AWS-CLF-002 AWS Certified Cloud Practitioner Practice Questions PDF
Document Details
Uploaded by SaneJasper1235
Geetanjali Inter College
AWS
Tags
Summary
This document is a set of practice questions for the AWS Certified Cloud Practitioner exam. The questions cover various AWS services, including Amazon EC2, Amazon S3, and others. The document focuses on assessing candidates' knowledge and practical application of AWS Cloud technologies.
Full Transcript
Amazon Clearcat.Net | FIRST ATTEMPT PASS | WWW.CLEARCATNET.COM (CLF-C02) AWS Certified Cloud Practitioner ✅Follow us...
Amazon Clearcat.Net | FIRST ATTEMPT PASS | WWW.CLEARCATNET.COM (CLF-C02) AWS Certified Cloud Practitioner ✅Follow us on: Facebook | Instagram | LinkedIn | reddit | Twitter | Quora | YouTube Send us your request/inquiry at [email protected] or connect us for Live Support any time for any certification exam dumps pdf Or for most asked Interview Q&A PDFs to ensure your success in first try!! YouTube.com t.Me /CLEARCATNET /CLEARCATNET Get any exam latest real exam questions PDF Now- ✅Visit us - www.CLEARCATNET.com ✅Mail us- [email protected] ✅Live Support- https://t.me/CLEARCATNET Question:1 CLF-C02: Actual Exam Q&A | CLEARCATNET A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud. Which activities related to a Snowball Edge device are available to the company at no cost? A. Use of the Snowball Edge appliance for a 10-day period B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance C. The transfer of data from the Snowball Edge appliance into Amazon S3 D. Daily use of the Snowball Edge appliance after 10 days Correct Answer: A Question:2 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices. Which AWS service can the company use to meet these requirements? A. AWS Trusted Advisor B. Amazon Inspector C. AWS Config D. Amazon GuardDuty Correct Answer: B Question:3 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario? A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility. B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway. C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user. D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users. Correct Answer: B Question:4 CLF-C02: Actual Exam Q&A | CLEARCATNET According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket? A. Hard code an IAM user’s secret key and access key directly in the application, and upload the file. B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file. C. Have the EC2 instance assume a role to obtain the privileges to upload the file. D. Modify the S3 bucket policy so that any service can upload to it at any time. Correct Answer: C Question:5 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model? A. Physical security of DynamoDB B. Patching of DynamoDB C. Access to DynamoDB tables D. Encryption of data at rest in DynamoDB Correct Answer: C Question:6 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)? A. Sustainability B. Performance efficiency C. Governance D. Reliability Correct Answer: C Question:7 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance. Which AWS service meets these requirements? A. AWS Lambda B. Amazon RDS C. AWS Fargate D. Amazon Athena Correct Answer: C Question:8 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to run a NoSQL database on Amazon EC2 instances. Which task is the responsibility of AWS in this scenario? A. Update the guest operating system of the EC2 instances. B. Maintain high availability at the database layer. C. Patch the physical infrastructure that hosts the EC2 instances. D. Configure the security group firewall. Correct Answer: C Question:9 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.) A. AWS Cost Explorer B. AWS Billing Conductor C. Amazon CodeGuru D. Amazon SageMaker E. AWS Compute Optimizer Correct Answer: AE Question:10 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following are benefits of using AWS Trusted Advisor? (Choose two.) A. Providing high-performance container orchestration B. Creating and rotating encryption keys C. Detecting underutilized resources to save costs D. Improving security by proactively monitoring the AWS environment E. Implementing enforced tagging across AWS resources Correct Answer: CD Question:11 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud? A. Elimination of expenses for running and maintaining data centers B. Price discounts that are identical to discounts from hardware providers C. Distribution of all operational controls to AWS D. Elimination of operational expenses Correct Answer: A Question:12 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates. Which AWS service will meet this requirement? A. AWS Resource Explorer B. AWS Service Catalog C. AWS Organizations D. AWS Systems Manager Correct Answer: B Question:13 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or tool helps users visualize, understand, and manage spending and usage over time? A. AWS Organizations B. AWS Pricing Calculator C. AWS Cost Explorer D. AWS Service Catalog Correct Answer: C Question:14 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data. Which combination of AWS services should the company use to meet these requirements? (Choose two.) A. AWS Glue B. Amazon Elastic File System (Amazon EFS) C. Amazon Redshift D. Amazon QuickSight E. Amazon Quantum Ledger Database (Amazon QLDB) Correct Answer: AD Question:15 CLF-C02: Actual Exam Q&A | CLEARCATNET A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with AWS internal best practices. Which AWS service or resource will meet these requirements? A. AWS Support B. AWS Professional Services C. AWS Launch Wizard D. AWS Managed Services (AMS) Correct Answer: B Question:16 CLF-C02: Actual Exam Q&A | CLEARCATNET An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided. Which EC2 purchasing option will meet these requirements MOST cost-effectively? A. Reserved Instances B. Dedicated Hosts C. Spot Instances D. On-Demand Instances Correct Answer: D Question:17 CLF-C02: Actual Exam Q&A | CLEARCATNET A developer wants to deploy an application quickly on AWS without manually creating the required resources. Which AWS service will meet these requirements? A. Amazon EC2 B. AWS Elastic Beanstalk C. AWS CodeBuild D. Amazon Personalize Correct Answer: B Question:18 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting. Which S3 feature should the company use to meet these requirements? A. S3 Lifecycle rules B. S3 Versioning C. S3 bucket policies D. S3 server-side encryption Correct Answer: B Question:19 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service provides the ability to manage infrastructure as code? A. AWS CodePipeline B. AWS CodeDeploy C. AWS Direct Connect D. AWS CloudFormation Correct Answer: D Question:20 CLF-C02: Actual Exam Q&A | CLEARCATNET An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without any disruption. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively? A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Spot Fleet Correct Answer: B Question:21 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature allows a user to establish a dedicated network connection between a company’s on-premises data center and the AWS Cloud? A. AWS Direct Connect B. VPC peering C. AWS VPN D. Amazon Route 53 Correct Answer: A Question:22 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a physical location of the AWS global infrastructure? A. AWS DataSync B. AWS Region C. Amazon Connect D. AWS Organizations Correct Answer: B Question:23 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks. Which pillar of the AWS Well-Architected Framework is supported by these goals? A. Reliability B. Security C. Operational excellence D. Performance efficiency Correct Answer: B Question:24 CLF-C02: Actual Exam Q&A | CLEARCATNET What is the purpose of having an internet gateway within a VPC? A. To create a VPN connection to the VPC B. To allow communication between the VPC and the internet C. To impose bandwidth constraints on internet traffic D. To load balance traffic from the internet across Amazon EC2 instances Correct Answer: B Question:25 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices. Which best practice of the AWS Well-Architected Framework is the company following with this plan? A. Integrate functional testing as part of AWS deployment. B. Use automation to deploy changes. C. Deploy the application to multiple locations. D. Implement loosely coupled dependencies. Correct Answer: D Question:26 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes. Which AWS service or tool will meet this requirement? A. IAM Access Analyzer B. AWS Artifact C. IAM credential report D. AWS Audit Manager Correct Answer: C Question:27 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to receive a notification when a specific AWS cost threshold is reached. Which AWS services or tools can the company use to meet this requirement? (Choose two.) A. Amazon Simple Queue Service (Amazon SQS) B. AWS Budgets C. Cost Explorer D. Amazon CloudWatch E. AWS Cost and Usage Report Correct Answer: BD Question:28 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or resource provides answers to the most frequently asked security-related questions that AWS receives from its users? A. AWS Artifact B. Amazon Connect C. AWS Chatbot D. AWS Knowledge Center Correct Answer: D Question:29 CLF-C02: Actual Exam Q&A | CLEARCATNET Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.) A. Configure the AWS provided security group firewall. B. Classify company assets in the AWS Cloud. C. Determine which Availability Zones to use for Amazon S3 buckets. D. Patch or upgrade Amazon DynamoDB. E. Select Amazon EC2 instances to run AWS Lambda on. Correct Answer: AB Question:30 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.) A. Availability B. Reliability C. Scalability D. Responsive design E. Operational excellence Correct Answer: BE Question:31 