Practice Free CLF-C02 Exam Online Questions
Question #101
A company wants to implement detailed tracking of its cloud costs by department and project.
Which AWS feature or service should the company use?
- A . Consolidated billing
- B . Cost allocation tags
- C . AWS Marketplace
- D . AWS Budgets
Correct Answer: B
B
Explanation:
Cost allocation tags are an AWS feature that allows for detailed tracking of cloud costs by tagging resources. These tags can be customized to represent departments, projects, or cost centers, enabling organizations to allocate and monitor expenses accurately. By using cost allocation tags, companies can create reports that break down costs by tag, providing granular insights into their cloud spending. This feature is critical for achieving detailed cost management and is a core part of AWS’s billing and cost management offerings.
B
Explanation:
Cost allocation tags are an AWS feature that allows for detailed tracking of cloud costs by tagging resources. These tags can be customized to represent departments, projects, or cost centers, enabling organizations to allocate and monitor expenses accurately. By using cost allocation tags, companies can create reports that break down costs by tag, providing granular insights into their cloud spending. This feature is critical for achieving detailed cost management and is a core part of AWS’s billing and cost management offerings.
Question #102
A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure.
Which AWS service or feature should be used?
- A . Security groups
- B . AWS Firewall Manager
- C . IAM roles
- D . IAM user SSH keys
Correct Answer: C
C
Explanation:
IAM roles are a secure way to grant permissions to applications running on an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that have specific permissions policies attached to them. You can create an IAM role and associate it with an EC2 instance when you launch it or later. The applications on the instance can then use the temporary credentials provided by the role to access AWS resources that the role allows. This way, you do not have tostore any long-term credentials or access keys on the instance, which reduces the risk of compromise or misuse12.
The other options are not correct, because:
Security groups are virtual firewalls that control the inbound and outbound traffic for your EC2 instances. Security groups do not grant permissions to access other AWS services, but rather filter the network traffic based on rules that you define3.
AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources. AWS Firewall Manager works with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups. AWS Firewall Manager does not grant permissions to access other AWS services, but rather helps you enforce consistent security policies across your AWS infrastructure4.
IAM user SSH keys are credentials that allow you to connect to your EC2 instance using SSH. SSH keys do not grant permissions to access other AWS services, but rather authenticate your identity when you log in to your instance5.
Using an IAM role to grant permissions to applications running on Amazon EC2 instances – AWS Identity and Access Management
IAM roles for Amazon EC2 – Amazon Elastic Compute Cloud Security groups for your VPC – Amazon Virtual Private Cloud What is AWS Firewall Manager? – AWS Firewall Manager
Connecting to your Linux instance using SSH – Amazon Elastic Compute Cloud
C
Explanation:
IAM roles are a secure way to grant permissions to applications running on an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that have specific permissions policies attached to them. You can create an IAM role and associate it with an EC2 instance when you launch it or later. The applications on the instance can then use the temporary credentials provided by the role to access AWS resources that the role allows. This way, you do not have tostore any long-term credentials or access keys on the instance, which reduces the risk of compromise or misuse12.
The other options are not correct, because:
Security groups are virtual firewalls that control the inbound and outbound traffic for your EC2 instances. Security groups do not grant permissions to access other AWS services, but rather filter the network traffic based on rules that you define3.
AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources. AWS Firewall Manager works with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups. AWS Firewall Manager does not grant permissions to access other AWS services, but rather helps you enforce consistent security policies across your AWS infrastructure4.
IAM user SSH keys are credentials that allow you to connect to your EC2 instance using SSH. SSH keys do not grant permissions to access other AWS services, but rather authenticate your identity when you log in to your instance5.
Using an IAM role to grant permissions to applications running on Amazon EC2 instances – AWS Identity and Access Management
IAM roles for Amazon EC2 – Amazon Elastic Compute Cloud Security groups for your VPC – Amazon Virtual Private Cloud What is AWS Firewall Manager? – AWS Firewall Manager
Connecting to your Linux instance using SSH – Amazon Elastic Compute Cloud
Question #103
A company is building a serverless architecture that connects application data from multiple data sources. The company needs a solution that does not require additional code.
