Practice Free CLF-C02 Exam Online Questions
Question #1
A company wants to store data with high availability, encrypt the data at rest, and have direct access to the data over the internet.
Which AWS service will meet these requirements MOST cost-effectively?
- A . Amazon Elastic Block Store (Amazon EBS)
- B . Amazon S3
- C . Amazon Elastic File System (Amazon EFS)
- D . AWS Storage Gateway
Correct Answer: C
C
Explanation:
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent Access storage class (EFS IA). EFS IA provides price/performance that is cost-optimized for files not accessed every day. Amazon EFS encrypts data at rest and in transit, and supports direct access over the internet4.
C
Explanation:
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent Access storage class (EFS IA). EFS IA provides price/performance that is cost-optimized for files not accessed every day. Amazon EFS encrypts data at rest and in transit, and supports direct access over the internet4.
Question #2
A company needs a managed NFS file system that the company can use with its AWS compute….
Which AWS service or feature will meet these requirements?
- A . Amazon Elastic Block Store (Amazon EBS)
- B . AWS Storage Gateway Tape Gateway
- C . Amazon S3 Glacier Flexible Retrieval
- D . Amazon Elastic Pile System (Amazon EFS)
Correct Answer: D
D
Explanation:
Amazon Elastic File System (Amazon EFS) is a fully managed, scalable, and serverless NFS (Network File System) file system specifically designed for use with AWS services and on-premises resources. It enables companies to create and configure file systems that can be accessed from multiple Amazon EC2instances simultaneously, making it ideal for use cases that require shared file storage for AWS compute services.
Why Amazon EFS Fits the Requirements:
Managed Service: Amazon EFS is a fully managed file storage service that simplifies the process of setting up and managing NFS file systems.
Scalability and Elasticity: EFS automatically scales to accommodate the storage needs of applications, without the need to provision or manage storage capacity.
NFS Compatibility: Amazon EFS natively supports the NFSv4 protocol, making it compatible with a wide range of applications and workloads that require NFS access.
Integration with AWS Compute Services: EFS integrates seamlessly with Amazon EC2 and other AWS services, providing a shared file storage solution across multiple instances and services within the AWS cloud environment.
Why Other Options Do Not Fit:
D
Explanation:
Amazon Elastic File System (Amazon EFS) is a fully managed, scalable, and serverless NFS (Network File System) file system specifically designed for use with AWS services and on-premises resources. It enables companies to create and configure file systems that can be accessed from multiple Amazon EC2instances simultaneously, making it ideal for use cases that require shared file storage for AWS compute services.
Why Amazon EFS Fits the Requirements:
Managed Service: Amazon EFS is a fully managed file storage service that simplifies the process of setting up and managing NFS file systems.
Scalability and Elasticity: EFS automatically scales to accommodate the storage needs of applications, without the need to provision or manage storage capacity.
NFS Compatibility: Amazon EFS natively supports the NFSv4 protocol, making it compatible with a wide range of applications and workloads that require NFS access.
Integration with AWS Compute Services: EFS integrates seamlessly with Amazon EC2 and other AWS services, providing a shared file storage solution across multiple instances and services within the AWS cloud environment.
Why Other Options Do Not Fit:
Question #3
In which situations should a company create an 1AM user instead of an 1AM role? (Select TWO.)
- A . When an application that runs on Amazon EC2 instances requires access to other AWS services
- B . When the company creates AWS access credentials for individuals
- C . When the company creates an application that runs on a mobile phone that makes requests to AWS
- D . When the company needs to add users to 1AM groups
- E . When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time
Correct Answer: B,D
B,D
Explanation:
AnIAM user is created when the company needs to provide unique credentials (username and password) to individuals who need access to the AWS Management Console or programmatic access (using access keys) to AWS services.
B. When the company creates AWS access credentials for individuals: Correct, as an IAM user is created to provide credentials for specific individuals.
D. When the company needs to add users to IAM groups: Correct, as IAM users can be added to groups to apply permissions and policies at a group level.
B,D
Explanation:
AnIAM user is created when the company needs to provide unique credentials (username and password) to individuals who need access to the AWS Management Console or programmatic access (using access keys) to AWS services.
B. When the company creates AWS access credentials for individuals: Correct, as an IAM user is created to provide credentials for specific individuals.
D. When the company needs to add users to IAM groups: Correct, as IAM users can be added to groups to apply permissions and policies at a group level.
