Practice Free CLF-C02 Exam Online Questions
Question #101
A company uses AWS Organizations. The company wants to apply security best practices from the AWS Well-Architected Framework to all of its AWS accounts.
Which AWS service will meet these requirements?
- A . Amazon Macie
- B . Amazon Detective
- C . AWS Control Tower
- D . AWS Secrets Manager
Correct Answer: A
A
Explanation:
AWS Control Tower is the easiest way to set up and govern a secure, multi-account AWS environment based on best practices established through AWS’s experience working with thousands of enterprises as they move to the cloud. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while you have peace of mind knowing your accounts conform to your organization’s policies. AWS Control Tower automates the setup of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment1. AWS Control Tower helps you apply security best practices from the AWS Well-Architected Framework to all of your AWS accounts2.
A
Explanation:
AWS Control Tower is the easiest way to set up and govern a secure, multi-account AWS environment based on best practices established through AWS’s experience working with thousands of enterprises as they move to the cloud. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while you have peace of mind knowing your accounts conform to your organization’s policies. AWS Control Tower automates the setup of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment1. AWS Control Tower helps you apply security best practices from the AWS Well-Architected Framework to all of your AWS accounts2.
Question #102
Which of the following can be components of a VPC in the AWS Cloud? (Select TWO.)
- A . Amazon API Gateway
- B . Amazon S3 buckets and objects
- C . AWS Storage Gateway
- D . Internet gateway
- E . Subnet
Correct Answer: D,E
D,E
Explanation:
AVPC (Virtual Private Cloud) in AWS is a logically isolated network that you define in the AWS Cloud.
Within a VPC, you can create subnets, route tables, network gateways, and more.
D. Internet Gateway: An internet gateway is a component that allows communication between resources in a VPC and the internet.
E. Subnet: A subnet is a range of IP addresses in your VPC. Subnets can be public or private and are
essential for organizing resources within a VPC.
Why other options are not suitable:
D,E
Explanation:
AVPC (Virtual Private Cloud) in AWS is a logically isolated network that you define in the AWS Cloud.
Within a VPC, you can create subnets, route tables, network gateways, and more.
D. Internet Gateway: An internet gateway is a component that allows communication between resources in a VPC and the internet.
E. Subnet: A subnet is a range of IP addresses in your VPC. Subnets can be public or private and are
essential for organizing resources within a VPC.
Why other options are not suitable:
Question #103
What is the primary purpose of Amazon RDS?
- A . To manage relational databases
- B . To provide cloud storage
- C . To host web applications
- D . To manage network traffic
Correct Answer: A
Question #104
A company’s information security manager is supervising a move to AWS and wants to ensure that AWS best practices are followed. The manager has concerns about the potential misuse of AWS account root user credentials.
Which of the following is an AWS best practice for using the AWS account root user credentials?
- A . Allow only the manager to use the account root user credentials for normal activities.
- B . Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.
- C . Use the account root user credentials only when they alone must be used to perform a required function.
- D . Use the account root user credentials only for the creation of private VPC subnets.
Correct Answer: C
C
Explanation:
The AWS best practice for using the AWS account root user credentials is to use them only when they alone must be used to perform a required function. The AWS account root user credentials have full access to all the resources in the account, and therefore pose a security risk if compromised or misused. You should create individual IAM users with the minimum necessary permissions for everyday tasks, and use AWS Organizations to manage multiple accounts. You should also enable multi-factor authentication (MFA) and rotate the password for the root user regularly. Some of the functions that require the root user credentials are changing the account name, closing the account, changing the support plan, and restoring an IAM user’s access.
C
Explanation:
The AWS best practice for using the AWS account root user credentials is to use them only when they alone must be used to perform a required function. The AWS account root user credentials have full access to all the resources in the account, and therefore pose a security risk if compromised or misused. You should create individual IAM users with the minimum necessary permissions for everyday tasks, and use AWS Organizations to manage multiple accounts. You should also enable multi-factor authentication (MFA) and rotate the password for the root user regularly. Some of the functions that require the root user credentials are changing the account name, closing the account, changing the support plan, and restoring an IAM user’s access.
