0% found this document useful (0 votes)

341 views240 pages

AWS - Practitioner

AWS Practice Q&A

Uploaded by

Aahil Shaikh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

341 views240 pages

AWS - Practitioner

AWS Practice Q&A

Uploaded by

Aahil Shaikh

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 240

1

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 For a web administrator who manages a C A 0 Wrong

variety of public and private web resources
for an organization and needs a service to
monitor the expiration dates of SSL/TLS
certificates, as well as handle updates and
renewals, which service would be the most
appropriate?
A)AWS Certificate Manager
B)AWS Data Lifecycle Manager
C)AWS License Manager
D)AWS Firewall Manager

2 The food delivery start-up that is expanding C B 0 Wrong

its operations is looking to enhance
security by implementing DDoS protection
for its applications on AWS. Which AWS
service provides customers with
comprehensive protection against DDoS
attacks?
A)Amazon GuardDuty
B)AWS Shield
C)AWS WAF - Web Application Firewall
D)AWS Firewall Manager

3 When an administrator is assigned to set C A 0 Wrong

up privileges for new department
members, selectively granting privileges
and ensuring that not all team members
have access to all resources, which
principle is the administrator adhering to?
A)Principle of least privilege
B)Principle of privileged users
C)Least privilege of group principle
D)Best practices of permission advisory

4 From the options provided below, which B A 0 Wrong

one is a responsibility of the customer
2

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

under the AWS Shared Responsibility

Model?
A)Patching of guest OS deployed on
Amazon EC2 instance.
B)Patching of host OS deployed on Amazon
S3.
C)Logical Access controls for underlying
infrastructure.
D)Physical security of the facilities.

5 In a scenario where an organization A B 0 Wrong

operates multiple EC2 instances within a
VPC, utilizing three subnets for
Development, Test, and Production. The
Security team has concerns about the VPC
configuration and needs to limit
communication among the EC2 instances
using Security Groups. Which of the
provided options accurately reflects the
truth about Security Groups?
A)The only Security Group you can change
is the Default Security Group.
B)You can change a Security Group
associated with an instance if the instance
is in the running state.
C)You can change a Security Group
associated with an instance if the instance
is in the hibernate state.
D)You can change a Security Group only if
there are no instances associated to it.

6 For a development team that's looking to B C 0 Wrong

offload SSL processing from existing web
servers, which AWS service from the
options provided would be the most
suitable to fulfill this requirement?
A)AWS Secrets Manager
B)AWS Certificate Manager
C)AWS CloudHSM
D)AWS KMS
3

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

7 Once your company has fully transitioned B,C B,C 1 Correct

to the AWS Cloud and wants to ensure the
correct security settings are implemented,
which two of the following tools would be
beneficial?
A)AWS Kinesis
B)AWS Inspector
C)AWS Trusted Advisor
D)AWS Support

8 For a startup company engaged in social A C 0 Wrong

media app development that wishes to
provide temporary access to its Lambda
functions on AWS to freelance developers
who will be logging in through Facebook
authentication, which service would be the
most suitable for ensuring secure access?
A)Use a third-party Web ID, federated
access provider.
B)Create user credentials using Identity
Access Management (IAM).
C)Use Amazon Cognito for web-identity
federation.
D)Use Access keys to provide temporary
access.

9 For a Developer Team that's creating a new A B 0 Wrong

mobile app using AWS resources, which
will be accessed by thousands of users,
which service from the options provided
would be the most suitable for creating a
directory to manage sign-ins for these
users?
A)AWS IAM
B)Amazon Cognito User Pools
C)Amazon Cognito Identity Pools
D)AWS IAM Identity Center

10 When utilizing IAM within AWS, they B D 0 Wrong

suggest a variety of best practices for
managing Users and their permissions.
4

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Which of these IAM practices would be the

most advisable to choose?
A)For cross account access it is best to
share the Access Keys when one Account
needs to access services of another
Account
B)An IAM user should be given default
access to all services for being able to
develop & deliver applications quickly
C)Users should be provided both
Passwords & Access keys within the AWS
environment
D)Within AWS, services should use roles
for accessing other services

11 In the context of an organization's A B 0 Wrong

information systems audit, when the
administrator is asked to compile a
collection of security and compliance
reports, as well as online service
agreements between the organization and
AWS, which service should they use to
gather this information?
A)AWS Directory Service
B)AWS Artifact
C)AWS Resource Center
D)AWS Service Catalog

12 From the options provided below, which B,C B,E 0 Wrong

two resources can AWS WAF integrate with
to protect web applications against
common web exploits?
A)Static Website hosted on Amazon S3
bucket.
B)Amazon CloudFront
C)Internet Gateway
D)Web server hosted on Amazon EC2
instance.
E)Application Load Balancer

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Support

1 Which three factors influence the cost of C,D B,C,D 0 Wrong

an On-Demand EC2 Instance?
A)Edge location
B)Operating System
C)Region
D)Instance Type

2 If your company is considering offloading A A 1 Correct

some batch processing workloads to AWS,
and these tasks can be paused and
resumed at any time, which type of
instance would be the most cost-efficient
to use for this purpose?
A)Spot
B)On-Demand
C)Full Upfront Reserved
D)Partial Upfront Reserved

3 If your company is transitioning a C B 0 Wrong

substantial application to AWS using a
collection of EC2 instances and needs to
reuse existing server-bound software
licenses, which option would be most
suitable for meeting this requirement?
A)EC2 Dedicated Instances
B)EC2 Dedicated Hosts
C)EC2 Reserved Instances
D)EC2 Spot Instances

4 A customer is interested in a support plan C A,E 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

AccountSecurity Check 5: EBS Public

SnapshotsSecurity Check 6: RDS Public
Snapshots
A)Basic Plan
B)Gold Plan
C)Business Plan
D)Enterprise Plan
E)Developer Plan

5 Which of the following assertions about C C 1 Correct

AWS's billing, cost optimization, and cost
management practices is correct?
A)When considering migrating to the
cloud, the AWS Total Cost of Ownership
(TCO) calculator is guaranteed to save up to
80% of the cost of running on-premise
infrastructure.
B)In AWS Budgets, utilizing Cost and Usage
budgets will optimize and reduce the
overall spend by 79%.
C)When using Savings Plans, 72% savings
can be made on Amazon EC2, AWS Fargate,
and AWS Lambda usage.
D)The AWS Pricing Calculator will workout
a revised bill that can reduce the overall
spend by 60% if you commit to a long-term
usage plan.

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 What services can be used to facilitate D D 1 Correct

computing elasticity in AWS?
A)Amazon S3
B)AWS RDS
C)VPC Endpoint
D)AWS EC2 Auto Scaling Group

2 Where can an administrator find C A 0 Wrong

information to verify if the Amazon
CloudFront identity is making API access
7

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

calls to an S3 bucket that hosts a static

website?
A)In AWS CloudTrail Event history, look up
access calls and filter for the Amazon
CloudFront identity.
B)Configuring Amazon Athena to run
queries on the Amazon CloudFront
distribution.
C)Check AWS CloudWatch logs on the S3
bucket.
D)In the webserver, tail for identity access
logs from the Amazon CloudFront identity.

3 Which AWS service offers a fully managed C C 1 Correct

NoSQL database with fast, predictable
performance and seamless scalability?
A)Elastic Map Reduce
B)AWS RDS
C)DynamoDB
D)Oracle RDS

4 What scenario would be best suited for C A 0 Wrong

implementing an Amazon RDS database
instance as opposed to a NoSQL/non-
relational database?
A)In an organisation where only a finite
number of processes query the database in
predictable and well-structured Schemas.
B)Where datasets are constantly evolving
and cannot be confined to a static data
schema.
C)Where vertical scaling of the database's
resources is not permissible and is seldom
necessary.
D)In an organisation whose datasets are
dynamic and document-based.

5 Which of the below listed is NOT a C A 0 Wrong

requirement for setting up S3 replication?
A)Bucket owner of the destination should
have both source and destination Region
8

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

enabled for their account.

B)Bucket owner of the source bucket
should have both source and destination
Regions enabled for their account.
C)Versioning should be enabled for buckets
in both source and destination.
D)Amazon S3 must have been granted
object replication permissions from the
source bucket to the destination bucket on
behalf of the owner.

6 Which two activities fall under the purview A,E B,E 0 Wrong
of AWS Support from the options
provided?
A)Database query tuning
B)Troubleshooting API issues
C)Code Development
D)Debugging custom software
E)Third-party application configuration on
AWS resources

7 Data stored on Amazon EBS volumes can C C 1 Correct

be backed up using point-in-time
snapshots, which are incremental backups.
Only the modified blocks since the last
snapshot are saved. Where are these EBS
snapshots stored?
A)Amazon Aurora
B)Amazon EBS Volume
C)Amazon S3
D)Amazon EFS

8 What is the best solution for an D A 0 Wrong

organization with consistently high
throughput that requires a connection with
no jitter and minimal latency between its
on-premise infrastructure and its AWS
cloud build to support live streaming and
real-time services?
A)AWS Direct Connect
B)AWS Data Streams
9

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)AWS Kinesis
D)Kinesis Data Firehose

9 Which pillar of the AWS Well-Architected C D 0 Wrong

Framework emphasizes using the minimum
required hardware for resources deployed
in the AWS Cloud?
A)Operational Excellence Pillar
B)Reliability Pillar
C)Performance Efficiency Pillar
D)Sustainability Pillar

10 Could you identify two best practices for A,B C,D 0 Wrong
designing systems based on cloud
technology?
A)Use as many services as possible.
B)Build Tightly-coupled components.
C)Build loosely-coupled components.
D)Assume everything will fail.

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 What support plan is available for proactive B B 1 Correct

monitoring of a business-critical
application on AWS by an AWS Technical
Account Manager?
A)Enterprise On-Ramp Plan
B)Enterprise Plan
C)Business Plan
D)Developer Plan

2 What is the command that can be utilized C C 1 Correct

to configure the AWS CLI installation in
order to specify the region and Access key
ID?
A)aws deploy
B)aws configservice
C)aws configure
D)aws connect
10

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

3 Emma is working on a mobile application A C 0 Wrong

that necessitates real-time data
synchronization and offline functionality.
She's looking for a managed service that
simplifies the creation and management of
GraphQL APIs for her application. Which
AWS service would be the best fit for
Emma's needs?
A)AWS Device Farm
B)Amazon ECS
C)AWS AppSync
D)AWS Amplify

4 From the options provided below, which C A 0 Wrong

support plans offer environmental
monitoring by a designated Technical
Account Manager (TAM)?
A)Enterprise
B)Developer
C)Business
D)Enterprise On-Ramp

5 In order to expose your serverless D,E B,D 0 Wrong

application, implemented with AWS
Lambda, to HTTP clients using HTTP Proxy,
which two AWS services could you
potentially utilize?
A)AWS Elastic Beanstalk
B)Application Load Balancer
C)AWS Route53
D)AWS API Gateway
E)AWS Lightsail

6 For an administrator who needs to manage A A 1 Correct

multiple AWS accounts within a large
organization, which AWS service from the
options provided would be the most
suitable to fulfill this requirement?
A)AWS Organizations
B)AWS CloudTrail
C)IAM Roles
11

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)IAM Policies

7 If your team needs to give a group of B D 0 Wrong

designers, who use a range of devices
including laptops, tablets, and
smartphones, access to a graphics-
intensive application for a short-term
project, which Amazon service would be
the best choice to ensure effective access
to the application while accommodating
the diversity of devices?
A)AWS Lambda
B)Amazon WorkSpaces
C)Amazon WorkSpaces Web
D)Amazon AppStream

8 Which AWS service would be the most A A 1 Correct

suitable choice for securely storing and
sharing software packages and
dependencies in your software
development project, ensuring scalability?
A)AWS CodeArtifact
B)AWS CodeCommit
C)AWS CodeStar
D)AWS CodeBuild

9 Mayank is in the process of creating a web C C 1 Correct

application that necessitates real-time
updates and interactions. He is considering
utilizing AWS services to manage the
backend logic, database, and
authentication seamlessly. What would be
the most suitable choice for meeting
Mayank's needs?
A)AWS AppSync
B)AWS Device Farm
C)AWS Amplify
D)AWS IoT Core

10 If you're looking to create a stream C C 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

processing solution that can process and

query real-time streaming data using a
SQL-based solution, and you're seeking the
simplest approach that AWS offers, which
AWS service from the options provided
would be the most suitable for this
purpose?
A)Amazon Kinesis Data Firehose
B)Amazon Kinesis Data Streams
C)Amazon Kinesis Data Analytics
D)Amazon Kinesis Client Library

11 From the options provided below, which C D 0 Wrong

statement correctly describes the features
or functionalities of AWS IQ?
A)AWS IQ is a hardware appliance for
secure data storage in AWS data centers
B)AWS IQ is an artificial intelligence service
that predicts cloud infrastructure costs
C)AWS IQ is a service that offers free cloud
computing resources to AWS customers
D)AWS IQ is a platform that connects AWS
customers with certified freelancers,
experts, and consulting firms for various
AWS-related tasks

12 As an AWS Architect hired by a company, A,B B,D 0 Wrong

you are tasked with hosting an application
using EC2 Instances. The infrastructure
should be capable of scaling on demand
and maintaining fault tolerance. Which two
elements would you incorporate into your
design from the options provided?
A)Amazon CloudWatch
B)AWS Auto Scaling
C)Amazon GuardDuty
D)Elastic Load Balancing

13 Out of the following statements pertaining B,C A,D 0 Wrong

to AWS AppSync, which two are not
accurate?
13

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)APIs built with AppSync need to use

third-party libraries like OpenTelemetry for
observability
B)AWS AppSync is used to aggregate data
from multiple REST APIs / multiple AWS
backend data sources(DynamoDB, Aurora,
OpenSearch, etc.) in a single API call
C)AWS AppSync is a managed GraphQL
service
D)AWS AppSync does not support a
strongly typed schema
E)With AWS AppSync, I can fetch only the
required data improving the performance
of my application

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 In the context of the Shared Security C,D A,C,D 0 Wrong

Model, which three of the options
provided below are the responsibilities of
AWS?
A)Implementing service organization
Control (SOC) standards
B)Managing AWS Identity and Access
Management (IAM)
C)Securing edge locations
D)Monitoring physical device security

2 From the options provided, which three A,D,E A,D,E 1 Correct

security requirements are handled by
AWS? Please select three answers from the
options below.
14

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Hardware patching
B)Password Policies
C)User permissions
D)Physical security
E)Disk disposal

3 Which of the following can be set up to D D 1 Correct

improve security at the subnet level?
A)Security Group
B)Virtual Private Cloud (VPC)
C)Configure transitive VPC peering
D)NACL (Network Access Control List)

4 From the options provided below, which B,C A,E 0 Wrong

two are responsibilities of AWS in the
shared responsibility model for Security
and Compliance between AWS and
customer?
A)Patch management within the AWS
infrastructure
B)Perform all the necessary security
configuration and management tasks for
Amazon Elastic Compute Cloud (Amazon
EC2).
C)Patch management of the guest OS and
applications
D)Security of the data in the AWS cloud
E)Security of the AWS cloud

5 When a new department has been added D D 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

allow every user to access the most

common resources and privileges on the
system.
C)The administrator should grant all users
the same permissions and then grant more
upon request.
D)The administrator should grant all users
the least privilege and add more privileges
to only to those who need it.

6 In the context of an AWS environment, C C 1 Correct

what is the role of AWS Security Hub in
assisting organizations to enhance their
security posture? Please select from the
options provided below.
A)AWS Security Hub offers real-time traffic
analysis and alerting, preventing
unauthorized access to AWS resources
B)AWS Security Hub automates the
deployment of security patches to EC2
instances
C)AWS Security Hub centralizes and
analyzes security findings from various
AWS services
D)AWS Security Hub automatically
generates and enforces IAM policies for
access control

7 From the options provided below, which D D 1 Correct

service would be the most suitable for
importing third-party SSL/TLS certificates
that can be used to deploy on Amazon
Elastic Load Balancer?
A)AWS Systems Manager Parameter Store
B)AWS Artifacts
C)AWS Secrets Manager
D)AWS Certificate Manager

8 If a developer needs to access a database C B 0 Wrong

for an application and this process would
necessitate hard-coding the credentials,
16

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

which is not a recommended practice, and

instead wants to securely store encrypted
credentials and retrieve them as needed,
thereby avoiding the need to hard-code
credentials in the application, which AWS
service would you recommend to the
developer?
A)AWS Artifact
B)AWS Secrets Manager
C)AWS Encryption SDK
D)AWS Security Hub

9 Among the options provided, which one is D C 0 Wrong

the customer's responsibility to guarantee
the availability and backup of the EBS
volumes?
A)Create copies of EBS Volumes.
B)Delete the data and create a new EBS
volume.
C)Create EBS snapshots.
D)Attach new volumes to EC2 Instances.

10 In the course of an audit, the audit D C 0 Wrong

committee recommends that an
organization centrally oversee all VPC
security groups and WAF rules in their AWS
setup. With multiple AWS accounts in
place, what steps can be taken to
accomplish this task?
A)AWS Security Hub
B)AWS Identity and Access Management
(IAM)
C)AWS Firewall Manager
D)Amazon Cloud Directory

11 For a startup company engaged in social D C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

most suitable for ensuring secure access?

A)Use a third-party Web ID, federated
access provider.
B)Create user credentials using Identity
Access Management (IAM).
C)Use Amazon Cognito for web-identity
federation.
D)Use Access keys to provide temporary
access.

12 From the options given, which service can D B 0 Wrong

the Security team utilize to probe and
analyze the root cause of potential security
threats on AWS resources?
A)AWS Security Hub
B)Amazon Detective
C)AWS Shield
D)Amazon GuardDuty

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 In the context of AWS Organizations ability A,B A,C 0 Wrong

to efficiently manage multiple accounts in a
large enterprise, which two of the
following statements are accurate?
A)An Organizational Unit(OU) can have
only one parent.
B)An account can be a member of multiple
Organizational Units (OU).
C)Organizational level policies are known
as Service Control Policies.
D)An SCP policy only impacts a particular
AWS account even if it is applied at the
root account.
E)Service Control Policies (SCPs) can only
allow actions instead of deny actions.

2 A customer is interested in a support plan A,B A,E 0 Wrong

that provides access to the following six
18

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

security checks. Which two support plans

would offer these security checks at the
lowest cost?Security Check 1: S3 Bucket
PermissionsSecurity Check 2: Security
Groups - Specific Ports
UnrestrictedSecurity Check 3: IAM
UseSecurity Check 4: MFA on Root
AccountSecurity Check 5: EBS Public
SnapshotsSecurity Check 6: RDS Public
Snapshots
A)Basic Plan
B)Gold Plan
C)Business Plan
D)Enterprise Plan
E)Developer Plan

3 If an organization has initiated a new A A 1 Correct

project to create memes based on user
comments and uploaded images, and this
project is in its pilot phase with an
emphasis on cost efficiency over uptime
and processing time, which EC2 Instance
would be the best choice?
A)Spot Instance
B)On-Demand Instance
C)Dedicated Instances
D)Scheduled Reserved Instances

4 For a startup company in the e-commerce B C 0 Wrong

industry that is starting its cloud journey
with AWS and needs advice on Cloud
migration, modernization, and cost
optimization in line with AWS best
practices, which AWS service would be
capable of fulfilling these requirements?
A)AWS Trusted Advisor
B)AWS Marketplace
C)AWS Prescriptive Guidance
D)AWS Security Center

5 Given your company's requirements for B A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

24/7 access to Cloud Support Engineers via

email, chat, and phone, as well as a
response time of less than 15 minutes for
mission-critical system faults, which AWS
Support plan would be most suitable?
A)Enterprise
B)Business
C)Developer
D)Basic

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 For a live online game using DynamoDB D B 0 Wrong

service in the backend to store real-time
scores of global participants, which data
consistency model would be the most
suitable to apply?
A)Optimistic consistency
B)Strongly consistent
C)Eventually consistent
D)Strong Eventual consistency

2 Could you identify two best practices for C,D C,D 1 Correct
designing systems based on cloud
technology?
A)Use as many services as possible.
B)Build Tightly-coupled components.
C)Build loosely-coupled components.
D)Assume everything will fail.

3 What does an AWS region refer to? D D 1 Correct

A)It is the same as an Availability zone.
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
D)It is a geographical area divided into
Availability Zones.

4 Which of the given options does NOT D B 0 Wrong

represent a Security design principle in the
AWS Well-Architected Framework for
20

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

designing solutions in AWS?

A)Enable Traceability.
B)Apply Security only at the edge of the
network.
C)Protect Data at rest and in transit.
D)Implement a strong Identity foundation.

5 What are two reasons that might motivate C,D A,D 0 Wrong
a company to choose AWS over an on-
premises data center? Please select two
from the options provided.
A)Ability to use resources on demand
B)Having access to Free and Unlimited
Storage
C)Having access to Unlimited Physical
servers
D)Having a highly available infrastructure

6 If you have an application that is mission- D A 0 Wrong

critical and needs to be globally accessible
at all times, which deployment method
would you choose to use?
A)Deployment to multiple Regions
B)Deployment to multiple edge locations
C)Deployment to multiple Availability
Zones
D)Deployment to multiple Data Centers

7 What scenario would be best suited for D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)In an organisation whose datasets are

dynamic and document-based.

8 Which of the below listed is NOT a D A 0 Wrong

requirement for setting up S3 replication?
A)Bucket owner of the destination should
have both source and destination Region
enabled for their account.
B)Bucket owner of the source bucket
should have both source and destination
Regions enabled for their account.
C)Versioning should be enabled for buckets
in both source and destination.
D)Amazon S3 must have been granted
object replication permissions from the
source bucket to the destination bucket on
behalf of the owner.

9 What is the functionality of EBS Volume D C 0 Wrong

replication in the event of a single
hardware failure?
A)Replicates the volume across Edge
locations
B)Replicates the volume across Availability
Zones
C)Replicates the volume in the same
Availability Zone
D)Replicates the volume across Regions

10 Which AWS database service would be the D A 0 Wrong

most appropriate for migrating millions of
customer financial transaction data from
an on-premise mainframe system to a non-
relational database, with the requirement
of high performance for data retrieval and
analytics?
A)Amazon DynamoDB
B)Amazon RDS
C)Amazon RedShift
D)Amazon ElastiCache
22

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 Your organization has specific software D C 0 Wrong

usage policies and you need to store
customized software libraries for your
team's use in software development on the
AWS Cloud, which AWS service from the
options provided would be the most
suitable to facilitate this requirement?
A)I cannot customize and store software
libraries in AWS. I need to import them
directly from public repositories like Maven
Central
B)Using AWS CodeCommit
C)Using AWS CodeArtifact
D)Using AWS CodeGuru

2 What is the AWS service that provides a C D 0 Wrong

managed platform for a media production
company to securely exchange and access
various data sets, including video footage
and datasets, with compliance and
integration ensured?
A)Amazon Redshift
B)Amazon Kinesis Data Streams
C)AWS Glue
D)AWS Data Exchange

3 If I have a containerized application that B B 1 Correct

necessitates explicit definition and
management of capacity (CPU, Memory,
Instance type) for cost optimization while
using AWS infrastructure, which
technology would I employ when defining
my Elastic Container Services compute
instances?
A)Either of B or C since they are serverless
technologies that are cost effective
B)EC2
C)Fargate
23

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Lambda

4 For a software development project where C B 0 Wrong

a team requires a service to automate the
compilation and testing of code changes in
a continuous integration (CI) environment,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS CodeCommit
B)AWS CodeBuild
C)AWS CodeDeploy
D)AWS CodePipeline

5 What settings can be configured to give C A 0 Wrong

priority to the evaluation of critical job
queues over other job queues linked to the
same compute resource?
A)Set higher priority in the priority
parameter of a job queue
B)Set higher priority in the priority
parameter of a job definition
C)Set lower priority in the priority
parameter of a job definition
D)Set lower priority in the priority
parameter of a job queue

6 For a customer in Tokyo who needs to B D 0 Wrong

transfer files (totaling 1TB) to his S3 bucket
in us-east-1, which AWS offering from the
options provided would be the most
suitable to facilitate this in a secure, fast,
and easy manner?
A)AWS Snowball family
B)AWS Global accelerator
C)AWS Edge Locations
D)AWS S3 transfer acceleration

7 The EC2 User Data feature allows for the A C 0 Wrong

execution of bootstrapping tasks upon
24

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

instance creation. Which of the statements

below is not accurate regarding User Data?
A)User Data script can be modified using
both the AWS console & the AWS CLI.
B)User data for an instance can be
modified, if the instance is in the stopped
state and the root volume is an EBS
volume.
C)User data for an instance can be
modified if it is in the running state and the
root volume is an EBS volume.
D)No need to use 'sudo' in the User Data
script to run as the root user.

8 From the options provided below, which C C 1 Correct

service would be the most suitable for
automating the deployment of application
code to an Amazon EC2 instance?
A)AWS CloudFormation
B)AWS Elastic Beanstalk
C)AWS CodeDeploy
D)AWS Config

9 From the options provided, which two A,B D,E 0 Wrong

correctly identify a difference between
AWS Global Accelerator and Amazon
CloudFront?
A)For the resource endpoint, Amazon
CloudFront offers static public IP addresses
whilst AWS Global Accelerator does not.
B)AWS Global Accelerator uses the Anycast
techniques to accelerate latency-sensitive
applications Amazon CloudFront uses
Unicast.
C)Amazon CloudFront makes use of Edge
Locations and edge infrastructure, whilst
AWS Global Accelerator does not.
D)AWS Global Accelerator does not include
the content caching capability that Amazon
CloudFront does.
E)AWS Global Accelerator is suitable for
25

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

applications that are non-HTTP/S such as

VoIP, MTTQ and gaming whereas Amazon
CloudFront enhances the performance of
HTTP-based content such as dynamic web
applications, images and videos.

10 What is the feature provided by AWS that C D 0 Wrong

facilitates quick, straightforward, and
secure file transfers over extensive
distances between your client and your
Amazon S3 bucket?
A)S3 Acceleration
B)File Transfer
C)HTTP Transfer
D)Amazon S3 Transfer Acceleration

11 Which routing policies can be employed to C A 0 Wrong

ensure optimal resource allocation for
serving your traffic, taking into account the
geographical location of your users?
A)Use Route 53 Geolocation routing policy.
B)Use Route 53 weighted routing policy.
C)Use Route 53 latency routing policy.
D)Use Route 53 Geoproximity routing
policy.

12 Identify three attributes that are associated B,C A,B,C 0 Wrong

with an edge location from the options
listed below.
A)Used in conjunction with the Cloudfront
service
B)Distribute content to users
C)Cache popular contents
D)Distribute load across multiple resources

13 If I have a Virtual Private Cloud C A 0 Wrong

infrastructure environment that hosts an
Application and a Database, and I want this
application to be securely accessible to
anyone, what are the best practices for
26

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

hosting them within the infrastructure?

A)Subnet configured for the ELB should
contain a NAT Gateway
B)Host the Application in a Public Subnet,
Database in a Private Subnet with an ELB
frontending the Application in a Public
Subnet
C)Host both the Application & Database in
a Public subnet with an ELB frontend the
Application in a public Subnet
D)Subnet configured for the Application
should have a route to the Internet
Gateway

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 I possess a Mobile Application that A C 0 Wrong

necessitates access to AWS resources such
as S3 and DynamoDB. What would be the
most optimal approach to grant users of
the mobile app the ability to access these
AWS resources?
A)Have the mobile app connect to another
web application running on an EC2 instance
that can assume a role for accessing the
AWS resources
B)Keep the Security Credentials associated
with the AWS resource access within the
Mobile App
C)Use Security Token Service (STS) with
Identity Federation that will allow an User
access to resources within a session
27

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Create Users and Groups within IAM and

assign IAM policies for accessing the
resources

2 Among the options provided, which one A B 0 Wrong

can serve as an extra layer of security for
the username and password when signing
into the AWS Console?
A)Secondary user name
B)Multi-Factor Authentication (MFA)
C)Secondary password
D)Root access privileges

3 In the context of serverless services like B A 0 Wrong

AWS Lambda, how does the Shared
Responsibility Model apply?
A)The user is responsible for IAM roles and
identities that can invoke the AWS Lambda
functions.
B)Amazon has overall responsibility for the
infrastructure, including IAM roles and
identities that can invoke functions.
C)The user is responsible for the security
and access to the instances that handle the
compute capacity.
D)Amazon is responsible for any malicious
code written in the IDE and can terminate
any rogue activity.

