Sorry, you are out of time.
AWS CCP (CLF-C02) Practice Exam 2
Take your exam preparation to the next level with fully simulated online practice tests designed to replicate the real exam experience. These exams feature realistic questions, timed conditions, and detailed explanations to help you assess your knowledge, identify weak areas, and build confidence before test day.
1. A company wants to ensure that its IAM users follow a least privilege model and only have the permissions necessary for their tasks. What is the recommended approach to achieve this goal?
Creating IAM roles with specific permissions for each job function aligns with the principle of least privilege. IAM roles provide temporary credentials, granting users access only to the necessary resources for their tasks. This approach enhances security and control.
2. A startup is concerned about unauthorized access to its EC2 instances and wants to implement multi-factor authentication (MFA) for enhanced security. Which AWS service supports the implementation of MFA for AWS account access?
To enhance security with MFA, the startup should configure AWS Identity and Access Management (IAM). IAM supports the implementation of multi-factor authentication, providing an additional layer of protection for AWS account access.
3. A financial services company is migrating its applications to the cloud and needs a file storage solution that is compatible with its existing Windows-based applications. The organization requires support for features such as Active Directory integration and SMB protocol. Which AWS file service meets these compatibility requirements?
Amazon FSx for Windows File Server is designed for Windows-based applications, providing compatibility with Active Directory integration and support for the SMB protocol.
4. In the provided IAM policy, what actions are allowed for the example-bucket in Amazon S3?
example-bucket
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::example-bucket", "arn:aws:s3:::example-bucket/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production" } } }, { "Effect": "Deny", "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::example-bucket/important-data.txt", "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "false" } } }, { "Effect": "Allow", "Action": "iam:ChangePassword", "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" } ] }
The first statement in the policy allows the actions s3:GetObject, s3:PutObject, and s3:ListBucket on the specified S3 bucket (example-bucket).
s3:GetObject
s3:PutObject
s3:ListBucket
5. A financial services firm is migrating its workloads to AWS and wants to ensure that all dependencies between applications are considered during the migration planning. Which AWS Migration Hub component helps identify and catalog the relationships between on-premises applications to facilitate a comprehensive migration strategy?
The correct answer is Application Discovery Service. AWS Migration Hub includes Application Discovery Service, which helps identify and catalog the relationships between on-premises applications. This information is crucial for understanding dependencies and planning a comprehensive migration strategy.
6. An organization with a focus on cost management and forecasting is interested in leveraging the AWS Pricing Calculator. Which AWS Support plan includes access to this tool, allowing them to analyze and optimize their AWS expenses?
Business Support includes access to the AWS Pricing Calculator, enabling organizations to forecast and optimize their AWS expenses. It provides valuable insights into the cost implications of different resource configurations.
7. A financial institution is streaming real-time financial market data and wants to process and analyze this data to identify trends and anomalies. Which AWS service is specifically designed for real-time analytics on streaming data?
Amazon Kinesis is a service that allows real-time processing of streaming data. It is suitable for scenarios where immediate analysis of streaming data, such as financial market data, is required to identify trends and anomalies.
8. After uploading a file to the S3 bucket created with the script below, you want to generate a pre-signed URL for temporary access to the file. Which AWS CLI command should you use?
s3api create-bucket --bucket my-s3-bucket --region us-east-1
s3 cp ./local-file.txt s3://my-s3-bucket/
iam create-user --user-name my-iam-user
iam attach-user-policy --user-name my-iam-user --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name my-key-pair
The aws s3 generate-presigned-url command is used to generate a pre-signed URL, and the correct syntax includes --bucket, --key (or --object), and --expires-in parameters.
aws s3 generate-presigned-url
--bucket
--key
--object
--expires-in
9. A medium-sized company is planning to migrate its on-premises workloads to AWS. The company is concerned about cost management during and after the migration. Which AWS Budgets feature can help the company ensure that costs are within acceptable limits during the migration process?
Budget Actions in AWS Budgets allow the company to automate responses to budget thresholds. This feature is particularly useful during the migration process to set up automatic actions, such as pausing non-essential workloads, when costs approach or exceed predefined limits. It provides proactive cost management and helps ensure that the migration stays within budget.
