Amazon Amazon Certifications CLF-C02 Questions & Answers

• Question 181:

  Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

  A. Providing high-performance container orchestration

  B. Creating and rotating encryption keys

  C. Detecting underutilized resources to save costs

  D. Improving security by proactively monitoring the AWS environment

  E. Implementing enforced tagging across AWS resources

  Correct Answer: CD

  C and D are correct.

  Benefits of Trusted Advisor:

  Cost optimization - Trusted Advisor can help you save cost with actionable recommendations by analyzing usage, configuration and spend. ?Performance - Trusted Advisor can help improve the performance of your services with actionable

  recommendations by analyzing usage and configuration. ?Security - Trusted Advisor can help improve the security of your AWS environment by suggesting foundational security best practices curated by security experts.

  Fault tolerance - Trusted Advisor can help improve the reliability of your services.

  Service quotas - Service quotas are the maximum number of resources that you can create in an AWS account.

  Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

• Question 182:

  A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates. Which AWS service will meet this requirement?

  A. AWS Resource Explorer

  B. AWS Service Catalog

  C. AWS Organizations

  D. AWS Systems Manager

  Correct Answer: B

  AWS Service Catalog lets you centrally manage your cloud resources to achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or Terraform configurations. With AWS Service Catalog, you can

  meet your compliance requirements while making sure your customers can quickly deploy the cloud resources they need.

  https://aws.amazon.com/servicecatalog/

• Question 183:

  Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)

  A. AWS Cost Explorer

  B. AWS Billing Conductor

  C. Amazon CodeGuru

  D. Amazon SageMaker

  E. AWS Compute Optimizer

  Correct Answer: AE

  https://docs.aws.amazon.com/cost-management/latest/userguide/ce-rightsizing.html https://aws.amazon.com/compute-optimizer/

• Question 184:

  A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario?

  A. Update the guest operating system of the EC2 instances.

  B. Maintain high availability at the database layer.

  C. Patch the physical infrastructure that hosts the EC2 instances.

  D. Configure the security group firewall.

  Correct Answer: C

  A is incorrect because when we set up an instance of ec2 we choose the operating system.

  B is incorrect because we are configuring and running the database on the ec2 instances so that would be our responsibility.

  D is incorrect because the firewall rules are our job.

  C is correct because the physical infrastructure where the ec2 instances run is amazon's responsibility

• Question 185:

  A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements?

  A. AWS Lambda

  B. Amazon RDS

  C. AWS Fargate

  D. Amazon Athena

  Correct Answer: C

  AWS Fargate is a serverless, pay-as-you-go compute engine that lets you focus on building applications without managing servers. AWS Fargate is compatible with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic

  Kubernetes Service (Amazon EKS).

  https://aws.amazon.com/fargate/

• Question 186:

  Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

  A. Physical security of DynamoDB

  B. Patching of DynamoDB

  C. Access to DynamoDB tables

  D. Encryption of data at rest in DynamoDB

  Correct Answer: C

  DynamoDB : fully managed Data service , encrypts data by default Amazon RDS : encrypts data when user select it

• Question 187:

  Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

  A. Sustainability

  B. Performance efficiency

  C. Governance

  D. Reliability

  Correct Answer: C

  The 6 AWS CAF perspectives are: Business, People, Governance, Platform, Security and Operations. https://abhi0751.medium.com/aws-cloud-adoption-framework-aws-caf-a512b89dbcba

• Question 188:

  A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices. Which AWS service can the company use to meet these requirements?

  A. AWS Trusted Advisor

  B. Amazon Inspector

  C. AWS Config

  D. Amazon GuardDuty

  Correct Answer: B

  Amazon Inspector is a Vulnerability Management Service which helps you to scan, assess risk score, identify high impact findings with dashboards.

• Question 189:

  A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance

  benefit of sharing content locally.

  What is the MOST operationally efficient AWS solution for this scenario?

  A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.

  B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user's workstation to the file gateway.

  C. Move each user's working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.

  D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

  Correct Answer: B

  AWS Storage Gateway is a hybrid storage service

• Question 190:

  According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

  A. Hard code an IAM user's secret key and access key directly in the application, and upload the file.

  B. Store the IAM user's secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.

  C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

  D. Modify the S3 bucket policy so that any service can upload to it at any time.

  Correct Answer: C

  https://repost.aws/knowledge-center/ec2-instance-access-s3-bucket#