Amazon AWS-Certified-Cloud-Practitioner證照資訊 & AWS-Certified-Cloud-Practitioner新版題庫上線Testpdf是一個優秀的IT認證考試資料網站,在Testpdf您可以找到關於Amazon AWS-Certified-Cloud-Practitioner認證考試的考試心得和考試材料。您也可以在Testpdf免費下載部分關於Amazon AWS-Certified-Cloud-Practitioner考試的考題和答案。Testpdf還將及時免費為您提供有關Amazon AWS-Certified-Cloud-Practitioner考試材料的更新。並且我們的銷售的考試考古題資料都提供答案。我們的IT專家團隊將不斷的利用行業經驗來研究出準確詳細的考試練習題來協助您通過考試。總之,我們將為您提供你所需要的一切關於Amazon AWS-Certified-Cloud-Practitioner認證考試的一切材料。 最新的 Amazon Foundational AWS-Certified-Cloud-Practitioner 免費考試真題 (Q305-Q310):問題 #305
whch amazon ec2 pricingmodel should be used to comply with per core software license requirements?
A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Hosts
答案:C
問題 #306
Which AWS service should a company use to provide its employees with access to the AWS Management Console?
A. Amazon Cognito
B. AWS Key Management Service (AWS KMS)
C. AWS Resource Access Manager
D. AWS Identity and Access Management (IAM)
答案:D
問題 #307
Which task can a company perform by using security groups in the AWS Cloud?
A. Protect data that is cached by Amazon CloudFront.
B. Apply a stateless firewall to an Amazon EC2 instance.
C. Allow access to an Amazon EC2 instance through only a specific port.
D. Deny access to malicious IP addresses at a subnet level.
答案:C
解題說明:
Security groups are virtual firewalls that control the inbound and outbound traffic for Amazon EC2 instances.
They can be used to allow access to an Amazon EC2 instance through only a specific port, such as port 22 for SSH or port 80 for HTTP. Security groups cannot deny access to malicious IP addresses at a subnet level, as they only allow or deny traffic based on the rules defined by the customer. To block malicious IP addresses, customers can use network ACLs, which are stateless firewalls that can be applied to subnets. Security groups cannot protect data that is cached by Amazon CloudFront, as they only apply to EC2 instances. To protect data that is cached by Amazon CloudFront, customers can use encryption, signed URLs, or signed cookies.
Security groups are not stateless firewalls, as they track the state of the traffic and automatically allow the response traffic to flow back to the source. Stateless firewalls do not track the state of the traffic and require rules for both inbound and outbound traffic.
問題 #308
Under the shared responsibility model, which of the following tasks are the responsibility of the customer? (Choose two.)
A. Replacing failed hard disk drives.
B. Maintaining the underlying Amazon EC2 hardware.
C. Managing the VPC network access control lists.
D. Deploying hardware in different Availability Zones.
The hardware related jobs is the prime responsibility of AWS. VPC network access control lists is something a customer has to do himself to secure the applications. Encrypting data in transit and at rest is a shared responsibility in which AWS plays a part. All hardware related jobs have nothing to do with the customer.
E. Encrypting data in transit and at rest.
答案:C,E
問題 #309
What can be used to automate and manage secure, well-architected, multi-account AWS environments?
A. AWS shared responsibility model
B. AWS Control Tower
C. AWS Well-Architected Tool
D. AWS Security Hub
答案:B
解題說明:
Control Tower automates the process of setting up a new baseline multi-account AWS environment that is secure, well-architected, and ready to use. Control Tower incorporates the knowledge that AWS Professional Service has gained over the course of thousands of successful customer engagements.
Reference: https://aws.amazon.com/blogs/aws ... -multi-account-aws- environment/