Where can I get the latest aws exam questions in PDF format? How to get Amazon certification exam questions? If you are preparing for the Amazon exam, do you have the same doubts. Hi, you will find all the updated PDF questions and answers in https://www.pass4itsure.com/amazon.html Pass4itsure’s expert team will continuously revise and update learning materials. Get authentic questions for preparation, which will help you to pass Amazon Certified: CLF-C01, SAA-C01, SAA-C02 exam with ease. Share with you for free below!
Updated Amazon AWS Certified Foundational CLF-C01 exam dumps (pdf) and effective practice questions
[google drive] CLF-C01 exam dumps (pdf) download
FREE CLF-C01 exam dumps pdf https://drive.google.com/file/d/1tAeLRiepjswP-M-iY5GUMVueDq8U26eM/view?usp=sharing
Amazon AWS Certified Foundational CLF-C01 exam effective practice questions
QUESTION 1
After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount?
A. No upfront payment
B. Hourly on-demand payment
C. Partial upfront payment
D. All upfront payment
Correct Answer: D
Reference: https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
QUESTION 2
Which of the following security measures protect access to an AWS account? (Choose two.)
A. Enable AWS CloudTrail.
B. Grant least privilege access to IAM users.
C. Create one IAM user and share with many developers and users.
D. Enable Amazon CloudFront.
E. Activate multi-factor authentication (MFA) for privileged users.
Correct Answer: BE
If you decided to create service accounts (that is, accounts used for programmatic access by applications running
outside of the AWS environment) and generate access keys for them, you should create a dedicated service account for
each use case. This will allow you to restrict the associated policy to only the permissions needed for the particular use
case, limiting the blast radius if the credentials are compromised. For example, if a monitoring tool and a release
management tool both require access to your AWS environment, create two separate service accounts with two
separate policies that define the minimum set of permissions for each tool.
Reference: https://aws.amazon.com/blogs/security/guidelines-for-protecting-your-aws-account-while-usingprogrammatic-access/
QUESTION 3
Which of the following can a customer use to enable single sign-on (SSO) to the AWS Console?
A. Amazon Connect
B. AWS Directory Service
C. Amazon Pinpoint
D. Amazon Rekognition
Correct Answer: B
Single sign-on only works when used on a computer that is joined to the AWS Directory Service directory. It cannot be
used on computers that are not joined to the directory.
Reference: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_single_sign_on.html
QUESTION 4
A company is considering migrating its applications to AWS. The company wants to compare the cost of running the
workload on-premises to running the equivalent workload on the AWS platform. Which tool can be used to perform this
comparison?
A. AWS Simple Monthly Calculator
B. AWS Total Cost of Ownership (TCO) Calculator
C. AWS Billing and Cost Management console
D. Cost Explorer
Correct Answer: B
TCO calculator compare the cost of running your applications in an on-premises or colocation environment to AWS.
Reference: https://awstcocalculator.com
QUESTION 5
When architecting cloud applications, which of the following are a key design principle?
A. Use the largest instance possible
B. Provision capacity for peak load
C. Use the Scrum development process
D. Implement elasticity
Correct Answer: B
Cloud services main proposition is to provide elasticity through horizontal scaling. It\\’s already there. As for using
largest instance possible, it is not a design principle that helps cloud applications in anyway. Scrum development
process is not related to architecting. Therefore, a key principle is to provision your application for on-demand capacity.
Peak loads is something that cloud applications experience everyday. Peak load management should be a necessary
part of cloud application design principle.
