Practice Free CLF-C02 Exam Online Questions
Question #41
A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections.
Which AWS services can the company use to meet these requirements? (Select TWO.)
- A . Amazon Connect
- B . Amazon AppStream 2.0
- C . Amazon Workspaces
- D . AWS Site-to-Site VPN
- E . Amazon Elastic Container Service (Amazon ECS)
Correct Answer: B,C
B,C
Explanation:
Amazon AppStream 2.0 and Amazon WorkSpaces are AWS services that can be used to provide managed Windows virtual desktops and applications to remote employees over secure network connections. Amazon AppStream 2.0 is a fully managed application streaming service that allows users to access Windows desktop applications from any device, without installing or managing any software. Amazon AppStream 2.0 delivers applications over an encrypted connection and isolates them from the underlying infrastructure, ensuring security and compliance1. Amazon WorkSpaces is a fully managed desktop virtualization service that allows users to access Windows or Linux desktops from any device, with a consistent user experience. Amazon WorkSpaces provides persistent, cloud-based virtual desktops that can be customized and scaled according to the user’s needs. Amazon WorkSpaces also offers encryption, backup, and monitoring features to ensure security and reliability2.
Reference: Amazon AppStream 2.0 Amazon WorkSpaces
B,C
Explanation:
Amazon AppStream 2.0 and Amazon WorkSpaces are AWS services that can be used to provide managed Windows virtual desktops and applications to remote employees over secure network connections. Amazon AppStream 2.0 is a fully managed application streaming service that allows users to access Windows desktop applications from any device, without installing or managing any software. Amazon AppStream 2.0 delivers applications over an encrypted connection and isolates them from the underlying infrastructure, ensuring security and compliance1. Amazon WorkSpaces is a fully managed desktop virtualization service that allows users to access Windows or Linux desktops from any device, with a consistent user experience. Amazon WorkSpaces provides persistent, cloud-based virtual desktops that can be customized and scaled according to the user’s needs. Amazon WorkSpaces also offers encryption, backup, and monitoring features to ensure security and reliability2.
Reference: Amazon AppStream 2.0 Amazon WorkSpaces
Question #42
Which tasks are the responsibility of AWS according to the AWS shared responsibility model? (Select TWO.)
- A . Configure AWS Identity and Access Management (IAM).
- B . Configure security groups on Amazon EC2 instances.
- C . Secure the access of physical AWS facilities.
- D . Patch applications that run on Amazon EC2 instances.
- E . Perform infrastructure patching and maintenance.
Correct Answer: C,E
C,E
Explanation:
The tasks that are the responsibility of AWS according to the AWS shared responsibility model are securing the access of physical AWS facilities and performing infrastructure patching and maintenance. The AWS shared responsibility model defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the physical security of the hardware, software, networking, and facilities that run the AWS services. AWS is also responsible for the maintenance and patching of the infrastructure that supports the AWS services. The customer is responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications that they use. Configuring AWS Identity and Access Management (IAM), configuring security groups on Amazon EC2 instances, and patching applications that run on Amazon EC2 instances are tasks that are the responsibility of the customer, not AWS.
C,E
Explanation:
The tasks that are the responsibility of AWS according to the AWS shared responsibility model are securing the access of physical AWS facilities and performing infrastructure patching and maintenance. The AWS shared responsibility model defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the physical security of the hardware, software, networking, and facilities that run the AWS services. AWS is also responsible for the maintenance and patching of the infrastructure that supports the AWS services. The customer is responsible for the security in the cloud, which includes the configuration and management of the AWS resources and applications that they use. Configuring AWS Identity and Access Management (IAM), configuring security groups on Amazon EC2 instances, and patching applications that run on Amazon EC2 instances are tasks that are the responsibility of the customer, not AWS.
Question #43
A company needs to apply security rules to specific Amazon EC2 instances.
Which AWS service or feature provides this functionality?
- A . AWS Shield
- B . Network ACLs
- C . Security groups
- D . AWS Firewall Manager
Correct Answer: C
C
Explanation:
Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. You can use security groups to set rules that allow or deny traffic to or from your instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.
C
Explanation:
Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. You can use security groups to set rules that allow or deny traffic to or from your instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.
Question #44
A company is using multiple AWS accounts for different business teams. The finance team wants to receive one bill for all of the company’s accounts.
Which AWS service or tool should the finance team use to meet this requirement?
- A . AWS Organizations
- B . AWS Trusted Advisor
- C . Cost Explorer
- D . AWS Budgets
Correct Answer: A
A
Explanation:
AWS Organizationsis a service that helps users centrally manage and govern multiple AWS accounts. With AWS Organizations, a company can consolidate billing and receive a single bill for all AWS accounts under an organization, making it easier for the finance team to track costs.
Why other options are not suitable:
B. AWS Trusted Advisor: Provides real-time guidance to help optimize AWS resources, not for consolidated billing.
C. Cost Explorer: A tool for visualizing and managing AWS costs and usage, but it does not consolidate billing.
D. AWS Budgets: Allows setting custom budgets and alerts but does not consolidate billing across accounts.
Reference: AWS Organizations Documentation
A
Explanation:
AWS Organizationsis a service that helps users centrally manage and govern multiple AWS accounts. With AWS Organizations, a company can consolidate billing and receive a single bill for all AWS accounts under an organization, making it easier for the finance team to track costs.
Why other options are not suitable:
B. AWS Trusted Advisor: Provides real-time guidance to help optimize AWS resources, not for consolidated billing.
C. Cost Explorer: A tool for visualizing and managing AWS costs and usage, but it does not consolidate billing.
D. AWS Budgets: Allows setting custom budgets and alerts but does not consolidate billing across accounts.
Reference: AWS Organizations Documentation
Question #45
Which AWS service is used for content delivery and caching?
