AWS Certified Cloud Practitioner Practice Test

Question 1:
Which of the following is not a pillar of AWS Well-Architected Framework?
A. Security
B. Reliability
C. Scalability
D. Sustainability

Question 2:
Which of the following AWS services can perform multiple builds concurrently?
A. AWS CodeStar
B. AWS Code Build
C. Amazon CodeGuru
D. AWS CodeCommit

Question 3:
Which of the following AWS services can you use to find trends related to your AWS cost and usage?
A. AWS CloudWatch Dashboard
B. AWS Cost Explorer
C. AWS Organizations
D. AWS Budgets

Question 4:
You have deployed a web application on an EC2 instance which allows users to upload images into S3 buckets. You have users all over the world for this application. Which of the following services would you use to make the experience as good as possible for worldwide users?
A. Amazon CloudFront
B. AWS S3 Accelerator
C. AWS Global Accelerator
D. Edge Locations

Question 5:
Which of the following design principles is related to the Operational Excellence Pillar of the AWS Well-Architected Framework?
A. Perform operations as code
B. Protect data in transit and at rest
C. Experiment more often
D. Maximize utilization

Question 6:
Your application is writing logs to CloudWatch. However, there is an issue with the application. To troubleshoot the issue, you need to search through around 1000 log files on the CloudWatch. Which options on the AWS CloudWatch can you use to run regular expressions like query to search through 1000 logs?
A. Log Groups
B. Insights
C. Rules
D. Event Buses

Question 7:
Which of the following is the most efficient way to access DynamoDB from an application running on an EC2 instance?
A. Internet Gateway Endpoint
B. VPC Gateway Endpoint
C. VPC Interface Endpoint
D. Virtual Private Endpoint

Question 8:
Which AWS services should you use to detect customer sentiment and analyze customer interactions to categorize inbound support requests automatically?
A. Amazon Kendra
B. Amazon Textract
C. Amazon Transcribe
D. Amazon Comprehend

Question 9:
Which of the following is a persistent block storage service?
A. Amazon EFS
B. Amazon EBS
C. Amazon S3
D. Amazon EC2 Instance Store

Question 10:
You have been planning to deploy an event-driven microservices applications to the AWS cloud. You have around 200 microservices in the application. Which of the following services of AWS you can use to help troubleshoot performance issues of a particular microservice?
A. Amazon Macie
B. AWS Lambda
C. AWS CodeStar
D. AWS X-Ray

Question 11:
Which of the following services can you use get recommendations about what Reserved Instances to purchase based on your historical AWS usage?
A. AWS CloudWatch Dashboard
B. AWS Cost Explorer
C. AWS Organizations
D. AWS Budgets

Question 12:
Which of the following statements is not true about Security Group?
A. EC2 Security Groups are stateless.
B. You can assign multiple Security Groups to an EC2 instance.
C. There are quotas about how many rules per Security Groups allowed.
D. When you create VPC, it comes with a default Security Group.

Question 13:
You have a use case where you need to use on-premises data to build machine learning models using AWS SageMaker. Which of the following AWS Storage Gateway types can you use to copy on-premises files to S3 cost-effectively?
A. Tape Gateway
B. File Gateway
C. Volume Gateway
D. AWS Direct Connect

Question 14:
You have many developers in your organization who are busy architecting, designing, and developing the code using Java as the main programming language. Your senior developers who are involved in the code review process complain about not having enough bandwidth for quality code review. In addition, there are many critical pull requests which are pending to be reviewed. Which of the following AWS tools can you use to help speed the code review process?
A. AWS CodeStar
B. AWS CodeBuild
C. Amazon CodeGuru
D. AWS CodeCommit

Question 15:
Which of the following services is FREE?
A. AWS WAF
B. AWS Shield Advanced
C. AWS Shield Standard
D. Amazon S3

Question 16:
You are working as a DevOps lead in your company. The software engineering team is deploying a new application in the test environment. However, the developer who is deploying the application doesn’t have access to the EC2 instance of the test environment. Which features or services can you use to provide temporary credentials to the developer so that the developer can deploy the application in the test environment?
A. AWS Security Token Service
B. AWS Secrets Manager
C. AWS Web Application Firewall
D. Amazon Cognito

Question 17:
You are looking for the most cost-effective option to run around 1000 ETL jobs for about 1 month. Each of them runs hourly every day. You are ok if these jobs are interrupted as you have added a hook to handle the interruption to save the state of a job so that next time the job gets the instance, the job resumes from the state it was interrupted. Which of the following EC2 Instance types would be the most cost-effective option?
A. On-Demand Instance
B. Reserved Instance
C. Spot Instance
D. Dedicated Host

