Sorry, you are out of time.
AWS CCP (CLF-C02) Practice Exam 1
Take your exam preparation to the next level with fully simulated online practice tests designed to replicate the real exam experience. These exams feature realistic questions, timed conditions, and detailed explanations to help you assess your knowledge, identify weak areas, and build confidence before test day.
1. You want to modify the IAM policy to deny the deletion of a specific object (important-data.txt) within the S3 bucket. However, deletion should be allowed if Multi-Factor Authentication (MFA) is present. What modification should be made?
important-data.txt
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::example-bucket", "arn:aws:s3:::example-bucket/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production" } } }, { "Effect": "Deny", "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::example-bucket/important-data.txt", "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "false" } } }, { "Effect": "Allow", "Action": "iam:ChangePassword", "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" } ] }
By adding "Bool": { "aws:MultiFactorAuthPresent": "true" } to the third statement, it allows deletion only when Multi-Factor Authentication (MFA) is present.
"Bool": { "aws:MultiFactorAuthPresent": "true" }
2. A development team is working on a critical project that requires 24/7 access to Cloud Support Engineers and a dedicated Technical Account Manager (TAM) for faster issue resolution. Which AWS Support plan provides these features to meet the high-availability needs of the project?
Enterprise Support provides 24/7 access to Cloud Support Engineers and includes a dedicated Technical Account Manager (TAM) for critical issues. It is ideal for projects with high-availability requirements and the need for rapid response times.
3. A company is migrating its existing Kubernetes workloads to AWS and needs a service that provides secure and reliable communication between containers across multiple Availability Zones. Which AWS service ensures secure communication between containers in a Kubernetes cluster?
AWS PrivateLink for Amazon EKS enables secure and private communication between containers in a Kubernetes cluster across multiple Availability Zones. It ensures that communication remains within the AWS network, enhancing security and reliability for the company's migration to AWS.
4. A media streaming company is looking for a compute service to host its backend services and APIs. The development team prefers a serverless architecture to minimize operational overhead. Which AWS service is a serverless compute option that automatically scales and manages the backend infrastructure?
AWS Lambda is a serverless compute service that automatically scales and manages the backend infrastructure based on the number of requests. It is an ideal choice for hosting backend services and APIs with minimal operational overhead. While EC2, Elastic Beanstalk, and Lightsail are also compute services, Lambda's serverless nature aligns with the development team's preference for minimizing operational tasks.
5. A medium-sized enterprise is looking for ongoing support and guidance to optimize their AWS usage, reduce costs, and ensure best practices. They want a service that offers a mix of technical support, infrastructure monitoring, and regular check-ins. Which AWS service aligns with these requirements?
AWS Managed Services (AMS) goes beyond basic technical support, offering ongoing optimization, infrastructure monitoring, and regular check-ins to ensure best practices. It is well-suited for enterprises seeking comprehensive managed services to optimize their AWS usage and reduce costs.
6. A financial services company wants to enhance the security of its applications by ensuring that traffic is inspected and filtered before reaching its AWS resources. Which AWS Global Accelerator feature allows the company to achieve this security goal?
Integrating AWS Web Application Firewall (WAF) with AWS Global Accelerator allows the financial services company to inspect and filter traffic before it reaches their AWS resources. This helps in enhancing security by protecting against common web application vulnerabilities and attacks.
7. A financial institution is migrating its critical applications to AWS and needs to ensure the highest level of security for cryptographic operations. The institution requires a dedicated hardware security module (HSM) that provides FIPS 140-2 Level 3 compliance. Which AWS service is best suited for this scenario?
AWS CloudHSM is the dedicated hardware security module (HSM) service that provides FIPS 140-2 Level 3 compliance. It is suitable for scenarios where a high level of security for cryptographic operations is required, such as in the financial institution's case.
8. A software development company is concerned about the environmental impact of its cloud operations. The team is debating whether to focus on optimizing resource usage or migrating to regions powered by renewable energy. Which design principle from the Well-Architected Framework should the team consider to address sustainability concerns?
