Practice Free CLF-C02 Exam Online Questions
Which AWS service or feature can the company use to limit the access to AWS services for member accounts?
- A . AWS Identity and Access Management (IAM)
- B . Service control policies (SCPs)
- C . Organizational units (OUs)
- D . Access control lists (ACLs)
B
Explanation:
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines2. SCPs are available only in an organization that has all features enabled2.
A company needs to run some of its workloads on premises to comply with regulatory guidelines. The company wants to use the AWS Cloud to run workloads that are not required to be on premises. The company also wants to be able to use the same API calls for the on-premises workloads and the cloud workloads.
Which AWS service or feature should the company use to meet these requirements?
- A . Dedicated Hosts
- B . AWS Outposts
- C . Availability Zones
- D . AWS Wavelength
B
Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience1. AWS Outposts enables customers to run workloads on premises using the same AWS APIs, tools, and services that they use in the cloud2. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to a customer’s use3. Availability Zones are one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities within an AWS Region4. AWS Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications.
Which AWS services or features give users the ability to create a network connection between two VPCs? (Select TWO.)
- A . VPC endpoints
- B . Amazon Route 53
- C . VPC peering
- D . AWS Direct Connect
- E . AWS Transit Gateway
C,E
Explanation:
VPC peering and AWS Transit Gateway are two AWS services or features that give users the ability to create a network connection between two VPCs. VPC peering is a networking connection between two VPCs that enables you to route traffic between them privately. You can create a VPC peering connection between your own VPCs, with a VPC in another AWS account, or with a VPC in a different AWS Region. Traffic between peered VPCs never traverses the public internet. VPC peering does not support transitive peering relationships, which means that if VPC A is peered with VPC B, and VPC B is peered with VPC C, then VPC A and VPC C are not automatically peered789. AWS Transit Gateway is a networking service that acts as a regional router for your VPCs and on-premises networks. You can attach up to 5,000 VPCs and VPN connections to a single transit gateway and route traffic between them. AWS Transit Gateway simplifies the management and scalability of your network architecture, as you only need to create and manage a single connection from the central transit gateway to each connected network. AWS Transit Gateway supports transitive routing, which means that any network thatis attached to the transit gateway can communicate with any other network that is attached to the same transit gateway.
Reference: 7: VPC peering – Amazon Virtual Private Cloud, 8: Connect VPCs using VPC peering – Amazon Virtual Private Cloud, 9: Amazon VPC-to-Amazon VPC connectivity options – Amazon Virtual Private Cloud, : [AWS Transit Gateway – Amazon Web Services], : [Connect VPCs using AWS Transit Gateway – Amazon Virtual Private Cloud], : [AWS Transit Gateway: Simplify Your Network Architecture]
Which of the following are user authentication services managed by AWS? (Select TWO.)
- A . Amazon Cognito
- B . AWS Lambda
- C . AWS License Manager
- D . AWS Identity and Access Management (IAM)
- E . AWS CodeStar
A,D
Explanation:
The user authentication services managed by AWS are: Amazon Cognito and AWS Identity and Access Management (IAM). These services help users securely manage and control access to their AWS resources and applications. Amazon Cognito is a service that provides user sign-up, sign-in, and access control for web and mobile applications. Amazon Cognito supports various identity providers, such as Facebook, Google, and Amazon, as well as custom user pools. AWS IAM is a service that enables users to create and manage users, groups, roles, and permissions for AWS services and resources. AWS IAM supports various authentication methods, such as passwords, access keys, and multi-factor authentication (MFA)
A company’s IT administrator needs to configure the AWS CLI for programmatic access to AWS services for the company’s employees.
Which combination of credential components must the IT administrator use to meet this requirement? (Select TWO.)
- A . A public key
- B . A secret access key
- C . An IAM role
- D . An access key ID
- E . A private key
A company is migrating its public website to AWS. The company wants to host the domain name for the website on AWS.
Which AWS service should the company use to meet this requirement?
- A . AWS Lambda
- B . Amazon Route 53
- C . Amazon CloudFront
- D . AWS Direct Connect
B
Explanation:
Amazon Route 53 is a scalable Domain Name System (DNS) web service that routes end-user requests to infrastructure running in AWS. It is specifically designed to host domain names and manage DNS records, making it the ideal service for hosting the domain name of a public website. AWS Lambda, CloudFront, and Direct Connect serve different functions and are not DNS hosting services.
A company deploys its application on Amazon EC2 instances. The application occasionally experiences sudden increases in demand. The company wants to ensure that its application can respond to changes in demand at the lowest possible cost.
Which AWS service or tool will meet these requirements?
- A . AWS Auto Scaling
- B . AWS Compute Optimizer
- C . AWS Cost Explorer
- D . AWS Well-Architected Framework
A
Explanation:
AWS Auto Scaling is the AWS service or tool that will meet the requirements of ensuring that the application can respond to changes in demand at the lowest possible cost. AWS Auto Scaling allows users to automatically adjust the number of Amazon EC2 instances based on the application’s performance and availability needs. AWS Auto Scaling can also optimize costs by helping users select the most cost-effective EC2 instances for their application1
A company has two AWS accounts in an organization in AWS Organizations for consolidated billing.
All of the company’s AWS resources are hosted in one AWS Region.
Account A has purchased five Amazon EC2 Standard Reserved Instances (RIs) and has four EC2 instances running. Account B has not purchased any RIs and also has four EC2 instances running.
Which statement is true regarding pricing for these eight instances?
- A . The eight instances will be charged as regular instances.
- B . Four instances will be charged as RIs, and four will be charged as regular instances.
- C . Five instances will be charged as RIs, and three will be charged as regular instances.
- D . The eight instances will be charged as RIs.
B
Explanation:
The statement that is true regarding pricing for these eight instances is: four instances will be charged as RIs, and four will be charged as regular instances. Amazon EC2 Reserved Instances (RIs) are a pricing model that allows users to reserve EC2 instances for a specific term and benefit from discounted hourly rates and capacity reservation. RIs are purchased for a specific AWS Region, and can be shared across multiple accounts in an organization in AWS Organizations for consolidated billing. However, RIs are applied on a first-come, first-served basis, and there is no guarantee that all instances in the organization will be charged at the RI rate. In this case, Account A has purchased five RIs and has four instances running, so all four instances will be charged at the RI rate. Account B has not purchased any RIs and also has four instances running, so all four instances will be charged at the regular rate. The remaining RI in Account A will not be applied to any instance in Account B, and will be wasted.
Which AWS service provides machine learning capability to detect and analyze content in images and videos?
- A . Amazon Connect
- B . Amazon Lightsail
- C . Amazon Personalize
- D . Amazon Rekognition
D
Explanation:
Amazon Rekognition provides machine learning capabilities to analyze images and videos, enabling the detection of objects, people, text, and scenes. It is designed specifically for image and video analysis, making it suitable for various use cases like facial recognition and content moderation. Other services like Amazon Connect, Lightsail, and Personalize do not offer image or video analysis capabilities.
A cloud practitioner wants a repeatable way to deploy identical AWS resources by using infrastructure templates.
Which AWS service will meet these requirements?
- A . AWS CloudFormation
- B . AWS Directory Service
- C . Amazon Lightsail
- D . AWS CodeDeploy