Practice Free CLF-C02 Exam Online Questions
Question #81
A company wants a list of all users in its AWS account, the status of all of the users’ access keys, and if multi-factor authentication (MFA) has been configured.
Which AWS service or feature will meet these requirements?
- A . AWS Key Management Service (AWS KMS)
- B . IAM Access Analyzer
- C . IAM credential report
- D . Amazon CloudWatch
Correct Answer: C
C
Explanation:
IAM credential report is a feature that allows you to generate and download a report that lists all IAM users in your AWS account and the status of their various credentials, including access keys and MFA devices. You can use this report to audit the security status of your IAM users and ensure that they follow the best practices for using AWS1.
AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys to protect your data. It does not provide information about IAM users or their credentials2.
IAM Access Analyzer is a feature that helps you identify the resources in your AWS account, such as S3 buckets or IAM roles, that are shared with an external entity. It does not provide information about IAM users or their credentials3.
Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications. It does not provide information about IAM users or their credentials4.
Reference: Getting credential reports for your AWS account – AWS Identity and Access Management AWS Key Management Service – Amazon Web Services
IAM Access Analyzer – AWS Identity and Access Management Amazon CloudWatch – Amazon Web Services
C
Explanation:
IAM credential report is a feature that allows you to generate and download a report that lists all IAM users in your AWS account and the status of their various credentials, including access keys and MFA devices. You can use this report to audit the security status of your IAM users and ensure that they follow the best practices for using AWS1.
AWS Key Management Service (AWS KMS) is a service that allows you to create and manage encryption keys to protect your data. It does not provide information about IAM users or their credentials2.
IAM Access Analyzer is a feature that helps you identify the resources in your AWS account, such as S3 buckets or IAM roles, that are shared with an external entity. It does not provide information about IAM users or their credentials3.
Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications. It does not provide information about IAM users or their credentials4.
Reference: Getting credential reports for your AWS account – AWS Identity and Access Management AWS Key Management Service – Amazon Web Services
IAM Access Analyzer – AWS Identity and Access Management Amazon CloudWatch – Amazon Web Services
Question #82
Which AWS service or feature gives users the ability to connect VPCs and on-premises networks to a central hub?
- A . Virtual private gateway
- B . AWS Transit Gateway
- C . Internet gateway
- D . Customer gateway
Correct Answer: B
B
Explanation:
AWS Transit Gateway is a network transit hub that customers can use to connect their Amazon VPCs and on-premises networks to a central hub. This service simplifies network management and reduces operational overhead by enabling a single gateway for managing multiple network connections. It facilitates seamless integration and routing between VPCs and on-premises networks.
B
Explanation:
AWS Transit Gateway is a network transit hub that customers can use to connect their Amazon VPCs and on-premises networks to a central hub. This service simplifies network management and reduces operational overhead by enabling a single gateway for managing multiple network connections. It facilitates seamless integration and routing between VPCs and on-premises networks.
Question #83
What is the total amount of storage offered by Amazon S3?
- A . WOMB
- B . 5 GB
- C . 5 TB
- D . Unlimited
Correct Answer: D
D
Explanation:
Amazon S3 offers unlimited storage for any amount of data. You can store as many objects as you want, and each object can be as large as 5 terabytes. You pay only for the storage space that you actually use, and there are no minimum commitments or upfront fees. Amazon S3 also provides high durability, availability, scalability, and security for your data.
D
Explanation:
Amazon S3 offers unlimited storage for any amount of data. You can store as many objects as you want, and each object can be as large as 5 terabytes. You pay only for the storage space that you actually use, and there are no minimum commitments or upfront fees. Amazon S3 also provides high durability, availability, scalability, and security for your data.
Question #84
A company has deployed an Amazon EC2 instance.
Which option is an AWS responsibility under the AWS shared responsibility model?
- A . Managing and encrypting application data
- B . Installing updates and security patches of guest operating system
- C . Configuration of infrastructure devices
- D . Configuration of security groups on each instance
Correct Answer: C
C
Explanation:
According to the AWS shared responsibility model, AWS is responsible for protecting the infrastructure that runs all ofthe services offered in the AWS Cloud, such as data centers, hardware, software, networking, and facilities1. This includes the configuration of infrastructure devices, such as routers, switches, firewalls, and load balancers2. Customers are responsible for managing their data, applications, operating systems, security groups, and other aspects of their AWS environment1. Therefore, options A, B, and D are customer responsibilities, not AWS responsibilities.
