CLF-C02 Exam - AWS Certified Cloud Practitioner

NEW QUESTION 1

A company wants to design a reliable web application that is hosted on Amazon EC2. Which approach will achieve this goal?

• A. Launch large EC2 instances in the same Availability Zone.
• B. Spread EC2 instances across more than one security group.
• C. Spread EC2 instances across more than one Availability Zone.
• D. Use an Amazon Machine Image (AMI) from AWS Marketplace.

Answer: C

Explanation:
The approach that will achieve the goal of designing a reliable web application that is hosted on Amazon EC2 is to spread EC2 instances across more than one Availability Zone. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. By spreading EC2 instances across multiple Availability Zones, users can increase the fault tolerance and availability of their web applications, as well as reduce latency for end users2. Launching large EC2 instances in the same Availability Zone, spreading EC2 instances across more
than one security group, or using an Amazon Machine Image (AMI) from AWS Marketplace are not sufficient to ensure reliability, as they do not provide redundancy or resilience in case of an outage in one Availability Zone.

NEW QUESTION 2

Which of the following is a fully managed MySQL-compatible database?

• A. Amazon S3
• B. Amazon DynamoDB
• C. Amazon Redshift
• D. Amazon Aurora

Answer: D

Explanation:
Amazon Aurora is a fully managed MySQL-compatible database that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Amazon Aurora is part of the Amazon Relational Database Service (Amazon RDS) family, which means it inherits the benefits of a fully managed service, such as automated backups, patches, scaling, monitoring, and security. Amazon Aurora also offers up to five times the throughput of
standard MySQL, as well as high availability, durability, and fault tolerance with up to 15 read replicas, cross-Region replication, and self-healing storage. Amazon Aurora is compatible with the latest versions of MySQL, as well as PostgreSQL, and supports various features and integrations that enhance its functionality and usability123 References: Amazon Aurora, Amazon RDS, AWS — Amazon Aurora Overview

NEW QUESTION 3

A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely.
Which AWS service or framework should the company use for operational support?

• A. AWS Support
• B. AWS Cloud Adoption Framework (AWS CAF)
• C. AWS Managed Services (AMS)
• D. AWS Well-Architected Framework

Answer: D

Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating workloads on AWS. It helps customers achieve operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. The framework is based on six pillars, each with its own design principles, best practices, and questions. Customers can use the framework to assess their current state, identify gaps, and implement improvements12.
AWS Support is a service that provides technical assistance, guidance, and resources for AWS customers. It offers different plans with varying levels of access to AWS experts, response times, and features3. AWS Support does not provide a comprehensive framework for operational support.
AWS Cloud Adoption Framework (AWS CAF) is a guidance tool that helps customers plan and execute their cloud migration journey. It provides a set of perspectives, capabilities, and best practices to align the business and technical aspects of cloud adoption4. AWS CAF does not focus on operational support for existing workloads on AWS.
AWS Managed Services (AMS) is a service that operates AWS infrastructure on behalf of customers. It provides a secure and compliant environment, automates common activities, and applies best practices for provisioning, patching, backup, recovery, and monitoring5. AMS does not provide a framework for customers to operate their own workloads on AWS.

NEW QUESTION 4

A company is setting up AWS Identity and Access Management (IAM) on an AWS account. Which recommendation complies with IAM security best practices?

• A. Use the account root user access keys for administrative tasks.
• B. Grant broad permissions so that all company employees can access the resources they need.
• C. Turn on multi-factor authentication (MFA) for added security during the login process.
• D. Avoid rotating credentials to prevent issues in production applications.