Question 18:
The AWS team in your organization is involved in automating many processes such as account creation and applying policies to the group of accounts. Which AWS services can you use to create AWS accounts programmatically?
A. AWS IAM
B. AWS Roles
C. AWS Management Console
D. AWS Organizations

Question 19:
What is the time limit of an AWS Lambda function per execution?
A. 5 min
B. 10 min
C. 15 min
D. 20 min

Question 20:
You are working as VP of software engineering. You have been asked to find out the organization-wide security posture of the AWS environment in your organization by automated checks based on a security best practice. Which of the following AWS services can you use for this use case?
A. AWS Security Hub
B. AWS Encryption SDK
C. AWS Secrets Manager
D. AWS Artifact

Question 21:
Which of the following statements is NOT correct?
A. AWS WAF can be deployed on Amazon CloudFront.
B. AWS WAF can be deployed on Amazon API Gateway
C. AWS WAF can be deployed on Amazon S3
D. AWS WAF can be deployed on Application Load Balancer

Question 22:
You would like to bring your Windows license, which is based on number of cores, to AWS Cloud. Which of the following instance types can you use for your Windows license?
A. On-Demand
B. Spot Instance
C. Reserved Instance
D. Dedicated Host

Question 23:
You are executing an AWS Lambda function to process a file when it is uploaded to an S3 bucket. Which of the following options is correct about how an AWS Lambda function’s execution is charged?
A. The number of times the function is executed and the time taken to execute the function.
B. The time is taken to execute the function.
C. The number of times the function is executed.
D. The number of times the function is executed, the time taken to execute the function, and the memory consumed by the function during the execution.

Question 24:
Which of the following AWS service uses machine learning, anomaly detection techniques, threat intelligence techniques to identify traffic having potential threats?
A. AWS Shield Advanced
B. Amazon GaurdDuty
C. AWS WAF
D. AWS Shield Standard

Question 25:
Which of the following AWS services can you use to secure documents by identifying and redacting Personally Identifiable Information (PII)?
A. Amazon Kendra
B. Amazon Textract
C. Amazon Transcribe
D. Amazon Comprehend

Question 26:
Which programming language cannot be used to write an AWS Lambda function?
A. Java
B. Python
C. C++
D. Ruby

Question 27:
You are looking for an EC2 instance for 1 month for doing integration testing of the application that your team has recently worked on. You don’t want the testing EC2 instances to be interrupted. Which of the following instance types will be the best fit for this use case?
A. On-Demand Instance
B. Reserved Instance
C. Spot Instance
D. Dedicated Host

Question 28:
Which of the following statements is true related to AWS Shield Standard?
A. AWS Shield Standard cannot protect the Network layer from DDoS attacks.
B. AWS Shield Standard cannot protect the Transport layer from DDoS attacks.
C. AWS Shield Standard cannot protect the Application layer from DDoS attacks.
D. AWS Shield Standard cannot protect CloudFront from layer 3 and layer 4 DDoS attacks.

Question 29:
You have a use case where you need to use cloud storage for your current tape backup without making any change in the existing backup and archive workflow. Which of the following AWS Storage features can you use to replace the current on-premises tape backup solution with the AWS cloud backup solution cost-effectively?
A. Tape Gateway
B. File Gateway
C. Volume Gateway
D. AWS Direct Connect

Question 30:
You are having an availability issue with one of AWS services. Which of the following can help you find out if a particular service is available or not?
A. AWS CloudWatch
B. AWS CloudTrail
C. AWS Service Health Dashboard
D. AWS Systems Manager

Question 31:
Which of the following statements is not true with regards to EC2 instance data transfer?
A. There is no charge for inbound data transfer across all services in all Regions.
B. Data transfer from AWS to the internet is charged per service,
C. If the internet gateway is used to access the public endpoint of the AWS services in the same Region, there are no data transfer charges.
D. If a NAT gateway is used to access the same services, there is a data no processing charge.

Question 32:
You have deployed a microservices application on three EC2 instances. You have fronted this with Application Load Balancer. You would like to protect the login URL from brute force attacks. Which of the following services can you provide protection and monitoring?
A. AWS Shield Standard
B. AWS Web Application Firewall (WAF)
C. AWS Firewall Manager
D. AWS CloudWatch

Question 33:
You are working as an AWS consultant for a company that is involved in a cloud migration project. The company would like to extend its on-premises IT infrastructure to connect to the AWS VPC to speed up some of its projects. The company would like to have a consistent high-bandwidth connection set up between on-premises and the AWS VPC. Which of the following options would you recommend for this use case?
A. AWS Direct Connect
B. AWS Site-to-Site VPN
C. Virtual Private Gateway
D. Customer Gateway

Question 34:
You are looking for a large number of computing resources immediately. Which of the following instance types will be the best fit for this use case?
A. On-Demand Instance
B. Reserved Instance
C. Spot Instance
D. Dedicated Host

