Practice Free CLF-C02 Exam Online Questions
Question #11
A company is running a workload in the AWS Cloud.
Which AWS best practice ensures the MOST cost-effective architecture for the workload?
- A . Loose coupling
- B . Rightsizing
- C . Caching
- D . Redundancy
Correct Answer: A
A
Explanation:
The AWS best practice that ensures the most cost-effective architecture for the workload is rightsizing. Rightsizing means selecting the most appropriate instance type or resourceconfiguration that matches the needs of the workload. Rightsizing can help optimize performance and reduce costs by avoiding over-provisioning or under-provisioning of resources1. Loose coupling, caching, and redundancy are other AWS best practices that can improve the scalability, availability, and performance of the workload, but they do not necessarily ensure the most cost-effective architecture.
A
Explanation:
The AWS best practice that ensures the most cost-effective architecture for the workload is rightsizing. Rightsizing means selecting the most appropriate instance type or resourceconfiguration that matches the needs of the workload. Rightsizing can help optimize performance and reduce costs by avoiding over-provisioning or under-provisioning of resources1. Loose coupling, caching, and redundancy are other AWS best practices that can improve the scalability, availability, and performance of the workload, but they do not necessarily ensure the most cost-effective architecture.
Question #12
Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?
- A . Elimination of expenses for running and maintaining data centers
- B . Price discounts that are identical to discounts from hardware providers
- C . Distribution of all operational controls to AWS
- D . Elimination of operational expenses
Correct Answer: A
A
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is: elimination of expenses for running and maintaining data centers. By moving on-premises workloads to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating physical servers, storage, network equipment, and facilities. These costs include hardware purchase, maintenance, repair, power, cooling, security, and staff. Users can also benefit from the pay-as-you-go pricing model of AWS, which allows them to pay only for the resources they use, and scale up or down as needed.
A
Explanation:
The advantage that users experience when they move on-premises workloads to the AWS Cloud is: elimination of expenses for running and maintaining data centers. By moving on-premises workloads to the AWS Cloud, users can reduce or eliminate the costs associated with owning and operating physical servers, storage, network equipment, and facilities. These costs include hardware purchase, maintenance, repair, power, cooling, security, and staff. Users can also benefit from the pay-as-you-go pricing model of AWS, which allows them to pay only for the resources they use, and scale up or down as needed.
Question #13
Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instances?
- A . Network ACLs
- B . Security groups
- C . AWS Trusted Advisor
- D . AWS WAF
Correct Answer: B
B
Explanation:
Security groups are the AWS service or feature that can be used to apply security rules to specific Amazon EC2 instances. Security groups are virtual firewalls that control the inbound and outbound traffic for one or more instances. Customers can create security groups and add rules that reflect the role of the instance that is associated with the security group. For example, a web server instance needs security group rules that allow inbound HTTP and HTTPS access, while a database instance needs rules that allow access for the type of database12. Security groups are stateful, meaning that the responses to allowed inbound traffic are alsoallowed, regardless of the outbound rules1. Customers can assign multiple security groups to an instance, and the rules from each security group are effectively aggregated to create one set of rules1.
Network ACLs are another AWS service or feature that can be used to control the traffic for a subnet. Network ACLs are stateless, meaning that they do not track the traffic that they allow. Therefore, customers must add rules for both inbound and outbound traffic3. Network ACLs are applied at the subnet level, not at the instance level.
AWS Trusted Advisor is an AWS service that provides best practice recommendations for security, performance, cost optimization, and fault tolerance. AWS Trusted Advisor does not apply security rules to specific Amazon EC2 instances, but it can help customers identify security gaps and improve their security posture4.
AWS WAF is an AWS service that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. AWS WAF does not apply security rules to specific Amazon EC2 instances, but it can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer.
B
Explanation:
Security groups are the AWS service or feature that can be used to apply security rules to specific Amazon EC2 instances. Security groups are virtual firewalls that control the inbound and outbound traffic for one or more instances. Customers can create security groups and add rules that reflect the role of the instance that is associated with the security group. For example, a web server instance needs security group rules that allow inbound HTTP and HTTPS access, while a database instance needs rules that allow access for the type of database12. Security groups are stateful, meaning that the responses to allowed inbound traffic are alsoallowed, regardless of the outbound rules1. Customers can assign multiple security groups to an instance, and the rules from each security group are effectively aggregated to create one set of rules1.
