Practice Free CLF-C02 Exam Online Questions
Question #1
Which AWS feature provides a no-cost platform for AWS users to join community groups, ask questions, find answers, and read community-generated articles about best practices?
- A . AWS Knowledge Center
- B . AWS re:Post
- C . AWS 10
- D . AWS Enterprise Support
Correct Answer: B
B
Explanation:
AWS re:Post is a no-cost platform for AWS users to join community groups, ask questions, find answers, and read community-generated articles about best practices. AWS re:Post is a social media platform that connects AWS users with each other and with AWS experts. Users can create posts, comment on posts, follow topics, and join groups related to AWS services, solutions, and use cases. AWS re:Post also features live event feeds, community stories, and AWS Hero profiles. AWS re:Post is a great way to learn from the AWS community, share your knowledge, and get inspired.
Reference: AWS re:Post
Join the Conversation
B
Explanation:
AWS re:Post is a no-cost platform for AWS users to join community groups, ask questions, find answers, and read community-generated articles about best practices. AWS re:Post is a social media platform that connects AWS users with each other and with AWS experts. Users can create posts, comment on posts, follow topics, and join groups related to AWS services, solutions, and use cases. AWS re:Post also features live event feeds, community stories, and AWS Hero profiles. AWS re:Post is a great way to learn from the AWS community, share your knowledge, and get inspired.
Reference: AWS re:Post
Join the Conversation
Question #2
A company is reviewing its operating policies.
Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?
- A . Ensure that employees have access to all company data.
- B . Expand employees’ permissions as they gain more experience.
- C . Grant all privileges and access to all users.
- D . Apply security requirements at all layers of a process.
Correct Answer: D
D
Explanation:
Applying security requirements at all layers of a process is a policy that complies with guidance in the security pillar of the AWS Well-Architected Framework. The security pillar of the AWS Well-Architected Framework provides best practices for securing the user’s data and systems in the AWS Cloud. One of the design principles of the security pillar is to apply security at all layers, which means that the user should implement defense-in-depth strategies and avoid relying on a single security mechanism. For example, the user should use multiple security controls, such as encryption, firewalls, identity and access management, and logging and monitoring, to protect their data and resources at different layers.
D
Explanation:
Applying security requirements at all layers of a process is a policy that complies with guidance in the security pillar of the AWS Well-Architected Framework. The security pillar of the AWS Well-Architected Framework provides best practices for securing the user’s data and systems in the AWS Cloud. One of the design principles of the security pillar is to apply security at all layers, which means that the user should implement defense-in-depth strategies and avoid relying on a single security mechanism. For example, the user should use multiple security controls, such as encryption, firewalls, identity and access management, and logging and monitoring, to protect their data and resources at different layers.
Question #3
An ecommerce company wants to distribute traffic between the Amazon EC2 instances that host its website.
Which AWS service or resource will meet these requirements?
- A . Application Load Balancer
- B . AWS WAF
- C . AWS CloudHSM
- D . AWS Direct Connect
Correct Answer: A
A
Explanation:
This is the AWS service or resource that will meet the requirements of distributing traffic between the Amazon EC2 instances that host the website. Application Load Balancer is a type of Elastic Load Balancing that distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. Application Load Balancer operates at the application layer (layer 7) of the OSI model and supports advanced features such as path-based routing, host-based routing, health checks, and SSL termination. You can learn more about Application Load Balancer from [this webpage] or [this digital course].
A
Explanation:
This is the AWS service or resource that will meet the requirements of distributing traffic between the Amazon EC2 instances that host the website. Application Load Balancer is a type of Elastic Load Balancing that distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. Application Load Balancer operates at the application layer (layer 7) of the OSI model and supports advanced features such as path-based routing, host-based routing, health checks, and SSL termination. You can learn more about Application Load Balancer from [this webpage] or [this digital course].
Question #4
A company has teams that have different job roles and responsibilities. The company’s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.
Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?
