Amazon Amazon Certifications CLF-C02 Questions & Answers

• Question 591:

  In which of the following AWS services should database credentials be stored for maximum security?

  A. AWS Identity and Access Management (IAM)

  B. AWS Secrets Manager

  C. Amazon S3

  D. AWS Key Management Service (AWS KMS)

  Correct Answer: B

  AWS Secrets Manager is the AWS service where database credentials should be stored for maximum security. AWS Secrets Manager helps to protect the secrets, such as database credentials, passwords, API keys, and tokens, that are used to access applications, services, and resources. AWS Secrets Manager enables secure storage, encryption, rotation, and retrieval of the secrets. AWS Secrets Manager also integrates with other AWS services, such as AWS Identity and Access Management (IAM), AWS Key Management Service (AWS KMS), and AWS Lambda. For more information, see [What is AWS Secrets Manager?] and [Getting Started with AWS Secrets Manager].

• Question 592:

  A company is hosting a web application in a Docker container on Amazon EC2.

  AWS is responsible for which of the following tasks?

  A. Scaling the web application and services developed with Docker

  B. Provisioning or scheduling containers to run on clusters and maintain their availability

  C. Performing hardware maintenance in the AWS facilities that run the AWS Cloud

  D. Managing the guest operating system, including updates and security patches

  Correct Answer: C

  AWS is responsible for performing hardware maintenance in the AWS facilities that run the AWS Cloud. This is part of the shared responsibility model, where AWS is responsible for the security of the cloud, and the customer is responsible for security in the cloud. AWS is also responsible for the global infrastructure that runs all of the services offered in the AWS Cloud, including the hardware, software, networking, and facilities that run AWS Cloud services3. The customer is responsible for the guest operating system, including updates and security patches, as well as the web application and services developed with Docker4.

• Question 593:

  A company needs to migrate all of its development teams to a cloud-based integrated development environment (IDE).

  Which AWS service should the company use?

  A. AWS CodeBuild

  B. AWS Cloud9

  C. AWS OpsWorks

  D. AWS Cloud Development Kit (AWS CDK)

  Correct Answer: B

  The correct answer is B because AWS Cloud9 is an AWS service that enables users to run their existing custom, nonproduction workloads in the AWS Cloud quickly and cost-effectively. AWS Cloud9 is a cloud-based integrated development environment (IDE) that allows users to write, run, and debug code from a web browser. AWS Cloud9 supports multiple programming languages, such as Python, Java, Node.js, and more. AWS Cloud9 also provides users with a terminal that can access AWS services and resources, such as Amazon EC2 instances, AWS Lambda functions, and AWS CloudFormation stacks. The other options are incorrect because they are not AWS services that enable users to run their existing custom, nonproduction workloads in the AWS Cloud quickly and cost-effectively. AWS CodeBuild is an AWS service that enables users to compile, test, and package their code for deployment. AWS OpsWorks is an AWS service that enables users to configure and manage their applications using Chef or Puppet. AWS Cloud Development Kit (AWS CDK) is an AWS service that enables users to define and provision their cloud infrastructure using familiar programming languages, such as TypeScript, Python, Java, and C#. Reference: AWS Cloud9 FAQs

• Question 594:

  A company needs to store data across multiple Availability Zones in an AWS Region. The data will not be accessed regularly but must be immediately retrievable.

  Which Amazon Elastic File System (Amazon EFS) storage class meets these requirements MOST cost effectively?

  A. EFS Standard

  B. EFS Standard-Infrequent Access(EFS Standard-IA)

  C. EFS One Zone

  D. EFS One Zone-Infrequent Access (EFS One Zone-IA)

  Correct Answer: B

  EFS Standard-Infrequent Access (EFS Standard-IA) is the storage class that meets the requirements of storing data across multiple Availability Zones in an AWS Region, that will not be accessed regularly but must be immediately retrievable, most cost- effectively. EFS Standard-IA is designed for files that are accessed less frequently, but still require the same high performance, low latency, and high availability as EFS Standard. EFS Standard-IA has a lower storage cost than EFS Standard, but charges a small additional fee for each access. EFS One Zone and EFS One Zone-IA store data in a single Availability Zone, which reduces the availability and durability compared to EFS Standard and EFS Standard-IA.

