Practice Free CLF-C02 Exam Online Questions
Question #191
Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts?
- A . AWS Identity and Access Management (1AM)
- B . AWS Trusted Advisor
- C . AWS CloudFormation
- D . AWS Organizations
Correct Answer: D
D
Explanation:
AWS Organizations is the AWS service or feature that allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts. AWS Organizations enables users to centrally manage and govern their AWS environment across multiple accounts. Users can create organizational units (OUs) to group accounts based on their business needs, such as by function, project, or region. Users can also apply service control policies (SCPs) to OUs or individual accounts to define the permissions and restrictions for the AWS services and resources that they can access. AWS Organizations also offers features such as consolidated billing, account creation automation, and trusted access12.
References: AWS Organizations
What is AWS Organizations?
D
Explanation:
AWS Organizations is the AWS service or feature that allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts. AWS Organizations enables users to centrally manage and govern their AWS environment across multiple accounts. Users can create organizational units (OUs) to group accounts based on their business needs, such as by function, project, or region. Users can also apply service control policies (SCPs) to OUs or individual accounts to define the permissions and restrictions for the AWS services and resources that they can access. AWS Organizations also offers features such as consolidated billing, account creation automation, and trusted access12.
References: AWS Organizations
What is AWS Organizations?
Question #192
Which AWS service supports the deployment and management of applications in the AWS Cloud?
- A . Amazon CodeGuru
- B . AWS Fargate
- C . AWS CodeCommit
- D . AWS Elastic Beanstalk
Correct Answer: D
D
Explanation:
AWS Elastic Beanstalk is a managed service that facilitates the deployment and management of applications in the AWS Cloud. It supports multiple programming languages and frameworks, allowing users to deploy web applications without managing the underlying infrastructure. Elastic Beanstalk automatically handles deployment, capacity provisioning, load balancing, and auto-scaling. The other services listed, like CodeGuru, Fargate, and CodeCommit, do not provide full application deployment and management capabilities.
D
Explanation:
AWS Elastic Beanstalk is a managed service that facilitates the deployment and management of applications in the AWS Cloud. It supports multiple programming languages and frameworks, allowing users to deploy web applications without managing the underlying infrastructure. Elastic Beanstalk automatically handles deployment, capacity provisioning, load balancing, and auto-scaling. The other services listed, like CodeGuru, Fargate, and CodeCommit, do not provide full application deployment and management capabilities.
Question #193
Which of the following are advantages of moving to the AWS Cloud? (Select TWO.)
- A . The ability to turn over the responsibility for all security to AWS.
- B . The ability to use the pay-as-you-go model.
- C . The ability to have full control over the physical infrastructure.
- D . No longer having to guess what capacity will be required.
- E . No longer worrying about users access controls.
Correct Answer: B, D
B, D
Explanation:
The advantages of moving to the AWS Cloud are the ability to use the pay-as-you-go model and no longer having to guess what capacity will be required. The pay-as-you-go model allows the user to pay only for the resources they use, without any upfront or long-term commitments. This reduces the cost and risk of over-provisioning or under-provisioning resources. No longer having to guess what capacity will be required means that the user can scale their resources up or down according to the demand, without wasting money on idle resources or losing customers due to insufficient capacity4.
B, D
Explanation:
The advantages of moving to the AWS Cloud are the ability to use the pay-as-you-go model and no longer having to guess what capacity will be required. The pay-as-you-go model allows the user to pay only for the resources they use, without any upfront or long-term commitments. This reduces the cost and risk of over-provisioning or under-provisioning resources. No longer having to guess what capacity will be required means that the user can scale their resources up or down according to the demand, without wasting money on idle resources or losing customers due to insufficient capacity4.
5 1. A company is migrating a relational database server to the AWS Cloud. The company wants to minimize administrative overhead of database maintenance tasks.
Which AWS service will meet these requirements?
Question #194
Which AWS service integrates with other AWS services to provide the ability to encrypt data at rest?
- A . AWS Key Management Service (AWS KMS)
- B . AWS Certificate Manager (ACM)
- C . AWS Identity and Access Management (1AM)
- D . AWS Security Hub
Correct Answer: A
A
Explanation:
AWS Key Management Service (AWS KMS) is designed to integrate with various AWS services to encrypt data at rest. It provides a secure and highly available service to create, control, and manage encryption keys used to encrypt your data. AWS Certificate Manager (ACM) is for managing SSL/TLS certificates, AWS Identity and Access Management (IAM) is for managing user access and permissions, and AWS Security Hub is for security monitoring and compliance, but none of these services provide data encryption at rest like AWS KMS.
