Practice Free CLF-C02 Exam Online Questions
Question #91
Which AWS service or resource can a company use to deploy AWS WAF rules?
- A . Amazon EC2
- B . Application Load Balancer
- C . AWS Trusted Advisor
- D . Network Load Balancer
Correct Answer: B
B
Explanation:
Application Load Balancer (ALB) integrates with AWS WAF to deploy and manage WAF rules for incoming traffic. ALB can route HTTP and HTTPS traffic and apply WAF rules to protect applications from common web exploits. Network Load Balancer does not support AWS WAF, and Trusted Advisor does not deploy WAF rules.
B
Explanation:
Application Load Balancer (ALB) integrates with AWS WAF to deploy and manage WAF rules for incoming traffic. ALB can route HTTP and HTTPS traffic and apply WAF rules to protect applications from common web exploits. Network Load Balancer does not support AWS WAF, and Trusted Advisor does not deploy WAF rules.
Question #92
Which task is the responsibility of the customer, according to the AWS shared responsibility model?
- A . Patch the Amazon DynamoDB operating system.
- B . Secure Amazon CloudFront edge locations by allowing physical access according to the principle of least privilege.
- C . Protect the hardware that runs AWS services.
- D . Use AWS Identity and Access Management (1AM) according to the principle of least privilege.
Correct Answer: D
D
Explanation:
According to the AWS Shared Responsibility Model, AWS is responsible for the security "of" the cloud (such as protecting the infrastructure, including hardware, software, networking, and facilities that run AWS Cloud services). In contrast, customers are responsible for security "in" the cloud. This includes configuring and using AWS services securely.
D. Use AWS Identity and Access Management (IAM) according to the principle of least privilege is a customer’s responsibility. Customers must manage their credentials, control access to resources, and ensure that IAM policies follow the principle of least privilege, which means granting only the permissions necessary to perform a task.
Why other options are not suitable:
D
Explanation:
According to the AWS Shared Responsibility Model, AWS is responsible for the security "of" the cloud (such as protecting the infrastructure, including hardware, software, networking, and facilities that run AWS Cloud services). In contrast, customers are responsible for security "in" the cloud. This includes configuring and using AWS services securely.
D. Use AWS Identity and Access Management (IAM) according to the principle of least privilege is a customer’s responsibility. Customers must manage their credentials, control access to resources, and ensure that IAM policies follow the principle of least privilege, which means granting only the permissions necessary to perform a task.
Why other options are not suitable:
Question #93
Which of the following are advantages of moving to the AWS Cloud? (Select TWO.)
- A . Users can implement all AWS services in seconds.
- B . AWS assumes all responsibility for the security of infrastructure and applications.
- C . Users experience increased speed and agility.
- D . Users benefit from massive economies of scale.
- E . Users can move hardware from their data center to the AWS Cloud.
Correct Answer: C D
C D
Explanation:
Moving to the AWS Cloud offers several advantages, including increased speed and agility, which allows users to experiment, innovate, and iterate faster by using the global AWS infrastructure. Additionally, AWS offers massive economies of scale due to its large customer base, leading to lower pay-as-you-go prices. AWS does not assume all responsibilities for the security of infrastructure and applications; it follows a shared responsibility model. Also, not all AWS services can be implemented in seconds, and physical hardware cannot be moved from a user’s data center to the AWS Cloud.
References: AWS Cloud Benefits
C D
Explanation:
Moving to the AWS Cloud offers several advantages, including increased speed and agility, which allows users to experiment, innovate, and iterate faster by using the global AWS infrastructure. Additionally, AWS offers massive economies of scale due to its large customer base, leading to lower pay-as-you-go prices. AWS does not assume all responsibilities for the security of infrastructure and applications; it follows a shared responsibility model. Also, not all AWS services can be implemented in seconds, and physical hardware cannot be moved from a user’s data center to the AWS Cloud.
References: AWS Cloud Benefits
68 1. A company needs to provision uninterruptible Amazon EC2 instances, when needed, and pay for compute capacity by the second .
Which EC2 instance purchasing option will meet these requirements?
Question #94
Which of the following is an advantage of AWS Cloud computing?
- A . Trade security for elasticity.
- B . Trade operational excellence for agility.
