Practice Free CLF-C02 Exam Online Questions
Question #21
Which controls are the responsibility of both AWS and AWS customers, according to the AWS shared responsibility model? (Select TWO.)
- A . Physical and environmental controls
- B . Patch management
- C . Configuration management
- D . Account structures
- E . Choice of the AWS Region where data is stored
Correct Answer: B,C
B,C
Explanation:
Patch management and configuration management are controls that are the responsibility of both AWS and AWS customers, according to the AWS shared responsibility model. Patch management is the process of applying updates to software and applications to fix vulnerabilities, bugs, or performance issues. Configuration management is the process of defining and maintaining the settings and parameters of systems and applications to ensure their consistency and reliability. AWS is responsible for patching and configuring the software and services that it manages, such as the AWS global infrastructure, the hypervisor, and the AWS managed services. The customer is responsible for patching and configuring the software and services that they manage, such as the guest operating system, the applications, and the AWS customer-managed services. Physical and environmental controls are the responsibility of AWS, according to the AWS shared responsibility model. Physical and environmental controls are the measures that protect the physical security and availability of the AWS global infrastructure, such as power, cooling, fire suppression, and access control. AWS is responsible for maintaining these controls and ensuring the resilience and reliability of the AWS Cloud. Account structures are the responsibility of the customer, according to the AWS shared responsibility model. Account structures are the ways that customers organize and manage their AWS accounts and resources, such as using AWS Organizations, IAM users and roles, resource tagging, and billing preferences. The customer is responsible for creating and configuring these structures and ensuring the security and governance of their AWS environment. Choice of the AWS Region where data is stored is the responsibility of the customer, according to the AWS sharedresponsibility model. AWS Regions are geographic areas that consist of multiple isolated Availability Zones. Customers can choose which AWS Region to store their data and run their applications, depending on their latency, compliance, and cost requirements. The customer is responsible for selecting the appropriate AWS Region and ensuring the data sovereignty and regulatory compliance of their data.
B,C
Explanation:
Patch management and configuration management are controls that are the responsibility of both AWS and AWS customers, according to the AWS shared responsibility model. Patch management is the process of applying updates to software and applications to fix vulnerabilities, bugs, or performance issues. Configuration management is the process of defining and maintaining the settings and parameters of systems and applications to ensure their consistency and reliability. AWS is responsible for patching and configuring the software and services that it manages, such as the AWS global infrastructure, the hypervisor, and the AWS managed services. The customer is responsible for patching and configuring the software and services that they manage, such as the guest operating system, the applications, and the AWS customer-managed services. Physical and environmental controls are the responsibility of AWS, according to the AWS shared responsibility model. Physical and environmental controls are the measures that protect the physical security and availability of the AWS global infrastructure, such as power, cooling, fire suppression, and access control. AWS is responsible for maintaining these controls and ensuring the resilience and reliability of the AWS Cloud. Account structures are the responsibility of the customer, according to the AWS shared responsibility model. Account structures are the ways that customers organize and manage their AWS accounts and resources, such as using AWS Organizations, IAM users and roles, resource tagging, and billing preferences. The customer is responsible for creating and configuring these structures and ensuring the security and governance of their AWS environment. Choice of the AWS Region where data is stored is the responsibility of the customer, according to the AWS sharedresponsibility model. AWS Regions are geographic areas that consist of multiple isolated Availability Zones. Customers can choose which AWS Region to store their data and run their applications, depending on their latency, compliance, and cost requirements. The customer is responsible for selecting the appropriate AWS Region and ensuring the data sovereignty and regulatory compliance of their data.
Question #22
A company has a physical tape library to store data backups. The tape library is running out of space.
The company needs to extend the tape library’s capacity to the AWS Cloud.
Which AWS service should the company use to meet this requirement?
- A . Amazon Elastic File System (Amazon EFS)
- B . Amazon Elastic Block Store (Amazon EBS)
- C . Amazon S3
- D . AWS Storage Gateway
Correct Answer: D
D
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that provides on-premises access to virtually unlimited cloud storage. You can use AWS Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. One of these use cases is tape-based backup, which allows you to store data backups on virtual tapes in the AWS Cloud. You can use the Tape Gateway feature of AWS Storage Gateway to extend your existing physical tape library to the AWS Cloud. Tape Gateway provides a virtual tape infrastructure that scales seamlessly with your backup needs and eliminates the operational burden of provisioning, scaling, and maintaining a physical tape infrastructure123.
