CLF-C02 Part 9
Question #: 481
Topic #: 1
A company runs a legacy workload in an on-premises data center. The company wants to migrate the workload to AWS. The company does not want to make any changes to the workload.
Which migration strategy should the company use?
A. Repurchase
B. Replatform
C. Rehost
D. Refactor
Question #: 482
Topic #: 1
A company is planning to migrate applications to the AWS Cloud. During a system audit, the company finds that its content management system (CMS) application is incompatible with cloud environments.
Which migration strategies will help the company to migrate the CMS application with the LEAST effort? (Choose two.)
A. Retire
B. Rehost
C. Repurchase
D. Replatform
E. Refactor
Question #: 483
Topic #: 1
Which of the following are AWS best practice recommendations for the use of AWS Identity and Access Management (IAM)? (Choose two.)
A. Use the AWS account root user for daily access.
B. Use access keys and secret access keys on Amazon EC2.
C. Rotate credentials on a regular basis.
D. Create a shared set of access keys for system administrators.
E. Configure multi-factor authentication (MFA).
Question #: 484
Topic #: 1
Which option is AWS responsible for under the AWS shared responsibility model?
A. Network and firewall configuration
B. Client-side data encryption
C. Management of user permissions
D. Hardware and infrastructure
Question #: 485
Topic #: 1
A company wants to run a graph query that provides credit card users’ names, addresses, and transactions. The company wants the graph to show if the names, addresses, and transactions indicates possible fraud.
Which AWS database service will meet these requirements?
A. Amazon DocumentDB (with MongoDB compatibility)
B. Amazon Timestream
C. Amazon DynamoDB
D. Amazon Neptune
Question #: 486
Topic #: 1
Which AWS service provides machine learning capability to detect and analyze content in images and videos?
A. Amazon Connect
B. Amazon Lightsail
C. Amazon Personalize
D. Amazon Rekognition
Question #: 487
Topic #: 1
A company wants its AWS usage to be more sustainable. The company wants to track, measure, review, and forecast polluting emissions that result from its AWS applications.
Which AWS service or tool can the company use to meet these requirements?
A. AWS Health Dashboard
B. AWS customer carbon footprint tool
C. AWS Support Center
D. Amazon QuickSight
Question #: 488
Topic #: 1
Which AWS service gives users the ability to deploy highly repeatable infrastructure configurations?
A. AWS CloudFormation
B. AWS CodeDeploy
C. AWS CodeBuild
D. AWS Systems Manager
Question #: 489
Topic #: 1
A company needs to provide customer service by using voice calls and web chat features.
Which AWS service should the company use to meet these requirements?
A. Amazon Aurora
B. Amazon Connect
C. Amazon WorkSpaces
D. AWS Organizations
Question #: 490
Topic #: 1
Which AWS service is designed to help users handle large amounts of data in a data warehouse environment?
A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Redshift
D. Amazon Aurora
Question #: 491
Topic #: 1
A company is building a web application using AWS.
Which AWS service will help prevent network layer DDoS attacks against the web application?
A. AWS WAF
B. AWS Firewall Manager
C. Amazon GuardDuty
D. AWS Shield
Question #: 492
Topic #: 1
Which AWS tool or feature acts as a VPC firewall at the subnet level?
A. Security group
B. Network ACL
C. Traffic Mirroring
D. Internet gateway
Question #: 493
Topic #: 1
A company runs an application on AWS that performs batch jobs. The application is fault-tolerant and can handle interruptions. The company wants to optimize the cost to run the application.
Which AWS offering will meet these requirements?
A. Amazon Macie
B. Amazon Neptune
C. Amazon EC2 Spot Instances
D. Amazon EC2 On-Demand Instances
Question #: 494
Topic #: 1
Which AWS service can be used to send alerts when a specific Amazon CloudWatch alarm is invoked?
A. AWS CloudTrail
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon Simple Queue Service (Amazon SQS)
D. Amazon EventBridge
Question #: 495
Topic #: 1
A cloud practitioner wants to use a highly available and scalable DNS service for its AWS workload.
Which AWS service will meet this requirement?
A. Amazon Route 53
B. Amazon Lightsail
C. AWS Amplify Hosting
D. Amazon S3
Question #: 496
Topic #: 1
According to the AWS shared responsibility model, which task is the customer’s responsibility?
A. Maintaining the infrastructure needed to run AWS Lambda
B. Updating the operating system of Amazon DynamoDB instances
C. Maintaining Amazon S3 infrastructure
D. Updating the guest operating system on Amazon EC2 instances
Question #: 497
Topic #: 1
A company is learning about its responsibilities that are related to the management of Amazon EC2 instances.