- C . Trade fixed expenses for variable expenses.
- D . Trade elasticity for performance.
Correct Answer: C
C
Explanation:
The correct answer is C because AWS Cloud computing allows customers to trade fixed expenses for variable expenses. This means that customers only pay for the resources they use, and can scale up or down as needed. The other options are incorrect because they are not advantages of AWS Cloud computing. Trade security for elasticity means that customers have to compromise on the protection of their data and applications in order to adjust their capacity quickly. Trade operational excellence for agility means that customers have to sacrifice the quality and reliability of their operations in order to respond to changing needs faster. Trade elasticity for performance means that customers have to limit their ability to scale up or down in order to achieve higher speed and efficiency.
Reference: What is Cloud Computing?
C
Explanation:
The correct answer is C because AWS Cloud computing allows customers to trade fixed expenses for variable expenses. This means that customers only pay for the resources they use, and can scale up or down as needed. The other options are incorrect because they are not advantages of AWS Cloud computing. Trade security for elasticity means that customers have to compromise on the protection of their data and applications in order to adjust their capacity quickly. Trade operational excellence for agility means that customers have to sacrifice the quality and reliability of their operations in order to respond to changing needs faster. Trade elasticity for performance means that customers have to limit their ability to scale up or down in order to achieve higher speed and efficiency.
Reference: What is Cloud Computing?
Question #95
What is a benefit of using AWS serverless computing?
- A . Application deployment and management are not required
- B . Application security will be fully managed by AWS
- C . Monitoring and logging are not needed
- D . Management of infrastructure is offloaded to AWS
Correct Answer: D
D
Explanation:
AWS serverless computing is a way of building and running applications without thinking about servers. AWS manages the infrastructure for you, so you don’t have to provision, scale, patch, or monitor servers. You only pay for the compute time you consume, and you can focus on your application logic instead of managing servers12.
References: Serverless Computing C Amazon Web Services, AWS Serverless Computing, Benefits, Architecture and Use-cases – XenonStack
D
Explanation:
AWS serverless computing is a way of building and running applications without thinking about servers. AWS manages the infrastructure for you, so you don’t have to provision, scale, patch, or monitor servers. You only pay for the compute time you consume, and you can focus on your application logic instead of managing servers12.
References: Serverless Computing C Amazon Web Services, AWS Serverless Computing, Benefits, Architecture and Use-cases – XenonStack
Question #96
A company encourages its teams to test failure scenarios regularly and to validate their understanding of the impact of potential failures.
Which pillar of the AWS Well-Architected Framework does this philosophy represent?
- A . Operational excellence
- B . Cost optimization
- C . Performance efficiency
- D . Security
Correct Answer: A
A
Explanation:
This is the pillar of the AWS Well-Architected Framework that represents the philosophy of testing failure scenarios regularly and validating the understanding of the impact of potential failures. The operational excellence pillar covers the best practices for designing, running, monitoring, and improving systems in the AWS Cloud. Testing failure scenarios is one of the ways to improve the system’s resilience, reliability, and recovery. You can learn more about the operational excellence pillar from this whitepaper or this digital course.
A
Explanation:
This is the pillar of the AWS Well-Architected Framework that represents the philosophy of testing failure scenarios regularly and validating the understanding of the impact of potential failures. The operational excellence pillar covers the best practices for designing, running, monitoring, and improving systems in the AWS Cloud. Testing failure scenarios is one of the ways to improve the system’s resilience, reliability, and recovery. You can learn more about the operational excellence pillar from this whitepaper or this digital course.
Question #97
Which benefit does Amazon Rekognition provide?
- A . The ability to place watermarks on images
- B . The ability to detect objects that appear in pictures
- C . The ability to resize millions of images automatically
- D . The ability to bid on object detection jobs
Correct Answer: B
B
Explanation:
Amazon Rekognition is a service that provides deep learning-based image and video analysis. One of the benefits of Amazon Rekognition is the ability to detect objects that appear in pictures, such as faces, landmarks, animals, text, and scenes. This can enable applications to perform tasks such as face recognition, face verification, face comparison, face search, celebrity recognition, emotion detection, age range estimation, gender identification, facial analysis, facial expression recognition, and more. Amazon Rekognition OverviewAWS Certified Cloud Practitioner – aws.amazon.com
B
Explanation:
Amazon Rekognition is a service that provides deep learning-based image and video analysis. One of the benefits of Amazon Rekognition is the ability to detect objects that appear in pictures, such as faces, landmarks, animals, text, and scenes. This can enable applications to perform tasks such as face recognition, face verification, face comparison, face search, celebrity recognition, emotion detection, age range estimation, gender identification, facial analysis, facial expression recognition, and more. Amazon Rekognition OverviewAWS Certified Cloud Practitioner – aws.amazon.com
Question #98
A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?