4 When a new department has been added D D 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

common resources and privileges on the

system.
C)The administrator should grant all users
the same permissions and then grant more
upon request.
D)The administrator should grant all users
the least privilege and add more privileges
to only to those who need it.

5 For a development team that has D A 0 Wrong

purchased a new application with limited
licenses and an administrator who wants to
be alerted when the usage of licenses is
exceeded on an Amazon EC2 instance,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS License Manager
B)AWS Control Tower
C)AWS Config
D)AWS Service Catalog

6 An organization must guarantee the secure D B 0 Wrong

handling of encryption keys for different
services and resources. They are in need of
a centralized tool that enables them to
generate, update, and regulate access to
encryption keys without the hassle of
manual key management. Which AWS
service offers the functionality to
accomplish this task?
A)Amazon GuardDuty
B)AWS Key Management Service (KMS)
C)AWS CloudHSM
D)AWS Identity and Access Management
(IAM)

7 From the options provided below, which D,E C,E 0 Wrong

two statements accurately describe the
process of provisioning a security
certificate from AWS Certificate Manager
29

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

(ACM)?
A)A security certificate issued in ACM can
only be applied to one AWS resource.
B)ACM-issued security certificate cannot be
applied to an Application load balancer.
C)To verify a security certificate, a CNAME
record would need to be created.
D)Third-party security certificates cannot
be applied to AWS resources.
E)To verify a security certificate, the
administrator would need to acknowledge
a verification email sent to an address of
their choice.

8 For a web administrator who manages a D A 0 Wrong

9 When an administrator gets an alert and D A 0 Wrong

comprehensive report about credit card
information mistakenly uploaded by a user
into one of the S3 buckets during an online
survey questionnaire, which AWS service is
responsible for this detection and report?
A)Amazon Macie
B)Amazon Inspector
C)Amazon EventBridge
D)Amazon Detective

10 If an administrator wants VPCs in three D B 0 Wrong

separate AWS accounts to access on-
premise resources through a VPN
connection ending on a Transit Gateway,
30

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

with each VPC in a different AWS region,

what would be the method to accomplish
this?
A)Configure VPC peering connections
between the VPCs and then route traffic
from on-premise through the VPN to the
Transit Gateway and then to each VPC peer.
B)Use AWS Resource Access Manager
(RAM) to share the Transit Gateway
resource.
C)Configure a Virtual Private Gateway
(VGW) for each VPC and then extend the
VPN tunnels to them.
D)Create VPC attachments from each of
the VPCs to the Transit Gateway.

11 From the options provided below, which D C 0 Wrong

service would you utilize for governance,
compliance, and risk auditing in AWS?
A)AWS SNS
B)AWS CloudFormation
C)AWS CloudTrail
D)AWS CloudWatch

12 In a scenario where an organization D B 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

is in the hibernate state.

D)You can change a Security Group only if
there are no instances associated to it.

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which of the following assertions about A C 0 Wrong

AWS's billing, cost optimization, and cost
management practices is correct?
A)When considering migrating to the cloud,
the AWS Total Cost of Ownership (TCO)
calculator is guaranteed to save up to 80%
of the cost of running on-premise
infrastructure.
B)In AWS Budgets, utilizing Cost and Usage
budgets will optimize and reduce the
overall spend by 79%.
C)When using Savings Plans, 72% savings
can be made on Amazon EC2, AWS Fargate,
and AWS Lambda usage.
D)The AWS Pricing Calculator will workout
a revised bill that can reduce the overall
spend by 60% if you commit to a long-term
usage plan.

2 What is a consideration when determining A B 0 Wrong

the Total Cost of Ownership (TCO) for the
AWS Cloud?
A)The number of keys migrated to AWS
B)The number of servers migrated to AWS
C)The number of users migrated to AWS
D)The number of passwords migrated to
AWS

3 Which two factors contribute to the cost of A,B B,D 0 Wrong

using AWS S3 storage when storing a large
amount of data such as images and
documents?
A)While uploading data to an S3 bucket
32

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Lifecycle transition requests

C)Outbound data transfer from S3 in US-
West to an EC2 instance in US-West
D)Outbound data transfer from S3 in US-
East to an EC2 instance in US-West
E)Outbound data transfer to Amazon
CloudFront

4 If you need to host a database server for at B B 1 Correct

least one year, which option would be the
most cost-effective?
A)Spot Instances
B)Partial Upfront costs Reserved
C)No Upfront costs Reserved
D)On-Demand

5 In an AWS Organization using consolidated A,B C,D 0 Wrong

billing, where can a "Member AWS
account" configure the delivery of a
product-wise daily cost breakdown report
for cost and usage analysis? Choose Two
options.
A)AWS Management Console
B)Amazon Athena
C)S3 bucket owned by the member
account
D)S3 bucket owned by the management
account

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 What deployment strategies could be D C 0 Wrong

effective in creating a resilient architecture
for a critical e-Commerce application that
requires at least 99.5% uptime and is being
considered for migration to the AWS
Cloud?
A)Deploying the application across multiple
subnets
B)Deploying the application across multiple
33

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

VPC's
C)Deploying the application across multiple
Regions
D)Deploying the application across Edge
locations

2 What are some benefits of hosting D C 0 Wrong

infrastructure on the AWS Cloud?
A)Security is handled by AWS
B)Complete control over the physical
infrastructure
C)Pay-as-you-go model
D)No Upfront costs

3 What is the most suitable S3 storage class D B 0 Wrong

for an insurance organization aiming to
maintain a long-term archive of customer
data in compliance with HIPAA regulations,
where any department requiring access to
the archived data must notify the IT
department at least 14 hours in advance?
A)Amazon S3 Standard-Infrequent Access
B)Amazon S3 Glacier deep archive
C)Amazon S3 Standard
D)Amazon S3 Glacier

4 Can you identify two design principles that E A,D 0 Wrong

are associated with the "Operational
Excellence" pillar of the Well-Architected
framework?
A)Perform operations as code
B)Implement a strong identity foundation
C)Enable traceability
D)Anticipate Failure
E)Manage change in automation

5 What does an AWS region refer to? D D 1 Correct

A)It is the same as an Availability zone.
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
34

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)It is a geographical area divided into

Availability Zones.

6 Which AWS service from the options below D C 0 Wrong

enables you to scale up resources in
response to application or user demand?
A)AWS Inspector
B)AWS EC2
C)AWS Autoscaling
D)AWS ELB

7 In the AWS Cloud Adoption Framework D C 0 Wrong

(CAF), which of the following accurately
depicts the four viewpoints that shape the
framework's advice and their
corresponding categories?
A)Strategy, Implementation, Monitoring,
Optimization
B)Technology, Security, Scalability,
Compliance
C)Business, People, Platform, Security
D)Architecture, Deployment, Performance,
Governance

8 Which AWS RDS option enables AWS to D B 0 Wrong

automatically switch over to a secondary
database if the primary one experiences a
failure?
A)AWS Standby
B)Amazon RDS Multi-AZ deployments
C)AWS Failover
D)AWS Secondary

9 What services can be used to facilitate D D 1 Correct

computing elasticity in AWS?
A)Amazon S3
B)AWS RDS
C)VPC Endpoint
D)AWS EC2 Auto Scaling Group
35

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

10 Which design pillar should a client who has D A 0 Wrong

transitioned to AWS Cloud concentrate on
to ensure that their systems consistently
deliver business value and enhance
supporting processes and procedures?
A)Operational Excellence
B)Reliability
C)Scalability
D)Automation

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 From the options provided below, which B D 0 Wrong

2 For an administrator who needs to manage B A 0 Wrong

3 Which AWS services can be utilized to D D 1 Correct

automate the deployment of software on a
substantial number of Amazon EC2
36

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

instances and on-premises servers?

A)AWS Config
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS CodeDeploy

4 A radio station curates an annual list of the C D 0 Wrong

top songs, which are regularly accessed
within a 180-day timeframe. Subsequently,
users are allotted a default retrieval
window of 12-48 hours to download the
files. These files must be retained for a
minimum of 10 years. What is the most
economical object storage solution post
the initial 180 days?
A)Amazon S3 Standard - Infrequently
Accessed
B)Amazon S3 Glacier
C)Amazon S3 One Zone - Infrequently
Accessed
D)Amazon S3 Glacier Deep Archive

5 If you're looking to create a stream D C 0 Wrong

processing solution that can process and
query real-time streaming data using a
SQL-based solution, and you're seeking the
simplest approach that AWS offers, which
AWS service from the options provided
would be the most suitable for this
purpose?
A)Amazon Kinesis Data Firehose
B)Amazon Kinesis Data Streams
C)Amazon Kinesis Data Analytics
D)Amazon Kinesis Client Library

6 From the options provided, which two AWS C,D C,D 1 Correct
services can be utilized for file storage?
A)Amazon Athena
B)Amazon CloudWatch
C)Amazon Simple Storage Service (Amazon
S3)
37

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Amazon Elastic Block Store (Amazon EBS)

E)AWS Config

7 If I have a containerized application that A B 0 Wrong

necessitates explicit definition and
management of capacity (CPU, Memory,
Instance type) for cost optimization while
using AWS infrastructure, which technology
would I employ when defining my Elastic
Container Services compute instances?
A)Either of B or C since they are serverless
technologies that are cost effective
B)EC2
C)Fargate
D)Lambda

8 Which service from the options provided D D 1 Correct

can be utilized in the AWS cloud to manage
encryption keys?
A)Amazon GuardDuty
B)Amazon Inspector
C)Amazon Cognito
D)CloudHSM

9 The e-commerce web application being A D 0 Wrong

developed on an EC2 instance is currently
facing performance issues during browsing
and searching activities when multiple
heavy load use-cases are being executed
simultaneously. The application monitoring
tools have identified a bottleneck in the
web tier. In order to address this issue, a
decision has been made to refactor the
application code by separating the web tier
components from the resource-intensive
tasks related to processing orders. Which
AWS service would be suitable to facilitate
this modification?
A)Amazon Kinesis Streams
B)AWS Auto Scaling
C)AWS Elastic Load Balancing
38

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Amazon SQS

10 What AWS service could be used to D D 1 Correct

effectively distribute video content to users
worldwide for a video-based application
that you plan to deploy on the AWS Cloud?
A)Amazon S3
B)Amazon SES
C)Amazon Cloudtrail
D)Amazon CloudFront

11 What service can be utilized to establish C C 1 Correct

the necessary steps for automating the
build, test, and deployment processes for a
web application?
A)AWS CodeBuild
B)AWS CodeCommit
C)AWS CodePipeline
D)AWS CodeDeploy

12 From the options provided below, which D C 0 Wrong

support plan does not provide access to
Support Automation Workflows with
AWSPremiumSupport?
A)Enterprise
B)Business
C)Developer
D)Enterprise On-Ramp

13 From the options given, which two A,B A,B 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)By default S3 buckets are private,

however, objects are public. The object
owner needs to change the permissions
upon creation of objects to make the
objects private.
E)Amazon Macie can protect data in
Amazon EC2.

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 From the options provided below, which B B 1 Correct

security service would you utilize to detect
users personal credit card numbers from
data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector

2 In the context of an AWS environment, B C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

AWS services
D)AWS Security Hub automatically
generates and enforces IAM policies for
access control

3 If you have a set of EC2 Instances hosted B,D B,D 1 Correct

on the AWS Cloud that are hosting a web
application, which two options from the
ones provided would act as a firewall to
your VPC and the instances within it?
Please select two answers.
A)Usage of the Internet gateway
B)Usage of Security Groups
C)Usage of AWS Config
D)Usage of Network Access Control Lists

4 If an administrator wants VPCs in three A B 0 Wrong

separate AWS accounts to access on-
premise resources through a VPN
connection ending on a Transit Gateway,
with each VPC in a different AWS region,
what would be the method to accomplish
this?
A)Configure VPC peering connections
between the VPCs and then route traffic
from on-premise through the VPN to the
Transit Gateway and then to each VPC
peer.
B)Use AWS Resource Access Manager
(RAM) to share the Transit Gateway
resource.
C)Configure a Virtual Private Gateway
(VGW) for each VPC and then extend the
VPN tunnels to them.
D)Create VPC attachments from each of
the VPCs to the Transit Gateway.

5 When making modifications to AWS B D 0 Wrong

resources, such as introducing a new
Security Group Ingress rule. Needing to
document and record all these changes for
41

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

audit purposes, which AWS service from

the following options would assist me in
accomplishing this?
A)AWS CloudFormation
B)AWS Trusted Advisor
C)AWS CloudWatch
D)AWS Config

6 When an administrator gets an alert and C A 0 Wrong

7 When an administrator is assigned to set B A 0 Wrong

8 In the context of the "Shared Responsibility C C 1 Correct

Model," which of the options provided
below is the responsibility of the
customer?
A)Networking of the AWS infrastructure
B)Hardware of the AWS underlying
infrastructure
C)Client-side data encryption
D)Database of the AWS infrastructure
42

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

9 From the options provided below, which C C 1 Correct

service would you utilize for governance,
compliance, and risk auditing in AWS?
A)AWS SNS
B)AWS CloudFormation
C)AWS CloudTrail
D)AWS CloudWatch

10 From the options provided, which three A,D,E A,D,E 1 Correct

security requirements are handled by
AWS? Please select three answers from the
options below.
A)Hardware patching
B)Password Policies
C)User permissions
D)Physical security
E)Disk disposal

11 From the options provided below, which C D 0 Wrong

one accurately describes the features and
capabilities that AWS Network Firewall
offers for enhancing network security in an
Amazon Web Services (AWS) environment?
A)AWS Network Firewall is a managed,
stateless firewall for securing your Amazon
VPC
B)AWS Network Firewall offers load
balancing and auto-scaling for applications
within Amazon VPCs
C)AWS Network Firewall provides
protection against Distributed Denial of
Service (DDoS) attacks
D)AWS Network Firewall is a managed,
stateful firewall for securing your Amazon
VPC

12 When a new department has been added C D 0 Wrong

to the organization and the administrator
is tasked with setting up access
permissions for a group of users with
diverse roles and access requirements,
43

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

what is the recommended strategy for

granting access?
A)Users should have no access and be
granted temporary access on the occasions
that they need to execute a task.
B)After gathering information on their
access needs, the administrator should
allow every user to access the most
common resources and privileges on the
system.
C)The administrator should grant all users
the same permissions and then grant more
upon request.
D)The administrator should grant all users
the least privilege and add more privileges
to only to those who need it.

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which statement is accurate about the C C 1 Correct

AWS Trusted Advisor checks that are
accessible to AWS Business Support and
AWS Developer Support customers?
A)AWS Business Support customers and
AWS Developer Support customers both
get access to all 115 Trusted Advisor
checks
B)AWS Business Support customers get
access to 6 security checks along with 50
service limit checks and AWS Developer
Support customers gets access to all 115
Trusted Advisor checks
C)AWS Business Support customers get
'Full set of checks' and AWS Developer
Support customers get 'Service Quota and
basic Security checks'.
D)None of the above

2 Which of the following statements about D C 0 Wrong

AWS pricing is not correct?
44

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Offers pay-as-you-go
B)Enables savings upon reserving
C)Reduced Inbound data transfer reduces
costs incurred
D)Enables saving maximization upon using
more

3 Which AWS services, among the ones B D 0 Wrong

listed below, would assist me in visualizing
service utilization and analyzing costs and
usage after migrating my on-premises
workload to AWS?
A)CloudWatch Dashboards
B)AWS Budgets
C)AWS Organizations
D)AWS Cost Explorer

4 If there's a need to host a group of servers C A 0 Wrong

in the Cloud for a brief three-month
period, and these instances must be highly
available, cost-effective, and cannot be
interrupted during processing, which type
of instances would be the best choice?
A)On-Demand
B)Spot Instances
C)No Upfront costs Reserved
D)Partial Upfront costs Reserved

5 If a client has a suite of on-premise C A 0 Wrong

applications and wants to utilize their
current SQL Server licenses on the AWS
cloud on a per-CPU-core basis, which
pricing model would be most appropriate
for their needs?
A)On demand EC2 Dedicated Hosts
B)Shared Reserved EC2 Instances
C)On demand EC2 Dedicated Instances
D)On demand EC2 shared Instance

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

1 What steps must a customer take to B C 0 Wrong

receive notifications from AWS Trusted
Advisor?
A)No action is required, all Notifications
are sent automatically on a weekly basis.
B)Open a ticket with AWS Support.
C)Set up Notification in Dashboard
D)Set up Amazon Simple Notification
Service

2 According to the AWS Well-Architected B D 0 Wrong

Framework, how can a startup with
multiple AWS environments effectively
manage its users and resources without
impacting costs?
A)Provisioning resources and compute
capacity for future growth.
B)Create multiple unique IAM users with
administrator access for each functional
group of the company.
C)Use of AWS CloudFront template
versions and revision controls to keep track
of the dynamic configuration changes.
D)Use AWS Organizations with respective
OUs that differentiate billing across the
company's AWS account.

3 In the context of the AWS shared B C 0 Wrong

responsibility model for cloud
sustainability, which of the provided
options is the customer's responsibility?
A)Achieve high server utilization rates
B)Delivering efficient servers
C)Optimizing Workload and resource
utilization
D)Sourcing Renewable power

4 What are some benefits of hosting D C 0 Wrong

infrastructure on the AWS Cloud?
A)Security is handled by AWS
B)Complete control over the physical
46

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

infrastructure
C)Pay-as-you-go model
D)No Upfront costs

5 In the context of the AWS Shared D D 1 Correct

Responsibility Model, which
responsibilities are exclusively the
customers?
A)Training
B)Patch Management
C)Configuration Management
D)Service and Communications Protection
or Zone Security

6 Which of the following is NOT considered a D A 0 Wrong

benefit of transitioning to the cloud?
A)Increased time to market
B)Scalability
C)Decreased TCO
D)Redundancy

7 What is the most suitable S3 storage class B B 1 Correct

8 What distinguishes vertical scaling, or A D 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Scaling up provides for high availability

whilst scaling out brings fault-tolerance.
C)Scaling out is not cost-effective
compared to scaling up.
D)Scaling up adds more resources to an
instance, scaling out adds more instances.

9 In the AWS Cloud Adoption Framework D C 0 Wrong

10 What is the term for a user-created label, B B 1 Correct

consisting of a key-value pair of variable
length, that is assigned to AWS resources
as metadata for administrative and
management tasks?
A)Tag key
B)Resource Tag
C)Resource Group
D)Resource Flag

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 In your organization, you have a DevOps C B 0 Wrong

team that is interested in finding out if
AWS offers any services that allow for
infrastructure management via code.
Which of the following options would
satisfy this requirement?
A)Using AWS Trusted Advisor
48

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Using AWS CloudFormation

C)Using AWS Config
D)Using AWS Inspector

2 From the options provided below, which B A 0 Wrong

component of AWS Batch would you use to
specify the memory requirements of the
resources?
A)Job Definitions
B)Jobs
C)Compute Environment
D)Job Queue

3 From the options provided, which two B,C A,C 0 Wrong

accurately describe the features of Amazon
S3?
A)Objects are directly accessible via a URL.
B)S3 allows you to store objects of virtually
unlimited size.
C)S3 allows you to store virtually unlimited
amounts of data.
D)S3 should be used to host a relational
database.

4 For a company that has set up EC2 B A 0 Wrong

Instances in a VPC for their application and
has been advised by the IT Security
department to monitor all traffic to the
EC2 Instances, which feature from the
options provided below would be the most
suitable to capture information for
outgoing and incoming IP traffic from
network interfaces in a VPC?
A)AWS VPC Flow Logs
B)AWS Cloudwatch
C)AWS EC2
D)AWS SQS

5 From the options provided below, which B,D B,D 1 Correct

two AWS services utilize serverless
49

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

technology?
A)AWS Autoscaling
B)DynamoDB
C)EC2
D)Simple Storage Service

6 For a website hosting mission-critical D C 0 Wrong

applications that necessitates 99.999%
uptime, which routing policy should be
implemented when using Route 53?
A)Simple Routing
B)Multi Value Answer Routing
C)Failover Routing
D)Weighted Routing

7 For an online streaming company that is B C 0 Wrong

restricted from broadcasting its content in
specific countries and regions worldwide,
which Amazon Route 53 routing policy
from the options provided would be the
most appropriate to ensure their
compliance?
A)Failover
B)Geoproximity
C)Geolocation
D)Multi-value answer

8 For a company seeking to use AWS storage, C C 1 Correct

where low cost is a priority, the data is
infrequently accessed, and a data retrieval
time of 13-14 hours is acceptable, which
storage option would be the most
suitable?
A)AWS CloudFront
B)Amazon S3 Glacier
C)S3 Glacier Deep Archive
D)Amazon EBS volumes

9 From the options provided below, which A D 0 Wrong

statement correctly describes the features
50

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

or functionalities of AWS IQ?

A)AWS IQ is a hardware appliance for
secure data storage in AWS data centers
B)AWS IQ is an artificial intelligence service
that predicts cloud infrastructure costs
C)AWS IQ is a service that offers free cloud
computing resources to AWS customers
D)AWS IQ is a platform that connects AWS
customers with certified freelancers,
experts, and consulting firms for various
AWS-related tasks

10 Which AWS services can be utilized to A B 0 Wrong

enhance performance for global users
when transferring large data objects to a
centralized Amazon S3 bucket in the us-
west-1 region?
A)Use Amazon ElastiCache
B)Enable S3 Transfer Acceleration on
Amazon S3 bucket.
C)Use Amazon CloudFront Put/Post
commands
D)Use Multipart upload

11 Which AWS service would be the most B C 0 Wrong

suitable choice for streamlining the
development and implementation of real-
time collaboration features and seamless
integration with AWS services for the
backend in your web application?
A)AWS Device Farm
B)AWS AppSync
C)AWS Amplify
D)Amazon RDS

12 For a team of engineers developing an B D 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

total reliance on cloud communication,

which AWS service would be the optimal
solution?
A)Amazon Redshift
B)Amazon S3
C)AWS IoT Core
D)AWS IoT Greengrass

13 For a developer looking to enhance several A B 0 Wrong

applications in AWS and needing a secure
service to host git-based repositories,
which AWS service would be appropriate?
A)AWS CodePipeline
B)AWS CodeCommit
C)AWS CodeStar
D)Amazon CodeGuru

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 The food delivery start-up that is C B 0 Wrong

expanding its operations is looking to
enhance security by implementing DDoS
protection for its applications on AWS.
Which AWS service provides customers
with comprehensive protection against
DDoS attacks?
A)Amazon GuardDuty
B)AWS Shield
C)AWS WAF - Web Application Firewall
D)AWS Firewall Manager
52

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

2 When an administrator gets an alert and C A 0 Wrong

comprehensive report about credit card
information mistakenly uploaded by a
user into one of the S3 buckets during an
online survey questionnaire, which AWS
service is responsible for this detection
and report?
A)Amazon Macie
B)Amazon Inspector
C)Amazon EventBridge
D)Amazon Detective

3 Which of the following can be set up to D D 1 Correct

improve security at the subnet level?
A)Security Group
B)Virtual Private Cloud (VPC)
C)Configure transitive VPC peering
D)NACL (Network Access Control List)

4 From the options provided below, which C D 0 Wrong

one accurately describes the features and
capabilities that AWS Network Firewall
offers for enhancing network security in
an Amazon Web Services (AWS)
environment?
A)AWS Network Firewall is a managed,
stateless firewall for securing your
Amazon VPC
B)AWS Network Firewall offers load
balancing and auto-scaling for
applications within Amazon VPCs
C)AWS Network Firewall provides
protection against Distributed Denial of
Service (DDoS) attacks
D)AWS Network Firewall is a managed,
stateful firewall for securing your Amazon
VPC

5 An external audit is currently underway C C 1 Correct

for your company. The auditor requires a
record of the individuals who have made
53

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

requests to the AWS resources using the

company's account. Which services are
available to help provide this
information?
A)Amazon SNS
B)Amazon CloudWatch
C)AWS CloudTrail
D)Amazon EC2

6 In a scenario where an organization D B 0 Wrong

operates multiple EC2 instances within a
VPC, utilizing three subnets for
Development, Test, and Production. The
Security team has concerns about the
VPC configuration and needs to limit
communication among the EC2 instances
using Security Groups. Which of the
provided options accurately reflects the
truth about Security Groups?
A)The only Security Group you can
change is the Default Security Group.
B)You can change a Security Group
associated with an instance if the
instance is in the running state.
C)You can change a Security Group
associated with an instance if the
instance is in the hibernate state.
D)You can change a Security Group only if
there are no instances associated to it.

7 From the options provided below, which D A 0 Wrong

one is a responsibility of the customer
under the AWS Shared Responsibility
Model?
A)Patching of guest OS deployed on
Amazon EC2 instance.
B)Patching of host OS deployed on
Amazon S3.
C)Logical Access controls for underlying
infrastructure.
54

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Physical security of the facilities.

8 In the context of the Shared Security C,D A,C,D 0 Wrong

9 I possess a Mobile Application that D C 0 Wrong

necessitates access to AWS resources
such as S3 and DynamoDB. What would
be the most optimal approach to grant
users of the mobile app the ability to
access these AWS resources?
A)Have the mobile app connect to
another web application running on an
EC2 instance that can assume a role for
accessing the AWS resources
B)Keep the Security Credentials
associated with the AWS resource access
within the Mobile App
C)Use Security Token Service (STS) with
Identity Federation that will allow an User
access to resources within a session
D)Create Users and Groups within IAM
and assign IAM policies for accessing the
resources

10 In the context of an AWS environment, D C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)AWS Security Hub automates the

deployment of security patches to EC2
instances
C)AWS Security Hub centralizes and
analyzes security findings from various
AWS services
D)AWS Security Hub automatically
generates and enforces IAM policies for
access control

11 In the context of the "Shared D C 0 Wrong

Responsibility Model," which of the
options provided below is the
responsibility of the customer?
A)Networking of the AWS infrastructure
B)Hardware of the AWS underlying
infrastructure
C)Client-side data encryption
D)Database of the AWS infrastructure

12 In the context of an organization's D B 0 Wrong

information systems audit, when the
administrator is asked to compile a
collection of security and compliance
reports, as well as online service
agreements between the organization
and AWS, which service should they use
to gather this information?
A)AWS Directory Service
B)AWS Artifact
C)AWS Resource Center
D)AWS Service Catalog

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 What tool is available for predicting your A A 1 Correct

AWS expenditure?
A)AWS Cost Explorer
B)AWS Organizations
56

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Amazon S3
D)AWS Trusted Advisor

2 What tools are available for generating a C C 1 Correct

cost estimate for deploying a new
solution on the AWS Cloud
infrastructure?
A)AWS Cost and Usage Report
B)AWS Budgets
C)AWS Pricing Calculator
D)AWS Cost Explorer

3 For a startup company in the e-commerce C C 1 Correct

4 In the context of AWS Organizations D,E A,C 0 Wrong

ability to efficiently manage multiple
accounts in a large enterprise, which two
of the following statements are accurate?
A)An Organizational Unit(OU) can have
only one parent.
B)An account can be a member of
multiple Organizational Units (OU).
C)Organizational level policies are known
as Service Control Policies.
D)An SCP policy only impacts a particular
AWS account even if it is applied at the
root account.
E)Service Control Policies (SCPs) can only
allow actions instead of deny actions.
57

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

5 For a large Oil and Gas company that is C C 1 Correct

planning to launch a high-volume
application on several Amazon EC2
instances, which option could assist in
lowering operational costs?
A)Deploy Amazon EC2 instance with
Amazon instance store-backed AMI
B)Deploy Amazon EC2 instance in
multiple AZ's
C)Deploy Amazon EC2 instance with Auto-
scaling
D)Deploy Amazon EC2 instance with
Cluster placement group

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Which of the following does not D B 0 Wrong

constitute a pillar of the AWS Well-
Architected Framework?
A)Performance Efficiency
B)Automation
C)Cost Optimization
D)Reliability

2 What distinguishes vertical scaling, or D D 1 Correct

"scaling up", from horizontal scaling, also
known as "scaling out", in the context of
designing a highly available architecture?
A)Autoscaling groups require scaling up
whilst launch configurations use scaling
out.
B)Scaling up provides for high availability
whilst scaling out brings fault-tolerance.
C)Scaling out is not cost-effective
compared to scaling up.
D)Scaling up adds more resources to an
instance, scaling out adds more instances.