Reference: 1: CloudStorage Appliances, Hybrid Device – AWS Storage Gateway – AWS, 2: AWS Storage Gateway Documentation, 3: AWS Storage Gateway Features | Amazon Web Services
D
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that provides on-premises access to virtually unlimited cloud storage. You can use AWS Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. One of these use cases is tape-based backup, which allows you to store data backups on virtual tapes in the AWS Cloud. You can use the Tape Gateway feature of AWS Storage Gateway to extend your existing physical tape library to the AWS Cloud. Tape Gateway provides a virtual tape infrastructure that scales seamlessly with your backup needs and eliminates the operational burden of provisioning, scaling, and maintaining a physical tape infrastructure123.
Reference: 1: CloudStorage Appliances, Hybrid Device – AWS Storage Gateway – AWS, 2: AWS Storage Gateway Documentation, 3: AWS Storage Gateway Features | Amazon Web Services
Question #23
A development team wants to deploy multiple test environments for an application in a fast repeatable manner.
Which AWS service should the team use?
- A . Amazon EC2
- B . AWS CloudFormation
- C . Amazon QuickSight
- D . Amazon Elastic Container Service (Amazon ECS)
Correct Answer: B
B
Explanation:
AWS CloudFormation is a service that allows you to model and provision your AWS resources using templates. You can define your infrastructure as code and automate the creation and update of your resources. AWS CloudFormation also supports nested stacks, change sets, and rollback features to help you manage complex and dynamic environments34.
Reference: AWS CloudFormation
AWS Certified Cloud Practitioner Exam Guide
B
Explanation:
AWS CloudFormation is a service that allows you to model and provision your AWS resources using templates. You can define your infrastructure as code and automate the creation and update of your resources. AWS CloudFormation also supports nested stacks, change sets, and rollback features to help you manage complex and dynamic environments34.
Reference: AWS CloudFormation
AWS Certified Cloud Practitioner Exam Guide
Question #24
Which of the following actions are controlled with AWS Identity and Access Management (IAM)? (Select TWO.)
- A . Control access to AWS service APIs and to other specific resources.
- B . Provide intelligent threat detection and continuous monitoring.
- C . Protect the AWS environment using multi-factor authentication (MFA).
- D . Grant users access to AWS data centers.
- E . Provide firewall protection for applications from common web attacks.
Correct Answer: A,C
A,C
Explanation:
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely.
You can use IAM to perform the following actions:
Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS resources and how. You can also use IAM to grant temporary access to users or applications that need to perform certain tasks on your behalf3 Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of security to your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and password, when they sign in to AWS4
A,C
Explanation:
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely.
You can use IAM to perform the following actions:
Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS resources and how. You can also use IAM to grant temporary access to users or applications that need to perform certain tasks on your behalf3 Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of security to your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and password, when they sign in to AWS4
Question #25
A company uses AWS Organizations. The company wants to apply security best practices from the AWS Well-Architected Framework to all of its AWS accounts.
Which AWS service will meet these requirements?
- A . Amazon Macie
- B . Amazon Detective
- C . AWS Control Tower
- D . AWS Secrets Manager
Correct Answer: A
A
Explanation:
AWS Control Tower is the easiest way to set up and govern a secure, multi-account AWS environment based on best practices established through AWS’s experience working with thousands of enterprises as they move to the cloud. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while you have peace of mind knowing your accounts conform to your organization’s policies. AWS Control Tower automates the setup of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment1. AWS Control Tower helps you apply security best practices from the AWS Well-Architected Framework to all of your AWS accounts2.
A
Explanation:
AWS Control Tower is the easiest way to set up and govern a secure, multi-account AWS environment based on best practices established through AWS’s experience working with thousands of enterprises as they move to the cloud. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while you have peace of mind knowing your accounts conform to your organization’s policies. AWS Control Tower automates the setup of a baseline environment, or landing zone, that is a secure, well-architected multi-account AWS environment1. AWS Control Tower helps you apply security best practices from the AWS Well-Architected Framework to all of your AWS accounts2.
Question #26
Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC? images?
- A . EC2 Image Builder
- B . Amazon Machine Image (AMI)
- C . AWS Launch Wizard
- D . AWS Elastic Beanstalk
Correct Answer: A
A
Explanation:
Understanding EC2 Image Builder: EC2 Image Builder is a fully managed service that simplifies the creation, maintenance, validation, and testing of Amazon Machine Images (AMIs).
Why Use EC2 Image Builder:
Automation: Automates the creation and management of AMIs, reducing manual efforts and the risk of errors.
