Practice Free CLF-C02 Exam Online Questions
Question #131
Which options are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
- A . Sustainability
- B . Security
- C . Operations
- D . Performance efficiency
- E . Reliability
Correct Answer: C,D
C,D
Explanation:
The options that are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF) are operations and performance efficiency. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The operations perspective capabilities are operations support, operations integration, and service management. The performance efficiency perspective focuses on the selection and configuration of the right cloud resources and services to meet the performance requirements of the applications, as well as the continuous improvement and innovation of the cloud solutions. The performance efficiency perspective capabilities are selection, review, and monitoring. Sustainability, security, and reliability are not perspectives of the AWS CAF, but they are aspects of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a guidance that helps users build and operate secure, reliable, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars, which are operational excellence, security, reliability, performance efficiency, and cost optimization. Sustainability is a cross-cutting theme that applies to all the pillars, and refers to the environmental and social impact of the cloud solutions.
C,D
Explanation:
The options that are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF) are operations and performance efficiency. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The operations perspective capabilities are operations support, operations integration, and service management. The performance efficiency perspective focuses on the selection and configuration of the right cloud resources and services to meet the performance requirements of the applications, as well as the continuous improvement and innovation of the cloud solutions. The performance efficiency perspective capabilities are selection, review, and monitoring. Sustainability, security, and reliability are not perspectives of the AWS CAF, but they are aspects of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a guidance that helps users build and operate secure, reliable, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars, which are operational excellence, security, reliability, performance efficiency, and cost optimization. Sustainability is a cross-cutting theme that applies to all the pillars, and refers to the environmental and social impact of the cloud solutions.
Question #132
A company’s information security manager is supervising a move to AWS and wants to ensure that AWS best practices are followed. The manager has concerns about the potential misuse of AWS account root user credentials.
Which of the following is an AWS best practice for using the AWS account root user credentials?
- A . Allow only the manager to use the account root user credentials for normal activities.
- B . Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.
- C . Use the account root user credentials only when they alone must be used to perform a requiredfunction.
- D . Use the account root user credentials only for the creation of private VPC subnets.
Correct Answer: C
C
Explanation:
The AWS best practice for using the AWS account root user credentials is to use them only when they alone must be used to perform a required function. The AWS account root user credentials have full access to all the resources in the account, and therefore pose a security risk if compromised or misused. You should create individual IAM users with the minimum necessary permissions for everyday tasks, and use AWS Organizations to manage multiple accounts. You should also enable multi-factor authentication (MFA) and rotate the password for the root user regularly. Some of the
functions that require the root user credentials are changing the account name, closing the account, changing the support plan, and restoring an IAM user’s access.
C
Explanation:
The AWS best practice for using the AWS account root user credentials is to use them only when they alone must be used to perform a required function. The AWS account root user credentials have full access to all the resources in the account, and therefore pose a security risk if compromised or misused. You should create individual IAM users with the minimum necessary permissions for everyday tasks, and use AWS Organizations to manage multiple accounts. You should also enable multi-factor authentication (MFA) and rotate the password for the root user regularly. Some of the
functions that require the root user credentials are changing the account name, closing the account, changing the support plan, and restoring an IAM user’s access.
Question #133
A user is moving a workload from a local data center to an architecture that is distributed between
the local data center and the AWS Cloud.
Which type of migration is this?
- A . On-premises to cloud native
- B . Hybrid to cloud native
- C . On-premises to hybrid
- D . Cloud native to hybrid
Correct Answer: C
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
Question #134
A company needs a hybrid cloud storage service to connect its on-premises environment to scalable AWS Cloud storage.
Which AWS service will meet these requirements?
- A . Amazon S3
- B . Amazon FSx
- C . AWS Storage Gateway
- D . AWS Fargate
Correct Answer: C
Question #135
Which AWS Support plan is the minimum recommended tier for users who have production workloads on AWS?
- A . AWS Developer Support
- B . AWS Enterprise Support
- C . AWS Business Support
- D . AWS Enterprise On-Ramp Support
Correct Answer: C
C
Explanation:
AWS Business Support is the minimum recommended tier for users who have production workloads on AWS. AWS Business Support provides 24×7 access to cloud support engineers via phone, chat, or email, as well as a guaranteed response time of less than one hour for urgent issues. AWS Business Support also includes access to AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your resources following AWS best practices4.