Question 35:
Your company has many departments and each of these departments has many AWS accounts. There are budget issues, and your finance controller needs to see consolidated AWS billing to centralize the cost. You being the DevOps lead, which of the following AWS services /features will you use to consolidate AWS bills of multiple AWS accounts?
A. AWS Budgets
B. AWS Organizations
C. Amazon CloudWatch
D. AWS Cost and Usage

Question 36:
You deployed a static web application on S3 and used CloudFront to handle global traffic efficiently. You want to protect an application from common web exploits against OWASP's top 10 security risks. Which of the following services can you use to protect an application from common web exploits?
A. AWS Shield Standard
B. AWS WAF
C. AWS Firewall Manager
D. AWS CloudWatch

Question 37:
Which of the following AWS services don’t require a VPC to run? (Select Two)
A. Amazon EC2
B. Amazon RDS
C. Amazon S3
D. Amazon DynamoDB
E. Elastic Load Balancer

Question 38:
You have a fleet of 10 EC2 instances running in one AWS Region. You need to apply a patch script, which is stored on GitHub, to all of the EC2 instances, but you are only allowed to apply patch remotely. Which of the following services can you use to apply the patch script on the fleet of all EC2 instances remotely?
A. AWS Config
B. Use Run command of AWS Systems Manager
C. AWS Web Application Firewall (WAF)
D. Amazon CloudWatch

Question 39:
You have an application that stores information in DynamoDB. The application also uses S3 to store files and images. You are designing a feature for this application where if a user uploads an image, the image thumbnail should be displayed quickly. Which of the following AWS services will you help you implement this feature cost-effectively?
A. Amazon EFS
B. Amazon SageMaker
C. AWS Elastic Beanstalk
D. AWS Lambda

Question 40:
You have two database servers on EC2 instances in a private subnet. You would like these instances to connect to the Internet so that they can download the latest patches. Which of the following can you use to allow EC2 instances in the private subnet to connect to the Internet?
A. AWS Direct Connect
B. NAT Gateway
C. Customer Gateway
D. Transit Gateway

Question 41:
You have a use case where you need to connect your on-premises IT infrastructure to the multiple VPC using a consistent high bandwidth connection. Which of the following options would you recommend?
A. AWS Site-to-Site VPN
B. AWS Direct Connect with Direct Connect Gateway
C. Virtual Private Gateway
D. Customer Gateway

Question 42:
You are planning to run a build job. The job is of predictable nature in terms of compute resource requirements. You have a Reserved EC2 Instance available. Which of the following is a cost-effective to run the job using the Docker container on AWS?
A. ECS on EC2
B. AWS Fargate
C. AWS Lambda
D. AWS Lambda or AWS Fargate

Question 43:
Your company is involved in modernization projects for many applications to migrate them to the AWS cloud. You have been asked to build a design solution for one of the applications in such a way as to use AWS services wherever possible so that the application can be more cloud-native. The application that you have been assigned to modernize uses LDAP for authentication. Your use case is to replace the LDAP with an AWS service in your new design. Which of the following services can you use for this use case?
A. Amazon DynamoDB
B. Amazon Cognito
C. Amazon Cloud Directory
D. AWS Secrets Manager

Question 44:
You have concerns about a possible DDoS attack on your application and are interested to find out bad actors if that happens. Which of the following AWS services can you use to address the issue?
A. AWS Shield Advanced
B. AWS Shield Standard
C. Amazon CloudWatch
D. Amazon Cognito

Question 45:
You have a fleet of 10 EC2 instances running in one AWS Region. You need to turn off SSH on all the instances, but you are only allowed to do it remotely. Which of the following services can you use to turn off SSH on all the EC2 instances remotely?
A. AWS Config
B. Use State Manager of AWS Systems Manager
C. AWS Web Application Firewall (WAF)
D. Amazon CloudWatch

Question 46:
Which of the following options is true related to the protection provided by AWS Shield Standard?
A. It defends against the most common, frequently occurring Network, Transport, and Application layer DDoS attacks.
B. It defends against the most common, frequently occurring Network, Transport layer DDoS attacks.
C. It defends against the most common, frequently occurring DDoS attacks only at the Network layer.
D. It defends against the most common, frequently occurring DDoS attacks only at the Application layer.

