Amazon CLF-C02 Exam Practice Test Instant Access

Question 1

A company notices suspicious network activity against an application that is running on a fleet of Amazon EC2 instances. The suspicious activity is coming from a single IP address.

Which AWS service should the company use to block access from this IP address?

AAWS Shield

BAWS Config

CAmazon GuardDuty

DAWS WAF

Answer : D

AWS WAF Overview:

AWS Web Application Firewall (WAF) allows users to create rules to block or allow traffic based on IP addresses, request patterns, and other conditions.

It is ideal for blocking traffic from a specific IP address.

Why AWS WAF Meets the Requirement:

The company can create a WAF rule to block traffic from the malicious IP address.

WAF integrates with services like Amazon CloudFront, Application Load Balancer, and API Gateway.

Why Other Options Are Incorrect:

A . AWS Shield: Protects against DDoS attacks but does not allow custom IP blocking.

B . AWS Config: Monitors resource configurations but does not block IPs.

C . Amazon GuardDuty: Detects threats but does not block traffic directly.

AWS WAF Documentation

Question 2

Which AWS service can a company use to directly query and analyze AWS Cost and Usage Reports?

AAmazon OpenSearch Service

BAmazon Athena

CAmazon Aurora

DAWS Glue

Answer : B

Amazon Athena Overview:

Amazon Athena is a serverless query service that allows users to analyze data in S3 using standard SQL.

It is commonly used to query AWS Cost and Usage Reports stored in S3.

How It Works for Cost Reports:

Cost and Usage Reports are delivered in a structured format to an S3 bucket.

Athena can query these reports without requiring additional ETL processes.

Why Other Options Are Incorrect:

A . Amazon OpenSearch Service: Designed for search and log analytics, not querying structured data.

C . Amazon Aurora: A relational database service, unsuitable for querying S3 data directly.

D . AWS Glue: Used for ETL tasks but not directly for querying.

Analyzing AWS Cost and Usage Reports with Amazon Athena

Question 3

Which option is a shared responsibility between AWS and its customers under the AWS shared responsibility model?

AConfiguration of Amazon EC2 instance operating systems

BApplication file system server-side encryption

CPatch management

DSecurity of the physical infrastructure

Answer : C

AWS Shared Responsibility Model Overview:

AWS manages security of the cloud, including physical infrastructure and foundational services.

Customers are responsible for security in the cloud, which includes operating system configuration, data encryption, and application patch management.

Why Patch Management Is Shared:

AWS is responsible for patching the underlying infrastructure.

Customers are responsible for patching the operating system and applications they install on their resources (e.g., EC2 instances).

Why Other Options Are Incorrect:

A . Configuration of Amazon EC2 instance operating systems: Fully the customer's responsibility.

B . Application file system server-side encryption: Customers configure and manage encryption.

D . Security of the physical infrastructure: Fully AWS's responsibility.

AWS Shared Responsibility Model

Question 4

A company wants to develop applications that run on AWS. The company's developers need a set of libraries and development tools that are available in multiple programming languages.

Which AWS solution provides these libraries and tools?

AAWS CodePipeline

BAWS SDKs

CAmazon CloudWatch

DAWS CodeDeploy

Answer : B

AWS SDKs Overview:

AWS Software Development Kits (SDKs) provide libraries and tools for developers to interact with AWS services programmatically.

SDKs are available for multiple programming languages, including Python, Java, JavaScript, and .NET.

How AWS SDKs Meet the Requirement:

Enable developers to integrate AWS services into their applications easily.

Include API clients, authentication helpers, and other utilities specific to AWS services.

Why Other Options Are Incorrect:

A . AWS CodePipeline: Automates CI/CD pipelines but does not provide libraries for development.

C . Amazon CloudWatch: Focuses on monitoring and logging; not a development toolset.

D . AWS CodeDeploy: Automates application deployment but does not include development libraries.

AWS SDKs Documentation

Question 5

A company is preparing for an audit and wants documentation that AWS complies with the Payment Card Industry Data Security Standard (PCI DSS).

Where can the company find this documentation?

AAWS Artifact

BAWS Organizations

CAWS Trusted Advisor

DAWS Support Center

Answer : A

AWS Artifact Overview:

AWS Artifact is a service that provides on-demand access to AWS compliance documentation and agreements.

It includes reports such as PCI DSS, SOC, and ISO certifications.

How AWS Artifact Meets the Requirement:

The PCI DSS compliance documentation can be downloaded directly from the Artifact console.

Artifact helps customers demonstrate compliance to auditors by providing official certifications and attestations.

Why Other Options Are Incorrect:

B . AWS Organizations: Used for managing accounts, not compliance reports.

C . AWS Trusted Advisor: Offers best practice checks but does not provide compliance documentation.

D . AWS Support Center: Provides customer support and ticket management but not compliance documentation.

AWS Artifact Documentation

Question 6

Which AWS service provides storage-optimized and compute-optimized device configurations?

AAWS Snowcone

BAWS Storage Gateway

CAWS Snowball Edge

DAWS DataSync

Answer : C

AWS Snowball Edge offers configurations that are either storage-optimized or compute-optimized, providing flexibility for different data migration and processing needs. It supports local processing and data transfer to AWS, catering to scenarios that require heavy storage or compute resources. AWS Snowcone and DataSync do not offer these optimizations, and Storage Gateway focuses on hybrid cloud storage.

Question 7

A company purchased Amazon EC2 Standard Reserved Instances (Rls) for a workload in the AWS Cloud. The company needs to move part of the workload to an instance family that does not match the instance family of these Standard RIs.

How can the company take advantage of the Standard RIs that it no longer needs?

AContact the AWS Support team, and ask the team to sell the Standard RIs.

BSell the Standard RIs on the Amazon EC2 Reserved Instance Marketplace.

CSell the Standard RIs as a third-party seller on the AWS Marketplace.

DConvert the Standard RIs to Savings Plans.

Answer : B

The Amazon EC2 Reserved Instance Marketplace allows customers to sell unused Standard Reserved Instances to other AWS users. This enables companies to recoup some of the costs if they no longer need certain RIs. Standard RIs cannot be converted to Savings Plans, and AWS Support does not facilitate the resale of RIs directly.

Amazon CLF-C02 AWS Certified Cloud Practitioner Exam Practice Test