AWS-Certified-Cloud-Practitioner Free Practice Test

- (Topic 1)
Which AWS service can report how AWS resource configurations have changed over time?

1. A. AWS CloudTrail
2. B. Amazon CloudWatch
3. C. AWS Config
4. D. Amazon Inspector

Correct Answer: C
AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations and best practices. It also provides a detailed view of the resource configuration history and relationships, as well as compliance reports and notifications. AWS Config can help users maintain consistent and secure configurations, troubleshoot issues, and simplify compliance auditing. AWS Config OverviewAWS Certified Cloud Practitioner - aws.amazon.com

- (Topic 1)
Which AWS service or feature offers HTTP attack protection to users running public-facing web applications?

1. A. Security groups
2. B. Network ACLs
3. C. AWS Shield Standard
4. D. AWS WAF

Correct Answer: D
AWS WAF is the AWS service or feature that offers HTTP attack protection to users running public-facing web applications. AWS WAF is a web application firewall that helps users protect their web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Users can create custom rules to define the web traffic that they want to allow, block, or count. Users can also use AWS Managed Rules, which are pre-configured rules that are curated and maintained by AWS or AWS Marketplace Sellers. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer, to provide comprehensive security for web applications. [AWS WAF Overview] AWS Certified Cloud Practitioner - aws.amazon.com

- (Topic 2)
A company wants to create multiple isolated networks in the same AWS account. Which AWS service or component will provide this functionality?

1. A. AWS Transit Gateway
2. B. Internet gateway
3. C. Amazon VPC
4. D. Amazon EC2

Correct Answer: C
Amazon Virtual Private Cloud (Amazon VPC) is the AWS service that allows customers to create multiple isolated networks in the same AWS account. A VPC is a logically isolated section of the AWS Cloud where customers can launch AWS resources in a virtual network that they define. Customers can create multiple VPCs within an AWS account, each with its own IP address range, subnets, route tables, security groups, network access control lists, gateways, and other components. AWS Transit Gateway, Internet gateway, and Amazon EC2 are not services or components that provide the functionality of creating multiple isolated networks in the same AWS account. AWS Transit Gateway is a service that enables customers to connect their Amazon VPCs and their on- premises networks to a single gateway. An Internet gateway is a component that enables communication between instances in a VPC and the Internet. Amazon EC2 is a service that provides scalable compute capacity in the cloud34

- (Topic 1)
What are the characteristics of Availability Zones? (Select TWO.)

1. A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low- latency networking
2. B. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).
3. C. All traffic between Availability Zones is encrypted.
4. D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.
5. E. Every Availability Zone contains a single data center.

Correct Answer: AD
Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. Each Availability Zone has independent power, cooling, and physical security, and is connected to other Availability Zones in the same Region by a low-latency network. Therefore, the correct answers are A and D. You can learn more about Availability Zones and their characteristics from this page.

- (Topic 1)
A company needs to identify the last time that a specific user accessed the AWS Management Console.
Which AWS service will provide this information?

1. A. Amazon Cognito
2. B. AWS CloudTrail
3. C. Amazon Inspector
4. D. Amazon GuardDuty

Correct Answer: B
AWS CloudTrail is the service that will provide the information about the last time that a specific user accessed the AWS Management Console. AWS CloudTrail is a service that records the API calls and events made by or on behalf of your AWS account. You can use AWS CloudTrail to view, search, and download the history of AWS console sign-in events, which include the user name, date, time, source IP address, and other details of the sign-in activity. Amazon Cognito, Amazon Inspector, and Amazon GuardDuty are not services that will provide this information. Amazon Cognito is a service that provides user authentication and authorization for web and mobile applications. Amazon Inspector is a service that assesses the security and compliance of your applications running on AWS. Amazon GuardDuty is a service that monitors your AWS account and workloads for malicious or unauthorized activity.