3 Which AWS database service would be D A 0 Wrong

the most appropriate for migrating
58

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

millions of customer financial transaction

data from an on-premise mainframe
system to a non-relational database, with
the requirement of high performance for
data retrieval and analytics?
A)Amazon DynamoDB
B)Amazon RDS
C)Amazon RedShift
D)Amazon ElastiCache

4 What is the most suitable S3 storage class D B 0 Wrong

for an insurance organization aiming to
maintain a long-term archive of customer
data in compliance with HIPAA
regulations, where any department
requiring access to the archived data
must notify the IT department at least 14
hours in advance?
A)Amazon S3 Standard-Infrequent Access
B)Amazon S3 Glacier deep archive
C)Amazon S3 Standard
D)Amazon S3 Glacier

5 What architectural best practice can an D A 0 Wrong

architect use to design a solution for a
distributed system where the
components of one system do not
adversely affect the other components?
A)Implement loose coupling
B)Request Throttling
C)Using stateless services
D)Enabling automatic data backup

6 In the context of the AWS shared D C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Sourcing Renewable power

7 Which pillar of the AWS Well-Architected D D 1 Correct

Framework emphasizes using the
minimum required hardware for
resources deployed in the AWS Cloud?
A)Operational Excellence Pillar
B)Reliability Pillar
C)Performance Efficiency Pillar
D)Sustainability Pillar

8 Which AWS product offers a unified user No A 0 Wrong

interface, facilitating the streamlined Answer
management of software development
tasks in a single location, as well as rapid
development, building, and deployment
of applications on AWS?
A)AWS CodeStar
B)Amazon CodeGuru
C)AWS CodeBuild
D)AWS CodeArtifact

9 What would be the best option for a No D 0 Wrong

company that wants to host a database Answer
on AWS and maintain as much control
over the database as possible?
A)Using the Amazon Aurora service
B)Using the AWS DynamoDB service
C)Using the AWS RDS service
D)Hosting the database on an EC2
Instance

10 Which concept is related to the non- No C 0 Wrong

functional requirement of reducing inter- Answer
dependencies to prevent failures from
affecting other components, as part of
your design team's plan to design an
application for hosting on the AWS
Cloud?
A)Segregation
60

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Integration
C)Decoupling
D)Aggregation

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 The e-commerce web application being C D 0 Wrong

developed on an EC2 instance is currently
facing performance issues during
browsing and searching activities when
multiple heavy load use-cases are being
executed simultaneously. The application
monitoring tools have identified a
bottleneck in the web tier. In order to
address this issue, a decision has been
made to refactor the application code by
separating the web tier components from
the resource-intensive tasks related to
processing orders. Which AWS service
would be suitable to facilitate this
modification?
A)Amazon Kinesis Streams
B)AWS Auto Scaling
C)AWS Elastic Load Balancing
D)Amazon SQS

2 What service can be utilized to establish C C 1 Correct

the necessary steps for automating the
build, test, and deployment processes for
a web application?
A)AWS CodeBuild
B)AWS CodeCommit
C)AWS CodePipeline
D)AWS CodeDeploy

3 As the architect of a custom application C D 0 Wrong

currently running in your corporate data
center, you're dealing with unresolved
bugs that generate extensive data in
61

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

custom log files, leading to time-

consuming tasks for the operations team
tasked with their analysis. You're planning
to migrate the application to AWS using
EC2 instances and want to enhance
logging and monitoring capabilities
without modifying the application
code.Which AWS service would be best
suited to meet this need?
A)Amazon Kinesis Data Firehose
B)AWS Kinesis Data Streams
C)AWS CloudTrail
D)AWS CloudWatch Logs

4 For a smart agriculture company aiming C D 0 Wrong

to optimize crop yield by monitoring soil
moisture and weather conditions across
extensive fields, requiring real-time data
collection from field sensors and alert
generation when certain thresholds are
exceeded, which AWS service would be
the best fit?
A)AWS IoT Greengrass
B)Amazon QuickSight
C)AWS Lambda
D)AWS IoT Core

5 What is the feature provided by AWS that C D 0 Wrong

6 Emma is working on a mobile application C C 1 Correct

that necessitates real-time data
synchronization and offline functionality.
She's looking for a managed service that
62

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

simplifies the creation and management

of GraphQL APIs for her application.
Which AWS service would be the best fit
for Emma's needs?
A)AWS Device Farm
B)Amazon ECS
C)AWS AppSync
D)AWS Amplify

7 You have been assigned the responsibility C B 0 Wrong

of constructing and implementing a
machine-learning model to forecast
customer preferences for an e-commerce
platform. What AWS service offers
comprehensive machine learning
capabilities?
A)Amazon Kendra
B)Amazon SageMaker
C)Amazon Lex
D)Amazon Polly

8 From the options provided below, which B,C B,E 0 Wrong

two statements correctly describe the
features or functionalities of Amazon
Athena?
A)Amazon Athena uses a variety of query
languages including SQL, LDAP, JPQL as
well as CQL.
B)Amazon Athena queries data directly
from Amazon S3.
C)Amazon Athena is not suitable for
complex analysis such as large joins,
window functions and arrays.
D)Amazon Athena resources are allocated
in accordance to processing and memory
requirements prior to deployment.
E)Amazon Athena is compatible with data
formats such as CSV, JSON, ORC, AVRO
and Parquet

9 What settings can be configured to give C A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

priority to the evaluation of critical job

queues over other job queues linked to
the same compute resource?
A)Set higher priority in the priority
parameter of a job queue
B)Set higher priority in the priority
parameter of a job definition
C)Set lower priority in the priority
parameter of a job definition
D)Set lower priority in the priority
parameter of a job queue

10 For an administrator managing a large D A 0 Wrong

deployment of AWS resources across
multiple AWS Regions, who wants to
monitor configuration changes across all
resources and maintain a configuration
inventory, which AWS service from the
options provided would be the most
suitable to fulfill this requirement?
A)AWS Config
B)AWS CloudFormation
C)Stacks and Templates
D)AWS Backup

11 A radio station curates an annual list of D D 1 Correct

the top songs, which are regularly
accessed within a 180-day timeframe.
Subsequently, users are allotted a default
retrieval window of 12-48 hours to
download the files. These files must be
retained for a minimum of 10 years. What
is the most economical object storage
solution post the initial 180 days?
A)Amazon S3 Standard - Infrequently
Accessed
B)Amazon S3 Glacier
C)Amazon S3 One Zone - Infrequently
Accessed
D)Amazon S3 Glacier Deep Archive
64

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

12 For a company that wants to create D D 1 Correct

standard templates for deploying their
infrastructure, which AWS service from
the options provided would be the most
suitable to facilitate this requirement?
A)AWS OpsWorks
B)Amazon Simple Workflow Service
C)AWS Elastic Beanstalk
D)AWS CloudFormation

13 Which LightSail Wizard enables customers A D 0 Wrong

to "replicate a LightSail instance in EC2"?
A)LightSail-EC2 snapshot
B)LightSail Backup
C)LightSail Copy
D)Upgrade to EC2

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 For a development team that has C A 0 Wrong

purchased a new application with limited
licenses and an administrator who wants
to be alerted when the usage of licenses is
exceeded on an Amazon EC2 instance,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS License Manager
B)AWS Control Tower
C)AWS Config
D)AWS Service Catalog
65

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

2 Within a sophisticated AWS setup D A 0 Wrong

encompassing various AWS accounts and
resources, an organization requires a
centralized tool to oversee and implement
uniform firewall rules and policies. This is
crucial in maintaining a consistent security
stance and compliance throughout the
infrastructure. What AWS service offers the
functionality to accomplish this?
A)AWS Firewall Manager
B)Amazon GuardDuty
C)Amazon Inspector
D)AWS Web Application Firewall

3 In the course of an audit, the audit C C 1 Correct

4 From the options provided below, which D,E C,E 0 Wrong

two statements accurately describe the
process of provisioning a security
certificate from AWS Certificate Manager
(ACM)?
A)A security certificate issued in ACM can
only be applied to one AWS resource.
B)ACM-issued security certificate cannot
be applied to an Application load balancer.
C)To verify a security certificate, a CNAME
record would need to be created.
D)Third-party security certificates cannot
be applied to AWS resources.
E)To verify a security certificate, the
66

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

administrator would need to acknowledge

a verification email sent to an address of
their choice.

5 Out of the options provided, which two A,D A,D 1 Correct

can be utilized to safeguard against DDoS
attacks? Please select two answers from
the options below.
A)AWS Shield Advanced
B)AWS EC2
C)AWS RDS
D)AWS Shield

6 An external audit is currently underway for D C 0 Wrong

your company. The auditor requires a
record of the individuals who have made
requests to the AWS resources using the
company's account. Which services are
available to help provide this information?
A)Amazon SNS
B)Amazon CloudWatch
C)AWS CloudTrail
D)Amazon EC2

7 Among the options provided, which one D B 0 Wrong

8 Among the options provided, which tool D C 0 Wrong

can be utilized to facilitate authentication
for a substantial number of users accessing
an Amazon S3 bucket via a mobile
application?
A)AWS STS
B)AWS IAM user
67

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Amazon Cognito
D)AWS IAM group

9 In the context of an AWS environment, D C 0 Wrong

10 In a scenario where a developer needs to D B 0 Wrong

enable an application on an EC2 instance
to perform certain actions and requires
granting access to the application for some
AWS resources, the developer intends to
supply his credentials to the instance.
However, considering the developer's
credentials are long-term, the developer is
seeking an alternative to minimize the
security risk. What could the developer do
in this situation to temporarily allow
applications on EC2 to access the
necessary AWS resources?
A)There is no alternate way. A developer
needs to give his credentials and revoke
access when the required action is done.
B)Use IAM Roles
C)Use IAM Group
D)Use IAM Tags
68

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

11 In a scenario where an organization D B 0 Wrong

12 Which of the following options accurately D C 0 Wrong

defines the "Principle of Least Privilege"?
Please select the correct answer from the
options provided below.
A)Users should always have a little more
permission than they need.
B)All users should have the same baseline
permissions granted to them to use basic
AWS services.
C)Users should be granted permission to
access only resources they need to do their
assigned job.
D)Users should submit all access requests
in written form so that there is a paper trail
of who needs access to different AWS
resources.

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support
69

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

1 If an organization has initiated a new A A 1 Correct

2 If you have a distributed application that C D 0 Wrong

periodically processes substantial amounts
of data across multiple Amazon EC2
Instances and is designed to recover
smoothly from Amazon EC2 instance
failures, which option would be the most
cost-effective way to meet your
requirements?
A)On-Demand instances
B)Reserved instances
C)Dedicated instances
D)Spot Instances

3 What tool is available for predicting your B A 0 Wrong

AWS expenditure?
A)AWS Cost Explorer
B)AWS Organizations
C)Amazon S3
D)AWS Trusted Advisor

4 What tools are available for generating a B C 0 Wrong

cost estimate for deploying a new solution
on the AWS Cloud infrastructure?
A)AWS Cost and Usage Report
B)AWS Budgets
C)AWS Pricing Calculator
D)AWS Cost Explorer
70

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

5 In the context of AWS Organizations ability B,C A,C 0 Wrong

to efficiently manage multiple accounts in
a large enterprise, which two of the
following statements are accurate?
A)An Organizational Unit(OU) can have
only one parent.
B)An account can be a member of multiple
Organizational Units (OU).
C)Organizational level policies are known
as Service Control Policies.
D)An SCP policy only impacts a particular
AWS account even if it is applied at the
root account.
E)Service Control Policies (SCPs) can only
allow actions instead of deny actions.

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 What is the functionality of EBS Volume D C 0 Wrong

2 What is the main difference between an D C 0 Wrong

availability zone and an edge location?
A)None of the above
B)An availability zone is a grouping of AWS
resources in a specific region. An edge
location is a specific resource within the
AWS region.
C)An availability zone is an isolated
location within an AWS region, whereas an
edge location will deliver cached content
to the closest location to reduce latency.
D)Edge locations are used as control
71

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

stations for AWS resources.

3 Which tool among the following can be D C 0 Wrong

utilized to verify service limits for resources
deployed within AWS Cloud Infrastructure?
A)AWS CloudTrail
B)AWS Config
C)AWS Trusted Advisor
D)Amazon CloudWatch

4 Where can an administrator find D A 0 Wrong

information to verify if the Amazon
CloudFront identity is making API access
calls to an S3 bucket that hosts a static
website?
A)In AWS CloudTrail Event history, look up
access calls and filter for the Amazon
CloudFront identity.
B)Configuring Amazon Athena to run
queries on the Amazon CloudFront
distribution.
C)Check AWS CloudWatch logs on the S3
bucket.
D)In the webserver, tail for identity access
logs from the Amazon CloudFront identity.

5 Which of the following does not constitute D B 0 Wrong

a pillar of the AWS Well-Architected
Framework?
A)Performance Efficiency
B)Automation
C)Cost Optimization
D)Reliability

6 Which AWS services could a research firm D A 0 Wrong

utilize for expert help in deploying a high-
performance computing system in the AWS
cloud for their scientific research activities?
Please provide the options.
A)AWS Professional Services
72

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)AWS Support
C)AWS Managed Services
D)AWS IQ

7 Which of the following is not a method C D 0 Wrong

used for disaster recovery deployment?
A)Multi-Site
B)Pilot light
C)Warm standby
D)Single Site

8 What are two reasons that might motivate ,,,,, A,D 0 Wrong
a company to choose AWS over an on-
premises data center? Please select two
from the options provided.
A)Ability to use resources on demand
B)Having access to Free and Unlimited
Storage
C)Having access to Unlimited Physical
servers
D)Having a highly available infrastructure

9 If you have an application that is mission- D A 0 Wrong

10 Which two activities fall under the purview ,,,,, B,E 0 Wrong
of AWS Support from the options
provided?
A)Database query tuning
B)Troubleshooting API issues
C)Code Development
D)Debugging custom software
E)Third-party application configuration on
73

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

AWS resources

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 What AWS service could be used to B D 0 Wrong

effectively distribute video content to users
worldwide for a video-based application
that you plan to deploy on the AWS Cloud?
A)Amazon S3
B)Amazon SES
C)Amazon Cloudtrail
D)Amazon CloudFront

2 For a research team working in remote C A 0 Wrong

locations without internet access and
collecting petabytes of data, which Amazon
service would be the most suitable for
transferring their terabytes of data?
A)AWS Snowball
B)Amazon S3
C)Amazon Elastic Block Store (EBS)
D)Amazon S3 Glacier

3 Which AWS service would be beneficial for C D 0 Wrong

gathering crucial metrics from AWS RDS
and EC2 Instances, as per the
requirement?
A)Amazon Config
B)Amazon CloudFront
C)Amazon CloudSearch
D)Amazon CloudWatch

4 For a company seeking to use AWS storage, D C 0 Wrong

where low cost is a priority, the data is
infrequently accessed, and a data retrieval
time of 13-14 hours is acceptable, which
storage option would be the most
suitable?
A)AWS CloudFront
74

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Amazon S3 Glacier
C)S3 Glacier Deep Archive
D)Amazon EBS volumes

5 For a popular e-commerce website that C C 1 Correct

currently relies on call center agents for
resolving queries related to its products
and services, how can the website quickly
develop virtual contact center agents to
facilitate self-service capabilities for its
users?
A)Using Amazon Kendra
B)Using Amazon Polly
C)Using Amazon Lex
D)Using Amazon Personalize

6 If you're working in a production D D 1 Correct

environment and there's a requirement to
automate the entire process of managing
and delivering changes, including building,
testing, and deploying resources, which
AWS service from the options provided
would be the most suitable to create an
end-to-end continuous integration and
continuous deployment (CI/CD) pipeline?
A)AWS CodeCommit
B)AWS CodeDeploy
C)AWS CodeBuild
D)AWS CodePipeline

7 Identify three attributes that are C,D A,B,C 0 Wrong

associated with an edge location from the
options listed below.
A)Used in conjunction with the Cloudfront
service
B)Distribute content to users
C)Cache popular contents
D)Distribute load across multiple resources

8 From the options provided below, which B A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

component of AWS Batch would you use to

specify the memory requirements of the
resources?
A)Job Definitions
B)Jobs
C)Compute Environment
D)Job Queue

9 From the options provided below, which D A 0 Wrong

support plans offer environmental
monitoring by a designated Technical
Account Manager (TAM)?
A)Enterprise
B)Developer
C)Business
D)Enterprise On-Ramp

10 For a developer looking to enhance several D B 0 Wrong

applications in AWS and needing a secure
service to host git-based repositories,
which AWS service would be appropriate?
A)AWS CodePipeline
B)AWS CodeCommit
C)AWS CodeStar
D)Amazon CodeGuru

11 For an organization seeking assistance, D D 1 Correct

which role does Amazon AppStream play
from the options provided below?
A)It hosts websites and web applications
with high availability
B)It provides cloud-based virtual machines
for running containerized applications
C)It automates and manages AWS resource
provisioning
D)It delivers desktop applications securely
to users via streaming

12 For a software development team that D B 0 Wrong

needs to automate the process of
76

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

compiling code, packaging it, creating a

Docker image, and running unit tests for
the developed code, which AWS service
from the options provided would be the
most suitable to assist them in achieving
this?
A)All of the above
B)AWS CodeBuild
C)AWS CodeDeploy
D)AWS CodeCommit

13 What settings can be configured to give D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 From the options given, which service can D B 0 Wrong

the Security team utilize to probe and
analyze the root cause of potential
security threats on AWS resources?
77

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)AWS Security Hub

B)Amazon Detective
C)AWS Shield
D)Amazon GuardDuty

2 In a scenario where an organization D B 0 Wrong

operates multiple EC2 instances within a
VPC, utilizing three subnets for
Development, Test, and Production. The
Security team has concerns about the
VPC configuration and needs to limit
communication among the EC2 instances
using Security Groups. Which of the
provided options accurately reflects the
truth about Security Groups?
A)The only Security Group you can
change is the Default Security Group.
B)You can change a Security Group
associated with an instance if the instance
is in the running state.
C)You can change a Security Group
associated with an instance if the instance
is in the hibernate state.
D)You can change a Security Group only if
there are no instances associated to it.

3 In the context of an organization's D B 0 Wrong

information systems audit, when the
administrator is asked to compile a
collection of security and compliance
reports, as well as online service
agreements between the organization
and AWS, which service should they use
to gather this information?
A)AWS Directory Service
B)AWS Artifact
C)AWS Resource Center
D)AWS Service Catalog

4 From the options provided below, which D B 0 Wrong

security service would you utilize to
78

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

detect users personal credit card numbers

from data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector

5 In the course of an audit, the audit D C 0 Wrong

committee recommends that an
organization centrally oversee all VPC
security groups and WAF rules in their
AWS setup. With multiple AWS accounts
in place, what steps can be taken to
accomplish this task?
A)AWS Security Hub
B)AWS Identity and Access Management
(IAM)
C)AWS Firewall Manager
D)Amazon Cloud Directory

6 For conducting faster and efficient D C 0 Wrong

security investigations using machine
learning and graph theory capability on
automatically collected log data, which
AWS service from the options provided
would be the most suitable to fulfill this
requirement?
A)Amazon GuardDuty
B)Amazon Macie
C)Amazon Detective
D)AWS Artifact

7 When a client opts for a MySQL RDS D B 0 Wrong

database on the AWS cloud due to its
scalability and high availability features,
what role can they play in ensuring the
security of the database?
A)He can Encrypt database data at rest by
using EBS volume storage encryption.
B)He can restrict RDS database access by
using a Security Group.
79

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)He can provide the most recent updates

of his database software installed on the
EC2 Instance for preventing Security
attacks.
D)He can provide the most recent
versions of his Operating System on the
EC2 instance for preventing Security
attacks.

8 The food delivery start-up that is D B 0 Wrong

9 If a developer needs to access a database D B 0 Wrong

for an application and this process would
necessitate hard-coding the credentials,
which is not a recommended practice,
and instead wants to securely store
encrypted credentials and retrieve them
as needed, thereby avoiding the need to
hard-code credentials in the application,
which AWS service would you
recommend to the developer?
A)AWS Artifact
B)AWS Secrets Manager
C)AWS Encryption SDK
D)AWS Security Hub

10 From the options provided below, which D,E A,E 0 Wrong

two are responsibilities of AWS in the
shared responsibility model for Security
and Compliance between AWS and
customer?
80

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Patch management within the AWS

infrastructure
B)Perform all the necessary security
configuration and management tasks for
Amazon Elastic Compute Cloud (Amazon
EC2).
C)Patch management of the guest OS and
applications
D)Security of the data in the AWS cloud
E)Security of the AWS cloud

11 Out of the options provided, which two A,D A,D 1 Correct

can be utilized to safeguard against DDoS
attacks? Please select two answers from
the options below.
A)AWS Shield Advanced
B)AWS EC2
C)AWS RDS
D)AWS Shield

12 For a web administrator who manages a D A 0 Wrong

variety of public and private web
resources for an organization and needs a
service to monitor the expiration dates of
SSL/TLS certificates, as well as handle
updates and renewals, which service
would be the most appropriate?
A)AWS Certificate Manager
B)AWS Data Lifecycle Manager
C)AWS License Manager
D)AWS Firewall Manager

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which tool in the AWS Billing and D C 0 Wrong

Management service enables users to
graphically track billing and usage over
time, specifically focusing on monthly
operational costs?
81

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)AWS Bills
B)AWS Reports
C)AWS Cost Explorer
D)AWS Budgets

2 In the context of AWS Organizations D,E A,C 0 Wrong

3 Which three factors influence the cost of B,C,D B,C,D 1 Correct

an On-Demand EC2 Instance?
A)Edge location
B)Operating System
C)Region
D)Instance Type

4 If a program manager wants to receive C D 0 Wrong

alerts when projected costs are set to
exceed a certain amount, and to
understand usage and costs over time
(preferably through visualizations) to
identify potential savings, which AWS
products would be best suited to meet
these requirements?
A)AWS Savings plan and AWS
Organization
B)AWS Budget and AWS Savings plan
C)AWS Savings plan and AWS Cost
Explorer
82

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS Budget and AWS Cost Explorer

5 What tool is available for predicting your C A 0 Wrong

AWS expenditure?
A)AWS Cost Explorer
B)AWS Organizations
C)Amazon S3
D)AWS Trusted Advisor

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Data stored on Amazon EBS volumes can D C 0 Wrong

be backed up using point-in-time
snapshots, which are incremental
backups. Only the modified blocks since
the last snapshot are saved. Where are
these EBS snapshots stored?
A)Amazon Aurora
B)Amazon EBS Volume
C)Amazon S3
D)Amazon EFS

2 In the AWS Cloud Adoption Framework D C 0 Wrong

(CAF), which of the following accurately
depicts the four viewpoints that shape
the framework's advice and their
corresponding categories?
A)Strategy, Implementation, Monitoring,
Optimization
B)Technology, Security, Scalability,
Compliance
C)Business, People, Platform, Security
D)Architecture, Deployment,
Performance, Governance

3 When adhering to the "design for failure C,D B,C,D 0 Wrong

and nothing will fail" principle in system
design, which three AWS services or
features could be beneficial? Please select
three from the options provided.
83

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Pay as you go
B)Availability Zones
C)Regions
D)Elastic Load Balancer

4 Could you identify two best practices for D C,D 0 Wrong

designing systems based on cloud
technology?
A)Use as many services as possible.
B)Build Tightly-coupled components.
C)Build loosely-coupled components.
D)Assume everything will fail.

5 Where can an administrator find D A 0 Wrong

6 What service can the Developer Team use D D 1 Correct

to create a personalized portfolio for
rapid deployment of a multi-tier web
application?
A)AWS CloudFormation
B)AWS Config
C)AWS Code Deploy
D)AWS Service Catalog

7 Which AWS service offers a fully managed D C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

NoSQL database with fast, predictable

performance and seamless scalability?
A)Elastic Map Reduce
B)AWS RDS
C)DynamoDB
D)Oracle RDS

8 According to the AWS Well-Architected D D 1 Correct

Framework, how can a startup with
multiple AWS environments effectively
manage its users and resources without
impacting costs?
A)Provisioning resources and compute
capacity for future growth.
B)Create multiple unique IAM users with
administrator access for each functional
group of the company.
C)Use of AWS CloudFront template
versions and revision controls to keep
track of the dynamic configuration
changes.
D)Use AWS Organizations with respective
OUs that differentiate billing across the
company's AWS account.

9 What scenario would be best suited for D A 0 Wrong

implementing an Amazon RDS database
instance as opposed to a NoSQL/non-
relational database?
A)In an organisation where only a finite
number of processes query the database
in predictable and well-structured
Schemas.
B)Where datasets are constantly evolving
and cannot be confined to a static data
schema.
C)Where vertical scaling of the database's
resources is not permissible and is seldom
necessary.
D)In an organisation whose datasets are
85

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

dynamic and document-based.

10 Which AWS RDS option enables AWS to No B 0 Wrong

automatically switch over to a secondary Answer
database if the primary one experiences a
failure?
A)AWS Standby
B)Amazon RDS Multi-AZ deployments
C)AWS Failover
D)AWS Secondary

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 What service is comparable to hosting C D 0 Wrong

virtual servers in an on-premises
environment?
A)AWS Regions
B)AWS IAM
C)Amazon S3
D)AWS EC2

2 Which AWS services can be utilized to D D 1 Correct

automate the deployment of software on
a substantial number of Amazon EC2
instances and on-premises servers?
A)AWS Config
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS CodeDeploy

3 Among the given statements, which ones D C 0 Wrong

are not accurate in relation to NoSQL
databases?
A)Amazon DynamoDB is a NoSQL
database that supports atomicity,
consistency, isolation, and durability
(ACID) transactions.
B)They are not relational.
C)They need to have a well defined
86

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

schema.
D)NoSQL databases are horizontally
scalable.

4 Out of the following statements D,E A,D 0 Wrong

pertaining to AWS AppSync, which two
are not accurate?
A)APIs built with AppSync need to use
third-party libraries like OpenTelemetry
for observability
B)AWS AppSync is used to aggregate data
from multiple REST APIs / multiple AWS
backend data sources(DynamoDB, Aurora,
OpenSearch, etc.) in a single API call
C)AWS AppSync is a managed GraphQL
service
D)AWS AppSync does not support a
strongly typed schema
E)With AWS AppSync, I can fetch only the
required data improving the performance
of my application

5 Which AWS service enables developers to D C 0 Wrong

effortlessly deploy and oversee web
applications on the cloud?
A)Elastic Container Service
B)Amazon Route 53
C)AWS Elastic Beanstalk
D)Amazon CloudFront

6 For a software development team that D B 0 Wrong

needs to automate the process of
compiling code, packaging it, creating a
Docker image, and running unit tests for
the developed code, which AWS service
from the options provided would be the
most suitable to assist them in achieving
this?
A)All of the above
B)AWS CodeBuild
C)AWS CodeDeploy
87

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS CodeCommit

7 If your team needs to give a group of D D 1 Correct

8 What settings can be configured to give D A 0 Wrong

priority to the evaluation of critical job
queues over other job queues linked to
the same compute resource?
A)Set higher priority in the priority
parameter of a job queue
B)Set higher priority in the priority
parameter of a job definition
C)Set lower priority in the priority
parameter of a job definition
D)Set lower priority in the priority
parameter of a job queue

9 Which AWS services can be utilized to D B 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

10 What is the command that can be utilized D C 0 Wrong

to configure the AWS CLI installation in
order to specify the region and Access key
ID?
A)aws deploy
B)aws configservice
C)aws configure
D)aws connect

11 For a team of developers at a startup who D B 0 Wrong

are working on a new project requiring
high levels of confidentiality and security
for all development assets, and who
currently store their source code and
binary files on a publicly accessible open-
source repository platform, which AWS
service would be the most suitable for
storing their source code?
A)AWS CodeStar
B)AWS CodeCommit
C)AWS CodeDeploy
D)AWS Lambda

12 What components of the CloudFront D A 0 Wrong

service can be utilized for global content
distribution to users?
A)Amazon Edge Locations
B)Amazon VPC
C)Amazon Regions
D)Amazon Availability Zones

13 From the options provided, which two C,D C,D 1 Correct

services assist in establishing a
connection from on-premises
infrastructure to resources hosted in the
AWS Cloud?
A)AWS Subnets
B)AWS VPC
C)AWS VPN
D)AWS Direct Connect
89

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 From the options provided below, which D A 0 Wrong

one serves as an optional security layer
that can be attached to a subnet within a
VPC to control traffic in and out of the
VPC?
A)Network ACL
B)VPC Flow Logs
C)Web Application Firewall
D)Security Group

2 In the context of the Shared Security C,D A,C,D 0 Wrong

3 For a development team that's looking to D C 0 Wrong

4 Out of the options provided, which two can C,D A,D 0 Wrong
be utilized to safeguard against DDoS
attacks? Please select two answers from
the options below.
A)AWS Shield Advanced
90

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)AWS EC2
C)AWS RDS
D)AWS Shield

5 Among the options provided, which one is D C 0 Wrong

6 When making modifications to AWS D D 1 Correct

resources, such as introducing a new
Security Group Ingress rule. Needing to
document and record all these changes for
audit purposes, which AWS service from
the following options would assist me in
accomplishing this?
A)AWS CloudFormation
B)AWS Trusted Advisor
C)AWS CloudWatch
D)AWS Config

7 The food delivery start-up that is expanding D B 0 Wrong

8 What AWS service offers suggestions for D D 1 Correct

optimizing infrastructure security?
91

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Amazon Elastic Compute Cloud (Amazon

EC2) SpotFleet
B)AWS Application Programming
Interface(API)
C)Reserved Instances
D)AWS Trusted Advisor

9 You're experiencing difficulties while D A 0 Wrong

setting up an AWS service and require step-
by-step assistance to resolve the issue.
Where can you locate comprehensive
articles, solutions, and best practices
offered by AWS specialists to aid you in
troubleshooting the problem?
A)AWS Knowledge Center
B)AWS Trusted Advisor
C)AWS Lambda
D)Amazon Detective

10 From the options provided below, which D B 0 Wrong

security service would you utilize to detect
users personal credit card numbers from
data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector

11 Within a sophisticated AWS setup D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS Web Application Firewall

12 From the options provided below, which D C 0 Wrong

one can be utilized to manage identities in
AWS?
A)AWS
B)AWS Config
C)AWS IAM
D)AWS Trusted Advisor

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 If an organization has initiated a new D A 0 Wrong

2 Which AWS service is specifically designed D C 0 Wrong

to meet ABC Corporation's needs for
customizing billing data for various
accounts, applying pricing logic, and
presenting cost data based on
predetermined rates for each billing group?
A)AWS Cost Explorer
B)AWS Billing and Cost Management
C)AWS Billing Conductor
D)AWS Marketplace

3 Which of the following assertions about D C 0 Wrong

AWS's billing, cost optimization, and cost
management practices is correct?
A)When considering migrating to the cloud,
93

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

the AWS Total Cost of Ownership (TCO)

calculator is guaranteed to save up to 80%
of the cost of running on-premise
infrastructure.
B)In AWS Budgets, utilizing Cost and Usage
budgets will optimize and reduce the
overall spend by 79%.
C)When using Savings Plans, 72% savings
can be made on Amazon EC2, AWS Fargate,
and AWS Lambda usage.
D)The AWS Pricing Calculator will workout
a revised bill that can reduce the overall
spend by 60% if you commit to a long-term
usage plan.