Question #105
A company is considering a move to the AWS Cloud. The company wants to be able to scale its compute resources as needed to accommodate changing loads.
Which benefit of the AWS Cloud does this scenario describe?
- A . Global deployment in minutes
- B . Cost savings
- C . Agility
- D . Elasticity
Correct Answer: D
Question #106
A user is moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud.
Which type of migration is this?
- A . On-premises to cloud native
- B . Hybrid to cloud native
- C . On-premises to hybrid
- D . Cloud native to hybrid
Correct Answer: C
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms.
A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud.
B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud.
D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms.
A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud.
B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud.
D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
Question #107
A company’s IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.
What should the company do to meet these requirements?
- A . Deploy MySQL database server clusters on Amazon EC2 instances.
- B . Use Amazon RDS with a MySQL database.
- C . Use an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances.
- D . Migrate all the MySQL database data to Amazon S3.
Correct Answer: B
B
Explanation:
Amazon RDS is a service that makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS supports MySQL as one of the database engines. By using Amazon RDS with a MySQL database, the company can offload the tasks of patching the database and taking backup
snapshots to AWS. Amazon RDS automatically patches the database software and operating system of the database instances. Amazon RDS also automatically backs up the database and retains the backups for a user-defined retention period. The company can also restore the database to any point in time within the retention period. Deploying MySQL database server clusters onAmazon EC2 instances, using an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances, or migrating all the MySQL database data to Amazon S3 are not the best options to meet the requirements. These options would not automate the tasks of patching the database and taking backup snapshots, and would require more operational overhead from the company3
B
Explanation:
Amazon RDS is a service that makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS supports MySQL as one of the database engines. By using Amazon RDS with a MySQL database, the company can offload the tasks of patching the database and taking backup
snapshots to AWS. Amazon RDS automatically patches the database software and operating system of the database instances. Amazon RDS also automatically backs up the database and retains the backups for a user-defined retention period. The company can also restore the database to any point in time within the retention period. Deploying MySQL database server clusters onAmazon EC2 instances, using an AWS CloudFormation template to deploy MySQL database servers on Amazon EC2 instances, or migrating all the MySQL database data to Amazon S3 are not the best options to meet the requirements. These options would not automate the tasks of patching the database and taking backup snapshots, and would require more operational overhead from the company3
Question #108
A company needs a repository that stores source code. The company needs a way to update the running software when the code changes.
Which combination of AWS services will meet these requirements? (Select TWO.)
- A . AWS Code Commit
- B . AWS Code Deploy
- C . Amazon DynamoDB
- D . Amazon S3
- E . Amazon Elastic Container Service (Amazon ECS)
Correct Answer: A,B
A,B
Explanation:
A and B are correct because AWS CodeCommit is the AWS service that provides a fully managed source control service that hosts secure Git-based repositories1, and AWS CodeDeploy is the AWS service that automates code deployments to any instance, including Amazon EC2 instances and servers running on-premises2. These two services can be used together to store source code and update the running software when the code changes.
C is incorrect because Amazon DynamoDB is the AWS service that provides a fully managed NoSQL database service that supports key-value and document data models3. It is not related to storing source code or updating software.
D is incorrect because Amazon S3 is the AWS service that provides object storage through a web service interface4. It can be used to store source code, but it does not provide source control features or update software. E is incorrect because Amazon Elastic Container Service (Amazon ECS) is the AWS service that allows users to run, scale, and secure Docker container applications. It can be used to deploy containerized software, but it does not store source code or update software.
A,B
Explanation:
A and B are correct because AWS CodeCommit is the AWS service that provides a fully managed source control service that hosts secure Git-based repositories1, and AWS CodeDeploy is the AWS service that automates code deployments to any instance, including Amazon EC2 instances and servers running on-premises2. These two services can be used together to store source code and update the running software when the code changes.
