Practice Free CLF-C02 Exam Online Questions
Question #101
Which AWS service can report how AWS resource configurations have changed over time?
- A . AWS CloudTrail
- B . Amazon CloudWatch
- C . AWS Config
- D . Amazon Inspector
Correct Answer: C
C
Explanation:
AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations and best practices. It also provides a detailed view of the resource configuration history and relationships, as well as compliance reports and notifications. AWS Config can help users maintain consistent and secure configurations, troubleshoot issues, and simplify compliance auditing. AWS Config OverviewAWS Certified Cloud Practitioner – aws.amazon.com
C
Explanation:
AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations and best practices. It also provides a detailed view of the resource configuration history and relationships, as well as compliance reports and notifications. AWS Config can help users maintain consistent and secure configurations, troubleshoot issues, and simplify compliance auditing. AWS Config OverviewAWS Certified Cloud Practitioner – aws.amazon.com
Question #102
Which AWS service or feature is associated with a subnet in a VPC and is used to control inbound and outbound traffic?
- A . Amazon Inspector
- B . Network ACLs
- C . AWS Shield
- D . VPC Flow Logs
Correct Answer: B
B
Explanation:
Network ACLs (network access control lists) are an optional layer of security for your VPC that act as a firewall for controlling traffic in and out of one or more subnets. You can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not track the traffic that flows through them. Therefore, you must create rules for both inbound and outbound traffic.
B
Explanation:
Network ACLs (network access control lists) are an optional layer of security for your VPC that act as a firewall for controlling traffic in and out of one or more subnets. You can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not track the traffic that flows through them. Therefore, you must create rules for both inbound and outbound traffic.
Question #103
A company runs business applications in an on-premises data center and in the AWS Cloud. The company needs a shared file system that can be available to both environments .
Which AWS service meets these requirements?
- A . Amazon Elastic Block Store (Amazon EBS)
- B . Amazon S3
- C . Amazon ElastiCache
- D . Amazon Elastic File System (Amazon EFS)
Correct Answer: D
D
Explanation:
Amazon Elastic File System (Amazon EFS) is a service that provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. You can use Amazon EFS to create a shared file system that can be available to both your on-premises data center and your AWS Cloud environment. Amazon Elastic Block Store (Amazon EBS) is a service that provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. However, Amazon EBS volumes are not shared file systems, and they cannot be available to both your on-premises data center and your AWS Cloud environment. Amazon S3 is a service that provides object storage through a web services interface. You can use Amazon S3 to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. However, Amazon S3 is not a shared file system, and it cannot be available to both your on-premises data center and your AWS Cloud environment without additional configuration. Amazon ElastiCache is a service that enables you to seamlessly set up, run, and scale popular open-source compatible in-memory data stores in the cloud. You can use Amazon ElastiCache to improve the performance of your applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases. However, Amazon ElastiCache is not a shared file system, and it cannot be available to both your on-premises data center and your AWS Cloud environment.
D
Explanation:
Amazon Elastic File System (Amazon EFS) is a service that provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth. You can use Amazon EFS to create a shared file system that can be available to both your on-premises data center and your AWS Cloud environment. Amazon Elastic Block Store (Amazon EBS) is a service that provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. However, Amazon EBS volumes are not shared file systems, and they cannot be available to both your on-premises data center and your AWS Cloud environment. Amazon S3 is a service that provides object storage through a web services interface. You can use Amazon S3 to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. However, Amazon S3 is not a shared file system, and it cannot be available to both your on-premises data center and your AWS Cloud environment without additional configuration. Amazon ElastiCache is a service that enables you to seamlessly set up, run, and scale popular open-source compatible in-memory data stores in the cloud. You can use Amazon ElastiCache to improve the performance of your applications by allowing you to retrieve information from fast, managed, in-memory data stores, instead of relying entirely on slower disk-based databases. However, Amazon ElastiCache is not a shared file system, and it cannot be available to both your on-premises data center and your AWS Cloud environment.
Question #104
Which AWS service is always free of charge for users?
- A . Amazon S3
- B . Amazon Aurora
- C . Amazon EC2
- D . AWS Identity and Access Management (IAM)
Correct Answer: D
D
Explanation:
AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It enables users to create and manage users, groups, roles, and policies that control who can do what in AWS. IAM is always free of charge for users, as there is no additional cost for using IAM with any AWS service 1. Amazon S3 is a storage service that provides scalable, durable, and secure object storage. Amazon S3 has a free tier that offers 5 GB of storage, 20,000 GET requests, and 2,000 PUT requests per month for one year. However, users are charged for any additional usage beyond the free tier limits2. Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL. Amazon Aurora has a free tier that offers 750 hours of Aurora Single-AZ db.t2.small database usage and 20 GB of storage per month for one year. However, users are charged for any additional usage beyond the free tier limits3. Amazon EC2 is a compute service that provides resizable virtual servers. Amazon EC2 has a free tier that offers 750 hours of Linux and Windows t2.micro instances per month for one year. However, users are charged for any additional usage beyond the free tier limits4.