The sustainability pillar of the Well-Architected Framework emphasizes minimizing the environmental impact of cloud operations. In this scenario, the team should consider the sustainability pillar to address environmental concerns. This involves optimizing resource usage for efficiency and considering the environmental impact of data centers, such as migrating to regions powered by renewable energy.
9. You have an EC2 instance in a public subnet of a VPC that needs to communicate with a database server in a private subnet. What modification should be made to the sample network ACL rules?
To enable communication from the public subnet to the private subnet's database server, you need to allow inbound traffic on the relevant port. In this case, MySQL typically uses TCP/3306. Therefore, the correct answer is to add an inbound rule allowing TCP/3306 from the private subnet's IP range, which ensures that the database server can receive traffic on the MySQL port from the EC2 instance.
10. You want to allow IAM users to change their own passwords but only for their own accounts. What modification should be made to the IAM policy?
By changing "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" to "Resource": "*" in the fourth statement, it allows users to change their own passwords for any IAM user in the account.
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
"Resource": "*"
11. In a scenario where multiple teams have varying levels of access to AWS resources, what IAM feature can be used to efficiently manage and assign permissions to different teams?
IAM Groups allow for the efficient management of permissions for multiple users with similar job roles. By assigning IAM users to groups and associating policies with groups, the organization can streamline access management and adhere to the principle of least privilege.
12. A retail company is looking to enhance its customer experience by implementing a recommendation engine that suggests personalized product recommendations on its e-commerce platform. Which AWS machine learning service is best suited for building and deploying a recommendation engine based on user behavior and preferences?
Amazon SageMaker is a fully managed service that allows developers and data scientists to build, train, and deploy machine learning models at scale. It is well-suited for scenarios like building recommendation engines based on user behavior. While Comprehend, Polly, and Lex are valuable AI services, SageMaker specifically addresses the requirement of developing and deploying machine learning models, making it the best choice for building a recommendation engine.
13. In the provided IAM policy, what actions are allowed for the example-bucket in Amazon S3?
example-bucket
The first statement in the policy allows the actions s3:GetObject, s3:PutObject, and s3:ListBucket on the specified S3 bucket (example-bucket).
s3:GetObject
s3:PutObject
s3:ListBucket
14. You have executed the script below to create an S3 bucket named my-s3-bucket. What additional configuration is required to make the bucket publicly accessible?
my-s3-bucket
s3api create-bucket --bucket my-s3-bucket --region us-east-1
s3 cp ./local-file.txt s3://my-s3-bucket/
iam create-user --user-name my-iam-user
iam attach-user-policy --user-name my-iam-user --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name my-key-pair
To make the bucket publicly accessible, you need to add a bucket policy allowing s3:GetObject for all users. While setting ACL or enabling public access settings can make the bucket public, they may not provide the specific access needed for the scenario.
15. After launching an EC2 instance using the script below, you realize that the instance is not accessible over SSH. What step might you have missed in the script?
To allow SSH traffic to the EC2 instance, you need to specify a security group that allows inbound SSH traffic. The security group acts as a virtual firewall and controls the traffic to your instance.
16. A Cloud Administrator is tasked with discovering and tracking the software deployed across the organization's AWS environment. Which AWS Marketplace service can assist the administrator in automatically discovering and cataloging software assets deployed on AWS?
AWS Marketplace Discovery API assists administrators in automatically discovering and cataloging software assets deployed on AWS. This service provides valuable insights into the software landscape across the organization's AWS environment.
17. A media streaming platform is using Amazon EventBridge to manage and process streaming events from millions of users. The platform wants to ensure that events related to user engagement are efficiently processed by downstream services. According to AWS best practices, which feature of Amazon EventBridge allows the platform to selectively route events to different targets based on their content?
Leveraging Event Filters in Amazon EventBridge enables the media streaming platform to selectively route events to different targets based on their content, such as user engagement events. Event Filters provide fine-grained control over the flow of events through the system. While Event Replay, Dead Letter Queue, and Event Bus are relevant features, Event Filters specifically address the platform's need for efficient event processing based on content.
18. ABC Corp uses AWS Elastic Load Balancing (ELB) to distribute incoming traffic across multiple Amazon EC2 instances. According to the AWS shared responsibility model, what is ABC Corp's responsibility in this scenario?
