Sorry, you are out of time.
AWS CCP (CLF-C02) Practice Exam 4
Take your exam preparation to the next level with fully simulated online practice tests designed to replicate the real exam experience. These exams feature realistic questions, timed conditions, and detailed explanations to help you assess your knowledge, identify weak areas, and build confidence before test day.
1. A cloud administrator needs the latest information on AWS service updates, new features, and best practices. Which resource is most suitable for staying informed about the latest developments in the AWS ecosystem?
AWS Blogs are regularly updated with information on service updates, new features, and best practices. They provide a dynamic and current source for staying informed about the latest developments in the AWS ecosystem.
2. What action will be denied by the S3 bucket policy below?
{
"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-bucket-name",
"arn:aws:s3:::your-bucket-name/*"
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
},
"NotIpAddress": {
"aws:SourceIp": "203.0.113.128/32"
}
"Effect": "Deny",
"Action": "s3:*",
"Bool": {
"aws:SecureTransport": "false"
]
According to the second statement, any S3 action will be denied if the request is not made over a secure transport (HTTPS).
3. A cloud administrator needs to perform routine AWS resource management tasks and execute AWS Command Line Interface (AWS CLI) commands. However, the administrator prefers a browser-based environment for better accessibility. Which AWS service provides an in-browser shell experience, allowing the administrator to run AWS CLI commands and manage AWS resources directly from the AWS Management Console?
AWS CloudShell is a browser-based shell provided within the AWS Management Console. It allows administrators to run AWS CLI commands directly from the console, eliminating the need for a local terminal. This enhances accessibility and streamlines routine AWS resource management tasks.
4. A financial institution requires a highly available and durable key-value store for caching frequently accessed data. The solution should be serverless and automatically scale based on demand. Which AWS service best meets these requirements?
Amazon ElastiCache is a fully managed in-memory data store service that provides a highly available and durable key-value store for caching frequently accessed data. It is serverless and automatically scales based on demand, making it suitable for the financial institution's requirements.
5. An e-learning platform wants to create interactive quizzes that can understand and evaluate user responses. Which AWS service, designed for natural language understanding, can be used to build interactive quizzes that can comprehend and assess user input?
Amazon Lex, designed for natural language understanding, is suitable for building interactive quizzes that can comprehend and assess user input. It allows the creation of conversational interfaces with the ability to understand and respond to user responses in an e-learning context.
6. A healthcare provider is developing a telemedicine application and needs to ensure real-time communication with patients across the globe. Which AWS service can help minimize latency for video calls by caching and delivering content from edge locations?
Amazon CloudFront, as a content delivery network (CDN), caches and delivers content, including real-time communication data, from edge locations. This minimizes latency for video calls and enhances the telemedicine application's performance globally.
7. An organization wants to integrate AWS Marketplace software usage data into its existing management systems for better visibility and analysis. Which AWS Marketplace service provides a programmatic way to access this data for integration into third-party applications?
AWS Marketplace Discovery API allows organizations to programmatically access software usage data from AWS Marketplace. This service is crucial for integrating usage data into existing management systems for enhanced visibility and analysis.
8. A company has multiple AWS accounts for different departments. The security team wants to ensure that each department can manage its resources without accessing others' data. What AWS feature supports this segregation while adhering to the principle of least privilege?
AWS Organizations allows for the creation of organizational units (OUs) and service control policies (SCPs) to control access at the organizational level. This ensures that each department has the least privilege necessary to manage its resources without impacting others.
9. A company wants to host a website with dynamic content that includes server-side logic. They need a compute service that offers flexibility in terms of language support, runtime, and the ability to run code in response to HTTP requests. Which AWS service is designed for running server-side logic in response to web requests?
AWS Elastic Beanstalk is a fully managed service that supports multiple languages and runtimes for running server-side logic in response to web requests. It provides flexibility and simplifies the deployment and management of web applications with dynamic content.
10. A financial institution is migrating sensitive customer data to Amazon S3 and must comply with data protection regulations that require encryption at rest. Which encryption option should the institution choose to meet compliance requirements for data stored in Amazon S3?