Customization: Allows you to customize the images to include necessary software, configurations, and security settings.
Compliance: Ensures that the images comply with your security and operational standards through continuous monitoring and testing.
How to Implement EC2 Image Builder:
Create a Recipe: Define an image recipe specifying the base image and components to be included. Build Pipeline: Set up an image pipeline that automates the building and testing of the AMI based on a schedule or trigger.
Distribute Images: Use the produced AMIs across multiple AWS regions and accounts as needed.
EC2 Image Builder
A
Explanation:
Understanding EC2 Image Builder: EC2 Image Builder is a fully managed service that simplifies the creation, maintenance, validation, and testing of Amazon Machine Images (AMIs).
Why Use EC2 Image Builder:
Automation: Automates the creation and management of AMIs, reducing manual efforts and the risk of errors.
Customization: Allows you to customize the images to include necessary software, configurations, and security settings.
Compliance: Ensures that the images comply with your security and operational standards through continuous monitoring and testing.
How to Implement EC2 Image Builder:
Create a Recipe: Define an image recipe specifying the base image and components to be included. Build Pipeline: Set up an image pipeline that automates the building and testing of the AMI based on a schedule or trigger.
Distribute Images: Use the produced AMIs across multiple AWS regions and accounts as needed.
EC2 Image Builder
Question #27
A company needs a file-sharing service that supports SMB protocol.
- A . Amazon Aurora
- B . AWS Config
- C . AWS DataSync
- D . Amazon FSx for Windows File Server
Correct Answer: D
Question #28
A company is migrating its data center to AWS. The company needs an AWS Support plan that provides chat access to a cloud sup engineer 24 hours a day, 7 days a week. The company does not require access to infrastructure event management.
What is the MOST cost-effective AWS Support plan that meets these requirements?
- A . AWS Enterprise Support
- B . AWS Business Support
- C . AWS Developer Support
- D . AWS Basic Support
Correct Answer: B
B
Explanation:
AWS Business Support is the most cost-effective AWS Support plan that provides chat access to a cloud support engineer 24/7. AWS Business Support also offers phone and email support, as well as a response time of less than one hour for urgent issues. AWS Business Support does not include access to infrastructure event management, which is a feature of AWS Enterprise Support. AWS Enterprise Support is more expensive and provides additional benefits, such as a technical account manager, a support concierge, and a response time of less than 15 minutes for critical issues. AWS Developer Support and AWS Basic Support do not provide chat access to a cloud support engineer. AWS Developer Support provides email support and a response time of less than 12 hours for general guidance issues. AWS Basic Support provides customer service and account support, as well as access to forums and documentation1
B
Explanation:
AWS Business Support is the most cost-effective AWS Support plan that provides chat access to a cloud support engineer 24/7. AWS Business Support also offers phone and email support, as well as a response time of less than one hour for urgent issues. AWS Business Support does not include access to infrastructure event management, which is a feature of AWS Enterprise Support. AWS Enterprise Support is more expensive and provides additional benefits, such as a technical account manager, a support concierge, and a response time of less than 15 minutes for critical issues. AWS Developer Support and AWS Basic Support do not provide chat access to a cloud support engineer. AWS Developer Support provides email support and a response time of less than 12 hours for general guidance issues. AWS Basic Support provides customer service and account support, as well as access to forums and documentation1
Question #29
Which of the following is a benefit of operating in the AWS Cloud?
- A . The ability to migrate on-premises network devices to the AWS Cloud
- B . The ability to expand compute, storage, and memory when needed
- C . The ability to host custom hardware in the AWS Cloud
- D . The ability to customize the underlying hypervisor layer for Amazon EC2
Correct Answer: B
B
Explanation:
One of the benefits of operating in the AWS Cloud is the ability to expand compute, storage, and memory when needed, which enables users to scale their applications and resources up or down based on demand. This also helps users optimize their costs and performance. The ability to migrate on-premises network devices to the AWS Cloud, the ability to host custom hardware in the AWS Cloud, and the ability to customize the underlying hypervisor layer for Amazon EC2 are not benefits of operating in the AWS Cloud, as they are either not possible or not recommended by AWS.
B
Explanation:
One of the benefits of operating in the AWS Cloud is the ability to expand compute, storage, and memory when needed, which enables users to scale their applications and resources up or down based on demand. This also helps users optimize their costs and performance. The ability to migrate on-premises network devices to the AWS Cloud, the ability to host custom hardware in the AWS Cloud, and the ability to customize the underlying hypervisor layer for Amazon EC2 are not benefits of operating in the AWS Cloud, as they are either not possible or not recommended by AWS.
