Practice Free CLF-C02 Exam Online Questions
Question #101
Which of the following are general AWS Cloud design principles described in the AWS Well-Architected Framework?
- A . Consolidate key components into monolithic architectures.
- B . Test systems at production scale.
- C . Provision more capacity than a workload is expected to need.
- D . Drive architecture design based on data collected about the workload behavior and requirements.
- E . Make AWS Cloud architectural decisions static, one-time events.
Correct Answer: B, D
B, D
Explanation:
These are two of the general AWS Cloud design principles described in the AWS Well-Architected Framework. Testing systems at production scale means using tools such as AWS CloudFormation, AWS CodeDeploy, and AWS X-Ray to simulate real-world scenarios and measure the performance, scalability, and availability of the system. Driving architecture design based on data means using tools such as Amazon CloudWatch, AWS CloudTrail, and AWS Config to collect and analyze metrics, logs, and events about the system and use the insights to optimize the system’s design and operation. You can learn more about the AWS Well-Architected Framework from this whitepaper or [this digital course].
B, D
Explanation:
These are two of the general AWS Cloud design principles described in the AWS Well-Architected Framework. Testing systems at production scale means using tools such as AWS CloudFormation, AWS CodeDeploy, and AWS X-Ray to simulate real-world scenarios and measure the performance, scalability, and availability of the system. Driving architecture design based on data means using tools such as Amazon CloudWatch, AWS CloudTrail, and AWS Config to collect and analyze metrics, logs, and events about the system and use the insights to optimize the system’s design and operation. You can learn more about the AWS Well-Architected Framework from this whitepaper or [this digital course].
Question #102
Which AWS services and features are provided to all customers at no charge? (Select TWO.)
- A . Amazon Aurora
- B . VPC
- C . Amazon SageMaker
- D . AWS Identity and Access Management (IAM)
- E . Amazon Polly
Correct Answer: B, D
B, D
Explanation:
The AWS services and features that are provided to all customers at no charge are VPC and AWS Identity and Access Management (IAM). VPC is a service that allows you to launch AWS resources in a logically isolated virtual network that you define. You can create and use a VPC at no additional charge, and you only pay for the resources that you launch in the VPC, such as EC2 instances or EBS volumes. IAM is a service that allows you to manage access and permissions to AWS resources. You can create and use IAM users, groups, roles, and policies at no additional charge, and you only pay for the AWS resources that the IAM entities access. Amazon Aurora, Amazon SageMaker, and Amazon Polly are not free services, and they charge based on the usage and features that you choose5
B, D
Explanation:
The AWS services and features that are provided to all customers at no charge are VPC and AWS Identity and Access Management (IAM). VPC is a service that allows you to launch AWS resources in a logically isolated virtual network that you define. You can create and use a VPC at no additional charge, and you only pay for the resources that you launch in the VPC, such as EC2 instances or EBS volumes. IAM is a service that allows you to manage access and permissions to AWS resources. You can create and use IAM users, groups, roles, and policies at no additional charge, and you only pay for the AWS resources that the IAM entities access. Amazon Aurora, Amazon SageMaker, and Amazon Polly are not free services, and they charge based on the usage and features that you choose5
Question #103
A user is moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud.
Which type of migration is this?
- A . On-premises to cloud native
- B . Hybrid to cloud native
- C . On-premises to hybrid
- D . Cloud native to hybrid
Correct Answer: C
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
Question #104
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
- A . Elimination of expenses for running and maintaining data centers
- B . Price discounts that are identical to discounts from hardware providers
- C . Distribution of all operational controls to AWS
- D . Elimination of operational expenses
Correct Answer: A
A
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is: elimination of expenses for running and maintaining data centers. By moving on-premises workloads to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating physical servers, storage, network equipment, and facilities. These costs include hardware purchase, maintenance, repair, power, cooling, security, and staff. Users can also benefit from the pay-as-you-go pricing model of AWS, which allows them to pay only for the resources they use, and scale up or down as needed.
A
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is: elimination of expenses for running and maintaining data centers. By moving on-premises workloads to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating physical servers, storage, network equipment, and facilities. These costs include hardware purchase, maintenance, repair, power, cooling, security, and staff. Users can also benefit from the pay-as-you-go pricing model of AWS, which allows them to pay only for the resources they use, and scale up or down as needed.
Question #105
A social media company wants to protect its web application from common web exploits such as SQL injections and cross-site scripting.
Which AWS service will meet these requirements?
