AWS-Certified-Cloud-Practitioner practice

Recommend!!
Get the Full AWS-Certified-Cloud-Practitioner dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/AWS-Certified-Cloud-Practitioner-exam-dumps.html (567 New Questions)
Amazon
Exam Questions AWS-Certified-Cloud-Practitioner
Amazon AWS Certified Cloud Practitioner
Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full AWS-Certified-Cloud-Practitioner dumps in VCE and PDF From SurePassExam
NEW QUESTION 1
- (Topic 2)
Which task is the responsibility of AWS when using AWS services?
A. Management of IAM user permissions

B. Creation of security group rules for outbound access
C. Maintenance of physical and environmental controls
D. Application of Amazon EC2 operating system patches
Answer: C
Explanation:
AWS is responsible for maintaining the physical and environmental controls of the AWS Cloud, such as power, cooling, fire suppression, and physical security1.
The customer is responsible for managing the IAM user permissions, creating security group rules for outbound access, applying Amazon EC2 operating system
patches, and other aspects of security in the cloud1.
NEW QUESTION 2
- (Topic 1)
Which AWS features will meet these requirements? (Select TWO.)
A. Security groups
B. Network ACLs
C. S3 bucket policies
D. IAM user policies
E. S3 bucket versioning
Answer: CD
Explanation:
The correct answers are C and D because S3 bucket policies and IAM user policies are AWS features that will meet the requirements. S3 bucket policies are
access policies that can be attached to Amazon S3 buckets to grant or deny permissions to the bucket and the objects it contains. S3 bucket policies can be used
to control who has permission to read, write, or delete objects that the company stores in the S3 bucket. IAM user policies are access policies that can be attached
to IAM users to grant or deny permissions to AWS resources and actions. IAM user policies can be used to control who has permission to read, write, or delete
objects that the company stores in the S3 bucket. The other options are incorrect because they are not AWS features that will meet the requirements. Security
groups and network ACLs are AWS features that act as firewalls to control inbound and outbound traffic to and from Amazon EC2 instances and subnets. Security
groups and network ACLs do not control who has permission to read, write, or delete objects that the company stores in the S3 bucket. S3 bucket versioning is an
AWS feature that enables users to keep multiple versions of the same object in the same bucket. S3 bucket versioning can be used to recover from accidental
overwrites or deletions of objects, but it does not control who has permission to read, write, or delete objects that the company stores in the S3 bucket. Reference:
Using Bucket Policies and User Policies, Security Groups for Your VPC, Network ACLs, [Using Versioning]
NEW QUESTION 3
- (Topic 1)
Which AWS database service provides in-memory data storage?
A. Amazon DynamoDB
B. Amazon ElastiCache
C. Amazon RDS
D. Amazon Timestream
Answer: B
Explanation:
The correct answer is B because Amazon ElastiCache is a service that provides in-memory data storage. Amazon ElastiCache is a fully managed, scalable, and
high-performance service that supports two popular open-source in-memory engines: Redis and Memcached. Amazon ElastiCache allows users to store and
retrieve data from fast, low-latency, and high-throughput in-memory systems. Users can use Amazon ElastiCache to improve the performance of their applications
by caching frequently accessed data, reducing database load, and enabling real-time data processing. The other options are incorrect because they are not
services that provide in-memory data storage. Amazon DynamoDB is a service that provides key-value and document data storage. Amazon RDS is a service that
provides relational data storage. Amazon Timestream is a service that provides time series data storage. Reference: Amazon ElastiCache FAQs
NEW QUESTION 4
- (Topic 1)
Which AWS feature or resource is a deployable Amazon EC2 instance template that is prepackaged with
software and security requirements?
A. Amazon Elastic Block Store (Amazon EBS) volume

B. AWS CloudFormation template
C. Amazon Elastic Block Store (Amazon EBS) snapshot
D. Amazon Machine Image (AMI)
Answer: D
Explanation:
An Amazon Machine Image (AMI) is a deployable Amazon EC2 instance template that is prepackaged with software and security requirements. It provides the
information required to launch an instance, which is a virtual server in the cloud. You can use an AMI to launch as many instances as you need. You can also
create your own custom AMIs or use AMIs shared by other AWS users1.
NEW QUESTION 5