- A . IAM user groups
- B . IAM roles
- C . IAM instance profiles
- D . IAM policies for individual users
Correct Answer: B
B
Explanation:
IAM roles are a way of granting temporary permissions to entities that need to access AWS resources, such as users, applications, or services. IAM roles allow customers to assign permissions to entities without having to create or manage IAM users or credentials for them. IAM roles can be assumed by different entities depending on the trust policy attached to the role. For example, IAM roles can be assumed by IAM users in the same or different AWS accounts, AWS services such as EC2 or Lambda, or external identities such as federated users or web identities. IAM roles can also be switched by IAM users to temporarily change their permissions. IAM roles are recommended for managing permissions for employees who often change teams, because they allow customers to define permissions based on job roles and responsibilities, and easily assign or revoke them as needed. IAM roles also reduce the operational overhead of creating, updating, or deleting IAM users or credentials for each employee or team change.
B
Explanation:
IAM roles are a way of granting temporary permissions to entities that need to access AWS resources, such as users, applications, or services. IAM roles allow customers to assign permissions to entities without having to create or manage IAM users or credentials for them. IAM roles can be assumed by different entities depending on the trust policy attached to the role. For example, IAM roles can be assumed by IAM users in the same or different AWS accounts, AWS services such as EC2 or Lambda, or external identities such as federated users or web identities. IAM roles can also be switched by IAM users to temporarily change their permissions. IAM roles are recommended for managing permissions for employees who often change teams, because they allow customers to define permissions based on job roles and responsibilities, and easily assign or revoke them as needed. IAM roles also reduce the operational overhead of creating, updating, or deleting IAM users or credentials for each employee or team change.
Question #5
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
- A . Performance and capacity management
- B . Data engineering
- C . Continuous integration and continuous delivery (CI/CD)
- D . Infrastructure protection
Change and release management
Correct Answer: BC
BC
Explanation:
These are two of the seven capabilities that are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF). The platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions1.
The other five capabilities are:
Platform architecture C Establish and maintain guidelines, principles, patterns, and guardrails for your cloud environment.
Platform engineering C Build a compliant multi-account cloud environment with enhanced security features, and packaged, reusable cloud products.
Platform operations C Manage and optimize your cloud environment with automation, monitoring, and incident response.
Application development C Develop and deploy cloud-native applications using modern architectures and best practices.
Application migration C Migrate your existing applications to the cloud using proven methodologies and tools.
Performance and capacity management, infrastructure protection, and change and release management are not capabilities of the platform perspective. They are part of the operations perspective, which helps you achieve operational excellence in the cloud2. The operations perspective comprises six capabilities:
Performance and capacity management C Monitor and optimize the performance and capacity of your cloud workloads.
Infrastructure protection C Protect your cloud infrastructure from unauthorized access, malicious attacks, and data breaches.
Change and release management C Manage changes and releases to your cloud workloads using automation and governance.
Configuration management C Manage the configuration of your cloud resources and applications using automation and version control.
Incident management C Respond to incidents affecting your cloud workloads using best practices and tools.
Service continuity management C Ensure the availability and resilience of your cloud workloads using backup, recovery, and disaster recovery strategies.
BC
Explanation:
These are two of the seven capabilities that are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF). The platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions1.
The other five capabilities are:
Platform architecture C Establish and maintain guidelines, principles, patterns, and guardrails for your cloud environment.
Platform engineering C Build a compliant multi-account cloud environment with enhanced security features, and packaged, reusable cloud products.
Platform operations C Manage and optimize your cloud environment with automation, monitoring, and incident response.
Application development C Develop and deploy cloud-native applications using modern architectures and best practices.
Application migration C Migrate your existing applications to the cloud using proven methodologies and tools.
Performance and capacity management, infrastructure protection, and change and release management are not capabilities of the platform perspective. They are part of the operations perspective, which helps you achieve operational excellence in the cloud2. The operations perspective comprises six capabilities:
Performance and capacity management C Monitor and optimize the performance and capacity of your cloud workloads.
Infrastructure protection C Protect your cloud infrastructure from unauthorized access, malicious attacks, and data breaches.
Change and release management C Manage changes and releases to your cloud workloads using automation and governance.
Configuration management C Manage the configuration of your cloud resources and applications using automation and version control.
Incident management C Respond to incidents affecting your cloud workloads using best practices and tools.