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature is used to send both text and email messages from distributed applications? A. Amazon Simple Notification Service (Amazon SNS) B. Amazon Simple Email Service (Amazon SES) C. Amazon CloudWatch alerts D. Amazon Simple Queue Service (Amazon SQS) Correct Answer: A Question:32 CLF-C02: Actual Exam Q&A | CLEARCATNET A user needs programmatic access to AWS resources through the AWS CLI or the AWS API. Which option will provide the user with the appropriate access? A. Amazon Inspector B. Access keys C. SSH public keys D. AWS Key Management Service (AWS KMS) keys Correct Answer: B Question:33 CLF-C02: Actual Exam Q&A | CLEARCATNET A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours. Which pricing model enables the company to optimize costs and meet these requirements? A. Reserved Instances B. Spot Instances C. On-Demand Instances D. Dedicated Instances Correct Answer: B Question:34 CLF-C02: Actual Exam Q&A | CLEARCATNET What does the concept of agility mean in AWS Cloud computing? (Choose two.) A. The speed at which AWS resources are implemented B. The speed at which AWS creates new AWS Regions C. The ability to experiment quickly D. The elimination of wasted capacity E. The low cost of entry into cloud computing Correct Answer: AC Question:35 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to block SQL injection attacks. Which AWS service or feature can meet this requirement? A. AWS WAF B. AWS Shield C. Network ACLs D. Security groups Correct Answer: A Question:36 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity? A. AWS Service Catalog B. AWS Systems Manager C. AWS IAM Access Analyzer D. AWS Organizations Correct Answer: C Question:37 CLF-C02: Actual Exam Q&A | CLEARCATNET A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud. How can these reports be generated? A. Contact the AWS Compliance team. B. Download the reports from AWS Artifact. C. Open a case with AWS Support. D. Generate the reports with Amazon Macie. Correct Answer: B Question:38 CLF-C02: Actual Exam Q&A | CLEARCATNET An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud. Which cost is the company’s direct responsibility? A. Cost of application software licenses B. Cost of the hardware infrastructure on AWS C. Cost of power for the AWS servers D. Cost of physical security for the AWS data center Correct Answer: A Question:39 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is setting up AWS Identity and Access Management (IAM) on an AWS account. Which recommendation complies with IAM security best practices? A. Use the account root user access keys for administrative tasks. B. Grant broad permissions so that all company employees can access the resources they need. C. Turn on multi-factor authentication (MFA) for added security during the login process. D. Avoid rotating credentials to prevent issues in production applications. Correct Answer: C Question:40 CLF-C02: Actual Exam Q&A | CLEARCATNET Elasticity in the AWS Cloud refers to which of the following? (Choose two.) A. How quickly an Amazon EC2 instance can be restarted B. The ability to rightsize resources as demand shifts C. The maximum amount of RAM an Amazon EC2 instance can use D. The pay-as-you-go billing model E. How easily resources can be procured when they are needed Correct Answer: BE Question:41 CLF-C02: Actual Exam Q&A | CLEARCATNET Which service enables customers to audit API calls in their AWS accounts? A. AWS CloudTrail B. AWS Trusted Advisor C. Amazon Inspector D. AWS X-Ray Correct Answer: A Question:42 CLF-C02: Actual Exam Q&A | CLEARCATNET What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model? A. Managing the code within the Lambda function B. Confirming that the hardware is working in the data center C. Patching the operating system D. Shutting down Lambda functions when they are no longer in use Correct Answer: A Question:43 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis. Which AWS service should the company use to run these queries in the MOST cost-effective manner? A. Amazon Redshift B. Amazon Athena C. Amazon Kinesis D. Amazon RDS Correct Answer: B Question:44 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service can be used at no additional cost? A. Amazon SageMaker B. AWS Config C. AWS Organizations D. Amazon CloudWatch Correct Answer: C Question:45 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective? A. Data architecture B. Event management C. Cloud fluency D. Strategic partnership Correct Answer: C Question:46 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost. Which pricing options meet these requirements with the LOWEST cost? (Choose two.) A. Spot Instances B. On-Demand Instances C. Reserved Instances D. Savings Plans E. Dedicated Hosts Correct Answer: CD Question:47 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible. Which AWS service or resource should the company use to select its Amazon RDS deployment area? A. Amazon Connect B. AWS Wavelength C. AWS Regions D. AWS Direct Connect Correct Answer: C Question:48 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned. Which AWS service or feature can be used to estimate costs before deployment? A. AWS Free Tier B. AWS Pricing Calculator C. AWS Billing and Cost Management D. AWS Cost and Usage Report Correct Answer: B Question:49 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is building an application that needs to deliver images and videos globally with minimal latency. Which approach can the company use to accomplish this in a cost effective manner? A. Deliver the content through Amazon CloudFront. B. Store the content on Amazon S3 and enable S3 cross-region replication. C. Implement a VPN across multiple AWS Regions. D. Deliver the content through AWS PrivateLink. Correct Answer: A Question:50 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a benefit of the economies of scale based on the advantages of cloud computing? A. The ability to trade variable expense for fixed expense B. Increased speed and agility C. Lower variable costs over fixed costs D. Increased operational costs across data centers Correct Answer: C Question:51 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation? A. AWS CLI B. AWS Developer Center C. AWS Cloud Development Kit (AWS CDK) D. AWS CodeStar Correct Answer: C Question:52 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs. Which AWS service or feature should the company use to meet these authentication requirements? A. Amazon API Gateway B. IAM users C. AWS Security Token Service (AWS STS) D. IAM instance profiles Correct Answer: C Question:53 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format? A. AWS Security Hub B. AWS Trusted Advisor C. Amazon EventBridge D. Amazon GuardDuty Correct Answer: A Question:54 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service is always provided at no charge? A. Amazon S3 B. AWS Identity and Access Management (IAM) C. Elastic Load Balancers D. AWS WAF Correct Answer: B Question:55 CLF-C02: Actual Exam Q&A | CLEARCATNET To reduce costs, a company is planning to migrate a NoSQL database to AWS. Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands? A. Amazon Redshift B. Amazon Aurora C. Amazon DynamoDB D. Amazon RDS Correct Answer: C Question:56 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is using Amazon DynamoDB. Which task is the company’s responsibility, according to the AWS shared responsibility model? A. Patch the operating system. B. Provision hosts. C. Manage database access permissions. D. Secure the operating system. Correct Answer: C Question:57 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has a test AWS environment. A company is planning on testing an application within AWS. The application testing can be interrupted and does not need to run continuously. Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively? A. On-Demand Instances B. Dedicated Instances C. Spot Instances D. Reserved Instances Correct Answer: C Question:58 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets? A. Amazon Macie B. Amazon Detective C. Amazon GuardDuty D. AWS IAM Access Analyzer Correct Answer: A Question:59 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following services can be used to block network traffic to an instance? (Choose two.) A. Security groups B. Amazon Virtual Private Cloud (Amazon VPC) flow logs C. Network ACLs D. Amazon CloudWatch E. AWS CloudTrail Correct Answer: AC Question:60 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service can identify when an Amazon EC2 instance was terminated? A. AWS Identity and Access Management (IAM) B. AWS CloudTrail C. AWS Compute Optimizer D. Amazon EventBridge Correct Answer: B Question:61 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is a fully managed MySQL-compatible database? A. Amazon S3 B. Amazon DynamoDB C. Amazon Redshift D. Amazon Aurora Correct Answer: D Question:62 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-location environments, or on-premises facilities? A. AWS Snowmobile B. AWS Local Zones C. AWS Outposts D. AWS Fargate Correct Answer: C Question:63 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)? A. Amazon DynamoDB B. Amazon Athena C. Amazon RDS D. Amazon EMR Correct Answer: C Question:64 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections. Which AWS services can the company use to meet these requirements? (Choose two.) A. Amazon Connect B. Amazon AppStream 2.0 C. Amazon WorkSpaces D. AWS Site-to-Site VPN E. Amazon Elastic Container Service (Amazon ECS) Correct Answer: BC Question:65 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports. Which AWS service will meet this requirement? A. AWS Trusted Advisor B. Amazon CloudWatch C. Amazon GuardDuty D. AWS Health Dashboard Correct Answer: A Question:66 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service is a key-value database that provides sub-millisecond latency on a large scale? A. Amazon DynamoDB B. Amazon Aurora C. Amazon DocumentDB (with MongoDB compatibility) D. Amazon Neptune Correct Answer: A Question:67 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is deploying a machine learning (ML) research project that will require a lot of compute power over several months. The ML processing jobs do not need to run at specific times. Which Amazon EC2 instance purchasing option will meet these requirements at the lowest cost? A. On-Demand Instances B. Spot Instances C. Reserved Instances D. Dedicated Instances Correct Answer: B Question:68 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.) A. EC2 Reserved Instances B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots D. AWS Shield E. Amazon GuardDuty Correct Answer: BC Question:69 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service provides command line access to AWS tools and resources directly from a web browser? A. AWS CloudHSM B. AWS CloudShell C. Amazon WorkSpaces D. AWS Cloud Map Correct Answer: B Question:70 CLF-C02: Actual Exam Q&A | CLEARCATNET A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time. Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number? A. VPC endpoints B. AWS Transit Gateway C. Amazon Route 53 D. AWS Secrets Manager Correct Answer: B Question:71 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks ahead of a new product launch. Which AWS Support plan offers guidance and support for this kind of event at no additional charge? A. AWS Business Support B. AWS Basic Support C. AWS Developer Support D. AWS Enterprise Support Correct Answer: D Question:72 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to establish a schedule for rotating database user credentials. Which AWS service will support this requirement with the LEAST amount of operational overhead? A. AWS Systems Manager B. AWS Secrets Manager C. AWS License Manager D. AWS Managed Services Correct Answer: B Question:73 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload? A. Amazon Route 53 B. Amazon Macie C. AWS Direct Connect D. AWS PrivateLink Correct Answer: C Question:74 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service is used to provide encryption for Amazon EBS? A. AWS Certificate Manager B. AWS Systems Manager C. AWS KMS D. AWS Config Correct Answer: C Question:75 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to manage its AWS Cloud resources through a web interface. Which AWS service will meet this requirement? A. AWS Management Console B. AWS CLI C. AWS SDK D. AWS Cloud9 Correct Answer: A Question:76 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following are advantages of the AWS Cloud? (Choose two.) A. Trade variable expenses for capital expenses B. High economies of scale C. Launch globally in minutes D. Focus on managing hardware infrastructure E. Overprovision to ensure capacity Correct Answer: BC Question:77 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime? A. Agility B. Elasticity C. Scalability D. High availability Correct Answer: D Question:78 CLF-C02: Actual Exam Q&A | CLEARCATNET A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion. Which AWS service should the developer use to meet these requirements? A. AWS Ground Station B. AWS Shield C. AWS IoT Device Defender D. AWS CloudFormation Correct Answer: D Question:79 CLF-C02: Actual Exam Q&A | CLEARCATNET Which task is the customer’s responsibility, according to the AWS shared responsibility model? A. Maintain the security of the AWS Cloud. B. Configure firewalls and networks. C. Patch the operating system of Amazon RDS instances. D. Implement physical and environmental controls. Correct Answer: B Question:80 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service helps deliver highly available applications with fast failover for multi-Region and Multi- AZ architectures? A. AWS WAF B. AWS Global Accelerator C. AWS Shield D. AWS Direct Connect Correct Answer: B Question:81 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has a set of ecommerce applications. The applications need to be able to send messages to each other. Which AWS service meets this requirement? A. AWS Auto Scaling B. Elastic Load Balancing C. Amazon Simple Queue Service (Amazon SQS) D. Amazon Kinesis Data Streams Correct Answer: C Question:82 CLF-C02: Actual Exam Q&A | CLEARCATNET What are the benefits of consolidated billing for AWS Cloud services? (Choose two.) A. Volume discounts B. A minimal additional fee for use C. One bill for multiple accounts D. Installment payment options E. Custom cost and usage budget creation Correct Answer: AC Question:83 CLF-C02: Actual Exam Q&A | CLEARCATNET A user wants to review all Amazon S3 buckets with ACLs and S3 bucket policies in the S3 console. Which AWS service or resource will meet this requirement? A. S3 Multi-Region Access Points B. S3 Storage Lens C. AWS IAM Identity Center (AWS Single Sign-On) D. Access Analyzer for S3 Correct Answer: D Question:84 CLF-C02: Actual Exam Q&A | CLEARCATNET What is the best resource for a user to find compliance-related information and reports about AWS? A. AWS Artifact B. AWS Marketplace C. Amazon Inspector D. AWS Support Correct Answer: A Question:85 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service enables companies to deploy an application close to end users? A. Amazon CloudFront B. AWS Auto Scaling C. AWS AppSync D. Amazon Route 53 Correct Answer: A Question:86 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature improves network performance by sending traffic through the AWS worldwide network infrastructure? A. Route table B. AWS Transit Gateway C. AWS Global Accelerator D. Amazon VPC Correct Answer: C Question:87 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service provides highly durable object storage? A. Amazon S3 B. Amazon Elastic File System (Amazon EFS) C. Amazon Elastic Block Store (Amazon EBS) D. Amazon FSx Correct Answer: A Question:88 CLF-C02: Actual Exam Q&A | CLEARCATNET Which responsibility belongs to AWS when a company hosts its databases on Amazon EC2 instances? A. Database backups B. Database software patches C. Operating system patches D. Operating system installations Correct Answer: D Question:89 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following are advantages of moving to the AWS Cloud? (Choose two.) A. The ability to turn over the responsibility for all security to AWS. B. The ability to use the pay-as-you-go model. C. The ability to have full control over the physical infrastructure. D. No longer having to guess what capacity will be required. E. No longer worrying about users access controls. Correct Answer: BD Question:90 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service is a hybrid cloud storage service that provides on-premises users access to virtually unlimited cloud storage? A. AWS DataSync B. Amazon S3 Glacier C. AWS Storage Gateway D. Amazon Elastic Block Store (Amazon EBS) Correct Answer: C Question:91 CLF-C02: Actual Exam Q&A | CLEARCATNET A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases. Which AWS service or tool can the company use to meet these requirements? A. AWS Pricing Calculator B. Amazon CloudWatch C. AWS Cost Explorer D. AWS Budgets Correct Answer: A Question:92 CLF-C02: Actual Exam Q&A | CLEARCATNET Which tool should a developer use to integrate AWS service features directly into an application? A. AWS Software Development Kit B. AWS CodeDeploy C. AWS Lambda D. AWS Batch Correct Answer: A Question:93 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is a recommended design principle of the AWS Well-Architected Framework? A. Reduce downtime by making infrastructure changes infrequently and in large increments. B. Invest the time to configure infrastructure manually. C. Learn to improve from operational failures. D. Use monolithic application design for centralization. Correct Answer: C Question:94 CLF-C02: Actual Exam Q&A | CLEARCATNET Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as: A. restricted access. B. as-needed access. C. least privilege access. D. token access. Correct Answer: C Question:95 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet? A. Security group B. AWS WAF C. AWS Firewall Manager D. Network ACL Correct Answer: D Question:96 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to operate a data warehouse to analyze data without managing the data warehouse infrastructure. Which AWS service will meet this requirement? A. Amazon Aurora B. Amazon Redshift Serverless C. AWS Lambda D. Amazon RDS Correct Answer: B Question:97 CLF-C02: Actual Exam Q&A | CLEARCATNET How does AWS Cloud computing help businesses reduce costs? (Choose two.) A. AWS charges the same prices for services in every AWS Region. B. AWS enables capacity to be adjusted on demand. C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week. D. AWS does not charge for data sent from the AWS Cloud to the internet. E. AWS eliminates many of the costs of building and maintaining on-premises data centers. Correct Answer: BE Question:98 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources. Which AWS service will meet this requirement? A. IAM group B. IAM role C. IAM tag D. IAM Access Analyzer Correct Answer: B Question:99 CLF-C02: Actual Exam Q&A | CLEARCATNET Which task is the responsibility of AWS when using AWS services? A. Management of IAM user permissions B. Creation of security group rules for outbound access C. Maintenance of physical and environmental controls D. Application of Amazon EC2 operating system patches Correct Answer: C Question:100 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to automate infrastructure deployment by using infrastructure as code (IaC). The company wants to scale production stacks so the stacks can be deployed in multiple AWS Regions. Which AWS service will meet these requirements? A. Amazon CloudWatch B. AWS Config C. AWS Trusted Advisor D. AWS CloudFormation