Answer: C

Explanation:
C is correct because turning on multi-factor authentication (MFA) for added security during the login process is one of the IAM security best practices recommended by AWS. MFA adds an extra layer of protection on top of the user name and password, making it harder for attackers to access the AWS account. A is incorrect because using the account root user access keys for administrative tasks is not a good practice, as the root user has full access to all the resources in the AWS account and can cause irreparable damage if compromised. AWS recommends creating individual IAM users with the least privilege principle and using roles for applications that run on Amazon EC2 instances. B is incorrect because granting broad permissions so that all company employees can access the resources they need is not a good practice, as it increases the risk of unauthorized or accidental actions on the AWS resources. AWS recommends granting only the permissions that are required to perform a task and using groups to assign permissions to IAM users. D is incorrect because avoiding rotating credentials to prevent issues in production applications is not a good practice, as it increases the risk of credential leakage or compromise. AWS recommends rotating credentials regularly and using temporary security credentials from AWS STS when possible.

NEW QUESTION 5

A company is reviewing its operating policies.
Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?

• A. Ensure that employees have access to all company data.
• B. Expand employees' permissions as they gain more experience.
• C. Grant all privileges and access to all users.
• D. Apply security requirements at all layers of a process.

Answer: D

Explanation:
Applying security requirements at all layers of a process is a policy that complies with guidance in the security pillar of the AWS Well-Architected Framework. The security pillar of the AWS Well-Architected Framework provides best practices for securing the user’s data and systems in the AWS Cloud. One of the design principles of the security pillar is to apply security at all layers, which means that the user should implement defense-in-depth strategies and avoid relying on a single security mechanism. For example, the user should use multiple security controls, such as encryption, firewalls, identity and access management, and logging and monitoring, to protect their data and resources at different layers.

NEW QUESTION 6

A developer needs to build an application for a retail company. The application must provide real-time product recommendations that are based on machine learning.
Which AWS service should the developer use to meet this requirement?

• A. AWS Health Dashboard
• B. Amazon Personalize
• C. Amazon Forecast
• D. Amazon Transcribe

Answer: B

Explanation:
Amazon Personalize is a fully managed machine learning service that customers can use to generate personalized recommendations for their users. It can also generate user segments based on the users’ affinity for certain items or item metadata. Amazon Personalize uses the customers’ data to train and deploy custom recommendation models that can be integrated into their applications. Therefore, the correct answer is B. You can learn more about Amazon Personalize and its use cases from this page.

NEW QUESTION 7

A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its applications.
Which AWS service should the company use to meet these requirements?

• A. Amazon DynamoDB
• B. Amazon EC2
• C. AWS Lambda
• D. Amazon RDS

Answer: B

Explanation:
Amazon EC2 is the AWS service that the company should use to meet its requirements of retaining full control of patch management for the guest operating systems that host its applications. Amazon EC2 is a service that provides secure, resizable compute capacity in the cloud. Users can launch virtual servers, called instances, that run various operating systems, such as Linux, Windows, macOS, and more. Users have full administrative access to their instances and can install and configure any software, including patches and updates, on their instances. Users are responsible for managing the security and maintenance of their instances, including patching the guest operating system and applications. Users can also use AWS Systems Manager to automate and simplify the patching process for their EC2 instances. AWS Systems Manager is a service that helps users manage their AWS and on-premises resources at scale. Users can use AWS Systems Manager Patch Manager to scan their instances for missing patches, define patch baselines and maintenance windows, and apply patches automatically or manually across their instances. Users can also use AWS Systems Manager to monitor the patch compliance status and patching history of their instances. References: What is Amazon EC2?, AWS Systems Manager Patch Manager

NEW QUESTION 8

A company wants to manage its AWS Cloud resources through a web interface. Which AWS service will meet this requirement?

• A. AWS Management Console
• B. AWS CLI
• C. AWS SDK
• D. AWS Cloud

Answer: A

Explanation:
AWS Management Console is a web application that allows you to manage and monitor your AWS Cloud resources through a user-friendly interface. You can use the AWS Management Console to access and experiment with over 150 AWS services, view and modify your account and billing information, get in-console help from AWS Support, and customize your dashboard with widgets that display key metrics and information for your applications567. You can also use the AWS Management Console to launch and configure AWS resources using wizards and templates, without writing any code5. References: 5: Manage AWS Resources - AWS Management Console -AWS, 6: Getting Started with the AWS Management Console, 7: Manage AWS Resources - AWS Management Console Features - AWS

NEW QUESTION 9

A company wants guidance to optimize the cost and performance of its current AWS environment.
Which AWS service or tool should the company use to identify areas for optimization?

