clf-c02 7
Uploaded by
britorceoclf-c02 7
Uploaded by
britorceoRecommend!!
Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Amazon-Web-Services
Exam Questions CLF-C02
AWS Certified Cloud Practitioner
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
NEW QUESTION 1
- (Topic 3)
A company plans to migrate to the AWS Cloud. The company is gathering information about its on-premises infrastructure and requires information such as the
hostname, IP address, and MAC address.
Which AWS service will meet these requirements?
A. AWS DataSync
B. AWS Application Migration Service
C. AWS Application Discovery Service
D. AWS Database Migration Service (AWS DMS)
Answer: C
Explanation:
AWS Application Discovery Service is a service that helps you plan your migration to the AWS Cloud by collecting usage and configuration data about your on-
premises servers and databases. This data includes information such as the hostname, IP address, and MAC address of each server, as well as the performance
metrics, network connections, and processes running on them. You can use AWS Application Discovery Service to discover your on-premises inventory, map the
dependencies between servers and applications, and estimate the cost and effort of migrating to AWS. You can also export the data to other AWS services, such
as AWS Migration Hub and AWS Database Migration Service, to support your migration tasks. AWS Application Discovery Service offers two ways of performing
discovery: agentless discovery and agent-based discovery. Agentless discovery uses a virtual appliance that you deploy on your VMware vCenter to collect data
from your virtual machines and hosts. Agent-based discovery uses an agent that you install on each of your physical or virtual servers to collect data. You can
choose the method that best suits your environment and needs. AWS DataSync is a service that helps you transfer data between your on-premises storage and
AWS storage services, such as Amazon S3, Amazon EFS, and Amazon FSx for Windows File Server. AWS DataSync does not collect information about your on-
premises infrastructure, but rather focuses on optimizing the data transfer speed, security, and reliability. AWS Application Migration Service is a service that helps
you migrate your applications from your on-premises or cloud environment to AWS without making any changes to the applications, their architecture, or the
migrated servers. AWS Application Migration Service does not collect information about your on- premises infrastructure, but rather uses a lightweight agent to
replicate your servers as Amazon Machine Images (AMIs) and launch them as EC2 instances on AWS. AWS Database Migration Service is a service that helps
you migrate your databases from your on-premises or cloud environment to AWS, either as a one-time migration or as a continuous replication. AWS Database
Migration Service does not collect information about your on-premises infrastructure, but rather uses a source and a target endpoint to connect to your databases
and transfer the data. References: AWS Application Discovery Service, AWS DataSync, AWS Application Migration Service, [AWS Database Migration Service]
NEW QUESTION 2
- (Topic 3)
A company has all of its servers in the us-east-1 Region. The company is considering the deployment of additional servers different Region.
Which AWS tool should the company use to find pricing information for other Regions?
A. Cost Explorer
B. AWS Budgets
C. AWS Purchase Order Management
D. AWS Pricing Calculator
Answer: D
Explanation:
AWS Pricing Calculator lets customers explore AWS services, and create an estimate for the cost of their use cases on AWS. AWS Pricing Calculator can also
compare the costs of different AWS Regions and configurations. Cost Explorer is a tool that enables customers to visualize, understand, and manage their AWS
costs and usage over time.
AWS Budgets gives customers the ability to set custom budgets that alert them when their costs or usage exceed (or are forecasted to exceed) their budgeted
amount. AWS Purchase Order Management is a feature that allows customers to pay for their AWS invoices using purchase orders.
NEW QUESTION 3
- (Topic 3)
A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Select TWO.)
A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Savings Plans
E. Dedicated Hosts
Answer: CD
Explanation:
Reserved Instances (RIs) are a pricing model that allows you to reserve EC2 instances for a specified period of time (one or three years) and receive a significant
discount compared to On-Demand pricing. RIs are suitable for workloads that have predictable usage patterns and require a long-term commitment. You can
choose between three payment options: All Upfront, Partial Upfront, or No Upfront. The more you pay upfront, the greater the discount1.
Savings Plans are a flexible pricing model that can help you reduce your EC2 costs by up to 72% compared to On-Demand pricing, in exchange for a commitment
to a consistent amount of usage (measured in $/hour) for a one or three year term. Savings Plans apply to usage across EC2, AWS Lambda, and AWS Fargate.
You can choose between two types of Savings Plans: Compute Savings Plans and EC2 Instance Savings Plans. Compute Savings Plans offer the most flexibility
and apply to any instance family, size, OS, tenancy, or region. EC2 Instance Savings Plans offer the highest discount and apply to a specific instance family within
a region2.
Spot Instances are a pricing model that allows you to bid for unused EC2 capacity in the AWS cloud and are available at a discount of up to 90% compared to On-
Demand pricing. Spot Instances are suitable for fault-tolerant or stateless workloads that can run on heterogeneous hardware and have flexible start and end
times. However, Spot Instances are not guaranteed and can be interrupted by AWS at any time if the demand for capacity increases or your bid price is lower than
the current Spot price3.
On-Demand Instances are a pricing model that allows you to pay for compute capacity by the hour or second with no long-term commitments. On-Demand
Instances are suitable for short-term, spiky, or unpredictable workloads that cannot be interrupted, or for applications that are being developed or tested on EC2 for
the first time. However, On-Demand Instances are the most expensive option among the four pricing models4.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Dedicated Hosts are physical EC2 servers fully dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-
bound software licenses, such as Windows Server, SQL Server, and SUSE Linux Enterprise Server. Dedicated Hosts can be purchased On-Demand or as part of
Savings Plans. Dedicated Hosts are suitable for workloads that need to run on dedicated physical servers or have strict licensing requirements. However,
Dedicated Hosts are not the lowest cost option among the four pricing models.
NEW QUESTION 4
- (Topic 3)
Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a
standardized format?
A. AWS Security Hub
B. AWS Trusted Advisor
C. Amazon EventBndge
D. Amazon GuardDuty
Answer: A
Explanation:
AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables
automated remediation. Security Hub collects findings from the security services enabled across your AWS accounts, such as intrusion detection findings from
Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings
from partner security products using a standardized AWS Security Finding Format, eliminating the need for time-consuming data parsing and normalization efforts.
Customers can designate an administrator account that can access all findings across their accounts. References: AWS Security Hub Overview, AWS Security
Hub FAQs
NEW QUESTION 5
- (Topic 3)
Which option is a customer responsibility under the AWS shared responsibility model?
A. Maintenance of underlying hardware of Amazon EC2 instances
B. Application data security
C. Physical security of data centers
D. Maintenance of VPC components
Answer: B
Explanation:
The option that is a customer responsibility under the AWS shared responsibility model is B. Application data security.
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS manages the security of the underlying infrastructure, such as the hardware, software, networking, and facilities that run the AWS services,
while the customer manages the security of their applications, data, and resources that they use on top of AWS12. Application data security is one of the customer
responsibilities under the AWS shared responsibility model. This means that the customer is responsible for protecting their application data from unauthorized
access, modification, deletion, or leakage. The customer can use various AWS services and features to help with application data security, such as encryption, key
management, access control, logging, and auditing12. Maintenance of underlying hardware of Amazon EC2 instances is not a customer responsibility under the
AWS shared responsibility model. This is part of the AWS responsibility to secure the cloud. AWS manages the physical servers that host the Amazon EC2
instances and ensures that they are updated, patched, and replaced as needed13.
Physical security of data centers is not a customer responsibility under the AWS shared responsibility model. This is also part of the AWS responsibility to secure
the cloud. AWS operates and controls the facilities where the AWS services are hosted and ensures that they are protected from unauthorized access,
environmental hazards, fire, and theft14. Maintenance of VPC components is not a customer responsibility under the AWS shared responsibility model. This is a
shared responsibility between AWS and the customer. AWS provides the VPC service and ensures that it is secure and reliable, while the customer configures and
manages their own VPCs and related components, such as subnets, route tables, security groups, network ACLs, gateways, and endpoints15.
References:
1: Shared Responsibility Model - Amazon Web Services (AWS) 2: AWS Cloud Computing - W3Schools 3: [Amazon EC2 FAQs - Amazon Web Services] 4: [AWS
Security - Amazon Web Services] 5: [Amazon Virtual Private Cloud (VPC) - Amazon Web Services]
NEW QUESTION 6
- (Topic 3)
A company wants to ensure that all of its Amazon EC2 instances have compliant operating system patches.
Which AWS service will meet these requirements?
A. AWS Compute Optimizer
B. AWS Elastic Beanstalk
C. AWS AppSync
D. AWS Systems Manager
Answer: D
Explanation:
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view
operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. You can use Systems Manager to apply
OS patches, create system images, configure Windows and Linux operating systems, and execute PowerShell commands5. Systems Manager can help you
ensure that all of your Amazon EC2 instances have compliant operating system patches by using the Patch Manager feature.
NEW QUESTION 7
- (Topic 3)
A company is running its application in the AWS Cloud and wants to protect against a DDoS attack. The company's security team wants near real-time visibility
into DDoS attacks.
Which AWS service or traffic filter will meet these requirements with the MOST features for DDoS protection?
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
A. AWS Shield Advanced
B. AWS Shield
C. Amazon GuardDuty
D. Network ACLs
Answer: A
Explanation:
AWS Shield Advanced is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield
Advanced
provides you with 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration. AWS Shield Advanced also
provides near real-time visibility into attacks, advanced attack mitigation capabilities, and integration with AWS WAF and AWS Firewall Manager1. AWS Shield is a
standard service that provides always-on detection and automatic inline mitigations to minimize application downtime and latency, but it does not offer the same
level of features and support as AWS Shield Advanced2. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and
unauthorized behavior, but it does not provide DDoS protection3. Network ACLs are stateless filters that can be associated with a subnet to control the traffic to
and from the subnet, but they are not designed to protect against DDoS attacks
NEW QUESTION 8
- (Topic 3)
A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud How can these reports be generated?
A. Contact the AWS Compliance team
B. Download the reports from AWS Artifact
C. Open a case with AWS Support
D. Generate the reports with Amazon Made
Answer: B
Explanation:
AWS Artifact is a service that provides on-demand access to security and compliance reports from AWS and Independent Software Vendors (ISVs) who sell their
products on AWS Marketplace. You can use AWS Artifact to download auditor-issued reports, certifications, accreditations, and other third-party attestations of
AWS compliance with various standards and regulations, such as PCI-DSS, HIPAA, FedRAMP, GDPR, and more1234. You can also use AWS Artifact to review,
accept, and manage your agreements with AWS and apply them to current and future accounts within your organization2. References: 1: Cloud Compliance -
Amazon Web Services
(AWS), 2: Security Compliance Management - AWS Artifact - AWS, 3: AWS Compliance Contact Us - Amazon Web Services, 4: AWS SECURITY AND
COMPLIANCE QUICK REFERENCE GUIDE
NEW QUESTION 9
- (Topic 3)
Which AWS service or storage class provides low-cost, long-term data storage?
A. Amazon S3 Glacier Deep Archive
B. AWS Snowball
C. Amazon MQ
D. AWS Storage Gateway
Answer: A
Explanation:
Amazon S3 Glacier Deep Archive is a storage class within Amazon S3 that provides the lowest-cost, long-term data storage for data that is rarely accessed. AWS
Snowball is a service that provides a physical device for transferring large amounts of data into and out of AWS. Amazon MQ is a service that provides managed
message broker service for Apache ActiveMQ. AWS Storage Gateway is a service that provides hybrid cloud storage for on-premises applications.
NEW QUESTION 10
- (Topic 3)
A company needs to migrate a PostgreSQL database from on-premises to Amazon RDS. Which AWS service or tool should the company use to meet this
requirement?
A. Cloud Adoption Readiness Tool
B. AWS Migration Hub
C. AWS Database Migration Service (AWS DMS)
D. AWS Application Migration Service
Answer: C
Explanation:
AWS Database Migration Service (AWS DMS) is a managed and automated service that helps you migrate your databases from your on-premises or cloud
environment to AWS, either as a one-time migration or as a continuous replication. AWS DMS supports migration between 20-plus database and analytics
engines, such as PostgreSQL, Oracle, MySQL, SQL Server, MongoDB, Amazon Aurora, Amazon RDS, Amazon Redshift, and Amazon S3. AWS DMS also
provides schema conversion and validation tools, as well as monitoring and security features. AWS DMS is a cost-effective and reliable solution for database
migration, as you only pay for the compute resources and additional log storage used during the migration process, and you can minimize the downtime and data
loss with
Multi-AZ and ongoing replication12
To migrate a PostgreSQL database from on-premises to Amazon RDS using AWS DMS, you need to perform the following steps:
? Create an AWS DMS replication instance in the same AWS Region as your target Amazon RDS PostgreSQL DB instance. The replication instance is a server
that runs the AWS DMS replication software and connects to your source and target endpoints. You can choose the instance type, storage, and network settings
based on your migration requirements3
? Create a source endpoint that points to your on-premises PostgreSQL database.