C is incorrect because Amazon DynamoDB is the AWS service that provides a fully managed NoSQL database service that supports key-value and document data models3. It is not related to storing source code or updating software.
D is incorrect because Amazon S3 is the AWS service that provides object storage through a web service interface4. It can be used to store source code, but it does not provide source control features or update software. E is incorrect because Amazon Elastic Container Service (Amazon ECS) is the AWS service that allows users to run, scale, and secure Docker container applications. It can be used to deploy containerized software, but it does not store source code or update software.
Question #109
Which AWS services make use of global edge locations’? (Select TWO.)
- A . AWS Fargate
- B . Amazon CloudFront
- C . AWS Global Accelerator
- D . AWS Wavelength
- E . Amazon VPC
Correct Answer: B,C
B,C
Explanation:
Amazon CloudFront and AWS Global Accelerator are two AWS services that make use of global edge locations. Edge locations are AWS sites that are deployed worldwide in major cities and places with a high population. Edge locations are used to cache data and reduce latency for end-user access1.
Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. Amazon CloudFront uses a global network of over 200 edge locations and 13 regional edge caches to cache
your content closer to your viewers, improving performance and reducing costs23.
AWS Global Accelerator is a networking service that improves the availability and performance of your applications with local or global users. AWS Global Accelerator uses the AWS global network to route user traffic to the optimal endpoint based on health, performance, and policies. AWS Global Accelerator uses over 100 edge locations to bring your application endpoints closer to your users, reducing network hops and improving user experience45.
Reference: 1: AWS for the Edge – Amazon Web Services (AWS), 2: Content Delivery Network (CDN) – Amazon CloudFront – AWS, 3: Amazon CloudFront Documentation, 4: AWS Global Accelerator – Amazon Web Services, 5: AWS Global Accelerator Documentation
B,C
Explanation:
Amazon CloudFront and AWS Global Accelerator are two AWS services that make use of global edge locations. Edge locations are AWS sites that are deployed worldwide in major cities and places with a high population. Edge locations are used to cache data and reduce latency for end-user access1.
Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. Amazon CloudFront uses a global network of over 200 edge locations and 13 regional edge caches to cache
your content closer to your viewers, improving performance and reducing costs23.
AWS Global Accelerator is a networking service that improves the availability and performance of your applications with local or global users. AWS Global Accelerator uses the AWS global network to route user traffic to the optimal endpoint based on health, performance, and policies. AWS Global Accelerator uses over 100 edge locations to bring your application endpoints closer to your users, reducing network hops and improving user experience45.
Reference: 1: AWS for the Edge – Amazon Web Services (AWS), 2: Content Delivery Network (CDN) – Amazon CloudFront – AWS, 3: Amazon CloudFront Documentation, 4: AWS Global Accelerator – Amazon Web Services, 5: AWS Global Accelerator Documentation
Question #110
A company is using AWS Organizations to configure AWS accounts.
A company is planning its migration to the AWS Cloud. The company is identifying its capability gaps by using the AWS Cloud Adoption Framework (AWS CAF) perspectives.
Which phase of the cloud transformation journey includes these identification activities?
- A . Envision
- B . Align
- C . Scale
- D . Launch
Correct Answer: A
A
Explanation:
The Envision phase of the cloud transformation journey is where the company defines its vision, business drivers, and desired outcomes for the cloud adoption. The company also identifies its capability gaps by using the AWS Cloud Adoption Framework (AWS CAF) perspectives, which are business, people, governance, platform, security, and operations2.
A
Explanation:
The Envision phase of the cloud transformation journey is where the company defines its vision, business drivers, and desired outcomes for the cloud adoption. The company also identifies its capability gaps by using the AWS Cloud Adoption Framework (AWS CAF) perspectives, which are business, people, governance, platform, security, and operations2.