4 If a program manager wants to receive D D 1 Correct

alerts when projected costs are set to
exceed a certain amount, and to
understand usage and costs over time
(preferably through visualizations) to
identify potential savings, which AWS
products would be best suited to meet
these requirements?
A)AWS Savings plan and AWS Organization
B)AWS Budget and AWS Savings plan
C)AWS Savings plan and AWS Cost Explorer
D)AWS Budget and AWS Cost Explorer

5 For a startup company in the e-commerce D C 0 Wrong

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

1 Which two activities fall under the purview D,E B,E 0 Wrong
of AWS Support from the options
provided?
A)Database query tuning
B)Troubleshooting API issues
C)Code Development
D)Debugging custom software
E)Third-party application configuration on
AWS resources

2 Which of the below listed is NOT a D A 0 Wrong

3 When adhering to the "design for failure C,D B,C,D 0 Wrong

and nothing will fail" principle in system
design, which three AWS services or
features could be beneficial? Please select
three from the options provided.
A)Pay as you go
B)Availability Zones
C)Regions
D)Elastic Load Balancer

4 What is the most suitable S3 storage class D B 0 Wrong

for an insurance organization aiming to
maintain a long-term archive of customer
95

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

data in compliance with HIPAA regulations,

where any department requiring access to
the archived data must notify the IT
department at least 14 hours in advance?
A)Amazon S3 Standard-Infrequent Access
B)Amazon S3 Glacier deep archive
C)Amazon S3 Standard
D)Amazon S3 Glacier

5 According to the AWS Well-Architected D D 1 Correct

6 What AWS service would be appropriate D C 0 Wrong

for use as a fully managed data
warehouse?
A)Amazon Relational Database Service
(Amazon RDS)
B)Amazon Athena
C)Amazon RedShift
D)Amazon CloudWatch

7 What is the term for a user-created label, D B 0 Wrong

consisting of a key-value pair of variable
length, that is assigned to AWS resources
as metadata for administrative and
management tasks?
A)Tag key
96

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Resource Tag
C)Resource Group
D)Resource Flag

8 What is one feature that is not included in D C 0 Wrong

any of the pillars of the AWS Well-
Architected Framework?
A)It provides the ability to recover from
infrastructure or system failures.
B)It provides the ability to protect
information, systems & assets.
C)It provides the ability to configure servers
with much more CPU resources than
required so that users do not need to
maintain the CPU resources for a long time.
D)It provides the ability to avoid or
eliminate unneeded costs.

9 What is the most cost-effective way to D D 1 Correct

improve the server architecture of a
professional educational institution that
maintains an application hosting an exam
results portal for its students, given that
the resource is idle for most of the learning
cycle and becomes extremely busy when
exam results are published?
A)Migrate the web servers onto Amazon
EC2 Spot Instances.
B)Configure AWS Elastic load-balancing
between the webserver and database
cluster.
C)Configure RDS multi-availability zone for
performance optimization.
D)Configure serverless architecture
leveraging AWS Lambda functions.

10 In the context of the AWS shared C C 1 Correct

responsibility model for cloud
sustainability, which of the provided
options is the customer's responsibility?
A)Achieve high server utilization rates
97

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Delivering efficient servers

C)Optimizing Workload and resource
utilization
D)Sourcing Renewable power

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 For a company seeking to use AWS storage, D C 0 Wrong

where low cost is a priority, the data is
infrequently accessed, and a data retrieval
time of 13-14 hours is acceptable, which
storage option would be the most suitable?
A)AWS CloudFront
B)Amazon S3 Glacier
C)S3 Glacier Deep Archive
D)Amazon EBS volumes

2 From the options provided below, which D C 0 Wrong

support plan does not provide access to
Support Automation Workflows with
AWSPremiumSupport?
A)Enterprise
B)Business
C)Developer
D)Enterprise On-Ramp

3 What service can be utilized to establish D C 0 Wrong

the necessary steps for automating the
build, test, and deployment processes for a
web application?
A)AWS CodeBuild
B)AWS CodeCommit
C)AWS CodePipeline
D)AWS CodeDeploy

4 In order to expose your serverless A,D B,D 0 Wrong

application, implemented with AWS
Lambda, to HTTP clients using HTTP Proxy,
which two AWS services could you
98

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

potentially utilize?
A)AWS Elastic Beanstalk
B)Application Load Balancer
C)AWS Route53
D)AWS API Gateway
E)AWS Lightsail

5 If you have a web application hosted on an D C 0 Wrong

EC2 Instance that requires the ability to
send notifications based on events, which
of the provided AWS services would be the
most suitable to assist in sending these
notifications?
A)AWS EC2
B)AWS SES
C)AWS SNS
D)AWS SQS

6 What features are included in Amazon D C 0 Wrong

Connect?
A)Reputation Dashboard
B)Push Notification
C)High Quality Audio
D)Mailbox Simulator

7 For a company that doesn't want to D C 0 Wrong

manage their database, which AWS service
from the options provided would be the
most suitable as it offers a fully managed
NoSQL database solution?
A)Elastic Map Reduce
B)AWS RDS
C)DynamoDB
D)Oracle RDS

8 If an administrator is working on a D B 0 Wrong

collaborative project and wants to
document the initial configuration and
several authorized changes made to the
route table of a VPC, what would be the
99

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

most effective method to accomplish this

from the options provided below?
A)Use of an AWS Lambda function that is
triggered to save a log file to an S3 bucket
each time configuration changes are made.
B)Use of AWS Config
C)Use of VPC Flow Logs
D)Use of AWS CloudTrail

9 A financial company that wants to D D 1 Correct

automate the detection of suspicious
banking transactions and alert customers,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)Amazon Polly
B)Amazon Rekognition
C)Amazon Comprehend
D)Amazon SageMaker

10 From the options provided below, which C,D B,D 0 Wrong

two AWS services utilize serverless
technology?
A)AWS Autoscaling
B)DynamoDB
C)EC2
D)Simple Storage Service

11 Which of the following choices is not D C 0 Wrong

applicable for uploading archives to
Amazon Glacier?
A)AWS S3 Lifecycle policies
B)RESTful API calls with Amazon S3 Glacier
C)Amazon S3 Glacier console
D)AWS SDKs with Amazon S3 Glacier

12 For a team of developers at a startup who D B 0 Wrong

are working on a new project requiring
high levels of confidentiality and security
for all development assets, and who
100

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

currently store their source code and

binary files on a publicly accessible open-
source repository platform, which AWS
service would be the most suitable for
storing their source code?
A)AWS CodeStar
B)AWS CodeCommit
C)AWS CodeDeploy
D)AWS Lambda

13 For a customer in Tokyo who needs to D D 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 In a scenario where a developer needs to D B 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

security risk. What could the developer do

in this situation to temporarily allow
applications on EC2 to access the
necessary AWS resources?
A)There is no alternate way. A developer
needs to give his credentials and revoke
access when the required action is done.
B)Use IAM Roles
C)Use IAM Group
D)Use IAM Tags

2 For conducting faster and efficient security D C 0 Wrong

investigations using machine learning and
graph theory capability on automatically
collected log data, which AWS service from
the options provided would be the most
suitable to fulfill this requirement?
A)Amazon GuardDuty
B)Amazon Macie
C)Amazon Detective
D)AWS Artifact

3 What AWS service offers suggestions for D D 1 Correct

optimizing infrastructure security?
A)Amazon Elastic Compute Cloud (Amazon
EC2) SpotFleet
B)AWS Application Programming
Interface(API)
C)Reserved Instances
D)AWS Trusted Advisor

4 When an administrator gets an alert and C A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Amazon Detective

5 Out of the options provided, which two A,D A,D 1 Correct

can be utilized to safeguard against DDoS
attacks? Please select two answers from
the options below.
A)AWS Shield Advanced
B)AWS EC2
C)AWS RDS
D)AWS Shield

6 If a developer needs to access a database D B 0 Wrong

for an application and this process would
necessitate hard-coding the credentials,
which is not a recommended practice, and
instead wants to securely store encrypted
credentials and retrieve them as needed,
thereby avoiding the need to hard-code
credentials in the application, which AWS
service would you recommend to the
developer?
A)AWS Artifact
B)AWS Secrets Manager
C)AWS Encryption SDK
D)AWS Security Hub

7 For a development team that has D A 0 Wrong

purchased a new application with limited
licenses and an administrator who wants
to be alerted when the usage of licenses is
exceeded on an Amazon EC2 instance,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS License Manager
B)AWS Control Tower
C)AWS Config
D)AWS Service Catalog

8 In the context of the Well-Architected D C 0 Wrong

103

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Framework's security pillar, if you want to

establish standards and best practices for
your EC2 instances and verify compliance
with these standards to improve workload
security, which of the options provided
would you select?
A)AWS Resource Access Manager (RAM)
B)Amazon Detective
C)AWS Inspector
D)AWS Security Hub

9 From the options provided, which three A,D,E A,D,E 1 Correct

security requirements are handled by
AWS? Please select three answers from the
options below.
A)Hardware patching
B)Password Policies
C)User permissions
D)Physical security
E)Disk disposal

10 Among the options provided, which B D 0 Wrong

resources are subject to network
accessibility checks by Amazon Inspector?
A)Amazon VPC
B)Amazon CloudFront
C)Amazon VPN
D)Amazon EC2 instance

11 When an administrator is assigned to set D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

12 Which of the following options accurately D C 0 Wrong

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which two factors contribute to the cost of A,B B,D 0 Wrong

using AWS S3 storage when storing a large
amount of data such as images and
documents?
A)While uploading data to an S3 bucket
B)Lifecycle transition requests
C)Outbound data transfer from S3 in US-
West to an EC2 instance in US-West
D)Outbound data transfer from S3 in US-
East to an EC2 instance in US-West
E)Outbound data transfer to Amazon
CloudFront

2 Which statement is accurate about the C C 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

access to 6 security checks along with 50

service limit checks and AWS Developer
Support customers gets access to all 115
Trusted Advisor checks
C)AWS Business Support customers get
'Full set of checks' and AWS Developer
Support customers get 'Service Quota and
basic Security checks'.
D)None of the above

3 If an organization has initiated a new A A 1 Correct

4 Which tool in the AWS Billing and C C 1 Correct

Management service enables users to
graphically track billing and usage over
time, specifically focusing on monthly
operational costs?
A)AWS Bills
B)AWS Reports
C)AWS Cost Explorer
D)AWS Budgets

5 For a startup company in the e-commerce A C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)AWS Prescriptive Guidance

D)AWS Security Center

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 What is the best solution for an D A 0 Wrong

2 How would you go about creating a backup D D 1 Correct

of an EBS Volume?
A)Store the EBS volume in DynamoDB.
B)Store the EBS volume in S3.
C)Store the EBS volume in an RDS
database.
D)Create an EBS snapshot.

3 Where can an administrator find D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

4 Can you identify the statement that D B 0 Wrong

accurately describes the AWS Global
infrastructure?
A)To provide High Availability, AWS
management console and control plane
are isolated to a single region
B)Each AWS region has multiple Availability
Zones
C)Many AWS regions has single availability
zone
D)Availability zones are also known as AWS
Local zones

5 In the context of the AWS Shared D D 1 Correct

Responsibility Model, which
responsibilities are exclusively the
customers?
A)Training
B)Patch Management
C)Configuration Management
D)Service and Communications Protection
or Zone Security

6 Which of the following is NOT considered a D A 0 Wrong

benefit of transitioning to the cloud?
A)Increased time to market
B)Scalability
C)Decreased TCO
D)Redundancy

7 Which AWS service from the options below D C 0 Wrong

enables you to scale up resources in
response to application or user demand?
A)AWS Inspector
B)AWS EC2
C)AWS Autoscaling
D)AWS ELB

8 Which pillar of the AWS Well-Architected D D 1 Correct

Framework emphasizes using the
108

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

minimum required hardware for resources

deployed in the AWS Cloud?
A)Operational Excellence Pillar
B)Reliability Pillar
C)Performance Efficiency Pillar
D)Sustainability Pillar

9 Which of the given options does NOT B B 1 Correct

represent a Security design principle in the
AWS Well-Architected Framework for
designing solutions in AWS?
A)Enable Traceability.
B)Apply Security only at the edge of the
network.
C)Protect Data at rest and in transit.
D)Implement a strong Identity foundation.

10 What services can be used to facilitate D D 1 Correct

computing elasticity in AWS?
A)Amazon S3
B)AWS RDS
C)VPC Endpoint
D)AWS EC2 Auto Scaling Group

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 What is the AWS service that provides a D D 1 Correct

2 Which AWS services can be utilized to C B 0 Wrong

enhance performance for global users
109

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

when transferring large data objects to a

centralized Amazon S3 bucket in the us-
west-1 region?
A)Use Amazon ElastiCache
B)Enable S3 Transfer Acceleration on
Amazon S3 bucket.
C)Use Amazon CloudFront Put/Post
commands
D)Use Multipart upload

3 What features are included in Amazon D C 0 Wrong

Connect?
A)Reputation Dashboard
B)Push Notification
C)High Quality Audio
D)Mailbox Simulator

4 If you're working in a production D D 1 Correct

5 As an AWS Architect hired by a company, C,D B,D 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Elastic Load Balancing

6 For a software development team that D B 0 Wrong

7 A financial company that wants to D D 1 Correct

8 Which machine learning-based AWS D A 0 Wrong

service can analyze historical utilization
metrics and suggest the most suitable
compute services for the workload?
A)AWS Compute Optimizer
B)AWS Outposts
C)AWS Well-Architected Tool
D)AWS Management Console

9 Which service from the options provided D D 1 Correct

can be utilized in the AWS cloud to manage
encryption keys?
A)Amazon GuardDuty
B)Amazon Inspector
111

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Amazon Cognito
D)CloudHSM

10 For a financial organization with an on- C B 0 Wrong

premises Data Center that stores large
volumes of confidential customer financial
transaction data on legacy mainframe
systems, and that has implemented a
caching solution in the AWS cloud due to
performance issues, which connectivity
option would be most suitable for
transferring this high-bandwidth data to
the cloud? Please choose the best answer.
A)AWS Snowball
B)Direct Connect with a VPN connection
C)Virtual Private Network (VPN)
D)AWS Storage Gateway

11 If your organization needs to provide a D B 0 Wrong

virtual desktop experience for employees
in a remote work scenario, allowing them
to securely access their desktop
environments from anywhere, which AWS
service from the options provided would
be the most suitable to fulfill this
requirement?
A)AWS Device Farm
B)Amazon WorkSpaces
C)Amazon WorkSpaces Web
D)Amazon AppStream 2.0

12 From the options provided, which two C,D C,D 1 Correct

services assist in establishing a connection
from on-premises infrastructure to
resources hosted in the AWS Cloud?
A)AWS Subnets
B)AWS VPC
C)AWS VPN
D)AWS Direct Connect
112

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

13 From the options provided below, which D B,D 0 Wrong

two AWS services utilize serverless
technology?
A)AWS Autoscaling
B)DynamoDB
C)EC2
D)Simple Storage Service

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 In a scenario where a developer needs to D B 0 Wrong

enable an application on an EC2 instance to
perform certain actions and requires
granting access to the application for some
AWS resources, the developer intends to
supply his credentials to the instance.
However, considering the developer's
credentials are long-term, the developer is
seeking an alternative to minimize the
security risk. What could the developer do
in this situation to temporarily allow
applications on EC2 to access the necessary
AWS resources?
A)There is no alternate way. A developer
needs to give his credentials and revoke
access when the required action is done.
B)Use IAM Roles
C)Use IAM Group
D)Use IAM Tags

2 From the options provided below, which C,E C,E 1 Correct

two statements accurately describe the
113

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

process of provisioning a security

certificate from AWS Certificate Manager
(ACM)?
A)A security certificate issued in ACM can
only be applied to one AWS resource.
B)ACM-issued security certificate cannot be
applied to an Application load balancer.
C)To verify a security certificate, a CNAME
record would need to be created.
D)Third-party security certificates cannot
be applied to AWS resources.
E)To verify a security certificate, the
administrator would need to acknowledge
a verification email sent to an address of
their choice.

3 The food delivery start-up that is expanding D B 0 Wrong

4 You're experiencing difficulties while D A 0 Wrong

5 From the options provided, which three A,D,E A,D,E 1 Correct

114

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

security requirements are handled by

AWS? Please select three answers from the
options below.
A)Hardware patching
B)Password Policies
C)User permissions
D)Physical security
E)Disk disposal

6 In the context of an AWS environment, D C 0 Wrong

7 When making modifications to AWS D D 1 Correct

8 From the options provided below, which D B 0 Wrong

security service would you utilize to detect
115

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

users personal credit card numbers from

data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector

9 From the options provided below, which D,E B,E 0 Wrong

10 For a web administrator who manages a D A 0 Wrong

11 An organization must guarantee the secure C B 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)AWS Key Management Service (KMS)

C)AWS CloudHSM
D)AWS Identity and Access Management
(IAM)

12 If you have a set of EC2 Instances hosted C,D B,D 0 Wrong

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 If your company is considering offloading D A 0 Wrong

2 Which of the following statements about D C 0 Wrong

AWS pricing is not correct?
A)Offers pay-as-you-go
B)Enables savings upon reserving
C)Reduced Inbound data transfer reduces
costs incurred
D)Enables saving maximization upon using
more

3 For a startup company in the e-commerce C C 1 Correct

117

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

industry that is starting its cloud journey

with AWS and needs advice on Cloud
migration, modernization, and cost
optimization in line with AWS best
practices, which AWS service would be
capable of fulfilling these requirements?
A)AWS Trusted Advisor
B)AWS Marketplace
C)AWS Prescriptive Guidance
D)AWS Security Center

4 A customer is interested in a support plan C,D A,E 0 Wrong

that provides access to the following six
security checks. Which two support plans
would offer these security checks at the
lowest cost?Security Check 1: S3 Bucket
PermissionsSecurity Check 2: Security
Groups - Specific Ports UnrestrictedSecurity
Check 3: IAM UseSecurity Check 4: MFA on
Root AccountSecurity Check 5: EBS Public
SnapshotsSecurity Check 6: RDS Public
Snapshots
A)Basic Plan
B)Gold Plan
C)Business Plan
D)Enterprise Plan
E)Developer Plan

5 Which three factors influence the cost of B,C,D B,C,D 1 Correct

an On-Demand EC2 Instance?
A)Edge location
B)Operating System
C)Region
D)Instance Type

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Which AWS RDS option enables AWS to D B 0 Wrong

automatically switch over to a secondary
database if the primary one experiences a
118

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

failure?
A)AWS Standby
B)Amazon RDS Multi-AZ deployments
C)AWS Failover
D)AWS Secondary

2 What distinguishes vertical scaling, or D D 1 Correct

"scaling up", from horizontal scaling, also
known as "scaling out", in the context of
designing a highly available architecture?
A)Autoscaling groups require scaling up
whilst launch configurations use scaling
out.
B)Scaling up provides for high availability
whilst scaling out brings fault-tolerance.
C)Scaling out is not cost-effective compared
to scaling up.
D)Scaling up adds more resources to an
instance, scaling out adds more instances.

3 Which AWS product offers a unified user D A 0 Wrong

interface, facilitating the streamlined
management of software development
tasks in a single location, as well as rapid
development, building, and deployment of
applications on AWS?
A)AWS CodeStar
B)Amazon CodeGuru
C)AWS CodeBuild
D)AWS CodeArtifact

4 What does an AWS region refer to? D D 1 Correct

A)It is the same as an Availability zone.
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
D)It is a geographical area divided into
Availability Zones.

5 In the AWS Cloud Adoption Framework D C 0 Wrong

(CAF), which of the following accurately
119

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

depicts the four viewpoints that shape the

framework's advice and their
corresponding categories?
A)Strategy, Implementation, Monitoring,
Optimization
B)Technology, Security, Scalability,
Compliance
C)Business, People, Platform, Security
D)Architecture, Deployment, Performance,
Governance

6 What architectural best practice can an D A 0 Wrong

architect use to design a solution for a
distributed system where the components
of one system do not adversely affect the
other components?
A)Implement loose coupling
B)Request Throttling
C)Using stateless services
D)Enabling automatic data backup

7 What are some benefits of hosting C C 1 Correct

infrastructure on the AWS Cloud?
A)Security is handled by AWS
B)Complete control over the physical
infrastructure
C)Pay-as-you-go model
D)No Upfront costs

8 Which of the following is not a method D D 1 Correct

used for disaster recovery deployment?
A)Multi-Site
B)Pilot light
C)Warm standby
D)Single Site

9 Data stored on Amazon EBS volumes can D C 0 Wrong

be backed up using point-in-time
snapshots, which are incremental backups.
Only the modified blocks since the last
120

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

snapshot are saved. Where are these EBS

snapshots stored?
A)Amazon Aurora
B)Amazon EBS Volume
C)Amazon S3
D)Amazon EFS

10 Which AWS fully managed database or C C 1 Correct

data warehouse offering is appropriate for
analytical workloads and supports standard
SQL queries as well as integration with
existing BI tools?
A)Amazon RDS
B)Amazon DynamoDB
C)Amazon Redshift
D)Amazon Aurora

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 The e-commerce web application being D D 1 Correct

2 As the architect of a custom application D D 1 Correct

121

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

currently running in your corporate data

center, you're dealing with unresolved bugs
that generate extensive data in custom log
files, leading to time-consuming tasks for
the operations team tasked with their
analysis. You're planning to migrate the
application to AWS using EC2 instances and
want to enhance logging and monitoring
capabilities without modifying the
application code.Which AWS service would
be best suited to meet this need?
A)Amazon Kinesis Data Firehose
B)AWS Kinesis Data Streams
C)AWS CloudTrail
D)AWS CloudWatch Logs

3 Which AWS managed database service D C 0 Wrong

offers a processing speed that is up to five
times faster than a conventional MySQL
database?
A)DynamoDB
B)MariaDB
C)Aurora
D)PostgreSQL

4 What support plan is available for proactive D B 0 Wrong

monitoring of a business-critical application
on AWS by an AWS Technical Account
Manager?
A)Enterprise On-Ramp Plan
B)Enterprise Plan
C)Business Plan
D)Developer Plan

5 From the options provided below, which D C 0 Wrong

support plan does not provide access to
Support Automation Workflows with
AWSPremiumSupport?
A)Enterprise
B)Business
C)Developer
122

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Enterprise On-Ramp

6 From the options provided below, which D D 1 Correct

7 A financial company that wants to D D 1 Correct

8 From the options provided below, which D,E C,D 0 Wrong

two statements accurately describe the
features or functionalities of CodePipeline?
A)If a CodePipeline "Build" stage fails due
to missing artifacts, one needs to trigger
the pipeline manually after adding the
artifacts to the code repository
B)Only AWS-provided source repositories
like CodeCommit can be used as the Source
Provider in CodePipeline
C)AWS CodePipeline can periodically check
the selected code repository for code
changes
D)One can use Jenkins as a Build Provider
123

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

while configuring CodePipeline at the build

stage
E)Both Build and Deploy stages are
mandatory while configuring CodePipeline

9 Which of the following choices is not C C 1 Correct

applicable for uploading archives to
Amazon Glacier?
A)AWS S3 Lifecycle policies
B)RESTful API calls with Amazon S3 Glacier
C)Amazon S3 Glacier console
D)AWS SDKs with Amazon S3 Glacier

10 From the options provided below, which D C 0 Wrong

service would be the most suitable for
automating the deployment of application
code to an Amazon EC2 instance?
A)AWS CloudFormation
B)AWS Elastic Beanstalk
C)AWS CodeDeploy
D)AWS Config

11 What is the most efficient, reliable, and D D 1 Correct

cost-effective method for uploading a
substantial number of large files from
various geographical locations to an S3
bucket?
A)I can directly access the S3 bucket from
the different locations & use a multi-part-
upload for transferring huge objects.
B)I can connect to an application running
on AWS EC2 that is hosted in multiple
regions using Route 53 & use latency based
routing to upload files to the S3 bucket.
C)I can use a Direct Connect link from each
of the Geographic location for transferring
data quickly.
D)I can use S3 Transfer Acceleration from
each Geographic location that will route
the data from their respective Edge
124

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

locations to S3.