- (Topic 1)
Which of the following is a benefit of decoupling an AWS Cloud architecture?
A. Reduced latency
B. Ability to upgrade components independently
C. Decreased costs
D. Fewer components to manage
Answer: B
Explanation:
A benefit of decoupling an AWS Cloud architecture is the ability to upgrade components independently. Decoupling is a way of designing systems to reduce
interdependencies and minimize the impact of changes. Decoupling allows components to interact with each other through well-defined interfaces, rather than
direct references. This reduces the risk of failures and errors propagating across the system, and enables greater scalability, availability, and maintainability. By
decoupling an AWS Cloud architecture, the user can upgrade or modify one component without affecting the other components5.
NEW QUESTION 6
- (Topic 2)
A company has developed a distributed application that recovers gracefully from interruptions. The application periodically processes large volumes of data by
using multiple Amazon EC2 instances. The application is sometimes idle for months.
Which EC2 instance purchasing option is MOST cost-effective for this use case?
A. Reserved Instances
B. Spot Instances
C. Dedicated Instances
D. On-Demand Instances
Answer: B
Explanation:
Spot Instances are instances that use spare EC2 capacity that is available for up to 90% off the On-Demand price. Because Spot Instances can be interrupted by
EC2 with two minutes of notification when EC2 needs the capacity back, you can use them for applications that have flexible start and end times, or that can
withstand interruptions5. This option is most cost-effective for the use case described in the question. Reserved Instances are instances that you purchase for a
one-year or three-year term, and pay a lower hourly rate compared to On-Demand Instances. This option is suitable for applications that have steady state or
predictable usage. Dedicated Instances are instances that run on hardware that’s dedicated to a single customer within an Amazon VPC. This option is suitable
for applications that have stringent regulatory or compliance requirements. On-Demand Instances are instances that you pay for by the second, with no long-term
commitments or upfront payments. This option is suitable for applications that have unpredictable or intermittent workloads.
NEW QUESTION 7
- (Topic 2)
How should the company deploy the application to meet these requirements?
A. Ina single Availability Zone

B. On AWS Direct Connect
C. On Reserved Instances
D. In multiple Availability Zones
Answer: D
Explanation:
Deploying the application in multiple Availability Zones is the best way to ensure high availability for the application. Availability Zones are isolated locations within
an AWS Region that are engineered to be fault-tolerant from failures in other Availability Zones. By deploying the application in multiple Availability Zones, the
company can reduce the impact of outages and increase the resilience of the application. Deploying the application in a single Availability Zone, on AWS Direct
Connect, or on Reserved Instances does not provide the same level of high availability as deploying the application in multiple Availability Zones. Source:
Availability Zones
NEW QUESTION 8
- (Topic 2)
A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.
Which AWS service should the developer use to meet these requirements?
A. AWS Ground Station

B. AWS Shield
C. AWS loT Device Defender
D. AWS CloudFormation
Answer: D
Explanation:
AWS CloudFormation is a service that allows you to model and provision your AWS and third-party application resources in a repeatable and predictable way.
You can use AWS CloudFormation to create, update, and delete a collection of resources as a single unit, called a stack. You can also use AWS CloudFormation
to manage your development and production environments in a consistent and efficient manner4.
NEW QUESTION 9
- (Topic 2)
A company suspects that its AWS resources are being used for illegal activities. Which AWS group or team should the company notify?
A. AWS Abuse team

B. AWS Support team

C. AWS technical account managers

D. AWS Professional Services team
Answer: A
Explanation:
AWS Abuse team is the AWS group or team that the company should notify if it suspects that its AWS resources are being used for illegal activities. AWS Abuse
team is a dedicated team that handles reports of abuse, such as spam, phishing, malware, denial-of-service attacks, and unauthorized access, involving AWS
resources. The company can contact the AWS Abuse team by filling out the [Report Abuse of AWS Resources form] or sending an email to
[email protected]. The company should provide as much information as possible, such as the source and destination IP addresses, timestamps, log files,
and screenshots, to help the AWS Abuse team investigate and take appropriate actions. For more information, see [Reporting Abuse] and [AWS Acceptable Use
Policy].
NEW QUESTION 10
- (Topic 1)
Which AWS service or feature is used to Troubleshoot network connectivity issues between Amazon EC2 instances?
A. AWS Certificate Manager (ACM)