Question 47:
You have a use case where you need to connect your on-premises IT infrastructure to the multiple 250 VPCs using a consistent high bandwidth connection. Which of the following options would you recommend?
A. AWS Site-to-Site VPN
B. AWS Direct Connect with Transit Gateway
C. Virtual Private Gateway
D. Customer Gateway

Question 48:
You are working as a lead software engineer. You have been asked to translate large volumes of text for analysis quickly. Which of the following AWS service can you use for this use case?
A. Amazon Rekognition
B. Amazon Transcribe
C. Amazon Polly
D. Amazon Translate

Question 49:
Your company is required to maintain a history of all changes to EC2 to maintain compliance. Which of the following services will you use to record the history of changes?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Config
D. AWS Logs

Question 50:
Which of the following is not true about VPC Sharing?
A. If you run out of IPv4 addresses, you can create VPC sharing to utilize the resources more efficiently.
B. The only owner of the VPC can change the configuration or setup, such as creating subnets, setting up all the route tables, setting up NACLs, etc.
C. The owner of the VPC can share the subnet with multiple accounts.
D. There will be one billing account for all the resources created in a shared subnet.

Question 51:
You are working as a lead software engineer for a media company. You have been asked to quickly document clinical conversations into electronic health record (EHR) systems for analysis.
Which of the following AWS service can you use for this use case?
A. Amazon Rekognition
B. Amazon Transcribe
C. Amazon Personalize
D. Amazon Kendra

Question 52:
You are working in a DevOps group of your company. There are concerns about AWS cost, and your group has been asked to make sure all Elastic IP Addresses must be used otherwise released. Which of the following services will you use to find out if each Elastic IP Address is associated with an EC2 instance or not?
A. Amazon CloudWatch
B. AWS CloudTrail
C. AWS Config
D. AWS X-Ray

Question 53:
You are working as a lead software engineer. You have been asked to implement a feature in an existing application to flag suspicious online payment transactions before processing payments and fulfilling orders. Which of the following AWS service can you use for this use case?
A. Amazon Rekognition
B. Amazon Fraud Detector
C. Amazon Kendra
D. Amazon Textract

Question 54:
You are working as a lead software engineer. You have been asked to implement features in an existing application to add product recommendations, personalized product re-ranking, and customized direct marketing. Which of the following AWS service can you use for this use case?
A. Amazon Rekognition
B. Amazon Fraud Detector
C. Amazon Personalize
D. Amazon Kendra

Question 55:
Which AWS service can you use make SSH connection to an EC2 instance without opening inbound port?
A. AWS Systems Manager
B. AWS Systems Manager Session Manager
C. AWS CloudTrail
D. AWS Config

Question 56:
You are working as a lead software engineer. You have been asked to redesign a search feature of an existing application to add natural language search capabilities so that employees and customers can easily find the right answers to questions when they need them instead of searching through troves of unstructured data. Which of the following AWS service can you use for this use case?
A. Amazon Polly
B. Amazon Kendra
C. Amazon Rekognition
D. Amazon Textract

Question 57:
Which of the following AWS service can you use to eliminate the need to hardcode database credentials in getting a connection from the MySQL database?
A. AWS Shield
B. Amazon IAM
C. AWS Secrets Manager
D. AWS Config

Question 58:
Which of the following AWS service/feature can you use to scan your AWS infrastructure, compare it with AWS best practices, and provides recommended action?
A. AWS Trusted Advisor
B. AWS Systems Manager
C. AWS Shield Advanced
D. AWS Config

Question 59:
Which AWS service can quickly process ID documents such as driver's licenses and passports issued by the U.S. government?
A. Amazon Polly
B. Amazon Kendra
C. Amazon Rekognition
D. Amazon Textract

Question 60:
You have been designing a real-time analytic application, in which if a user submits an order, the order information is sent to the DynamoDB database. Which of the following AWS services can you use to implement this highly available application cost-effectively? (Select Two)
A. Amazon Kinesis
B. Amazon SageMaker
C. AWS Elastic Beanstalk
D. AWS Lambda
E. Amazon EFS

Question 61:
You are working as an AWS consultant for a client. The client would like to do operational planning to predict levels of web traffic, AWS usage, and IoT sensor usage. Which of the following AWS services is the best fit for this use case if you need to implement this use quickly?
A. Amazon Lex
B. Amazon Kendra
C. Amazon Rekognition
D. Amazon Forecast

Question 62:
Which of the following can you use to connect Window File Server from an EC2 Linux instance?
A. AWS Systems Manager
B. Amazon FSx for Windows
C. Amazon API Gateway
D. AWS Direct Connect

Question 63:
Which of the following storage service is transient?
A. Amazon EFS
B. Amazon EBS
C. Amazon S3
D. Amazon EC2 Instance Store

Question 64:
You need to access a file from two EC2 instances running in two separate AZs. Which of the following storage service can you use for this use case?
A. Amazon EBS
B. Amazon S3
C. Amazon EFS
D. Amazon EC2 Instance Store

Question 65:
Which of the following AWS services can you use to enrich events from SaaS applications using AWS AI/ML services to gain valuable insights?
A. Amazon SageMaker
B. Amazon EventBridge
C. AWS Glue
D. Amazon SNS