Which tasks for EC2 instances are the company’s responsibility, according to the AWS shared responsibility model? (Choose two.)
A. Install and patch the machine hypervisor.
B. Patch the guest operating system.
C. Encrypt data at rest on associated storage.
D. Install the physical hardware and cabling.
E. Provide physical security for the EC2 instances.
Question #: 498
Topic #: 1
A company runs MySQL database workloads on self-managed servers in an on-premises data center. The company wants to migrate the database workloads to an AWS managed service.
Which migration strategy should the company use?
A. Rehost
B. Repurchase
C. Refactor
D. Replatform
Question #: 499
Topic #: 1
A company is planning to migrate a monolithic application to AWS. The company wants to modernize the application by splitting it into microservices. The company will deploy the microservices on AWS.
Which migration strategy should the company use?
A. Rehost
B. Repurchase
C. Replatform
D. Refactor
Question #: 500
Topic #: 1
A company wants to implement detailed tracking of its cloud costs by department and project.
Which AWS feature or service should the company use?
A. Consolidated billing
B. Cost allocation tags
C. AWS Marketplace
D. AWS Budgets
Question #: 501
Topic #: 1
A user wants to invoke an AWS Lambda function when an Amazon EC2 instance enters the “stopping” state.
Which AWS service is appropriate for this use case?
A. Amazon EventBridge
B. AWS Config
C. Amazon Simple Notification Service (Amazon SNS)
D. AWS CloudFormation
Question #: 502
Topic #: 1
A company has a MariaDB database on premises. The company wants to move the data to the AWS Cloud.
Which AWS service will host this database with the LEAST amount of operational overhead?
A. Amazon RDS
B. Amazon Neptune
C. Amazon S3
D. Amazon DynamoDB
Question #: 503
Topic #: 1
Which AWS service or feature supports governance, compliance, and risk auditing of AWS accounts?
A. Multi-factor authentication (MFA)
B. AWS Lambda
C. Amazon Simple Notification Service (Amazon SNS)
D. AWS CloudTrail
Question #: 504
Topic #: 1
Which AWS Cloud design principle is a company using when the company implements AWS CloudTrail?
A. Activate traceability.
B. Use serverless compute architectures.
C. Perform operations as code.
D. Go global in minutes.
Question #: 505
Topic #: 1
A company needs a threat detection service that will continuously monitor its AWS accounts, workloads, and Amazon S3 buckets for malicious activity and unauthorized behavior.
Which AWS service meets these requirements?
A. AWS Shield
B. AWS Firewall Manager
C. Amazon GuardDuty
D. Amazon Inspector
Question #: 506
Topic #: 1
A company is planning to migrate to the AWS Cloud. The company is conducting organizational transformation and wants to become more responsive to customer inquiries and feedback.
Which task should the company perform to meet these requirements, according to the AWS Cloud Adoption Framework (AWS CAF)?
A. Realign teams to focus on products and value streams.
B. Create new value propositions with new products and services.
C. Use a new data and analytics platform to create actionable insights.
D. Migrate and modernize legacy infrastructure.
Question #: 507
Topic #: 1
A company wants to rightsize its Amazon EC2 instances.
Which configuration change will meet this requirement with the LEAST operational overhead?
A. Add EC2 instances in another Availability Zone.
B. Change the size and type of the EC2 instances based on utilization.
C. Convert the payment method from On-Demand to Savings Plans.
D. Reprovision the EC2 instances with a larger instance type.
Question #: 508
Topic #: 1
Which AWS service supports user sign-up functionality and authentication to mobile and web applications?
A. Amazon Cognito
B. AWS Config
C. Amazon GuardDuty
D. AWS Systems Manager
Question #: 509
Topic #: 1
Which benefit of the AWS Cloud helps companies achieve lower usage costs because of the aggregate usage of all AWS users?
A. No need to guess capacity
B. Ability to go global in minutes
C. Economies of scale
D. Increased speed and agility
Question #: 510
Topic #: 1
Which task is the responsibility of the customer, according to the AWS shared responsibility model?
A. Patch the Amazon DynamoDB operating system.
B. Secure Amazon CloudFront edge locations by allowing physical access according to the principle of least privilege.
C. Protect the hardware that runs AWS services.
D. Use AWS Identity and Access Management (IAM) according to the principle of least privilege.
Question #: 511
Topic #: 1
A company wants to manage its cloud resources by using infrastructure as code (IaC) templates. The company needs to meet compliance requirements.