B. Internet gateway
C. VPC Flow Logs
D. AWS CloudHSM
Answer: C
Explanation:
VPC Flow Logs is the AWS service or feature that is used to troubleshoot network connectivity issues between Amazon EC2 instances. VPC Flow Logs is a
feature that enables users to capture information about the IP traffic going to and from network interfaces in their VPC. VPC Flow Logs can help users monitor and
diagnose network- related issues, such as traffic not reaching an instance, or an instance not responding to requests. VPC Flow Logs can be published to Amazon
CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose for analysis and storage.
NEW QUESTION 11
- (Topic 1)
A company needs to continuously monitor its environment to analyze network and account activity and identify potential security threats.
Which AWS service should the company use to meet these requirements?
A. AWS Artifact
B. Amazon Macie
C. AWS Identity and Access Management (IAM)
D. Amazon GuardDuty
Answer: D
Explanation:
Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for the AWS environment. It analyzes network and account
activity using machine learning and threat intelligence to identify potential security threats, such as unauthorized access, compromised credentials, malicious
hosts, and reconnaissance activities. It also generates detailed and actionable findings that can be viewed on the AWS Management Console or sent to other
AWS services, such as Amazon CloudWatch Events and AWS Lambda, for further analysis or remediation. Amazon GuardDuty OverviewAWS Certified Cloud
Practitioner - aws.amazon.com
NEW QUESTION 12
- (Topic 1)
Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?
A. Amazon FSx for Lustre

B. AWS Storage Gateway volume gateway
C. AWS Storage Gateway file gateway
D. Amazon Elastic File System (Amazon EFS)
Answer: C
Explanation:
AWS Storage Gateway file gateway allows companies to use protocols such as NFS and SMB to store and retrieve objects in Amazon S3. File gateway provides
a seamless integration between on-premises applications and Amazon S3, and enables low- latency access to data through local caching. File gateway also
supports encryption, compression, and lifecycle management of the objects in Amazon S3. For more information, see What is AWS Storage Gateway? and File
Gateway.
NEW QUESTION 13
- (Topic 1)
A retail company is migrating its IT infrastructure applications from on premises to the AWS Cloud.
Which costs will the company eliminate with this migration? (Select TWO.)
A. Cost of data center operations

B. Cost of application licensing
C. Cost of marketing campaigns
D. Cost of physical server hardware
E. Cost of network management
Answer: AD

Explanation:
The costs that the company will eliminate with this migration are the cost of application licensing and the cost of physical server hardware. The cost of application
licensing is the fee that the company has to pay to use the software applications on its on- premises servers. The cost of physical server hardware is the expense
that the company has to incur to purchase, maintain, and upgrade the servers and related equipment. By migrating to the AWS Cloud, the company can avoid
these costs by using the AWS services and resources that are already licensed and managed by AWS. For more information, see [Cloud Economics] and [AWS
Total Cost of Ownership (TCO) Calculator].
NEW QUESTION 14
- (Topic 3)
Which AWS service provides protection against DDoS attacks for applications that run in the AWS Cloud?
A. Amazon VPC
B. AWS Shield
C. AWS Audit Manager
D. AWS Config
Answer: B
Explanation:
AWS Shield is an AWS service that provides protection against distributed denial of service (DDoS) attacks for applications that run in the AWS Cloud. DDoS
attacks are attempts to make an online service unavailable by overwhelming it with traffic from multiple sources. AWS Shield provides two tiers of protection: AWS
Shield Standard and AWS Shield Advanced. AWS Shield Standard is automatically enabled for all AWS customers at no additional charge. It provides protection
against common and frequently occurring network and transport layer DDoS attacks. AWS Shield Advanced is an optional paid service that provides additional
protection against larger and more sophisticated DDoS attacks. AWS Shield Advanced also provides access to 24/7 DDoS response team, cost protection, and
enhanced detection and mitigation capabilities
NEW QUESTION 15
- (Topic 3)
An ecommerce company wants to provide relevant product recommendations to its customers. The recommendations will include products that are frequently
purchased with other products that the customer already purchased. The recommendations also will include products of a specific color and products from the
customer’s favorite brand.
Which AWS service or feature should the company use to meet these requirements with the LEAST development effort?
A. Amazon Comprehend
B. Amazon Forecast
C. Amazon Personalize
D. Amazon SageMaker Studio
Answer: C
Explanation:
Amazon Personalize is a service that provides real-time personalized recommendations based on the user’s behavior, preferences, and context. It can also
incorporate metadata such as product color and brand to generate more relevant recommendations. Amazon Comprehend is a natural language processing (NLP)
service that can analyze text for entities, sentiments, topics, and more. Amazon Forecast is a service that provides accurate time-series forecasting based on
machine learning. Amazon SageMaker Studio is a web-based integrated development environment (IDE) for machine learning.
NEW QUESTION 16
- (Topic 3)
Which AWS service or feature will search for and identify AWS resources that are shared externally?
A. Amazon OpenSearch Service