A
Explanation:
AWS Key Management Service (AWS KMS) is designed to integrate with various AWS services to encrypt data at rest. It provides a secure and highly available service to create, control, and manage encryption keys used to encrypt your data. AWS Certificate Manager (ACM) is for managing SSL/TLS certificates, AWS Identity and Access Management (IAM) is for managing user access and permissions, and AWS Security Hub is for security monitoring and compliance, but none of these services provide data encryption at rest like AWS KMS.
Question #195
Which of the following actions are controlled with AWS Identity and Access Management (IAM)? (Select TWO.)
- A . Control access to AWS service APIs and to other specific resources.
- B . Provide intelligent threat detection and continuous monitoring.
- C . Protect the AWS environment using multi-factor authentication (MFA).
- D . Grant users access to AWS data centers.
- E . Provide firewall protection for applications from common web attacks.
Correct Answer: A, C
A, C
Explanation:
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely.
You can use IAM to perform the following actions:
Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS resources and how. You can also use IAM to grant temporary access to users or applications that need to perform certain tasks on your behalf3 Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of security to your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and password, when they sign in to AWS4
A, C
Explanation:
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely.
You can use IAM to perform the following actions:
Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS resources and how. You can also use IAM to grant temporary access to users or applications that need to perform certain tasks on your behalf3 Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of security to your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and password, when they sign in to AWS4
31 1. A company needs to securely store important credentials that an application uses to connect users to a database.
Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?
Question #196
Which AWS service provides command line access to AWS tools and resources directly (torn a web browser?
- A . AWS CIoudHSM
- B . AWS CloudShell
- C . Amazon Workspaces
- D . AWS Cloud Map
Correct Answer: B
B
Explanation:
AWS CloudShell is the service that provides command line access to AWS tools and resources directly from a web browser. AWS CloudShell is a browser-based shell that makes it easy to securely manage, explore, and interact with your AWS resources. It comes pre-authenticated with your console credentials and common development and administration tools are pre-installed, so no local installation or configuration is required. You can open AWS CloudShell from the AWS Management Console with a single click and start running commands and scripts using the AWS Command Line Interface (AWS CLI), Git, or SDKs. AWS CloudShell also provides persistent home directories with 1 GB of storage per AWS Region12. The other services do not provide command line access to AWS tools and resources directly from a web browser. AWS CloudHSM is a service that helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS Cloud3. Amazon WorkSpaces is a service that provides a fully managed, secure Desktop-as-a-Service (DaaS) solution that runs on AWS4. AWS Cloud Map is a service that makes it easy for your applications to discover and connect to each other using logical names and attributes5.
References: AWS CloudShell, AWS CloudShell C Command-Line Access to AWS Resources, AWS CloudHSM, Amazon WorkSpaces, AWS Cloud Map
B
Explanation:
AWS CloudShell is the service that provides command line access to AWS tools and resources directly from a web browser. AWS CloudShell is a browser-based shell that makes it easy to securely manage, explore, and interact with your AWS resources. It comes pre-authenticated with your console credentials and common development and administration tools are pre-installed, so no local installation or configuration is required. You can open AWS CloudShell from the AWS Management Console with a single click and start running commands and scripts using the AWS Command Line Interface (AWS CLI), Git, or SDKs. AWS CloudShell also provides persistent home directories with 1 GB of storage per AWS Region12. The other services do not provide command line access to AWS tools and resources directly from a web browser. AWS CloudHSM is a service that helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS Cloud3. Amazon WorkSpaces is a service that provides a fully managed, secure Desktop-as-a-Service (DaaS) solution that runs on AWS4. AWS Cloud Map is a service that makes it easy for your applications to discover and connect to each other using logical names and attributes5.
References: AWS CloudShell, AWS CloudShell C Command-Line Access to AWS Resources, AWS CloudHSM, Amazon WorkSpaces, AWS Cloud Map
Question #197
A company wants to migrate a company’s on-premises container Infrastructure to the AWS Cloud. The company wants to prevent unplanned administration and operation cost and adapt to a serverless architecture.
