Practice Free CLF-C02 Exam Online Questions
Question #111
A company has an AWS-hosted website located behind an Application Load Balancer. The company wants to safeguard the website from SQL injection or cross-site scripting .
Which AWS service should the company use?
- A . Amazon GuardDuty
- B . AWS WAF
- C . AWS Trusted Advisor
- D . Amazon Inspector
Correct Answer: B
B
Explanation:
The company should use AWS WAF to safeguard the website from SQL injection or cross-site scripting. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, AWS Trusted Advisor, and Amazon Inspector are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. AWS Trusted Advisor is a service that provides best practice recommendations for cost optimization, performance, security, and fault tolerance. Amazon Inspector is a service that assesses the security and compliance of applications running on Amazon EC2 instances12
B
Explanation:
The company should use AWS WAF to safeguard the website from SQL injection or cross-site scripting. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, AWS Trusted Advisor, and Amazon Inspector are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. AWS Trusted Advisor is a service that provides best practice recommendations for cost optimization, performance, security, and fault tolerance. Amazon Inspector is a service that assesses the security and compliance of applications running on Amazon EC2 instances12
Question #112
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)
- A . Patch AWS network devices.
- B . Set user password rules.
- C . Provide physical security for compute resources.
- D . Configure security groups.
- E . Patch the operating system of an Amazon EC2 instance.
Correct Answer: A, C
A, C
Explanation:
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment.
Reference: AWS Shared Responsibility Model
A, C
Explanation:
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment.
Reference: AWS Shared Responsibility Model
Question #113
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)
- A . Network infrastructure and virtualization of infrastructure
- B . Security of application data
- C . Guest operating systems
- D . Physical security of hardware
- E . Credentials and policies
Correct Answer: A, D
A, D
Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS responsibilities according to the AWS shared responsibility model. Security of application data, guest operating systems, and credentials and policies are customer responsibilities according to the AWS shared responsibility model.
Reference: [AWS Shared Responsibility Model]
A, D
Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS responsibilities according to the AWS shared responsibility model. Security of application data, guest operating systems, and credentials and policies are customer responsibilities according to the AWS shared responsibility model.
Reference: [AWS Shared Responsibility Model]
Question #114
Which pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value?
- A . Operational excellence
- B . Security
- C . Reliability
- D . Cost optimization
Correct Answer: A
A
Explanation:
The operational excellence pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value. This principle states that you should monitor and measure key performance indicators (KPIs) and set targets and thresholds that align with your business goals. You should also use feedback loops to continuously improve your processes and procedures 1.
A
Explanation:
The operational excellence pillar of the AWS Well-Architected Framework includes a design principle about measuring the overall efficiency of workloads in terms of business value. This principle states that you should monitor and measure key performance indicators (KPIs) and set targets and thresholds that align with your business goals. You should also use feedback loops to continuously improve your processes and procedures 1.
Question #115
Which option is a customer responsibility under the AWS shared responsibility model?
- A . Maintenance of underlying hardware of Amazon EC2 instances
- B . Application data security
- C . Physical security of data centers
- D . Maintenance of VPC components
Correct Answer: B
B
Explanation:
The option that is a customer responsibility under the AWS shared responsibility model is B.
Application data security.
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS manages the security of the underlying infrastructure, such as the hardware, software, networking, and facilities that run the AWS services, while the customer manages the security of their applications, data, and resources that they use on top of AWS12.
Application data security is one of the customer responsibilities under the AWS shared responsibility model. This means that the customer is responsible for protecting their application data from unauthorized access, modification, deletion, or leakage. The customer can use various AWS services and features to help with application data security, such as encryption, key management, access control, logging, and auditing12.
Maintenance of underlying hardware of Amazon EC2 instances is not a customer responsibility under the AWS shared responsibility model. This is part of the AWS responsibility to secure the cloud. AWS manages the physical servers that host the Amazon EC2 instances and ensures that they are updated, patched, and replaced as needed13.
