Practice Free CLF-C02 Exam Online Questions
Question #131
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:
- A . a loosely coupled architecture.
- B . a tightly coupled architecture.
- C . a stateless architecture.
- D . a stateful architecture.
Correct Answer: A
A
Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled architecture. A loosely coupled architecture is one where the components are independent and can communicate with each other through well-defined interfaces. This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are interdependent and rely on each other for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected Framework
A
Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled architecture. A loosely coupled architecture is one where the components are independent and can communicate with each other through well-defined interfaces. This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are interdependent and rely on each other for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected Framework
Question #132
Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?
- A . Amazon FSx for Lustre
- B . AWS Storage Gateway volume gateway
- C . AWS Storage Gateway file gateway
- D . Amazon Elastic File System (Amazon EFS)
Correct Answer: C
C
Explanation:
AWS Storage Gateway file gateway allows companies to use protocols such as NFS and SMB to store and retrieve objects in Amazon S3. File gateway provides a seamless integration between on-premises applications and Amazon S3, and enables low-latency access to data through local caching. File gateway also supports encryption, compression, and lifecycle management of the objects in Amazon S3. For more information, see What is AWS Storage Gateway? and File Gateway.
C
Explanation:
AWS Storage Gateway file gateway allows companies to use protocols such as NFS and SMB to store and retrieve objects in Amazon S3. File gateway provides a seamless integration between on-premises applications and Amazon S3, and enables low-latency access to data through local caching. File gateway also supports encryption, compression, and lifecycle management of the objects in Amazon S3. For more information, see What is AWS Storage Gateway? and File Gateway.
Question #133
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2 instances based on CPU utilization.
Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?
- A . Amazon Simple Queue Service (Amazon SQS)
- B . Amazon Simple Notification Service (Amazon SNS)
- C . AWS Systems Manager
- D . Amazon CloudWatch alarm
Correct Answer: D
D
Explanation:
Amazon CloudWatch alarm is an AWS service or feature that can initiate an Amazon EC2 Auto Scaling action based on CPU utilization. Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, events, and alarms for your AWS resources and applications. Amazon CloudWatch alarms are actions that you can configure to send notifications or automatically make changes to the resources you are monitoring based on rules that you define67. Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create dynamic scaling policies that track a specific CloudWatch metric, such as CPU utilization, and define what action to take when the associated CloudWatch alarm is in ALARM. When the policy is in effect, Amazon EC2 Auto Scaling adjusts the group’s desired capacity up or down when the threshold of an alarm is breached89.
Reference: 6: Cloud Monitoring – Amazon CloudWatch – AWS, 7: Amazon CloudWatch Documentation, 8: Dynamic scaling for Amazon EC2 Auto Scaling, 9: Amazon EC2 Auto Scaling Documentation
D
Explanation:
Amazon CloudWatch alarm is an AWS service or feature that can initiate an Amazon EC2 Auto Scaling action based on CPU utilization. Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, events, and alarms for your AWS resources and applications. Amazon CloudWatch alarms are actions that you can configure to send notifications or automatically make changes to the resources you are monitoring based on rules that you define67. Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create dynamic scaling policies that track a specific CloudWatch metric, such as CPU utilization, and define what action to take when the associated CloudWatch alarm is in ALARM. When the policy is in effect, Amazon EC2 Auto Scaling adjusts the group’s desired capacity up or down when the threshold of an alarm is breached89.
Reference: 6: Cloud Monitoring – Amazon CloudWatch – AWS, 7: Amazon CloudWatch Documentation, 8: Dynamic scaling for Amazon EC2 Auto Scaling, 9: Amazon EC2 Auto Scaling Documentation
Question #134
A company is designing an identity access management solution for an application. The company wants users to be able to use their social media, email, or online shopping accounts to access the application.
Which AWS service provides this functionality?
- A . AWS IAM Identity Center (AWS Single Sign-On)
- B . AWS Config
- C . Amazon Cognito
- D . AWS Identity and Access Management (IAM)
Correct Answer: C
C
Explanation:
The correct answer is C because Amazon Cognito provides identity federation and user authentication for web and mobile applications. Amazon Cognito allows users to sign in with their social media, email, or online shopping accounts. The other options are incorrect because they do not provide identity federation or user authentication. AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to access multiple AWS accounts and applications with a single sign-on experience. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of their AWS resources. AWS Identity and Access Management (IAM) is a service that enables users to manage access to AWS resources using users, groups, roles, and policies.
Reference: Amazon Cognito FAQs
C
Explanation:
The correct answer is C because Amazon Cognito provides identity federation and user authentication for web and mobile applications. Amazon Cognito allows users to sign in with their social media, email, or online shopping accounts. The other options are incorrect because they do not provide identity federation or user authentication. AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to access multiple AWS accounts and applications with a single sign-on experience. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of their AWS resources. AWS Identity and Access Management (IAM) is a service that enables users to manage access to AWS resources using users, groups, roles, and policies.
Reference: Amazon Cognito FAQs
Question #135
A company needs to store infrequently used data for data archives and long-term backups.
