We just do not compromise with the bright future of our respected customers. PassExam4Sure takes the future of clients quite seriously and we ensure that our CLF-C02 exam dumps get you through the line. If you think that our exam question and answers did not help you much with the exam paper and you failed it somehow, we will happily return all of your invested money with a full 100% refund.
100% Real Questions
We verify and assure the authenticity of Amazon CLF-C02 exam dumps PDFs with 100% real and exam-oriented questions. Our exam questions and answers comprise 100% real exam questions from the latest and most recent exams in which you’re going to appear. So, our majestic library of exam dumps for Amazon CLF-C02 is surely going to push on forward on the path of success.
Security & Privacy
Free for download Amazon CLF-C02 demo papers are available for our customers to verify the authenticity of our legit helpful exam paper samples, and to authenticate what you will be getting from PassExam4Sure. We have tons of visitors daily who simply opt and try this process before making their purchase for Amazon CLF-C02 exam dumps.
Last Week CLF-C02 Exam Results
147
Customers Passed Amazon CLF-C02 Exam
99%
Average Score In Real CLF-C02 Exam
97%
Questions came from our CLF-C02 dumps.
Authentic CLF-C02 Exam Dumps
Prepare for Amazon CLF-C02 Exam like a Pro
PassExam4Sure is famous for its top-notch services for providing the most helpful, accurate, and up-to-date material for Amazon CLF-C02 exam in form of PDFs. Our CLF-C02 dumps for this particular exam is timely tested for any reviews in the content and if it needs any format changes or addition of new questions as per new exams conducted in recent times. Our highly-qualified professionals assure the guarantee that you will be passing out your exam with at least 85% marks overall. PassExam4Sure Amazon CLF-C02 ProvenDumps is the best possible way to prepare and pass your certification exam.
Easy Access and Friendly UI
PassExam4Sure is your best buddy in providing you with the latest and most accurate material without any hidden charges or pointless scrolling. We value your time and we strive hard to provide you with the best possible formatting of the PDFs with accurate, to the point, and vital information about Amazon CLF-C02. PassExam4Sure is your 24/7 guide partner and our exam material is curated in a way that it will be easily readable on all smartphone devices, tabs, and laptop PCs.
PassExam4Sure - The Undisputed King for Preparing CLF-C02 Exam
We have a sheer focus on providing you with the best course material for Amazon CLF-C02. So that you may prepare your exam like a pro, and get certified within no time. Our practice exam material will give you the necessary confidence you need to sit, relax, and do the exam in a real exam environment. If you truly crave success then simply sign up for PassExam4Sure Amazon CLF-C02 exam material. There are millions of people all over the globe who have completed their certification using PassExam4Sure exam dumps for Amazon CLF-C02.
100% Authentic Amazon CLF-C02 – Study Guide (Update 2024)
Our Amazon CLF-C02 exam questions and answers are reviewed by us on weekly basis. Our team of highly qualified Amazon professionals, who once also cleared the exams using our certification content does all the analysis of our recent exam dumps. The team makes sure that you will be getting the latest and the greatest exam content to practice, and polish your skills the right way. All you got to do now is to practice, practice a lot by taking our demo questions exam, and making sure that you prepare well for the final examination. Amazon CLF-C02 test is going to test you, play with your mind and psychology, and so be prepared for what’s coming. PassExam4Sure is here to help you and guide you in all steps you will be going through in your preparation for glory. Our free downloadable demo content can be checked out if you feel like testing us before investing your hard-earned money. PassExam4Sure guaranteed your success in the Amazon CLF-C02 exam because we have the newest and most authentic exam material that cannot be found anywhere else on the internet.
Amazon CLF-C02 Sample Questions
Question # 1
A company has a centralized group of users with large file storage requirements that haveexceeded the space available on premises. The company wants to extend its file storagecapabilities for this group while retaining the performance benefit of sharing content locally.What is the MOST operationally efficient AWS solution for this scenario?
A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 filesystem mounting utility. B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user'sworkstation to the file gateway. C. Move each user's working environment to Amazon Workspaces. Set up an AmazonWorkDocs account for each user. D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (AmazonEBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
Answer: B
Explanation: AWS Storage Gateway is a hybrid cloud storage service that allows you to
extend your on-premises file storage capabilities to the AWS Cloud. AWS Storage
Gateway file gateway enables you to store and access your files in Amazon S3 using
industry-standard file protocols such as NFS and SMB. File gateway caches frequently
accessed files locally, providing low-latency access to your data. File gateway also
optimizes the transfer of data between your on-premises environment and AWS,
minimizing the amount of bandwidth consumed. By using file gateway, you can retain the
performance benefit of sharing content locally while leveraging the scalability, durability,
and cost-effectiveness of Amazon S3. References: AWS Storage Gateway, File Gateway
Question # 2
Which complimentary AWS service or tool creates data-driven business cases for cloudplanning?
A. Migration Evaluator B. AWS Billing Conductor C. AWS Billing Console D. Amazon Forecast
Answer: A
Explanation: Migration Evaluator is a cloud-based service that provides organizations with
a comprehensive assessment of their current IT environment and estimates the cost
savings and performance improvements that can be achieved by migrating to
AWS. Migration Evaluator helps users build a data-driven business case for AWS by discovering over-provisioned on-premises instances, providing recommendations for costeffective
AWS alternatives, and analyzing existing licenses and cost comparisons of Bring
Your Own License (BYOL) and License Included (LI) options
Question # 3
Which AWS services or features provide disaster recovery solutions for Amazon EC2instances? (Select TWO.)
A. EC2 Reserved Instances B. EC2 Amazon Machine Images (AMIs) C. Amazon Elastic Block Store (Amazon EBS) snapshots D. AWS Shield E. Amazon GuardDuty
Answer: B,C
Explanation: The correct answer is B and C. EC2 Amazon Machine Images (AMIs) and
Amazon Elastic Block Store (Amazon EBS) snapshots are two AWS services that provide
disaster recovery solutions for Amazon EC2 instances.
EC2 AMIs are preconfigured templates that contain the software configuration and
data required to launch an EC2 instance. You can create AMIs from your running
EC2 instances and use them to launch new instances in the same or different
AWS Regions. This way, you can quickly recover your EC2 instances in case of a
disaster that affects your primary Region or Availability Zone1.
Amazon EBS snapshots are incremental backups of your Amazon EBS volumes.
You can create snapshots of your volumes and store them in Amazon S3, which is
a highly durable and scalable storage service. You can use snapshots to restore
your volumes to a previous point in time or to create new volumes from
snapshots. Snapshots can also be copied across AWS Regions, enabling you to
recover your data in another Region in case of a disaster2.
The other options are not directly related to disaster recovery for EC2 instances:
EC2 Reserved Instances are a pricing model that allows you to reserve EC2
capacity for a specific period of time and receive a discount on the hourly
charge. Reserved Instances do not provide any disaster recovery benefits, as they
are only a billing option3.
AWS Shield is a managed service that protects your AWS resources from
for all AWS customers at no additional charge, and advanced protection for
customers who need higher levels of detection and mitigation. AWS Shield does
not provide any disaster recovery benefits, as it is only a security service4.
Amazon GuardDuty is a threat detection service that monitors your AWS account
and workloads for malicious or unauthorized activity. Amazon GuardDuty analyzes
various data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS
logs, to identify potential threats and alert you via Amazon CloudWatch Events or
AWS Lambda. Amazon GuardDuty does not provide any disaster recovery
benefits, as it is only a monitoring service5.
Question # 4
Using AWS Identity and Access Management (IAM) to grant access only to the resourcesneeded to perform a task is a concept known as:
A. restricted access. B. as-needed access. C. least privilege access. D. token access.
Answer: C
Explanation: The concept of granting access only to the resources needed to perform a
task is known as least privilege access. This is a security best practice in IAM that helps to
reduce the risk of unauthorized or malicious actions. By applying least privilege access,
you can limit the permissions of your IAM users, groups, and roles to the minimum required
for their specific tasks. You can also use conditions, permissions boundaries, and IAM
Access Analyzer to further restrict and verify access. References: Security best practices in
IAM, Policies and permissions in IAM, Use IAM policies to grant the least privileges
required to access Amazon RDS resources, How to Design a Least Privilege Architecture
in AWS, 12 Azure & AWS IAM Security Best Practices
Question # 5
Which AWS service or feature provides log information of the inbound and outbound trafficon network interfaces in a VPC?
A. Amazon CloudWatch Logs B. AWS CloudTrail C. VPC Flow Logs D. AWS Identity and Access Management (IAM)
Answer: C
Explanation: VPC Flow Logs is a feature that enables you to capture information about the
IP traffic going to and from network interfaces in your VPC. Flow log data can be published
to the following locations: Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data
Firehose. You can use VPC Flow Logs to monitor network traffic, diagnose security issues,
troubleshoot connectivity problems, and perform network forensics1. References:
Logging IP traffic using VPC Flow Logs - Amazon Virtual Private Cloud
Question # 6
What is the best resource for a user to find compliance-related information and reportsabout AWS?
A. AWS Artifact B. AWS Marketplace C. Amazon Inspector D. Increase operational costs across data centers.
Answer: A
Explanation: AWS Artifact is a self-service portal that provides on-demand access to AWS
security and compliance reports and select online agreements. Users can download
reports such as AWS ISO certifications, PCI reports, SOC reports, and GDPR DPA, and
review and accept agreements such as BAA and NDA. AWS Artifact helps users to
understand and meet compliance requirements for various standards and regulations that
apply to AWS services and infrastructure. AWS Artifact is the best resource for a user to
find compliance-related information and reports about AWS, whereas the other options are
not
Question # 7
A company operates a petabyte-scale data warehouse to analyze its data. The companywants a solution that will not require manual hardware and software management. WhichAWS service will meet these requirements?
A. Amazon DocumentDB (with MongoDB compatibility) B. Amazon Redshift C. Amazon Neptune D. Amazon ElastiCache
Answer: B
Explanation: Amazon Redshift is a fast, fully managed, petabyte-scale data warehouse
service that makes it simple and cost-effective to analyze all your data using your existing
business intelligence tools. You can start small with no commitments, and scale to
petabytes for less than a tenth of the cost of traditional solutions. Amazon Redshift does
not require manual hardware and software management, as AWS handles all the tasks
such as provisioning, patching, backup, recovery, failure detection, and repair12. Amazon
Redshift also offers serverless capabilities, which allow you to access and analyze data
without any configurations or capacity planning. Amazon Redshift automatically scales the
data warehouse capacity to deliver fast performance for even the most demanding and
unpredictable workloads3. Therefore, Amazon Redshift meets the requirements of the
company, compared to the other options.
The other options are not suitable for the company’s requirements, because:
Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly
available, and fully managed document database service that supports MongoDB
workloads. It is not designed for petabyte-scale data warehousing or analytics4.
Amazon Neptune is a fast, reliable, and fully managed graph database service that
makes it easy to build and run applications that work with highly connected
datasets. It is not designed for petabyte-scale data warehousing or analytics5.
Amazon ElastiCache is a fully managed in-memory data store and cache service that supports Redis and Memcached. It is not designed for petabyte-scale data
warehousing or analytics.
References:
What is Amazon Redshift? - Amazon Redshift
Amazon Redshift Features - Amazon Redshift
Amazon Redshift Serverless - Amazon Redshift
What Is Amazon DocumentDB (with MongoDB compatibility)? - Amazon
DocumentDB (with MongoDB compatibility)
What Is Amazon Neptune? - Amazon Neptune
[What Is Amazon ElastiCache for Redis? - Amazon ElastiCache for Redis]
Question # 8
A company wants to move its on-premises databases to managed cloud database servicesby using a simplified migration process. Which AWS service or tool can help the companymeet this requirement?
A. AWS Storage Gateway B. AWS Application Migration Service C. AWS DataSync D. AWS Database Migration Service (AWS DMS)
Answer: D
Explanation: AWS Database Migration Service (AWS DMS) is a cloud service that makes
it possible to migrate relational databases, data warehouses, NoSQL databases, and other
types of data stores. You can use AWS DMS to migrate your data into the AWS Cloud or
between combinations of cloud and on-premises setups. With AWS DMS, you can discover
your source data stores, convert your source schemas, and migrate your data. AWS DMS
supports migration between 20-plus database and analytics engines, such as Oracle to
Amazon Aurora MySQL-Compatible Edition, MySQL to Amazon Relational Database
(RDS) for MySQL, Microsoft SQL Server to Amazon Aurora PostgreSQL-Compatible
Edition, MongoDB to Amazon DocumentDB (with MongoDB compatibility), Oracle to Amazon Redshift, and Amazon Simple Storage Service (S3). You can perform one-time
migrations or replicate ongoing changes to keep sources and targets in sync. AWS DMS
automatically manages the deployment, management, and monitoring of all hardware and
software needed for your migration. AWS DMS is a highly resilient, secure cloud service
that provides database discovery, schema conversion, data migration, and ongoing
replication to and from a wide range of databases and analytics systems12. References:
Database Migration - AWS Database Migration Service - AWS
What is AWS Database Migration Service? - AWS Database Migration Service
Question # 9
A company wants to allow users to authenticate and authorize multiple AWS accounts byusing a single set of credentials.Which AWS service or resource will meet this requirement?
A. AWS Organizations B. IAM user C. AWS IAM Identity Center (AWS Single Sign-On) D. AWS Control Tower
Answer: C
Explanation: AWS IAM Identity Center (AWS Single Sign-On) is a cloud-based service
that makes it easy to centrally manage single sign-on (SSO) access to multiple AWS
accounts and business applications. You can use AWS SSO to enable your users to sign in
to the AWS Management Console or the AWS Command Line Interface (AWS CLI) with
their existing corporate credentials2. You can also manage SSO access and user
permissions across all your AWS accounts in AWS Organizations3. References: AWS
Single Sign-On - AWS Documentation, AWS Organizations - AWS Documentation
Question # 10
An ecommerce company wants to use Amazon EC2 Auto Scaling to add and remove EC2instances based on CPU utilization. Which AWS service or feature can initiate an Amazon EC2 Auto Scaling action to achievethis goal?
A. Amazon Simple Queue Service (Amazon SQS) B. Amazon Simple Notification Service (Amazon SNS) C. AWS Systems Manager D. Amazon CloudWatch alarm
Answer: D
Explanation: Amazon CloudWatch alarm is an AWS service or feature that can initiate an
Amazon EC2 Auto Scaling action based on CPU utilization. Amazon CloudWatch is a
monitoring and observability service that collects and tracks metrics, logs, events, and
alarms for your AWS resources and applications. Amazon CloudWatch alarms are actions
that you can configure to send notifications or automatically make changes to the
resources you are monitoring based on rules that you define67.
Amazon EC2 Auto Scaling is a service that helps you maintain application availability and
allows you to automatically add or remove EC2 instances according to definable
conditions. You can create dynamic scaling policies that track a specific CloudWatch
metric, such as CPU utilization, and define what action to take when the associated
CloudWatch alarm is in ALARM. When the policy is in effect, Amazon EC2 Auto Scaling
adjusts the group’s desired capacity up or down when the threshold of an alarm is
CloudWatch Documentation, 8: Dynamic scaling for Amazon EC2 Auto Scaling, 9: Amazon
EC2 Auto Scaling Documentation
Question # 11
A company needs to track the activity in its AWS accounts, and needs to know when anAPI call is made against its AWS resources. Which AWS tool or service can be used tomeet these requirements?
A. Amazon CloudWatch B. Amazon Inspector C. AWS CloudTrail D. AWS IAM
Answer: C
Explanation: AWS CloudTrail is the service that can be used to meet these requirements.
AWS CloudTrail is a service that records AWS API calls for your account and delivers log
files to you. The recorded information includes the identity of the API caller, the time of the
API call, the source IP address of the API caller, the request parameters, and the response
elements returned by the AWS service1. You can use CloudTrail to track the activity in your
AWS accounts, such as who made an API call, when it was made, and what resources
were affected. You can also use CloudTrail to monitor the compliance, security, and
governance of your AWS environment2. The other services are not designed to track the
activity and API calls in your AWS accounts. Amazon CloudWatch is a service that
monitors and collects metrics, logs, and events from your AWS resources and applications. You can use CloudWatch to set alarms, visualize data, and automate actions
based on predefined thresholds or rules3. Amazon Inspector is a service that helps you
improve the security and compliance of your applications running on AWS. Inspector
automatically assesses applications for exposure, vulnerabilities, and deviations from best
practices4. AWS IAM is a service that enables you to manage access to AWS services and
resources securely. IAM allows you to create and manage AWS users and groups, and use
permissions to allow and deny their access to AWS resources. References: AWS
Which AWS service enables companies to deploy an application dose to end users?
A. Amazon CloudFront B. AWS Auto Scaling C. AWS AppSync D. Amazon Route S3
Answer: A
Explanation:
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers
data, videos, applications, and APIs to customers globally with low latency, high transfer
speeds, all within a developer-friendly environment. CloudFront enables companies to
deploy an application close to end users by caching the application’s content at edge
locations that are geographically closer to the users. This reduces the network latency and
improves the user experience. CloudFront also integrates with other AWS services, such
as Amazon S3, Amazon EC2, AWS Lambda, AWS Shield, and AWS WAF, to provide a
secure and scalable solution for delivering applications12. References:
What Is Amazon CloudFront? - Amazon CloudFront Amazon CloudFront Features - Amazon CloudFront
Question # 13
A company needs to perform data processing once a week that typically takes about 5hours to complete. Which AWS service should the company use for this workload?
A. AWS Lambda B. Amazon EC2 C. AWS CodeDeploy D. AWS Wavelength
Answer: B
Explanation: Amazon EC2 is the most suitable AWS service for this workload. Amazon
EC2 provides secure, resizable compute capacity in the cloud. You can launch virtual
servers, called instances, and configure them according to your needs. You can choose
from different instance types, sizes, and families, and pay only for the resources you
use. Amazon EC2 also offers features such as auto scaling, load balancing, security
groups, and placement groups to optimize your performance, availability, and
security1. Amazon EC2 is ideal for workloads that require consistent and reliable compute
power, such as data processing, web hosting, gaming, and high-performance computing2.
The other services are not suitable for this workload. AWS Lambda is a serverless compute
service that lets you run code without provisioning or managing servers. You pay only for
the compute time you consume. Lambda is best for short-lived, stateless, and event-driven
workloads that can be completed in under 15 minutes3. AWS CodeDeploy is a deployment
service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services. CodeDeploy is not a
compute service, but a tool to help you update your applications with minimal downtime4.
AWS Wavelength is a service that delivers ultra-low latency applications for 5G devices.
Wavelength embeds AWS compute and storage services at the edge of
telecommunications providers’ 5G networks. Wavelength is designed for mobile edge
computing, such as interactive gaming, video streaming, and augmented
Which AWS service or tool gives users the ability to connect with AWS and deployresources programmatically?
A. Amazon quickSight B. AWS PrivateLink C. AWS Direct Connect D. AWS SDKs
Answer: D
Explanation: AWS SDKs are a set of tools that allow users to connect with AWS and
deploy resources programmatically. AWS SDKs provide libraries, code samples,
documentation, and other resources to help users write code that interacts with AWS APIs.
AWS SDKs support various programming languages, such as Java, Python, Ruby, .NET,
Node.js, Go, and more. AWS SDKs make it easier for users to access AWS services, such
as Amazon S3, Amazon EC2, Amazon DynamoDB, AWS Lambda, and more, from their
applications. AWS SDKs also handle tasks such as authentication, error handling, retries,
and data serialization, so users can focus on their application logic .
The other options are not AWS services or tools that give users the ability to connect with
AWS and deploy resources programmatically. Amazon QuickSight is a business
intelligence service that lets users create and share interactive dashboards and
visualizations1. AWS PrivateLink is a service that enables users to securely access
services hosted on AWS in a scalable and cost-effective manner2. AWS Direct Connect is
a service that establishes a dedicated network connection between a user’s premises and
AWS3.
Question # 15
Which AWS Cloud service can send alerts to customers if custom spending thresholds areexceeded?
A. AWS Budgets B. AWS Cost Explorer C. AWS Cost Allocation Tags D. AWS Organizations
Answer: A
Explanation: AWS Budgets is a service that allows you to set custom budgets for your
AWS costs and usage, and receive alerts via email or Amazon SNS notifications if you
exceed or are forecasted to exceed your budgeted amount1. You can create budgets
based on different dimensions, such as service, linked account, tag, or purchase option,
and define various types of alerts, such as actual, forecasted, or RI utilization alerts2. You
can also configure custom actions to automatically execute remediation tasks or workflows
when a budget threshold is breached3. AWS Budgets is the only service among the
options that can send alerts to customers if custom spending thresholds are exceeded. The
other options are not AWS services that provide this functionality.
Question # 16
Which AWS feature provides a no-cost platform for AWS users to join community groups,ask questions, find answers, and read community-generated articles about best practices?
A. AWS Knowledge Center B. AWS re:Post C. AWS 10 D. AWS Enterprise Support
Answer: B
Explanation: AWS re:Post is a no-cost platform for AWS users to join community groups,
ask questions, find answers, and read community-generated articles about best practices.
AWS re:Post is a social media platform that connects AWS users with each other and with
AWS experts. Users can create posts, comment on posts, follow topics, and join groups
related to AWS services, solutions, and use cases. AWS re:Post also features live event
feeds, community stories, and AWS Hero profiles. AWS re:Post is a great way to learn from
the AWS community, share your knowledge, and get inspired. References:
AWS re:Post
Join the Conversation
Question # 17
Which AWS service provides command line access to AWS tools and resources directly(torn a web browser?
A. AWS CIoudHSM B. AWS CloudShell C. Amazon Workspaces D. AWS Cloud Map
Answer: B
Explanation: AWS CloudShell is the service that provides command line access to AWS
tools and resources directly from a web browser. AWS CloudShell is a browser-based shell
that makes it easy to securely manage, explore, and interact with your AWS resources. It
comes pre-authenticated with your console credentials and common development and
administration tools are pre-installed, so no local installation or configuration is required.
You can open AWS CloudShell from the AWS Management Console with a single click and
start running commands and scripts using the AWS Command Line Interface (AWS CLI),
Git, or SDKs. AWS CloudShell also provides persistent home directories with 1 GB of
storage per AWS Region12. The other services do not provide command line access to
AWS tools and resources directly from a web browser. AWS CloudHSM is a service that
helps you meet corporate, contractual and regulatory compliance requirements for data
security by using dedicated Hardware Security Module (HSM) appliances within the AWS
Cloud3. Amazon WorkSpaces is a service that provides a fully managed, secure Desktopas-
a-Service (DaaS) solution that runs on AWS4. AWS Cloud Map is a service that makes
it easy for your applications to discover and connect to each other using logical names and
attributes5. References: AWS CloudShell, AWS CloudShell – Command-Line Access to
Which AWS service can run a managed PostgreSQL database that provides onlinetransaction processing (OLTP)?
A. Amazon DynamoDB B. Amazon Athena C. Amazon RDS D. Amazon EMR
Answer: C
Explanation: Amazon RDS is a fully managed relational database service that supports several database engines, including PostgreSQL. Amazon RDS can run a managed
PostgreSQL database that provides online transaction processing (OLTP), which is a type
of database workload that handles frequent read and write operations on small amounts of
data. Amazon RDS for PostgreSQL offers high performance, availability, scalability,
security, and compatibility with the PostgreSQL community edition. Amazon RDS also
provides automated backups, point-in-time recovery, encryption, monitoring, and
maintenance for PostgreSQL databases. References:
Hosted PostgreSQL - Amazon RDS for PostgreSQL
OLTP Database, MySQL And PostgreSQL Managed Database - Amazon Aurora
PostgreSQL options on AWS: Self- managed, managed, and serverless
Question # 19
Which responsibility belongs to AWS when a company hosts its databases on AmazonEC2 instances?
A. Database backups B. Database software patches C. Operating system patches D. Operating system installations
Answer: C
Explanation: When a company hosts its databases on Amazon EC2 instances, AWS and
the customer share the responsibility for the security and management of the database
environment. According to the AWS shared responsibility model, AWS is responsible for
the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS is responsible for protecting the infrastructure that runs the EC2
instances, such as the hardware, software, networking, and facilities. The customer is
responsible for properly configuring the security of the provided service, such as the guest
operating system, the database software, the data, and the network traffic12.
One of the tasks that belongs to AWS when a company hosts its databases on Amazon
EC2 instances is operating system patches. AWS provides regular updates and patches to
the operating system of the EC2 instances, which are applied automatically by default. The
customer can also choose to manually apply the patches or schedule them for a specific
time window3. Operating system patches are important for maintaining the security and
performance of the EC2 instances and the databases running on them.
The other tasks that belong to AWS when a company hosts its databases on Amazon EC2
instances are:
Operating system installations: AWS provides a variety of operating system
options for the EC2 instances, such as Linux, Windows, and Amazon Linux. The
customer can choose the operating system that best suits their database needs
and AWS will install it on the EC2 instances4.
Server maintenance: AWS performs regular maintenance and repairs on the
physical servers that host the EC2 instances, ensuring that they are in optimal condition and have adequate power, cooling, and network connectivity5.
Hardware lifecycle: AWS manages the lifecycle of the hardware that supports the
EC2 instances, such as replacing faulty components, upgrading equipment, and
decommissioning old servers.
The tasks that do not belong to AWS when a company hosts its databases on Amazon
EC2 instances are:
Database backups: The customer is responsible for backing up their data and
databases on the EC2 instances, using tools such as Amazon S3, Amazon EBS
snapshots, or AWS Backup. Database backups are essential for data protection
and recovery in case of failures or disasters.
Database software patches: The customer is responsible for applying patches and
updates to the database software on the EC2 instances, such as MySQL,
PostgreSQL, Oracle, or SQL Server. Database software patches are important for
fixing bugs, improving features, and addressing security vulnerabilities.
Database software install: The customer is responsible for installing the database
software on the EC2 instances, choosing the version and configuration that meets
their requirements. AWS provides some preconfigured AMIs (Amazon Machine
Images) that include common database software, or the customer can use their
own custom AMIs.
References:
Shared Responsibility Model - Amazon Web Services (AWS)
Shared responsibility model - Amazon Web Services: Risk and Compliance
Patching Amazon EC2 instances - AWS Systems Manager
Amazon EC2 FAQs - Amazon Web Services
Maintenance and Retirements - Amazon Elastic Compute Cloud
[Hardware Lifecycle - Amazon Web Services (AWS)]
[Backing Up Your Data - Amazon Web Services (AWS)]
[Database Patching - Amazon Web Services (AWS)]
[Installing Database Software on Amazon EC2 Instances - Amazon Web Services
(AWS)]
Question # 20
A developer needs to maintain a development environment infrastructure and a productionenvironment infrastructure in a repeatable fashion Which AWS service should thedeveloper use to meet these requirements?
A. AWS Ground Station B. AWS Shield C. AWS loT Device Defender D. AWS CloudFormation
Answer: D
Explanation: AWS CloudFormation is a service that allows developers to model and
provision their AWS infrastructure in a repeatable and declarative way, using code and
templates. AWS CloudFormation enables developers to define the resources they need for
their development and production environments, such as compute, storage, network, and
application services, and automate their creation and configuration. AWS CloudFormation
also provides features such as change sets, nested stacks, and rollback triggers to help
developers manage and update their infrastructure safely and efficiently12. References: AWS CloudFormation
What is AWS CloudFormation?
Question # 21
Which Amazon EC2 pricing model is the MOST cost efficient for an uninterruptibleworkload that runs once a year for 24 hours?
A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Dedicated Instances
Answer: A
Explanation:
On-Demand Instances are the most cost-efficient pricing model for an uninterruptible
workload that runs once a year for 24 hours. On-Demand Instances let you pay for
compute capacity by the hour or second, depending on which instances you run. No longterm
commitments or up-front payments are required. You can increase or decrease your
compute capacity to meet the demands of your application and only pay the specified
hourly rates for the instance you use1. This model is suitable for developing/testing
applications with short-term or unpredictable workloads2. The other pricing models are not
cost-efficient for this use case. Reserved Instances and Savings Plans require a
commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3
years. They provide significant discounts compared to On-Demand Instances, but they are
not flexible or scalable for workloads that run only once a year12. Spot Instances are the
cheapest option, but they are not suitable for uninterruptible workloads, as they can be
reclaimed by AWS at any time. They are recommended for applications that have flexible
start and end times, or that are only feasible at very low compute prices12. Dedicated
Instances are designed for compliance and licensing requirements, not for cost
optimization. They are more expensive than the other options, as they run on single-tenant
A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to6 months on AWS. Which pricing model will meet these requirements?
A. Use Savings Plans for a 3-year term. B. Use Dedicated Hosts. C. Buy Reserved Instances. D. Use On-Demand Instances.
Answer: D
Explanation:
On-Demand Instances are the most flexible and cost-effective pricing model for short-term,
experimental, or unpredictable workloads on AWS. On-Demand Instances let you pay only
for the resources you use, without any long-term commitments or upfront fees. You can
easily start and stop instances as needed, and scale up or down depending on your
demand.
Savings Plans, Reserved Instances, and Dedicated Hosts are all pricing models that
require a commitment for a certain amount of usage or capacity for a one- or three-year
term. These pricing models offer lower prices than On-Demand Instances, but they are not
suitable for workloads that only run for 3 to 6 months or have variable usage patterns.
Savings Plans and Reserved Instances also offer flexibility to change instance types, sizes,
or regions within the same family or pool, while Dedicated Hosts are physical servers that
can only run specific instance types.
Question # 23
A user wants to allow applications running on an Amazon EC2 instance to make calls toother AWS services. The access granted must be secure. Which AWS service or featureshould be used?
A. Security groups B. AWS Firewall Manager C. IAM roles D. IAM user SSH keys
Answer: C
Explanation: IAM roles are a secure way to grant permissions to applications running on
an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that
have specific permissions policies attached to them. You can create an IAM role and
associate it with an EC2 instance when you launch it or later. The applications on the
instance can then use the temporary credentials provided by the role to access AWS
resources that the role allows. This way, you do not have to store any long-term credentials
or access keys on the instance, which reduces the risk of compromise or misuse12.
The other options are not correct, because:
Security groups are virtual firewalls that control the inbound and outbound traffic
for your EC2 instances. Security groups do not grant permissions to access other
AWS services, but rather filter the network traffic based on rules that you define3.
AWS Firewall Manager is a service that helps you centrally configure and manage
firewall rules across your accounts and resources. AWS Firewall Manager works
with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups. AWS
Firewall Manager does not grant permissions to access other AWS services, but
rather helps you enforce consistent security policies across your AWS
infrastructure4.
IAM user SSH keys are credentials that allow you to connect to your EC2 instance
using SSH. SSH keys do not grant permissions to access other AWS services, but
rather authenticate your identity when you log in to your instance5.
References:
Using an IAM role to grant permissions to applications running on Amazon EC2
instances - AWS Identity and Access Management
IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud
Security groups for your VPC - Amazon Virtual Private Cloud
What is AWS Firewall Manager? - AWS Firewall Manager
Connecting to your Linux instance using SSH - Amazon Elastic Compute Cloud
Question # 24
Which AWS service or feature will search for and identify AWS resources that are sharedexternally?
A. Amazon OpenSearch Service B. AWS Control Tower C. AWS IAM Access Analyzer D. AWS Fargate
Answer: C
Explanation: AWS IAM Access Analyzer is an AWS service that helps customers identify
and review the resources in their AWS account that are shared with an external entity, such
as another AWS account, a root user, an organization, or a public entity. AWS IAM Access
Analyzer uses automated reasoning, a form of mathematical logic and inference, to
analyze the resource-based policies in the account and generate comprehensive findings
that show the access level, the source of the access, the affected resource, and the
condition under which the access applies. Customers can use AWS IAM Access Analyzer
to audit their shared resources, validate their access policies, and monitor any changes to
the resource sharing status. References: AWS IAM Access Analyzer, Identify and review
resources shared with external entities, How AWS IAM Access Analyzer works
Question # 25
Which AWS service or feature improves network performance by sending traffic throughthe AWS worldwide network infrastructure?
A. Route table B. AWS Transit Gateway C. AWS Global Accelerator D. Amazon VPC
Answer: C
Explanation: AWS Global Accelerator is a service that improves network performance by sending traffic
through the AWS worldwide network infrastructure. It uses the AWS global network to
direct TCP or UDP traffic to a healthy application endpoint in the closest AWS Region to
the client. This provides improvements in terms of latency, throughput, and jitter. Global
Accelerator also introduces features such as TCP termination at the edge, jumbo frame
support, and large receive side window and TCP buffers to optimize data transfer12. Route
table, AWS Transit Gateway, and Amazon VPC are not services or features that improve
network performance by sending traffic through the AWS worldwide network
infrastructure. Route table is a resource that defines how traffic is routed within a
VPC3. AWS Transit Gateway is a service that enables you to connect your VPCs and onpremises
networks to a single gateway4. Amazon VPC is a service that lets you provision a
logically isolated section of the AWS Cloud where you can launch AWS resources in a
virtual network that you define5. References: Achieve up to 60% better performance for
internet traffic with AWS Global Accelerator, Improving Performance on AWS and Hybrid
A company wants to establish a schedule for rotating database user credentials.Which AWS service will support this requirement with the LEAST amount of operationaloverhead?
A. AWS Systems Manager B. AWS Secrets Manager C. AWS License Manager D. AWS Managed Services
Answer: B
Explanation: AWS Secrets Manager is a service that helps you protect access to your
applications, services, and IT resources. This service enables you to easily rotate, manage,
and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the
need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation
with built-in integration for Amazon RDS, Amazon Redshift, Amazon DocumentDB, and
other AWS services1. You can also extend Secrets Manager to rotate other types of
secrets, such as credentials for Oracle, SQL Server, or MongoDB databases, by using
custom AWS Lambda functions2. Secrets Manager enables you to control access to
secrets using fine-grained permissions and audit secret rotation centrally for resources in
the AWS Cloud, third-party services, and on-premises3. Therefore, AWS Secrets Manager
supports the requirement of rotating database user credentials with the least amount of
operational overhead, compared to the other options. References:
What Is AWS Secrets Manager? - AWS Secrets Manager
Rotating Your AWS Secrets Manager Secrets - AWS Secrets Manager
AWS Secrets Manager Features - AWS Secrets Manager
Question # 27
A company wants to provide managed Windows virtual desktops and applications to itsremote employees over secure network connections. Which AWS services can thecompany use to meet these requirements? (Select TWO.)
A. Amazon Connect B. Amazon AppStream 2.0 C. Amazon Workspaces D. AWS Site-to-Site VPN E. Amazon Elastic Container Service (Amazon ECS)
Answer: B,C
Explanation: Amazon AppStream 2.0 and Amazon WorkSpaces are AWS services that
can be used to provide managed Windows virtual desktops and applications to remote
employees over secure network connections. Amazon AppStream 2.0 is a fully managed
application streaming service that allows users to access Windows desktop applications
from any device, without installing or managing any software. Amazon AppStream 2.0
delivers applications over an encrypted connection and isolates them from the underlying
infrastructure, ensuring security and compliance1. Amazon WorkSpaces is a fully managed
desktop virtualization service that allows users to access Windows or Linux desktops from
any device, with a consistent user experience. Amazon WorkSpaces provides persistent,
cloud-based virtual desktops that can be customized and scaled according to the user’s
needs. Amazon WorkSpaces also offers encryption, backup, and monitoring features to
ensure security and reliability2. References:
Amazon AppStream 2.0
Amazon WorkSpaces
Question # 28
Which option is a customer responsibility when using Amazon DynamoDB under the AWSShared Responsibility Model?
A. Physical security of DynamoDB B. Patching of DynamoDB C. Access to DynamoDB tables D. Encryption of data at rest in DynamoDB
Answer: C
Explanation: According to the AWS Shared Responsibility Model, AWS is responsible for
the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS is responsible for protecting the infrastructure that runs AWS
services, such as DynamoDB, while the customer is responsible for properly configuring
the security of the provided service. For abstracted services, such as DynamoDB, the
customer is primarily responsible for managing their data, classifying their assets, and
using IAM tools to apply the appropriate permissions12. Therefore, the customer is
responsible for controlling the access to DynamoDB tables, such as by creating IAM
policies, roles, and users, and using encryption and authentication
mechanisms3. References:
Shared Responsibility Model - Amazon Web Services (AWS)
Security and compliance in Amazon DynamoDB - Amazon DynamoDB
What is Shared Responsibility Model? - Check Point Software
Question # 29
A social media company wants to protect its web application from common web exploitssuch as SQL injections and cross-site scripting. Which AWS service will meet theserequirements?
A. Amazon Inspector B. AWS WAF C. Amazon GuardDuty D. Amazon CloudWatch
Answer: B
Explanation: AWS WAF is a web application firewall service that helps protect web
applications from common web exploits that could affect availability, compromise security,
or consume excessive resources. AWS WAF gives you control over which traffic to allow or
block to your web applications by defining customizable web security rules. You can use
AWS WAF to create rules that block common attack patterns, such as SQL injection or
cross-site scripting, and rules that filter out specific traffic patterns you define1. AWS WAF
also integrates with other AWS services, such as Amazon CloudFront, Amazon API
Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense
against web attacks2. Therefore, AWS WAF meets the requirements of the social media
company, compared to the other options.
The other options are not suitable for the social media company’s requirements, because:
Amazon Inspector is an automated security assessment service that helps
improve the security and compliance of applications deployed on AWS. Amazon
Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. However, Amazon Inspector does not provide a
web application firewall service that can block malicious web requests3.
Amazon GuardDuty is a threat detection service that continuously monitors for
malicious activity and unauthorized behavior to protect your AWS accounts,
workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and
processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs,
and DNS logs. However, Amazon GuardDuty does not provide a web application
firewall service that can block malicious web requests4.
Amazon CloudWatch is a monitoring and observability service that provides data
and actionable insights to monitor your applications, respond to system-wide
performance changes, optimize resource utilization, and get a unified view of
operational health. Amazon CloudWatch collects monitoring and operational data
in the form of logs, metrics, and events, and visualizes it using automated
dashboards, alarms, and notifications. However, Amazon CloudWatch does not
provide a web application firewall service that can block malicious web requests.
References:
What Is AWS WAF? - AWS WAF, AWS Firewall Manager, and AWS Shield
Advanced
AWS WAF Features - AWS WAF, AWS Firewall Manager, and AWS Shield
Advanced
What Is Amazon Inspector? - Amazon Inspector
What Is Amazon GuardDuty? - Amazon GuardDuty
[What Is Amazon CloudWatch? - Amazon CloudWatch]
Question # 30
Which AWS service or feature allows users to create new AWS accounts, group multipleaccounts to organize workflows, and apply policies to groups of accounts?
A. AWS Identity and Access Management (1AM) B. AWS Trusted Advisor C. AWS CloudFormation D. AWS Organizations
Answer: D
Explanation: AWS Organizations is the AWS service or feature that allows users to create
new AWS accounts, group multiple accounts to organize workflows, and apply policies to
groups of accounts. AWS Organizations enables users to centrally manage and govern
their AWS environment across multiple accounts. Users can create organizational units
(OUs) to group accounts based on their business needs, such as by function, project, or
region. Users can also apply service control policies (SCPs) to OUs or individual accounts
to define the permissions and restrictions for the AWS services and resources that they can
access. AWS Organizations also offers features such as consolidated billing, account
creation automation, and trusted access12. References:
AWS Organizations
What is AWS Organizations?
Question # 31
Which option is a benefit of the economies of scale based on the advantages of cloudcomputing?
A. The ability to trade variable expense for fixed expense B. Increased speed and agility C. Lower variable costs over fixed costs D. Increased operational costs across data centers
Answer: B
Explanation: Economies of scale are the cost advantages that result from increasing the
scale of production or operation. In cloud computing, economies of scale are achieved by
pooling resources and sharing them among multiple users, which reduces the unit cost of
computing and storage. One of the benefits of economies of scale in cloud computing is
increased speed and agility, which means the ability to deploy applications faster and
respond to changing business needs more quickly. Cloud computing allows users to
access computing resources on demand, without having to invest in expensive
infrastructure or wait for lengthy provisioning processes. This enables users to scale up or
down as needed, experiment with new ideas, and deliver value to customers
faster123. References: Economics of Cloud Computing - GeeksforGeeks
What is Cloud Economics? | VMware Glossary
ECONOMIES OF SCALE WITH CLOUD COMPUTING & SERVICES PRACTICE -
IDC-Online
Question # 32
A company wants to migrate its applications to the AWS Cloud. The company plans toidentity and prioritize any business transformation opportunities and evaluate its AWSCloud readiness. Which AWS service or tool should the company use to meet theserequirements?
A. AWS Cloud Adoption Framework (AWS CAF) B. AWS Managed Services (AMS) C. AWS Well-Architected Framework D. AWS Migration Hub
Answer: A
Explanation: AWS Cloud Adoption Framework (AWS CAF) is a set of best practices, tools,
and guidance that helps organizations get started with cloud technologies. AWS CAF helps
organizations identify and prioritize transformation opportunities, evaluate and improve their
cloud readiness, and iteratively evolve their transformation roadmap. AWS CAF groups its
capabilities in six perspectives: Business, People, Governance, Platform, Security, and
Operations. Each perspective comprises a set of capabilities that functionally related
stakeholders own or manage in the cloud transformation journey1
AWS Managed Services (AMS) is a service that operates AWS infrastructure on behalf of
customers, providing a secure AWS Landing Zone, features that help meet various
compliance program requirements, a proven enterprise operating model, on-going cost
optimization, and day-to-day infrastructure management. AMS does not help customers
identify and prioritize business transformation opportunities or evaluate their cloud
readiness2
AWS Well-Architected Framework is a set of six pillars and lenses that help cloud
architects design and run workloads in the cloud. It provides a consistent approach for
customers and AWS Partners to evaluate and implement designs that scale with their
needs. AWS Well-Architected Framework helps customers understand the pros and cons
of decisions they make while building systems on AWS, but it does not help them identify
and prioritize business transformation opportunities3
AWS Migration Hub is a tool that lets customers discover, plan, and track their existing
servers and applications for migration to AWS. It offers journey templates, cross-team
collaboration, application and server discovery, strategy recommendations, orchestration
and simple dashboard. AWS Migration Hub simplifies the migration and modernization
process, but it does not help customers identify and prioritize business transformation
A company has deployed applications on Amazon EC2 instances. The company needs toassess application vulnerabilities and must identify infrastructure deployments that do notmeet best practices. Which AWS service can the company use to meet theserequirements?
A. AWS Trusted Advisor B. Amazon Inspector C. AWSConfig D. Amazon GuardDuty
Answer: B
Explanation: Amazon Inspector is a service that provides automated security assessment
and management for AWS resources, such as Amazon EC2 instances. Amazon Inspector
can scan applications for common vulnerabilities, such as SQL injection, cross-site
scripting, and remote code execution. Amazon Inspector can also check the configuration
of AWS resources against security best practices, such as the CIS Benchmarks and the
AWS Security Best Practices. Amazon Inspector can help customers identify and
remediate security issues, comply with security standards, and improve the security
posture of their AWS environment12. References:
Amazon Inspector
Improved, Automated Vulnerability Management for Cloud Workloads with a New
Amazon Inspector | AWS News Blog
Question # 34
Which AWS service or feature can be used to create a private connection between an onpremisesworkload and an AWS Cloud workload?
A. Amazon Route 53 B. Amazon Macie C. AWS Direct Connect D. AWS PrivaleLink
Answer: C
Explanation: AWS Direct Connect is a service that establishes a dedicated network
connection between your on-premises network and one or more AWS Regions. AWS
Direct Connect can be used to create a private connection between an on-premises
workload and an AWS Cloud workload, bypassing the public internet and reducing network
costs, latency, and bandwidth issues. AWS Direct Connect can also provide increased
security and reliability for your hybrid cloud applications and data transfers. References:
AWS Direct Connect
What is AWS Direct Connect?
AWS Direct Connect User Guide
Question # 35
Which AWS service is used to provide encryption for Amazon EBS?
A. AWS Certificate Manager B. AWS Systems Manager C. AWS KMS D. AWS Config
Answer: C
Explanation: AWS KMS is the service that is used to provide encryption for Amazon EBS.
AWS KMS is a managed service that enables you to easily create and control the
encryption keys used to encrypt your data. Amazon EBS uses AWS KMS to encrypt and
decrypt your EBS volumes and snapshots. You can choose to use either the default AWS
managed CMK or your own customer managed CMK for encryption. AWS KMS also
provides features such as key rotation, audit logging, and access control policies to help
you manage your encryption keys and protect your data12. The other services are not used
to provide encryption for Amazon EBS. AWS Certificate Manager is a service that lets you
provision, manage, and deploy public and private SSL/TLS certificates for use with AWS
services and your internal connected resources3. AWS Systems Manager is a service that
provides a unified user interface to view and manage your AWS resources, automate
common operational tasks, and apply compliance policies4. AWS Config is a service that
enables you to assess, audit, and evaluate the configurations of your AWS
A company has a compute workload that is steady, predictable, and uninterruptible.Which Amazon EC2 instance purchasing options meet these requirements MOST costeffectively?(Select TWO.)
A. On-Demand Instances B. Reserved Instances C. Spot Instances D. Saving Plans E. Dedicated Hosts
Answer: B,D
Explanation:
Reserved Instances and Savings Plans are the most cost-effective purchasing options for a
compute workload that is steady, predictable, and uninterruptible. Reserved Instances
provide a significant discount compared to On-Demand Instances, and Savings Plans offer
flexible and consistent savings on EC2 usage. Both options require a commitment to a
consistent amount of usage, in USD per hour, for a term of 1 or 3 years. On-Demand
Instances are suitable for short-term, irregular, or unpredictable workloads, but they are
more expensive than Reserved Instances or Savings Plans. Spot Instances are the
cheapest option, but they are not suitable for uninterruptible workloads, as they can be
reclaimed by AWS at any time. Dedicated Hosts and Dedicated Instances are designed for
compliance and licensing requirements, not for cost optimization. They are more expensive
than the other options, as they run on single-tenant hardware. References: Instance
Which tool should a developer use lo integrate AWS service features directly into anapplication?
A. AWS Software Development Kit B. AWS CodeDeploy C. AWS Lambda D. AWS Batch
Answer: A
Explanation:
AWS Software Development Kit (SDK) is a set of platform-specific tools for developers that
let them integrate AWS service features directly into their applications. AWS SDKs provide
libraries, code samples, documentation, and other resources to help developers write code
that interacts with AWS APIs. AWS SDKs support various programming languages, such
as Java, Python, Ruby, .NET, Node.js, Go, and more. AWS SDKs make it easier for
developers to access AWS services, such as Amazon S3, Amazon EC2, Amazon
DynamoDB, AWS Lambda, and more, from their applications. AWS SDKs also handle
tasks such as authentication, error handling, retries, and data serialization, so developers
can focus on their application logic.
Question # 38
Which AWS service or tool can be used to set up a firewall to control traffic going into andcoming out of an Amazon VPC subnet?
A. Security group B. AWS WAF C. AWS Firewall Manager D. Network ACL
Answer: D
Explanation: A network ACL (NACL) is an optional layer of security for your VPC that acts
as a firewall for controlling traffic in and out of one or more subnets. You can create a
network ACL and associate it with a subnet to apply rules that allow or deny traffic to or
from the subnet. Network ACLs are stateless, meaning that they evaluate the source and
destination IP addresses for both inbound and outbound traffic. You can also use network ACLs to block IP address ranges that are known to be malicious12.
The other options are not AWS services or tools that can be used to set up a firewall to
control traffic going into and coming out of an Amazon VPC subnet. Security groups are
another layer of security for your VPC that act as a firewall for your EC2 instances. Security
groups are stateful, meaning that they automatically allow return traffic for allowed inbound
traffic. Security groups can only filter traffic based on protocols, ports, and source or
destination IP addresses, not on IP ranges3. AWS WAF is a web application firewall that
helps protect your web applications from common web exploits. AWS WAF can filter web
requests based on rules that you define, such as IP addresses, HTTP headers, HTTP
body, or URI strings. AWS WAF does not apply to non-web traffic or to traffic within a
VPC4. AWS Firewall Manager is a service that helps you centrally configure and manage
firewall rules across your accounts and resources in AWS Organizations. You can use
Firewall Manager to apply AWS WAF rules, AWS Network Firewall policies, and Amazon
VPC security groups across your AWS accounts. AWS Firewall Manager does not provide
a firewall service itself, but rather helps you manage other firewall services
Question # 39
Which of the following is a managed AWS service that is used specifically for extract,transform, and load (ETL) data?
A. Amazon Athena B. AWS Glue C. Amazon S3 D. AWS Snowball Edge
Answer: B
Explanation: AWS Glue is a serverless data integration service that makes it easy to
discover, prepare, move, and integrate data from multiple sources for analytics, machine
learning, and application development. You can use various data integration engines, such
as ETL, ELT, batch, and streaming, and manage your data in a centralized data
catalog. AWS Glue is designed specifically for extract, transform, and load (ETL) data, whereas the other options are not.
Question # 40
A company has a set of ecommerce applications. The applications need to be able to sendmessages to each other. Which AWS service meets this requirement?
A. AWS Auto Scaling B. Elastic Load Balancing C. Amazon Simple Queue Service (Amazon SOS) D. Amazon Kinesis Data Streams
Answer: C
Explanation: Amazon Simple Queue Service (Amazon SQS) is a fully managed message
queuing service that lets you send, store, and receive messages between software
components at any volume, without losing messages or requiring other services to be
available1. Amazon SQS is designed to provide a simple and reliable way for customers to
decouple and connect components (microservices) together using queues2. Queues are
an important mechanism for providing fault tolerance and scalability in distributed systems,
and help decouple different parts of your application3. The other options are not AWS
services that are used specifically for sending messages between applications
Question # 41
Which pricing model will interrupt a running Amazon EC2 instance if capacity becomestemporarily unavailable?
A. On-Demand Instances B. Standard Reserved Instances C. Spot Instances D. Convertible Reserved Instances
Answer: C
Explanation: Spot Instances are a type of EC2 instance that let you bid on unused compute capacity, which AWS offers at a discount of up to 90% compared to On-Demand
prices1. Spot Instances are suitable for fault-tolerant, stateless, or flexible applications that
can handle interruptions2. Spot Instances can be interrupted with a two-minute warning
when EC2 needs the capacity back3. The other options are not pricing models that will
interrupt a running EC2 instance if capacity becomes temporarily unavailable
Question # 42
Which tasks are the customer's responsibility, according to the AWS shared responsibilitymodel? (Select TWO.)
A. Establish the global infrastructure. B. Perform client-side data encryption. C. Configure 1AM credentials. D. Secure edge locations. E. Patch Amazon RDS DB instances.
Answer: B,C
Explanation: According to the AWS shared responsibility model, AWS is responsible for
the security of the cloud, while the customer is responsible for the security in the cloud.
This means that AWS is responsible for protecting the infrastructure that runs all of the
services offered in the AWS Cloud, such as the global network, the hardware, the software,
and the facilities. The customer is responsible for properly configuring the security of the
provided service, such as the guest operating system, the application software, the data,
and the network traffic. For abstracted services, such as Amazon RDS, AWS operates the
infrastructure layer, the operating system, and the database software, while the customer is
responsible for managing their data, classifying their assets, and using IAM tools to apply
the appropriate permissions12.
Therefore, the tasks that are the customer’s responsibility are:
Perform client-side data encryption: The customer is responsible for encrypting
their data before sending it to AWS, and decrypting it after receiving it from AWS. This ensures that the data is protected in transit and at rest. AWS provides various
encryption options, such as AWS Key Management Service (AWS KMS), AWS
CloudHSM, and AWS Certificate Manager (ACM)3.
Configure IAM credentials: The customer is responsible for creating and managing
IAM users, groups, roles, and policies that control the access to AWS resources
and services. IAM credentials include user names, passwords, access keys, and
permissions4.
The tasks that are not the customer’s responsibility are:
Establish the global infrastructure: AWS is responsible for building and maintaining
the global network of regions, availability zones, and edge locations that provide
low latency, high availability, and fault tolerance for the AWS Cloud5.
Secure edge locations: AWS is responsible for protecting the physical security of
the edge locations, which are sites that deliver cached content to end users with
improved performance6.
Patch Amazon RDS DB instances: AWS is responsible for applying patches and
updates to the operating system and the database software of the Amazon RDS
DB instances, which are managed relational database service for MySQL,
PostgreSQL, Oracle, SQL Server, and Amazon Aurora. References:
Shared Responsibility Model - Amazon Web Services (AWS)
Shared responsibility model - Amazon Web Services: Risk and Compliance
Encryption - Amazon Web Services (AWS)
What Is IAM? - AWS Identity and Access Management
Global Infrastructure - Amazon Web Services (AWS)
Amazon CloudFront Features - Content Delivery Network (CDN)
[What Is Amazon Relational Database Service (Amazon RDS)? - Amazon
Relational Database Service]
Question # 43
Which AWS Cloud benefit gives a company the ability to quickly deploy cloud resources toaccess compute, storage, and database infrastructures in a matter of minutes?
A. Elasticity B. Cost savings C. Agility D. Reliability
Answer: C
Explanation: Agility is the AWS Cloud benefit that gives a company the ability to quickly
deploy cloud resources to access compute, storage, and database infrastructures in a
matter of minutes. Agility means that you can reduce the time to make IT resources
available to your developers from weeks to just minutes, resulting in a dramatic increase in
innovation and responsiveness1. AWS provides a range of services and tools that enable
you to launch, scale, and manage your cloud applications with ease and speed, such as
AWS CloudFormation, AWS Elastic Beanstalk, AWS CodeDeploy, and AWS Quick
Starts2345. References:
Six advantages of cloud computing - Overview of Amazon Web Services
[AWS CloudFormation]
[AWS Elastic Beanstalk]
[AWS CodeDeploy]
AWS Quick Starts
Related Exams
Our Clients Say About Amazon CLF-C02 Exam
Nick
I took Amazon CLF-C02 exam material in preparation for my Test Prep CLF-C02 exam. Along with the material, PassExam4Sure had a huge deal to do with my passing of the Amazon CLF-C02 exam. The material helped me to understand the depth of concepts. I proudly say that PassExam4Sure is a key to my passing the exam on the first attempt. Thank you!
Paul
When I was not able to pass the CLF-C02 exam in my first attempt, it puts a lot of burden on me to try to pass the exam in my second attempt. I bought the PassExam4Sure preparatory material and started the revision for my course. Thanks, PassExam4Sure.
Jonson
I believe that PassExam4Sure is the world's best IT solution provider and I trust your words now. You are probably the best on the market I purchased CLF-C02 exam from you 7 yesterday passed with 100% scores. I am super happy.
Dan
PassExam4Sure allows the students to take help in the Amazon exam so that they can pass with flying colors. PassExam4Sure has helped many students and is still helping new upcoming students to produce the best results in the Amazon exam. I assure you that they have been providing the authentic and relevant material that would be handy for the students for the Amazon exam. With PassExam4Sure now you do not have to worry before the exam, just go for it.
Milligan
Hey, PassExam4Sure Thank you and well done for putting together wonderful Amazon CLF-C02 online training, after passing I would just like to say that passing was not a big problem because of 30 days of online training, it covered my course on time and helped me abundantly with revision. It offered me comprehensively designed practice tests that were close to Amazon CLF-C02 real exam. I have recommended your site to 3 friends of mine and I will be recommending it in the future as well.