CLF-C02 Exam - AWS Certified Cloud Practitioner

NEW QUESTION 1

Which AWS services or features can a company use to connect the network of its on- premises data center to AWS? (Select TWO.)

• A. AWS VPN
• B. AWS Directory Service
• C. AWS Data Pipeline
• D. AWS Direct Connect
• E. AWS CloudHSM

Answer: AD

Explanation:
AWS VPN and AWS Direct Connect are two services that enable customers to connect their on-premises data center network to the AWS Cloud. AWS VPN establishes a secure and encrypted connection over the public internet, while AWS Direct Connect establishes a dedicated and private connection through a partner network. You can learn more about AWS VPN from [this webpage] or [this digital course]. You can learn more about AWS Direct Connect from [this webpage] or [this digital course].

NEW QUESTION 2

A company needs to securely store important credentials that an application uses to connect users to a database.
Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?

• A. AWS Key Management Service (AWS KMS)
• B. AWS Config
• C. AWS Secrets Manager
• D. Amazon GuardDuty

Answer: C

Explanation:
AWS Secrets Manager is a service that helps you protect secrets needed to access your applications, services, and IT resources. You can use AWS Secrets Manager to store, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. AWS Secrets Manager eliminates the need to hardcode sensitive information in plain text, and reduces the risk of unauthorized access or leakage. AWS Secrets Manager also integrates with other AWS services, such as AWS Lambda, Amazon RDS, and AWS CloudFormation, to simplify the management of secrets across your environment5

NEW QUESTION 3

A company needs a graph database service that is scalable and highly available.
Which AWS service meets these requirements?

• A. Amazon Aurora
• B. Amazon Redshift
• C. Amazon DynamoDB
• D. Amazon Neptune

Answer: D

Explanation:
The AWS service that meets the requirements of providing a graph database service that is scalable and highly available is Amazon Neptune. Amazon Neptune is a fast, reliable, and fully managed graph database service that supports property graph and RDF graph models. Amazon Neptune is designed to store billions of relationships and query the graph with milliseconds latency. Amazon Neptune also offers high availability and durability by replicating six copies of the data across three Availability Zones and continuously backing up the data to Amazon S35. Amazon Aurora, Amazon Redshift, and Amazon DynamoDB are other AWS services that provide relational or non- relational database solutions, but they do not support graph database models.

NEW QUESTION 4

Which AWS service uses a combination of publishers and subscribers?

• A. AWS Lambda
• B. Amazon Simple Notification Service (Amazon SNS)
• C. Amazon CloudWatch
• D. AWS CloudFormation

Answer: B

Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 5

A company is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads.
Which AWS tool will meet these requirements?

• A. AWS Budgets
• B. AWS Cost Explorer
• C. AWS Pricing Calculator
• D. AWS Cost and Usage Report

Answer: C

Explanation:
The AWS tool that will meet the requirements of the company that is planning a migration to the AWS Cloud and wants to examine the costs that are associated with different workloads is AWS Pricing Calculator. AWS Pricing Calculator is a tool that helps customers estimate the cost of using AWS services based on their requirements and preferences. The company can use AWS Pricing Calculator to compare the costs of different AWS services and configurations, such as Amazon EC2, Amazon S3, Amazon RDS, and more. AWS Pricing Calculator also provides detailed breakdowns of the cost components, such as compute, storage, network, and data transfer. AWS Pricing Calculator helps customers plan and optimize their cloud budget and migration strategy. AWS Budgets, AWS Cost Explorer, and AWS Cost and Usage Report are not the best tools to use for this purpose. AWS Budgets is a tool that helps customers monitor and manage their AWS spending and usage against predefined budget limits and thresholds. AWS Cost Explorer is a tool that helps customers analyze and visualize their AWS spending and usage trends over time. AWS Cost and Usage Report is a tool that helps customers access comprehensive and granular information about their AWS costs and usage in a CSV or Parquet file. These tools are more useful for tracking and optimizing the existing AWS costs and usage, rather than estimating the costs of different workloads34

NEW QUESTION 6

Which AWS service or feature offers security for a VPC by acting as a firewall to control traffic in and out of subnets?

