Sorry, you are out of time.
AWS CCP (CLF-C02) Practice Exam 3
Take your exam preparation to the next level with fully simulated online practice tests designed to replicate the real exam experience. These exams feature realistic questions, timed conditions, and detailed explanations to help you assess your knowledge, identify weak areas, and build confidence before test day.
1. A project manager wants to understand the architectural considerations and best practices for running applications on AWS. Which resource provides high-level architectural guidance, including reference architectures, best practices, and design patterns?
AWS Whitepapers provide high-level architectural guidance, including reference architectures, best practices, and design patterns. They are comprehensive documents that offer valuable insights into architectural considerations on AWS.
2. An enterprise has subsidiaries operating in different regions, each with its own AWS account. The finance team wants to have a consolidated view of costs across all subsidiaries. Which AWS service enables the organization to achieve this consolidated billing view?
AWS Consolidated Billing, a feature within AWS Organizations, allows organizations to consolidate payment for multiple AWS accounts. This provides a unified view of costs across all accounts, making it easier for the finance team to manage and analyze spending.
3. A multinational corporation has multiple business units, each with its own AWS account. The CFO wants to have a consolidated view of costs across all business units for better financial planning. Which AWS feature provides a solution for achieving consolidated billing and cost allocation in this scenario?
AWS Organizations enables consolidated billing, allowing the multinational corporation to link all the AWS accounts for the different business units. With consolidated billing, the CFO can get a unified view of costs and allocate them to specific business units for accurate financial planning.
4. A financial institution is required to maintain compliance by regularly backing up sensitive data stored in their Amazon EBS volumes. They need a solution that automates backup processes, ensures data integrity, and provides easy restoration options. Which AWS service aligns with the institution's compliance and backup requirements?
AWS Backup is designed to automate and centralize backup processes for various AWS resources, including Amazon EBS volumes. It ensures compliance by providing a unified backup solution, allowing the financial institution to meet regulatory requirements and easily restore data when needed.
5. A startup is developing a real-time analytics platform and requires shared file storage for its containerized microservices. The startup wants a scalable solution that allows multiple containers to access shared data. Which AWS storage option aligns with these requirements?
Amazon EFS (Elastic File System) is designed for scalable and shared file storage. In the context of a startup developing a containerized microservices platform, EFS provides the required scalability and shared access to data. It's suitable for scenarios where multiple containers need shared storage.
6. A company is using Amazon EC2 instances for its production environment. To enhance security, the administrator wants to restrict access to the EC2 instances based on job roles. Which IAM feature should be leveraged to achieve this objective while following the principle of least privilege?
IAM roles are suitable for granting temporary permissions to users, applications, or services based on their job roles. This approach adheres to the principle of least privilege by providing only the necessary permissions for the duration needed.
7. In a multinational corporation spanning multiple continents, the IT team is planning to deploy a web application with high availability. They want to ensure that the application can withstand regional failures. Which AWS service should they leverage to achieve this goal?
AWS Global Accelerator is designed to provide static IP addresses that act as a fixed entry point to your application, distributing traffic across multiple AWS Regions. This ensures high availability and fault tolerance, making it suitable for scenarios where regional failures need to be mitigated.
8. You want to allow only specific IP addresses (192.168.2.0/24) to connect to an EC2 instance via SSH. Which modification should be made to the security group rules?
192.168.2.0/24
Update Rule 1 to allow SSH from the specific IP range 192.168.2.0/24. By modifying Rule 1, you can ensure that only the specified IP addresses are allowed to connect via SSH. This is a more precise approach than adding a new rule or modifying other rules, as it directly aligns with the requirement to restrict SSH access to the specified IP range.
9. What action will be denied by the S3 bucket policy below?
{
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
},
"NotIpAddress": {
"aws:SourceIp": "203.0.113.128/32"
}
"Effect": "Deny",
"Action": "s3:*",
"Bool": {
"aws:SecureTransport": "false"
]
According to the second statement, any S3 action will be denied if the request is not made over a secure transport (HTTPS).
10. A healthcare organization must adhere to strict regulatory requirements regarding data storage. Which AWS service can assist in ensuring that data stored in the cloud complies with these regulations?
