Practice Free CLF-C02 Exam Online Questions
Question #31
A company is running a reporting web server application on Amazon EC2 instances. The application runs once every week and once again at the end of the month. The EC2 instances can be shut down when they are not in use.
What is the MOST cost-effective billing model for this use case?
- A . Standard Reserved Instances
- B . Convertible Reserved Instances
- C . On-Demand Capacity Reservations
- D . On-Demand Instances
Correct Answer: D
D
Explanation:
For a reporting application that runs only periodically, On-Demand Instances are the most cost-effective choice because they allow the company to pay only for the compute capacity used, without long-term commitments. Reserved Instances are less flexible due to the need for upfront payment or long-term contracts, which would not be cost-effective given the application’s intermittent usage. On-Demand Capacity Reservations would also be more costly, as they hold capacity regardless of usage.
D
Explanation:
For a reporting application that runs only periodically, On-Demand Instances are the most cost-effective choice because they allow the company to pay only for the compute capacity used, without long-term commitments. Reserved Instances are less flexible due to the need for upfront payment or long-term contracts, which would not be cost-effective given the application’s intermittent usage. On-Demand Capacity Reservations would also be more costly, as they hold capacity regardless of usage.
Question #32
Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture?
- A . Security
- B . Governance
- C . Operations
- D . Platform
Correct Answer: C
C
Explanation:
The correct answer is D. Platform.
The Platform perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture. This capability helps you design, implement, and optimize your data and analytics solutions on AWS, using services such as Amazon S3, Amazon Redshift, Amazon EMR, Amazon Kinesis, Amazon Athena, and Amazon QuickSight.A well-designed data and analytics architecture enables you to collect, store, process, analyze, and visualize data from various sources, and derive insights that can drive your business decisions12.
The Security perspective does not include a capability for data and analytics architecture, but it does include a capability for data protection, which helps you secure your data at rest and in transit using encryption, key management, access control, and auditing13.
The Governance perspective does not include a capability for data and analytics architecture, but it does include a capability for data governance, which helps you manage the quality, availability, usability, integrity, and security of your data assets14.
The Operations perspective does not include a capability for data and analytics architecture, but it does include a capability for data operations, which helps youmonitor, troubleshoot, and optimize the performance and availability of your data pipelines and workloads1.
Reference: 1:Foundational capabilities – An Overview of the AWS Cloud Adoption Framework2: [AWS Cloud Adoption Framework: Platform Perspective]3: [AWS Cloud Adoption Framework: Security
Perspective]4: [AWS Cloud Adoption Framework: Governance Perspective] : [AWS Cloud Adoption
Framework: Operations Perspective]
C
Explanation:
The correct answer is D. Platform.
The Platform perspective in the AWS Cloud Adoption Framework (AWS CAF) includes a capability for well-designed data and analytics architecture. This capability helps you design, implement, and optimize your data and analytics solutions on AWS, using services such as Amazon S3, Amazon Redshift, Amazon EMR, Amazon Kinesis, Amazon Athena, and Amazon QuickSight.A well-designed data and analytics architecture enables you to collect, store, process, analyze, and visualize data from various sources, and derive insights that can drive your business decisions12.
The Security perspective does not include a capability for data and analytics architecture, but it does include a capability for data protection, which helps you secure your data at rest and in transit using encryption, key management, access control, and auditing13.
The Governance perspective does not include a capability for data and analytics architecture, but it does include a capability for data governance, which helps you manage the quality, availability, usability, integrity, and security of your data assets14.
The Operations perspective does not include a capability for data and analytics architecture, but it does include a capability for data operations, which helps youmonitor, troubleshoot, and optimize the performance and availability of your data pipelines and workloads1.
Reference: 1:Foundational capabilities – An Overview of the AWS Cloud Adoption Framework2: [AWS Cloud Adoption Framework: Platform Perspective]3: [AWS Cloud Adoption Framework: Security
Perspective]4: [AWS Cloud Adoption Framework: Governance Perspective] : [AWS Cloud Adoption
Framework: Operations Perspective]
Question #33
Which AWS Support plan provides the full set to AWS Trusted Advisor checks at the LOWEST cost?
- A . AWS Developer Support
- B . AWS Business Support
- C . AWS Enterprise On-Ramp Support
- D . AWS Enterprise Support
Correct Answer: B
B
Explanation:
AWS Trusted Advisor is a tool that helps customers optimize their AWS environment by providing real-time guidance in five key areas: cost optimization, performance, security, fault tolerance, and service limits. However, the availability of the full set of Trusted Advisor checks depends on the AWS Support plan chosen.
