[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (8)

A. AWS CloudTrail: Enables customers to audit API calls in their AWS accounts by capturing and logging those calls. It provides visibility into user and resource activity and can be used for security analysis, compliance checking, and troubleshooting.

B. AWS Trusted Advisor: Provides best practices and recommendations for optimizing AWS resources. While it can offer guidance on security-related matters, it doesn't specifically focus on auditing API calls.

C. Amazon Inspector: Assesses the security vulnerabilities of applications deployed on AWS. It is more focused on security assessments and vulnerability detection rather than auditing API calls.

D. AWS X-Ray: Helps trace requests as they travel through applications, providing insights into application performance. It is not primarily designed for auditing API calls but for understanding and debugging distributed applications.

#142. What is a customer responsibility when using AWS Lambda according to the AWS shared responsibility model?

A. Managing the code within the Lambda function
B. Confirming that the hardware is working in the data center
C. Patching the operating system
D. Shutting down Lambda functions when they are no longer in use

Selected Answer: A

AWS Lambda allows developers to run code without provisioning or managing servers. Developers upload their code to Lambda and define the triggers that should invoke the function. The code runs in ephemeral containers, and Lambda takes care of managing the compute resources, allowing for highly scalable and cost-efficient execution of code in response to events.

A. Managing the code within the Lambda function: Customers are responsible for developing, deploying, and managing the code and dependencies within the Lambda function.

B. Confirming that the hardware is working in the data center: AWS manages the hardware infrastructure, and customers do not need to confirm or manage the underlying hardware.

C. Patching the operating system: AWS Lambda abstracts the underlying infrastructure, and customers are not responsible for patching the operating system. AWS takes care of the maintenance.

D. Shutting down Lambda functions when they are no longer in use: While it's good practice to manage resources efficiently, AWS Lambda is designed to automatically scale based on demand, and customers don't need to manually shut down functions.

#143. A company has 5 TB of data stored in Amazon S3. The company plans to occasionally run queries on the data for analysis. Which AWS service should the company use to run these queries in the MOST cost-effective manner?

A. Amazon Redshift
B. Amazon Athena
C. Amazon Kinesis
D. Amazon RDS

Selected Answer: B

B. Amazon Athena
Amazon Athena is a serverless query service that allows you to analyze data directly in Amazon S3 using standard SQL queries. You don't need to set up or manage any infrastructure; you only pay for the queries you run. It is well-suited for ad-hoc and exploratory analysis on data stored in S3 without the need for maintaining a separate database.

Option A (Amazon Redshift) is a fully-managed data warehouse service and is more suitable for complex analytics and large-scale data warehousing scenarios. It might be more cost-effective for frequent and complex analytical workloads.

Option C (Amazon Kinesis) is a service for real-time processing of streaming data and is not designed for running ad-hoc queries on stored data.

Option D (Amazon RDS) is a managed relational database service and is not the most cost-effective choice for running queries directly on data stored in S3.

#144. Which AWS service can be used at no additional cost?

A. Amazon SageMaker
B. AWS Config
C. AWS Organizations
D. Amazon CloudWatch

Selected Answer: C

A. Amazon SageMaker: While Amazon SageMaker has a free tier that includes certain usage limits, it's important to note that certain features and usage beyond the free tier may incur additional costs

B. AWS Config: AWS Config has associated costs based on the number of configuration items recorded and API activity. It is not a service that is provided at no additional cost.

C. AWS Organizations: This service allows you to consolidate multiple AWS accounts into an organization, and it is indeed available at no additional cost. However, costs associated with the resources used in the accounts within the organization are separate.

D. Amazon CloudWatch: While CloudWatch itself is not entirely free, there is a free tier with limited usage. Beyond the free tier, there are associated costs based on the quantity of metrics, dashboards, alarms, and logs stored.

#145. Which AWS Cloud Adoption Framework (AWS CAF) capability belongs to the people perspective?

A. Data architecture
B. Event management
C. Cloud fluency
D. Strategic partnership

Selected Answer: C

A. Data architecture: This capability is more related to the data perspective within the AWS Cloud Adoption Framework (CAF). It involves designing and implementing effective data architectures.

B. Event management: This capability is related to the operations perspective within the AWS CAF. It involves managing events, incidents, and responses in the cloud environment.

C. Cloud fluency: This capability belongs to the people perspective within the AWS CAF. It emphasizes the importance of having a workforce that is knowledgeable and skilled in cloud technologies.