ABC Corp is responsible for ensuring the security of the application code running on the EC2 instances behind ELB. This includes implementing secure coding practices and addressing vulnerabilities in the application.
19. A company is running a data analytics workload on AWS using Amazon Redshift, and the volume of data processed each month varies significantly. The company wants to optimize costs for its analytics processing. Which AWS pricing option allows the company to pay for the actual amount of data processed rather than a fixed capacity?
Amazon Redshift Spectrum allows users to analyze data in Amazon S3 directly without the need to load it into Amazon Redshift. With Spectrum, users pay for the amount of data scanned during queries, providing a flexible and cost-efficient option for variable workloads. While On-Demand Instances, Reserved Instances, and Savings Plans are relevant to other AWS services, Redshift Spectrum specifically addresses the need for paying for actual data processed in analytics workloads.
20. A financial institution is migrating its critical database to the AWS Cloud. They require a pricing model that combines cost savings with a predictable monthly expense. Which AWS offering allows them to commit to a consistent amount of compute usage in exchange for a discount?
AWS Savings Plans provide savings over On-Demand pricing in exchange for a commitment to a consistent amount of compute usage (measured in $/hr) for a 1 or 3-year period. This combines cost savings with predictability.
21. A multinational e-commerce company is looking to enhance its product recommendations based on user behavior. They want to implement a machine learning solution that can analyze customer preferences and deliver personalized suggestions. Which AWS AI/ML service would be most suitable for this scenario?
Amazon SageMaker is a fully-managed service that enables developers and data scientists to build, train, and deploy machine learning models. In this scenario, SageMaker's capabilities align with the need for developing a machine learning solution to analyze customer preferences and provide personalized recommendations.
22. A healthcare organization is dealing with large volumes of patient records stored in various databases. The organization needs a fully-managed extract, transform, and load (ETL) service to prepare and load this data for analytics. Which AWS service is best suited for this ETL scenario?
AWS Glue is a fully-managed ETL service that automates the preparation and loading of data for analytics. It is suitable for scenarios where data needs to be extracted from various sources and transformed for analysis.
23. A machine learning (ML) development team is tasked with building a recommendation system for an e-commerce platform. The team needs to train and deploy ML models quickly while managing the entire ML lifecycle efficiently. Which AWS service is the most suitable for simplifying the end-to-end process of building, training, and deploying machine learning models?
In this scenario, Amazon SageMaker is the most appropriate choice. Amazon SageMaker is a fully managed service that provides the capability to build, train, and deploy machine learning models at scale. It simplifies the ML lifecycle, allowing the development team to focus on building effective recommendation models without the need for managing the underlying infrastructure.
24. You want to modify the provided S3 bucket policy to grant access to a new IAM user (new-user) for performing all S3 actions on objects within the bucket. Which part of the policy should you update?
new-user
{
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
},
"NotIpAddress": {
"aws:SourceIp": "203.0.113.128/32"
}
"Effect": "Deny",
"Action": "s3:*",
"Bool": {
"aws:SecureTransport": "false"
]
To grant access to a new IAM user, you should add a new statement with "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::NEW-USER-ACCOUNT-ID:user/new-user" } specifying the appropriate user details.
"Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::NEW-USER-ACCOUNT-ID:user/new-user" }
25. You have an application server in a VPC, and you want to ensure that it can communicate with a third-party API server over HTTPS (TCP/443). What modification should be made to the network ACL rules below?
To enable communication from the application server to the third-party API server over HTTPS, you need to add an outbound rule allowing traffic on TCP/443 to the API server's IP range. This allows the application server to initiate connections to the API server on the specified port. By restricting the rule to the necessary protocol and destination, you ensure that the communication is secure and only allows traffic to the required destination.
26. You have an EC2 instance in a private subnet of a VPC, and you want to allow outbound internet access for software updates. Which modification should be made to the security group rules?
Add an outbound rule allowing TCP/80 and TCP/443 to 0.0.0.0/0. This is because outbound internet access typically requires allowing traffic to destinations outside the VPC. By specifying 0.0.0.0/0 as the destination IP range, you allow the EC2 instance to communicate with any server on the internet over HTTP (TCP/80) and HTTPS (TCP/443), which is commonly used for software updates.
