CLF-C02 Part 4
1. Under the AWS shared responsibility model, AWS is responsible for which security-related task?
- A. Lifecycle management of IAM credentials
- B. Physical security of global infrastructure
- C. Encryption of Amazon EBS volumes
- D. Firewall configuration
2. Which AWS service enables users to consolidate billing across multiple accounts?
- A. Amazon QuickSight
- B. AWS Organizations
- C. AWS Budgets
- D. Amazon Forecast
3. Under the AWS shared responsibility model, which of the following is an example of security in the AWS Cloud?
- A. Managing edge locations
- B. Physical security
- C. Firewall configuration
- D. Global infrastructure
4. How can an AWS user with an AWS Basic Support plan obtain technical assistance from AWS?
- A. AWS Senior Support Engineers
- B. AWS Technical Account Managers
- C. AWS Trusted Advisor
- D. AWS Discussion Forums
5. Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)
- A. Multiple Availability Zones
- B. Performance efficiency
- C. Security
- D. Encryption usage
- E. High availability
6. After selecting an Amazon EC2 Dedicated Host reservation, which pricing option would provide the largest discount?
- A. No upfront payment
- B. Hourly on-demand payment
- C. Partial upfront payment
- D. All upfront payment
7. What is an advantage of deploying an application across multiple Availability Zones?
- A. There is a lower risk of service failure if a natural disaster causes a service disruption in a given AWS Region.
- B. The application will have higher availability because it can withstand a service disruption in one Availability Zone.
- C. There will be better coverage as Availability Zones are geographically distant and can serve a wider area.
- D. There will be decreased application latency that will improve the user experience.
8. A Cloud Practitioner is asked how to estimate the cost of using a new application on AWS. What is the MOST appropriate response?
- A. Inform the user that AWS pricing allows for on-demand pricing.
- B. Direct the user to the AWS Simple Monthly Calculator for an estimate.
- C. Use Amazon QuickSight to analyze current spending on-premises.
- D. Use Amazon AppStream 2.0 for real-time pricing analytics.
9. A company wants to migrate its applications to a VPC on AWS. These applications will need to access on-premises resources.
What combination of actions will enable the company to accomplish this goal? (Choose two.)
- A. Use the AWS Service Catalog to identify a list of on-premises resources that can be migrated.
- B. Build a VPN connection between an on-premises device and a virtual private gateway in the new VPC.
- C. Use Amazon Athena to query data from the on-premises database servers.
- D. Connect the company’s on-premises data center to AWS using AWS Direct Connect.
- E. Leverage Amazon CloudFront to restrict access to static web content provided through the company’s on-premises web servers.
10. A web application running on AWS has been spammed with malicious requests from a recurring set of IP addresses. Which AWS service can help secure the application and block the malicious traffic?
- A. AWS IAM
- B. Amazon GuardDuty
- C. Amazon Simple Notification Service (Amazon SNS)
- D. AWS WAF
11. Treating infrastructure as code in the AWS Cloud allows users to:
- A. automate migration of on-premises hardware to AWS data centers.
- B. let a third party automate an audit of the AWS infrastructure.
- C. turn over application code to AWS so it can run on the AWS infrastructure.
- D. automate the infrastructure provisioning process.
12. A company requires a dedicated network connection between its on-premises servers and the AWS Cloud. Which AWS service should be used?
- A. AWS VPN
- B. AWS Direct Connect
- C. Amazon API Gateway
- D. Amazon Connect
13. Which AWS service can be used to query stored datasets directly from Amazon S3 using standard SQL?
- A. AWS Glue
- B. AWS Data Pipeline
- C. Amazon CloudSearch
- D. Amazon Athena
14. AWS CloudFormation is designed to help the user:
- A. model and provision resources.
- B. update application code.
- C. set up data lakes.
- D. create reports for billing.
15. A Cloud Practitioner must determine if any security groups in an AWS account have been provisioned to allow unrestricted access for specific ports. What is the SIMPLEST way to do this?
- A. Review the inbound rules for each security group in the Amazon EC2 management console to check for port 0.0.0.0/0.
- B. Run AWS Trusted Advisor and review the findings.
