Practice Free CLF-C02 Exam Online Questions
Question #11
A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify billing processes.
Which AWS service or tool should the company use to meet these requirements?
- A . AWS Organizations
- B . Cost Explorer
- C . AWS Budgets
- D . AWS Trusted Advisor
Correct Answer: A
A
Explanation:
AWS Organizations is an AWS service that enables you to centrally manage and govern your AWS Cloud environments across multiple business units. AWS Organizations allows you to create an organization that consists of AWS accounts that you create or invite to join. You can group your accounts into organizational units (OUs) and apply service control policies (SCPs) to them. SCPs are a type of policy that specify the maximum permissions for the accounts in your organization, and can help you enforce compliance and security requirements. AWS Organizations also simplifies billing
processes by enabling you to consolidate and pay for all member accounts with a single payment method. You can also use AWS Organizations to automate the creation of AWS accounts by using APIs or AWS CloudFormation templates.
Reference: What is AWS Organizations? Policy-Based Management – AWS Organizations
A
Explanation:
AWS Organizations is an AWS service that enables you to centrally manage and govern your AWS Cloud environments across multiple business units. AWS Organizations allows you to create an organization that consists of AWS accounts that you create or invite to join. You can group your accounts into organizational units (OUs) and apply service control policies (SCPs) to them. SCPs are a type of policy that specify the maximum permissions for the accounts in your organization, and can help you enforce compliance and security requirements. AWS Organizations also simplifies billing
processes by enabling you to consolidate and pay for all member accounts with a single payment method. You can also use AWS Organizations to automate the creation of AWS accounts by using APIs or AWS CloudFormation templates.
Reference: What is AWS Organizations? Policy-Based Management – AWS Organizations
Question #12
A company has an environment that includes Amazon EC2 instances, Amazon Lightsail, and on-premises servers. The company wants to automate the security updates for its operating systems and applications.
Which solution will meet these requirements with the LEAST operational effort?
- A . Use AWS Shield to identify and manage security events.
- B . Connect to each server by using a remote desktop connection. Run an update script.
- C . Use the AWS Systems Manager Patch Manager capability.
- D . Schedule Amazon GuardDuty to run on a nightly basis.
Correct Answer: C
C
Explanation:
AWS Systems Manager Patch Manager is a capability that allows users to automate the security updates for their operating systems and applications. It enables users to scan their instances for missing patches, define patch baselines, schedule patching windows, and monitor patch compliance. It supports Amazon EC2 instances, Amazon Lightsail instances, and on-premises servers. AWS Shield is a service that provides protection against Distributed Denial of Service (DDoS) attacks for AWS resources and services. It does not automate the security updates for operating systems and applications. Connecting to each server by using a remote desktop connection and running an update script is a manual and time-consuming solution that requires a lot of operational effort. It is not a recommended best practice for automating the security updates for operating systems and applications. Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for AWS accounts and resources. It does not automate the security updates for operating systems and applications.
C
Explanation:
AWS Systems Manager Patch Manager is a capability that allows users to automate the security updates for their operating systems and applications. It enables users to scan their instances for missing patches, define patch baselines, schedule patching windows, and monitor patch compliance. It supports Amazon EC2 instances, Amazon Lightsail instances, and on-premises servers. AWS Shield is a service that provides protection against Distributed Denial of Service (DDoS) attacks for AWS resources and services. It does not automate the security updates for operating systems and applications. Connecting to each server by using a remote desktop connection and running an update script is a manual and time-consuming solution that requires a lot of operational effort. It is not a recommended best practice for automating the security updates for operating systems and applications. Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for AWS accounts and resources. It does not automate the security updates for operating systems and applications.
Question #13
Which options are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
- A . Sustainability
- B . Security
- C . Operations
- D . Performance efficiency
- E . Reliability
Correct Answer: C,D
C,D
Explanation:
The options that are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF) are operations and performance efficiency. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The operations perspective capabilities are operations support, operations integration, and service management. The performance efficiency perspective focuses on the selection and configuration of the right cloud resources and services to meet the performance requirements of the applications, as well as the continuous improvement and innovation of the cloud solutions. The performance efficiency perspective capabilities are selection, review, and monitoring. Sustainability, security, and reliability are not perspectives of the AWS CAF, but they are aspects of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a guidance that helps users build and operate secure, reliable, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars, which are operational excellence, security, reliability, performance efficiency, and cost optimization. Sustainability is a cross-cutting theme that applies to all the pillars, and refers to the environmental and social impact of the cloud solutions.
