[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (7)

---

안녕하세요 HELLO

 

이번에 Certified Cloud Practitioner CLF-C02를 준비하면서, 문제 은행 Dump 사이트에서 문제 및 해설을 정리했습니다. 한 곳에 정리된 글이 없어서, 공부하기가 어려웠기에, 이를 활용해서 다들 공부에 도움 되었으면 합니다.

 

■ Certified Cloud Practitioner CLF-C02 Dump 정리

 

1. 문제 1~20 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (1)

2. 문제 21~40 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (2)

3. 문제 41~60 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (3)

4. 문제 61~80 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (4)

5. 문제 81~100 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (5)

6. 문제 101~120 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (6)

7. 현재 페이지 (121~140)

8. 문제 141~ 160 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (8)

9. 문제 161~180 : [AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (9)

 

반응형

 

#121. Which AWS service or feature allows a user to establish a dedicated network connection between a company’s on-premises data center and the AWS Cloud?

A. AWS Direct Connect
B. VPC peering
C. AWS VPN
D. Amazon Route 53

 

Selected Answer: A

 

A. AWS Direct Connect: AWS Direct Connect allows a user to establish a dedicated network connection between a company's on-premises data center and the AWS Cloud. It provides a private, dedicated network connection to enhance network performance and reliability.

B. VPC Peering: Connects two Virtual Private Clouds (VPCs) within AWS, allowing them to communicate with each other.

C. AWS VPN: Provides a secure, encrypted connection between on-premises networks and AWS VPCs over the internet.

D. Amazon Route 53: A scalable and highly available domain name system (DNS) web service.

 

---

#122. Which option is a physical location of the AWS global infrastructure?

 

• A. AWS DataSync
• B. AWS Region
• C. Amazon Connect
• D. AWS Organizations

 

Selected Answer: B

 

A. AWS DataSync: AWS DataSync is a service for transferring large amounts of data between on-premises storage and Amazon S3. It is not related to the physical location of the AWS global infrastructure.

B. AWS Region: An AWS Region is a physical location in the world where AWS has multiple data centers. It represents a geographic area with multiple Availability Zones to provide fault tolerance and stability.

C. Amazon Connect: Amazon Connect is a cloud-based contact center service. It is not related to the physical infrastructure but rather provides customer service solutions.

D. AWS Organizations: AWS Organizations is a service for consolidating multiple AWS accounts into an organization. It is not related to the physical location of the AWS global infrastructure.

 

---

#123. A company wants to protect its AWS Cloud information, systems, and assets while performing risk assessment and mitigation tasks. Which pillar of the AWS Well-Architected Framework is supported by these goals?

 

• A. Reliability
• B. Security
• C. Operational excellence
• D. Performance efficiency

 

Selected Answer: B

 

Pillars of the AWS Well-Architected Framework:

 

A. Reliability: Focuses on the ability of a system to recover from failures and meet customer expectations. It involves implementing best practices for resiliency, fault tolerance, and disaster recovery.

 

B. Security: Focuses on protecting information, systems, and assets. It involves implementing best practices for identity and access management, data protection, and risk assessment and mitigation.

C. Operational Excellence: Focuses on operational practices that enable efficient management and operation of systems. It involves continuous improvement, monitoring, incident response, and evolving procedures over time.

D. Performance Efficiency: Focuses on using resources efficiently to maintain good performance. It involves optimizing workloads, selecting the right resources, and monitoring performance.

 

Etc. Cost Optimization: Focuses on avoiding unnecessary costs and ensuring that resources are used efficiently. It involves optimizing costs, understanding pricing models, and using resources effectively.

 

---

#124. What is the purpose of having an internet gateway within a VPC?

 

• A. To create a VPN connection to the VPC
• B. To allow communication between the VPC and the internet
• C. To impose bandwidth constraints on internet traffic
• D. To load balance traffic from the internet across Amazon EC2 instances

 

Selected Answer: B

A. To create a VPN connection to the VPC: VPN connections are typically established using Virtual Private Gateways rather than internet gateways. Internet gateways are not directly involved in VPN connections.

