How Many Questions Of CLF-C02 Training Tools

NEW QUESTION 1

A company's information security manager is supervising a move to AWS and wants to ensure that AWS best practices are followed. The manager has concerns about the potential misuse of AWS account root user credentials.
Which of the following is an AWS best practice for using the AWS account root user credentials?

• A. Allow only the manager to use the account root user credentials for normal activities.
• B. Use the account root user credentials only for Amazon EC2 instances from the AWS Free Tier.
• C. Use the account root user credentials only when they alone must be used to perform a requiredfunction.
• D. Use the account root user credentials only for the creation of private VPC subnets.

Answer: C

Explanation:
The AWS best practice for using the AWS account root user credentials is to use them only when they alone must be used to perform a required function. The AWS account root user credentials have full access to all the resources in the account, and therefore pose a security risk if compromised or misused. You should create individual IAM users with the minimum necessary permissions for everyday tasks, and use AWS Organizations to manage multiple accounts. You should also enable multi-factor authentication (MFA) and rotate the password for the root user regularly. Some of the functions that require the root user credentials are changing the account name, closing the account, changing the support plan, and restoring an IAM user’s access.

NEW QUESTION 2

Which AWS services are supported by Savings Plans? (Select TWO.)

• A. Amazon EC2
• B. Amazon RDS
• C. Amazon SageMaker
• D. Amazon Redshift
• E. Amazon DynamoDB

Answer: AC

Explanation:
The AWS services that are supported by Savings Plans are:
✑ Amazon EC2: Amazon EC2 is a service that provides scalable computing capacity in the AWS cloud. You can use Amazon EC2 to launch virtual servers, configure security and networking, and manage storage. Amazon EC2 is eligible for both Compute Savings Plans and EC2 Instance Savings Plans12.
✑ Amazon SageMaker: Amazon SageMaker is a service that helps you build and deploy machine learning models. You can use Amazon SageMaker to access Jupyter notebooks, use common machine learning algorithms, train and tune models, and deploy them to a hosted environment. Amazon SageMaker is eligible for SageMaker Savings Plans13.
The other options are not supported by Savings Plans. Amazon RDS, Amazon Redshift, and Amazon DynamoDB are database services that are eligible for Reserved Instances, but not Savings Plans4.

NEW QUESTION 3

A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library's capacity to the AWS Cloud.
Which AWS service should the company use to meet this requirement?

• A. Amazon Elastic File System (Amazon EFS)
• B. Amazon Elastic Block Store (Amazon EBS)
• C. Amazon S3
• D. AWS Storage Gateway

Answer: D

Explanation:
AWS Storage Gateway is a hybrid cloud storage service that provides on- premises access to virtually unlimited cloud storage. You can use AWS Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. One of these use cases is tape-based backup, which allows you to store data backups on virtual tapes in the AWS Cloud. You can use the Tape Gateway feature of AWS Storage Gateway to extend your existing physical tape library to the AWS Cloud. Tape Gateway provides a virtual tape infrastructure that scales seamlessly with your backup needs and eliminates the operational burden of provisioning, scaling, and maintaining a physical tape infrastructure123. References: 1: Cloud Storage Appliances, Hybrid Device - AWS Storage Gateway - AWS, 2: AWS Storage Gateway Documentation, 3: AWS Storage Gateway Features | Amazon Web Services

NEW QUESTION 4

Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)

• A. Performance and capacity management
• B. Data engineering
• C. Continuous integration and continuous delivery (CI/CD)
• D. Infrastructure protection
• E. Change and release management

Answer: BC

Explanation:
The platform perspective of the AWS Cloud Adoption Framework (AWS CAF) helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native solutions1. It comprises seven capabilities, two of which are data engineering and CI/CD1.
✑ Data engineering: This capability helps you design and evolve a fit-for-purpose data and analytics architecture that can reduce complexity, cost, and technical debt while enabling you to gain actionable insights from exponentially growing data volumes1. It involves selecting key technologies for each of your architectural layers, such as ingestion, storage, catalog, processing, and consumption. It also involves supporting real-time data processing and adopting a Lake House architecture to facilitate data movements between data lakes and purpose-built data stores1.
✑ CI/CD: This capability helps you automate the delivery of your cloud solutions using a set of practices and tools that enable faster and more reliable deployments1. It involves establishing a pipeline that can build, test, and deploy your code across multiple environments. It also involves adopting a DevOps culture that fosters collaboration, feedback, and continuous improvement among your development and operations teams1.
References:
✑ 1: Platform perspective: infrastructure and applications - An Overview of the AWS Cloud Adoption Framework

NEW QUESTION 5

Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?