- A . Amazon Inspector
- B . AWS WAF
- C . Amazon GuardDuty
- D . Amazon CloudWatch
Correct Answer: B
B
Explanation:
AWS WAF is a web application firewall service that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define1. AWS WAF also integrates with other AWS services, such as Amazon CloudFront, Amazon API Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense against web attacks2. Therefore, AWS WAF meets the requirements of the social media company, compared to the other options.
The other options are not suitable for the social media company’s requirements, because:
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. However, Amazon Inspector does not provide a web application firewall service that can block malicious web requests3.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. However, Amazon GuardDuty does not provide a web application firewall service that can block malicious web requests4.
Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Amazon CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, and visualizes it using automated dashboards, alarms, and notifications. However, Amazon CloudWatch does not provide a web application firewall service that can block malicious web requests.
Reference: What Is AWS WAF? – AWS WAF, AWS Firewall Manager, and AWS Shield Advanced AWS WAF Features – AWS WAF, AWS Firewall Manager, and AWS Shield Advanced What Is Amazon Inspector? – Amazon Inspector What Is Amazon GuardDuty? – Amazon GuardDuty
[What Is Amazon CloudWatch? – Amazon CloudWatch]
B
Explanation:
AWS WAF is a web application firewall service that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define1. AWS WAF also integrates with other AWS services, such as Amazon CloudFront, Amazon API Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense against web attacks2. Therefore, AWS WAF meets the requirements of the social media company, compared to the other options.
The other options are not suitable for the social media company’s requirements, because:
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. However, Amazon Inspector does not provide a web application firewall service that can block malicious web requests3.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs. However, Amazon GuardDuty does not provide a web application firewall service that can block malicious web requests4.
Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Amazon CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, and visualizes it using automated dashboards, alarms, and notifications. However, Amazon CloudWatch does not provide a web application firewall service that can block malicious web requests.
Reference: What Is AWS WAF? – AWS WAF, AWS Firewall Manager, and AWS Shield Advanced AWS WAF Features – AWS WAF, AWS Firewall Manager, and AWS Shield Advanced What Is Amazon Inspector? – Amazon Inspector What Is Amazon GuardDuty? – Amazon GuardDuty
[What Is Amazon CloudWatch? – Amazon CloudWatch]
Question #106
Who is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS?
- A . Customer
- B . AWS
- C . Account creator
- D . Auditing team
Correct Answer: B
B
Explanation:
AWS is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS. AWS follows strict and audited data destruction processes to ensure that customer data is not exposed to unauthorized individuals or devices when an AWS storage device reaches the end of its useful life. AWS uses techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual”) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process3.
B
Explanation:
AWS is responsible for decommissioning end-of-life underlying storage devices that are used to host data on AWS. AWS follows strict and audited data destruction processes to ensure that customer data is not exposed to unauthorized individuals or devices when an AWS storage device reaches the end of its useful life. AWS uses techniques detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual”) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process3.
Question #107
Which AWS network services or features allow Cl DR block notation when providing an IP address
range? (Select TWO.)
- A . Security groups
- B . Amazon Machine Image (AMI)
- C . Network access control list (network ACL)
- D . AWS Budgets
- E . Amazon Elastic Block Store (Amazon EBS)
Correct Answer: A, C
A, C
Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied
A, C
Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied
Question #108
Which AWS service is a continuous delivery and deployment solution?
- A . AWSAppSync
- B . AWS CodePipeline
- C . AWS Cloud9
- D . AWS CodeCommit
Correct Answer: B
B
Explanation:
AWS CodePipeline is a continuous delivery and deployment service that automates the release process of software applications across different stages, such as source code, build, test, and deploy2. AWSAppSync, AWS Cloud9, and AWS CodeCommit are other AWS services related to application development, but they do not provide continuous delivery and deployment solutions34.
B
Explanation:
AWS CodePipeline is a continuous delivery and deployment service that automates the release process of software applications across different stages, such as source code, build, test, and deploy2. AWSAppSync, AWS Cloud9, and AWS CodeCommit are other AWS services related to application development, but they do not provide continuous delivery and deployment solutions34.
Question #109
What are some advantages of using Amazon EC2 instances lo host applications in the AWS Cloud instead of on premises? (Select TWO.)
- A . EC2 includes operating system patch management
- B . EC2 integrates with Amazon VPC. AWS CloudTrail, and AWS Identity and Access Management (IAM)
- C . EC2 has a 100% service level agreement (SLA).