To comply with data protection regulations and achieve encryption at rest, the financial institution should choose Server-Side Encryption (SSE) with AWS Key Management Service (KMS) for data stored in Amazon S3. This option provides robust encryption and allows for the management of encryption keys through AWS KMS.
11. A company needs to establish a private and dedicated network connection between their on-premises data center and AWS. Which AWS service provides a dedicated network connection, bypassing the public internet, to enhance security and reliability?
AWS Direct Connect establishes a dedicated network connection from the on-premises data center to AWS, bypassing the public internet. This ensures a private and secure connection, enhancing both security and reliability.
12. A company is seeking expert guidance on specific AWS projects and tasks, such as architectural reviews and code optimization. They want to engage with AWS-certified freelancers for these tasks. Which AWS service can connect them with skilled freelancers who can help them achieve their project goals?
AWS IQ is a service that connects customers with AWS-certified freelancers and experts. It enables organizations to find and engage with skilled professionals for specific AWS projects and tasks. While AWS Managed Services focuses on comprehensive managed services, AWS IQ is tailored for connecting customers with freelancers for specific project needs.
13. In the provided IAM policy, what actions are allowed for the example-bucket in Amazon S3?
example-bucket
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::example-bucket", "arn:aws:s3:::example-bucket/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/Environment": "Production" } } }, { "Effect": "Deny", "Action": "s3:DeleteObject", "Resource": "arn:aws:s3:::example-bucket/important-data.txt", "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "false" } } }, { "Effect": "Allow", "Action": "iam:ChangePassword", "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" } ] }
The first statement in the policy allows the actions s3:GetObject, s3:PutObject, and s3:ListBucket on the specified S3 bucket (example-bucket).
s3:GetObject
s3:PutObject
s3:ListBucket
14. An online streaming service wants to optimize content delivery and achieve high availability. How can the service leverage AWS Availability Zones to enhance the distribution of video content to users?
Distributing content servers across multiple Availability Zones improves content delivery by reducing latency and enhancing fault tolerance. This ensures high availability for the online streaming service, especially during peak usage times.
15. You want to allow IAM users to change their own passwords but only for their own accounts. What modification should be made to the IAM policy?
By changing "Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}" to "Resource": "*" in the fourth statement, it allows users to change their own passwords for any IAM user in the account.
"Resource": "arn:aws:iam::account-id-without-hyphens:user/${aws:username}"
"Resource": "*"
16. A multinational corporation with offices in different regions wants to efficiently share and exchange data with its subsidiaries. The corporation needs a solution that allows it to securely share and monetize datasets with authorized third-party organizations. According to AWS best practices, which service is suitable for this scenario?
AWS Data Exchange is a service that enables organizations to securely share and monetize datasets with authorized third-party organizations. It provides a platform for data providers to publish and distribute data, making it an ideal solution for the multinational corporation's requirement to efficiently share and exchange data with subsidiaries. While RDS, S3, and Glue are valuable services, Data Exchange specifically addresses the need for secure data sharing and monetization.
17. A startup is looking for a solution to set budget alerts for its AWS spending to prevent unexpected costs. The startup also wants to receive notifications when spending exceeds predefined thresholds. Which AWS service is most suitable for setting up budget alerts and notifications?
AWS Budgets is the service designed for setting budget alerts and notifications based on predefined spending thresholds. It allows the startup to proactively manage costs and receive alerts when expenditures are approaching or exceeding the set budgets. AWS Billing Conductor is not a valid AWS service.
18. A gaming company is developing a multiplayer game that requires shared file storage for game assets, such as graphics and sound files. The organization needs a scalable file storage solution with the ability to handle the high throughput demands of real-time gaming. Which AWS file service aligns with these requirements?
Amazon FSx for Lustre is designed for high-performance computing workloads, including real-time gaming, that require scalable file storage with high throughput capabilities.
19. You want to modify the provided S3 bucket policy to grant access to a new IAM user (new-user) for performing all S3 actions on objects within the bucket. Which part of the policy should you update?
new-user
To grant access to a new IAM user, you should add a new statement with "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::NEW-USER-ACCOUNT-ID:user/new-user" } specifying the appropriate user details.
"Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::NEW-USER-ACCOUNT-ID:user/new-user" }
20. You have an EC2 instance in a private subnet of a VPC, and you want to allow outbound internet access for software updates. Which modification should be made to the security group rules?
Add an outbound rule allowing TCP/80 and TCP/443 to 0.0.0.0/0. This is because outbound internet access typically requires allowing traffic to destinations outside the VPC. By specifying 0.0.0.0/0 as the destination IP range, you allow the EC2 instance to communicate with any server on the internet over HTTP (TCP/80) and HTTPS (TCP/443), which is commonly used for software updates.
21. After uploading a file to the S3 bucket created with the script below, you want to generate a pre-signed URL for temporary access to the file. Which AWS CLI command should you use?
s3api create-bucket --bucket my-s3-bucket --region us-east-1
s3 cp ./local-file.txt s3://my-s3-bucket/
iam create-user --user-name my-iam-user
iam attach-user-policy --user-name my-iam-user --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
ec2 run-instances --image-id ami-12345678 --instance-type t2.micro --key-name my-key-pair
The aws s3 generate-presigned-url command is used to generate a pre-signed URL, and the correct syntax includes --bucket, --key (or --object), and --expires-in parameters.
aws s3 generate-presigned-url
--bucket
--key
--object
--expires-in
22. Your organization is implementing a multi-account strategy in AWS, and you need detailed information on best practices for managing security across multiple AWS accounts. Where should you go to find guidance on designing and implementing a secure multi-account architecture?
The AWS Organizations Documentation provides detailed information on best practices for managing security across multiple AWS accounts. It covers topics related to creating and managing an organizational unit structure, applying policies, and implementing security controls. In this scenario, referring to AWS Organizations Documentation is crucial for designing and implementing a secure multi-account architecture.
23. You have an application server in a VPC, and you want to ensure that it can communicate with a third-party API server over HTTPS (TCP/443). What modification should be made to the network ACL rules below?
To enable communication from the application server to the third-party API server over HTTPS, you need to add an outbound rule allowing traffic on TCP/443 to the API server's IP range. This allows the application server to initiate connections to the API server on the specified port. By restricting the rule to the necessary protocol and destination, you ensure that the communication is secure and only allows traffic to the required destination.
24. A startup is in the early stages of building its application on AWS and is seeking cost-effective support that includes access to general guidance and best practices. Which AWS Support plan is most suitable for the startup's needs without incurring additional costs?
Basic Support is a cost-effective option that provides access to AWS documentation, forums, and customer service during business hours. It is suitable for startups looking for foundational support without additional features.
25. A startup is using Amazon EC2 instances for its web application, and they want to identify underutilized instances to optimize costs. Which AWS service provides recommendations for rightsizing EC2 instances based on historical usage patterns?
AWS Trusted Advisor provides recommendations for optimizing costs, including rightsizing suggestions for EC2 instances. It analyzes historical usage patterns to identify instances that may be overprovisioned or underutilized.
26. A development team is working on an application that needs to securely store and retrieve sensitive information, such as database passwords and API keys. What AWS service can help manage and rotate these secrets automatically?
AWS Secrets Manager helps protect access to applications, services, and IT resources without the upfront investment and on-going maintenance costs of operating infrastructure. It can automatically rotate, manage, and retrieve database credentials, API keys, and other secrets.
27. An e-commerce website is experiencing occasional outages due to increased traffic during flash sales. The company wants to implement a solution that redirects excess traffic to a backup site hosted on a different AWS region. Which routing policy in Amazon Route 53 is suitable for this scenario?
Failover Routing in Amazon Route 53 allows the company to redirect traffic to a backup site in case of an outage. By configuring health checks and failover policies, excess traffic during flash sales can be seamlessly redirected to the backup site, improving overall website reliability.
28. You want to allow only specific IP addresses (192.168.2.0/24) to connect to an EC2 instance via SSH. Which modification should be made to the security group rules?
