CLF-C02 Exam - AWS Certified Cloud Practitioner

NEW QUESTION 1

Which of the following is available to a company that has an AWS Business Support plan?

• A. AWS Support concierge
• B. AWS DDoS Response Team (DRT)
• C. AWS technical account manager (TAM)
• D. AWS Health API

Answer: D

Explanation:
AWS Health API is available to a company that has an AWS Business Support plan. The AWS Health API provides programmatic access to the AWS Health information that is presented in the AWS Personal Health Dashboard. The AWS Health API can help users get timely and personalized information about events that can affect the availability and performance of their AWS resources, such as scheduled maintenance, network issues, or service disruptions. The AWS Health API can also integrate with other AWS services, such as Amazon CloudWatch Events and AWS Lambda, to enable automated actions and notifications. AWS Health API OverviewAWS Support Plans

NEW QUESTION 2

Which AWS service is designed to help users build conversational interfaces into applications using voice and text?

• A. Amazon Lex
• B. Amazon Transcribe
• C. Amazon Comprehend
• D. Amazon Timestream

Answer: A

Explanation:
A is correct because Amazon Lex is the AWS service that helps users build conversational interfaces into applications using voice and text. B is incorrect because Amazon Transcribe is the AWS service that helps users convert speech to text. C is incorrect because Amazon Comprehend is the AWS service that helps users analyze text using natural language processing. D is incorrect because Amazon Timestream is the AWS service that helps users collect, store, and process time series data.

NEW QUESTION 3

A company wants to push VPC Flow Logs to an Amazon S3 bucket.
A company wants to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances.
Which AWS purchasing option should the company choose to meet these requirements?

• A. Dedicated Hosts
• B. Compute Savings Plans
• C. Reserved Instances
• D. Spot Instances

Answer: B

Explanation:
Compute Savings Plans are a flexible and cost-effective way to optimize long-term compute costs of AWS Lambda functions and Amazon EC2 instances. With Compute Savings Plans, customers can commit to a consistent amount of compute usage (measured in $/hour) for a 1-year or 3-year term and receive a discount of up to 66% compared to On-Demand prices3. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to the customer’s use. They are suitable for customers who have specific server-bound software licenses or compliance requirements4. Reserved Instances are a pricing model that provides a significant discount (up to 75%) compared to On-Demand pricing and a capacity reservation for EC2 instances. They are available in 1-year or 3-year terms and different payment options5. Spot Instances are spare EC2 instances that are available at up to 90% discount compared to On-Demand prices. They are suitable for customers who have flexible start and end times, can withstand interruptions, and can handle excess capacity.

NEW QUESTION 4

Which of the following acts as an instance-level firewall to control inbound and outbound access?

• A. Network access control list
• B. Security groups
• C. AWS Trusted Advisor
• D. Virtual private gateways

Answer: B

Explanation:
The correct answer is B because security groups are AWS features that act as instance-level firewalls to control inbound and outbound access. Security groups are virtual firewalls that can be attached to one or more Amazon EC2 instances. Users can configure rules for security groups to allow or deny traffic based on protocols, ports, and source or destination IP addresses. The other options are incorrect because they are not AWS features that act as instance-level firewalls to control inbound and outbound access. Network access control list is an AWS feature that acts as a subnet-level firewall to control inbound and outbound access. AWS Trusted Advisor is an AWS service that provides real- time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. Virtual private gateways are AWS features that enable users to create a secure and encrypted connection between their VPC and their on- premises network. Reference: Security Groups for Your VPC

NEW QUESTION 5

A company is building a mobile app to provide shopping recommendations to its customers. The company wants to use a graph database as part of the shopping recommendation engine.
Which AWS database service should the company choose?

• A. Amazon DynamoDB
• B. Amazon Aurora
• C. Amazon Neptune
• D. Amazon DocumentDB (with MongoDB compatibility)

Answer: C

Explanation:
Amazon Neptune is a service that provides a fully managed graph database that supports property graphs and RDF graphs. It can be used to build applications that work with highly connected datasets, such as shopping recommendations, social networks, fraud detection, and knowledge graphs2. Amazon DynamoDB is a service that provides a fully managed NoSQL database that delivers fast and consistent performance at any scale. Amazon Aurora is a service that provides a fully managed relational database that is compatible with MySQL and PostgreSQL. Amazon DocumentDB (with MongoDB compatibility) is a service that provides a fully managed document database that is compatible with MongoDB.

NEW QUESTION 6

A company is planning to migrate to the AWS Cloud and wants to become more responsive to customer inquiries and feedback. The company wants to focus on organizational transformation.
A company wants to give its customers the ability to view specific data that is hosted in Amazon S3 buckets. The company wants to keep control over the full datasets that the company shares with the customers.
Which S3 feature will meet these requirements?

