AWS CLF-C01
Which Amazon Elastic Block Storage (EBS) storage type provides cost-effective storage for data that is typically accessed infrequently, with an IOPS of around 100? A) HDD-backed volumes B) Magnetic volumes C) General Purpose SSD (gp2)* volumes D) Provisioned IOPS SSD (io1) volumes
B
You are managing several production EC2 instances that use a public-facing subnet. You have three new employees on the east coast and twelve new employees on the west coast. You need to give all the employees access to your VPC, but each employee will need different forms of access within AWS and user accounts created. What is your most effective solution? A) Create a new IAM role for users on the east coast and user accounts for the west coast users. B) Use AWS Organizations and service control policies. C) Contact AWS for configuring your initial IAM roles and users. D) Create one ID for the east coast users and one ID for the west coast users.
B
It is important that as you transition from your on premise system into the Amazon Cloud that you focus on savings as your design your Amazon infrastructure and as your plan for your data migration. Which AWS well architected framework pillar is focused on the logical and functional requirements and the overall refinement of the smallest price point available in a system? A) Storage B) Performance Efficiency C) Cost Optimization D) Reliability
C
You work for a large company that manages automobile sales. They have just moved their first production application to the AWS infrastructure. Your technical leadership wants to make sure that security practices are structured and implemented within the AWS environment. Which of the following options would be considered the customer's responsibility? A) No patching is required by the customer. B) Patching the AWS storage. C) Patching the OS within an EC2 instance. D) Patching the underlying system within AWS.
C
Your boss tells you to find an inexpensive cloud solution for an EC2 environment that will only be needed for 9 months. What is your best option? A) On-Demand Instance B) Dedicated Instance C) Partial upfront costs reserved D) Spot Instance
C
How many Internet gateways can be attached to an Amazon VPC? A) 1 B) 16 C) 5 D) 28
A
Which types of instances would an Auto Scaling group use? (Choose all that apply.) A) Instances classified as On-Demand B) Instances classified as on-premises C) Instances that are stopped D) Instances classified as Spot E) Instances that are running and not part of an Auto Scaling group
A, D
As a sysops administrator, you need to have a fundamental understanding of the costs associated with your AWS resources. You are tasked with looking at usage reports of all the costs associated with your AWS infrastructure. You also need to review the last thirteen months with the ability to forecast costs for the next three months. What AWS resource could you use to meet this requirement? A) AWS Support Center B) AWS Knowledge Center C) Controlling Access D) Cost Explorer
D
As a system operations resource your focus is to make the best decision within the AWS infrastructure. You are tasks with managing AWS resources such as EC2 instance types, geographic regions, VPC management and capacity planning and forecasting. Which option is considered a key cost effective resource discussed in the AWS well architected framework pillar Cost optimization? A) Right size B) Using reserved instances only C) Limiting regions D) Appropriate provisioning
D
As it relates to the shared responsibility model, which security option is the customer's responsibility? A) Physical security of hardware B) Facilities C) Network infrastructure D) Amazon Machine Images (AMIs)
D
If you want to access the lnternet from your Amazon EC2 instance and not use a public IP address, which networking component would you use to access the Internet? A) Gateway type endpoint B) Network Access Control List (ACL) C) Amazon Route 53 D) NAT gateway
D
In the AWS Organizations web service what feature allows the easy tracking of charges across multiple accounts and is offered at no extra cost? A) Volume Discounts B) Amazon S3 Analytics C) AWS budgets D) Consolidated Billing
D
Which phase of the application life cycle focuses on determining software requirements?
