[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (2)

---

안녕하세요 HELLO

 

이번에 AWS Certified Cloud Practitioner CLF-C02를 준비하면서, 문제 은행 Dump 사이트에서 문제 및 해설을 정리했습니다. 한 곳에 정리된 글이 없어서, 공부하기가 어려웠기에, 이를 활용해서 다들 공부에 도움 되었으면 합니다.

 

■ AWS Certified Cloud Practitioner CLF-C02 Dump 정리

 

1. 문제 1~20 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (1)

2. 현재 페이지 (문제 21~40)

3. 문제 41~60 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (3)

4. 문제 61~80 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (4)

5. 문제 81~100 :[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (5)

6. 문제 101~120 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (6)

7. 문제 121~140 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (7)

8. 문제 141~ 160 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (8)

9. 문제 161~180 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (9)

 

반응형

 

#21. A company plans to migrate to AWS and wants to create cost estimates for its AWS use cases.
Which AWS service or tool can the company use to meet these requirements?

 

• A. AWS Pricing Calculator
• B. Amazon CloudWatch
• C. AWS Cost Explorer
• D. AWS Budgets

 

Selected Answer: A

A. AWS Pricing Calculator: A web-based tool that allows users to estimate the cost of using AWS services. It helps in understanding and estimating the costs associated with various AWS resources based on usage patterns, regions, and other parameters. Users can input their specific requirements to get an estimated monthly cost.

B. Amazon CloudWatch: A monitoring and observability service for AWS resources.

C. AWS Cost Explorer: A tool within the AWS Management Console that provides visualization and analysis of AWS costs and usage. It allows users to view, understand, and analyze their historical AWS costs and usage data. While it provides insights into existing costs, it is not primarily a tool for creating initial cost estimates.

D. AWS Budgets: A service that allows users to set custom cost and usage budgets that alert them when they exceed their thresholds. It helps in managing costs by providing notifications based on cost and usage performance against defined budget targets. While it helps in budgeting and monitoring, it may not be the primary tool for creating detailed initial cost estimates.

 

---

#22. Which tool should a developer use to integrate AWS service features directly into an application?

 

• A. AWS Software Development Kit
• B. AWS CodeDeploy
• C. AWS Lambda
• D. AWS Batch

 

Selected Answer: A

A. AWS Software Development Kit (SDK): A set of libraries and tools that allows developers to interact with AWS services directly from their applications. It provides APIs in various programming languages, enabling developers to integrate AWS services seamlessly into their applications. It abstracts the complexity of making direct API calls and provides a convenient way to interact with AWS resources.

B. AWS CodeDeploy: A service that automates code deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions.

C. AWS Lambda: A serverless compute service that lets developers run code without provisioning or managing servers. Developers can use Lambda to execute code in response to events, such as changes to data in an Amazon S3 bucket or an update to a DynamoDB table.

D. AWS Batch: Enables developers to run batch computing workloads on the AWS Cloud. It allows users to define and run batch computing jobs efficiently.

 

---

#23. Which of the following is a recommended design principle of the AWS Well-Architected Framework?

 

• A. Reduce downtime by making infrastructure changes infrequently and in large increments.
• B. Invest the time to configure infrastructure manually.
• C. Learn to improve from operational failures.
• D. Use monolithic application design for centralization.

 

Selected Answer: C

A. Reduce downtime by making infrastructure changes infrequently and in large increments: This statement goes against the best practices recommended by the AWS Well-Architected Framework. It's generally recommended to make frequent and smaller changes to infrastructure to reduce the risk of issues and improve overall system agility.

B. Invest the time to configure infrastructure manually: The AWS Well-Architected Framework encourages the use of automation to configure and manage infrastructure. Manual configuration is prone to errors, less scalable, and harder to maintain compared to automated approaches.

C. Learn to improve from operational failures: This is a key principle of the AWS Well-Architected Framework. It emphasizes the importance of learning from failures and continuously improving the architecture based on operational experiences. This involves implementing mechanisms for monitoring, logging, and analyzing failures to enhance system resilience.

D. Use monolithic application design for centralization: The AWS Well-Architected Framework generally favors a microservices architecture over a monolithic design. Microservices promote modularity, scalability, and flexibility.

