Up To Date CLF-C02 Exam Topics For AWS Certified Cloud Practitioner Certification

NEW QUESTION 1

Which AWS network services or features allow Cl DR block notation when providing an IP address range?
(Select TWO.)

• A. Security groups
• B. Amazon Machine Image (AMI)
• C. Network access control list (network ACL)
• D. AWS Budgets
• E. Amazon Elastic Block Store (Amazon EBS)

Answer: AC

Explanation:
Security groups and network access control lists (network ACLs) are two AWS network services or features that allow CIDR block notation when providing an IP address range. Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. Network ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level. Both security groups and network ACLs use CIDR block notation to specify the IP address ranges that are allowed or denied

NEW QUESTION 2

Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?

• A. High availability
• B. Economies of scale
• C. Pay-as-you-go pricing
• D. Global reach

Answer: C

Explanation:
Pay-as-you-go pricing is an AWS benefit that demonstrates the ability of users to replace upfront fixed expenses with variable expenses. With pay-as-you-go pricing, users only pay for the resources they consume, without any long-term contracts or commitments. This can lower the total cost of ownership and increase the return on investment. Pay-as-you-go pricing also provides flexibility and scalability, as users can adjust their resource usage according to their changing needs and demands. AWS Cloud Value FrameworkAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 3

A company website is experiencing DDoS attacks.
Which AWS service can help protect the company website against these attacks?

• A. AWS Resource Access Manager
• B. AWS Amplify
• C. AWS Shield
• D. Amazon GuardDuty

Answer: C

Explanation:
AWS Shield is a managed DDoS protection service that safeguards applications running on AWS from distributed denial of service (DDoS) attacks. DDoS attacks are malicious attempts to disrupt the normal functioning of a website or application by overwhelming it with a large volume of traffic from multiple sources. AWS Shield provides two tiers of protection: Standard and Advanced. AWS Shield Standard is automatically enabled for all AWS customers at no additional cost. It protects your AWS resources, such as Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53, from the most common and frequently occurring network and transport layer DDoS attacks. AWS Shield Advanced is an optional paid service that provides additional protection for your AWS resources and applications, such as Amazon Elastic Compute Cloud (Amazon EC2), Elastic Load Balancing (ELB), Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), and AWS Elastic Beanstalk. AWS Shield Advanced offers enhanced detection and mitigation capabilities, 24/7 access to the AWS DDoS Response Team (DRT), real-time visibility and reporting, and cost protection against DDoS-related spikes in your AWS bill12
References: AWS Shield, What is a DDOS Attack & How to Protect Your Site Against One

NEW QUESTION 4

A company has a compliance requirement to record and evaluate configuration changes, as well as perform remediation actions on AWS resources.
Which AWS service should the company use?

• A. AWS Config
• B. AWS Secrets Manager
• C. AWS CloudTrail
• D. AWS Trusted Advisor

Answer: A

Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines. This can help you simplify compliance auditing,
security analysis, change management, and operational troubleshooting1.

NEW QUESTION 5

A cloud engineer wants to know the percentage of the allocated compute units that are in use for a specific Amazon EC2 instance.
Which AWS service can provide this information?

• A. AWS CloudTrail
• B. AWS Config
• C. Amazon CloudWatch
• D. AWS Artifact

Answer: C

Explanation:
Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides you with data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers

NEW QUESTION 6

What can a user accomplish using AWS CloudTrail?

• A. Generate an IAM user credentials report.
• B. Record API calls made to AWS services.
• C. Assess the compliance of AWS resource configurations with policies and guidelines.
• D. Ensure that Amazon EC2 instances are patched with the latest security update
• E. A company uses Amazon Workspaces.