Reference: https://d1.awsstatic.com/whitepapers/AWS_Cloud_Best_Practices.pdf
More complete Pass4itsure CLF-C01 exam dumps: https://www.pass4itsure.com/aws-certified-cloud-practitioner.html
CLF-C01 exam video
Updated Amazon AWS Certified Associate SAA-C01 (SAA-C02) exam dumps (pdf) and effective practice questions
[google drive] SAA-C01 exam dumps (pdf) download
FREE SAA-C01 exam dumps pdf https://drive.google.com/file/d/1kT9oIFQ-IDK_zDYMJTYvT8JxClvH6Tzt/view?usp=sharing
Amazon AWS Certified Associate SAA-C01 exam effective practice questions
QUESTION 1
A company is launching a new static website on Amazon S3 and Amazon CloudFront. The company wants to ensure
that all web requests go through only CloudFront.
How can a Solutions Architect meet this requirement?
A. Configure the S3 bucket policy to allow only CloudFront IP addresses to read objects.
B. Create IAM users in a group that has read access to the S3 bucket. Configure CloudFront to pass credentials to the
S3 bucket.
C. Create a CloudFront origin access identity (OAI), then update the S3 bucket policy to allow the OAI read access.
D. Convert the S3 bucket to an EC2 instance, then give CloudFront access to the instance by using security groups.
Correct Answer: C
To allow access to your Amazon S3 bucket only from a CloudFront distribution, first add an origin access identity (OAI)
to your distribution. Then, review your bucket policy and Amazon S3 access control list (ACL) to be sure that:
Only the OAI can access your bucket.
CloudFront can access the bucket on behalf of requesters.
Users can\\’t access the objects in other ways, such as by using Amazon S3 URLs.
Reference: https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-access-to-amazon-s3/
QUESTION 2
A Solutions Architect is designing an application in AWS. The Architect must not expose the application or database tier
over the Internet for security reasons. The application must be low-cost and have a scalable front end. The databases
and application tier must have only one-way Internet access to download software and patch updates.
Which solution helps to meet these requirements?
A. Use a NAT Gateway as the front end for the application tier and to enable the private resources to have Internet
access.
B. Use an Amazon EC2-based proxy server as the front end for the application tier, and a NAT Gateway to allow
Internet access for private resources.
C. Use an ELB Classic Load Balancer as the front end for the application tier, and an Amazon EC2 proxy server to allow
Internet access for private resources.
D. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet
access for private resources.
Correct Answer: D
QUESTION 3
A customer has an application that is used by enterprise customers outside of AWS. Some of these customers use
legacy firewalls that cannot whitelist by DNS name, but whitelist based only on IP address. The application is currently
deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to
whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic.
What can a Solutions Architect do to support the customer and allow for more capacity? (Choose two.)
A. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet.
B. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a standby instance in the
event of a failure.
C. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a
time.
D. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53
E. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.
Correct Answer: BC
QUESTION 4
An application provides a feature that allows users to securely download private and personal files. The web server is
currently overwhelmed with serving files for download. A Solutions Architect must find a more effective solution to
reduce web server load and costs, and must allow users to download only their own files.
Which solution meets all requirements?
A. Store the files securely on Amazon S3 and have the application generate an Amazon S3 pre-signed URL for the user
to download.
B. Store the files in an encrypted Amazon EBS volume, and use a separate set of servers to serve the downloads.
C. Have the application encrypt the files and store them in the local Amazon EC2 Instance Store prior to serving them
up for download.
D. Create an Amazon CloudFront distribution to distribute and cache the files.
Correct Answer: A
Pre-signed S3 URLs are useful whenever you want to easily provide temporary access to a protected asset. There are
two common use cases when you may want to use pre-signed S3 URLs:
Simple, occasional sharing of private files.
Frequent, programmatic access to view or upload a file in an application.
QUESTION 5
A company has a legal requirement to store point-in-time copies of its Amazon RDS PostGreSQL database instance in facilities that are at least 200 miles apart.
Use of which of the following provides the easiest way to comply with this requirement?