12 From the options provided, which two C,D C,D 1 Correct

services assist in establishing a connection
from on-premises infrastructure to
resources hosted in the AWS Cloud?
A)AWS Subnets
B)AWS VPC
C)AWS VPN
D)AWS Direct Connect

13 I am looking for an AWS service that can D D 1 Correct

offer my employees secure access to my
Organization's internal websites and SaaS
applications. I need a solution that is cost-
effective, requires minimal infrastructure
management, and is easy to use. Which
AWS service would be the best fit for these
requirements?
A)Use AWS client VPN solution to connect
to the Organization's internal websites &
SaaS applications
B)AWS AppStream
C)AWS WorkSpaces
D)AWS WorkSpaces Web

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 In the context of an organization's D B 0 Wrong

information systems audit, when the
administrator is asked to compile a
125

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

collection of security and compliance

reports, as well as online service
agreements between the organization and
AWS, which service should they use to
gather this information?
A)AWS Directory Service
B)AWS Artifact
C)AWS Resource Center
D)AWS Service Catalog

2 For a web administrator who manages a A A 1 Correct

3 An organization must guarantee the secure D B 0 Wrong

4 For a development team that has B A 0 Wrong

purchased a new application with limited
licenses and an administrator who wants
to be alerted when the usage of licenses is
126

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

exceeded on an Amazon EC2 instance,

which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS License Manager
B)AWS Control Tower
C)AWS Config
D)AWS Service Catalog

5 Among the options provided, which one D B 0 Wrong

6 In a scenario where a developer needs to D B 0 Wrong

7 When promoting an EC2 Instance from D C 0 Wrong

development to production that interacts
with the Simple Storage Service, which
127

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

feature should be utilized to provide the

EC2 instance with the appropriate
permissions to access the Simple Storage
Service?
A)IAM Policies
B)IAM Users
C)IAM Roles
D)IAM Groups

8 In the context of serverless services like D A 0 Wrong

9 From the options provided below, which D,E B,E 0 Wrong

10 In the context of the Shared Security C,D A,C,D 0 Wrong

Model, which three of the options
provided below are the responsibilities of
AWS?
128

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Implementing service organization

Control (SOC) standards
B)Managing AWS Identity and Access
Management (IAM)
C)Securing edge locations
D)Monitoring physical device security

11 Which AWS Service offers a unified D D 1 Correct

platform for compiling, prioritizing, and
handling security alerts and compliance
findings throughout an organization's AWS
environment?
A)AWS WAF
B)AWS Shield
C)Amazon GuardDuty
D)AWS Security Hub

12 Among the options provided, which tool D C 0 Wrong

can be utilized to facilitate authentication
for a substantial number of users accessing
an Amazon S3 bucket via a mobile
application?
A)AWS STS
B)AWS IAM user
C)Amazon Cognito
D)AWS IAM group

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 If your company is considering offloading D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

2 Which tool in the AWS Billing and C C 1 Correct

Management service enables users to
graphically track billing and usage over
time, specifically focusing on monthly
operational costs?
A)AWS Bills
B)AWS Reports
C)AWS Cost Explorer
D)AWS Budgets

3 Which AWS service is specifically designed D C 0 Wrong

to meet ABC Corporation's needs for
customizing billing data for various
accounts, applying pricing logic, and
presenting cost data based on
predetermined rates for each billing
group?
A)AWS Cost Explorer
B)AWS Billing and Cost Management
C)AWS Billing Conductor
D)AWS Marketplace

4 If your company is transitioning a D B 0 Wrong

5 Given your company's requirements for A A 1 Correct

24/7 access to Cloud Support Engineers via
email, chat, and phone, as well as a
response time of less than 15 minutes for
mission-critical system faults, which AWS
Support plan would be most suitable?
A)Enterprise
B)Business
130

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Developer
D)Basic

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Which Amazon S3 storage class would you D B 0 Wrong

recommend for data exhibiting an
unknown or changing access pattern?
A)Amazon S3 Standard-Infrequent Access
B)Amazon S3 Intelligent-Tiering
C)Amazon S3 Standard
D)Amazon S3 Glacier

2 What methods can be employed to D D 1 Correct

enhance the fault tolerance of an
application?
A)Deploying resources across multiple AWS
Accounts
B)Deploying resources across multiple
edge locations
C)Deploying resources across multiple
VPC's
D)Deploying resources across multiple
Availability Zones

3 What is the most suitable S3 storage class D B 0 Wrong

4 Can you identify two design principles that D,E A,D 0 Wrong
are associated with the "Operational
Excellence" pillar of the Well-Architected
131

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

framework?
A)Perform operations as code
B)Implement a strong identity foundation
C)Enable traceability
D)Anticipate Failure
E)Manage change in automation

5 What is the main difference between an D C 0 Wrong

6 Which AWS service from the options below D C 0 Wrong

enables you to scale up resources in
response to application or user demand?
A)AWS Inspector
B)AWS EC2
C)AWS Autoscaling
D)AWS ELB

7 What does an AWS region refer to? D D 1 Correct

A)It is the same as an Availability zone.
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
D)It is a geographical area divided into
Availability Zones.

8 Where can an administrator find D A 0 Wrong

information to verify if the Amazon
CloudFront identity is making API access
calls to an S3 bucket that hosts a static
132

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

9 Which of the following is NOT considered a A A 1 Correct

benefit of transitioning to the cloud?
A)Increased time to market
B)Scalability
C)Decreased TCO
D)Redundancy

10 What is the term used to describe the B B 1 Correct

capability of AWS products and services to
bounce back from disruptions and
minimize their impact?
A)Latency
B)Resiliency
C)Consistency
D)Durability

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services

1 Which AWS service would be the most D C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Amazon RDS

2 Which AWS services can be utilized to D D 1 Correct

automate the deployment of software on a
substantial number of Amazon EC2
instances and on-premises servers?
A)AWS Config
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS CodeDeploy

3 For a company that has set up EC2 D A 0 Wrong

4 From the options provided below, which D,E C,D 0 Wrong

two statements accurately describe the
features or functionalities of CodePipeline?
A)If a CodePipeline "Build" stage fails due
to missing artifacts, one needs to trigger
the pipeline manually after adding the
artifacts to the code repository
B)Only AWS-provided source repositories
like CodeCommit can be used as the
Source Provider in CodePipeline
C)AWS CodePipeline can periodically check
the selected code repository for code
changes
D)One can use Jenkins as a Build Provider
while configuring CodePipeline at the build
stage
134

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

E)Both Build and Deploy stages are

mandatory while configuring CodePipeline

5 Which AWS service would be beneficial for D D 1 Correct

gathering crucial metrics from AWS RDS
and EC2 Instances, as per the
requirement?
A)Amazon Config
B)Amazon CloudFront
C)Amazon CloudSearch
D)Amazon CloudWatch

6 What service can be utilized to establish D C 0 Wrong

the necessary steps for automating the
build, test, and deployment processes for a
web application?
A)AWS CodeBuild
B)AWS CodeCommit
C)AWS CodePipeline
D)AWS CodeDeploy

7 Which service from the options provided D D 1 Correct

can be utilized in the AWS cloud to manage
encryption keys?
A)Amazon GuardDuty
B)Amazon Inspector
C)Amazon Cognito
D)CloudHSM

8 For an organization seeking assistance, D D 1 Correct

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

9 If I have a containerized application that D B 0 Wrong

10 If you're developing a mobile application D A 0 Wrong

that requires real-time data
synchronization and offline access to your
backend data, which AWS service from the
options provided would be the most
suitable for building a GraphQL API to fulfill
these requirements?
A)AWS AppSync
B)AWS Amplify
C)AWS Device Farm
D)Amazon AppStream

11 In order to expose your serverless D,E B,D 0 Wrong

12 For a financial organization with an on- D B 0 Wrong

premises Data Center that stores large
volumes of confidential customer financial
transaction data on legacy mainframe
136

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

systems, and that has implemented a

caching solution in the AWS cloud due to
performance issues, which connectivity
option would be most suitable for
transferring this high-bandwidth data to
the cloud? Please choose the best answer.
A)AWS Snowball
B)Direct Connect with a VPN connection
C)Virtual Private Network (VPN)
D)AWS Storage Gateway

13 The project team working on improving D D 1 Correct

the security features of a banking
application needs to choose AWS services
for implementing a threat detection
service. This service will be responsible for
monitoring malicious activities and
unauthorized behaviors to safeguard AWS
accounts, workloads, and data stored in
Amazon S3. Which AWS services would be
the most suitable for this purpose?
A)Amazon Inspector
B)AWS Shield
C)AWS Firewall Manager
D)Amazon GuardDuty

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 The food delivery start-up that is B B 1 Correct

expanding its operations is looking to
enhance security by implementing DDoS
protection for its applications on AWS.
137

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Which AWS service provides customers

with comprehensive protection against
DDoS attacks?
A)Amazon GuardDuty
B)AWS Shield
C)AWS WAF - Web Application Firewall
D)AWS Firewall Manager

2 If you have a set of EC2 Instances hosted B,D B,D 1 Correct

3 Among the options provided, which one B B 1 Correct

4 For conducting faster and efficient security D C 0 Wrong

5 Among the options provided, which one is A C 0 Wrong

138

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

the customer's responsibility to guarantee

the availability and backup of the EBS
volumes?
A)Create copies of EBS Volumes.
B)Delete the data and create a new EBS
volume.
C)Create EBS snapshots.
D)Attach new volumes to EC2 Instances.

6 What AWS service offers suggestions for D D 1 Correct

optimizing infrastructure security?
A)Amazon Elastic Compute Cloud (Amazon
EC2) SpotFleet
B)AWS Application Programming
Interface(API)
C)Reserved Instances
D)AWS Trusted Advisor

7 If a developer needs to access a database D B 0 Wrong

for an application and this process would
necessitate hard-coding the credentials,
which is not a recommended practice, and
instead wants to securely store encrypted
credentials and retrieve them as needed,
thereby avoiding the need to hard-code
credentials in the application, which AWS
service would you recommend to the
developer?
A)AWS Artifact
B)AWS Secrets Manager
C)AWS Encryption SDK
D)AWS Security Hub

8 When an administrator is assigned to set D A 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Least privilege of group principle

D)Best practices of permission advisory

9 If an administrator wants VPCs in three D B 0 Wrong

10 An external audit is currently underway for D C 0 Wrong

11 Which service automates the discovery of D B 0 Wrong

sensitive data on a large scale and reduces
the cost of data protection by utilizing
machine learning and pattern matching
techniques?
A)AWS Security Hub
140

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Amazon Macie
C)AWS Shield
D)Amazon GuardDuty

12 When making modifications to AWS D D 1 Correct

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which three factors influence the cost of D B,C,D 0 Wrong

an On-Demand EC2 Instance?
A)Edge location
B)Operating System
C)Region
D)Instance Type

2 What is a consideration when determining D B 0 Wrong

3 What feature in AWS billing can be utilized D D 1 Correct

to minimize expenses when operating
multiple accounts under AWS
Organizations?
A)Combined billing.
141

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)It is not possible to reduce costs with

multiple accounts.
C)Costs are automatically reduced for
multiple accounts by AWS.
D)Consolidated billing - Volume Discounts.

4 What tools are available for generating a C C 1 Correct

cost estimate for deploying a new solution
on the AWS Cloud infrastructure?
A)AWS Cost and Usage Report
B)AWS Budgets
C)AWS Pricing Calculator
D)AWS Cost Explorer

5 What tool is available for predicting your D A 0 Wrong

AWS expenditure?
A)AWS Cost Explorer
B)AWS Organizations
C)Amazon S3
D)AWS Trusted Advisor

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Which of the following does not constitute D B 0 Wrong

a pillar of the AWS Well-Architected
Framework?
A)Performance Efficiency
B)Automation
C)Cost Optimization
D)Reliability

2 Which AWS services could a research firm D A 0 Wrong

utilize for expert help in deploying a high-
performance computing system in the AWS
cloud for their scientific research activities?
Please provide the options.
A)AWS Professional Services
B)AWS Support
C)AWS Managed Services
D)AWS IQ
142

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

3 What services can be used to facilitate D D 1 Correct

computing elasticity in AWS?
A)Amazon S3
B)AWS RDS
C)VPC Endpoint
D)AWS EC2 Auto Scaling Group

4 Which concept is related to the non- A C 0 Wrong

functional requirement of reducing inter-
dependencies to prevent failures from
affecting other components, as part of
your design team's plan to design an
application for hosting on the AWS Cloud?
A)Segregation
B)Integration
C)Decoupling
D)Aggregation

5 What AWS service would be appropriate D C 0 Wrong

for use as a fully managed data
warehouse?
A)Amazon Relational Database Service
(Amazon RDS)
B)Amazon Athena
C)Amazon RedShift
D)Amazon CloudWatch

6 In the AWS Cloud Adoption Framework B C 0 Wrong

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

7 Which AWS resource or feature (cloud D A 0 Wrong

concept) does not offer automation
capabilities?
A)RDS manual snapshot
B)AWS Elastic Beanstalk
C)Amazon DynamoDB
D)AWS CloudFormation

8 What methods can be employed to D D 1 Correct

9 Which of the following is NOT considered a D A 0 Wrong

benefit of transitioning to the cloud?
A)Increased time to market
B)Scalability
C)Decreased TCO
D)Redundancy

10 Which design pillar should a client who has D A 0 Wrong

Section Name CLF-C02 Post: Cloud Technology and Total Questions: 13

Services
144

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

1 From the options provided below, which D C,D 0 Wrong

two AWS services offer a POSIX compliant,
fully managed, and cost-effective NFS file
storage solution?
A)Amazon Elastic Block Store
B)Amazon FSx for Windows File Server
C)AWS Elastic File System
D)Amazon FSx for Lustre

2 I am looking for an AWS service that can D D 1 Correct

3 From the options provided below, which A C 0 Wrong

service is a region-based service offered by
AWS?
A)Amazon CloudFront
B)AWS IAM
C)Amazon EFS
D)Amazon Route 53

4 An engineering company is in the process C C 1 Correct

of setting up numerous servers across
various subnets within Amazon VPC. The IT
department is currently evaluating the
optimal number of route tables that can be
accommodated per VPC. How many route
tables are officially supported per Amazon
VPC?
A)50
145

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)100
C)200
D)20

5 Which service from the options provided D D 1 Correct

can be utilized in the AWS cloud to manage
encryption keys?
A)Amazon GuardDuty
B)Amazon Inspector
C)Amazon Cognito
D)CloudHSM

6 For a popular e-commerce website that D C 0 Wrong

7 Which of the subsequent options can be C C 1 Correct

connected to EC2 Instances for data
storage?
A)Amazon SQS
B)Amazon Glacier
C)Amazon EBS Volumes
D)Amazon EBS Snapshots

8 Which AWS services can be utilized to D D 1 Correct

automate the deployment of software on a
substantial number of Amazon EC2
instances and on-premises servers?
A)AWS Config
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS CodeDeploy
146

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

9 What steps should be taken to optimize D D 1 Correct

endpoint-based performance and enhance
the availability of our applications, which
have been developed using AWS services
and need to be deployed across multiple
regions for improved performance?
A)Use an endpoint of the application
directly for accessing it that lies within a
user's Region.
B)Use Route 53 latency based routing.
C)Use a CloudFront distribution.
D)Use Global Accelerator.

10 From the options provided below, which D D 1 Correct

11 For an online streaming company that is B C 0 Wrong

12 Among the given statements, which ones A C 0 Wrong

are not accurate in relation to NoSQL
147

Report Date: 15-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

databases?
A)Amazon DynamoDB is a NoSQL database
that supports atomicity, consistency,
isolation, and durability (ACID)
transactions.
B)They are not relational.
C)They need to have a well defined
schema.
D)NoSQL databases are horizontally
scalable.

13 From the options provided below, which D,E B,E 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

148

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Compliance

1 Which of the following options accurately D C 0 Wrong

defines the "Principle of Least Privilege"?
Please select the correct answer from the
options provided below.
A)Users should always have a little more
permission than they need.
B)All users should have the same baseline
permissions granted to them to use basic
AWS services.
C)Users should be granted permission to
access only resources they need to do
their assigned job.
D)Users should submit all access requests
in written form so that there is a paper
trail of who needs access to different AWS
resources.

2 Once your company has fully transitioned C,D B,C 0 Wrong

to the AWS Cloud and wants to ensure
the correct security settings are
implemented, which two of the following
tools would be beneficial?
A)AWS Kinesis
B)AWS Inspector
C)AWS Trusted Advisor
D)AWS Support

3 For a web administrator who manages a A A 1 Correct

variety of public and private web
resources for an organization and needs a
service to monitor the expiration dates of
SSL/TLS certificates, as well as handle
updates and renewals, which service
would be the most appropriate?
A)AWS Certificate Manager
B)AWS Data Lifecycle Manager
C)AWS License Manager
D)AWS Firewall Manager
149

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

4 From the options given, which service can No B 0 Wrong

the Security team utilize to probe and Answer
analyze the root cause of potential
security threats on AWS resources?
A)AWS Security Hub
B)Amazon Detective
C)AWS Shield
D)Amazon GuardDuty

5 Among the options provided, which tool No C 0 Wrong

can be utilized to facilitate authentication Answer
for a substantial number of users
accessing an Amazon S3 bucket via a
mobile application?
A)AWS STS
B)AWS IAM user
C)Amazon Cognito
D)AWS IAM group

6 For conducting faster and efficient No C 0 Wrong

security investigations using machine Answer
learning and graph theory capability on
automatically collected log data, which
AWS service from the options provided
would be the most suitable to fulfill this
requirement?
A)Amazon GuardDuty
B)Amazon Macie
C)Amazon Detective
D)AWS Artifact

7 You're experiencing difficulties while No A 0 Wrong

setting up an AWS service and require Answer
step-by-step assistance to resolve the
issue. Where can you locate
comprehensive articles, solutions, and
best practices offered by AWS specialists
to aid you in troubleshooting the
problem?
A)AWS Knowledge Center
B)AWS Trusted Advisor
150

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)AWS Lambda
D)Amazon Detective

8 If a developer needs to access a database No B 0 Wrong

for an application and this process would Answer
necessitate hard-coding the credentials,
which is not a recommended practice,
and instead wants to securely store
encrypted credentials and retrieve them
as needed, thereby avoiding the need to
hard-code credentials in the application,
which AWS service would you
recommend to the developer?
A)AWS Artifact
B)AWS Secrets Manager
C)AWS Encryption SDK
D)AWS Security Hub

9 From the options provided, which three No A,D,E 0 Wrong

security requirements are handled by Answer
AWS? Please select three answers from
the options below.
A)Hardware patching
B)Password Policies
C)User permissions
D)Physical security
E)Disk disposal

10 For a development team that's looking to No C 0 Wrong

offload SSL processing from existing web Answer
servers, which AWS service from the
options provided would be the most
suitable to fulfill this requirement?
A)AWS Secrets Manager
B)AWS Certificate Manager
C)AWS CloudHSM
D)AWS KMS

11 In a scenario where a developer needs to No B 0 Wrong

enable an application on an EC2 instance Answer
151

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

to perform certain actions and requires

granting access to the application for
some AWS resources, the developer
intends to supply his credentials to the
instance. However, considering the
developer's credentials are long-term, the
developer is seeking an alternative to
minimize the security risk. What could the
developer do in this situation to
temporarily allow applications on EC2 to
access the necessary AWS resources?
A)There is no alternate way. A developer
needs to give his credentials and revoke
access when the required action is done.
B)Use IAM Roles
C)Use IAM Group
D)Use IAM Tags

12 From the options provided below, which No A 0 Wrong

one is a responsibility of the customer Answer
under the AWS Shared Responsibility
Model?
A)Patching of guest OS deployed on
Amazon EC2 instance.
B)Patching of host OS deployed on
Amazon S3.
C)Logical Access controls for underlying
infrastructure.
D)Physical security of the facilities.

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which AWS services, among the ones D D 1 Correct

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS Cost Explorer

2 If your company is transitioning a D B 0 Wrong

3 If there's a need to host a group of servers D A 0 Wrong

in the Cloud for a brief three-month
period, and these instances must be
highly available, cost-effective, and cannot
be interrupted during processing, which
type of instances would be the best
choice?
A)On-Demand
B)Spot Instances
C)No Upfront costs Reserved
D)Partial Upfront costs Reserved

4 If your company is considering offloading D A 0 Wrong

5 What tool is available for predicting your D A 0 Wrong

AWS expenditure?
A)AWS Cost Explorer
B)AWS Organizations
153

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Amazon S3
D)AWS Trusted Advisor

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 If you have an application that is mission- No A 0 Wrong

critical and needs to be globally accessible Answer
at all times, which deployment method
would you choose to use?
A)Deployment to multiple Regions
B)Deployment to multiple edge locations
C)Deployment to multiple Availability
Zones
D)Deployment to multiple Data Centers

2 When a customer's data center and No A 0 Wrong

applications are linked to AWS via a Answer
dedicated network (Direct Connect), what
is the model of cloud deployment?
A)Hybrid Cloud
B)Public Cloud
C)Multi Cloud
D)Private Cloud

3 What is the term for a user-created label, No B 0 Wrong

consisting of a key-value pair of variable Answer
length, that is assigned to AWS resources
as metadata for administrative and
management tasks?
A)Tag key
B)Resource Tag
C)Resource Group
D)Resource Flag

4 Which AWS fully managed database or No C 0 Wrong

data warehouse offering is appropriate for Answer
analytical workloads and supports
standard SQL queries as well as
integration with existing BI tools?
A)Amazon RDS
154

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Amazon DynamoDB
C)Amazon Redshift
D)Amazon Aurora

5 For a live online game using DynamoDB No B 0 Wrong

service in the backend to store real-time Answer
scores of global participants, which data
consistency model would be the most
suitable to apply?
A)Optimistic consistency
B)Strongly consistent
C)Eventually consistent
D)Strong Eventual consistency

6 Which of the following is unlikely to be an No B 0 Wrong

economic advantage for a client utilizing Answer
AWS cloud services?
A)The client is using an Active - Passive
failover routing strategy of his On -
Premise Data Center to AWS cloud.
B)The Client is running a dedicated
MySQL Database Server on AWS with his
own CPU bound license (BOYL).
C)The Client is running Spot Instances for
batch data processing workloads.
D)The client is running applications with a
relatively predictable & consistent
resource Demand using AWS Reserved
Instances.
E)The client is using S3 Intelligent Tiering
storage class while uploading objects.

7 Amazon Aurora is a relational database No B,E 0 Wrong

compatible with MySQL and PostgreSQL. Answer
Please select two options that are NOT
features of Amazon Aurora.
A)Amazon Aurora is a fully managed
service.
B)Amazon Aurora is slower than standard
MySQL databases.
C)Amazon Aurora provides replication
155

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

across 3 AZs.
D)Amazon Aurora features self-healing
storage system.
E)Amazon Aurora can auto scale upto 32
TB.

8 What is the functionality of EBS Volume No C 0 Wrong

replication in the event of a single Answer
hardware failure?
A)Replicates the volume across Edge
locations
B)Replicates the volume across
Availability Zones
C)Replicates the volume in the same
Availability Zone
D)Replicates the volume across Regions

9 Which of the below listed is NOT a No A 0 Wrong

requirement for setting up S3 replication? Answer
A)Bucket owner of the destination should
have both source and destination Region
enabled for their account.
B)Bucket owner of the source bucket
should have both source and destination
Regions enabled for their account.
C)Versioning should be enabled for
buckets in both source and destination.
D)Amazon S3 must have been granted
object replication permissions from the
source bucket to the destination bucket
on behalf of the owner.

10 In the context of the AWS shared No C 0 Wrong

responsibility model for cloud Answer
sustainability, which of the provided
options is the customer's responsibility?
A)Achieve high server utilization rates
B)Delivering efficient servers
C)Optimizing Workload and resource
utilization
156

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Sourcing Renewable power

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 For a smart agriculture company aiming B D 0 Wrong

2 Which AWS service would be the most D C 0 Wrong

3 Which machine learning-based AWS D A 0 Wrong

4 From the options provided below, which D C 0 Wrong

support plan does not provide access to
157

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Support Automation Workflows with

AWSPremiumSupport?
A)Enterprise
B)Business
C)Developer
D)Enterprise On-Ramp

5 I am looking for an AWS service that can D D 1 Correct

offer my employees secure access to my
Organization's internal websites and SaaS
applications. I need a solution that is cost-
effective, requires minimal infrastructure
management, and is easy to use. Which
AWS service would be the best fit for
these requirements?
A)Use AWS client VPN solution to connect
to the Organization's internal websites &
SaaS applications
B)AWS AppStream
C)AWS WorkSpaces
D)AWS WorkSpaces Web

6 What support plan is available for D B 0 Wrong

proactive monitoring of a business-critical
application on AWS by an AWS Technical
Account Manager?
A)Enterprise On-Ramp Plan
B)Enterprise Plan
C)Business Plan
D)Developer Plan

7 If I have a Virtual Private Cloud D A 0 Wrong

infrastructure environment that hosts an
Application and a Database, and I want
this application to be securely accessible
to anyone, what are the best practices for
hosting them within the infrastructure?
A)Subnet configured for the ELB should
contain a NAT Gateway
B)Host the Application in a Public Subnet,
Database in a Private Subnet with an ELB
158

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

frontending the Application in a Public

Subnet
C)Host both the Application & Database in
a Public subnet with an ELB frontend the
Application in a public Subnet
D)Subnet configured for the Application
should have a route to the Internet
Gateway

8 Among the listed AWS services, which one D B 0 Wrong

does not have the functionality to
provision IT infrastructure?
A)All of them.
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS Elastic Beanstalk

9 For a company that wants to create D D 1 Correct

10 What is the AWS service that provides a B D 0 Wrong

11 Which of the following choices is not C C 1 Correct

applicable for uploading archives to
159

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Amazon Glacier?
A)AWS S3 Lifecycle policies
B)RESTful API calls with Amazon S3
Glacier
C)Amazon S3 Glacier console
D)AWS SDKs with Amazon S3 Glacier

12 What service can a large IT company use C D 0 Wrong

to allow its extensive user base to access
persistent Linux desktops remotely from
any location?
A)AWS Outposts
B)Amazon Cognito
C)Amazon AppStream 2.0
D)Amazon WorkSpaces

13 If I need varying access levels for my A B 0 Wrong

application installed on an EC2 instance
and have set up an ENI for this purpose,
which statement would not be correct?
A)I can attach an Elastic IP to an EC2
instance in another subnet by releasing it
from the ENI in the current subnet to
which it is currently attached to
B)I can detach the primary ENI of my EC2
instance and connect it to another
instance for moving its Elastic IP
C)I can configure a Security Group for my
ENI and restrict traffic to the EC2 instance
D)I can detach a secondary ENI containing
a Private IP from one EC2 instance and
attach it to another
160

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 You're experiencing difficulties while D A 0 Wrong

setting up an AWS service and require
step-by-step assistance to resolve the
issue. Where can you locate
comprehensive articles, solutions, and
best practices offered by AWS specialists
to aid you in troubleshooting the
problem?
A)AWS Knowledge Center
B)AWS Trusted Advisor
C)AWS Lambda
D)Amazon Detective

2 For downloading AWS' security and D A 0 Wrong

compliance documents, which AWS
service from the options provided would
be the most suitable to fulfill this
requirement?
A)AWS Artifact
B)AWS Well-Architected Tool
C)AWS Audit Manager
D)AWS Trusted Advisor

3 From the options provided below, which No B 0 Wrong

security service would you utilize to Answer
detect users personal credit card numbers
from data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector

4 Within a sophisticated AWS setup D A 0 Wrong

encompassing various AWS accounts and
resources, an organization requires a
centralized tool to oversee and
implement uniform firewall rules and
161

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

policies. This is crucial in maintaining a

consistent security stance and compliance
throughout the infrastructure. What AWS
service offers the functionality to
accomplish this?
A)AWS Firewall Manager
B)Amazon GuardDuty
C)Amazon Inspector
D)AWS Web Application Firewall

5 In the context of serverless services like No A 0 Wrong

AWS Lambda, how does the Shared Answer
Responsibility Model apply?
A)The user is responsible for IAM roles
and identities that can invoke the AWS
Lambda functions.
B)Amazon has overall responsibility for
the infrastructure, including IAM roles
and identities that can invoke functions.
C)The user is responsible for the security
and access to the instances that handle
the compute capacity.
D)Amazon is responsible for any malicious
code written in the IDE and can terminate
any rogue activity.

