Amazon CLF-C02 AWS Certified Cloud Practitioner Exam Practice Test

Page: 1 / 14
Total 612 questions
Question 1

A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure. Which AWS service or feature should be used?

Answer : C

IAM roles are a secure way to grant permissions to applications running on an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that have specific permissions policies attached to them. You can create an IAM role and associate it with an EC2 instance when you launch it or later. The applications on the instance can then use the temporary credentials provided by the role to access AWS resources that the role allows.This way, you do not have to store any long-term credentials or access keys on the instance, which reduces the risk of compromise or misuse12.

The other options are not correct, because:

Security groups are virtual firewalls that control the inbound and outbound traffic for your EC2 instances.Security groups do not grant permissions to access other AWS services, but rather filter the network traffic based on rules that you define3.

AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources. AWS Firewall Manager works with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups.AWS Firewall Manager does not grant permissions to access other AWS services, but rather helps you enforce consistent security policies across your AWS infrastructure4.

IAM user SSH keys are credentials that allow you to connect to your EC2 instance using SSH.SSH keys do not grant permissions to access other AWS services, but rather authenticate your identity when you log in to your instance5.

Using an IAM role to grant permissions to applications running on Amazon EC2 instances - AWS Identity and Access Management

IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud

Security groups for your VPC - Amazon Virtual Private Cloud

What is AWS Firewall Manager? - AWS Firewall Manager

Connecting to your Linux instance using SSH - Amazon Elastic Compute Cloud

Question 2

A company is migrating to the AWS Cloud and plans to run experimental workloads for 3 to 6 months on AWS. Which pricing model will meet these requirements?

Answer : D

On-Demand Instances are the most flexible and cost-effective pricing model for short-term, experimental, or unpredictable workloads on AWS. On-Demand Instances let you pay only for the resources you use, without any long-term commitments or upfront fees. You can easily start and stop instances as needed, and scale up or down depending on your demand.

Savings Plans, Reserved Instances, and Dedicated Hosts are all pricing models that require a commitment for a certain amount of usage or capacity for a one- or three-year term. These pricing models offer lower prices than On-Demand Instances, but they are not suitable for workloads that only run for 3 to 6 months or have variable usage patterns. Savings Plans and Reserved Instances also offer flexibility to change instance types, sizes, or regions within the same family or pool, while Dedicated Hosts are physical servers that can only run specific instance types.

Question 3

A systems administrator created a new 1AM user for a developer and assigned the user an access key instead of a user name and password. What is the access key used for?

Answer : C

An access key is a pair of long-term credentials that consists of an access key ID and a secret access key. An access key is used to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).An access key allows a user to access the AWS account through a CLI, which is a tool that enables users to interact with AWS services using commands in a terminal or a script12.

The other options are not correct, because:

To access the AWS account as the AWS account root user, a user needs the email address and password associated with the account. The root user has complete access to all AWS resources and services in the account.However, it is not recommended to use the root user for everyday tasks3.

To access the AWS account through the AWS Management Console, a user needs a user name and password.The console is a web-based interface that allows users to manage their AWS resources and services using a graphical user interface4.

To access all of a company's AWS accounts, a user needs to use AWS Organizations, which is a service that enables users to centrally manage and govern multiple AWS accounts.AWS Organizations allows users to create groups of accounts and apply policies to them5.

Managing access keys for IAM users - AWS Identity and Access Management

What Is the AWS Command Line Interface? - AWS Command Line Interface

AWS account root user - AWS Identity and Access Management

What Is the AWS Management Console? - AWS Management Console

What Is AWS Organizations? - AWS Organizations

Question 4

A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time.

Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?

Question 5
Question 6
Question 7

A company needs to perform data processing once a week that typically takes about 5 hours to complete. Which AWS service should the company use for this workload?

Answer : B

Amazon EC2 is the most suitable AWS service for this workload. Amazon EC2 provides secure, resizable compute capacity in the cloud. You can launch virtual servers, called instances, and configure them according to your needs. You can choose from different instance types, sizes, and families, and pay only for the resources you use.Amazon EC2 also offers features such as auto scaling, load balancing, security groups, and placement groups to optimize your performance, availability, and security1.Amazon EC2 is ideal for workloads that require consistent and reliable compute power, such as data processing, web hosting, gaming, and high-performance computing2. The other services are not suitable for this workload. AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. You pay only for the compute time you consume.Lambda is best for short-lived, stateless, and event-driven workloads that can be completed in under 15 minutes3. AWS CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, serverless Lambda functions, or Amazon ECS services.CodeDeploy is not a compute service, but a tool to help you update your applications with minimal downtime4. AWS Wavelength is a service that delivers ultra-low latency applications for 5G devices. Wavelength embeds AWS compute and storage services at the edge of telecommunications providers' 5G networks. Wavelength is designed for mobile edge computing, such as interactive gaming, video streaming, and augmented reality.Reference:Amazon EC2,Amazon EC2 Use Cases,AWS Lambda,AWS CodeDeploy, [AWS Wavelength]

Page:    1 / 14   
Total 612 questions