Are you looking for free questions and answers to prepare for the AWS Certified Cloud Practitioner exam?
Here are our newly updated 30+ Free questions on the AWS cloud practitioner certification exam which are very similar to the practice test as well as the real exam.
The AWS Cloud Practitioner Certification exam is designed to validate an individual’s understanding of the AWS Cloud and its core services. It covers a broad range of topics related to the AWS Cloud, including:
Latest updates: The AWS Certified Cloud Practitioner exam CLF-C01 will be available only on or before September 18, 2023. The updated version of AWS Certified Cloud Practitioner exam CLF-C02 version starts on September 19, 2023.
Table of Contents
AWS Certified Cloud Practitioner exams are designed to test and recognize your skills on AWS cloud infrastructure, compliance and security, user management, value propositions, and operating/deploying principles in the AWS cloud environment.
We are giving it for free to help you in passing the AWS cloud practitioner exam just like your colleagues. It’s a free takeaway from the Whizlabs team for AWS Job seekers during this year 2024.
Overall, providing AWS Cloud Practitioner practice exam questions (CLF-C02) for free serves both the interests of AWS and the individuals preparing for the certification exams. It’s a win-win situation that promotes learning, skill development, and community engagement.
You can find a lot of video courses on AWS cloud practitioner exam to learn the exam objectives. And now, it’s the time to test your hard-earned AWS skills by studying the exam simulator questions on AWS certified cloud practitioner exam.
Our AWS certified experts even curated these AWS simulator questions carefully which are based on the latest syllabus and very relevant to the real AWS Cloud Practitioner exam.
This list of free aws questions on AWS certified cloud practitioner exams can help you in up-skilling the knowledge gaps. Once you have spent some time learning these AWS questions on Cloud Practitioner certification, you can face the real exam with more confidence and ensure passing it in your first attempt itself.
Let’s get started!
Q 1: According to AWS, what is the benefit of Elasticity?
A. Minimize storage requirements by reducing logging and auditing activities
B. Create systems that scale to the required capacity based on changes in demand
C. Enable AWS to automatically select the most cost-effective services.
D. Accelerate the design process because recovery from failure is automated, reducing the need for testing
Explanation :
The concept of Elasticity is the means of an application having the ability to scale up and scale down based on demand. An example of such a service is the Autoscaling service
For more information on AWS Autoscaling service, please refer to the below URL: https://aws.amazon.com/autoscaling/
A, C and D are incorrect. Elasticity will not have positive effects on storage, cost or design agility.
Q2: Which tool can you use to forecast your AWS spending?
A. AWS Organizations
B. Amazon Dev Pay
C. AWS Trusted Advisor
D. AWS Cost Explorer
Explanation :
The AWS Documentation mentions the following.
Cost Explorer is a free tool that you can use to view your costs. You can view data up to the last 12 months. You can forecast how much you are likely to spend for the next 12 months and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to see patterns in how much you spend on AWS resources over time, identify areas that need further inquiry, and see trends that you can use to understand your costs. You also can specify time ranges for the data and view time data by day or by month.
A, B and C are incorrect. These services do not relate to billing and cost.
Q3: A business analyst would like to move away from creating complex database queries and static spreadsheets when generating regular reports for high-level management. They would like to publish insightful, graphically appealing reports with interactive dashboards. Which service can they use to accomplish this?
A. Amazon QuickSight
B. Business intelligence on Amazon Redshift
C. Amazon CloudWatch dashboards
D. Amazon Athena integrated with Amazon Glue
Correct Answer – A
Explanation :
Amazon QuickSight is the most appropriate service in the scenario. It is a fully-managed service that allows for insightful business intelligence reporting with creative data delivery methods, including graphical and interactive dashboards. QuickSight includes machine learning that allows users to discover inconspicuous trends and patterns on their datasets.
Q4. What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?
A. File Transfer
B. HTTP Transfer
C. Amazon S3 Transfer Acceleration
D. S3 Acceleration
Explanation :
The AWS Documentation mentions the following.
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
Options A, B and D are incorrect . These features deal with transferring data but not between clients and an S3 bucket.
Q5: What best describes the “Principle of Least Privilege”? Choose the correct answer from the options given below.
A. All users should have the same baseline permissions granted to them to use basic AWS services.
B. Users should be granted permission to access only resources they need to do their assigned job.
C. Users should submit all access requests in written form so that there is a paper trail of who needs access to different AWS resources.
D. Users should always have a little more permission than they need.
Explanation :
The principle means giving a user account only those privileges which are essential to perform its intended function. For example, a user account for the sole purpose of creating backups does not need to install the software. Hence, it has rights only to run backup and backup-related applications.