• A. Amazon QuickSight
• B. AWS Trusted Advisor
• C. AWS Organizations
• D. AWS Budgets

Answer: B

Explanation:
AWS Trusted Advisor is the AWS service or tool that the company should use to identify areas for optimization. According to the AWS Trusted Advisor User Guide, “AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices. AWS Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits.” Amazon QuickSight, AWS Organizations, and AWS Budgets are not designed to provide optimization recommendations for the current AWS environment.

NEW QUESTION 10

According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)

• A. Network infrastructure and virtualization of infrastructure
• B. Security of application data
• C. Guest operating systems
• D. Physical security of hardware
• E. Credentials and policies

Answer: AD

Explanation:
The correct answers are A and D because network infrastructure and virtualization of infrastructure and physical security of hardware are AWS responsibilities according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are not AWS responsibilities according to the AWS shared responsibility model. Security of application data, guest operating systems, and credentials and policies are customer responsibilities according to the AWS shared responsibility model. Reference: [AWS Shared Responsibility Model]

NEW QUESTION 11

A company is launching a mobile app. The company wants customers to be able to use the app without upgrading their mobile devices.
Which pillar of the AWS Well-Architected Framework does this goal represent?

• A. Security
• B. Reliability
• C. Cost optimization
• D. Sustainability

Answer: C

Explanation:
Cost optimization is one of the five pillars of the AWS Well-Architected Framework. It focuses on avoiding unnecessary costs, understanding and controlling where money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.

NEW QUESTION 12

A company wants to migrate its on_premises workloads to the AWS Cloud. The company wants to separate workloads for chargeback to different departments.
Which AWS services or features will meet these requirements? (Select TWO.)

• A. Placement groups
• B. Consolidated billing
• C. Edge locations
• D. AWS Config
• E. Multiple AWS accounts

Answer: BE

Explanation:
Consolidated billing is a feature of AWS Organizations that enables customers to consolidate billing and payment for multiple AWS accounts. With consolidated billing, customers can group multiple AWS accounts under one payer account, making it easier to manage billing and track costs across multiple accounts. Consolidated billing also offers benefits such as volume discounts, Reserved Instance discounts, and Savings Plans discounts. Consolidated billing is offered at no additional cost.
Multiple AWS accounts is a feature of AWS Organizations that enables customers to create and manage multiple AWS accounts from a central location. With multiple AWS accounts, customers can isolate workloads for different departments, projects, or environments, and apply granular access controls and policies to each account. Multiple AWS accounts also helps customers improve security, compliance, and governance of their AWS resources56. References: 5: Consolidated billing for AWS Organizations - AWS
Billing, 6: Understanding Consolidated Bills - AWS Billing, 7: AWS Consolidated Billing: Tutorial & Best Practices, 8: Simplifying Your Bills With Consolidated Billing on AWS - Aimably, 9: AWS Consolidated Billing - W3Schools

NEW QUESTION 13

Which activity can companies complete by using AWS Organizations?

• A. Troubleshoot the performance of applications.
• B. Manage service control policies (SCPs).
• C. Migrate applications to microservices.
• D. Monitor the performance of applications.

Answer: B

Explanation:
Managing service control policies (SCPs) is an activity that companies can complete by using AWS Organizations. AWS Organizations is a service that enables the user to consolidate multiple AWS accounts into an organization that can be managed as a single unit. AWS Organizations allows the user to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access in the accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization into a single bill3.

NEW QUESTION 14

A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use?

• A. AWS Config
• B. AWS Secrets Manager
• C. AWS CloudTrail
• D. AWS Trusted Advisor

Answer: A

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This can help you simplify compliance auditing,
security analysis, change management, and operational troubleshooting1.