10. A media company is looking to enhance its security posture on AWS by monitoring and logging all activity related to AWS Identity and Access Management (IAM). The company wants to detect unauthorized access attempts and understand changes in IAM policies. Which AWS service can help the media company achieve this goal?
AWS CloudTrail is the suitable choice for monitoring and logging activity related to IAM. It provides detailed information about changes to IAM policies, allowing the media company to detect unauthorized access attempts and enhance its overall security posture on AWS.
11. A company is launching a new application with uncertain and fluctuating demand. They want a cost-effective solution that provides flexibility and does not involve upfront payments. Which AWS pricing model is best suited for this scenario?
Spot Instances allow users to bid for unused EC2 capacity, providing significant cost savings. While they are interruptible, they are ideal for workloads with flexible demand and no upfront commitments.
12. A gaming company has a distributed architecture with databases hosted on Amazon RDS and game servers running on Amazon EC2 instances. The organization needs a backup solution that allows for the consistent backup of databases and instances across different regions. Which AWS service is designed to address this cross-region backup requirement?
AWS Backup is designed for centralized and consistent backups across different AWS regions. It supports the backup of various AWS resources, including databases on Amazon RDS and instances on Amazon EC2, providing a unified solution for cross-region backup requirements.
13. A gaming company needs to deploy a serverless architecture to handle variable workloads and minimize costs. Which AWS compute service should they choose?
For serverless architecture and handling variable workloads, AWS Lambda is the ideal choice. Lambda allows developers to run code without provisioning or managing servers, making it cost-effective and scalable for variable workloads.
14. You have an EC2 instance in a public subnet of a VPC that needs to communicate with a database server in a private subnet. What modification should be made to the sample network ACL rules?
To enable communication from the public subnet to the private subnet's database server, you need to allow inbound traffic on the relevant port. In this case, MySQL typically uses TCP/3306. Therefore, the correct answer is to add an inbound rule allowing TCP/3306 from the private subnet's IP range, which ensures that the database server can receive traffic on the MySQL port from the EC2 instance.
15. A travel booking platform wants to maintain service availability during unexpected traffic spikes. How can the platform leverage AWS Availability Zones to ensure that it can handle increased demand without compromising performance?
Distributing application components across multiple Availability Zones allows the travel booking platform to handle increased demand by spreading the load. This approach enhances fault tolerance and ensures high availability during unexpected traffic spikes.
16. You want to modify the IAM policy to deny the deletion of a specific object (important-data.txt) within the S3 bucket. However, deletion should be allowed if Multi-Factor Authentication (MFA) is present. What modification should be made?
important-data.txt
By adding "Bool": { "aws:MultiFactorAuthPresent": "true" } to the third statement, it allows deletion only when Multi-Factor Authentication (MFA) is present.
"Bool": { "aws:MultiFactorAuthPresent": "true" }
17. A company is using AWS Lambda for its serverless functions. They want to ensure that they are not over-allocating resources for their functions. What parameter in AWS Lambda allows them to control the amount of memory allocated to each function, optimizing costs?
AWS Lambda allows users to specify the amount of memory allocated to each function. Adjusting the Memory Size parameter helps rightsize the resources allocated to the function, ensuring cost-effective execution.
18. A financial institution is concerned about the security of its AWS environment and wants to implement multi-factor authentication (MFA) for enhanced access control. Which IAM entity should the institution enable MFA for to add an extra layer of security?
Enabling multi-factor authentication (MFA) for IAM Users adds an extra layer of security by requiring users to provide a second authentication factor (e.g., a one-time password from a hardware or virtual MFA device) in addition to their regular IAM credentials. This helps protect sensitive financial data from unauthorized access.
19. An organization is using a single sign-on (SSO) solution to allow users seamless access to AWS services. What is the primary benefit of using SSO in this context?
Single sign-on (SSO) simplifies access management by allowing users to authenticate once and access multiple AWS services seamlessly. It reduces the need for managing separate IAM users for each employee, improving efficiency.