- A . AWS Lambda
- B . Amazon S3
- C . Amazon EC2
- D . Amazon CloudFront
Correct Answer: D
Question #46
A cloud engineer wants to know the percentage of the allocated compute units that are in use for a specific Amazon EC2 instance.
Which AWS service can provide this information?
- A . AWS CloudTrail
- B . AWS Config
- C . Amazon CloudWatch
- D . AWS Artifact
Correct Answer: C
C
Explanation:
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers
C
Explanation:
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers
Question #47
A company operates a petabyte-scale data warehouse to analyze its dat
a. The company wants a solution that will not require manual hardware and software management.
Which AWS service will meet these requirements?
- A . Amazon DocumentDB (with MongoDB compatibility)
- B . Amazon Redshift
- C . Amazon Neptune
- D . Amazon ElastiCache
Correct Answer: B
B
Explanation:
Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools. You can start small with no commitments, and scale to petabytes for less than a tenth of the cost of traditional solutions. Amazon Redshift does not require manual hardware and software management, as AWS handles all the tasks such as provisioning, patching, backup, recovery, failure detection, and repair12. Amazon Redshift also offers serverless capabilities, which allow you to access and analyze data without any configurations or capacity planning. Amazon Redshift automatically scales the data warehouse capacity to deliver fast performance for even the most demanding and unpredictable workloads3. Therefore, Amazon Redshift meets the requirements of the company, compared to the other options.
The other options are not suitable for the company’s requirements, because:
Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. It is not designed for petabyte-scale data warehousing or analytics4.
Amazon Neptune is a fast, reliable, and fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. It is not designed for petabyte-scale data warehousing or analytics5.
Amazon ElastiCache is a fully managed in-memory data store and cache service that supports Redis
and Memcached. It is not designed for petabyte-scale data warehousing or analytics.
What is Amazon Redshift? – Amazon Redshift
Amazon Redshift Features – Amazon Redshift
Amazon Redshift Serverless – Amazon Redshift
What Is Amazon DocumentDB (with MongoDB compatibility)? – Amazon DocumentDB (with MongoDB compatibility)
What Is Amazon Neptune? – Amazon Neptune
[What Is Amazon ElastiCache for Redis? – Amazon ElastiCache for Redis]
B
Explanation:
Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse service that makes it simple and cost-effective to analyze all your data using your existing business intelligence tools. You can start small with no commitments, and scale to petabytes for less than a tenth of the cost of traditional solutions. Amazon Redshift does not require manual hardware and software management, as AWS handles all the tasks such as provisioning, patching, backup, recovery, failure detection, and repair12. Amazon Redshift also offers serverless capabilities, which allow you to access and analyze data without any configurations or capacity planning. Amazon Redshift automatically scales the data warehouse capacity to deliver fast performance for even the most demanding and unpredictable workloads3. Therefore, Amazon Redshift meets the requirements of the company, compared to the other options.
The other options are not suitable for the company’s requirements, because:
Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads. It is not designed for petabyte-scale data warehousing or analytics4.
Amazon Neptune is a fast, reliable, and fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. It is not designed for petabyte-scale data warehousing or analytics5.
Amazon ElastiCache is a fully managed in-memory data store and cache service that supports Redis
and Memcached. It is not designed for petabyte-scale data warehousing or analytics.
What is Amazon Redshift? – Amazon Redshift
Amazon Redshift Features – Amazon Redshift
Amazon Redshift Serverless – Amazon Redshift
What Is Amazon DocumentDB (with MongoDB compatibility)? – Amazon DocumentDB (with MongoDB compatibility)
What Is Amazon Neptune? – Amazon Neptune
[What Is Amazon ElastiCache for Redis? – Amazon ElastiCache for Redis]
Question #48
An ecommerce company plans to move its data center workload to the AWS Cloud to support highly dynamic usage patterns.
Which benefits make the AWS Cloud cost-effective for the migration of this type of workload? (Select TWO.)
- A . Reliability
- B . Security
- C . Elasticity
- D . Pay-as-you-go resource pricing
- E . High availability
Correct Answer: C,D
C,D
Explanation:
The AWS Cloud is cost-effective for dynamic workloads because of its elasticity, allowing resources to scale up or down based on demand, and its pay-as-you-go pricing, which enables companies to pay only for what they use. Reliability, security, and high availability are also benefits of AWS, but they do not specifically relate to cost-effectiveness in the context of dynamic workloads.
C,D
Explanation:
The AWS Cloud is cost-effective for dynamic workloads because of its elasticity, allowing resources to scale up or down based on demand, and its pay-as-you-go pricing, which enables companies to pay only for what they use. Reliability, security, and high availability are also benefits of AWS, but they do not specifically relate to cost-effectiveness in the context of dynamic workloads.
Question #49
Which AWS network services or features allow Cl DR block notation when providing an IP address range? (Select TWO.)
- A . Security groups
- B . Amazon Machine Image (AMI)
- C . Network access control list (network ACL)
- D . AWS Budgets
- E . Amazon Elastic Block Store (Amazon EBS)
Correct Answer: A,C
A,C
Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied
A,C
Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied
Question #50
Which task can a user complete by using AWS Identity and Access Management (IAM)?
- A . Validate JSON syntax from an application configuration file.
- B . Analyze logs from an Amazon API Gateway call.
- C . Filter traffic to or from an Amazon EC2 instance.
- D . Grant permissions to applications that run on Amazon EC2 instances.
Correct Answer: D