Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 241:

  Which AWS features will meet these requirements? (Select TWO.)

  A. Security groups
  B. Network ACLs
  C. S3 bucket policies
  D. IAM user policies
  E. S3 bucket versioning
  C. S3 bucket policies
  D. IAM user policies

  ---

  Explanation

  The correct answers are C and D because S3 bucket policies and IAM user policies are AWS features that will meet the requirements. S3 bucket policies are access policies that can be attached to Amazon S3 buckets to grant or deny permissions to the bucket and the objects it contains. S3 bucket policies can be used to control who has permission to read, write, or delete objects that the company stores in the S3 bucket. IAM user policies are access policies that can be attached to IAM users to grant or deny permissions to AWS resources and actions. IAM user policies can be used to control who has permission to read, write, or delete objects that the company stores in the S3 bucket. The other options are incorrect because they are not AWS features that will meet the requirements. Security groups and network ACLs are AWS features that act as firewalls to control inbound and outbound traffic to and from Amazon EC2 instances and subnets. Security groups and network ACLs do not control who has permission to read, write, or delete objects that the company stores in the S3 bucket. S3 bucket versioning is an AWS feature that enables users to keep multiple versions of the same object in the same bucket. S3 bucket versioning can be used to recover from accidental overwrites or deletions of objects, but it does not control who has permission to read, write, or delete objects that the company stores in the S3 bucket.

  Using Bucket Policies and User Policies, Security Groups for Your VPC, Network ACLs, [Using Versioning]

• Question 242:

  Which AWS service allows for file sharing between multiple Amazon EC2 instances?

  A. AWS Direct Connect
  B. AWS Snowball Edge
  C. AWS Backup
  D. Amazon Elastic File System (Amazon EFS)
  D. Amazon Elastic File System (Amazon EFS)

  ---

  Explanation

  Amazon EFS provides shared file storage for use with compute instances in the AWS Cloud and on-premises servers. Applications that require shared file access can use Amazon EFS for reliable file storage delivering high aggregate throughput to thousands of clients simultaneously.

• Question 243:

  Which maintenance task is the customer's responsibility, according to the AWS shared responsibility model?

  A. Physical connectivity among Availability Zones
  B. Network switch maintenance
  C. Hardware updates and firmware patches
  D. Amazon EC2 updates and security patches
  D. Amazon EC2 updates and security patches

  ---

  Explanation

  According to the AWS shared responsibility model, customers are responsible for managing their data, applications, operating systems, security groups, and other aspects of their AWS environment. This includes installing updates and security patches of the guest operating system and any application software or utilities installed by the customer on the instances. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud, such as data centers, hardware, software, networking, and facilities. This includes the physical connectivity among Availability Zones, the network switch maintenance, and the hardware updates and firmware patches. Therefore, option D is the correct answer, and options A, B, and C are AWS responsibilities, not customer responsibilities.

  References: : AWS Well-Architected Framework - Elasticity; : Reactive Systems on AWS - Elastic

• Question 244:

  An ecommerce company plans to move its data center workload to the AWS Cloud to support highly dynamic usage patterns.

  Which benefits make the AWS Cloud cost-effective for the migration of this type of workload? (Choose two.)

  A. Reliability
  B. Security
  C. Elasticity
  D. Pay-as-you-go resource
  E. High availability
  C. Elasticity
  D. Pay-as-you-go resource

  ---

  Explanation

  The AWS Cloud is cost-effective for dynamic workloads because of its elasticity, allowing resources to scale up or down based on demand, and its pay-as-you-go pricing, which enables companies to pay only for what they use. Reliability, security, and high availability are also benefits of AWS, but they do not specifically relate to cost- effectiveness in the context of dynamic workloads.

• Question 245:

  Which of the following are customer responsibilities under the AWS shared responsibility model? (Select TWO.)

  A. Physical security of AWS facilities
  B. Configuration of security groups
  C. Encryption of customer data on AWS
  D. Management of AWS Lambda infrastructure
  E. Management of network throughput of each AWS Region
  B. Configuration of security groups
  C. Encryption of customer data on AWS

  ---

  Explanation

  The AWS shared responsibility model describes how AWS and the customer share responsibility for security and compliance of the AWS environment. AWS is responsible for the security of the cloud, which includes the physical security of AWS facilities, the infrastructure, hardware, software, and networking that run AWS services. The customer is responsible for security in the cloud, which includes the configuration of security groups, the encryption of customer data on AWS, the management of AWS Lambda infrastructure, and the management of network throughput of each AWS Region.

• Question 246:

  Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable?