20. A company is developing a training program and needs a service that allows users to access a pre-configured virtual desktop environment for learning purposes. The environment should include specific applications and settings. Which AWS service is suitable for providing a customized virtual desktop environment for training?
Amazon AppStream 2.0 allows users to access pre-configured virtual desktop environments for learning and training purposes. It is suitable for providing a customized environment with specific applications and settings.
21. A multinational corporation needs to store and share large datasets among its global teams. The data is frequently accessed and updated by multiple users concurrently. Which AWS storage service would meet these requirements?
Amazon Elastic File System (Amazon EFS) provides scalable and shared file storage, making it suitable for scenarios where multiple users need concurrent access to frequently updated datasets.
22. A development team is building a microservices-based application and requires a serverless compute service that allows them to run containers without managing the underlying infrastructure. Which AWS compute service provides a serverless experience for containerized applications?
For a serverless experience with containerized applications, AWS Fargate is the appropriate choice. Fargate allows developers to run containers without the need to manage the underlying infrastructure, simplifying the deployment and management of containerized workloads.
23. You have an application server in a VPC, and you want to ensure that it can communicate with a third-party API server over HTTPS (TCP/443). What modification should be made to the network ACL rules below?
To enable communication from the application server to the third-party API server over HTTPS, you need to add an outbound rule allowing traffic on TCP/443 to the API server's IP range. This allows the application server to initiate connections to the API server on the specified port. By restricting the rule to the necessary protocol and destination, you ensure that the communication is secure and only allows traffic to the required destination.
24. A development team is building a microservices architecture using Kubernetes on AWS. They require a service that can automatically scale the number of Kubernetes worker nodes based on demand to ensure optimal performance and cost efficiency. Which AWS service provides this capability?
While Amazon EKS manages the Kubernetes control plane, scaling the worker nodes is handled by Amazon EC2 Auto Scaling. This service automatically adjusts the number of EC2 instances in a specified Auto Scaling group, ensuring optimal performance and cost efficiency based on demand.
25. A large e-commerce company operates several microservices in its AWS environment, each requiring sensitive credentials for database access. The company is seeking a centralized solution to manage and rotate these credentials securely. Which AWS service is most suitable for this requirement?
AWS Secrets Manager is designed for securely storing and rotating sensitive information, such as database credentials for microservices. It provides a centralized and automated solution for managing secrets, enhancing security by regularly rotating credentials without manual intervention.
26. A gaming company hosts its critical game server data on Amazon EC2 instances and requires a reliable backup solution with minimal downtime. They want a service that can perform application-consistent backups and allow them to quickly restore the game server state in case of any issues. Which AWS service meets the gaming company's backup and restore needs?
While AWS Backup is a comprehensive backup service, for Amazon EC2 instances, the most suitable option for application-consistent backups with minimal downtime is using Amazon EBS Snapshots. Snapshots allow the gaming company to capture the state of the game servers and restore them efficiently when necessary.
27. A multinational e-commerce company is looking to improve the availability and performance of its online shopping platform for customers across the globe. They want a solution that automatically directs traffic to the best-performing AWS endpoint. Which AWS service is best suited for this scenario?
AWS Global Accelerator improves the availability and performance of applications by using static IP addresses (Anycast) and automatically directing traffic to the optimal AWS endpoint based on health, geography, and routing policies. This ensures a seamless and responsive online shopping experience for the multinational e-commerce company's global customer base.
28. A development team is building a web application that requires a scalable and globally distributed content delivery network (CDN) for delivering static assets with low latency. They want a service that seamlessly integrates with their application without complex configuration. Which AWS service is suitable for this scenario?
AWS Amplify seamlessly integrates with a global content delivery network (CDN) for delivering static assets with low latency. It simplifies the process of setting up and managing a scalable CDN for web applications, making it suitable for scenarios where a CDN is required for delivering static assets.
29. A media streaming company is using AWS to deliver content securely to its users. The company wants to protect its streaming platform from man-in-the-middle attacks and ensure that its users' data is transmitted over secure channels. Which ACM feature can help the company achieve this security objective by automatically managing SSL/TLS certificates for its streaming domain?
