect.
(C) Amazon Cognito.
(D) AWS Direct Connect.
(E) AWS Managed Services.
Answer: A, D
QUESTION NO: 319- Which AWS service is
used to pay AWS bills, and monitor usage and budget costs?
(A) AWS Billing and Cost Management.
(B) Consolidated billing.
(C) Amazon CloudWatch.
(D) Amazon QuickSight.
Answer: A
QUESTION NO: 320- Which element of the
AWS global infrastructure consists of one or more discrete data centers,
each with redundant power, networking, and connectivity, which are housed in separate facilities?
(A) AWS Regions.
(B) Availability Zones.
(C) Edge locations.
(D) Amazon CloudFront.
Answer: B
QUESTION NO: 321- Which Amazon VPC
feature enables users to capture information about the IP traffic that reaches
Amazon EC2 instances?
(A) Security groups.
(B) Elastic network interfaces.
(C) Network ACLs.
(D) VPC Flow Logs.
Answer: D
QUESTION NO: 322- Which AWS service can
be used to automatically scale an application up and down without making capacity planning decisions?
(A) Amazon AutoScaling.
(B) Amazon Redshift.
(C) AWS CloudTrail.
(D) AWS Lambda.
Answer: D
QUESTION NO: 323- AWS Enterprise Support
users have access to which service or feature that is not available to
users with other AWS Support plans?
(A) AWS Trusted Advisor.
(B) AWS Support case.
(C) Concierge team.
(D) Amazon Connect.
Answer: C
QUESTION NO: 324- A company wants to
migrate a MySQL database to AWS but does not have the budget for
Database Administrators to handle routine tasks including provisioning, patching, and performing
backups. Which AWS service will support this use case?
(A) Amazon RDS.
(B) Amazon DynamoDB.
(C) Amazon DocumentDB.
(D) Amazon ElastiCache.
Answer: A
QUESTION NO: 325- A company wants to
expand from one AWS Region into a second AWS Region. What does the company need to do to start supporting the
new Region?
(A) Contact an AWS Account Manager to sign a new contract.
(B) Move an Availability Zone to the new Region.
(C) Begin deploying resources in the second Region.
(D) Download the AWS Management Console for the new Region.
Answer: C
QUESTION NO: 326- A user must meet
compliance and software licensing requirements that state a workload must be
hosted on a physical server. Which Amazon EC2 instance pricing option will meet these requirements?
(A) Dedicated Hosts.
(B) Dedicated Instances.
(C) Spot Instances.
(D) Reserved Instances.
Answer: A
QUESTION NO: 327- Which AWS service will
provide a way to generate encryption keys that can be used to encrypt
data? (Choose two.)
(A) Amazon Macie.
(B) AWS Certificate Manager.
(C) AWS Key Management Service (AWS KMS).
(D) AWS Secrets Manager.
(E) AWS CloudHSM.
Answer: C, E
QUESTION NO: 328- A company is planning
to migrate from on-premises to the AWS Cloud. Which AWS tool or service provides detailed reports on estimated
cost savings after migration?
(A) AWS Total Cost of Ownership (TCO) Calculator.
(B) Cost Explorer.
(C) AWS Budgets.
(D) AWS Migration Hub.
Answer: A
QUESTION NO: 329- What can assist in
evaluating an application for migration to the cloud? (Choose two.)
(A) AWS Trusted Advisor.
(B) AWS Professional Services.
(C) AWS Systems Manager.
(D) AWS Partner Network (APN).
(E) AWS Secrets Manager.
Answer: B, D
QUESTION NO: 330- Which AWS service helps
users meet contractual and regulatory compliance requirements for
data security by using dedicated hardware appliances within the AWS Cloud?
(A) AWS Secrets Manager.
(B) AWS CloudHSM.
(C) AWS Key Management Service (AWS KMS).
(D) AWS Directory Service.
Answer: B
QUESTION NO: 331- Under the AWS shared
responsibility model, the customer manages which of the following?
(Choose two.)
(A) Decommissioning of physical storage devices.
(B) Security group and ACL configuration.
(C) Patch management of an Amazon RDS instance operating system.
(D) Controlling physical access to data centers.
(E) Patch management of an Amazon EC2 instance operating system.
Answer: B, E
QUESTION NO: 332- Which AWS service is
suitable for an event-driven workload?
(A) Amazon EC2.
(B) AWS Elastic Beanstalk.
(C) AWS Lambda.
(D) Amazon Lumberyard.
Answer: C
QUESTION NO: 333- What is a value
proposition of the AWS Cloud?
(A) AWS is responsible for security in the AWS Cloud.
(B) No long-term contract is required.
(C) Provision new servers in days.
(D) AWS manages user applications in the AWS Cloud.
Answer: B
QUESTION NO: 334- What is a
characteristic of Amazon S3 cross-region replication?
(A) Both source and destination S3 buckets must have versioning disabled.
(B) The source and destination S3 buckets cannot be in different AWS Regions.
(C) S3 buckets configured for cross-region replication can be owned by a single AWS account or by
different accounts.