6 From the options provided, which three No A,D,E 0 Wrong

security requirements are handled by Answer
AWS? Please select three answers from
the options below.
A)Hardware patching
B)Password Policies
C)User permissions
D)Physical security
E)Disk disposal

7 An organization must guarantee the No B 0 Wrong

secure handling of encryption keys for Answer
different services and resources. They are
in need of a centralized tool that enables
them to generate, update, and regulate
162

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

access to encryption keys without the

hassle of manual key management. Which
AWS service offers the functionality to
accomplish this task?
A)Amazon GuardDuty
B)AWS Key Management Service (KMS)
C)AWS CloudHSM
D)AWS Identity and Access Management
(IAM)

8 From the options provided below, which No A,E 0 Wrong

two are responsibilities of AWS in the Answer
shared responsibility model for Security
and Compliance between AWS and
customer?
A)Patch management within the AWS
infrastructure
B)Perform all the necessary security
configuration and management tasks for
Amazon Elastic Compute Cloud (Amazon
EC2).
C)Patch management of the guest OS and
applications
D)Security of the data in the AWS cloud
E)Security of the AWS cloud

9 The food delivery start-up that is No B 0 Wrong

expanding its operations is looking to Answer
enhance security by implementing DDoS
protection for its applications on AWS.
Which AWS service provides customers
with comprehensive protection against
DDoS attacks?
A)Amazon GuardDuty
B)AWS Shield
C)AWS WAF - Web Application Firewall
D)AWS Firewall Manager

10 From the options provided below, which No C 0 Wrong

service would you utilize for governance, Answer
compliance, and risk auditing in AWS?
163

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)AWS SNS
B)AWS CloudFormation
C)AWS CloudTrail
D)AWS CloudWatch

11 Which AWS Service offers a unified No D 0 Wrong

platform for compiling, prioritizing, and Answer
handling security alerts and compliance
findings throughout an organization's
AWS environment?
A)AWS WAF
B)AWS Shield
C)Amazon GuardDuty
D)AWS Security Hub

12 If you have a set of EC2 Instances hosted No B,D 0 Wrong

on the AWS Cloud that are hosting a web Answer
application, which two options from the
ones provided would act as a firewall to
your VPC and the instances within it?
Please select two answers.
A)Usage of the Internet gateway
B)Usage of Security Groups
C)Usage of AWS Config
D)Usage of Network Access Control Lists

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 If a client has a suite of on-premise D A 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

2 Which three factors influence the cost of B,C,D B,C,D 1 Correct

an On-Demand EC2 Instance?
A)Edge location
B)Operating System
C)Region
D)Instance Type

3 If your company is considering offloading D A 0 Wrong

4 A customer is interested in a support plan D,E A,E 0 Wrong

that provides access to the following six
security checks. Which two support plans
would offer these security checks at the
lowest cost?Security Check 1: S3 Bucket
PermissionsSecurity Check 2: Security
Groups - Specific Ports
UnrestrictedSecurity Check 3: IAM
UseSecurity Check 4: MFA on Root
AccountSecurity Check 5: EBS Public
SnapshotsSecurity Check 6: RDS Public
Snapshots
A)Basic Plan
B)Gold Plan
C)Business Plan
D)Enterprise Plan
E)Developer Plan

5 Which EC2 instance would be the most D C 0 Wrong

appropriate for an organization that has
developed an event-based meme creation
application, which they plan to operate
continuously during a 3-month-long
165

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

sporting event to allow team fans to

create and share memes on social media?
A)Spot Instances
B)Reserved Instances
C)On-Demand Instances
D)Dedicated Instances

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 In the AWS Cloud Adoption Framework No C 0 Wrong

(CAF), which of the following accurately Answer
depicts the four viewpoints that shape
the framework's advice and their
corresponding categories?
A)Strategy, Implementation, Monitoring,
Optimization
B)Technology, Security, Scalability,
Compliance
C)Business, People, Platform, Security
D)Architecture, Deployment,
Performance, Governance

2 What does an AWS region refer to? No D 0 Wrong

A)It is the same as an Availability zone. Answer
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
D)It is a geographical area divided into
Availability Zones.

3 When a customer's data center and No A 0 Wrong

applications are linked to AWS via a Answer
dedicated network (Direct Connect), what
is the model of cloud deployment?
A)Hybrid Cloud
B)Public Cloud
C)Multi Cloud
D)Private Cloud

4 When adhering to the "design for failure No B,C,D 0 Wrong

and nothing will fail" principle in system Answer
166

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

design, which three AWS services or

features could be beneficial? Please select
three from the options provided.
A)Pay as you go
B)Availability Zones
C)Regions
D)Elastic Load Balancer

5 Can you identify the statement that No B 0 Wrong

accurately describes the AWS Global Answer
infrastructure?
A)To provide High Availability, AWS
management console and control plane
are isolated to a single region
B)Each AWS region has multiple
Availability Zones
C)Many AWS regions has single
availability zone
D)Availability zones are also known as
AWS Local zones

6 In the context of the AWS Shared No D 0 Wrong

Responsibility Model, which Answer
responsibilities are exclusively the
customers?
A)Training
B)Patch Management
C)Configuration Management
D)Service and Communications Protection
or Zone Security

7 For a live online game using DynamoDB No B 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

8 Which component of the AWS Global No D 0 Wrong

Infrastructure, located within an AWS Answer
Region, offers high-bandwidth, low-
latency networking, and fully redundant
connectivity?
A)Regional Cache
B)Data Centers
C)Edge Location
D)Availability Zones

9 What is the functionality of EBS Volume No C 0 Wrong

10 What deployment strategies could be No C 0 Wrong

effective in creating a resilient Answer
architecture for a critical e-Commerce
application that requires at least 99.5%
uptime and is being considered for
migration to the AWS Cloud?
A)Deploying the application across
multiple subnets
B)Deploying the application across
multiple VPC's
C)Deploying the application across
multiple Regions
D)Deploying the application across Edge
locations

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 From the options provided below, which D B 0 Wrong

168

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

feature of Amazon S3 would you utilize to

automatically transition objects to
appropriate low-cost storage classes at
defined intervals, thereby saving costs?
A)Performing S3 Batch Operations
B)By configuring "Amazon S3 lifecycle
policies"
C)Using Versioning
D)Enabling replication

2 Which of the following options provides D C 0 Wrong

the best solution for complete control
over the transactional database and
access to the operating system level of
resources for a retail e-commerce firm
planning to use Oracle SQL database for
its new application hosted on AWS cloud?
A)Run database using Amazon Aurora
B)Run database using Amazon DynamoDB
C)Run database using Amazon EC2
D)Run database using Amazon RDS

3 For a motion sensor device that needs to D A 0 Wrong

analyze motion data in its vicinity, which
AWS service from the options provided
would be suitable for rapid data
processing without the need for internet
connectivity?
A)IoT Greengrass
B)IoT Core
C)IoT Analytics
D)IoT Device Management

4 What are the five areas in which the D D 1 Correct

Trusted Advisor service provides insights
for an AWS account?
A)Performance, cost optimization, access
control, connectivity and Service Limits
B)Security, fault tolerance, high
availability, connectivity and Service
Limits
169

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Security, access control, high

availability, performance and Service
Limits
D)Performance, cost optimization,
security, fault tolerance and Service Limits

5 For a company that has set up EC2 D A 0 Wrong

Instances in a VPC for their application
and has been advised by the IT Security
department to monitor all traffic to the
EC2 Instances, which feature from the
options provided below would be the
most suitable to capture information for
outgoing and incoming IP traffic from
network interfaces in a VPC?
A)AWS VPC Flow Logs
B)AWS Cloudwatch
C)AWS EC2
D)AWS SQS

6 For an organization seeking to protect its D C 0 Wrong

applications on EC2, ELB, and Route 53
resources, and aiming to gain near real-
time insights into attacks and prevent
complex DDoS attacks, which AWS service
would you recommend?
A)AWS WAF (Web Application Firewall)
B)AWS Shield Standard
C)AWS Shield Advanced
D)AWS Firewall Manager

7 If an administrator is working on a D B 0 Wrong

collaborative project and wants to
document the initial configuration and
several authorized changes made to the
route table of a VPC, what would be the
most effective method to accomplish this
from the options provided below?
A)Use of an AWS Lambda function that is
triggered to save a log file to an S3 bucket
each time configuration changes are
170

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

made.
B)Use of AWS Config
C)Use of VPC Flow Logs
D)Use of AWS CloudTrail

8 From the options provided below, which C A 0 Wrong

component of AWS Batch would you use
to specify the memory requirements of
the resources?
A)Job Definitions
B)Jobs
C)Compute Environment
D)Job Queue

9 Which AWS services can be utilized to C D 0 Wrong

automate the deployment of software on
a substantial number of Amazon EC2
instances and on-premises servers?
A)AWS Config
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS CodeDeploy

10 If your organization needs to provide a C B 0 Wrong

11 For an international sports governing D B 0 Wrong

body's website that aims to deliver
content in the local language of viewers
from various parts of the world, which
171

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

service would offer location-based web

personalization using geolocation headers
from the options given below?
A)Amazon Route 53
B)Amazon CloudFront
C)Amazon EC2 Instance
D)Amazon Lightsail

12 Which routing policies can be employed D A 0 Wrong

to ensure optimal resource allocation for
serving your traffic, taking into account
the geographical location of your users?
A)Use Route 53 Geolocation routing
policy.
B)Use Route 53 weighted routing policy.
C)Use Route 53 latency routing policy.
D)Use Route 53 Geoproximity routing
policy.

13 Out of the following statements D,E A,D 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 Identify two statements that correctly D,E C,D 0 Wrong

describe a function of AWS Secrets
Manager.
A)Facilitates the embedding of
authentication information in code during
runtime.
B)Encrypts authentication information in
code, ensuring that it is unreadable, that
is, not in plain-text.
C)Replaces the need to hardcode
authentication credentials in code.
D)Makes it possible to include an API call
in code that retrieves authentication
information from a central repository.
E)Automatically rotates and updates the
code in the application build, ensuring
that repositories are kept up to date.

2 For a web administrator who manages a C A 0 Wrong

variety of public and private web
resources for an organization and needs a
service to monitor the expiration dates of
SSL/TLS certificates, as well as handle
updates and renewals, which service
would be the most appropriate?
A)AWS Certificate Manager
B)AWS Data Lifecycle Manager
C)AWS License Manager
D)AWS Firewall Manager

3 You're experiencing difficulties while D A 0 Wrong

setting up an AWS service and require
step-by-step assistance to resolve the
issue. Where can you locate
comprehensive articles, solutions, and
best practices offered by AWS specialists
to aid you in troubleshooting the
problem?
173

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)AWS Knowledge Center

B)AWS Trusted Advisor
C)AWS Lambda
D)Amazon Detective

4 When a new department has been added D D 1 Correct

to the organization and the administrator
is tasked with setting up access
permissions for a group of users with
diverse roles and access requirements,
what is the recommended strategy for
granting access?
A)Users should have no access and be
granted temporary access on the
occasions that they need to execute a
task.
B)After gathering information on their
access needs, the administrator should
allow every user to access the most
common resources and privileges on the
system.
C)The administrator should grant all users
the same permissions and then grant
more upon request.
D)The administrator should grant all users
the least privilege and add more
privileges to only to those who need it.

5 From the options provided below, which No B 0 Wrong

security service would you utilize to Answer
detect users personal credit card
numbers from data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector

6 From the options provided below, which No D 0 Wrong

one accurately describes the features and Answer
capabilities that AWS Network Firewall
offers for enhancing network security in
174

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

an Amazon Web Services (AWS)

environment?
A)AWS Network Firewall is a managed,
stateless firewall for securing your
Amazon VPC
B)AWS Network Firewall offers load
balancing and auto-scaling for
applications within Amazon VPCs
C)AWS Network Firewall provides
protection against Distributed Denial of
Service (DDoS) attacks
D)AWS Network Firewall is a managed,
stateful firewall for securing your Amazon
VPC

7 What is the most cost-effective service for No A 0 Wrong

securely storing application configuration Answer
data and secrets in an encrypted format?
A)AWS Systems Manager Parameter Store
B)AWS KMS
C)AWS Systems Manager
D)AWS Secrets Manager

8 From the options provided below, which No A,E 0 Wrong

9 The food delivery start-up that is No B 0 Wrong

expanding its operations is looking to
175

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

enhance security by implementing DDoS Answer

protection for its applications on AWS.
Which AWS service provides customers
with comprehensive protection against
DDoS attacks?
A)Amazon GuardDuty
B)AWS Shield
C)AWS WAF - Web Application Firewall
D)AWS Firewall Manager

10 What AWS services are available for No A 0 Wrong

retrieving configuration changes that Answer
have led to operational problems with
AWS resources?
A)AWS Config
B)Amazon Inspector
C)AWS CloudFormation
D)AWS Trusted Advisor

11 From the options provided below, which No C,E 0 Wrong

two statements accurately describe the Answer
process of provisioning a security
certificate from AWS Certificate Manager
(ACM)?
A)A security certificate issued in ACM can
only be applied to one AWS resource.
B)ACM-issued security certificate cannot
be applied to an Application load
balancer.
C)To verify a security certificate, a CNAME
record would need to be created.
D)Third-party security certificates cannot
be applied to AWS resources.
E)To verify a security certificate, the
administrator would need to
acknowledge a verification email sent to
an address of their choice.

12 From the options given, which service can No B 0 Wrong

the Security team utilize to probe and Answer
analyze the root cause of potential
176

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

security threats on AWS resources?

A)AWS Security Hub
B)Amazon Detective
C)AWS Shield
D)Amazon GuardDuty

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 In an AWS Organization using C,D C,D 1 Correct

consolidated billing, where can a
"Member AWS account" configure the
delivery of a product-wise daily cost
breakdown report for cost and usage
analysis? Choose Two options.
A)AWS Management Console
B)Amazon Athena
C)S3 bucket owned by the member
account
D)S3 bucket owned by the management
account

2 When considering a transition to the AWS D A 0 Wrong

Cloud for your company and focusing on
Amazon EC2 from a cost perspective,
what would be a benefit?
A)The ability to only pay for what you
use.
B)The ability to choose low cost AMI's to
prepare the EC2 Instances.
C)Having the ability of automated
backups of the EC2 instance, so that you
don't need to worry about the
maintenance costs.
D)Ability to tag instances to reduce the
overall cost.

3 If a program manager wants to receive D D 1 Correct

alerts when projected costs are set to
exceed a certain amount, and to
177

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

understand usage and costs over time

(preferably through visualizations) to
identify potential savings, which AWS
products would be best suited to meet
these requirements?
A)AWS Savings plan and AWS
Organization
B)AWS Budget and AWS Savings plan
C)AWS Savings plan and AWS Cost
Explorer
D)AWS Budget and AWS Cost Explorer

4 If a client has a suite of on-premise D A 0 Wrong

5 For a large Oil and Gas company that is D C 0 Wrong

planning to launch a high-volume
application on several Amazon EC2
instances, which option could assist in
lowering operational costs?
A)Deploy Amazon EC2 instance with
Amazon instance store-backed AMI
B)Deploy Amazon EC2 instance in
multiple AZ's
C)Deploy Amazon EC2 instance with
Auto-scaling
D)Deploy Amazon EC2 instance with
Cluster placement group

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Which pillar of the AWS Well-Architected No D 0 Wrong

178

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Framework emphasizes using the Answer

minimum required hardware for
resources deployed in the AWS Cloud?
A)Operational Excellence Pillar
B)Reliability Pillar
C)Performance Efficiency Pillar
D)Sustainability Pillar

2 Which of the below listed is NOT a No A 0 Wrong

3 What scenario would be best suited for No A 0 Wrong

implementing an Amazon RDS database Answer
instance as opposed to a NoSQL/non-
relational database?
A)In an organisation where only a finite
number of processes query the database
in predictable and well-structured
Schemas.
B)Where datasets are constantly evolving
and cannot be confined to a static data
schema.
C)Where vertical scaling of the database's
resources is not permissible and is
seldom necessary.
D)In an organisation whose datasets are
dynamic and document-based.

4 In the shared responsibility model for No A,C 0 Wrong

179

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

infrastructure services such as Amazon Answer

Elastic Compute Cloud (EC2), which of the
following security responsibilities are
attributed to the customer? Please
choose two.
A)Policies and configuration
B)Network infrastructure
C)Amazon Machine Images (AMIs)
D)Virtualization infrastructure
E)Physical security of hardware

5 What distinguishes vertical scaling, or No D 0 Wrong

"scaling up", from horizontal scaling, also Answer
known as "scaling out", in the context of
designing a highly available architecture?
A)Autoscaling groups require scaling up
whilst launch configurations use scaling
out.
B)Scaling up provides for high availability
whilst scaling out brings fault-tolerance.
C)Scaling out is not cost-effective
compared to scaling up.
D)Scaling up adds more resources to an
instance, scaling out adds more instances.

6 What architectural best practice can an No A 0 Wrong

architect use to design a solution for a Answer
distributed system where the
components of one system do not
adversely affect the other components?
A)Implement loose coupling
B)Request Throttling
C)Using stateless services
D)Enabling automatic data backup

7 Data stored on Amazon EBS volumes can No C 0 Wrong

be backed up using point-in-time Answer
snapshots, which are incremental
backups. Only the modified blocks since
the last snapshot are saved. Where are
these EBS snapshots stored?
180

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Amazon Aurora
B)Amazon EBS Volume
C)Amazon S3
D)Amazon EFS

8 If you have an application that is mission- No A 0 Wrong

critical and needs to be globally Answer
accessible at all times, which deployment
method would you choose to use?
A)Deployment to multiple Regions
B)Deployment to multiple edge locations
C)Deployment to multiple Availability
Zones
D)Deployment to multiple Data Centers

9 What is the most suitable S3 storage class No B 0 Wrong

for an insurance organization aiming to Answer
maintain a long-term archive of customer
data in compliance with HIPAA
regulations, where any department
requiring access to the archived data
must notify the IT department at least 14
hours in advance?
A)Amazon S3 Standard-Infrequent Access
B)Amazon S3 Glacier deep archive
C)Amazon S3 Standard
D)Amazon S3 Glacier

10 For which of the following AWS resources No D 0 Wrong

is the customer responsible for Answer
configuring security settings related to
infrastructure?
A)AWS Fargate
B)Amazon RDS
C)Amazon DynamoDB
D)Amazon EC2

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services
181

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

1 For an administrator who needs to D A 0 Wrong

manage multiple AWS accounts within a
large organization, which AWS service
from the options provided would be the
most suitable to fulfill this requirement?
A)AWS Organizations
B)AWS CloudTrail
C)IAM Roles
D)IAM Policies

2 Which AWS service can a company use to D D 1 Correct

cache their most frequently accessed
data, in order to enhance the response
time of their new two-tier web
application being deployed on AWS?
A)Amazon DynamoDB
B)MySQL Installed on two Amazon EC2
Instances in a single Availability Zone
C)Amazon RDS for MySQL with Multi-AZ
D)Amazon ElastiCache

3 It is necessary to verify the operational D B 0 Wrong

status of my EC2 instances. A script has
been developed to facilitate the retrieval
of the instance's ID for the purpose of
sending notifications to an SNS topic.
What methods can be employed to
retrieve the instance's ID?
A)I cannot use a script. I need to login to
the AWS console & manually check the
instance's ID & its status
B)By querying the instance's Meta Data
C)By querying the instances User Data
D)I need to get authorized with an IAM
role prior to accessing the instance's ID
using Metadata

4 What settings can be configured to give D A 0 Wrong

priority to the evaluation of critical job
queues over other job queues linked to
the same compute resource?
182

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Set higher priority in the priority

parameter of a job queue
B)Set higher priority in the priority
parameter of a job definition
C)Set lower priority in the priority
parameter of a job definition
D)Set lower priority in the priority
parameter of a job queue

5 A radio station curates an annual list of D D 1 Correct

6 For a smart agriculture company aiming D D 1 Correct

7 To comply with the industry regulatory D D 1 Correct

body's requirements, the healthcare
insurance company must establish
183

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

complete control over cryptographic key

management within their local
infrastructure to protect sensitive patient
data. However, a challenge arises as all
their workloads are hosted in the cloud.
How can the organization effectively
address this situation and meet the
regulatory demands?
A)Server-Side Encryption (SSE)
B)AWS Key Management Service (KMS)
C)AWS Certificate Manager (ACM)
D)AWS CloudHSM

8 The e-commerce web application being D D 1 Correct

developed on an EC2 instance is currently
facing performance issues during
browsing and searching activities when
multiple heavy load use-cases are being
executed simultaneously. The application
monitoring tools have identified a
bottleneck in the web tier. In order to
address this issue, a decision has been
made to refactor the application code by
separating the web tier components from
the resource-intensive tasks related to
processing orders. Which AWS service
would be suitable to facilitate this
modification?
A)Amazon Kinesis Streams
B)AWS Auto Scaling
C)AWS Elastic Load Balancing
D)Amazon SQS

9 For an online streaming company that is D C 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Geoproximity
C)Geolocation
D)Multi-value answer

10 For an organization seeking assistance, D D 1 Correct

which role does Amazon AppStream play
from the options provided below?
A)It hosts websites and web applications
with high availability
B)It provides cloud-based virtual
machines for running containerized
applications
C)It automates and manages AWS
resource provisioning
D)It delivers desktop applications securely
to users via streaming

11 What features are included in Amazon D C 0 Wrong

Connect?
A)Reputation Dashboard
B)Push Notification
C)High Quality Audio
D)Mailbox Simulator

12 For a team of engineers developing an D D 1 Correct

industrial IoT solution for a factory in a
remote location with sporadic
connectivity, where real-time monitoring
of crucial machinery and immediate local
responses to specific events are required
without total reliance on cloud
communication, which AWS service
would be the optimal solution?
A)Amazon Redshift
B)Amazon S3
C)AWS IoT Core
D)AWS IoT Greengrass

13 Which service from the options provided D D 1 Correct

can be utilized in the AWS cloud to
185

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

manage encryption keys?

A)Amazon GuardDuty
B)Amazon Inspector
C)Amazon Cognito
D)CloudHSM

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 For a web administrator who manages a B A 0 Wrong

variety of public and private web
resources for an organization and needs a
service to monitor the expiration dates of
SSL/TLS certificates, as well as handle
updates and renewals, which service
would be the most appropriate?
A)AWS Certificate Manager
B)AWS Data Lifecycle Manager
C)AWS License Manager
D)AWS Firewall Manager

2 When promoting an EC2 Instance from C C 1 Correct

development to production that interacts
with the Simple Storage Service, which
feature should be utilized to provide the
EC2 instance with the appropriate
permissions to access the Simple Storage
Service?
A)IAM Policies
B)IAM Users
C)IAM Roles
D)IAM Groups
186

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

3 If a developer needs to access a database D B 0 Wrong

4 An organization must guarantee the D B 0 Wrong

secure handling of encryption keys for
different services and resources. They are
in need of a centralized tool that enables
them to generate, update, and regulate
access to encryption keys without the
hassle of manual key management.
Which AWS service offers the
functionality to accomplish this task?
A)Amazon GuardDuty
B)AWS Key Management Service (KMS)
C)AWS CloudHSM
D)AWS Identity and Access Management
(IAM)

5 Which of the following can be set up to D D 1 Correct

improve security at the subnet level?
A)Security Group
B)Virtual Private Cloud (VPC)
C)Configure transitive VPC peering
D)NACL (Network Access Control List)

6 For conducting faster and efficient D C 0 Wrong

security investigations using machine
learning and graph theory capability on
automatically collected log data, which
187

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

AWS service from the options provided

would be the most suitable to fulfill this
requirement?
A)Amazon GuardDuty
B)Amazon Macie
C)Amazon Detective
D)AWS Artifact

7 In the context of the Shared Security ,,,,, A,C,D 0 Wrong

8 For a startup company engaged in social D C 0 Wrong

media app development that wishes to
provide temporary access to its Lambda
functions on AWS to freelance developers
who will be logging in through Facebook
authentication, which service would be
the most suitable for ensuring secure
access?
A)Use a third-party Web ID, federated
access provider.
B)Create user credentials using Identity
Access Management (IAM).
C)Use Amazon Cognito for web-identity
federation.
D)Use Access keys to provide temporary
access.

9 Among the options provided, which one D B 0 Wrong

can serve as an extra layer of security for
the username and password when signing
into the AWS Console?
A)Secondary user name
188

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Multi-Factor Authentication (MFA)

C)Secondary password
D)Root access privileges

10 What AWS service offers suggestions for D D 1 Correct

optimizing infrastructure security?
A)Amazon Elastic Compute Cloud
(Amazon EC2) SpotFleet
B)AWS Application Programming
Interface(API)
C)Reserved Instances
D)AWS Trusted Advisor

11 From the options provided below, which D C 0 Wrong

service would you utilize for governance,
compliance, and risk auditing in AWS?
A)AWS SNS
B)AWS CloudFormation
C)AWS CloudTrail
D)AWS CloudWatch

12 From the options provided below, which D,E C,E 0 Wrong

two statements accurately describe the
process of provisioning a security
certificate from AWS Certificate Manager
(ACM)?
A)A security certificate issued in ACM can
only be applied to one AWS resource.
B)ACM-issued security certificate cannot
be applied to an Application load
balancer.
C)To verify a security certificate, a CNAME
record would need to be created.
D)Third-party security certificates cannot
be applied to AWS resources.
E)To verify a security certificate, the
administrator would need to
acknowledge a verification email sent to
an address of their choice.
189

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 What is a consideration when D B 0 Wrong

determining the Total Cost of Ownership
(TCO) for the AWS Cloud?
A)The number of keys migrated to AWS
B)The number of servers migrated to AWS
C)The number of users migrated to AWS
D)The number of passwords migrated to
AWS

2 What tool is available for predicting your D A 0 Wrong

AWS expenditure?
A)AWS Cost Explorer
B)AWS Organizations
C)Amazon S3
D)AWS Trusted Advisor

3 If an organization has initiated a new D A 0 Wrong

4 Which AWS service can provide alerts D D 1 Correct

about changes that could impact
resources in your account, particularly
useful for an IT Manager at a
manufacturing firm that has recently
moved their application servers to
Amazon EC2 and is interested in
upcoming scheduled maintenance
activities?
190

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)AWS Organizations
B)Amazon GuardDuty
C)AWS Trusted Advisor
D)AWS Health Dashboard

5 If your company is considering offloading D A 0 Wrong

some batch processing workloads to
AWS, and these tasks can be paused and
resumed at any time, which type of
instance would be the most cost-efficient
to use for this purpose?
A)Spot
B)On-Demand
C)Full Upfront Reserved
D)Partial Upfront Reserved

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 What scenario would be best suited for D A 0 Wrong

implementing an Amazon RDS database
instance as opposed to a NoSQL/non-
relational database?
A)In an organisation where only a finite
number of processes query the database
in predictable and well-structured
Schemas.
B)Where datasets are constantly evolving
and cannot be confined to a static data
schema.
C)Where vertical scaling of the database's
resources is not permissible and is seldom
necessary.
D)In an organisation whose datasets are
dynamic and document-based.

2 Which of the following is not an No B 0 Wrong

advantage for a real estate online Answer
marketplace start-up planning to
transition to the cloud?
A)Benefit from massive economies of
191

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

scale.
B)Install on a company's own servers.
C)Go global in minutes.
D)Stop guessing capacity.

3 Which two activities fall under the No B,E 0 Wrong

purview of AWS Support from the options Answer
provided?
A)Database query tuning
B)Troubleshooting API issues
C)Code Development
D)Debugging custom software
E)Third-party application configuration on
AWS resources

4 Which of the below listed is NOT a No A 0 Wrong

5 What does an AWS region refer to? No D 0 Wrong

A)It is the same as an Availability zone. Answer
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
D)It is a geographical area divided into
Availability Zones.

