Practice Free CLF-C02 Exam Online Questions
Question #21
In which of the following AWS services should database credentials be stored for maximum security?
- A . AWS Identity and Access Management (IAM)
- B . AWS Secrets Manager
- C . Amazon S3
- D . AWS Key Management Service (AWS KMS)
Correct Answer: B
B
Explanation:
AWS Secrets Manager is the AWS service where database credentials should be stored for maximum security. AWS Secrets Manager helps to protect the secrets, such as database credentials, passwords, API keys, and tokens, that are used to access applications, services, and resources. AWS Secrets Manager enables secure storage, encryption, rotation, and retrieval of the secrets. AWS Secrets Manager also integrates with other AWS services, such as AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), and AWS Lambda. For more information, see [What is AWS Secrets Manager?] and [Getting Started with AWS Secrets Manager].
B
Explanation:
AWS Secrets Manager is the AWS service where database credentials should be stored for maximum security. AWS Secrets Manager helps to protect the secrets, such as database credentials, passwords, API keys, and tokens, that are used to access applications, services, and resources. AWS Secrets Manager enables secure storage, encryption, rotation, and retrieval of the secrets. AWS Secrets Manager also integrates with other AWS services, such as AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), and AWS Lambda. For more information, see [What is AWS Secrets Manager?] and [Getting Started with AWS Secrets Manager].
Question #22
Under the AWS shared responsibility model, which of the following is a responsibility of the customer?
- A . Shred disk drives before they leave a data center.
- B . Prevent customers from gathering packets or collecting traffic at the hypervisor level.
- C . Patch the guest operating system with the latest security patches.
- D . Maintain security systems that provide physical monitoring of data centers.
Correct Answer: C
C
Explanation:
Under the AWS shared responsibility model, AWS is responsible for the security "of" the cloud, which includes the physical infrastructure, networking, and hypervisor layer. The customer, however, is responsible for security "in" the cloud, which includes managing the security of their data, patching and maintaining their guest operating system and applications, and managing identity and access. The responsibilities of shredding disk drives, preventing packet capture at the hypervisor level, and physical monitoring are handled by AWS as part of its responsibility for security "of" the cloud.
C
Explanation:
Under the AWS shared responsibility model, AWS is responsible for the security "of" the cloud, which includes the physical infrastructure, networking, and hypervisor layer. The customer, however, is responsible for security "in" the cloud, which includes managing the security of their data, patching and maintaining their guest operating system and applications, and managing identity and access. The responsibilities of shredding disk drives, preventing packet capture at the hypervisor level, and physical monitoring are handled by AWS as part of its responsibility for security "of" the cloud.
Question #23
A company needs to centralize its operational data. The company also needs to automate tasks across all of its Amazon EC2 instances.
Which AWS service can the company use to meet these requirements?
- A . AWS Trusted Advisor
- B . AWS Systems Manager
- C . AWS CodeDeploy
- D . AWS Elastic Beanstalk
Correct Answer: B
B
Explanation:
AWS Systems Manager is a service that enables users to centralize and automate the management of their AWS resources. It provides a unified user interface to view operational data, such as inventory, patch compliance, and performance metrics. It also allows users to automate common and repetitive tasks, such as patching, backup, and configuration management, across all of their Amazon EC2 instances1. AWS Trusted Advisor is a service that provides best practices and recommendations to optimize the performance, security, and cost of AWS resources2. AWS CodeDeploy is a service that automates the deployment of code and applications to Amazon EC2 instances or other compute services3. AWS Elastic Beanstalk is a service that simplifies the deployment and management of web applications using popular platforms, such as Java, PHP, and Node.js4.
B
Explanation:
AWS Systems Manager is a service that enables users to centralize and automate the management of their AWS resources. It provides a unified user interface to view operational data, such as inventory, patch compliance, and performance metrics. It also allows users to automate common and repetitive tasks, such as patching, backup, and configuration management, across all of their Amazon EC2 instances1. AWS Trusted Advisor is a service that provides best practices and recommendations to optimize the performance, security, and cost of AWS resources2. AWS CodeDeploy is a service that automates the deployment of code and applications to Amazon EC2 instances or other compute services3. AWS Elastic Beanstalk is a service that simplifies the deployment and management of web applications using popular platforms, such as Java, PHP, and Node.js4.
Question #24
Which of the following services are used to manage user authentication? (Select TWO)
- A . AWS IAM
- B . Amazon Cognito
- C . Amazon VPC
- D . Amazon SQS
- E . AWS Config
Correct Answer: A, B
Question #25
A company has moved all its infrastructure to the AWS Cloud. To plan ahead for each quarter, the finance team wants to track the cost and usage data of all resources from previous months. The finance team wants to automatically generate reports that contains the data.
