Amazon Amazon Certifications CLF-C02 Questions & Answers

• Question 601:

  Which database engine is compatible with Amazon RDS?

  A. Apache Cassandra

  B. MongoDB

  C. Neo4j

  D. PostgreSQL

  Correct Answer: D

  Amazon RDS supports six database engines: Amazon Aurora, MySQL, MariaDB, PostgreSQL, Oracle, and SQL Server. Apache Cassandra, MongoDB, and Neo4j are not compatible with Amazon RDS. Therefore, the correct answer is D. You can learn more about Amazon RDS and its supported database engines from this page.

• Question 602:

  Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)?

  A. AWS Support

  B. AWS customers

  C. AWS Key Management Service (AWS KMS)

  D. AWS Trusted Advisor

  Correct Answer: B

  AWS customers are responsible for enabling encryption of data at rest for Amazon Elastic Block Store (Amazon EBS). Amazon EBS encryption offers a simple encryption solution for your EBS volumes that does not require you to build, maintain, and secure your own key management infrastructure. You can encrypt both the boot and data volumes of your EC2 instances. You can use AWS Key Management Service (AWS KMS) customer master keys (CMKs) or your own CMKs to encrypt your volumes2.

• Question 603:

  Which of the following are AWS Cloud design principles? (Select TWO.)

  A. Pay for compute resources in advance.

  B. Make data-driven decisions to determine cloud architectural design.

  C. Emphasize manual processes to allow for changes.

  D. Test systems at production scale.

  E. Refine operational procedures infrequently.

  Correct Answer: BD

  The correct answers are B and D because making data-driven decisions to determine cloud architectural design and testing systems at production scale are AWS Cloud design principles. Making data-driven decisions to determine cloud architectural design means that users should collect and analyze data from their AWS resources and applications to optimize their performance, availability, security, and cost. Testing systems at production scale means that users should simulate real-world scenarios and load conditions to validate the functionality, reliability, and scalability of their systems. The other options are incorrect because they are not AWS Cloud design principles. Paying for compute resources in advance means that users have to invest heavily in data centers and servers before they know how they will use them. This is not a cloud design principle, but rather a traditional IT model. Emphasizing manual processes to allow for changes means that users have to rely on human intervention and coordination to perform operational tasks and updates. This is not a cloud design principle, but rather a source of inefficiency and error. Refining operational procedures infrequently means that users have to stick to the same methods and practices without adapting to the changing needs and feedback. This is not a cloud design principle, but rather a hindrance to innovation and improvement. Reference: AWS Well-Architected Framework

• Question 604:

  Which tasks are customer responsibilities according to the AWS shared responsibility model? (Select TWO.)

  A. Determine application dependencies with operating systems.

  B. Provide user access with AWS Identity and Access Management (IAM).

  C. Secure the data center in an Availability Zone.

  D. Patch the hypervisor.

  E. Provide network availability in Availability Zones.

  Correct Answer: B

  The correct answer to the question is B because providing user access with AWS Identity and Access Management (IAM) is a customer responsibility according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. IAM is an AWS service that enables customers to manage access and permissions to AWS resources and services. Customers are responsible for creating and managing IAM users, groups, roles, and policies, and ensuring that they follow the principle of least privilege. Reference: AWS Shared Responsibility Model

• Question 605:

  Which design principle should be considered when architecting in the AWS Cloud?

  A. Think of servers as non-disposable resources.

  B. Use synchronous integration of services.

  C. Design loosely coupled components.

  D. Implement the least permissive rules for security groups.

  Correct Answer: C

  Designing loosely coupled components is a design principle that should be considered when architecting in the AWS Cloud. Loose coupling is a way of designing systems to reduce interdependencies and minimize the impact of changes. Loose coupling allows components to interact with each other through well-defined interfaces, rather than direct references. This reduces the risk of failures and errors propagating across the system, and enables greater scalability, availability, and maintainability5.

• Question 606:

  Which AWS service can report how AWS resource configurations have changed over time?

  A. AWS CloudTrail

  B. Amazon CloudWatch

  C. AWS Config

  D. Amazon Inspector

  Correct Answer: C

  AWS Config is a service that enables users to assess, audit, and evaluate the configurations of AWS resources. It continuously monitors and records the configuration changes of the resources and evaluates them against desired configurations and best practices. It also provides a detailed view of the resource configuration history and relationships, as well as compliance reports and notifications. AWS Config can help users maintain consistent and secure configurations, troubleshoot issues, and simplify compliance auditing. AWS Config OverviewAWS Certified Cloud Practitioner - aws.amazon.com

• Question 607:

  A company wants to use a managed service to simplify the setup, operation, and scaling of its MySQL database in the AWS Cloud.

  Which AWS service will meet these requirements?

  A. Amazon EMR

  B. Amazon RDS

  C. Amazon Redshift

  D. Amazon DynamoDB

  Correct Answer: B

  Amazon RDS is the AWS service that will meet the requirements of using a managed service to simplify the setup, operation, and scaling of a MySQL database in the AWS Cloud. Amazon RDS is a relational database service that supports MySQL and other popular database engines. Amazon RDS handles routine database tasks such as provisioning, patching, backup, recovery, and scaling. Amazon RDS also offers high availability, security, and compatibility features3

• Question 608:

  A company needs to continuously monitor its environment to analyze network and account activity and identify potential security threats.

  Which AWS service should the company use to meet these requirements?

  A. AWS Artifact

  B. Amazon Macie

  C. AWS Identity and Access Management (IAM)

  D. Amazon GuardDuty

  Correct Answer: D

  Amazon GuardDuty is a service that provides intelligent threat detection and continuous monitoring for the AWS environment. It analyzes network and account activity using machine learning and threat intelligence to identify potential security threats, such as unauthorized access, compromised credentials, malicious hosts, and reconnaissance activities. It also generates detailed and actionable findings that can be viewed on the AWS Management Console or sent to other AWS services, such as Amazon CloudWatch Events and AWS Lambda, for further analysis or remediation. Amazon GuardDuty OverviewAWS Certified Cloud Practitioner - aws.amazon.com

• Question 609:

  A company has an online shopping website and wants to store customers' credit card data. The company must meet Payment Card Industry (PCI) standards.

  Which service can the company use to access AWS compliance documentation?

  A. Amazon Cloud Directory

  B. AWS Artifact

  C. AWS Trusted Advisor

  D. Amazon Inspector

  Correct Answer: B

  The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: [AWS Artifact FAQs]

• Question 610:

  Which AWS service meets this requirement?

  A. AWS CloudFormation

  B. AWS Elastic Beanstalk

  C. AWS Cloud9

  D. AWS CloudShell

  Correct Answer: A

  AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS and third-party resources, and provision and manage them in an orderly and predictable fashion. You can use AWS CloudFormation's sample templates or create your own templates to describe the AWS and third-party resources, and any associated dependencies or runtime parameters, required to run your application.