CLF-C01 Online Practice Questions and Answers

A company wants to provide one of its employees with access to Amazon RDS. The company also wants to limit the interaction to only the AWS CLI and AWS software development kits (SDKs).

Which combination of actions should the company take to meet these requirements while following the principles of least privilege? (Choose two.)

A. Create an IAM user and provide AWS Management Console access only.

B. Create an IAM user and provide programmatic access only.

C. Create an IAM role and provide AWS Management Console access only.

D. Create an IAM policy with administrator access and attach it to the IAM user.

E. Create an IAM policy with Amazon RDS access and attach it to the IAM user.

which tool is useed to forecast AWS spending?

A. AWS trusted Advisor

B. AWS Organizations

C. Cost Explorer

D. Amazon Inspector

Which services can be used to deploy applications on AWS? (Choose two.)

A. AWS Elastic Beanstalk

B. AWS Config

C. AWS OpsWorks

D. AWS Application Discovery Service

E. Amazon Kinesis

A Lambda function processes data before sending it to a downstream service. Each piece of data is approximately 1MB in size. After a security audit, the function is now required to encrypt the data before sending it downstream.

Which API call is required to perform the encryption?

A. Pass the data to the KMS ReEncrypt API for encryption

B. Use the KMS GenerateDataKeyAPi to get an encryption key

C. Use the KMS GeneraceDaraHeywithoutPlainTexr API to get an encryption key

D. Pass the data to KMS as part of the Encrypt API for encryption.

An independent software vendor (ISV) wants to deploy its application on AWS. The ISV's customers must be able to access the application securely from their own AWS accounts. Which AWS service or feature can the ISV use to securely provide access to its application?

A. Virtual private gateway

B. AWS Client VPN

C. Internet gateway

D. AWS PrivateLink

A company wants to set AWS spending targets and track costs against those targets. Which AWS tool or feature should the company use to meet these requirements?

A. AWS Cost Explorer

B. AWS Budgets

C. AWS Cost and Usage Report

D. Savings Plans

Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.)

A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3)

B. Server-side encryption with AWS KMS managed keys (SSE-KMS)

C. TLS

D. SSL

E. Transparent Data Encryption (TDE)

A user is using AWS account root user credentials to try to close an AWS account that is managed by AWS Organizations. However, the attempt is unsuccessful. What could cause this attempt to be unsuccessful?

A. No multi-factor authentication (MFA) has been configured.

B. The root user is not specifically assigned to the administration group.

C. The root user's password does not meet the minimum password complexity requirements.

D. The organizational administrator has used a service control policy (SCP) to limit the root user permissions.

Which AWS service or feature can a company use to determine which business unit is using specific AWS resources?

A. Cost allocation tags

B. Key pairs

C. Amazon Inspector

D. AWS Trusted Advisor

Which AWS services can a company use to achieve a loosely coupled architecture? (Choose two.)

A. Amazon Workspaces

B. Amazon Simple Queue Service (Amazon SQS)

C. Amazon Connect

D. AWS Trusted Advisor

E. AWS Step Functions