[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (6)

---

안녕하세요 HELLO

 

이번에 Certified Cloud Practitioner CLF-C02를 준비하면서, 문제 은행 Dump 사이트에서 문제 및 해설을 정리했습니다. 한 곳에 정리된 글이 없어서, 공부하기가 어려웠기에, 이를 활용해서 다들 공부에 도움 되었으면 합니다.

 

■ Certified Cloud Practitioner CLF-C02 Dump 정리

 

1. 문제 1~20 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (1)

2. 문제 21~40 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (2)

3. 문제 41~60 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (3)

4. 문제 61~80 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (4)

5. 문제 81~100 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (5)

6. 현재 페이지 (101~120)

7. 문제 121~140 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (7)

8. 문제 141~ 160 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (8)

9. 문제 161~180 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (9)

 

반응형

 

#101. A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?

 

• A. Use of the Snowball Edge appliance for a 10-day period
• B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
• C. The transfer of data from the Snowball Edge appliance into Amazon S3
• D. Daily use of the Snowball Edge appliance after 10 days

 

Selected Answer: A

 

The activities related to a Snowball Edge device that are available to the company at no cost are:

A. Use of the Snowball Edge appliance for a 10-day period
C. The transfer of data from the Snowball Edge appliance into Amazon S3

Typically, AWS does not charge for using the Snowball Edge appliance for a specified initial period (usually 10 days) and for importing data into Amazon S3 from the Snowball Edge device. However, other activities such as data transfer out of Amazon S3 to the device and daily use of the device beyond the initial 10-day period may incur additional costs.

 

---

#102. A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?

 

• A. AWS Trusted Advisor
• B. Amazon Inspector
• C. AWS Config
• D. Amazon GuardDuty

 

Selected Answer: B

 

Inspector is all about security assessments of AWS based applications and their configurations against known vulnerabilities.

 

GuardDuty is all about continuously and automatically process different foundational data sources such as CloudTrail event logs, VPC flow logs and DNS logs to find potential security threat over an entire AWS account not just only with applications and it also uses threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected, potentially unauthorized, and malicious activity within AWS environment. So as far as assessment is concerned Inspector is the right answer.

 

---

#103. A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?

 

• A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
• B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
• C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
• D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.

 

Selected Answer : B

 

B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.

Using an AWS Storage Gateway file gateway allows you to extend your on-premises file storage into the AWS Cloud seamlessly. It provides low-latency access to your data stored in Amazon S3 while maintaining the performance benefits of local access. This solution enables centralized management of storage while still allowing users to access files as if they were stored locally. Additionally, it eliminates the need for managing individual S3 buckets for each user, simplifying administration and scalability.

 

---

#104. According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

 

• A. Hard code an IAM user’s secret key and access key directly in the application, and upload the file.
• B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.
• C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
• D. Modify the S3 bucket policy so that any service can upload to it at any time.

 

Selected Answer: C

 

The recommended security best practice for giving an Amazon EC2 instance access to an Amazon S3 bucket is option C: Have the EC2 instance assume a role to obtain the privileges to upload the file. This involves using AWS Identity and Access Management (IAM) roles to grant temporary permissions to the EC2 instance, rather than hard-coding or storing access keys directly in the application or on the instance.

This approach enhances security by minimizing the exposure of long-term credentials and following the principle of least privilege. The EC2 instance assumes a role with specific permissions to interact with the S3 bucket, and AWS automatically rotates temporary credentials for the instance.

Options A and B involve storing IAM user's secret keys on the EC2 instance, which is not recommended due to security risks. Option D, modifying the S3 bucket policy to allow any service to upload to it at any time, is also not recommended as it may lead to security vulnerabilities and compromises the principle of least privilege.

 

---

#105. Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

• A. Physical security of DynamoDB
• B. Patching of DynamoDB
• C. Access to DynamoDB tables
• D. Encryption of data at rest in DynamoDB

 

Selected Answer: C

 

C. Access to DynamoDB tables

This means that customers are responsible for managing access control to their DynamoDB tables, including configuring IAM policies, roles, and permissions to ensure that only authorized users or services can interact with the tables. This responsibility involves setting up appropriate authentication and authorization mechanisms to protect the data stored in DynamoDB from unauthorized access.

 

---

#106. Which option is a perspective that includes foundational capabilities of the AWS Cloud Adoption Framework (AWS CAF)?