For more information on the principle of least privilege, please refer to the following link: https://en.wikipedia.org/wiki/Principle_of_least_privilege
Options A, C, and D are incorrect. These actions would not adhere to the Principle of Least Privilege.
Q6: A web administrator maintains several public and private web-based resources for an organisation. Which service can they use to keep track of the expiry dates of SSL/TLS certificates as well as updating and renewal?
A. AWS Data Lifecycle Manager
B. AWS License Manager
C. AWS Firewall Manager
D. AWS Certificate Manager
Correct Answer – D
Explanation :
The AWS Certificate Manager allows the web administrator to maintain one or several SSL/TLS certificates, both private and public certificates including their update and renewal so that the administrator does not worry about the imminent expiry of certificates. https://aws.amazon.com/certificate-manager/
Q7: Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?
A. Delete the data and create a new EBS volume.
B. Create EBS snapshots.
C. Attach new volumes to EC2 Instances.
D. Create copies of EBS Volumes.
Explanation :
Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.
When you create an EBS volume based on a snapshot, the new volume begins as an exact replica of the original volume that was used to create the snapshot. The replicated volume loads data in the background so that you can begin using it immediately.
Option A is incorrect because there is no need for backup of the volumes if data is already deleted.
Option C is incorrect because attaching more EBS volumes doesn’t ensure availability, if there is no snapshot then the volume cannot be available to a different availability zone.
Option D is incorrect EBS volumes cannot be copied, they can only be replicated using snapshots.
For more information on EBS Snapshots, please refer to the below URL: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html
Q8: Which of the following services can be used as an application firewall in AWS?
A. AWS Snowball
B. AWS WAF
C. AWS Firewall
D. AWS Protection
Explanation :
The AWS Documentation mentions the following:
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content.
AWS Snowball, a part of the AWS Snow Family, is an edge computing, data migration, and edge storage device that comes in two options. Snowball Edge Storage Optimized devices provide both block storage and Amazon S3-compatible object storage, and 40 vCPUs.
Q9: Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below:
Reduce inter-dependencies so failures do not impact other components.
Which of the following concepts does this requirement relate to?
A. Integration
B. Decoupling
C. Aggregation
D. Segregation
Explanation :
The entire concept of decoupling components ensures that the different components of applications can be managed and maintained separately. If all components are tightly coupled, the entire application would go down when one component goes down. Hence it is always a better practice to decouple application components.
For more information on a decoupled architecture, please refer to the below URL: http://whatis.techtarget.com/definition/decoupled-architecture
Q10: A manufacturing firm has recently migrated their application servers to the Amazon EC2 instance. The IT Manager is looking for the details of upcoming scheduled maintenance activities which AWS would be performing on AWS resources, that may impact the services on these EC2 instances.
Which of the following services can alert you about the changes that can affect resources in your account?
A. AWS Organizations
B. AWS Personal Health Dashboard
C. AWS Trusted Advisor
D. AWS Service Health Dashboard
Explanation :
AWS Personal Health Dashboard provides alerts for AWS services availability & performance which may impact resources deployed in your account. Customers get emails & mobile notifications for scheduled maintenance activities which might impact services on these AWS resources.
Option A is incorrect as AWS Organizations do not provide any notifications for scheduled maintenance activities.
Option C is incorrect as AWS Trusted Advisor will provide notification on AWS resources created within the account for cost optimization, security, fault tolerance, performance, and service limits. It will not provide notification for scheduled maintenance activities performed by AWS on its resources.
Option D is incorrect as Service Health Dashboard displays the general status of all AWS services & will not display scheduled maintenance activities.
For more information on the AWS Organizations, please refer to the below URL: https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/
Q11: Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?
A. Amazon Inspector
B. AWS CloudFormation
C. AWS Trusted Advisor
D. AWS Config
Answer – D
Explanation :
AWS Config can be used to audit, evaluate configurations of AWS resources. If there are any operational issues, AWS config can be used to retrieve configurational changes made to AWS resources that may have caused these issues.
Q12: An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test, and one for Production. The Security team has some concerns about the VPC configuration. It requires restricting communication across the EC2 instances using Security Groups.
Which of the following options is true for Security Groups related to the scenario?
A. You can change a Security Group associated with an instance if the instance is in the running state.
B. You can change a Security Group associated with an instance if the instance is in the hibernate state.
C. You can change a Security Group only if there are no instances associated to it.
D. The only Security Group you can change is the Default Security Group.
Answer: A
Explanation :
Q13: Which of the following features of Amazon RDS allows for better availability of databases? Choose the answer from the options given below.
A. VPC Peering
B. Multi-AZ
C. Read Replicas
D. Data encryption
Answer – B
Explanation :
The AWS Documentation mentions the following.
If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment.