The deployment phase
You are a sysops administrator, and you in the process of moving several on-premises custom scripts to your AWS EC2 environment. These scripts manage several basic tasks that run on a Linux operating system and manage data within a file system, and also execute several unique reports. You are tasked with minimizing costs and also making sure these scripts are highly available. What resource below would you choose to complete this task? A) Routing policy B) AWS Lambda C) AWS CloudFront D) AWS Direct Connect
B
Your manager tells you to find an Amazon cloud solution that has scalable object-level storage with a durability level of 99.999999999%, while having frequent access to data. What should you choose? A) Amazon Glacier B) Amazon S3 C) Amazon EBS D) AWS Storage Snowball
B
You are working on the development of multiple applications. Each application is in a different stage of the software development lifecycle process. You plan on implementing the development of these applications within the AWS infrastructure and need an automated approach for building, testing, and deploying these applications. You also want to be able to see the big picture from a development perspective and to establish a consistent release plan as changes occur. What AWS resource can meet these requirements? A) Amazon RDS B) Dynamic scaling C) AWS CodePipeline D) Amazon DynamoDB Streams
C
You work for a company that created several production servers within Amazon's infrastructure, but costs are rising and your management has asked you to reduce the costs associated with your Amazon infrastructure. Which option below would be best? A) Identify Amazon EBS volumes with high utilization B) Remove all forms of autoscaling C) Stopping or resizing your EC2 instances D) Increase your compute costs on your EC2 instances
C
Your current Amazon architecture supports your production workload using both Reserved and On-Demand instances. You are working on a new project that is going to potentially increase load production times by 20%. You also need to test your front-end application by enabling TLS 1.2 protocol settings. What type of Amazon EC2 instance should you use to meet this requirement? A) On-Demand instance B) Dedicated host C) Spot instance D) Reserved instance
C
As an IT specialist with a cloud background, you are concerned with the overall recoverability of your data within the cloud. What does Amazon S3 offer to alleviate this concern? A) The S3 infrastructure is considered eventually consistent. B) Data is replicated to multiple regions within an availability zone. C) Data is stored in silos in another country. D) Data within Amazon S3 storage is backed up to tape nightly.
A
If you wanted to route Internet traffic to your specific domain, what AWS resource should you use? A) Amazon Route 53 B) HTTPS load balancers C) Intemet-facing load balancers D) Dynamic scaling
A
What AWS caching solution delivers website data and interactive content to edge locations all over the world to decrease latency and increase application performance? A) Amazon CloudFront B) AWS Greengrass C) Cross-Region replication D) Amazon DynamoDB Accelerator (DAX)
A
What Amazon security feature encrypts data at rest using AES-256 and is considered transparent to the end user within the Amazon S3 environment? A) Encryption server side B) Versioning C) Encryption client side D) Replication
A
What does Amazon recommend for protecting data in transit when you have a concern of accidental information disclosure? A) IPSec ESP B) Encryption server side C) Digital signature D) TrueCrypt
A
What is an Amazon solution for creating a logical private connection between a remote network and an Amazon VPC? A) AWS Direct Connection B) AWS VPN CloudHub C) VPC Peering D) Hardware VPN
A
What is the total number of Virtual Private Clouds (VPCs) you can have within an individual region? A) 5 B) 200 C) 50 D) 500
A
When does Amazon DynamoDB encrypt data at rest? A) Only when you create a new table structure B) When the first rows of data enter the table C) Only when you create a new table structure within the US East (Ohio) region D) Only when you use an ALTER TABLE command
A
Which AWS caching solution has the ability to route traffic within AWS resources, such as EC2 instances, Amazon S3 buckets, and Elastic Load Balancing load balancers, while also routing user requests outside AWS infrastructures using a cloud Domain Name System (DNS)? A) Amazon Route 53 B) Cross-Region replication C) Amazon ElastiCache for Memcached D) AWS Greengrass
A
Which AWS framework pillar is focused on continual improvement and refinement of system resources over the complete infrastructure lifecycle? A) Cost Optimization B) Reliability C) Performance Efficiency D) Storage
A
Which Auto Scaling option configures a unique number of instances that run 24/7? A) Maintain current level B) Dynamic scaling C) Scheduled scaling D) Manual scaling
A
Which of the following options would describe a location where an AWS cluster datacenter is located? A) Region B) Endpoint C) On-premises system D) fleet
A
You are managing several different AWS environments. Two of your many responsibilities is to make sure that the AWS resources do not exceed their resource limits and at the same time demonstrate AWS best practices. You need a simple way of validating these service level limits to protect your systems so that they continually perform at their highest levels. What resource will allow you to accomplish this task? A) AWS Trusted Advisor B) AWS Inspector C) AWS Personal Health Dashboard D) AWS Config
A
You have just created an EC2 instance using an AMI that uses a Linux Ubuntu operating system. A security report suggested that the operating system might need to be patched. How would you classify the operating system that needs to be patched, and whose responsibility is it to patch it? A) Guest operating system, and the customer's responsibility B) Guest operating system, and Amazon's responsibility C) AWS-owned operating system, and the customer's responsibility D) AWS-owned operating system, and Amazon's responsibility
A
Your boss wants you to find an inexpensive cloud solution that will support a production environment longer than three years that uses a Linux platform. What type of instance will meet this requirement? A) Reserved instance B) Dedicated environment C) Spot instance D) On-demand instance
A
Your company has just hired you as an AWS resource. It is your responsibility to start working with AWS and to get multiple IT employees trained on how to properly use and support your AWS infrastructure. Who is responsible for training your IT employees? A) The customer is responsible for training their IT employees. B) AWS is responsible for training customers on the AWS infrastructure. C) The customer is responsible for training AWS employees. D) AWS is responsible for training customers on only guest OSes and applications.