Service continuity management C Ensure the availability and resilience of your cloud workloads using backup, recovery, and disaster recovery strategies.
Question #6
A company is expecting a short-term spike in internet traffic for its application. During the traffic increase, the application cannot be interrupted. The company also needs to minimize cost and maximize flexibility.
A company needs to use a serverless interactive query service to analyze data in Amazon S3. The query service must support standard SQL.
Which AWS service will meet these requirements?
- A . Amazon Redshift
- B . AWS Glue
- C . Amazon Athena
- D . Amazon Kinesis Data Streams
Correct Answer: C
C
Explanation:
Amazon Athena is a serverless interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is ideal for quick, ad-hoc querying but it can also handle complex analysis, including large joins, window functions, and arrays. Athena scales automatically―executing queries in parallel―so results are fast, even with large datasets and complex queries. Amazon Redshift is a fully managed, petabyte-scale data warehouse service that can run complex analytic queries against structured and semi-structured data using standard SQL. However, it is not a serverless service and requires provisioning and managing clusters of nodes. AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load your data for analytics. However, it is not a query service and does not support standard SQL. Amazon Kinesis Data Streams is a service that enables you to build custom applications that process or analyze streaming data for specialized needs. However, it is not a query service and does not support standard SQL.
C
Explanation:
Amazon Athena is a serverless interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is ideal for quick, ad-hoc querying but it can also handle complex analysis, including large joins, window functions, and arrays. Athena scales automatically―executing queries in parallel―so results are fast, even with large datasets and complex queries. Amazon Redshift is a fully managed, petabyte-scale data warehouse service that can run complex analytic queries against structured and semi-structured data using standard SQL. However, it is not a serverless service and requires provisioning and managing clusters of nodes. AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load your data for analytics. However, it is not a query service and does not support standard SQL. Amazon Kinesis Data Streams is a service that enables you to build custom applications that process or analyze streaming data for specialized needs. However, it is not a query service and does not support standard SQL.
Question #7
A company has an application that uses AWS services. During scaling events, the company wants to keep application usage within AWS service quotas.
Which AWS services or tools can report on the quotas so that the company can improve the reliability of the application? (Select TWO.)
- A . Service Quotas console
- B . AWS Trusted Advisor
- C . AWS Systems Manager
- D . AWS Shield
- E . AWS Cost Explorer
Correct Answer: A, B
A, B
Explanation:
The correct answers are A and B because Service Quotas console and AWS Trusted Advisor are AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. Service Quotas console is an AWS tool that enables users to view and manage their quotas for AWS services from a central location. Users can use Service Quotas console to request quota increases, track quota usage, and set up alarms for approaching quota limits. AWS Trusted Advisor is an AWS service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. One of the categories of checks that AWS Trusted Advisor performs is service limits, which monitors the usage of each AWS service and alerts users when they are close to reaching the default limit. The other options are incorrect because they are not AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. AWS Systems Manager is an AWS service that enables users to automate operational tasks, manage configuration and compliance, and monitor system health and performance. AWS Shield is an AWS service that protects users from distributed denial of service (DDoS) attacks. AWS Cost Explorer is an AWS tool that enables users to visualize, understand, and manage their AWS costs and usage.
Reference: Service Quotas, AWS Trusted Advisor FAQs
A, B
Explanation:
The correct answers are A and B because Service Quotas console and AWS Trusted Advisor are AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. Service Quotas console is an AWS tool that enables users to view and manage their quotas for AWS services from a central location. Users can use Service Quotas console to request quota increases, track quota usage, and set up alarms for approaching quota limits. AWS Trusted Advisor is an AWS service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. One of the categories of checks that AWS Trusted Advisor performs is service limits, which monitors the usage of each AWS service and alerts users when they are close to reaching the default limit. The other options are incorrect because they are not AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. AWS Systems Manager is an AWS service that enables users to automate operational tasks, manage configuration and compliance, and monitor system health and performance. AWS Shield is an AWS service that protects users from distributed denial of service (DDoS) attacks. AWS Cost Explorer is an AWS tool that enables users to visualize, understand, and manage their AWS costs and usage.