6 Which AWS service from the options No C 0 Wrong

below enables you to scale up resources Answer
in response to application or user
192

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

demand?
A)AWS Inspector
B)AWS EC2
C)AWS Autoscaling
D)AWS ELB

7 In the shared responsibility model for No A,C 0 Wrong

infrastructure services such as Amazon Answer
Elastic Compute Cloud (EC2), which of the
following security responsibilities are
attributed to the customer? Please
choose two.
A)Policies and configuration
B)Network infrastructure
C)Amazon Machine Images (AMIs)
D)Virtualization infrastructure
E)Physical security of hardware

8 What service can the Developer Team use No D 0 Wrong

to create a personalized portfolio for Answer
rapid deployment of a multi-tier web
application?
A)AWS CloudFormation
B)AWS Config
C)AWS Code Deploy
D)AWS Service Catalog

9 Which of the following does not No B 0 Wrong

constitute a pillar of the AWS Well- Answer
Architected Framework?
A)Performance Efficiency
B)Automation
C)Cost Optimization
D)Reliability

10 What would be the best option for a No D 0 Wrong

company that wants to host a database Answer
on AWS and maintain as much control
over the database as possible?
A)Using the Amazon Aurora service
193

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Using the AWS DynamoDB service

C)Using the AWS RDS service
D)Hosting the database on an EC2
Instance

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 What is the command that can be utilized D C 0 Wrong

to configure the AWS CLI installation in
order to specify the region and Access key
ID?
A)aws deploy
B)aws configservice
C)aws configure
D)aws connect

2 In your organization, you have a DevOps D B 0 Wrong

3 If I have a Virtual Private Cloud D A 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Host both the Application & Database

in a Public subnet with an ELB frontend
the Application in a public Subnet
D)Subnet configured for the Application
should have a route to the Internet
Gateway

4 For an international sports governing D B 0 Wrong

body's website that aims to deliver
content in the local language of viewers
from various parts of the world, which
service would offer location-based web
personalization using geolocation headers
from the options given below?
A)Amazon Route 53
B)Amazon CloudFront
C)Amazon EC2 Instance
D)Amazon Lightsail

5 Mayank is in the process of creating a D C 0 Wrong

web application that necessitates real-
time updates and interactions. He is
considering utilizing AWS services to
manage the backend logic, database, and
authentication seamlessly. What would
be the most suitable choice for meeting
Mayank's needs?
A)AWS AppSync
B)AWS Device Farm
C)AWS Amplify
D)AWS IoT Core

6 Which machine learning-based AWS D A 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

7 Which storage option among the D B 0 Wrong

following offers the capability of utilizing
Lifecycle policies to transfer objects to
archive storage?
A)Amazon Elastic Block Store
B)Amazon S3
C)Amazon Elastic File System
D)Amazon Storage Gateway

8 If I have a containerized application that D B 0 Wrong

necessitates explicit definition and
management of capacity (CPU, Memory,
Instance type) for cost optimization while
using AWS infrastructure, which
technology would I employ when defining
my Elastic Container Services compute
instances?
A)Either of B or C since they are
serverless technologies that are cost
effective
B)EC2
C)Fargate
D)Lambda

9 If there's a need to store objects that D B 0 Wrong

must be downloadable via a URL, which
storage option would be the most
appropriate choice?
A)Amazon EBS
B)Amazon S3
C)Amazon Glacier
D)Amazon Storage Gateway

10 If you're looking to create a stream D C 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Amazon Kinesis Data Firehose

B)Amazon Kinesis Data Streams
C)Amazon Kinesis Data Analytics
D)Amazon Kinesis Client Library

11 The project team working on improving D D 1 Correct

the security features of a banking
application needs to choose AWS services
for implementing a threat detection
service. This service will be responsible
for monitoring malicious activities and
unauthorized behaviors to safeguard AWS
accounts, workloads, and data stored in
Amazon S3. Which AWS services would
be the most suitable for this purpose?
A)Amazon Inspector
B)AWS Shield
C)AWS Firewall Manager
D)Amazon GuardDuty

12 As an AWS Architect hired by a company, D B,D 0 Wrong

you are tasked with hosting an application
using EC2 Instances. The infrastructure
should be capable of scaling on demand
and maintaining fault tolerance. Which
two elements would you incorporate into
your design from the options provided?
A)Amazon CloudWatch
B)AWS Auto Scaling
C)Amazon GuardDuty
D)Elastic Load Balancing

13 What are the five areas in which the D D 1 Correct

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

availability, performance and Service

Limits
D)Performance, cost optimization,
security, fault tolerance and Service Limits

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 Your company is preparing to launch a B,C B,C 1 Correct

large e-commerce application on the AWS
Cloud and is particularly concerned about
Internet attacks like DDoS attacks, which
two of the following services could be
beneficial in addressing this concern?
A)AWS Config
B)Amazon CloudFront
C)AWS Shield
D)Amazon EC2

2 When making modifications to AWS C D 0 Wrong

resources, such as introducing a new
Security Group Ingress rule. Needing to
document and record all these changes
for audit purposes, which AWS service
from the following options would assist
me in accomplishing this?
A)AWS CloudFormation
B)AWS Trusted Advisor
C)AWS CloudWatch
D)AWS Config

3 You're experiencing difficulties while D A 0 Wrong

198

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

setting up an AWS service and require

step-by-step assistance to resolve the
issue. Where can you locate
comprehensive articles, solutions, and
best practices offered by AWS specialists
to aid you in troubleshooting the
problem?
A)AWS Knowledge Center
B)AWS Trusted Advisor
C)AWS Lambda
D)Amazon Detective

4 For a development team that has B A 0 Wrong

purchased a new application with limited
licenses and an administrator who wants
to be alerted when the usage of licenses
is exceeded on an Amazon EC2 instance,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS License Manager
B)AWS Control Tower
C)AWS Config
D)AWS Service Catalog

5 Which service automates the discovery of D B 0 Wrong

sensitive data on a large scale and
reduces the cost of data protection by
utilizing machine learning and pattern
matching techniques?
A)AWS Security Hub
B)Amazon Macie
C)AWS Shield
D)Amazon GuardDuty

6 From the options provided, which three A,D,E A,D,E 1 Correct

security requirements are handled by
AWS? Please select three answers from
the options below.
A)Hardware patching
B)Password Policies
199

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)User permissions
D)Physical security
E)Disk disposal

7 What AWS services are available for B A 0 Wrong

retrieving configuration changes that
have led to operational problems with
AWS resources?
A)AWS Config
B)Amazon Inspector
C)AWS CloudFormation
D)AWS Trusted Advisor

8 What AWS service offers suggestions for B D 0 Wrong

optimizing infrastructure security?
A)Amazon Elastic Compute Cloud
(Amazon EC2) SpotFleet
B)AWS Application Programming
Interface(API)
C)Reserved Instances
D)AWS Trusted Advisor

9 Among the options provided, which one C C 1 Correct

is the customer's responsibility to
guarantee the availability and backup of
the EBS volumes?
A)Create copies of EBS Volumes.
B)Delete the data and create a new EBS
volume.
C)Create EBS snapshots.
D)Attach new volumes to EC2 Instances.

10 Once your company has fully transitioned B,C B,C 1 Correct

to the AWS Cloud and wants to ensure
the correct security settings are
implemented, which two of the following
tools would be beneficial?
A)AWS Kinesis
B)AWS Inspector
C)AWS Trusted Advisor
200

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS Support

11 From the options provided below, which C A 0 Wrong

12 I possess a Mobile Application that D C 0 Wrong

necessitates access to AWS resources
such as S3 and DynamoDB. What would
be the most optimal approach to grant
users of the mobile app the ability to
access these AWS resources?
A)Have the mobile app connect to
another web application running on an
EC2 instance that can assume a role for
accessing the AWS resources
B)Keep the Security Credentials
associated with the AWS resource access
within the Mobile App
C)Use Security Token Service (STS) with
Identity Federation that will allow an User
access to resources within a session
D)Create Users and Groups within IAM
and assign IAM policies for accessing the
resources

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 Which AWS service is specifically D C 0 Wrong

designed to meet ABC Corporation's
needs for customizing billing data for
various accounts, applying pricing logic,
and presenting cost data based on
201

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

predetermined rates for each billing

group?
A)AWS Cost Explorer
B)AWS Billing and Cost Management
C)AWS Billing Conductor
D)AWS Marketplace

2 If your company is transitioning a D B 0 Wrong

3 Which tool in the AWS Billing and D C 0 Wrong

Management service enables users to
graphically track billing and usage over
time, specifically focusing on monthly
operational costs?
A)AWS Bills
B)AWS Reports
C)AWS Cost Explorer
D)AWS Budgets

4 If you have a distributed application that D D 1 Correct

periodically processes substantial
amounts of data across multiple Amazon
EC2 Instances and is designed to recover
smoothly from Amazon EC2 instance
failures, which option would be the most
cost-effective way to meet your
requirements?
A)On-Demand instances
B)Reserved instances
C)Dedicated instances
D)Spot Instances
202

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

5 If a client has a suite of on-premise D A 0 Wrong

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 What is the term for a user-created label, B B 1 Correct

consisting of a key-value pair of variable
length, that is assigned to AWS resources
as metadata for administrative and
management tasks?
A)Tag key
B)Resource Tag
C)Resource Group
D)Resource Flag

2 What architectural best practice can an No A 0 Wrong

3 Which AWS service from the options No C 0 Wrong

below enables you to scale up resources Answer
in response to application or user
demand?
A)AWS Inspector
B)AWS EC2
C)AWS Autoscaling
203

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS ELB

4 Which of the following does not No B 0 Wrong

constitute a pillar of the AWS Well- Answer
Architected Framework?
A)Performance Efficiency
B)Automation
C)Cost Optimization
D)Reliability

5 Which of the following is not a method No D 0 Wrong

used for disaster recovery deployment? Answer
A)Multi-Site
B)Pilot light
C)Warm standby
D)Single Site

6 For which of the following AWS resources No D 0 Wrong

is the customer responsible for Answer
configuring security settings related to
infrastructure?
A)AWS Fargate
B)Amazon RDS
C)Amazon DynamoDB
D)Amazon EC2

7 Which AWS services could a research firm No A 0 Wrong

utilize for expert help in deploying a high- Answer
performance computing system in the
AWS cloud for their scientific research
activities? Please provide the options.
A)AWS Professional Services
B)AWS Support
C)AWS Managed Services
D)AWS IQ

8 What does an AWS region refer to? No D 0 Wrong

A)It is the same as an Availability zone. Answer
B)It is a collection of Edge locations.
C)It is a collection of Compute capacity.
204

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)It is a geographical area divided into

Availability Zones.

9 Which two activities fall under the No B,E 0 Wrong

10 What AWS service would be appropriate No C 0 Wrong

for use as a fully managed data Answer
warehouse?
A)Amazon Relational Database Service
(Amazon RDS)
B)Amazon Athena
C)Amazon RedShift
D)Amazon CloudWatch

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 In order to enhance user satisfaction by D B 0 Wrong

improving application performance for
both local and global users, which service
would you choose to monitor the health
of the application endpoint and direct
traffic to the most suitable application
endpoint?
A)AWS Direct Connect
B)Amazon Global Accelerator
C)Amazon DAX accelerator
D)Amazon S3 transfer acceleration

2 For a popular e-commerce website that D C 0 Wrong

currently relies on call center agents for
resolving queries related to its products
205

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

and services, how can the website quickly

develop virtual contact center agents to
facilitate self-service capabilities for its
users?
A)Using Amazon Kendra
B)Using Amazon Polly
C)Using Amazon Lex
D)Using Amazon Personalize

3 For a company that's deploying a three- D C 0 Wrong

tier, highly available web application on
AWS, which service would offer durable
storage for the static content of the web
tier?
A)Amazon RDS instance
B)Amazon EBS volume
C)Amazon S3
D)Amazon EC2 instance store

4 Which LightSail Wizard enables customers D D 1 Correct

to "replicate a LightSail instance in EC2"?
A)LightSail-EC2 snapshot
B)LightSail Backup
C)LightSail Copy
D)Upgrade to EC2

5 In your organization, you have a DevOps D B 0 Wrong

6 From the options provided below, which D B,D 0 Wrong

two AWS services utilize serverless
technology?
206

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)AWS Autoscaling
B)DynamoDB
C)EC2
D)Simple Storage Service

7 Mayank is in the process of creating a D C 0 Wrong

8 What service is comparable to hosting D D 1 Correct

virtual servers in an on-premises
environment?
A)AWS Regions
B)AWS IAM
C)Amazon S3
D)AWS EC2

9 For a small finance institute that's looking D A 0 Wrong

to launch an accounting application in the
AWS cloud and is seeking a service that
allows for a quick launch with pre-
configured resources, which AWS service
from the options provided would be the
most suitable to fulfill this requirement?
A)Amazon LightSail
B)Amazon Workspaces
C)AWS Elastic Beanstalk
D)AWS Batch

10 A radio station curates an annual list of D D 1 Correct

the top songs, which are regularly
207

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

accessed within a 180-day timeframe.

Subsequently, users are allotted a default
retrieval window of 12-48 hours to
download the files. These files must be
retained for a minimum of 10 years. What
is the most economical object storage
solution post the initial 180 days?
A)Amazon S3 Standard - Infrequently
Accessed
B)Amazon S3 Glacier
C)Amazon S3 One Zone - Infrequently
Accessed
D)Amazon S3 Glacier Deep Archive

11 From the options given, which two D,E A,B 0 Wrong

statements accurately reflect the security
and access management aspects of
Amazon S3?
A)Server-side and client-side encryptions
are supported by S3 for data uploads.
B)Self-created S3 resources are only
accessible to the user by default.
C)Access Control Lists (ACLs) could be
used to grant time bound access using
temporary URLs.
D)By default S3 buckets are private,
however, objects are public. The object
owner needs to change the permissions
upon creation of objects to make the
objects private.
E)Amazon Macie can protect data in
Amazon EC2.

12 An engineering company is in the process C C 1 Correct

of setting up numerous servers across
various subnets within Amazon VPC. The
IT department is currently evaluating the
optimal number of route tables that can
be accommodated per VPC. How many
route tables are officially supported per
Amazon VPC?
208

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)50
B)100
C)200
D)20

13 For an international sports governing D B 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name CLF-C02 Post: Security and Total Questions: 12

Compliance

1 If an administrator wants VPCs in three A B 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

(RAM) to share the Transit Gateway

resource.
C)Configure a Virtual Private Gateway
(VGW) for each VPC and then extend the
VPN tunnels to them.
D)Create VPC attachments from each of
the VPCs to the Transit Gateway.

2 When promoting an EC2 Instance from C C 1 Correct

3 Your company is preparing to launch a B,C B,C 1 Correct

4 From the options provided below, which B B 1 Correct

security service would you utilize to
detect users personal credit card
numbers from data stored in Amazon S3?
A)AWS Shield
B)Amazon Macie
C)Amazon GuardDuty
D)Amazon Inspector
210

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

5 For a financial firm with numerous AWS A B 0 Wrong

resources who is seeking a proactive,
machine learning-based security solution
that can quickly detect security
vulnerabilities and especially highlight
unusual data patterns or activities among
AWS services, which AWS service would
be the most suitable?
A)Amazon CloudWatch Anomaly
Detection
B)AWS Detective
C)AWS Macie
D)AWS Shield

6 For a web administrator who manages a A A 1 Correct

variety of public and private web
resources for an organization and needs a
service to monitor the expiration dates of
SSL/TLS certificates, as well as handle
updates and renewals, which service
would be the most appropriate?
A)AWS Certificate Manager
B)AWS Data Lifecycle Manager
C)AWS License Manager
D)AWS Firewall Manager

7 In a scenario where a developer needs to B B 1 Correct

enable an application on an EC2 instance
to perform certain actions and requires
granting access to the application for
some AWS resources, the developer
intends to supply his credentials to the
instance. However, considering the
developer's credentials are long-term, the
developer is seeking an alternative to
minimize the security risk. What could
the developer do in this situation to
temporarily allow applications on EC2 to
access the necessary AWS resources?
A)There is no alternate way. A developer
needs to give his credentials and revoke
211

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

access when the required action is done.

B)Use IAM Roles
C)Use IAM Group
D)Use IAM Tags

8 For a startup company engaged in social A C 0 Wrong

media app development that wishes to
provide temporary access to its Lambda
functions on AWS to freelance developers
who will be logging in through Facebook
authentication, which service would be
the most suitable for ensuring secure
access?
A)Use a third-party Web ID, federated
access provider.
B)Create user credentials using Identity
Access Management (IAM).
C)Use Amazon Cognito for web-identity
federation.
D)Use Access keys to provide temporary
access.

9 For a development team that has D A 0 Wrong

purchased a new application with limited
licenses and an administrator who wants
to be alerted when the usage of licenses
is exceeded on an Amazon EC2 instance,
which AWS service from the options
provided would be the most suitable to
fulfill this requirement?
A)AWS License Manager
B)AWS Control Tower
C)AWS Config
D)AWS Service Catalog

10 What is the most cost-effective service for B A 0 Wrong

securely storing application configuration
data and secrets in an encrypted format?
A)AWS Systems Manager Parameter Store
B)AWS KMS
C)AWS Systems Manager
212

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)AWS Secrets Manager

11 I possess a Mobile Application that No C 0 Wrong

necessitates access to AWS resources Answer
such as S3 and DynamoDB. What would
be the most optimal approach to grant
users of the mobile app the ability to
access these AWS resources?
A)Have the mobile app connect to
another web application running on an
EC2 instance that can assume a role for
accessing the AWS resources
B)Keep the Security Credentials
associated with the AWS resource access
within the Mobile App
C)Use Security Token Service (STS) with
Identity Federation that will allow an User
access to resources within a session
D)Create Users and Groups within IAM
and assign IAM policies for accessing the
resources

12 Out of the options provided, which two No A,D 0 Wrong

can be utilized to safeguard against DDoS Answer
attacks? Please select two answers from
the options below.
A)AWS Shield Advanced
B)AWS EC2
C)AWS RDS
D)AWS Shield

Section Name CLF-C02 Post: Billing Pricing and Total Questions: 5

Support

1 If there's a need to host a group of D A 0 Wrong

servers in the Cloud for a brief three-
month period, and these instances must
be highly available, cost-effective, and
cannot be interrupted during processing,
which type of instances would be the best
213

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

choice?
A)On-Demand
B)Spot Instances
C)No Upfront costs Reserved
D)Partial Upfront costs Reserved

2 Which AWS services, among the ones D D 1 Correct

listed below, would assist me in
visualizing service utilization and
analyzing costs and usage after migrating
my on-premises workload to AWS?
A)CloudWatch Dashboards
B)AWS Budgets
C)AWS Organizations
D)AWS Cost Explorer

3 If a client is considering migrating some of D D 1 Correct

their on-premise application workloads to
the AWS Cloud and wants to understand
the cost-associated elements of the AWS
Cloud, which of these elements would
not incur a cost for the client?
A)RDS database backups
B)Outbound Data Transfer
C)EBS Snapshots
D)Inbound Data transfer

4 What feature in AWS billing can be D D 1 Correct

utilized to minimize expenses when
operating multiple accounts under AWS
Organizations?
A)Combined billing.
B)It is not possible to reduce costs with
multiple accounts.
C)Costs are automatically reduced for
multiple accounts by AWS.
D)Consolidated billing - Volume
Discounts.

5 Which AWS service can provide alerts D D 1 Correct

214

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

about changes that could impact

resources in your account, particularly
useful for an IT Manager at a
manufacturing firm that has recently
moved their application servers to
Amazon EC2 and is interested in
upcoming scheduled maintenance
activities?
A)AWS Organizations
B)Amazon GuardDuty
C)AWS Trusted Advisor
D)AWS Health Dashboard

Section Name CLF-C02 Post: Cloud Concepts Total Questions: 10

1 Could you identify two best practices for No C,D 0 Wrong

designing systems based on cloud Answer
technology?
A)Use as many services as possible.
B)Build Tightly-coupled components.
C)Build loosely-coupled components.
D)Assume everything will fail.

2 In the context of the AWS shared No C 0 Wrong

3 When adhering to the "design for failure No B,C,D 0 Wrong

and nothing will fail" principle in system Answer
design, which three AWS services or
features could be beneficial? Please
select three from the options provided.
A)Pay as you go
B)Availability Zones
215

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

C)Regions
D)Elastic Load Balancer

4 In the context of the AWS Shared No D 0 Wrong

Responsibility Model, which Answer
responsibilities are exclusively the
customers?
A)Training
B)Patch Management
C)Configuration Management
D)Service and Communications
Protection or Zone Security

5 Which of the following does not No B 0 Wrong

constitute a pillar of the AWS Well- Answer
Architected Framework?
A)Performance Efficiency
B)Automation
C)Cost Optimization
D)Reliability

6 Which of the below listed is NOT a No A 0 Wrong

7 A website hosted on on-premise servers No A 0 Wrong

experiences consistent traffic increases Answer
during occasions like Christmas and
Thanksgiving. The first year had an
216

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

average increase of 20%, and the second

year had an average increase of 40%.
Each year, new servers are purchased but
remain idle after the peak usage. By using
AWS Cloud resources instead, the
advantages would include ______.
A)I can save on costs due to the elastic
nature of the cloud
B)I can go Global in minutes
C)I can increase speed and agility of my
website
D)I do not need to maintain the DNS
name

8 According to the AWS Well-Architected No D 0 Wrong

Framework, how can a startup with Answer
multiple AWS environments effectively
manage its users and resources without
impacting costs?
A)Provisioning resources and compute
capacity for future growth.
B)Create multiple unique IAM users with
administrator access for each functional
group of the company.
C)Use of AWS CloudFront template
versions and revision controls to keep
track of the dynamic configuration
changes.
D)Use AWS Organizations with respective
OUs that differentiate billing across the
company's AWS account.

9 Can you identify the statement that No B 0 Wrong

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

availability zone
D)Availability zones are also known as
AWS Local zones

10 Which AWS RDS option enables AWS to No B 0 Wrong

automatically switch over to a secondary Answer
database if the primary one experiences a
failure?
A)AWS Standby
B)Amazon RDS Multi-AZ deployments
C)AWS Failover
D)AWS Secondary

Section Name CLF-C02 Post: Cloud Technology Total Questions: 13

and Services

1 For a company that doesn't want to D C 0 Wrong

manage their database, which AWS
service from the options provided would
be the most suitable as it offers a fully
managed NoSQL database solution?
A)Elastic Map Reduce
B)AWS RDS
C)DynamoDB
D)Oracle RDS

2 For a small finance institute that's looking D A 0 Wrong

3 For an international sports governing D B 0 Wrong

body's website that aims to deliver
218

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

content in the local language of viewers

from various parts of the world, which
service would offer location-based web
personalization using geolocation headers
from the options given below?
A)Amazon Route 53
B)Amazon CloudFront
C)Amazon EC2 Instance
D)Amazon Lightsail

4 What features are included in Amazon D C 0 Wrong

Connect?
A)Reputation Dashboard
B)Push Notification
C)High Quality Audio
D)Mailbox Simulator

5 For a website hosting mission-critical D C 0 Wrong

applications that necessitates 99.999%
uptime, which routing policy should be
implemented when using Route 53?
A)Simple Routing
B)Multi Value Answer Routing
C)Failover Routing
D)Weighted Routing

6 If I have a containerized application that D B 0 Wrong

necessitates explicit definition and
management of capacity (CPU, Memory,
Instance type) for cost optimization while
using AWS infrastructure, which
technology would I employ when defining
my Elastic Container Services compute
instances?
A)Either of B or C since they are
serverless technologies that are cost
effective
B)EC2
C)Fargate
D)Lambda
219

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

7 Mayank is in the process of creating a D C 0 Wrong

8 For an administrator managing a large D A 0 Wrong

9 If you're looking to create a stream D C 0 Wrong

processing solution that can process and
query real-time streaming data using a
SQL-based solution, and you're seeking
the simplest approach that AWS offers,
which AWS service from the options
provided would be the most suitable for
this purpose?
A)Amazon Kinesis Data Firehose
B)Amazon Kinesis Data Streams
C)Amazon Kinesis Data Analytics
D)Amazon Kinesis Client Library

10 What service can be utilized to establish C C 1 Correct

the necessary steps for automating the
220

Report Date: 16-Jul-2024

Given Correct
S.No Question Mark Remark
Answer Answer

build, test, and deployment processes for

a web application?
A)AWS CodeBuild
B)AWS CodeCommit
C)AWS CodePipeline
D)AWS CodeDeploy

11 What is the command that can be utilized D C 0 Wrong

to configure the AWS CLI installation in
order to specify the region and Access key
ID?
A)aws deploy
B)aws configservice
C)aws configure
D)aws connect

12 Which AWS services can be utilized to B D 0 Wrong

automate the deployment of software on
a substantial number of Amazon EC2
instances and on-premises servers?
A)AWS Config
B)AWS CodePipeline
C)AWS CloudFormation
D)AWS CodeDeploy

13 From the options provided below, which A C 0 Wrong

service is a region-based service offered
by AWS?
A)Amazon CloudFront
B)AWS IAM
C)Amazon EFS
D)Amazon Route 53
221

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Section Name DVA-C02 Post: Deployment Total Questions: 10

1 You intend to utilize the AWS CodeDeploy No A 0 Wrong

tool for deploying your application. What Answer
is used to define the deployment process
to the underlying instances?
A)appspec.yml
B)appConfig.json
C)DeploymentGroup
D)appConfig.YAML

2 Your organization utilizes Amazon ECR to No C 0 Wrong

store Docker images. With numerous Answer
Docker images in place, you must retag
certain images to ensure they are
exclusively used for deploying new
projects. What methods are available for
222

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

retagging Docker images in Amazon ECR?

A)Push the image and retag the image
with --image-tag option.
B)Use the --image-retag option of the put-
image command.
C)Use the --image-tag option of the put-
image command.
D)Pull the image and retag the image with
--image-retag option.

3 The Development Team has effectively No A 0 Wrong

implemented a new application on the Answer
Amazon EC2 instance in the us-west-2
region. They now require your assistance
in deploying the same application on
Amazon EC2 instances in other regions.
Specifically, they need support in
deploying EC2 instances with images
created from instances in the us-west-2
region, while ensuring that the latest
security patches are applied. What would
be the most appropriate action to meet
this requirement?
A)Use EC2 Image Builder to create images
with the latest patches.
B)Create a snapshot of an image and
deploy it in all other EC2 instances.
C)Build automated scripts to create
updated images with the latest patches.
D)Manually create EC2 image with the
latest patches.

4 The development team is currently No C 0 Wrong

strategizing the migration of an on- Answer
premise data store to AWS DynamoDB.
The previous database had defined
triggers for updating existing items. What
is the simplest method to replicate this
functionality in DynamoDB after the
migration?
A)Define SQS topics in response to events
223

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

from DynamoDB Streams.

B)Define triggers in DynamoDB for each
table.
C)Define Lambda functions in response to
events from DynamoDB Streams.
D)Define SNS topics in response to events
from DynamoDB Streams.

5 What is accurate regarding strongly No A 0 Wrong

consistent read requests from an Answer
application to a DynamoDB with a DAX
cluster?
A)All requests are forwarded to
DynamoDB and results are not cached.
B)All requests are forwarded to
DynamoDB and results are cached.
C)All requests are forwarded to
DynamoDB and results are stored in Item
Cache before passing to application.
D)All requests are forwarded to
DynamoDB and results are stored in Query
Cache before passing to application.

6 The Operations team has requested the No C 0 Wrong

collection of all traces for User A, who is Answer
encountering latency issues while using
the online educational institute's three-
tier web application that utilizes AWS X-
Ray for tracing data between different
services. What must be activated in order
to obtain a Filtered output specifically for
User A, separate from all other traces?
A)Tracing header
B)Trace ID
C)Annotations
D)Segment ID

7 When setting up a new Amazon Beanstalk No C 0 Wrong

environment with a multi-container Answer
Docker platform, what file can you utilize
to define the Amazon EC2 container
224

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

instance and file volumes for the

platform?
A)Use Dockerrun.aws.json version 1 file.
B)Use Docker-compose.yml version 2 file.
C)Use Dockerrun.aws.json version 2 file.
D)Use Docker-compose.yml version 1 file.

8 You utilize CloudFormation templates to No B 0 Wrong

deploy applications on EC2 Instances, Answer
ensuring that the Instances are
preconfigured with the NGINX web server
for hosting the application. How can this
be achieved using CloudFormation?
A)Use SAML to deploy the template.
B)Use the cfn-init helper script in
CloudFormation.
C)Use the Output resource type in
CloudFormation.
D)Use the Parameter resource type in
CloudFormation.

9 The software development team is No C 0 Wrong

considering implementing DevOps Answer
practices to streamline their workflows
and achieve faster code deployment for
their new version of the weather forecast
application, weather.com. The customer
has requested canary testing, monitoring,
and a smooth transition to public release.
Currently, user requests are directed to
the Application Load Balancer via Route
53, and the application is hosted on a fleet
of EC2 instances across different
availability zones. The new code changes
have been tested locally and now need to
be deployed to production using AWS
Elastic Beanstalk. Which options are
available to configure the new process to
meet these requirements?
A)Setup a new environment with an equal
number of EC2 instances and deploy the
225

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

application. Test and monitor with private

IP addressing.
B)While configuring AWS Elastic Beanstalk
through the console, choose the
Immutable Deployment policy which will
deploy new versions to a fresh group of
instances and the production workload
will not get hampered.
C)Select traffic splitting deployment policy
which lets you test the code for selected
users as part of your deployment either
through the console or by CLI commands.
D)Make use of AWS Lambda service with
Application Load balancer which will
launch new instances during scale-out
events and help to deploy new features.

10 What is the correct order of hooks that are No B 0 Wrong

triggered during an EC2 deployment in Answer
AWS CodeDeploy?
A)Before Install > Application Stop >
Validate Service > Application Start
B)Application Stop > Before Install > After
Install > Application Start
C)Before Install > After Install > Application
Stop > Application Start
D)Before Install > After Install > Validate
Service > Application Start

Section Name DVA-C02 Post: Development with Total Questions: 13

AWS Services

1 What is the most straightforward method No C 0 Wrong

for streaming your company's large data Answer
sets directly into Amazon S3?
A)AWS DynamoDB
B)Kinesis Data Streams
C)Kinesis Data Firehose
D)AWS Redshift
226

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

2 You are developing an application that will No B 0 Wrong

use Amazon Kinesis and, due to high Answer
throughput, you decide to use multiple
shards for the streams. Which of the
following statements is TRUE regarding
processing data across multiple shards?
A)You need to use Kinesis firehose to
guarantee the order of data.
B)You cannot guarantee the order of data
across multiple shards. It's possible only
within a shard.
C)Order of data is possible across all
shards in a stream.
D)Order of data is not possible at all in
Kinesis streams.