  A. On-Demand Instances
  B. Standard Reserved Instances
  C. Spot Instances
  D. Convertible Reserved Instances
  C. Spot Instances

  ---

  Explanation

  Spot Instances are a type of EC2 instance that let you bid on unused compute capacity, which AWS offers at a discount of up to 90% compared to On-Demand prices. Spot Instances are suitable for fault-tolerant, stateless, or flexible applications that can handle interruptions. Spot Instances can be interrupted with a two-minute warning when EC2 needs the capacity back3. The other options are not pricing models that will interrupt a running EC2 instance if capacity becomes temporarily unavailable

• Question 247:

  A company is designing a web application that will run on Amazon EC2 instances.

  Which AWS services and features will improve availability and reduce the impact of failures for this application? (Select TWO.)

  A. Amazon EC2 Auto Scaling for the EC2 instances
  B. VPC subnet ACLs to check the health of a service
  C. Resources that are distributed across multiple Availability Zones
  D. Configuration of AWS Server Migration Service (AWS SMS) to move the EC2 instances to a different AWS Region
  E. Resources that are distributed across multiple AWS points of presence
  A. Amazon EC2 Auto Scaling for the EC2 instances
  C. Resources that are distributed across multiple Availability Zones

  ---

  Explanation

  The correct answers are A and C because Amazon EC2 Auto Scaling and resources that are distributed across multiple Availability Zones are AWS services and features that will improve availability and reduce the impact of failures for the web application. Amazon EC2 Auto Scaling is a service that enables users to automatically adjust the number of Amazon EC2 instances in response to changes in demand or performance. Amazon EC2 Auto Scaling helps users to maintain optimal availability and performance of their applications by adding or removing instances as needed. Resources that are distributed across multiple Availability Zones are AWS features that enable users to increase the fault tolerance and resilience of their applications. Availability Zones are isolated locations within an AWS Region that have independent power, cooling, and networking. Users can launch their resources, such as Amazon EC2 instances, in multiple Availability Zones to protect their applications from the failure of a single location. The other options are incorrect because they are not AWS services and features that will improve availability and reduce the impact of failures for the web application. VPC subnet ACLs are AWS features that enable users to control the inbound and outbound traffic to and from their subnets within a VPC. VPC subnet ACLs do not check the health of a service, but rather filter the network traffic based on rules. Configuration of AWS Server Migration Service (AWS SMS) is an AWS service that enables users to migrate their on-premises servers to AWS. Configuration of AWS SMS does not help to move the Amazon EC2 instances to a different AWS Region, but rather to migrate the servers from the source environment to AWS. Resources that are distributed across multiple AWS points of presence are AWS features that enable users to deliver content to their end users with low latency and high performance. AWS points of presence are edge locations that are part of the AWS Global Infrastructure. Users can use services such as Amazon CloudFront and AWS Global Accelerator to distribute their content across multiple AWS points of presence.

  Amazon EC2 Auto Scaling, [Regions, Availability Zones, and Local Zones]

• Question 248:

  Which of the following is a benefit of using an AWS managed service?

  A. Reduced operational overhead for a company's IT staff
  B. Increased fixed costs that can be predicted by a finance team
  C. Removal of the need to have a backup strategy
  D. Removal of the need to follow compliance standards
  A. Reduced operational overhead for a company's IT staff

  ---

  Explanation

  This is a benefit of using an AWS managed service, such as Amazon S3, Amazon DynamoDB, or AWS Lambda. AWS managed services are fully managed by AWS, which means that AWS handles the provisioning, scaling, patching, backup, and recovery of the underlying infrastructure and software. This reduces the operational overhead for the company's IT staff, who can focus on their core business logic and innovation. You can learn more about the AWS managed services from this webpage or this digital course.

• Question 249:

  A company with an AWS Enterprise Support plan needs to protect its applications from distributed denial-of-service (DDoS) attacks. The company requires 24/7 access to the AWS DDoS Response Team (DRT).

  Which AWS service meets these requirements?

  A. AWS Shield Standard
  B. AWS Shield Advanced
  C. AWS Firewall Manager
  D. AWS WAF
  B. AWS Shield Advanced

• Question 250:

  A company needs to store code in a version control system. The company also needs to continually deploy updated code through a series of automated steps (build test package and deploy). Which combination of AWS services will meet these requirements? (Select TWO.)

  A. AWS CloudFormation
  B. AWS CodeCommit
  C. AWS Control Tower
  D. AWS Elastic Beanstalk
  E. AWS CodePipeline
  B. AWS CodeCommit
  E. AWS CodePipeline

  ---

  Explanation