D
Explanation:
AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It enables users to create and manage users, groups, roles, and policies that control who can do what in AWS. IAM is always free of charge for users, as there is no additional cost for using IAM with any AWS service 1. Amazon S3 is a storage service that provides scalable, durable, and secure object storage. Amazon S3 has a free tier that offers 5 GB of storage, 20,000 GET requests, and 2,000 PUT requests per month for one year. However, users are charged for any additional usage beyond the free tier limits2. Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL. Amazon Aurora has a free tier that offers 750 hours of Aurora Single-AZ db.t2.small database usage and 20 GB of storage per month for one year. However, users are charged for any additional usage beyond the free tier limits3. Amazon EC2 is a compute service that provides resizable virtual servers. Amazon EC2 has a free tier that offers 750 hours of Linux and Windows t2.micro instances per month for one year. However, users are charged for any additional usage beyond the free tier limits4.
Question #105
Which of the following is a fully managed MySQL-compatible database?
- A . Amazon S3
- B . Amazon DynamoDB
- C . Amazon Redshift
- D . Amazon Aurora
Correct Answer: D
D
Explanation:
Amazon Aurora is a fully managed MySQL-compatible database that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Amazon Aurora is part of the Amazon Relational Database Service (Amazon RDS) family, which means it inherits the benefits of a fully managed service, such as automated backups, patches, scaling, monitoring, and security. Amazon Aurora also offers up to five times the throughput of standard MySQL, as well as high availability, durability, and fault tolerance with up to 15 read replicas, cross-Region replication, and self-healing storage. Amazon Aurora is compatible with the latest versions of MySQL, as well as PostgreSQL, and supports various features and integrations that enhance its functionality and usability123
References: Amazon Aurora, Amazon RDS, AWS ― Amazon Aurora Overview
D
Explanation:
Amazon Aurora is a fully managed MySQL-compatible database that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Amazon Aurora is part of the Amazon Relational Database Service (Amazon RDS) family, which means it inherits the benefits of a fully managed service, such as automated backups, patches, scaling, monitoring, and security. Amazon Aurora also offers up to five times the throughput of standard MySQL, as well as high availability, durability, and fault tolerance with up to 15 read replicas, cross-Region replication, and self-healing storage. Amazon Aurora is compatible with the latest versions of MySQL, as well as PostgreSQL, and supports various features and integrations that enhance its functionality and usability123
References: Amazon Aurora, Amazon RDS, AWS ― Amazon Aurora Overview
Question #106
A user is moving a workload from a local data center to an architecture that is distributed between
the local data center and the AWS Cloud.
Which type of migration is this?
- A . On-premises to cloud native
- B . Hybrid to cloud native
- C . On-premises to hybrid
- D . Cloud native to hybrid
Correct Answer: C
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
C
Explanation:
C is correct because moving a workload from a local data center to an architecture that is distributed between the local data center and the AWS Cloud is an example of an on-premises to hybrid migration. A hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. A is incorrect because on-premises to cloud native migration is the process of moving a workload from a local data center to an architecture that is fully hosted and managed on the AWS Cloud. B is incorrect because hybrid to cloud native migration is the process of moving a workload from an architecture that is distributed between the local data center and the AWS Cloud to an architecture that is fully hosted and managed on the AWS Cloud. D is incorrect because cloud native to hybrid migration is the process of moving a workload from an architecture that is fully hosted and managed on the AWS Cloud to an architecture that is distributed between the local data center and the AWS Cloud.
Question #107
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
- A . Performance and capacity management
- B . Data engineering
- C . Continuous integration and continuous delivery (CI/CD)
- D . Infrastructure protection
- E . Change and release management
Correct Answer: BC
BC
Explanation:
These are two of the seven capabilities that are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF). The platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions 1.
The other five capabilities are:
Platform architecture C Establish and maintain guidelines, principles, patterns, and guardrails for your cloud environment.
Platform engineering C Build a compliant multi-account cloud environment with enhanced security features, and packaged, reusable cloud products.
Platform operations C Manage and optimize your cloud environment with automation, monitoring, and incident response.
Application development C Develop and deploy cloud-native applications using modern architectures and best practices.
Application migration C Migrate your existing applications to the cloud using proven methodologies and tools.
Performance and capacity management, infrastructure protection, and change and release management are not capabilities of the platform perspective. They are part of the operations perspective, which helps you achieve operational excellence in the cloud2. The operations perspective comprises six capabilities:
Performance and capacity management C Monitor and optimize the performance and capacity of your cloud workloads.
Infrastructure protection C Protect your cloud infrastructure from unauthorized access, malicious attacks, and data breaches.