D. Strategic partnership: While collaboration and partnerships are important across perspectives, this capability is often associated with the business perspective. It involves forming strategic partnerships to support cloud adoption and business goals.

#146. A company wants to make an upfront commitment for continued use of its production Amazon EC2 instances in exchange for a reduced overall cost.
Which pricing options meet these requirements with the LOWEST cost? (Choose two.)

A. Spot Instances
B. On-Demand Instances
C. Reserved Instances
D. Savings Plans
E. Dedicated Hosts

Selected Answer: CD
We can rule out Spot instances since this is a production environment.

C. Reserved Instances: Reserved Instances provide a significant discount (up to 75%) compared to On-Demand pricing in exchange for a one-time upfront payment and/or a lower hourly rate. The more you commit, the greater the discount.

D. Savings Plans: Savings Plans offer flexible pricing and savings on your AWS usage, with discounts of up to 72% compared to On-Demand pricing. With Savings Plans, you commit to a certain amount of usage (measured in dollars per hour) for a one- or three-year term, and receive a lower rate for that usage.

#147. A company wants to migrate its on-premises relational databases to the AWS Cloud. The company wants to use infrastructure as close to its current geographical location as possible.
Which AWS service or resource should the company use to select its Amazon RDS deployment area?

A. Amazon Connect
B. AWS Wavelength
C. AWS Regions
D. AWS Direct Connect

Selected Answer: C

A. Amazon Connect: Amazon Connect is a cloud-based contact center service and is not directly related to selecting the deployment area for Amazon RDS.

B. AWS Wavelength: AWS Wavelength is designed to provide ultra-low-latency connectivity for 5G applications. It is not used for selecting the deployment area for Amazon RDS, but rather for specific use cases requiring low-latency access to AWS services from 5G networks.

C. AWS Regions: AWS Regions are geographical locations where AWS data centers (Availability Zones) are situated. When deploying Amazon RDS, you can choose the AWS Region that is geographically closest to your current location to reduce latency and improve performance.

D. AWS Direct Connect: AWS Direct Connect is a dedicated network connection between an on-premises data center and AWS. While it provides a dedicated connection, it is not used for selecting the deployment area for Amazon RDS.

#148. A company is exploring the use of the AWS Cloud, and needs to create a cost estimate for a project before the infrastructure is provisioned.
Which AWS service or feature can be used to estimate costs before deployment?

A. AWS Free Tier
B. AWS Pricing Calculator
C. AWS Billing and Cost Management
D. AWS Cost and Usage Report

Selected Answer: B

A. AWS Free Tier: The AWS Free Tier provides limited free access to a range of AWS services for 12 months after signing up for an AWS account. It is not specifically designed for creating detailed cost estimates for a project.

B. AWS Pricing Calculator: The AWS Pricing Calculator is a tool that allows users to estimate the cost of using AWS services based on their projected usage. It provides a detailed breakdown of costs for different services and configurations.

C. AWS Billing and Cost Management: AWS Billing and Cost Management provides tools for monitoring, analyzing, and controlling costs. While it helps manage costs, it is not primarily a tool for creating cost estimates before deployment.

D. AWS Cost and Usage Report: The AWS Cost and Usage Report provides comprehensive data about your AWS costs. It is useful for analyzing historical costs but may not be as suitable for creating upfront cost estimates before infrastructure deployment.

#149. A company is building an application that needs to deliver images and videos globally with minimal latency.
Which approach can the company use to accomplish this in a cost effective manner?

A. Deliver the content through Amazon CloudFront.
B. Store the content on Amazon S3 and enable S3 cross-region replication.
C. Implement a VPN across multiple AWS Regions.
D. Deliver the content through AWS PrivateLink.

Selected Answer: A

A. Deliver the content through Amazon CloudFront: Amazon CloudFront is a content delivery network (CDN) service that accelerates the delivery of static and dynamic content, including images and videos, to users globally. It helps minimize latency by caching content at edge locations worldwide.

B. Store the content on Amazon S3 and enable S3 cross-region replication: While Amazon S3 provides durable and scalable storage for objects, enabling cross-region replication in S3 is primarily for data redundancy and disaster recovery, not for minimizing latency globally.

C. Implement a VPN across multiple AWS Regions: Virtual Private Network (VPN) connections are used for secure communication between networks.

D. Deliver the content through AWS PrivateLink: AWS PrivateLink enables private connectivity between VPCs (Virtual Private Clouds) and services.

#150. Which option is a benefit of the economies of scale based on the advantages of cloud computing?