Answer: B

Explanation:
AWS CloudTrail is an AWS service that enables users to accomplish the task of recording API calls made to AWS services. AWS CloudTrail is a service that tracks user activity and API usage across the AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Users can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not tasks that users can accomplish using AWS CloudTrail. Generating an IAM user credentials report is a task that users can accomplish using IAM, which is an AWS service that enables users to manage access and permissions to AWS resources and services. Assessing the compliance of AWS resource configurations with policies and guidelines is a task that users can accomplish using AWS Config, which is an AWS service that enables users to assess, audit, and evaluate the configurations of their AWS resources. Ensuring that Amazon EC2 instances are patched with the latest security updates is a task that users can accomplish using AWS Systems Manager, which is an AWS service that enables users to automate operational tasks, manage configuration and compliance, and monitor system health and performance. Reference: AWS CloudTrail FAQs

NEW QUESTION 7

A company wants a time-series database service that makes it easier to store and analyze trillions of events each day.
Which AWS service will meet this requirement?

• A. Amazon Neptune
• B. Amazon Timestream
• C. Amazon Forecast
• D. Amazon DocumentDB (with MongoDB compatibility)

Answer: B

Explanation:
Amazon Timestream is a fast, scalable, and serverless time-series database service for IoT and other operational applications that makes it easy to store and analyze trillions of events per day up to 1,000 times faster and at as little as 1/10th the cost of relational databases1. Amazon Timestream saves you time and cost in managing the lifecycle of time series data, and its purpose-built query engine lets you access and analyze recent and historical data together with a single query1. Amazon Timestream has built-in time series analytics functions, helping you identify trends and patterns in near real time1. The other options are not suitable for storing and analyzing trillions of events per day. Amazon Neptune is a graph database service that supports highly connected data sets. Amazon Forecast is a machine learning service that generates accurate forecasts based on historical data. Amazon DocumentDB (with MongoDB compatibility) is a document database service that supports MongoDB workloads.
References:
✑ 1: Time Series Database – Amazon Timestream – Amazon Web Services

NEW QUESTION 8

A company needs to search for text in documents that are stored in Amazon S3. Which AWS service will meet these requirements?

• A. Amazon Kendra
• B. Amazon Rekognition
• C. Amazon Polly
• D. Amazon Lex

Answer: A

Explanation:
Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. It enables users to easily find the content they are looking for, even when it is scattered across multiple locations and content repositories within their organization. Amazon Kendra supports natural language queries, and can search for text in documents stored in Amazon S3, as well as other sources such as SharePoint, OneDrive, Salesforce, ServiceNow, and more1.
Amazon Rekognition is a computer vision service that makes it easy to add image and video analysis to applications. It can detect objects, faces, text, scenes, activities, and emotions in images and videos. However, it is not designed for searching for text in documents stored in Amazon S32.
Amazon Polly is a text-to-speech service that turns text into lifelike speech. It can create audio versions of books, articles, podcasts, and more. However, it is not designed for searching for text in documents stored in Amazon S33.
Amazon Lex is a service for building conversational interfaces using voice and text. It can create chatbots that can interact with users using natural language. However, it is not designed for searching for text in documents stored in Amazon S34.
References:
✑ Amazon Kendra – Intelligent Search Service Powered by Machine Learning
✑ Amazon Rekognition – Video and Image - AWS
✑ Amazon Polly – Text-to-Speech Service - AWS
✑ Amazon Lex – Build Conversation Bots - AWS

NEW QUESTION 9

A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.
Which best practice of the AWS Well-Architected Framework is the company following with this plan?

• A. Integrate functional testing as part of AWS deployment.
• B. Use automation to deploy changes.
• C. Deploy the application to multiple locations.
• D. Implement loosely coupled dependencies.

Answer: D

Explanation:
The company is following the best practice of implementing loosely coupled dependencies by migrating the application to AWS and dividing the application into microservices. Loosely coupled dependencies are a design principle of the AWS Well- Architected Framework that helps to reduce the interdependencies between components and improve the scalability, reliability, and performance of the system. By breaking down the monolithic application into smaller, independent, and modular services, the company can reduce the complexity and maintenance costs, increase the agility and flexibility, and enable faster and more frequent deployments. AWS CloudFormation is an AWS service that provides the ability to manage infrastructure as code. Infrastructure as code is a process of defining and provisioning AWS resources using code or templates, rather than manual actions or scripts. AWS CloudFormation allows users to create and update stacks of AWS resources based on predefined templates that describe the desired state and configuration of the resources. AWS CloudFormation automates and simplifies the deployment and management of AWS resources, and ensures consistency and repeatability across different environments and regions. AWS CloudFormation also supports rollback, change sets, drift detection, and nested stacks features that help users to monitor and control the changes to their infrastructure. References: Implementing Loosely Coupled Dependencies, What is AWS CloudFormation?