AWS Developer Support: This plan provides access to only seven core Trusted Advisor checks. It is designed for developers experimenting or testing in AWS and does not offer the full set of Trusted Advisor checks.
AWS Business Support: This plan is the lowest-cost support plan that provides access to thefull set of AWS Trusted Advisor checks. Business Support is intended for production workloads, providing a broader range of checks, 24×7 access to Cloud Support Engineers, and more extensive support features.
AWS Enterprise On-Ramp Support: This plan offers access to all Trusted Advisor checks as well but is more expensive than the Business Support plan. It is designed for customers running production workloads and needing additional technical support but does not require the full level of engagement that comes with Enterprise Support.
AWS Enterprise Support: This is the most comprehensive and highest-cost support plan, providing access to all Trusted Advisor checks and a full range of AWS Support resources, including a Technical Account Manager (TAM), account management, concierge support, and more. Conclusion:
The correct answer isB. AWS Business Support, as it provides access to the full set of AWS Trusted Advisor checks at thelowest cost. AWS Developer Support does not offer the complete checks, and both AWS Enterprise On-Ramp and AWS Enterprise Support are higher-cost plans that also provide the full checks.
AWS Cloud
Reference: AWS Support Plans
AWS Trusted Advisor
B
Explanation:
AWS Trusted Advisor is a tool that helps customers optimize their AWS environment by providing real-time guidance in five key areas: cost optimization, performance, security, fault tolerance, and service limits. However, the availability of the full set of Trusted Advisor checks depends on the AWS Support plan chosen.
AWS Developer Support: This plan provides access to only seven core Trusted Advisor checks. It is designed for developers experimenting or testing in AWS and does not offer the full set of Trusted Advisor checks.
AWS Business Support: This plan is the lowest-cost support plan that provides access to thefull set of AWS Trusted Advisor checks. Business Support is intended for production workloads, providing a broader range of checks, 24×7 access to Cloud Support Engineers, and more extensive support features.
AWS Enterprise On-Ramp Support: This plan offers access to all Trusted Advisor checks as well but is more expensive than the Business Support plan. It is designed for customers running production workloads and needing additional technical support but does not require the full level of engagement that comes with Enterprise Support.
AWS Enterprise Support: This is the most comprehensive and highest-cost support plan, providing access to all Trusted Advisor checks and a full range of AWS Support resources, including a Technical Account Manager (TAM), account management, concierge support, and more. Conclusion:
The correct answer isB. AWS Business Support, as it provides access to the full set of AWS Trusted Advisor checks at thelowest cost. AWS Developer Support does not offer the complete checks, and both AWS Enterprise On-Ramp and AWS Enterprise Support are higher-cost plans that also provide the full checks.
AWS Cloud
Reference: AWS Support Plans
AWS Trusted Advisor
Question #34
A company wants to avoid unnecessary charges and run workloads at the lowest price point.
Which pillar of the AWS Well-Architected Framework includes these goals?
- A . Security
- B . Reliability
- C . Sustainability
- D . Cost optimization
Correct Answer: D
Question #35
A company is assessing its AWS Business Support plan to determine if the plan still meets the company’s needs. The company is considering switching to AWS Enterprise Support.
Which additional benefit will the company receive with AWS Enterprise Support?
- A . A full set of AWS Trusted Advisor checks
- B . Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week
- C . A designated technical account manager (TAM) to assist in monitoring and optimization
- D . A consultative review and architecture guidance for the company’s applications
Correct Answer: C
C
Explanation:
AWS Enterprise Support provides customers with a designated technical account manager (TAM) who is a single point of contact for all technical and operational issues. The TAM provides consultative architectural and operational guidance delivered in thecontext of the customer’s applications and use-cases to help them achieve the greatest value from AWS. The TAM also helps customers with proactive services, such as strategic business reviews, security improvement programs, guided Well-Architected reviews, cost optimization workshops, and more1.
A full set of AWS Trusted Advisor checks is not an additional benefit of AWS Enterprise Support, as it is also included in the AWS Business Support plan2. AWS Trusted Advisor is a tool that provides best practice recommendations for cost optimization, performance, security, fault tolerance, and service limits.
Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week is not an additional benefit of AWS Enterprise Support, as it is also included in the AWS Business Support plan2. Cloud support engineers can help customers with technical issues, such as troubleshooting, configuration, usage, and service features.
