Amazon CLF-C01 Practice Test - Questions Answers, Page 63
List of questions
Question 621
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company needs a centralized, secure way to create and manage cryptographic keys. The company will use the keys across a wide range of AWS services and applications. The company needs to track and document when the keys are created, used, and deleted.
Which AWS service or feature will meet these requirements?
Explanation:
Explanation:
AWS Key Management Service (AWS KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
Question 622
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company needs steady and predictable performance from its Amazon EC2 instances at the lowest possible cost. The company also needs the ability to scale resources to ensure that it has the right resources available at the right time. Which AWS service or resource will meet these requirements?
Explanation:
Explanation:
AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost.
Question 623
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company runs a web application on Amazon EC2 instances. The application must run constantly and is expected to run indefinitely without interruption
Which EC2 instance purchasing options will meet these requirements MOST cost-effectively? (Select TWO.)
Explanation:
Explanation:
Amazon EC2 provides the following purchasing options to enable you to optimize your costs based on your needs:
*On-Demand Instances - Pay, by the second, for the instances that you launch.
*Savings Plans - Reduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years.
*Reserved Instances - Reduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and Region, for a term of 1 or 3 years.
*Spot Instances - Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly.
*Dedicated Hosts - Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs. *Dedicated Instances - Pay, by the hour, for instances that run on single-tenant hardware.
*Capacity Reservations - Reserve capacity for your EC2 instances in a specific Availability Zone for any duration.
If you require a capacity reservation, purchase Reserved Instances or Capacity Reservations for a specific Availability Zone. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if they can be interrupted. Dedicated Hosts or Dedicated Instances can help you address compliance requirements and reduce costs by using your existing server-bound software licenses.
Question 624
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company plans to launch an application that will run in multiple locations within the United States.
The company needs to identify the two AWS Regions where the application can operate at the lowest price. Which AWS service or feature should the company use to determine the Regions that offer the lowest price?
Explanation:
Explanation: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
Question 625
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which AWS benefit enables users to deploy cloud infrastructure that consists of multiple geographic regions connected by a network with low latency, high throughput, and redundancy?
Question 626
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company needs to use machine learning and pattern matching to identify and protect sensitive data that the company stores in the AWS Cloud. Which AWS service will meet these requirements?
Explanation:
Explanation:
Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
Question 627
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company wants to expand from one AWS Region into a second AWS Region. What does the company need to do to expand into the second Region?
Question 628
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Select TWO.)
Explanation:
Explanation:
If you do have an access key for your AWS account root user, delete it. If you must keep it, rotate (change) the access key regularly. To delete or rotate your root user access keys, go to the My Security Credentials page in the AWS Management Console and sign in with your account's email address and password. You can manage your access keys in the Access keys section. For more information about rotating access keys, see Rotating access keys.
Question 629
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which of the following are aspects of the AWS shared responsibility model? (Select TWO.)
Explanation:
Answer: AC Section: (none)
Explanation:
Explanation:
AWS responsibility ìSecurity of the Cloudî - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Customer responsibility ìSecurity in the Cloudî - Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
Question 630
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity?
Question