Question #4
Which option is a customer responsibility under the AWS shared responsibility model?
- A . Maintenance of underlying hardware of Amazon EC2 instances
- B . Application data security
- C . Physical security of data centers
- D . Maintenance of VPC components
Correct Answer: B
B
Explanation:
The option that is a customer responsibility under the AWS shared responsibility model is B.
Application data security.
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS manages the security of the underlying infrastructure, such as the hardware, software, networking, and facilities that run the AWS services, while the customer manages the security of their applications, data, and resources that they use on top of AWS12.
Application data security is one of the customer responsibilities under the AWS shared responsibility model. This means that the customer is responsible for protecting their application data from unauthorized access, modification, deletion, or leakage. The customer can use various AWS services and features to help with application data security, such as encryption, key management, access control, logging, and auditing12.
Maintenance of underlying hardware of Amazon EC2 instances is not a customer responsibility under the AWS shared responsibility model. This is part of the AWS responsibility to secure the cloud. AWS manages the physical servers that host the Amazon EC2 instances and ensures that they are updated, patched, and replaced as needed13.
Physical security of data centers is not a customer responsibility under the AWS shared responsibility model. This is also part of the AWS responsibility to secure the cloud. AWS operates and controls the facilities where the AWS services are hosted and ensures that they are protected from unauthorized access, environmental hazards, fire, and theft14.
Maintenance of VPC components is not a customer responsibility under the AWS shared
responsibility model. This is a shared responsibility between AWS and the customer. AWS provides
the VPC service and ensures that it is secure and reliable, while the customer configures and
manages their own VPCs and related components, such as subnets, route tables, security groups,
network ACLs, gateways, and endpoints15.
Reference:
1: Shared Responsibility Model – Amazon Web Services (AWS)
2: AWS Cloud Computing – W3Schools
3: [Amazon EC2 FAQs – Amazon Web Services]
4: [AWS Security – Amazon Web Services]5: [Amazon Virtual Private Cloud (VPC) – Amazon Web Services]
B
Explanation:
The option that is a customer responsibility under the AWS shared responsibility model is B.
Application data security.
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS manages the security of the underlying infrastructure, such as the hardware, software, networking, and facilities that run the AWS services, while the customer manages the security of their applications, data, and resources that they use on top of AWS12.
Application data security is one of the customer responsibilities under the AWS shared responsibility model. This means that the customer is responsible for protecting their application data from unauthorized access, modification, deletion, or leakage. The customer can use various AWS services and features to help with application data security, such as encryption, key management, access control, logging, and auditing12.
Maintenance of underlying hardware of Amazon EC2 instances is not a customer responsibility under the AWS shared responsibility model. This is part of the AWS responsibility to secure the cloud. AWS manages the physical servers that host the Amazon EC2 instances and ensures that they are updated, patched, and replaced as needed13.
Physical security of data centers is not a customer responsibility under the AWS shared responsibility model. This is also part of the AWS responsibility to secure the cloud. AWS operates and controls the facilities where the AWS services are hosted and ensures that they are protected from unauthorized access, environmental hazards, fire, and theft14.
Maintenance of VPC components is not a customer responsibility under the AWS shared
responsibility model. This is a shared responsibility between AWS and the customer. AWS provides
the VPC service and ensures that it is secure and reliable, while the customer configures and
manages their own VPCs and related components, such as subnets, route tables, security groups,
network ACLs, gateways, and endpoints15.
Reference:
1: Shared Responsibility Model – Amazon Web Services (AWS)
2: AWS Cloud Computing – W3Schools
3: [Amazon EC2 FAQs – Amazon Web Services]
4: [AWS Security – Amazon Web Services]5: [Amazon Virtual Private Cloud (VPC) – Amazon Web Services]
Question #5
Which AWS service is always free of charge for users?
- A . Amazon S3
- B . Amazon Aurora
- C . Amazon EC2
- D . AWS Identity and Access Management (IAM)
Correct Answer: D
D
Explanation:
AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It enables users to create and manage users, groups, roles, and policies that control who can do what in AWS. IAM is always free of charge for users, as there is no additional cost for using IAM with any AWS service1. Amazon S3 is a storage service that provides scalable, durable, and secure object storage. Amazon S3 has a free tier that offers 5 GB of storage, 20,000 GET requests, and 2,000 PUT requests per month for one year. However, users are charged for any additional usage beyond the free tier limits2. Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL. Amazon Aurora has a free tier that offers 750 hours of Aurora Single-AZ db.t2.small database usage and 20 GB of storage per month for one year. However, users are charged for any additional usage beyond the free tier limits3. Amazon EC2 is a compute service that provides resizable virtual servers. Amazon EC2 has a free tier that offers 750 hours of Linux and Windows t2.micro instances per month for one year. However, users are charged for any additional usage beyond the free tier limits4.
