AWS Certified Cloud Practitioner Sample Question and Answers Set
9(401-450)
Click Button To Hide All Answers
QUESTION NO: 401- An Amazon EC2 instance
runs only when needed yet must remain active for the duration of the
process. What is the most appropriate purchasing option?
(A) Dedicated Instances.
(B) Spot Instances.
(C) On-Demand Instances.
(D) Reserved Instances.
Answer: C
QUESTION NO: 402- Which AWS dashboard
displays relevant and timely information to help users manage events in
progress, and provides proactive notifications to help plan for scheduled activities?
(A) AWS Service Health Dashboard.
(B) AWS Personal Health Dashboard.
(C) AWS Trusted Advisor dashboard.
(D) Amazon CloudWatch dashboard.
Answer: B
QUESTION NO: 403- Which AWS hybrid
storage service enables a user’s on-premises applications to seamlessly use
AWS Cloud storage?
(A) AWS Backup.
(B) Amazon Connect.
(C) AWS Direct Connect.
(D) AWS Storage Gateway.
Answer: D
QUESTION NO: 404- Which of the following
acts as a virtual firewall at the Amazon EC2 instance level to control traffic for one or more
instances?
(A) Access keys.
(B) Virtual private gateways.
(C) Security groups.
(D) Access Control Lists (ACL).
Answer: C
QUESTION NO: 405- What is the most
efficient way to establish network connectivity from on-premises to multiple VPCs in different AWS
Regions?
(A) Use AWS Direct Connect.
(B) Use AWS VPN.
(C) Use AWS Client VPN.
(D) Use an AWS Transit Gateway.
Answer: D
QUESTION NO: 406- Which AWS Support plan
provides access to architectural and operational reviews, as well as 24/7 access to Senior Cloud Support
Engineers through email, online chat, and phone?
(A) Basic.
(B) Business.
(C) Developer.
(D) Enterprise.
Answer: D
QUESTION NO: 407- Which AWS service or
feature helps restrict the AWS services, resources, and individual API
actions the users and roles in each member account can access?
(A) Amazon Cognito.
(B) AWS Organizations.
(C) AWS Shield.
(D) AWS Firewall Manager.
Answer: B
QUESTION NO: 408- What is the best
resource for a user to find compliance-related information and reports about AWS?
(A) AWS Artifact.
(B) AWS Marketplace.
(C) Amazon Inspector.
(D) AWS Support.
Answer: A
QUESTION NO: 409- Which Amazon S3 storage
class is optimized to provide access to data with lower resiliency
requirements, but rapid access when needed such as duplicate backups?
(A) Amazon S3 Standard.
(B) Amazon S3 Glacier Deep Archive.
(C) Amazon S3 One Zone-Infrequent Access.
(D) Amazon S3 Glacier.
Answer: C
QUESTION NO: 410- What is an Availability
Zone in AWS?
(A) One or more physical data centers.
(B) A completely isolated geographic location.
(C) One or more edge locations based around the world.
(D) A data center location with a single source of power and networking.
Answer: A
QUESTION NO: 411- Which AWS services can
be used as infrastructure automation tools? (Choose two.)
(A) AWS CloudFormation.
(B) Amazon CloudFront.
(C) AWS Batch.
(D) AWS OpsWorks.
(E) Amazon QuickSight.
Answer: A, D
QUESTION NO: 412- Which AWS service
enables users to create copies of resources across AWS Regions?
(A) Amazon ElastiCache.
(B) AWS CloudFormation.
(C) AWS CloudTrail.
(D) AWS Systems Manager.
Answer: B
QUESTION NO: 413- A user would like to
encrypt data that is received, stored, and managed by AWS CloudTrail.
Which AWS service will provide this capability?
(A) AWS Secrets Manager.
(B) AWS Systems Manager.
(C) AWS Key Management Service (AWS KMS).
(D) AWS Certificate Manager.
Answer: C
QUESTION NO: 414- Which AWS Cloud benefit
eliminates the need for users to try estimating future infrastructure usage?
(A) Easy and fast deployment of applications in multiple Regions around the world.
(B) Security of the AWS Cloud.
(C) Elasticity of the AWS Cloud.
(D) Lower variable costs due to massive economies of scale.
Answer: C
QUESTION NO: 415- What credential
components are required to gain programmatic access to an AWS account?
(Choose two.)
(A) An access key ID.
(B) A primary key.
(C) A secret access key.
(D) A user ID.
(E) A secondary key.
Answer: A, C
QUESTION NO: 416- Which of the following
are AWS compute services? (Choose two.)
(A) Amazon Lightsail.
(B) AWS Systems Manager.
(C) AWS CloudFormation.
(D) AWS Batch.
(E) Amazon Inspector.
Answer: A, D
QUESTION NO: 417- How can a company
separate costs for network traffic, Amazon EC2, Amazon S3, and other AWS
services by department?
(A) Add department-specific tags to each resource.
(B) Create a separate VPC for each department.
(C) Create a separate AWS account for each department.
(D) Use AWS Organizations.