ACM Managed Domains is the feature that allows automatic management of SSL/TLS certificates for a domain. By using this feature, the media streaming company can ensure that its streaming platform is protected from man-in-the-middle attacks, and user data is transmitted securely over encrypted channels.
30. A cloud engineer is involved in the continuous integration and continuous deployment (CI/CD) pipeline for a web application. The engineer needs a method to automate the provisioning of AWS resources as part of the deployment process. Which approach aligns with the principles of CI/CD and automation?
In a CI/CD pipeline, Infrastructure as Code (IaC) is a fundamental practice for automating the provisioning of resources. It ensures that the infrastructure is defined and managed as code, allowing for consistent and automated deployments in a CI/CD environment.
31. A company is considering different AWS pricing models for its upcoming project. The project's workload is expected to have variable usage patterns, and the company wants to optimize costs based on its usage. Which pricing model allows the company to pay for the compute capacity it consumes without the need to commit to a specific duration?
On-Demand Instances allow users to pay for compute capacity by the hour or second with no long-term commitments. This pricing model is suitable for workloads with variable usage patterns. While Reserved Instances, Spot Instances, and Savings Plans offer cost savings, On-Demand Instances provide the flexibility to pay for compute capacity as needed without commitments.
32. A company has a predictable baseline workload but occasionally experiences increased demand during specific hours of the day. They want to ensure cost savings while maintaining performance during peak hours. Considering the company's requirements, which AWS pricing model is most appropriate for optimizing costs during baseline workload and handling peak hours efficiently?
Savings Plans offer a balanced approach between cost savings and performance flexibility. With Savings Plans, the company can achieve significant cost savings during baseline workload hours, while also having the flexibility to handle increased demand during peak hours. This makes Savings Plans a suitable choice for optimizing costs and ensuring performance for a workload with both predictable and variable elements.
33. An organization is looking to streamline its operational processes in AWS. The team is debating whether to focus on automation or implementing rigorous change control processes. Which design principle from the Well-Architected Framework should the organization consider to achieve operational excellence?
The operational excellence pillar of the Well-Architected Framework focuses on optimizing operational processes. In this scenario, the organization should consider the operational excellence pillar to achieve streamlined processes. This involves a combination of automation to reduce manual effort and implementing change control processes to maintain stability.
34. A security analyst needs to perform security audits and checks on various AWS resources to ensure compliance with security policies. The analyst requires a secure and controlled environment for executing AWS CLI commands and scripts related to security assessments. Which AWS service offers a fully managed, browser-based shell environment that supports AWS CLI and provides a secure execution environment for security-related tasks?
AWS CloudShell is a fully managed, browser-based shell environment that supports AWS CLI. It provides a secure execution environment for AWS CLI commands and scripts, making it suitable for security analysts to perform security audits and checks on AWS resources while ensuring compliance with security policies.
35. A startup is launching a new mobile application, and they want to ensure that users can connect securely to the application servers using a custom domain. Which type of record in Amazon Route 53 should be configured to associate the custom domain with the Elastic Load Balancer (ELB) serving the mobile application?
An Alias Record in Amazon Route 53 allows the association of a custom domain with AWS resources like Elastic Load Balancers (ELBs). By configuring an Alias Record for the custom domain pointing to the ELB, the startup ensures a secure and reliable connection for users accessing the mobile application.
36. A financial services company is experiencing unpredictable spikes in demand for its online trading platform, especially during market opening hours. To handle these fluctuations efficiently, which AWS service should the company leverage for automatically scaling its compute resources based on demand?
AWS Auto Scaling enables automatic adjustment of the number of Amazon EC2 instances or other resources in a group. It is well-suited for scenarios with varying workloads, such as the unpredictable spikes in demand experienced by the financial services company. While EC2, Lambda, and ECS are all compute services, AWS Auto Scaling specifically addresses the requirement of dynamically adjusting resources based on demand.
37. A developer is facing challenges in integrating different AWS services within an application. The developer needs practical examples and code snippets. Which resource is the most suitable for finding real-world examples and sample code for AWS service integration?