 

• A. Sustainability
• B. Performance efficiency
• C. Governance
• D. Reliability

 

Selected Answer: C

 

A. Sustainability: While sustainability is an important consideration, it is not typically associated with the foundational capabilities of the AWS Cloud Adoption Framework (CAF). The AWS CAF focuses more on organizational readiness, governance, and best practices for adopting the AWS Cloud.

B. Performance efficiency: Performance efficiency is related to optimizing the performance of workloads in the cloud. While important, it's not specifically a foundational capability outlined in the AWS CAF.

C. Governance: Governance is a foundational capability in the AWS CAF. It involves establishing and enforcing policies and controls to manage and optimize cloud resources effectively. Governance in AWS CAF helps organizations maintain control, ensure compliance, and manage risks in their cloud environment.

D. Reliability: While reliability is crucial for cloud services, it's not explicitly mentioned as a foundational capability in the AWS CAF. However, reliability is often addressed as part of best practices and operational considerations when adopting the AWS Cloud.

 

---

#107. A company is running and managing its own Docker environment on Amazon EC2 instances. The company wants an alternative to help manage cluster size, scheduling, and environment maintenance.
Which AWS service meets these requirements?

 

• A. AWS Lambda
• B. Amazon RDS
• C. AWS Fargate
• D. Amazon Athena

 

Selected Answer: C

AWS Fargate is a serverless compute engine for containers that lets you run containers without managing the underlying infrastructure. It simplifies the process of managing clusters, scheduling tasks, and handling environment maintenance for containerized applications. With AWS Fargate, you only need to focus on your containers and applications, and AWS takes care of the underlying infrastructure. This makes it a suitable alternative for companies looking to simplify container management on Amazon EC2 instances.

 

---

#108. A company wants to run a NoSQL database on Amazon EC2 instances.
Which task is the responsibility of AWS in this scenario?

 

• A. Update the guest operating system of the EC2 instances.
• B. Maintain high availability at the database layer.
• C. Patch the physical infrastructure that hosts the EC2 instances.
• D. Configure the security group firewall.

 

Selected Answer: C

 

A is incorrect because when we set up an instance of ec2 we choose the operating system.
B is incorrect because we are configuring and running the database on the ec2 instances so that would be our responsibility.
D is incorrect because the firewall rules are our job.
C is correct because the physical infrastructure where the ec2 instances run is amazon's responsibility

 

---

#109. Which AWS services or tools can identify rightsizing opportunities for Amazon EC2 instances? (Choose two.)

 

• A. AWS Cost Explorer
• B. AWS Billing Conductor
• C. Amazon CodeGuru
• D. Amazon SageMaker
• E. AWS Compute Optimizer

 

Selected Answer : AE

 

- AWS Cost Explorer: Allows customers to monitor their AWS cost and usage at a resource level to identify cost drivers.
- AWS Billing Conductor: A customizable billing service, allowing you to customize your billing data to match your desired showback or chargeback business logic
- Amazon CodeGuru: A machine learning-powered developer tool that provides automated code reviews and identifies performance optimizations in your Java, Python, Scala, Cotlin.
- AWS Compute Optimizer: Get recommendations to optimize your use of AWS resources (rightsizing)
- Amazon SageMaker: A cloud based machine-learning platform that allows the creation, training, and deployment by developers of machine-learning (ML) models on the cloud.

 

---

#110. Which of the following are benefits of using AWS Trusted Advisor? (Choose two.)

 

• A. Providing high-performance container orchestration
• B. Creating and rotating encryption keys
• C. Detecting underutilized resources to save costs
• D. Improving security by proactively monitoring the AWS environment
• E. Implementing enforced tagging across AWS resources

 

Selected Answer : CD

 

Benefits of Trusted Advisor:
• Cost optimization - Trusted Advisor can help you save cost with actionable recommendations by analyzing usage, configuration and spend.
• Performance - Trusted Advisor can help improve the performance of your services with actionable recommendations by analyzing usage and configuration.
• Security - Trusted Advisor can help improve the security of your AWS environment by suggesting foundational security best practices curated by security experts.
• Fault tolerance - Trusted Advisor can help improve the reliability of your services.
• Service quotas - Service quotas are the maximum number of resources that you can create in an AWS account.