• A. S3 Storage Lens
• B. S3 Cross-Region Replication (CRR)
• C. S3 Versioning
• D. S3 Access Points

Answer: D

Explanation:
S3 Access Points are a feature of Amazon S3 that allows you to easily manage access to specific data that is hosted in S3 buckets. S3 Access Points are unique hostnames that customers can use to access data in S3 buckets. You can create multiple access points for a single bucket, each with its own name and permissions. You can use S3 Access Points to provide different levels of access to different groups of customers, such as read-only or write-only access. You can also use S3 Access Points to enforce encryption or logging requirements for specific data. S3 Access Points help you keep control over the full datasets that you share with your customers, while simplifying the access management and improving the performance and scalability of your applications.

NEW QUESTION 7

A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting.
Which S3 feature should the company use to meet these requirements?

• A. S3 Lifecycle rules
• B. S3 Versioning
• C. S3 bucket policies
• D. S3 server-side encryption

Answer: B

Explanation:
S3 Versioning is a feature that allows you to keep multiple versions of an object in the same bucket. You can use S3 Versioning to protect your data from accidental deletion or overwriting by enabling it on a bucket or a specific object. S3 Versioning also allows you to restore previous versions of an object if needed. S3 Lifecycle rules are used to automate the transition of objects between storage classes or to expire objects after a certain period of time. S3 bucket policies are used to control access to the objects in a
bucket. S3 server-side encryption is used to encrypt the data at rest in S3. References: S3 Versioning, S3 Lifecycle rules, S3 bucket policies, S3 server-side encryption

NEW QUESTION 8

Which AWS service or tool provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data?

• A. AWS Pricing Calculator
• B. AWS Compute Optimizer
• C. AWS App Runner
• D. AWS Systems Manager

Answer: B

Explanation:
AWS Compute Optimizer is the AWS service or tool that provides recommendations to help users get rightsized Amazon EC2 instances based on historical workload usage data. AWS Compute Optimizer analyzes the configuration and performance characteristics of the EC2 instances and delivers recommendations for optimal instance types, sizes, and configurations. AWS Compute Optimizer helps users improve performance, reduce costs, and eliminate underutilized resources

NEW QUESTION 9

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.
Which best practice of the AWS Well-Architected Framework is the company following with this plan?

• A. Integrate functional testing as part of AWS deployment.
• B. Use automation to deploy changes.
• C. Deploy the application to multiple locations.
• D. Implement loosely coupled dependencies.

Answer: D

Explanation:
The company is following the best practice of implementing loosely coupled dependencies by migrating the application to AWS and dividing the application into microservices. Loosely coupled dependencies are a design principle of the AWS Well- Architected Framework that helps to reduce the interdependencies between components and improve the scalability, reliability, and performance of the system. By breaking down the monolithic application into smaller, independent, and modular services, the company can reduce the complexity and maintenance costs, increase the agility and flexibility, and enable faster and more frequent deployments. AWS CloudFormation is an AWS service that provides the ability to manage infrastructure as code. Infrastructure as code is a process of defining and provisioning AWS resources using code or templates, rather than manual actions or scripts. AWS CloudFormation allows users to create and update stacks of AWS resources based on predefined templates that describe the desired state and configuration of the resources. AWS CloudFormation automates and simplifies the deployment and management of AWS resources, and ensures consistency and repeatability across different environments and regions. AWS CloudFormation also supports rollback, change sets, drift detection, and nested stacks features that help users to monitor and control the changes to their infrastructure. References: Implementing Loosely Coupled Dependencies, What is AWS CloudFormation?

NEW QUESTION 10

Which AWS services and features are provided to all customers at no charge? (Select TWO.)

• A. Amazon Aurora
• B. VPC
• C. Amazon SageMaker
• D. AWS Identity and Access Management (IAM)
• E. Amazon Polly

Answer: BD

Explanation:
The AWS services and features that are provided to all customers at no charge are VPC and AWS Identity and Access Management (IAM). VPC is a service that allows you to launch AWS resources in a logically isolated virtual network that you define. You can create and use a VPC at no additional charge, and you only pay for the resources that you launch in the VPC, such as EC2 instances or EBS volumes. IAM is a service that allows you to manage access and permissions to AWS resources. You can create and use IAM users, groups, roles, and policies at no additional charge, and you only pay for the AWS resources that the IAM entities access. Amazon Aurora, Amazon SageMaker, and Amazon Polly are not free services, and they charge based on the usage and features that you choose5

NEW QUESTION 11

A company wants to receive alerts to monitor its overall operating costs for its AWS public
cloud infrastructure.
Which AWS offering will meet these requirements?

• A. Amazon EventBridge
• B. Compute Savings Plans
• C. AWS Budgets
• D. Migration Evaluator

Answer: C

Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1

NEW QUESTION 12

Which AWS service provides highly durable object storage?

• A. Amazon S3
• B. Amazon Elastic File System (Amazon EFS)
• C. Amazon Elastic Block Store (Amazon EBS)
• D. Amazon FSx

Answer: A

Explanation:
Amazon S3 is the AWS service that provides highly durable object storage. Amazon S3 is designed to provide 99.999999999% durability of objects over a given year.
This means that you can store your data with high confidence that it will not be lost. Amazon S3 also provides high availability, scalability, security, and performance for your data. You can use Amazon S3 to store and retrieve any amount of data, at any time, from anywhere on the web5.

