Practice Free CLF-C02 Exam Online Questions
Question #221
A company needs a firewall that will control network connections to and from a single Amazon EC2 instance. This firewall will not control network connections to and from other instances that are in the same subnet.
Which AWS service or feature can the company use to meet these requirements?
- A . Network ACL
- B . AWS WAF
- C . Route table
- D . Security group
Correct Answer: D
D
Explanation:
ASecurity Groupacts as a virtual firewall for your Amazon EC2 instances to control inbound and outbound traffic. It provides granular control over network connections to and from a specific EC2 instance or set of instances. Unlike Network ACLs, which operate at the subnet level, Security Groups operate at the instance level, allowing control over network traffic for individual instances.
D
Explanation:
ASecurity Groupacts as a virtual firewall for your Amazon EC2 instances to control inbound and outbound traffic. It provides granular control over network connections to and from a specific EC2 instance or set of instances. Unlike Network ACLs, which operate at the subnet level, Security Groups operate at the instance level, allowing control over network traffic for individual instances.
Question #222
A company wants to minimize network latency between its Amazon EC2 instances. The EC2 instances do not need to be highly available.
Which solution meets these requirements?
- A . Use EC2 instances in a single Availability Zone.
- B . Use Amazon CloudFront as the database for the EC2 instances.
- C . Use EC2 instances in the same edge location and the same Availability Zone.
- D . Use EC2 instances in the same edge location and the same AWS Region.
Correct Answer: A
A
Explanation:
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not needing high availability. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However, EC2 instances in a single Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone
A
Explanation:
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not needing high availability. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However, EC2 instances in a single Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone
Question #223
A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds.
Which AWS service meets these requirements?
- A . Amazon CloudFront
- B . Elastic Load Balancing
- C . Amazon S3
- D . Amazon Elastic Transcoder
Correct Answer: A
A
Explanation:
The correct answer is A because Amazon CloudFront is an AWS service that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds. Amazon CloudFront is a fast content delivery network (CDN) that integrates with other AWS services, such as Amazon S3, Amazon EC2, AWS Lambda, and AWS Shield. Amazon CloudFront delivers content through a worldwide network of edge locations that are located close to the end users. The other options are incorrect because they are not AWS services that provide secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds. Elastic Load Balancing is an AWS service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. Amazon S3 is an AWS service that provides object storage for data of any size and type. Amazon Elastic Transcoder is an AWS service that converts media files from their original source format into different formats that will play on various devices.
Reference: Amazon CloudFront FAQs
A
Explanation:
The correct answer is A because Amazon CloudFront is an AWS service that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds. Amazon CloudFront is a fast content delivery network (CDN) that integrates with other AWS services, such as Amazon S3, Amazon EC2, AWS Lambda, and AWS Shield. Amazon CloudFront delivers content through a worldwide network of edge locations that are located close to the end users. The other options are incorrect because they are not AWS services that provide secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds. Elastic Load Balancing is an AWS service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. Amazon S3 is an AWS service that provides object storage for data of any size and type. Amazon Elastic Transcoder is an AWS service that converts media files from their original source format into different formats that will play on various devices.
Reference: Amazon CloudFront FAQs
Question #224
A company wants to centrally manage security policies and billing services within a multi-account AWS environment.
Which AWS service should the company use to meet these requirements?
- A . AWS Identity and Access Management (IAM)
- B . AWS Organizations
- C . AWS Resource Access Manager (AWS RAM)
- D . AWS Config
Correct Answer: B
B
Explanation:
AWS Organizations is a service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. You can use AWS Organizations to create groups of accounts and apply policies to them. You can also use AWS Organizations to consolidate billing for multiple accounts.
Therefore, the correct answer is B. You can learn more about AWS Organizations and its features.
B
Explanation:
AWS Organizations is a service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. You can use AWS Organizations to create groups of accounts and apply policies to them. You can also use AWS Organizations to consolidate billing for multiple accounts.
Therefore, the correct answer is B. You can learn more about AWS Organizations and its features.
Question #225
Which AWS Cloud design principle is a company using when the company implements AWS CloudTrail?
- A . Activate traceability.
- B . Use serverless compute architectures.
- C . Perform operations as code.
- D . Go global in minutes.
Correct Answer: A
A
Explanation:
By implementingAWS CloudTrail, a company is adhering to the AWS Cloud design principle ofactivating traceability. AWS CloudTrail provides detailed logs of all API calls made in an AWS account, which helps monitor, troubleshoot, and detect unusual activity, thereby improving security and compliance. This supports the principle of "activating traceability" by enabling continuous monitoring and auditing of all actions and changes within the AWS environment.