192.168.2.0/24
Update Rule 1 to allow SSH from the specific IP range 192.168.2.0/24. By modifying Rule 1, you can ensure that only the specified IP addresses are allowed to connect via SSH. This is a more precise approach than adding a new rule or modifying other rules, as it directly aligns with the requirement to restrict SSH access to the specified IP range.
29. An organization is concerned about the security implications of migrating sensitive data to the AWS Cloud. Which perspective within the AWS Cloud Adoption Framework (AWS CAF) provides guidance on implementing robust security measures and mitigating security risks?
The Security Perspective within the AWS CAF is specifically designed to address security concerns and guide organizations in implementing robust security measures. It provides guidance on identity and access management, data protection, and compliance. By following the Security Perspective, organizations can effectively mitigate security risks associated with cloud adoption.
30. A startup is looking for a simple and cost-effective solution to connect its small office to AWS resources over the internet. The team wants an easy-to-implement option without the need for dedicated physical connections. Which AWS connectivity option suits this scenario?
AWS VPN provides a cost-effective solution for connecting small offices to AWS resources over the internet. It is easy to implement and does not require dedicated physical connections, making it suitable for startups with simple connectivity needs.
31. You want to modify the IAM policy to deny the deletion of a specific object (important-data.txt) within the S3 bucket. However, deletion should be allowed if Multi-Factor Authentication (MFA) is present. What modification should be made?
important-data.txt
By adding "Bool": { "aws:MultiFactorAuthPresent": "true" } to the third statement, it allows deletion only when Multi-Factor Authentication (MFA) is present.
"Bool": { "aws:MultiFactorAuthPresent": "true" }
32. An application requires block-level storage with the ability to attach and detach volumes from EC2 instances. Which AWS storage service should be used for this requirement?
Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes that can be attached to EC2 instances, offering the flexibility to attach and detach volumes as needed.
33. A smart city initiative is deploying surveillance cameras across urban areas to enhance public safety. The city officials want to implement a system that can detect and alert authorities about any suspicious activities or objects in real-time. Which AWS service is best suited for this scenario?
In this scenario, the most suitable AWS service is Amazon Rekognition. Amazon Rekognition provides computer vision capabilities, allowing the smart city initiative to analyze video streams from surveillance cameras in real-time. It can detect and recognize objects, people, and activities, facilitating the identification of suspicious incidents for prompt response by authorities.
34. An e-learning platform wants to deliver video lectures to students globally with low latency. Which AWS service should the platform use to optimize the delivery of video content by caching and delivering it efficiently from edge locations?
Amazon CloudFront's content delivery network (CDN) capabilities enable the e-learning platform to cache and deliver video lectures efficiently from edge locations, ensuring low-latency access for students worldwide.
35. You want to modify the S3 bucket policy to allow access from any IP address for reading objects (s3:GetObject) in the bucket, but deny access from a specific IP address (192.168.1.1). Which modification should be made?
192.168.1.1
By adding "NotIpAddress": { "aws:SourceIp": "192.168.1.1" } to the first statement, it allows access from any IP except the specified one.
"NotIpAddress": { "aws:SourceIp": "192.168.1.1" }
36. A media company relies heavily on its AWS infrastructure to deliver streaming services to a global audience. The company is concerned about potential cyber threats and wants a service that can detect and alert on unusual behavior patterns in real-time. Which AWS service can fulfill this requirement?
Amazon GuardDuty is designed to detect unusual behavior patterns and potential security threats in real-time. It uses machine learning algorithms to analyze AWS CloudTrail, VPC flow logs, and DNS logs, providing continuous monitoring and alerting for security events in the AWS environment. This makes it suitable for detecting cyber threats and unusual activities in real-time.
37. A Cloud Practitioner notices unusual activity on their AWS account, indicating potential abuse or unauthorized access. What is the most appropriate action for the Cloud Practitioner to take?
The AWS Trust and Safety team is responsible for handling abuse reports and unauthorized activities. It is crucial to report such incidents promptly to ensure a swift and appropriate response.