 

---

#24. Using AWS Identity and Access Management (IAM) to grant access only to the resources needed to perform a task is a concept known as:

 

• A. restricted access.
• B. as-needed access.
• C. least privilege access.
• D. token access.

 

Selected Answer: C

A. Restricted access: While the term "restricted access" is used in the context of limiting access, it is not a specific concept associated with IAM in AWS. It doesn't convey the principle of granting the minimum necessary permissions for a task.

B. As-needed access: This term is not a standard concept associated with IAM. However, it aligns somewhat with the idea of granting access based on specific needs.

C. Least privilege access: Least privilege access means granting users or entities the minimum level of permissions required to perform their tasks, reducing the risk of unintended or malicious actions.

D. Token access: "Token access" is not a standard term in the context of AWS IAM. Tokens are often associated with authentication and authorization, but the specific concept of least privilege access is better described by option C.

 

---

#25. Which AWS service or tool can be used to set up a firewall to control traffic going into and coming out of an Amazon VPC subnet?

 

• A. Security group
• B. AWS WAF
• C. AWS Firewall Manager
• D. Network ACL

 

Selected Answer: C

A. Security groups are essential to efficiently managing access to resources, but are not classified as a service.

B. Web application firewall is essential to controlling traffic into and out of a network, by setting access rules and monitoring network request, but this is not the best answer.

C. The AWS Firewall Manager helps to configure a firewall and that’s what this question is asking. ”AWS Firewall Manager simplifies your AWS WAF administration and maintenance tasks across multiple accounts and resources. With AWS Firewall Manager, you set up your firewall rules just once.”

D. Access Control Lists are used to grant or limit access to network and system resources, but they are not classified as a service.

Reference: https://AWS Firewall Manager Documentation (amazon.com)

 

---

#26. A company wants to operate a data warehouse to analyze data without managing the data warehouse infrastructure. Which AWS service will meet this requirement?

 

• A. Amazon Aurora
• B. Amazon Redshift Serverless
• C. AWS Lambda
• D. Amazon RDS

 

Selected Answer: B

A. Amazon Aurora: A relational database engine offered as part of Amazon RDS (Relational Database Service). While it is a high-performance database engine, it is optimized for transactional workloads rather than analytical processing typical of data warehouses.

B. Amazon Redshift: A fully managed, petabyte-scale data warehouse service in the cloud. It is specifically designed for analytics and data warehousing, offering fast query performance using SQL queries and integration with various business intelligence tools.

C. AWS Lambda: A serverless compute service that allows you to run code without provisioning or managing servers. It is event-driven and primarily used for executing code in response to events, such as changes in data or system state.

D. Amazon RDS: A managed relational database service that supports various database engines like MySQL, PostgreSQL, Oracle, SQL Server, and MariaDB. Similar to Amazon Aurora, it is optimized for transactional workloads rather than analytical processing.

 

---

#27. How does AWS Cloud computing help businesses reduce costs? (Choose two.)

 

• A. AWS charges the same prices for services in every AWS Region.
• B. AWS enables capacity to be adjusted on demand.
• C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week.
• D. AWS does not charge for data sent from the AWS Cloud to the internet.
• E. AWS eliminates many of the costs of building and maintaining on-premises data centers.

 

Selected Answer: BE

A. AWS charges the same prices for services in every AWS Region: AWS pricing can vary by region based on factors such as infrastructure costs in different regions.

B. AWS enables capacity to be adjusted on demand: AWS provides the flexibility to scale resources up or down based on demand. This allows businesses to optimize costs by only paying for the resources they actually use, avoiding unnecessary expenses during periods of lower demand.

C. AWS offers discounts for Amazon EC2 instances that remain idle for more than 1 week: Businesses are billed for the provisioned capacity, whether or not it is actively used.

D. AWS does not charge for data sent from the AWS Cloud to the internet: While AWS provides data transfer out allowances, additional data transfer beyond these allowances is subject to charges.

E. AWS eliminates many of the costs of building and maintaining on-premises data centers: With AWS, businesses can leverage cloud infrastructure without the need to invest in and maintain physical data centers. This eliminates upfront capital expenses, ongoing maintenance costs, and the need to overprovision resources for future growth, leading to significant cost savings.

 

---

#28. A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources. Which AWS service will meet this requirement?