27. A company is looking for a way to securely connect its on-premises data center to AWS, ensuring private and dedicated network communication. What AWS service facilitates this type of connectivity?
AWS Direct Connect establishes a dedicated network connection between an organization's on-premises data center and AWS. It provides private and dedicated network communication, ensuring secure and reliable connectivity.
28. A Cloud Practitioner is facing a complex technical challenge while implementing AWS services for a project. They need step-by-step guidance and best practices for the specific scenario. Which AWS resource is best suited for providing prescriptive guidance with detailed instructions?
The AWS Knowledge Center offers prescriptive guidance with step-by-step instructions for specific scenarios. It provides detailed solutions and best practices to help users overcome technical challenges
29. An organization has acquired a startup that was operating independently with its own AWS account. The CTO wants to streamline the management of both the parent company's AWS resources and the startup's resources. Which AWS feature provides a solution for managing multiple AWS accounts under a unified structure?
AWS Organizations provides a hierarchical structure for managing multiple AWS accounts. In this scenario, the organization can use AWS Organizations to link the parent company's account and the startup's account, enabling unified management and consolidated billing.
30. You want to allow only specific IP addresses (192.168.2.0/24) to connect to an EC2 instance via SSH. Which modification should be made to the security group rules?
192.168.2.0/24
Update Rule 1 to allow SSH from the specific IP range 192.168.2.0/24. By modifying Rule 1, you can ensure that only the specified IP addresses are allowed to connect via SSH. This is a more precise approach than adding a new rule or modifying other rules, as it directly aligns with the requirement to restrict SSH access to the specified IP range.
31. A data analytics company deals with large datasets and requires a storage option that offers low-cost archiving with flexible retrieval times. Which AWS storage option aligns with these requirements?
Amazon S3 Glacier is designed for low-cost archiving of infrequently accessed data with flexible retrieval times. For a data analytics company dealing with large datasets that don't require immediate access, S3 Glacier provides a cost-effective solution for archival storage with retrieval times optimized for infrequent access.
32. A manufacturing company is deploying IoT devices across its production floor to monitor equipment health and performance. They want to ensure real-time communication between devices and minimize latency. Which AWS IoT Core feature should they leverage to enable low-latency, bi-directional communication between devices?
To enable low-latency, bi-directional communication between IoT devices, the manufacturing company should leverage the MQTT (Message Queuing Telemetry Transport) protocol in AWS IoT Core. MQTT is a lightweight and efficient protocol designed for reliable communication between devices, making it suitable for scenarios where minimizing latency is crucial.
33. An enterprise is in the process of migrating its legacy applications to AWS, and the IT team needs a tool that can assist in evaluating the readiness of each application for migration. Which AWS Migration Hub feature provides insights into the compatibility and migration readiness of on-premises applications?
The correct answer is Migration Readiness Assessment. AWS Migration Hub includes a feature called Migration Readiness Assessment, which provides insights into the compatibility and migration readiness of on-premises applications. This tool assists the IT team in evaluating each application's readiness for migration.
34. A financial institution has multiple AWS accounts for different business units, each requiring access to a shared database with sensitive financial data. The institution wants to ensure that database credentials are securely shared among the accounts while maintaining proper access controls. Which AWS service facilitates the secure sharing of secrets across accounts?
AWS Secrets Manager allows the secure sharing of secrets across AWS accounts. By creating resource-based policies, the financial institution can grant specific accounts access to the shared database credentials while maintaining proper access controls.
35. A high-performance database application running on Amazon EC2 instances requires persistent and low-latency block storage. The application demands the ability to scale storage capacity and performance independently. Which Amazon EBS volume type is most suitable for this scenario?
In scenarios where high-performance database applications require low-latency block storage with the ability to scale both capacity and performance independently, Amazon EBS Provisioned IOPS (io1) is the appropriate choice. It allows users to provision the desired amount of IOPS (input/output operations per second) to meet specific application requirements.
36. You want to modify the S3 bucket policy to allow access from any IP address for reading objects (s3:GetObject) in the bucket, but deny access from a specific IP address (192.168.1.1). Which modification should be made?
