Practice Free CLF-C02 Exam Online Questions
Question #151
Which task is the customer’s responsibility, according to the AWS shared responsibility model?
- A . Patch a guest operating system that is deployed on an Amazon EC2 instance.
- B . Control physical access to an AWS data center
- C . Control access to AWS underlying hardware.
- D . Patch a host operating system that is deployed on Amazon S3.
Correct Answer: A
A
Explanation:
According to the AWS Shared Responsibility Model, the customer is responsible for managing the guest operating system (including patches and updates) and any applications that they run on their Amazon EC2 instances.
Why other options are not suitable:
B. Control physical access to an AWS data center: AWS is responsible for the physical security of its data centers.
C. Control access to AWS underlying hardware: AWS manages the hardware infrastructure.
D. Patch a host operating system that is deployed on Amazon S3: Amazon S3 is a managed storage service, and AWS manages the underlying infrastructure, including the operating system.
Reference: AWS Shared Responsibility Model
A
Explanation:
According to the AWS Shared Responsibility Model, the customer is responsible for managing the guest operating system (including patches and updates) and any applications that they run on their Amazon EC2 instances.
Why other options are not suitable:
B. Control physical access to an AWS data center: AWS is responsible for the physical security of its data centers.
C. Control access to AWS underlying hardware: AWS manages the hardware infrastructure.
D. Patch a host operating system that is deployed on Amazon S3: Amazon S3 is a managed storage service, and AWS manages the underlying infrastructure, including the operating system.
Reference: AWS Shared Responsibility Model
Question #152
Which AWS service provides machine learning capability to detect and analyze content in images and videos?
- A . Amazon Connect
- B . Amazon Lightsail
- C . Amazon Personalize
- D . Amazon Rekognition
Correct Answer: D
D
Explanation:
Amazon Rekognition provides machine learning capabilities to analyze images and videos, enabling the detection of objects, people, text, and scenes. It is designed specifically for image and video analysis, making it suitable for various use cases like facial recognition and content moderation. Other services like Amazon Connect, Lightsail, and Personalize do not offer image or video analysis capabilities.
D
Explanation:
Amazon Rekognition provides machine learning capabilities to analyze images and videos, enabling the detection of objects, people, text, and scenes. It is designed specifically for image and video analysis, making it suitable for various use cases like facial recognition and content moderation. Other services like Amazon Connect, Lightsail, and Personalize do not offer image or video analysis capabilities.
Question #153
A company is building a mobile app to provide shopping recommendations to its customers. The company wants to use a graph database as part of the shopping recommendation engine.
Which AWS database service should the company choose?
- A . Amazon DynamoDB
- B . Amazon Aurora
- C . Amazon Neptune
- D . Amazon DocumentDB (with MongoDB compatibility)
Correct Answer: C
C
Explanation:
Amazon Neptune is a service that provides a fully managed graph database that supports property graphs and RDF graphs. It can be used to build applications that work with highly connected datasets, such as shopping recommendations, social networks, fraud detection, and knowledge graphs2. Amazon DynamoDB is a service that provides a fully managed NoSQL database that delivers fast and consistent performance at any scale. Amazon Aurora is a service that provides a fully managed relational database that is compatible with MySQL and PostgreSQL. Amazon Document DB (with MongoDB compatibility) is a service that provides a fully managed document database that is compatible with MongoDB.
C
Explanation:
Amazon Neptune is a service that provides a fully managed graph database that supports property graphs and RDF graphs. It can be used to build applications that work with highly connected datasets, such as shopping recommendations, social networks, fraud detection, and knowledge graphs2. Amazon DynamoDB is a service that provides a fully managed NoSQL database that delivers fast and consistent performance at any scale. Amazon Aurora is a service that provides a fully managed relational database that is compatible with MySQL and PostgreSQL. Amazon Document DB (with MongoDB compatibility) is a service that provides a fully managed document database that is compatible with MongoDB.
Question #154
Which AWS service is an in-memory data store service?
- A . Amazon Aurora
- B . Amazon RDS
- C . Amazon DynamoDB
- D . Amazon ElastiCache
Correct Answer: D
D
Explanation:
Amazon ElastiCache is a fully managed in-memory data store and cache service that delivers sub-millisecond response times to applications. You can use ElastiCache as a primary data store for your applications, or as a cache to improve the performance of your existing databases. ElastiCache supports two popular open-source in-memory engines: Redis and Memcached5.
D
Explanation:
Amazon ElastiCache is a fully managed in-memory data store and cache service that delivers sub-millisecond response times to applications. You can use ElastiCache as a primary data store for your applications, or as a cache to improve the performance of your existing databases. ElastiCache supports two popular open-source in-memory engines: Redis and Memcached5.
