Update CLF-C02 Simulations For AWS Certified Cloud Practitioner Certification

NEW QUESTION 1

A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?

• A. AWS Pricing Calculator
• B. Amazon CloudWatch
• C. AWS Cost Explorer
• D. AWS Budgets

Answer: A

Explanation:
AWS Pricing Calculator is a web-based planning tool that customers can use to create estimates for their AWS use cases. They can use it to model their solutions before building them, explore the AWS service price points, and review the calculations behind their estimates. Therefore, the correct answer is A. You can learn more about AWS Pricing Calculator and how it works from this page.

NEW QUESTION 2

Which abilities are benefits of the AWS Cloud? (Select TWO.)

• A. Trade variable expenses for capital expenses.
• B. Deploy globally in minutes.
• C. Plan capacity in advance of deployments.
• D. Take advantage of economies of scale.
• E. Reduce dependencies on network connectivity.

Answer: AB

Explanation:
The AWS Cloud offers many benefits, such as:
✑ Trade variable expenses for capital expenses: You can pay only for the resources you use, instead of investing in fixed costs upfront. This reduces the risk and complexity of planning and managing your IT infrastructure4
✑ Deploy globally in minutes: You can leverage the global infrastructure of AWS to deploy your applications and data in multiple regions and availability zones. This enables you to reach your customers faster, improve performance, and increase reliability5

NEW QUESTION 3

Which AWS service or tool can be used to consolidate payments for a company with multiple AWS accounts?

• A. AWS Cost and Usage Report
• B. AWS Organizations
• C. Cost Explorer
• D. AWS Budgets

Answer: B

Explanation:
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes consolidated billing and account management capabilities that enable you to better meet the budgetary, security, and compliance needs of your business1.

NEW QUESTION 4

A company has a MySQL database running on a single Amazon EC2 instance. The company now requires higher availability in the event of an outage.
Which set of tasks would meet this requirement?

• A. Add an Application Load Balancer in front of the EC2 instance.
• B. Configure EC2 Auto Recovery to move the instance to another Availability Zone.
• C. Migrate to Amazon RDS and enable Multi-AZ.
• D. Enable termination protection for the EC2 instance to avoid outages.

Answer: C

Explanation:
The set of tasks that would meet the requirement of having higher availability for a MySQL database running on a single Amazon EC2 instance is to migrate to Amazon RDS and enable Multi-AZ. Amazon RDS is a fully managed relational database service that supports MySQL and other popular database engines. By enabling Multi-AZ, users can have a primary database in one Availability Zone and a synchronous standby replica in another Availability Zone. In case of a planned or unplanned outage of the primary database, Amazon RDS automatically fails over to the standby replica with minimal disruption3. Adding an Application Load Balancer in front of the EC2 instance, configuring EC2 Auto Recovery to move the instance to another Availability Zone, or enabling termination protection for the EC2 instance would not provide higher availability for the database, as they do not address the single point of failure or data replication issues.

NEW QUESTION 5

Which VPC component provides a layer of security at the subnet level?

• A. Security groups
• B. Network ACLs
• C. NAT gateways
• D. Route tables

Answer: B

Explanation:
Network ACLs are a feature that provide a layer of security at the subnet level by acting as a firewall to control traffic in and out of one or more subnets. Network ACLs can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, and protocols5. Security groups are a feature that provide a layer of security at the instance level by acting as a firewall to control traffic to and from one or more instances. Security groups can be configured with rules that allow or deny traffic based on the source and destination IP addresses, ports, protocols, and security groups. NAT gateways are a feature that enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. Route tables are a feature that determine where network traffic from a subnet or gateway is directed.

NEW QUESTION 6

A company wants to migrate a database from an on-premises environment to Amazon RDS.
After the migration is complete, which management task will the company still be responsible for?

• A. Hardware lifecycle management
• B. Application optimization
• C. Server maintenance
• D. Power, network, and cooling provisioning

Answer: B

Explanation:
Amazon RDS is a managed database service that handles most of the common database administration tasks, such as hardware provisioning, server maintenance, backup and recovery, patching, scaling, and replication. However, Amazon RDS does not optimize the application that interacts with the database. The company is still responsible for tuning the performance, security, and availability of the application according to its business requirements and best practices12. References:
✑ What is Amazon Relational Database Service (Amazon RDS)?
✑ Perform common DBA tasks for Amazon RDS DB instances

NEW QUESTION 7

Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Select TWO.)

• A. Perform operations as code.
• B. Enable traceability.
• C. Automatically scale to meet demand.
• D. Deploy resources globally to improve response time.
• E. Automatically recover from failure.