To ensure compliance with regulatory requirements, the healthcare organization should utilize AWS Artifact. It provides access to AWS compliance reports, simplifying the process of demonstrating compliance with various regulations.
11. An organization is focusing on building a skilled and knowledgeable workforce to support its AWS Cloud adoption journey. Which perspective within the AWS Cloud Adoption Framework (AWS CAF) would be most relevant for developing the necessary skills and capabilities among its employees?
The People Perspective within the AWS CAF is dedicated to developing the skills and capabilities of the workforce. It provides guidance on training, organizational change management, and talent development. Organizations can leverage the People Perspective to ensure that their employees have the necessary skills to support a successful AWS Cloud adoption journey.
12. A company is planning to deploy containerized applications using Kubernetes on AWS. They want a fully managed Kubernetes service that will simplify the deployment, management, and scaling of containerized applications. Which AWS service is the most suitable for their requirements?
Amazon EKS is a fully managed Kubernetes service that simplifies the deployment, management, and scaling of containerized applications using Kubernetes. It provides a scalable and highly available Kubernetes control plane, making it an ideal choice for the company's requirements.
13. An organization is seeking ways to optimize its AWS costs and improve resource utilization. The finance team wants to identify and terminate any underutilized or idle resources to eliminate unnecessary expenses. Which AWS service can assist the organization in achieving cost optimization by providing recommendations on resource right-sizing and identifying opportunities to save costs?
AWS Trusted Advisor offers cost optimization recommendations, including guidance on resource right-sizing and identifying opportunities to save costs. It helps organizations improve resource utilization and reduce unnecessary expenses.
14. A multinational corporation with a diverse AWS architecture requires personalized guidance for optimizing resources and enhancing overall performance. Additionally, they want access to the AWS Well-Architected Tool for a comprehensive review. Which AWS Support plan is tailored to meet these advanced requirements?
Enterprise Support offers personalized guidance for optimizing resources and includes access to the AWS Well-Architected Tool. It is designed for organizations with complex architectures and advanced support needs.
15. An organization wants to enforce governance and compliance policies for AWS resources used by different teams. Which feature of AWS Service Catalog can help achieve this objective?
Constraints in AWS Service Catalog allow organizations to enforce governance and compliance policies. By defining constraints, such as limiting instance types or disallowing specific configurations, teams using the service catalog must adhere to these policies when provisioning resources.
16. A company is concerned about optimizing costs and improving security in its AWS environment. The IT team wants to identify and address security vulnerabilities and misconfigurations. Which AWS service should they leverage for automated checks and recommendations regarding security best practices?
AWS Trusted Advisor is a service that provides automated checks and recommendations across various categories, including security. It helps identify security vulnerabilities, misconfigurations, and areas for improvement. In this scenario, leveraging AWS Trusted Advisor will assist the company in optimizing costs and enhancing security by addressing identified issues.
17. A company wants to provide secure access to its Amazon S3 buckets for users outside its AWS account. What is the recommended and secure way to grant this access?
Pre-signed URLs with temporary credentials allow controlled and time-limited access to specific S3 resources. This method ensures secure access without sharing permanent credentials and is suitable for scenarios where external users need temporary access to S3 resources.
18. A large e-commerce company is planning a complex migration of its on-premises infrastructure to AWS. The company wants to have a centralized view of the migration progress, including the status of each application. Which AWS Migration Hub feature can provide real-time tracking and visibility into the migration progress for multiple applications?
The correct answer is Progress Dashboard. AWS Migration Hub offers a Progress Dashboard that provides a centralized and real-time view of the migration progress for multiple applications. This feature allows the e-commerce company to track and monitor the status of each application during the migration.
19. A gaming company is exploring options to enhance the security of its AWS environment and wants to understand the principles of least privilege and how to implement them effectively. Which AWS documentation should they refer to for guidance on implementing the principle of least privilege?
The AWS IAM User Guide provides detailed information on IAM principles, including the principle of least privilege. It offers guidance on configuring policies to grant the minimum required permissions to users and entities. In this scenario, the gaming company should refer to the IAM User Guide for effective implementation of least privilege. The other options focus on configuration management (Config Documentation), best practices (Trusted Advisor Documentation), and organizational structure (Organizations Documentation).