 

• A. IAM group
• B. IAM role
• C. IAM tag
• D. IAM Access Analyzer

 

Selected Answer: B

A. IAM group: Containers for IAM users. They are used to simplify the management of IAM policies by allowing you to attach policies to a group and automatically apply those policies to all users in the group. However, IAM groups are not directly used for cross-account access.

B. IAM role: Are used to delegate permissions to users, applications, or services. In the context of cross-account access, you can create an IAM role in the target account and define policies that grant access to the necessary resources. Users in the source account can assume the role to access resources in the target account. IAM roles are commonly used for cross-account access scenarios.

C. IAM tag: Are metadata that you can assign to IAM users, groups, roles, and policies. While tags are useful for organizing and managing resources, they are not the primary mechanism for granting cross-account access.

D. IAM Access Analyzer: A tool that helps identify resources that are shared with an external entity or are publicly accessible. It is used for analyzing access across accounts, but not specifically for setting up cross-account access.

 

---

#29. Which task is the responsibility of AWS when using AWS services?

 

• A. Management of IAM user permissions
• B. Creation of security group rules for outbound access
• C. Maintenance of physical and environmental controls
• D. Application of Amazon EC2 operating system patches

 

Selected Answer: C

A. Management of IAM user permissions: AWS provides IAM (Identity and Access Management) for managing user permissions, and customers are responsible for configuring and managing these permissions for their users.

B. Creation of security group rules for outbound access: Security groups in AWS are used to control inbound and outbound traffic to EC2 instances. Customers define the rules for security groups, including outbound access rules.

C. Maintenance of physical and environmental controls: This task is the responsibility of AWS. AWS manages the physical infrastructure, including data center security, environmental controls (such as cooling and power), and other aspects related to the underlying infrastructure.

D. Application of Amazon EC2 operating system patches: While AWS manages the infrastructure, including the hypervisor and host operating system, customers are responsible for applying patches and updates to the guest operating system running on their EC2 instances.

 

---

#30. A company wants to automate infrastructure deployment by using infrastructure as code (IaC). The company wants to scale production stacks so the stacks can be deployed in multiple AWS Regions.
Which AWS service will meet these requirements?

 

• A. Amazon CloudWatch
• B. AWS Config
• C. AWS Trusted Advisor
• D. AWS CloudFormation

 

Selected Answer: D

A. Amazon CloudWatch: A monitoring service for AWS resources. It allows you to collect and track metrics, collect and monitor log files, and set alarms.

B. AWS Config: A service that provides a detailed inventory of your AWS resources and their configurations, as well as configuration history. It helps you assess, audit, and evaluate the configurations of your AWS resources.

C. AWS Trusted Advisor: A service that provides recommendations to help optimize your AWS infrastructure for cost efficiency, performance, security, and fault tolerance. It offers best practices guidance.

D. AWS CloudFormation: A service that allows you to define and provision AWS infrastructure as code. You can use CloudFormation templates to describe the resources needed, and CloudFormation handles the provisioning and deployment. It supports the automated deployment and scaling of infrastructure stacks across multiple AWS Regions, making it suitable for IaC and scaling production stacks.

 

---

#31. Which option is an AWS Cloud Adoption Framework (AWS CAF) platform perspective capability?

 

• A. Data architecture
• B. Data protection
• C. Data governance
• D. Data science

 

Selected Answer: A

A. Data architecture == Platform
B. Data protection == Security
C. Data governance == Governance
D. Data science == Business

 

---

#32. A company is running a workload in the AWS Cloud.
Which AWS best practice ensures the MOST cost-effective architecture for the workload?

 

• A. Loose coupling
• B. Rightsizing
• C. Caching
• D. Redundancy

 

Selected Answer: B

A. Loose coupling: This is a design principle that promotes independence between components in a system. It enhances flexibility and scalability by reducing dependencies. While beneficial for system architecture, it doesn't directly target cost optimization.

B. Rightsizing: Involves selecting the appropriate size and type of AWS resources to match the workload's actual needs. The focus is on optimizing costs by avoiding overprovisioning and ensuring resources are efficiently utilized. Regular reviews and adjustments contribute to ongoing cost-effectiveness.