Which AWS service or feature should the finance team use to meet these requirements?
- A . Amazon Detective
- B . AWS Pricing Calculator
- C . AWS Budgets
- D . AWS Savings Plans
Correct Answer: C
C
Explanation:
AWS Budgets allows users to set custom cost and usage budgets and receive notifications when they exceed their thresholds. It provides detailed reports on cost and usage data for the past and current months, enabling the finance team to track and analyze spending.
AWS Budgets can automatically generate cost and usage reports, which can help the finance team plan ahead for each quarter based on historical data.
Why other options are not suitable:
C
Explanation:
AWS Budgets allows users to set custom cost and usage budgets and receive notifications when they exceed their thresholds. It provides detailed reports on cost and usage data for the past and current months, enabling the finance team to track and analyze spending.
AWS Budgets can automatically generate cost and usage reports, which can help the finance team plan ahead for each quarter based on historical data.
Why other options are not suitable:
Question #26
Which task is the responsibility of AWS when using AWS services?
- A . Management of IAM user permissions
- B . Creation of security group rules for outbound access
- C . Maintenance of physical and environmental controls
- D . Application of Amazon EC2 operating system patches
Correct Answer: C
C
Explanation:
AWS is responsible for maintaining the physical and environmental controls of the AWS Cloud, such as power, cooling, fire suppression, and physical security1. The customer is responsible for managing the IAM user permissions, creating security group rules for outbound access, applying Amazon EC2 operating system patches, and other aspects of security in the cloud1.
C
Explanation:
AWS is responsible for maintaining the physical and environmental controls of the AWS Cloud, such as power, cooling, fire suppression, and physical security1. The customer is responsible for managing the IAM user permissions, creating security group rules for outbound access, applying Amazon EC2 operating system patches, and other aspects of security in the cloud1.
Question #27
A company wants to automatically run operating system command scripts on Amazon EC2 instances.
Which AWS service will meet these requirements in the MOST operationally efficient way?
- A . AWS Organizations
- B . AWS Control Tower
- C . AWS Lambda
- D . AWS Systems Manager
Correct Answer: D
Question #28
A company has an application with robust hardware requirements. The application must be accessed
by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high end client hardware?
- A . Amazon AppStream 2.0
- B . AWS AppSync
- C . Amazon WorkLink
- D . AWS Elastic Beanstalk
Correct Answer: A
A
Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access to internalwebsites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using popular platforms such as Java, .NET, PHP, and Node.js.
Reference: [Amazon AppStream 2.0 FAQs]
A
Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access to internalwebsites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using popular platforms such as Java, .NET, PHP, and Node.js.
Reference: [Amazon AppStream 2.0 FAQs]
Question #29
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)
- A . Network infrastructure and virtualization of infrastructure
- B . Security of application data
- C . Guest operating systems
- D . Physical security of hardware
- E . Credentials and policies
Correct Answer: A,D
A,D
Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS responsibilities according to the AWS shared responsibility model. Security of application data, guest operatingsystems, and credentials and policies are customer responsibilities according to the AWS shared responsibility model.
Reference: [AWS Shared Responsibility Model]
A,D
Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS responsibilities according to the AWS shared responsibility model. Security of application data, guest operatingsystems, and credentials and policies are customer responsibilities according to the AWS shared responsibility model.
Reference: [AWS Shared Responsibility Model]
Question #30
Which feature of the AWS Cloud gives users the ability to pay based on current needs rather than forecasted needs?
- A . AWS Budgets
- B . Pay-as-you-go pricing
- C . Volume discounts
- D . Savings Plans
Correct Answer: B
B
Explanation:
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on current needs rather than forecasted needs. Pay-as-you-go pricing means that users only pay for theAWS services and resources they use, without any upfront or long-term commitments. This allows users to scale up or down their usage depending on their changing business requirements, and avoid paying for idle or unused capacity. Pay-as-you-go pricing also enables users to benefit from the economies of scale and lower costs of AWS as they grow their business5
B
Explanation:
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on current needs rather than forecasted needs. Pay-as-you-go pricing means that users only pay for theAWS services and resources they use, without any upfront or long-term commitments. This allows users to scale up or down their usage depending on their changing business requirements, and avoid paying for idle or unused capacity. Pay-as-you-go pricing also enables users to benefit from the economies of scale and lower costs of AWS as they grow their business5