B. To allow communication between the VPC and the internet: The primary purpose of an internet gateway (IGW) within a Virtual Private Cloud (VPC) is to enable communication between resources in the VPC and the internet. It serves as a horizontally scaled, redundant component that allows outbound traffic from resources in the VPC to the internet and vice versa.

C. To impose bandwidth constraints on internet traffic: Internet gateways do not impose bandwidth constraints on internet traffic.

D. To load balance traffic from the internet across Amazon EC2 instances: Load balancing of internet traffic is typically handled by services like Elastic Load Balancing (ELB) rather than the internet gateway.

 

---

#125. A company is running a monolithic on-premises application that does not scale and is difficult to maintain. The company has a plan to migrate the application to AWS and divide the application into microservices.
Which best practice of the AWS Well-Architected Framework is the company following with this plan?

 

• A. Integrate functional testing as part of AWS deployment.
• B. Use automation to deploy changes.
• C. Deploy the application to multiple locations.
• D. Implement loosely coupled dependencies.

 

Selected Answer: D

D. Implement loosely coupled dependencies: The best practice of implementing loosely coupled dependencies aligns with the company's plan to migrate the monolithic on-premises application to AWS and divide it into microservices. Microservices architecture emphasizes the use of loosely coupled, independently deployable components that can be developed and maintained separately. Implementing loosely coupled dependencies, promotes the decoupling of services, allowing for greater agility, scalability, and ease of maintenance in a microservices architecture.

The other options are not as directly related to the described scenario:

Option A is related to testing practices.
Option B focuses on automation in deployment.
Option C refers to deploying the application to multiple locations, which may be a part of a broader strategy but is not specifically addressing the benefits of microservices architecture.

 

---

#126. A company has an AWS account. The company wants to audit its password and access key rotation details for compliance purposes. Which AWS service or tool will meet this requirement?

 

• A. IAM Access Analyzer
• B. AWS Artifact
• C. IAM credential report
• D. AWS Audit Manager

 

Selected Answer : C

 

A. IAM Access Analyzer: Analyzes IAM policies to identify potential issues and excessive permissions, but doesn't specifically focus on password and access key rotation details.

B. AWS Artifact: Primarily used for managing and tracking infrastructure as code (IaC) configurations, not directly related to credential auditing.

C. IAM credential report: This built-in IAM feature provides detailed information about the rotation history of user passwords and access keys within the account. It shows dates of last password and access key rotation, along with usernames and key IDs. This aligns perfectly with the requirement of auditing password and access key rotation details for compliance purposes.

D. AWS Audit Manager: Offers a comprehensive platform for managing and automating audits across various AWS services, but it requires additional setup and configuration compared to the readily available IAM credential report

 

---

#127. A company wants to receive a notification when a specific AWS cost threshold is reached.

Which AWS services or tools can the company use to meet this requirement? (Choose two.)

 

• A. Amazon Simple Queue Service (Amazon SQS)
• B. AWS Budgets
• C. Cost Explorer
• D. Amazon CloudWatch
• E. AWS Cost and Usage Report

 

Selected Answer: BD

B. AWS Budgets: Allows the company to set custom cost and usage budgets that alert them when thresholds are exceeded. They can receive notifications via email or Amazon Simple Notification Service (Amazon SNS) when the budget thresholds are reached.

D. Amazon CloudWatch: Can be used to create custom alarms based on cost metrics. The company can set up alarms to trigger notifications when specific cost thresholds are met or exceeded. CloudWatch Alarms can notify through various channels, including Amazon SNS.

The other options are described as follows:

A. Amazon Simple Queue Service (Amazon SQS): SQS is a fully managed message queuing service.
C. Cost Explorer: Cost Explorer is a tool for exploring and analyzing AWS costs but does not provide direct notifications for cost thresholds.
E. AWS Cost and Usage Report: The Cost and Usage Report provides detailed information about AWS costs but does not offer real-time notifications for cost thresholds.

 

---

#128. Which AWS service or resource provides answers to the most frequently asked security-related questions that AWS receives from its users?

 

• A. AWS Artifact
• B. Amazon Connect
• C. AWS Chatbot
• D. AWS Knowledge Center

 

Selected Answer: D

 

A. AWS Artifact: AWS Artifact provides on-demand access to AWS compliance reports and documents. It includes various compliance-related documents, such as SOC reports, PCI DSS reports, and more. While it offers valuable compliance information, it may not directly address the most frequently asked security-related questions.