- C. Open the AWS IAM console and check the inbound rule filters for open access.
- D. In AWS Config, create a custom rule that invokes an AWS Lambda function to review rules for inbound access.
16. What are the benefits of developing and running a new application in the AWS Cloud compared to on-premises? (Choose two.)
- A. AWS automatically distributes the data globally for higher durability.
- B. AWS will take care of operating the application.
- C. AWS makes it easy to architect for high availability.
- D. AWS can easily accommodate application demand changes.
- E. AWS takes care application security patching.
17. A user needs an automated security assessment report that will identify unintended network access to Amazon EC2 instances and vulnerabilities on those instances. Which AWS service will provide this assessment report?
- A. EC2 security groups
- B. AWS Config
- C. Amazon Macie
- D. Amazon Inspector
18. How can a company isolate the costs of production and non-production workloads on AWS?
- A. Create Identity and Access Management (IAM) roles for production and non-production workloads.
- B. Use different accounts for production and non-production expenses.
- C. Use Amazon EC2 for non-production workloads and other services for production workloads.
- D. Use Amazon CloudWatch to monitor the use of services.
19. Where can users find a catalog of AWS-recognized providers of third-party security solutions?
- A. AWS Service Catalog
- B. AWS Marketplace
- C. AWS Quick Start
- D. AWS CodeDeploy
20. A Cloud Practitioner needs to store data for 7 years to meet regulatory requirements. Which AWS service will meet this requirement at the LOWEST cost?
- A. Amazon S3
- B. AWS Snowball
- C. Amazon Redshift
- D. Amazon S3 Glacier
21. What are the immediate benefits of using the AWS Cloud? (Choose two.)
- A. Increased IT staff.
- B. Capital expenses are replaced with variable expenses.
- C. User control of infrastructure.
- D. Increased agility.
- E. AWS holds responsibility for security in the cloud.
22. Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?
- A. Amazon GuardDuty
- B. Amazon Macie
- C. Amazon Inspector
- D. AWS Shield
23. What is the purpose of AWS Storage Gateway?
- A. It ensures on-premises data storage is 99.999999999% durable.
- B. It transports petabytes of data to and from AWS.
- C. It connects to multiple Amazon EC2 instances.
- D. It connects on-premises data storage to the AWS Cloud.
24. What should users do if they want to install an application in geographically isolated locations?
- A. Install the application using multiple internet gateways.
- B. Deploy the application to an Amazon VPC.
- C. Deploy the application to multiple AWS Regions.
- D. Configure the application using multiple NAT gateways.
25. A system in the AWS Cloud is designed to withstand the failure of one or more components. What is this an example of?
- A. Elasticity
- B. High Availability
- C. Scalability
- D. Agility
26. A Cloud Practitioner needs a consistent and dedicated connection between AWS resources and an on-premises system. Which AWS service can fulfill this requirement?
- A. AWS Direct Connect
- B. AWS VPN
- C. Amazon Connect
- D. AWS Data Pipeline
27. Within the AWS shared responsibility model, who is responsible for security and compliance?
- A. The customer is responsible.
- B. AWS is responsible.
- C. AWS and the customer share responsibility.
- D. AWS shares responsibility with the relevant governing body.
28. To use the AWS CLI, users are required to generate:
- A. a password policy.
- B. an access/secret key.
- C. a managed policy.
- D. an API key.
29. Which AWS service is used to provide encryption for Amazon EBS?
- A. AWS Certificate Manager
- B. AWS Systems Manager
- C. AWS KMS
- D. AWS Config
30. How does AWS charge for AWS Lambda usage once the free tier has been exceeded? (Choose two.)
- A. By the time it takes for the Lambda function to execute.
- B. By the number of versions of a specific Lambda function.
- C. By the number of requests made for a given Lambda function.
- D. By the programming language that is used for the Lambda function.
- E. By the total number of Lambda functions in an AWS account.
31. Which of the following describes the relationships among AWS Regions, Availability Zones, and edge locations? (Choose two.)
- A. There are more AWS Regions than Availability Zones.
- B. There are more edge locations than AWS Regions.
- C. An edge location is an Availability Zone.
