The latest Amazon Web Services CLF-C01 AWS Certified Cloud Practitioner certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Amazon Web Services CLF-C01 AWS Certified Cloud Practitioner exam and earn Amazon Web Services CLF-C01 AWS Certified Cloud Practitioner certification.
Exam Question 251
What credential components are required to gain programmatic access to an AWS account? (Choose two.)
A. An access key ID
B. A primary key
C. A secret access key
D. A user ID
E. A secondary key
Correct Answer:
A. An access key ID
C. A secret access key
Exam Question 252
How can a company separate costs for network traffic, Amazon EC2, Amazon S3, and other AWS services by department?
A. Add department-specific tags to each resource
B. Create a separate VPC for each department
C. Create a separate AWS account for each department
D. Use AWS Organizations
Correct Answer:
C. Create a separate AWS account for each department
Exam Question 253
Which AWS service provides the ability to detect inadvertent data leaks of personally identifiable information (PII) and user credential data?
A. Amazon GuardDuty
B. Amazon Inspector
C. Amazon Macie
D. AWS Shield
Correct Answer:
C. Amazon Macie
Exam Question 254
A company has distributed its workload on both the AWS Cloud and some on-premises servers.
What type of architecture is this?
A. Virtual private network
B. Virtual private cloud
C. Hybrid cloud
D. Private cloud
Correct Answer:
C. Hybrid cloud
Exam Question 255
What can be used to automate and manage secure, well-architected, multi-account AWS environments?
A. AWS shared responsibility model
B. AWS Control Tower
C. AWS Security Hub
D. AWS Well-Architected Tool
Correct Answer:
B. AWS Control Tower
Answer Description:
Control Tower automates the process of setting up a new baseline multi-account AWS environment that is secure, well-architected, and ready to use. Control Tower incorporates the knowledge that AWS Professional Service has gained over the course of thousands of successful customer engagements.
Exam Question 256
Which of the following describes a security best practice that can be implemented using AWS IAM?
A. Disable AWS Management Console access for all users
B. Generate secret keys for every IAM user
C. Grant permissions to users who are required to perform a given task only
D. Store AWS credentials within Amazon EC2 instances
Correct Answer:
C. Grant permissions to users who are required to perform a given task only
Exam Question 257
A company needs protection from expanded distributed denial of service (DDoS) attacks on its website and assistance from AWS experts during such events.
Which AWS managed service will meet these requirements?
A. AWS Shield Advanced
B. AWS Firewall Manager
C. AWS WAF
D. Amazon GuardDuty
Correct Answer:
A. AWS Shield Advanced
Exam Question 258
A company’s application has flexible start and end times.
Which Amazon EC2 pricing model will be the MOST cost-effective?
A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Hosts
Correct Answer:
B. Spot Instances
Exam Question 259
Under the AWS shared responsibility model, what are the customer’s responsibilities? (Choose two.)
A. Physical and environmental security
B. Physical network devices including firewalls
C. Storage device decommissioning
D. Security of data in transit
E. Data integrity authentication
Correct Answer:
D. Security of data in transit
E. Data integrity authentication
Exam Question 260
A cloud practitioner has a data analysis workload that is infrequently executed and can be interrupted without harm.
To optimize for cost, which Amazon EC2 purchasing option should be used?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Hosts
Correct Answer:
C. Spot Instances