B. Amazon Connect: Amazon Connect is a cloud-based contact center service. It is focused on providing customer service solutions and does not specifically provide answers to security-related questions.

C. AWS Chatbot: AWS Chatbot is a service that allows users to receive notifications and interact with AWS resources using chat platforms like Slack and Amazon Chime. While it facilitates communication and notifications, it is not designed to provide answers to frequently asked security-related questions.

D. AWS Knowledge Center: AWS Knowledge Center is a resource that provides answers to the most frequently asked security-related questions that AWS receives from its users. It offers a collection of articles, videos, and other resources to help users address common security queries and challenges.

 

---

#129. Which tasks are customer responsibilities, according to the AWS shared responsibility model? (Choose two.)

 

• A. Configure the AWS provided security group firewall.
• B. Classify company assets in the AWS Cloud.
• C. Determine which Availability Zones to use for Amazon S3 buckets.
• D. Patch or upgrade Amazon DynamoDB.
• E. Select Amazon EC2 instances to run AWS Lambda on.

 

Selected Answer: AB

A. Configure the AWS provided security group firewall: Customers are responsible for configuring and managing security group firewalls to control inbound and outbound traffic to their AWS resources.

B. Classify company assets in the AWS Cloud: Asset classification is typically a customer responsibility as part of their data governance and security practices.

The other options are not accurate in the context of customer responsibilities:

C. Determine which Availability Zones to use for Amazon S3 buckets: This is more of a design decision and falls under the AWS management responsibilities.

D. Patch or upgrade Amazon DynamoDB: Patching or upgrading services like Amazon DynamoDB is managed by AWS. Customers are not responsible for patching or upgrading the underlying infrastructure or services provided by AWS.

E. Select Amazon EC2 instances to run AWS Lambda on: The selection of underlying infrastructure for serverless services like AWS Lambda is managed by AWS. Customers focus on writing and deploying functions without managing the underlying instances.

 

---

#130. Which of the following are pillars of the AWS Well-Architected Framework? (Choose two.)

 

• A. Availability
• B. Reliability
• C. Scalability
• D. Responsive design
• E. Operational excellence

 

Selected Answer: BE

 

1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization

 

Missing: 6. Sustainability

 

---

#131. A user needs programmatic access to AWS resources through the AWS CLI or the AWS API.
Which option will provide the user with the appropriate access?

 

• A. Amazon Inspector
• B. Access keys
• C. SSH public keys
• D. AWS Key Management Service (AWS KMS) keys

 

Selected Answer : B

 

A- Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

B- Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK)

C- The SSH public keys are used for establishing secure shell (SSH) connections to EC2 instances, not for general API access.

D- AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data.

 

---

#132. Which AWS service or feature is used to send both text and email messages from distributed applications?

 

• A. Amazon Simple Notification Service (Amazon SNS)
• B. Amazon Simple Email Service (Amazon SES)
• C. Amazon CloudWatch alerts
• D. Amazon Simple Queue Service (Amazon SQS)

 

Selected Answer: A

A. Amazon Simple Notification Service (Amazon SNS): A fully managed messaging service that enables the sending of both text (SMS) and email messages from distributed applications. It allows applications to send messages to a variety of endpoints, including email, SMS, HTTP/HTTPS, and more.

B. Amazon Simple Email Service (Amazon SES): Amazon SES is focused on sending email messages, not text (SMS) messages.

C. Amazon CloudWatch alerts: CloudWatch is primarily for monitoring and managing resources, not for sending text or email messages.

D. Amazon Simple Queue Service (Amazon SQS): SQS is used for reliably transmitting messages between components but is not designed for sending text or email messages.

 

---

#133. A company runs thousands of simultaneous simulations using AWS Batch. Each simulation is stateless, is fault tolerant, and runs for up to 3 hours.
Which pricing model enables the company to optimize costs and meet these requirements?

 

• A. Reserved Instances
• B. Spot Instances
• C. On-Demand Instances
• D. Dedicated Instances

 

Selected Answer: B

 

A. Reserved Instances: While offering a significant discount compared to On-Demand Instances, they require a one-year or three-year commitment and upfront payment. This might not be ideal for workloads with variable demand or short durations like the given simulations.

