Practice Free CLF-C02 Exam Online Questions
Question #191
A company has developed a distributed application that recovers gracefully from interruptions. The application periodically processes large volumes of data by using multiple Amazon EC2 instances. The application is sometimes idle for months.
Which EC2 instance purchasing option is MOST cost-effective for this use case?
- A . Reserved Instances
- B . Spot Instances
- C . Dedicated Instances
- D . On-Demand Instances
Correct Answer: B
B
Explanation:
Spot Instances are instances that use spare EC2 capacity that is available for up to 90% off the On-Demand price. Because Spot Instances can be interrupted by EC2 with two minutes of notification when EC2 needs the capacity back, you can use them for applications that have flexible start and end times, or that can withstand interruptions5. This option is most cost-effective for the use case described in the question. Reserved Instances are instances that you purchase for a one-year or three-year term, and pay a lower hourly rate compared to On-Demand Instances. This option is suitable for applications that have steady state or predictable usage. Dedicated Instances are instances that run on hardware that’s dedicated to a single customer within an Amazon VPC. This option is suitable for applications that have stringent regulatory or compliance requirements. On-Demand Instances are instances that you pay for by the second, with no long-term commitments or upfront payments. This option is suitable for applications that have unpredictable or intermittent workloads.
B
Explanation:
Spot Instances are instances that use spare EC2 capacity that is available for up to 90% off the On-Demand price. Because Spot Instances can be interrupted by EC2 with two minutes of notification when EC2 needs the capacity back, you can use them for applications that have flexible start and end times, or that can withstand interruptions5. This option is most cost-effective for the use case described in the question. Reserved Instances are instances that you purchase for a one-year or three-year term, and pay a lower hourly rate compared to On-Demand Instances. This option is suitable for applications that have steady state or predictable usage. Dedicated Instances are instances that run on hardware that’s dedicated to a single customer within an Amazon VPC. This option is suitable for applications that have stringent regulatory or compliance requirements. On-Demand Instances are instances that you pay for by the second, with no long-term commitments or upfront payments. This option is suitable for applications that have unpredictable or intermittent workloads.
Question #192
A user discovered that an Amazon EC2 instance is missing an Amazon Elastic Block Store (Amazon EBS) data volume. The user wants to determine when the EBS volume was removed.
Which AWS service will provide this information?
- A . AWS Config
- B . AWS Trusted Advisor
- C . Amazon Timestream
- D . Amazon QuickSight
Correct Answer: A
A
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config can help you determine when an EBS volume was removed from an EC2 instance by providing a timeline of configuration changes and compliance status. AWS Trusted Advisor, Amazon Timestream, and Amazon QuickSight do not provide the same level of configuration tracking and auditing as AWS Config. Source: AWS Config
A
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config can help you determine when an EBS volume was removed from an EC2 instance by providing a timeline of configuration changes and compliance status. AWS Trusted Advisor, Amazon Timestream, and Amazon QuickSight do not provide the same level of configuration tracking and auditing as AWS Config. Source: AWS Config
Question #193
Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?
- A . AWS Pricing Calculator
- B . AWS Compute Optimizer
- C . AWS App Runner
- D . AWS Systems Manager
Correct Answer: B
B
Explanation:
The AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data is AWS Compute Optimizer. AWS Compute Optimizer is a service that analyzes the configuration and performance of the AWS resources, such as Amazon EC2 instances, and provides recommendations for optimal resource types and sizes based on the workload patterns and metrics. AWS Compute Optimizer helps users improve the performance, availability, and cost efficiency of their AWS resources. AWS Pricing Calculator, AWS App Runner, and AWS Systems Manager are not the best services or tools to use for this purpose. AWS Pricing Calculator is a tool that helps users estimate the cost of using AWS services based on their requirements and preferences. AWS App Runner is a service that helps users easily and quickly deploy web applications and APIs without managing any infrastructure. AWS Systems Manager is a service that helps users automate and manage the configuration and operation of their AWS resources and applications34
B
Explanation:
The AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data is AWS Compute Optimizer. AWS Compute Optimizer is a service that analyzes the configuration and performance of the AWS resources, such as Amazon EC2 instances, and provides recommendations for optimal resource types and sizes based on the workload patterns and metrics. AWS Compute Optimizer helps users improve the performance, availability, and cost efficiency of their AWS resources. AWS Pricing Calculator, AWS App Runner, and AWS Systems Manager are not the best services or tools to use for this purpose. AWS Pricing Calculator is a tool that helps users estimate the cost of using AWS services based on their requirements and preferences. AWS App Runner is a service that helps users easily and quickly deploy web applications and APIs without managing any infrastructure. AWS Systems Manager is a service that helps users automate and manage the configuration and operation of their AWS resources and applications34
Question #194
A company is running a key-value NoSQL workload on Amazon EC2 instances. The company needs the workload to have scalability, failover protection, and backup capabilities.