Physical security of data centers is not a customer responsibility under the AWS shared responsibility model. This is also part of the AWS responsibility to secure the cloud. AWS operates and controls the facilities where the AWS services are hosted and ensures that they are protected from unauthorized access, environmental hazards, fire, and theft14.
Maintenance of VPC components is not a customer responsibility under the AWS shared responsibility model. This is a shared responsibility between AWS and the customer. AWS provides the VPC service and ensures that it is secure and reliable, while the customer configures and manages their own VPCs and related components, such as subnets, route tables, security groups, network ACLs, gateways, and endpoints15.
References: 1: Shared Responsibility Model – Amazon Web Services (AWS) 2: AWS Cloud Computing – W3Schools 3: [Amazon EC2 FAQs – Amazon Web Services] 4: [AWS Security – Amazon Web Services] 5: [Amazon Virtual Private Cloud (VPC) – Amazon Web Services]
B
Explanation:
The option that is a customer responsibility under the AWS shared responsibility model is B.
Application data security.
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud. This means that AWS manages the security of the underlying infrastructure, such as the hardware, software, networking, and facilities that run the AWS services, while the customer manages the security of their applications, data, and resources that they use on top of AWS12.
Application data security is one of the customer responsibilities under the AWS shared responsibility model. This means that the customer is responsible for protecting their application data from unauthorized access, modification, deletion, or leakage. The customer can use various AWS services and features to help with application data security, such as encryption, key management, access control, logging, and auditing12.
Maintenance of underlying hardware of Amazon EC2 instances is not a customer responsibility under the AWS shared responsibility model. This is part of the AWS responsibility to secure the cloud. AWS manages the physical servers that host the Amazon EC2 instances and ensures that they are updated, patched, and replaced as needed13.
Physical security of data centers is not a customer responsibility under the AWS shared responsibility model. This is also part of the AWS responsibility to secure the cloud. AWS operates and controls the facilities where the AWS services are hosted and ensures that they are protected from unauthorized access, environmental hazards, fire, and theft14.
Maintenance of VPC components is not a customer responsibility under the AWS shared responsibility model. This is a shared responsibility between AWS and the customer. AWS provides the VPC service and ensures that it is secure and reliable, while the customer configures and manages their own VPCs and related components, such as subnets, route tables, security groups, network ACLs, gateways, and endpoints15.
References: 1: Shared Responsibility Model – Amazon Web Services (AWS) 2: AWS Cloud Computing – W3Schools 3: [Amazon EC2 FAQs – Amazon Web Services] 4: [AWS Security – Amazon Web Services] 5: [Amazon Virtual Private Cloud (VPC) – Amazon Web Services]
Question #116
Which cloud concept is demonstrated by using AWS Compute Optimizer?
- A . Security validation
- B . Rightsizing
- C . Elasticity
- D . Global reach
Correct Answer: B
B
Explanation:
Rightsizing is the cloud concept that is demonstrated by using AWS Compute Optimizer. Rightsizing is the process of adjusting the type and size of your cloud resources to match the optimal performance and cost for your workloads. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of your AWS resources, such as Amazon EC2 instances, Amazon EBS volumes, AWS Lambda functions, and Amazon ECS services on AWS Fargate. It reports whether your resources are optimal, and generates optimization recommendations to reduce the cost and improve the performance of your workloads. AWS Compute Optimizer uses machine learning to analyze your historical utilization data and compare it with the most cost-effective AWS alternatives. You can use the recommendations to evaluate the trade-offs between cost and performance, and decide when to move or resize your resources to achieve the best results.
References: Workload Rightsizing – AWS Compute Optimizer – AWS, What is AWS Compute Optimizer? – AWS Compute Optimizer
B
Explanation:
Rightsizing is the cloud concept that is demonstrated by using AWS Compute Optimizer. Rightsizing is the process of adjusting the type and size of your cloud resources to match the optimal performance and cost for your workloads. AWS Compute Optimizer is a service that analyzes the configuration and utilization metrics of your AWS resources, such as Amazon EC2 instances, Amazon EBS volumes, AWS Lambda functions, and Amazon ECS services on AWS Fargate. It reports whether your resources are optimal, and generates optimization recommendations to reduce the cost and improve the performance of your workloads. AWS Compute Optimizer uses machine learning to analyze your historical utilization data and compare it with the most cost-effective AWS alternatives. You can use the recommendations to evaluate the trade-offs between cost and performance, and decide when to move or resize your resources to achieve the best results.