B. Spot Instances: These offer the potential for significant cost savings compared to On-Demand Instances, with prices fluctuating based on supply and demand. They are well-suited for stateless, fault-tolerant workloads like the company's simulations, as they can be automatically terminated and restarted on price spikes without impacting the overall execution.

C. On-Demand Instances: These provide predictable pricing but are the most expensive option. Given the cost optimization goal and stateless nature of the simulations, Spot Instances offer a better cost-performance trade-off.

D. Dedicated Instances: Similar to Reserved Instances, these come with an upfront commitment and fixed payments, making them less flexible for workloads with variable demand like the simulations.

 

---

#134. What does the concept of agility mean in AWS Cloud computing? (Choose two.)

 

• A. The speed at which AWS resources are implemented
• B. The speed at which AWS creates new AWS Regions
• C. The ability to experiment quickly
• D. The elimination of wasted capacity
• E. The low cost of entry into cloud computing

 

Selected Answer: AC

A. The speed at which AWS resources are implemented: Agility in AWS refers to the ability to quickly provision and implement resources, allowing users to adapt to changing requirements and scale resources as needed.

C. The ability to experiment quickly: Agility involves the capability to experiment rapidly, enabling users to innovate, test ideas, and iterate quickly in the cloud environment.

The other options are described as follows:

B. The speed at which AWS creates new AWS Regions: The creation of new AWS Regions is not typically within the control of individual AWS customers. AWS decides when and where to create new regions based on business considerations.

D. The elimination of wasted capacity: While efficiency and cost optimization are important aspects of cloud computing, the elimination of wasted capacity is not a direct aspect of the concept of agility.

E. The low cost of entry into cloud computing: While cost considerations are important, the low cost of entry is not a defining aspect of agility. Agility focuses more on speed, flexibility, and the ability to respond quickly to changing demands.

 

---

#135. A company needs to block SQL injection attacks. Which AWS service or feature can meet this requirement?

 

• A. AWS WAF
• B. AWS Shield
• C. Network ACLs
• D. Security groups

 

Selected Answer: A

A. AWS WAF (Web Application Firewall): A web application firewall that allows users to create custom rules to filter and monitor HTTP or HTTPS requests to a web application. It helps protect against common web exploits, including SQL injection attacks, by allowing the blocking or rate-limiting of malicious requests.

B. AWS Shield: A managed Distributed Denial of Service (DDoS) protection service. While it helps protect against DDoS attacks, it is not specifically designed for blocking SQL injection attacks.

C. Network ACLs (Access Control Lists): Are used to control traffic at the subnet level. While they provide some control over inbound and outbound traffic, they operate at the network layer (Layer 3) and are not designed for deep inspection of application layer attacks like SQL injection.

D. Security groups: Operate at the instance level and are stateful firewalls that control inbound and outbound traffic. While they provide network-level security, they are not designed to specifically block SQL injection attacks.

 

---

#136. Which AWS service or feature identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity?

 

• A. AWS Service Catalog
• B. AWS Systems Manager
• C. AWS IAM Access Analyzer
• D. AWS Organizations

 

Selected Answer: C

A. AWS Service Catalog: A service that allows organizations to create and manage catalogs of IT services that are approved for use on AWS.

B. AWS Systems Manager: A set of services that enables visibility and control of your infrastructure on AWS.

C. AWS IAM Access Analyzer: A service that helps identify unintended resource access and resource sharing. It specifically identifies whether an Amazon S3 bucket or an IAM role has been shared with an external entity. It provides insights into resource access policies.

D. AWS Organizations: A service for consolidating multiple AWS accounts into an organization that you create and centrally manage.

 

---

#137. A cloud practitioner needs to obtain AWS compliance reports before migrating an environment to the AWS Cloud.
How can these reports be generated?

 

• A. Contact the AWS Compliance team.
• B. Download the reports from AWS Artifact.
• C. Open a case with AWS Support.
• D. Generate the reports with Amazon Macie.