C. Caching: Involves storing frequently accessed data to reduce the need to fetch it repeatedly from the original source. It improves performance and can indirectly contribute to cost savings by reducing the load on backend resources. The primary focus, however, is on enhancing application performance rather than direct cost optimization.

D. Redundancy: Involves having duplicate components to ensure high availability and fault tolerance. While crucial for reliability and minimizing downtime, redundancy's primary goal is not direct cost optimization. It can prevent costs associated with disruptions and downtime.

 

---

#33. A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server is running out of space. The company wants to use AWS services for the backups without changing its existing backup workflows. Which AWS service should the company use to meet these requirements?

 

• A. Amazon Elastic Block Store (Amazon EBS)
• B. AWS Storage Gateway
• C. Amazon Elastic Container Service (Amazon ECS)
• D. AWS Lambda

 

Selected Answer: B

A. Amazon Elastic Block Store (Amazon EBS): This service provides block-level storage volumes primarily used with Amazon EC2 instances. It may not be the best fit for backup scenarios involving tape libraries.

B. AWS Storage Gateway: This is a hybrid cloud storage service that seamlessly integrates on-premises applications with cloud storage. It supports various storage protocols, including Amazon S3 and Amazon Glacier, and allows on-premises data to be backed up to AWS without changing existing workflows.

C. Amazon Elastic Container Service (Amazon ECS): This service is for container orchestration and managing containerized applications. It is not directly related to back up scenarios or large-scale data storage.

D. AWS Lambda: This is a serverless compute service for running code in response to events.

 

---

#34. Which AWS tool gives users the ability to plan their service usage, service costs, and instance reservations, and also allows them to set custom alerts when their costs or usage exceed established thresholds?

 

• A. Cost Explorer
• B. AWS Budgets
• C. AWS Cost and Usage Report
• D. Reserved Instance reporting

 

Selected Answer: B

A. Cost Explorer: Provides insights into AWS costs and usage, allowing users to analyze spending trends and breakdown costs by services, regions, and tags.

B. AWS Budgets: Enables users to plan service usage, set custom cost and usage budgets, and receive alerts when costs or usage exceed predefined thresholds.

C. AWS Cost and Usage Report: Provides detailed data on AWS costs and usage, offering hourly or daily usage, costs, and resource-level details for in-depth analysis and auditing.

D. Reserved Instance Reporting: Provides insights into the utilization and coverage of Reserved Instances, helping users understand how effectively Reserved Instances are utilized.

 

---

#35. Which tasks are the customer’s responsibility, according to the AWS shared responsibility model? (Choose two.)

 

• A. Establish the global infrastructure.
• B. Perform client-side data encryption.
• C. Configure IAM credentials.
• D. Secure edge locations.
• E. Patch Amazon RDS DB instances.

 

Selected Answer: BC

A. Establish the global infrastructure: This is typically a task managed by AWS. AWS is responsible for setting up and managing the global infrastructure, including data centers and the underlying network.

B. Perform client-side data encryption: This task is the responsibility of the customer to encrypt data on the client side before sending it to AWS. It ensures that data is secure during transit.

C. Configure IAM credentials: Customers are responsible for configuring Identity and Access Management (IAM) credentials. This includes managing user accounts, permissions, and authentication mechanisms for accessing AWS resources.

D. Secure edge locations: AWS is responsible for securing its edge locations. This includes ensuring the physical security and proper operation of these locations.

E. Patch Amazon RDS DB instances: This is typically a task managed by AWS. AWS is responsible for applying updates and security patches to Amazon RDS DB instances to keep them up to date and secure. Customers are responsible for their data and configurations within the RDS instances.

 

---

#36. A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Choose two.)

 

• A. Grant the developer access to only the AWS resources needed to perform the job.
• B. Share the AWS account root user credentials with the developer.
• C. Add the developer to the administrator’s group in AWS IAM.
• D. Configure a password policy that ensures the developer’s password cannot be changed.
• E. Ensure the account password policy requires a minimum length.

 

Selected Answer: AE

A. Grant the developer access to only the AWS resources needed to perform the job: Following the principle of least privilege, it is advisable to provide the developer with access only to the specific AWS resources necessary for their job role. This minimizes the potential impact of security incidents and limits the scope of actions the developer can perform.