• A. AWS Security Hub
• B. Security groups
• C. Network ACL
• D. AWSWAF

Answer: C

Explanation:
A network access control list (network ACL) is a feature that acts as a firewall for controlling traffic in and out of one or more subnets in a virtual private cloud (VPC). Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols1. AWS Security Hub is a service that provides a comprehensive view of the security posture of AWS accounts and resources2. Security groups are features that act as firewalls for controlling traffic at the instance level3. AWS WAF is a web application firewall that helps protect web applications from common web exploits4.

NEW QUESTION 7

A company has an application that runs periodically in an on-premises environment. The application runs for a few hours most days, but runs for 8 hours a day for a week at the end of each month.
Which AWS service or feature should be used to host the application in the AWS Cloud?

• A. Amazon EC2 Standard Reserved Instances
• B. Amazon EC2 On-Demand Instances
• C. AWS Wavelength
• D. Application Load Balancer

Answer: B

Explanation:
Amazon EC2 On-Demand Instances are instances that let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs. On-Demand Instances are suitable for applications with short-term, irregular, or unpredictable workloads that cannot be interrupted, such as periodic applications that run for a few hours most days, but run for 8 hours a day for a week at the end of each month2. Amazon EC2 Standard Reserved Instances are instances that provide you with a significant discount (up to 75%) compared to On-Demand Instance pricing. In exchange, you select a term and make an upfront payment to reserve a certain amount of compute capacity for that term. Reserved Instances are suitable for applications with steady state or predictable usage that require reserved capacity3. AWS Wavelength is a service that enables developers to build applications that deliver ultra-low latency to mobile devices and users by deploying AWS compute and storage at the edge of the 5G network. Wavelength is suitable for applications that require single-digit millisecond latencies, such as game and live video streaming, machine learning inference at the edge, and augmented and virtual reality (AR/VR). Application Load Balancer is a service that operates at the request level (layer 7) and distributes incoming application traffic across multiple targets, such as EC2 instances, containers, Lambda functions, and IP addresses. Application Load Balancer is suitable for applications that need advanced routing capabilities, such as microservices or container-based architectures.

NEW QUESTION 8

Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?

• A. Data architecture
• B. Event management
• C. Cloud fluency
• D. Strategic partnership

Answer: C

Explanation:
Cloud fluency is a capability that belongs to the people perspective of the AWS Cloud Adoption Framework (AWS CAF). Cloud fluency is the ability of the workforce to understand the benefits, challenges, and best practices of cloud computing, and to apply them to their roles and responsibilities. Cloud fluency helps the organization to adopt a cloud mindset, culture, and skills, and to leverage the full potential of the cloud. Cloud fluency can be achieved through various methods, such as training, certification, mentoring, coaching, and hands-on experience. Cloud fluency is one of the four capabilities of the people perspective, along with culture, organizational structure, and leadership. The other three capabilities belong to different perspectives of the AWS CAF. Data architecture is a capability of the platform perspective, which helps you design and implement data solutions that meet your business and technical requirements. Event management is a capability of the operations perspective, which helps you monitor and respond to events that affect the availability, performance, and security of your cloud resources. Strategic partnership is a capability of the business perspective, which helps you establish and maintain relationships with external stakeholders, such as customers, partners, suppliers,
and regulators, to create value and achieve your business goals. References: AWS Cloud Adoption Framework: People Perspective, AWS CAF - Cloud Adoption Framework - W3Schools

NEW QUESTION 9

A company wants to integrate natural language processing (NLP) into business intelligence (Bl) dashboards. The company wants to ask questions and receive answers with relevant visualizations.
Which AWS service or tool will meet these requirements?

• A. Amazon Macie
• B. Amazon Rekognition
• C. Amazon QuickSight Q
• D. Amazon Lex

Answer: C

Explanation:
Amazon QuickSight Q is a natural language query feature that lets you ask questions about your data using everyday language and get answers in seconds. You can type questions such as “What are the total sales by region?” or “How did marketing campaign A perform?” and get answers in the form of relevant visualizations, such as charts or tables. You can also use Q to drill down into details, filter data, or perform calculations. Q uses machine learning to understand your data and your intent, and provides suggestions and feedback to help you refine your questions.