Network ACLs are another AWS service or feature that can be used to control the traffic for a subnet. Network ACLs are stateless, meaning that they do not track the traffic that they allow. Therefore, customers must add rules for both inbound and outbound traffic3. Network ACLs are applied at the subnet level, not at the instance level.
AWS Trusted Advisor is an AWS service that provides best practice recommendations for security, performance, cost optimization, and fault tolerance. AWS Trusted Advisor does not apply security rules to specific Amazon EC2 instances, but it can help customers identify security gaps and improve their security posture4.
AWS WAF is an AWS service that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. AWS WAF does not apply security rules to specific Amazon EC2 instances, but it can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer.
Question #14
Which AWS service is used to provide encryption for Amazon EBS?
- A . AWS Certificate Manager
- B . AWS Systems Manager
- C . AWS KMS
- D . AWS Config
Correct Answer: C
C
Explanation:
AWS KMS is the service that is used to provide encryption for Amazon EBS. AWS KMS is a managed service that enables you to easily create and control the encryption keys used to encrypt your data.Amazon EBS uses AWS KMS to encrypt and decrypt your EBS volumes and snapshots. You can choose to use either the default AWS managed CMK or your own customer managed CMK for encryption. AWS KMS also provides features such as key rotation, audit logging, and access control policies to help you manage your encryption keys and protect your data12. The other services are not used to provide encryption for Amazon EBS. AWS Certificate Manager is a service that lets you provision, manage, and deploy public and private SSL/TLScertificates for use with AWS services and your internal connected resources3. AWS Systems Manager is a service that provides a unified user interface to view and manage your AWS resources, automate common operational tasks, and apply compliance policies4. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Reference: Amazon EBS encryption, AWS Key Management Service, AWS Certificate Manager, AWS Systems Manager, [AWS Config]
C
Explanation:
AWS KMS is the service that is used to provide encryption for Amazon EBS. AWS KMS is a managed service that enables you to easily create and control the encryption keys used to encrypt your data.Amazon EBS uses AWS KMS to encrypt and decrypt your EBS volumes and snapshots. You can choose to use either the default AWS managed CMK or your own customer managed CMK for encryption. AWS KMS also provides features such as key rotation, audit logging, and access control policies to help you manage your encryption keys and protect your data12. The other services are not used to provide encryption for Amazon EBS. AWS Certificate Manager is a service that lets you provision, manage, and deploy public and private SSL/TLScertificates for use with AWS services and your internal connected resources3. AWS Systems Manager is a service that provides a unified user interface to view and manage your AWS resources, automate common operational tasks, and apply compliance policies4. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
Reference: Amazon EBS encryption, AWS Key Management Service, AWS Certificate Manager, AWS Systems Manager, [AWS Config]
Question #15
Which AWS service or tool provides users with a graphical interface that they can use to manage AWS services?
- A . AWS Copilot
- B . AWS CLI
- C . AWS Management Console
- D . AWS software development kits (SDKs)
Correct Answer: C
C
Explanation:
The AWS Management Console provides a web-based graphical user interface (GUI) that allows users to manage AWS services. It is user-friendly and accessible, enabling users to control and configure resources without needing to interact with AWS through code or command-line interfaces. AWS CLI and SDKs are command-line and programming tools, respectively, and do not offer a graphical interface.
C
Explanation:
The AWS Management Console provides a web-based graphical user interface (GUI) that allows users to manage AWS services. It is user-friendly and accessible, enabling users to control and configure resources without needing to interact with AWS through code or command-line interfaces. AWS CLI and SDKs are command-line and programming tools, respectively, and do not offer a graphical interface.
Question #16
A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high end client hardware?
- A . Amazon AppStream 2.0
- B . AWS AppSync
- C . Amazon WorkLink
- D . AWS Elastic Beanstalk
Correct Answer: A
A
Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access to internalwebsites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using popular platforms such as Java, .NET, PHP, and Node.js.
Reference: [Amazon AppStream 2.0 FAQs]
A
Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access to internalwebsites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using popular platforms such as Java, .NET, PHP, and Node.js.