For more information on AWS RDS, please visit the FAQ Link:https://aws.amazon.com/rds/faqs/
Q14: Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move?
A. AWS Database Migration Service
B. AWS VM Migration Service
C. AWS Inspector
D. AWS Trusted Advisor
Answer – A
Explanation :
The AWS Documentation mentions the following.
AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases.
For more information on AWS Database migration, please refer to the below URL:https://aws.amazon.com/dms/
Q15: Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities?
A. AWS Trusted Advisor
B. AWS Inspector
C. AWS WAF
D. AWS Shield
Answer – B
Explanation :
The AWS Documentation mentions the following.
Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.
Q16: A website for an international sport governing body would like to serve its content to viewers from different parts of the world in their vernacular language. Which of the following services provide location-based web personalization using geolocation headers?
A. Amazon CloudFront
B. Amazon EC2 Instance
C. Amazon Lightsail
D. Amazon Route 53
Answer – A
Explanation :
Amazon CloudFront supports country-level location-based web content personalization with a feature called Geolocation Headers.
You can configure CloudFront to add additional geolocation headers that provide more granularity in your caching and origin request policies. The new headers give you more granular control of cache behavior and your origin access to the viewer’s country name, region, city, postal code, latitude, and longitude, all based on the viewer’s IP address.
References:
Q17: Which of the following can be used to protect against DDoS attacks? Choose 2 answers from the options given below.
A. AWS EC2
B. AWS RDS
C. AWS Shield
D. AWS Shield Advanced
Answer – C and D
Explanation :
The AWS Documentation mentions the following:
AWS Shield – All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge. AWS Shield Standard defends against most common, frequently occurring network and transport layer DDoS attacks that target your web site or applications
AWS Shield Advanced – For higher levels of protection against attacks targeting your web applications running on Amazon EC2, Elastic Load Balancing (ELB), CloudFront, and Route 53 resources, you can subscribe to AWS Shield Advanced. AWS Shield Advanced provides expanded DDoS attack protection for these resources.
Q18: Which of the following are the recommended resources to be deployed in the Amazon VPC private subnet?
A. NAT Gateways
B. Bastion Hosts
C. Database Servers
D. Internet Gateways
Answer – C
Explanation :
As Database servers contain confidential information, so for a security perspective, it should be deployed in a Private Subnet.
Amazon Virtual Private Cloud (Amazon VPC) enables the user to launch AWS resources into a virtual network that a user has defined.
Option A is incorrect because NAT devices (NAT Gateway, Nat Instance) allow instances in private subnets to connect to the internet, other VPCs, or on-premises networks. It is deployed in a public subnet.
Option B is incorrect because bastion host is a server whose purpose is to provide access (SSH access) to a private network from an external network, such as the Internet. It is deployed in a public subnet.
Option D is incorrect because an Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
Q19: A company wants to utilize AWS storage. For them, low storage cost is paramount. The data is rarely retrieved and a data retrieval time of 13-14 hours is acceptable for them. What is the best storage option to use?
A. Amazon S3 Glacier
B. S3 Glacier Deep Archive
C. Amazon EBS volumes
D. AWS CloudFront
Answer – B
Explanation :
S3 Glacier Deep Archive offers the lowest cost storage in the cloud, at prices lower than storing and maintaining data in on-premises magnetic tape libraries or archiving data offsite.
It expands our data archiving offerings, enabling you to select the optimal storage class based on storage and retrieval costs, and retrieval times.
Option B is correct because S3 Glacier Deep Archive offers low-cost storage and retrieval time doesn’t matter for the company. If the question asks for fast retrieval time then S3 Glacier would be correct.
Option A is incorrect because S3 Glacier is not cheaper than S3 Glacier Deep Archive.
Options C and D are incorrect because they are not suitable for data archive and faster retrieval. Also, the CloudFront is not for storage.
With S3 Glacier, customers can store their data cost-effectively for months, years, or even decades. S3 Glacier enables customers to offload the administrative burdens of operating and scaling storage to AWS, so they don’t have to worry about capacity planning, hardware provisioning, data replication, hardware failure detection, and recovery, or time-consuming hardware migrations.
Storage class | Expedited | Standard | Bulk |
Amazon S3 Glacier | 1–5 minutes | 3–5 hours | 5–12 hours |
S3 Glacier Deep Archive | Not available | Within 12 hours | Within 48 hours |
Reference:
Q20: Which AWS service provides a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability?
A. AWS RDS
B. DynamoDB
C. Oracle RDS
D. Elastic Map Reduce
Answer: – B
Explanation :
DynamoDB is a fully managed NoSQL offering provided by AWS. It is now available in most regions for users to consume.
