Practice Free CLF-C02 Exam Online Questions
Question #41
What is an AWS responsibility under the AWS shared responsibility model?
- A . Configure the security group rules that determine which ports are open on an Amazon EC2 Linux instance.
- B . Ensure the security of the internal network in the AWS data centers.
- C . Patch the guest operating system with the latest security patches on Amazon EC2.
- D . Turn on server-side encryption for Amazon S3 buckets. A company wants to deploy its critical application on AWS and maintain high availability.
Correct Answer: B
B
Explanation:
Under the AWS shared responsibility model, AWS is responsible for ensuring the security of the internal network in the AWS data centers, as well as the physical security of the hardware and facilities that run AWS services. AWS customers are responsible for configuring the security group rules that determine which ports are open on an EC2 Linux instance, patching the guest operating system with the latest security patches on EC2, and turning on server-side encryption for S3 buckets. Source: AWS Shared Responsibility Model
B
Explanation:
Under the AWS shared responsibility model, AWS is responsible for ensuring the security of the internal network in the AWS data centers, as well as the physical security of the hardware and facilities that run AWS services. AWS customers are responsible for configuring the security group rules that determine which ports are open on an EC2 Linux instance, patching the guest operating system with the latest security patches on EC2, and turning on server-side encryption for S3 buckets. Source: AWS Shared Responsibility Model
Question #42
An ecommerce company wants to design a highly available application that will be hosted on multiple Amazon EC2 instances.
How should the company deploy the EC2 instances to meet these requirements?
- A . Across multiple edge locations
- B . Across multiple VPCs
- C . Across multiple Availability Zones
- D . Across multiple AWS accounts
Correct Answer: C
C
Explanation:
The company should deploy the EC2 instances across multiple Availability Zones to design a highly available application. Availability Zones are isolated locations within an AWS Region that are engineered to be fault-tolerant and operate independently of each other. By deploying the EC2 instances across multiple Availability Zones, the company can ensure that their application can withstand the failure of an entire Availability Zone and continue to operate with minimal disruption. Deploying the EC2 instances across multiple edge locations, VPCs, or AWS accounts will not provide the same level of availability and fault tolerance as Availability Zones. Edge locations are part of the Amazon CloudFront service, which is a content delivery network (CDN) that caches and serves webcontent to users. VPCs are virtual networks that isolate the AWS resources within an AWS Region. AWS accounts are the primary units of ownership and access control for AWS resources12
C
Explanation:
The company should deploy the EC2 instances across multiple Availability Zones to design a highly available application. Availability Zones are isolated locations within an AWS Region that are engineered to be fault-tolerant and operate independently of each other. By deploying the EC2 instances across multiple Availability Zones, the company can ensure that their application can withstand the failure of an entire Availability Zone and continue to operate with minimal disruption. Deploying the EC2 instances across multiple edge locations, VPCs, or AWS accounts will not provide the same level of availability and fault tolerance as Availability Zones. Edge locations are part of the Amazon CloudFront service, which is a content delivery network (CDN) that caches and serves webcontent to users. VPCs are virtual networks that isolate the AWS resources within an AWS Region. AWS accounts are the primary units of ownership and access control for AWS resources12
Question #43
Which AWS service or feature provides log information of the inbound and outbound traffic on network interfaces in a VPC?
- A . Amazon CloudWatch Logs
- B . AWS CloudTrail
- C . VPC Flow Logs
- D . AWS Identity and Access Management (IAM)
Correct Answer: C
C
Explanation:
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to the following locations: Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. You can use VPC Flow Logs to monitor network traffic, diagnose security issues, troubleshoot connectivity problems, and perform network forensics1.
Reference: Logging IP traffic using VPC Flow Logs – Amazon Virtual Private Cloud
C
Explanation:
VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to the following locations: Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. You can use VPC Flow Logs to monitor network traffic, diagnose security issues, troubleshoot connectivity problems, and perform network forensics1.
Reference: Logging IP traffic using VPC Flow Logs – Amazon Virtual Private Cloud
Question #44
A developer wants to deploy an application quickly on AWS without manually creating the required resources.
Which AWS service will meet these requirements?
- A . Amazon EC2
- B . AWS Elastic Beanstalk
- C . AWS CodeBuild
- D . Amazon Personalize
Correct Answer: B
B
Explanation:
AWS Elastic Beanstalk is a service that allows you to deploy and manage applications on AWS without manually creating and configuring the required resources, such as EC2 instances, load balancers, security groups, databases, and more. AWS Elastic Beanstalk automatically handles the provisioning, scaling, load balancing, health monitoring, and updating of your application, while giving you full control over the underlying AWS resources if needed. AWS Elastic Beanstalk supports a variety of platforms and languages, such as Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker. You can use the AWS Management Console, the AWS CLI, the AWS SDKs, or the AWS Elastic Beanstalk API to create and manage your applications. You can also use AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline to integrate AWS Elastic Beanstalk with your development and deployment workflows12
B
Explanation:
AWS Elastic Beanstalk is a service that allows you to deploy and manage applications on AWS without manually creating and configuring the required resources, such as EC2 instances, load balancers, security groups, databases, and more. AWS Elastic Beanstalk automatically handles the provisioning, scaling, load balancing, health monitoring, and updating of your application, while giving you full control over the underlying AWS resources if needed. AWS Elastic Beanstalk supports a variety of platforms and languages, such as Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker. You can use the AWS Management Console, the AWS CLI, the AWS SDKs, or the AWS Elastic Beanstalk API to create and manage your applications. You can also use AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline to integrate AWS Elastic Beanstalk with your development and deployment workflows12
Question #45
To assist companies with Payment Card Industry Data Security Standard (PCI DSS) compliance in the cloud. AWS provides:
- A . physical inspections of data centers by appointment.
