Practice Free CLF-C02 Exam Online Questions
Question #141
A company wants to launch its web application in a second AWS Region. The company needs to determine which services must be regionally configured for this launch .
Which AWS services can be configured at the Region level? (Select TWO.)
- A . Amazon EC2
- B . Amazon Route 53
- C . Amazon CloudFront
- D . AWS WAF
- E . Amazon DynamoDB
Correct Answer: B, D
B, D
Explanation:
Amazon Route 53 and AWS WAF are AWS services that can be configured at the Region level. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service that lets you register domain names, route traffic to resources, and check the health of your resources. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Amazon EC2, Amazon CloudFront, and Amazon DynamoDB are AWS services that can be configured at the global level or the Availability Zone level.
B, D
Explanation:
Amazon Route 53 and AWS WAF are AWS services that can be configured at the Region level. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service that lets you register domain names, route traffic to resources, and check the health of your resources. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Amazon EC2, Amazon CloudFront, and Amazon DynamoDB are AWS services that can be configured at the global level or the Availability Zone level.
34 1. A company needs to identify who accessed an AWS service and what action was performed for a given time period.
Which AWS service should the company use to meet this requirement?
Question #142
Which guidelines are best practices for using AWS Identity and Access Management (1AM)? (Select TWO.)
- A . Share access keys.
- B . Create individual 1AM users.
- C . Use inline policies instead of customer managed policies.
- D . Grant maximum privileges to 1AM users.
- E . Use groups to assign permissions to 1AM users.
Correct Answer: B, E
B, E
Explanation:
Best practices for using AWS Identity and Access Management (IAM) include:
B. Create individual IAM users: Each user should have their own IAM credentials to ensure accountability, control, and traceability. Sharing credentials can lead to security risks and difficulty in auditing.
E. Use groups to assign permissions to IAM users: Assigning permissions through IAM groups simplifies permission management. You can assign the necessary permissions to the group, and then add or remove users from the group as needed, rather than managing permissions for each user individually.
Why other options are not suitable:
B, E
Explanation:
Best practices for using AWS Identity and Access Management (IAM) include:
B. Create individual IAM users: Each user should have their own IAM credentials to ensure accountability, control, and traceability. Sharing credentials can lead to security risks and difficulty in auditing.
E. Use groups to assign permissions to IAM users: Assigning permissions through IAM groups simplifies permission management. You can assign the necessary permissions to the group, and then add or remove users from the group as needed, rather than managing permissions for each user individually.
Why other options are not suitable:
Question #143
A company needs to store data across multiple Availability Zones in an AWS Region. The data will not be accessed regularly but must be immediately retrievable.
Which Amazon Elastic File System (Amazon EFS) storage class meets these requirements MOST cost effectively?
- A . EFS Standard
- B . EFS Standard-Infrequent Access(EFS Standard-IA)
- C . EFS One Zone
- D . EFS One Zone-Infrequent Access (EFS One Zone-IA)
Correct Answer: B
B
Explanation:
EFS Standard-Infrequent Access (EFS Standard-IA) is the storage class that meets the requirements of storing data across multiple Availability Zones in an AWS Region, that will not be accessed regularly but must be immediately retrievable, most cost-effectively. EFS Standard-IA is designed for files that are accessed less frequently, but still require the same high performance, low latency, and high availability as EFS Standard. EFS Standard-IA has a lower storage cost than EFS Standard, but charges a small additional fee for each access. EFS One Zone and EFS One Zone-IA store data in a single Availability Zone, which reduces the availability and durability compared to EFS Standard and EFS Standard-IA.
B
Explanation:
EFS Standard-Infrequent Access (EFS Standard-IA) is the storage class that meets the requirements of storing data across multiple Availability Zones in an AWS Region, that will not be accessed regularly but must be immediately retrievable, most cost-effectively. EFS Standard-IA is designed for files that are accessed less frequently, but still require the same high performance, low latency, and high availability as EFS Standard. EFS Standard-IA has a lower storage cost than EFS Standard, but charges a small additional fee for each access. EFS One Zone and EFS One Zone-IA store data in a single Availability Zone, which reduces the availability and durability compared to EFS Standard and EFS Standard-IA.
Question #144
Which AWS service helps users plan and track their server and application inventory migration data to AWS?
- A . Amazon CloudWatch
- B . AWS DataSync
- C . AWS Migration Hub
- D . AWS Application Migration Service
Correct Answer: C
C
Explanation:
AWS Migration Hub assists users in planning and tracking the progress of their server and application migrations. It centralizes migration tracking across various AWS services, providing visibility into application inventory and migration status. While AWS Application Migration Service also assists with migrations, Migration Hub is specifically designed for tracking migration data comprehensively.
C
Explanation:
AWS Migration Hub assists users in planning and tracking the progress of their server and application migrations. It centralizes migration tracking across various AWS services, providing visibility into application inventory and migration status. While AWS Application Migration Service also assists with migrations, Migration Hub is specifically designed for tracking migration data comprehensively.
Question #145
Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?
- A . On-Demand Instances
- B . Standard Reserved Instances
- C . Spot Instances
- D . Convertible Reserved Instances
Correct Answer: C
C
Explanation:
Spot Instances are a type of EC2 instance that let you bid on unused compute capacity, which AWS offers at a discount of up to 90% compared to On-Demand prices 1. Spot Instances are suitable for fault-tolerant, stateless, or flexible applications that can handle interruptions2. Spot Instances can be interrupted with a two-minute warning when EC2 needs the capacity back3. The other options are not pricing models that will interrupt a running EC2 instance if capacity becomes temporarily unavailable
C
Explanation:
Spot Instances are a type of EC2 instance that let you bid on unused compute capacity, which AWS offers at a discount of up to 90% compared to On-Demand prices 1. Spot Instances are suitable for fault-tolerant, stateless, or flexible applications that can handle interruptions2. Spot Instances can be interrupted with a two-minute warning when EC2 needs the capacity back3. The other options are not pricing models that will interrupt a running EC2 instance if capacity becomes temporarily unavailable
Question #146
A company is planning to migrate its application to the AWS Cloud.
Which AWS tool or set of resources should the company use to analyze and asses its readiness for migration?
- A . AWS Cloud Adoption Framework (AWS CAF)
- B . AWS Pricing Calculator
- C . AWS Well-Architected Framework
- D . AWS Budgets
Correct Answer: A
A
Explanation:
AWS Cloud Adoption Framework (AWS CAF) is a tool that helps organizations understand how cloud adoption transforms the way they work, and it provides structure to identify and address gaps in skills and processes. Applying the AWS CAF in your organization results in an actionable plan that helps you prepare the cloud environment, enable your staff with new skills, and migrate your applications. AWS Pricing Calculator is a tool that helps you estimate the cost of AWS services for your use cases and compare the cost of different AWS service configurations. AWS Well-Architected Framework is a tool that helps you review and improve your cloud-based architectures and better understand the business impact of your design decisions. AWS Budgets is a tool that helps you plan your service usage, service costs, and instance reservations, and track how close your plan is to your budgeted amount.
A
Explanation:
AWS Cloud Adoption Framework (AWS CAF) is a tool that helps organizations understand how cloud adoption transforms the way they work, and it provides structure to identify and address gaps in skills and processes. Applying the AWS CAF in your organization results in an actionable plan that helps you prepare the cloud environment, enable your staff with new skills, and migrate your applications. AWS Pricing Calculator is a tool that helps you estimate the cost of AWS services for your use cases and compare the cost of different AWS service configurations. AWS Well-Architected Framework is a tool that helps you review and improve your cloud-based architectures and better understand the business impact of your design decisions. AWS Budgets is a tool that helps you plan your service usage, service costs, and instance reservations, and track how close your plan is to your budgeted amount.
Question #147
A company wants to use the AWS Cloud as an offsite backup location for its on-premises infrastructure.
Which AWS service will meet this requirement MOST cost-effectively?
- A . Amazon S3
- B . Amazon Elastic File System (Amazon EFS)
- C . Amazon FSx
- D . Amazon Elastic Block Store (Amazon EBS)
Correct Answer: A
A
Explanation:
Amazon S3 is the most cost-effective service for storing offsite backups of on-premises infrastructure. Amazon S3 offers low-cost, durable, and scalable storage that can be accessed from anywhere over the internet. Amazon S3 also supports lifecycle policies, versioning, encryption, and cross-region replication to optimize the backup and recovery process. Amazon EFS, Amazon FSx, and Amazon EBS are more suitable for storing data that requires high performance, low latency, and frequent
access12
A
Explanation:
Amazon S3 is the most cost-effective service for storing offsite backups of on-premises infrastructure. Amazon S3 offers low-cost, durable, and scalable storage that can be accessed from anywhere over the internet. Amazon S3 also supports lifecycle policies, versioning, encryption, and cross-region replication to optimize the backup and recovery process. Amazon EFS, Amazon FSx, and Amazon EBS are more suitable for storing data that requires high performance, low latency, and frequent
access12
Question #148
A. Amazon OpenSearch Service
B. AWS Control Tower
C. AWS IAM Access Analyzer
D. AWS Fargate
Correct Answer: C
Explanation:
AWS IAM Access Analyzer is an AWS service that helps customers identify and review the resources in their AWS account that are shared with an external entity, such as another AWS account, a root user, an organization, or a public entity. AWS IAM Access Analyzer uses automated reasoning, a form of mathematical logic and inference, to analyze the resource-based policies in the account and generate comprehensive findings that show the access level, the source of the access, the affected resource, and the condition under which the access applies. Customers can use AWS IAM Access Analyzer to audit their shared resources, validate their access policies, and monitor any changes to the resource sharing status.