3 You are planning to use AWS Kinesis No C 0 Wrong

streams for an application being Answer
developed for a company. The company
policy mandates that all data must be
encrypted at rest. How can you easily
ensure that Kinesis streams meet this
requirement?
A)Use the AWS CLI to encrypt the data.
B)Use the SDK for Kinesis to encrypt the
data before being stored at rest.
C)Enable server-side encryption for Kinesis
streams.
D)Enable client-side encryption for Kinesis
streams.

4 As you build an application on AWS using No D 0 Wrong

Microservices architecture, the Answer
Microservices will be implemented
through AWS Lambda functions. Given the
intricate nature of the component's
interactions, it is crucial to establish a
method for orchestrating the execution
flow of the Lambda functions. How can
you efficiently manage this process both
currently and for future integration of
227

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

additional Lambda functions into the

application?
A)Consider using SQS queues to
coordinate the execution of the other
Lambda functions.
B)Consider creating a master Lambda
function that would coordinate the
execution of the other Lambda functions.
C)Consider creating a separate application
hosted on an EC2 Instance which would
coordinate the execution of the other
Lambda functions.
D)Consider using Step Functions to
coordinate the execution of the other
Lambda functions.

5 After creating a Lambda function and No C 0 Wrong

attempting to debug it post-execution, you Answer
insert print statements into the code to
aid in the debugging process. However,
upon checking Cloudwatch logs, you
discover that there are no logs for the
Lambda function. What might be the root
cause of this issue?
A)There is not enough time assigned to
the function.
B)You've not enabled versioning for the
Lambda function.
C)The IAM role needed for the lambda
function to write the logs to Cloudwatch
logs does not have the necessary
permissions.
D)There is not enough memory assigned
to the function.

6 You are tasked with creating a serverless No C 0 Wrong

web application utilizing DynamoDB as the Answer
database. The client's requirement is to
track all data changes in DynamoDB and
save them as separate files on S3. How
would you go about accomplishing this?
228

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Use DynamoDB binary logging feature to

record each and every change on S3.
B)Write a script that will record each and
every create or update request and store it
on S3.
C)Enable DynamoDB streams and attach
them to Lambda which will read the data
and store it on S3.
D)Enable DynamoDB streams and set the
destination to S3. This will automatically
store each change on S3.

7 Your current log analysis application takes No D 0 Wrong

over four hours to generate a report of the Answer
top 10 users of your web application. You
need to implement a system that can
provide this information in real-time,
ensure the report is always up-to-date,
and handle increases in the number of
requests to your web application. Which
cost-effective option would you choose to
fulfill these requirements?
A)Create a multi-AZ Amazon RDS MySQL
cluster, post the logging data to MySQL,
and run a map reduce job to retrieve the
required information on user counts.
B)Publish your data to CloudWatch Logs,
and configure your application to
Autoscale to handle the load on demand.
C)Publish your log data to an Amazon S3
bucket. Use AWS CloudFormation to
create an Auto Scaling group to scale your
post-processing application which is
configured to pull down your log files
stored an Amazon S3.
D)Post your log data to an Amazon Kinesis
data stream, and subscribe your log-
processing application so that is
configured to process your logging data.

8 You are in the process of developing an No D 0 Wrong

229

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

application with a web layer hosted on an Answer

EC2 Instance, which interacts with the
database layer through the AWS RDS
Instance. You have observed that the
performance issues are being caused by
repeated query reads. What options are
available to address this problem?
A)Place an ElastiCache in front of the web
layer.
B)Place an ELB in front of the web layer.
C)Place an ELB in front of the database
layer.
D)Place an ElastiCache in front of the
database layer.

9 The development team is currently in the No D 0 Wrong

process of designing a new distributed Answer
application. A majority of the messages
exchanged between the application
components exceed 256 KB in size. These
messages must be regularly polled and
buffered to allow other components to
access and process them. Which service
would you employ to architect the
messaging system?
A)Use Amazon MQ FIFO
B)Use Amazon Kinesis Streams
C)Use Amazon SNS Extended Client Library
D)Use Amazon SQS Extended Client
Library

10 You've created a Lambda function that No D 0 Wrong

requires scheduled execution. What are Answer
the best methods to meet this
requirement effectively?
A)Use Cloudtrail to schedule the Lambda
function.
B)Use the schedule service in AWS
Lambda.
C)Use an EC2 Instance to schedule the
Lambda invocation.
230

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Use Cloudwatch events to schedule the

Lambda function.

11 When developing an application that No B,C 0 Wrong

interacts with a DynamoDB table, it is Answer
essential to establish a query with specific
search criteria. Which component of the
'condition expressions' should be included
in the query? Choose two answers from
the options listed below.
A)Specify a filter expression.
B)Specify a key condition expression in the
query.
C)Specify a partition key name and value
in the equality condition.
D)Specify a sort key name and value in the
equality condition.

12 The Development Team at a gaming No B 0 Wrong

application company must test new Answer
gaming apps on different EC2 instances
with various OS platforms. In order to
prevent delays in setting up these EC2
instances, the IT department has chosen
to launch some instances with all
necessary application components and
then hibernate them. The Accounts Team
is worried about the expenses associated
with these hibernated EC2 instances.
What accurately describes the charges for
an EC2 instance in a hibernation state?
A)Instance charges per second for
duration of hibernation and EBS storage
charges
B)EBS storage charges and Elastic IP
Address charges attached to Instance
C)Instance charges per second for duration
of hibernation and S3 storage charges for
data copied from Instance to S3 bucket
D)S3 Storage charges and Elastic IP
231

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

Address charges attached to Instance

13 Your team is working on a solution that No C 0 Wrong

will utilize DynamoDB tables. Because of Answer
the application's requirements, the data
needs to be accessible across multiple
regions worldwide. What options can help
minimize the latency of requests to
DynamoDB from various regions?
A)Increase the read and write throughput
for the table.
B)Enable Multi-AZ for the DynamoDB
table.
C)Enable global tables for DynamoDB.
D)Create Indexes for the table.

Section Name DVA-C02 Post: Security Total Questions: 10

1 You are creating a Lambda function in your No C 0 Wrong

Dev1 account with the goal of saving QR Answer
codes in two S3 buckets. One bucket
(BucketDev1) is in the same account as the
Lambda, while the second bucket
(BucketDev2) is in another AWS account
called Dev2. The requirement is to restrict
access to only allow this specific Lambda
from Dev1 to create objects in
BucketDev2. What permissions are
needed to grant access to this Lambda
function for both S3 buckets?
A)Create two policies, the first one allows
Lambda to create objects in BucketDev1
and the second, allows Lambda to create
objects in BucketDev2. Create an IAM role
with these two policies and attach it to the
Lambda.
B)Create a role called S3-Lambda with a
policy that allows to create objects in any
S3 bucket and attach it to the Lambda,
create in BucketDev1 a bucket policy that
only allows resources with the S3-Lambda
232

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

role to write in BucketDev1.

C)Create a role called S3-Lambda with a
policy that allows to create objects in any
S3 bucket and attach it to the Lambda,
create in BucketDev2 a bucket policy that
allows resources with the S3-Lambda role
from Dev1 account to write in BucketDev2.
D)Create a role called S3-Lambda with a
policy that allows you to write in
BucketDev1 and BucketDev2 and attach it
to the Lambda. Create in BucketDev2 a
bucket policy with two statements. The
first statement denies all resources with
the S3-Lambda role of Dev1 account to
write in any S3 bucket, the second
statement allows the specified Lambda
from Dev1 account to write in the
specified bucket in dev2 account.

2 As an API developer for a major No B 0 Wrong

manufacturing company, you have created Answer
an API resource that enables the addition
of new products to the distributor's
inventory through a POST HTTP request.
This resource includes an Origin header
and accepts application/x-www-form-
encoded as the request content type.
What response header should be used to
grant access to this resource from a
different origin?
A)All of the below
B)Access-Control-Allow-Origin
C)Access-Control-Request-Method
D)Access-Control-Request-Headers

3 Your team is developing an application No B 0 Wrong

that uses Docker containers, which will be Answer
deployed to Elastic Container Service
(ECS). The applications running in these
containers need to interact with
DynamoDB tables. What is the most
233

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

secure way to ensure the containers can

interact with DynamoDB?
A)Use an IAM user's credentials to spin up
the cluster.
B)Create an IAM Role for the ECS Tasks.
C)Embed the Access Keys in the
containers.
D)Embed the Access Keys in the cluster.

4 You have created an AWS Lambda function No D 0 Wrong

but are encountering numerous Answer
performance challenges. To address this,
you opt to utilize the AWS X-Ray service
for diagnosing the issues. What steps are
necessary to enable the use of the X-Ray
service with your Lambda function?
A)Ensure that the IAM Role assigned to
the X-Ray function has access to the
Lambda function.
B)Ensure that the X-Ray daemon process is
installed with the Lambda function.
C)Ensure that the Lambda function is
registered with X-Ray.
D)Ensure that the IAM Role assigned to
the Lambda function has access to the X-
Ray service.

5 When creating an application, it is No B 0 Wrong

advisable to incorporate MFA and Answer
password recovery as extra measures to
enhance security through the
implementation of dual authentication
and recovery processes. What is the best
approach to take in this situation?
A)Use SMS as a second factor and TOTP
along with a security key as the MFA
device for your IAM and root users.
B)Use TOTP as a second factor and SMS as
a password recovery mechanism which is
disjoint from an authentication factor.
C)Enable MFA as Required immediately
234

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

after creating a user pool to add another

layer of security.
D)Disable adaptive authentication, so you
can configure a second factor
authentication in response to an increased
risk level.

6 In the role of a cloud engineer, you have No D 0 Wrong

been authorized to access an Amazon ECR Answer
image repository. Your task involves
retrieving images from the repository as a
component of a container definition while
setting up an Amazon ECS task. What
accurately characterizes this situation?
A)You must grant your Amazon ECS task
execution role permission to access
Amazon ECS
B)You can access the Amazon ECR image
repository only with the Amazon EC2
launch type.
C)You can access the Amazon ECR image
repository only with the AWS Fargate
launch type.
D)You can access the Amazon ECR image
repository with Amazon EC2 or AWS
Fargate launch types.

7 You are developing an application using No B 0 Wrong

AWS Lambda, where a Lambda function is Answer
placed in a private subnet without internet
access. This Lambda function will receive
bank account information as a JSON object
(about 7 KB in size). To satisfy the
requirement of encrypting this
information before saving it to DynamoDB,
which approach should you use?
A)Generate a new Customer Master Key.
Encrypt the JSON data with the encrypt()
KMS method using the CMS previously
generated. Upload the encrypted data to
DynamoDB.
235

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

B)Create a VPC Endpoint in the Lambda

VPC for the KMS Service. Generate a new
Customer Master Key. Encrypt the JSON
data using KMS Envelope Encryption.
Upload the encrypted data to DynamoDB.
C)Generate a new Customer Master Key.
Encrypt the JSON data using KMS Envelope
Encryption. Upload the encrypted data to
DynamoDB.
D)Create a VPC Endpoint in the Lambda
VPC for the KMS Service. Generate a new
Customer Master Key. Encrypt the JSON
data with the encrypt() KMS method using
the CMS previously generated. Upload the
encrypted data to DynamoDB.

8 When developing an application to be No D 0 Wrong

hosted in AWS Lambda that will make calls Answer
to a database, it is crucial to ensure that all
database connection strings are kept
secure. What is the most secure way to
implement this requirement?
A)Place the database connection string in
the AWS Lambda function itself since all
Lambda functions are encrypted at rest.
B)Put the connection strings values in a
CloudFormation template.
C)Put the database connection string in
the app.json file and store it in a Git
repository.
D)Lambda needs to reference the AWS
Systems Manager Parameter Store for the
encrypted database connection string.

9 You have been tasked with creating an No B 0 Wrong

application on the AWS Cloud that will Answer
store sensitive documents in an S3 bucket.
It is crucial to configure the bucket in a
manner that prohibits the acceptance of
unencrypted objects. How will you achieve
this?
236

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

A)Enable CORS for the underlying bucket.

B)Ensure a condition is set in the bucket
policy.
C)Ensure that a condition is set in an IAM
policy.
D)Enable MFA for the underlying bucket.

10 Throughout the process of developing, No C 0 Wrong

defining, and deploying a backend for your Answer
project, it is essential to carefully consider
the utilization of user and identity pools
within the context of a serverless
application. Which assertions hold true in
this particular situation?
A)User pools are for authorization (access
control) which is fully managed on your
behalf.
B)User pools support temporary, limited-
privilege AWS credentials to access other
AWS services while Identity pools provide
sign-up and sign-in services.
C)User pools help you track user device,
location, and IP address while Identity
pools help you generate temporary AWS
credentials for unauthenticated users.
D)User pools give your users access to
AWS resources.

Section Name DVA-C02 Post: Troubleshooting and Total Questions: 7

Optimization

1 You have surpassed the highest No A,B,E 0 Wrong

provisioned throughput limit for a table in Answer
DynamoDB. What are the appropriate
methods to resolve this issue? Choose
three answers from the options listed
below.
A)Implement error retries and exponential
backoff in your application code.
B)In your DynamoDB table distribute all
the operations read and written across
237

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

more distinct partition key values.

C)Enable DynamoDB Streams.
D)Enable DynamoDB Time to Live.
E)Implement DAX (DynamoDB
Accelerator) as a cache solution to
improve the performance of the tables.

2 As a developer for a company, you are No B 0 Wrong

tasked with creating an application that Answer
can analyze system level and guest level
metrics from Amazon EC2 Instances and
On-premise servers. What prerequisites
would be necessary to complete this task?
A)Ensure the on-premise servers are
moved to AWS.
B)Ensure the Cloudwatch agent is present
on the servers.
C)Ensure that a trail is created in
Cloudtrail.
D)Ensure that AWS Config is enabled.

3 Prior to releasing an application to No A 0 Wrong

production, the developer team must Answer
assess the application latency locally by
utilizing the X-ray daemon. In order to
conduct this evaluation, they are looking
to bypass the verification of Amazon EC2
instance metadata. What configuration
adjustments can be made with the
daemon?
A)~/xray-daemon$ ./xray -o
B)~/xray-daemon$ ./xray -r
C)~/xray-daemon$ ./xray -t
D)~/xray-daemon$ ./xray -b

4 In the process of improving a project, your No A,E 0 Wrong

task is to configure an AWS Application Answer
Load Balancer with a provisioned Amazon
EKS cluster for ingress-based load
balancing to AWS Fargate pods. Can you
outline the steps required to accomplish
238

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

this? Choose two answers from the

options listed below.
A)Deploy your application and create
Service and Ingress resources.
B)Create a cluster. Create an AWS Fargate
profile. When your pods start, Fargate
automatically allocates the IAM policy so
the ALB Ingress Controller can manage the
AWS resources and also manages to
compute resources on-demand to run
them.
C)Create an AWS Fargate profile. When
your pods start, Fargate automatically
allocates the IAM policy so the ALB Ingress
Controller can manage the AWS resources
and also manages to compute resources
on-demand to run them. These two steps
automatically create and provision the
cluster.
D)Create a cluster. Create an AWS Fargate
profile. Create a cluster role and a
Kubernetes service account. These steps
create the IAM policy so the ALB Ingress
Controller can manage the AWS resources.
E)Create a cluster. Create an AWS Fargate
profile. Set up an OIDC provider with the
cluster. Create the IAM policy so the ALB
Ingress Controller can manage the AWS
resources. Create a cluster role, role
binding, and a Kubernetes service account
attached to the ALB Ingress Controller
running pod.

5 The team has recently implemented an No C 0 Wrong

API through the AWS API gateway service Answer
and is looking to optimize the latency of
requests. Which feature can assist in
meeting this objective?
A)Use Lambda Authorizers
B)Setup X-Ray tracing
C)Use API caching
239

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

D)Enable CORS

6 As a newly appointed Database No C 0 Wrong

administrator at a start-up, your initial Answer
responsibility involves adjusting a
DynamoDB table to automatically expire
data after a specific timeframe. Upon
reviewing the documentation, you
discovered that DynamoDB offers a Time
to Live (TTL) feature that enables this
functionality. What steps should be taken
to implement this feature?
A)It is by default enabled and will
automatically pick a key attribute with
timestamp value.
B)Enable TTL and use the dataExpiry
keyword as a key attribute to store the
expiry timestamp.
C)Enable TTL and use any name of your
choice as a key attribute to store the
expiry timestamp.
D)Enable TTL and use the keyword
expiryTTL as a key attribute to store the
expiry timestamp.

7 The pharmaceutical company's updated No C 0 Wrong

dealer network application has been Answer
implemented on several EC2 instances.
The IT team is utilizing CloudWatch Logs to
track the application logs and is looking to
identify any absent files or resources at
specific code locations. They aim to then
relay this data to CloudWatch metric for
monitoring. What measures should be
taken to meet this requirement?
A)EC2 instances can directly send
application logs to Cloudwatch.
B)Set up and install cloudwatch agent on
EC2 to send the logs for CloudWatch to
monitor.
C)Create a custom role in IAM with
240

Report Date: 06-Sep-2024

Given Correct
S.No Question Mark Remark
Answer Answer

relevant write permissions and associate

them with EC2 instances. Install
Cloudwatch agent on EC2 instances.
Create log groups in CloudWatch Logs
through the console along with
CloudWatch Agent configuration file and
use filters to search for "404" errors.
D)Application logs cannot be monitored by
Cloudwatch.

AWS-CLF-C02-V 13.5.24withans
100% (1)
AWS-CLF-C02-V 13.5.24withans
168 pages
CLF Co2
No ratings yet
CLF Co2
335 pages
AWS Certified Solutions Architect Associate Practice Test 02
No ratings yet
AWS Certified Solutions Architect Associate Practice Test 02
75 pages
AWS Solutions Architect Practice Test Results
No ratings yet
AWS Solutions Architect Practice Test Results
159 pages
AWS Certified DevOps Engineer Professional - Sample Questions
No ratings yet
AWS Certified DevOps Engineer Professional - Sample Questions
9 pages
Amazon CLF c02 Dumps by Lamb 04 10 2023 11qa Ebraindumps
No ratings yet
Amazon CLF c02 Dumps by Lamb 04 10 2023 11qa Ebraindumps
20 pages
AWS Cloud Practitioner (CLF-C02)
No ratings yet
AWS Cloud Practitioner (CLF-C02)
42 pages
cv0-003 9
No ratings yet
cv0-003 9
10 pages
200 Acsops 10 en M0SG
50% (2)
200 Acsops 10 en M0SG
13 pages
AWS Cloud Practitioner Insights
No ratings yet
AWS Cloud Practitioner Insights
15 pages
AWS Certified Cloud Practitioner (CLF-C01) Sample Exam Questions
No ratings yet
AWS Certified Cloud Practitioner (CLF-C01) Sample Exam Questions
3 pages
CLF C02
No ratings yet
CLF C02
4 pages
Exam Question AWS (Test)
No ratings yet
Exam Question AWS (Test)
285 pages
Amazon CLF c02 Dumps by Mcknight 24-05-2024 5qa Actualtestdumps
No ratings yet
Amazon CLF c02 Dumps by Mcknight 24-05-2024 5qa Actualtestdumps
10 pages
AWS Certified Solutions Architect Associate Practice Test 03
No ratings yet
AWS Certified Solutions Architect Associate Practice Test 03
72 pages
AWS Certified Developer Associate - Sample Questions
No ratings yet
AWS Certified Developer Associate - Sample Questions
5 pages
CLF-C02 Updated Dumps - AWS Certified Cloud Practitioner
No ratings yet
CLF-C02 Updated Dumps - AWS Certified Cloud Practitioner
64 pages
Passing The Aws Cloud Practitioner Exam: Study Group #5: Exam Tips, Cloudtrail, Cloudwatch, and More
No ratings yet
Passing The Aws Cloud Practitioner Exam: Study Group #5: Exam Tips, Cloudtrail, Cloudwatch, and More
35 pages
Free AWS Solutions Architect Practice Test Questions - Exam Prep - Simplilearn
No ratings yet
Free AWS Solutions Architect Practice Test Questions - Exam Prep - Simplilearn
24 pages
Practitioner 1
100% (1)
Practitioner 1
74 pages
AWS Cloud Practitioner Exam Prep
100% (1)
AWS Cloud Practitioner Exam Prep
6 pages
3 Maarek Test
No ratings yet
3 Maarek Test
106 pages
AWS-Certified-Cloud-Practitioner Exam Dumps
No ratings yet
AWS-Certified-Cloud-Practitioner Exam Dumps
28 pages
Team Members:: Sahilpreet Singh Rohil Bansal Navleen Kaur Vedant Taak
No ratings yet
Team Members:: Sahilpreet Singh Rohil Bansal Navleen Kaur Vedant Taak
48 pages
Developer Questions 100-51
100% (2)
Developer Questions 100-51
299 pages
AWS Certified Cloud Practitioner CLF-C02 p7
100% (2)
AWS Certified Cloud Practitioner CLF-C02 p7
14 pages
Awsclf-C02studyguide Hirokonishimura 12 2023
No ratings yet
Awsclf-C02studyguide Hirokonishimura 12 2023
10 pages
AWS Certified Cloud Practitioner - Sample Questions PDF
No ratings yet
AWS Certified Cloud Practitioner - Sample Questions PDF
3 pages
Saa-C03 9
No ratings yet
Saa-C03 9
25 pages
AWS Solutions Architect Associate Certification Notes
No ratings yet
AWS Solutions Architect Associate Certification Notes
20 pages
Ann Afamefuna-59
No ratings yet
Ann Afamefuna-59
42 pages
AWS Sysops Dump
No ratings yet
AWS Sysops Dump
16 pages
6.SNS, SQS PDF
No ratings yet
6.SNS, SQS PDF
12 pages
M6 - Compute
100% (1)
M6 - Compute
89 pages
Tutorials Dojo Study Guide AWS Certified Developer Associate 20220907 Ag2dz6
100% (1)
Tutorials Dojo Study Guide AWS Certified Developer Associate 20220907 Ag2dz6
177 pages
CLF-C02 Exam Guide Slides
No ratings yet
CLF-C02 Exam Guide Slides
30 pages
Amazon: Questions & Answers PDF
No ratings yet
Amazon: Questions & Answers PDF
13 pages
AWS Solution Architect Associate Dump2
No ratings yet
AWS Solution Architect Associate Dump2
13 pages
CLF C01 - AWS Certified Cloud Practitioner PDF
0% (3)
CLF C01 - AWS Certified Cloud Practitioner PDF
3 pages
AWS Certified Cloud Practitioner - Exam Guide - C02
No ratings yet
AWS Certified Cloud Practitioner - Exam Guide - C02
14 pages
AWS Certified Solutions Architect
100% (2)
AWS Certified Solutions Architect
334 pages
AWS Solutions Architect Exam Dumps
No ratings yet
AWS Solutions Architect Exam Dumps
6 pages
Aws Saa-C03
100% (1)
Aws Saa-C03
272 pages
Expert Veri Ed, Online, Free.: Topic 1 - Exam A
No ratings yet
Expert Veri Ed, Online, Free.: Topic 1 - Exam A
148 pages
Dump 3
No ratings yet
Dump 3
23 pages
CLF C01-New PDF
No ratings yet
CLF C01-New PDF
851 pages
AWS Solutions Architect Cheat Sheet Nov 2024
No ratings yet
AWS Solutions Architect Cheat Sheet Nov 2024
148 pages
AWS Certified Cloud Practitioner CLF-C01 Part 1 Quiz Format
No ratings yet
AWS Certified Cloud Practitioner CLF-C01 Part 1 Quiz Format
17 pages
ExamTestSAA PDF
0% (2)
ExamTestSAA PDF
289 pages
Amazon Web Services Certshared Saa-C02 Exam Question 2021-Jul-19 by Mandel 323q Vce
No ratings yet
Amazon Web Services Certshared Saa-C02 Exam Question 2021-Jul-19 by Mandel 323q Vce
9 pages
AWS SAA-C03 Exam Questions & Answers
No ratings yet
AWS SAA-C03 Exam Questions & Answers
131 pages
Aws Certified Solutions Architect Associate Study Guide B08L1BC3QR
No ratings yet
Aws Certified Solutions Architect Associate Study Guide B08L1BC3QR
91 pages
Exam 1
No ratings yet
Exam 1
14 pages
AWS-CPE-Clear Exam and Interview
No ratings yet
AWS-CPE-Clear Exam and Interview
895 pages
Amazon - Saa C03.VNov 2023.by .Pen .212q
100% (1)
Amazon - Saa C03.VNov 2023.by .Pen .212q
81 pages
System Operations On AWS
No ratings yet
System Operations On AWS
4 pages
AWS Solutions Architect Exam Q&A
50% (2)
AWS Solutions Architect Exam Q&A
104 pages
AWS Solutions Architect Exam Prep
No ratings yet
AWS Solutions Architect Exam Prep
108 pages
AWS Practice Exam 2
No ratings yet
AWS Practice Exam 2
15 pages
Practice Exam 5 NA
No ratings yet
Practice Exam 5 NA
9 pages
WWW Lme Com en GB Metals Ferrous HRC FOB China#TabIndex 2
No ratings yet
WWW Lme Com en GB Metals Ferrous HRC FOB China#TabIndex 2
3 pages
Iot Unit 4
No ratings yet
Iot Unit 4
50 pages
Cryptanalysis and Enhancement of An Anonymous Self-Certified Key Exchange Protocol
No ratings yet
Cryptanalysis and Enhancement of An Anonymous Self-Certified Key Exchange Protocol
29 pages
Tokyo Revengers, Chapter 218 - English Scans
No ratings yet
Tokyo Revengers, Chapter 218 - English Scans
1 page
Android Dev Insights for Engineers
No ratings yet
Android Dev Insights for Engineers
7 pages
When The Flyff Game Has Made - Google Search
No ratings yet
When The Flyff Game Has Made - Google Search
1 page
Gardens of The Moon PDF - Google Suche
0% (1)
Gardens of The Moon PDF - Google Suche
2 pages
Teachers' Online Tools Seminar
No ratings yet
Teachers' Online Tools Seminar
6 pages
Ramzan Daily Dua
No ratings yet
Ramzan Daily Dua
19 pages
Cam Works View
No ratings yet
Cam Works View
31 pages
MT4 Trading Platform Guide
No ratings yet
MT4 Trading Platform Guide
13 pages
MEMO SBE-v1 - 10-Revd
No ratings yet
MEMO SBE-v1 - 10-Revd
48 pages
Login Credentials and URLs List
No ratings yet
Login Credentials and URLs List
1,085 pages
PDF A Complete Guide To DevOps With AWS: Deploy, Build, and Scale Services With AWS Tools and Techniques Osama Mustafa Download
100% (3)
PDF A Complete Guide To DevOps With AWS: Deploy, Build, and Scale Services With AWS Tools and Techniques Osama Mustafa Download
47 pages
Singer Touch and Sew 648
No ratings yet
Singer Touch and Sew 648
80 pages
Chapter 6 Socialization
No ratings yet
Chapter 6 Socialization
11 pages
PracticeTest AZ 104
No ratings yet
PracticeTest AZ 104
89 pages
Helen Kara - Write A Questionnaire - Little Quick Fix-SAGE Publications LTD (2019)
No ratings yet
Helen Kara - Write A Questionnaire - Little Quick Fix-SAGE Publications LTD (2019)
125 pages
Communicating and Collaborating Using ICT
100% (3)
Communicating and Collaborating Using ICT
12 pages
Floboss s600 Modbus Specification Manual en 7287226
No ratings yet
Floboss s600 Modbus Specification Manual en 7287226
30 pages
Ricoh IM 2702 Brochure
100% (1)
Ricoh IM 2702 Brochure
4 pages
UX300 Updated Troubleshooting Practices1
No ratings yet
UX300 Updated Troubleshooting Practices1
2 pages
CG Notes
No ratings yet
CG Notes
136 pages
Collaborative Filtering Models
No ratings yet
Collaborative Filtering Models
10 pages
ITHINK User Manual English
No ratings yet
ITHINK User Manual English
28 pages
CCNA 1 v7 de 14 16
No ratings yet
CCNA 1 v7 de 14 16
26 pages
JBIMS Online Aptitude Test Guide
No ratings yet
JBIMS Online Aptitude Test Guide
1 page
Football Club Company Profile by Slidesgo
No ratings yet
Football Club Company Profile by Slidesgo
50 pages
Senstar ONVIF Server 8 Installation Guide en-US
No ratings yet
Senstar ONVIF Server 8 Installation Guide en-US
6 pages
RHCE8 Ansible Practice Test Guide
No ratings yet
RHCE8 Ansible Practice Test Guide
7 pages