Answer: C
QUESTION NO: 418- What is a benefit of
consolidated billing for AWS accounts?
(A) Access to AWS Personal Health Dashboard.
(B) Combined usage volume discounts.
(C) Improved account security.
(D) Centralized AWS IAM.
Answer: B
QUESTION NO: 419- Which AWS service will
allow a user to set custom cost and usage limits, and will alert when the thresholds are exceeded?
(A) AWS Organizations.
(B) AWS Budgets.
(C) Cost Explorer.
(D) AWS Trusted Advisor.
Answer: B
QUESTION NO: 420- Which AWS service
provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user
credential data?
(A) Amazon GuardDuty.
(B) Amazon Inspector.
(C) Amazon Macie.
(D) AWS Shield.
Answer: C
QUESTION NO: 421- Which tool can be used
to monitor AWS service limits?
(A) AWS Total Cost of Ownership (TCO) Calculator.
(B) AWS Trusted Advisor.
(C) AWS Personal Health Dashboard.
(D) AWS Cost and Usage report.
Answer: B
QUESTION NO: 422- A company has
distributed its workload on both the AWS Cloud and some on-premises servers. What type of architecture is
this?
(A) Virtual private network.
(B) Virtual private cloud.
(C) Hybrid cloud.
(D) Private cloud.
Answer: C
QUESTION NO: 423- Which of the following
describes a security best practice that can be implemented using AWS
IAM?
(A) Disable AWS Management Console access for all users.
(B) Generate secret keys for every IAM user.
(C) Grant permissions to users who are required to perform a given task only.
(D) Store AWS credentials within Amazon EC2 instances.
Answer: C
QUESTION NO: 424- What can be used to
automate and manage secure, well-architected, multi-account AWS
environments?
(A) AWS shared responsibility model.
(B) AWS Control Tower.
(C) AWS Security Hub.
(D) AWS Well-Architected Tool.
Answer: B
QUESTION NO: 425- Which AWS service or
feature allows a user to easily scale connectivity among thousands of
VPCs?
(A) VPC peering.
(B) AWS Transit Gateway.
(C) AWS Direct Connect.
(D) AWS Global Accelerator.
Answer: B
QUESTION NO: 426- A company needs
protection from expanded distributed denial of service (DDoS) attacks on its
website and assistance from AWS experts during such events. Which AWS managed service will meet these
requirements?
(A) AWS Shield Advanced.
(B) AWS Firewall Manager.
(C) AWS WAF.
(D) Amazon GuardDuty.
Answer: A
QUESTION NO: 427- A company’s application
has flexible start and end times. Which Amazon EC2 pricing model will be the MOST cost-effective?
(A) On-Demand Instances.
(B) Spot Instances.
(C) Reserved Instances.
(D) Dedicated Hosts.
Answer: B
QUESTION NO: 428- Under the AWS shared
responsibility model, what are the customer’s responsibilities? (Choose
two.)
(A) Physical and environmental security.
(B) Physical network devices including firewalls.
(C) Storage device decommissioning.
(D) Security of data in transit.
(E) Data integrity authentication.
Answer: D, E
QUESTION NO: 429- A cloud practitioner
has a data analysis workload that is infrequently executed and can be
interrupted without harm. To optimize for cost, which Amazon EC2 purchasing option should be used?
(A) On-Demand Instances.
(B) Reserved Instances.
(C) Spot Instances.
(D) Dedicated Hosts.
Answer: C
QUESTION NO: 430- Which AWS container
service will help a user install, operate, and scale the cluster management infrastructure?
(C) Amazon Elastic Container Service (Amazon ECS).
(D) Amazon Elastic Block Store (Amazon EBS).
Answer: C
QUESTION NO: 431- Which of the following
allows an application running on an Amazon EC2 instance to securely write data to an Amazon S3 bucket without
using long term credentials?
(A) Amazon Cognito.
(B) AWS Shield.
(C) AWS IAM role.
(D) AWS IAM user access key.
Answer: C
QUESTION NO: 432- A company with a
Developer-level AWS Support plan provisioned an Amazon RDS database and
cannot connect to it. Who should the developer contact for this level of support?
(A) AWS Support using a support case.
(B) AWS Professional Services.
(C) AWS technical account manager.
(D) AWS consulting partners.
Answer: A
QUESTION NO: 433- What is the purpose of
having an internet gateway within a VPC?
(A) To create a VPN connection to the VPC.
(B) To allow communication between the VPC and the Internet.
(C) To impose bandwidth constraints on internet traffic.
(D) To load balance traffic from the Internet across Amazon EC2 instances.
Answer: B
QUESTION NO: 434- A company must ensure
that its endpoint for a database instance remains the same after a single Availability Zone service
interruption. The application needs to resume database operations without the need for manual administrative
intervention. How can these requirements be met?
(A) Use multiple Amazon Route 53 routes to the standby database instance endpoint hosted on AWS
Storage Gateway.
(B) Configure Amazon RDS Multi-Availability Zone deployments with automatic failover to the
standby.
