Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 441:

  A company created an Amazon EC2 instance. The company wants to control the incoming and outgoing network traffic at the instance level. Which AWS resource or service will meet this requirement?

  A. AWS Shield
  B. Security groups
  C. Network Access Analyzer
  D. VPC endpoints
  B. Security groups

  ---

  Explanation

• Question 442:

  A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the internet from accessing the EC2 instance. Which AWS managed service allows this?

  A. VPC endpoint
  B. NAT gateway
  C. Amazon PrivateLink
  D. VPC peering
  B. NAT gateway

  ---

  Explanation

• Question 443:

  A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve supporting processes.

  Which pillar of the AWS Well-Architected Framework does this scenario represent?

  A. Security
  B. Performance efficiency
  C. Cost optimization
  D. Operational excellence
  D. Operational excellence

  ---

  Explanation

  The scenario represents the operational excellence pillar of the AWS Well- Architected Framework, which focuses on running and monitoring systems to deliver business value and continually improve supporting processes and procedures. Security, performance efficiency, cost optimization, and reliability are the other four pillars of the framework.

• Question 444:

  A company is moving to the AWS Cloud to reduce operational overhead for its application infrastructure.

  Which IT operation will the company still be responsible for after the migration to AWS?

  A. Security patching of AWS Elastic Beanstalk
  B. Backups of data that is stored in Amazon Aurora
  C. Termination of Amazon EC2 instances that are managed by AWS Auto Scaling
  D. Configuration of IAM access controls
  D. Configuration of IAM access controls

  ---

  Explanation

  AWS Elastic Beanstalk, Amazon Aurora, and AWS Auto Scaling are managed services that reduce the operational overhead for the customers. AWS is responsible for security patching, backups, and termination of these services. However, the customers are still responsible for configuring IAM access controls to manage the permissions and policies for their AWS resources. This is part of the AWS shared responsibility model, which defines the security and compliance responsibilities of AWS and the customers. You can learn more about the AWS shared responsibility model from this whitepaper or this digital course.

• Question 445:

  A company needs to run an application on Amazon EC2 instances. The instances cannot be interrupted at any time. The company needs an instance purch asing option that requires no long-term commitment or upfront payment. Which instance purchasing option will meet these requirements MOST cost-effectively?

  A. On-Demand Instances
  B. Spot Instances
  C. Dedicated Hosts
  D. Reserved Instances
  A. On-Demand Instances

  ---

  Explanation

• Question 446:

  A company has an application that uses AWS services. During scaling events, the company wants to keep application usage within AWS service quotas.

  Which AWS services or tools can report on the quotas so that the company can improve the reliability of the application? (Select TWO.)

  A. Service Quotas console
  B. AWS Trusted Advisor
  C. AWS Systems Manager
  D. AWS Shield
  E. AWS Cost Explorer
  A. Service Quotas console
  B. AWS Trusted Advisor

  ---

  Explanation

  The correct answers are A and B because Service Quotas console and AWS Trusted Advisor are AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. Service Quotas console is an AWS tool that enables users to view and manage their quotas for AWS services from a central location. Users can use Service Quotas console to request quota increases, track quota usage, and set up alarms for approaching quota limits. AWS Trusted Advisor is an AWS service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. One of the categories of checks that AWS Trusted Advisor performs is service limits, which monitors the usage of each AWS service and alerts users when they are close to reaching the default limit. The other options are incorrect because they are not AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. AWS Systems Manager is an AWS service that enables users to automate operational tasks, manage configuration and compliance, and monitor system health and performance. AWS Shield is an AWS service that protects users from distributed denial of service (DDoS) attacks. AWS Cost Explorer is an AWS tool that enables users to visualize, understand, and manage their AWS costs and usage.

  Service Quotas, AWS Trusted Advisor FAQs

• Question 447:

  Which AWS Cloud Adoption Framework (AWS CAF) perspective focuses on real-time insights and answers questions about strategy?

  A. Operations
  B. People
  C. Business
  D. Platform
  C. Business

  ---

  Explanation

  The Business Perspective of the AWS Cloud Adoption Framework (AWS CAF) focuses on ensuring that cloud investments align with business strategies and that the organization achieves business value from cloud adoption. It provides real-

  time insights into the organization's strategic goals, financial objectives, and metrics. This perspective helps answer questions about strategy, ensuring that cloud adoption aligns with the organization's long-term business goals.

  Why Other Options Are Not Suitable:

  Operations: Focuses on operating cloud environments effectively.

  People: Focuses on human resources and organizational structure.

  Platform: Focuses on infrastructure and architecture.

• Question 448:

  Which AWS service or feature can the company use to limit the access to AWS services for member accounts?

  A. AWS Identity and Access Management (IAM)
  B. Service control policies (SCPs)
  C. Organizational units (OUs)
  D. Access control lists (ACLs)
  B. Service control policies (SCPs)

  ---

  Explanation

  Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization's access control guidelines2. SCPs are available only in an organization that has all features enabled2.

• Question 449:

  Which AWS service can help a company detect an outage of its website servers and redirect users to alternate servers?

  A. Amazon CloudFront
  B. Amazon GuardDuty
  C. Amazon Route 53
  D. AWS Trusted Advisor
  C. Amazon Route 53

  ---

  Explanation

  Amazon Route 53 with DNS Failover, Amazon Route 53 can help detect an outage of your website and redirect your end users to alternate locations where your application is operating properly.

• Question 450:

  Which best practice for cost governance does this example show?

  A. Resource controls
  B. Cost allocation
  C. Architecture optimization
  D. Tagging enforcement
  C. Architecture optimization

  ---

  Explanation

  Architecture optimization is the best practice for cost governance that this example shows. Architecture optimization is the process of designing and implementing AWS solutions that are efficient, scalable, and cost-effective. By using specific AWS services to improve efficiency and reduce cost, the company is following the architecture optimization best practice. Some of the techniques for architecture optimization include using the right size and type of resources, leveraging elasticity and scalability, choosing the most suitable storage class, and using serverless and managed services2.