- A . Amazon API Gateway
- B . IAM users
- C . AWS Security Token Service (AWS STS)
- D . IAM instance profiles
Correct Answer: C
C
Explanation:
AWS Security Token Service (AWS STS) is a service that enables applications to request temporary, limited-privilege credentials for authentication with other AWS APIs. AWS STS can be used to grant access to AWS resources to users who are federated (using IAM roles), switched (using IAM users), or cross-account (using IAM roles). AWS STS can also be used to assume a role within the same account or a different account. The credentials issued by AWS STS are short-term and have a limited scope, which can enhance the security and compliance of the application. AWS STS OverviewAWS Certified Cloud Practitioner – aws.amazon.com
C
Explanation:
AWS Security Token Service (AWS STS) is a service that enables applications to request temporary, limited-privilege credentials for authentication with other AWS APIs. AWS STS can be used to grant access to AWS resources to users who are federated (using IAM roles), switched (using IAM users), or cross-account (using IAM roles). AWS STS can also be used to assume a role within the same account or a different account. The credentials issued by AWS STS are short-term and have a limited scope, which can enhance the security and compliance of the application. AWS STS OverviewAWS Certified Cloud Practitioner – aws.amazon.com
Question #99
A company wants to provide one of its employees with access to Amazon RDS. The company also wants to limit the interaction to only the AWS CLl and AWS software development kits (SDKs) .
Which combination of actions should the company take to meet these requirements while following the principles of least privilege? (Select TWO)
- A . Create an 1AM user and provide AWS Management Console access only.
- B . Create an 1AM user and provide programmatic access only.
- C . Create an 1AM role and provide AWS Management Console access only.
- D . Create an 1AM policy with administrator access and attach it to the 1AM user.
- E . Create an 1AM policy with Amazon RDS access and attach it to the 1AM user.
Correct Answer: B, E
B, E
Explanation:
To follow the principle of least privilege, the company should create an IAM user with only programmatic access since the access is limited to AWS CLI and SDKs, not the Management Console.
Additionally, a custom IAM policy granting specific Amazon RDS permissions should be created and attached to this user to restrict access solely to necessary actions. Providing programmatic access only ensures adherence to security best practices by limiting access to the required interfaces.
B, E
Explanation:
To follow the principle of least privilege, the company should create an IAM user with only programmatic access since the access is limited to AWS CLI and SDKs, not the Management Console.
Additionally, a custom IAM policy granting specific Amazon RDS permissions should be created and attached to this user to restrict access solely to necessary actions. Providing programmatic access only ensures adherence to security best practices by limiting access to the required interfaces.
Question #100
Which task requires the use of AWS account root user credentials?
- A . The deletion of IAM users
- B . The change to a different AWS Support plan
- C . The creation of an organization in AWS Organizations
- D . The deletion of Amazon EC2 instances
Correct Answer: C
C
Explanation:
The creation of an organization in AWS Organizations requires the use of AWS account root user credentials. The AWS account root user is the email address that was used to create the AWS account. The root user has complete access to all AWS services and resources in the account, and can perform sensitive tasks such as changing the account settings, closing the account, or creating an organization. The root user credentials should be used sparingly and securely, and only for tasks that cannot be performed by IAM users or roles4
C
Explanation:
The creation of an organization in AWS Organizations requires the use of AWS account root user credentials. The AWS account root user is the email address that was used to create the AWS account. The root user has complete access to all AWS services and resources in the account, and can perform sensitive tasks such as changing the account settings, closing the account, or creating an organization. The root user credentials should be used sparingly and securely, and only for tasks that cannot be performed by IAM users or roles4