Question #155
Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?
- A . AWS Support
- B . AWS customers
- C . AWS Key Management Service (AWS KMS)
- D . AWS Trusted Advisor
Correct Answer: B
B
Explanation:
AWS customers are responsible for enabling encryption of data at rest for Amazon Elastic Block Store (Amazon EBS). Amazon EBS encryption offers a simple encryption solution for your EBSvolumes that does not require you to build, maintain, and secure your own key management infrastructure. You can encrypt both the boot and data volumes of your EC2 instances. You can use AWS Key Management Service (AWS KMS) customer master keys (CMKs) or your own CMKs to encrypt your volumes2.
B
Explanation:
AWS customers are responsible for enabling encryption of data at rest for Amazon Elastic Block Store (Amazon EBS). Amazon EBS encryption offers a simple encryption solution for your EBSvolumes that does not require you to build, maintain, and secure your own key management infrastructure. You can encrypt both the boot and data volumes of your EC2 instances. You can use AWS Key Management Service (AWS KMS) customer master keys (CMKs) or your own CMKs to encrypt your volumes2.
Question #156
Which task is the responsibility of AWS, according to the AWS shared responsibility model?
- A . Set up multi-factor authentication (MFA) for each Workspaces user account.
- B . Ensure the environmental safety and security of the AWS infrastructure that hosts Workspaces.
- C . Provide security for Workspaces user accounts through AWS Identity and Access Management (IAM).
- D . Configure AWS CloudTrail to log API calls and user activity. A company stores data in an Amazon S3 bucket. The company must control who has permission to read, write, or delete objects that the company stores in the S3 bucket.
Correct Answer: B
B
Explanation:
The correct answer is B because ensuring the environmental safety and security of the AWS infrastructure that hosts Workspaces is the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are the responsibility of the customer, according to the AWS shared responsibility model. Setting up multi-factor authentication (MFA) for each Workspaces user account, providing security for Workspaces user accounts through AWS Identity and Access Management (IAM), configuring AWS CloudTrail to log API calls and user activity, and encrypting data at rest and in transit are all tasks that the customer has to perform to secure their Workspaces environment.
Reference: AWS Shared Responsibility Model, Amazon WorkSpaces Security
B
Explanation:
The correct answer is B because ensuring the environmental safety and security of the AWS infrastructure that hosts Workspaces is the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are the responsibility of the customer, according to the AWS shared responsibility model. Setting up multi-factor authentication (MFA) for each Workspaces user account, providing security for Workspaces user accounts through AWS Identity and Access Management (IAM), configuring AWS CloudTrail to log API calls and user activity, and encrypting data at rest and in transit are all tasks that the customer has to perform to secure their Workspaces environment.
Reference: AWS Shared Responsibility Model, Amazon WorkSpaces Security
Question #157
A company wants to avoid unnecessary charges and run workloads at the lowest price point.
Which pillar of the AWS Well-Architected Framework includes these goals?
- A . Security
- B . Reliability
- C . Sustainability
- D . Cost optimization
Correct Answer: D
Question #158
What does the concept of agility mean in AWS Cloud computing? (Select TWO.)
- A . The speed at which AWS resources are implemented
- B . The speed at which AWS creates new AWS Regions
- C . The ability to experiment quickly
- D . The elimination of wasted capacity
- E . The low cost of entry into cloud computing
Correct Answer: A,C
A,C
Explanation:
Agility in AWS Cloud computing means the ability to rapidly provision and deprovision AWS resources as needed, and the ability to experiment quickly with new ideas and solutions. Agility helps businesses to respond to changing customer demands, market opportunities, and competitive threats, and to innovate faster and cheaper. Agility also reduces the risk of failure, as businesses can test and validate their assumptions before committing to large-scale deployments.
Some of the benefits of agility in AWS Cloud computing are:
The speed at which AWS resources are implemented: AWS provides a variety of services and tools that allow you to create, configure, and launch AWS resources in minutes, using the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Software Development Kits (AWS SDKs), or the AWS CloudFormation templates. You can also use the AWS Cloud Development Kit (AWS CDK) to define your AWS resources as code using familiar programming languages, and synthesize them into AWS CloudFormation templates. You can also use the AWS Service Catalog to create and manage standardized portfolios of AWS resources that meet your organizational policies and best practices. AWS also offers on-demand, pay-as-you-go pricing models, so you only pay for the resources you use, and you can scale them up or down as your needs change12345
The ability to experiment quickly: AWS enables you to experiment quickly with new ideas and solutions, without having to invest in upfront capital or long-term commitments. You can use AWS to create and test multiple prototypes, hypotheses, and minimum viable products (MVPs) in parallel, and measure their performance and feedback. You can also use AWS to leverage existing services and solutions, such as AWS Marketplace, AWS Solutions, and AWS Quick Starts, that can help you accelerate your innovation process. AWS also supports a culture of experimentation and learning, by providing tools and resources for continuous integration and delivery (CI/CD), testing, monitoring, and analytics.