Reference: Service Quotas, AWS Trusted Advisor FAQs
Question #8
Which AWS service or feature can be used to control inbound and outbound traffic on an Amazon EC2 instance?
- A . Internet gateways
- B . AWS Identity and Access Management (IAM)
- C . Network ACLs
- D . Security groups
Correct Answer: D
D
Explanation:
D is correct because security groups are the AWS service or feature that can be used to control inbound and outbound traffic on an Amazon EC2 instance. Security groups act as a virtual firewall for the EC2 instance, allowing users to specify which protocols, ports, and source or destination IP addresses are allowed or denied. A is incorrect because internet gateways are the AWS service or feature that enable communication between instances in a VPC and the internet. They do not control the traffic on an EC2 instance. B is incorrect because AWS Identity and Access Management (IAM) is the AWS service or feature that enables users to manage access to AWS services and resources securely. It does not control the traffic on an EC2 instance. C is incorrect because network ACLs are the AWS service or feature that provide an optional layer of security for the VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They do not control the traffic on an EC2 instance.
D
Explanation:
D is correct because security groups are the AWS service or feature that can be used to control inbound and outbound traffic on an Amazon EC2 instance. Security groups act as a virtual firewall for the EC2 instance, allowing users to specify which protocols, ports, and source or destination IP addresses are allowed or denied. A is incorrect because internet gateways are the AWS service or feature that enable communication between instances in a VPC and the internet. They do not control the traffic on an EC2 instance. B is incorrect because AWS Identity and Access Management (IAM) is the AWS service or feature that enables users to manage access to AWS services and resources securely. It does not control the traffic on an EC2 instance. C is incorrect because network ACLs are the AWS service or feature that provide an optional layer of security for the VPC that acts as a firewall for controlling traffic in and out of one or more subnets. They do not control the traffic on an EC2 instance.
Question #9
What are the characteristics of Availability Zones? (Select TWO.)
- A . All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking
- B . Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).
- C . All traffic between Availability Zones is encrypted.
- D . Availability Zones within an AWS Region share redundant power, networking, and connectivity.
- E . Every Availability Zone contains a single data center.
Correct Answer: A, D
A, D
Explanation:
Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. Each Availability Zone has independent power, cooling, and physical security, and is connected to other Availability Zones in the same Region by a low-latency network. Therefore, the correct answers are A and D. You can learn more about Availability Zones and their characteristics from this page.
A, D
Explanation:
Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. Each Availability Zone has independent power, cooling, and physical security, and is connected to other Availability Zones in the same Region by a low-latency network. Therefore, the correct answers are A and D. You can learn more about Availability Zones and their characteristics from this page.
Question #10
A company plans to migrate its on-premises workload to AWS. Before the migration, the company needs to estimate its future AWS service costs.
Which AWS service or tool should the company use to meet this requirement?
- A . AWS Trusted Advisor
- B . AWS Budgets
- C . AWS Pricing Calculator
- D . AWS Cost Explorer
Correct Answer: C
C
Explanation:
AWS Pricing Calculator is the AWS service or tool that the company should use to estimate its future AWS service costs before the migration. AWS Pricing Calculator is a web-based tool that allows the company to create cost estimates for various AWS services and scenarios. AWS Pricing Calculator helps the company to compare the costs of running the workload on premises versus on AWS, and to optimize the costs by choosing the best options for the workload. AWS Pricing Calculator also provides a detailed breakdown of the cost components and a downloadable report. For more information, see [AWS Pricing Calculator] and [Getting Started with AWS Pricing Calculator].
C
Explanation:
AWS Pricing Calculator is the AWS service or tool that the company should use to estimate its future AWS service costs before the migration. AWS Pricing Calculator is a web-based tool that allows the company to create cost estimates for various AWS services and scenarios. AWS Pricing Calculator helps the company to compare the costs of running the workload on premises versus on AWS, and to optimize the costs by choosing the best options for the workload. AWS Pricing Calculator also provides a detailed breakdown of the cost components and a downloadable report. For more information, see [AWS Pricing Calculator] and [Getting Started with AWS Pricing Calculator].