B. Use serverless compute architectures: Incorrect, as this principle encourages the use of managed services that handle infrastructure, such as AWS Lambda, and is not directly related to CloudTrail.
C. Perform operations as code: Incorrect, as this principle emphasizes the use of code and automation for infrastructure management.
D. Go global in minutes: Incorrect, as this principle relates to the global deployment of applications and services.
AWS Cloud
Reference: AWS Well-Architected Framework
AWS CloudTrail
A
Explanation:
By implementingAWS CloudTrail, a company is adhering to the AWS Cloud design principle ofactivating traceability. AWS CloudTrail provides detailed logs of all API calls made in an AWS account, which helps monitor, troubleshoot, and detect unusual activity, thereby improving security and compliance. This supports the principle of "activating traceability" by enabling continuous monitoring and auditing of all actions and changes within the AWS environment.
B. Use serverless compute architectures: Incorrect, as this principle encourages the use of managed services that handle infrastructure, such as AWS Lambda, and is not directly related to CloudTrail.
C. Perform operations as code: Incorrect, as this principle emphasizes the use of code and automation for infrastructure management.
D. Go global in minutes: Incorrect, as this principle relates to the global deployment of applications and services.
AWS Cloud
Reference: AWS Well-Architected Framework
AWS CloudTrail
Question #226
An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which cost is the company’s direct responsibility?
- A . Cost of application software licenses
- B . Cost of the hardware infrastructure on AWS
- C . Cost of power for the AWS servers
- D . Cost of physical security for the AWS data center
Correct Answer: A
A
Explanation:
The cost of application software licenses is the company’s direct responsibility when it migrates its IT infrastructure from an on-premises data center to the AWS Cloud. Application software licenses are the agreements that grant users the right to use specific software products, such as operating systems, databases, or applications. Depending on the type and terms of the license, users may need to pay a fee to the software vendor or provider to use the software legally and access its features and updates. When users migrate their IT infrastructure to the AWS Cloud, they can choose to buy new licenses from AWS, bring their own licenses (BYOL), or use a combination of both. However, regardless of the option they choose, they are still responsible for complying with the license terms and paying the license fees to the software vendor or provider. AWS does not charge users for the application software licenses they bring or buy, but only for the AWS resources they use to run their applications. Therefore, thecost of application software licenses is the only cost among the options that is the company’s direct responsibility. The other costs are either included in the AWS service fees or covered by AWS.
: AWS License Manager Pricing, Software licensing: The blind spot in public cloud costs, Cost Optimization tips for SQL Server Licenses on AWS, Microsoft Licensing on AWS
A
Explanation:
The cost of application software licenses is the company’s direct responsibility when it migrates its IT infrastructure from an on-premises data center to the AWS Cloud. Application software licenses are the agreements that grant users the right to use specific software products, such as operating systems, databases, or applications. Depending on the type and terms of the license, users may need to pay a fee to the software vendor or provider to use the software legally and access its features and updates. When users migrate their IT infrastructure to the AWS Cloud, they can choose to buy new licenses from AWS, bring their own licenses (BYOL), or use a combination of both. However, regardless of the option they choose, they are still responsible for complying with the license terms and paying the license fees to the software vendor or provider. AWS does not charge users for the application software licenses they bring or buy, but only for the AWS resources they use to run their applications. Therefore, thecost of application software licenses is the only cost among the options that is the company’s direct responsibility. The other costs are either included in the AWS service fees or covered by AWS.
: AWS License Manager Pricing, Software licensing: The blind spot in public cloud costs, Cost Optimization tips for SQL Server Licenses on AWS, Microsoft Licensing on AWS
Question #227
Which design principle is included in the operational excellence pillar of the AWS Well-Architected Framework?
- A . Create annotated documentation.
- B . Anticipate failure.
- C . Ensure performance efficiency.
- D . Optimize costs.
Correct Answer: A
A
Explanation:
Create annotated documentation is the design principle that is included in the operational excellence pillar of the AWS Well-Architected Framework. According to the AWS Well-Architected Framework whitepaper, creating annotated documentation means "documenting your workload so that the team understands the architecture, how to operate the workload, and how the workload delivers value to customers."3 Anticipate failure, ensure performance efficiency, and optimize costs are design principles that belong to other pillars of the AWS Well-Architected Framework, such as reliability, performance efficiency, and cost optimization.