: Six advantages of cloud computing – Overview of Amazon Web Services, AWS Cloud Development Kit (AWS CDK), AWS Service Catalog, AWS Pricing, AWS CloudFormation, [Experimentation and Testing – AWS Well-Architected Framework], [AWS Marketplace], [AWS Solutions], [AWS Quick Starts], [AWS Developer Tools]
A,C
Explanation:
Agility in AWS Cloud computing means the ability to rapidly provision and deprovision AWS resources as needed, and the ability to experiment quickly with new ideas and solutions. Agility helps businesses to respond to changing customer demands, market opportunities, and competitive threats, and to innovate faster and cheaper. Agility also reduces the risk of failure, as businesses can test and validate their assumptions before committing to large-scale deployments.
Some of the benefits of agility in AWS Cloud computing are:
The speed at which AWS resources are implemented: AWS provides a variety of services and tools that allow you to create, configure, and launch AWS resources in minutes, using the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS Software Development Kits (AWS SDKs), or the AWS CloudFormation templates. You can also use the AWS Cloud Development Kit (AWS CDK) to define your AWS resources as code using familiar programming languages, and synthesize them into AWS CloudFormation templates. You can also use the AWS Service Catalog to create and manage standardized portfolios of AWS resources that meet your organizational policies and best practices. AWS also offers on-demand, pay-as-you-go pricing models, so you only pay for the resources you use, and you can scale them up or down as your needs change12345
The ability to experiment quickly: AWS enables you to experiment quickly with new ideas and solutions, without having to invest in upfront capital or long-term commitments. You can use AWS to create and test multiple prototypes, hypotheses, and minimum viable products (MVPs) in parallel, and measure their performance and feedback. You can also use AWS to leverage existing services and solutions, such as AWS Marketplace, AWS Solutions, and AWS Quick Starts, that can help you accelerate your innovation process. AWS also supports a culture of experimentation and learning, by providing tools and resources for continuous integration and delivery (CI/CD), testing, monitoring, and analytics.
: Six advantages of cloud computing – Overview of Amazon Web Services, AWS Cloud Development Kit (AWS CDK), AWS Service Catalog, AWS Pricing, AWS CloudFormation, [Experimentation and Testing – AWS Well-Architected Framework], [AWS Marketplace], [AWS Solutions], [AWS Quick Starts], [AWS Developer Tools]
Question #159
Which AWS service can a company use to find security and compliance reports, including International Organization for Standardization (ISO) reports?
- A . AWS Artifact
- B . Amazon CloudWatch
- C . AWS Config
- D . AWS Audit Manager
Correct Answer: A
A
Explanation:
AWS Artifact is a self-service portal that provides on-demand access to AWS security and compliance reports and select online agreements. You can use AWS Artifact to download AWS service audit reports, such as ISO, PCI, and SOC, and to accept and manage agreements with AWS, such as the Business Associate Addendum (BAA).
A
Explanation:
AWS Artifact is a self-service portal that provides on-demand access to AWS security and compliance reports and select online agreements. You can use AWS Artifact to download AWS service audit reports, such as ISO, PCI, and SOC, and to accept and manage agreements with AWS, such as the Business Associate Addendum (BAA).
Question #160
A company has an AWS Business Support plan. The company needs to gain access to the AWS DDoS Response Team (DRT) to help mitigate DDoS events.
Which AWS service or resource must the company use to meet these requirements?
- A . AWS Shield Standard
- B . AWS Enterprise Support
- C . AWS WAF
- D . AWS Shield Advanced
Correct Answer: D
D
Explanation:
AWS Shield Advanced provides enhanced protection against DDoS attacks and includes access to the AWS DDoS Response Team (DRT) to help mitigate complex DDoS events. AWS Shield Standard offers basic DDoS protection, which is included with AWS services, but does not provide access to the DRT. AWS WAF is a web application firewall, and AWS Enterprise Support is a premium support plan but
does not specifically provide DDoS mitigation services or access to the DRT.
D
Explanation:
AWS Shield Advanced provides enhanced protection against DDoS attacks and includes access to the AWS DDoS Response Team (DRT) to help mitigate complex DDoS events. AWS Shield Standard offers basic DDoS protection, which is included with AWS services, but does not provide access to the DRT. AWS WAF is a web application firewall, and AWS Enterprise Support is a premium support plan but
does not specifically provide DDoS mitigation services or access to the DRT.