AWS CLF-C02 dumps question and answers
| Report Date: 15-Jul-2024 | |||||
|---|---|---|---|---|---|
| S.No | Question | Correct Answer | |||
| Section Name CLF-C02 Post: Security and Compliance | Total Questions: 12 | ||||
| 1 | Among the options provided, which one is the customer's responsibility to guarantee the availability and backup of the EBS volumes? A)Create copies of EBS Volumes. B)Delete the data and create a new EBS volume. C)Create EBS snapshots. D)Attach new volumes to EC2 Instances. | C | |||
| 2 | From the options provided, which three security requirements are handled by AWS? Please select three answers from the options below. A)Hardware patching B)Password Policies C)User permissions D)Physical security E)Disk disposal | A,D,E | |||
| 3 | I possess a Mobile Application that necessitates access to AWS resources such as S3 and DynamoDB. What would be the most optimal approach to grant users of the mobile app the ability to access these AWS resources? A)Have the mobile app connect to another web application running on an EC2 instance that can assume a role for accessing the AWS resources B)Keep the Security Credentials associated with the AWS resource access within the Mobile App C)Use Security Token Service (STS) with Identity Federation that will allow an User access to resources within a session D)Create Users and Groups within IAM and assign IAM policies for accessing the resources | C | |||
| 4 | Within a sophisticated AWS setup encompassing various AWS accounts and resources, an organization requires a centralized tool to oversee and implement uniform firewall rules and policies. This is crucial in maintaining a consistent security stance and compliance throughout the infrastructure. What AWS service offers the functionality to accomplish this? A)AWS Firewall Manager B)Amazon GuardDuty C)Amazon Inspector D)AWS Web Application Firewall | A | |||
| 5 | Which of the following can be set up to improve security at the subnet level? A)Security Group B)Virtual Private Cloud (VPC) C)Configure transitive VPC peering D)NACL (Network Access Control List) | D | |||
| 6 | In the context of the Well-Architected Framework's security pillar, if you want to establish standards and best practices for your EC2 instances and verify compliance with these standards to improve workload security, which of the options provided would you select? A)AWS Resource Access Manager (RAM) B)Amazon Detective C)AWS Inspector D)AWS Security Hub | C | |||
| 7 | When a new department has been added to the organization and the administrator is tasked with setting up access permissions for a group of users with diverse roles and access requirements, what is the recommended strategy for granting access? A)Users should have no access and be granted temporary access on the occasions that they need to execute a task. B)After gathering information on their access needs, the administrator should allow every user to access the most common resources and privileges on the system. C)The administrator should grant all users the same permissions and then grant more upon request. D)The administrator should grant all users the least privilege and add more privileges to only to those who need it. | D | |||
| 8 | In a scenario where an organization operates multiple EC2 instances within a VPC, utilizing three subnets for Development, Test, and Production. The Security team has concerns about the VPC configuration and needs to limit communication among the EC2 instances using Security Groups. Which of the provided options accurately reflects the truth about Security Groups? A)The only Security Group you can change is the Default Security Group. B)You can change a Security Group associated with an instance if the instance is in the running state. C)You can change a Security Group associated with an instance if the instance is in the hibernate state. D)You can change a Security Group only if there are no instances associated to it. | B | |||
| 9 | From the options provided below, which two are responsibilities of AWS in the shared responsibility model for Security and Compliance between AWS and customer? A)Patch management within the AWS infrastructure B)Perform all the necessary security configuration and management tasks for Amazon Elastic Compute Cloud (Amazon EC2). C)Patch management of the guest OS and applications D)Security of the data in the AWS cloud E)Security of the AWS cloud | A,E | |||
| 10 | For a development team that's looking to offload SSL processing from existing web servers, which AWS service from the options provided would be the most suitable to fulfill this requirement? A)AWS Secrets Manager B)AWS Certificate Manager C)AWS CloudHSM D)AWS KMS | C | |||
| 11 | For a Developer Team that's creating a new mobile app using AWS resources, which will be accessed by thousands of users, which service from the options provided would be the most suitable for creating a directory to manage sign-ins for these users? A)AWS IAM B)Amazon Cognito User Pools C)Amazon Cognito Identity Pools D)AWS IAM Identity Center | B | |||
