Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 471:

  A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.

  Which AWS services will meet these requirements? (Choose two.)

  A. Amazon Athena
  B. Amazon RDS
  C. Amazon EC2
  D. Amazon DynamoDB
  E. Amazon Aurora
  B. Amazon RDS
  E. Amazon Aurora

  ---

  Explanation

  Amazon RDS and Amazon Aurora are both managed AWS services that support the PostgreSQL database engine. Amazon RDS makes it easier to set up, operate, and scale PostgreSQL deployments on the cloud, while Amazon Aurora is a cloud-native database engine that is compatible with PostgreSQL and offers higher performance and availability. Amazon Athena is a serverless query service that does not support PostgreSQL, but can analyze data in Amazon S3 using standard SQL. Amazon EC2 is a compute service that allows users to launch virtual machines, but does not provide any database management features. Amazon DynamoDB is a NoSQL database service that is not compatible with PostgreSQL, but offers fast and consistent performance at any scale.

• Question 472:

  A company needs an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities.

  Which AWS service will meet these requirements?

  A. Amazon GuardDuty
  B. Amazon Inspector
  C. AWS Security Hub
  D. AWS Shield
  B. Amazon Inspector

  ---

  Explanation

  Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. Amazon Inspector automatically discovers workloads, such as

  Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure12. Amazon GuardDuty is a threat detection service that monitors your AWS accounts and workloads

  for malicious or unauthorized activity. Amazon GuardDuty does not scan for software vulnerabilities, but rather analyzes AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs to detect threats such as compromised credentials, backdoors,

  or crypto mining.

  AWS Security Hub is a security and compliance service that aggregates and prioritizes security findings from multiple AWS services and partner solutions. AWS Security Hub does not scan for software vulnerabilities, but rather provides a

  comprehensive view of your security posture across your AWS accounts.

  AWS Shield is a managed service that protects your web applications and network resources from distributed denial-of-service (DDoS) attacks. AWS Shield does not scan for software vulnerabilities, but rather provides detection and

  mitigation of DDoS attacks at the network and application layers.

• Question 473:

  A company wants to run a NoSQL database on Amazon EC2 instances.

  Which task is the responsibility of AWS in this scenario?

  A. Update the guest operating system of the EC2 instances.
  B. Maintain high availability at the database layer.
  C. Patch the physical infrastructure that hosts the EC2 instances.
  D. Configure the security group firewall.
  C. Patch the physical infrastructure that hosts the EC2 instances.

  ---

  Explanation

  When you run a NoSQL database on Amazon EC2 instances, you are responsible for managing the database layer and the guest operating system of the instances. This means that you need to perform tasks such as updating the operating system, maintaining high availability, and configuring the security group firewall. AWS is responsible for managing the physical infrastructure that hosts the EC2 instances. This means that AWS ensures that the hardware and firmware of the servers, routers, switches, and other devices are updated and secure. AWS also handles the power, cooling, networking, and security of the data centers.

• Question 474:

  Which of the following is an advantage of AWS Cloud computing?

  A. Trade security for elasticity.
  B. Trade operational excellence for agility.
  C. Trade fixed expenses for variable expenses.
  D. Trade elasticity for performance.
  C. Trade fixed expenses for variable expenses.

  ---

  Explanation

  The correct answer is C because AWS Cloud computing allows customers to trade fixed expenses for variable expenses. This means that customers only pay for the resources they use, and can scale up or down as needed. The other

  options are incorrect because they are not advantages of AWS Cloud computing. Trade security for elasticity means that customers have to compromise on the protection of their data and applications in order to adjust their capacity quickly.

  Trade operational excellence for agility means that customers have to sacrifice the quality and reliability of their operations in order to respond to changing needs faster. Trade elasticity for performance means that customers have to limit their

  ability to scale up or down in order to achieve higher speed and efficiency.

  What is Cloud Computing?

• Question 475:

  Which AWS service or feature provides information for governance, compliance monitoring, and risk auditing of AWS accounts?

  A. AWS CloudTrail
  B. VPC Flow Logs
  C. Amazon CloudWatch
  D. AWS Trusted Advisor
  A. AWS CloudTrail

• Question 476:

  Which AWS service or tool provides a visualization of historical AWS spending patterns and projections of future AWS costs?

  A. AWS Cost and Usage Report
  B. AWS Budgets
  C. Cost Explorer
  D. Amazon CloudWatch
  C. Cost Explorer

  ---

  Explanation

  AWS Cost Explorer provides a visualization of historical AWS spending patterns and allows users to project future costs based on past usage. It offers advanced filtering and grouping features, enabling users to analyze costs and usage at a

  granular level.

  AWS Cost and Usage Report: Provides detailed AWS cost and usage data but does not offer visualization or future cost projections.

  AWS Budgets: Used for setting custom cost and usage budgets and receiving alerts.

  Amazon CloudWatch: Used for monitoring AWS resources and applications, not for cost management.

• Question 477:

  A company is designing an identity access management solution for an application. The company wants users to be able to use their social media, email, or online shopping accounts to access the application.

  Which AWS service provides this functionality?

  A. AWS IAM Identity Center (AWS Single Sign-On)
  B. AWS Config
  C. Amazon Cognito
  D. AWS Identity and Access Management (IAM)
  C. Amazon Cognito

  ---

  Explanation

  The correct answer is C because Amazon Cognito provides identity federation and user authentication for web and mobile applications. Amazon Cognito allows users to sign in with their social media, email, or online shopping accounts. The other options are incorrect because they do not provide identity federation or user authentication. AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to access multiple AWS accounts and applications with a single sign-on experience. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of their AWS resources. AWS Identity and Access Management (IAM) is a service that enables users to manage access to AWS resources using users, groups, roles, and policies.

  Amazon Cognito FAQs

• Question 478:

  Which combination of steps will enable multi-factor authentication (MFA) on an AWS account? (Select TWO.)

  A. Contact AWS Support to initiate MFA activation.
  B. Activate AWS Shield on an MFA-compatible device.
  C. Acquire an MFA-compatible device.
  D. Activate the MFA device by using Amazon GuardDuty.
  E. Activate the MFA device in the IAM console or by using the AWS CLI.
  C. Acquire an MFA-compatible device.
  E. Activate the MFA device in the IAM console or by using the AWS CLI.

  ---

  Explanation

  To enable MFA, you need to acquire a compatible device and activate it through the IAM console or AWS CLI.

• Question 479:

  An Amazon EC2 instance previously used for development is inaccessible and no longer appears in the AWS Management Console. Which AWS service should be used to determine what action made this EC2 instance inaccessible?

  A. Amazon CloudWatch Logs
  B. AWS Security Hub
  C. Amazon Inspector
  D. AWS CloudTraiI
  D. AWS CloudTraiI

  ---

  Explanation

• Question 480:

  A company has an AWS Business Support plan. The company needs to gain access to the AWS DDoS Response Team (DRT) to help mitigate DDoS events. Which AWS service or resource must the company use to meet these requirements?

  A. AWS Shield Standard
  B. AWS Enterprise Support
  C. AWS WAF
  D. AWS Shield Advanced
  D. AWS Shield Advanced

  ---

  Explanation

  AWS Shield Advanced provides enhanced protection against DDoS attacks and includes access to the AWS DDoS Response Team (DRT) to help mitigate complex DDoS events. AWS Shield Standard offers basic DDoS protection, which is included with AWS services, but does not provide access to the DRT. AWS WAF is a web application firewall, and AWS Enterprise Support is a premium support plan but does not specifically provide DDoS mitigation services or access to the DRT.