A
What is the mindset of being concerned with the costs, principals and overall benefits of cloud computing?
Cloud Economics
Which pillar of the Well-Architectured Framework supports the improvement and efficiencies of an AWS infrastructure over a complete lifetime?
Cost Optimization
What concept is related to increasing data retrieval rates by placing viable data into a static memory buffer for future use? A) Amazon Network ACL B) wmic C) Amazon Kinesis Data Analytics D) Caching
D
What is the main reason for using an Elastic IP address associated with your Virtual Private Cloud account? A) You can assign an Elastic IP address to all your EC2 instances for easier management of your EC2 infrastructure. B) You can never deallocate an Elastic IP address because it stays associated with your AWS account for auditing purposes and is considered a static IP address. C) Elastic IP addresses can be used with IPv6 or IPv4 network components. D) You have the ability to move network attributes from one instance to another in one single step.
D
What is the name of an Amazon resource that allows you to create subnets, modify IP address ranges, change network gateways, configure route tables, and modify advanced security settings? A) Software VPN B) Hardware VPN C) VPC Peering D) Virtual Private Cloud (VPC)
D
What third party encryption software can be used to encrypt data at rest on an Amazon EBS volume for both Linux and Windows operating systems? A) AWS snapshots B) BitLocker C) Linux dm-crypt D) TrueCrypt
D
Which AWS service provides protection against DDoS attacks for free and is a key component of the Reliability pillar within the AWS framework? A) AWS Direct Connect B) AWS ELB C) AWS Route53 D) AWS Shield
D
Which of the following AWS offers falls under the AWS free Tier and will never expire? A) 1000 Expedited retrieval request from Amazon Glazier B) Linux t2.nano instance size for one year using on on-Demand solution C) First 10 Terabytes for data transfers to Internet using Amazon CloudWatch. D) 25 read capacity units, 25 GB of storage capacity and 25 units of write capacity using a DynamoDB.
D
Which option is considered a cost-effective resource discussed in the AWS framework pillar Cost Optimization? A) Using reserved instances only B) Fixed sizing C) Limiting regions D) Appropriate provisioning
D
You ONLY want to manage Applications and Data. Which type of Cloud Computing model should you use? A) On-premises B) Infrastructure as a Service (laaS) C) Software as a Service (SaaS) D) Platform as a Service (PaaS)
D
You are supporting an application that requires that the EC2 instance be shut down after 5:00 PM every day. You want to make sure this is done automatically so you have configured the shutdown processing to use a Lambda function. For some reason, the application binaries are sporadically being corrupted and the corruption is related to the shutdown process. Which of the following components can be used to identify the faulty EC2 instance? A) Memory utilization B) Instance metadata C) CPU utilization D) Resource tagging
D
You have been asked to create several AWS EC2 instances within a predefined private subnet. You need to have the ability to connect from your private subnet to the Internet. You also need the connections to be highly available based on their respective availability zones. Which of the following networking components can meet the above requirements? A) VPC peering B) AWS access control list C) NAT instance D) NAT gateway
D
You need to create a historical CPU report on your AWS EC2 instance. How long does Amazon CloudWatch keep resource data? A) 2 days B) 1 week C) 30 days D) 14 days
D
You want to monitor service limits related to Elastic IP addresses that are being used, active snapshots, and EBS volumes. Which service would you use? A) AWS EC2 B) AWS SNS C) AWS Storage Gateway D) AWS Trusted Advisor
D
You work for ABC corporation that is actively using Amazon S3 storage solutions. The company has files that are stored using Amazon S3, but want to save costs because a majority of their files are not be used after 40 days. However, they need the ability to recover files within a few minutes after the request to see a file. Which option below best meets these requirements? A) Enable the delete option on each bucket and recover the data as requested. B) Move the objects to Amazon Glacier after 40 days C) Enable versioning and delete certain files after 40 days. D) Move the data to Amazon S3 Standard using Infrequent Access (IA) option after 40 days.