NEW QUESTION 15

A large company has multiple departments. Each department has its own AWS account. Each department has purchased Amazon EC2 Reserved Instances. Some departments do not use all the Reserved Instances that they purchased, and other departments need more Reserved Instances than they purchased.
The company needs to manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.
Which AWS service or tool should the company use to meet these requirements?

• A. AWS Systems Manager
• B. Cost Explorer
• C. AWS Trusted Advisor
• D. AWS Organizations

Answer: D

Explanation:
AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. With AWS Organizations, you can apply service control policies (SCPs) across multiple AWS accounts to restrict what services and actions users and roles can access. You can also use AWS Organizations to enable features such as consolidated billing, AWS Config rules and conformance packs, and AWS CloudFormation StackSets across multiple accounts3. One of the benefits of using AWS Organizations is that you can share your Reserved Instances (RIs) with all of the accounts in your organization. This enables you to take advantage of the billing benefits of RIs without having to specify which account will use them4. AWS Systems Manager is a service that gives you visibility and control of your infrastructure on AWS. Cost Explorer is a tool that enables you to visualize, understand, and manage your AWS costs and usage over time. AWS Trusted Advisor is a service that provides real-time guidance to help you provision your resources following AWS best practices. None of these services or tools can help you manage the AWS accounts for all the departments so that the departments can share the Reserved Instances.

NEW QUESTION 16

Which option is an advantage of AWS Cloud computing that minimizes variable costs?

• A. High availability
• B. Economies of scale
• C. Global reach
• D. Agility

Answer: B

Explanation:
One of the advantages of AWS Cloud computing is that it minimizes variable costs by leveraging economies of scale. This means that AWS can achieve lower costs per unit of computing resources by spreading the fixed costs of building and maintaining data centers over a large number of customers. As a result, AWS can offer lower and more predictable prices to its customers, who only pay for the resources they consume.
Therefore, the correct answer is B. You can learn more about AWS pricing and economies of scale from this page.

NEW QUESTION 17

A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis.
Which AWS service should the company use to run these queries in the MOST cost- effective manner?

• A. Amazon Redshift
• B. Amazon Athena
• C. Amazon Kinesis
• D. Amazon RDS

Answer: B

Explanation:
Amazon Athena is a serverless, interactive analytics service that allows users to run SQL queries on data stored in Amazon S3. It is ideal for occasional queries on large datasets, as it does not require any server provisioning, configuration, or management. Users only pay for the queries they run, based on the amount of data scanned. Amazon Athena supports various data formats, such as CSV, JSON, Parquet, ORC, and Avro, and integrates with AWS Glue Data Catalog to create and manage schemas. Amazon Athena also supports querying data from other sources, such as on- premises or other cloud systems, using data connectors1.
Amazon Redshift is a fully managed data warehouse service that allows users to run complex analytical queries on petabyte-scale data. However, it requires users to provision and maintain clusters of nodes, and pay for the storage and compute capacity they use. Amazon Redshift is more suitable for frequent and consistent queries on structured or semi-structured data2.
Amazon Kinesis is a platform for streaming data on AWS, enabling users to collect, process, and analyze real-time data. It is not designed for querying data stored in Amazon S3. Amazon Kinesis consists of four services: Kinesis Data Streams, Kinesis Data Firehose, Kinesis Data Analytics, and Kinesis Video Streams3.
Amazon RDS is a relational database service that provides six database engines: Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and SQL Server. It simplifies database administration tasks such as backup, patching, scaling, and replication. However, it is not optimized for querying data stored in Amazon S3. Amazon RDS is more suitable for transactional workloads that require high performance and availability4.
References:
✑ Interactive SQL - Serverless Query Service - Amazon Athena - AWS
✑ [Amazon Redshift – Data Warehouse Solution - AWS]
✑ [Amazon Kinesis - Streaming Data Platform - AWS]
✑ [Amazon Relational Database Service (RDS) – AWS]

NEW QUESTION 18
......