Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 601:

  A user has an AWS account with a Business-level AWS Support plan and needs assistance with handling a production service disruption. Which action should the user take?

  A. Contact the dedicated AWS technical account manager (TAM).
  B. Contact the dedicated AWS Concierge Support team.
  C. Open a business-critical system down support case.
  D. Open a production system down support case.
  D. Open a production system down support case.

  ---

  Explanation

• Question 602:

  A company's application developers need to quickly provision and manage AWS services by using scripts. Which AWS offering should the developers use to meet these requirements?

  A. AWS CLI
  B. AWS CodeBuild
  C. AWS Cloud Adoption Framework (AWS CAF)
  D. AWS Systems Manager Session Manager
  A. AWS CLI

  ---

  Explanation

• Question 603:

  A company wants to use the latest technologies and wants to minimize its capital investment. Instead of upgrading on-premises infrastructure, the company wants to move to the AWS Cloud.

  Which AWS Cloud benefit does this scenario describe?

  A. Increased speed to market
  B. The trade of infrastructure expenses for operating expenses
  C. Massive economies of scale
  D. The ability to go global in minutes
  B. The trade of infrastructure expenses for operating expenses

  ---

  Explanation

  The trade of infrastructure expenses for operating expenses is one of the benefits of the AWS Cloud. By moving to the AWS Cloud, the company can avoid the upfront costs of purchasing and maintaining on-premises infrastructure, such as servers, storage, network, and software. Instead, the company can pay only for the AWS resources and services that they use, as they use them. This reduces the risk and complexity of planning and managing IT infrastructure, and allows the company to focus on innovation and growth. Increased speed to market, massive economies of scale, and the ability to go global in minutes are also benefits of the AWS Cloud, but they are not the best ones to describe this scenario. Increased speed to market means that the company can launch new products and services faster by using AWS services and tools. Massive economies of scale means that the company can benefit from the lower costs and higher performance that AWS achieves by operating at a large scale. The ability to go global in minutes means that the company can deploy their applications and data in multiple regions and availability zones around the world to reach their customers faster and improve performance and reliability5

• Question 604:

  Which of the following is an AWS value proposition that describes a user's ability to scale infrastructure based on demand?

  A. Speed of innovation
  B. Resource elasticity
  C. Decoupled architecture
  D. Global deployment
  B. Resource elasticity

  ---

  Explanation

  Resource elasticity is an AWS value proposition that describes a user's ability to scale infrastructure based on demand. Resource elasticity means that the user can provision or deprovision resources quickly and easily, without any upfront commitment or long-term contract. Resource elasticity can help the user optimize the cost and performance of the application, as well as respond to changing business needs and customer expectations. Resource elasticity can be achieved by using services such as Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, Amazon ECS, and AWS Lambda. [AWS Cloud Value Framework] AWS Certified Cloud Practitioner - aws.amazon.com

• Question 605:

  A company is building an application in the AWS Cloud. The company wants to use temporary credentials for the application to access other AWS resources.

  Which AWS service will meet these requirements?

  A. AWS Key Management Service (Aws KMS)
  B. AWS CloudHSM
  C. Amazon Cognito
  D. AWS Security Token Service (Aws STS)
  D. AWS Security Token Service (Aws STS)

  ---

  Explanation

  AWS Security Token Service (AWS STS) is a service that provides temporary security credentials to users or applications that need to access AWS resources. The temporary credentials have a limited lifetime and can be configured to last

  from a few minutes to several hours. The credentials are not stored with the user or application, but are generated dynamically and provided on request. The credentials work almost identically to long-term access key credentials, but have the

  advantage of not requiring distribution, rotation, or revocation.

  AWS Key Management Service (AWS KMS) is a service that provides encryption and decryption services for data and keys. It does not provide temporary security credentials. AWS CloudHSM is a service that provides hardware security

  modules (HSMs) for cryptographic operations and key management. It does not provide temporary security credentials.

  Amazon Cognito is a service that provides user authentication and authorization for web and mobile applications. It can also provide temporary security credentials for authenticated users, but not for applications.

• Question 606:

  A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered sensitive.

  Which AWS service will meet the requirement?

  A. Amazon Inspector
  B. Amazon Macie
  C. AWS Identity and Access Management (IAM)
  D. Amazon CloudWatch
  B. Amazon Macie

  ---

  Explanation

  Amazon Macie is a fully managed service that uses machine learning and pattern matching to help you detect, classify, and better protect your sensitive data stored in the AWS Cloud1. Macie can automatically discover and scan your

  Amazon S3 buckets for sensitive data such as personally identifiable information (PII), financial information, healthcare information, intellectual property, and credentials1. Macie also provides you with a dashboard that shows the type,

  location, and volume of sensitive data in your AWS environment, as well as alerts and findings on potential security issues1. The other options are not suitable for identifying sensitive data in AWS. Amazon Inspector is a service that helps you

  find security vulnerabilities and deviations from best practices in your Amazon EC2 instances2. AWS Identity and Access Management (IAM) is a service that helps you manage access to your AWS resources by creating users, groups, roles,

  and policies3. Amazon CloudWatch is a service that helps you monitor and troubleshoot your AWS resources and applications by collecting metrics, logs, events, and alarms4.

  References:

  1: What Is Amazon Macie? - Amazon Macie

  2: What Is Amazon Inspector? - Amazon Inspector

  3: What Is IAM? - AWS Identity and Access Management

  4: What Is Amazon CloudWatch? - Amazon CloudWatch

• Question 607:

  A company is moving its virtual machines (VMs) from an on-premises environment to the AWS Cloud. The company plans to deploy Amazon EC2 instances. Which cloud computing model will the company use in this scenario?

  A. Platform as a service (PaaS)
  B. Infrastructure as a service (laaS)
  C. Function as a service (FaaS)
  D. Software as a service (SaaS)
  B. Infrastructure as a service (laaS)

  ---

  Explanation

• Question 608:

  A company needs to centrally configure and manage Amazon VPC security groups across multiple AWS accounts within an organization in AWS Organizations. Which AWS service should the company use to meet these requirements?

  A. AWS Firewall Manager
  B. Amazon GuardDuty
  C. Amazon Detective
  D. AWS WAF
  A. AWS Firewall Manager

  ---

  Explanation

• Question 609:

  A company encourages its teams to test failure scenarios regularly and to validate their understanding of the impact of potential failures.

  Which pillar of the AWS Well-Architected Framework does this philosophy represent?

  A. Operational excellence
  B. Cost optimization
  C. Performance efficiency
  D. Security
  A. Operational excellence

  ---

  Explanation

  This is the pillar of the AWS Well-Architected Framework that represents the philosophy of testing failure scenarios regularly and validating the understanding of the impact of potential failures. The operational excellence pillar covers the best practices for designing, running, monitoring, and improving systems in the AWS Cloud. Testing failure scenarios is one of the ways to improve the system's resilience, reliability, and recovery. You can learn more about the operational excellence pillar from this whitepaper or this digital course.

• Question 610:

  A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates. Which AWS service will meet this requirement?

  A. AWS Resource Explorer
  B. AWS Service Catalog
  C. AWS Organizations
  D. AWS Systems Manager
  B. AWS Service Catalog

  ---

  Explanation

  AWS Service Catalog lets you centrally manage your cloud resources to achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or Terraform configurations. With AWS Service Catalog, you can

  meet your compliance requirements while making sure your customers can quickly deploy the cloud resources they need.

  https://aws.amazon.com/servicecatalog/