D
You work for a company that has several EC2 servers that were built three months ago to support a production application. The plan is to have these production servers running with zero down time. You are planning on upgrading the instance type in about a month. What type of instance should you have purchased during the design of the application for cost-effective increases in instance types? A) Spot instances B) Standard Reserved instances C) On-Demand instances D) Convertible Reserved instances
D
You work for a holding company that manages several other companies that support several different industries. You are tasked with setting up AWS accounts for each company within the holdings portfolio. You are also required to manage these accounts from a global perspective and keep up with the billing information relates to these new AWS accounts. Which of the following policies would best meet these requirements? A) Use IAM users B) Use IAM policies C) Use Consolidated billing D) Use AWS Organizations
D
You work for a large company that manages electronic patient records. The primary application is configured with a load balancer that is used to evenly distribute the workload between two production EC2 instances. You are tasked with making sure the connection from the client medical facilities and the load balancer is properly secured by using the appropriate SSL security policy. What policy would you choose to accomplish this task? A) Resource-based policy B) Geolocation routing policy C) Default security policy D) Predefined security policy
D
Which Amazon Kinesis tool lets you create time-series analytics using standard SQL queries against real-time data? A) Amazon Kinesis Data Streams B) Amazon Kinesis Data Analytics C) Amazon Kinesis Video Streams D) Amazon Kinesis Data Firehose
B
Which Amazon storage solution is designed for extremely low storage costs, is best suited for rarely retrieved data, and provides data retrieval times that can be calculated in hours? A) Amazon S3 Standard-IA B) Amazon Glacier C) AWS Snowball D) Amazon EBS
B
Which Global Infrastructure identity is composed of one or more discrete data centers with redundant power, networking, and connectivity, and are used to deploy infrastructure? A) Edge Locations B) Availability Zones C) Regions
B
Which form of data security is implemented by Amazon WorkSpaces for users when they access their remote desktop? A) Encryption client side B) PCoIP C) X.509 certificate D) IPSec ESP
B
Which of the following Amazon storage solutions protects your data in transit while exporting or importing your data? A) Amazon S3 B) Amazon Snowball C) Amazon Glacier D) Amazon EBS
B
Which of the following statements is true when it comes to using route tables within your Virtual Private Cloud (VPC)? A) Subnets are not used by AWS route tables. B) When your VPC is created, it automatically comes with a route table that can be modified. C) For new VPC environments, you are required to create a route table. D) Customized route tables are not permitted.
B
You are responsible for understanding the shared responsibility model. You need to articulate the difference between the responsibilities of the customer and AWS. Under the shared responsibility model, which type of control is not considered a shared control? A) Patch Management controls B) Customer-specific controls C) Awareness and Training controls D) Configuration Management controls
B
You have been working for your company for three years as a system administrator. You have been informed that you need to house several batch application servers. This application can be stopped and started at any point in time. Your task is to provision the needed EC2 infrastructures and your goal is to keep the cost to a minimum. Which type of instance should you consider? A) On-Demand instances B) Spot instances C) Reserved instances D) Dedicated instances
B
What is a required step for you to create a public subnet to use the Internet? A) Use a route table rule to send only local traffic to the IGW. B) Remove an IGW from your Amazon VPC. C) CaII AWS Support to activate this feature. D) Attach an Internet Gateway (IGW) to your VPC.