38. A development team is tasked with deploying a serverless application on AWS, and they want to leverage AWS services for different stages of the application development lifecycle. Additionally, they need the ability to customize the development environment based on their specific requirements. Which feature of AWS CodeStar supports this need?
AWS CodeStar supports Customizable Templates, allowing development teams to customize the development environment based on their specific requirements. This feature provides flexibility in configuring the environment while leveraging AWS services for different stages of the application development lifecycle.
39. A government agency is migrating its IT infrastructure to AWS and needs to ensure compliance with government-specific security standards. Where can the agency find detailed information on how AWS meets the compliance needs of government organizations?
For government-specific compliance information, the agency should utilize AWS Artifact. It offers detailed documentation on how AWS meets the compliance needs of government organizations, ensuring a secure and compliant migration to the cloud.
40. A software development team is working on a project that involves multiple AWS accounts for development, testing, and production environments. The team wants to ensure that Amazon EC2 instances from the development account can securely access an Amazon RDS database in the production account. Which AWS service facilitates the cross-account access of resources in a secure and controlled manner?
AWS IAM allows the software development team to set up cross-account access by creating IAM roles with the necessary permissions. This ensures secure and controlled access from the development account's EC2 instances to the production account's Amazon RDS database.
41. A company is planning a major infrastructure upgrade that involves scheduled maintenance on its AWS resources. The IT team wants to be informed in advance about any upcoming maintenance events that might affect their workloads. Which AWS service can provide advanced notification about scheduled activities and maintenance events?
The AWS Personal Health Dashboard provides advanced notification about scheduled activities, including upcoming maintenance events. It allows the IT team to plan accordingly and minimize the impact on their workloads.
42. A financial institution is processing a large volume of financial transactions and needs a compute service that automatically scales based on demand while optimizing costs. Which AWS compute service provides automatic scaling and cost optimization for event-driven workloads?
For automatic scaling and cost optimization in event-driven workloads, AWS Lambda is the appropriate choice. Lambda scales automatically based on the volume of incoming events and charges only for the compute time consumed, providing cost-effective scalability.
43. A company is running Windows-based virtual machines (VMs) in the AWS Cloud and wants a service to deliver a seamless desktop experience to end-users. They require a solution that allows users to access their desktop environment from different devices. Which AWS service is designed for delivering a seamless Windows desktop experience?
Amazon WorkSpaces is a fully managed desktop-as-a-service (DaaS) solution that allows users to access a Windows desktop environment from different devices. It is suitable for delivering a seamless desktop experience to end-users.
44. After launching an EC2 instance using the script below, you realize that the instance is not accessible over SSH. What step might you have missed in the script?
To allow SSH traffic to the EC2 instance, you need to specify a security group that allows inbound SSH traffic. The security group acts as a virtual firewall and controls the traffic to your instance.
45. An organization is in the process of selecting AWS services for a new project and wants to ensure that the chosen services align with industry best practices and AWS recommendations. Which AWS resource can provide prescriptive guidance and best practices for selecting the right combination of AWS services to meet specific project requirements?
AWS Prescriptive Guidance provides recommendations and best practices for selecting the right combination of AWS services to meet specific project requirements. While Service Catalog, Marketplace, and CloudTrail play important roles, Prescriptive Guidance specifically addresses the organization's need for detailed advice on selecting AWS services in alignment with best practices.
46. You have executed the script below to create an S3 bucket named my-s3-bucket. What additional configuration is required to make the bucket publicly accessible?
my-s3-bucket
To make the bucket publicly accessible, you need to add a bucket policy allowing s3:GetObject for all users. While setting ACL or enabling public access settings can make the bucket public, they may not provide the specific access needed for the scenario.
47. A media streaming company is considering migrating its Microsoft SQL Server database to Amazon DynamoDB to take advantage of its NoSQL capabilities. The company wants to ensure that the migration is efficient and includes only the necessary data. Which AWS DMS feature allows the selection and transformation of specific columns during the migration?
The correct answer is Table Mapping. AWS DMS provides Table Mapping capabilities, allowing the selection and transformation of specific columns during the migration process, ensuring efficiency and including only the necessary data.