You need to provide the connection details, such as the server name, port, database name, user name, and password. You also need to specify the engine name
as postgres and the SSL mode as required4
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
? Create a target endpoint that points to your Amazon RDS PostgreSQL DB instance. You need to provide the connection details, such as the server name, port,
database name, user name, and password. You also need to specify the engine name as postgres and the SSL mode as verify-full.
? Create a migration task that defines the migration settings and options, such as the replication instance, the source and target endpoints, the migration type (full
load, full load and change data capture, or change data capture only), the table mappings, the task settings, and the task monitoring role. You can also use the
AWS Schema Conversion Tool (AWS SCT) to convert your source schema to the target schema and apply it to the target endpoint before or after creating the
migration task.
? Start the migration task and monitor its progress and status using the AWS DMS console, the AWS CLI, or the AWS DMS API. You can also use AWS
CloudFormation to automate the creation and execution of the migration task.
The other options are not suitable for migrating a PostgreSQL database from on-premises to Amazon RDS. Cloud Adoption Readiness Tool is a tool that helps you
assess your readiness for cloud adoption based on six dimensions: business, people, process, platform, operations, and security. It does not perform any
database migration tasks. AWS Migration Hub is a service that helps you track and manage the progress of your application migrations across multiple AWS and
partner services, such as AWS DMS, AWS Application Migration Service, AWS Server Migration Service, and CloudEndure Migration. It does not perform any
database migration tasks itself, but rather integrates with other migration services. AWS Application Migration Service is a service that helps you migrate your
applications from your on-premises or cloud environment to AWS without making any changes to the applications, their architecture, or the migrated servers. It
does not support database migration, but rather replicates your servers as Amazon Machine Images (AMIs) and launches them as EC2 instances on AWS.
References: AWS Database Migration Service, What is AWS Database Migration Service?, Working with an AWS DMS replication instance, Creating source and
target endpoints for PostgreSQL, [Creating a target endpoint for Amazon RDS for PostgreSQL], [Creating a migration task for AWS DMS], [AWS Schema
Conversion Tool], [Starting a migration task for AWS DMS], [AWS CloudFormation], [Cloud Adoption Readiness Tool], [AWS Migration Hub], [AWS Application
Migration Service]
NEW QUESTION 10
- (Topic 3)
A company wants to minimize network latency between its Amazon EC2 instances. The EC2 instances do not need to be highly available.
Which solution meets these requirements?
A. Use EC2 instances in a single Availability Zone.
B. Use Amazon CloudFront as the database for the EC2 instances.
C. Use EC2 instances in the same edge location and the same Availability Zone.
D. Use EC2 instances in the same edge location and the same AWS Region.
Answer: A
Explanation:
Using EC2 instances in a single Availability Zone is a solution that meets the requirements of minimizing network latency between the EC2 instances and not
needing high availability. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. EC2
instances within the same Availability Zone can communicate with each other using low-latency private IP addresses. However, EC2 instances in a single
Availability Zone are not highly available, because they are vulnerable to failures or disruptions that affect the Availability Zone
NEW QUESTION 11
- (Topic 3)
Which AWS service or feature allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud?
A. AWS Direct Connect
B. VPC peering
C. AWS VPN
D. Amazon Route 53
Answer: A
Explanation:
AWS Direct Connect is an AWS service that allows users to establish a dedicated network connection between their on-premises data center and the AWS Cloud.
This connection bypasses the public internet and provides more predictable network performance, reduced bandwidth costs, and increased security. Users can
choose from different port speeds and connection types, and use AWS Direct Connect to access AWS services in any AWS Region globally. Users can also use
AWS Direct Connect in conjunction with AWS VPN to create a hybrid network architecture that combines the benefits of both private and public connectivity.
References: AWS Direct Connect, [AWS Cloud Practitioner Essentials: Module 3 - Compute in the Cloud]
NEW QUESTION 12
- (Topic 3)
A company processes personally identifiable information (Pll) and must keep data in the country where it was generated. The company wants to use Amazon EC2
instances for these workloads.
Which AWS service will meet these requirements?
A. AWS Outposts
B. AWS Storage Gateway
C. AWS DataSync
D. AWS OpsWorks
Answer: A
Explanation:
AWS Outposts is an AWS service that extends AWS infrastructure, services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility.
AWS Outposts enables you to run Amazon EC2 instances and other AWS services locally, while maintaining a consistent and seamless connection to the AWS
Cloud. AWS Outposts is ideal for workloads that require low latency, local data processing, or data residency. By using AWS Outposts, the company can process
personally identifiable information (PII) and keep data in the country where it was generated, while leveraging the benefits of AWS
NEW QUESTION 16
- (Topic 3)
A company wants to receive alerts to monitor its overall operating costs for its AWS public
cloud infrastructure.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Which AWS offering will meet these requirements?
A. Amazon EventBridge
B. Compute Savings Plans
C. AWS Budgets
D. Migration Evaluator
Answer: C
Explanation:
AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom
budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how
close your usage and costs are to meeting your reservation purchases1
NEW QUESTION 19
- (Topic 3)
A company needs to run a workload for several batch image rendering applications. It is acceptable for the workload to experience downtime.
Which Amazon EC2 pricing model would be MOST cost-effective in this situation?
A. On-Demand Instances
B. Reserved Instances
C. Dedicated Instances
D. Spot Instances
Answer: D
Explanation:
Amazon EC2 Spot Instances are instances that use spare EC2 capacity that is available at up to a 90% discount compared to On-Demand prices. You can use
Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, high-performance computing (HPC), and test
& development workloads. Spot Instances are ideal for workloads that can be interrupted, such as batch image rendering applications1. On-Demand Instances are
instances that let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and
complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs2. Reserved
Instances are instances that provide you with a significant discount (up to 75%) compared to On-Demand Instance pricing. In exchange, you select a term and
make an upfront payment to reserve a certain amount of compute capacity for that term3. Dedicated Instances are instances that run in a VPC on hardware that’s
dedicated to a single customer. Your Dedicated Instances are physically isolated at the host hardware level from instances that belong to other AWS accounts4.
NEW QUESTION 22
- (Topic 3)
Which cloud computing advantage is a company applying when it uses AWS Regions to increase application availability to users in different countries?
A. Pay-as-you-go pricing
B. Capacity forecasting
C. Economies of scale
D. Global reach
Answer: D
Explanation:
Global reach is a cloud computing advantage that a company can apply when it uses AWS Regions to increase application availability to users in different
countries. Global reach refers to the ability to deploy applications and services in multiple geographic locations around the world, and to serve customers with low
latency and high performance. AWS has the largest and most reliable global infrastructure of any cloud provider, with 25 Regions and 81 Availability Zones across
the Americas, Europe, Asia Pacific, Africa, and the Middle East123. By using AWS Regions, a company can choose the best location for its application based on
customer proximity, compliance requirements, and disaster recovery strategies23. References: 1: AWS Global Infrastructure - Amazon Web Services (AWS), 2:
Regions and Availability Zones - Amazon Elastic Compute Cloud, 3: AWS Infrastructure: Regions and Availability Zones Explained
NEW QUESTION 26
- (Topic 3)
Which AWS service or feature is associated with a subnet in a VPC and is used to control inbound and outbound traffic?
A. Amazon Inspector
B. Network ACLs
C. AWS Shield
D. VPC Flow Logs
Answer: B
Explanation:
Network ACLs (network access control lists) are an optional layer of security for your VPC that act as a firewall for controlling traffic in and out of one or more
subnets. You can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning
that they do not track the traffic that flows through them. Therefore, you must create rules for both inbound and outbound traffic.
NEW QUESTION 31
- (Topic 3)
According to the AWS shared responsibility model, which task is the customer's responsibility?
A. Maintaining the infrastructure needed to run AWS Lambda
B. Updating the operating system of Amazon DynamoDB instances
C. Maintaining Amazon S3 infrastructure
D. Updating the guest operating system on Amazon EC2 instances
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Answer: D
Explanation:
The AWS shared responsibility model describes the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible
for the security of the cloud, which includes the hardware, software, networking, and facilities that run AWS services. The customer is responsible for security in
the cloud, which includes the customer data, applications, operating systems, and network and firewall configurations. Therefore, updating the guest operating
system on Amazon EC2 instances is the customer’s responsibility2
NEW QUESTION 34
- (Topic 3)
A company needs to store infrequently used data for data archives and long-term backups.
A company needs a history report about how its Amazon EC2 instances were modified last month.
Which AWS service can be used to meet this requirement?
A. AWS Service Catalog
B. AWS Config
C. Amazon CloudWatch
D. AWS Artifact
Answer: B
Explanation:
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and
records
your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. AWS Config can also track
changes to your EC2 instances over time and provide a history report of the modifications. AWS Service Catalog, Amazon CloudWatch, and AWS Artifact are not
the best services to meet this requirement. AWS Service Catalog is a service that allows you to create and manage catalogs of IT services that are approved for
use on AWS. Amazon CloudWatch is a service that monitors your AWS resources and applications and provides metrics, alarms, dashboards, and logs. AWS
Artifact is a service that provides on-demand access to AWS security and compliance reports and online agreements
NEW QUESTION 39
- (Topic 3)
Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets?
A. Amazon Macie
B. Amazon Detective
C. Amazon GuardDuty
D. AWS I AM Access Analyzer
Answer: A
Explanation:
Amazon Macie is a data security and privacy service offered by AWS that uses machine learning and pattern matching to discover the sensitive data stored within
Amazon S3. You can define your own custom type of sensitive data category that might be unique to your business or use case. Macie also provides you with
dashboards and alerts that give you visibility into how your data is being accessed or moved. Macie helps you protect your data by enabling you to apply data
protection techniques such as encryption, deletion, access control, and auditing. References: Strengthen the security of sensitive data stored in Amazon S3 by
using additional AWS services, Security best practices for
Amazon S3, Sensitive Data Protection on AWS, Sensitive Data Protection on Amazon Web Services
NEW QUESTION 43
- (Topic 3)
Which Amazon EC2 instance pricing model can provide discounts of up to 90%?
A. Reserved Instances
B. On-Demand
C. Dedicated Hosts
D. Spot Instances
Answer: D
Explanation:
Spot Instances are Amazon EC2 instances that are available at a discounted price compared to On-Demand pricing. Spot Instances use spare EC2 capacity that
is not being used by other customers, and the price fluctuates based on supply and demand. Customers can request Spot Instances for their applications and
specify the maximum price they are willing to pay per hour. If the Spot price is lower than the customer’s bid, the Spot Instance is launched and the customer pays
the current Spot price. However, if the Spot price rises above the customer’s bid, the Spot Instance is terminated by AWS and the customer is charged for the
partial hour of usage. Therefore, Spot Instances can provide discounts of up to 90% or more, but they are not suitable for applications that require continuous or
predictable availability. Spot Instances are recommended for applications that are flexible, fault-tolerant, or have low priority, such as batch processing, data
analysis, or testing and development.
NEW QUESTION 45
- (Topic 3)
A company is running a workload in the AWS Cloud.
Which AWS best practice ensures the MOST cost-effective architecture for the workload?
A. Loose coupling
B. Rightsizing
C. Caching
D. Redundancy
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Answer: B
Explanation:
The AWS best practice that ensures the most cost-effective architecture for the workload is rightsizing. Rightsizing means selecting the most appropriate instance
type or resource configuration that matches the needs of the workload. Rightsizing can help optimize performance and reduce costs by avoiding over-provisioning
or under- provisioning of resources1. Loose coupling, caching, and redundancy are other AWS best practices that can improve the scalability, availability, and
performance of the workload, but they do not necessarily ensure the most cost-effective architecture.
NEW QUESTION 47
- (Topic 3)
Which company needs to apply security rules to a subnet for Amazon EC2 instances. Which AWS service or feature provides this functionality?
A. Network ACLs
B. Security groups
C. AWS Certificate Manager (ACM)
D. AWS Config
Answer: A
Explanation:
Network ACLs (network access control lists) are an AWS service or feature that provides the functionality of applying security rules to a subnet for EC2 instances.
A subnet is a logical partition of an IP network within a VPC (virtual private cloud). A VPC is a logically isolated section of the AWS Cloud where the company can
launch AWS resources in a virtual network that they define. A network ACL is a virtual firewall that controls the inbound and outbound traffic for one or more
subnets. The company can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless,
meaning that they do not track the traffic that flows through them. Therefore, the company must create rules for both inbound and outbound traffic4
NEW QUESTION 51
- (Topic 3)
Which AWS service provides the ability to manage infrastructure as code?