- D . EC2 has a flexible, pay-as-you-go pricing model.
- E . EC2 has automatic storage cost optimization.
Correct Answer: B, D
B, D
Explanation:
Some of the advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises are:
EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. AWS IAM enables you to manage access to AWS services and resources securely. Therefore, the correct answer is B. You can learn more about Amazon EC2 and its integration with other AWS services from this page.
EC2 has a flexible, pay-as-you-go pricing model. You only pay for the compute capacity you use, and you can scale up and down as needed. You can also choose from different pricing options, such as On-Demand, Savings Plans, Reserved Instances, and Spot Instances, to optimize your costs. Therefore, the correct answer is D. You can learn more about Amazon EC2 pricing from this page.
The other options are incorrect because:
EC2 does not include operating system patch management. You are responsible for managing and maintaining your own operating systems on EC2 instances. You can use AWS Systems Manager to automate common maintenance tasks, such as applying patches, or use Amazon EC2 Image Builder to create and maintain secure images. Therefore, the incorrect answer is A.
EC2 does not have a 100% service level agreement (SLA). The EC2 SLA guarantees 99.99% availability for each EC2 Region, not for each individual instance. Therefore, the incorrect answer is C.
EC2 does not have automatic storage cost optimization. You are responsible for choosing the right storage option for your EC2 instances, such as Amazon Elastic Block Store (EBS) or Amazon Elastic File System (EFS), and monitoring and optimizing your storage costs. You can use AWS Cost Explorer or AWS Trusted Advisor to analyze and reduce your storage spending. Therefore, the incorrect answer is E.
B, D
Explanation:
Some of the advantages of using Amazon EC2 instances to host applications in the AWS Cloud instead of on premises are:
EC2 integrates with Amazon VPC, AWS CloudTrail, and AWS Identity and Access Management (IAM). Amazon VPC lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. AWS CloudTrail enables governance, compliance, operational auditing, and risk auditing of your AWS account. AWS IAM enables you to manage access to AWS services and resources securely. Therefore, the correct answer is B. You can learn more about Amazon EC2 and its integration with other AWS services from this page.
EC2 has a flexible, pay-as-you-go pricing model. You only pay for the compute capacity you use, and you can scale up and down as needed. You can also choose from different pricing options, such as On-Demand, Savings Plans, Reserved Instances, and Spot Instances, to optimize your costs. Therefore, the correct answer is D. You can learn more about Amazon EC2 pricing from this page.
The other options are incorrect because:
EC2 does not include operating system patch management. You are responsible for managing and maintaining your own operating systems on EC2 instances. You can use AWS Systems Manager to automate common maintenance tasks, such as applying patches, or use Amazon EC2 Image Builder to create and maintain secure images. Therefore, the incorrect answer is A.
EC2 does not have a 100% service level agreement (SLA). The EC2 SLA guarantees 99.99% availability for each EC2 Region, not for each individual instance. Therefore, the incorrect answer is C.
EC2 does not have automatic storage cost optimization. You are responsible for choosing the right storage option for your EC2 instances, such as Amazon Elastic Block Store (EBS) or Amazon Elastic File System (EFS), and monitoring and optimizing your storage costs. You can use AWS Cost Explorer or AWS Trusted Advisor to analyze and reduce your storage spending. Therefore, the incorrect answer is E.
Question #110
Which benefit does AWS offer exclusively to users who have an AWS Enterprise Support plan?
- A . Access to a technical project manager
- B . Access to a technical account manager (TAM)
- C . Access to a cloud support engineer
- D . Access to a solutions architect
A company wants to automatically set up and govern a multi-account AWS environment.
Correct Answer: B
B
Explanation:
AWS Enterprise Support plan is the highest level of support that AWS offers to its customers. One of the exclusive benefits of this plan is the access to a technical account manager (TAM), who is a dedicated point of contact for guidance, advocacy, and support2. A technical project manager, a cloud support engineer, and a solutions architect are not exclusive benefits of the AWS Enterprise Support plan, as they are also available to customers with lower-tier support plans or through other AWS services or programs345.
B
Explanation:
AWS Enterprise Support plan is the highest level of support that AWS offers to its customers. One of the exclusive benefits of this plan is the access to a technical account manager (TAM), who is a dedicated point of contact for guidance, advocacy, and support2. A technical project manager, a cloud support engineer, and a solutions architect are not exclusive benefits of the AWS Enterprise Support plan, as they are also available to customers with lower-tier support plans or through other AWS services or programs345.