B. AWS Control Tower
C. AWS IAM Access Analyzer
D. AWS Fargate
Answer: C
Explanation:
AWS IAM Access Analyzer is an AWS service that helps customers identify and review the resources in their AWS account that are shared with an external entity,
such as another AWS account, a root user, an organization, or a public entity. AWS IAM Access Analyzer uses automated reasoning, a form of mathematical logic
and inference, to analyze the resource-based policies in the account and generate comprehensive findings that show the access level, the source of the access,
the affected resource, and the condition under which the access applies. Customers can use AWS IAM Access Analyzer to audit their shared resources, validate
their access policies, and monitor any changes to the resource sharing status. References: AWS IAM Access Analyzer, Identify and review resources shared with
external entities, How AWS IAM Access Analyzer works
NEW QUESTION 17
- (Topic 3)
Which of the following is a pillar of the AWS Well-Architected Framework?
A. Redundancy
B. Operational excellence
C. Availability
D. Multi-Region
Answer: B
Explanation:
The AWS Well-Architected Framework helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and
workloads. Based on five pillars — operational excellence, security, reliability, performance efficiency, and cost optimization — the Framework provides a consistent

approach for customers and partners to evaluate architectures, and implement designs that can scale over time. Operational excellence is one of the pillars of the
Framework, and it focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures.
NEW QUESTION 18
- (Topic 3)
A company wants to use the AWS Cloud to deploy an application globally.
Which architecture deployment model should the company use to meet this requirement?
A. Multi-Region
B. Single-Region
C. Multi-AZ
D. Single-AZ
Answer: A
Explanation:
The architecture deployment model that the company should use to meet this requirement is A. Multi-Region.
A multi-region deployment model is a cloud computing architecture that distributes an application and its data across multiple geographic regions. A multi-region
deployment model enables a company to achieve global reach, high availability, disaster recovery, and performance optimization. By deploying an application in
multiple regions, a company can serve customers from the nearest region, reduce latency, increase redundancy, and comply with data sovereignty regulations12.
A single-region deployment model is a cloud computing architecture that runs an application and its data within a single geographic region. A single-region
deployment model is simpler and cheaper than a multi-region deployment model, but it has limited scalability, availability, and performance. A single-region
deployment model may not be suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional
outages, or regulatory compliance12.
A multi-AZ (Availability Zone) deployment model is a cloud computing architecture that distributes an application and its data across multiple isolated locations
within a single region. An Availability Zone is a physically separate location within an AWS Region that has independent power, cooling, and networking. A multi-
AZ deployment model enhances the availability and durability of an application by providing redundancy and fault tolerance within a region34.
A single-AZ deployment model is a cloud computing architecture that runs an application and its data within a single Availability Zone. A single-AZ deployment
model is the simplest and most cost-effective option, but it has no redundancy or fault tolerance. A single-AZ deployment model may not be suitable for a company
that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance34.
References:
1: AWS Cloud Computing - W3Schools 2: Understand the Different Cloud Computing Deployment Models Unit - Trailhead 3: Regions and Availability Zones -
Amazon Elastic Compute Cloud 4: AWS Reference Architecture Diagrams
NEW QUESTION 19
- (Topic 3)
A company wants to allow users to authenticate and authorize multiple AWS accounts by using a single set of credentials.
Which AWS service or resource will meet this requirement?
A. AWS Organizations
B. IAM user
C. AWS IAM Identity Center (AWS Single Sign-On)
D. AWS Control Tower
Answer: C
Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS
accounts and business applications. You can use AWS SSO to enable your users to sign in to the AWS Management Console or the AWS Command Line
Interface (AWS CLI) with their existing corporate credentials2. You can also manage SSO access and user permissions across all your AWS accounts in AWS
Organizations3. References: AWS Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation
NEW QUESTION 20
- (Topic 3)
A company wants to verify if multi-factor authentication (MFA) is enabled for all users within its AWS accounts.
Which AWS service or resource will meet this requirement?
A. AWS Cost and Usage Report