192.168.1.1
By adding "NotIpAddress": { "aws:SourceIp": "192.168.1.1" } to the first statement, it allows access from any IP except the specified one.
"NotIpAddress": { "aws:SourceIp": "192.168.1.1" }
37. In the S3 bucket policy below, what is the purpose of the "IpAddress" condition in the first statement?
"IpAddress"
The "IpAddress" condition in the first statement ensures that requests are allowed only from the specified IP range (203.0.113.0/24).
38. A software development company follows the best practice of granting the least privilege necessary for users and applications. However, there is a need for a specific IAM user to temporarily escalate their permissions for a critical update. What IAM feature should be used to achieve this without compromising long-term security?
IAM Roles are designed for temporary permissions escalation. By assigning the required policies to an IAM Role and allowing the specific IAM user to assume that role for the duration of the critical update, the principle of least privilege is maintained while meeting the temporary elevated permissions needs.
39. A financial institution requires a disaster recovery strategy that involves replicating data across multiple geographic locations. Which AWS service can fulfill this requirement?
Amazon S3 Cross-Region Replication allows automatic replication of objects across different AWS regions. This ensures data durability and provides a robust disaster recovery solution for scenarios where data redundancy is crucial.
40. A manufacturing company has a fleet of IoT devices spread across different locations. They want to securely connect and manage these devices, collect telemetry data, and perform remote actions. Which AWS service is most suitable for this scenario?
AWS IoT Core is a managed cloud service designed for securely connecting and managing IoT devices. It allows the collection of telemetry data from a fleet of devices, supports secure communication, and provides features for managing the devices remotely.
41. A company wants to experiment with AWS services for a new project, and they are seeking support for general questions and best practices. They do not require immediate assistance for critical issues. Which AWS support plan is appropriate for this exploratory phase?
AWS Developer Support is designed for organizations experimenting with AWS services. It provides support for general questions, best practices, and architectural guidance. While it does not offer 24/7 access to Cloud Support Engineers, it is suitable for non-critical phases of projects.
42. A video production company is looking for a file storage solution that supports high-performance file-based workflows for editing and rendering large video files. The organization needs a fully-managed service with Windows-based compatibility. Which AWS file service is the most suitable for this requirement?
Amazon FSx for Windows File Server is designed for high-performance file-based workflows, making it suitable for video production scenarios that require Windows-based compatibility.
43. An organization is using Amazon EC2 instances to host its web application, and the security team is defining the responsibilities for securing the operating system running on these instances. According to the AWS shared responsibility model, which task is the responsibility of AWS as part of securing the EC2 instances?
In the AWS shared responsibility model, AWS is responsible for the security of the underlying infrastructure, including installing security patches on the hardware and hypervisor. The customer is responsible for tasks such as configuring firewall rules, data encryption, and managing access controls. While the customer plays a role in securing the operating system, AWS takes care of the underlying infrastructure's security, including patching.
44. A financial institution is implementing a hybrid cloud strategy and needs to ensure high availability for its on-premises applications using AWS Storage Gateway. The institution wants to maintain a full copy of its on-premises data in Amazon S3 for disaster recovery purposes. Which type of AWS Storage Gateway deployment would meet the institution's requirements?
For high availability and disaster recovery, Gateway-Stored Volumes is the suitable deployment type. It maintains a full copy of the on-premises data in Amazon S3, providing a durable and scalable solution for disaster recovery purposes while allowing the on-premises applications to access the data locally.
45. A large enterprise with multiple departments wants to allocate costs to individual teams based on their AWS resource consumption. Which AWS Budgets capability can assist the enterprise in achieving this cost allocation goal?
Tag-Based Budgets in AWS Budgets allow the enterprise to allocate costs based on resource tags. By tagging AWS resources with relevant information, such as department or team names, the enterprise can create budgets specific to those tags. This enables precise cost allocation and reporting for each department or team.
46. A company is hosting a web application that involves frequent, small updates to individual functions. Which AWS compute service is suitable for executing small, frequent updates to functions without managing the entire application infrastructure?