Q21: For which of the following AWS resources, the Customer is responsible for the infrastructure-related security configurations?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon EC2
D. AWS Fargate
Answer: C
Explanation :
Amazon EC2 is an Infrastructure as a Service (IaaS) for which customers are responsible for the security and the management of guest operating systems.
For more information on the Shared responsibility model, refer to the following URL:https://aws.amazon.com/compliance/shared-responsibility-model/
Q22: In the shared responsibility model for infrastructure services, such as Amazon Elastic Compute Cloud, which of the below two are customers responsibility?
A. Network infrastructure
B. Amazon Machine Images (AMIs)
C. Virtualization infrastructure
D. Physical security of hardware
E. Policies and configuration
Answer: B, E
Explanation :
In the shared responsibility model, AWS is primarily responsible for “Security of the Cloud.” The customer is responsible for “Security in the Cloud.” In this scenario, the mentioned AWS product is IAAS (Amazon EC2) and AWS manages the security of the following assets:
– Physical security of hardware
Customers are responsible for the security of the following assets:
– Amazon Machine Images (AMIs)
– Data in transit
– Policies and configuration
References:
Q23: AWS offers two savings plans to enable more savings and flexibility for its customers, namely, compute saving plans and EC2 Instance Savings plans.
Which of the below statement is FALSE regarding Saving Plans?
A. Capacity Reservations are not provided with Saving Plans.
B. Savings Plans are available for all the regions.
C. Savings plans will apply on ‘On-Demand Capacity Reservations’ that customers can allocate for their needs.
D. The prices for Savings Plans do not change based on the amount of hourly commitment.
Answer: B
Explanation :
Q24: Which of the below-listed services is a region-based AWS service?
A. AWS IAM
B. Amazon EFS
C. Amazon Route 53
D. Amazon CloudFront
Answer: B
Explanation :
References:
Q25: Which of the following LightSail Wizard allows the customers to “create a copy of the LightSail instance in EC2”?
A. LightSail Backup
B. LightSail Copy
C. Upgrade to EC2
D. LightSail-EC2 snapshot
Answer: C
Explanation :
Reference:
Q26 : Which of the following features of Amazon Connect helps better customer engagement on AWS Cloud ?
A. Push Notification
B. High Quality Audio
C. Mailbox Simulator
D. Reputation Dashboard
Correct Answer: B
Amazon Connect is an omnichannel cloud contact centre which can be setup easily & with low cost. It has following features which helps to provide customers a superior service ,
Option A is incorrect as Push Notification is not a feature of Amazon Connect. It’s one of the features of Amazon Pinpoint.
Option C is incorrect as Mailbox Simulator is not a feature of Amazon Connect. It’s one of the features of Amazon SES.
Option D is incorrect as Reputation Dashboard is not a feature of Amazon Connect. It’s one of the features of Amazon SES.
For more information on Amazon Connect, refer to the following URL: https://aws.amazon.com/connect/features/
Q27: A large IT company is looking to enable its large user base to remotely access Linux desktops from any location. Which service can be used for this purpose ?
A. Amazon Cognito
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. Amazon WorkLink
Correct Answer: C
Amazon WorkSpaces provides a secure managed service for virtual desktops for remote users. It supports both Windows & Linux based virtual desktops for a large number of users.
Option A is incorrect as Amazon Cognito can be used to control access to AWS resources from an application.
Option B is incorrect as Amazon AppStream 2.0 can be used to provide access to applications or a non-persistent desktop from any location.
Option D is incorrect as Amazon WorkLink can be used by internal employees to securely access internal websites & applications using mobile phones.
For more information on Amazon WorkSpaces, refer to the following URL: https://aws.amazon.com/workspaces/features/
Q28 : Users in the Developer Team need to deploy a multi-tier web application. Which service can be used to create a customized portfolio that will help users for quick deployment?
A. AWS Config
B. AWS Code Deploy
C. AWS Service Catalog
D. AWS Cloud Formation
Correct Answer: C
AWS Service Catalog can be used to create & deploy portfolio of products within AWS infrastructure. This helps to create consistent resources within AWS infrastructure with quick deployment. These catalogues can be used for deployment of single resource or a multi-tier web application consisting of web, application, & database layer resources.
Option A is incorrect as AWS config is used for evaluating configuration on the resources deployed in AWS cloud. It will not help for creating portfolios of resources for quick deployment.
Option B is incorrect as AWS CodeDeploy is a managed service for automating software deployment on AWS resources & on-premise systems. It is not suitable for creating portfolios of resources for quick deployment.
Option D is incorrect as AWS CloudFormation is a service for provisioning AWS resources using templates.
For more information on AWS Service Catalog, refer to the following URL: https://aws.amazon.com/servicecatalog/features/
Q29 : A large Oil & gas company is planning to deploy a high-volume application on multiple Amazon EC2 instances. Which of the following can help to reduce operational expenses?