20. A development team is working on a short-term project with varying compute requirements. They aim to minimize costs while ensuring sufficient resources are available when needed. Considering the nature of the short-term project, which AWS pricing model provides flexibility and cost optimization for the development team?
Savings Plans offer flexibility and cost savings for short-term projects with varying compute requirements. Unlike Reserved Instances, Savings Plans provide significant savings with the flexibility to change instance types, operating systems, and regions. This makes Savings Plans a suitable choice for the development team looking to minimize costs while ensuring sufficient resources for their short-term project.
21. A company is negotiating a custom pricing agreement with an AWS Marketplace seller for specific software products. Which AWS Marketplace service enables the seller to create and offer a tailored pricing agreement to the company?
AWS Marketplace Seller Private Offers allow sellers to create custom pricing agreements and offer them directly to specific customers. This service is valuable for negotiating tailored pricing agreements with AWS Marketplace sellers.
22. An organization is running a global application with multiple endpoints in different AWS regions. They want to ensure that if one endpoint becomes unavailable, Route 53 automatically redirects traffic to the next healthy endpoint. Which feature of Amazon Route 53 provides this automated failover capability?
Health Checks in Amazon Route 53 enable automated failover by regularly monitoring the health of endpoints. If an endpoint becomes unhealthy, Route 53 automatically redirects traffic to the next healthy endpoint, ensuring continuous availability of the application.
23. A social media platform is experiencing rapid growth and needs a highly scalable NoSQL database to handle user profiles, posts, and comments. The platform also requires low-latency access to user data. Which AWS service is the most suitable for this scenario?
Amazon DynamoDB is a fully managed NoSQL database service designed for seamless scalability and low-latency access to data. It is suitable for applications with rapidly growing datasets, making it the optimal choice for the social media platform's need to handle user profiles, posts, and comments.
24. A financial institution is developing a mobile banking application that requires secure communication between the mobile app and backend servers. The institution wants to ensure that the communication is encrypted and that the SSL/TLS certificates used are regularly renewed to maintain security. Which ACM feature can help the institution automate the renewal of SSL/TLS certificates?
ACM Certificate Rotation is the feature that allows automatic renewal of SSL/TLS certificates. This ensures that the financial institution's mobile banking application maintains secure communication by regularly updating and renewing the certificates used for encryption.
25. A company is developing a web application that requires storing and serving user-uploaded images, ensuring low latency and high availability. Which AWS storage service is best suited for this use case?
Amazon S3 Standard is designed for scalable and high-performance object storage, making it suitable for storing and serving user-uploaded images with low latency and high availability.
26. A large enterprise with multiple AWS accounts wants to centralize its billing and cost management. The enterprise aims to consolidate billing information across accounts to simplify financial reporting and analysis. Which AWS service is most suitable for achieving centralized billing and cost management?
AWS Organizations is the service designed for centralizing billing and cost management across multiple AWS accounts. It allows the enterprise to consolidate billing information for simplified financial reporting and analysis. While AWS Cost Explorer and AWS Budgets provide insights into spending, AWS Organizations specifically addresses the need for centralized management of billing across accounts. AWS Billing Conductor is not a valid AWS service.
27. A multinational corporation operates in the finance and manufacturing sectors, each with unique compliance considerations. The corporation is looking for a comprehensive source to understand and address compliance needs across its diverse business units. Which AWS service can provide the corporation with centralized access to industry-specific compliance information?
For centralized access to industry-specific compliance information, the multinational corporation should utilize AWS Artifact. It offers a consolidated platform for accessing compliance reports and documentation, allowing the corporation to address the unique compliance needs of both the finance and manufacturing sectors.
28. An organization is planning to deploy a web application that requires low-latency access to data stored in Amazon S3. Which AWS service can help achieve this by caching frequently accessed content at edge locations around the world?
Amazon CloudFront is a content delivery network (CDN) service that caches content at edge locations globally. By caching frequently accessed content closer to the end-users, it reduces latency and provides low-latency access to data stored in Amazon S3.
29. An e-commerce company wants to personalize the shopping experience for users by delivering product images quickly based on their geographic locations. Which AWS service can assist in achieving this goal by leveraging edge locations?