B. IAM credential reports
C. AWS Artifact
D. Amazon CloudFront reports
Answer: B
Explanation:
The AWS service or resource that will meet the requirement of verifying if multi-factor authentication (MFA) is enabled for all users within its AWS accounts is IAM
credential reports. IAM credential reports are downloadable reports that list all the users in an AWS account and the status of their various credentials, including
passwords, access keys, and MFA devices. Users can use IAM credential reports to audit the security status of their AWS accounts and identify any issues or
risks4. AWS Cost and Usage Report, AWS Artifact, and Amazon CloudFront reports are other AWS services or resources that provide different types of
information, such as billing, compliance, and content delivery, but they do not show the MFA status of the users.
NEW QUESTION 21
- (Topic 3)
Which cloud concept is demonstrated by using AWS Compute Optimizer?
A. Security validation
B. Rightsizing
C. Elasticity
D. Global reach

Answer: B
Explanation:
Rightsizing is the cloud concept that is demonstrated by using AWS Compute Optimizer. Rightsizing is the process of adjusting the type and size of your cloud
resources to match the optimal performance and cost for your workloads. AWS Compute Optimizer is a service that analyzes the configuration and utilization
metrics of your AWS resources, such as Amazon EC2 instances, Amazon EBS volumes, AWS Lambda functions, and Amazon ECS services on AWS Fargate. It
reports whether your resources are optimal, and generates optimization recommendations to reduce the cost and improve the performance of your workloads.
AWS Compute Optimizer uses machine learning to analyze your historical utilization data and compare it with the most cost-effective AWS alternatives. You can
use the recommendations to evaluate the trade-offs between cost and performance, and decide when to move or resize your resources to achieve the best results.
References: Workload Rightsizing - AWS Compute Optimizer - AWS, What is AWS Compute Optimizer? - AWS Compute Optimizer
NEW QUESTION 22
- (Topic 3)
Which AWS service provides a single location to track the progress of application migrations?
A. AWS Application Discovery Service

B. AWS Application Migration Service
C. AWS Service Catalog
D. AWS Migration Hub
Answer: D
Explanation:
AWS Migration Hub is a service that provides a single location to track the progress of application migrations across multiple AWS and partner solutions. It allows
you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of
applications1. AWS Migration Hub supports migration status updates from the following tools: AWS Application Migration Service, AWS Database Migration
Service, CloudEndure Migration, Server Migration Service, and Migrate for Compute Engine1.
The other options are not correct for the following reasons:
? AWS Application Discovery Service is a service that helps you plan your migration projects by automatically identifying servers, applications, and dependencies
in your on-premises data centers2. It does not track the progress of application migrations, but rather provides information to help you plan and scope your
migrations.
? AWS Application Migration Service is a service that helps you migrate and modernize applications from any source infrastructure to AWS with minimal downtime
and disruption3. It is one of the migration tools that can send status updates to AWS Migration Hub, but it is not the service that provides a single location to track
the progress of application migrations.
? AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS4. It does not track the
progress of application migrations, but rather helps you manage the provisioning and governance of your IT services.
References:
? 1: What Is AWS Migration Hub? - AWS Migration Hub
? 2: What Is AWS Application Discovery Service? - AWS Application Discovery Service
? 3: App Migration Tool - AWS Application Migration Service - AWS
? 4: What Is AWS Service Catalog? - AWS Service Catalog
NEW QUESTION 23
- (Topic 3)
A company needs an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. Amazon Inspector
C. AWS Security Hub
D. AWS Shield
Answer: B
Explanation:
The correct answer is B. Amazon Inspector.
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network
exposure. Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software
vulnerabilities and unintended network exposure12.
Amazon GuardDuty is a threat detection service that monitors your AWS accounts and workloads for malicious or unauthorized activity. Amazon GuardDuty does
not scan for software vulnerabilities, but rather analyzes AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs to detect threats such as compromised
credentials, backdoors, or crypto mining3.
AWS Security Hub is a security and compliance service that aggregates and prioritizes security findings from multiple AWS services and partner solutions. AWS
Security Hub does not scan for software vulnerabilities, but rather provides a comprehensive view of your security posture across your AWS accounts4.
AWS Shield is a managed service that protects your web applications and network resources from distributed denial-of-service (DDoS) attacks. AWS Shield does
not scan for software vulnerabilities, but rather provides detection and mitigation of DDoS attacks at the network and application layers5.
References:
1: Automated Software Vulnerability Management - Amazon Inspector - AWS 3: [Amazon GuardDuty – Intelligent Threat Detection Made Easy] 2: AWS Re-
Launches Amazon Inspector with New Architecture and Features - InfoQ 4: [AWS Security Hub – Unified Security and Compliance Center] 5: [AWS Shield –
Managed DDoS Protection]
NEW QUESTION 24
- (Topic 3)
Which AWS services can a company use to achieve a loosely coupled architecture? (Select TWO.)
A. Amazon Workspaces
B. Amazon Simple Queue Service (Amazon SQS)
C. Amazon Connect
D. AWS Trusted Advisor
E. AWS Step Functions

