Practice Free CLF-C02 Exam Online Questions
Question #81
A company wants to deploy a web application as a containerized application. The company wants to use a managed service that can automatically create container images from source code and deploy the containerized application.
Which AWS service will meet these requirements?
- A . AWS Elastic Beanstalk
- B . Amazon Elastic Container Service (Amazon ECS)
- C . AWS App Runner
- D . Amazon EC2
Correct Answer: C
C
Explanation:
AWS App Runneris a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs at scale. It can automatically build container images from source code or directly from a container registry, and then deploy the application without requiring
deep container knowledge or expertise.
AWS App Runner meets the requirements of:
Automatically creating container images from source code.
Managing the deployment of the containerized application with minimal operational overhead.
Why other options are not suitable:
C
Explanation:
AWS App Runneris a fully managed service that makes it easy for developers to quickly deploy containerized web applications and APIs at scale. It can automatically build container images from source code or directly from a container registry, and then deploy the application without requiring
deep container knowledge or expertise.
AWS App Runner meets the requirements of:
Automatically creating container images from source code.
Managing the deployment of the containerized application with minimal operational overhead.
Why other options are not suitable:
Question #82
A company wants to provision and manage its AWS infrastructure by using the common programming languages TypeScript, Python, Java, and .NET.
Which h AWS service will meet this requirement?
- A . AWS CodeBuild
- B . AWS CloudFormation
- C . AWSCLI
- D . AWS Cloud Development Kit (AWS CDK)
Correct Answer: D
D
Explanation:
AWS Cloud Development Kit (AWS CDK) is an open source software development framework that allows you to model and provision your cloud infrastructure using familiar programming languages such as TypeScript, Python, Java, and .NET. AWS CDK enables you to use the expressive power of your favorite language to define your cloud resources, such as compute, storage, network, and application services. AWS CDK also provides a library of high-level constructs that represent AWS services and best practices. AWS CDK uses AWS CloudFormation in the background to deploy your resources in a safe and repeatable manner12.
Reference: AWS Cloud Development Kit (CDK) C TypeScript and Python are Now Generally Available AWS Cloud Development Kit (AWS CDK) – Introduction to DevOps on AWS
D
Explanation:
AWS Cloud Development Kit (AWS CDK) is an open source software development framework that allows you to model and provision your cloud infrastructure using familiar programming languages such as TypeScript, Python, Java, and .NET. AWS CDK enables you to use the expressive power of your favorite language to define your cloud resources, such as compute, storage, network, and application services. AWS CDK also provides a library of high-level constructs that represent AWS services and best practices. AWS CDK uses AWS CloudFormation in the background to deploy your resources in a safe and repeatable manner12.
Reference: AWS Cloud Development Kit (CDK) C TypeScript and Python are Now Generally Available AWS Cloud Development Kit (AWS CDK) – Introduction to DevOps on AWS
Question #83
A company wants to use the AWS Cloud to deploy an application globally.
Which architecture deployment model should the company use to meet this requirement?
- A . Multi-Region
- B . Single-Region
- C . Multi-AZ
- D . Single-AZ
Correct Answer: A
A
Explanation:
The architecture deployment model that the company should use to meet this requirement is A.
Multi-Region.
A multi-region deployment model is a cloud computing architecture that distributes an application and its data across multiple geographic regions. A multi-region deployment model enables a company to achieve global reach, high availability, disaster recovery, and performance optimization.By deploying an application inmultiple regions, a company can serve customers from the nearest region, reduce latency, increase redundancy, and comply with data sovereignty regulations12.
A single-region deployment model is a cloud computing architecture that runs an application and its data within a single geographic region. A single-region deployment model is simpler and cheaper than a multi-region deployment model, but it has limited scalability, availability, and performance.A single-region deployment model may notbe suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance12.