Correct Answer: D Question:101 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is an AWS Cloud Adoption Framework (AWS CAF) platform perspective capability? A. Data architecture B. Data protection C. Data governance D. Data science Correct Answer: A Question:102 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is running a workload in the AWS Cloud. Which AWS best practice ensures the MOST cost-effective architecture for the workload? A. Loose coupling B. Rightsizing C. Caching D. Redundancy Correct Answer: B Question:103 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing backup workflows. Which AWS service should the company use to meet these requirements? A. Amazon Elastic Block Store (Amazon EBS) B. AWS Storage Gateway C. Amazon Elastic Container Service (Amazon ECS) D. AWS Lambda Correct Answer: B Question:104 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS tool gives users the ability to plan their service usage, service costs, and instance reservations, and also allows them to set custom alerts when their costs or usage exceed established thresholds? A. Cost Explorer B. AWS Budgets C. AWS Cost and Usage Report D. Reserved Instance reporting Correct Answer: B Question:105 CLF-C02: Actual Exam Q&A | CLEARCATNET Which tasks are the customer’s responsibility, according to the AWS shared responsibility model? (Choose two.) A. Establish the global infrastructure. B. Perform client-side data encryption. C. Configure IAM credentials. D. Secure edge locations. E. Patch Amazon RDS DB instances. Correct Answer: BC Question:106 CLF-C02: Actual Exam Q&A | CLEARCATNET A developer has been hired by a large company and needs AWS credentials. Which are security best practices that should be followed? (Choose two.) A. Grant the developer access to only the AWS resources needed to perform the job. B. Share the AWS account root user credentials with the developer. C. Add the developer to the administrator’s group in AWS IAM. D. Configure a password policy that ensures the developer’s password cannot be changed. E. Ensure the account password policy requires a minimum length. Correct Answer: AE Question:107 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has multiple AWS accounts that include compute workloads that cannot be interrupted. The company wants to obtain billing discounts that are based on the company’s use of AWS services. Which AWS feature or purchasing option will meet these requirements? A. Resource tagging B. Consolidated billing C. Pay-as-you-go pricing D. Spot Instances Correct Answer: B Question:108 CLF-C02: Actual Exam Q&A | CLEARCATNET A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure. Which AWS service or feature should be used? A. Security groups B. AWS Firewall Manager C. IAM roles D. IAM user SSH keys Correct Answer: C Question:109 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants a fully managed Windows file server for its Windows-based applications. Which AWS service will meet this requirement? A. Amazon FSx B. Amazon Elastic Kubernetes Service (Amazon EKS) C. Amazon Elastic Container Service (Amazon ECS) D. Amazon EMR Correct Answer: A Question:110 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to migrate its NFS on-premises workload to AWS. Which AWS Storage Gateway type should the company use to meet this requirement? A. Tape Gateway B. Volume Gateway C. Amazon FSx File Gateway D. Amazon S3 File Gateway Correct Answer: D Question:111 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources. Which AWS tool or service can be used to meet these requirements? A. Amazon CloudWatch B. Amazon Inspector C. AWS CloudTrail D. AWS IAM Correct Answer: C Question:112 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has an uninterruptible application that runs on Amazon EC2 instances. The application constantly processes a backlog of files in an Amazon Simple Queue Service (Amazon SQS) queue. This usage is expected to continue to grow for years. What is the MOST cost-effective EC2 instance purchasing model to meet these requirements? A. Spot Instances B. On-Demand Instances C. Savings Plans D. Dedicated Hosts Correct Answer: C Question:113 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants an AWS service to provide product recommendations based on its customer data. Which AWS service will meet this requirement? A. Amazon Polly B. Amazon Personalize C. Amazon Comprehend D. Amazon Rekognition Correct Answer: B Question:114 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is planning its migration to the AWS Cloud. The company is identifying its capability gaps by using the AWS Cloud Adoption Framework (AWS CAF) perspectives. Which phase of the cloud transformation journey includes these identification activities? A. Envision B. Align C. Scale D. Launch Correct Answer: B Question:115 CLF-C02: Actual Exam Q&A | CLEARCATNET A social media company wants to protect its web application from common web exploits such as SQL injections and cross-site scripting. Which AWS service will meet these requirements? A. Amazon Inspector B. AWS WAF C. Amazon GuardDuty D. Amazon CloudWatch Correct Answer: B Question:116 CLF-C02: Actual Exam Q&A | CLEARCATNET Which fully managed AWS service assists with the creation, testing, and management of custom Amazon EC2 images? A. EC2 Image Builder B. Amazon Machine Image (AMI) C. AWS Launch Wizard D. AWS Elastic Beanstalk Correct Answer: A Question:117 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants an automated process to continuously scan its Amazon EC2 instances for software vulnerabilities. Which AWS service will meet these requirements? A. Amazon GuardDuty B. Amazon Inspector C. Amazon Detective D. Amazon Cognito Correct Answer: B Question:118 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to perform data processing once a week that typically takes about 5 hours to complete. Which AWS service should the company use for this workload? A. AWS Lambda B. Amazon EC2 C. AWS CodeDeploy D. AWS Wavelength Correct Answer: B Question:119 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature provides log information of the inbound and outbound traffic on network interfaces in a VPC? A. Amazon CloudWatch Logs B. AWS CloudTrail C. VPC Flow Logs D. AWS Identity and Access Management (IAM) Correct Answer: C Question:120 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to design a centralized storage system to manage the configuration data and passwords for its critical business applications. Which AWS service or capability will meet these requirements MOST cost-effectively? A. AWS Systems Manager Parameter Store B. AWS Secrets Manager C. AWS Config D. Amazon S3 Correct Answer: A Question:121 CLF-C02: Actual Exam Q&A | CLEARCATNET A company plans to deploy containers on AWS. The company wants full control of the compute resources that host the containers. Which AWS service will meet these requirements? A. Amazon Elastic Kubernetes Service (Amazon EKS) B. AWS Fargate C. Amazon EC2 D. Amazon Elastic Container Service (Amazon ECS) Correct Answer: C Question:122 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts? A. AWS Identity and Access Management (IAM) B. AWS Trusted Advisor C. AWS CloudFormation D. AWS Organizations Correct Answer: D Question:123 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to store and retrieve files in Amazon S3 for its existing on-premises applications by using industry-standard file system protocols. Which AWS service will meet these requirements? A. AWS DataSync B. AWS Snowball Edge C. Amazon S3 File Gateway D. AWS Transfer Family Correct Answer: C Question:124 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to block SQL injection attacks. Which AWS service or feature should the company use to meet this requirement? A. AWS WAF B. Network ACLs C. Security groups D. AWS Certificate Manager (ACM) Correct Answer: A Question:125 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants a unified tool to provide a consistent method to interact with AWS services. Which AWS service or tool will meet this requirement? A. AWS CLI B. Amazon Elastic Container Service (Amazon ECS) C. AWS Cloud9 D. AWS Virtual Private Network (AWS VPN) Correct Answer: A Question:126 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to evaluate its AWS environment and provide best practice recommendations in five categories: cost, performance, service limits, fault tolerance and security. Which AWS service can the company use to meet these requirements? A. AWS Shield B. AWS WAF C. AWS Trusted Advisor D. AWS Service Catalog Correct Answer: C Question:127 CLF-C02: Actual Exam Q&A | CLEARCATNET Which perspective in the AWS Cloud Adoption Framework (AWS CAF) includes capabilities for configuration management and patch management? A. Platform B. Operations C. Security D. Governance Correct Answer: B Question:128 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has a compute workload that is steady, predictable, and uninterruptible. Which Amazon EC2 instance purchasing options meet these requirements MOST cost-effectively? (Choose two.) A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Saving Plans E. Dedicated Hosts Correct Answer: BD Question:129 CLF-C02: Actual Exam Q&A | CLEARCATNET Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptible workload that runs once a year for 24 hours? A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Dedicated Instances Correct Answer: A Question:130 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility model? A. Configuration of Amazon EC2 instance operating systems B. Application file system server-side encryption C. Patch management D. Security of the physical infrastructure Correct Answer: C Question:131 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to migrate its on-premises workloads to the AWS Cloud. The company wants to separate workloads for chargeback to different departments. Which AWS services