48. A large enterprise with multiple departments is looking for a centralized way to manage and distribute standardized AWS resources and applications across the organization. Which AWS service is most suitable for achieving this goal?
AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. It provides a centralized and standardized way to distribute AWS resources and applications across departments, ensuring compliance and consistency.
49. An e-commerce platform experiences unpredictable traffic patterns throughout the year, with occasional flash sales events leading to sudden spikes in demand. To optimize costs while handling unpredictable spikes in demand, which AWS pricing model should the e-commerce platform consider?
For handling unpredictable spikes in demand and optimizing costs, Spot Instances are suitable for the e-commerce platform. Leveraging Spot Instances during periods of low demand allows for significant cost savings. It's important to note that Spot Instances may be terminated if the EC2 capacity is needed elsewhere, so they are best suited for fault-tolerant and stateless applications.
50. A company is running a web application that experiences varying levels of traffic throughout the day. They want to optimize the cost of running the application by automatically scaling the containerized services based on demand. Which AWS service can help achieve automatic scaling for containers in response to changes in demand?
Amazon ECS supports automatic scaling based on demand through its integration with AWS Auto Scaling. By using Amazon ECS, the company can optimize the cost of running the web application by dynamically adjusting the number of containers based on varying levels of traffic.
51. An organization has implemented a scenario where users from different AWS accounts access resources in a central AWS account without creating IAM users in the central account. What type of identity management is demonstrated in this setup?
Cross-Account IAM Roles allow users from different AWS accounts to assume roles and access resources in a central AWS account. This approach avoids the need for creating IAM users in the central account and simplifies access management.
52. A finance company is building a transactional application that involves processing a large number of financial transactions. Data consistency and durability are critical requirements for the application. Which AWS database service is designed to provide these features?
Amazon DynamoDB is designed to provide high durability and strong data consistency for transactional applications. It ensures that all writes are durable and that reads reflect the most recent write. This makes it suitable for applications with critical data consistency requirements.
53. A financial institution is using Amazon EC2 instances to run its mission-critical applications. As part of the shared responsibility model, what is the customer's responsibility?
Customers are responsible for patching the operating system and application software on their EC2 instances to address vulnerabilities and ensure a secure environment for their applications.
54. A Cloud Practitioner is facing a complex issue in their AWS environment and needs detailed guidance to troubleshoot and resolve the issue. Which AWS resource is the most suitable for the practitioner to access in order to find comprehensive, scenario-specific solutions provided by AWS experts?
The AWS Knowledge Center is a valuable resource for Cloud Practitioners seeking detailed solutions to specific issues. It provides scenario-specific guidance and resolutions compiled by AWS experts. While AWS Support Plans, Documentation, and Forums are also useful, the Knowledge Center is specifically designed to offer comprehensive, expert-reviewed solutions to address complex issues.
55. A development team is working on a web application that requires seamless integration with various data sources, including databases and APIs. They want a service that simplifies the process of connecting the frontend to these diverse data sources. Which AWS service provides a unified GraphQL API for accessing multiple data sources?
AWS AppSync provides a unified GraphQL API that simplifies the process of connecting the frontend of a web application to various data sources, including databases and APIs. It allows developers to access multiple data sources through a single API, making it suitable for scenarios where seamless integration is required.
56. You have an EC2 instance in a public subnet of a VPC that needs to communicate with a database server in a private subnet. What modification should be made to the sample network ACL rules?
To enable communication from the public subnet to the private subnet's database server, you need to allow inbound traffic on the relevant port. In this case, MySQL typically uses TCP/3306. Therefore, the correct answer is to add an inbound rule allowing TCP/3306 from the private subnet's IP range, which ensures that the database server can receive traffic on the MySQL port from the EC2 instance.
57. A company is using AWS Organizations to manage multiple accounts. They want to ensure that specific AWS services are only accessible from certain accounts within the organization. Which AWS feature helps in achieving this granular control over service access?
AWS Organizations, through the use of service control policies (SCPs), allows organizations to granularly control access to AWS services. By defining SCPs, administrators can specify which AWS services are accessible from each account, ensuring a fine-grained control over service access.