Answer: CE

Explanation:
The design principles that support the reliability pillar of the AWS Well- Architected Framework are: automatically scale to meet demand, and automatically recover from failure. These principles help users design systems that can handle changes in load, avoid disruptions, and resume normal operations quickly. Automatically scaling to meet demand means adjusting the capacity of the system based on the current and anticipated workload, using services such as AWS Auto Scaling, Amazon EC2, and AWS
Lambda. Automatically recovering from failure means detecting and resolving issues, using services such as Amazon CloudWatch, AWS CloudFormation, and AWS CloudTrail

NEW QUESTION 8

A company wants to manage access and permissions for its third-party software as a service (SaaS)
applications. The company wants to use a portal where end users can access assigned AWS accounts and AWS Cloud applications.
Which AWS service should the company use to meet these requirements?

• A. Amazon Cognito
• B. AWS IAM Identity Center (AWS Single Sign-On)
• C. AWS Identity and Access Management (IAM)
• D. AWS Directory Service for Microsoft Active Directory

Answer: B

Explanation:
AWS IAM Identity Center (AWS Single Sign-On) is the AWS service that the company should use to meet the requirements of managing access and permissions for its third-party SaaS applications. AWS Single Sign-On is a cloud-based service that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications. You can use AWS Single Sign-On to enable your users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place4.

NEW QUESTION 9

A company has an online shopping website and wants to store customers' credit card data. The company must meet Payment Card Industry (PCI) standards.
Which service can the company use to access AWS compliance documentation?

• A. Amazon Cloud Directory
• B. AWS Artifact
• C. AWS Trusted Advisor
• D. Amazon Inspector

Answer: B

Explanation:
The correct answer is B because AWS Artifact is a service that provides access to AWS compliance documentation, such as audit reports, security certifications, and agreements. AWS Artifact allows customers to download, review, and accept the documents that are relevant to their use of AWS services. The other options are incorrect because they are not services that provide access to AWS compliance documentation. Amazon Cloud Directory is a service that enables customers to create flexible cloud-native directories for organizing hierarchies of data. AWS Trusted Advisor is a service that provides real-time guidance to help customers follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps customers find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: [AWS Artifact FAQs]

NEW QUESTION 10

A company wants to minimize network latency between its Amazon EC2 instances. The EC2 instances do not need to be highly available.
Which solution meets these requirements?

• A. Use EC2 instances in a single Availability Zone.
• B. Use Amazon CloudFront as the database for the EC2 instances.
• C. Use EC2 instances in the same edge location and the same Availability Zone.
• D. Use EC2 instances in the same edge location and the same AWS Region.

Answer: A

Explanation:
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not needing high availability. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However, EC2 instances in a single Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone

NEW QUESTION 11

A company needs to control inbound and outbound traffic for an Amazon EC2 instance.
Which AWS service or feature can the company associate with the EC2 instance to meet this requirement?

• A. Network ACL
• B. Security group
• C. AWS WAF
• D. VPC route tables

Answer: B

Explanation:
A security group is a virtual firewall that can be associated with an Amazon EC2 instance to control the inbound and outbound traffic for the instance. You can specify which protocols, ports, and source or destination IP ranges are allowed or denied by the security group. A network ACL is a stateless filter that can be associated with a subnet to control the traffic to and from the subnet, but it is not associated with an EC2 instance4. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. VPC route tables are used to determine where network traffic is directed within a VPC or to an internet gateway, virtual private gateway, NAT device, VPC peering connection, or VPC endpoint.

NEW QUESTION 12

A company is running an Amazon EC2 instance in a VPC.
An ecommerce company is using Amazon EC2 Auto Scaling groups to manage a fleet of web servers running on Amazon EC2.
This architecture follows which AWS Well-Architected Framework best practice?

• A. Secure the workload
• B. Decouple infrastructure components
• C. Design for failure
• D. Think parallel

Answer: C

Explanation:
Design for failure is one of the best practices of the AWS Well-Architected Framework. It means that the architecture should be resilient and fault-tolerant, and able to handle failures without impacting the availability and performance of the applications. By using Amazon EC2 Auto Scaling groups, the ecommerce company can design for failure by automatically scaling the number of EC2 instances up or down based on demand or health status. Amazon EC2 Auto Scaling groups can also distribute the EC2 instances across multiple Availability Zones, which are isolated locations within an AWS Region that have independent power, cooling, and network connectivity. This way, the company can ensure that their web servers can handle traffic spikes, recover from failures, and provide a consistent user experience

NEW QUESTION 13

Which AWS service or feature can the company use to limit the access to AWS services for member accounts?

• A. AWS Identity and Access Management (IAM)
• B. Service control policies (SCPs)
• C. Organizational units (OUs)
• D. Access control lists (ACLs)

Answer: B

Explanation:
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines2. SCPs are available only in an organization that has all features enabled2.

NEW QUESTION 14

Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format?

