CLF-C01 Free Practice Test

- (Exam Topic 2)
What should a user do if the user loses an IAM secret access key?

1. A. Retrieve the secret access key by using the IAM console.
2. B. Create a new user with a new access key and a new secret access key.
3. C. Rotate the secret access key.
4. D. Request a new secret access key from AWS Support.

Correct Answer: C

- (Exam Topic 1)
Which AWS service provides an isolated virtual network to connect AWS services and resources?

1. A. Amazon EC2
2. B. Amazon DynamoDB
3. C. Amazon Lightsail
4. D. Amazon VPC

Correct Answer: D
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

- (Exam Topic 1)
A company runs a web application on Amazon EC2 instances. The application must run constantly and is expected to run indefinitely without interruption.
Which EC2 instance purchasing options will meet these requirements MOST cost-effectively? (Select TWO.)

1. A. On-Demand Instances
2. B. Spot Instances.
3. C. Reserved Instances
4. D. Savings Plans
5. E. Dedicated Hosts

Correct Answer: CD
Amazon EC2 provides the following purchasing options to enable you to optimize your costs based on your needs:
*On-Demand Instances – Pay, by the second, for the instances that you launch.
*Savings Plans – Reduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years.
*Reserved Instances – Reduce your Amazon EC2 costs by making a commitment to a consistent instance configuration, including instance type and Region, for a term of 1 or 3 years.
*Spot Instances – Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly.
*Dedicated Hosts – Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.
*Dedicated Instances – Pay, by the hour, for instances that run on single-tenant hardware.
*Capacity Reservations – Reserve capacity for your EC2 instances in a specific Availability Zone for any duration.
If you require a capacity reservation, purchase Reserved Instances or Capacity Reservations for a specific Availability Zone. Spot Instances are a cost-effective choice if you can be flexible about when your applications run and if they can be interrupted. Dedicated Hosts or Dedicated Instances can help you address compliance requirements and reduce costs by using your existing server-bound software licenses.

- (Exam Topic 1)
An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud. Which cost is the company's direct responsibility?

1. A. Cost of application software licenses
2. B. Cost of the hardware infrastructure on AWS
3. C. Cost of power for the AWS servers
4. D. Cost of physical security for the AWS data center

Correct Answer: A

- (Exam Topic 1)
A company needs to schedule the rotation of database credentials in the AWS Cloud. Which AWS service should the company use to perform this task?

1. A. AWS Identity and Access Management (IAM)
2. B. AWS Managed Services (AMS)
3. C. Amazon RDS
4. D. AWS Secrets Manager

Correct Answer: D
AWS Secrets Manager makes it easier to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. The key features of this service include the ability to:
* 1. Secure and manage secrets centrally. You can store, view, and manage all your secrets centrally. By default,
Secrets Manager encrypts these secrets with encryption keys that you own and control. You can use
fine-grained IAM policies or resource-based policies to control access to your secrets. You can also tag secrets to help you discover, organize, and control access to secrets used throughout your organization.
* 2. Rotate secrets safely. You can configure Secrets Manager to rotate secrets automatically without disrupting your applications. Secrets Manager offers built-in integrations for rotating credentials for all Amazon RDS databases (MySQL, PostgreSQL, Oracle, Microsoft SQL Server, MariaDB, and Amazon Aurora.) You can also extend Secrets Manager to meet your custom rotation requirements by creating an AWS Lambda function to rotate other types of secrets.
* 3. Transmit securely. Secrets are transmitted securely over Transport Layer Security (TLS) protocol 1.2. You can also use Secrets Manager with Amazon Virtual Private Cloud (Amazon VPC) endpoints powered by AWS Privatelink to keep this communication within the AWS network and help meet your compliance and regulatory requirements to limit public internet connectivity.
* 4. Pay as you go. Pay for the secrets you store in Secrets Manager and for the use of these secrets; there are no long-term contracts, licensing fees, or infrastructure and personnel costs. For example, a typical
production-scale web application will generate an estimated monthly bill of $6. If you follow along the
instructions in this blog post, your estimated monthly bill for Secrets Manager will be $1. Note: you may incur additional charges for using Amazon RDS and Amazon Lambda, if you’ve already consumed the free tier for these services.
Now that you’re familiar with Secrets Manager features, I’ll show you how to store and automatically rotate credentials for an Oracle database hosted on Amazon RDS. I divided these instructions into three phases:
* 1. Phase 1: Store and configure rotation for the superuser credential
* 2. Phase 2: Store and configure rotation for the application credential
* 3. Phase 3: Retrieve the credential from Secrets Manager programmatically