A. AWS CodePipeline
B. AWS CodeDeploy
C. AWS Direct Connect
D. AWS CloudFormation
Answer: D
Explanation:
The AWS service that provides the ability to manage infrastructure as code is AWS CloudFormation. Infrastructure as code is a process of defining and
provisioning AWS resources using code or templates, rather than manual actions or scripts. AWS CloudFormation allows you to create and update stacks of AWS
resources based on predefined templates that describe the desired state and configuration of the resources. AWS CloudFormation automates and simplifies the
deployment and management of AWS resources, and ensures consistency and repeatability across different environments and regions. AWS CloudFormation also
supports rollback, change sets, drift detection, and nested stacks features that help you to monitor and control the changes to your infrastructure1.
NEW QUESTION 56
- (Topic 3)
Which AWS service provides storage that can be mounted across multiple Amazon EC2 instances?
A. Amazon Workspaces
B. Amazon Elastic File System (Amazon EFS)
C. AWS Database Migration Service (AWS DMS)
D. AWS Snowball Edge
Answer: B
Explanation:
Amazon EFS is a fully managed service that provides scalable and elastic file storage for multiple Amazon EC2 instances. Amazon EFS supports the Network File
System (NFS) protocol, which allows multiple EC2 instances to access the same file system concurrently. You can learn more about Amazon EFS from this
webpage or this digital course.
NEW QUESTION 61
- (Topic 3)
A company is operating several factories where it builds products. The company needs the ability to process data, store data, and run applications with local
system interdependencies that require low latency.
Which AWS service should the company use to meet these requirements?
A. AWS loT Greengrass
B. AWS Lambda
C. AWS Outposts
D. AWS Snowball Edge
Answer: C
Explanation:
AWS Outposts is a service that provides fully managed AWS infrastructure and services on premises. It allows users to run applications that require low latency
and local data processing, while seamlessly connecting to the AWS Cloud for a consistent hybrid experience. AWS IoT Greengrass is a service that provides local
compute, messaging, data caching, sync, and ML inference capabilities for connected devices. AWS Lambda is a service that allows users to run code without
provisioning or managing servers. AWS Snowball Edge is a device that provides a petabyte-scale data transport and edge computing solution.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
NEW QUESTION 64
- (Topic 3)
A company has a physical tape library to store data backups. The tape library is running out of space. The company needs to extend the tape library's capacity to
the AWS Cloud.
Which AWS service should the company use to meet this requirement?
A. Amazon Elastic File System (Amazon EFS)
B. Amazon Elastic Block Store (Amazon EBS)
C. Amazon S3
D. AWS Storage Gateway
Answer: D
Explanation:
AWS Storage Gateway is a hybrid cloud storage service that provides on- premises access to virtually unlimited cloud storage. You can use AWS Storage
Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. One of these use cases is tape-based backup, which allows
you to store data backups on virtual tapes in the AWS Cloud. You can use the Tape Gateway feature of AWS Storage Gateway to extend your existing physical
tape library to the AWS Cloud. Tape Gateway provides a virtual tape infrastructure that scales seamlessly with your backup needs and eliminates the operational
burden of provisioning, scaling, and maintaining a physical tape infrastructure123. References: 1: Cloud Storage Appliances, Hybrid Device - AWS Storage
Gateway - AWS, 2: AWS Storage Gateway Documentation, 3: AWS Storage Gateway Features | Amazon Web Services
NEW QUESTION 68
- (Topic 3)
A company wants to migrate its high-performance computing (HPC) application to Amazon EC2 instances. The application has multiple components. The
application must have fault tolerance and must have the ability to fail over automatically.
Which AWS infrastructure solution will meet these requirements with the LEAST latency between components?
A. Multiple AWS Regions
B. Multiple edge locations
C. Multiple Availability Zones
D. Regional edge caches
Answer: C
Explanation:
Using EC2 instances in multiple Availability Zones is an AWS infrastructure solution that meets the requirements of migrating a high performance computing
(HPC) application to AWS with fault tolerance and failover capabilities, and with the least latency between components. An Availability Zone is a physically isolated
location within an AWS Region that has its own power, cooling, and network connectivity. EC2 instances within the same Region can communicate with each other
using low-latency private IP addresses. By using EC2 instances in multiple Availability Zones, the company can achieve fault tolerance and failover for their HPC
application, because they can distribute the workload and data across different locations that are independent of each other. If one Availability Zone becomes
unavailable or impaired, the company can redirect the traffic and data to another Availability Zone without affecting the performance and availability of the
application5
NEW QUESTION 69
- (Topic 3)
An IT engineer needs to access AWS services from an on-premises application. Which credentials or keys does the application need for authentication?
A. AWS account user name and password
B. IAM access key and secret
C. Amazon EC2 key pairs
D. AWS Key Management Service (AWS KMS) keys
Answer: B
Explanation:
IAM access keys are long-term credentials that consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you
make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account
user name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH.
AWS Key Management Service (AWS KMS) keys are used to encrypt and decrypt your data using the AWS Encryption SDK or the AWS CLI.
NEW QUESTION 74
- (Topic 3)
Which AWS service or feature enables users to encrypt data at rest in Amazon S3?
A. IAM policies
B. Server-side encryption
C. Amazon GuardDuty
D. Client-side encryption
Answer: B
Explanation:
Server-side encryption is an encryption option that Amazon S3 provides to encrypt data at rest in Amazon S3. With server-side encryption, Amazon S3 encrypts
an object before saving it to disk in its data centers and decrypts it when you download the objects. You have three server-side encryption options to choose from:
SSE-S3, SSE-C, and SSE-KMS. SSE-S3 uses keys that are managed by Amazon S3. SSE-C allows you to manage your own encryption keys. SSE-KMS uses
keys that are managed by AWS Key Management Service (AWS KMS)5.
NEW QUESTION 75
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
- (Topic 3)
A company's application has high customer usage during certain times of the day. The company wants to reduce the number of Amazon EC2 instances that run
when application usage is low.
Which AWS service or instance purchasing option should the company use to meet this requirement?
A. EC2 Instance Savings Plans
B. Spot Instances
C. Reserved Instances
D. Amazon EC2 Auto Scaling
Answer: D
Explanation:
Amazon EC2 Auto Scaling is an AWS service that can help users reduce the number of Amazon EC2 instances that run when application usage is low. Amazon
EC2 Auto Scaling allows users to create scaling policies that automatically adjust the number of EC2 instances based on the demand or a schedule. EC2 Instance
Savings Plans, Spot Instances, and Reserved Instances are instance purchasing options that can help users save money on EC2 usage, but they do not
automatically scale the number of instances according to the application usage .
NEW QUESTION 77
- (Topic 3)
A company wants to migrate its database to a managed AWS service that is compatible with PostgreSQL.
Which AWS services will meet these requirements? (Select TWO)
A. Amazon Athena
B. Amazon RDS
C. Amazon EC2
D. Amazon DynamoDB
E. Amazon Aurora
Answer: BE
Explanation:
Amazon RDS and Amazon Aurora are both managed AWS services that support the PostgreSQL database engine. Amazon RDS makes it easier to set up,
operate, and scale PostgreSQL deployments on the cloud, while Amazon Aurora is a cloud-native database engine that is compatible with PostgreSQL and offers
higher performance and availability. Amazon Athena is a serverless query service that does not support PostgreSQL, but can analyze data in Amazon S3 using
standard SQL. Amazon EC2 is a compute service that allows users to launch virtual machines, but does not provide any database management features. Amazon
DynamoDB is a NoSQL database service that is not compatible with PostgreSQL, but offers fast and consistent performance at any scale. References: Hosted
PostgreSQL - Amazon RDS for PostgreSQL - AWS, Amazon RDS for PostgreSQL - Amazon Relational Database Service, AWS PostgreSQL: Managed or Self-
Managed? - NetApp, AWS Announces Amazon Aurora Supports PostgreSQL 12 - InfoQ, Amazon Aurora vs PostgreSQL | What are the differences? - StackShare
NEW QUESTION 81
- (Topic 3)
A company is building a mobile app to provide shopping recommendations to its customers. The company wants to use a graph database as part of the shopping
recommendation engine.
Which AWS database service should the company choose?
A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon Neptune
D. Amazon DocumentDB (with MongoDB compatibility)
Answer: C
Explanation:
Amazon Neptune is a service that provides a fully managed graph database that supports property graphs and RDF graphs. It can be used to build applications
that work with highly connected datasets, such as shopping recommendations, social networks, fraud detection, and knowledge graphs2. Amazon DynamoDB is a
service that provides a fully managed NoSQL database that delivers fast and consistent performance at any scale. Amazon Aurora is a service that provides a fully
managed relational database that is compatible with MySQL and PostgreSQL. Amazon DocumentDB (with MongoDB compatibility) is a service that provides a
fully managed document database that is compatible with MongoDB.
NEW QUESTION 85
- (Topic 3)
A company wants an AWS service to provide product recommendations based on its customer data.
Which AWS service will meet this requirement?
A. Amazon Polly
B. Amazon Personalize
C. Amazon Comprehend
D. Amazon Rekognition
Answer: B
Explanation:
Amazon Personalize is an AWS service that helps developers quickly build and deploy a custom recommendation engine with real-time personalization and user
segmentation1. It uses machine learning (ML) to analyze customer data and provide relevant recommendations based on their preferences, behavior, and context.
Amazon Personalize can be used for various use cases such as optimizing recommendations, targeting customers more accurately, maximizing the value of
unstructured text, and promoting items using business rules1.
The other options are not suitable for providing product recommendations based on customer data. Amazon Polly is a service that converts text into lifelike
speech. Amazon Comprehend is a service that uses natural language processing (NLP) to extract insights from text and documents. Amazon Rekognition is a
service that uses computer vision (CV) to analyze images and videos for faces, objects, scenes, and activities.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
References:
? 1: Cloud Products - Amazon Web Services (AWS)
? 2: Recommender System – Amazon Personalize – Amazon Web Services
? 3: Top 25 AWS Services List 2023 - GeeksforGeeks
? 4: AWS to Azure services comparison - Azure Architecture Center
? 5: The 25+ Best AWS Cost Optimization Tools (Updated 2023) - CloudZero
? 6: Amazon Polly – Text-to-Speech Service - AWS
? 7: Natural Language Processing - Amazon Comprehend - AWS
? 8: Image and Video Analysis - Amazon Rekognition - AWS
NEW QUESTION 88
- (Topic 3)
What is the purpose of having an internet gateway within a VPC?
A. To create a VPN connection to the VPC
B. To allow communication between the VPC and the internet
C. To impose bandwidth constraints on internet traffic
D. To load balance traffic from the internet across Amazon EC2 instances
Answer: B
Explanation:
An internet gateway is a service that allows for internet traffic to enter into a VPC. Otherwise, a VPC is completely segmented off and then the only way to get to it
is potentially through a VPN connection rather than through internet connection. An internet gateway is a logical connection between an AWS VPC and the
internet. It supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic1. An internet gateway enables
resources in your public subnets (such as EC2 instances) to connect to the internet if the resource has a public IPv4 address or an IPv6 address. Similarly,
resources on the internet can initiate a connection to resources in your subnet using the public IPv4 address or IPv6 address2. An internet gateway also provides a
target in your VPC route tables for internet-routable traffic. For communication using IPv4, the internet gateway also performs network address translation (NAT).
For communication using IPv6, NAT is not needed because IPv6 addresses are public2. To enable access to or from the internet for instances in a subnet in a
VPC using an internet gateway, you must create an internet gateway and attach it to your VPC, add a route to your subnet’s route table that directs internet-bound
traffic to the internet gateway, ensure that instances in your subnet have a public IPv4 address or an IPv6 address, and ensure that your network access control
lists and security group rules allow the desired internet traffic to flow to and from your instance2. References: Connect to the internet using an internet gateway,
AWS Internet Gateway and VPC Routing
NEW QUESTION 90
- (Topic 3)
A company wants to monitor its workload performance. The company wants to ensure that the cloud services are delivered at a level that meets its business
needs.
Which AWS Cloud Adoption Framework (AWS CAF) perspective will meet these requirements?
A. Business
B. Governance
C. Platform
D. Operations
Answer: D
Explanation:
The Operations perspective helps you monitor and manage your cloud workloads to ensure that they are delivered at a level that meets your business needs.
Common stakeholders include chief operations officer (COO), cloud director, cloud operations manager, and cloud operations engineers1. The Operations
perspective covers capabilities such as workload health monitoring, incident management, change management, release management, configuration
management, and disaster recovery2. The Business perspective helps ensure that your cloud investments accelerate your digital transformation ambitions and
business outcomes. Common stakeholders include chief executive officer (CEO), chief financial officer (CFO), chief information officer (CIO), and chief technology
officer (CTO). The Business perspective covers capabilities such as business case development, value realization, portfolio management, and stakeholder
management3.