D
Explanation:
AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It enables users to create and manage users, groups, roles, and policies that control who can do what in AWS. IAM is always free of charge for users, as there is no additional cost for using IAM with any AWS service1. Amazon S3 is a storage service that provides scalable, durable, and secure object storage. Amazon S3 has a free tier that offers 5 GB of storage, 20,000 GET requests, and 2,000 PUT requests per month for one year. However, users are charged for any additional usage beyond the free tier limits2. Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL. Amazon Aurora has a free tier that offers 750 hours of Aurora Single-AZ db.t2.small database usage and 20 GB of storage per month for one year. However, users are charged for any additional usage beyond the free tier limits3. Amazon EC2 is a compute service that provides resizable virtual servers. Amazon EC2 has a free tier that offers 750 hours of Linux and Windows t2.micro instances per month for one year. However, users are charged for any additional usage beyond the free tier limits4.
Question #6
A company needs to store data across multiple Availability Zones in an AWS Region. The data will not be accessed regularly but must be immediately retrievable.
Which Amazon Elastic File System (Amazon EFS) storage class meets these requirements MOST cost effectively?
- A . EFS Standard
- B . EFS Standard-Infrequent Access (EFS Standard-IA)
- C . EFS One Zone
- D . EFS One Zone-Infrequent Access (EFS One Zone-IA)
Correct Answer: B
B
Explanation:
EFS Standard-Infrequent Access (EFS Standard-IA) is the storage class that meets the requirements of storing data across multiple Availability Zones in an AWS Region, that will not be accessed regularly but must be immediately retrievable, most cost-effectively. EFS Standard-IA is designed for files that are accessed less frequently, but still require the same high performance, low latency, and high availability as EFS Standard. EFS Standard-IA has a lower storage cost than EFS Standard, but charges a small additional fee for each access. EFS One Zone and EFS One Zone-IA store data in a single Availability Zone, which reduces the availability and durability compared to EFS Standard and EFS Standard-IA.
B
Explanation:
EFS Standard-Infrequent Access (EFS Standard-IA) is the storage class that meets the requirements of storing data across multiple Availability Zones in an AWS Region, that will not be accessed regularly but must be immediately retrievable, most cost-effectively. EFS Standard-IA is designed for files that are accessed less frequently, but still require the same high performance, low latency, and high availability as EFS Standard. EFS Standard-IA has a lower storage cost than EFS Standard, but charges a small additional fee for each access. EFS One Zone and EFS One Zone-IA store data in a single Availability Zone, which reduces the availability and durability compared to EFS Standard and EFS Standard-IA.
Question #7
Which AWS service or feature can be used to control inbound and outbound traffic on an Amazon EC2 instance?
- A . Internet gateways
- B . AWS Identity and Access Management (IAM)
- C . Network ACLs
- D . Security groups
Correct Answer: D
D
Explanation:
D is correct because security groups are the AWS service or feature that can be used to control inbound and outbound traffic on an Amazon EC2 instance. Security groups act as a virtual firewall for the EC2 instance, allowing users to specify which protocols, ports, and source or destination IP addresses are allowed or denied.
A is incorrect because internet gateways are the AWS service or feature that enable communication between instances in a VPC and the internet. They do not control the traffic on an EC2 instance.
B is incorrect because AWS Identity and Access Management (IAM) is the AWS service or feature that enables users to manage access to AWS services and resources securely. It does not control the traffic on an EC2 instance.
C is incorrect because network ACLs are the AWS service or feature that provide an optional layer of security for the VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They do not control the traffic on an EC2 instance.
D
Explanation:
D is correct because security groups are the AWS service or feature that can be used to control inbound and outbound traffic on an Amazon EC2 instance. Security groups act as a virtual firewall for the EC2 instance, allowing users to specify which protocols, ports, and source or destination IP addresses are allowed or denied.
A is incorrect because internet gateways are the AWS service or feature that enable communication between instances in a VPC and the internet. They do not control the traffic on an EC2 instance.