• Question 595:

  A company needs to configure rules to identify threats and protect applications from malicious network access.

  Which AWS service should the company use to meet these requirements?

  A. AWS Identity and Access Management (IAM)

  B. Amazon QuickSight

  C. AWS WAF

  D. Amazon Detective

  Correct Answer: C

  AWS WAF is the AWS service that the company should use to configure rules to identify threats and protect applications from malicious network access. AWS WAF is a web application firewall that helps to filter, monitor, and block malicious web requests based on customizable rules. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer. For more information, see What is AWS WAF? and How AWS WAF Works.

• Question 596:

  A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.

  Which AWS service or tool can the company use to meet these requirements?

  A. AWS Pricing Calculator

  B. Amazon CloudWatch

  C. AWS Cost Explorer

  D. AWS Budgets

  Correct Answer: A

  AWS Pricing Calculator is a web-based planning tool that customers can use to create estimates for their AWS use cases. They can use it to model their solutions before building them, explore the AWS service price points, and review the calculations behind their estimates. Therefore, the correct answer is A. You can learn more about AWS Pricing Calculator and how it works from this page.

• Question 597:

  Which statements represent the cost-effectiveness of the AWS Cloud? (Select TWO.)

  A. Users can trade fixed expenses for variable expenses.

  B. Users can deploy all over the world in minutes.

  C. AWS offers increased speed and agility.

  D. AWS is responsible for patching the infrastructure.

  E. Users benefit from economies of scale.

  Correct Answer: AE

  The statements that represent the cost-effectiveness of the AWS Cloud are: Users can trade fixed expenses for variable expenses. By using the AWS Cloud, users can pay only for the resources they use, instead of investing in fixed and upfront costs for hardware and software. This can lower the total cost of ownership and increase the return on investment. Users benefit from economies of scale. By using the AWS Cloud, users can leverage the massive scale and efficiency of AWS to access lower prices and higher performance. AWS passes the cost savings to the users through price reductions and innovations. AWS Cloud Value Framework

• Question 598:

  A company is reviewing its operating policies.

  Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?

  A. Ensure that employees have access to all company data.

  B. Expand employees' permissions as they gain more experience.

  C. Grant all privileges and access to all users.

  D. Apply security requirements at all layers of a process.

  Correct Answer: D

  Applying security requirements at all layers of a process is a policy that complies with guidance in the security pillar of the AWS Well-Architected Framework. The security pillar of the AWS Well-Architected Framework provides best practices for securing the user's data and systems in the AWS Cloud. One of the design principles of the security pillar is to apply security at all layers, which means that the user should implement defense-in-depth strategies and avoid relying on a single security mechanism. For example, the user should use multiple security controls, such as encryption, firewalls, identity and access management, and logging and monitoring, to protect their data and resources at different layers.

• Question 599:

  Which pillar of the AWS Well-Architected Framework focuses on the return on investment of moving into the AWS Cloud?

  A. Sustainability

  B. Cost optimization

  C. Operational excellence

  D. Reliability

  Correct Answer: B

  Cost optimization is the pillar of the AWS Well-Architected Framework that focuses on the return on investment of moving into the AWS Cloud. Cost optimization means that users can achieve the desired business outcomes at the lowest possible price point, while maintaining high performance and reliability. Cost optimization can be achieved by using various AWS features and best practices, such as pay-as-you-go pricing, right- sizing, elasticity, reserved instances, spot instances, cost allocation tags, cost and usage reports, and AWS Trusted Advisor. [AWS Well-Architected Framework] AWS Certified Cloud Practitioner - aws.amazon.com

• Question 600:

  What is the total amount of storage offered by Amazon S3?

  A. WOMB

  B. 5 GB

  C. 5 TB

  D. Unlimited

  Correct Answer: D

  Amazon S3 offers unlimited storage for any amount of data. You can store as many objects as you want, and each object can be as large as 5 terabytes. You pay only for the storage space that you actually use, and there are no minimum commitments or upfront fees. Amazon S3 also provides high durability, availability, scalability, and security for your data.