• A. AWS Security Hub
• B. AWS Trusted Advisor
• C. Amazon EventBndge
• D. Amazon GuardDuty

Answer: A

Explanation:
AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation. Security Hub collects findings from the security services enabled across your AWS accounts, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings from partner security products using a standardized AWS Security Finding Format, eliminating the need for time-consuming data parsing and normalization efforts. Customers can designate an administrator account that can access all findings across their accounts. References: AWS Security Hub Overview, AWS Security Hub FAQs

NEW QUESTION 15

A company has an AWS-hosted website located behind an Application Load Balancer. The company wants to safeguard the website from SQL injection or cross-site scripting.
Which AWS service should the company use?

• A. Amazon GuardDuty
• B. AWS WAF
• C. AWS Trusted Advisor
• D. Amazon Inspector

Answer: B

Explanation:
The company should use AWS WAF to safeguard the website from SQL injection or cross-site scripting. AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. The company can use AWS WAF to create custom rules that block malicious requests that match certain patterns, such as SQL injection or cross-site scripting. AWS WAF can be applied to web applications that are behind an Application Load Balancer, Amazon CloudFront, or Amazon API Gateway. Amazon GuardDuty, AWS Trusted Advisor, and Amazon Inspector are not the best services to use for this purpose. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior across the AWS accounts and resources. AWS Trusted Advisor is a service that provides best practice recommendations for cost optimization, performance, security, and fault tolerance. Amazon Inspector is a service that assesses the security and compliance of applications running on Amazon EC2 instances12

NEW QUESTION 16

A developer needs to build an application for a retail company. The application must provide real-time product recommendations that are based on machine learning.
Which AWS service should the developer use to meet this requirement?

• A. AWS Health Dashboard
• B. Amazon Personalize
• C. Amazon Forecast
• D. Amazon Transcribe

Answer: B

Explanation:
Amazon Personalize is a fully managed machine learning service that customers can use to generate personalized recommendations for their users. It can also generate user segments based on the users’ affinity for certain items or item metadata. Amazon Personalize uses the customers’ data to train and deploy custom recommendation models that can be integrated into their applications. Therefore, the correct answer is B. You can learn more about Amazon Personalize and its use cases from this page.

NEW QUESTION 17

How should the company deploy the application to meet these requirements?

• A. Ina single Availability Zone
• B. On AWS Direct Connect
• C. On Reserved Instances
• D. In multiple Availability Zones

Answer: D

Explanation:
Deploying the application in multiple Availability Zones is the best way to ensure high availability for the application. Availability Zones are isolated locations within an AWS Region that are engineered to be fault-tolerant from failures in other Availability Zones. By deploying the application in multiple Availability Zones, the company can reduce the impact of outages and increase the resilience of the application. Deploying the application in a single Availability Zone, on AWS Direct Connect, or on Reserved Instances does not provide the same level of high availability as deploying the application in multiple Availability Zones. Source: Availability Zones

NEW QUESTION 18

Which AWS service is always provided at no charge?

• A. Amazon S3
• B. AWS Identity and Access Management (IAM)
• C. Elastic Load Balancers
• D. AWS WAF

Answer: B

Explanation:
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You can use IAM to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is always provided at no charge12. References: 1: AWS Identity and Access Management (IAM) - Amazon Web Services (AWS), 2: Which aws service is always provided at no charge? - Brainly.in

NEW QUESTION 19

A company wants to use the AWS Cloud to deploy an application globally.
Which architecture deployment model should the company use to meet this requirement?

• A. Multi-Region
• B. Single-Region
• C. Multi-AZ
• D. Single-AZ

Answer: A

Explanation:
The architecture deployment model that the company should use to meet this requirement is A. Multi-Region.
A multi-region deployment model is a cloud computing architecture that distributes an application and its data across multiple geographic regions. A multi-region deployment model enables a company to achieve global reach, high availability, disaster recovery, and performance optimization. By deploying an application in multiple regions, a company can serve customers from the nearest region, reduce latency, increase redundancy, and comply with data sovereignty regulations12.
A single-region deployment model is a cloud computing architecture that runs an application and its data within a single geographic region. A single-region deployment model is simpler and cheaper than a multi-region deployment model, but it has limited scalability, availability, and performance. A single-region deployment model may not be suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance12.
A multi-AZ (Availability Zone) deployment model is a cloud computing architecture that distributes an application and its data across multiple isolated locations within a single region. An Availability Zone is a physically separate location within an AWS Region that has independent power, cooling, and networking. A multi-AZ deployment model enhances the availability and durability of an application by providing redundancy and fault tolerance within a region34.
A single-AZ deployment model is a cloud computing architecture that runs an application and its data within a single Availability Zone. A single-AZ deployment model is the simplest and most cost-effective option, but it has no redundancy or fault tolerance. A single-AZ deployment model may not be suitable for a company that wants to deploy an application globally, as it may face challenges such as network latency, regional outages, or regulatory compliance34.
References:
1: AWS Cloud Computing - W3Schools 2: Understand the Different Cloud Computing Deployment Models Unit - Trailhead 3: Regions and Availability Zones - Amazon Elastic Compute Cloud 4: AWS Reference Architecture Diagrams

NEW QUESTION 20
......