Which AWS service will meet these requirements?
- A . Amazon Connect
- B . AWS Fargate
- C . Amazon Lightsail
- D . Amazon EC2
Correct Answer: B
B
Explanation:
AWS Fargate is a serverless compute engine for containers that allows users to run containers without having to manage the underlying infrastructure. Fargate eliminates the need for managing servers and reduces operational overhead, providing a fully managed, serverless approach to containerized applications. It helps avoid unplanned administration and operational costs and is ideal for companies migrating from on-premises container infrastructure .
Why other options are not suitable:
B
Explanation:
AWS Fargate is a serverless compute engine for containers that allows users to run containers without having to manage the underlying infrastructure. Fargate eliminates the need for managing servers and reduces operational overhead, providing a fully managed, serverless approach to containerized applications. It helps avoid unplanned administration and operational costs and is ideal for companies migrating from on-premises container infrastructure .
Why other options are not suitable:
Question #198
Which task is the responsibility of a company that is using Amazon RDS?
- A . Provision the underlying infrastructure.
- B . Create IAM policies to control administrative access to the service.
- C . Install the cables to connect the hardware for compute and storage.
- D . Install and patch the RDS operating system.
Correct Answer: B
B
Explanation:
The correct answer is B because AWS IAM policies can be used to control administrative access to the Amazon RDS service. The other options are incorrect because they are the responsibilities of AWS, not the company that is using Amazon RDS. AWS manages the provisioning, cabling, installation, and patching of the underlying infrastructure for Amazon RDS.
Reference: Amazon RDS FAQs
B
Explanation:
The correct answer is B because AWS IAM policies can be used to control administrative access to the Amazon RDS service. The other options are incorrect because they are the responsibilities of AWS, not the company that is using Amazon RDS. AWS manages the provisioning, cabling, installation, and patching of the underlying infrastructure for Amazon RDS.
Reference: Amazon RDS FAQs
Question #199
A company needs to implement identity management for a fleet of mobile apps that are running in the AWS Cloud.
Which AWS service will meet this requirement?
- A . Amazon Cognito
- B . AWS Security Hub
- C . AWS Shield
- D . AWS WAF
Correct Answer: A
A
Explanation:
Amazon Cognito is a service that provides identity management for mobile and web applications, allowing users to sign up, sign in, and access AWS resources with different identity providers. AWS Security Hub is a service that provides a comprehensive view of the security posture of AWS accounts and resources. AWS Shield is a service that provides protection against distributed denial of service (DDoS) attacks. AWS WAF is a web application firewall that helps protect web applications from common web exploits.
A
Explanation:
Amazon Cognito is a service that provides identity management for mobile and web applications, allowing users to sign up, sign in, and access AWS resources with different identity providers. AWS Security Hub is a service that provides a comprehensive view of the security posture of AWS accounts and resources. AWS Shield is a service that provides protection against distributed denial of service (DDoS) attacks. AWS WAF is a web application firewall that helps protect web applications from common web exploits.
Question #200
A company wants to move its iOS application development and build activities to AWS.
Which AWS service or resource should the company use for these activities?
- A . AWS CodeCommit
- B . Amazon EC2 M1 Mac instances
- C . AWS Amplify
- D . AWS App Runner
Correct Answer: B
B
Explanation:
Amazon EC2 M1 Mac instances are the AWS service or resource that the company should use for its iOS application development and build activities, as they enable users to run macOS on AWS and access a broad and growing set of AWS services. AWS CodeCommit is a service that provides a fully managed source control service that hosts secure Git-based repositories. AWS Amplify is a set of tools and services that enable developers to build full-stack web and mobile applications using AWS. AWS App Runner is a service that makes it easy for developers to quickly deploy containerized web applications and APIs. These concepts are explained in the AWS Developer Tools page4.
B
Explanation:
Amazon EC2 M1 Mac instances are the AWS service or resource that the company should use for its iOS application development and build activities, as they enable users to run macOS on AWS and access a broad and growing set of AWS services. AWS CodeCommit is a service that provides a fully managed source control service that hosts secure Git-based repositories. AWS Amplify is a set of tools and services that enable developers to build full-stack web and mobile applications using AWS. AWS App Runner is a service that makes it easy for developers to quickly deploy containerized web applications and APIs. These concepts are explained in the AWS Developer Tools page4.