A. The ability to trade variable expense for fixed expense
B. Increased speed and agility
C. Lower variable costs over fixed costs
D. Increased operational costs across data centers

Selected Answer: C

Economies of scale refer to the cost advantages that a business can achieve by increasing its scale of production or operations. In other words, as a company produces more units of a good or service, its average cost of production per unit decreases. This cost reduction occurs because fixed costs are spread over a larger number of units, leading to increased operational efficiency and cost efficiency.

A. The ability to trade variable expense for fixed expense: Cloud computing, in general, provides the advantage of paying for resources on a variable (pay-as-you-go) basis rather than a fixed, upfront expense.

B. Increased speed and agility: While increased speed and agility are benefits of cloud computing, they are not specifically related to the economies of scale.

C. Lower variable costs over fixed costs: This is a key benefit of economies of scale. With cloud computing, as usage increases, the cost per unit of resources tends to decrease due to the efficiency gained from large-scale operations.

D. Increased operational costs across data centers: Increased operational costs across data centers would be contrary to the benefits of economies of scale.

#151. Which of the following is a software development framework that a company can use to define cloud resources as code and provision the resources through AWS CloudFormation?

A. AWS CLI
B. AWS Developer Center
C. AWS Cloud Development Kit (AWS CDK)
D. AWS CodeStar

Selected Answer: C

A. AWS CLI (Command Line Interface): A command-line tool that allows users to interact with AWS services using commands. While it is a useful tool for managing AWS resources, it is not specifically designed for defining cloud resources as code or provisioning resources through AWS CloudFormation.

B. AWS Developer Center: There is no specific service or tool named "AWS Developer Center" in the AWS ecosystem. It might refer to general resources or documentation for developers.

C. AWS Cloud Development Kit (AWS CDK): A software development framework for defining cloud infrastructure as code (IaC) and provisioning resources using familiar programming languages. It allows developers to use programming languages such as Python, TypeScript, or Java to define AWS infrastructure, making it easier to manage and provision resources.

D. AWS CodeStar: A fully managed service for quickly developing, building, and deploying applications on AWS. While it includes features for continuous integration and deployment, it is not primarily focused on defining cloud resources as code using a framework like AWS CloudFormation.

#152. A company is developing an application that uses multiple AWS services. The application needs to use temporary, limited-privilege credentials for authentication with other AWS APIs.
Which AWS service or feature should the company use to meet these authentication requirements?

A. Amazon API Gateway
B. IAM users
C. AWS Security Token Service (AWS STS)
D. IAM instance profiles

Selected Answer: C

A. IAM Users: IAM users are long-term credentials associated with specific users or applications. They are not designed for temporary access and are not suitable for the described use case.

B. AWS Security Token Service (AWS STS): AWS STS is the correct choice for providing temporary, limited-privilege credentials. It enables you to request temporary credentials with a specific set of permissions (via roles), which can be used to authenticate with other AWS services. This is commonly used for scenarios where you need to grant temporary access to resources without exposing long-term credentials.

C. Amazon API Gateway: While API Gateway is used for creating, publishing, maintaining, monitoring, and securing APIs, it doesn't directly provide temporary credentials for authentication.

D. IAM Instance Profiles: IAM instance profiles are used for providing AWS Identity and Access Management (IAM) roles to EC2 instances. While they are related to IAM roles, they are specific to EC2 instances and may not be the most suitable option for non-EC2 services in this scenario. AWS STS is a more generic and flexible solution for temporary credential requirements.

#153. Which AWS service is a cloud security posture management (CSPM) service that aggregates alerts from various AWS services and partner products in a standardized format?

A. AWS Security Hub
B. AWS Trusted Advisor
C. Amazon EventBridge
D. Amazon GuardDuty

Selected Answer: A

A. AWS Security Hub: A cloud security posture management (CSPM) service that aggregates and prioritizes security findings from various AWS services and integrated partner products. It provides a centralized view of security alerts and compliance status, helping users to identify and remediate security issues.

B. AWS Trusted Advisor: Provides recommendations for optimizing AWS resources for cost savings, performance, security, and fault tolerance. While it offers security-related checks, it is not specifically a CSPM service.

C. Amazon EventBridge: An event bus service that enables event-driven architectures. It is not focused on CSPM or security alert aggregation.

D. Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts. It generates findings related to security threats, but is not a CSPM service for aggregating alerts in a standardized format.

#154. Which AWS service is always provided at no charge?

