CLF-C01 Free Practice Test

- (Exam Topic 1)
Which AWS service provides alerts when an AWS event may impact a company's AWS resources?

1. A. AWS Personal Health Dashboard
2. B. AWS Service Health Dashboard
3. C. AWS Trusted Advisor
4. D. AWS Infrastructure Event Management

Correct Answer: C

- (Exam Topic 1)
Which of the following are aspects of the AWS shared responsibility model? (Select TWO.)

1. A. Configuration management of infrastructure devices is the customer’s responsibility.
2. B. For Amazon S3, AWS operates the infrastructure layer, the operating systems, and the platforms.
3. C. AWS is responsible for protecting the physical cloud infrastructure.
4. D. AWS is responsible for training the customer’s employees on AWS products and services.
5. E. For Amazon EC2, AWS is responsible for maintaining the guest operating system.

Correct Answer: AC
AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.
Customer responsibility “Security in the Cloud” – Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. For example, a service such as Amazon Elastic Compute Cloud (Amazon EC2) is categorized as Infrastructure as a Service (IaaS) and, as such, requires the customer to perform all of the necessary security configuration and management tasks. Customers that deploy an Amazon EC2 instance are responsible for management of the guest operating system (including updates and security patches), any application software or utilities installed by the customer on the instances, and the configuration of the AWS-provided firewall (called a security group) on each instance. For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data. Customers are responsible for managing their data (including encryption options), classifying their assets, and using IAM tools to apply the appropriate permissions.
Shared_Responsibility_Model_V2

- (Exam Topic 1)
Which AWS service or feature enables users to block the incoming or outgoing traffic associated with specific IP addresses flowing through a VPC?

1. A. Network ACLs
2. B. Security groups
3. C. AWS Identity and Access Management (1AM)
4. D. AWS WAF

Correct Answer: D
To allow or block specific IP addresses for your EC2 instances, usneeatwork Access Control List (ACL) or
security group rules in your VPC. Network ACLs and security group rules act as firewalls allowing or
blocking IP addresses from accessing your resources

- (Exam Topic 3)
Which AWS service or feature can a company use to determine which business unit is using specific AWS resources?

1. A. Cost allocation tags
2. B. Key pairs
3. C. Amazon Inspector
4. D. AWS Trusted Advisor

Correct Answer: A

- (Exam Topic 3)
Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

1. A. High availability
2. B. Economies of scale
3. C. Pay-as-you-go pricing
4. D. Global reach

Correct Answer: C