Which AWS service meets these requirements?
- A . AWS Lambda
- B . Amazon Simple Queue Service (Amazon SQS)
- C . Amazon CloudWatch
- D . Amazon EventBridge
Correct Answer: D
D
Explanation:
Amazon EventBridge is the service that meets the requirements of building a serverless architecture that connects application data from multiple data sources without requiring additional code. Amazon EventBridge is a serverless event bus service that allows you to easily connect your applications with data from AWS services, SaaS applications, and your own applications. You can use Amazon EventBridge to create rules that match events and route them to targets such as AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, or other AWS services. Amazon EventBridge handles the event ingestion, delivery, security, authorization, and error handling for you34
D
Explanation:
Amazon EventBridge is the service that meets the requirements of building a serverless architecture that connects application data from multiple data sources without requiring additional code. Amazon EventBridge is a serverless event bus service that allows you to easily connect your applications with data from AWS services, SaaS applications, and your own applications. You can use Amazon EventBridge to create rules that match events and route them to targets such as AWS Lambda functions, Amazon SNS topics, Amazon SQS queues, or other AWS services. Amazon EventBridge handles the event ingestion, delivery, security, authorization, and error handling for you34
Question #104
A company wants to run its production workloads on AWS. The company needs concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week.
Which AWS Support plan will meet these requirements?
- A . AWS Basic Support
- B . AWS Enterprise Support
- C . AWS Business Support
- D . AWS Developer Support
Correct Answer: B
B
Explanation:
B is correct because AWS Enterprise Support is the AWS Support plan that provides concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week. This plan is designed for customers who run mission-critical workloads on AWS and need the highest level of support. A is incorrect because AWS Basic Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for a limited set of AWS services. It does not provide concierge service, a designated TAM, or 24/7 technical support. C is incorrect because AWS Business Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for all AWS services, as well as access to AWS Trusted Advisor and AWS Support API. It does not provide concierge service or a designated TAM. D is incorrect because AWS Developer Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technicalsupport for all AWS services, as well as access to AWS Trusted Advisor. It does not provide concierge service, a designated TAM, or 24/7 technical support.
B
Explanation:
B is correct because AWS Enterprise Support is the AWS Support plan that provides concierge service, a designated AWS technical account manager (TAM), and technical support that is available 24 hours a day, 7 days a week. This plan is designed for customers who run mission-critical workloads on AWS and need the highest level of support. A is incorrect because AWS Basic Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for a limited set of AWS services. It does not provide concierge service, a designated TAM, or 24/7 technical support. C is incorrect because AWS Business Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technical support for all AWS services, as well as access to AWS Trusted Advisor and AWS Support API. It does not provide concierge service or a designated TAM. D is incorrect because AWS Developer Support is the AWS Support plan that provides customer service and support for billing and account issues, service limit increases, and technicalsupport for all AWS services, as well as access to AWS Trusted Advisor. It does not provide concierge service, a designated TAM, or 24/7 technical support.
Question #105
Which AWS service provides the SIMPLEST way for the company to establish a website on AWS?
- A . Amazon Elastic File System (Amazon EFS)
- B . AWS Elastic Beanstalk
- C . AWS Lambda
- D . Amazon Lightsail
Correct Answer: D
D
Explanation:
Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. Whether you’re new to the cloud or looking to get on the cloud quickly with AWS infrastructure you trust, we’ve got you covered.
Lightsail provides the simplest way for the company to establish a website on AWS.
D
Explanation:
Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. Whether you’re new to the cloud or looking to get on the cloud quickly with AWS infrastructure you trust, we’ve got you covered.
Lightsail provides the simplest way for the company to establish a website on AWS.
Question #106
Which AWS service is a fully managed NoSQL database service?
- A . Amazon RDS
- B . Amazon Redshift
- C . Amazon DynamoDB
- D . Amazon Aurora
Correct Answer: C
C
Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both document and key-value data models and is designed to handle large amounts of data across multiple servers. Other options, like Amazon RDS and Aurora, are managed relational database services, and Amazon Redshift is a data warehousing service.