A. Deploy Amazon EC2 instance with Auto-scaling
B. Deploy Amazon EC2 instance in multiple AZ’s
C. Deploy Amazon EC2 instance with Amazon instance store-backed AMI
D. Deploy Amazon EC2 instance with Cluster placement group
Correct Answer: A
Using Amazon EC2 Auto-Scaling helps to match the workload on the application with the optimum number of the Amazon EC2 instance. Due to this, during low load on application, Amazon EC2 instances are terminated which reduces operational cost.
Option B is incorrect as deploying an Amazon EC2 instance in a multiple AZ might enhance application availability but will not reduce operational expenses.
Option C is incorrect as deploying an Amazon EC2 instance with Amazon instance store-backed AMI incur charges for Amazon EC2 instance usage & storing AMI in Amazon S3. There will be no impact on operational expense using this AMI type.
Option D is incorrect as deploying an Amazon EC2 instance in a cluster placement group will help to have low latency between instances but will not reduce operational expenses.
For more information on reducing cost using AWS cloud , refer to the following URL: https://aws.amazon.com/economics/
Q30 : Which of the following activities are within the scope of AWS Support?
A. Troubleshooting API issues
B. Code Development
C. Debugging custom software
D. Third-party application configuration on AWS resources
E. Database query tuning
Correct Answers: A and D
As a part of AWS Support following activities are performed,
AWS Support does not include:
Option B is incorrect as Code Development is not in the scope of AWS Support. This needs to be taken care of by the customer.
Option C is incorrect as Debugging custom software is not in the scope of AWS Support. This needs to be taken care of by the customer.
Option E is incorrect as Database query tuning is not in the scope of AWS Support. This needs to be taken care of by the customer.
For more information on AWS Support, refer to the following URL: https://aws.amazon.com/premiumsupport/
Q31: I have a huge amount of data (images, documents). I want to store them on AWS storage service S3 and know how S3 is priced to make informed decisions. Which of the following is accounted as a cost for S3 storage? Select TWO.
A. While uploading data to an S3 bucket
B. Lifecycle transition requests
C. Outbound data transfer from S3 in US-West to an EC2 instance in US-West
D. Outbound data transfer to Amazon CloudFront
E. Outbound data transfer from S3 in US-East to an EC2 instance in US-West
Correct Answers: B and E
Explanation:
Option A is incorrect. Data transferred in from the internet to S3 does not incur any charges.
Option B is CORRECT. Lifecycle data transfers between the storage classes can be considered as GET/PUT operations from the source storage class to the target storage class which will incur cost.
Option C is incorrect. Outbound data transfers from S3 within the same Region (including a different AWS account) do not incur any charges.
Option D is incorrect. Data transferred out to Amazon CloudFront performed as a request by CloudFront to the Origin server (S3) for caching content does not incur any charges.
Option E is CORRECT since the Outbound data transfer is done out of the region where the S3 bucket resides.
Q32: I am using the Amazon Simple Notification Service to send notifications to alert admins whenever the CPU utilization of an EC2 instance crosses 70%. Which of the following can be subscribers to an SNS Topic? (Select TWO)
A. Email
B. Amazon S3
C. AWS Lambda
D. Amazon CloudWatch
E. Amazon DynamoDB streams
Correct Answers: A and C
Explanation:
SNS is extremely useful for the fan-out types of applications, i.e., multiple clients that push messages to an SNS topic & multiple listeners can be notified when a message arrives at the Topic.
Option A is CORRECT. SNS messages can be sent to registered addresses as Email (text-based or Object) who act as subscribers to the notification
Option B is incorrect. S3 acts as a publisher of SNS notifications. When a file is uploaded to S3, it can publish an event that can then be subscribed to & acted upon
Option C is CORRECT. A lambda function can subscribe to an SNS Topic and can act on any events that are published to that Topic. An S3 PUT or CREATE event for uploading documents can have a Lambda subscriber that can pull out metadata information contained within the documents & store it in a Dynamo DB database.
Option D is incorrect. CloudWatch will act as a publisher of events using alarms. Getting back to our scenario, we can set CloudWatch alarms on the CPU utilization metrics of the EC2 instance. The alarms can then be published to an SNS Topic for notifying users.
Option E is incorrect. Dynamo DB streams are events that are emitted when record modifications occur on a Dynamo DB table like INSERT, UPDATE, etc. They are extremely useful to create informative dashboards in real-time. Dynamo DB streams can trigger a lambda function that can publish a message to an SNS Topic. So we can see here that Dynamo DB stream acts as a publisher of events.