What is the MOST operationally efficient way to meet these requirements?
- A . Add additional EC2 instances to the database cluster.
- B . Run an identical copy of the database in a second Availability Zone.
- C . Migrate the database to Amazon DynamoDB.
- D . Migrate the database to a relational database.
Correct Answer: C
Question #195
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of:
- A . a loosely coupled architecture.
- B . a tightly coupled architecture.
- C . a stateless architecture.
- D . a stateful architecture.
Correct Answer: A
A
Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled architecture. A loosely coupled architecture is one where the components are independent and can communicate with each other through well-defined interfaces. This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are interdependent and rely on each other for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected Framework
A
Explanation:
Using Amazon Elastic Container Service (Amazon ECS) to break down a monolithic architecture into microservices is an example of a loosely coupled architecture. A loosely coupled architecture is one where the components are independent and can communicate with each other through well-defined interfaces. This allows for greater scalability, flexibility, and resilience. A tightly coupled architecture is one where the components are interdependent and rely on each other for functionality. This can lead to increased complexity, fragility, and difficulty in changing or scaling the system. Amazon ECS OverviewAWS Well-Architected Framework
Question #196
Which of the following are components of an AWS Site-to-Site VPN connection? (Select TWO.)
- A . AWS Storage Gateway
- B . Virtual private gateway
- C . NAT gateway
- D . Customer gateway
- E . Internet gateway
Correct Answer: B,D
B,D
Explanation:
The correct answers are B and D because a virtual private gateway and a customer gateway are components of an AWS Site-to-Site VPN connection. A virtual private gateway is the AWS side of the VPN connection that attaches to the customer’s VPC. A customer gateway is the customer side of the VPN connection that resides in the customer’s network. The other options are incorrect because they are not components of an AWS Site-to-Site VPN connection. AWS Storage Gateway is a service that connects on-premises software applications with cloud-based storage. NAT gateway is a service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. Internet gateway is a service that enables communication between instances in a VPC and the internet.
Reference: [What is AWS Site-to-Site VPN?]
B,D
Explanation:
The correct answers are B and D because a virtual private gateway and a customer gateway are components of an AWS Site-to-Site VPN connection. A virtual private gateway is the AWS side of the VPN connection that attaches to the customer’s VPC. A customer gateway is the customer side of the VPN connection that resides in the customer’s network. The other options are incorrect because they are not components of an AWS Site-to-Site VPN connection. AWS Storage Gateway is a service that connects on-premises software applications with cloud-based storage. NAT gateway is a service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. Internet gateway is a service that enables communication between instances in a VPC and the internet.
Reference: [What is AWS Site-to-Site VPN?]
Question #197
A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic.
Which AWS service will meet these requirements?
- A . Amazon GuardDuty
- B . AWSWAF
- C . Amazon Macie
- D . AWS Shield
Correct Answer: B
B
Explanation:
The AWS service that will meet the requirements of the company that is hosting a web application on Amazon EC2 instances and wants to implement custom conditions to filter and control inbound web traffic is AWS WAF. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, Amazon Macie, and AWS Shield are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. Amazon Macie is a data security and data privacy service that uses machine learning and pattern matching to discover, classify, and protect sensitive data stored in Amazon S3. AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS. These services are more useful for detecting and preventing different types of threats and attacks, rather than filtering and controlling inbound web traffic based on custom conditions.