or features will meet these requirements? (Choose two.) A. Placement groups B. Consolidated billing C. Edge locations D. AWS Config E. Multiple AWS accounts Correct Answer: BE Question:132 CLF-C02: Actual Exam Q&A | CLEARCATNET Which task is a responsibility of AWS, according to the AWS shared responsibility model? A. Enable client-side encryption for objects that are stored in Amazon S3. B. Configure IAM security policies to comply with the principle of least privilege. C. Patch the guest operating system on an Amazon EC2 instance. D. Apply updates to the Nitro Hypervisor. Correct Answer: D Question:133 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a benefit of using AWS for cloud computing? A. Trade variable expense for fixed expense B. Pay-as-you-go pricing C. Decreased speed and agility D. Spending money running and maintaining data centers Correct Answer: B Question:134 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is an AWS Cloud Adoption Framework (AWS CAF) business perspective capability? A. Culture evolution B. Event management C. Data monetization D. Platform architecture Correct Answer: C Question:135 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is assessing its AWS Business Support plan to determine if the plan still meets the company’s needs. The company is considering switching to AWS Enterprise Support. Which additional benefit will the company receive with AWS Enterprise Support? A. A full set of AWS Trusted Advisor checks B. Phone, email, and chat access to cloud support engineers 24 hours a day, 7 days a week C. A designated technical account manager (TAM) to assist in monitoring and optimization D. A consultative review and architecture guidance for the company’s applications Correct Answer: C Question:136 CLF-C02: Actual Exam Q&A | CLEARCATNET Which pricing model will interrupt a running Amazon EC2 instance if capacity becomes temporarily unavailable? A. On-Demand Instances B. Standard Reserved Instances C. Spot Instances D. Convertible Reserved Instances Correct Answer: C Question:137 CLF-C02: Actual Exam Q&A | CLEARCATNET Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Choose two.) A. Observability B. Incident and problem management C. Incident response D. Infrastructure protection E. Availability and continuity Correct Answer: CD Question:138 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to run its workload on Amazon EC2 instances for more than 1 year. This workload will run continuously. Which option offers a discounted hourly rate compared to the hourly rate of On-Demand Instances? A. AWS Graviton processor B. Dedicated Hosts C. EC2 Instance Savings Plans D. Amazon EC2 Auto Scaling instances Correct Answer: C Question:139 CLF-C02: Actual Exam Q&A | CLEARCATNET Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity? A. Agility B. Elasticity C. Reliability D. Durability Correct Answer: B Question:140 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS services can a company use to achieve a loosely coupled architecture? (Choose two.) A. Amazon WorkSpaces B. Amazon Simple Queue Service (Amazon SQS) C. Amazon Connect D. AWS Trusted Advisor E. AWS Step Functions Correct Answer: BE Question:141 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS Cloud service can send alerts to customers if custom spending thresholds are exceeded? A. AWS Budgets B. AWS Cost Explorer C. AWS Cost Allocation Tags D. AWS Organizations Correct Answer: A Question:142 CLF-C02: Actual Exam Q&A | CLEARCATNET A company plans to migrate to the AWS Cloud. The company wants to use the AWS Cloud Adoption Framework (AWS CAF) to define and track business outcomes as part of its cloud transformation journey. Which AWS CAF governance perspective capability will meet these requirements? A. Benefits management B. Risk management C. Application portfolio management D. Cloud financial management Correct Answer: A Question:143 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to quickly and securely move files over long distances between its client and an Amazon S3 bucket. Which S3 feature will meet this requirement? A. S3 Versioning B. S3 Transfer Acceleration C. S3ACLs D. S3 Intelligent-Tiering Correct Answer: B Question:144 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to continuously run an experimental workload on an Amazon EC2 instance and stop the instance after 12 hours. Which instance purchasing option will meet this requirement MOST cost-effectively? A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Dedicated Instances Correct Answer: A Question:145 CLF-C02: Actual Exam Q&A | CLEARCATNET Which cloud transformation journey phase of the AWS Cloud Adoption Framework (AWS CAF) focuses on demonstrating how the cloud helps accelerate business outcomes? A. Scale B. Envision C. Align D. Launch Correct Answer: B Question:146 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is a customer responsibility under the AWS shared responsibility model? A. Maintenance of underlying hardware of Amazon EC2 instances B. Application data security C. Physical security of data centers D. Maintenance of VPC components Correct Answer: B Question:147 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants its Amazon EC2 instances to operate in a highly available environment, even if there is a natural disaster in a particular geographic area. Which approach will achieve this goal? A. Use EC2 instances in multiple AWS Regions. B. Use EC2 instances in multiple Amazon CloudFront locations. C. Use EC2 instances in multiple edge locations. D. Use EC2 instances in AWS Local Zones. Correct Answer: A Question:148 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to modernize and convert a monolithic application into microservices. The company wants to move the application to AWS. Which migration strategy should the company use? A. Rehost B. Replatform C. Repurchase D. Refactor Correct Answer: D Question:149 CLF-C02: Actual Exam Q&A | CLEARCATNET A systems administrator created a new IAM user for a developer and assigned the user an access key instead of a user name and password. What is the access key used for? A. To access the AWS account as the AWS account root user B. To access the AWS account through the AWS Management Console C. To access the AWS account through a CLI D. To access all of a company’s AWS accounts Correct Answer: C Question:150 CLF-C02: Actual Exam Q&A | CLEARCATNET Which option is an environment that consists of one or more data centers? A. Amazon CloudFront B. Availability Zone C. VPC D. AWS Outposts Correct Answer: B Question:151 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is moving an on-premises data center to the AWS Cloud. The company must migrate 50 petabytes of file storage data to AWS with the least possible operational overhead. Which AWS service or resource should the company use to meet these requirements? A. AWS Snowmobile B. AWS Snowball Edge C. AWS Data Exchange D. AWS Database Migration Service (AWS DMS) Correct Answer: A Question:152 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has an application with robust hardware requirements. The application must be accessed by students who are using lightweight, low-cost laptops. Which AWS service will help the company deploy the application without investing in backend infrastructure or high-end client hardware? A. Amazon AppStream 2.0 B. AWS AppSync C. Amazon WorkLink D. AWS Elastic Beanstalk Correct Answer: A Question:153 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to query its server logs to gain insights about its customers’ experiences. Which AWS service will store this data MOST cost-effectively? A. Amazon Aurora B. Amazon Elastic File System (Amazon EFS) C. Amazon Elastic Block Store (Amazon EBS) D. Amazon S3 Correct Answer: D Question:154 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is a recommended design principle for AWS Cloud architecture? A. Design tightly coupled components. B. Build a single application component that can handle all the application functionality. C. Make large changes on fewer iterations to reduce chances of failure. D. Avoid monolithic architecture by segmenting workloads. Correct Answer: D Question:155 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service helps users audit API activity across their AWS account? A. AWS CloudTrail B. Amazon Inspector C. AWS WAF D. AWS Config Correct Answer: A Question:156 CLF-C02: Actual Exam Q&A | CLEARCATNET Which task is a customer’s responsibility, according to the AWS shared responsibility model? A. Management of the guest operating systems B. Maintenance of the configuration of infrastructure devices C. Management of the host operating systems and virtualization D. Maintenance of the software that powers Availability Zones Correct Answer: A Question:157 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynamically. Which service or feature will meet these requirements? A. Amazon DynamoDB B. Amazon EC2 Spot Instances C. AWS Snow Family D. Amazon EC2 Auto Scaling Correct Answer: D Question:158 CLF-C02: Actual Exam Q&A | CLEARCATNET A user wants to securely automate the management and rotation of credentials that are shared between applications, while spending the least amount of time on managing tasks. Which AWS service or feature can be used to accomplish this? A. AWS CloudHSM B. AWS Key Management Service (AWS KMS) C. AWS Secrets Manager D. Server-side encryption Correct Answer: C Question:159 CLF-C02: Actual Exam Q&A | CLEARCATNET Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS? A. Amazon GuardDuty B. Amazon Macie C. Amazon Inspector D. AWS Shield Correct Answer: B Question:160 CLF-C02: Actual Exam Q&A | CLEARCATNET Which actions are best practices for an AWS account root user? (Choose two.) A. Share root user credentials with team members. B. Create multiple root users for the account, separated by environment. C. Enable multi-factor authentication (MFA) on