- B . required PCI compliance certifications for any application running on AWS.
- C . an AWS Attestation of Compliance (AOC) report for specific AWS services.
- D . professional PCI compliance services.
Correct Answer: C
C
Explanation:
AWS provides an Attestation of Compliance (AOC) report for specific AWS services to assist companies in achieving Payment Card Industry Data Security Standard (PCI DSS) compliance in the cloud. This report demonstrates that AWS services meet the necessary PCI DSS requirements. AWS does not offer physical inspections of data centers by appointment, nor does it provide certifications for any application running on AWS. Additionally, AWS does not provide professional PCI compliance services; companies must manage their PCI compliance in their environment.
C
Explanation:
AWS provides an Attestation of Compliance (AOC) report for specific AWS services to assist companies in achieving Payment Card Industry Data Security Standard (PCI DSS) compliance in the cloud. This report demonstrates that AWS services meet the necessary PCI DSS requirements. AWS does not offer physical inspections of data centers by appointment, nor does it provide certifications for any application running on AWS. Additionally, AWS does not provide professional PCI compliance services; companies must manage their PCI compliance in their environment.
Question #46
A company has an online shopping website and wants to store customers’ credit card dat a. The company must meet Payment Card Industry (PCI) standards.
Which service can the company use to access AWS compliance documentation?
- A . Amazon Cloud Directory
- B . AWS Artifact
- C . AWS Trusted Advisor
- D . Amazon Inspector
Correct Answer: B
B
Explanation:
The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security vulnerabilities and deviations from best practices in their Amazon EC2 instances.
Reference: [AWS Artifact FAQs]
B
Explanation:
The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security vulnerabilities and deviations from best practices in their Amazon EC2 instances.
Reference: [AWS Artifact FAQs]
Question #47
A company is releasing a business-critical application. Before the release, the company needs strategic planning assistance from AWS. During the release, the company needs AWS infrastructure event management and real-time support.
What should the company do to meet these requirement?
- A . Access AWS Trusted Advisor.
- B . Contact the AWS Partner Network (APN).
- C . Sign up for AWS Enterprise Support.
- D . Contact AWS Professional Services.
Correct Answer: C
C
Explanation:
AWS Enterprise Support provides strategic planning assistance, infrastructure event management, and real-time support, which are necessary for business-critical applications. Trusted Advisor and APN do not offer direct strategic support, and while AWS Professional Services can assist with complex solutions, Enterprise Support specifically includes ongoing operational support and event management.
C
Explanation:
AWS Enterprise Support provides strategic planning assistance, infrastructure event management, and real-time support, which are necessary for business-critical applications. Trusted Advisor and APN do not offer direct strategic support, and while AWS Professional Services can assist with complex solutions, Enterprise Support specifically includes ongoing operational support and event management.
Question #48
What is the total volume of data that can be stored in Amazon S3?
- A . 10 PB
- B . 50 PB
- C . 100 PB
- D . Virtually unlimited
Correct Answer: D
D
Explanation:
Amazon S3 offers virtually unlimited storage, allowing customers to store and retrieve any amount of data. There are no practical limits to the total volume of data that can be stored in S3, making it suitable for applications that require vast amounts of storage. The options of 10 PB, 50 PB, and 100 PB are incorrect as they do not reflect the actual scale of S3.
D
Explanation:
Amazon S3 offers virtually unlimited storage, allowing customers to store and retrieve any amount of data. There are no practical limits to the total volume of data that can be stored in S3, making it suitable for applications that require vast amounts of storage. The options of 10 PB, 50 PB, and 100 PB are incorrect as they do not reflect the actual scale of S3.
Question #49
A company needs to reserve a certain amount of Amazon EC2 compute resources in a specific Availability Zone within an AWS Region.
Which purchasing option should the company use to meet this requirement?
- A . EC2 Instance Savings Plans
- B . Compute Savings Plans
- C . Regional Reserved Instances
- D . Zonal Reserved Instances
Correct Answer: D
Question #50
Which AWS Support plan is the minimum recommended tier for users who have production workloads on AWS?
- A . AWS Developer Support
- B . AWS Enterprise Support
- C . AWS Business Support
- D . AWS Enterprise On-Ramp Support
Correct Answer: C
C
Explanation:
AWS Business Support is the minimum recommended tier for users who have production workloads on AWS. AWS Business Support provides 24×7 access to cloud support engineers via phone, chat, or email, as well as a guaranteed response time of less than one hour for urgent issues. AWS Business Support also includes access to AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your resources following AWS best practices4.
C
Explanation:
AWS Business Support is the minimum recommended tier for users who have production workloads on AWS. AWS Business Support provides 24×7 access to cloud support engineers via phone, chat, or email, as well as a guaranteed response time of less than one hour for urgent issues. AWS Business Support also includes access to AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your resources following AWS best practices4.