A company needs a history report about how its Amazon EC2 instances were modified last month.
Which AWS service can be used to meet this requirement?
- A . AWS Service Catalog
- B . AWS Config
- C . Amazon CloudWatch
- D . AWS Artifact
Correct Answer: B
B
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config can also track changes to your EC2 instances over time and provide a history report of the modifications. AWS Service Catalog, Amazon CloudWatch, and AWS Artifact are not the best services to meet this requirement. AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS. Amazon CloudWatch is a service that monitors your AWS resources and applications and provides metrics, alarms, dashboards, and logs. AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and online agreements
B
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config can also track changes to your EC2 instances over time and provide a history report of the modifications. AWS Service Catalog, Amazon CloudWatch, and AWS Artifact are not the best services to meet this requirement. AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for use on AWS. Amazon CloudWatch is a service that monitors your AWS resources and applications and provides metrics, alarms, dashboards, and logs. AWS Artifact is a service that provides on-demand access to AWS security and compliance reports and online agreements
Question #136
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
- A . Security groups
- B . AWS WAF
- C . Network ACLs
- D . AWS Shield
Correct Answer: B
B
Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.
B
Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.
Question #137
Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Select TWO.)
- A . EC2 Reserved Instances
- B . EC2 Amazon Machine Images (AMIs)
- C . Amazon Elastic Block Store (Amazon EBS) snapshots
- D . AWS Shield
- E . Amazon GuardDuty
Correct Answer: BC
BC
Explanation:
The correct answer is B and C. EC2 Amazon Machine Images (AMIs) and Amazon Elastic Block Store (Amazon EBS) snapshots are two AWS services that provide disaster recovery solutions for Amazon EC2 instances.
EC2 AMIs are preconfigured templates that contain the software configuration and data required to launch an EC2 instance. You can create AMIs from your running EC2 instances and use them to launch new instances in the same or different AWS Regions. This way, you can quickly recover your EC2 instances in case of a disaster that affects your primary Region or Availability Zone1.
Amazon EBS snapshots are incremental backups of your Amazon EBS volumes. You can create snapshots of your volumes and store them in Amazon S3, which is a highly durable and scalable storage service. You can use snapshots to restore your volumes to a previous point in time or to create new volumes from snapshots. Snapshots can also be copied across AWS Regions, enabling you to recover your data in another Region in case of a disaster2.
The other options are not directly related to disaster recovery for EC2 instances:
EC2 Reserved Instances are a pricing model that allows you to reserve EC2 capacity for a specific period of time and receive a discount on the hourly charge. Reserved Instances do not provide any
disaster recovery benefits, as they are only a billing option3.
AWS Shield is a managed service that protects your AWS resources from distributed denial-of-service (DDoS) attacks. AWS Shield provides basic protection for all AWS customers at no additional charge, and advanced protection for customers who need higher levels of detection and mitigation. AWS Shield does not provide any disaster recovery benefits, as it is only a security service4.
Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity. Amazon GuardDuty analyzes various data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs, to identify potential threats and alert you via Amazon CloudWatch Events or AWS Lambda. Amazon GuardDuty does not provide any disaster recovery benefits, as it is only a monitoring service5.
BC
Explanation:
The correct answer is B and C. EC2 Amazon Machine Images (AMIs) and Amazon Elastic Block Store (Amazon EBS) snapshots are two AWS services that provide disaster recovery solutions for Amazon EC2 instances.
EC2 AMIs are preconfigured templates that contain the software configuration and data required to launch an EC2 instance. You can create AMIs from your running EC2 instances and use them to launch new instances in the same or different AWS Regions. This way, you can quickly recover your EC2 instances in case of a disaster that affects your primary Region or Availability Zone1.
Amazon EBS snapshots are incremental backups of your Amazon EBS volumes. You can create snapshots of your volumes and store them in Amazon S3, which is a highly durable and scalable storage service. You can use snapshots to restore your volumes to a previous point in time or to create new volumes from snapshots. Snapshots can also be copied across AWS Regions, enabling you to recover your data in another Region in case of a disaster2.
The other options are not directly related to disaster recovery for EC2 instances:
EC2 Reserved Instances are a pricing model that allows you to reserve EC2 capacity for a specific period of time and receive a discount on the hourly charge. Reserved Instances do not provide any
disaster recovery benefits, as they are only a billing option3.
AWS Shield is a managed service that protects your AWS resources from distributed denial-of-service (DDoS) attacks. AWS Shield provides basic protection for all AWS customers at no additional charge, and advanced protection for customers who need higher levels of detection and mitigation. AWS Shield does not provide any disaster recovery benefits, as it is only a security service4.
Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity. Amazon GuardDuty analyzes various data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs, to identify potential threats and alert you via Amazon CloudWatch Events or AWS Lambda. Amazon GuardDuty does not provide any disaster recovery benefits, as it is only a monitoring service5.
Question #138
A company recently migrated to the AWS Cloud. The company needs to determine whether its newly imported Amazon EC2 instances are the appropriate size and type.