References: Workload Rightsizing – AWS Compute Optimizer – AWS, What is AWS Compute Optimizer? – AWS Compute Optimizer
Question #117
Which AWS Support plan provides the full set of AWS Trusted Advisor checks at the LOWEST cost?
- A . AWS Developer Support
- B . AWS Business Support
- C . AWS Enterprise On-Ramp Support
- D . AWS Enterprise Support
Correct Answer: B
B
Explanation:
The AWS Support plan that provides the full set of AWS Trusted Advisor checks at the lowest cost is the AWS Business Support plan. The AWS Business Support plan includes access to the complete set of Trusted Advisor checks, which cover areas such as cost optimization, security, performance, fault tolerance, and service limits. This plan is specifically designed to support production workloads and includes 24/7 access to cloud support engineers, response times for impaired systems, and other enhanced technical support features.
AWS Developer Support, while more affordable, only provides limited Trusted Advisor checks, specifically around Service Limits and basic Security checks. Full access to all Trusted Advisor checks is only available with Business Support and higher-tier plans, such as Enterprise On-Ramp and Enterprise Support
B
Explanation:
The AWS Support plan that provides the full set of AWS Trusted Advisor checks at the lowest cost is the AWS Business Support plan. The AWS Business Support plan includes access to the complete set of Trusted Advisor checks, which cover areas such as cost optimization, security, performance, fault tolerance, and service limits. This plan is specifically designed to support production workloads and includes 24/7 access to cloud support engineers, response times for impaired systems, and other enhanced technical support features.
AWS Developer Support, while more affordable, only provides limited Trusted Advisor checks, specifically around Service Limits and basic Security checks. Full access to all Trusted Advisor checks is only available with Business Support and higher-tier plans, such as Enterprise On-Ramp and Enterprise Support
Question #118
A company wants its Amazon EC2 instances to operate in a highly available environment, even if there is a natural disaster in a particular geographic area.
Which solution achieves this goal?
- A . Use EC2 instances in a single Availability Zone.
- B . Use EC2 instances in multiple AWS Regions.
- C . Use EC2 instances in multiple edge locations.
- D . Use Amazon CloudFront with the EC2 instances configured as the source.
Correct Answer: B
B
Explanation:
To achieve high availability in the event of a natural disaster, the company should use EC2 instances in multiple AWS Regions. AWS Regions are geographically isolated areas that consist of multiple Availability Zones. Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. By using EC2 instances in multiple AWS Regions, the company can ensure that its applications can continue to run even if one Region is affected by a disaster. AWS Global Infrastructure AWS Well-Architected Framework
B
Explanation:
To achieve high availability in the event of a natural disaster, the company should use EC2 instances in multiple AWS Regions. AWS Regions are geographically isolated areas that consist of multiple Availability Zones. Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. By using EC2 instances in multiple AWS Regions, the company can ensure that its applications can continue to run even if one Region is affected by a disaster. AWS Global Infrastructure AWS Well-Architected Framework
Question #119
Which AWS service offers object storage?
- A . Amazon RDS
- B . Amazon Elastic File System (Amazon EFS)
- C . Amazon S3
- D . Amazon DynamoDB
Correct Answer: C
C
Explanation:
Amazon S3 is the AWS service that offers object storage. Object storage is a technology that stores and manages data in an unstructured format called objects. Each object consists of the data, metadata, and a unique identifier. Object storage is ideal for storing large amounts of unstructured data, such as photos, videos, email, web pages, sensor data, and audio files 1. Amazon S3 provides industry-leading scalability, data availability, security, and performance for object storage2.
