Which of the following is a recommended design principle of the AWS Well-Architected Framework?
A. Reduce downtime by making infrastructure changes infrequently and in large increments.
B. Invest the time to configure infrastructure manually.
C. Learn to improve from operational failures.
D. Use monolithic application design for centralization.
Correct Answer: C
The correct answer is C because learning to improve from operational failures is a recommended design principle of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. Each pillar has a set of design principles that describe the characteristics of a well-architected system. Learning to improve from operational failures is a design principle of the operational excellence pillar, which focuses on running and monitoring systems to deliver business value and continually improve supporting processes and procedures. The other options are incorrect because they are not recommended design principles of the AWS Well-Architected Framework. Reducing downtime by making infrastructure changes infrequently and in large increments is not a design principle of the AWS Well-Architected Framework, but rather a source of risk and inefficiency. A well-architected system should implement changes frequently and in small increments to minimize the impact and scope of failures. Investing the time to configure infrastructure manually is not a design principle of the AWS Well-Architected Framework, but rather a source of human error and inconsistency. A well-architected system should automate manual tasks to improve the speed and accuracy of operations. Using monolithic application design for centralization is not a design principle of the AWS Well-Architected Framework, but rather a source of complexity and rigidity. A well- architected system should use loosely coupled and distributed components to enable scalability and resilience. Reference: [AWS Well-Architected Framework]
Question 652:
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)
A. Patch AWS network devices.
B. Set user password rules.
C. Provide physical security for compute resources.
D. Configure security groups.
E. Patch the operating system of an Amazon EC2 instance.
Correct Answer: AC
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment. Reference: AWS Shared Responsibility Model
Question 653:
Which AWS network services or features allow Cl DR block notation when providing an IP address range? (Select TWO.)
A. Security groups
B. Amazon Machine Image (AMI)
C. Network access control list (network ACL)
D. AWS Budgets
E. Amazon Elastic Block Store (Amazon EBS)
Correct Answer: AC
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied
Question 654:
A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?
A. Amazon API Gateway
B. IAM users
C. AWS Security Token Service (AWS STS)
D. IAM instance profiles
Correct Answer: C
AWS Security Token Service (AWS STS) is a service that enables applications to request temporary, limited-privilege credentials for authentication with other AWS APIs. AWS STS can be used to grant access to AWS resources to users who are federated (using IAM roles), switched (using IAM users), or cross-account (using IAM roles). AWS STS can also be used to assume a role within the same account or a different account. The credentials issued by AWS STS are short-term and have a limited scope, which can enhance the security and compliance of the application. AWS STS OverviewAWS Certified Cloud Practitioner - aws.amazon.com
Question 655:
Which of the following are user authentication services managed by AWS? (Select TWO.)
A. Amazon Cognito
B. AWS Lambda
C. AWS License Manager
D. AWS Identity and Access Management (IAM)
E. AWS CodeStar
Correct Answer: AD
The user authentication services managed by AWS are: Amazon Cognito and AWS Identity and Access Management (IAM). These services help users securely manage and control access to their AWS resources and applications. Amazon Cognito is a service that provides user sign-up, sign-in, and access control for web and mobile applications. Amazon Cognito supports various identity providers, such as Facebook, Google, and Amazon, as well as custom user pools. AWS IAM is a service that enables users to create and manage users, groups, roles, and permissions for AWS services and resources. AWS IAM supports various authentication methods, such as passwords, access keys, and multi-factor authentication (MFA)
Question 656:
Which feature of the AWS Cloud gives users the ability to pay based on current needs rather than forecasted needs?
A. AWS Budgets
B. Pay-as-you-go pricing
C. Volume discounts
D. Savings Plans
Correct Answer: B
Pay-as-you-go pricing is the feature of the AWS Cloud that gives users the ability to pay based on current needs rather than forecasted needs. Pay-as-you-go pricing means that users only pay for the AWS services and resources they use, without any upfront or long-term commitments. This allows users to scale up or down their usage depending on their changing business requirements, and avoid paying for idle or unused capacity. Pay-as-you-go pricing also enables users to benefit from the economies of scale and lower costs of AWS as they grow their business5
Question 657:
According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)
A. Network infrastructure and virtualization of infrastructure
B. Security of application data
C. Guest operating systems
D. Physical security of hardware
E. Credentials and policies
Correct Answer: AD
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS responsibilities according to the AWS shared responsibility model. Security of application data, guest operating systems, and credentials and policies are customer responsibilities according to the AWS shared responsibility model. Reference: [AWS Shared Responsibility Model]
Question 658:
Which activity can companies complete by using AWS Organizations?
A. Troubleshoot the performance of applications.
B. Manage service control policies (SCPs).
C. Migrate applications to microservices.
D. Monitor the performance of applications.
Correct Answer: B
Managing service control policies (SCPs) is an activity that companies can complete by using AWS Organizations. AWS Organizations is a service that enables the user to consolidate multiple AWS accounts into an organization that can be managed as a single unit. AWS Organizations allows the user to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access in the accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization into a single bill3.
Question 659:
A company's IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.
What should the company do to meet these requirements?
A. Deploy MySQL database server clusters on Amazon EC2 instances.
B. Use Amazon RDS with a MySQL database.
C. Use an AWS Cloud Form at ion template to deploy MySQL database servers on Amazon EC2 instances.
D. Migrate all the MySQL database data to Amazon S3.
Correct Answer: B
The company should use Amazon RDS with a MySQL database to meet the requirements of moving its workload to AWS so that the tasks of patching the database and taking backup snapshots of the data in the clusters will be completed automatically. Amazon RDS is a managed service that simplifies the setup, operation, and scaling of relational databases in the AWS Cloud. Amazon RDS automates common database administration tasks such as patching, backup, and recovery. Amazon RDS also supports MySQL and other popular database engines5
Question 660:
A company is using AWS Lambda functions to build an application.
Which tasks are the company's responsibility, according to the AWS shared responsibility model? (Select TWO.)
A. Patch the servers where the Lambda functions are deployed.
B. Establish the IAM permissions that define who can run the Lambda functions.
C. Write the code for the Lambda functions to define the application logic.
D. Deploy Amazon EC2 instances to support the Lambda functions.
E. Scale out the Lambda functions when the load increases.
Correct Answer: BC
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the user is responsible for the security in the cloud. This means that AWS manages the security and maintenance of the underlying infrastructure, such as the servers, networks, and operating systems, while the user manages the security and configuration of the resources and applications that run on AWS. For AWS Lambda functions, the tasks that are the user's responsibility are: Establish the IAM permissions that define who can run the Lambda functions. IAM is a service that enables users to manage access and permissions for AWS resources and users. Users can create IAM policies, roles, and users to grant or deny permissions to run Lambda functions, invoke other AWS services, or access AWS resources from Lambda functions. [AWS Lambda Permissions] AWS Certified Cloud Practitioner - aws.amazon.com Write the code for the Lambda functions to define the application logic. Lambda functions are units of code that can be written in any supported programming language, such as Python, Node.js, Java, or Go. Users can write the code for the Lambda functions using the AWS Management Console, the AWS Command Line Interface (AWS CLI), the AWS SDKs, or any code editor of their choice. Users can also use AWS Lambda Layers to share and manage common code and dependencies across multiple functions. [AWS Lambda Overview] AWS Certified Cloud Practitioner - aws.amazon.com
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CLF-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.