Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 591:

  A company uses a third-party identity provider (IdP). The company wants to provide its employees with access to AWS accounts and services without requiring another set of login credentials. Which AWS service will meet this requirement?

  A. AWS Directory Service
  B. Amazon Cognito
  C. AWS IAM Identity Center
  D. AWS Resource Access Manager (AWS RAM)
  C. AWS IAM Identity Center

  ---

  Explanation

  AWS IAM Identity Center allows integration with third-party identity providers using SAML 2.0. This enables users to sign in to AWS using their existing corporate credentials without needing to create separate AWS IAM users or manage additional passwords. It provides centralized access control and single sign-on (SSO) across multiple AWS accounts and applications.

• Question 592:

  A company wants to block SQL injection attacks.

  Which AWS service or feature should the company use to meet this requirement?

  A. AWS WAF
  B. Network ACLs
  C. Security groups
  D. AWS Certificate Manager (ACM)
  A. AWS WAF

  ---

  Explanation

  "AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define. These conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting."

  References: https://aws.amazon.com/waf/faqs/

• Question 593:

  A company wants to automatically set up and govern a multi-account AWS environment.

  Which AWS service provides this functionality?

  A. AWS IAM Identity Center (AWS Single Sign-On)
  B. AWS Systems Manager
  C. AWS Config
  D. AWS Control Tower
  D. AWS Control Tower

  ---

  Explanation

  AWS Control Tower is a service that provides an easy way to set up and govern a secure, multi-account AWS environment. It automates the creation of accounts, organizational units, policies, and best practices based on the AWS Well-Architected Framework. AWS IAM Identity Center (AWS Single Sign-On) is a service that enables users to centrally manage access to multiple AWS accounts and business applications using a single sign-on experience. AWS Systems Manager is a service that provides operational management for AWS resources and applications. AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources.

• Question 594:

  A company has batch workloads that need to run for short periods of time on Amazon EC2. The workloads can handle interruptions and can start again from where they ended.

  What is the MOST cost-effective EC2 instance purchasing option to meet these requirements?

  A. Reserved Instances
  B. Spot Instances
  C. Dedicated Instances
  D. On-Demand Instances
  B. Spot Instances

  ---

  Explanation

  Spot Instances are the most cost-effective EC2 instance purchasing option for batch workloads that can handle interruptions and can be restarted from where they left off. Spot Instances offer significant cost savings (up to 90%) over On-Demand Instances by using spare EC2 capacity. They are ideal for workloads that are fault-tolerant and flexible in terms of timing.

  A. Reserved Instances: Incorrect, as they require a long-term commitment and do not offer the flexibility needed for short-term, interruptible workloads.

  C. Dedicated Instances: Incorrect, as they are designed to run on hardware dedicated to a single customer, which is more expensive.

  D. On-Demand Instances: Incorrect, as they are more expensive than Spot Instances and are used for applications that require immediate or predictable capacity.

• Question 595:

  A company wants to accelerate migration from its data center to the AWS Cloud.

  Which combination of AWS services should the company use to meet this requirement? (Select TWO.)

  A. Amazon Connect
  B. AWS Direct Connect
  C. AWS Server Migration Service (AWS SMS)
  D. Amazon Route 53
  E. AWS Organizations
  B. AWS Direct Connect
  C. AWS Server Migration Service (AWS SMS)

  ---

  Explanation

• Question 596:

  Which mechanism allows developers to access AWS services from application code?

  A. AWS Software Development Kit
  B. AWS Management Console
  C. AWS CodePipeline
  D. AWS Config
  A. AWS Software Development Kit

  ---

  Explanation

  AWS Software Development Kit (SDK) is a set of platform-specific building tools for developers. It allows developers to access AWS services from application code using familiar programming languages. It provides pre-built components and libraries that can be incorporated into applications, as well as tools to debug, monitor, and optimize performance2.

  References: What is SDK? - SDK Explained - AWS

• Question 597:

  A company wants to access a report about the estimated environmental impact of the company's AWS usage.

  Which AWS service or feature should the company use to meet this requirement?

  A. AWS Organizations
  B. IAM policy
  C. AWS Billing console
  D. Amazon Simple Notification Service (Amazon SNS)
  C. AWS Billing console

  ---

  Explanation

  The company should use the AWS Billing console to access a report about the estimated environmental impact of the company's AWS usage. The AWS Billing console provides customers with various tools and reports to manage and monitor their AWS costs and usage. One of the reports available in the AWS Billing console is the AWS Sustainability Dashboard, which shows the estimated carbon footprint and energy mix of the customer's AWS usage. The company can use this dashboard to measure and improve the sustainability of their cloud workloads. AWS Organizations, IAM policy, and Amazon Simple Notification Service (Amazon SNS) are not services or features that can provide a report about the estimated environmental impact of the company's AWS usage. AWS Organizations is a service that enables customers to centrally manage and govern their AWS accounts. IAM policy is a document that defines the permissions for an IAM identity (user, group, or role) or an AWS resource. Amazon SNS is a fully managed pub/sub messaging service that enables customers to send messages to subscribers or other AWS services.

• Question 598:

  Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.)

  A. Observability
  B. Incident and problem management
  C. Incident response
  D. Infrastructure protection
  E. Availability and continuity
  C. Incident response
  D. Infrastructure protection

  ---

  Explanation

  The AWS Cloud Adoption Framework (AWS CAF) security perspective helps users achieve the confidentiality, integrity, and availability of their data and cloud workloads. It comprises nine capabilities that are grouped into three categories: preventive, detective, and responsive. Incident response and infrastructure protection are two of the capabilities in the responsive and preventive categories, respectively. Incident response helps users prepare for and respond to security incidents in a timely and effective manner, using tools and processes that leverage AWS features and services. Infrastructure protection helps users implement security controls and mechanisms to protect their cloud resources, such as network, compute, storage, and database, from unauthorized access or malicious attacks.

  References: Security perspective: compliance and assurance, AWS Cloud Adoption Framework

• Question 599:

  Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the business perspective?

  A. Program and project management
  B. Data science
  C. Observability
  D. Change and release management
  B. Data science

  ---

  Explanation

• Question 600:

  Which credential allows programmatic access to AWS resources for use from the AWS CLI or the AWS API?

  A. User name and password
  B. Access keys
  C. SSH public keys
  D. AWS Key Management Service (AWS KMS) keys
  B. Access keys

  ---

  Explanation

  Access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS using the AWS CLI or AWS API1. User name and password are credentials that you use to sign in to the AWS Management Console or the AWS Management Console mobile app2. SSH public keys are credentials that you use to authenticate with EC2 instances that are launched from certain Linux AMIs3. AWS Key Management Service (AWS KMS) keys are customer master keys (CMKs) that you use to encrypt and decrypt your data and to control access to your data across AWS services and in your applications4.