A consultative review and architecture guidance for the company’s applications is not an additional benefit of AWS Enterprise Support, as it is also included in the AWS Business Support plan2. Customers can request a consultative review from a solutions architect who will provide best practices and recommendations based on the customer’s use-cases and goals.
C
Explanation:
AWS Enterprise Support provides customers with a designated technical account manager (TAM) who is a single point of contact for all technical and operational issues. The TAM provides consultative architectural and operational guidance delivered in thecontext of the customer’s applications and use-cases to help them achieve the greatest value from AWS. The TAM also helps customers with proactive services, such as strategic business reviews, security improvement programs, guided Well-Architected reviews, cost optimization workshops, and more1.
A full set of AWS Trusted Advisor checks is not an additional benefit of AWS Enterprise Support, as it is also included in the AWS Business Support plan2. AWS Trusted Advisor is a tool that provides best practice recommendations for cost optimization, performance, security, fault tolerance, and service limits.
Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week is not an additional benefit of AWS Enterprise Support, as it is also included in the AWS Business Support plan2. Cloud support engineers can help customers with technical issues, such as troubleshooting, configuration, usage, and service features.
A consultative review and architecture guidance for the company’s applications is not an additional benefit of AWS Enterprise Support, as it is also included in the AWS Business Support plan2. Customers can request a consultative review from a solutions architect who will provide best practices and recommendations based on the customer’s use-cases and goals.
Question #36
A company wants to push VPC Flow Logs to an Amazon S3 bucket.
A company wants to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances.
Which AWS purchasing option should the company choose to meet these requirements?
- A . Dedicated Hosts
- B . Compute Savings Plans
- C . Reserved Instances
- D . Spot Instances
Correct Answer: B
B
Explanation:
Compute Savings Plans are a flexible and cost-effective way to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances. With Compute Savings Plans, customers can commit to a consistent amount of compute usage (measured in $/hour) for a 1-year or 3-year termand receive a discount of up to 66% compared to On-Demand prices3. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to the customer’s use. They are suitable for customers who have specific server-bound software licenses or compliance requirements4. Reserved Instances are a pricing model that provides a significant discount (up to 75%) compared to On-Demand pricing and a capacity reservation for EC2 instances. They are available in 1-year or 3-year terms and different payment options5. Spot Instances are spare EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for customers who have flexible start and end times, can withstand interruptions, and can handle excess capacity.
B
Explanation:
Compute Savings Plans are a flexible and cost-effective way to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances. With Compute Savings Plans, customers can commit to a consistent amount of compute usage (measured in $/hour) for a 1-year or 3-year termand receive a discount of up to 66% compared to On-Demand prices3. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to the customer’s use. They are suitable for customers who have specific server-bound software licenses or compliance requirements4. Reserved Instances are a pricing model that provides a significant discount (up to 75%) compared to On-Demand pricing and a capacity reservation for EC2 instances. They are available in 1-year or 3-year terms and different payment options5. Spot Instances are spare EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for customers who have flexible start and end times, can withstand interruptions, and can handle excess capacity.
Question #37
Which AWS service can defend against DDoS attacks?
- A . AWS Firewall Manager
- B . AWS Shield Standard
- C . AWS WAF
- D . Amazon Inspector
Correct Answer: B
B
Explanation:
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It automatically detects and mitigates the most common and frequently occurring network and transport layer DDoS attacks that target AWS resources, such as Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS Firewall Manager is a service that allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced protections, and Amazon VPC security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.
B
Explanation:
AWS Shield Standard is a service that provides protection against Distributed Denial of Service (DDoS) attacks for all AWS customers at no additional charge. It automatically detects and mitigates the most common and frequently occurring network and transport layer DDoS attacks that target AWS resources, such as Amazon EC2 instances, Elastic Load Balancers, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. AWS Firewall Manager is a service that allows users to centrally configure and manage firewall rules across their AWS accounts and resources, such as AWS WAF web ACLs, AWS Shield Advanced protections, and Amazon VPC security groups. AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. It analyzes the behavior of the applications and checks for vulnerabilities, exposures, and deviations from best practices.
Question #38
A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.