The AWS Documentation provides practical examples and code snippets for integrating AWS services within applications. It offers detailed guidance and reference material to help developers effectively use AWS services in their projects.
38. A company is planning to migrate its on-premises applications to AWS to take advantage of the cloud's scalability and flexibility. The IT team wants to simplify the migration process and ensure best practices are followed for setting up the AWS resources. Which AWS service can assist in automating the migration process, providing guidance on resource configuration, and ensuring a smooth transition?
AWS Launch Wizard simplifies the migration process by automating the setup of AWS resources for applications. It provides guidance on configuring resources based on best practices, ensuring a smooth and efficient migration experience.
39. A software development team is adopting a DevOps approach and aims to streamline the software delivery process, allowing for rapid and frequent releases. Which AWS benefit aligns with the goal of achieving faster software deployment?
Agility in AWS supports the rapid development and deployment of applications, making it well-suited for a DevOps environment. It emphasizes the speed and flexibility in software delivery, enabling teams to adapt quickly to changing requirements and release software at a faster pace.
40. A company is planning to migrate its large-scale database to AWS and wants to ensure minimal downtime during the migration. Which migration strategy would be most appropriate for achieving near-zero downtime while maintaining data consistency?
Database replication involves creating and maintaining a copy of the database in real-time. This strategy allows for minimal downtime during migration, as the production database remains accessible while changes are replicated to the cloud. It ensures data consistency and is suitable for scenarios where near-zero downtime is crucial.
41. An organization has grown through mergers and acquisitions, resulting in a diverse set of AWS accounts. They want to streamline the management of these accounts and ensure a consistent organizational structure. Which AWS service is most suitable for organizing and structuring these accounts efficiently?
AWS Organizations is designed to help organizations create a unified and hierarchical structure for managing multiple AWS accounts. It is the most suitable service for organizing and structuring AWS accounts efficiently, especially in scenarios involving mergers and acquisitions.
42. A healthcare organization needs a secure and compliant way to exchange medical research data with external research institutions. The organization wants to ensure that data sharing follows industry regulations and is encrypted in transit and at rest. According to AWS best practices, which service provides a secure and compliant solution for exchanging sensitive data with external partners?
AWS Data Exchange provides a secure and compliant solution for exchanging data with external partners. It allows organizations to share datasets with encryption in transit and at rest, ensuring compliance with industry regulations. While S3, Lambda, and DataSync have their use cases, Data Exchange specifically addresses the healthcare organization's need for a secure and compliant way to exchange sensitive research data with external research institutions.
43. A financial institution is using Amazon EventBridge to build a real-time fraud detection system. The institution wants to respond swiftly to potentially fraudulent transactions by triggering automated workflows. According to AWS best practices, which component of Amazon EventBridge enables the institution to define and execute these automated workflows in response to specific events?
Creating Rules in Amazon EventBridge allows the financial institution to define conditions and trigger automated workflows in response to specific events, such as potential fraudulent transactions. Rules provide the flexibility to customize the system's response based on event characteristics. While Event Replay, Event Filters, and Event Bus are important components, Rules specifically address the institution's need for defining automated workflows.
44. A smart home company is using AWS IoT Core to connect and manage a variety of IoT devices, including thermostats, cameras, and door locks. They want to ensure that only authorized devices can communicate with AWS IoT Core. Which AWS IoT Core feature should they implement to achieve secure device authentication and authorization?
To achieve secure device authentication and authorization, the smart home company should implement X.509 Certificates in AWS IoT Core. X.509 Certificates provide a mechanism for devices to authenticate themselves to AWS IoT Core using digital certificates, ensuring that only authorized devices can communicate with the IoT Core service.
45. A startup is looking for cost-effective AWS support that includes access to trusted advisors, guidance on best practices, and assistance with architectural questions. Which AWS support plan is most suitable for this scenario?
AWS Business Support includes access to trusted advisors, assistance with architectural questions, and guidance on best practices. It is suitable for organizations that need more than basic support but may not require the comprehensive features of Enterprise Support.