References: AWS IAM Access Analyzer, Identify and review resources shared with external entities, How AWS IAM Access Analyzer works
Explanation:
AWS IAM Access Analyzer is an AWS service that helps customers identify and review the resources in their AWS account that are shared with an external entity, such as another AWS account, a root user, an organization, or a public entity. AWS IAM Access Analyzer uses automated reasoning, a form of mathematical logic and inference, to analyze the resource-based policies in the account and generate comprehensive findings that show the access level, the source of the access, the affected resource, and the condition under which the access applies. Customers can use AWS IAM Access Analyzer to audit their shared resources, validate their access policies, and monitor any changes to the resource sharing status.
References: AWS IAM Access Analyzer, Identify and review resources shared with external entities, How AWS IAM Access Analyzer works
Question #149
A company is assessing its AWS Business Support plan to determine if the plan still meets the company’s needs. The company is considering switching to AWS Enterprise Support.
Which additional benefit will the company receive with AWS Enterprise Support?
- A . A full set of AWS Trusted Advisor checks
- B . Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week
- C . A designated technical account manager (TAM) to assist in monitoring and optimization
- D . A consultative review and architecture guidance for the company’s applications
Correct Answer: C
C
Explanation:
The additional benefit that the company will receive with AWS Enterprise Support is C. A designated technical account manager (TAM) to assist in monitoring and optimization.
A TAM is a dedicated point of contact who works with the customer to understand their use cases, applications, and goals, and provides proactive guidance and best practices to help them optimize their AWS environment. A TAM also helps the customer with case management, escalations, service updates, and feature requests12.
A full set of AWS Trusted Advisor checks is available for customers with Business, Enterprise On-Ramp, or Enterprise Support plans 1. Phone, email, and chat access to cloud support engineers 24/7 is available for customers with Business, Enterprise On-Ramp, or Enterprise Support plans 1. A consultative review and architecture guidance for the company’s applications is available for customers with Enterprise On-Ramp or Enterprise Support plans 1. Therefore, these benefits are not exclusive to AWS Enterprise Support.
Reference: 1: AWS Support Plan Comparison | Developer, Business, Enterprise …
C
Explanation:
The additional benefit that the company will receive with AWS Enterprise Support is C. A designated technical account manager (TAM) to assist in monitoring and optimization.
A TAM is a dedicated point of contact who works with the customer to understand their use cases, applications, and goals, and provides proactive guidance and best practices to help them optimize their AWS environment. A TAM also helps the customer with case management, escalations, service updates, and feature requests12.
A full set of AWS Trusted Advisor checks is available for customers with Business, Enterprise On-Ramp, or Enterprise Support plans 1. Phone, email, and chat access to cloud support engineers 24/7 is available for customers with Business, Enterprise On-Ramp, or Enterprise Support plans 1. A consultative review and architecture guidance for the company’s applications is available for customers with Enterprise On-Ramp or Enterprise Support plans 1. Therefore, these benefits are not exclusive to AWS Enterprise Support.
Reference: 1: AWS Support Plan Comparison | Developer, Business, Enterprise …
Question #150
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2 instances based on CPU utilization.
Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achieve this goal?
- A . Amazon Simple Queue Service (Amazon SQS)
- B . Amazon Simple Notification Service (Amazon SNS)
- C . AWS Systems Manager
- D . Amazon CloudWatch alarm
Correct Answer: D
D
Explanation:
Amazon CloudWatch alarm is an AWS service or feature that can initiate an Amazon EC2 Auto Scaling action based on CPU utilization. Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, events, and alarms for your AWS resources and applications. Amazon CloudWatch alarms are actions that you can configure to send notifications or automatically make changes to the resources you are monitoring based on rules that you define67. Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create dynamic scaling policies that track a specific CloudWatch metric, such as CPU utilization, and define what action to take when the associated CloudWatch alarm is in ALARM. When the policy is in effect, Amazon EC2 Auto Scaling adjusts the group’s desired capacity up or down when the threshold of an alarm is breached89.
References: 6: Cloud Monitoring – Amazon CloudWatch – AWS, 7: Amazon CloudWatch Documentation, 8: Dynamic scaling for Amazon EC2 Auto Scaling, 9: Amazon EC2 Auto Scaling Documentation
D
Explanation:
Amazon CloudWatch alarm is an AWS service or feature that can initiate an Amazon EC2 Auto Scaling action based on CPU utilization. Amazon CloudWatch is a monitoring and observability service that collects and tracks metrics, logs, events, and alarms for your AWS resources and applications. Amazon CloudWatch alarms are actions that you can configure to send notifications or automatically make changes to the resources you are monitoring based on rules that you define67. Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create dynamic scaling policies that track a specific CloudWatch metric, such as CPU utilization, and define what action to take when the associated CloudWatch alarm is in ALARM. When the policy is in effect, Amazon EC2 Auto Scaling adjusts the group’s desired capacity up or down when the threshold of an alarm is breached89.
References: 6: Cloud Monitoring – Amazon CloudWatch – AWS, 7: Amazon CloudWatch Documentation, 8: Dynamic scaling for Amazon EC2 Auto Scaling, 9: Amazon EC2 Auto Scaling Documentation
54 1. Which of the following services can be used to block network traffic to an instance? (Select TWO.)