(C) Add multiple Application Load Balancers and deploy the database instance with AWS Elastic
Beanstalk.
(D) Deploy a single Network Load Balancer to distribute incoming traffic across multiple Amazon
CloudFront origins.
Answer: B
QUESTION NO: 435- Which AWS managed
service can be used to distribute traffic between one or more Amazon EC2
instances?
(A) NAT gateway.
(B) Elastic Load Balancing.
(C) Amazon Athena.
(D) AWS PrivateLink.
Answer: B
QUESTION NO: 436- AWS Trusted Advisor
provides recommendations on which of the following? (Choose two.)
(A) Cost optimization.
(B) Auditing.
(C) Serverless architecture.
(D) Performance.
(E) Scalability.
Answer: A, D
QUESTION NO: 437- Which of the following
tasks can only be performed after signing in with AWS account root user credentials? (Choose two.)
(A) Closing an AWS account.
(B) Creating a new IAM policy.
(C) Changing AWS Support plans.
(D) Attaching a role to an Amazon EC2 instance.
(E) Generating access keys for IAM users.
Answer: A, C
QUESTION NO: 438- Fault tolerance refers
to:
(A) the ability of an application to accommodate growth without changing design.
(B) how well and how quickly an application’s environment can have lost data restored.
(C) how secure your application is.
(D) the built-in redundancy of an application’s components.
Answer: B
QUESTION NO: 439- A company operating in
the AWS Cloud requires separate invoices for specific environments, such as development, testing, and
production. How can this be achieved?
(A) Use multiple AWS accounts.
(B) Use resource tagging.
(C) Use multiple VPCs.
(D) Use Cost Explorer.
Answer: B
QUESTION NO: 440- Which AWS service can
be used in the application deployment process?
(A) AWS AppSync.
(B) AWS Batch.
(C) AWS CodePipeline.
(D) AWS DataSync.
Answer: C
QUESTION NO: 441- What can be used to
reduce the cost of running Amazon EC2 instances? (Choose two.)
(A) Spot Instances for stateless and flexible workloads.
(B) Memory optimized instances for high-compute workloads.
(C) On-Demand Instances for high-cost and sustained workloads.
(D) Reserved Instances for sustained workloads.
(E) Spend limits set using AWS Budgets.
Answer: A, D
QUESTION NO: 442- A company is launching
an e-commerce site that will store and process credit card data. The company requires information about AWS
compliance reports and AWS agreements. Which AWS service provides on-demand access to these items?
(A) AWS Certificate Manager.
(B) AWS Config.
(C) AWS Artifact.
(D) AWS CloudTrail.
Answer: C
QUESTION NO: 443- Which AWS service or
feature allows the user to manager cross-region application traffic?
(A) Amazon AppStream 2.0.
(B) Amazon VPC.
(C) Elastic Load Balancer.
(D) Amazon Route 53.
Answer: A
QUESTION NO: 444- Which AWS service can
be used to track unauthorized API calls?
(A) AWS Config.
(B) AWS CloudTrail.
(C) AWS Trusted Advisor.
(D) Amazon Inspector.
Answer: B
QUESTION NO: 445- A user needs to
regularly audit and evaluate the setup of all AWS resources, identify non-compliant accounts, and be notified
when a resource changes. Which AWS service can be used to meet these requirements?
(A) AWS Trusted Advisor.
(B) AWS Config.
(C) AWS Resource Access Manager.
(D) AWS Systems Manager.
Answer: B
QUESTION NO: 446- A user is planning to
launch two additional Amazon EC2 instances to increase availability.
Which action should the user take?
(A) Launch the instances across multiple Availability Zones in a single AWS Region.
(B) Launch the instances as EC2 Reserved Instances in the same AWS Region and the same
Availability Zone.
(C) Launch the instances in multiple AWS Regions, but in the same Availability Zone.
(D) Launch the instances as EC2 Spot Instances in the same AWS Region, but in different Availability Zones.
Answer: A
QUESTION NO: 447- A company must store
critical business data in Amazon S3 with a backup to another AWS Region. How can this be achieved?
(A) Use an Amazon CloudFront Content Delivery Network (CDN) to cache data globally.
(B) Set up Amazon S3 cross-region replication to another AWS Region.
(C) Configure the AWS Backup service to back up to the data to another AWS Region.
(D) Take Amazon S3 bucket snapshots and copy that data to another AWS Region.
Answer: B
QUESTION NO: 448- Which AWS Cloud service
can send alerts to customers if custom spending thresholds are
exceeded?
(A) AWS Budgets.
(B) AWS Cost Explorer.
(C) AWS Cost Allocation Tags.
(D) AWS Organizations.
Answer: A
QUESTION NO: 449- What is the recommended
method to request penetration testing on AWS resources?
(A) Open a support case.
(B) Fill out the Penetration Testing Request Form.
(C) Request a penetration test from your technical account manager.
(D) Contact your AWS sales representative.
Answer: B
QUESTION NO: 450- A user needs to
automatically discover, classify, and protect sensitive data stored in Amazon S3.
Which AWS service can meet these requirements?