46. A healthcare organization needs a HIPAA-compliant database solution for storing sensitive patient information. The solution should provide encryption at rest and in transit, as well as audit logging for compliance purposes. Which AWS service meets these security and compliance requirements?
Amazon RDS (Relational Database Service) provides a HIPAA-compliant database solution with encryption at rest and in transit. It also offers audit logging capabilities, ensuring the security and compliance of sensitive patient information for the healthcare organization.
47. A healthcare organization is concerned about securing sensitive data in transit between AWS services and wants to implement encryption. Which AWS documentation should they consult for guidance on implementing encryption for data in transit?
The AWS Encryption SDK Documentation provides detailed guidance on implementing encryption for data in transit and at rest. In this scenario, the healthcare organization should refer to the Encryption SDK Documentation for information on securing sensitive data during transit. The other options focus on network connectivity (Direct Connect Documentation), key management (KMS Documentation), and hardware security modules (CloudHSM Documentation).
48. A manufacturing company is looking to archive historical data to AWS using AWS Storage Gateway. The company needs to store large amounts of data cost-effectively and plans to use Amazon S3 Glacier for long-term archival. Which type of AWS Storage Gateway deployment is recommended for this archival use case?
For long-term archival to Amazon S3 Glacier, the Gateway-VTL deployment type is recommended. It allows the company to use the Gateway-VTL to archive data to virtual tapes, which can then be stored in Amazon S3 Glacier for cost-effective archival.
49. A development team is working on optimizing the performance of a serverless application running on AWS Lambda. They want to identify bottlenecks, latency issues, and dependencies between different Lambda functions. Which AWS service can provide detailed information about the execution of each Lambda function, including the time spent on processing, waiting, and external service calls?
In the context of optimizing the performance of a serverless application, AWS X-Ray becomes a crucial tool for gaining granular insights into the execution of AWS Lambda functions. AWS X-Ray provides a detailed breakdown of the time spent on various aspects of function execution, including processing, waiting, and interactions with external services.
50. A company has recently migrated its critical workloads to AWS, and the IT team is responsible for securing the data stored in Amazon S3. The team is determining the security responsibilities between AWS and the customer based on the AWS shared responsibility model. In this scenario, which aspect of securing the data in Amazon S3 is the responsibility of the customer?
In the AWS shared responsibility model, the customer is responsible for the configuration and security of their data stored in AWS services. This includes setting up proper access controls, encryption settings, and other configurations within the S3 bucket. While physical security, patching, and encryption of data in transit are important aspects, the configuration and security of the S3 bucket specifically fall under the customer's responsibility.
51. A company is designing a multi-tier application on AWS and wants to ensure that each tier is isolated and has its own set of security groups. Which AWS service allows the creation of isolated sections of the AWS Cloud, including their own network configuration?
Amazon Virtual Private Cloud (VPC) allows users to create isolated sections of the AWS Cloud with their own network configuration. Each tier of the application can have its own security groups, ensuring isolation and security.
52. A company is experiencing technical issues with their AWS infrastructure and needs immediate assistance. They are looking for a service that offers 24/7 access to Cloud Support Engineers for urgent problem resolution. Which AWS service can provide the required round-the-clock technical support?
AWS Support provides 24/7 access to Cloud Support Engineers, offering technical assistance and guidance to address urgent issues with AWS infrastructure. It is the go-to service for organizations requiring round-the-clock support for immediate problem resolution.
53. A gaming company is developing a multiplayer online game that demands high-performance block storage with low-latency access. Which AWS storage option is most appropriate for storing the game's data?
Amazon EBS (Elastic Block Store) is designed for high-performance block storage with low-latency access. In the context of a gaming company developing a multiplayer online game, where quick access to game data is crucial for a seamless gaming experience, EBS is the suitable choice for storing the game's data.
54. A development team wants to deploy a web application that includes a backend API and a frontend UI. The team desires a fully managed service that can handle the deployment, auto-scaling, and load balancing of both components independently. Which AWS service provides this capability?