Which AWS services can provide this information to the company? {Select TWO.)
- A . AWS Auto Scaling
- B . AWS Control Tower
- C . AWS Trusted Advisor
- D . AWS Compute Optimizer
- E . Amazon Forecast
Correct Answer: C, D
C, D
Explanation:
AWS Trusted Advisor and AWS Compute Optimizer are the AWS services that can provide information to the company about whether its newly imported Amazon EC2 instances are the appropriate size and type. AWS Trusted Advisor is an online tool that provides best practices recommendations in five categories: cost optimization, performance, security, fault tolerance, and service limits. AWS Trusted Advisor can help users identify underutilized or idle EC2 instances, and suggest ways to reduce costs and improve performance. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of EC2 instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized resources
C, D
Explanation:
AWS Trusted Advisor and AWS Compute Optimizer are the AWS services that can provide information to the company about whether its newly imported Amazon EC2 instances are the appropriate size and type. AWS Trusted Advisor is an online tool that provides best practices recommendations in five categories: cost optimization, performance, security, fault tolerance, and service limits. AWS Trusted Advisor can help users identify underutilized or idle EC2 instances, and suggest ways to reduce costs and improve performance. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of EC2 instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized resources
Question #139
Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?
- A . Physical security of DynamoDB
- B . Patching of DynamoDB
- C . Access to DynamoDB tables
- D . Encryption of data at rest in DynamoDB
Correct Answer: C
C
Explanation:
According to the AWS Shared Responsibility Model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS is responsible for protecting the infrastructure that runs AWS services, such as DynamoDB, while the customer is responsible for properly configuring the security of the provided service. For abstracted services, such as DynamoDB, the customer is primarily responsible for managing their data, classifying their assets, and using IAM tools to apply the appropriate permissions12. Therefore, the customer is responsible for controlling the access to DynamoDB tables, such as by creating IAM policies, roles, and users, and using encryption and authentication mechanisms3.
Reference: Shared Responsibility Model – Amazon Web Services (AWS)
Security and compliance in Amazon DynamoDB – Amazon DynamoDB
What is Shared Responsibility Model? – Check Point Software
C
Explanation:
According to the AWS Shared Responsibility Model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS is responsible for protecting the infrastructure that runs AWS services, such as DynamoDB, while the customer is responsible for properly configuring the security of the provided service. For abstracted services, such as DynamoDB, the customer is primarily responsible for managing their data, classifying their assets, and using IAM tools to apply the appropriate permissions12. Therefore, the customer is responsible for controlling the access to DynamoDB tables, such as by creating IAM policies, roles, and users, and using encryption and authentication mechanisms3.
Reference: Shared Responsibility Model – Amazon Web Services (AWS)
Security and compliance in Amazon DynamoDB – Amazon DynamoDB
What is Shared Responsibility Model? – Check Point Software
Question #140
Which actions are best practices for an AWS account root user? (Select TWO.)
- A . Share root user credentials with team members.
- B . Create multiple root users for the account, separated by environment.
- C . Enable multi-factor authentication (MFA) on the root user.
- D . Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user.
- E . Use programmatic access instead of the root user and password.
Correct Answer: CD
CD
Explanation:
The AWS account root user is the identity that has complete access to all AWS services and resources in the account. It is accessed by signing in with the email address and password that were used to create the account1. The root user should be protected and used only for a few account and service management tasks that require it1. Therefore, the following actions are best practices for an AWS account root user:
Enable multi-factor authentication (MFA) on the root user. MFA is a security feature that requires users to provide two or more pieces of information to authenticate themselves, such as a password and a code from a device. MFA adds an extra layer of protection for the root user credentials, which can access sensitive information and perform critical operations in the account2.
Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user. IAM is a service that helps customers manage access to AWS resources for users and groups. Customers can create IAM users and assign them permissions to perform specific tasks on specific resources. Customers can also create IAM roles and policies to delegate access to other AWS services or external entities3. By creating an IAM user with administrator privileges, customers can avoid using the root user for everyday tasks and reduce the risk of accidental or malicious changes to the account1.
CD
Explanation:
The AWS account root user is the identity that has complete access to all AWS services and resources in the account. It is accessed by signing in with the email address and password that were used to create the account1. The root user should be protected and used only for a few account and service management tasks that require it1. Therefore, the following actions are best practices for an AWS account root user:
Enable multi-factor authentication (MFA) on the root user. MFA is a security feature that requires users to provide two or more pieces of information to authenticate themselves, such as a password and a code from a device. MFA adds an extra layer of protection for the root user credentials, which can access sensitive information and perform critical operations in the account2.
Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user. IAM is a service that helps customers manage access to AWS resources for users and groups. Customers can create IAM users and assign them permissions to perform specific tasks on specific resources. Customers can also create IAM roles and policies to delegate access to other AWS services or external entities3. By creating an IAM user with administrator privileges, customers can avoid using the root user for everyday tasks and reduce the risk of accidental or malicious changes to the account1.