Which AWS service should the company use to meet these requirements?
A. AWS Artifact
B. AWS Resource Explorer
C. AWS License Manager
D. AWS Service Catalog
Question #: 512
Topic #: 1
A systems administrator wants to monitor the CPU utilization of a company’s Amazon EC2 instances.
Which AWS service can provide this information?
A. AWS Config
B. AWS Trusted Advisor
C. AWS CloudTrail
D. Amazon CloudWatch
Question #: 513
Topic #: 1
A company wants to migrate all of its on-premises infrastructure to the AWS Cloud. Before migration, the company wants estimate of costs for running its as-is infrastructure.
Which AWS service or principle should the company use to meet this requirement?
A. AWS Pricing Calculator
B. AWS Well-Architected Framework
C. AWS shared responsibility model
D. AWS Cloud Adoption Framework (AWS CAF)
Question #: 514
Topic #: 1
An independent software vendor wants to deliver and share its custom Amazon Machine Images (AMIs) to prospective customers.
Which AWS service will meet these requirements?
A. AWS Marketplace
B. AWS Data Exchange
C. Amazon EC2
D. AWS Organizations
Question #: 515
Topic #: 1
Which component must be attached to a VPC to enable inbound internet access?
A. NAT gateway
B. VPC endpoint
C. VPN connection
D. Internet gateway
Question #: 516
Topic #: 1
Which AWS service supports a company’s ability to treat infrastructure as code?
A. AWS CodeDeploy
B. AWS Elastic Beanstalk
C. Amazon API Gateway
D. AWS CloudFormation
Question #: 517
Topic #: 1
A company is building an application that will receive millions of database queries each second. The company needs the data store for the application to scale to meet these needs.
Which AWS service will meet this requirement?
A. Amazon DynamoDB
B. AWS Cloud9
C. Amazon ElastiCache for Memcached
D. Amazon Neptune
Question #: 518
Topic #: 1
An AWS user wants to proactively detect when an instance or account might be compromised or if there are threats from attacks.
Which AWS service should the user choose?
A. Amazon GuardDuty
B. AWS WAF
C. AWS Shield
D. Amazon Inspector
Question #: 519
Topic #: 1
Which AWS Support plan provides the full set of AWS Trusted Advisor checks at the LOWEST cost?
A. AWS Developer Support
B. AWS Business Support
C. AWS Enterprise On-Ramp Support
D. AWS Enterprise Support
Question #: 520
Topic #: 1
A company’s application is running on Amazon EC2 instances. The company is planning a partial migration to a serverless architecture in the next year and wants to pay for resources up front.
Which AWS purchasing option will optimize the company’s costs?
A. Convertible Reserved Instances
B. Spot Instances
C. EC2 Instance Savings Plans
D. Compute Savings Plan
Question #: 521
Topic #: 1
A retail company is building a new mobile app. The company is evaluating whether to build the app at an on-premises data center or in the AWS Cloud.
Which of the following are benefits of building this app in the AWS Cloud? (Choose two.)
A. A large, upfront capital expense and low variable expenses
B. Increased speed for trying out new projects
C. Complete control over the physical security of the infrastructure
D. Flexibility to scale up in minutes as the application becomes popular
E. Ability to pick the specific data centers that will host the application servers
Question #: 522
Topic #: 1
A company must archive its documents by using a write-once, read-many (WORM) model to meet legal and compliance obligations.
Which feature of Amazon S3 can the company use to meet this requirement?
A. S3 Versioning
B. S3 bucket policy
C. S3 Glacier Vault Lock
D. S3 multi-factor authentication (MFA) delete
Question #: 523
Topic #: 1
A company has batch workloads that need to run for short periods of time on Amazon EC2. The workloads can handle interruptions and can start again from where they ended.
What is the MOST cost-effective EC2 instance purchasing option to meet these requirements?
A. Reserved Instances
B. Spot Instances
C. Dedicated Instances
D. On-Demand Instances
Question #: 524
Topic #: 1
A company needs to deploy a PostgreSQL database into Amazon RDS. The database must be highly available and fault tolerant.
Which AWS solution should the company use to meet these requirements?
A. Amazon RDS with a single Availability Zone
B. Amazon RDS snapshots
C. Amazon RDS with multiple Availability Zones
D. AWS Database Migration Service (AWS DMS)
Question #: 525
Topic #: 1
What is the MOST secure way to store passwords on AWS?