For executing small, frequent updates to functions without managing the entire application infrastructure, AWS Lambda is the ideal choice. Lambda allows developers to focus on individual functions, enabling seamless and efficient updates.
47. A company is deploying a new application in the AWS cloud and wants to ensure that the infrastructure is properly configured for optimal performance and security. The IT team is looking for a service that can help them select the right combination of AWS resources and settings based on the application's requirements. Which AWS service can assist in this scenario by providing recommendations for an optimized infrastructure setup?
The AWS Well-Architected Tool provides recommendations for designing a well-architected infrastructure. It helps the IT team select the right combination of AWS resources and settings, ensuring optimal performance and security for the deployed application.
48. A large e-commerce company is dealing with vast amounts of unstructured data, including customer reviews, product descriptions, and images. The company wants to transform and clean this data for analytics purposes. Which AWS Glue feature can the company leverage to automatically discover and catalog the metadata of its unstructured data stored in Amazon S3?
AWS Glue Crawler is a feature that allows the automatic discovery and cataloging of metadata for unstructured data stored in sources like Amazon S3. It analyzes the data and creates metadata tables in the AWS Glue Data Catalog, providing a foundation for subsequent ETL (Extract, Transform, Load) processes. While Glue ETL Jobs, DataBrew, and Schema Evolution are valuable features, Glue Crawler specifically addresses the e-commerce company's need to discover and catalog metadata for unstructured data.
49. A multinational organization with multiple AWS accounts wants to centralize user management and access policies. What AWS service or feature is suitable for achieving centralized identity and access management across accounts?
AWS Organizations enables centralized identity and access management across multiple AWS accounts. It allows organizations to consolidate user accounts and apply policies uniformly, improving governance and security.
50. A multinational company has a web application with users distributed globally. The company wants to improve the performance of the application by delivering content to users with lower latency. Which AWS service should they use to achieve this goal by caching content at edge locations around the world?
Amazon CloudFront is a content delivery network (CDN) service that caches content at edge locations globally. By using CloudFront, the company can distribute content closer to end-users, reducing latency and improving the overall performance of the web application.
51. A finance company is developing a mobile app for real-time stock trading and wants to ensure that stock prices are delivered with the lowest possible latency. Which AWS service can assist in achieving low-latency delivery by leveraging edge locations?
Amazon CloudFront, with its edge locations, can cache and deliver real-time stock prices quickly to users, ensuring the lowest possible latency for the finance company's mobile app.
52. A system administrator is tasked with configuring security groups for a set of EC2 instances that require specific inbound and outbound rules. The administrator needs to perform this task once during the initial setup. Which deployment method is most suitable for this scenario?
Security group configurations, being part of the initial setup, are typically one-time operations. These settings are specific to the environment's security requirements and do not require frequent changes.
53. A company is concerned about the potential impact of adding new features to its existing web application. They want to ensure that the introduction of new features does not negatively affect the overall user experience. Which AWS service can help the company by providing end-to-end visibility into the requests flowing through the web application, including detailed information about each component's performance?
For the company seeking to assess the impact of new features on its web application, AWS X-Ray emerges as a valuable solution for obtaining end-to-end visibility into request flows. AWS X-Ray captures detailed information about the performance of each component involved in processing requests, offering a comprehensive view of the entire transaction lifecycle.
54. A media company relies on AWS Lambda for serverless video processing. In the shared responsibility model, what security aspect is shared between the customer and AWS?
Configuring security groups and network ACLs for Lambda is a shared responsibility. The customer manages access controls for their serverless functions, while AWS ensures the physical security of the Lambda data centers.
55. An organization has a significant amount of data stored in on-premises servers, and the available network bandwidth for data transfer to AWS is limited. Which migration strategy would be most efficient in overcoming bandwidth limitations and securely transferring large volumes of data to the AWS Cloud?
AWS Snowball is a physical data transport solution that overcomes bandwidth limitations by allowing organizations to transfer large volumes of data securely. It provides a hardware device that can be shipped to the organization's location for data transfer, ensuring efficiency in scenarios with restricted network bandwidth.
56. A company operates a development environment that follows a predictable schedule, with instances running only during business hours. What type of Reserved Instances would be most appropriate for optimizing costs in this scenario?