Which AWS services will meet these requirements? (Select TWO)
- A . Amazon Athena
- B . Amazon RDS
- C . Amazon EC2
- D . Amazon DynamoDB
- E . Amazon Aurora
Correct Answer: B,E
B,E
Explanation:
Amazon RDS and Amazon Aurora are both managed AWS services that support the PostgreSQL database engine. Amazon RDS makes it easier to set up, operate, and scale PostgreSQL deployments on the cloud, while Amazon Aurora is a cloud-native database engine that is compatible with PostgreSQL and offers higher performance and availability. Amazon Athena is a serverless query service that does not support PostgreSQL, but can analyze data in Amazon S3 using standard SQL. Amazon EC2 is a compute service that allows users to launch virtual machines, but does not provide any database management features. Amazon DynamoDB is a NoSQL database service that is not compatible with PostgreSQL, but offers fast and consistent performance at any scale.
Reference: Hosted PostgreSQL – Amazon RDS for PostgreSQL – AWS, Amazon RDS for PostgreSQL – Amazon Relational Database Service, AWS PostgreSQL: Managed or Self-Managed? – NetApp, AWS Announces Amazon Aurora Supports PostgreSQL 12 – InfoQ, Amazon Aurora vs PostgreSQL | What are the differences? – StackShare
B,E
Explanation:
Amazon RDS and Amazon Aurora are both managed AWS services that support the PostgreSQL database engine. Amazon RDS makes it easier to set up, operate, and scale PostgreSQL deployments on the cloud, while Amazon Aurora is a cloud-native database engine that is compatible with PostgreSQL and offers higher performance and availability. Amazon Athena is a serverless query service that does not support PostgreSQL, but can analyze data in Amazon S3 using standard SQL. Amazon EC2 is a compute service that allows users to launch virtual machines, but does not provide any database management features. Amazon DynamoDB is a NoSQL database service that is not compatible with PostgreSQL, but offers fast and consistent performance at any scale.
Reference: Hosted PostgreSQL – Amazon RDS for PostgreSQL – AWS, Amazon RDS for PostgreSQL – Amazon Relational Database Service, AWS PostgreSQL: Managed or Self-Managed? – NetApp, AWS Announces Amazon Aurora Supports PostgreSQL 12 – InfoQ, Amazon Aurora vs PostgreSQL | What are the differences? – StackShare
Question #39
A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.
Which S3 feature should the company use to meet these requirements?
- A . S3 Lifecycle rules
- B . S3 Versioning
- C . S3 bucket policies
- D . S3 server-side encryption
Correct Answer: B
B
Explanation:
S3 Versioning is a feature that allows you to keep multiple versions of an object in the same bucket. You can use S3 Versioning to protect your data from accidental deletion or overwriting by enabling it on a bucket or a specific object. S3 Versioning also allows you to restore previous versions of an object if needed. S3 Lifecycle rules are used to automate the transition of objects between storage classes or to expire objects after a certain period of time. S3 bucket policies are used to control access to the objects in a bucket. S3 server-side encryption is used toencrypt the data at rest in S3.
Reference: S3 Versioning, S3 Lifecycle rules, S3 bucket policies, S3 server-side encryption
B
Explanation:
S3 Versioning is a feature that allows you to keep multiple versions of an object in the same bucket. You can use S3 Versioning to protect your data from accidental deletion or overwriting by enabling it on a bucket or a specific object. S3 Versioning also allows you to restore previous versions of an object if needed. S3 Lifecycle rules are used to automate the transition of objects between storage classes or to expire objects after a certain period of time. S3 bucket policies are used to control access to the objects in a bucket. S3 server-side encryption is used toencrypt the data at rest in S3.
Reference: S3 Versioning, S3 Lifecycle rules, S3 bucket policies, S3 server-side encryption
Question #40
A company uses Amazon Aurora as its database service. The company wants to encrypt its databases and database backups.
Which party manages the encryption of the database clusters and database snapshots, according to the AWS shared responsibility model?
- A . AWS
- B . The company
- C . AWS Marketplace partners
- D . Third-party partners
Correct Answer: A
A
Explanation:
AWS manages the encryption of the database clusters and database snapshots for Amazon Aurora, as well as the encryption keys. This is part of the AWS shared responsibility model, where AWS is responsible for the security of the cloud, and the customer is responsible for the security in the cloud. Encryption is one of the security features that AWS provides to protect the data at rest and in transit. For more information, see Amazon Aurora FAQs and AWS Shared Responsibility Model.
A
Explanation:
AWS manages the encryption of the database clusters and database snapshots for Amazon Aurora, as well as the encryption keys. This is part of the AWS shared responsibility model, where AWS is responsible for the security of the cloud, and the customer is responsible for the security in the cloud. Encryption is one of the security features that AWS provides to protect the data at rest and in transit. For more information, see Amazon Aurora FAQs and AWS Shared Responsibility Model.