C,D
Explanation:
The options that are perspectives that include foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF) are operations and performance efficiency. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The operations perspective capabilities are operations support, operations integration, and service management. The performance efficiency perspective focuses on the selection and configuration of the right cloud resources and services to meet the performance requirements of the applications, as well as the continuous improvement and innovation of the cloud solutions. The performance efficiency perspective capabilities are selection, review, and monitoring. Sustainability, security, and reliability are not perspectives of the AWS CAF, but they are aspects of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a guidance that helps users build and operate secure, reliable, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars, which are operational excellence, security, reliability, performance efficiency, and cost optimization. Sustainability is a cross-cutting theme that applies to all the pillars, and refers to the environmental and social impact of the cloud solutions.
Question #14
A company is using Amazon RDS.
A company is launching a critical business application in an AWS Region.
How can the company increase resilience for this application?
- A . Deploy a copy of the application in another AWS account.
- B . Deploy the application by using multiple VPCs.
- C . Deploy the application by using multiple subnets.
- D . Deploy the application by using multiple Availability Zones.
Correct Answer: D
D
Explanation:
Deploying the application by using multiple Availability Zones is the best way to increase resilience for the application. According to the Amazon RDS User Guide, "Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups."4 Deploying a copy of the application in another AWS account, using multiple VPCs, or using multiple subnets do not provide the same level of resilience as using multiple Availability Zones.
D
Explanation:
Deploying the application by using multiple Availability Zones is the best way to increase resilience for the application. According to the Amazon RDS User Guide, "Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups."4 Deploying a copy of the application in another AWS account, using multiple VPCs, or using multiple subnets do not provide the same level of resilience as using multiple Availability Zones.
Question #15
A company wants to know more about the benefits offered by cloud computing. The company wants to understand the operational advantage of agility.
How does AWS provide agility for users?
- A . The ability the ensure high availability by deploying workloads to multiple regions.
- B . A pay-as-you-go model for many services and resources
- C . The ability to transfer infrastructure management to the AWS Cloud
- D . The ability to provision and deprovision resources quickly with minimal effort
Correct Answer: D
Question #16
Which AWS service gives users the ability to deploy highly repeatable infrastructure configurations?
- A . AWS CloudFormation
- B . AWS CodeDeploy
- C . AWS CodeBuild
- D . AWS Systems Manager
Correct Answer: A
A
Explanation:
AWS CloudFormation allows users to define and deploy infrastructure as code, creating highly repeatable and consistent configurations across environments. It uses templates to automate the provisioning and management of resources. CodeDeploy focuses on application deployment, and Systems Manager offers operational management, but neither provides templated infrastructure deployment at the same level as CloudFormation.
A
Explanation:
AWS CloudFormation allows users to define and deploy infrastructure as code, creating highly repeatable and consistent configurations across environments. It uses templates to automate the provisioning and management of resources. CodeDeploy focuses on application deployment, and Systems Manager offers operational management, but neither provides templated infrastructure deployment at the same level as CloudFormation.
Question #17
Which AWS service or feature can a company use to determine which business unit is using specific
AWS resources?
- A . Cost allocation tags
- B . Key pairs
- C . Amazon Inspector
- D . AWS Trusted Advisor
Correct Answer: A
Question #18
Which AWS service or feature can the company use to limit the access to AWS services for member accounts?
- A . AWS Identity and Access Management (IAM)
- B . Service control policies (SCPs)
- C . Organizational units (OUs)
- D . Access control lists (ACLs)
Correct Answer: B
B
Explanation:
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines2. SCPs are available only in an organization that has all features enabled2.
B
Explanation:
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines2. SCPs are available only in an organization that has all features enabled2.
Question #19
Which AWS service or feature provides a firewall at the subnet level within a VPC?
- A . Security group
- B . Network ACL
- C . Elastic network interface
- D . AWS WAF
Correct Answer: B
B
Explanation:
A Network ACL (Access Control List) is a stateless firewall that controls inbound and outbound traffic at the subnet level within a VPC. It provides an additional layer of security to the VPC by allowing or denying traffic to and from a subnet based on defined rules.
B
Explanation:
A Network ACL (Access Control List) is a stateless firewall that controls inbound and outbound traffic at the subnet level within a VPC. It provides an additional layer of security to the VPC by allowing or denying traffic to and from a subnet based on defined rules.
Question #20
A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.
Which AWS offering will meet these requirements?
- A . Amazon EventBridge
- B . Compute Savings Plans
- C . AWS Budgets
- D . Migration Evaluator
Correct Answer: C
C
Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1
C
Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1