In the series of AWS cloud practitioner exam practice question, this is part 2. I hope this will help you to revise the concepts

AWS CLF-C01 Practice Question part – 1
AWS CLF-C01 Practice Question part – 3
AWS Services Summary For CLF-C01

Questions:

Question 1: Which tasks are the responsibilities of customers? Select TWO.

1. Maintaining network infrastructure
2. Patching software on Amazon EC2 instances
3. Implementing physical security controls at data centers
4. Setting permissions for Amazon S3 objects
5. Maintaining servers that run Amazon EC2 instances

Question 2: You are configuring service control policies (SCPs) in AWS Organizations. Which identities and resources can SCPs be applied to? (Select TWO.)

1. IAM users
2. IAM groups
3. An individual member account
4. IAM roles
5. An organizational unit (OU)

Question 3: Which tasks can you complete in AWS Artifact? Select TWO.

1. Access AWS compliance reports on-demand.
2. Consolidate and manage multiple AWS accounts within a central location.
3. Create users to enable people and applications to interact with AWS services and resources.
4. Set permissions for accounts by configuring service control policies (SCPs).
5. Review, accept, and manage agreements with AWS.

Question 4: Which statement best describes an IAM policy?

1. An authentication process that provides an extra layer of protection for your AWS account
2. A document that grants or denies permissions to AWS services and resources
3. An identity that you can assume to gain temporary access to permissions
4. The identity that is established when you first create an AWS account

Question 5: An employee requires temporary access to create several Amazon S3 buckets. Which option would be the best choice for this task?

1. AWS account root user
2. IAM group
3. IAM role
4. Service control policy (SCP)

Question 6: Which statement best describes the principle of least privilege?

1. Adding an IAM user into at least one IAM group
2. Checking a packet’s permissions against an access control list
3. Granting only the permissions that are needed to perform specific tasks
4. Performing a denial of service attack that originates from at least one device

Question 7: Which service helps protect your applications against distributed denial-of-service (DDoS) attacks?

1. Amazon GuardDuty
2. Amazon Inspector
3. AWS Artifact
4. AWS Shield

Question 8: Which task can AWS Key Management Service (AWS KMS) perform?

1. Configure multi-factor authentication (MFA).
2. Update the AWS account root user password.
3. Create cryptographic keys.
4. Assign permissions to users and groups.

Question 9: Which tasks can you perform using AWS CloudTrail? Select TWO.

1. Monitor your AWS infrastructure and resources in real time
2. Track user activities and API requests throughout your AWS infrastructure
3. View metrics and graphs to monitor the performance of resources
4. Filter logs to assist with operational analysis and troubleshooting
5. Configure automatic actions and alerts in response to metrics

Question 10: Which actions can you perform using Amazon CloudWatch? Select TWO.

1. Monitor your resources’ utilization and performance
2. Receive real-time guidance for improving your AWS environment
3. Compare your infrastructure to AWS best practices in five categories
4. Access metrics from a single dashboard
5. Automatically detect unusual account activity

Question 11: Which service enables you to review the security of your Amazon S3 buckets by checking for open access permissions?

1. Amazon CloudWatch
2. AWS CloudTrail
3. AWS Trusted Advisor
4. Amazon GuardDuty

Question 12: Which categories are included in the AWS Trusted Advisor dashboard? Select TWO.

1. Reliability
2. Performance
3. Scalability
4. Elasticity
5. Fault tolerance

Question 13: Which action can you perform with consolidated billing?

1. Review how much cost your predicted AWS usage will incur by the end of the month.
2. Create an estimate for the cost of your use cases on AWS.
3. Combine usage across accounts to receive volume pricing discounts.
4. Visualize and manage your AWS costs and usage over time.

Question 14: Which pricing tool is used to visualize, understand, and manage your AWS costs and usage over time?

1. AWS Pricing Calculator
2. AWS Budgets
3. AWS Cost Explorer
4. AWS Free Tier

Question 15: Which pricing tool enables you to receive alerts when your service usage exceeds a threshold that you have defined?

1. Billing dashboard in the AWS Management Console
2. AWS Budgets
3. AWS Free Tier
4. AWS Cost Explorer

Question 16: Your company wants to receive support from an AWS Technical Account Manager (TAM). Which support plan should you choose?

1. Developer
2. Enterprise
3. Basic
4. Business

Question 17: Which service or resource is used to find third-party software that runs on AWS?

1. AWS Marketplace
2. AWS Free Tier
3. AWS Support
4. Billing dashboard in the AWS Management Console

Answers:

Question No.	Answer	Question No.	Answer	Question No.	Answer
1	2, 4	2	2, 3	3	1, 5
4	2	5	3	6	3
7	5	8	3	9	2, 4
10	1, 4	11	3	12	2, 5
13	3	14	3	15	2
16	2	17	1	18

Summary

• Amazon CloudWatch is a web service that enables you to monitor and manage various metrics for the resources that run your applications.
• AWS CloudTrail is a web service that enables you to review details for user activities and API calls that have occurred within your AWS environment.
• Amazon GuardDuty is a service that provides intelligent threat detection for your AWS environment and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
• AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.
• Automatically detecting unusual account activity can be performed by AWS CloudTrail.
• Review how much your predicted AWS usage will incur in costs by the end of the month – You can perform this action in AWS Budgets.
• In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.
• Create an estimate for the cost of your use cases on AWS – You can perform this action in AWS Pricing Calculator.
• Visualize and manage your AWS costs and usage over time – You can perform this action in AWS Cost Explorer.
• From the billing dashboard in the AWS Management Console, you can view details on your AWS bill, such as service costs by region, month to date spend, and more. However, you cannot set alerts from the billing dashboard.
• A Technical Account Manager (TAM) is available only to AWS customers with Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.
• Multi-factor authentication (MFA) is an authentication process that provides an extra layer of protection for your AWS account.

• An IAM role is an identity that you can assume to gain temporary access to permissions.
• The root user identity is the identity that is established when you first create an AWS account.
• Service control policies (SCPs) enable you to centrally control permissions for the accounts in your organization. An SCP is not the best choice for granting temporary permissions to an individual employee.
• Amazon GuardDuty is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
• Amazon Inspector checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.
• AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and select online agreements.
• AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data.
• IAM policies provide you with the flexibility to customize users’ levels of access to resources.