Q 33: I require different levels of access for my application that is installed on an EC2 instance. I have configured an ENI for the same purpose. Which of the following statement is incorrect?
A. I can detach the primary ENI of my EC2 instance and connect it to another instance for moving its Elastic IP
B. I can configure a Security Group for my ENI and restrict traffic to the EC2 instance
C. I can detach a secondary ENI containing a Private IP from one EC2 instance and attach it to another
D. I can attach an Elastic IP to an EC2 instance in another subnet by releasing it from the ENI in the current subnet to which it is currently attached to
Correct Answer: A
Explanation:
Option A is CORRECT. The primary ENI of an instance cannot be detached from the instance. By default, the primary ENI is created with the creation of the EC2 instance & deleted when the instance is terminated
Option B is incorrect since an EC2 instance may require restricted access to certain IP addresses. This can be achieved by creating a new ENI & attaching a Public IP & Security Group restricting permissions.
Option C is incorrect. Secondary ENI’s that are created can be detached from the instance to which it is attached to & attached to another instance within the same subnet. The Private IP then gets allocated to the second instance to which it is attached currently
Option D is incorrect. ENI’s are subnet specific. So for attaching an Elastic IP to an instance in a different subnet, I need to first release it to the pool by dissociating it from an attached instance. This way, I can attach the Elastic IP to an instance in a different subnet.
Q 34: To make programmatic calls to AWS, a user was provided an access key ID and secret access key. However, the user has now forgotten the shared credentials and cannot make the required programmatic calls.
How can an access key ID and secret access key be provided to the user?
A. Use the “Forgot Password” Option
B. Use “Create New Access Key” by logging in to AWS Management Console as the root user
C. Credentials cannot be generated
D. Raise a ticket with AWS Support
Correct Answer: B
Explanation:
Option A is INCORRECT . This is an invalid option.
Option B is CORRECT .
Option C is INCORRECT . This is an incorrect option. We can create a new access key by logging in to Management Console as a root user.
Option D is INCORRECT . This is an incorrect option. We can create a new access key by logging in to Management Console as a root user.
Q 34: Which of the following statements accurately describe a function of AWS Secrets Manager? [Select Two]
A. Encrypts authentication information in code, ensuring that it is unreadable, that is, not in plain-text.
B. Replaces the need to hardcode authentication credentials in code.
C. Makes it possible to include an API call in code that retrieves authentication information from a central repository.
D. Automatically rotates and updates the code in the application build, ensuring that repositories are kept up to date.
E. Facilitates the embedding of authentication information in code during runtime.
Correct Answer: B and C
Explanation:
AWS Secrets Manager allows users to replace authentication information in code with an API call to Secrets Manager. This API call then retrieves the secret programmatically. This safeguards the secret from being compromised since the secret is removed from the code. AWS Secrets Manager automatically rotates the secret in accordance with specified schedules which allows the implementation of more secure short-term secrets. These, in turn, reduce the risk of authentication information in code being compromised.
Option A is INCORRECT because AWS Secrets Manager does not encrypt authentication information whilst it is in the code.
Option D is INCORRECT because AWS Secrets Manager does not automatically rotate or update the application code. Rather, it automatically rotates the secret in accordance with specified schedules.
Option E is INCORRECT because AWS Secrets Manager does not facilitate embedding authentication information in code during runtime. Developers do not need to hard-code authentication information in code.
Q35. Which of the following statements accurately describes AWS IQ?
A. AWS IQ is an artificial intelligence service that predicts cloud infrastructure costs.
B. AWS IQ is a service that offers free cloud computing resources to AWS customers.
C. AWS IQ is a platform that connects AWS customers with certified freelancers, experts, and consulting firms for various AWS-related tasks.
D. AWS IQ is a hardware appliance for secure data storage in AWS data centers.
Correct Answer: C
Explanation: AWS IQ is a platform that connects AWS customers with certified freelancers, experts, and consulting firms for various AWS-related tasks. This platform helps customers find and engage experts to assist with their specific AWS projects and tasks, making it a valuable resource for AWS customers looking for professional assistance.
Option A is incorrect because AWS IQ is not an artificial intelligence service for predicting cloud infrastructure costs. It is a platform for connecting customers with experts.
Option B is incorrect because AWS IQ does not offer free cloud computing resources. It is a marketplace for connecting customers with experts and involves payment for the services provided.
Option D is incorrect because AWS IQ is not a hardware appliance for data storage but rather a platform for connecting customers with AWS experts.
Q36. You are developing a web application that requires real-time collaboration features and seamless integration with AWS services for the backend. Which AWS service should you consider for simplifying the development and implementation of these features?