- D. There are more AWS Regions than edge locations.
- E. There are more Availability Zones than AWS Regions.
32. What does AWS Shield Standard provide?
- A. WAF rules
- B. DDoS protection
- C. Identity and Access Management (IAM) permissions and access to resources
- D. Data encryption
33. A company wants to build its new application workloads in the AWS Cloud instead of using on-premises resources. What expense can be reduced using the AWS Cloud?
- A. The cost of writing custom-built Java or Node .js code
- B. Penetration testing for security
- C. hardware required to support new applications
- D. Writing specific test cases for third-party applications.
34. What does AWS Marketplace allow users to do? (Choose two.)
- A. Sell unused Amazon EC2 Spot Instances.
- B. Sell solutions to other AWS users.
- C. Buy third-party software that runs on AWS.
- D. Purchase AWS security and compliance documents.
- E. Order AWS Snowball.
35. What does it mean if a user deploys a hybrid cloud architecture on AWS?
- A. All resources run using on-premises infrastructure.
- B. Some resources run on-premises and some run in a location center.
- C. All resources run in the AWS Cloud.
- D. Some resources run on-premises and some run in the AWS Cloud.
36. Which AWS service allows users to identify the changes made to a resource over time?
- A. Amazon Inspector
- B. AWS Config
- C. AWS Service Catalog
- D. AWS IAM
37. How can a company reduce its Total Cost of Ownership (TCO) using AWS?
- A. By minimizing large capital expenditures
- B. By having no responsibility for third-party license costs
- C. By having no operational expenditures
- D. By having AWS manage applications
38. Which activity is a customer responsibility in the AWS Cloud according to the AWS shared responsibility model?
- A. Ensuring network connectivity from AWS to the internet
- B. Patching and fixing flaws within the AWS Cloud infrastructure
- C. Ensuring the physical security of cloud data centers
- D. Ensuring Amazon EBS volumes are backed up
39. What are the advantages of the AWS Cloud? (Choose two.)
- A. Fixed rate monthly cost
- B. No need to guess capacity requirements
- C. Increased speed to market
- D. Increased upfront capital expenditure
- E. Physical access to cloud data centers
40. When comparing the total cost of ownership (TCO) of an on-premises infrastructure to a cloud architecture, what costs should be considered? (Choose two.)
- A. The credit card processing fees for application transactions in the cloud.
- B. The cost of purchasing and installing server hardware in the on-premises data.
- C. The cost of administering the infrastructure, including operating system and software installations, patches, backups, and recovering from failures.
- D. The costs of third-party penetration testing.
- E. The advertising costs associated with an ongoing enterprise-wide campaign.
41. Which AWS feature allows a company to take advantage of usage tiers for services across multiple member accounts?
- A. Service control policies (SCPs)
- B. Consolidated billing
- C. All Upfront Reserved Instances
- D. AWS Cost Explorer
42. What is one of the customer’s responsibilities according to the AWS shared responsibility model?
- A. Virtualization infrastructure
- B. Network infrastructure
- C. Application security
- D. Physical security of hardware
43. What helps a company provide a lower latency experience to its users globally?
- A. Using an AWS Region that is central to all users
- B. Using a second Availability Zone in the AWS Region that is using used
- C. Enabling caching in the AWS Region that is being used
- D. Using edge locations to put content closer to all users
44. How can the AWS Cloud increase user workforce productivity after migration from an on-premises data center?
- A. Users do not have to wait for infrastructure provisioning.
- B. The AWS Cloud infrastructure is much faster than an on-premises data center infrastructure.
- C. AWS takes over application configuration management on behalf of users.
- D. Users do not need to address security and compliance issues.