the root user. D. Create an IAM user with administrator privileges for daily administrative tasks, instead of using the root user. E. Use programmatic access instead of the root user and password. Correct Answer: CD Question:161 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is running a critical workload on an Amazon RDS DB instance. The company needs the DB instance to be highly available with a recovery time of less than 5 minutes. Which solution will meet these requirements? A. Create a read replica of the DB instance. B. Create a template of the DB instance by using AWS CloudFormation. C. Take frequent snapshots of the DB instance. Store the snapshots in Amazon S3. D. Modify the DB instance to be a Multi-AZ deployment. Correct Answer: D Question:162 CLF-C02: Actual Exam Q&A | CLEARCATNET A company plans to migrate its application to AWS and run the application on Amazon EC2 instances. The application will have continuous usage for 1 year. Which EC2 instance purchasing option will meet these requirements MOST cost-effectively? A. Reserved Instances B. Spot Instances C. On-Demand Instances D. Dedicated Hosts Correct Answer: A Question:163 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to transfer data between an Amazon S3 bucket and an on-premises application. Who is responsible for the security of this data, according to the AWS shared responsibility model? A. The company B. AWS C. Firewall vendor D. AWS Marketplace partner Correct Answer: A Question:164 CLF-C02: Actual Exam Q&A | CLEARCATNET Which pillar of the AWS Well-Architected Framework refers to the ability of a system to recover from infrastructure or service disruptions and dynamically acquire computing resources to meet demand? A. Security B. Reliability C. Performance efficiency D. Cost optimization Correct Answer: B Question:165 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to identify Amazon S3 buckets that are shared with another AWS account. Which AWS service or feature will meet these requirements? A. AWS Lake Formation B. IAM credential report C. Amazon CloudWatch D. IAM Access Analyzer Correct Answer: D Question:166 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service gives users the ability to build interactive business intelligence dashboards that include machine learning insights? A. Amazon Athena B. Amazon Kendra C. Amazon QuickSight D. Amazon Redshift Correct Answer: C Question:167 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is an AWS value proposition that describes a user’s ability to scale infrastructure based on demand? A. Speed of innovation B. Resource elasticity C. Decoupled architecture D. Global deployment Correct Answer: B Question:168 CLF-C02: Actual Exam Q&A | CLEARCATNET Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket? A. Enable S3 Cross-Region Replication (CRR) on the S3 bucket. B. Use IAM roles for applications that require access to the S3 bucket. C. Configure AWS WAF to prevent unauthorized access to the S3 bucket. D. Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket. Correct Answer: B Question:169 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to know more about the benefits offered by cloud computing. The company wants to understand the operational advantage of agility. How does AWS provide agility for users? A. The ability the ensure high availability by deploying workloads to multiple regions B. A pay-as-you-go model for many services and resources C. The ability to transfer infrastructure management to the AWS Cloud D. The ability to provision and deprovision resources quickly with minimal effort Correct Answer: D Question:170 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs a central user portal so that users can log in to third-party business applications that support Security Assertion Markup Language (SAML) 2.0. Which AWS service will meet this requirement? A. AWS Identity and Access Management (IAM) B. Amazon Cognito C. AWS IAM Identity Center (AWS Single Sign-On) D. AWS CLI Correct Answer: B Question:171 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service should users use to learn about AWS service availability and operations? A. Amazon EventBridge B. AWS Service Catalog C. AWS Control Tower D. AWS Health Dashboard Correct Answer: D Question:172 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or tool can be used to capture information about inbound and outbound traffic in an Amazon VPC? A. VPC Flow Logs B. Amazon Inspector C. VPC endpoint services D. NAT gateway Correct Answer: A Question:173 CLF-C02: Actual Exam Q&A | CLEARCATNET What is the customer ALWAYS responsible for managing, according to the AWS shared responsibility model? A. Software licenses B. Networking C. Customer data D. Encryption keys Correct Answer: C Question:174 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service can be used to retrieve compliance reports on demand? A. AWS Secrets Manager B. AWS Artifact C. AWS Security Hub D. AWS Certificate Manager Correct Answer: B Question:175 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service enables users to check for vulnerabilities on Amazon EC2 instances by using predefined assessment templates? A. AWS WAF B. AWS Trusted Advisor C. Amazon Inspector D. AWS Shield Correct Answer: C Question:176 CLF-C02: Actual Exam Q&A | CLEARCATNET A company plans to migrate to the AWS Cloud. The company is gathering information about its on- premises infrastructure and requires information such as the hostname, IP address, and MAC address. Which AWS service will meet these requirements? A. AWS DataSync B. AWS Application Migration Service C. AWS Application Discovery Service D. AWS Database Migration Service (AWS DMS) Correct Answer: C Question:177 CLF-C02: Actual Exam Q&A | CLEARCATNET Which action will help increase security in the AWS Cloud? A. Enable programmatic access for all IAM users. B. Use IAM users instead of IAM roles to delegate permissions. C. Rotate access keys on a reoccurring basis. D. Use inline policies instead of customer managed policies. Correct Answer: C Question:178 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is planning to migrate its application to the AWS Cloud. Which AWS tool or set of resources should the company use to analyze and assess its readiness for migration? A. AWS Cloud Adoption Framework (AWS CAF) B. AWS Pricing Calculator C. AWS Well-Architected Framework D. AWS Budgets Correct Answer: A Question:179 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following describes some of the core functionality of Amazon S3? A. Amazon S3 is a high-performance block storage service that is designed for use with Amazon EC2. B. Amazon S3 is an object storage service that provides high-level performance, security, scalability, and data availability. C. Amazon S3 is a fully managed, highly reliable, and scalable file storage system that is accessible over the industry-standard SMB protocol. D. Amazon S3 is a scalable, fully managed elastic NFS for use with AWS Cloud services and on- premises resources. Correct Answer: B Question:180 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses? A. High availability B. Economies of scale C. Pay-as-you-go pricing D. Global reach Correct Answer: C Question:181 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS services or features enable users to connect on-premises networks to a VPC? (Choose two.) A. AWS VPN B. Elastic Load Balancing C. AWS Direct Connect D. VPC peering E. Amazon CloudFront Correct Answer: AC Question:182 CLF-C02: Actual Exam Q&A | CLEARCATNET A user needs to quickly deploy a nonrelational database on AWS. The user does not want to manage the underlying hardware or the database software. Which AWS service can be used to accomplish this? A. Amazon RDS B. Amazon DynamoDB C. Amazon Aurora D. Amazon Redshift Correct Answer: B Question:183 CLF-C02: Actual Exam Q&A | CLEARCATNET Which actions are examples of a company’s effort to rightsize its AWS resources to control cloud costs? (Choose two.) A. Switch from Amazon RDS to Amazon DynamoDB to accommodate NoSQL datasets. B. Base the selection of Amazon EC2 instance types on past utilization patterns. C. Use Amazon S3 Lifecycle policies to move objects that users access infrequently to lower-cost storage tiers. D. Use Multi-AZ deployments for Amazon RDS. E. Replace existing Amazon EC2 instances with AWS Elastic Beanstalk. Correct Answer: BC Question:184 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature can a company use to apply security rules to specific Amazon EC2 instances? A. Network ACLs B. Security groups C. AWS Trusted Advisor D. AWS WAF Correct Answer: B Question:185 CLF-C02: Actual Exam Q&A | CLEARCATNET Which design principles support the reliability pillar of the AWS Well-Architected Framework? (Choose two.) A. Perform operations as code. B. Enable traceability. C. Automatically scale to meet demand. D. Deploy resources globally to improve response time. E. Automatically recover from failure. Correct Answer: CE Question:186 CLF-C02: Actual Exam Q&A | CLEARCATNET A company that uses AWS needs to transfer 2 TB of data. Which type of transfer of that data would result in no cost for the company? A. Inbound data transfer from the internet B. Outbound data transfer to the internet C. Data transfer between AWS Regions D. Data transfer between Availability Zones Correct Answer: A Question:187 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to create templates that the company can reuse to deploy multiple AWS resources. Which AWS service or feature can the company use to meet this requirement? A. AWS Marketplace B. Amazon Machine Image (AMI) C. AWS CloudFormation D. AWS OpsWorks Correct Answer: C Question:188 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is building an application that requires the ability to send, store, and receive messages between application components. The company has another requirement