Amazon CloudFront can cache and deliver content, such as product images, from edge locations. This enables the e-commerce company to personalize the shopping experience by delivering images quickly to users based on their geographic locations.
30. A company is planning to migrate its existing workload to AWS and wants to estimate the cost of running its application in the cloud. The application consists of multiple Amazon EC2 instances, an Amazon RDS database, and uses Amazon S3 for storage. Which AWS tool can the company use to get a detailed cost estimate based on its specific resource requirements?
The AWS Pricing Calculator allows users to estimate the cost of using AWS services based on specific resource configurations. Users can input details such as the number of EC2 instances, database type, storage usage, etc., to get a detailed cost estimate. While AWS Budgets, Cost Explorer, and Simple Monthly Calculator are also cost management tools, the Pricing Calculator is specifically designed for detailed, scenario-based cost estimation.
31. You have executed the script below to create an S3 bucket named my-s3-bucket. What additional configuration is required to make the bucket publicly accessible?
my-s3-bucket
s3api create-bucket --bucket my-s3-bucket --region us-east-1
s3 cp ./local-file.txt s3://my-s3-bucket/
iam create-user --user-name my-iam-user
iam attach-user-policy --user-name my-iam-user --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name my-key-pair
To make the bucket publicly accessible, you need to add a bucket policy allowing s3:GetObject for all users. While setting ACL or enabling public access settings can make the bucket public, they may not provide the specific access needed for the scenario.
s3:GetObject
32. A large e-commerce company with a global presence is migrating its on-premises infrastructure to AWS. The company needs to ensure that different teams have granular permissions to manage resources within their respective departments. What AWS IAM feature can help achieve this requirement?
IAM Groups allow you to organize IAM users and apply permissions to them collectively. By creating IAM Groups for each department and assigning the necessary policies to those groups, you can efficiently manage permissions for different teams. This ensures that teams have the appropriate access levels within their designated areas.
33. A Cloud Practitioner is tasked with optimizing costs in their AWS environment and is looking for real-world scenarios and best practices for cost-effective architecture. Which AWS resource can provide practical, professional, and scenario-based insights to help the practitioner optimize costs effectively?
The AWS Well-Architected Framework provides best practices for designing and operating reliable, secure, efficient, and cost-effective systems. It includes real-world scenarios and practical guidance to help Cloud Practitioners optimize costs effectively. While the Pricing Calculator, Knowledge Center, and Trusted Advisor are valuable, the Well-Architected Framework specifically addresses the practitioner's need for cost optimization best practices.
34. A company wants to enhance the security posture of its AWS accounts by identifying and remediating security vulnerabilities and misconfigurations. The company needs a tool that can automatically assess the security of AWS resources and provide guidance on remediation. Which AWS service is designed to automatically perform security assessments and offer actionable remediation recommendations?
AWS Inspector is a service that automatically assesses the security of AWS resources, identifies vulnerabilities, and provides actionable remediation recommendations. It helps organizations enhance their security posture by continuously monitoring and assessing the security of AWS environments. While Security Center, Config, and CloudTrail serve other security purposes, Inspector specifically addresses the company's need for automated security assessments and remediation guidance.
35. You have created an IAM user named my-iam-user and attached the AmazonS3FullAccess policy. However, the user should only be allowed to delete objects within a specific S3 bucket. What modification should be made to the IAM policy?
my-iam-user
AmazonS3FullAccess
To restrict the user to delete objects only in a specific bucket, you need to create a bucket policy for my-s3-bucket allowing s3:DeleteObject for the IAM user (Option C). This is the most targeted approach as it allows you to grant specific permissions (s3:DeleteObject in this case) for a particular user (my-iam-user) within the designated S3 bucket (my-s3-bucket). This keeps the IAM policy clean and minimizes the attack surface. Attaching a custom policy with "Action": "s3:DeleteObject" to the user (Option A) would only allow deletion but the user would still have full access through the inherited AmazonS3FullAccess policy. Updating the existing policy by adding "Resource": "arn:aws:s3:::my-s3-bucket/*" to each S3 action (Option B) would be extremely tedious and would still grant unnecessary permissions beyond deletion within the bucket. Attaching the AmazonS3ReadOnlyAccess policy and creating a new policy allowing s3:DeleteObject for the user certainly restricts access more than Option A, yet it's unnecessary to attach the read-only policy first.
