• Home
  • Articles
  • Latest CLF-C01 Actual Free Exam Questions Updated 600 Questions [Q94-Q118]

Latest CLF-C01 Actual Free Exam Questions Updated 600 Questions [Q94-Q118]

Share

Latest CLF-C01 Actual Free Exam Questions Updated 600 Questions

Free CLF-C01 Exam Braindumps certification guide Q&A

NEW QUESTION # 94
Which AWS services provides a quick and automated way to create and manage AWS accounts?

  • A. AWS Organizations
  • B. AWS QuickSight
  • C. Amazon Lighsil
  • D. Amazon Connect

Answer: A


NEW QUESTION # 95
Which AWS service provides encryption at rest for Amazon RDS and for Amazon Elastic Block Store (Amazon EBS) volumes?

  • A. AWS Lambda
  • B. AWS Key Management Service (AWS KMS)
  • C. Amazon Rekognition
  • D. AWSWAF

Answer: B

Explanation:
AWS Key Management Service (AWS KMS) is a managed service that enables you to easily encrypt your data. AWS KMS provides you with centralized control of the encryption keys used to protect your data. You can use AWS KMS to encrypt data in Amazon RDS and Amazon EBS volumes12


NEW QUESTION # 96
Which AWS services should be used for read/write of constantly changing data? (Select TWO.)

  • A. Amazon Glacier
  • B. AWS Snowball
  • C. Amazon Redshift
  • D. Amazon EFS
  • E. Amazon RDS

Answer: C,E


NEW QUESTION # 97
Which Amazon Virtual Private Cloud (Amazon VPC) feature enables users to connect two VPCs together?

  • A. Amazon Elastic Compute Cloud (Amazon EC2) ClassicLink
  • B. AWS Direct Connect
  • C. Amazon VPC peering
  • D. Amazon VPC endpoints

Answer: C

Explanation:
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).
Reference:
https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html


NEW QUESTION # 98
Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)

  • A. AWS Forums
  • B. AWS Trusted Advisor
  • C. AWS Online Tech Talks
  • D. AWS Blog
  • E. AWS Classroom Training

Answer: C,E


NEW QUESTION # 99
Which AWS service can be used to provide an on-demand, cloud-based contact center?

  • A. AWS Support Center
  • B. AWS Direct Connect
  • C. Amazon Connect
  • D. AWS Managed Services

Answer: C

Explanation:
https://aws.amazon.com/connect/


NEW QUESTION # 100
Which AWS tools assist with estimating costs? (Select three.)

  • A. Cost allocation tags
  • B. Detailed billing report
  • C. AWS Total Cost of Ownership (TCO) Calculator
  • D. AWS Simple Monthly Calculator
  • E. Cost Estimator

Answer: A,C,D

Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/estimating-aws-resource-costs/


NEW QUESTION # 101
What are the advantages of the AWS Cloud? (Choose two.)

  • A. No need to guess capacity requirements
  • B. Increased speed to market
  • C. Physical access to cloud data centers
  • D. Increased upfront capital expenditure
  • E. Fixed rate monthly cost

Answer: A,B

Explanation:
Explanation/Reference: https://data-flair.training/blogs/aws-advantages/


NEW QUESTION # 102
Which AWS service should a company use to provision, manage, and deploy SSL/TLS certificates?

  • A. AWS Secrets Manager
  • B. AWS CodeDeploy
  • C. Amazon Inspector
  • D. AWS Certificate Manager (ACM)

Answer: D


NEW QUESTION # 103
What information is found on an AWS Identity and Access Management (IAM) credential report? (Select TWO.)

  • A. The type of multi-factor authentication (MFA) device assigned to an IAM user.
  • B. The date and time when an IAM user's password was last used to sign in to the AWS Management Console
  • C. Whether multi-factor authentication (MFA) has been enabled for an IAM user.
  • D. The User-Agent browser identifier for each IAM user currently logged in B
  • E. The number of incorrect login attempts by each IAM user in the previous 30 days.