NEW QUESTION 10

Which AWS service provides the ability to host a NoSQL database in the AWS Cloud?

• A. Amazon Aurora
• B. Amazon DynamoDB
• C. Amazon RDS
• D. Amazon Redshift

Answer: B

Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both key- value and document data models, and allows you to create tables that can store and retrieve any amount of data, and serve any level of request traffic. You can also use DynamoDB Streams to capture data modification events in DynamoDB tables.

NEW QUESTION 11

A company is hosting a web application on Amazon EC2 instances. The company wants to implement custom conditions to filter and control inbound web traffic.
Which AWS service will meet these requirements?

• A. Amazon GuardDuty
• B. AWSWAF
• C. Amazon Macie
• D. AWS Shield

Answer: B

Explanation:
The AWS service that will meet the requirements of the company that is hosting a web application on Amazon EC2 instances and wants to implement custom conditions to filter and control inbound web traffic is AWS WAF. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, Amazon Macie, and AWS Shield are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. Amazon Macie is a data security and data privacy service that uses machine learning and pattern matching to discover, classify, and protect sensitive data stored in Amazon S3. AWS Shield is a managed distributed denial of service (DDoS) protection service that safeguards web applications running on AWS. These services are more useful for detecting and preventing different types of threats and attacks, rather than filtering and controlling inbound web traffic based on custom conditions.

NEW QUESTION 12

Which AWS service uses a combination of publishers and subscribers?

• A. AWS Lambda
• B. Amazon Simple Notification Service (Amazon SNS)
• C. Amazon CloudWatch
• D. AWS CloudFormation

Answer: B

Explanation:
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner - aws.amazon.com

NEW QUESTION 13

A company needs to launch an Amazon EC2 instance.
Which of the following can the company use during the launch process to configure the root volume of the EC2 instance?

• A. Amazon EC2 Auto Scaling
• B. Amazon Data Lifecycle Manager (Amazon DLM)
• C. Amazon Machine Image (AMI)
• D. Amazon Elastic Block Store (Amazon EBS) volume

Answer: C

Explanation:
Amazon Machine Image (AMI) is the option that the company can use during the launch process to configure the root volume of the EC2 instance. An AMI is a template that contains the software configuration, such as the operating system, applications, and
settings, required to launch an EC2 instance. An AMI also specifies the volume size and type of the root device for the instance. The company can choose an AMI provided by AWS, the AWS Marketplace, or the AWS community, or create a custom AMI. For more information, see [Amazon Machine Images (AMI)] and [Launching an Instance Using the Launch Instance Wizard].

NEW QUESTION 14

Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO)

• A. High availability
• B. Performance efficiency
• C. Cost optimization
• D. Going global in minutes
• E. Continuous development

Answer: BC

Explanation:
The AWS Well-Architected Framework is a set of six pillars and lenses that help cloud architects design and run workloads in the cloud. The six pillars are: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. Each pillar has a set of design principles and best practices that guide the architectural decisions. High availability is not a separate pillar, but a quality that can be achieved by applying the principles of the reliability pillar. Going global in minutes and continuous development are not pillars of the framework, but possible benefits of using AWS services and following the framework’s recommendations. References: AWS Well-Architected - Build secure, efficient cloud applications, AWS Well-Architected Framework, The 6 Pillars of the AWS Well-Architected Framework

NEW QUESTION 15

Which AWS service is always free of charge for users?

