Practice Free CLF-C02 Exam Online Questions
Question #51
Which perspective of the AWS Cloud Adoption Framework (AWS CAF) connects technology and business?
- A . Operations
- B . People
- C . Security
- D . Governance
Correct Answer: D
D
Explanation:
The perspective of the AWS Cloud Adoption Framework (AWS CAF) that connects technology and business is governance. The governance perspective focuses on the alignment of the IT strategy and processes with the business strategy and goals, as well as the management of the IT budget, risk, and compliance. The governance perspective capabilities are portfolio management, business performance management, and IT governance. The governance perspective helps organizations ensure that their cloud adoption delivers the expected business value and outcomes, and that their cloud solutions are secure, reliable, and compliant. Operations, people, and security are other perspectives of the AWS CAF, but they do not directly connect technology and business. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The people perspective focuses on the development and empowerment of the human resources, as well as the transformation of the organizational culture and structure. The security perspective focuses on the protection of the information assets and systems in the cloud, as well as the implementation of the security policies and controls.
D
Explanation:
The perspective of the AWS Cloud Adoption Framework (AWS CAF) that connects technology and business is governance. The governance perspective focuses on the alignment of the IT strategy and processes with the business strategy and goals, as well as the management of the IT budget, risk, and compliance. The governance perspective capabilities are portfolio management, business performance management, and IT governance. The governance perspective helps organizations ensure that their cloud adoption delivers the expected business value and outcomes, and that their cloud solutions are secure, reliable, and compliant. Operations, people, and security are other perspectives of the AWS CAF, but they do not directly connect technology and business. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The people perspective focuses on the development and empowerment of the human resources, as well as the transformation of the organizational culture and structure. The security perspective focuses on the protection of the information assets and systems in the cloud, as well as the implementation of the security policies and controls.
Question #52
Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?
- A . Amazon DynamoDB
- B . Amazon Aurora
- C . Amazon DocumentDB (with MongoDB compatibility)
- D . Amazon Neptune
Correct Answer: A
A
Explanation:
The correct answer is A because Amazon DynamoDB is a key-value database that provides sub-millisecond latency on a large scale. Amazon DynamoDB is a fully managed, serverless, and scalable NoSQL database service that supports both key-value and document data models. The other options are incorrect because they are not key-value databases. Amazon Aurora is a relational database that is compatible with MySQL and PostgreSQL. Amazon DocumentDB (with MongoDB compatibility) is a document database that is compatible with MongoDB. Amazon Neptune is a graph database that supports property graph and RDF models.
Reference: Amazon DynamoDB FAQs
A
Explanation:
The correct answer is A because Amazon DynamoDB is a key-value database that provides sub-millisecond latency on a large scale. Amazon DynamoDB is a fully managed, serverless, and scalable NoSQL database service that supports both key-value and document data models. The other options are incorrect because they are not key-value databases. Amazon Aurora is a relational database that is compatible with MySQL and PostgreSQL. Amazon DocumentDB (with MongoDB compatibility) is a document database that is compatible with MongoDB. Amazon Neptune is a graph database that supports property graph and RDF models.
Reference: Amazon DynamoDB FAQs
Question #53
Which AWS service should a cloud engineer use to view API calls to AWS services?
- A . Amazon CloudWatch
- B . AWS CloudTrail
- C . AWS Config
- D . AWS Artifact
Correct Answer: B
B
Explanation:
The correct answer is B because AWS CloudTrail is an AWS service that a cloud engineer can use to view API calls to AWS services. AWS CloudTrail is a service that enables customers to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Customers can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not AWS services that a cloud engineer can use to view API calls to AWS services. Amazon CloudWatch is an AWS service that enables customers to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Config is an AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Artifact is an AWS service that provides customers with on-demand access to AWS compliance reports and select online agreements.
Reference: AWS CloudTrail FAQs
B
Explanation:
The correct answer is B because AWS CloudTrail is an AWS service that a cloud engineer can use to view API calls to AWS services. AWS CloudTrail is a service that enables customers to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Customers can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not AWS services that a cloud engineer can use to view API calls to AWS services. Amazon CloudWatch is an AWS service that enables customers to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Config is an AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Artifact is an AWS service that provides customers with on-demand access to AWS compliance reports and select online agreements.
Reference: AWS CloudTrail FAQs
Question #54
A company must archive Amazon S3 data that the company’s business units no longer need to access.