to process messages in first-in, first-out (FIFO) order. Which AWS service should the company use? A. AWS Step Functions B. Amazon Simple Notification Service (Amazon SNS) C. Amazon Kinesis Data Streams D. Amazon Simple Queue Service (Amazon SQS) Correct Answer: D Question:189 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature is a browser-based, pre-authenticated service that can be launched directly from the AWS Management Console? A. AWS API B. AWS Lightsail C. AWS Cloud9 D. AWS CloudShell Correct Answer: D Question:190 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL. Which AWS services will meet these requirements? (Choose two.) A. Amazon Athena B. Amazon RDS C. Amazon EC2 D. Amazon DynamoDB E. Amazon Aurora Correct Answer: BE Question:191 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has a fleet of cargo ships. The cargo ships have sensors that collect data at sea, where there is intermittent or no internet connectivity. The company needs to collect, format, and process the data at sea and move the data to AWS later. Which AWS service should the company use to meet these requirements? A. AWS IoT Core B. Amazon Lightsail C. AWS Storage Gateway D. AWS Snowball Edge Correct Answer: D Question:192 CLF-C02: Actual Exam Q&A | CLEARCATNET A company hosts an application on multiple Amazon EC2 instances. The application uses Amazon Simple Notification Service (Amazon SNS) to send messages. Which AWS service or feature will give the application permission to access required AWS services? A. AWS Certificate Manager (ACM) B. IAM roles C. AWS Security Hub D. Amazon GuardDuty Correct Answer: B Question:193 CLF-C02: Actual Exam Q&A | CLEARCATNET A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in the AWS Cloud. Which service should be used to deploy the application? A. AWS CloudFormation B. AWS Elastic Beanstalk C. Amazon EC2 D. AWS OpsWorks Correct Answer: B Question:194 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds. Which AWS service meets these requirements? A. Amazon CloudFront B. Elastic Load Balancing C. Amazon S3 D. Amazon Elastic Transcoder Correct Answer: A Question:195 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to use third-party software for its workload on AWS. Which AWS service or feature can the company use to purchase the software? A. AWS Resource Access Manager B. AWS Managed Services C. AWS License Manager D. AWS Marketplace Correct Answer: D Question:196 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs fully managed, highly reliable, and scalable file storage that is accessible over the Server Message Block (SMB) protocol. Which AWS service will meet these requirements? A. Amazon S3 B. Amazon Elastic File System (Amazon EFS) C. Amazon FSx for Windows File Server D. Amazon Elastic Block Store (Amazon EBS) Correct Answer: C Question:197 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to centrally configure and manage Amazon VPC security groups across multiple AWS accounts within an organization in AWS Organizations. Which AWS service should the company use to meet these requirements? A. AWS Firewall Manager B. Amazon GuardDuty C. Amazon Detective D. AWS WAF Correct Answer: A Question:198 CLF-C02: Actual Exam Q&A | CLEARCATNET Which task is a responsibility of AWS, according to the AWS shared responsibility model? A. Configure identity and access management for applications. B. Manage encryption options for data that is stored on AWS. C. Configure security groups for Amazon EC2 instances. D. Maintain the physical hardware of the infrastructure. Correct Answer: D Question:199 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has an Amazon EC2 instance in a private subnet. The company wants to initiate a connection to the internet to pull operating system updates while preventing traffic from the internet from accessing the EC2 instance. Which AWS managed service allows this? A. VPC endpoint B. NAT gateway C. Amazon PrivateLink D. VPC peering Correct Answer: B Question:200 CLF-C02: Actual Exam Q&A | CLEARCATNET Which actions are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.) A. Securing the virtualization layer B. Patching the operating system on Amazon EC2 instances C. Enforcing a strict password policy for IAM users D. Patching the operating system on Amazon RDS instances E. Configuring security groups and network ACLs Correct Answer: AD Question:201 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is storing data that will not be frequently accessed in the AWS Cloud. If the company needs to access the data, the data needs to be retrieved within 12 hours. The company wants a solution that is cost- effective for storage costs for each gigabyte. Which Amazon S3 storage class will meet these requirements? A. S3 Standard B. S3 Glacier Flexible Retrieval C. S3 One Zone-Infrequent Access (S3 One Zone-IA) D. S3 Standard-Infrequent Access (S3 Standard-IA) Correct Answer: B Question:202 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or resource can be used to identify services that have been used by a user within a specified date range? A. Amazon S3 access control lists (ACLs) B. AWS Certificate Manager (ACM) C. Network Access Analyzer D. AWS Identity and Access Management Access Analyzer Correct Answer: D Question:203 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to engage third-party consultants to help maintain and support its AWS environment and the company’s business needs. Which AWS service or resource will meet these requirements? A. AWS Support B. AWS Organizations C. AWS Service Catalog D. AWS Partner Network (APN) Correct Answer: D Question:204 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to create Amazon QuickSight dashboards every week by using its billing data. Which AWS feature or tool can the company use to meet these requirements? A. AWS Budgets B. AWS Cost Explorer C. AWS Cost and Usage Report D. AWS Cost Anomaly Detection Correct Answer: C Question:205 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is planning to move data backups to the AWS Cloud. The company needs to replace on- premises storage with storage that is cloud-based but locally cached. Which AWS service meets these requirements? A. AWS Storage Gateway B. AWS Snowcone C. AWS Backup D. Amazon Elastic File System (Amazon EFS) Correct Answer: A Question:206 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to organize its resources and track AWS costs on a detailed level. The company needs to categorize costs by business department, environment, and application. Which solution will meet these requirements? A. Access the AWS Cost Management console to organize resources, set an AWS budget, and receive notifications of unintentional usage. B. Use tags to organize the resources. Activate cost allocation tags to track AWS costs on a detailed level. C. Create Amazon CloudWatch dashboards to visually organize and track costs individually. D. Access the AWS Billing and Cost Management dashboard to organize and track resource consumption on a detailed level. Correct Answer: B Question:207 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to plan, schedule, and run hundreds of thousands of computing jobs on AWS. Which AWS service can the company use to meet this requirement? A. AWS Step Functions B. AWS Service Catalog C. Amazon Simple Queue Service (Amazon SQS) D. AWS Batch Correct Answer: D Question:208 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS services or features provide high availability and low latency by enabling failover across different AWS Regions? (Choose two.) A. Amazon Route 53 B. Network Load Balancer C. Amazon S3 Transfer Acceleration D. AWS Global Accelerator E. Application Load Balancer Correct Answer: AD Question:209 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following is a way to use Amazon EC2 Auto Scaling groups to scale capacity in the AWS Cloud? A. Scale the number of EC2 instances in or out automatically, based on demand. B. Use serverless EC2 instances. C. Scale the size of EC2 instances up or down automatically, based on demand. D. Transfer unused CPU resources between EC2 instances. Correct Answer: A Question:210 CLF-C02: Actual Exam Q&A | CLEARCATNET Which abilities are benefits of the AWS Cloud? (Choose two.) A. Trade variable expenses for capital expenses. B. Deploy globally in minutes. C. Plan capacity in advance of deployments. D. Take advantage of economies of scale. E. Reduce dependencies on network connectivity. Correct Answer: BD Question:211 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS security service protects applications from distributed denial of service attacks with always-on detection and automatic inline mitigations? A. Amazon Inspector B. AWS Web Application Firewall (AWS WAF) C. Elastic Load Balancing (ELB) D. AWS Shield Correct Answer: D Question:212 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service allows users to model and provision AWS resources using common programming languages? A. AWS CloudFormation B. AWS CodePipeline C. AWS Cloud Development Kit (AWS CDK) D. AWS Systems Manager Correct Answer: C Question:213 CLF-C02: Actual Exam Q&A | CLEARCATNET Which Amazon EC2 instance pricing model can provide discounts of up to 90%? A. Reserved Instances B. On-Demand C. Dedicated Hosts D. Spot Instances Correct Answer: D Question:214 CLF-C02: Actual Exam Q&A | CLEARCATNET Which of the following acts as an instance-level firewall to control inbound and outbound access? A. Network access control list B. Security groups C. AWS Trusted Advisor D. Virtual private gateways Correct Answer: B Question:215 CLF-C02: Actual Exam Q&A | CLEARCATNET A company must be able to develop, test, and launch an application in the AWS Cloud quickly. Which advantage of cloud computing will meet these requirements? A. Stop guessing capacity B. Trade fixed expense for variable expense C. Achieve economies of scale D. Increase speed and agility