| 12 | In a scenario where a developer needs to enable an application on an EC2 instance to perform certain actions and requires granting access to the application for some AWS resources, the developer intends to supply his credentials to the instance. However, considering the developer's credentials are long-term, the developer is seeking an alternative to minimize the security risk. What could the developer do in this situation to temporarily allow applications on EC2 to access the necessary AWS resources? A)There is no alternate way. A developer needs to give his credentials and revoke access when the required action is done. B)Use IAM Roles C)Use IAM Group D)Use IAM Tags | B | |||
| Section Name CLF-C02 Post: Billing Pricing and Support | Total Questions: 5 | ||||
| 1 | If you have a distributed application that periodically processes substantial amounts of data across multiple Amazon EC2 Instances and is designed to recover smoothly from Amazon EC2 instance failures, which option would be the most cost-effective way to meet your requirements? A)On-Demand instances B)Reserved instances C)Dedicated instances D)Spot Instances | D | |||
| 2 | In an AWS Organization using consolidated billing, where can a "Member AWS account" configure the delivery of a product-wise daily cost breakdown report for cost and usage analysis? Choose Two options. A)AWS Management Console B)Amazon Athena C)S3 bucket owned by the member account D)S3 bucket owned by the management account | C,D | |||
| 3 | For a large Oil and Gas company that is planning to launch a high-volume application on several Amazon EC2 instances, which option could assist in lowering operational costs? A)Deploy Amazon EC2 instance with Amazon instance store-backed AMI B)Deploy Amazon EC2 instance in multiple AZ's C)Deploy Amazon EC2 instance with Auto-scaling D)Deploy Amazon EC2 instance with Cluster placement group | C | |||
| 4 | Which tool in the AWS Billing and Management service enables users to graphically track billing and usage over time, specifically focusing on monthly operational costs? A)AWS Bills B)AWS Reports C)AWS Cost Explorer D)AWS Budgets | C | |||
| 5 | Which two factors contribute to the cost of using AWS S3 storage when storing a large amount of data such as images and documents? A)While uploading data to an S3 bucket B)Lifecycle transition requests C)Outbound data transfer from S3 in US-West to an EC2 instance in US-West D)Outbound data transfer from S3 in US-East to an EC2 instance in US-West E)Outbound data transfer to Amazon CloudFront | B,D | |||
| Section Name CLF-C02 Post: Cloud Concepts | Total Questions: 10 | ||||
| 1 | What services can be used to facilitate computing elasticity in AWS? A)Amazon S3 B)AWS RDS C)VPC Endpoint D)AWS EC2 Auto Scaling Group | D | |||
| 2 | What is the best solution for an organization with consistently high throughput that requires a connection with no jitter and minimal latency between its on-premise infrastructure and its AWS cloud build to support live streaming and real-time services? A)AWS Direct Connect B)AWS Data Streams C)AWS Kinesis D)Kinesis Data Firehose | A | |||
| 3 | What AWS service would be appropriate for use as a fully managed data warehouse? A)Amazon Relational Database Service (Amazon RDS) B)Amazon Athena C)Amazon RedShift D)Amazon CloudWatch | C | |||
| 4 | Which AWS service from the options below enables you to scale up resources in response to application or user demand? A)AWS Inspector B)AWS EC2 C)AWS Autoscaling D)AWS ELB | C | |||
| 5 | What are two reasons that might motivate a company to choose AWS over an on-premises data center? Please select two from the options provided. A)Ability to use resources on demand B)Having access to Free and Unlimited Storage C)Having access to Unlimited Physical servers D)Having a highly available infrastructure | A,D | |||
| 6 | How would you go about creating a backup of an EBS Volume? A)Store the EBS volume in DynamoDB. B)Store the EBS volume in S3. C)Store the EBS volume in an RDS database. D)Create an EBS snapshot. | D | |||
| 7 | Which of the following does not constitute a pillar of the AWS Well-Architected Framework? A)Performance Efficiency B)Automation C)Cost Optimization D)Reliability | B | |||
| 8 | What is the main difference between an availability zone and an edge location? A)None of the above B)An availability zone is a grouping of AWS resources in a specific region. An edge location is a specific resource within the AWS region. C)An availability zone is an isolated location within an AWS region, whereas an edge location will deliver cached content to the closest location to reduce latency. D)Edge locations are used as control stations for AWS resources. | C | |||
| 9 | Which design pillar should a client who has transitioned to AWS Cloud concentrate on to ensure that their systems consistently deliver business value and enhance supporting processes and procedures? A)Operational Excellence B)Reliability C)Scalability D)Automation | A | |||
| 10 | What is the functionality of EBS Volume replication in the event of a single hardware failure? A)Replicates the volume across Edge locations B)Replicates the volume across Availability Zones C)Replicates the volume in the same Availability Zone D)Replicates the volume across Regions | C | |||
| Section Name CLF-C02 Post: Cloud Technology and Services | Total Questions: 13 | ||||
| 1 | Which AWS service would be the most suitable choice for streamlining the development and implementation of real-time collaboration features and seamless integration with AWS services for the backend in your web application? A)AWS Device Farm B)AWS AppSync C)AWS Amplify D)Amazon RDS | C | |||