D. AWS Device Farm
Correct Answer: B
Explanation: AWS Amplify is a framework that simplifies the development of web and mobile applications by providing tools and services to streamline the process. It enables seamless integration with various AWS services for the backend, making it a suitable choice for simplifying the development and implementation of real-time collaboration features in web applications.
Option A is incorrect because AWS AppSync, while capable of handling real-time data synchronization, is primarily designed for applications using GraphQL APIs, and it may not be the most straightforward choice for the above scenario.
Option C is incorrect because Amazon RDS is a managed database service used to simplify the process of setting up, operating, and scaling relational databases in the cloud.
Option D is incorrect because AWS Device Farm is a testing service for mobile and web applications on real devices.
Q37: You are working on a software development project that involves managing and distributing software packages and dependencies across your development team. You need a secure and scalable solution for storing and sharing these artifacts. Which AWS service should you consider for this purpose?
A. AWS CodeCommit
C. AWS CodeBuild
D. AWS CodeArtifact
Correct Answer: D
Explanation: AWS CodeArtifact is designed for secure and scalable artifact management, making it an excellent choice for storing and sharing software packages and dependencies.
Option A is incorrect because AWS CodeCommit is a managed source code repository service, primarily used for version control and collaboration on source code. It’s not designed for storing and managing software artifacts and dependencies.
Option B is incorrect because AWS CodeStar is a developer tool that simplifies the setup and management of development projects, including integration with AWS services like CodeCommit, CodeBuild, and CodeDeploy.
Option C is incorrect because AWS CodeBuild is designed to compile, build, and test code in a scalable and efficient manner, helping development teams automate and streamline their build and deployment processes.
Q38: You are tasked with building and deploying a machine-learning model to predict customer preferences for an e-commerce platform. Which AWS service provides end-to-end machine learning capabilities?
A. Amazon SageMaker
D. Amazon Kendra
Correct Answer: A
Explanation: Amazon SageMaker is the correct choice for building and deploying machine learning models with end-to-end capabilities. It covers the entire machine-learning workflow, including data preprocessing, and model training.
Option B is incorrect because Amazon Lex is a service for building conversational interfaces using chatbots and voice-enabled applications. It is not designed for building and deploying machine learning models for predicting customer preferences.
Option C is incorrect because Amazon Polly is a service that converts text into lifelike speech. It is not used for machine learning model development or predictive analytics.
Option D is incorrect because Amazon Kendra is a service for building intelligent search capabilities into applications. While it is valuable for search and retrieval tasks, it is not designed for building machine learning models for predictive analytics.
Q39: In a customer support application, there is a need for a chatbot to assist users in finding quick answers to frequently asked questions. Which AWS service is suitable for building this chatbot with natural language understanding capabilities?
A. Amazon Rekognition
D. Amazon Kendra
Correct Answer: B
Explanation: Amazon Lex is the correct choice for developing a chatbot with natural language understanding capabilities. It enables the creation of conversational interfaces and chatbots that can comprehend and respond to user queries in natural language.
Option A is incorrect because Amazon Rekognition is a service for image and video analysis, primarily used for tasks like object recognition and facial analysis. It is not intended for chatbot development or natural language understanding.
Option C is incorrect because Amazon Polly is a service that converts text into lifelike speech but does not provide natural language understanding capabilities or chatbot development features.
Option D is incorrect because Amazon Kendra is an intelligent search service designed to provide highly accurate and efficient search capabilities for documents and data. It does not focus on chatbot development or natural language understanding.
Q40: What role does Amazon AppStream play in helping organizations?
A. It provides cloud-based virtual machines for running containerized applications.
B. It automates and manages AWS resource provisioning.
C. It delivers desktop applications securely to users via streaming.
D. It hosts websites and web applications with high availability.
Correct Answer: C
Explanation: Amazon AppStream is designed to securely stream desktop applications to users over the internet. It allows you to deliver software applications to a variety of devices, making them accessible from anywhere while maintaining data security.
Option A is incorrect because the description aligns more with services like Amazon EC2 or AWS Fargate, which provide virtual machines or containerized application execution, rather than AppStream’s focus on desktop application streaming.
Option B is incorrect because This aligns more with services like AWS CloudFormation or AWS Elastic Beanstalk, which are used for automating and managing AWS resource provisioning but are not related to desktop application streaming.
Option D is incorrect because High-availability hosting of websites and web applications is typically associated with services like AWS Elastic Load Balancing, AWS Auto Scaling, and Amazon S3 static website hosting, but it is not the primary purpose of Amazon AppStream.
Q41: You are developing a mobile application that requires real-time data synchronization and offline access to your backend data. Which AWS service should you consider for building the GraphQL API to meet these requirements?