• A. Amazon FSx for Lustre
• B. AWS Storage Gateway volume gateway
• C. AWS Storage Gateway file gateway
• D. Amazon Elastic File System (Amazon EFS)

Answer: C

Explanation:
AWS Storage Gateway file gateway allows companies to use protocols such as NFS and SMB to store and retrieve objects in Amazon S3. File gateway provides a seamless integration between on-premises applications and Amazon S3, and enables low- latency access to data through local caching. File gateway also supports encryption, compression, and lifecycle management of the objects in Amazon S3. For more information, see What is AWS Storage Gateway? and File Gateway.

NEW QUESTION 6

A company is reviewing its operating policies.
Which policy complies with guidance in the security pillar of the AWS Well-Architected Framework?

• A. Ensure that employees have access to all company data.
• B. Expand employees' permissions as they gain more experience.
• C. Grant all privileges and access to all users.
• D. Apply security requirements at all layers of a process.

Answer: D

Explanation:
Applying security requirements at all layers of a process is a policy that complies with guidance in the security pillar of the AWS Well-Architected Framework. The security pillar of the AWS Well-Architected Framework provides best practices for securing the user’s data and systems in the AWS Cloud. One of the design principles of the security pillar is to apply security at all layers, which means that the user should implement defense-in-depth strategies and avoid relying on a single security mechanism. For example, the user should use multiple security controls, such as encryption, firewalls, identity and access management, and logging and monitoring, to protect their data and resources at different layers.

NEW QUESTION 7

Which AWS services can limit manual errors by consistently provisioning AWS resources in multiple envirom

• A. AWS Config
• B. AWS CodeStar
• C. AWS CloudFormation
• D. AWS Cloud Development Kit (AWS CDK)
• E. AWS CodeBuild

Answer: CD

Explanation:
AWS CloudFormation and AWS Cloud Development Kit (AWS CDK) are AWS services that can limit manual errors by consistently provisioning AWS resources in multiple environments. AWS CloudFormation is a service that enables you to model and provision AWS resources using templates. You can use AWS CloudFormation to define the AWS resources and their dependencies that you need for your applications, and to automate the creation and update of those resources across multiple environments, such as development, testing, and production. AWS CloudFormation helps you ensure that your
AWS resources are configured consistently and correctly, and that you can easily replicate or modify them as needed. AWS Cloud Development Kit (AWS CDK) is a service that enables you to use familiar programming languages, such as Python, TypeScript, Java, and C#, to define and provision AWS resources. You can use AWS CDK to write code that synthesizes into AWS CloudFormation templates, and to leverage the existing libraries and tools of your preferred language. AWS CDK helps you reduce the complexity and errors of writing and maintaining AWS CloudFormation templates, and to apply the best practices and standards of software development to your AWS infrastructure.

NEW QUESTION 8

A company is running its application in the AWS Cloud. The company wants to periodically review its AWS account for cost optimization opportunities.
Which AWS service or tool can the company use to meet these requirements?

• A. AWS Cost Explorer
• B. AWS Trusted Advisor
• C. AWS Pricing Calculator
• D. AWS Budgets

Answer: A

Explanation:
AWS Cost Explorer is an AWS service or tool that the company can use to periodically review its AWS account for cost optimization opportunities. AWS Cost Explorer is a tool that enables the company to visualize, understand, and manage their AWS costs and usage over time. The company can use AWS Cost Explorer to access interactive graphs and tables that show the breakdown of their costs and usage by service, region, account, tag, and more. The company can also use AWS Cost Explorer to forecast their future costs, identify trends and anomalies, and discover potential savings by using Reserved Instances or Savings Plans.

NEW QUESTION 9

Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity'?

• A. Agility
• B. Elasticity
• C. Reliability
• D. Durability

Answer: B

Explanation:
Elasticity is a characteristic of the AWS Cloud that helps users eliminate underutilized CPU capacity. Elasticity refers to the ability to dynamically provision and de- provision computing resources as per demand, ensuring that the application or service always has the required resources to operate efficiently. Elasticity helps users optimize performance and costs, as they only pay for the resources they use and avoid wasting resources when the demand is low345. References: 3: Which characteristic of the aws cloud helps users eliminate …, 4: AWS Elastic Load Balancing and Application Load Balancer, 5: Which characteristic of the AWS Cloud helps users eliminate …

NEW QUESTION 10

A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops.
Which AWS service will help the company deploy the application without investing in backend infrastructure or high end client hardware?