C
Explanation:
AWS Business Support is the minimum recommended tier for users who have production workloads on AWS. AWS Business Support provides 24×7 access to cloud support engineers via phone, chat, or email, as well as a guaranteed response time of less than one hour for urgent issues. AWS Business Support also includes access to AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your resources following AWS best practices4.
Question #136
A company is requesting Payment Card Industry (PCI) reports that validate the operating effectiveness of AWS security controls.
How should the company obtain these reports?
- A . Contact AWS Support
- B . Download reports from AWS Artifact.
- C . Download reports from AWS Security Hub.
- D . Contact an AWS technical account manager (TAM).
Correct Answer: B
B
Explanation:
AWS Artifact is a service provided by AWS that offers on-demand access to AWS compliance reports, including the Payment Card Industry (PCI) reports. It is the primary tool for retrieving compliance reports such as Service Organization Control (SOC) reports, ISO certifications, and Payment Card
Industry Data Security Standard (PCI DSS) reports.
To obtain these reports:
The company should log into the AWS Management Console and navigate to AWS Artifact.
From there, they can select and download the necessary compliance reports.
Why other options are not suitable:
B
Explanation:
AWS Artifact is a service provided by AWS that offers on-demand access to AWS compliance reports, including the Payment Card Industry (PCI) reports. It is the primary tool for retrieving compliance reports such as Service Organization Control (SOC) reports, ISO certifications, and Payment Card
Industry Data Security Standard (PCI DSS) reports.
To obtain these reports:
The company should log into the AWS Management Console and navigate to AWS Artifact.
From there, they can select and download the necessary compliance reports.
Why other options are not suitable:
Question #137
Which AWS services or features can a company use to connect the network of its on-premises data center to AWS? (Select TWO.)
- A . AWS VPN
- B . AWS Directory Service
- C . AWS Data Pipeline
- D . AWS Direct Connect
- E . AWS CloudHSM
Correct Answer: A,D
A,D
Explanation:
AWS VPN and AWS Direct Connect are two services that enable customers to connect their on-premises data center network to the AWS Cloud. AWS VPN establishes a secure and encrypted connection over the public internet, while AWS Direct Connect establishes a dedicated and private connection through a partner network. You can learn more about AWS VPN from [this webpage] or [this digital course]. You can learn more about AWS Direct Connect from [this webpage] or [this digital course].
A,D
Explanation:
AWS VPN and AWS Direct Connect are two services that enable customers to connect their on-premises data center network to the AWS Cloud. AWS VPN establishes a secure and encrypted connection over the public internet, while AWS Direct Connect establishes a dedicated and private connection through a partner network. You can learn more about AWS VPN from [this webpage] or [this digital course]. You can learn more about AWS Direct Connect from [this webpage] or [this digital course].
Question #138
Which AWS resource can help a company reduce Its costs in exchange for a usage commitment when using Amazon EC2 instances?
- A . Compute Savings Plans
- B . Auto Stalling group
- C . On-Demand Instance
- D . EC2 instance store
Correct Answer: A
Question #139
A company is running an application on AWS. The company wants to identify and prevent the accidental.
Which AWS service or feature will meet these requirements?
- A . Amazon GuardDuty
- B . Network ACL
- C . AWS WAF
- D . AWS Network Firewall
Correct Answer: A
A
Explanation:
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you can automate anomaly detection and get actionable findings to help you protect your AWS resources4.
A
Explanation:
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you can automate anomaly detection and get actionable findings to help you protect your AWS resources4.
Question #140
Which AWS service can generate information that can be used by external auditors?
- A . Amazon Cognito
- B . Amazon FSx
- C . AWS Config
- D . Amazon Inspector
Correct Answer: C
C
Explanation:
AWS Config enables users to assess, audit, and evaluate the configurations of AWS resources. It provides information that can be used by external auditors to ensure compliance with various regulatory requirements by tracking changes and maintaining configuration history. Amazon Cognito, FSx, and Inspector do not provide detailed configuration tracking for audit purposes.
C
Explanation:
AWS Config enables users to assess, audit, and evaluate the configurations of AWS resources. It provides information that can be used by external auditors to ensure compliance with various regulatory requirements by tracking changes and maintaining configuration history. Amazon Cognito, FSx, and Inspector do not provide detailed configuration tracking for audit purposes.