Reference: [Amazon AppStream 2.0 FAQs]
Question #17
Which AWS service can create a private network connection from on premises to the AWS Cloud?
- A . AWS Config
- B . Virtual Private Cloud (Amazon VPC)
- C . AWS Direct Connect
- D . Amazon Route 53
Correct Answer: C
C
Explanation:
AWS Direct Connect provides a dedicated private network connection from on-premises data centers directly to the AWS Cloud, bypassing the public internet. This setup is ideal for reducing network costs, increasing bandwidth throughput, and providing a more consistent network experience compared to standard internet connections. Other services, such as Amazon VPC, relate to networking but do not establish a private network connection from on-premises to AWS.
C
Explanation:
AWS Direct Connect provides a dedicated private network connection from on-premises data centers directly to the AWS Cloud, bypassing the public internet. This setup is ideal for reducing network costs, increasing bandwidth throughput, and providing a more consistent network experience compared to standard internet connections. Other services, such as Amazon VPC, relate to networking but do not establish a private network connection from on-premises to AWS.
Question #18
A company wants high levels of detection and near-real-time (NRT) mitigation against large and sophisticated distributed denial of service (DDoS) attacks on applications running on AWS.
Which AWS service should the company use?
- A . Amazon GuardDuty
- B . Amazon Inspector
- C . AWS Shield Advanced
- D . Amazon Macie
Correct Answer: C
C
Explanation:
AWS Shield Advanced is a service that provides high levels of detection and near-real-time (NRT) mitigation against large and sophisticated distributed denial of service (DDoS) attacks on applications running on AWS. AWS Shield Advanced also provides you with 24×7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration1. Amazon GuardDuty is a service that provides threat detection for your AWS accounts and workloads, but itdoes not offer DDoS protection3. Amazon Inspector is a service that helps you improve the security and compliance of your applications deployed on AWS by automatically assessing them for vulnerabilities and deviations from best practices. Amazon Macie is a service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
C
Explanation:
AWS Shield Advanced is a service that provides high levels of detection and near-real-time (NRT) mitigation against large and sophisticated distributed denial of service (DDoS) attacks on applications running on AWS. AWS Shield Advanced also provides you with 24×7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration1. Amazon GuardDuty is a service that provides threat detection for your AWS accounts and workloads, but itdoes not offer DDoS protection3. Amazon Inspector is a service that helps you improve the security and compliance of your applications deployed on AWS by automatically assessing them for vulnerabilities and deviations from best practices. Amazon Macie is a service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS.
Question #19
Which AWS service should a cloud engineer use to view API calls to AWS services?
- A . Amazon CloudWatch
- B . AWS CloudTrail
- C . AWS Config
- D . AWS Artifact
Correct Answer: B
B
Explanation:
The correct answer is B because AWS CloudTrail is an AWS service that a cloud engineer can use to view API calls to AWS services. AWS CloudTrail is a service that enables customers to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Customers can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not AWS services that a cloud engineer can use to view API calls to AWS services. Amazon CloudWatch is an AWS service that enables customers to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Config is an AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Artifact is an AWS service that provides customers with on-demand access to AWS compliance reports and select online agreements.
Reference: AWS CloudTrail FAQs
B
Explanation:
The correct answer is B because AWS CloudTrail is an AWS service that a cloud engineer can use to view API calls to AWS services. AWS CloudTrail is a service that enables customers to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Customers can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not AWS services that a cloud engineer can use to view API calls to AWS services. Amazon CloudWatch is an AWS service that enables customers to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Config is an AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Artifact is an AWS service that provides customers with on-demand access to AWS compliance reports and select online agreements.
Reference: AWS CloudTrail FAQs
Question #20
Which AWS service or feature is an example of a relational database management system?
- A . Amazon Athena
- B . Amazon Redshift
- C . Amazon S3 Select
- D . Amazon Kinesis Data Streams
Correct Answer: B
B
Explanation:
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers. Amazon Redshift is a relational database management system (RDBMS), so it is compatible with other RDBMS applications. You can use standard SQL to query the data.
B
Explanation:
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers. Amazon Redshift is a relational database management system (RDBMS), so it is compatible with other RDBMS applications. You can use standard SQL to query the data.