A
Explanation:
Create annotated documentation is the design principle that is included in the operational excellence pillar of the AWS Well-Architected Framework. According to the AWS Well-Architected Framework whitepaper, creating annotated documentation means "documenting your workload so that the team understands the architecture, how to operate the workload, and how the workload delivers value to customers."3 Anticipate failure, ensure performance efficiency, and optimize costs are design principles that belong to other pillars of the AWS Well-Architected Framework, such as reliability, performance efficiency, and cost optimization.
Question #228
Which AWS services are connectivity services for a VPC? (Select TWO.)
- A . AWS Site-to-Site VPN
- B . AWS Direct Connect
- C . Amazon Connect
- D . AWS Key Management Service (AWS KMS)
- E . AWS Identity and Access Management (IAM)
Correct Answer: A
A
Explanation:
AWS Site-to-Site VPN and AWS Direct Connect are AWS services that are connectivity services for a VPC. AWS Site-to-Site VPN is a service that enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). You can establish VPN connections over the internet or over AWS Direct Connect1. AWS Direct Connect is a service that lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using AWS Direct Connect, you can create a private connection between AWS and your datacenter, office, or colocation environment, which can reduce your network costs,increase bandwidth throughput, and provide a more consistent network experience than internet-based connections2. Amazon Connect is a service that lets you set up and manage a contact center in the cloud, but it does not provide network connectivity between the VPC and your on-premises network. AWS Key Management Service (AWS KMS) is a service that makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and inyour applications, but it does not provide network connectivity between the VPC and your on-premises network. AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely, but it does not provide network connectivity between the VPC and your on-premises network.
A
Explanation:
AWS Site-to-Site VPN and AWS Direct Connect are AWS services that are connectivity services for a VPC. AWS Site-to-Site VPN is a service that enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). You can establish VPN connections over the internet or over AWS Direct Connect1. AWS Direct Connect is a service that lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using AWS Direct Connect, you can create a private connection between AWS and your datacenter, office, or colocation environment, which can reduce your network costs,increase bandwidth throughput, and provide a more consistent network experience than internet-based connections2. Amazon Connect is a service that lets you set up and manage a contact center in the cloud, but it does not provide network connectivity between the VPC and your on-premises network. AWS Key Management Service (AWS KMS) is a service that makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and inyour applications, but it does not provide network connectivity between the VPC and your on-premises network. AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely, but it does not provide network connectivity between the VPC and your on-premises network.
Question #229
A company wants to securely access an Amazon S3 bucket from an Amazon EC2 instance without accessing the internet.
What should the company use to accomplish this goal?
- A . VPN connection
- B . Internet gateway
- C . VPC endpoint
- D . NAT gateway
Correct Answer: C
C
Explanation:
A VPC endpoint enables private connections between an Amazon VPC and AWS services, like Amazon S3, without requiring internet access. This allows secure access to S3 from an EC2 instance within the same VPC, reducing latency and improving security. VPN connections and NAT gateways do not eliminate internet traffic, and an internet gateway would expose the VPC to the public internet.
C
Explanation:
A VPC endpoint enables private connections between an Amazon VPC and AWS services, like Amazon S3, without requiring internet access. This allows secure access to S3 from an EC2 instance within the same VPC, reducing latency and improving security. VPN connections and NAT gateways do not eliminate internet traffic, and an internet gateway would expose the VPC to the public internet.
Question #230
A company is migrating a relational database server to the AWS Cloud. The company wants to minimize administrative overhead of database maintenance tasks.
Which AWS service will meet these requirements?
- A . Amazon DynamoDB
- B . Amazon EC2
- C . Amazon Redshift
- D . Amazon RDS
Correct Answer: D
D
Explanation:
Amazon RDS is the AWS service that will meet the requirements of migrating a relational database server to the AWS Cloud and minimizing administrative overhead of database maintenance tasks. Amazon RDS is a fully managed relational database service that handles routine database tasks, such as provisioning, patching, backup, recovery, failure detection, and repair. Amazon RDS supports several database engines, such as MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora5.
D
Explanation:
Amazon RDS is the AWS service that will meet the requirements of migrating a relational database server to the AWS Cloud and minimizing administrative overhead of database maintenance tasks. Amazon RDS is a fully managed relational database service that handles routine database tasks, such as provisioning, patching, backup, recovery, failure detection, and repair. Amazon RDS supports several database engines, such as MySQL, PostgreSQL, Oracle, SQL Server, and Amazon Aurora5.