Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 391:

  A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned. Which AWS service or feature can be used to estimate costs before deployment?

  A. AWS Free Tier
  B. AWS Pricing Calculator
  C. AWS Billing and Cost Management
  D. AWS Cost and Usage Report
  B. AWS Pricing Calculator

  ---

  Explanation

  AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for your AWS use cases. You can use it to model your solutions before building them, explore the AWS service price points, and review the calculations behind your estimates. https://docs.aws.amazon.com/pricing-calculator/latest/userguide/what-is-pricing-calculator.html

• Question 392:

  A company plans to migrate to the AWS Cloud. The company is gathering information about its on-premises infrastructure and requires information such as the hostname, IP address, and MAC address.

  Which AWS service will meet these requirements?

  A. AWS DataSync
  B. AWS Application Migration Service
  C. AWS Application Discovery Service
  D. AWS Database Migration Service (AWS DMS)
  C. AWS Application Discovery Service

  ---

  Explanation

  AWS Application Discovery Service is a service that helps you plan your migration to the AWS Cloud by collecting usage and configuration data about your on- premises servers and databases. This data includes information such as the hostname, IP address, and MAC address of each server, as well as the performance metrics, network connections, and processes running on them. You can use AWS Application Discovery Service to discover your on-premises inventory, map the dependencies between servers and applications, and estimate the cost and effort of migrating to AWS. You can also export the data to other AWS services, such as AWS Migration Hub and AWS Database Migration Service, to support your migration tasks. AWS Application Discovery Service offers two ways of performing discovery: agentless discovery and agent-based discovery. Agentless discovery uses a virtual appliance that you deploy on your VMware vCenter to collect data from your virtual machines and hosts. Agent-based discovery uses an agent that you install on each of your physical or virtual servers to collect data. You can choose the method that best suits your environment and needs. AWS DataSync is a service that helps you transfer data between your on-premises storage and AWS storage services, such as Amazon S3, Amazon EFS, and Amazon FSx for Windows File Server. AWS DataSync does not collect information about your on-premises infrastructure, but rather focuses on optimizing the data transfer speed, security, and reliability. AWS Application Migration Service is a service that helps you migrate your applications from your on-premises or cloud environment to AWS without making any changes to the applications, their architecture, or the migrated servers. AWS Application Migration Service does not collect information about your on- premises infrastructure, but rather uses a lightweight agent to replicate your servers as Amazon Machine Images (AMIs) and launch them as EC2 instances on AWS. AWS Database Migration Service is a service that helps you migrate your databases from your on-premises or cloud environment to AWS, either as a one-time migration or as a continuous replication. AWS Database Migration Service does not collect information about your on-premises infrastructure, but rather uses a source and a target endpoint to connect to your databases and transfer the data.

  References: AWS Application Discovery Service, AWS DataSync, AWS Application Migration Service, [AWS Database Migration Service]

• Question 393:

  Which options are common stakeholders for the AWS Cloud Adoption Framework (AWS CAF) platform perspective? (Select TWO.)

  A. Chief financial officers (CFOs)
  B. IT architects
  C. Chief information officers (CIOs)
  D. Chief data officers (CDOs)
  E. Engineers
  B. IT architects
  E. Engineers

  ---

  Explanation

  The common stakeholders for the AWS Cloud Adoption Framework (AWS CAF) platform perspective are IT architects and engineers. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The platform perspective focuses on the provisioning and management of the cloud infrastructure and services that support the business applications. The platform perspective capabilities are design, implementation, and optimization. The stakeholders for the platform perspective are the IT architects and engineers who are responsible for designing, implementing, and optimizing the cloud platform. Chief financial officers (CFOs), chief information officers (CIOs), and chief data officers (CDOs) are not the common stakeholders for the AWS CAF platform perspective. CFOs are the common stakeholders for the AWS CAF business perspective, which focuses on the value realization of the cloud adoption. CIOs are the common stakeholders for the AWS CAF governance perspective, which focuses on the alignment of the IT strategy and processes with the business strategy and goals. CDOs are the

  common stakeholders for the AWS CAF security perspective, which focuses on the protection of the information assets and systems in the cloud.

• Question 394:

  Which task is the responsibility of a company that is using Amazon RDS?

  A. Provision the underlying infrastructure.
  B. Create IAM policies to control administrative access to the service.
  C. Install the cables to connect the hardware for compute and storage.
  D. Install and patch the RDS operating system.
  B. Create IAM policies to control administrative access to the service.

  ---

  Explanation

  The correct answer is B because AWS IAM policies can be used to control administrative access to the Amazon RDS service. The other options are incorrect because they are the responsibilities of AWS, not the company that is using Amazon RDS. AWS manages the provisioning, cabling, installation, and patching of the underlying infrastructure for Amazon RDS.