The Governance perspective helps you orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks.
Common stakeholders include chief transformation officer, CIO, CTO, CFO, chief data officer (CDO), and chief risk officer (CRO). The Governance perspective
covers capabilities such as governance framework, budget and cost management, compliance management, and data governance4.
The Platform perspective helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize existing workloads, and implement new cloud-native
solutions. Common stakeholders include CTO, technology leaders, architects, and engineers. The Platform perspective covers capabilities such as platform design
and implementation, workload migration and modernization, cloud-native development, and DevOps5. References:
? AWS Cloud Adoption Framework: Operations Perspective
? AWS Cloud Adoption Framework - Operations Perspective
? AWS Cloud Adoption Framework: Business Perspective
? AWS Cloud Adoption Framework: Governance Perspective
? AWS Cloud Adoption Framework: Platform Perspective
NEW QUESTION 92
- (Topic 3)
A company needs an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities.
Which AWS service will meet these requirements?
A. Amazon GuardDuty
B. Amazon Inspector
C. AWS Security Hub
D. AWS Shield
Answer: B
Explanation:
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
The correct answer is B. Amazon Inspector.
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network
exposure. Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software
vulnerabilities and unintended network exposure12.
Amazon GuardDuty is a threat detection service that monitors your AWS accounts and workloads for malicious or unauthorized activity. Amazon GuardDuty does
not scan for software vulnerabilities, but rather analyzes AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs to detect threats such as compromised
credentials, backdoors, or crypto mining3.
AWS Security Hub is a security and compliance service that aggregates and prioritizes security findings from multiple AWS services and partner solutions. AWS
Security Hub does not scan for software vulnerabilities, but rather provides a comprehensive view of your security posture across your AWS accounts4.
AWS Shield is a managed service that protects your web applications and network resources from distributed denial-of-service (DDoS) attacks. AWS Shield does
not scan for software vulnerabilities, but rather provides detection and mitigation of DDoS attacks at the network and application layers5.
References:
1: Automated Software Vulnerability Management - Amazon Inspector - AWS 3: [Amazon GuardDuty – Intelligent Threat Detection Made Easy] 2: AWS Re-
Launches Amazon Inspector with New Architecture and Features - InfoQ 4: [AWS Security Hub – Unified Security and Compliance Center] 5: [AWS Shield –
Managed DDoS Protection]
NEW QUESTION 97
- (Topic 3)
A company needs to implement identity management for a fleet of mobile apps that are running in the AWS Cloud.
Which AWS service will meet this requirement?
A. Amazon Cognito
B. AWS Security Hub
C. AWS Shield
D. AWS WAF
Answer: A
Explanation:
Amazon Cognito is a service that provides identity management for mobile and web applications, allowing users to sign up, sign in, and access AWS resources
with different identity providers. AWS Security Hub is a service that provides a comprehensive view of the security posture of AWS accounts and resources. AWS
Shield is a service that provides protection against distributed denial of service (DDoS) attacks. AWS WAF is a web application firewall that helps protect web
applications from common web exploits.
NEW QUESTION 98
- (Topic 3)
A company wants to query its server logs to gain insights about its customers' experiences. Which AWS service will store this data MOST cost-effectively?
A. Amazon Aurora
B. Amazon Elastic File System (Amazon EFS)
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon S3
Answer: D
Explanation:
Amazon S3 is an AWS service that provides scalable, durable, and cost- effective object storage in the cloud. Amazon S3 can store any amount and type of data,
such as server logs, and offers various storage classes with different performance and pricing characteristics. Amazon S3 is the most cost-effective option for
storing server logs, as it offers low-cost storage classes, such as S3 Standard-Infrequent Access (S3 Standard-IA) and S3 Intelligent-Tiering, that are suitable for
infrequently accessed or changing access patterns data. Amazon S3 also integrates with other AWS services, such as Amazon Athena and Amazon OpenSearch
Service, that can query the server logs directly from S3 without requiring any additional data loading or transformation. References: Amazon S3, Amazon S3
Storage Classes, Querying Data in Amazon S3
NEW QUESTION 99
- (Topic 3)
A company wants to integrate natural language processing (NLP) into business intelligence (Bl) dashboards. The company wants to ask questions and receive
answers with relevant visualizations.
Which AWS service or tool will meet these requirements?
A. Amazon Macie
B. Amazon Rekognition
C. Amazon QuickSight Q
D. Amazon Lex
Answer: C
Explanation:
Amazon QuickSight Q is a natural language query feature that lets you ask questions about your data using everyday language and get answers in seconds. You
can type questions such as “What are the total sales by region?” or “How did marketing campaign A perform?” and get answers in the form of relevant
visualizations, such as charts or tables. You can also use Q to drill down into details, filter data, or perform calculations. Q uses machine learning to understand
your data and your intent, and provides suggestions and feedback to help you refine your questions.
NEW QUESTION 104
- (Topic 3)
A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered sensitive.
Which AWS service will meet the requirement?
A. Amazon Inspector
B. Amazon Macie
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
C. AWS Identity and Access Management (IAM)
D. Amazon CloudWatch
Answer: B
Explanation:
Amazon Macie is a fully managed service that uses machine learning and pattern matching to help you detect, classify, and better protect your sensitive data
stored in the AWS Cloud1. Macie can automatically discover and scan your Amazon S3 buckets for sensitive data such as personally identifiable information (PII),
financial information, healthcare information, intellectual property, and credentials1. Macie also provides you with a dashboard that shows the type, location, and
volume of sensitive data in your AWS environment, as well as alerts and findings on potential security issues1.
The other options are not suitable for identifying sensitive data in AWS. Amazon Inspector is a service that helps you find security vulnerabilities and deviations
from best practices in your Amazon EC2 instances2. AWS Identity and Access Management (IAM) is a service that helps you manage access to your AWS
resources by creating users, groups, roles, and policies3. Amazon CloudWatch is a service that helps you monitor and troubleshoot your AWS resources and
applications by collecting metrics, logs, events, and alarms4. References:
? 1: What Is Amazon Macie? - Amazon Macie
? 2: What Is Amazon Inspector? - Amazon Inspector
? 3: What Is IAM? - AWS Identity and Access Management
? 4: What Is Amazon CloudWatch? - Amazon CloudWatch
NEW QUESTION 109
- (Topic 3)
Which AWS service can a company use to find security and compliance reports, including International Organization for Standardization (ISO) reports?
A. AWS Artifact
B. Amazon CloudWatch
C. AWS Config
D. AWS Audit Manager
Answer: A
Explanation:
AWS Artifact is a self-service portal that provides on-demand access to AWS security and compliance reports and select online agreements. You can use AWS
Artifact to download AWS service audit reports, such as ISO, PCI, and SOC, and to accept and manage agreements with AWS, such as the Business Associate
Addendum (BAA).
NEW QUESTION 110
- (Topic 3)
A company simulates workflows to review and validate that all processes are effective and that staff are familiar with the processes.
Which design principle of the AWS Well-Architected Framework is the company following with this practice?
A. Perform operations as code.
B. Refine operation procedures frequently.
C. Make frequent, small, reversible changes.
D. Structure the company to support business outcomes.
Answer: B
Explanation:
Refining operation procedures frequently is one of the design principles of the operational excellence pillar of the AWS Well-Architected Framework. It means that
you should review and validate your processes regularly to ensure they are effective and that staff are familiar with them. Performing operations as code, making
frequent, small, reversible changes, and structuring the company to support business outcomes are design principles of other pillars of the AWS Well-Architected
Framework.
NEW QUESTION 112
- (Topic 3)
A company is migrating its data center to AWS. The company needs an AWS Support plan that provides chat access to a cloud sup engineer 24 hours a day, 7
days a week. The company does not require access to infrastructure event management.
What is the MOST cost-effective AWS Support plan that meets these requirements?
A. AWS Enterprise Support
B. AWS Business Support
C. AWS Developer Support
D. AWS Basic Support
Answer: B
Explanation:
AWS Business Support is the most cost-effective AWS Support plan that provides chat access to a cloud support engineer 24/7. AWS Business Support also
offers phone and email support, as well as a response time of less than one hour for urgent issues. AWS Business Support does not include access to
infrastructure event management, which is a feature of AWS Enterprise Support. AWS Enterprise Support is more expensive and provides additional benefits,
such as a technical account manager, a support concierge, and a response time of less than 15 minutes for critical issues. AWS Developer Support and AWS
Basic Support do not provide chat access to a cloud support engineer. AWS Developer Support provides email support and a response time of less than 12 hours
for general guidance issues. AWS Basic Support provides customer service and account support, as well as access to forums and documentation1
NEW QUESTION 117
- (Topic 3)
Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?
A. Data architecture
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
B. Event management
C. Cloud fluency
D. Strategic partnership
Answer: C
Explanation:
Cloud fluency is a capability that belongs to the people perspective of the AWS Cloud Adoption Framework (AWS CAF). Cloud fluency is the ability of the
workforce to understand the benefits, challenges, and best practices of cloud computing, and to apply them to their roles and responsibilities. Cloud fluency helps
the organization to adopt a cloud mindset, culture, and skills, and to leverage the full potential of the cloud. Cloud fluency can be achieved through various
methods, such as training, certification, mentoring, coaching, and hands-on experience. Cloud fluency is one of the four capabilities of the people perspective,
along with culture, organizational structure, and leadership. The other three capabilities belong to different perspectives of the AWS CAF. Data architecture is a
capability of the platform perspective, which helps you design and implement data solutions that meet your business and technical requirements. Event
management is a capability of the operations perspective, which helps you monitor and respond to events that affect the availability, performance, and security of
your cloud resources. Strategic partnership is a capability of the business perspective, which helps you establish and maintain relationships with external
stakeholders, such as customers, partners, suppliers,
and regulators, to create value and achieve your business goals. References: AWS Cloud Adoption Framework: People Perspective, AWS CAF - Cloud Adoption
Framework - W3Schools
NEW QUESTION 119
- (Topic 3)
Which option is AWS responsible for under the AWS shared responsibility model?
A. Network and firewall configuration
B. Client-side data encryption
C. Management of user permissions
D. Hardware and infrastructure
Answer: D
Explanation:
Hardware and infrastructure is the option that AWS is responsible for under the AWS shared responsibility model. The AWS shared responsibility model describes
how AWS and customers share responsibilities for security and compliance in the cloud. AWS is responsible for security of the cloud, which means protecting the
infrastructure that runs all the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run
AWS Cloud services. Customers are responsible for security in the cloud, which means taking care of the security of their own applications, data, and operating
systems. This includes network and firewall configuration,
client-side data encryption, management of user permissions, and more.
NEW QUESTION 120
- (Topic 3)
An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability
Zones in the us- east-1 Region.
How should the company respond to the auditor's request?
A. Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
B. Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company
operates.
C. Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
D. Use AWS Artifact to download the applicable report for AWS security control
E. Provide the report to the auditor.
Answer: D
Explanation:
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and
compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card
Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating
effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement
(NDA). You can use AWS Artifact to download the applicable report for AWS security controls and provide it to the auditor.
NEW QUESTION 122
- (Topic 3)
A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner?
A. Deliver the content through Amazon CloudFront.
B. Store the content on Amazon S3 and enable S3 cross-region replication.
C. Implement a VPN across multiple AWS Regions.
D. Deliver the content through AWS PrivateLink.
Answer: A
Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low
latency, high transfer speeds, all within a developer-friendly environment. It works seamlessly with services including AWS Shield for DDoS mitigation, Amazon S3,
Elastic Load Balancing or Amazon EC2 as origins for your applications, and Lambda@Edge to run custom code closer to customers’ users and to customize the
user experience. By using CloudFront, you can cache your content at the edge locations that are closest to your end users, reducing the network latency and
improving the performance of your application. CloudFront also offers a pay-as-you-go pricing model, so you only pay for the data transfer and requests that you
use.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
NEW QUESTION 124
- (Topic 3)
Which AWS service is an in-memory data store service?
A. Amazon Aurora
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon ElastiCache
Answer: D
Explanation:
Amazon ElastiCache is a fully managed in-memory data store and cache service that delivers sub-millisecond response times to applications. You can use
ElastiCache as a primary data store for your applications, or as a cache to improve the performance of your existing databases. ElastiCache supports two popular
open-source in- memory engines: Redis and Memcached5.
NEW QUESTION 127
- (Topic 3)
A company is launching a mobile app. The company wants customers to be able to use the app without upgrading their mobile devices.
Which pillar of the AWS Well-Architected Framework does this goal represent?