| 2 | For a popular e-commerce website that currently relies on call center agents for resolving queries related to its products and services, how can the website quickly develop virtual contact center agents to facilitate self-service capabilities for its users? A)Using Amazon Kendra B)Using Amazon Polly C)Using Amazon Lex D)Using Amazon Personalize | C | |||
| 3 | I am hosting two applications, "Image Processing" and "Order Processing," on separate EC2 servers within an Auto Scaling Group on my website. What is the most effective method to grant user access to either of these applications on the website? A)I can use the Network Load Balancer that will route requests to different applications depending on the user's request. B)I can provide the public DNS URL of each of my servers where my application is hosted. C)I can use the Classic Load Balancer that will route requests to different applications depending on the user's request. D)I can use the Application Load Balancer that will route requests to different applications depending on the user's request. | D | |||
| 4 | If you're working in a production environment and there's a requirement to automate the entire process of managing and delivering changes, including building, testing, and deploying resources, which AWS service from the options provided would be the most suitable to create an end-to-end continuous integration and continuous deployment (CI/CD) pipeline? A)AWS CodeCommit B)AWS CodeDeploy C)AWS CodeBuild D)AWS CodePipeline | D | |||
| 5 | Emma is working on a mobile application that necessitates real-time data synchronization and offline functionality. She's looking for a managed service that simplifies the creation and management of GraphQL APIs for her application. Which AWS service would be the best fit for Emma's needs? A)AWS Device Farm B)Amazon ECS C)AWS AppSync D)AWS Amplify | C | |||
| 6 | Mayank is in the process of creating a web application that necessitates real-time updates and interactions. He is considering utilizing AWS services to manage the backend logic, database, and authentication seamlessly. What would be the most suitable choice for meeting Mayank's needs? A)AWS AppSync B)AWS Device Farm C)AWS Amplify D)AWS IoT Core | C | |||
| 7 | If you're looking to create a stream processing solution that can process and query real-time streaming data using a SQL-based solution, and you're seeking the simplest approach that AWS offers, which AWS service from the options provided would be the most suitable for this purpose? A)Amazon Kinesis Data Firehose B)Amazon Kinesis Data Streams C)Amazon Kinesis Data Analytics D)Amazon Kinesis Client Library | C | |||
| 8 | In which scenarios would the use of Amazon Elastic Compute Cloud (Amazon EC2) Spot instances be most suitable? A)Workloads that are critical and need Amazon EC2 instances with termination protection B)Workloads that are only run in the morning and stopped at night C)Workloads where the availability of the Amazon EC2 instances can be flexible D)Workloads that need to run for long periods of time without interruption | C | |||
| 9 | Which EFS file system is capable of delivering read operations with latency in the sub-microsecond range? A)One Zone storage class with Max I/O performance mode B)Standard-IA storage class with General Purpose performance mode C)Standard storage class with Max I/O performance mode D)One Zone storage class with General Purpose performance mode | D | |||
| 10 | For an international sports governing body's website that aims to deliver content in the local language of viewers from various parts of the world, which service would offer location-based web personalization using geolocation headers from the options given below? A)Amazon Route 53 B)Amazon CloudFront C)Amazon EC2 Instance D)Amazon Lightsail | B | |||
| 11 | If I have a Virtual Private Cloud infrastructure environment that hosts an Application and a Database, and I want this application to be securely accessible to anyone, what are the best practices for hosting them within the infrastructure? A)Subnet configured for the ELB should contain a NAT Gateway B)Host the Application in a Public Subnet, Database in a Private Subnet with an ELB frontending the Application in a Public Subnet C)Host both the Application & Database in a Public subnet with an ELB frontend the Application in a public Subnet D)Subnet configured for the Application should have a route to the Internet Gateway | A | |||
| 12 | For an organization seeking assistance, which role does Amazon AppStream play from the options provided below? A)It hosts websites and web applications with high availability B)It provides cloud-based virtual machines for running containerized applications C)It automates and manages AWS resource provisioning D)It delivers desktop applications securely to users via streaming | D | |||
| 13 | If an administrator is working on a collaborative project and wants to document the initial configuration and several authorized changes made to the route table of a VPC, what would be the most effective method to accomplish this from the options provided below? A)Use of an AWS Lambda function that is triggered to save a log file to an S3 bucket each time configuration changes are made. B)Use of AWS Config C)Use of VPC Flow Logs D)Use of AWS CloudTrail | B | |||
No comments