Reference: 1: AWS Well-Architected Framework – Elasticity; 2: Reactive Systems on AWS – Elastic
C
Explanation:
According to the AWS shared responsibility model, AWS is responsible for protecting the infrastructure that runs all ofthe services offered in the AWS Cloud, such as data centers, hardware, software, networking, and facilities1. This includes the configuration of infrastructure devices, such as routers, switches, firewalls, and load balancers2. Customers are responsible for managing their data, applications, operating systems, security groups, and other aspects of their AWS environment1. Therefore, options A, B, and D are customer responsibilities, not AWS responsibilities.
Reference: 1: AWS Well-Architected Framework – Elasticity; 2: Reactive Systems on AWS – Elastic
Question #85
A company wants to securely rehost databases to AWS with minimal downtime.
Which AWS service will meet these requirements?
- A . AWS Database Migration Service (AWS DMS)
- B . AWS Snow Family
- C . AWS Data Sync
- D . AWS Mainframe Modernization
Correct Answer: A
Question #86
Which of the following is an advantage that the AWS Cloud provides to users?
- A . Users eliminate the need to guess about infrastructure capacity requirements.
- B . Users decrease their variable costs by maintaining sole ownership of IT hardware.
- C . Users maintain control of underlying IT infrastructure hardware.
- D . Users maintain control of operating systems for managed services.
Correct Answer: A
A
Explanation:
One of the primary advantages of the AWS Cloud is the ability to provision resources on demand. Users no longer need to over-provision or guess the capacity needed for infrastructure, which helps optimize costs and improve agility. AWS handles infrastructure scaling dynamically based on the actual usage. Options B, C, and D are incorrect as users do not maintain sole ownership of IT hardware or control of underlying infrastructure, and while they do maintain some control over the operating system in some cases, it is not an advantage specific to the cloud.
A
Explanation:
One of the primary advantages of the AWS Cloud is the ability to provision resources on demand. Users no longer need to over-provision or guess the capacity needed for infrastructure, which helps optimize costs and improve agility. AWS handles infrastructure scaling dynamically based on the actual usage. Options B, C, and D are incorrect as users do not maintain sole ownership of IT hardware or control of underlying infrastructure, and while they do maintain some control over the operating system in some cases, it is not an advantage specific to the cloud.
Question #87
Which VPC component provides a layer of security at the subnet level?
- A . Security groups
- B . Network ACLs
- C . NAT gateways
- D . Route tables
Correct Answer: B
B
Explanation:
Network ACLs are a feature that provide a layer of security at the subnet level by acting as a firewall to control traffic in and out of one or more subnets. Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols5.
Security groups are a feature that provide a layer of security at the instance level by acting as a firewall to control traffic to and from one or more instances. Security groups can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, protocols, and security groups. NAT gateways are a feature that enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. Route tables are a feature that determine where network traffic from a subnet or gateway is directed.
B
Explanation:
Network ACLs are a feature that provide a layer of security at the subnet level by acting as a firewall to control traffic in and out of one or more subnets. Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols5.
Security groups are a feature that provide a layer of security at the instance level by acting as a firewall to control traffic to and from one or more instances. Security groups can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, protocols, and security groups. NAT gateways are a feature that enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. Route tables are a feature that determine where network traffic from a subnet or gateway is directed.
Question #88
A company needs to deploy applications in the AWS Cloud as quickly as possible. The company also needs to minimize the complexity that is related to the management of AWS resources.
Which AWS service should the company use to meet these requirements?
- A . AWS config
- B . AWS Elastic Beanstalk
- C . Amazon EC2
- D . Amazon Personalize
Correct Answer: B
B
Explanation:
AWS Elastic Beanstalk is the AWS service that allows customers to deploy applications in the AWS Cloud as quickly as possible. AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring. Customers can upload their code and Elastic Beanstalk will take care of the rest1. AWS Elastic Beanstalk also minimizes the complexity that is related to the management of AWS resources. Customers can retain full control of the underlying AWS resources powering their applications and adjust the settings to suit their needs1. Customers can also use the AWS Management Console, the AWS Command Line Interface (AWS CLI), or APIs to manage their applications1.
AWS Config is the AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Config continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations or best practices2. AWS Config does not help customers deploy applications in the AWS Cloud as quickly as possible or minimize the complexity that is related to the management of AWS resources.
Amazon EC2 is the AWS service that provides secure, resizable compute capacity in the cloud. Customers can launch virtual servers called instances and choose from various configurations of CPU, memory, storage, and networking resources3. Amazon EC2 does not automatically handle the deployment or management of AWS resources for customers. Customers have to manually provision, configure, monitor, and scale their instances and other related resources.