A. Security
B. Reliability
C. Cost optimization
D. Sustainability
Answer: C
Explanation:
Cost optimization is one of the five pillars of the AWS Well-Architected Framework. It focuses on avoiding unnecessary costs, understanding and controlling where
money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without
overspending.
NEW QUESTION 132
- (Topic 3)
Which task does AWS perform automatically?
A. Encrypt data that is stored in Amazon DynamoDB.
B. Patch Amazon EC2 instances.
C. Encrypt user network traffic.
D. Create TLS certificates for users' websites.
Answer: B
Explanation:
AWS performs some tasks automatically to help you manage and secure your AWS resources. One of these tasks is patching Amazon EC2 instances. AWS
provides two options for patching your EC2 instances: managed instances and patch baselines. Managed instances are a group of EC2 instances or on-premises
servers that you can manage using AWS Systems Manager. Patch baselines define the patches that AWS Systems Manager applies to your instances. You can
use AWS Systems Manager to automate the process of patching your instances based on a schedule or a maintenance window.
NEW QUESTION 135
- (Topic 3)
A company wants a time-series database service that makes it easier to store and analyze trillions of events each day.
Which AWS service will meet this requirement?
A. Amazon Neptune
B. Amazon Timestream
C. Amazon Forecast
D. Amazon DocumentDB (with MongoDB compatibility)
Answer: B
Explanation:
Amazon Timestream is a fast, scalable, and serverless time-series database service for IoT and other operational applications that makes it easy to store and
analyze trillions of events per day up to 1,000 times faster and at as little as 1/10th the cost of relational databases1. Amazon Timestream saves you time and cost
in managing the lifecycle of time series data, and its purpose-built query engine lets you access and analyze recent and historical data together with a single
query1. Amazon Timestream has built-in time series analytics functions, helping you identify trends and patterns in near real time1. The other options are not
suitable for storing and analyzing trillions of events per day. Amazon Neptune is a graph database service that supports highly connected data sets. Amazon
Forecast is a machine learning service that generates accurate forecasts based on historical data. Amazon DocumentDB (with MongoDB compatibility) is a
document database service that supports MongoDB workloads.
References:
? 1: Time Series Database – Amazon Timestream – Amazon Web Services
NEW QUESTION 138
- (Topic 3)
Which of the following actions are controlled with AWS Identity and Access Management (IAM)? (Select TWO.)
A. Control access to AWS service APIs and to other specific resources.
B. Provide intelligent threat detection and continuous monitoring.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
C. Protect the AWS environment using multi-factor authentication (MFA).
D. Grant users access to AWS data centers.
E. Provide firewall protection for applications from common web attacks.
Answer: AC
Explanation:
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely. You can use IAM to
perform the following actions:
? Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS
resources and how. You can also use IAM to grant temporary access to users or applications that need to perform certain tasks on your behalf3
? Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of security to
your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and
password, when they sign in to AWS4
NEW QUESTION 140
- (Topic 3)
A company wants a customized assessment of its current on-premises environment. The company wants to understand its projected running costs in the AWS
Cloud.
Which AWS service or tool will meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Control Tower
D. Migration Evaluator
Answer: D
Explanation:
Migration Evaluator is an AWS service that provides a customized assessment of your current on-premises environment and helps you build a data-driven
business case for migration to AWS. Migration Evaluator collects and analyzes data from your on-premises servers, such as CPU, memory, disk, network, and
utilization metrics, and compares them with the most cost-effective AWS alternatives. Migration Evaluator also helps you understand your existing software
licenses and running costs, and provides recommendations for Bring Your Own License (BYOL) and License Included (LI) options in AWS. Migration Evaluator
generates a detailed report that shows your projected running costs in the AWS Cloud, along with potential savings and benefits. You can use this report to
support your decision-making and planning for cloud migration. References: Cloud Business Case & Migration Plan - Amazon Migration Evaluator - AWS, Getting
started with Migration Evaluator
NEW QUESTION 141
- (Topic 3)
Which AWS services are supported by Savings Plans? (Select TWO.)
A. Amazon EC2
B. Amazon RDS
C. Amazon SageMaker
D. Amazon Redshift
E. Amazon DynamoDB
Answer: AC
Explanation:
The AWS services that are supported by Savings Plans are:
? Amazon EC2: Amazon EC2 is a service that provides scalable computing capacity in the AWS cloud. You can use Amazon EC2 to launch virtual servers,
configure security and networking, and manage storage. Amazon EC2 is eligible for both Compute Savings Plans and EC2 Instance Savings Plans12.
? Amazon SageMaker: Amazon SageMaker is a service that helps you build and deploy machine learning models. You can use Amazon SageMaker to access
Jupyter notebooks, use common machine learning algorithms, train and tune models, and deploy them to a hosted environment. Amazon SageMaker is eligible for
SageMaker Savings Plans13.
The other options are not supported by Savings Plans. Amazon RDS, Amazon Redshift, and Amazon DynamoDB are database services that are eligible for
Reserved Instances, but not Savings Plans4.
NEW QUESTION 145
- (Topic 3)
Which AWS service or feature is an example of a relational database management system?
A. Amazon Athena
B. Amazon Redshift
C. Amazon S3 Select
D. Amazon Kinesis Data Streams
Answer: B
Explanation:
Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a
petabyte or more. This enables you to use your data to acquire new insights for your business and customers. Amazon Redshift is a relational database
management system (RDBMS), so it is compatible with other RDBMS applications. You can use standard SQL to query the data.
NEW QUESTION 149
- (Topic 3)
Which options are AWS Cloud Adoption Framework (AWS CAF) security perspective capabilities? (Select TWO.)
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
A. Observability
B. Incident and problem management
C. Incident response
D. Infrastructure protection
E. Availability and continuity
Answer: CD
Explanation:
The AWS Cloud Adoption Framework (AWS CAF) security perspective helps users achieve the confidentiality, integrity, and availability of their data and cloud
workloads. It comprises nine capabilities that are grouped into three categories: preventive, detective, and responsive. Incident response and infrastructure
protection are two of the capabilities in the responsive and preventive categories, respectively. Incident response helps users prepare for and respond to security
incidents in a timely and effective manner, using tools and processes that leverage AWS features and services. Infrastructure protection helps users implement
security controls and mechanisms to protect their cloud resources, such as network, compute, storage, and database, from unauthorized access or malicious
attacks. References: Security perspective: compliance and assurance, AWS Cloud Adoption Framework
NEW QUESTION 150
- (Topic 3)
Which benefit does AWS offer exclusively to users who have an AWS Enterprise Support plan?
A. Access to a technical project manager
B. Access to a technical account manager (TAM)
C. Access to a cloud support engineer
D. Access to a solutions architectA company wants to automatically set up and govern a multi-account AWS environment.
Answer: B
Explanation:
AWS Enterprise Support plan is the highest level of support that AWS offers to its customers. One of the exclusive benefits of this plan is the access to a technical
account manager (TAM), who is a dedicated point of contact for guidance, advocacy, and support2. A technical project manager, a cloud support engineer, and a
solutions architect are not exclusive benefits of the AWS Enterprise Support plan, as they are also available to customers with lower-tier support plans or through
other AWS services or programs345.
NEW QUESTION 151
- (Topic 3)
A company needs to search for text in documents that are stored in Amazon S3. Which AWS service will meet these requirements?
A. Amazon Kendra
B. Amazon Rekognition
C. Amazon Polly
D. Amazon Lex
Answer: A
Explanation:
Amazon Kendra is a highly accurate and easy to use intelligent search service powered by machine learning. It enables users to easily find the content they are
looking for, even when it is scattered across multiple locations and content repositories within their organization. Amazon Kendra supports natural language
queries, and can search for text in documents stored in Amazon S3, as well as other sources such as SharePoint, OneDrive, Salesforce, ServiceNow, and more1.
Amazon Rekognition is a computer vision service that makes it easy to add image and video analysis to applications. It can detect objects, faces, text, scenes,
activities, and emotions in images and videos. However, it is not designed for searching for text in documents stored in Amazon S32.
Amazon Polly is a text-to-speech service that turns text into lifelike speech. It can create audio versions of books, articles, podcasts, and more. However, it is not
designed for searching for text in documents stored in Amazon S33.
Amazon Lex is a service for building conversational interfaces using voice and text. It can create chatbots that can interact with users using natural language.
However, it is not designed for searching for text in documents stored in Amazon S34.
References:
? Amazon Kendra – Intelligent Search Service Powered by Machine Learning
? Amazon Rekognition – Video and Image - AWS
? Amazon Polly – Text-to-Speech Service - AWS
? Amazon Lex – Build Conversation Bots - AWS
NEW QUESTION 156
- (Topic 3)
A company is building an application in the AWS Cloud. The company wants to use temporary credentials for the application to access other AWS resources.
Which AWS service will meet these requirements?
A. AWS Key Management Service (Aws KMS)
B. AWS CloudHSM
C. Amazon Cognito
D. AWS Security Token Service (Aws STS)
Answer: D
Explanation:
AWS Security Token Service (AWS STS) is a service that provides temporary security credentials to users or applications that need to access AWS resources.
The temporary credentials have a limited lifetime and can be configured to last from a few minutes to several hours. The credentials are not stored with the user or
application, but are generated dynamically and provided on request. The credentials work almost identically to long-term access key credentials, but have the
advantage of not requiring distribution, rotation, or revocation1.
AWS Key Management Service (AWS KMS) is a service that provides encryption and decryption services for data and keys. It does not provide temporary security
credentials2. AWS CloudHSM is a service that provides hardware security modules (HSMs) for cryptographic operations and key management. It does not provide
temporary security credentials3.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Amazon Cognito is a service that provides user authentication and authorization for web and mobile applications. It can also provide temporary security credentials
for authenticated users, but not for applications4.
NEW QUESTION 160
- (Topic 3)
Which type of AWS storage is ephemeral and is deleted when an Amazon EC2 instance is stopped or terminated?
A. Amazon Elastic Block Store (Amazon EBS)
B. Amazon EC2 instance store
C. Amazon Elastic File System (Amazon EFS)
D. Amazon S3
Answer: B
Explanation:
Amazon EC2 instance store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host
computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content.
It can also be used to store temporary data that you replicate across a fleet of instances, such as a load-balanced pool of web servers. An instance store consists
of one or more instance store volumes exposed as block devices. The size of an instance store as well as the number of devices available varies by instance type
and instance size. The virtual devices for instance store volumes are ephemeral[0-23]. Instance types that support one instance store volume have ephemeral0.
Instance types that support two or more instance store volumes have ephemeral0, ephemeral1, and so on. Instance store pricing Instance store volumes are
included as part of the instance’s usage cost. The data on an instance store volume persists even if the instance is rebooted. However, the data does not persist if
the instance is stopped, hibernated, or terminated. When the instance is stopped, hibernated, or terminated, every block of the instance store volume is
cryptographically erased. Therefore, do not rely on instance store volumes for valuable, long-term data. If you need to retain the data stored on an instance store
volume beyond the lifetime of the instance, you need to manually copy that data to more persistent storage, such as an Amazon EBS volume, an Amazon S3
bucket, or an Amazon EFS file system. There are some events that can result in your data not persisting throughout the lifetime of the instance. The following table
indicates whether data on instance store volumes is persisted during specific events, for both virtualized and bare metal instances1. References: Amazon EC2
instance store - Amazon Elastic Compute Cloud
NEW QUESTION 164
- (Topic 3)
A company website is experiencing DDoS attacks.
Which AWS service can help protect the company website against these attacks?
A. AWS Resource Access Manager
B. AWS Amplify
C. AWS Shield
D. Amazon GuardDuty
Answer: C
Explanation:
AWS Shield is a managed DDoS protection service that safeguards applications running on AWS from distributed denial of service (DDoS) attacks. DDoS attacks
are malicious attempts to disrupt the normal functioning of a website or application by overwhelming it with a large volume of traffic from multiple sources. AWS
Shield provides two tiers of protection: Standard and Advanced. AWS Shield Standard is automatically enabled for all AWS customers at no additional cost. It
protects your AWS resources, such as Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53, from the most common and frequently occurring
network and transport layer DDoS attacks. AWS Shield Advanced is an optional paid service that provides additional protection for your AWS resources and
applications, such as Amazon Elastic Compute Cloud (Amazon EC2), Elastic Load Balancing (ELB), Amazon Simple Storage Service (Amazon S3), Amazon
Relational Database Service (Amazon RDS), and AWS Elastic Beanstalk. AWS Shield Advanced offers enhanced detection and mitigation capabilities, 24/7
access to the AWS DDoS Response Team (DRT), real-time visibility and reporting, and cost protection against DDoS-related spikes in your AWS bill12
References: AWS Shield, What is a DDOS Attack & How to Protect Your Site Against One
NEW QUESTION 165
- (Topic 3)
A company wants to migrate its server-based applications to the AWS Cloud. The company wants to determine the total cost of ownership for its compute
resources that will be hosted on the AWS Cloud.