45. Which AWS service provides a quick and automated way to create and manage AWS accounts?
- A. AWS QuickSight
- B. Amazon Lightsail
- C. AWS Organizations
- D. Amazon Connect
46. Which Amazon RDS feature can be used to achieve high availability?
- A. Multiple Availability Zones
- B. Amazon Reserved Instances
- C. Provisioned IOPS storage
- D. Enhanced monitoring
47. Where should users report that AWS resources are being used for malicious purposes?
- A. AWS Abuse team
- B. AWS Shield
- C. AWS Support
- D. AWS Developer Forums
48. Which AWS service needs to be enabled to track all user account changes within the AWS Management Console?
- A. AWS CloudTrail
- B. Amazon Simple Notification Service (Amazon SNS)
- C. VPC Flow Logs
- D. AWS CloudHSM
49. What is an AWS Cloud design best practice?
- A. Tight coupling of components
- B. Single point of failure
- C. High availability
- D. Overprovisioning of resources
50. Which of the following is an example of how moving to the AWS Cloud reduces upfront cost?
- A. By replacing large variable costs with lower capital investments
- B. By replacing large capital investments with lower variable costs
- C. By allowing the provisioning of compute and storage at a fixed level to meet peak demand
- D. By replacing the repeated scaling of virtual servers with a simpler fixed-scale model
51. When designing a typical three-tier web application, which AWS services and/or features improve availability and reduce the impact failures? (Choose two.)
- A. AWS Auto Scaling for Amazon EC2 instances
- B. Amazon VPC subnet ACLs to check the health of a service
- C. Distributed resources across multiple Availability Zones
- D. AWS Server Migration Service (AWS SMS) to move Amazon EC2 instances into a different Region
- E. Distributed resources across multiple AWS points of presence
52. Which cloud design principle aligns with AWS Cloud best practices?
- A. Create fixed dependencies among application components
- B. Aggregate services on a single instance
- C. Deploy applications in a single Availability Zone
- D. Distribute the compute load across multiple resources
53. Which of the following are recommended practices for managing IAM users? (Choose two.)
- A. Require IAM users to change their passwords after a specified period of time
- B. Prevent IAM users from reusing previous passwords
- C. Recommend that the same password be used on AWS and other sites
- D. Require IAM users to store their passwords in raw text
- E. Disable multi-factor authentication (MFA) for IAM users
54. A company is migrating from on-premises data centers to the AWS Cloud and is looking for hands-on help with the project. How can the company get this support? (Choose two.)
- A. Ask for a quote from the AWS Marketplace team to perform a migration into the company’s AWS account.
- B. Contact AWS Support and open a case for assistance
- C. Use AWS Professional Services to provide guidance and to set up an AWS Landing Zone in the company’s AWS account
- D. Select a partner from the AWS Partner Network (APN) to assist with the migration
- E. Use Amazon Connect to create a new request for proposal (RFP) for expert assistance in migrating to the AWS Cloud.
55. How does the AWS Enterprise Support Concierge team help users?
- A. Supporting application development
- B. Providing architecture guidance
- C. Answering billing and account inquires
- D. Answering questions regarding technical support cases
56. An application designed to span multiple Availability Zones is described as:
- A. being highly available
- B. having global reach
- C. using an economy of scale
- D. having elasticity
57. A new service using AWS must be highly available. Yet, due to regulatory requirements, all of its Amazon EC2 instances must be located in a single geographic area.
According to best practices, to meet these requirements, the EC2 instances must be placed in at least two:
- A. AWS Regions
- B. Availability Zones
- C. subnets
- D. placement groups
58. Which AWS tool is used to compare the cost of running an application on-premises to running the application in the AWS Cloud?
- A. AWS Trusted Advisor
- B. AWS Simple Monthly Calculator
- C. AWS Total Cost of Ownership (TCO) Calculator
- D. Cost Explorer
59. A company has multiple AWS accounts within AWS Organizations and wants to apply the Amazon EC2 Reserved Instances benefit to a single account only. Which action should be taken?
- A. Purchase the Reserved Instances from master payer account and turn off Reserved Instance sharing.
- B. Enable billing alerts in the AWS Billing and Cost Management console.
- C. Purchase the Reserved Instances in individual linked accounts and turn off Reserved Instance sharing from the payer level.
- D. Enable Reserved Instance sharing in the AWS Billing and Cost Management console.
60. Which situation should be reported to the AWS Abuse team?
- A. In Availability Zone has a service disruption
- B. An intrusion attempt is made from an AWS IP address
- C. A user has trouble accessing an Amazon S3 bucket from an AWS IP address
- D. A user needs to change payment methods due to a compromise