Scheduled Reserved Instances allow the company to reserve instances for specific time slots each day or week. This is ideal for a development environment with predictable usage patterns, providing cost savings while ensuring that instances are available during the required hours.
57. A gaming company is developing a multiplayer online game that requires fast and predictable performance for player data retrieval. The company needs a NoSQL database that can provide low-latency access to player profiles and game progress. Which AWS service is the best fit for this scenario?
Amazon DynamoDB provides fast and predictable performance for NoSQL databases. It is well-suited for applications like multiplayer online games that require low-latency access to player profiles and game progress. DynamoDB's performance capabilities make it the optimal choice for this gaming company.
58. A financial institution needs a centralized view of its security posture across multiple AWS accounts and regions. Which AWS service can assist the institution by aggregating and prioritizing security findings from various AWS services?
AWS Security Hub provides a centralized view of security findings across AWS accounts and regions. It aggregates and prioritizes security findings from various AWS services, enabling the financial institution to have a comprehensive and prioritized view of its security posture.
59. A multinational organization with various business units is using AWS for its cloud infrastructure. Each business unit has its own set of resources, and the finance department needs a detailed breakdown of costs for each unit. Which AWS feature allows the organization to achieve this level of granular cost allocation?
AWS Cost Allocation Tags enable organizations to categorize and allocate costs to specific resources based on user-defined tags. In this scenario, tagging resources with business unit identifiers allows the finance department to obtain a detailed breakdown of costs for each unit using AWS Cost and Usage Reports.
60. A technology startup is focused on maintaining regulatory compliance in its AWS environment. The startup needs to retain AWS API activity logs for an extended period and periodically analyze them for compliance reporting. Which AWS service facilitates the retention and analysis of AWS API activity logs?
AWS CloudTrail is the appropriate choice for the startup's compliance requirements. It allows for the retention of AWS API activity logs, enabling the startup to maintain historical records for an extended period. Additionally, these logs can be periodically analyzed for compliance reporting, ensuring adherence to regulatory requirements.
61. A development team is working on a project that involves managing and sharing software packages securely across different AWS accounts and regions. The team is looking for a service that acts as a scalable and fully managed artifact repository. Which AWS service would be the most suitable for storing, sharing, and managing software artifacts such as dependencies, libraries, and packages across multiple accounts and regions?
AWS CodeArtifact is a fully managed artifact repository that allows teams to store, share, and manage software artifacts securely. It supports package management for dependencies, libraries, and packages, providing a scalable solution for multi-account and multi-region use cases in a development project.
62. A technology company is hosting a public-facing website on Amazon EC2 instances and needs to protect against common web exploits and vulnerabilities. Which AWS service should the company use to implement DDoS protection and secure its website from malicious traffic?
To implement DDoS protection and secure a public-facing website from malicious traffic, the technology company should use AWS Shield. AWS Shield provides automatic DDoS protection and helps safeguard web applications from common web exploits.
63. A gaming company is developing a multiplayer online game that requires real-time leaderboards to display player rankings. They need a caching solution that can handle frequent updates and retrievals of player scores with sub-millisecond latency. Which AWS service is the most suitable for implementing the leaderboards?
Amazon ElastiCache for Redis is a fully managed, Redis-compatible caching service. It provides sub-millisecond latency and is well-suited for use cases that require real-time data updates, such as leaderboards in multiplayer games.
64. A media production company is looking for a cost-effective solution to store large video files and archives. The company wants to optimize costs based on access patterns. Which AWS storage service is the most appropriate for this use case?
Amazon S3 Intelligent-Tiering automatically moves objects between access tiers based on changing access patterns, making it cost-effective for storing large video files with varying access frequencies.
65. A company is concerned about unauthorized access to their Amazon EC2 instances and wants to implement an additional layer of security by controlling access at the network level. Which service can help achieve this by acting as a virtual firewall for Amazon EC2 instances?
Security Groups act as a virtual firewall for Amazon EC2 instances, controlling inbound and outbound traffic. By configuring Security Groups, the organization can implement an additional layer of network-level security to prevent unauthorized access.
Your score is
Restart Exam