Answer: B,D


NEW QUESTION # 104
A web application is hosted on AWS using an Elastic Load Balancer, multiple Amazon EC2 instances, and Amazon RDS.
Which security measures fall under the responsibility of AWS? (Select TWO.)

  • A. Running a virus scan on EC2 instances
  • B. Encrypting communication between the EC2 instances and the Elastic Load Balancer
  • C. Protecting against IP spoofing and packet sniffing
  • D. Configuring a security group and a network access control list (NACL) for EC2 instances
  • E. Installing the latest security patches on the RDS instance

Answer: C,E


NEW QUESTION # 105
Which AWS service provides this functionality?

  • A. AWS Control Tower
  • B. AWS Systems Manager
  • C. AWS Config
  • D. AWS IAM Identity Center (AWS Single Sign-On)

Answer: A

Explanation:
AWS Control Tower is a service that provides an easy way to set up and govern a secure, multi-account AWS environment. It automates the creation of accounts, organizational units, policies, and best practices based on the AWS Well-Architected Framework. AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to centrally manage access to multiple AWS accounts and business applications using a single sign-on experience. AWS Systems Manager is a service that provides operational management for AWS resources and applications. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources.


NEW QUESTION # 106
Which AWS IAM feature is used to associate a set of permissions with multiple users?

  • A. Groups
  • B. Multi-factor authentication
  • C. Password policies
  • D. Access keys

Answer: A

Explanation:
Explanation
An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need.


NEW QUESTION # 107
A company needs to host a highly available application in the AWS Cloud. The application runs infrequently for short periods of time.
Which AWS service will meet these requirements with the LEAST amount of operational overhead?

  • A. AWS Lambda
  • B. AWS Fargate
  • C. Amazon Aurora
  • D. Amazon EC2

Answer: A

Explanation:
The AWS service that will meet the requirements of the company that needs to host a highly available application in the AWS Cloud that runs infrequently for short periods of time with the least amount of operational overhead is AWS Lambda. AWS Lambda is a serverless compute service that allows customers to run code without provisioning or managing servers. The company can use AWS Lambda to create and deploy their application as functions that are triggered by events, such as API calls, messages, or schedules. AWS Lambda automatically scales the compute resources based on the demand, and customers only pay for the compute time they consume. AWS Lambda also simplifies the management and maintenance of the application, as customers do not need to worry about the underlying infrastructure, security, or availability.
Amazon EC2, AWS Fargate, and Amazon Aurora are not the best services to use for this purpose. Amazon EC2 is a service that provides scalable compute capacity in the cloud, and allows customers to launch and run virtual servers, called instances, with a variety of operating systems, configurations, and specifications.
Amazon EC2 requires customers to provision and manage the instances, and pay for the instance hours they use, regardless of the application usage. AWS Fargate is a serverless compute engine for containers that allows customers to run containerized applications without managing servers or clusters. AWS Fargate requires customers to specify the amount of CPU and memory resources for each container, and pay for the resources they allocate, regardless of the application usage. Amazon Aurora is a fully managed relational database service that provides high performance, availability, and compatibility. Amazon Aurora is not a compute service, and it is not suitable for hosting an application that runs infrequently for short periods of time12


NEW QUESTION # 108
What tasks should a customer perform when that customer suspects an AWS account has been compromised? (Choose two.)

  • A. Move resources to a different AWS Region.
  • B. Rotate passwords and access keys.
  • C. Contact AWS Support.
  • D. Remove MFA tokens.
  • E. Delete AWS CloudTrail Resources.

Answer: B,C

Explanation:
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/


NEW QUESTION # 109
Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:

  • A. as-needed access.
  • B. least privilege access.
  • C. restricted access.
  • D. token access.

Answer: B

Explanation:
Explanation
When you create IAM policies, follow the standard security advice of granting least privilege, or granting only the permissions required to perform a task. Determine what users (and roles) need to do and then craft policies that allow them to perform only those tasks.


NEW QUESTION # 110
What helps a company provide a lower latency experience to its users globally?