Reference: https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

 

---

#111. Which of the following is an advantage that users experience when they move on-premises workloads to the AWS Cloud?

 

• A. Elimination of expenses for running and maintaining data centers
• B. Price discounts that are identical to discounts from hardware providers
• C. Distribution of all operational controls to AWS
• D. Elimination of operational expenses

 

Selected Answer: A

 

A. Elimination of expenses for running and maintaining data centers

Don't want to nit-pick, but technically you are still paying AWS for the expenses of running their datacenters, it's just that the costs are embedded in their pricing. Of course economies of scale make this a no brainer.

 

---

#112. A company wants to manage deployed IT services and govern its infrastructure as code (IaC) templates.
Which AWS service will meet this requirement?

 

• A. AWS Resource Explorer
• B. AWS Service Catalog
• C. AWS Organizations
• D. AWS Systems Manager

 

Selected Answer: B

AWS Service Catalog lets you centrally manage your cloud resources to achieve governance at scale of your infrastructure as code (IaC) templates, written in CloudFormation or Terraform configurations. With AWS Service Catalog, you can meet your compliance requirements while making sure your customers can quickly deploy the cloud resources they need.
https://aws.amazon.com/servicecatalog/

 

---

#113. Which AWS service or tool helps users visualize, understand, and manage spending and usage over time?

 

• A. AWS Organizations
• B. AWS Pricing Calculator
• C. AWS Cost Explorer
• D. AWS Service Catalog

 

Selected Answer: C

 

A. AWS Organizations: Manages multiple AWS accounts in an organization, aiding in billing and cost allocation. Not focused on detailed spending visualization.

B. AWS Pricing Calculator: Estimates AWS service costs based on configurations. Lacks detailed historical spending and usage insights.

C. AWS Cost Explorer: Visualizes, understands, and manages AWS spending and usage over time. Provides detailed insights, historical data, and forecasting.

D. AWS Service Catalog: Manages approved IT service catalogs but doesn't focus on detailed cost visualization.

 

---

#114. A company is using a central data platform to manage multiple types of data for its customers. The company wants to use AWS services to discover, transform, and visualize the data.
Which combination of AWS services should the company use to meet these requirements? (Choose two.)

 

• A. AWS Glue
• B. Amazon Elastic File System (Amazon EFS)
• C. Amazon Redshift
• D. Amazon QuickSight
• E. Amazon Quantum Ledger Database (Amazon QLDB)

 

Selected Answer: AD

AWS Glue is a serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development.
https://aws.amazon.com/glue/

Amazon QuickSight powers data-driven organizations with unified business intelligence (BI) at hyperscale. With QuickSight, all users can meet varying analytic needs from the same source of truth through modern interactive dashboards, paginated reports, embedded analytics, and natural language queries.
https://aws.amazon.com/quicksight/

 

---

#115. A global company wants to migrate its third-party applications to the AWS Cloud. The company wants help from a global team of experts to complete the migration faster and more reliably in accordance with AWS internal best practices.
Which AWS service or resource will meet these requirements?

 

• A. AWS Support
• B. AWS Professional Services
• C. AWS Launch Wizard
• D. AWS Managed Services (AMS)

 

Selected Answer: B

A. AWS Support: Provides technical support plans, but not focused on hands-on migration assistance.

B. AWS Professional Services: Global team of experts for hands-on assistance with planning, executing, and optimizing AWS migrations.

C. AWS Launch Wizard: Simplifies application deployment, but not specifically designed for third-party application migrations.

D. AWS Managed Services (AMS): Fully managed service for ongoing operational support, not designed for the initial migration phase.

In summary, option B (AWS Professional Services) is the best choice for hands-on assistance with third-party application migrations.

 

---

#116. An e-learning platform needs to run an application for 2 months each year. The application will be deployed on Amazon EC2 instances. Any application downtime during those 2 months must be avoided.
Which EC2 purchasing option will meet these requirements MOST cost-effectively?

 

• A. Reserved Instances
• B. Dedicated Hosts
• C. Spot Instances
• D. On-Demand Instances

 

Selected Answer: D

 

A. Reserved Instances (RIs): Reserved Instances provide capacity reservation for a specified term (usually one or three years), offering cost savings compared to On-Demand Instances. However, RIs may not be the most suitable for a short duration like 2 months, as they typically involve longer-term commitments.

