The latest Amazon Web Services CLF-C01 AWS Certified Cloud Practitioner certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Amazon Web Services CLF-C01 AWS Certified Cloud Practitioner exam and earn Amazon Web Services CLF-C01 AWS Certified Cloud Practitioner certification.
Exam Question 321
A company has an AWS-hosted website located behind an Application Load Balancer. The company wants to safeguard the website from SQL injection or cross-site scripting.
Which AWS service should the company use?
A. Amazon GuardDuty
B. AWS WAF
C. AWS Trusted Advisor
D. Amazon Inspector
Correct Answer:
B. AWS WAF
Exam Question 322
A company wants to track AWS resource configuration changes for compliance reasons.
Which AWS feature can be used to meet this requirement?
A. AWS Cost and Usage Report
B. AWS Organizations service control policies (SCPs)
C. AWS Config rules
D. VPC Flow Logs
Correct Answer:
C. AWS Config rules
Exam Question 323
The AWS IAM best practice for granting least privilege is to:
A. apply an IAM policy to an IAM group and limit the size of the group.
B. require multi-factor authentication (MFA) for all IAM users.
C. require each IAM user who has different permissions to have multiple passwords.
D. apply an IAM policy only to IAM users who require it.
Correct Answer:
D. apply an IAM policy only to IAM users who require it.
Exam Question 324
Which cloud computing benefit does AWS demonstrate with its ability to offer lower variable costs as a result of high purchase volumes?
A. Pay-as-you-go pricing
B. High availability
C. Global reach
D. Economies of scale
Correct Answer:
D. Economies of scale
Exam Question 325
How can AWS enable a company to control expenses as an application’s usage changes unpredictably?
A. AWS will refund the cost difference if a customer moves to larger servers.
B. The application can be built to scale up or down automatically as resources are needed
C. Spot instances will automatically be used if the price is lower than on-demand instances.
D. Amazon CloudWatch will automatically predict what resources are needed.
Correct Answer:
B. The application can be built to scale up or down automatically as resources are needed
Exam Question 326
Which AWS service or feature can be used to prevent SQL injection attacks?
A. Security groups
B. Network ACLs
C. AWS WAF
D. IAM policy
Correct Answer:
C. AWS WAF
Exam Question 327
A company needs to track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources.
Which AWS tool or service can be used to meet these requirements?
A. Amazon CloudWatch
B. Amazon Inspector
C. AWS Cloud Trail
D. AWS IAM
Correct Answer:
C. AWS Cloud Trail
Exam Question 328
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Choose two.)
A. Network infrastructure and virtualization of infrastructure
B. Security of application data
C. Guest operating systems
D. Physical security of hardware
E. Credentials and policies
Correct Answer:
A. Network infrastructure and virtualization of infrastructure
D. Physical security of hardware
Exam Question 329
A company wants to transfer petabytes of data as quickly as possible from on-premises locations to the AWS Cloud.
Which AWS service should the company use?
A. AWS Snowball
B. AWS Global Accelerator
C. Amazon S3 Transfer Acceleration
D. Amazon Connect
Correct Answer:
A. AWS Snowball
Exam Question 330
A company has refined its workload to use specific AWS services to improve efficiency and reduce cost.
Which best practice for cost governance does this example show?
A. Resource controls
B. Cost allocation
C. Architecture optimization
D. Tagging enforcement
Correct Answer:
B. Cost allocation