• A. Amazon AppStream 2.0
• B. AWS AppSync
• C. Amazon WorkLink
• D. AWS Elastic Beanstalk

Answer: A

Explanation:
The correct answer is A because Amazon AppStream 2.0 is a service that will help the company deploy the application without investing in backend infrastructure or high end client hardware. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows customers to stream desktop applications from AWS to any device running a web browser. Amazon AppStream 2.0 handles the provisioning, scaling, patching, and maintenance of the backend infrastructure, and delivers high performance and responsive user experience. The other options are incorrect because they are not services that will help the company deploy the application without investing in backend infrastructure or high end client hardware. AWS AppSync is a service that enables customers to create flexible APIs for synchronizing data across multiple data sources. Amazon WorkLink is a service that enables customers to provide secure, one-click access to internal websites and web apps from mobile devices. AWS Elastic Beanstalk is a service that enables customers to deploy and manage web applications using popular platforms such as Java, .NET, PHP, and Node.js. Reference: [Amazon AppStream 2.0 FAQs]

NEW QUESTION 11

A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?

• A. AWS Trusted Advisor
• B. Amazon CloudWatch
• C. Amazon GuardDuty
• D. AWS Health Dashboard

Answer: A

Explanation:
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices, including security and performance. It can help you monitor for misconfigured security groups that are allowing unrestricted access to specific ports. Amazon CloudWatch is a service that monitors your AWS resources and the applications you run on AWS. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. AWS Health Dashboard provides relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities.

NEW QUESTION 12

A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely.
Which AWS service or framework should the company use for operational support?

• A. AWS Support
• B. AWS Cloud Adoption Framework (AWS CAF)
• C. AWS Managed Services (AMS)
• D. AWS Well-Architected Framework

Answer: D

Explanation:
The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating workloads on AWS. It helps customers achieve operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. The framework is based on six pillars, each with its own design principles, best practices, and questions. Customers can use the framework to assess their current state, identify gaps, and implement improvements12.
AWS Support is a service that provides technical assistance, guidance, and resources for AWS customers. It offers different plans with varying levels of access to AWS experts, response times, and features3. AWS Support does not provide a comprehensive framework for operational support.
AWS Cloud Adoption Framework (AWS CAF) is a guidance tool that helps customers plan and execute their cloud migration journey. It provides a set of perspectives, capabilities, and best practices to align the business and technical aspects of cloud adoption4. AWS CAF does not focus on operational support for existing workloads on AWS.
AWS Managed Services (AMS) is a service that operates AWS infrastructure on behalf of customers. It provides a secure and compliant environment, automates common activities, and applies best practices for provisioning, patching, backup, recovery, and monitoring5. AMS does not provide a framework for customers to operate their own workloads on AWS.

NEW QUESTION 13

An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud. Which cost is the company's direct responsibility?

• A. Cost of application software licenses
• B. Cost of the hardware infrastructure on AWS
• C. Cost of power for the AWS servers
• D. Cost of physical security for the AWS data center

Answer: A

Explanation:
The cost of application software licenses is the company’s direct responsibility when it migrates its IT infrastructure from an on-premises data center to the AWS Cloud. Application software licenses are the agreements that grant users the right to use specific software products, such as operating systems, databases, or applications. Depending on the type and terms of the license, users may need to pay a fee to the software vendor or provider to use the software legally and access its features and updates. When users migrate their IT infrastructure to the AWS Cloud, they can choose to buy new licenses from AWS, bring their own licenses (BYOL), or use a combination of both. However, regardless of the option they choose, they are still responsible for complying with the license terms and paying the license fees to the software vendor or provider. AWS does not charge users for the application software licenses they bring or buy, but only for the AWS resources they use to run their applications. Therefore, the cost of application software licenses is the only cost among the options that is the company’s direct responsibility. The other costs are either included in the AWS service fees or covered by AWS.
References: AWS License Manager Pricing, Software licensing: The blind spot in public cloud costs, Cost Optimization tips for SQL Server Licenses on AWS, Microsoft Licensing on AWS

NEW QUESTION 14

Which AWS service is deployed to VPCs and provides protection from common network threats?

• A. AWSShield
• B. AWSWAF
• C. AWS Network Firewall
• D. AWS FirewallManager

Answer: C

Explanation:
AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). The service can be set up with just a few clicks from the AWS console or using APIs. AWS Network Firewall automatically scales with your network traffic, so you don’t have to worry about deploying and managing any infrastructure. AWS Network Firewall provides protection from common network threats such as SQL injection, cross-site scripting, and DDoS attacks1.

NEW QUESTION 15

A company wants to query its server logs to gain insights about its customers' experiences. Which AWS service will store this data MOST cost-effectively?