Which combination of AWS services or tools will meet these requirements?
A. AWS Pricing Calculator
B. Migration Evaluator
C. AWS Support Center
D. AWS Application Discovery Service
E. AWS Database Migration Service (AWS DMS)
Answer: AD
Explanation:
AWS Pricing Calculator and AWS Application Discovery Service are the best combination of AWS services or tools to meet the requirements of determining the
total cost of ownership for compute resources that will be hosted on the AWS Cloud. AWS Pricing Calculator is a tool that enables you to estimate the cost of using
AWS services based on your usage scenarios and requirements. You can use AWS Pricing Calculator to compare the costs of running your applications on-
premises or on AWS, and to optimize your AWS spending. AWS Application Discovery Service is a service that helps you plan your migration to the AWS Cloud by
collecting and analyzing information about your on- premises servers, applications, and dependencies. You can use AWS Application Discovery Service to identify
the inventory of your on-premises infrastructure, group servers by applications, and estimate the performance and resource utilization of your applications45
NEW QUESTION 167
- (Topic 3)
AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of users.
This describes which advantage of the AWS Cloud?
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
A. Launch globally in minutes
B. Increase speed and agility
C. High economies of scale
D. No guessing about compute capacity
Answer: C
Explanation:
AWS has the ability to achieve lower pay-as-you-go pricing by aggregating usage across hundreds of thousands of users. This means that AWS can leverage its
massive scale and purchasing power to reduce the costs of infrastructure, hardware, software, and operations. These savings are then passed on to the
customers, who only pay for the resources they use. You can learn more about the AWS pricing model from [this webpage] or [this digital course].
NEW QUESTION 171
- (Topic 3)
Which AWS service could an administrator use to provide desktop environments for several employees?
A. AWS Organizations
B. AWS Fargate
C. AWS WAF
D. AWS Workspaces
Answer: D
Explanation:
AWS Workspaces is a service that provides fully managed, secure, and reliable virtual desktops for your employees. You can access your personal Windows
environment on various devices, such as Android, iOS, Fire, Mac, PC, Chromebook, and Linux. You can choose from different bundles of CPU, memory, storage,
and software options to suit your needs. You can also integrate AWS Workspaces with your existing Active Directory, VPN, and security policies. AWS
Workspaces helps you reduce the cost and complexity of managing your desktop infrastructure, while enhancing the productivity and security of your remote
workers456. References: 4: Amazon WorkSpaces Client Download, 5: VDI Desktops - Amazon WorkSpaces Family - AWS, 6: Amazon WorkSpaces
NEW QUESTION 174
- (Topic 3)
A company wants to define a central data protection policy that works across AWS services for compute, storage, and database resources.
Which AWS service will meet this requirement?
A. AWS Batch
B. AWS Elastic Disaster Recovery
C. AWS Backup
D. Amazon FSx
Answer: C
Explanation:
The AWS service that will meet this requirement is C. AWS Backup.
AWS Backup is a service that allows you to define a central data protection policy that works across AWS services for compute, storage, and database resources.
You can use AWS Backup to create backup plans that specify the frequency, retention, and lifecycle of your backups, and apply them to your AWS resources
using tags or resource IDs. AWS Backup supports various AWS services, such as Amazon EC2, Amazon EBS, Amazon RDS, Amazon DynamoDB, Amazon EFS,
Amazon FSx, and AWS Storage Gateway12. AWS Batch is a service that allows you to run batch computing workloads on AWS. AWS Batch does not provide a
central data protection policy, but rather enables you to optimize the allocation and utilization of your compute resources3.
AWS Elastic Disaster Recovery is a service that allows you to prepare for and recover from disasters using AWS. AWS Elastic Disaster Recovery does not provide
a central data protection policy, but rather helps you minimize downtime and data loss by replicating your applications and data to AWS4.
Amazon FSx is a service that provides fully managed file storage for Windows and Linux applications. Amazon FSx does not provide a central data protection
policy, but rather offers features such as encryption, snapshots, backups, and replication to protect your file systems5.
References:
1: AWS Backup – Centralized backup across AWS services 3: AWS Batch – Run Batch Computing Jobs on AWS 2: Data Protection Reference Architectures with
AWS Backup 4: AWS Elastic Disaster Recovery – Prepare for and recover from disasters using AWS 5: Amazon FSx – Fully managed file storage for Windows
and Linux applications
NEW QUESTION 175
- (Topic 3)
A company wants to store data with high availability, encrypt the data at rest, and have direct access to the data over the internet.
Which AWS service will meet these requirements MOST cost-effectively?
A. Amazon Elastic Block Store (AmazonEBS)
B. Amazon S3
C. Amazon Elastic File System (Amazon EFS)
D. AWS Storage Gateway
Answer: C
Explanation:
Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises
resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating
the need to provision and manage capacity to accommodate growth. Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent
Access storage class (EFS IA).
EFS IA provides price/performance that is cost-optimized for files not accessed every day. Amazon EFS encrypts data at rest and in transit, and supports direct
access over the internet4.
NEW QUESTION 176
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
- (Topic 3)
A company is planning to migrate to the AWS Cloud. The company is conducting organizational transformation and wants to become more responsive to customer
inquiries and feedback.
Which tasks should the company perform to meet these requirements, according to the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
A. Realign teams to focus on products and value streams.
B. Create new value propositions with new products and services.
C. Use agile methods to rapidly iterate and evolve.
D. Use a new data and analytics platform to create actionable insights.
E. Migrate and modernize legacy infrastructure.
Answer: AC
Explanation:
Realigning teams to focus on products and value streams, and using agile methods to rapidly iterate and evolve are tasks that the company should perform to
meet the requirements of becoming more responsive to customer inquiries and feedback, according to the AWS Cloud Adoption Framework (AWS CAF). AWS
CAF organizes guidance into six areas of focus, called perspectives: business, people, governance, platform, security, and operations. Each perspective is divided
into capabilities, which describe the skills and processes to execute the transition effectively. The people perspective helps you prepare your organization for cloud
adoption, and includes capabilities such as organizational change management, staff skills and readiness, and organizational alignment. The business perspective
helps you align IT strategy with business strategy, and includes capabilities such as business case development, value proposition, and product ownership.
Creating new value propositions with new products and services is a task that belongs to the business perspective, but it is not directly related to the requirement
of becoming more responsive to customer inquiries and feedback. Using a new data and analytics platform to create actionable insights is a task that belongs to
the platform perspective, which helps you design, implement, and optimize the architecture of the AWS environment. However, it is also not directly related to the
requirement of becoming more responsive to customer inquiries and feedback. Migrating and modernizing legacy infrastructure is a task that belongs to the
operations perspective, which helps you enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders. However, it
is also not directly related to the requirement of becoming more responsive to customer inquiries and feedback.
NEW QUESTION 181
- (Topic 3)
A company wants to migrate its PostgreSQL database to AWS. The company does not use the database frequently.
Which AWS service or resource will meet these requirements with the LEAST management overhead?
A. PostgreSQL on Amazon EC2
B. Amazon RDS for PostgreSQL
C. Amazon Aurora PostgreSQL-Compatible Edition
D. Amazon Aurora Serverless
Answer: D
Explanation:
Amazon Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora PostgreSQL-Compatible Edition. It is a fully managed service that
automatically scales up and down based on the application’s actual needs. Amazon Aurora Serverless is suitable for applications that have infrequent,
intermittent, or unpredictable database workloads, and that do not require the full power and range of options provided by provisioned Aurora clusters. Amazon
Aurora Serverless eliminates the need to provision and manage database instances, and reduces the management overhead associated with database
administration tasks such as scaling, patching, backup, and recovery. References: Amazon Aurora Serverless, Choosing between Aurora Serverless and
provisioned Aurora DB clusters, [AWS Cloud Practitioner Essentials: Module 4 - Databases in the Cloud]
NEW QUESTION 186
- (Topic 3)
Which capabilities are in the platform perspective of the AWS Cloud Adoption Framework (AWS CAF)? (Select TWO.)
A. Performance and capacity management
B. Data engineering
C. Continuous integration and continuous delivery (CI/CD)
D. Infrastructure protection
E. Change and release management
Answer: BC
Explanation:
The platform perspective of the AWS Cloud Adoption Framework (AWS CAF) helps you build an enterprise-grade, scalable, hybrid cloud platform, modernize
existing workloads, and implement new cloud-native solutions1. It comprises seven capabilities, two of which are data engineering and CI/CD1.
? Data engineering: This capability helps you design and evolve a fit-for-purpose data and analytics architecture that can reduce complexity, cost, and technical
debt while enabling you to gain actionable insights from exponentially growing data volumes1. It involves selecting key technologies for each of your architectural
layers, such as ingestion, storage, catalog, processing, and consumption. It also involves supporting real-time data processing and adopting a Lake House
architecture to facilitate data movements between data lakes and purpose-built data stores1.
? CI/CD: This capability helps you automate the delivery of your cloud solutions using a set of practices and tools that enable faster and more reliable
deployments1. It involves establishing a pipeline that can build, test, and deploy your code across multiple environments. It also involves adopting a DevOps
culture that fosters collaboration, feedback, and continuous improvement among your development and operations teams1.
References:
? 1: Platform perspective: infrastructure and applications - An Overview of the AWS Cloud Adoption Framework
NEW QUESTION 191
- (Topic 3)
Which service enables customers to audit API calls in their AWS accounts'?
A. AWS CloudTrail
B. AWS Trusted Advisor
C. Amazon Inspector
D. AWS X-Ray
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Answer: A
Explanation:
AWS CloudTrail is a service that provides a record of actions taken by a user, role, or an AWS service in your AWS account. CloudTrail captures all API calls for
AWS services as events, including calls from the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services. You can use
CloudTrail to monitor, audit, and troubleshoot your AWS account activity34. AWS Trusted Advisor is a service that provides best practices recommendations for
cost optimization, performance, security, and fault tolerance in your AWS account5. Amazon Inspector is a service that helps you improve the security and
compliance of your applications deployed on AWS by automatically assessing them for vulnerabilities and deviations from best practices6. AWS X-Ray is a service
that helps you analyze and debug your applications by collecting data about the requests that your application serves, and providing tools to view, filter, and gain
insights into that data7. References: Logging AWS Audit Manager API calls with CloudTrail, Logging AWS Account Management API calls using AWS CloudTrail,
Review API calls in your AWS account using CloudTrail, Monitor the usage of AWS API calls using Amazon CloudWatch, Which service enables customers to
audit API calls in their AWS …
NEW QUESTION 192
- (Topic 3)
Which AWS service requires the customer to be fully responsible for applying operating system patches?
A. Amazon DynamoDB
B. AWS Lambda
C. AWS Fargate
D. Amazon EC2
Answer: D
Explanation:
Amazon EC2 is the AWS service that requires the customer to be fully responsible for applying operating system patches. Amazon EC2 is a service that provides
secure, resizable compute capacity in the cloud. Customers can launch virtual servers called instances and choose from various configurations of CPU, memory,
storage, and networking resources1. Customers have full control and access to their instances, which means they are also responsible for managing and
maintaining them, including applying
operating system patches2. Customers can use AWS Systems Manager Patch Manager, a feature of AWS Systems Manager, to automate the process of patching
their EC2 instances with both security-related updates and other types of updates3.
NEW QUESTION 195
- (Topic 3)
How does the AWS Enterprise Support Concierge team help users?
A. Supporting application development
B. Providing architecture guidance
C. Answering billing and account inquiries
D. Answering questions regarding technical support cases
Answer: C
Explanation:
The AWS Enterprise Support Concierge team is a group of billing and account experts who specialize in working with enterprise customers. They can help
customers with questions about billing, account management, cost optimization, and other non-technical issues. They can also assist customers with navigating
and optimizing their AWS environment, such as setting up consolidated billing, applying for service limit increases, or requesting refunds. References:
? AWS Support Plan Comparison
? AWS Enterprise Support Plan
? Answer Explained: Which AWS Support plan provides access to AWS Concierge Support team for account assistance?
NEW QUESTION 198
- (Topic 3)
Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO)
A. High availability
B. Performance efficiency
C. Cost optimization
D. Going global in minutes
E. Continuous development
Answer: BC
Explanation:
The AWS Well-Architected Framework is a set of six pillars and lenses that help cloud architects design and run workloads in the cloud. The six pillars are:
operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability. Each pillar has a set of design principles and best practices
that guide the architectural decisions. High availability is not a separate pillar, but a quality that can be achieved by applying the principles of the reliability pillar.
