Practice Free CLF-C02 Exam Online Questions
Question #241
Which AWS feature or resource is a deployable Amazon EC2 instance template that is prepackaged with
software and security requirements?
- A . Amazon Elastic Block Store (Amazon EBS) volume
- B . AWS CloudFormation template
- C . Amazon Elastic Block Store (Amazon EBS) snapshot
- D . Amazon Machine Image (AMI)
Correct Answer: D
D
Explanation:
An Amazon Machine Image (AMI) is a deployable Amazon EC2 instance template that is prepackaged with software and security requirements. It provides the information required to launch an instance, which is a virtual server in the cloud. You can use an AMI to launch as many instances as you need. You can also create your own custom AMIs or use AMIs shared by other AWS users1.
D
Explanation:
An Amazon Machine Image (AMI) is a deployable Amazon EC2 instance template that is prepackaged with software and security requirements. It provides the information required to launch an instance, which is a virtual server in the cloud. You can use an AMI to launch as many instances as you need. You can also create your own custom AMIs or use AMIs shared by other AWS users1.
Question #242
A company wants to establish a security layer in its VPC that will act as a firewall to control subnet traffic.
Which AWS service or feature will meet this requirement?
- A . Routing tables
- B . Network access control lists (network ACLs)
- C . Security groups
- D . Amazon GuardDuty
Correct Answer: C
C
Explanation:
Security groups are the service or feature that meets the requirement of establishing a security layer in a VPC that will act as a firewall to control subnet traffic. Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Security groups are associated with network interfaces, and therefore apply to all the instances in the subnets that use those network interfaces. Routing tables are used to direct traffic between subnets and gateways, not to filter traffic. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level, but they are less granular and more cumbersome to manage than security groups. Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity, not a firewall service.
C
Explanation:
Security groups are the service or feature that meets the requirement of establishing a security layer in a VPC that will act as a firewall to control subnet traffic. Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Security groups are associated with network interfaces, and therefore apply to all the instances in the subnets that use those network interfaces. Routing tables are used to direct traffic between subnets and gateways, not to filter traffic. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level, but they are less granular and more cumbersome to manage than security groups. Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity, not a firewall service.
Question #243
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?
- A . Security groups
- B . AWS WAF
- C . Network ACLs
- D . AWS Shield
Correct Answer: B
B
Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-sitescripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.
B
Explanation:
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-sitescripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.
Question #244
A company plans to launch an ecommerce website that contains many images for a product catalog.
The company wants to keep the cost of running the website within a specific budget.
Which AWS service or tool should the company use to monitor the ongoing costs of the website?
- A . AWS Cost Explorer
- B . AWS SDKs
- C . EC2 Image Builder
- D . AWS CloudFormation
Correct Answer: A
A
Explanation:
AWS Cost Exploreris a tool that enables you to view and analyze your costs and usage. It provides an easy-to-use interface to visualize, understand, and manage AWS costs and usage over time. Cost Explorer allows the company to monitor ongoing costs, set budget alerts, and analyze cost drivers, which is ideal for keeping the cost of running an ecommerce website within a specific budget.
B. AWS SDKs: Incorrect, as they are software development kits that allow integration with AWS services but do not provide cost monitoring or management capabilities.
C. EC2 Image Builder: Incorrect, as it is a service for automating the creation of virtual machine images, not for monitoring costs.
D. AWS CloudFormation: Incorrect, as it is used for provisioning and managing infrastructure as code, not for cost monitoring.
AWS Cloud
Reference: AWS Cost Explorer
A
Explanation:
AWS Cost Exploreris a tool that enables you to view and analyze your costs and usage. It provides an easy-to-use interface to visualize, understand, and manage AWS costs and usage over time. Cost Explorer allows the company to monitor ongoing costs, set budget alerts, and analyze cost drivers, which is ideal for keeping the cost of running an ecommerce website within a specific budget.
B. AWS SDKs: Incorrect, as they are software development kits that allow integration with AWS services but do not provide cost monitoring or management capabilities.
C. EC2 Image Builder: Incorrect, as it is a service for automating the creation of virtual machine images, not for monitoring costs.
D. AWS CloudFormation: Incorrect, as it is used for provisioning and managing infrastructure as code, not for cost monitoring.
AWS Cloud
Reference: AWS Cost Explorer
Question #245
A company needs to convert video files and audio files to a format that will play on smartphones.
Which AWS service will meet this requirement?
- A . Amazon Comprehend
- B . Amazon Rekognition
- C . Amazon Elastic Transcoder
- D . Amazon Polly
Correct Answer: C
C
Explanation:
Amazon Elastic Transcoder is a media transcoding service that enables companies to convert video and audio files into formats optimized for playback on various devices, including smartphones. It automates the transcoding process and supports a wide array of video and audio formats, making it ideal for converting files into mobile-friendly formats. Services like Amazon Comprehend, Rekognition, and Polly do not perform media transcoding functions.
C
Explanation:
Amazon Elastic Transcoder is a media transcoding service that enables companies to convert video and audio files into formats optimized for playback on various devices, including smartphones. It automates the transcoding process and supports a wide array of video and audio formats, making it ideal for converting files into mobile-friendly formats. Services like Amazon Comprehend, Rekognition, and Polly do not perform media transcoding functions.
Question #246
Which AWS service offers a global content delivery network (CDN) that helps companies securely
deliver websites, videos, applications,
and APIs at high speeds with low latency?