D
What type of abuse is caused when an Amazon EC2 server is not patched and could be infected with a virus, worm, or Trojan horse? A) False complaints B) Unintentional abuse C) Compromised resource D) Secondary abuse
C
When you create and manage an Amazon RDS environment, there are no setup fees and no minimums to be concerned with. Which option specifies how you would be billed? A) Listeners B) Dynamic scaling C) Running time D) Network time
C
Which are the 3 pricing fundamentals of the AWS Cloud? A) Compute, Storage, and Data transfer in the AWS Cloud B) Compute, Networking, and Data transfer out of the AWS Cloud C) Compute, Storage, and Data transfer out of the AWS Cloud D) Storage, Functions, and Data transfer in the AWS Cloud
C
Which of the following events would AWS Trusted Advisor identify as an unused resource? A) Overused Amazon EBS Volumes B) Increased Load Balancers C) Low utilization of Amazon EC2 instances D) High utilization of Amazon EC2 instances
C
What kind of group will meet to manage and approve all pending changes?
A change review group
Which web service allows you to configure and manage cache application environments?
Amazon ElastiCache
What is a security option that is used to sign a digital document using encryption that involves the use of digital codes? Amazon uses AWS Signature Version 4 which uses an access secret key that will then be used to creating a signing key
A digital signature
You are a system operator focusing on monitoring a group of servers within the AWS infrastructure and a group of servers that are on-premises. You are tasked with monitoring metrics at the system level for both groups of servers within a universal dashboard. How would you accomplish this task? (Choose two.) A) Configure the metrics dashboard within CloudWatch. B) Install the CloudWatch agent. C) Configure the metrics dashboard within CloudTrail. D) Migrate the on-premises systems to AWS to ensure they can monitored properly.
A, B
You are creating an IAM policy using the visual editor from the IAM console. Which two key components will you be prompted to provide? A) Select an action B) Choose a specific JSON tab C) Remove access level groups D) Choose a service E) Add a JSON policy document
A, D
Which entity is responsible for protecting the AWS infrastructure that runs all of the services offered in the AWS Cloud?
AWS
What AWS report provides a detailed billing breakdown by month, by hour, by product or by tags?
AWS Cost and Usage Report
What internal AWS page answers the most frequently asked questions and also provides in-depth AWS discussion forms?
AWS Knowledge Center
What is a key capability of an Amazon S3 data lake architecture component? A) Transform raw data into multiple regions for backup purposes. B) Utilizes a broad perspective of data science, data analytics, and machine learning in a centralized platform. C) Gives you the ability to implement a single sign-on within the data lake. D) Being able to query data in multiple availability zones.
B
What is the name of a Trojan or worm that has infiltrated a fleet of EC2 instances that can be controlled by an external or remote user with malicious intent? A) SPAM B) Botnets C) MFA D) Trusted Advisor tool
B
What is the pricing model of Cloud Computing? A) Discounts over time B) Pay-as-you-go pricing C) Pay once a year D) Flat-rate pricing
B
What type of application could you use if you wanted to install security patches or service packs beyond the patch level from an AMI? A) DAX B) Bootstrapping C) Trusted Advisor D) IAM policies
B
Which service is a logging tool that allows you to send notifications using Amazon Simple Notification Service (Amazon SNS) based on metric analysis generated from an Amazon DynamoDB?
Amazon CloudWatch Alarms
Which AWS resource is used by system operators to automate the transformation and migration of data into the AWS cloud infrastructure, and uses workflows, tasks, and sub-tasks?
Amazon Data Pipeline
What service is used to deploy, scale, and operate on Elasticsearch clusters and allows you to analyze logs and provides click steam analytics and application monitoring in real time?
Amazon Elasticsearch Service
Which type of connection is private and links your remote network to an Amazon VPC?