Going global in minutes and continuous development are not pillars of the framework, but possible benefits of using AWS services and following the framework’s
recommendations. References: AWS Well-Architected - Build secure, efficient cloud applications, AWS Well-Architected Framework, The 6 Pillars of the AWS Well-
Architected Framework
NEW QUESTION 201
- (Topic 3)
Which option is an AWS Cloud Adoption Framework (AWS CAF) foundational capability for the operations perspective?
A. Performance and capacity management
B. Application portfolio management
C. Identity and access management
D. Product management
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Answer: C
Explanation:
Identity and access management is one of the foundational capabilities for the operations perspective of the AWS Cloud Adoption Framework (AWS CAF). It
involves managing the identities, roles, permissions, and credentials of users and systems that interact with AWS resources. Performance and capacity
management is a capability for the platform perspective. Application portfolio management is a capability for the business perspective. Product management is a
capability for the governance perspective.
NEW QUESTION 203
- (Topic 3)
Which AWS service offers object storage?
A. Amazon RDS
B. Amazon Elastic File System (Amazon EFS)
C. Amazon S3
D. Amazon DynamoDB
Answer: C
Explanation:
Amazon S3 is the AWS service that offers object storage. Object storage is a technology that stores and manages data in an unstructured format called objects.
Each object consists of the data, metadata, and a unique identifier. Object storage is ideal for storing large amounts of unstructured data, such as photos, videos,
email, web pages, sensor data, and audio files1. Amazon S3 provides industry-leading scalability, data availability, security, and performance for object storage2.
Amazon RDS is the AWS service that offers relational database storage. Relational database storage is a technology that stores and manages data in a structured
format called tables. Each table consists of rows and columns that define the attributes and values of the data. Relational database storage is ideal for storing
structured or semi-structured data, such as customer records, inventory, transactions, and analytics3.
Amazon Elastic File System (Amazon EFS) is the AWS service that offers file storage. File storage is a technology that stores and manages data in a hierarchical
format called files and folders. Each file consists of the data and metadata, and each folder consists of files or subfolders. File storage is ideal for storing shared
data that can be accessed by multiple users or applications, such as home directories, content repositories, media libraries, and configuration files4.
Amazon DynamoDB is the AWS service that offers NoSQL database storage. NoSQL database storage is a technology that stores and manages data in a flexible
format called documents or key-value pairs. Each document or key-value pair consists of the data and metadata, and can have different attributes and values
depending on the schema. NoSQL database storage is ideal for storing dynamic or unstructured data that requires high performance, scalability, and availability,
such as web applications, social media, gaming, and IoT.
NEW QUESTION 205
- (Topic 3)
A company is expecting a short-term spike in internet traffic for its application. During the traffic increase, the application cannot be interrupted. The company also
needs to minimize cost and maximize flexibility.
A company needs to use a serverless interactive query service to analyze data in Amazon S3. The query service must support standard SQL.
Which AWS service will meet these requirements?
A. Amazon Redshift
B. AWS Glue
C. Amazon Athena
D. Amazon Kinesis Data Streams
Answer: C
Explanation:
Amazon Athena is a serverless interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. Athena is ideal for quick, ad-hoc
querying but it can also handle complex analysis, including large joins, window functions, and arrays. Athena scales automatically—executing queries in parallel—so
results are fast, even with large datasets and complex queries. Amazon Redshift is a fully managed, petabyte-scale data warehouse service that can run complex
analytic queries against structured and semi-structured data using standard SQL. However, it is not a serverless service and requires provisioning and managing
clusters of nodes. AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy to prepare and load your data for analytics. However,
it is not a query service and does not support standard SQL. Amazon Kinesis Data Streams is a service that enables you to build custom applications that process
or analyze streaming data for specialized needs. However, it is not a query service and does not support standard SQL.
NEW QUESTION 208
- (Topic 3)
Which scenarios represent the concept of elasticity on AWS? (Select TWO.)
A. Scaling the number of Amazon EC2 instances based on traffic
B. Resizing Amazon RDS instances as business needs change
C. Automatically directing traffic to less-utilized Amazon EC2 instances
D. Using AWS compliance documents to accelerate the compliance process
E. Having the ability to create and govern environments using code
Answer: AB
Explanation:
These are two scenarios that represent the concept of elasticity on AWS. Elasticity means the ability to adjust the resources and capacity of the system in
response to changes in demand or environment. Scaling the number of Amazon EC2 instances based on traffic means using services such as AWS Auto Scaling
or Elastic Load Balancing to add or remove instances as the traffic increases or decreases. Resizing Amazon RDS instances as business needs change means
using the Amazon RDS console or API to modify the instance type, storage type, or storage size of the database as the workload grows or shrinks. You can learn
more about the concept of elasticity on AWS from [this webpage] or [this digital course].
NEW QUESTION 210
- (Topic 3)
Which maintenance task is the customer's responsibility, according to the AWS shared responsibility model?
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
A. Physical connectivity among Availability Zones
B. Network switch maintenance
C. Hardware updates and firmware patches
D. Amazon EC2 updates and security patches
Answer: D
Explanation:
According to the AWS shared responsibility model, customers are responsible for managing their data, applications, operating systems, security groups, and other
aspects of their AWS environment. This includes installing updates and security patches of the guest operating system and any application software or utilities
installed by the customer on the instances. AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud, such as data
centers, hardware, software, networking, and facilities. This includes the physical connectivity among Availability Zones, the network switch maintenance, and the
hardware updates and firmware patches. Therefore, option D is the correct answer, and options A, B, and C are AWS responsibilities, not customer
responsibilities. References: : AWS Well-Architected Framework - Elasticity; : Reactive Systems on AWS - Elastic
NEW QUESTION 215
- (Topic 3)
A company needs to block SQL injection attacks.
Which AWS service or feature can meet this requirement?
A. AWS WAF
B. AWS Shield
C. Network ACLs
D. Security groups
Answer: A
Explanation:
AWS WAF is a web application firewall that helps protect web applications from common web exploits, such as SQL injection attacks. It allows customers to
create custom rules that block malicious requests. AWS Shield is a managed service that protects against distributed denial of service (DDoS) attacks, not SQL
injection attacks. Network ACLs and security groups are network-level security features that filter traffic based on IP addresses and ports, not web requests or SQL
queries. References: [AWS WAF], [AWS Shield], [Network ACLs], [Security groups]
NEW QUESTION 217
- (Topic 3)
A company is using Amazon DynamoDB.
Which task is the company's responsibility, according to the AWS shared responsibility model?
A. Patch the operating system
B. Provision hosts
C. Manage database access permissions.
D. Secure the operating system
Answer: C
Explanation:
According to the AWS shared responsibility model, AWS is responsible for the security of the cloud, while customers are responsible for the security in the cloud.
This means that AWS is responsible for the physical servers, networking, and operating system that run DynamoDB, while customers are responsible for the
security of their data and access to the database. Customers need to manage database access permissions, such as creating and managing AWS Identity and
Access Management (IAM) policies and roles, and using encryption and key management options to protect their data123. References: 1: Shared Responsibility
Model - Amazon Web Services (AWS), 2: Security in Amazon DynamoDB - Amazon DynamoDB, 3: AWS Shared Responsibility Model - Introduction to DevOps …
NEW QUESTION 222
- (Topic 3)
What can a cloud practitioner use to retrieve AWS security and compliance documents and submit them as evidence to an auditor or regulator?
A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS Artifact
D. Amazon Inspector
Answer: C
Explanation:
AWS Artifact is a service that provides on-demand access to AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry
(PCI) reports, and Service Organization Control (SOC) reports. You can download these documents and submit them as evidence to your auditors or regulators to
demonstrate the security and compliance of the AWS infrastructure and services that you use. AWS Artifact also allows you to review, accept, and manage AWS
agreements, such as the Business Associate Addendum (BAA) for customers who are subject to the Health Insurance Portability and Accountability Act (HIPAA).
References: AWS Artifact, What is AWS Artifact?
NEW QUESTION 226
- (Topic 3)
Which AWS service converts text to lifelike voices?
A. Amazon Transcribe
B. Amazon Rekognition
C. Amazon Polly
D. Amazon Textract
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Answer: C
Explanation:
Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled
products. Polly’s Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech1. Amazon Polly
supports dozens of languages and a wide range of natural-sounding voices. You can customize and control the speech output by using lexicons and SSML tags.
You can also store and redistribute the speech output in standard audio formats like MP3 and OGG2.
Amazon Transcribe is a service that converts speech to text, enabling you to create text transcripts from audio or video files. It can recognize multiple speakers,
different languages, accents, dialects, and background noises. It can also add punctuation and formatting to the transcripts. Amazon Transcribe is useful for
applications such as subtitling, captioning, transcription, and voice search.
Amazon Rekognition is a service that provides image and video analysis using computer vision and deep learning. It can detect objects, faces, text, scenes,
activities, and emotions in images and videos. It can also perform face recognition, face comparison, face search, celebrity recognition, and facial analysis.
Amazon Rekognition is useful for applications such as security, social media, e-commerce, and media and entertainment.
Amazon Textract is a service that extracts text and data from scanned documents using optical character recognition (OCR) and machine learning. It can identify
the contents of fields in forms and tables, as well as the relationships between them. It can also preserve the layout and structure of the original document.
Amazon Textract is useful for applications such as data entry, document management, compliance, and analytics. References:
? Text to Speech Software – Amazon Polly – Amazon Web Services
? What is Text to Speech – Amazon Web Services (AWS)
? AWS Amazon Polly - Text to Speech Converter - CodeCanyon
? Amazon’s Text-To-Speech AI Service Sounds More Natural And … - Forbes
? Working with AWS Amazon Polly Text-to-Speech (TTS) Service
? [Automatic Speech Recognition - Amazon Transcribe - AWS]
? [Amazon Rekognition – Video and Image - AWS]
? [Extract Text & Data - OCR - Amazon Textract - AWS]
NEW QUESTION 231
- (Topic 3)
A company needs to apply security rules to specific Amazon EC2 instances. Which AWS service or feature provides this functionality?
A. AWS Shield
B. Network ACLs
C. Security groups
D. AWS Firewall Manager
Answer: C
Explanation:
Security groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level. You can use security
groups to set rules that allow or deny traffic to or from your instances. You can modify the rules for a security group at any time; the new rules are automatically
applied to all instances that are associated with the security group.
NEW QUESTION 236
- (Topic 3)
Which characteristic of the AWS Cloud helps users eliminate underutilized CPU capacity'?
A. Agility
B. Elasticity
C. Reliability
D. Durability
Answer: B
Explanation:
Elasticity is a characteristic of the AWS Cloud that helps users eliminate underutilized CPU capacity. Elasticity refers to the ability to dynamically provision and de-
provision computing resources as per demand, ensuring that the application or service always has the required resources to operate efficiently. Elasticity helps
users optimize performance and costs, as they only pay for the resources they use and avoid wasting resources when the demand is low345. References: 3:
Which characteristic of the aws cloud helps users eliminate …, 4: AWS Elastic Load Balancing and Application Load Balancer, 5: Which characteristic of the AWS
Cloud helps users eliminate …
NEW QUESTION 241
- (Topic 3)
A company wants to automatically add and remove Amazon EC2 instances. The company wants the EC2 instances to adjust to varying workloads dynamically.
Which service or feature will meet these requirements?
A. Amazon DynamoDB
B. Amazon EC2 Spot Instances
C. AWS Snow Family
D. Amazon EC2 Auto Scaling
Answer: D
Explanation:
Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to
definable conditions. You can create collections of EC2 instances, called Auto Scaling groups, and specify the minimum and maximum number of instances in
each group. You can also define scaling policies that adjust the number of instances based on the demand on your application. Amazon EC2 Auto Scaling helps
you improve the performance,
reliability, and cost-efficiency of your EC2 workloads123. References: 1: VDI Desktops - Amazon WorkSpaces Family - AWS, 2: What is Amazon EC2 Auto
Scaling? - Amazon EC2 Auto Scaling, 3: Discover Amazon EC2 Auto Scaling Unit | Salesforce Trailhead
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
NEW QUESTION 245
- (Topic 3)
Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?
A. Sustainability
B. Security
C. Performance efficiency
D. Reliability
Answer: B
Explanation:
The AWS Cloud Adoption Framework (AWS CAF) helps organizations understand how cloud adoption transforms the way they work, and it provides structure to
identify and address gaps in skills and processes. The AWS CAF organizes guidance into six areas of focus, called perspectives. Each perspective reflects a
different stakeholder viewpoint with its own distinct responsibilities, skills, and attributes. The Security Perspective helps you structure the selection and
implementation of security controls that meet your organization’s needs2.