B is incorrect because AWS Identity and Access Management (IAM) is the AWS service or feature that enables users to manage access to AWS services and resources securely. It does not control the traffic on an EC2 instance.
C is incorrect because network ACLs are the AWS service or feature that provide an optional layer of security for the VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They do not control the traffic on an EC2 instance.
Question #8
A company is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads.
Which AWS tool will meet these requirements?
- A . AWS Budgets
- B . AWS Cost Explorer
- C . AWS Pricing Calculator
- D . AWS Cost and Usage Report
Correct Answer: C
C
Explanation:
The AWS tool that will meet the requirements of the company that is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads is AWS Pricing Calculator. AWS Pricing Calculator is a tool that helps customers estimate the cost of using AWS services based on their requirements and preferences. The company can use AWS Pricing Calculator to compare the costs of different AWS services and configurations, such as Amazon EC2, Amazon S3, Amazon RDS, and more. AWS Pricing Calculator also provides detailed breakdowns of the cost components, such as compute, storage, network, and data transfer. AWS Pricing Calculator helps customers plan and optimize their cloud budget and migration strategy. AWS Budgets, AWS Cost Explorer, and AWS Cost and Usage Report are not the best tools to use for this purpose. AWS Budgets is a tool that helps customers monitor and manage their AWS spending and usage against predefined budget limits and thresholds. AWS Cost Explorer is a tool that helps customers analyze and visualize their AWS spending and usage trends over time. AWS Cost and Usage Report is a tool that helps customers access comprehensive and granular information about their AWS costs and usage in a CSV or Parquet file. These tools are more useful for tracking and optimizing the existing AWS costs and usage, rather than estimating the costs of different workloads34
C
Explanation:
The AWS tool that will meet the requirements of the company that is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads is AWS Pricing Calculator. AWS Pricing Calculator is a tool that helps customers estimate the cost of using AWS services based on their requirements and preferences. The company can use AWS Pricing Calculator to compare the costs of different AWS services and configurations, such as Amazon EC2, Amazon S3, Amazon RDS, and more. AWS Pricing Calculator also provides detailed breakdowns of the cost components, such as compute, storage, network, and data transfer. AWS Pricing Calculator helps customers plan and optimize their cloud budget and migration strategy. AWS Budgets, AWS Cost Explorer, and AWS Cost and Usage Report are not the best tools to use for this purpose. AWS Budgets is a tool that helps customers monitor and manage their AWS spending and usage against predefined budget limits and thresholds. AWS Cost Explorer is a tool that helps customers analyze and visualize their AWS spending and usage trends over time. AWS Cost and Usage Report is a tool that helps customers access comprehensive and granular information about their AWS costs and usage in a CSV or Parquet file. These tools are more useful for tracking and optimizing the existing AWS costs and usage, rather than estimating the costs of different workloads34
Question #9
Which AWS service gives users on-demand, sell-service access to AWS compliance control reports?
- A . AWS Config
- B . Amazon GuardDuty
- C . AWS Trusted Advisor
- D . AWS Artifact
Correct Answer: D
D
Explanation:
AWS Artifact provides on-demand access to AWS compliance reports and security documentation. It is a self-service portal where customers can download documents like SOC reports, ISO certifications, and other compliance-related materials necessary for meeting regulatory requirements. AWS Config and Trusted Advisor offer security assessments and compliance monitoring, but they do not provide direct access to compliance reports.
D
Explanation:
AWS Artifact provides on-demand access to AWS compliance reports and security documentation. It is a self-service portal where customers can download documents like SOC reports, ISO certifications, and other compliance-related materials necessary for meeting regulatory requirements. AWS Config and Trusted Advisor offer security assessments and compliance monitoring, but they do not provide direct access to compliance reports.
Question #10
A company must archive Amazon S3 data that the company’s business units no longer need to access.
Which S3 storage class will meet this requirement MOST cost-effectively?
- A . S3 Glacier Instant Retrieval
- B . S3 Glacier Flexible Retrieval
- C . S3 Glacier Deep Archive
- D . S3 One Zone-Infrequent Access (S3 One Zone-IA)
Correct Answer: C
C
Explanation:
S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. It is designed forcustomers ― particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors ― that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. Customers can store large amounts of data at a very low cost, and reliably access it with a wait time of 12 hours3.
C
Explanation:
S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. It is designed forcustomers ― particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors ― that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. Customers can store large amounts of data at a very low cost, and reliably access it with a wait time of 12 hours3.