- A . Amazon EC2
- B . Amazon CloudFront
- C . Amazon CloudWatch
- D . AWS CloudFormation
Correct Answer: B
B
Explanation:
Amazon CloudFront is the AWS service that offers a global content delivery network (CDN) that helps companies securely deliver websites, videos, applications, and APIs at high speeds with low latency. Amazon CloudFront is a web service that speeds up distribution of static and dynamic web content, such as HTML, CSS, JavaScript, and image files, to users. Amazon CloudFront uses a global network of edge locations, located near users’ geographic locations, to cache and serve content with high availability and performance. Amazon CloudFront also provides features such as AWS Shield for DDoS protection, AWS Certificate Manager for SSL/TLS encryption, AWS WAF for web application firewall, and AWS Lambda@Edge for customizing content delivery with serverless code. Amazon EC2, Amazon CloudWatch, and AWS CloudFormation are not services that offer a global CDN. Amazon EC2 is a service that provides scalable compute capacity in the cloud. Amazon CloudWatch is a service that provides monitoring and observability for AWS resources andapplications. AWS CloudFormation is a service that provides a common language to model and provision AWS resources and their dependencies.
B
Explanation:
Amazon CloudFront is the AWS service that offers a global content delivery network (CDN) that helps companies securely deliver websites, videos, applications, and APIs at high speeds with low latency. Amazon CloudFront is a web service that speeds up distribution of static and dynamic web content, such as HTML, CSS, JavaScript, and image files, to users. Amazon CloudFront uses a global network of edge locations, located near users’ geographic locations, to cache and serve content with high availability and performance. Amazon CloudFront also provides features such as AWS Shield for DDoS protection, AWS Certificate Manager for SSL/TLS encryption, AWS WAF for web application firewall, and AWS Lambda@Edge for customizing content delivery with serverless code. Amazon EC2, Amazon CloudWatch, and AWS CloudFormation are not services that offer a global CDN. Amazon EC2 is a service that provides scalable compute capacity in the cloud. Amazon CloudWatch is a service that provides monitoring and observability for AWS resources andapplications. AWS CloudFormation is a service that provides a common language to model and provision AWS resources and their dependencies.
Question #247
A company needs to automatically protect its Amazon EC2 instances from distributed denial of service (DDoS) attacks.
- A . Network access control list (ACL)
- B . AWS Shield
- C . Security group
- D . Amazon GuardDuty
Correct Answer: B
Question #248
A company wants to design its cloud architecture so that it can support development innovations, and continuously improve processes and procedures.
This is an example of which pillar of the AWS Well-Architected Framework?
- A . Security
- B . Performance efficiency
- C . Operational excellence
- D . Reliability
Correct Answer: D
D
Explanation:
"The Reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle."
https://docs.aws.amazon.com/wellarchitected/latest/framework/reliability.html
D
Explanation:
"The Reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle."
https://docs.aws.amazon.com/wellarchitected/latest/framework/reliability.html
Question #249
Which AWS service can provide a dedicated network connection with consistent low latency from on premises to the AWS Cloud?
- A . Amazon VPC
- B . Amazon Kinesis Data Streams
- C . AWS Direct Connect
- D . Amazon OpenSearch Service
Correct Answer: C
C
Explanation:
AWS Direct Connect is a service that provides a dedicated network connection from on premises to the AWS Cloud. It can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. It can also provide low latency for applications that require real-time data transfer4. Amazon VPC is a service that provides a logically isolated section of the AWS Cloud where users can launch AWS resources in a virtual network that they define. Amazon Kinesis Data Streams is a service that provides a scalable and durable stream of data records for real-time data processing. Amazon OpenSearch Service is a service that provides a fully managed, scalable, and secure search and analytics solution that is compatible with Elasticsearch.
C
Explanation:
AWS Direct Connect is a service that provides a dedicated network connection from on premises to the AWS Cloud. It can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. It can also provide low latency for applications that require real-time data transfer4. Amazon VPC is a service that provides a logically isolated section of the AWS Cloud where users can launch AWS resources in a virtual network that they define. Amazon Kinesis Data Streams is a service that provides a scalable and durable stream of data records for real-time data processing. Amazon OpenSearch Service is a service that provides a fully managed, scalable, and secure search and analytics solution that is compatible with Elasticsearch.
Question #250
To assist companies with Payment Card Industry Data Security Standard (PCI DSS) compliance in the cloud. AWS provides:
- A . physical inspections of data centers by appointment.
- B . required PCI compliance certifications for any application running on AWS.
- C . an AWS Attestation of Compliance (AOC) report for specific AWS services.
- D . professional PCI compliance services.
Correct Answer: C
C
Explanation:
AWS provides an Attestation of Compliance (AOC) report for specific AWS services to assist companies in achieving Payment Card Industry Data Security Standard (PCI DSS) compliance in the cloud. This report demonstrates that AWS services meet the necessary PCI DSS requirements. AWS does not offer physical inspections of data centers by appointment, nor does it provide certifications for any application running on AWS. Additionally, AWS does not provide professional PCI compliance services; companies must manage their PCI compliance in their environment.
C
Explanation:
AWS provides an Attestation of Compliance (AOC) report for specific AWS services to assist companies in achieving Payment Card Industry Data Security Standard (PCI DSS) compliance in the cloud. This report demonstrates that AWS services meet the necessary PCI DSS requirements. AWS does not offer physical inspections of data centers by appointment, nor does it provide certifications for any application running on AWS. Additionally, AWS does not provide professional PCI compliance services; companies must manage their PCI compliance in their environment.