CLF-C02 Exam - AWS Certified Cloud Practitioner

NEW QUESTION 1

Which option is AWS responsible for under the AWS shared responsibility model?

• A. Network and firewall configuration
• B. Client-side data encryption
• C. Management of user permissions
• D. Hardware and infrastructure

Answer: D

Explanation:
Hardware and infrastructure is the option that AWS is responsible for under the AWS shared responsibility model. The AWS shared responsibility model describes how AWS and customers share responsibilities for security and compliance in the cloud. AWS is responsible for security of the cloud, which means protecting the infrastructure that runs all the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. Customers are responsible for security in the cloud, which means taking care of the security of their own applications, data, and operating systems. This includes network and firewall configuration,
client-side data encryption, management of user permissions, and more.

NEW QUESTION 2

According to the AWS shared responsibility model, which task is the customer's responsibility?

• A. Maintaining the infrastructure needed to run AWS Lambda
• B. Updating the operating system of Amazon DynamoDB instances
• C. Maintaining Amazon S3 infrastructure
• D. Updating the guest operating system on Amazon EC2 instances

Answer: D

Explanation:
The AWS shared responsibility model describes the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the hardware, software, networking, and facilities that run AWS services. The customer is responsible for security in the cloud, which includes the customer data, applications, operating systems, and network and firewall configurations. Therefore, updating the guest operating system on Amazon EC2 instances is the customer’s responsibility2

NEW QUESTION 3

A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.
Which AWS service or resource will meet these requirements with the LEAST management overhead?

• A. PostgreSQL on Amazon EC2
• B. Amazon RDS for PostgreSQL
• C. Amazon Aurora PostgreSQL-Compatible Edition
• D. Amazon Aurora Serverless

Answer: D

Explanation:
Amazon Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora PostgreSQL-Compatible Edition. It is a fully managed service that automatically scales up and down based on the application’s actual needs. Amazon Aurora Serverless is suitable for applications that have infrequent, intermittent, or unpredictable database workloads, and that do not require the full power and range of options provided by provisioned Aurora clusters. Amazon Aurora Serverless eliminates the need to provision and manage database instances, and reduces the management overhead associated with database administration tasks such as scaling, patching, backup, and recovery. References: Amazon Aurora Serverless, Choosing between Aurora Serverless and provisioned Aurora DB clusters, [AWS Cloud Practitioner Essentials: Module 4 - Databases in the Cloud]

NEW QUESTION 4

Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO.)

• A. Availability
• B. Reliability
• C. Scalability
• D. Responsive design
• E. Operational excellence

Answer: BE

Explanation:
The correct answers to the questions are B and E because reliability and operational excellence are pillars of the AWS Well-Architected Framework. The AWS Well- Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The AWS Well- Architected Framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. Each pillar has a set of design principles that describe the characteristics of a well-architected system. Reliability is the pillar that focuses on the ability of a system to recover from failures and meet business and customer demand. Operational excellence is the pillar that focuses on the ability of a system to run and monitor processes that support business outcomes and continually improve. The other options are incorrect because they are not pillars of the AWS Well-Architected Framework. Availability, scalability, and responsive design are important aspects of cloud architecture, but they are not separate pillars in the framework. Availability and scalability are related to the reliability and performance efficiency pillars, while responsive design is related to the customer experience and user interface. Reference: AWS Well-Architected Framework

NEW QUESTION 5

What is a characteristic of Convertible Reserved Instances (RIs)?

• A. Users can exchange Convertible RIs for other Convertible RIs from a different instance family.
• B. Users can exchange Convertible RIs for other Convertible RIs in different AWS Regions.
• C. Users can sell and buy Convertible RIs on the AWS Marketplace.
• D. Users can shorten the term of their Convertible RIs by merging them with other Convertible RIs.

Answer: A

Explanation:
Convertible Reserved Instances (RIs) are a type of Reserved Instance that allow you to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. You can exchange Convertible RIs for other Convertible RIs from a different instance family, size, platform, tenancy, or scope (Region or Availability Zone)3.

NEW QUESTION 6

A company simulates workflows to review and validate that all processes are effective and that staff are familiar with the processes.
Which design principle of the AWS Well-Architected Framework is the company following with this practice?

• A. Perform operations as code.
• B. Refine operation procedures frequently.
• C. Make frequent, small, reversible changes.
• D. Structure the company to support business outcomes.

Answer: B

Explanation:
Refine operation procedures frequently is one of the design principles of the operational excellence pillar of the AWS Well-Architected Framework. It means that users should continuously review and validate their operational processes to ensure that they are effective and that staff are familiar with them. It also means that users should identify and address any gaps or issues in their processes, and incorporate feedback and lessons learned from operational events5. Perform operations as code is another design principle of the operational excellence pillar, which means that users should automate and script their operational tasks to reduce human error and enable consistent and repeatable execution. Make frequent, small, reversible changes is a design principle of the reliability pillar, which means that users should deploy changes in small increments that can be easily tested and rolled back if necessary. Structure the company to support business outcomes is a design principle of the performance efficiency pillar, which means that users should align their organizational structure and culture with their business goals and cloud strategy.