NEW QUESTION 246
- (Topic 3)
Which AWS service provides protection against DDoS attacks for applications that run in the AWS Cloud?
A. Amazon VPC
B. AWS Shield
C. AWS Audit Manager
D. AWS Config
Answer: B
Explanation:
AWS Shield is an AWS service that provides protection against distributed denial of service (DDoS) attacks for applications that run in the AWS Cloud. DDoS
attacks are attempts to make an online service unavailable by overwhelming it with traffic from multiple sources. AWS Shield provides two tiers of protection: AWS
Shield Standard and AWS Shield Advanced. AWS Shield Standard is automatically enabled for all AWS customers at no additional charge. It provides protection
against common and frequently occurring network and transport layer DDoS attacks. AWS Shield Advanced is an optional paid service that provides additional
protection against larger and more sophisticated DDoS attacks. AWS Shield Advanced also provides access to 24/7 DDoS response team, cost protection, and
enhanced detection and mitigation capabilities
NEW QUESTION 249
- (Topic 3)
A company is migrating its workloads to the AWS Cloud. The company must retain full control of patch management for the guest operating systems that host its
applications.
Which AWS service should the company use to meet these requirements?
A. Amazon DynamoDB
B. Amazon EC2
C. AWS Lambda
D. Amazon RDS
Answer: B
Explanation:
Amazon EC2 is the AWS service that the company should use to meet its requirements of retaining full control of patch management for the guest operating
systems that host its applications. Amazon EC2 is a service that provides secure, resizable compute capacity in the cloud. Users can launch virtual servers, called
instances, that run various operating systems, such as Linux, Windows, macOS, and more. Users have full administrative access to their instances and can install
and configure any software, including patches and updates, on their instances. Users are responsible for managing the security and maintenance of their
instances, including patching the guest operating system and applications. Users can also use AWS Systems Manager to automate and simplify the patching
process for their EC2 instances. AWS Systems Manager is a service that helps users manage their AWS and on-premises resources at scale. Users can use AWS
Systems Manager Patch Manager to scan their instances for missing patches, define patch baselines and maintenance windows, and apply patches automatically
or manually across their instances. Users can also use AWS Systems Manager to monitor the patch compliance status and patching history of their instances.
References: What is Amazon EC2?, AWS Systems Manager Patch Manager
NEW QUESTION 251
- (Topic 3)
A company uses AWS for its web application. The company wants to minimize latency and perform compute operations for the application as close to end users
as possible.
Which AWS service or infrastructure component will provide this functionality?
A. AWS Regions
B. Availability Zones
C. Edge locations
D. AWS Direct Connect
Answer: C
Explanation:
Edge locations are sites that Amazon CloudFront uses to cache copies of your content for faster delivery to users at any location. You can use Amazon
CloudFront to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations. Requests for your
content are automatically routed to the nearest edge location, so content is delivered with the best possible performance3. Edge locations can also host AWS
Lambda functions to perform compute operations for your web application as close to end users as possible4.
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
NEW QUESTION 253
- (Topic 3)
A company needs a graph database service that is scalable and highly available.
Which AWS service meets these requirements?
A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon Neptune
Answer: D
Explanation:
The AWS service that meets the requirements of providing a graph database service that is scalable and highly available is Amazon Neptune. Amazon Neptune is
a fast, reliable, and fully managed graph database service that supports property graph and RDF graph models. Amazon Neptune is designed to store billions of
relationships and query the graph with milliseconds latency. Amazon Neptune also offers high availability and durability by replicating six copies of the data across
three Availability Zones and continuously backing up the data to Amazon S35. Amazon Aurora, Amazon Redshift, and Amazon DynamoDB are other AWS
services that provide relational or non- relational database solutions, but they do not support graph database models.
NEW QUESTION 255
- (Topic 3)
A company has designed its AWS Cloud infrastructure to run its workloads effectively. The company also has protocols in place to continuously improve
supporting processes.
Which pillar of the AWS Well-Architected Framework does this scenario represent?
A. Security
B. Performance efficiency
C. Cost optimization
D. Operational excellence
Answer: D
Explanation:
The scenario represents the operational excellence pillar of the AWS Well- Architected Framework, which focuses on running and monitoring systems to deliver
business value and continually improve supporting processes and procedures1. Security, performance efficiency, cost optimization, and reliability are the other
four pillars of the framework1.
NEW QUESTION 259
- (Topic 3)
A company wants to set up a high-speed connection between its data center and its applications that run on AWS. The company must not transfer data over the
internet.
Which action should the company take to meet these requirements?
A. Transfer data to AWS by using AWS Snowball.
B. Transfer data to AWS by using AWS Storage Gateway.
C. Set up a VPN connection between the data center and an AWS Region.
D. Set up an AWS Direct Connect connection between the company network and AWS.
Answer: D
Explanation:
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from a customer’s premises to AWS. AWS Direct
Connect does not involve the public internet, and therefore can reduce network costs, increase bandwidth throughput, and provide a more consistent network
experience than internet-based connections. AWS Snowball is a petabyte-scale data transport service that uses secure devices to transfer large amounts of data
into and out of the AWS Cloud. AWS Storage Gateway is a hybrid cloud storage service that gives customers on-premises access to virtually unlimited cloud
storage. A VPN connection enables customers to establish a secure and private connection between their network and AWS.
NEW QUESTION 260
- (Topic 3)
Which database engines does Amazon Aurora support? (Select TWO.)
A. Oracle
B. Microsoft SQL Server
C. MySQL
D. PostgreSQL
E. MongoDB
Answer: CD
Explanation:
Amazon Aurora is a relational database service that is compatible with MySQL and PostgreSQL engines. It delivers up to five times the performance of MySQL
and up to three times the performance of PostgreSQL. It also provides high availability, scalability, security, and durability1
NEW QUESTION 261
- (Topic 3)
A company wants to migrate a database from an on-premises environment to Amazon RDS.
After the migration is complete, which management task will the company still be responsible for?
A. Hardware lifecycle management
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
B. Application optimization
C. Server maintenance
D. Power, network, and cooling provisioning
Answer: B
Explanation:
Amazon RDS is a managed database service that handles most of the common database administration tasks, such as hardware provisioning, server
maintenance, backup and recovery, patching, scaling, and replication. However, Amazon RDS does not optimize the application that interacts with the database.
The company is still responsible for tuning the performance, security, and availability of the application according to its business requirements and best
practices12. References:
? What is Amazon Relational Database Service (Amazon RDS)?
? Perform common DBA tasks for Amazon RDS DB instances
NEW QUESTION 265
......
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Recommend!! Get the Full CLF-C02 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CLF-C02-exam-dumps.html (120 New Questions)
Thank You for Trying Our Product
We offer two products:
1st - We have Practice Tests Software with Actual Exam Questions
2nd - Questons and Answers in PDF Format
CLF-C02 Practice Exam Features:
* CLF-C02 Questions and Answers Updated Frequently
* CLF-C02 Practice Questions Verified by Expert Senior Certified Staff
* CLF-C02 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* CLF-C02 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
100% Actual & Verified — Instant Download, Please Click
Order The CLF-C02 Practice Test Here
Passing Certification Exams Made Easy visit - https://www.surepassexam.com
Powered by TCPDF (www.tcpdf.org)
You might also like
- AWS Certified Cloud Practitioner Exam Dumps - myTechMint-job 6No ratings yetAWS Certified Cloud Practitioner Exam Dumps - myTechMint-job 631 pages
- Expert Veri Ed, Online, Free.: Topic 1 - Exam ANo ratings yetExpert Veri Ed, Online, Free.: Topic 1 - Exam A148 pages
- AWS Certified Solutions Architect Associate Practice Test 02No ratings yetAWS Certified Solutions Architect Associate Practice Test 0275 pages
- Aindump2go Saa-C03 Vce 2023-Jun-20 by Timothy 236q VceNo ratings yetAindump2go Saa-C03 Vce 2023-Jun-20 by Timothy 236q Vce13 pages
- Amazon Web Services Certshared Saa-C02 Exam Question 2021-Jul-19 by Mandel 323q VceNo ratings yetAmazon Web Services Certshared Saa-C02 Exam Question 2021-Jul-19 by Mandel 323q Vce9 pages
- Amazon Web Services Passguide Dop-C02 Simulations 2024-Apr-03 by Stan 68q VceNo ratings yetAmazon Web Services Passguide Dop-C02 Simulations 2024-Apr-03 by Stan 68q Vce23 pages
- The Context Is Around Un Predictable + Cost Effective ..Store The Images Using The S3 IntelligentNo ratings yetThe Context Is Around Un Predictable + Cost Effective ..Store The Images Using The S3 Intelligent78 pages
- Aws Certified Cloud Practitioner CLF c02 2024No ratings yetAws Certified Cloud Practitioner CLF c02 2024191 pages
- AWS Certified Solutions Architect - AssociateNo ratings yetAWS Certified Solutions Architect - Associate173 pages
- AWS Certified Solutions Architect Associate-Exam Guide EN 1.8 PDFNo ratings yetAWS Certified Solutions Architect Associate-Exam Guide EN 1.8 PDF3 pages
- AWS Solutions Architect Practice Test ResultsNo ratings yetAWS Solutions Architect Practice Test Results159 pages
- AWS Certified Cloud Practitioner CLF-C01 Part 1 Quiz FormatNo ratings yetAWS Certified Cloud Practitioner CLF-C01 Part 1 Quiz Format17 pages
- AWS Certified Developer - Associate Exam Dumps With PDF and VCE Download (1-30)No ratings yetAWS Certified Developer - Associate Exam Dumps With PDF and VCE Download (1-30)2 pages
- AWS Certified Solutions Architect Associate Practice Test 03No ratings yetAWS Certified Solutions Architect Associate Practice Test 0372 pages
- Amazon-Web-Services: Exam Questions SAA-C02No ratings yetAmazon-Web-Services: Exam Questions SAA-C0210 pages
- AWS Certified Developer Associate - Exam GuideNo ratings yetAWS Certified Developer Associate - Exam Guide16 pages
- AWS Certified Cloud Practitioner (CLF-C01) Sample Exam QuestionsNo ratings yetAWS Certified Cloud Practitioner (CLF-C01) Sample Exam Questions3 pages
- Amazon: Exam Questions AWS-Solution-Architect-AssociateNo ratings yetAmazon: Exam Questions AWS-Solution-Architect-Associate28 pages
- AWS Solutions Architect Associate (SAA-C01) Sample Exam QuestionsNo ratings yetAWS Solutions Architect Associate (SAA-C01) Sample Exam Questions4 pages
- AWS Certified Cloud Practitioner - Sample Questions PDFNo ratings yetAWS Certified Cloud Practitioner - Sample Questions PDF3 pages
- AWS Certified SysOps Administrator Associate - Sample QuestionsNo ratings yetAWS Certified SysOps Administrator Associate - Sample Questions11 pages
- Amazon Actualtests AWS-Certified-Cloud-Practitioner Sample Question V2019-Aug-02 by Matt 83q VceNo ratings yetAmazon Actualtests AWS-Certified-Cloud-Practitioner Sample Question V2019-Aug-02 by Matt 83q Vce6 pages
- Latest DVA-C02 Exam Dumps From DumpsArena - Pass ConfidentlyNo ratings yetLatest DVA-C02 Exam Dumps From DumpsArena - Pass Confidently10 pages
- Sample Questions For Amazon Dop c02 Exam by DelaneyNo ratings yetSample Questions For Amazon Dop c02 Exam by Delaney16 pages
- Amazon CLF c02 Braindumpscollection Actual Questions by Carlson 29 01 2024 10qaNo ratings yetAmazon CLF c02 Braindumpscollection Actual Questions by Carlson 29 01 2024 10qa18 pages
- Quizlet-Outsystems Certification Associate Web Developer SimulateNo ratings yetQuizlet-Outsystems Certification Associate Web Developer Simulate18 pages
- Computer Science-Syllabus (CBCS) - 18-19No ratings yetComputer Science-Syllabus (CBCS) - 18-1926 pages
- Siebel 8.1 Integration With Avaya IC 7.2No ratings yetSiebel 8.1 Integration With Avaya IC 7.23 pages
- Data Processing Sss 2 Scheme of Work - Syllabus - NGNo ratings yetData Processing Sss 2 Scheme of Work - Syllabus - NG20 pages
- Customer Support Service Operations (Synopsis)100% (1)Customer Support Service Operations (Synopsis)8 pages
- Tech+ FC0-U71 - Full-Length Practice Exam #1No ratings yetTech+ FC0-U71 - Full-Length Practice Exam #138 pages
- Technical Note #25: PMCS 5.0/5.1 Log FilesNo ratings yetTechnical Note #25: PMCS 5.0/5.1 Log Files4 pages