Answer: BE
Explanation:
Amazon Simple Queue Service (Amazon SQS) and AWS Step Functions are AWS services that can be used to achieve a loosely coupled architecture. Amazon
SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. AWS
Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. Using Step Functions, you can
design and run workflows that stitch together services such as AWS Lambda and Amazon SNS into feature-rich applications. References: Amazon SQS, AWS
Step Functions
NEW QUESTION 25
- (Topic 3)
Which company needs to apply security rules to a subnet for Amazon EC2 instances. Which AWS service or feature provides this functionality?
A. Network ACLs
B. Security groups
C. AWS Certificate Manager (ACM)
D. AWS Config
Answer: A
Explanation:
Network ACLs (network access control lists) are an AWS service or feature that provides the functionality of applying security rules to a subnet for EC2 instances.
A subnet is a logical partition of an IP network within a VPC (virtual private cloud). A VPC is a logically isolated section of the AWS Cloud where the company can
launch AWS resources in a virtual network that they define. A network ACL is a virtual firewall that controls the inbound and outbound traffic for one or more
subnets. The company can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless,
meaning that they do not track the traffic that flows through them. Therefore, the company must create rules for both inbound and outbound traffic4
NEW QUESTION 26
- (Topic 3)
According to the AWS shared responsibility model, which task is the customer's responsibility?
A. Maintaining the infrastructure needed to run AWS Lambda

B. Updating the operating system of Amazon DynamoDB instances
C. Maintaining Amazon S3 infrastructure
D. Updating the guest operating system on Amazon EC2 instances
Answer: D
Explanation:
The AWS shared responsibility model describes the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible
for the security of the cloud, which includes the hardware, software, networking, and facilities that run AWS services. The customer is responsible for security in
the cloud, which includes the customer data, applications, operating systems, and network and firewall configurations. Therefore, updating the guest operating
system on Amazon EC2 instances is the customer’s responsibility2
NEW QUESTION 27
- (Topic 3)
A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.
Which S3 feature should the company use to meet these requirements?
A. S3 Lifecycle rules
B. S3 Versioning
C. S3 bucket policies
D. S3 server-side encryption
Answer: B
Explanation:
S3 Versioning is a feature that allows you to keep multiple versions of an object in the same bucket. You can use S3 Versioning to protect your data from
accidental deletion or overwriting by enabling it on a bucket or a specific object. S3 Versioning also allows you to restore previous versions of an object if needed.
S3 Lifecycle rules are used to automate the transition of objects between storage classes or to expire objects after a certain period of time. S3 bucket policies are
used to control access to the objects in a
bucket. S3 server-side encryption is used to encrypt the data at rest in S3. References: S3 Versioning, S3 Lifecycle rules, S3 bucket policies, S3 server-side
encryption
NEW QUESTION 28
- (Topic 3)
In the AWS shared responsibility model, which tasks are the responsibility of AWS? (Select TWO.)
A. Patch an Amazon EC2 instance operating system.