Change and release management C Manage changes and releases to your cloud workloads using automation and governance.
Configuration management C Manage the configuration of your cloud resources and applications using automation and version control.
Incident management C Respond to incidents affecting your cloud workloads using best practices and tools.
Service continuity management C Ensure the availability and resilience of your cloud workloads using backup, recovery, and disaster recovery strategies.
BC
Explanation:
These are two of the seven capabilities that are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF). The platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions 1.
The other five capabilities are:
Platform architecture C Establish and maintain guidelines, principles, patterns, and guardrails for your cloud environment.
Platform engineering C Build a compliant multi-account cloud environment with enhanced security features, and packaged, reusable cloud products.
Platform operations C Manage and optimize your cloud environment with automation, monitoring, and incident response.
Application development C Develop and deploy cloud-native applications using modern architectures and best practices.
Application migration C Migrate your existing applications to the cloud using proven methodologies and tools.
Performance and capacity management, infrastructure protection, and change and release management are not capabilities of the platform perspective. They are part of the operations perspective, which helps you achieve operational excellence in the cloud2. The operations perspective comprises six capabilities:
Performance and capacity management C Monitor and optimize the performance and capacity of your cloud workloads.
Infrastructure protection C Protect your cloud infrastructure from unauthorized access, malicious attacks, and data breaches.
Change and release management C Manage changes and releases to your cloud workloads using automation and governance.
Configuration management C Manage the configuration of your cloud resources and applications using automation and version control.
Incident management C Respond to incidents affecting your cloud workloads using best practices and tools.
Service continuity management C Ensure the availability and resilience of your cloud workloads using backup, recovery, and disaster recovery strategies.
Question #108
What is a benefit of moving to the AWS Cloud in terms of improving time to market?
- A . Decreased deployment speed
- B . Increased application security
- C . Increased business agility
- D . Increased backup capabilities
Correct Answer: C
C
Explanation:
Increased business agility is a benefit of moving to the AWS Cloud in terms of improving time to market. Business agility refers to the ability of a company to adapt to changing customer needs, market conditions, and competitive pressures. Moving to the AWS Cloud enables business agility by providing faster access to resources, lower upfront costs, and greater scalability and flexibility. By using the AWS Cloud, companies can launch new products and services, experiment with new ideas, and respond to customer feedback more quickly and efficiently. For more information, see [Benefits of Cloud Computing] and [Business Agility].
C
Explanation:
Increased business agility is a benefit of moving to the AWS Cloud in terms of improving time to market. Business agility refers to the ability of a company to adapt to changing customer needs, market conditions, and competitive pressures. Moving to the AWS Cloud enables business agility by providing faster access to resources, lower upfront costs, and greater scalability and flexibility. By using the AWS Cloud, companies can launch new products and services, experiment with new ideas, and respond to customer feedback more quickly and efficiently. For more information, see [Benefits of Cloud Computing] and [Business Agility].
Question #109
A company processes personally identifiable information (Pll) and must keep data in the country where it was generated. The company wants to use Amazon EC2 instances for these workloads .
Which AWS service will meet these requirements?
- A . AWS Outposts
- B . AWS Storage Gateway
- C . AWS DataSync
- D . AWS OpsWorks
Correct Answer: A
A
Explanation:
AWS Outposts is an AWS service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility. AWS Outposts enables you to run Amazon EC2 instances and other AWS services locally, while maintaining a consistent and seamless connection to the AWS Cloud. AWS Outposts is ideal for workloads that require low latency, local data processing, or data residency. By using AWS Outposts, the company can process personally identifiable information (PII) and keep data in the country where it was generated, while leveraging the benefits of AWS
A
Explanation:
AWS Outposts is an AWS service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility. AWS Outposts enables you to run Amazon EC2 instances and other AWS services locally, while maintaining a consistent and seamless connection to the AWS Cloud. AWS Outposts is ideal for workloads that require low latency, local data processing, or data residency. By using AWS Outposts, the company can process personally identifiable information (PII) and keep data in the country where it was generated, while leveraging the benefits of AWS
Question #110
Which AWS service or feature gives users the ability to connect VPCs and on-premises networks to a central hub?
- A . Virtual private gateway
- B . AWS Transit Gateway
- C . Internet gateway
- D . Customer gateway
Correct Answer: B
B
Explanation:
AWS Transit Gateway is a network transit hub that customers can use to connect their Amazon VPCs and on-premises networks to a central hub. This service simplifies network management and reduces operational overhead by enabling a single gateway for managing multiple network connections. It facilitates seamless integration and routing between VPCs and on-premises networks.
B
Explanation:
AWS Transit Gateway is a network transit hub that customers can use to connect their Amazon VPCs and on-premises networks to a central hub. This service simplifies network management and reduces operational overhead by enabling a single gateway for managing multiple network connections. It facilitates seamless integration and routing between VPCs and on-premises networks.