Correct Answer: D Question:216 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has teams that have different job roles and responsibilities. The company’s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities. Which IAM resource should the company use to meet this requirement with the LEAST operational overhead? A. IAM user groups B. IAM roles C. IAM instance profiles D. IAM policies for individual users Correct Answer: B Question:217 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service can a company use to securely store and encrypt passwords for a database? A. AWS Shield B. AWS Secrets Manager C. AWS Identity and Access Management (IAM) D. Amazon Cognito Correct Answer: B Question:218 CLF-C02: Actual Exam Q&A | CLEARCATNET What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them as evidence to an auditor or regulator? A. AWS Certificate Manager B. AWS Systems Manager C. AWS Artifact D. Amazon Inspector Correct Answer: C Question:219 CLF-C02: Actual Exam Q&A | CLEARCATNET Which encryption types can be used to protect objects at rest in Amazon S3? (Choose two.) A. Server-side encryption with Amazon S3 managed encryption keys (SSE-S3) B. Server-side encryption with AWS KMS managed keys (SSE-KMS) C. TLS D. SSL E. Transparent Data Encryption (TDE) Correct Answer: AB Question:220 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to integrate its online shopping website with social media login credentials. Which AWS service can the company use to make this integration? A. AWS Directory Service B. AWS Identity and Access Management (IAM) C. Amazon Cognito D. AWS IAM Identity Center (AWS Single Sign-On) Correct Answer: C Question:221 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service is used to track, record, and audit configuration changes made to AWS resources? A. AWS Shield B. AWS Config C. AWS IAM D. Amazon Inspector Correct Answer: B Question:222 CLF-C02: Actual Exam Q&A | CLEARCATNET A customer runs an On-Demand Amazon Linux EC2 instance for 3 hours, 5 minutes, and 6 seconds. For how much time will the customer be billed? A. 3 hours, 5 minutes B. 3 hours, 5 minutes, and 6 seconds C. 3 hours, 6 minutes D. 4 hours Correct Answer: B Question:223 CLF-C02: Actual Exam Q&A | CLEARCATNET A company website is experiencing DDoS attacks. Which AWS service can help protect the company website against these attacks? A. AWS Resource Access Manager B. AWS Amplify C. AWS Shield D. Amazon GuardDuty Correct Answer: C Question:224 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the AWS Cloud. Which AWS service or tool will meet these requirements? A. AWS Trusted Advisor B. Amazon Inspector C. AWS Control Tower D. Migration Evaluator Correct Answer: D Question:225 CLF-C02: Actual Exam Q&A | CLEARCATNET A company that has multiple business units wants to centrally manage and govern its AWS Cloud environments. The company wants to automate the creation of AWS accounts, apply service control policies (SCPs), and simplify billing processes. Which AWS service or tool should the company use to meet these requirements? A. AWS Organizations B. Cost Explorer C. AWS Budgets D. AWS Trusted Advisor Correct Answer: A Question:226 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is hosting an application in the AWS Cloud. The company wants to verify that underlying AWS services and general AWS infrastructure are operating normally. Which combination of AWS services can the company use to gather the required information? (Choose two.) A. AWS Personal Health Dashboard B. AWS Systems Manager C. AWS Trusted Advisor D. AWS Service Health Dashboard E. AWS Service Catalog Correct Answer: AD Question:227 CLF-C02: Actual Exam Q&A | CLEARCATNET A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS. Which AWS service or tool should the company use to meet this requirement? A. Cloud Adoption Readiness Tool B. AWS Migration Hub C. AWS Database Migration Service (AWS DMS) D. AWS Application Migration Service Correct Answer: C Question:228 CLF-C02: Actual Exam Q&A | CLEARCATNET Which cloud concept is demonstrated by using AWS Compute Optimizer? A. Security validation B. Rightsizing C. Elasticity D. Global reach Correct Answer: B Question:229 CLF-C02: Actual Exam Q&A | CLEARCATNET A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered sensitive. Which AWS service will meet the requirement? A. Amazon Inspector B. Amazon Macie C. AWS Identity and Access Management (IAM) D. Amazon CloudWatch Correct Answer: B Question:230 CLF-C02: Actual Exam Q&A | CLEARCATNET A user has a stateful workload that will run on Amazon EC2 for the next 3 years. What is the MOST cost-effective pricing model for this workload? A. On-Demand Instances B. Reserved Instances C. Dedicated Instances D. Spot Instances Correct Answer: B Question:231 CLF-C02: Actual Exam Q&A | CLEARCATNET Who enables encryption of data at rest for Amazon Elastic Block Store (Amazon EBS)? A. AWS Support B. AWS customers C. AWS Key Management Service (AWS KMS) D. AWS Trusted Advisor Correct Answer: B Question:232 CLF-C02: Actual Exam Q&A | CLEARCATNET What can a user accomplish using AWS CloudTrail? A. Generate an IAM user credentials report. B. Record API calls made to AWS services. C. Assess the compliance of AWS resource configurations with policies and guidelines. D. Ensure that Amazon EC2 instances are patched with the latest security updates. Correct Answer: B Question:233 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is planning to host its workloads on AWS. Which AWS service requires the company to update and patch the guest operating system? A. Amazon DynamoDB B. Amazon S3 C. Amazon EC2 D. Amazon Aurora Correct Answer: C Question:234 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service or feature will search for and identify AWS resources that are shared externally? A. Amazon OpenSearch Service B. AWS Control Tower C. AWS IAM Access Analyzer D. AWS Fargate Correct Answer: C Question:235 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its applications. Which AWS service should the company use to meet these requirements? A. Amazon DynamoDB B. Amazon EC2 C. AWS Lambda D. Amazon RDS Correct Answer: B Question:236 CLF-C02: Actual Exam Q&A | CLEARCATNET At what support level do users receive access to a support concierge? A. Basic Support B. Developer Support C. Business Support D. Enterprise Support Correct Answer: D Question:237 CLF-C02: Actual Exam Q&A | CLEARCATNET Which AWS service can a company use to visually design and build serverless applications? A. AWS Lambda B. AWS Batch C. AWS Application Composer D. AWS App Runner Correct Answer: C Question:238 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to migrate to AWS and use the same security software it uses on premises. The security software vendor offers its security software as a service on AWS. Where can the company purchase the security solution? A. AWS Partner Solutions Finder B. AWS Support Center C. AWS Management Console D. AWS Marketplace Correct Answer: D Question:239 CLF-C02: Actual Exam Q&A | CLEARCATNET A company has deployed an Amazon EC2 instance. Which option is an AWS responsibility under the AWS shared responsibility model? A. Managing and encrypting application data B. Installing updates and security patches of guest operating system C. Configuration of infrastructure devices D. Configuration of security groups on each instance Correct Answer: C Question:240 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently. Which AWS service or resource will meet these requirements with the LEAST management overhead? A. PostgreSQL on Amazon EC2 B. Amazon RDS for PostgreSQL C. Amazon Aurora PostgreSQL-Compatible Edition D. Amazon Aurora Serverless Correct Answer: D Question:241 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is using Amazon DynamoDB for its application database. Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Choose two.) A. Classify data. B. Configure access permissions. C. Manage encryption options. D. Provide public endpoints to store and retrieve data. E. Manage the infrastructure layer and the operating system. Correct Answer: DE Question:242 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to create a globally accessible ecommerce platform for its customers. The company wants to use a highly available and scalable DNS web service to connect users to the platform. Which AWS service will meet these requirements? A. Amazon EC2 B. Amazon VPC C. Amazon Route 53 D. Amazon RDS Correct Answer: C Question:243 CLF-C02: Actual Exam Q&A | CLEARCATNET Which maintenance task is the customer’s responsibility, according to the AWS shared responsibility model? A. Physical connectivity among Availability Zones B. Network switch maintenance C. Hardware updates and firmware patches D. Amazon EC2 updates and security patches Correct Answer: D Question:244 CLF-C02: Actual Exam Q&A | CLEARCATNET A company wants to improve its security posture by reviewing user activity through API calls. Which AWS service will meet this requirement? A. AWS WAF B. Amazon Detective C. Amazon CloudWatch D. AWS CloudTrail Correct Answer: D Question:245 CLF-C02: Actual Exam Q&A | CLEARCATNET A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to 6 months on AWS. Which pricing model will meet these requirements? A. Use Savings Plans for a 3-year term. B. Use Dedicated Hosts. C. Buy Reserved Instances. D. Use On-Demand Instances. Correct Answer: D Question:246 CLF-C02: Actual Exam Q&A | CLEARCATNET A company that has AWS Enterprise Support is launching a new version of a popular product in 2 months. The company expects a large increase in traffic to its website. The website is hosted on Amazon EC2 instances. Which action should the company take to assess its readiness to scale for this launch? A. Replace the EC2 instances with AWS Lambda functions. B. Use AWS Infrastructure Event Management (IEM) support. C. Submit a request on AWS M