Question #30
A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Select TWO.)
- A . Spot Instances
- B . On-Demand Instances
- C . Reserved Instances
- D . Savings Plans
- E . Dedicated Hosts
Correct Answer: C,D
C,D
Explanation:
Reserved Instances (RIs) are a pricing model that allows you to reserve EC2 instances for a specified period of time (one or three years) and receive a significant discount compared to On-Demand pricing. RIs are suitable for workloads that have predictable usage patterns and require a long-term commitment. You can choose between three payment options: All Upfront, Partial Upfront, or No Upfront. The more you pay upfront, the greater the discount1.
Savings Plans are a flexible pricing model that can help you reduce your EC2 costs by up to 72% compared to On-Demand pricing, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one or three year term. Savings Plans apply to usage across EC2, AWS Lambda, and AWS Fargate. You can choose between two types of Savings Plans: Compute Savings Plans and EC2 Instance Savings Plans. Compute Savings Plans offer the most flexibility and apply to any instance family, size, OS, tenancy, or region. EC2 Instance Savings Plans offer the highest discount and apply to a specific instance family within a region2.
Spot Instances are a pricing model that allows you to bid for unused EC2 capacity in the AWS cloud and are available at a discount of up to 90% compared to On-Demand pricing. Spot Instances are suitable for fault-tolerant or stateless workloads that can run on heterogeneous hardware and have flexible start and end times. However, SpotInstances are not guaranteed and can be interrupted by AWS at any time if the demand for capacity increases or your bid price is lower than the current Spot price3.
On-Demand Instances are a pricing model that allows you to pay for compute capacity by the hour or second with no long-term commitments. On-Demand Instances aresuitable for short-term, spiky, or unpredictable workloads that cannot be interrupted, or for applications that are being developed or tested on EC2 for the first time. However, On-Demand Instances are the most expensive option among the four pricing models4.
Dedicated Hosts are physical EC2 servers fully dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, such as Windows Server, SQL Server, and SUSE Linux Enterprise Server. Dedicated Hosts can be purchased On-Demand or as part of Savings Plans. Dedicated Hosts are suitable for workloads that need to run on dedicated physical servers or have strict licensing requirements. However, Dedicated Hosts are not the lowest cost option among the four pricing models.
C,D
Explanation:
Reserved Instances (RIs) are a pricing model that allows you to reserve EC2 instances for a specified period of time (one or three years) and receive a significant discount compared to On-Demand pricing. RIs are suitable for workloads that have predictable usage patterns and require a long-term commitment. You can choose between three payment options: All Upfront, Partial Upfront, or No Upfront. The more you pay upfront, the greater the discount1.
Savings Plans are a flexible pricing model that can help you reduce your EC2 costs by up to 72% compared to On-Demand pricing, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one or three year term. Savings Plans apply to usage across EC2, AWS Lambda, and AWS Fargate. You can choose between two types of Savings Plans: Compute Savings Plans and EC2 Instance Savings Plans. Compute Savings Plans offer the most flexibility and apply to any instance family, size, OS, tenancy, or region. EC2 Instance Savings Plans offer the highest discount and apply to a specific instance family within a region2.
Spot Instances are a pricing model that allows you to bid for unused EC2 capacity in the AWS cloud and are available at a discount of up to 90% compared to On-Demand pricing. Spot Instances are suitable for fault-tolerant or stateless workloads that can run on heterogeneous hardware and have flexible start and end times. However, SpotInstances are not guaranteed and can be interrupted by AWS at any time if the demand for capacity increases or your bid price is lower than the current Spot price3.
On-Demand Instances are a pricing model that allows you to pay for compute capacity by the hour or second with no long-term commitments. On-Demand Instances aresuitable for short-term, spiky, or unpredictable workloads that cannot be interrupted, or for applications that are being developed or tested on EC2 for the first time. However, On-Demand Instances are the most expensive option among the four pricing models4.
Dedicated Hosts are physical EC2 servers fully dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, such as Windows Server, SQL Server, and SUSE Linux Enterprise Server. Dedicated Hosts can be purchased On-Demand or as part of Savings Plans. Dedicated Hosts are suitable for workloads that need to run on dedicated physical servers or have strict licensing requirements. However, Dedicated Hosts are not the lowest cost option among the four pricing models.