Amazon Personalize is the AWS service that enables customers to create personalized recommendations for their users based on their behavior and preferences. Amazon Personalize uses machine learning to analyze data and deliver real-time recommendations4. Amazon Personalize does not help customers deploy applications in the AWS Cloud as quickly as possible or minimize the complexity that is related to the management of AWS resources.
B
Explanation:
AWS Elastic Beanstalk is the AWS service that allows customers to deploy applications in the AWS Cloud as quickly as possible. AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, and auto-scaling to application health monitoring. Customers can upload their code and Elastic Beanstalk will take care of the rest1. AWS Elastic Beanstalk also minimizes the complexity that is related to the management of AWS resources. Customers can retain full control of the underlying AWS resources powering their applications and adjust the settings to suit their needs1. Customers can also use the AWS Management Console, the AWS Command Line Interface (AWS CLI), or APIs to manage their applications1.
AWS Config is the AWS service that enables customers to assess, audit, and evaluate the configurations of their AWS resources. AWS Config continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations or best practices2. AWS Config does not help customers deploy applications in the AWS Cloud as quickly as possible or minimize the complexity that is related to the management of AWS resources.
Amazon EC2 is the AWS service that provides secure, resizable compute capacity in the cloud. Customers can launch virtual servers called instances and choose from various configurations of CPU, memory, storage, and networking resources3. Amazon EC2 does not automatically handle the deployment or management of AWS resources for customers. Customers have to manually provision, configure, monitor, and scale their instances and other related resources.
Amazon Personalize is the AWS service that enables customers to create personalized recommendations for their users based on their behavior and preferences. Amazon Personalize uses machine learning to analyze data and deliver real-time recommendations4. Amazon Personalize does not help customers deploy applications in the AWS Cloud as quickly as possible or minimize the complexity that is related to the management of AWS resources.
Question #89
A company’s gaming application has been gaining popularity. There has been high demand for the gaming application in countries where the company does not currently deploy the application.
Which advantage of the AWS Cloud can help the company to deploy the application to more countries around the world?
- A . Increase speed and agility
- B . Go global in minutes
- C . Trade fixed expense for variable expense
- D . Benefit from massive economies of scale
Correct Answer: B
B
Explanation:
The AWS Cloud’s global infrastructure enables rapid deployment across multiple geographic regions, allowing companies to extend applications to new markets quickly. This capability to "go global in minutes" is especially valuable for businesses looking to reach customers in new countries without building data centers. Other options, like speed and agility, are advantages but do not specifically address global deployment.
B
Explanation:
The AWS Cloud’s global infrastructure enables rapid deployment across multiple geographic regions, allowing companies to extend applications to new markets quickly. This capability to "go global in minutes" is especially valuable for businesses looking to reach customers in new countries without building data centers. Other options, like speed and agility, are advantages but do not specifically address global deployment.
Question #90
Which benefits can customers gain by using AWS Marketplace? (Select TWO.)
- A . Speed of business
- B . Fewer legal objections
- C . Ability to pay with credit cards
- D . No requirement for product licenses for any products
- E . Free use of all services for the first hour
Correct Answer: A,B
A,B
Explanation:
AWS Marketplace is a digital catalog that offers thousands of software products and solutions from independent software vendors (ISVs) and AWS partners. Customers can use AWS Marketplace to find, buy, and deploy software on AWS.
Some of the benefits of using AWS Marketplace are:
Speed of business: You can quickly and easily discover and deploy software that meets your business needs, without having to go through lengthy procurement processes. You can also use AWS Marketplace to test and compare different solutions before making a purchase decision.
Fewer legal objections: You can benefit from standardized contract terms and conditions that are pre-negotiated between AWS and the ISVs. This reduces the time and effort required to review and approve legal agreements.
A,B
Explanation:
AWS Marketplace is a digital catalog that offers thousands of software products and solutions from independent software vendors (ISVs) and AWS partners. Customers can use AWS Marketplace to find, buy, and deploy software on AWS.
Some of the benefits of using AWS Marketplace are:
Speed of business: You can quickly and easily discover and deploy software that meets your business needs, without having to go through lengthy procurement processes. You can also use AWS Marketplace to test and compare different solutions before making a purchase decision.
Fewer legal objections: You can benefit from standardized contract terms and conditions that are pre-negotiated between AWS and the ISVs. This reduces the time and effort required to review and approve legal agreements.