• A. Amazon Aurora
• B. Amazon Elastic File System (Amazon EFS)
• C. Amazon Elastic Block Store (Amazon EBS)
• D. Amazon S3

Answer: D

Explanation:
Amazon S3 is an AWS service that provides scalable, durable, and cost- effective object storage in the cloud. Amazon S3 can store any amount and type of data, such as server logs, and offers various storage classes with different performance and pricing characteristics. Amazon S3 is the most cost-effective option for storing server logs, as it offers low-cost storage classes, such as S3 Standard-Infrequent Access (S3 Standard-IA) and S3 Intelligent-Tiering, that are suitable for infrequently accessed or changing access patterns data. Amazon S3 also integrates with other AWS services, such as Amazon Athena and Amazon OpenSearch Service, that can query the server logs directly from S3 without requiring any additional data loading or transformation. References: Amazon S3, Amazon S3 Storage Classes, Querying Data in Amazon S3

NEW QUESTION 16

Which perspective of the AWS Cloud Adoption Framework (AWS CAF) connects technology and business?

• A. Operations
• B. People
• C. Security
• D. Governance

Answer: D

Explanation:
The perspective of the AWS Cloud Adoption Framework (AWS CAF) that connects technology and business is governance. The governance perspective focuses on the alignment of the IT strategy and processes with the business strategy and goals, as well as the management of the IT budget, risk, and compliance. The governance perspective capabilities are portfolio management, business performance management, and IT governance. The governance perspective helps organizations ensure that their cloud adoption delivers the expected business value and outcomes, and that their cloud solutions are secure, reliable, and compliant. Operations, people, and security are other perspectives of the AWS CAF, but they do not directly connect technology and business. The operations perspective focuses on the management and monitoring of the cloud resources and applications, as well as the automation and optimization of the operational processes. The people perspective focuses on the development and empowerment of the human resources, as well as the transformation of the organizational culture and structure. The security perspective focuses on the protection of the information assets and systems in the cloud, as well as the implementation of the security policies and controls.

NEW QUESTION 17

Which benefit does Amazon Rekognition provide?

• A. The ability to place watermarks on images
• B. The ability to detect objects that appear in pictures
• C. The ability to resize millions of images automatically
• D. The ability to bid on object detection jobs

Answer: B

Explanation:
Amazon Rekognition is a service that provides deep learning-based image and video analysis. One of the benefits of Amazon Rekognition is the ability to detect objects that appear in pictures, such as faces, landmarks, animals, text, and scenes. This can enable applications to perform tasks such as face recognition, face verification, face comparison, face search, celebrity recognition, emotion detection, age range estimation, gender identification, facial analysis, facial expression recognition, and more. Amazon Rekognition OverviewAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 18

A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.
Which AWS service or resource should the company use to select its Amazon RDS deployment area?

• A. Amazon Connect
• B. AWS Wavelength
• C. AWS Regions
• D. AWS Direct Connect

Answer: C

Explanation:
AWS Regions are the AWS service or resource that the company should use to select its Amazon RDS deployment area. AWS Regions are separate geographic areas where AWS clusters its data centers. Each AWS Region consists of multiple, isolated, and physically separate Availability Zones within a geographic area. Each AWS Region is designed to be isolated from the other AWS Regions to achieve the highest possible fault tolerance and stability. AWS provides a more extensive global footprint than any other cloud provider, and to support its global footprint and ensure customers are served across the world, AWS opens new Regions rapidly. AWS maintains multiple geographic Regions, including Regions in North America, South America, Europe, China, Asia Pacific, South Africa, and the Middle East. Amazon RDS is available in several AWS Regions worldwide. To create or work with an Amazon RDS DB instance in a specific AWS Region, you must use the corresponding regional service endpoint. You can choose the AWS Region that meets your latency or legal requirements. You can also use multiple AWS Regions to design a disaster recovery solution or to distribute your read workload. References: Global Infrastructure Regions & AZs - aws.amazon.com, Regions, Availability Zones, and Local Zones - Amazon Relational Database Service

NEW QUESTION 19

A company has teams that have different job roles and responsibilities. The company's employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.
Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

• A. IAM user groups
• B. IAM roles
• C. IAM instance profiles
• D. IAM policies for individual users

Answer: B

Explanation:
IAM roles are a way of granting temporary permissions to entities that need to access AWS resources, such as users, applications, or services. IAM roles allow customers to assign permissions to entities without having to create or manage IAM users or credentials for them. IAM roles can be assumed by different entities depending on the trust policy attached to the role. For example, IAM roles can be assumed by IAM users in the same or different AWS accounts, AWS services such as EC2 or Lambda, or external identities such as federated users or web identities. IAM roles can also be switched by IAM users to temporarily change their permissions. IAM roles are recommended for managing permissions for employees who often change teams, because they allow customers to define permissions based on job roles and responsibilities, and easily assign or revoke them as needed. IAM roles also reduce the operational overhead of creating, updating, or deleting IAM users or credentials for each employee or team change.

NEW QUESTION 20
......