B. Dedicated Hosts: Dedicated Hosts may not be cost-effective for short-term workloads and lack the flexibility needed.

C. Spot Instances: Spot Instances offer cost savings but can be terminated with short notice, potentially causing interruptions.

D. On-Demand Instances: On-Demand Instances provide capacity on a pay-as-you-go basis with no upfront commitment. They are suitable for short-term, variable workloads, offering flexibility without the need for long-term commitments. In this scenario, On-Demand Instances would be a cost-effective option for the 2-month duration while avoiding downtime.

 

---

#117. A developer wants to deploy an application quickly on AWS without manually creating the required resources.
Which AWS service will meet these requirements?

 

• A. Amazon EC2
• B. AWS Elastic Beanstalk
• C. AWS CodeBuild
• D. Amazon Personalize

 

Selected Answer: B

A. Amazon EC2: Amazon EC2 (Elastic Compute Cloud) provides resizable compute capacity in the cloud. While it allows you to manually create and configure virtual servers (EC2 instances), it involves more manual setup and is not as streamlined for quick application deployment as other services.

B. AWS Elastic Beanstalk: a fully managed service that simplifies the deployment of applications on AWS. It abstracts the underlying infrastructure, allowing developers to quickly deploy applications without manual resource creation. It is suitable for rapid application deployment.

C. AWS CodeBuild: a fully managed continuous integration service that compiles source code, runs tests, and produces software packages. While it is part of the CI/CD process, it is not focused on quick application deployment and resource provisioning.

D. Amazon Personalize: Amazon Personalize is a machine learning service for building personalized recommendation models. It is not designed for general application deployment and does not provide the infrastructure for quick deployment.

 

---

#118. A company is storing sensitive customer data in an Amazon S3 bucket. The company wants to protect the data from accidental deletion or overwriting. Which S3 feature should the company use to meet these requirements?

 

• A. S3 Lifecycle rules
• B. S3 Versioning
• C. S3 bucket policies
• D. S3 server-side encryption

 

Selected Answer: B

Versioning in Amazon S3 is a means of keeping multiple variants of an object in the same bucket. You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets.
Versioning-enabled buckets can help you recover objects from accidental deletion or overwrite. For example, if you delete an object, Amazon S3 inserts a delete marker instead of removing the object permanently.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html

 

---

#119. Which AWS service provides the ability to manage infrastructure as code?

 

• A. AWS CodePipeline
• B. AWS CodeDeploy
• C. AWS Direct Connect
• D. AWS CloudFormation

 

Selected Answer: D

 

A. AWS CodePipeline: Focuses on continuous integration and delivery.

B. AWS CodeDeploy: Automates application deployments.

C. AWS Direct Connect: Provides dedicated network connections.

D. AWS CloudFormation: AWS CloudFormation is a service that allows you to define and provision AWS infrastructure as code. It enables you to use a template to describe and provision AWS resources in a repeatable and automated manner. With CloudFormation, you can manage your infrastructure as code, making it easier to version, replicate, and share infrastructure configurations.

 

---

#120. An online gaming company needs to choose a purchasing option to run its Amazon EC2 instances for 1 year. The web traffic is consistent, and any increases in traffic are predictable. The EC2 instances must be online and available without any disruption.
Which EC2 instance purchasing option will meet these requirements MOST cost-effectively?

 

• A. On-Demand Instances
• B. Reserved Instances
• C. Spot Instances
• D. Spot Fleet

 

Selected Answer: B

A. On-Demand Instances: Pay-as-you-go without upfront commitment; less cost-effective for consistent workloads.

B. Reserved Instances: Reserved Instances (RIs) provide a significant discount (compared to On-Demand Instances) in exchange for a commitment of one or three years. They are suitable for consistent, predictable workloads. RIs offer cost-effectiveness while ensuring the EC2 instances are online and available without disruptions.

C. Spot Instances: Bid for unused capacity; cost savings but may not provide consistent availability.

D. Spot Fleet: Collection of Spot Instances; offers flexibility but inherits characteristics of Spot Instances.

 

---

■ 마무리

​

'Certified Cloud Practitioner CLF-C02'에 대해서 정리해 봤습니다.

 

그럼 오늘 하루도 즐거운 나날 되길 기도하겠습니다

좋아요와 댓글 부탁드립니다 :)

 

감사합니다.