E. Ensure the account password policy requires a minimum length: Implementing a password policy that requires a minimum length is a good security practice. It helps enhance the strength of passwords and contributes to better overall account security. Longer passwords are generally more resistant to brute-force attacks.

Options B and C and D are not recommended

 

---

#37. A company has multiple AWS accounts that include compute workloads that cannot be interrupted. The company wants to obtain billing discounts that are based on the company’s use of AWS services.
Which AWS feature or purchasing option will meet these requirements?

 

• A. Resource tagging
• B. Consolidated billing
• C. Pay-as-you-go pricing
• D. Spot Instances

 

Selected Answer: B

A. Resource tagging: It is used for organizing and categorizing resources.

B. Consolidated billing: Allows a company to aggregate the usage and costs for multiple AWS accounts, providing a comprehensive view of the overall AWS spending. With consolidated billing, the company can benefit from volume discounts based on the combined usage of AWS services across all linked accounts. This is particularly useful when the company has multiple AWS accounts with compute workloads that cannot be interrupted, as it allows them to optimize costs and obtain billing discounts based on the collective usage.

C. Pay-as-you-go pricing: It is a pricing model where customers pay for the compute capacity they use with no upfront costs or long-term commitments. While it provides flexibility, it does not specifically address obtaining billing discounts.

D. Spot Instances: These are spare EC2 instances available at a lower cost. However, they can be interrupted by AWS if the capacity is needed elsewhere. This option may not be suitable for workloads that cannot be interrupted.

 

---

#38. A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure. Which AWS service or feature should be used?

 

• A. Security groups
• B. AWS Firewall Manager
• C. IAM roles
• D. IAM user SSH keys

 

Selected Answer: C

A. Security groups: This is used for controlling inbound and outbound traffic to EC2 instances but does not provide secure access to AWS services.

B. AWS Firewall Manager: This is a service used for managing AWS WAF (Web Application Firewall) rules across accounts and applications, and it is not directly related to granting permissions to EC2 instances.

C. IAM roles: Are used to grant secure and temporary access to AWS services. In this scenario, where a user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services, IAM roles should be used. IAM roles provide a secure way to delegate permissions to entities like EC2 instances without the need for long-term credentials.

D. IAM user SSH keys. Are specifically related to SSH key pairs for IAM users and is not the appropriate solution for granting access to AWS services from EC2 instances.

 

---

#39. A company wants a fully managed Windows file server for its Windows-based applications.
Which AWS service will meet this requirement?

 

• A. Amazon FSx
• B. Amazon Elastic Kubernetes Service (Amazon EKS)
• C. Amazon Elastic Container Service (Amazon ECS)
• D. Amazon EMR

 

Selected Answer: A

Service Primary purpose Support for Windows file servers
A. Amazon FSx Managed file storage : Yes
B. Amazon EKS Managed Kubernetes service : No
C. Amazon ECS Managed container orchestration service : No
D. Amazon EMR Managed Hadoop and Spark service : No

 

---

#40. A company wants to migrate its NFS on-premises workload to AWS.
Which AWS Storage Gateway type should the company use to meet this requirement?

 

• A. Tape Gateway
• B. Volume Gateway
• C. Amazon FSx File Gateway
• D. Amazon S3 File Gateway

 

Selected Answer: D

A. Tape Gateway: Is used for archiving data to Amazon S3 and Glacier. It is not designed for NFS workloads or migrating on-premises file-based workloads.

B. Volume Gateway: Is used for block storage volumes and might not be the most suitable option for NFS file workloads. It's more focused on block storage solutions.

C. Amazon FSx File Gateway: Provides a file interface to Amazon FSx file systems, which is compatible with Windows file servers. However, it may not be the optimal solution for migrating NFS workloads to AWS.

D. Amazon S3 File Gateway: Supports a file interface into Amazon S3 and allows storing and retrieving objects in Amazon S3 using industry-standard file protocols such as NFS. It is designed for scenarios where you want to integrate on-premises file-based applications with Amazon S3, making it suitable for migrating NFS workloads to AWS.

---

■ 마무리

​

'Certified Cloud Practitioner CLF-C02 Dump 문제'에 대해서 정리해 봤습니다.

 

그럼 오늘 하루도 즐거운 나날 되길 기도하겠습니다

좋아요와 댓글 부탁드립니다 :)

 

감사합니다.