C
Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both document and key-value data models and is designed to handle large amounts of data across multiple servers. Other options, like Amazon RDS and Aurora, are managed relational database services, and Amazon Redshift is a data warehousing service.
Question #107
A user wants to identify any security group that is allowing unrestricted incoming SSH traffic.
Which AWS service can be used to accomplish this goal?
- A . Amazon Cognito
- B . AWS Shield
- C . Amazon Macie
- D . AWS Trusted Advisor
Correct Answer: D
D
Explanation:
The correct answer to the question is D because AWS Trusted Advisor is an AWS service that can be used to accomplish the goal of identifying any security group that is allowing unrestricted incoming SSH traffic. AWS Trusted Advisor is a service that provides customers with recommendations that help them follow AWS best practices. Trusted Advisor evaluates the customer’s AWS environment and identifies ways to optimize their AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. One of the checks that Trusted Advisor performs is the Security Groups – Specific Ports Unrestricted check, which flags security groups that allow unrestricted access to specific ports, such as port 22 for SSH. Customers can use this check to review and modify their security group rules to restrict SSH access to only authorized sources.
Reference: Security Groups – Specific Ports Unrestricted
D
Explanation:
The correct answer to the question is D because AWS Trusted Advisor is an AWS service that can be used to accomplish the goal of identifying any security group that is allowing unrestricted incoming SSH traffic. AWS Trusted Advisor is a service that provides customers with recommendations that help them follow AWS best practices. Trusted Advisor evaluates the customer’s AWS environment and identifies ways to optimize their AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. One of the checks that Trusted Advisor performs is the Security Groups – Specific Ports Unrestricted check, which flags security groups that allow unrestricted access to specific ports, such as port 22 for SSH. Customers can use this check to review and modify their security group rules to restrict SSH access to only authorized sources.
Reference: Security Groups – Specific Ports Unrestricted
Question #108
Which AWS service uses edge locations to cache content?
- A . Amazon Kinesis
- B . Amazon Simple Queue Service (Amazon SQS)
- C . Amazon CloudFront
- D . Amazon Route 53
Correct Answer: C
C
Explanation:
Amazon CloudFront is a content delivery network (CDN) that uses edge locations to cache content closer to users, reducing latency and improving performance. It supports the delivery of web content, such as videos and images, by caching copies at edge locations around the world. Amazon Kinesis, SQS, and Route 53 do not utilize edge locations for content caching.
C
Explanation:
Amazon CloudFront is a content delivery network (CDN) that uses edge locations to cache content closer to users, reducing latency and improving performance. It supports the delivery of web content, such as videos and images, by caching copies at edge locations around the world. Amazon Kinesis, SQS, and Route 53 do not utilize edge locations for content caching.
Question #109
A company wants to securely rehost databases to AWS with minimal downtime.
Which AWS service will meet these requirements?
- A . AWS Database Migration Service (AWS DMS)
- B . AWS Snow Family
- C . AWSDataSync
- D . AWS Mainframe Modernization
Correct Answer: A
Question #110
Which AWS services can be used to store files? (Select TWO.)
- A . Amazon S3
- B . AWS Lambda
- C . Amazon Elastic Block Store (Amazon EBS)
- D . Amazon SageMaker
- E . AWS Storage Gateway
Correct Answer: A,C
A,C
Explanation:
Amazon S3 and Amazon EBS are two AWS services that can be used to store files. Amazon S3 is an object storage service that offers high scalability, durability, availability, and performance. Amazon EBS is a block storage service that provides persistent and low-latency storage volumes for Amazon EC2 instances. AWS Lambda, Amazon SageMaker, and AWS Storage Gateway are other AWS services that have different purposes, such as serverless computing, machine learning, and hybrid cloud storage.
A,C
Explanation:
Amazon S3 and Amazon EBS are two AWS services that can be used to store files. Amazon S3 is an object storage service that offers high scalability, durability, availability, and performance. Amazon EBS is a block storage service that provides persistent and low-latency storage volumes for Amazon EC2 instances. AWS Lambda, Amazon SageMaker, and AWS Storage Gateway are other AWS services that have different purposes, such as serverless computing, machine learning, and hybrid cloud storage.