Exam: AWS Certified Cloud Practitioner

Review questions, reveal answers, and move through the exam one card at a time.

Total Questions: 690

Questions per page

Page 1 of 1

To install a PCI-compliant workload on AWS, which of the following tasks is required?

A. Use any AWS service and implement PCI controls at the application layer
B. Use an AWS service that is in-scope for PCI compliance and raise an AWS support ticket
to enable PCI compliance at the application layer
C. Use any AWS service and raise an AWS support ticket to enable PCI compliance on that
service
D. Use an AWS service that is in scope for PCI compliance and apply PCI controls at the
application layer

Answer: D
✅ Explanation

To install a PCI-compliant workload on AWS, you must:
-Use only AWS services that are "in scope" for PCI DSS compliance.
-AWS publishes a list of PCI-compliant services that are regularly assessed under PCI DSS.
-Services not in scope must not be used for storing, processing, or transmitting cardholder data (CHD).
-Apply the required PCI DSS controls at the application level.
-AWS is responsible for the security of the cloud (physical infrastructure, core services).
-You are responsible for the security in the cloud, such as encryption, access control, logging, and secure coding practices.
-This is part of the shared responsibility model.

Which security-related duty is AWS accountable for under the AWS shared responsibility
model?
A. Lifecycle management of IAM credentials
B. Physical security of global infrastructure
C. Encryption of Amazon EBS volumes
D. Firewall configuration

Answer: B
✅ Explanation
-Under the AWS Shared Responsibility Model, responsibilities are divided between:
AWS: Responsible for security of the cloud
Customer: Responsible for security in the cloud
✅ B. Physical security of global infrastructure – Correct
-AWS is responsible for securing the physical infrastructure (data centers, networking, hardware, etc.).
-This includes physical access controls, surveillance, and facilities management.

Which cloud architecture design concept is supported by distributing workloads across various
Availability Zones?
A. Implement automation.
B. Design for agility.
C. Design for failure.
D. Implement elasticity.

Answer: C
✅ Explanation
-Distributing workloads across multiple Availability Zones (AZs) ensures your application can continue to operate even if one AZ fails. This supports the cloud design principle of designing for failure by building fault tolerance and high availability into your architecture.
-Why not the others?
A. Implement automation:
Automation is about using tools and scripts to manage infrastructure, not specifically about distributing workloads.
B. Design for agility:
Agility refers to rapid development and deployment, not specifically fault tolerance.
D. Implement elasticity:
Elasticity is about dynamically scaling resources up or down based on demand, not about distributing workloads for fault tolerance.
✅ Final answer: C. Design for failure

What is one technique to provide unified billing if each department within a firm has its own AWS
account?
A. Use AWS Budgets on each account to pay only to budget.
B. Contact AWS Support for a monthly bill.
C. Create an AWS Organization from the payer account and invite the other accounts to join.
D. Put all invoices into one Amazon Simple Storage Service (Amazon S3) bucket, load data
into Amazon Redshift, and then run a billing report.

Answer: C
✅ Explanation
-To unify billing across multiple AWS accounts (e.g., each department has its own account), the best approach is to use AWS Organizations with consolidated billing:
-Create an AWS Organization.
-Designate one account as the payer (management) account.
-Invite other accounts (departments) to join as member accounts.
-You receive a single combined bill for all linked accounts.
-This also simplifies cost tracking and budgeting per account.
-Why the other options are incorrect:
A. AWS Budgets only help track or limit spend, but do not unify billing across accounts.
B. Contact AWS Support for a monthly bill is unnecessary; consolidated billing is a standard feature.
D. Putting invoices in S3 and analyzing with Redshift is a complex reporting solution but does not unify billing.
✅ Final answer:
C. Create an AWS Organization from the payer account and invite the other accounts to join.

Who is responsible for configuration management under the AWS shared responsibility model?
A. It is solely the responsibility of the customer.
B. It is solely the responsibility of AWS.
C. It is shared between AWS and the customer.
D. It is not part of the AWS shared responsibility model.