  • A. Using an AWS Region that is central to all users
  • B. Using edge locations to put content closer to all users
  • C. Enabling caching in the AWS Region that is being used
  • D. Using a second Availability Zone in the AWS Region that is using used

Answer: A

Explanation:
Reference:https://docs.aws.amazon.com/whitepapers/latest/aws-overview/six-advantages-of-cloud-computing.ht


NEW QUESTION # 111
How can the AWS Cloud increase user workforce productivity after migration from an on-premises data center?

  • A. Users do not have to wait for infrastructure provisioning
  • B. AWS takes over application configuration management on behalf of users
  • C. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure
  • D. Users do not need to address security and compliance issues

Answer: A


NEW QUESTION # 112
Which AWS service can be used to automatically scale an application up and down without making capacity planning decisions?

  • A. AWS CloudTrail
  • B. AWS Lambda
  • C. Amazon EBS
  • D. Amazon Redshift

Answer: B


NEW QUESTION # 113
When comparing AWS Cloud with on-premises Total Cost of Ownership, which expenses must be considered? (Choose two.)

  • A. Physical servers
  • B. Software development
  • C. Project management
  • D. Antivirus software license
  • E. Storage hardware

Answer: A,E

Explanation:
Explanation/Reference: https://aws.amazon.com/blogs/aws/the-new-aws-tco-calculator/


NEW QUESTION # 114
Which AWS service can a company use to securely store and encrypt passwords for a database?

  • A. AWS Secrets Manager
  • B. AWS Shield
  • C. AWS Identity and Access Management (IAM)
  • D. Amazon Cognito

Answer: A

Explanation:
AWS Secrets Manager is an AWS service that can be used to securely store and encrypt passwords for a database. It allows users to manage secrets, such as database credentials, API keys, and tokens, in a centralized and secure way. It also provides features such as automatic rotation, fine-grained access control, and auditing.
AWS Shield is an AWS service that provides protection against Distributed Denial of Service (DDoS) attacks for AWS resources and services. It does not store or encrypt passwords for a database. AWS Identity and Access Management (IAM) is an AWS service that allows users to manage access to AWS resources and services. It can be used to create users, groups, roles, and policies that control who can do what in AWS. It does not store or encrypt passwords for a database. Amazon Cognito is an AWS service that provides user identity and data synchronization for web and mobile applications. It can be used to authenticate and authorize users, manage user profiles, and sync user data across devices. It does not store or encrypt passwords for a database.


NEW QUESTION # 115
Amazon Route 53 enables users to:

  • A. encrypt data in transit.
  • B. generate and manage SSL certificates OD.
  • C. establish a dedicated network connection to AWS
  • D. register DNS domain names

Answer: D


NEW QUESTION # 116
Which service is an AWS in-memory data store service?

  • A. Amazon DynamoDB
  • B. Amazon RDS
  • C. Amazon Aurora
  • D. Amazon ElastiCache

Answer: D


NEW QUESTION # 117
You notice that five of your 10 S3 buckets are no longer available in your account, and you assume that they have been deleted. You are unsure who may have deleted them, and no one is taking responsibility. What should you do to investigate and find out who deleted the S3 buckets?
Choose the Correct answer:

  • A. Look at the S3 logs.
  • B. Look at the SNS logs.
  • C. Look at the CloudWatch Logs.
  • D. Look at the CloudTrail logs.

Answer: D

Explanation:
CloudTrail is logging service that logs actions taken by AWS users in your AWS account, such as creating/deleting S3 buckets, starting/stopping EC2 stances, etc.


NEW QUESTION # 118
......

CLF-C01 Certification Overview Latest CLF-C01 PDF Dumps: https://www.examcollectionpass.com/Amazon/CLF-C01-practice-exam-dumps.html

Top Amazon CLF-C01 Exam Audio Study Guide! Practice Questions Edition: https://drive.google.com/open?id=1DGJ8cjD8qbq61-9Atta0mrA2QsjopEgi

Related Articles

more
Amazon CLF-C01 Certification Practice Exam