B. AWS Device Farm
C. Amazon AppStream
Correct Answer: D
Explanation: AWS AppSync is the correct choice for building a GraphQL API that provides real-time data synchronization and offline access capabilities for mobile and web applications. It allows you to connect to various data sources and enables offline access through data caching.
Option A is incorrect because AWS Amplify is a development framework and library for building web and mobile applications, including features for authentication and data access.
Option B is incorrect because AWS Device Farm is a testing service for mobile and web applications on real devices. It is unrelated to building GraphQL APIs or providing real-time data synchronization and offline access.
Option C is incorrect because AWS AppStream is a service for securely streaming desktop applications to users over the internet.
Q42: In a software development project, a team needs a service to automate the compilation and testing of code changes in a continuous integration (CI) environment. Which AWS service is suitable for this purpose?
A. AWS CodeBuild
B. AWS CodeDeploy
C. AWS CodePipeline
D. AWS CodeCommit
Correct Answer: A
Explanation: AWS CodeBuild is the appropriate choice for automating the compilation and testing of code changes in a CI (continuous integration) environment. It is a fully managed build service that can compile your source code, run tests, and produce build artifacts.
Option B is incorrect because AWS CodeDeploy is a service used for automating software deployments to various compute targets, such as EC2 instances, and Lambda functions. It is not designed for the compilation and testing of code changes.
Option C is incorrect because AWS CodePipeline is a CI/CD service used for orchestrating and automating the delivery of software changes. While it can include CodeBuild as a build step, its primary focus is on the entire CI/CD pipeline, not just the build process.
Option D is incorrect because AWS CodeCommit is a managed source code repository service for version control and collaboration on source code. It is not a build service like CodeBuild.
Q43: In a production environment, there is a requirement to automate the entire process of managing and delivering changes, including building, testing, and deploying resources. Which AWS service should be considered to create an end-to-end continuous integration and continuous deployment (CI/CD) pipeline?
B. AWS CodeBuild
C. AWS CodePipeline
D. AWS CodeCommit
Correct Answer: C
Explanation: AWS CodePipeline is the appropriate choice for creating a streamlined, end-to-end CI/CD pipeline. It enables you to automate the entire process of managing and delivering changes, including building, testing, and deploying resources, facilitating a seamless and efficient CI/CD workflow.
Option A is incorrect because AWS CodeDeploy is a service used for automating software deployments to various compute targets, such as EC2 instances, Lambda functions. It is not designed to handle the complete CI/CD pipeline like CodePipeline.
Option B is incorrect because AWS CodeBuild is a managed build service used for compiling source code and running tests. While it is a crucial component of the CI/CD pipeline, it does not cover the entire CI/CD workflow as CodePipeline does.
Option D is incorrect because AWS CodeCommit is a managed source code repository service for version control and collaboration on source code.
Q44: In a remote work scenario, your organization needs to provide a virtual desktop experience for employees, allowing them to access their desktop environments securely from anywhere. Which AWS service should you consider for this purpose?
A) Amazon WorkSpaces
B) Amazon WorkSpaces Web
C) Amazon AppStream 2.0
D) AWS Device Farm
Correct Answer: A
Explanation: Amazon WorkSpaces is a service that provides a virtual desktop experience to employees, enabling them to access their desktop environments securely from anywhere with an internet connection. It offers a fully managed, scalable, and secure solution for remote desktop access.
Option B is incorrect because Amazon WorkSpaces Web is an economical, comprehensively supervised, Linux-centric solution, crafted to streamline secure web-based entry to internal websites and software-as-a-service (SaaS) applications through web browsers. It does not have the capability to provide a virtual desktop experience to users.
Option C is incorrect because Amazon AppStream 2.0 is a service for streaming desktop applications to users, but it is not primarily focused on providing full virtual desktop environments like Amazon WorkSpaces. It’s more suitable for streaming specific applications rather than complete desktops.
Option D is incorrect because AWS Device Farm is a testing service for mobile and web applications on real devices.
We hope the above list of questions on AWS Cloud Practitioner exams are helpful for you. AWS CCP (Certified Cloud Practitioner) is a foundational exam in which even a beginner interested to pursue their career in AWS cloud can attempt this exam.
It is strongly recommended to ensure that you have covered all the objectives of the AWS certification exam, so that you can pass the exam at ease and in your first attempt. Hence, keep practicing until you are confident to take the real exams. You can also try Whizlabs newly updated practice test, Video Course, Hands-on labs, AWS Sandbox on AWS Certified Cloud Practitioner exam.
Krishna Srinivasan is the CEO of Whizlabs. With 15+ years of experience in technology, he is aimed to spread his knowledge and experience with the world. He is a “Tech Personality” and the innovative mind behind the success of Whizlabs. As a CEO, he focuses on the product development, future direction, and business strategy.