B. Configure a security group.
C. Monitor the health of an Availability Zone.
D. Protect the infrastructure that runs Amazon EC2 instances.
E. Manage access to the data in an Amazon S3 bucket
Answer: CD
Explanation:
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, which includes the tasks of monitoring the health of an

Availability Zone and protecting the infrastructure that runs Amazon EC2 instances. An Availability Zone is a physically isolated location within an AWS Region that
has its own power, cooling, and network connectivity. AWS monitors the health and performance of each Availability Zone and notifies customers of any issues or
disruptions. AWS also protects the infrastructure that runs AWS services, such as Amazon EC2, by implementing physical, environmental, and operational security
measures. AWS is not responsible for patching an Amazon EC2 instance operating system, configuring a security group, or managing access to the data in an
Amazon S3 bucket. These are the customer’s responsibilities for security in the cloud. The customer must ensure that the operating system and applications on
their EC2 instances are up to date and secure. The customer must also configure the security group rules that control the inbound and outbound traffic for their
EC2 instances. The customer must also manage the access permissions and encryption settings for their S3 buckets and objects2
NEW QUESTION 29
- (Topic 3)
A company processes personally identifiable information (Pll) and must keep data in the country where it was generated. The company wants to use Amazon EC2
instances for these workloads.
Which AWS service will meet these requirements?
A. AWS Outposts
B. AWS Storage Gateway
C. AWS DataSync
D. AWS OpsWorks
Answer: A
Explanation:
AWS Outposts is an AWS service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility.
AWS Outposts enables you to run Amazon EC2 instances and other AWS services locally, while maintaining a consistent and seamless connection to the AWS
Cloud. AWS Outposts is ideal for workloads that require low latency, local data processing, or data residency. By using AWS Outposts, the company can process
personally identifiable information (PII) and keep data in the country where it was generated, while leveraging the benefits of AWS
NEW QUESTION 30
- (Topic 3)
Which AWS service should be used when a company needs to provide its remote employees with virtual desktops?
A. Amazon Identity and Access Management (IAM)

B. AWS Directory Service
C. AWS IAM Identity Center (AWS Single Sign-On)
D. Amazon Workspaces
Answer: D
Explanation:
The AWS service that should be used when a company needs to provide its remote employees with virtual desktops is Amazon WorkSpaces. Amazon
WorkSpaces is a fully managed, secure desktop-as-a-service (DaaS) solution that runs on AWS. Amazon WorkSpaces allows users to provision cloud-based
virtual desktops and provide their end users access to the documents, applications, and resources they need from any supported device, including Windows and
Mac computers, Chromebooks, iPads, Fire tablets, and Android tablets4. Amazon Identity and Access Management (IAM), AWS Directory Service, and AWS IAM
Identity Center (AWS Single Sign-On) are other AWS services related to identity and access management, but they do not provide virtual desktops.
NEW QUESTION 31
......

Thank You for Trying Our Product
We offer two products:
1st - We have Practice Tests Software with Actual Exam Questions
2nd - Questons and Answers in PDF Format
AWS-Certified-Cloud-Practitioner Practice Exam Features:
* AWS-Certified-Cloud-Practitioner Questions and Answers Updated Frequently
* AWS-Certified-Cloud-Practitioner Practice Questions Verified by Expert Senior Certified Staff
* AWS-Certified-Cloud-Practitioner Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* AWS-Certified-Cloud-Practitioner Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
100% Actual & Verified — Instant Download, Please Click

Order The AWS-Certified-Cloud-Practitioner Practice Test Here

Powered by TCPDF (www.tcpdf.org)

AWS-Certified-Cloud-Practitioner practice

Uploaded by

Copyright:

Available Formats

AWS-Certified-Cloud-Practitioner practice

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS-Certified-Cloud-Practitioner practice

Uploaded by

Copyright:

Available Formats

Recommend!!

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Management of IAM user permissions

A. Amazon Elastic Block Store (Amazon EBS) volume

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Ina single Availability Zone

A. AWS Ground Station

A. AWS Abuse team

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

C. AWS technical account managers

A. AWS Certificate Manager (ACM)

A. Amazon FSx for Lustre

A. Cost of data center operations

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Amazon OpenSearch Service

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. AWS Cost and Usage Report

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. AWS Application Discovery Service

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Maintaining the infrastructure needed to run AWS Lambda

A. Patch an Amazon EC2 instance operating system.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

A. Amazon Identity and Access Management (IAM)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

AWS-Certified-Cloud-Practitioner Practice Exam Features:

* AWS-Certified-Cloud-Practitioner Questions and Answers Updated Frequently

* AWS-Certified-Cloud-Practitioner Practice Questions Verified by Expert Senior Certified Staff

100% Actual & Verified — Instant Download, Please Click

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

You might also like