Amazon CLF-C02 Online Practice Questions and Exam Preparation

Amazon CLF-C02 Online Questions & Answers

• Question 651:

  A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes. Which AWS service or tool will meet this requirement?

  A. IAM Access Analyzer
  B. AWS Artifact
  C. IAM credential report
  D. AWS Audit Manager
  C. IAM credential report

  ---

  Explanation

  You can use credential reports to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key updates. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html

• Question 652:

  A company is planning to migrate to the AWS Cloud and wants to become more responsive to customer inquiries and feedback. The company wants to focus on organizational transformation.

  A company wants to give its customers the ability to view specific data that is hosted in Amazon S3 buckets. The company wants to keep control over the full datasets that the company shares with the customers.

  Which S3 feature will meet these requirements?

  A. S3 Storage Lens
  B. S3 Cross-Region Replication (CRR)
  C. S3 Versioning
  D. S3 Access Points
  D. S3 Access Points

  ---

  Explanation

  S3 Access Points are a feature of Amazon S3 that allows you to easily manage access to specific data that is hosted in S3 buckets. S3 Access Points are unique hostnames that customers can use to access data in S3 buckets. You can create multiple access points for a single bucket, each with its own name and permissions. You can use S3 Access Points to provide different levels of access to different groups of customers, such as read-only or write-only access. You can also use S3 Access Points to enforce encryption or logging requirements for specific data. S3 Access Points help you keep control over the full datasets that you share with your customers, while simplifying the access management and improving the performance and scalability of your applications.

• Question 653:

  Which AWS service is used to temporarily provide federated security credentials to access AWS resources?

  A. Amazon GuardDuty
  B. AWS Simple Token Service (AWS STS)
  C. AWS Secrets Manager
  D. AWS Certificate Manager
  B. AWS Simple Token Service (AWS STS)

  ---

  Explanation

  The AWS service that is used to temporarily provide federated security credentials to a user is AWS Security Token Service (AWS STS). AWS STS is a service that enables customers to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that they authenticate (federated users). The company can use AWS STS to grant federated users access to AWS resources without creating permanent IAM users or sharing long-term credentials. AWS STS helps customers manage and secure access to their AWS resources for federated users. Amazon GuardDuty, AWS Secrets Manager, and AWS Certificate Manager are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. AWS Secrets Manager is a service that helps customers manage and rotate secrets, such as database credentials, API keys, and passwords. AWS Certificate Manager is a service that helps customers provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources. These services are more useful for different types of security and compliance tasks, rather than providing temporary federated security credentials to a user.

• Question 654:

  A company has an online shopping website and wants to store customers' credit card data. The company must meet Payment Card Industry (PCI) standards.

  Which service can the company use to access AWS compliance documentation?

  A. Amazon Cloud Directory
  B. AWS Artifact
  C. AWS Trusted Advisor
  D. Amazon Inspector
  B. AWS Artifact

  ---

  Explanation

  The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security vulnerabilities and deviations from best practices in their Amazon EC2 instances.

  [AWS Artifact FAQs]

• Question 655:

  Which AWS service helps assess the security and compliance of applications that are deployed on Amazon EC2 instances?

  A. AWS Security Hub
  B. Amazon Inspector
  C. Amazon GuardDuty
  D. AWS Shield
  B. Amazon Inspector

  ---

  Explanation

• Question 656:

  A company wants to gain insights from its data and build interactive data visualization dashboards.

  Which AWS service will meet these requirements?

  A. Amazon SageMaker
  B. Amazon Rekognition
  C. Amazon QuickSight
  D. Amazon Kinesis
  C. Amazon QuickSight

  ---

  Explanation

• Question 657:

  Which AWS services make use of global edge locations'? (Select TWO.)

  A. AWS Fargate
  B. Amazon CloudFront
  C. AWS Global Accelerator
  D. AWS Wavelength
  E. Amazon VPC
  B. Amazon CloudFront
  C. AWS Global Accelerator

  ---

  Explanation

  Amazon CloudFront and AWS Global Accelerator are two AWS services that make use of global edge locations. Edge locations are AWS sites that are deployed worldwide in major cities and places with a high population. Edge locations are used to cache data and reduce latency for end-user access. Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds. Amazon CloudFront uses a global network of over 200 edge locations and 13 regional edge caches to cache your content closer to your viewers, improving performance and reducing costs. AWS Global Accelerator is a networking service that improves the availability and performance of your applications with local or global users. AWS Global Accelerator uses the AWS global network to route user traffic to the optimal endpoint based on health, performance, and policies. AWS Global Accelerator uses over 100 edge locations to bring your application endpoints closer to your users, reducing network hops and improving user experience.

  References:

  1: AWS for the Edge - Amazon Web Services (AWS),

  2: Content Delivery Network (CDN) - Amazon CloudFront - AWS,

  3: Amazon CloudFront Documentation,

  4: AWS Global Accelerator - Amazon Web Services,

  5: AWS Global Accelerator Documentation

• Question 658:

  A company needs to reserve a certain amount of Amazon EC2 compute resources in a specific Availability Zone within an AWS Region. Which purchasing option should the company use to meet this requirement?

  A. EC2 Instance Savings Plans
  B. Compute Savings Plans
  C. Regional Reserved Instances
  D. Zonal Reserved Instances
  D. Zonal Reserved Instances

  ---

  Explanation

• Question 659:

  A cloud engineer wants to know the percentage of the allocated compute units that are in use for a specific Amazon EC2 instance.

  Which AWS service can provide this information?

  A. AWS CloudTrail
  B. AWS Config
  C. Amazon CloudWatch
  D. AWS Artifact
  C. Amazon CloudWatch

  ---

  Explanation

  Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers

• Question 660:

  A company wants to deploy a Docker application to the AWS Cloud. However, the company does not want to manage the underlying servers.

  Which combination of AWS services should the company use to meet these requirements? (Select TWO)

  A. Amazon EC2
  B. Amazon EC2 Auto Scaling
  C. AWS Elastic Beanstalk
  D. Amazon CloudFront
  E. AWS Fargate
  C. AWS Elastic Beanstalk
  E. AWS Fargate

  ---

  Explanation

  "AWS Fargate is a serverless compute engine for containers that works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). AWS Fargate makes it easy to focus on building your applications. Fargate eliminates the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design."

  https://aws.amazon.com/fargate/faqs/?nc=snandloc=4