58. A software development team is working on a project with frequent code changes. The team needs a backup solution that allows for point-in-time recovery of code repositories and ensures that historical versions of the code can be restored as needed. Which AWS service is most appropriate for this code versioning backup requirement?
Amazon S3 Versioning allows for the point-in-time recovery of code repositories by maintaining multiple versions of each object in the bucket. This ensures that historical versions of the code can be restored as needed, making it suitable for versioning backup requirements.
59. A mobile app development team is focusing on enhancing the user experience by optimizing the app's performance on specific devices. They want to identify and address performance bottlenecks on targeted devices. Which AWS Device Farm feature is best suited for conducting performance testing on specific devices?
Test Grid in AWS Device Farm allows developers to create custom test environments, including specific devices. By leveraging Test Grid, the development team can conduct performance testing on targeted devices, identify performance bottlenecks, and optimize the app's performance for a more tailored user experience.
60. A development team is working on a new web application, and they want to deploy it on AWS with minimal effort, letting AWS handle the deployment details. Additionally, they need the flexibility to customize the underlying resources if necessary. Which AWS service is best suited for this scenario?
AWS Elastic Beanstalk is a fully managed service that makes it easy to deploy and run applications in multiple languages. It abstracts away the complexity of managing infrastructure, allowing developers to focus on their code. Elastic Beanstalk provides flexibility by allowing customization of underlying AWS resources, making it an ideal choice for deploying web applications with minimal effort.
61. A research institution is storing large datasets in Amazon S3 Glacier for long-term archival. The institution recognizes that some datasets may not be accessed for years and wants to minimize storage costs. Which retrieval option in Amazon S3 Glacier is the most cost-effective for infrequently accessed data?
Bulk Retrieval in Amazon S3 Glacier is the most cost-effective retrieval option but has a longer retrieval time, making it suitable for infrequently accessed data where cost optimization is a primary consideration. It is well-suited for scenarios where retrieval times of several hours are acceptable.
62. A financial institution is concerned about data security and compliance when connecting to AWS. They want to establish a private connection to their Amazon VPC without traversing the public internet. Which feature of AWS Direct Connect addresses this security concern?
A Private Virtual Interface in AWS Direct Connect allows a direct and private connection to an Amazon VPC, ensuring that data does not traverse the public internet. This enhances data security and compliance for sensitive workloads, such as those in a financial institution.
63. A healthcare organization is using Amazon Redshift for its data warehouse to store and analyze electronic health records. The organization needs to enforce data access policies to restrict certain user roles from accessing sensitive patient information. According to AWS best practices, which feature of Amazon Redshift should be implemented to achieve this data access control?
Implementing Column-level Permissions in Amazon Redshift allows the healthcare organization to enforce data access policies by restricting specific user roles from accessing sensitive patient information. While IAM Roles for Redshift, Audit Logging, and Data Encryption are relevant, Column-level Permissions specifically address the organization's need for fine-grained control over data access in the data warehouse.
64. An organization is seeking a tool that can continuously monitor its AWS environment for compliance with industry and regulatory standards. The organization wants to receive real-time alerts and recommendations for addressing any non-compliance issues. Which AWS service can the organization use to achieve continuous compliance monitoring and receive actionable insights?
AWS Trusted Advisor is a service that provides continuous monitoring of an AWS environment and offers real-time alerts and recommendations for improving security, optimizing performance, and achieving compliance. While Security Center, Config, and Inspector are valuable for other aspects of security, Trusted Advisor specifically addresses the organization's need for continuous compliance monitoring and actionable insights.
65. An online streaming service experiences predictable traffic patterns during specific hours of the day but variable workloads at other times. The service aims to optimize costs while ensuring a seamless streaming experience. Which AWS compute purchasing option is most appropriate for this scenario?
For a service with predictable traffic patterns during specific hours, On-Demand Instances provide the necessary performance without the need for long-term commitments. On-Demand Instances are suitable for applications with variable workloads, ensuring a seamless streaming experience while allowing the flexibility to scale up and down based on demand.
Your score is
Restart Exam