• A. Amazon S3
• B. Amazon Aurora
• C. Amazon EC2
• D. AWS Identity and Access Management (IAM)

Answer: D

Explanation:
AWS Identity and Access Management (IAM) is a service that allows users to manage access to AWS resources and services. It enables users to create and manage users, groups, roles, and policies that control who can do what in AWS. IAM is always free of charge for users, as there is no additional cost for using IAM with any AWS service1. Amazon S3 is a storage service that provides scalable, durable, and secure object storage. Amazon S3 has a free tier that offers 5 GB of storage, 20,000 GET requests, and 2,000 PUT requests per month for one year. However, users are charged for any additional usage beyond the free tier limits2. Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL. Amazon Aurora has a free tier that offers 750 hours of Aurora Single-AZ db.t2.small database usage and 20 GB of storage per month for one year. However, users are charged for any additional usage beyond the free tier limits3. Amazon EC2 is a compute service that provides resizable virtual servers. Amazon EC2 has a free tier that offers 750 hours of Linux and Windows t2.micro instances per month for one year. However, users are charged for any additional usage beyond the free tier limits4.

NEW QUESTION 16

Which AWS service is a continuous delivery and deployment solution?

• A. AWSAppSync
• B. AWS CodePipeline
• C. AWS Cloud9
• D. AWS CodeCommit

Answer: B

Explanation:
AWS CodePipeline is a continuous delivery and deployment service that automates the release process of software applications across different stages, such as source code, build, test, and deploy2. AWSAppSync, AWS Cloud9, and AWS CodeCommit are other AWS services related to application development, but they do not provide continuous delivery and deployment solutions34 .

NEW QUESTION 17

Which actions are examples of a company's effort to right size its AWS resources to control cloud costs? (Select TWO.)

• A. Switch from Amazon RDS to Amazon DynamoDB to accommodate NoSQL dataset
• B. Q
• C. Base the selection of Amazon EC2 instance types on past utilization patterns.
• D. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers.
• E. Use Multi-AZ deployments for Amazon RDS.
• F. Replace existing Amazon EC2 instances with AWS Elastic Beanstalk.

Answer: BC

Explanation:
Basing the selection of Amazon EC2 instance types on past utilization patterns is a way to right size the AWS resources and optimize the performance and cost. Using Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers is another way to reduce the storage costs and align them with the business value of the data. These two actions are recommended by the AWS Cost Optimization Pillar1. Switching from Amazon RDS to Amazon DynamoDB is not necessarily a cost-saving action, as it depends on the use case and the data model. Using Multi-AZ deployments for Amazon RDS is a way to improve the availability and durability of the database, but it also increases the cost. Replacing existing Amazon EC2 instances with AWS Elastic Beanstalk is a way to simplify the deployment and management of the application, but it does not affect the cost of the underlying EC2 instances.

NEW QUESTION 18

A company's IT team is managing MySQL database server clusters. The IT team has to patch the database and take backup snapshots of the data in the clusters. The company wants to move this workload to AWS so that these tasks will be completed automatically.
What should the company do to meet these requirements?

• A. Deploy MySQL database server clusters on Amazon EC2 instances.
• B. Use Amazon RDS with a MySQL database.
• C. Use an AWS Cloud Form at ion template to deploy MySQL database servers on Amazon EC2 instances.
• D. Migrate all the MySQL database data to Amazon S3.

Answer: B

Explanation:
The company should use Amazon RDS with a MySQL database to meet the requirements of moving its workload to AWS so that the tasks of patching the database and taking backup snapshots of the data in the clusters will be completed automatically. Amazon RDS is a managed service that simplifies the setup, operation, and scaling of relational databases in the AWS Cloud. Amazon RDS automates common database administration tasks such as patching, backup, and recovery. Amazon RDS also supports MySQL and other popular database engines5

NEW QUESTION 19

Which activity can companies complete by using AWS Organizations?

• A. Troubleshoot the performance of applications.
• B. Manage service control policies (SCPs).
• C. Migrate applications to microservices.
• D. Monitor the performance of applications.

Answer: B

Explanation:
Managing service control policies (SCPs) is an activity that companies can complete by using AWS Organizations. AWS Organizations is a service that enables the user to consolidate multiple AWS accounts into an organization that can be managed as a single unit. AWS Organizations allows the user to create groups of accounts and apply policies to them, such as service control policies (SCPs) that specify the services and actions that users and roles can access in the accounts. AWS Organizations also enables the user to use consolidated billing, which combines the usage and charges from all the accounts in the organization into a single bill3.

NEW QUESTION 20
......