NEW QUESTION 13

A company needs to run some of its workloads on premises to comply with regulatory guidelines. The company wants to use the AWS Cloud to run workloads that are not required to be on premises. The company also wants to be able to use the same API calls for the on-premises workloads and the cloud workloads.
Which AWS service or feature should the company use to meet these requirements?

• A. Dedicated Hosts
• B. AWS Outposts
• C. Availability Zones
• D. AWS Wavelength

Answer: B

Explanation:
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on- premises facility for a truly consistent hybrid experience1. AWS Outposts enables customers to run workloads on premises using the same AWS APIs, tools, and services that they use in the cloud2. Dedicated Hosts are physical servers with EC2 instance capacity fully dedicated to a customer’s use3. Availability Zones are one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities within an AWS Region4. AWS Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications.

NEW QUESTION 14

Which benefit is included with an AWS Enterprise Support plan?

• A. AWS Partner Network (APN) support at no cost
• B. Designated support from an AWS technical account manager (TAM)
• C. On-site support from AWS engineers
• D. AWS managed compliance as code with AWS Config

Answer: B

Explanation:
AWS offers different support plans to meet the needs of different customers. The AWS Enterprise Support plan is the highest level of support that provides customers with concierge-like service, where the main focus is helping them achieve their outcomes and find success in the cloud. One of the benefits of the AWS Enterprise Support plan is that customers get designated support from an AWS technical account manager (TAM), who provides consultative architectural and operational guidance based on their applications and use cases. Therefore, the correct answer is B. You can learn more about AWS support plans and their benefits from this page.

NEW QUESTION 15

A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.
Which AWS service should the engineer use?

• A. AWS Key Management Service (AWS KMS)
• B. AWS Certificate Manager (ACM)
• C. AWS CloudHSM
• D. AWS Systems Manager

Answer: C

Explanation:
The correct answer is C because AWS CloudHSM is an AWS service that enables the security engineer to meet the requirements. AWS CloudHSM is a service that provides customers with dedicated hardware security modules (HSMs) to create, control, and manage their own cryptographic keys in the AWS Cloud. AWS CloudHSM allows customers to meet strict regulatory compliance requirements for data security, such as FIPS 140-2 Level 3, PCI-DSS, and HIPAA. The other options are incorrect because they are not AWS services that enable the security engineer to meet the requirements. AWS Key Management Service (AWS KMS) is a service that provides customers with a fully managed, scalable, and integrated key management system to create and control encryption keys for AWS services and applications. AWS KMS does not provide customers with single-tenant or dedicated HSMs. AWS Certificate Manager (ACM) is a service that provides customers with a simple and secure way to provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources. ACM does not provide customers with HSMs or cryptographic keys. AWS Systems Manager is a service that provides customers with a unified user interface to view operational data from multiple AWS services and automate operational tasks across their AWS resources. AWS Systems Manager does not provide customers with HSMs or cryptographic keys. Reference: AWS CloudHSM FAQs

NEW QUESTION 16

A developer wants to deploy an application quickly on AWS without manually creating the required resources. Which AWS service will meet these requirements?

• A. Amazon EC2
• B. AWS Elastic Beanstalk
• C. AWS CodeBuild
• D. Amazon Personalize

Answer: B

Explanation:
AWS Elastic Beanstalk is a service that allows you to deploy and manage applications on AWS without manually creating and configuring the required resources, such as EC2 instances, load balancers, security groups, databases, and more. AWS Elastic Beanstalk automatically handles the provisioning, scaling, load balancing, health monitoring, and updating of your application, while giving you full control over the underlying AWS resources if needed. AWS Elastic Beanstalk supports a variety of platforms and languages, such as Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker. You can use the AWS Management Console, the AWS CLI, the AWS SDKs, or the AWS Elastic Beanstalk API to create and manage your applications. You can also use AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, and AWS CodePipeline to integrate AWS Elastic Beanstalk with your development and deployment workflows12

NEW QUESTION 17

Which AWS services or features can control VPC traffic? (Select TWO.)

• A. Security groups
• B. AWS Direct Connect
• C. Amazon GuardDuty
• D. Network ACLs
• E. Amazon Connect

Answer: AD

Explanation:
The AWS services or features that can control VPC traffic are security groups and network ACLs. Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level. You can associate one network ACL with each subnet in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. AWS Direct Connect, Amazon GuardDuty, and Amazon Connect are not services or features that can control VPC traffic. AWS Direct Connect is a service that establishes a dedicated network connection between your premises and AWS. Amazon GuardDuty is a service that monitors your AWS account and workloads for malicious or unauthorized activity. Amazon Connect is a service that provides a cloud-based contact center solution.

NEW QUESTION 18
......