A. Store passwords in an Amazon S3 bucket.
B. Store passwords as AWS CloudFormation parameters.
C. Store passwords in AWS Storage Gateway.
D. Store passwords in AWS Secrets Manager.
Question #: 526
Topic #: 1
Which statements accurately describe the relationships among components of AWS global infrastructure? (Choose two.)
A. There are more AWS Regions than Availability Zones.
B. There are more edge locations than AWS Regions.
C. An edge location is an Availability Zone.
D. There are more AWS Regions than edge locations.
E. There are more Availability Zones than AWS Regions.
Question #: 527
Topic #: 1
Which AWS service provides DNS resolution?
A. Amazon CloudFront
B. Amazon VPC
C. Amazon Route 53
D. AWS Direct Connect
Question #: 528
Topic #: 1
A company needs to host an application in a specific geographic area to comply with regulations.
Which feature of the AWS global infrastructure will help the company meet this requirement?
A. Scalability
B. Global footprint
C. Availability
D. Performance
Question #: 529
Topic #: 1
An ecommerce company plans to move its data center workload to the AWS Cloud to support highly dynamic usage patterns.
Which benefits make the AWS Cloud cost-effective for the migration of this type of workload? (Choose two.)
A. Reliability
B. Security
C. Elasticity
D. Pay-as-you-go resource
E. High availability
Question #: 530
Topic #: 1
When designing AWS workloads to be operational even when there are component failures, what is an AWS best practice?
A. Perform quarterly disaster recovery tests.
B. Place the main component on the us-east-1 Region.
C. Design for automatic failover to healthy resources.
D. Design workloads to fit on a single Amazon EC2 instance.
Question #: 531
Topic #: 1
Which of the following can the AWS Pricing Calculator do?
A. Project monthly AWS costs.
B. Calculate historical AWS costs.
C. Provide in-depth information about AWS pricing strategies.
D. Provide users with access to their monthly bills.
Question #: 532
Topic #: 1
Which AWS solution gives companies the ability to use protocols such as NFS to store and retrieve objects in Amazon S3?
A. Amazon FSx for Lustre
B. AWS Storage Gateway volume gateway
C. AWS Storage Gateway file gateway
D. Amazon Elastic File System (Amazon EFS)
Question #: 533
Topic #: 1
A user has been granted permission to change their own IAM user password.
Which AWS services can the user use to change the password? (Choose two.)
A. AWS Command Line Interface (AWS CLI)
B. AWS Key Management Sen/ice (AWS KMS)
C. AWS Management Console
D. AWS Resource Access Manager (AWS RAM)
E. AWS Secrets Manager
Question #: 534
Topic #: 1
Which task is the customer’s responsibility, according to the AWS shared responsibility model?
A. Patch a guest operating system that is deployed on an Amazon EC2 instance.
B. Control physical access to an AWS data center.
C. Control access to AWS underlying hardware.
D. Patch a host operating system that is deployed on Amazon S3.
Question #: 535
Topic #: 1
Which AWS service or feature provides a firewall at the subnet level within a VPC?
A. Security group
B. Network ACL
C. Elastic network interface
D. AWS WAF
Question #: 536
Topic #: 1
A company wants to use automated video analysis to identify employees that are accessing its offices.
Which AWS service will meet this requirement?
A. Amazon Rekognition
B. Amazon Polly
C. Amazon Cognito
D. AWS Lambda
Question #: 537
Topic #: 1
A company needs to host a web server on Amazon EC2 instances for at least 1 year. The web server cannot tolerate interruption.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?
A. On-Demand Instances
B. Partial Upfront Reserved Instances
C. Spot Instances
D. No Upfront Reserved Instances
Question #: 538
Topic #: 1
Which guidelines are best practices for using AWS Identity and Access Management (IAM)? (Choose two.)
A. Share access keys.
B. Create individual IAM users.
C. Use inline policies instead of customer managed policies.
D. Grant maximum privileges to IAM users.
E. Use groups to assign permissions to IAM users.
Question #: 539
Topic #: 1
Which advantage of cloud computing allows users to scale resources up and down based on the amount of load that an application supports?
A. Go global in minutes
B. Stop guessing capacity
C. Benefit from massive economies of scale
D. Trade fixed expense for variable expense
Question #: 540
Topic #: 1
A company is requesting Payment Card Industry (PCI) reports that validate the operating effectiveness of AWS security controls.
How should the company obtain these reports?
A. Contact AWS Support.
B. Download reports from AWS Artifact.
C. Download reports from AWS Security Hub.
D. Contact an AWS technical account manager (TAM).