A. Cross-region read replica
B. Multiple Availability Zone snapshot copy
C. Multiple Availability Zone read replica
D. Cross-region snapshot copy
Correct Answer: D
More complete Pass4itsure SAA-C01 exam dumps: https://www.pass4itsure.com/aws-solution-architect-associate.html
SAA-C01 exam video
[google drive] SAA-C02 exam dumps (pdf) download
FREE SAA-C02 exam dumps pdf https://drive.google.com/file/d/10V5IUy5xP5l1Uuf3bo-bCYUTjcY0GPbe/view?usp=sharing
Amazon AWS Certified Associate SAA-C02 exam effective practice questions
QUESTION 1
A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems
Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination. What
infrastructure addition will allow access to the AWS service while meeting the requirements?
A. VPC peering
B. NAT instance
C. NAT gateway
D. AWS PrivateLink
Correct Answer: A
QUESTION 2
A company is running an ecommerce application on Amazon EC2 The application consists of a stateless web tier that
requires a minimum of 10 instances, and a peak of 250 instances to support the application\\’s usage The application
requires 50 instances 80% of the time
Which solution should be used to minimize costs?
A. Purchase Reserved Instances to cover 250 instances
B. Purchase Reserved Instances to cover 80 instances Use Spot Instances to cover the remaining instances
C. Purchase On-Demand Instances to cover 40 instances Use Spot Instances to cover the remaining instances
D. Purchase Reserved Instances to cover 50 instances Use On-Demand and Spot Instances to cover the remaining
instances
Correct Answer: D
QUESTION 3
A Solutions Architect is designing a solution for a media company that will stream large amounts of data from an
Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500
MB/s.
Which storage type will meet the performance requirements of this application?
A. EBS Provisioned IOPS SSD
B. EBS General Purpose SSD
C. EBS Cold HDD
D. EBS Throughput Optimized HDD
Correct Answer: D
QUESTION 4
An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2
Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the
EC2 instances is at or near 40%
What should a solutions architect do to maintain the desired performance across all instances m the group?
A. Use a simple scaling policy to dynamically scale the Auto Scaling group
B. Use a target tracking policy to dynamically scale the Auto Scaling group
C. Use an AWS Lambda function to update the desired Auto Scaling group capacity
D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group
Correct Answer: D
QUESTION 5
A company\\’s production application runs online transaction processing (OLTP) transactions on an Amazon RDS
MySQL DB instance The company is launching a new reporting tool that will access the same data The reporting tool
must be highly available and not impact the performance of the production application
How can this be achieved\\’?
A. Create hourly snapshots of the production RDS DB instance
B. Create a Multi-AZ RDS Read Replica of the production RDS DB instance
C. Create multiple RDS Read Replicas of the production RDS DB instance Place the Read Replicas in an Auto Scaling
group
D. Create a Single-AZ RDS Read Replica of the production RDS DB instance Create a second Single-AZ RDS Read
Replica from the replica
Correct Answer: B
More complete Pass4itsure SAA-C02 exam dumps: https://www.pass4itsure.com/saa-c02.html
SAA-C02 exam video
Maybe easyhometraining other exam certification, you are also interested, click here to get!
P.S.
Pass4itsure provides the latest aws exam dumps, aws exam pdf, aws exam video, aws exam free practice questions to help you improve your skills! Improve test scores!
1.2020 Latest Pass4itsure CLF-C01 Exam Dumps (PDF & VCE) Free Share:
https://drive.google.com/file/d/1tAeLRiepjswP-M-iY5GUMVueDq8U26eM/view?usp=sharing
2.2020 Latest Pass4itsure SAA-C01 PDF and SAA-C01 VCE Dumps Free Share:
https://drive.google.com/file/d/1kT9oIFQ-IDK_zDYMJTYvT8JxClvH6Tzt/view?usp=sharing
3.2020 Latest Pass4itsure SAA-C02 PDF and SAA-C02 VCE Dumps Free Share:
https://drive.google.com/file/d/10V5IUy5xP5l1Uuf3bo-bCYUTjcY0GPbe/view?usp=sharing
Free resources from https://www.pass4itsure.com/amazon.html helping you 100% pass all aws exams!