Which S3 storage class will meet this requirement MOST cost-effectively?
- A . S3 Glacier Instant Retrieval
- B . S3 Glacier Flexible Retrieval
- C . S3 Glacier Deep Archive
- D . S3 One Zone-Infrequent Access (S3 One Zone-IA)
Correct Answer: C
C
Explanation:
S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. It is designed for customers ― particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors ― that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. Customers can store large amounts of data at a very low cost, and reliably access it with a wait time of 12 hours3.
C
Explanation:
S3 Glacier Deep Archive is Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. It is designed for customers ― particularly those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors ― that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. Customers can store large amounts of data at a very low cost, and reliably access it with a wait time of 12 hours3.
Question #55
A company wants to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud.
Which AWS service should the company use to reduce management overhead for this environment?
- A . Amazon Elastic Container Service (Amazon ECS)
- B . Amazon SageMaker
- C . Amazon RDS
- D . Amazon Athena
Correct Answer: C
C
Explanation:
Amazon Relational Database Service (Amazon RDS) is the AWS service that the company should use to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud. Amazon RDS is a fully managed service that provides a scalable, secure, and high-performance relational database platform. Amazon RDS supports several database engines, including Microsoft SQL Server. Amazon RDS reduces the management overhead for the database environment by taking care of tasks such as provisioning, patching, backup, recovery, and monitoring. For more information, see What is Amazon Relational Database Service (Amazon RDS)? and Amazon RDS for SQL Server.
C
Explanation:
Amazon Relational Database Service (Amazon RDS) is the AWS service that the company should use to migrate its Microsoft SQL Server database management system from on premises to the AWS Cloud. Amazon RDS is a fully managed service that provides a scalable, secure, and high-performance relational database platform. Amazon RDS supports several database engines, including Microsoft SQL Server. Amazon RDS reduces the management overhead for the database environment by taking care of tasks such as provisioning, patching, backup, recovery, and monitoring. For more information, see What is Amazon Relational Database Service (Amazon RDS)? and Amazon RDS for SQL Server.
Question #56
Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts?
- A . AWS Identity and Access Management (1AM)
- B . AWS Trusted Advisor
- C . AWS CloudFormation
- D . AWS Organizations
Correct Answer: D
D
Explanation:
AWS Organizations is the AWS service or feature that allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts. AWS Organizations enables users to centrally manage and govern their AWS environment across multiple accounts. Users can create organizational units (OUs) to group accounts based on their business needs, such as by function, project, or region. Users can also apply service control policies (SCPs) to OUs or individual accounts to define the permissions and restrictions for the AWS services and resources that they can access. AWS Organizations also offers features such as consolidated billing, account creation automation, and trusted access12.
Reference: AWS Organizations
What is AWS Organizations?
D
Explanation:
AWS Organizations is the AWS service or feature that allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts. AWS Organizations enables users to centrally manage and govern their AWS environment across multiple accounts. Users can create organizational units (OUs) to group accounts based on their business needs, such as by function, project, or region. Users can also apply service control policies (SCPs) to OUs or individual accounts to define the permissions and restrictions for the AWS services and resources that they can access. AWS Organizations also offers features such as consolidated billing, account creation automation, and trusted access12.
Reference: AWS Organizations
What is AWS Organizations?
Question #57
A company needs a fully managed file server that natively supports Microsoft workloads and file systems The file server must also support the SMB protocol.
Which AWS service should the company use to meet these requirements?
- A . Amazon Elastic File System (Amazon EFS)
- B . Amazon FSx for Lustre
- C . Amazon FSx for Windows File Server
- D . Amazon Elastic Block Store (Amazon EBS)
Correct Answer: C
C
Explanation:
Amazon FSx for Windows File Server is a fully managed file server that supports Microsoft workloads and file systems, including the SMB protocol. It provides features such as user quotas, end-user file restore, and Microsoft Active Directory integration. Amazon EFS is a fully managed file system that supports the NFS protocol, not SMB. Amazon FSx for Lustre is a fully managed file system that supports high-performance computing workloads, not Microsoft workloads. Amazon EBS is a block storage service that does not provide a file system or SMB support.