NEW QUESTION 7

A company wants to host its relational databases on AWS. The databases have predefined schemas that the company needs to replicate on AWS.
Which AWS services could the company use for the databases? (Select TWO.)

• A. Amazon Aurora
• B. Amazon RDS
• C. Amazon DocumentDB (with MongoDB compatibility)
• D. Amazon Neptune
• E. Amazon DynamoDB

Answer: AB

Explanation:
The correct answers are A and B because Amazon Aurora and Amazon RDS are AWS services that the company could use for the relational databases. Amazon Aurora is a relational database that is compatible with MySQL and PostgreSQL. Amazon Aurora is a fully managed, scalable, and high-performance service that offers up to five times the throughput of standard MySQL and up to three times the throughput of standard PostgreSQL. Amazon RDS is a service that enables users to set up, operate, and scale relational databases in the cloud. Amazon RDS supports six popular database engines: MySQL, PostgreSQL, Oracle, SQL Server, MariaDB, and Amazon Aurora. The other options are incorrect because they are not AWS services that the company could use for the relational databases. Amazon DocumentDB (with MongoDB compatibility) is a document database that is compatible with MongoDB. Amazon Neptune is a graph database that supports property graph and RDF models. Amazon DynamoDB is a key- value and document database. Reference: Amazon Aurora, Amazon RDS

NEW QUESTION 8

Which of the following are advantages of the AWS Cloud? (Select TWO.)

• A. Trade variable expenses for capital expenses
• B. High economies of scale
• C. Launch globally in minutes
• D. Focus on managing hardware infrastructure
• E. Overprovision to ensure capacity

Answer: BC

Explanation:
The correct answers are B and C because they are advantages of the AWS Cloud. High economies of scale means that AWS can achieve lower variable costs than customers can get on their own. Launch globally in minutes means that AWS has a global infrastructure that allows customers to deploy their applications and data across multiple regions and availability zones. The other options are incorrect because they are not advantages of the AWS Cloud. Trade variable expenses for capital expenses means that customers have to invest heavily in data centers and servers before they know how they will use them. Focus on managing hardware infrastructure means that customers have to spend time and money on maintaining and upgrading their physical resources. Overprovision to ensure capacity means that customers have to pay for more resources than they actually need to avoid performance issues. Reference: What is Cloud Computing?

NEW QUESTION 9

Which AWS service can a company use to visually design and build serverless applications?

• A. AWS Lambda
• B. AWS Batch
• C. AWS Application Composer
• D. AWS App Runner

Answer: C

Explanation:
AWS Application Composer is a service that allows users to visually design and build serverless applications. Users can drag and drop components, such as AWS Lambda functions, Amazon API Gateway endpoints, Amazon DynamoDB tables, and Amazon S3 buckets, to create a serverless application architecture. Users can also configure the properties, permissions, and dependencies of each component, and deploy the application to their AWS account with a few clicks. AWS Application Composer simplifies the design and configuration of serverless applications, and reduces the need to write code or use AWS CloudFormation templates. References: AWS Application Composer, AWS releases Application Composer to make serverless ‘easier’ but initial scope is limited

NEW QUESTION 10

Which task is a customer's responsibility, according to the AWS shared responsibility model?

• A. Management of the guest operating systems
• B. Maintenance of the configuration of infrastructure devices
• C. Management of the host operating systems and virtualization
• D. Maintenance of the software that powers Availability ZonesA company has refined its workload to use specific AWS services to improve efficiency and reduce cost.

Answer: A

Explanation:
Management of the guest operating systems is a customer’s responsibility, according to the AWS shared responsibility model. The AWS shared responsibility model defines the different security and compliance responsibilities of AWS and the customer. AWS is responsible for the security of the cloud, which includes the physical infrastructure, hardware, software, and facilities that run the AWS Cloud. The customer is responsible for security in the cloud, which includes the configuration and management of the guest operating systems, applications, data, and network traffic protection

NEW QUESTION 11

Which of the following are components of an AWS Site-to-Site VPN connection? (Select TWO.)

• A. AWS Storage Gateway
• B. Virtual private gateway
• C. NAT gateway
• D. Customer gateway
• E. Internet gateway

Answer: BD

Explanation:
The correct answers are B and D because a virtual private gateway and a customer gateway are components of an AWS Site-to-Site VPN connection. A virtual private gateway is the AWS side of the VPN connection that attaches to the customer’s VPC. A customer gateway is the customer side of the VPN connection that resides in the customer’s network. The other options are incorrect because they are not components of an AWS Site-to-Site VPN connection. AWS Storage Gateway is a service that connects on- premises software applications with cloud-based storage. NAT gateway is a service that enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. Internet gateway is a service that enables communication between instances in a VPC and the internet. Reference: [What is AWS Site-to-Site VPN?]

NEW QUESTION 12

Which AWS Well-Architected Framework concept represents a system's ability to remain functional when the system encounters operational problems?