AWS Elastic Beanstalk is a fully managed service that supports multiple application components, including backend APIs and frontend UIs. It automatically handles deployment, auto-scaling, and load balancing of the entire application stack. Elastic Beanstalk simplifies the management of complex applications, making it an appropriate choice for deploying web applications with different components.
55. An e-commerce company is developing a product catalog that requires flexible JSON document storage and the ability to scale automatically based on demand. The company wants a serverless solution to minimize operational overhead. Which AWS service is most appropriate for this scenario?
Amazon DynamoDB is a serverless NoSQL database service that supports flexible JSON document storage and scales automatically based on demand. It is well-suited for applications like the e-commerce company's product catalog, providing the required flexibility and scalability without the need for manual intervention.
56. In a dynamic startup environment, the IT team is considering migrating their infrastructure to the AWS Cloud. They are particularly concerned about optimizing costs. Which AWS Cloud benefit would best address their concern?
In this scenario, the startup's concern is optimizing costs, and AWS offers cost savings as a significant benefit through its pay-as-you-go pricing model. Elasticity and agility are essential AWS benefits but may not directly address the cost optimization aspect in this specific context. Reliability is crucial but doesn't specifically target cost concerns.
57. What action will be denied by the S3 bucket policy below?
{
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
},
"NotIpAddress": {
"aws:SourceIp": "203.0.113.128/32"
}
"Effect": "Deny",
"Action": "s3:*",
"Bool": {
"aws:SecureTransport": "false"
]
According to the second statement, any S3 action will be denied if the request is not made over a secure transport (HTTPS).
58. An organization is preparing for a compliance audit and wants to ensure that its AWS environment adheres to best practices and industry standards. Which AWS service can provide proactive security recommendations based on the organization's usage patterns?
AWS Trusted Advisor provides proactive security recommendations based on an organization's usage patterns. It helps ensure adherence to best practices and industry standards. In this scenario, using AWS Trusted Advisor will assist the organization in preparing for the compliance audit by identifying and addressing potential security issues.
59. A media production company is working on a documentary that involves analyzing historical footage to identify key personalities and events. The company needs a solution that can automatically tag and categorize scenes based on the individuals and activities captured in the video. Which AWS service is most appropriate for this documentary project?
For automatically tagging and categorizing scenes in historical footage based on individuals and activities, the most suitable AWS service is Amazon Rekognition. It can analyze video content, identify faces, and recognize activities, allowing the media production company to efficiently organize and categorize the documentary footage.
60. After launching an EC2 instance using the script below, you realize that the instance is not accessible over SSH. What step might you have missed in the script?
To allow SSH traffic to the EC2 instance, you need to specify a security group that allows inbound SSH traffic. The security group acts as a virtual firewall and controls the traffic to your instance.
61. In the S3 bucket policy below, what is the purpose of the "IpAddress" condition in the first statement?
"IpAddress"
The "IpAddress" condition in the first statement ensures that requests are allowed only from the specified IP range (203.0.113.0/24).
62. A Cloud Practitioner encounters an issue where their AWS resources are being misused, leading to potential security risks. What is the recommended step to address this situation?
The AWS Trust and Safety team is responsible for handling abuse reports, including instances of misuse and potential security risks. Reporting to this team ensures proper investigation and resolution.
63. A gaming company aims to reduce lag and enhance the gaming experience for users by delivering game updates with minimal latency. Which AWS service can help achieve this goal by caching and delivering updates from edge locations?
Amazon CloudFront's content delivery network (CDN) capabilities can be utilized to cache and deliver game updates with minimal latency from edge locations, enhancing the gaming experience for users.
64. A startup uses Amazon S3 to store and share project documents. According to the shared responsibility model, what security aspect is shared between the customer and AWS?
Configuring access controls for S3 buckets is a shared responsibility. The customer defines and manages permissions for their S3 buckets, while AWS ensures the physical security of the S3 data centers.
65. You want to allow IAM users to change their own passwords but only for their own accounts. What modification should be made to the IAM policy?
By changing "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" to "Resource": "*" in the fourth statement, it allows users to change their own passwords for any IAM user in the account.
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
"Resource": "*"
Your score is
Restart Exam