A multi-AZ (Availability Zone) deployment model is a cloud computing architecture that distributes an application and its data across multiple isolated locations within a single region. An Availability Zone is a physically separate location within an AWS Region that has independent power, cooling, and networking.A multi-AZ deployment model enhances the availability and durability of an application by providing redundancy and fault tolerance within a region34.
A single-AZ deployment model is a cloud computing architecture that runs an application and its data within a single Availability Zone. A single-AZ deployment model is the simplest and most cost-effective option, but it has no redundancy or fault tolerance.A single-AZ deployment model may not
be suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance34.
Reference: 1:AWS Cloud Computing – W3Schools2:Understand the Different Cloud Computing Deployment Models Unit – Trailhead3:Regions and Availability Zones – Amazon Elastic Compute Cloud4:AWS Reference Architecture Diagrams
A
Explanation:
The architecture deployment model that the company should use to meet this requirement is A.
Multi-Region.
A multi-region deployment model is a cloud computing architecture that distributes an application and its data across multiple geographic regions. A multi-region deployment model enables a company to achieve global reach, high availability, disaster recovery, and performance optimization.By deploying an application inmultiple regions, a company can serve customers from the nearest region, reduce latency, increase redundancy, and comply with data sovereignty regulations12.
A single-region deployment model is a cloud computing architecture that runs an application and its data within a single geographic region. A single-region deployment model is simpler and cheaper than a multi-region deployment model, but it has limited scalability, availability, and performance.A single-region deployment model may notbe suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance12.
A multi-AZ (Availability Zone) deployment model is a cloud computing architecture that distributes an application and its data across multiple isolated locations within a single region. An Availability Zone is a physically separate location within an AWS Region that has independent power, cooling, and networking.A multi-AZ deployment model enhances the availability and durability of an application by providing redundancy and fault tolerance within a region34.
A single-AZ deployment model is a cloud computing architecture that runs an application and its data within a single Availability Zone. A single-AZ deployment model is the simplest and most cost-effective option, but it has no redundancy or fault tolerance.A single-AZ deployment model may not
be suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance34.
Reference: 1:AWS Cloud Computing – W3Schools2:Understand the Different Cloud Computing Deployment Models Unit – Trailhead3:Regions and Availability Zones – Amazon Elastic Compute Cloud4:AWS Reference Architecture Diagrams
Question #84
Which AWS service or feature offers security for a VPC by acting as a firewall to control traffic in and out of subnets?
- A . AWS Security Hub
- B . Security groups
- C . Network ACL
- D . AWSWAF
Correct Answer: C
C
Explanation:
A network access control list (network ACL) is a feature that acts as a firewall for controlling traffic in and out of one or more subnets in a virtual private cloud (VPC). Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols1. AWS Security Hub is a service that provides a comprehensive view of the security posture of AWS accounts and resources2. Security groups are features that act as firewalls for controlling traffic at the instance level3. AWS WAF is a web application firewall that helps protect web applications from common web exploits4.
C
Explanation:
A network access control list (network ACL) is a feature that acts as a firewall for controlling traffic in and out of one or more subnets in a virtual private cloud (VPC). Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols1. AWS Security Hub is a service that provides a comprehensive view of the security posture of AWS accounts and resources2. Security groups are features that act as firewalls for controlling traffic at the instance level3. AWS WAF is a web application firewall that helps protect web applications from common web exploits4.
Question #85
An IT engineer needs to access AWS services from an on-premises application.
Which credentials or keys does the application need for authentication?
- A . AWS account user name and password
- B . IAM access key and secret
- C . Amazon EC2 key pairs
- D . AWS Key Management Service (AWS KMS) keys
Correct Answer: B
B
Explanation:
IAM access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account user name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH. AWS Key Management Service (AWS KMS) keys are used to encrypt and decrypt your data using the AWS Encryption SDK or the AWS CLI.
B
Explanation:
IAM access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account user name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH. AWS Key Management Service (AWS KMS) keys are used to encrypt and decrypt your data using the AWS Encryption SDK or the AWS CLI.
Question #86
Which AWS services are serverless? (Select TWO.)