  Amazon RDS FAQs

• Question 395:

  Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?

  A. Security group
  B. AWS WAF
  C. AWS Firewall Manager
  D. Network ACL
  D. Network ACL

  ---

  Explanation

  A network ACL (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You can create a network ACL and associate it with a subnet to apply rules that allow or deny traffic to or from the subnet. Network ACLs are stateless, meaning that they evaluate the source and destination IP addresses for both inbound and outbound traffic. You can also use network ACLs to block IP address ranges that are known to be malicious12. The other options are not AWS services or tools that can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet. Security groups are another layer of security for your VPC that act as a firewall for your EC2 instances. Security groups are stateful, meaning that they automatically allow return traffic for allowed inbound traffic. Security groups can only filter traffic based on protocols, ports, and source or destination IP addresses, not on IP ranges. AWS WAF is a web application firewall that helps protect your web applications from common web exploits. AWS WAF can filter web requests based on rules that you define, such as IP addresses, HTTP headers, HTTP body, or URI strings. AWS WAF does not apply to non-web traffic or to traffic within a VPC4. AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources in AWS Organizations. You can use Firewall Manager to apply AWS WAF rules, AWS Network Firewall policies, and Amazon VPC security groups across your AWS accounts. AWS Firewall Manager does not provide a firewall service itself, but rather helps you manage other firewall services

• Question 396:

  A user wants to identify any security group that is allowing unrestricted incoming SSH traffic.

  Which AWS service can be used to accomplish this goal?

  A. Amazon Cognito
  B. AWS Shield
  C. Amazon Macie
  D. AWS Trusted Advisor
  D. AWS Trusted Advisor

  ---

  Explanation

  The correct answer to the question is D because AWS Trusted Advisor is an AWS service that can be used to accomplish the goal of identifying any security group that is allowing unrestricted incoming SSH traffic. AWS Trusted Advisor is a service that provides customers with recommendations that help them follow AWS best practices. Trusted Advisor evaluates the customer's AWS environment and identifies ways to optimize their AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. One of the checks that Trusted Advisor performs is the Security Groups - Specific Ports Unrestricted check, which flags security groups that allow unrestricted access to specific ports, such as port 22 for SSH. Customers can use this check to review and modify their security group rules to restrict SSH access to only authorized sources.

  Security Groups - Specific Ports Unrestricted

• Question 397:

  Which AWS service or feature supports governance, compliance, and risk auditing of AWS accounts?

  A. Multi-factor authentication (MFA)
  B. AWS Lambda
  C. Amazon Simple Notification Service (Amazon SNS)
  D. AWS CloudTrail
  D. AWS CloudTrail

  ---

  Explanation

• Question 398:

  Which AWS service or tool helps to centrally manage billing and allow controlled access to resources across AWS accounts?

  A. AWS Identity and Access Management (IAM)
  B. AWS Organizations
  C. AWS Cost Explorer
  D. AWS Budgets
  B. AWS Organizations

  ---

  Explanation

  AWS Organizations helps to centrally manage billing and allow controlled access to resources across AWS accounts. AWS Organizations is a service that enables the user to consolidate multiple AWS accounts into an organization that can be managed as a single unit. AWS Organizations allows the user to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access in the accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization into a single bill.

• Question 399:

  A company wants to deploy and manage a Docker-based application on AWS.

  Which solution meets these requirements with the LEAST amount of operational overhead?

  A. An open-source Docker orchestrator on Amazon EC2 instances
  B. AWS AppSync
  C. Amazon Elastic Container Registry (Amazon ECR)
  D. Amazon Elastic Container Service (Amazon ECS)
  D. Amazon Elastic Container Service (Amazon ECS)

  ---

  Explanation

  Amazon Elastic Container Service (Amazon ECS) is a solution that meets the requirements of deploying and managing a Docker-based application on AWS with the least amount of operational overhead. Amazon ECS is a fully managed container orchestration service that makes it easy to run, scale, and secure Docker container applications on AWS. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. With simple API calls, you can launch and stop container-enabled applications, query the complete state of your cluster, and access many familiar features like security groups, Elastic Load Balancing, EBS volumes, and IAM roles3.

• Question 400:

  A company with AWS Enterprise Support needs help understanding its monthly AWS bill and wants to implement billing best practices. Which AWS tool or resource is available to accomplish these goals?

  A. Resource tagging
  B. AWS Concierge Support team
  C. AWS Abuse team
  D. AWS Support
  B. AWS Concierge Support team

  ---

  Explanation