(D) The source S3 bucket owner must have the source and destination AWS Regions disabled for
their account.
Answer: C
QUESTION NO: 335- What is a user
responsible for when running an application in the AWS Cloud?
(A) Managing physical hardware.
(B) Updating the underlying hypervisor.
(C) Providing a list of users approved for data center access.
(D) Managing application software updates.
Answer: D
QUESTION NO: 336- A company that does
business online needs to quickly deliver new functionality in an iterative
manner, minimizing the time to market. Which AWS Cloud feature can provide this?
(A) Elasticity.
(B) High availability.
(C) Agility.
(D) Reliability.
Answer: C
QUESTION NO: 337- Which features or
services can be used to monitor costs and expenses for an AWS account?
(Choose two.)
(A) AWS Cost and Usage report.
(B) AWS product pages.
(C) AWS Simple Monthly Calculator.
(D) Billing alerts and Amazon CloudWatch alarms.
(E) AWS Price List API.
Answer: A, D
QUESTION NO: 338- Amazon Route 53 enables
users to:
(A) encrypt data in transit.
(B) register DNS domain names.
(C) generate and manage SSL certificates.
(D) establish a dedicated network connection to AWS.
Answer: B
QUESTION NO: 339- Which AWS service helps
identify malicious or unauthorized activities in AWS accounts and
workloads?
(A) Amazon Rekognition.
(B) AWS Trusted Advisor.
(C) Amazon GuardDuty.
(D) Amazon CloudWatch.
Answer: C
QUESTION NO: 340- A company wants to try
a third-party ecommerce solution before deciding to use it long term. Which AWS service or tool will support
this effort?
(A) AWS Marketplace.
(B) AWS Partner Network (APN).
(C) AWS Managed Services.
(D) AWS Service Catalog.
Answer: A
QUESTION NO: 341- Which AWS service is a
managed NoSQL database?
(A) Amazon Redshift.
(B) Amazon DynamoDB.
(C) Amazon Aurora.
(D) Amazon RDS for MariaDB.
Answer: B
QUESTION NO: 342- Which AWS service
should be used to create a billing alarm?
(A) AWS Trusted Advisor.
(B) AWS CloudTrail.
(C) Amazon CloudWatch.
(D) Amazon QuickSight.
Answer: C
QUESTION NO: 343- A company is hosting a
web application in a Docker container on Amazon EC2. AWS is responsible for which of the following tasks?
(A) Scaling the web application and services developed with Docker.
(B) Provisioning or scheduling containers to run on clusters and maintain their availability.
(C) Performing hardware maintenance in the AWS facilities that run the AWS Cloud.
(D) Managing the guest operating system, including updates and security patches.
Answer: C
QUESTION NO: 344- Users are reporting
latency when connecting to a website with a global customer base.
Which AWS service will improve the customer experience by reducing latency?
(A) Amazon CloudFront.
(B) AWS Direct Connect.
(C) Amazon EC2 Auto Scaling.
(D) AWS Transit Gateway.
Answer: A
QUESTION NO: 345- Which actions represent
best practices for using AWS IAM? (Choose two.)
(A) Configure a strong password policy.
(B) Share the security credentials among users of AWS accounts who are in the same Region.
(C) Use access keys to log in to the AWS Management Console.
(D) Rotate access keys on a regular basis.
(E) Avoid using IAM roles to delegate permissions.
Answer: A, D
QUESTION NO: 346- Which AWS feature or
service can be used to capture information about incoming and outgoing
traffic in an AWS VPC infrastructure?
(A) AWS Config.
(B) VPC Flow Logs.
(C) AWS Trusted Advisor.
(D) AWS CloudTrail.
Answer: B
QUESTION NO: 347- A company wants to use
an AWS service to monitor the health of application endpoints, with the
ability to route traffic to healthy regional endpoints to improve application availability. Which service will
support these requirements?
(A) Amazon Inspector.
(B) Amazon CloudWatch.
(C) AWS Global Accelerator.
(D) Amazon CloudFront.
Answer: C
QUESTION NO: 348- According to the AWS
Well-Architected Framework, what change management steps should be
taken to achieve reliability in the AWS Cloud? (Choose two.)
(A) Use AWS Config to generate an inventory of AWS resources.
(B) Use service limits to prevent users from creating or making changes to AWS resources.
(C) Use AWS CloudTrail to record AWS API calls into an auditable log file.
(D) Use AWS Certificate Manager to whitelist approved AWS resources and services.
(E) Use Amazon GuardDuty to validate configuration changes made to AWS resources.
Answer: A, C
QUESTION NO: 349- Which service can be
used to monitor and receive alerts for AWS account root user AWS
Management Console sign-in events?
(A) Amazon CloudWatch.
(B) AWS Config.
(C) AWS Trusted Advisor.
(D) AWS IAM.
Answer: A
QUESTION NO: 350- Which design principle
should be considered when architecting in the AWS Cloud?
(A) Think of servers as non-disposable resources.
(B) Use synchronous integration of services.
(C) Design loosely coupled components.
(D) Implement the least permissive rules for security groups.