Practice Free CLF-C02 Exam Online Questions
What is the MOST secure way to store passwords on AWS?
- A . Store passwords in an Amazon S3 bucket.
- B . Store passwords as AWS CloudFormation parameters
- C . Store passwords in AWS Storage Gateway.
- D . Store passwords in AWS Secrets Manager.
D
Explanation:
AWS Secrets Manager is the most secure way to store and manage sensitive information, such as passwords, database credentials, and API keys. Secrets Manager allows you to: Securely store and rotate secrets.
Automatically manage secret rotation without disrupting applications.
Integrate with AWS services and third-party applications to retrieve secrets securely.
Why other options are not suitable:
A company is building AWS architecture to deliver real-time data feeds from an on-premises data center into an application that runs on AWS. The company needs a consistent network connection with minimal latency.
What should the company use to connect the application and the data center to meet these requirements?
- A . AWS Direct Connect
- B . Public internet
- C . AWS VPN
- D . Amazon Connect
A
Explanation:
AWS Direct Connect provides a dedicated, low-latency, and consistent network connection between on-premises data centers and AWS. This private connection minimizes latency and improves network stability compared to a public internet connection or VPN. AWS Direct Connect is ideal for applications requiring real-time data transfer with minimal latency.
Which design principle is related to the reliability pillar according to the AWS Well-Architected Framework?
- A . Test recovery procedures
- B . Experiment more often
- C . Go global in minutes
- D . Analyze and attribute to expenditure
A
Explanation:
The reliability pillar of the AWS Well-Architected Framework includes the principle of testing recovery procedures to ensure systems can effectively recover from failures. Regular testing of recovery processes helps verify that systems are resilient and can handle potential disruptions. The other options align with different pillars like cost optimization and operational excellence.
Which benefit does Amazon Rekognition provide?
- A . The ability to place watermarks on images
- B . The ability to detect objects that appear in pictures
- C . The ability to resize millions of images automatically
- D . The ability to bid on object detection jobs
B
Explanation:
Amazon Rekognition is a service that provides deep learning-based image and video analysis. One of the benefits of Amazon Rekognition is the ability to detect objects that appear in pictures, such as faces, landmarks, animals, text, and scenes. This can enable applications to perform tasks such as face recognition, face verification, face comparison, face search, celebrity recognition, emotion detection, age range estimation, gender identification, facial analysis, facial expression recognition, and more. Amazon Rekognition Overview AWS Certified Cloud Practitioner – aws.amazon.com
A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances. Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased.
The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.
Which AWS service or tool should the company use to meet these requirements?
- A . AWS Systems Manager
- B . Cost Explorer
- C . AWS Trusted Advisor
- D . AWS Organizations
D
Explanation:
AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. With AWS Organizations, you can apply service control policies (SCPs) across multiple AWS accounts to restrict what services and actions users and roles can access. You can also use AWS Organizations to enable features such as consolidated billing, AWS Config rules and conformance packs, and AWS CloudFormation StackSets across multiple accounts3. One of the benefits of using AWS Organizations is that you can share your Reserved Instances (RIs) with all of the accounts in your organization. This enables you to take advantage of the billing benefits of RIs without having to specify which account will use them4. AWS Systems Manager is a service that gives you visibility and control of your infrastructure on AWS. Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time. AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices. None of these services or tools can help you manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.
A company is running its application in the AWS Cloud. The company wants to periodically review its AWS account for cost optimization opportunities.
Which AWS service or tool can the company use to meet these requirements?
- A . AWS Cost Explorer
- B . AWS Trusted Advisor
- C . AWS Pricing
- D . AWS Budgets
A
Explanation:
AWS Cost Explorer is an AWS service or tool that the company can use to periodically review its AWS account for cost optimization opportunities. AWS Cost Explorer is a tool that enables the company to visualize, understand, and manage their AWS costs and usage over time. The company can use AWS Cost Explorer to access interactive graphs and tables that show the breakdown of their costs and usage by service, region, account, tag, and more. The company can also use AWS Cost Explorer to forecast their future costs, identify trends and anomalies, and discover potential savings by using Reserved Instances or Savings Plans.
Which best practice for cost governance does this example show?
- A . Resource controls
- B . Cost allocation
- C . Architecture optimization
- D . Tagging enforcement
C
Explanation:
Architecture optimization is the best practice for cost governance that this example shows. Architecture optimization is the process of designing and implementing AWS solutions that are efficient, scalable, and cost-effective. By using specific AWS services to improve efficiency and reduce cost, the company is following the architecture optimization best practice. Some of the techniques for architecture optimization include using the right size and type of resources, leveraging elasticity and scalability, choosing the most suitable storage class, and using serverless and managed services2.
Which AWS Cloud benefit gives a company the ability to quickly deploy cloud resources to access compute, storage, and database infrastructures in a matter of minutes?
- A . Elasticity
- B . Cost savings
- C . Agility
- D . Reliability
C
Explanation:
Agility is the AWS Cloud benefit that gives a company the ability to quickly deploy cloud resources to access compute, storage, and database infrastructures in a matter of minutes. Agility means that you can reduce the time to make IT resources available to your developers from weeks to just minutes, resulting in a dramatic increase in innovation and responsiveness1. AWS provides a range of services and tools that enable you to launch, scale, and manage your cloud applications with ease and speed, such as AWS CloudFormation, AWS Elastic Beanstalk, AWS CodeDeploy, and AWS Quick Starts2345.
Reference: Six advantages of cloud computing – Overview of Amazon Web Services
[AWS CloudFormation]
[AWS Elastic Beanstalk]
[AWS CodeDeploy]
AWS Quick Starts
Which credential allows programmatic access to AWS resources for use from the AWS CLI or the AWS API?
- A . User name and password
- B . Access keys
- C . SSH public keys
- D . AWS Key Management Service (AWS KMS) keys
B
Explanation:
Access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS using the AWS CLI or AWS API1. User name and password are credentials that you use to sign in to the AWS Management Console or the AWS Management Console mobile app2. SSH public keys are credentials that you use to authenticate with EC2 instances that are launched from certain Linux AMIs3. AWS Key Management Service (AWS KMS) keys are customer master keys (CMKs) that you use to encrypt and decrypt your data and to control access to your data across AWS services and in your applications4.
A company deployed an application on an Amazon EC2 instance. The application ran as expected for 6 months. In the past week, users have reported latency issues. A system administrator found that the CPU utilization was at 100% during business hours. The company wants a scalable solution to meet demand.
Which AWS service or feature should the company use to handle the load for its application during periods of high demand?
- A . Auto Scaling groups
- B . AWS Global Accelerator
- C . Amazon Route 53
- D . An Elastic IP address
A
Explanation:
Auto Scaling groups are a feature that allows users to automatically scale the number of Amazon EC2 instances up or down based on demand or a predefined schedule. Auto Scaling groups can help improve the performance and availability of applications by adjusting the capacity in response to traffic fluctuations1. AWS Global Accelerator is a service that improves the availability and performance of applications by routing traffic through AWS edge locations2. Amazon Route 53 is a service that provides scalable and reliable domain name system (DNS) service3. An Elastic IP address is a static IPv4 address that can be associated with an Amazon EC2 instance4.