 

Selected Answer: B

A. Contact the AWS Compliance team: While it is possible to contact the AWS Compliance team for specific compliance-related inquiries, obtaining standard compliance reports is typically done through self-service options like AWS Artifact. Direct contact may be needed for specific or customized compliance needs.

B. Download the reports from AWS Artifact: A self-service portal that provides on-demand access to AWS compliance reports. Users can download documentation on various compliance programs and certifications, making it a convenient way to obtain compliance reports.

C. Open a case with AWS Support: While AWS Support can assist with various inquiries, opening a case may not be the most efficient way to obtain standard compliance reports.

D. Generate the reports with Amazon Macie: A service focused on discovering, classifying, and protecting sensitive data.

 

---

#138. An ecommerce company has migrated its IT infrastructure from an on-premises data center to the AWS Cloud.
Which cost is the company’s direct responsibility?

 

• A. Cost of application software licenses
• B. Cost of the hardware infrastructure on AWS
• C. Cost of power for the AWS servers
• D. Cost of physical security for the AWS data center

 

Selected Answer: A

A. Cost of application software licenses: In the AWS Cloud, customers are responsible for the cost of application software licenses. This includes any software licenses required to run applications on AWS services. AWS provides the underlying infrastructure, and customers are responsible for licensing their application software.

B. Cost of the hardware infrastructure on AWS: AWS manages and covers the cost of the underlying hardware infrastructure.

C. Cost of power for the AWS servers: AWS handles power costs for its data centers; customers pay for compute resources.

D. Cost of physical security for the AWS data center: AWS is responsible for physical security; customers manage security within their accounts.

 

---

#139. A company is setting up AWS Identity and Access Management (IAM) on an AWS account.
Which recommendation complies with IAM security best practices?

 

• A. Use the account root user access keys for administrative tasks.
• B. Grant broad permissions so that all company employees can access the resources they need.
• C. Turn on multi-factor authentication (MFA) for added security during the login process.
• D. Avoid rotating credentials to prevent issues in production applications.

 

Selected Answer: C

A. Use the account root user access keys for administrative tasks: It is not recommended to use the root user's access keys for day-to-day administrative tasks. The root user has unrestricted access, and using its access keys poses security risks.

B. Grant broad permissions so that all company employees can access the resources they need: It's advisable to follow the principle of least privilege, granting users only the permissions they need to perform their tasks.

C. Turn on multi-factor authentication (MFA) for added security during the login process: Enabling multi-factor authentication (MFA) is a security best practice. It adds an extra layer of protection by requiring users to provide a second form of authentication in addition to their password. This helps prevent unauthorized access even if credentials are compromised.

D. Avoid rotating credentials to prevent issues in production applications: Regularly rotating credentials, such as access keys and passwords, enhances security by reducing the window of opportunity for attackers.

 

---

#140. Elasticity in the AWS Cloud refers to which of the following? (Choose two.)

 

• A. How quickly an Amazon EC2 instance can be restarted
• B. The ability to rightsize resources as demand shifts
• C. The maximum amount of RAM an Amazon EC2 instance can use
• D. The pay-as-you-go billing model
• E. How easily resources can be procured when they are needed

 

Selected Answer: BE

A. How quickly an Amazon EC2 instance can be restarted: Not directly related to elasticity. Elasticity is more about adjusting resources based on demand rather than the speed of restarting instances.

B. The ability to rightsize resources as demand shifts: Elasticity involves the ability to dynamically adjust the size of resources (e.g., adding or removing instances) based on changing demand.

C. The maximum amount of RAM an Amazon EC2 instance can use: Not directly related to elasticity. Elasticity is more about the ability to scale resources horizontally or vertically, not the specific resource limits.

D. The pay-as-you-go billing model: Pay-as-you-go is related to the pricing model rather than elasticity.

E. How easily resources can be procured when they are needed: Elasticity involves the ease with which resources can be provisioned or de-provisioned based on changing demand, providing flexibility and scalability.

 

---

■ 마무리

​

'Certified Cloud Practitioner CLF-C02'에 대해서 정리해 봤습니다.

 

그럼 오늘 하루도 즐거운 나날 되길 기도하겠습니다

좋아요와 댓글 부탁드립니다 :)

 

감사합니다.