Answer: A
✅ Explanation
-In the AWS Shared Responsibility Model, configuration management is considered a customer responsibility. This includes:
-Operating system configurations
-Application and middleware settings
-Security group rules and network ACLs
-Patching and updates
-IAM policies and permissions
-AWS provides the infrastructure and foundational services, but you must configure them securely and appropriately to meet your requirements.
🔐 AWS is responsible for:
Physical infrastructure
-Global network and data centers
-Hardware and virtualization layers

Who is the main point of contact for billing or account questions if a user has an AWS account
with an Enterprise-level AWS Support plan?
A. Solutions architect
B. AWS Concierge Support team
C. An AWS Marketplace seller
D. AWS Partner Network (APN) partner

Answer: B
✅ Explanation

-If a user has an Enterprise-level AWS Support plan, the AWS Concierge Support team is the main point of contact for billing and account-related questions.

👥 AWS Concierge Support team:
A feature exclusive to Enterprise Support customers.

-Specializes in billing, account management, and administrative support.

-Acts as a personalized support team to help navigate AWS billing and account-related issues.

❌ Why the other options are incorrect:
A. Solutions architect – Assists with architecture and technical guidance, not billing.

C. AWS Marketplace seller – Only handles support for products sold via Marketplace, not general account billing.

D. AWS Partner Network (APN) partner – Provides third-party services, but does not manage your AWS account billing directly.

✅ Final Answer: B. AWS Concierge Support team

Which compute hosting model should be accounted for in the Total Cost of Ownership (TCO)
when undertaking a cost analysis that allows physical isolation of a customer workload?
A. Dedicated Hosts
B. Reserved Instances
C. On-Demand Instances
D. No Upfront Reserved Instances

Answer: A
✅ Explanation
-When performing a Total Cost of Ownership (TCO) analysis and requiring physical isolation of a customer workload (i.e., no other customers share the same underlying physical server), the appropriate compute hosting model to consider is:
✅ A. Dedicated Hosts
Provide physical servers fully dedicated to your use.
-Allow workload isolation for compliance, licensing, or regulatory needs.
-Are ideal when you need to use your own software licenses or meet strict security/compliance requirements.

Which of the following is a suggestion made by an AWS Trusted Advisor? (Select two.)
A. Cost optimization
B. Auditing
C. Serverless architecture
D. Performance
E. Scalability

Answer: AD
✅ Explanation
-AWS Trusted Advisor is a tool that provides real-time guidance to help you follow AWS best practices. It covers five core categories, and among them are:
✅ Cost Optimization –
Identifies idle or underutilized resources to help reduce costs.
✅ Performance –
Recommends ways to improve the performance of your AWS environment, such as using appropriate instance types.

Who is accountable for security and compliance under the AWS shared responsibility model?
A. The customer is responsible.
B. AWS is responsible.
C. AWS and the customer share responsibility.
D. AWS shares responsibility with the relevant governing body.

Answer: C
✅ Explanation
-Under the AWS Shared Responsibility Model, security and compliance are shared responsibilities between AWS and the customer.
🔐 AWS is responsible for:
Security of the cloud – the infrastructure that runs AWS services:
-Physical security of data centers
-Hardware, networking, and facilities
-Global infrastructure
🔐 The Customer is responsible for:
Security in the cloud – what the customer puts in the cloud:
-Data encryption
-IAM policies and user access
-Network configurations (e.g., security groups, NACLs)
-Application-level security
-Operating system and application patching

Which of the following is a critical design concept for architecting cloud applications?
A. Use the largest instance possible
B. Provision capacity for peak load
C. Use the Scrum development process
D. Implement elasticity

Answer: D
✅ Explanation
-Elasticity is a critical design concept for cloud applications. It refers to the ability to automatically scale resources up or down based on demand. This approach helps:
-Optimize costs
-Maintain performance during peak loads
-Prevent overprovisioning during low traffic periods

Back Next Question