36. An organization is running a machine learning workload on Amazon SageMaker instances and is concerned about costs. They want to ensure that the instance types are suitable for the ML models. Which AWS feature allows them to easily adjust the instance type for SageMaker instances?
SageMaker Model Tuning allows organizations to automatically find the best combination of hyperparameters and the most suitable instance types for their machine learning models. This helps in rightsizing SageMaker instances for optimal performance and cost efficiency.
37. A company wants to ensure that they have access to AWS experts 24/7 for immediate assistance with critical issues affecting their production environment. Which AWS service provides round-the-clock access to Cloud Support Engineers and is designed for urgent and business-critical situations?
AWS Enterprise Support offers 24/7 access to Cloud Support Engineers, providing immediate assistance for urgent and business-critical issues. It is the most comprehensive support plan suitable for organizations with production environments that require continuous expert support.
38. You have an EC2 instance in a private subnet of a VPC, and you want to allow outbound internet access for software updates. Which modification should be made to the security group rules?
Add an outbound rule allowing TCP/80 and TCP/443 to 0.0.0.0/0. This is because outbound internet access typically requires allowing traffic to destinations outside the VPC. By specifying 0.0.0.0/0 as the destination IP range, you allow the EC2 instance to communicate with any server on the internet over HTTP (TCP/80) and HTTPS (TCP/443), which is commonly used for software updates.
39. In a scenario where a company requires high-performance computing for complex simulations, which AWS compute service is most suitable?
For high-performance computing tasks, such as complex simulations, Amazon EC2 is the most suitable AWS compute service. EC2 provides scalable compute capacity in the cloud, allowing users to launch virtual servers with different configurations to meet specific performance requirements.
40. A healthcare organization is running Amazon EC2 instances hosting critical patient data. The organization needs a backup solution that supports the creation of automated, scheduled backups with lifecycle policies to manage the retention of backups. Which AWS service provides this functionality?
AWS Backup supports the creation of automated, scheduled backups for various AWS resources, including Amazon EC2 instances. It allows organizations to define lifecycle policies to manage the retention of backups, providing a comprehensive backup solution for critical data.
41. A company is planning to migrate its workloads to AWS and is concerned about ensuring high availability. The team is debating whether to focus on multi-AZ deployment or backup and restore mechanisms. Which design principle from the Well-Architected Framework should the team consider to address high availability concerns?
The reliability pillar of the Well-Architected Framework emphasizes the importance of ensuring a workload performs its intended function without disruption. In this scenario, the team should consider the reliability pillar to address high availability concerns. This involves both multi-AZ deployment for redundancy and backup and restore mechanisms for data recovery.
42. A company has recently deployed a microservices-based application on AWS, and they want to gain insights into the performance and dependencies of individual services. Which AWS service is specifically designed for distributed tracing and can help the company analyze and troubleshoot performance issues in their microservices architecture?
AWS X-Ray is an advanced service designed for distributed tracing in microservices architectures. It enables developers to gain comprehensive insights into the interactions and dependencies between individual services within a complex system. In the context of the company's microservices-based application, AWS X-Ray allows for the tracing of requests as they traverse various services, providing a detailed map of the entire transaction flow.
43. A development team is working on a project that requires the installation of specific software tools and libraries to facilitate the coding process. The team members want an environment where they can install and customize the necessary tools for their development work. Which AWS service provides a pre-configured, browser-based shell environment with persistent storage, allowing developers to install and customize software tools as needed?
AWS CloudShell provides a pre-configured, browser-based shell environment with persistent storage. Developers can install and customize software tools in their individual environments, ensuring a tailored development experience. This flexibility makes it an ideal choice for development teams requiring customized tooling.
44. A new IAM user has been created, and you want to ensure that this user can only start and stop EC2 instances with the tag Environment: Production. What modification should be made to the IAM policy?
Environment: Production
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::example-bucket", "arn:aws:s3:::example-bucket/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production" } } }, { "Effect": "Deny", "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::example-bucket/important-data.txt", "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "false" } } }, { "Effect": "Allow", "Action": "iam:ChangePassword", "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" } ] }
By adding "Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production" } } to the second statement, it ensures the actions are allowed only for instances with the specified tag.
"Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production" } }
45. A multinational e-commerce company is dealing with vast amounts of data stored in different formats across multiple databases. The company needs a solution to perform ad-hoc queries on this diverse data without the need for data movement. Which AWS service is best suited for this scenario?
Amazon Athena is a serverless query service that allows ad-hoc querying of data directly in Amazon S3 using standard SQL. It is ideal for scenarios where diverse data is stored in different formats, and there's a need to perform queries without the complexity of data movement.
46. A media company uses Amazon SNS for real-time notifications in its content delivery pipeline. According to the shared responsibility model, what does the company need to manage?
Configuring access controls for the SNS service is the responsibility of the customer. This includes defining and managing permissions to ensure secure and controlled access to SNS topics within the AWS environment.
47. A social media platform is experiencing rapid growth and needs a database solution that can handle unpredictable spikes in user activity. The platform requires a serverless option that automatically scales based on demand. Which AWS service is the most appropriate for this scenario?
Amazon DynamoDB supports serverless computing, automatically scaling based on demand. It can handle unpredictable spikes in user activity and is well-suited for applications with varying workloads. This makes it an ideal choice for the social media platform's scalability requirements.
48. A media streaming company is looking for a cost-effective solution to store and analyze large volumes of unstructured data, such as videos, images, and audio files. The solution should allow for easy integration with other AWS services. Which AWS service is the most appropriate for this use case?
Amazon S3 (Simple Storage Service) is a cost-effective object storage service designed for storing and retrieving large amounts of unstructured data. It allows easy integration with other AWS services, making it suitable for the media streaming company's storage and analysis needs.
49. An organization is running a data analytics workload in the cloud, and the compute requirements vary significantly throughout the day. To optimize costs, which pricing model allows them to pay for compute capacity only when needed, with no upfront commitments?
On-Demand Instances are suitable for variable workloads, allowing organizations to pay for compute capacity by the hour with no upfront commitments. This pricing model aligns with variable, usage-dependent costs.
50. A multinational e-commerce company is leveraging Amazon EventBridge for its event-driven architecture to process and respond to customer orders in real-time. The company wants to ensure that critical order events are reliably delivered to downstream systems without loss. According to AWS best practices, which feature of Amazon EventBridge provides the necessary reliability for event delivery?
Configuring a Dead Letter Queue in Amazon EventBridge ensures the reliable delivery of critical order events. If an event encounters issues during processing, it is moved to the Dead Letter Queue, allowing the company to investigate and address the problem without losing the event. While Event Replay, Event Filters, and Event Bus are important features, Dead Letter Queue specifically addresses the company's need for reliability in event delivery.
51. A global e-commerce platform is preparing for a major online sale event and wants to ensure uninterrupted service for customers worldwide. Which AWS benefit is crucial to achieve continuous operation during peak demand?
High Availability in AWS ensures that applications are operational with minimal downtime. In the scenario of a major online sale event, high availability is crucial to provide uninterrupted service to customers worldwide, minimizing downtime and ensuring a positive user experience.
52. A development team is implementing continuous testing for their mobile app, and they need a solution that allows them to interact with the app remotely on various devices. Which AWS Device Farm feature provides remote access to physical devices for manual testing and debugging?
Remote Access in AWS Device Farm enables developers to remotely access physical devices for manual testing and debugging. This feature allows the team to interact with the app on different devices, facilitating real-time testing and debugging efforts during the development process.
53. A system administrator is tasked with configuring and managing AWS resources in a scripted and automated manner. The administrator wants to use a command-line interface for these tasks. Which AWS option is designed for command-line interaction?
The AWS Command Line Interface (CLI) provides a command-line interface for interacting with AWS services. It is suitable for administrators and developers who prefer a text-based, scriptable approach to AWS resource management.
54. In the S3 bucket policy below, what is the purpose of the "IpAddress" condition in the first statement?
"IpAddress"
The "IpAddress" condition in the first statement ensures that requests are allowed only from the specified IP range (203.0.113.0/24).
55. You want to modify the S3 bucket policy to allow access from any IP address for reading objects (s3:GetObject) in the bucket, but deny access from a specific IP address (192.168.1.1). Which modification should be made?