NEW QUESTION 10

Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)

• A. Performance and capacity management
• B. Data engineering
• C. Continuous integration and continuous delivery (CI/CD)
• D. Infrastructure protection
• E. Change and release management

Answer: BC

Explanation:
These are two of the seven capabilities that are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF). The platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions1. The other five capabilities are:
✑ Platform architecture – Establish and maintain guidelines, principles, patterns, and guardrails for your cloud environment.
✑ Platform engineering – Build a compliant multi-account cloud environment with enhanced security features, and packaged, reusable cloud products.
✑ Platform operations – Manage and optimize your cloud environment with automation, monitoring, and incident response.
✑ Application development – Develop and deploy cloud-native applications using modern architectures and best practices.
✑ Application migration – Migrate your existing applications to the cloud using proven methodologies and tools.
Performance and capacity management, infrastructure protection, and change and release management are not capabilities of the platform perspective. They are part of the operations perspective, which helps you achieve operational excellence in the cloud2. The operations perspective comprises six capabilities:
✑ Performance and capacity management – Monitor and optimize the performance and capacity of your cloud workloads.
✑ Infrastructure protection – Protect your cloud infrastructure from unauthorized access, malicious attacks, and data breaches.
✑ Change and release management – Manage changes and releases to your cloud workloads using automation and governance.
✑ Configuration management – Manage the configuration of your cloud resources and applications using automation and version control.
✑ Incident management – Respond to incidents affecting your cloud workloads using best practices and tools.
✑ Service continuity management – Ensure the availability and resilience of your cloud workloads using backup, recovery, and disaster recovery strategies.

NEW QUESTION 11

A company deploys its application on Amazon EC2 instances. The application occasionally experiences sudden increases in demand. The company wants to ensure that its application can respond to changes in demand at the lowest possible cost.
Which AWS service or tool will meet these requirements?

• A. AWS Auto Scaling
• B. AWS Compute Optimizer
• C. AWS Cost Explorer
• D. AWS Well-Architected Framework

Answer: A

Explanation:
AWS Auto Scaling is the AWS service or tool that will meet the requirements of ensuring that the application can respond to changes in demand at the lowest possible cost. AWS Auto Scaling allows users to automatically adjust the number of Amazon EC2 instances based on the application’s performance and availability needs. AWS Auto Scaling can also optimize costs by helping users select the most cost-effective EC2 instances for their application1

NEW QUESTION 12

A company wants to create multiple isolated networks in the same AWS account. Which AWS service or component will provide this functionality?

• A. AWS Transit Gateway
• B. Internet gateway
• C. Amazon VPC
• D. Amazon EC2

Answer: C

Explanation:
Amazon Virtual Private Cloud (Amazon VPC) is the AWS service that allows customers to create multiple isolated networks in the same AWS account. A VPC is a logically isolated section of the AWS Cloud where customers can launch AWS resources in a virtual network that they define. Customers can create multiple VPCs within an AWS account, each with its own IP address range, subnets, route tables, security groups, network access control lists, gateways, and other components. AWS Transit Gateway, Internet gateway, and Amazon EC2 are not services or components that provide the functionality of creating multiple isolated networks in the same AWS account. AWS Transit Gateway is a service that enables customers to connect their Amazon VPCs and their on- premises networks to a single gateway. An Internet gateway is a component that enables communication between instances in a VPC and the Internet. Amazon EC2 is a service that provides scalable compute capacity in the cloud34

NEW QUESTION 13

A company has a large number of Linux Amazon EC2 instances across several Availability Zones in an AWS Region. Applications that run on the EC2 instances need access to a common set of files.
Which AWS service or device should the company use to meet this requirement?