Reference: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon EFS, Amazon EBS
C
Explanation:
Amazon FSx for Windows File Server is a fully managed file server that supports Microsoft workloads and file systems, including the SMB protocol. It provides features such as user quotas, end-user file restore, and Microsoft Active Directory integration. Amazon EFS is a fully managed file system that supports the NFS protocol, not SMB. Amazon FSx for Lustre is a fully managed file system that supports high-performance computing workloads, not Microsoft workloads. Amazon EBS is a block storage service that does not provide a file system or SMB support.
Reference: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon EFS, Amazon EBS
Question #58
A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?
- A . Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
- B . Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
- C . Move each user’s working environment to Amazon Workspaces. Set up an Amazon WorkDocs account for each user.
- D . Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
Correct Answer: B
B
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that allows you to extend your on-premises file storage capabilities to the AWS Cloud. AWS Storage Gateway file gateway enables you to store
and access your files in Amazon S3 using industry-standard file protocols such as NFS and SMB. File gateway caches frequently accessed files locally, providing low-latency access to your data. File gateway also optimizes the transfer of data between your on-premises environment and AWS, minimizing the amount of bandwidth consumed. By using file gateway, you can retain the performance benefit of sharing content locally while leveraging the scalability, durability, and cost-effectiveness of Amazon S3.
Reference: AWS Storage Gateway, File Gateway
B
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that allows you to extend your on-premises file storage capabilities to the AWS Cloud. AWS Storage Gateway file gateway enables you to store
and access your files in Amazon S3 using industry-standard file protocols such as NFS and SMB. File gateway caches frequently accessed files locally, providing low-latency access to your data. File gateway also optimizes the transfer of data between your on-premises environment and AWS, minimizing the amount of bandwidth consumed. By using file gateway, you can retain the performance benefit of sharing content locally while leveraging the scalability, durability, and cost-effectiveness of Amazon S3.
Reference: AWS Storage Gateway, File Gateway
Question #59
A company has all of its servers in the us-east-1 Region. The company is considering the deployment of additional servers different Region.
Which AWS tool should the company use to find pricing information for other Regions?
- A . Cost Explorer
- B . AWS Budgets
- C . AWS Purchase Order Management
- D . AWS Pricing Calculator
Correct Answer: D
D
Explanation:
AWS Pricing Calculator lets customers explore AWS services, and create an estimate for the cost of their use cases on AWS. AWS Pricing Calculator can also compare the costs of different AWS Regions and configurations. Cost Explorer is a tool that enables customers to visualize, understand, and manage their AWS costs and usage over time. AWS Budgets gives customers the ability to set custom budgets that alert them when their costs or usage exceed (or are forecasted to exceed) their budgeted amount. AWS Purchase Order Management is a feature that allows customers to pay for their AWS invoices using purchase orders.
D
Explanation:
AWS Pricing Calculator lets customers explore AWS services, and create an estimate for the cost of their use cases on AWS. AWS Pricing Calculator can also compare the costs of different AWS Regions and configurations. Cost Explorer is a tool that enables customers to visualize, understand, and manage their AWS costs and usage over time. AWS Budgets gives customers the ability to set custom budgets that alert them when their costs or usage exceed (or are forecasted to exceed) their budgeted amount. AWS Purchase Order Management is a feature that allows customers to pay for their AWS invoices using purchase orders.
Question #60
Which AWS service aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services?
- A . Amazon Detective
- B . Amazon Inspector
- C . Amazon Macie
- D . AWS Security Hub
Correct Answer: D
D
Explanation:
The correct answer is D because AWS Security Hub is a service that aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer. The other options are incorrect because they are not services that aggregate security alerts and findings from multiple AWS services. Amazon Detective is a service that helps users analyze and visualize security data to investigate and remediate potential issues. Amazon Inspector is a service that helps users find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Amazon Macie is a service that helps users discover, classify, and protect sensitive data stored in Amazon S3.
Reference: AWS Security Hub FAQs
D
Explanation:
The correct answer is D because AWS Security Hub is a service that aggregates, organizes, and prioritizes security alerts and findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, and AWS IAM Access Analyzer. The other options are incorrect because they are not services that aggregate security alerts and findings from multiple AWS services. Amazon Detective is a service that helps users analyze and visualize security data to investigate and remediate potential issues. Amazon Inspector is a service that helps users find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Amazon Macie is a service that helps users discover, classify, and protect sensitive data stored in Amazon S3.
Reference: AWS Security Hub FAQs