• A. Consistency
• B. Elasticity
• C. Durability
• D. Latency

Answer: B

Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating systems in the cloud. The framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. The concept of elasticity represents a system’s ability to adapt to changes in demand by scaling resources up or down automatically. Therefore, the correct answer is B. You can learn more about the AWS Well-Architected Framework and its pillars from this page.

NEW QUESTION 13

Which task is the responsibility of AWS when using AWS services?

• A. Management of IAM user permissions
• B. Creation of security group rules for outbound access
• C. Maintenance of physical and environmental controls
• D. Application of Amazon EC2 operating system patches

Answer: C

Explanation:
AWS is responsible for maintaining the physical and environmental controls of the AWS Cloud, such as power, cooling, fire suppression, and physical security1. The customer is responsible for managing the IAM user permissions, creating security group rules for outbound access, applying Amazon EC2 operating system patches, and other aspects of security in the cloud1.

NEW QUESTION 14

A company wants to access a report about the estimated environmental impact of the company's AWS usage.
Which AWS service or feature should the company use to meet this requirement?

• A. AWS Organizations
• B. IAM policy
• C. AWS Billing console
• D. Amazon Simple Notification Service (Amazon SNS)

Answer: C

Explanation:
The company should use the AWS Billing console to access a report about the estimated environmental impact of the company’s AWS usage. The AWS Billing console provides customers with various tools and reports to manage and monitor their AWS costs and usage. One of the reports available in the AWS Billing console is the AWS Sustainability Dashboard, which shows the estimated carbon footprint and energy mix of the customer’s AWS usage. The company can use this dashboard to measure and improve the sustainability of their cloud workloads. AWS Organizations, IAM policy, and Amazon Simple Notification Service (Amazon SNS) are not services or features that can provide a report about the estimated environmental impact of the company’s AWS usage. AWS Organizations is a service that enables customers to centrally manage and govern their AWS accounts. IAM policy is a document that defines the permissions for an IAM identity (user, group, or role) or an AWS resource. Amazon SNS is a fully managed pub/sub messaging service that enables customers to send messages to subscribers or other AWS services.

NEW QUESTION 15

A company wants to establish a security layer in its VPC that will act as a firewall to control subnet traffic.
Which AWS service or feature will meet this requirement?

• A. Routing tables
• B. Network access control lists (network ACLs)
• C. Security groups
• D. Amazon GuardDuty

Answer: C

Explanation:
Security groups are the service or feature that meets the requirement of establishing a security layer in a VPC that will act as a firewall to control subnet traffic. Security groups are stateful firewalls that control the inbound and outbound traffic at the instance level. You can assign one or more security groups to each instance in a VPC, and specify the rules that allow or deny traffic based on the protocol, port, and source or destination. Security groups are associated with network interfaces, and therefore apply to all the instances in the subnets that use those network interfaces. Routing tables are used to direct traffic between subnets and gateways, not to filter traffic. Network ACLs are stateless firewalls that control the inbound and outbound traffic at the subnet level, but they are less granular and more cumbersome to manage than security groups. Amazon GuardDuty is a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity, not a firewall service.

NEW QUESTION 16

Which options are common stakeholders for the AWS Cloud Adoption Framework (AWS CAF) platform perspective? (Select TWO.)

• A. Chief financial officers (CFOs)
• B. IT architects
• C. Chief information officers (CIOs)
• D. Chief data officers (CDOs)
• E. Engineers

Answer: BE

Explanation:
The common stakeholders for the AWS Cloud Adoption Framework (AWS CAF) platform perspective are IT architects and engineers. The AWS CAF is a guidance that helps organizations design and travel an accelerated path to successful cloud adoption. The AWS CAF organizes the cloud adoption process into six areas of focus, called perspectives, which are business, people, governance, platform, security, and operations. Each perspective is divided into capabilities, which are further divided into skills and responsibilities. The platform perspective focuses on the provisioning and management of the cloud infrastructure and services that support the business applications. The platform perspective capabilities are design, implementation, and optimization. The stakeholders for the platform perspective are the IT architects and engineers who are responsible for designing, implementing, and optimizing the cloud platform. Chief financial officers (CFOs), chief information officers (CIOs), and chief data officers (CDOs) are not the common stakeholders for the AWS CAF platform perspective. CFOs are the common stakeholders for the AWS CAF business perspective, which focuses on the value realization of the cloud adoption. CIOs are the common stakeholders for the AWS CAF governance perspective, which focuses on the alignment of the IT strategy and processes with the business strategy and goals. CDOs are the common stakeholders for the AWS CAF security perspective, which focuses on the protection of the information assets and systems in the cloud.

NEW QUESTION 17

Which mechanism allows developers to access AWS services from application code?

• A. AWS Software Development Kit
• B. AWS Management Console
• C. AWS CodePipeline
• D. AWS Config

Answer: A

Explanation:
AWS Software Development Kit (SDK) is a set of platform-specific building tools for developers. It allows developers to access AWS services from application code using familiar programming languages. It provides pre-built components and libraries that can be incorporated into applications, as well as tools to debug, monitor, and optimize performance2. References: What is SDK? - SDK Explained - AWS

NEW QUESTION 18
......