• A. AWS Backup
• B. Amazon Elastic File System (Amazon EFS)
• C. Amazon Elastic Block Store (Amazon EBS)
• D. AWS Snowball Edge Storage Optimized

Answer: B

Explanation:
Amazon Elastic File System (Amazon EFS) is a service that provides a scalable and elastic file system for Linux-based workloads. It can be mounted on multiple Amazon EC2 instances across different Availability Zones within a region, allowing applications to access a common set of files1. AWS Backup is a service that provides a centralized and automated way to back up data across AWS services. Amazon Elastic Block Store (Amazon EBS) is a service that provides persistent block storage volumes for Amazon EC2 instances. AWS Snowball Edge Storage Optimized is a device that provides a petabyte-scale data transport and edge computing solution.

NEW QUESTION 14

A company is using Amazon DynamoDB for its application database.
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)

• A. Classify data.
• B. Configure access permissions.
• C. Manage encryption options.
• D. Provide public endpoints to store and retrieve data.
• E. Manage the infrastructure layer and the operating system.

Answer: DE

Explanation:
According to the AWS shared responsibility model, AWS is responsible for security of the cloud, while customers are responsible for security in the cloud. This means that AWS is responsible for protecting the infrastructure that runs AWS services, such as hardware, software, networking, and facilities. Customers are responsible for managing their data, classifying their assets, and using IAM tools to apply the appropriate permissions. For abstracted services, such as Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and provides customers with public endpoints to store and retrieve data. Customers are responsible for classifying their data, managing their encryption options, and configuring their access permissions. References: Shared Responsibility Model, Security and compliance in Amazon DynamoDB, [AWS Cloud Practitioner Essentials: Module 2 - Security in the Cloud]

NEW QUESTION 15

Which AWS service will help a company identify the user who deleted an Amazon EC2 instance yesterday?

• A. Amazon CloudWatch
• B. AWS Trusted Advisor
• C. AWS CloudTrail
• D. Amazon Inspector

Answer: C

Explanation:
The correct answer is C because AWS CloudTrail is a service that will help a company identify the user who deleted an Amazon EC2 instance yesterday. AWS CloudTrail is a service that enables users to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Users can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not services that will help a company identify the user who deleted an Amazon EC2 instance yesterday. Amazon CloudWatch is a service that enables users to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Trusted Advisor is a service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps users find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: AWS CloudTrail FAQs

NEW QUESTION 16

Which duties are the responsibility of a company that is using AWS Lambda? (Select TWO.)

• A. Security inside of code
• B. Selection of CPU resources
• C. Patching of operating system
• D. Writing and updating of code
• E. Security of underlying infrastructure

Answer: AD

Explanation:
The duties that are the responsibility of a company that is using AWS Lambda are security inside of code and writing and updating of code. AWS Lambda is a serverless compute service that allows you to run code without provisioning or managing servers, scaling, or patching. AWS Lambda takes care of the security of the underlying infrastructure, such as the operating system, the network, and the firewall. However, the company is still responsible for the security of the code itself, such as encrypting sensitive data, validating input, and handling errors. The company is also responsible for writing and updating the code that defines the Lambda function, and choosing the runtime environment, such as Node.js, Python, or Java. AWS Lambda does not require the selection of CPU resources, as it automatically allocates them based on the memory configuration34

NEW QUESTION 17

A company needs to control inbound and outbound traffic for an Amazon EC2 instance.
Which AWS service or feature can the company associate with the EC2 instance to meet this requirement?

• A. Network ACL
• B. Security group
• C. AWS WAF
• D. VPC route tables

Answer: B

Explanation:
A security group is a virtual firewall that can be associated with an Amazon EC2 instance to control the inbound and outbound traffic for the instance. You can specify which protocols, ports, and source or destination IP ranges are allowed or denied by the security group. A network ACL is a stateless filter that can be associated with a subnet to control the traffic to and from the subnet, but it is not associated with an EC2 instance4. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. VPC route tables are used to determine where network traffic is directed within a VPC or to an internet gateway, virtual private gateway, NAT device, VPC peering connection, or VPC endpoint.

NEW QUESTION 18
......