Amazon Amazon Certifications CLF-C02 Questions & Answers

• Question 501:

  What are the characteristics of Availability Zones? (Select TWO.)

  A. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low- latency networking

  B. Availability Zones are physically separated by a minimum of distance of 150 km (100 miles).

  C. All traffic between Availability Zones is encrypted.

  D. Availability Zones within an AWS Region share redundant power, networking, and connectivity.

  E. Every Availability Zone contains a single data center.

  Correct Answer: AD

  Availability Zones are physically separate locations within an AWS Region that are engineered to be isolated from failures. Each Availability Zone has independent power, cooling, and physical security, and is connected to other Availability Zones in the same Region by a low-latency network. Therefore, the correct answers are A and D. You can learn more about Availability Zones and their characteristics from this page.

• Question 502:

  A company is using a third-party service to back up 10 TB of data to a tape library. The on- premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing backup workflows.

  Which AWS service should the company use to meet these requirements?

  A. Amazon Elastic Block Store (Amazon EBS)

  B. AWS Storage Gateway

  C. Amazon Elastic Container Service (Amazon ECS)

  D. AWS Lambda

  Correct Answer: B

  The correct answer is B because AWS Storage Gateway is a service that should be used by the company to meet the requirements. AWS Storage Gateway is a service that connects on-premises software applications with cloud-based storage. AWS Storage Gateway supports three types of gateways: file gateway, volume gateway, and tape gateway. The tape gateway type enables users to back up and archive data to virtual tapes in AWS without changing their existing backup workflows. Users can use their existing backup applications and tape libraries to store data on virtual tapes in Amazon S3 or Amazon S3 Glacier. The other options are incorrect because they are not services that should be used by the company to meet the requirements. Amazon Elastic Block Store (Amazon EBS) is a service that provides block-level storage volumes for Amazon EC2 instances. Amazon Elastic Container Service (Amazon ECS) is a service that enables users to run, scale, and secure containerized applications on AWS. AWS Lambda is a service that enables users to run code without provisioning or managing servers. Reference: AWS Storage Gateway FAQs

• Question 503:

  Which of the following are advantages of the AWS Cloud? (Select TWO.)

  A. Trade variable expenses for capital expenses

  B. High economies of scale

  C. Launch globally in minutes

  D. Focus on managing hardware infrastructure

  E. Overprovision to ensure capacity

  Correct Answer: BC

  The correct answers are B and C because they are advantages of the AWS Cloud. High economies of scale means that AWS can achieve lower variable costs than customers can get on their own. Launch globally in minutes means that AWS has a global infrastructure that allows customers to deploy their applications and data across multiple regions and availability zones. The other options are incorrect because they are not advantages of the AWS Cloud. Trade variable expenses for capital expenses means that customers have to invest heavily in data centers and servers before they know how they will use them. Focus on managing hardware infrastructure means that customers have to spend time and money on maintaining and upgrading their physical resources. Overprovision to ensure capacity means that customers have to pay for more resources than they actually need to avoid performance issues. Reference: What is Cloud Computing?

• Question 504:

  Which AWS service will help protect applications running on AWS from DDoS attacks?

  A. Amazon GuardDuty

  B. AWS WAF

  C. AWS Shield

  D. Amazon Inspector

  Correct Answer: C

  AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection3.

• Question 505:

  Which task requires the use of AWS account root user credentials?

  A. The deletion of IAM users

  B. The change to a different AWS Support plan

  C. The creation of an organization in AWS Organizations

  D. The deletion of Amazon EC2 instances

  Correct Answer: C

  The creation of an organization in AWS Organizations requires the use of AWS account root user credentials. The AWS account root user is the email address that was used to create the AWS account. The root user has complete access to all AWS services and resources in the account, and can perform sensitive tasks such as changing the account settings, closing the account, or creating an organization. The root user credentials should be used sparingly and securely, and only for tasks that cannot be performed by IAM users or roles4

• Question 506:

  A company wants to migrate its on-premises data warehouse to AWS. The information in the data warehouse is used to populate analytics dashboards.

  Which AWS service should the company use for the data warehouse?

  A. Amazon ElastiCache

  B. Amazon Aurora

  C. Amazon RDS

  D. Amazon Redshift

  Correct Answer: D

  The AWS service that the company should use for the data warehouse is Amazon Redshift. Amazon Redshift is a fully managed, petabyte-scale data warehouse service that is optimized for analytical queries. It can integrate with various data sources and business intelligence tools to provide fast and cost-effective insights. Amazon Redshift also offers high availability, scalability, security, and compliance features. [Amazon Redshift Overview]

• Question 507:

  Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?

  A. AWS Pricing Calculator

  B. AWS Compute Optimizer

  C. AWS App Runner

  D. AWS Systems Manager

  Correct Answer: B

  AWS Compute Optimizer is the AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data. AWS Compute Optimizer analyzes the configuration and performance characteristics of the EC2 instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized resources

• Question 508:

  Which pillar of the AWS Well-Architected Framework focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures?

  A. Cost optimization

  B. Reliability

  C. Operational excellence

  D. Performance efficiency

  Correct Answer: C

  The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating systems in the cloud. The framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. The operational excellence pillar focuses on the ability to run workloads effectively, gain insight into operations, and continuously improve supporting processes and procedures. Therefore, the correct answer is C. You can learn more about the AWS Well-Architected Framework and its pillars from this page.

• Question 509:

  A company's information security manager is supervising a move to AWS and wants to ensure that AWS best practices are followed. The manager has concerns about the potential misuse of AWS account root user credentials.

  Which of the following is an AWS best practice for using the AWS account root user credentials?

  A. Allow only the manager to use the account root user credentials for normal activities.

  B. Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.

  C. Use the account root user credentials only when they alone must be used to perform a required function.

  D. Use the account root user credentials only for the creation of private VPC subnets.

  Correct Answer: C

  The AWS best practice for using the AWS account root user credentials is to use them only when they alone must be used to perform a required function. The AWS account root user credentials have full access to all the resources in the account, and therefore pose a security risk if compromised or misused. You should create individual IAM users with the minimum necessary permissions for everyday tasks, and use AWS Organizations to manage multiple accounts. You should also enable multi-factor authentication (MFA) and rotate the password for the root user regularly. Some of the functions that require the root user credentials are changing the account name, closing the account, changing the support plan, and restoring an IAM user's access.

• Question 510:

  A cloud engineer wants to know the percentage of the allocated compute units that are in use for a specific Amazon EC2 instance.

  Which AWS service can provide this information?

  A. AWS CloudTrail

  B. AWS Config

  C. Amazon CloudWatch

  D. AWS Artifact

  Correct Answer: C

  Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers