CLF-C02 Amazon-Web-Services Exam Questions and Free Practice Test

Question 7

- (Topic 1)
Which tasks are customer responsibilities according to the AWS shared responsibility model? (Select TWO.)

A. Determine application dependencies with operating systems.

B. Provide user access with AWS Identity and Access Management (IAM).

C. Secure the data center in an Availability Zone.

D. Patch the hypervisor.

E. Provide network availability in Availability Zones.

Correct Answer:B
The correct answer to the question is B because providing user access with AWS Identity and Access Management (IAM) is a customer responsibility according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. IAM is an AWS service that enables customers to manage access and permissions to AWS resources and services. Customers are responsible for creating and managing IAM users, groups, roles, and policies, and ensuring that they follow the principle of least privilege. Reference: AWS Shared Responsibility Model

Question 8

- (Topic 1)
A company is configuring its AWS Cloud environment. The company's administrators need to group users together and apply permissions to the group.
Which AWS service or feature can the company use to meet these requirements?

A. AWS Organizations

B. Resource groups

C. Resource tagging

D. AWS Identity and Access Management (IAM)

Correct Answer:D
The AWS service or feature that the company can use to group users together and apply permissions to the group is AWS Identity and Access Management (IAM). AWS IAM is a service that enables users to create and manage users, groups, roles, and permissions for AWS services and resources. Users can use IAM groups to organize multiple users that have similar access requirements, and attach policies to the groups that define the permissions for the users in the group. This simplifies the management and administration of user access

Question 9

- (Topic 2)
A retail company has recently migrated its website to AWS. The company wants to ensure that it is protected from SQL injection attacks. The website uses an Application Load Balancer to distribute traffic to multiple Amazon EC2 instances.
Which AWS service or feature can be used to create a custom rule that blocks SQL injection attacks?

A. Security groups

B. AWS WAF

C. Network ACLs

D. AWS Shield

Correct Answer:B
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define2. You can use AWS WAF to create a custom rule that blocks SQL injection attacks on your website.

Question 10

- (Topic 3)
A company is running its application in the AWS Cloud. The company wants to periodically review its AWS account for cost optimization opportunities.
Which AWS service or tool can the company use to meet these requirements?

A. AWS Cost Explorer

B. AWS Trusted Advisor

C. AWS Pricing Calculator

D. AWS Budgets

Correct Answer:A
AWS Cost Explorer is an AWS service or tool that the company can use to periodically review its AWS account for cost optimization opportunities. AWS Cost Explorer is a tool that enables the company to visualize, understand, and manage their AWS costs and usage over time. The company can use AWS Cost Explorer to access interactive graphs and tables that show the breakdown of their costs and usage by service, region, account, tag, and more. The company can also use AWS Cost Explorer to forecast their future costs, identify trends and anomalies, and discover potential savings by using Reserved Instances or Savings Plans.

Question 11

- (Topic 1)
A company wants to centrally manage security policies and billing services within a multi- account AWS environment. Which AWS service should the company use to meet these requirements?

A. AWS Identity and Access Management (IAM)

B. AWS Organizations

C. AWS Resource Access Manager (AWS RAM)

D. AWS Config

Correct Answer:B
AWS Organizations is a service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. You can use AWS Organizations to create groups of accounts and apply policies to them. You can also use AWS Organizations to consolidate billing for multiple accounts. Therefore, the correct answer is B. You can learn more about AWS Organizations and its features from this page.

Question 12

- (Topic 2)
Which AWS solution provides the ability for a company to run AWS services in the company's on-premises data center?

A. AWS Direct Connect

B. AWS Outposts

C. AWS Systems Manager hybrid activations

D. AWS Storage Gateway

Correct Answer:B
AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on- premises facility for a truly consistent hybrid experience. AWS Outposts enables you to run AWS services in your on-premises data center1.

START CLF-C02 EXAM