Amazon RDS is the AWS service that offers relational database storage. Relational database storage is a technology that stores and manages data in a structured format called tables. Each table consists of rows and columns that define the attributes and values of the data. Relational database storage is ideal for storing structured or semi-structured data, such as customer records, inventory, transactions, and analytics3.
Amazon Elastic File System (Amazon EFS) is the AWS service that offers file storage. File storage is a technology that stores and manages data in a hierarchical format called files and folders. Each file consists of the data and metadata, and each folder consists of files or subfolders. File storage is ideal for storing shared data that can be accessed by multiple users or applications, such as home directories, content repositories, media libraries, and configuration files4.
Amazon DynamoDB is the AWS service that offers NoSQL database storage. NoSQL database storage is a technology that stores and manages data in a flexible format called documents or key-value pairs. Each document or key-value pair consists of the data and metadata, and can have different attributes and values depending on the schema. NoSQL database storage is ideal for storing dynamic or unstructured data that requires high performance, scalability, and availability, such as web applications, social media, gaming, and IoT.
C
Explanation:
Amazon S3 is the AWS service that offers object storage. Object storage is a technology that stores and manages data in an unstructured format called objects. Each object consists of the data, metadata, and a unique identifier. Object storage is ideal for storing large amounts of unstructured data, such as photos, videos, email, web pages, sensor data, and audio files 1. Amazon S3 provides industry-leading scalability, data availability, security, and performance for object storage2.
Amazon RDS is the AWS service that offers relational database storage. Relational database storage is a technology that stores and manages data in a structured format called tables. Each table consists of rows and columns that define the attributes and values of the data. Relational database storage is ideal for storing structured or semi-structured data, such as customer records, inventory, transactions, and analytics3.
Amazon Elastic File System (Amazon EFS) is the AWS service that offers file storage. File storage is a technology that stores and manages data in a hierarchical format called files and folders. Each file consists of the data and metadata, and each folder consists of files or subfolders. File storage is ideal for storing shared data that can be accessed by multiple users or applications, such as home directories, content repositories, media libraries, and configuration files4.
Amazon DynamoDB is the AWS service that offers NoSQL database storage. NoSQL database storage is a technology that stores and manages data in a flexible format called documents or key-value pairs. Each document or key-value pair consists of the data and metadata, and can have different attributes and values depending on the schema. NoSQL database storage is ideal for storing dynamic or unstructured data that requires high performance, scalability, and availability, such as web applications, social media, gaming, and IoT.
Question #120
Which AWS service provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning (ML)?
- A . Amazon Kendra
- B . Amazon SageMaker
- C . Amazon Augmented Al (Amazon A2I)
- D . Amazon Polly
Correct Answer: A
A
Explanation:
Amazon Kendra is a service that provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning. Kendra delivers powerful natural language search capabilities to your websites and applications so your end users can more easily find the information they need within the vast amount of content spread across your company. Amazon SageMaker is a service that provides a fully managed platform for data scientists and developers to quickly and easily build, train, and deploy machine learning models at any scale. Amazon Augmented AI (Amazon A2I) is a service that makes it easy to build the workflows required for human review of ML predictions. Amazon A2I brings human review to all developers, removing the undifferentiated heavy lifting associated with building human review systems or managing large numbers of human reviewers. Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. None of these services provide an enterprise search service that is powered by machine learning.
A
Explanation:
Amazon Kendra is a service that provides a highly accurate and easy-to-use enterprise search service that is powered by machine learning. Kendra delivers powerful natural language search capabilities to your websites and applications so your end users can more easily find the information they need within the vast amount of content spread across your company. Amazon SageMaker is a service that provides a fully managed platform for data scientists and developers to quickly and easily build, train, and deploy machine learning models at any scale. Amazon Augmented AI (Amazon A2I) is a service that makes it easy to build the workflows required for human review of ML predictions. Amazon A2I brings human review to all developers, removing the undifferentiated heavy lifting associated with building human review systems or managing large numbers of human reviewers. Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. None of these services provide an enterprise search service that is powered by machine learning.