An Amazon AWS Direct Connection
What Amazon resource implements security vulnerability assessments by improving the compliance and security of an application within an Amazon EC2 environment? A) Amazon Cognito B) Amazon Inspector C) AWS Lambda D) Amazon SNS
B
What kind of strategy does Amazon offer for situations like that of a natural disaster or major system failure? A) Versioning B) Digital signatures C) Backup replication D) Application level encryption
C
What part of an Amazon Virtual Private Cloud (VPC) is considered stateful? A) Network access control list B) AWS Snowball storage C) Security groups D) Amazon EBS
C
Which of the following is NOT one of the Five Characteristics of Cloud Computing? A) Rapid elasticity and scalability B) Multi-tenancy and resource pooling C) Dedicated Support Agent to help you deploy applications D) On-demand self service
C
Which of the following is a database instance type offered by Amazon RDS? A) DB2 B) Amazon Glacier C) Oracle D) NoSQL
C
You are a system administrator and you have been supporting a very active application that is continually growing. The application servers are using over 80% of their CPU capacity and are experiencing spikes in memory allocation due to unpredictable workloads during the application's three-hour peak range. What type of Amazon EC2 instance could you use to meet this requirement? A) Reserved instances B) Dedicated host C) On-Demand instances D) Spot instances
C
You are learning about encryption options offered by AWS. You have created two EC2 instances. One of the instances is for a file sharing server and the other is for a front-end web server. As it relates to the shared responsibility model and the need for server side encryption on a file system within an EC2 environment, who is responsible for encrypting data at rest? A) AWS resources B) Third party vendor support C) The customer D) AWS network services
C
You are managing several AWS EC2 instances that you just created. You need to configure an AWS firewall to protect the traffic coming in to the application that has been installed on top of the EC2 instance. You also want to understand the shared responsibility model. What is the name of the AWS-provided firewall, and who is responsible for its setup and configuration? A) Security group, and AWS is responsible B) Inherited controls, and the AWS security team is responsible C) Security group, and it is the customer's responsibility D) Inherited controls, and AWS is responsible
C
You are required to manage large data stores in multiple locations. Your current database technology uses an AWS RDS-MySQL solution to manage the entire data store. The key requirement for your job role is to make sure that the database is available when there is any type of database or infrastructure failure. You also need to make sure that the backup is done efficiently and is implemented within the smallest amount of time. What feature would you use to accomplish this? A) Use read replicas of your databases so that backups are not needed. B) Use global tables to migrate your data store. C) Use Multi-AZ. D) Use automated backups on your data store source location.
C
You are working for a large data warehousing company that processes geographic data information. You support a vendor batch processing application that runs on two EC2 instances. The batch process runs for several hours and starts at 6:00 am, 9:00 am and 3:00 pm. The batch process aggregates the data and send it to the front-end application. This application does experience a sporadic increase in resource utilization during these times. What is the most cost effective solution for this application? A) Dedicated instances B) On-premise servers C) Spot instances D) Reserved instances
C
The company you work for wants to cut monitoring costs down on all new EC2 instances. The goal is to display a CPU dashboard with metrics at one-minute intervals. You need to implement this request in the most efficient and cost effective manner. Which two options would you select? A) Use basic monitoring to display the CPU metrics. B) Create a dashboard in CloudTrail. C) Use detailed monitoring for each EC2 instance. D) Use CloudWatch to create a dashboard.
C, D
You are teaching a class on Amazon S3 storage. What are two primary characteristics you might write on the chalkboard first? A) It can store objects with a size of over 20 terabytes. B) It can be used as a primary source for holding database data files. C) Storage must be attached to Amazon S3 and then pre-allocated for use. D) Amazon S3 can hold an unlimited amount of data. E) Each object has a specific URL. F) Objects housed within Amazon S3 are public by default but can be changed to private.
D, E
What is the ability to leverage a resource in an efficient and dynamic way?
Elasticity
Which architectural design principle focuses on monitoring systems to deliver business value by improving procedures and processes?
Operational Excellence
Which cloud delivery model is a model that is exclusively used by an organization?
Private Cloud
Which cloud delivery model is the most commonly deployed?
Public Cloud
What AWS component consists of an AWS key and a unique optional value, and acts as a pointer or a label assigned to an AWS resource?
Resource Tagging
What is the term used for an AWS architecture change without modifying the design?
Scalability
What document defines the security for a company's cloud controls, policies, responsibilities, and underlying technologies?
Security Policy document