- A . AWS Fargate
- B . Amazon Managed Streaming for Apache Kafka
- C . Amazon EMR
- D . Amazon S3
- E . Amazon EC2
Correct Answer: A,D
A,D
Explanation:
AWS Fargate and Amazon S3 are both serverless services. Fargate allows users to run containers without managing the underlying infrastructure, while S3 provides object storage without the need for provisioning or managing servers. Amazon EC2, Amazon Managed Streaming for Apache Kafka, and Amazon EMR involve server management to varying degrees and are not serverless by nature.
A,D
Explanation:
AWS Fargate and Amazon S3 are both serverless services. Fargate allows users to run containers without managing the underlying infrastructure, while S3 provides object storage without the need for provisioning or managing servers. Amazon EC2, Amazon Managed Streaming for Apache Kafka, and Amazon EMR involve server management to varying degrees and are not serverless by nature.
Question #87
A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynamically.
Which service or feature will meet these requirements?
- A . Amazon DynamoDB
- B . Amazon EC2 Spot Instances
- C . AWS Snow Family
- D . Amazon EC2 Auto Scaling
Correct Answer: D
D
Explanation:
Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create collections of EC2 instances, called Auto Scaling groups, and specify the minimum and maximum number of instances in each group. You can also define scaling policies that adjust the number of instances based on the demand on your application. Amazon EC2 Auto Scaling helps you improve the performance, reliability, and cost-efficiency of your EC2workloads123.
Reference: 1: VDI Desktops – Amazon WorkSpaces Family – AWS, 2: What is Amazon EC2 Auto Scaling? – Amazon EC2 Auto Scaling, 3: Discover Amazon EC2 Auto Scaling Unit | Salesforce Trailhead
D
Explanation:
Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create collections of EC2 instances, called Auto Scaling groups, and specify the minimum and maximum number of instances in each group. You can also define scaling policies that adjust the number of instances based on the demand on your application. Amazon EC2 Auto Scaling helps you improve the performance, reliability, and cost-efficiency of your EC2workloads123.
Reference: 1: VDI Desktops – Amazon WorkSpaces Family – AWS, 2: What is Amazon EC2 Auto Scaling? – Amazon EC2 Auto Scaling, 3: Discover Amazon EC2 Auto Scaling Unit | Salesforce Trailhead
Question #88
Which AWS service uses a combination of publishers and subscribers?
- A . AWS Lambda
- B . Amazon Simple Notification Service (Amazon SNS)
- C . Amazon CloudWatch
- D . AWS CloudFormation
Correct Answer: B
B
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner – aws.amazon.com
B
Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner – aws.amazon.com
Question #89
Which AWS services or tools are designed to protect a workload from SQL injections, cross-site
scripting, and DDoS attacks? (Select TWO.)
- A . VPC endpoint
- B . Virtual private gatewayQ
- C . AWS Shield Standard
- D . AWS Config
- E . AWS WAF
Correct Answer: C
C
Explanation:
AWS Shield Standard and AWS WAF are the AWS services or tools that are designed to protect a workload from SQL injections, cross-site scripting, and DDoS attacks. According to the AWS Shield Developer Guide, "AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection."5 According to the AWS WAF Developer Guide, “AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define.” VPC endpoint, virtual private gateway, and AWS Config are not designed to protect a workload from these types of attacks.
C
Explanation:
AWS Shield Standard and AWS WAF are the AWS services or tools that are designed to protect a workload from SQL injections, cross-site scripting, and DDoS attacks. According to the AWS Shield Developer Guide, "AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection."5 According to the AWS WAF Developer Guide, “AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define.” VPC endpoint, virtual private gateway, and AWS Config are not designed to protect a workload from these types of attacks.
Question #90
A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.
Which AWS offering will meet these requirements?
- A . Amazon EventBridge
- B . Compute Savings Plans
- C . AWS Budgets
- D . Migration Evaluator
Correct Answer: C
C
Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1
C
Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1