B
Explanation:
The AWS service that will meet the requirements of the company that is hosting a web application on Amazon EC2 instances and wants to implement custom conditions to filter and control inbound web traffic is AWS WAF. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, Amazon Macie, and AWS Shield are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. Amazon Macie is a data security and data privacy service that uses machine learning and pattern matching to discover, classify, and protect sensitive data stored in Amazon S3. AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS. These services are more useful for detecting and preventing different types of threats and attacks, rather than filtering and controlling inbound web traffic based on custom conditions.
Question #198
Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility model?
- A . Configuration of Amazon EC2 instance operating systems
- B . Application file system server-side encryption
- C . Patch management
- D . Security of the physical infrastructure
Correct Answer: C
C
Explanation:
AWS Shared Responsibility Model Overview:
AWS manages securityofthe cloud, including physical infrastructure and foundational services. Customers are responsible for securityinthe cloud, which includes operating system configuration, data encryption, and application patch management.
Why Patch Management Is Shared:
AWS is responsible for patching the underlying infrastructure.
Customers are responsible for patching the operating system and applications they install on their resources (e.g., EC2 instances).
Why Other Options Are Incorrect:
C
Explanation:
AWS Shared Responsibility Model Overview:
AWS manages securityofthe cloud, including physical infrastructure and foundational services. Customers are responsible for securityinthe cloud, which includes operating system configuration, data encryption, and application patch management.
Why Patch Management Is Shared:
AWS is responsible for patching the underlying infrastructure.
Customers are responsible for patching the operating system and applications they install on their resources (e.g., EC2 instances).
Why Other Options Are Incorrect:
Question #199
Which AWS services allow users to monitor and retain records of account activities that include governance, compliance, and auditing? (Select TWO.)
- A . Amazon CloudWatch
- B . AWS CloudTrail
- C . Amazon GuardDuty
- D . AWS Shield
- E . AWS WAF
Correct Answer: A,B
A,B
Explanation:
Amazon CloudWatch and AWS CloudTrail are the AWS services that allow users to monitor and retain records of account activities that include governance, compliance, and auditing. Amazon CloudWatch is a service that collects and tracks metrics, collects and monitors log files, and sets alarms. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. Amazon GuardDuty, AWS Shield, and AWS WAF are AWS services that provide security and protection for AWS resources, but they do not monitor and retain records
of account activities. These concepts are explained in the AWS Cloud Practitioner Essentials course3.
A,B
Explanation:
Amazon CloudWatch and AWS CloudTrail are the AWS services that allow users to monitor and retain records of account activities that include governance, compliance, and auditing. Amazon CloudWatch is a service that collects and tracks metrics, collects and monitors log files, and sets alarms. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. Amazon GuardDuty, AWS Shield, and AWS WAF are AWS services that provide security and protection for AWS resources, but they do not monitor and retain records
of account activities. These concepts are explained in the AWS Cloud Practitioner Essentials course3.
Question #200
In which situations should a company create an 1AM user instead of an 1AM role? (Select TWO.)
- A . When an application that runs on Amazon EC2 instances requires access to other AWS services
- B . When the company creates AWS access credentials for individuals
- C . When the company creates an application that runs on a mobile phone that makes requests to AWS
- D . When the company needs to add users to 1AM groups
- E . When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time
Correct Answer: B,D
B,D
Explanation:
AnIAM useris created when the company needs to provide unique credentials (username and password) to individuals who need access to the AWS Management Console or programmatic access (using access keys) to AWS services.
B. When the company creates AWS access credentials for individuals: Correct, as an IAM user is created to provide credentials for specific individuals.
D. When the company needs to add users to IAM groups: Correct, as IAM users can be added to groups to apply permissions and policies at a group level.
B,D
Explanation:
AnIAM useris created when the company needs to provide unique credentials (username and password) to individuals who need access to the AWS Management Console or programmatic access (using access keys) to AWS services.
B. When the company creates AWS access credentials for individuals: Correct, as an IAM user is created to provide credentials for specific individuals.
D. When the company needs to add users to IAM groups: Correct, as IAM users can be added to groups to apply permissions and policies at a group level.