192.168.1.1
By adding "NotIpAddress": { "aws:SourceIp": "192.168.1.1" } to the first statement, it allows access from any IP except the specified one.
"NotIpAddress": { "aws:SourceIp": "192.168.1.1" }
56. You have an EC2 instance in a public subnet of a VPC that needs to communicate with a database server in a private subnet. What modification should be made to the sample network ACL rules?
To enable communication from the public subnet to the private subnet's database server, you need to allow inbound traffic on the relevant port. In this case, MySQL typically uses TCP/3306. Therefore, the correct answer is to add an inbound rule allowing TCP/3306 from the private subnet's IP range, which ensures that the database server can receive traffic on the MySQL port from the EC2 instance.
57. In the provided IAM policy, what actions are allowed for the example-bucket in Amazon S3?
example-bucket
The first statement in the policy allows the actions s3:GetObject, s3:PutObject, and s3:ListBucket on the specified S3 bucket (example-bucket).
s3:PutObject
s3:ListBucket
58. A company has established a partnership, and employees from the partner organization need secure access to specific AWS resources in the company's account. What identity management method is suitable for providing controlled access to the partner's employees?
Identity Federation is suitable for providing controlled access to users from partner organizations. It allows external users to use their existing credentials to access specific AWS resources securely.
59. You want to allow IAM users to change their own passwords but only for their own accounts. What modification should be made to the IAM policy?
By changing "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" to "Resource": "*" in the fourth statement, it allows users to change their own passwords for any IAM user in the account.
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
"Resource": "*"
60. After uploading a file to the S3 bucket created with the script below, you want to generate a pre-signed URL for temporary access to the file. Which AWS CLI command should you use?
The aws s3 generate-presigned-url command is used to generate a pre-signed URL, and the correct syntax includes --bucket, --key (or --object), and --expires-in parameters.
aws s3 generate-presigned-url
--bucket
--key
--object
--expires-in
61. A development team is building a Linux-based application that requires users to interact with the application environment remotely. They want a service that provides a secure and responsive way for users to access the Linux environment. Which AWS service is suitable for remote access to Linux-based applications?
Amazon EC2 (Elastic Compute Cloud) provides resizable compute capacity in the cloud and allows users to run virtual machines (VMs), including Linux-based instances. It is suitable for remote access to Linux environments, providing a secure and responsive solution.
62. A development team is building a mobile app that requires real-time data synchronization between the app and the backend. They want a service that automatically handles the synchronization of data changes to ensure a consistent user experience. Which AWS service provides this automatic data synchronization feature?
AWS AppSync includes features for real-time data synchronization between the frontend and backend of a mobile app. It automatically handles the synchronization of data changes, ensuring a consistent user experience across devices.
63. A financial institution is adopting a multi-account strategy to separate environments for compliance reasons. The institution wants to ensure that specific AWS Lambda functions running in one account can be invoked by applications in another account. Which AWS service facilitates the cross-account invocation of Lambda functions while maintaining security?
AWS IAM allows the financial institution to configure cross-account permissions for AWS Lambda functions. By creating IAM roles and policies, the institution can ensure that Lambda functions in one account can be securely invoked by applications in another account, meeting compliance requirements.
64. An e-commerce company is expanding its operations globally and wants to ensure that its AWS infrastructure complies with international data protection laws. Which AWS compliance program should the company focus on to address data protection and privacy requirements on a global scale?
GDPR is a comprehensive data protection regulation applicable in the European Union and beyond. For an e-commerce company expanding globally, compliance with GDPR is critical to ensuring the protection of customer data. While Direct Connect, CloudTrail, and Shield are valuable services, GDPR specifically addresses international data protection laws and privacy requirements.
65. A financial institution is concerned about auditing and compliance in its AWS environment. The IT team wants to track all API requests made on AWS resources, identify the user or service making those requests, and receive real-time alerts for specific activities. Which AWS service is best suited to address this requirement?
AWS CloudTrail is the optimal choice for auditing and compliance in AWS. It records all API requests made on AWS resources, provides details about the user or service making the requests, and allows for real-time alerting on specific activities. This ensures transparency and accountability in the financial institution's AWS environment.
Your score is
Restart Exam