A. Amazon S3
B. AWS Identity and Access Management (IAM)
C. Elastic Load Balancers
D. AWS WAF

Selected Answer: B

A. Amazon S3: Amazon S3 (Simple Storage Service) is a storage service with associated costs based on usage.

B. AWS Identity and Access Management (IAM): IAM is always provided at no charge by AWS. IAM enables you to securely control access to AWS services and resources, allowing you to create and manage users, groups, and roles. While other AWS services may have associated costs, IAM itself is a free service.

C. Elastic Load Balancers: Elastic Load Balancers (ELB) are load balancing services that have associated costs based on usage.

D. AWS WAF: AWS WAF (Web Application Firewall) is a web application firewall service with associated costs based on usage.

#155. To reduce costs, a company is planning to migrate a NoSQL database to AWS.
Which AWS service is fully managed and can automatically scale throughput capacity to meet database workload demands?

A. Amazon Redshift
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon RDS

Selected Answer: C

A. Amazon Redshift: Amazon Redshift is a fully managed data warehouse service, but it is not a NoSQL database, and its scaling behavior is optimized for analytical queries rather than transactional workloads.

B. Amazon Aurora: Amazon Aurora is a fully managed relational database service. While it offers automatic scaling, it may not be the optimal choice for a NoSQL database.

C. Amazon DynamoDB: DynamoDB is a fully managed NoSQL database service provided by AWS. It is designed to provide low-latency, high-throughput performance for applications. DynamoDB can automatically scale throughput capacity based on the application's demand, making it a suitable choice for workloads with varying traffic patterns.

D. Amazon RDS: Amazon RDS (Relational Database Service) is a managed relational database service that supports various database engines. It may not be the best fit for a NoSQL database with automatic scaling requirements.

#156. A company is using Amazon DynamoDB.
Which task is the company’s responsibility, according to the AWS shared responsibility model?

A. Patch the operating system.
B. Provision hosts.
C. Manage database access permissions.
D. Secure the operating system.

Selected Answer: C

A. Patch the operating system: This is generally the responsibility of AWS for managed services like DynamoDB. Customers do not have direct access to the operating system in fully managed services.

B. Provision hosts: This is typically the responsibility of AWS for fully managed services like DynamoDB. Customers don't need to provision or manage individual hosts; they interact with the service at a higher level.

C. Manage database access permissions: This is the customer's responsibility. Customers are responsible for defining and managing access permissions to their DynamoDB tables, specifying who can perform various operations on the tables.

D. Secure the operating system: This is generally the responsibility of AWS for fully managed services like DynamoDB. Customers don't have direct access to the underlying operating system, and AWS handles the security of the infrastructure.

#157. A company has a test AWS environment. A company is planning on testing an application within AWS. The application testing can be interrupted and does not need to run continuously.
Which Amazon EC2 purchasing option will meet these requirements MOST cost-effectively?

A. On-Demand Instances
B. Dedicated Instances
C. Spot Instances
D. Reserved Instances

Selected Answer: C

A. On-Demand Instances: On-Demand Instances are suitable for workloads that need flexibility and are short-term or unpredictable. However, they are priced higher than other options.

B. Dedicated Instances: Dedicated Instances run on hardware dedicated to a single customer account but are priced higher than On-Demand Instances. They may not be the most cost-effective for interruptible workloads.

C. Spot Instances: Spot Instances allow you to bid for unused EC2 capacity at potentially lower costs. They are suitable for interruptible workloads where you can tolerate potential interruptions. However, they can be terminated with short notice if the capacity is needed by On-Demand or Reserved Instances.

D. Reserved Instances: Reserved Instances provide a capacity reservation and offer cost savings over On-Demand pricing for a commitment of 1 or 3 years. They are more suitable for steady-state workloads with predictable usage.

#158. Which AWS service gives users the ability to discover and protect sensitive data that is stored in Amazon S3 buckets?

A. Amazon Macie
B. Amazon Detective
C. Amazon GuardDuty
D. AWS IAM Access Analyzer

Selected Answer: A

A. Amazon Macie: A security service that uses machine learning to automatically discover, classify, and protect sensitive data, such as personally identifiable information (PII), in Amazon S3.

B. Amazon Detective: A security service that helps users investigate and identify the root cause of potential security issues or suspicious activities.

C. Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts and workloads.

D. AWS IAM Access Analyzer: Helps users identify resources that can be accessed by external principals (such as IAM roles or resource-based policies) and provides findings to help ensure resources are shared securely.

#159. Which of the following services can be used to block network traffic to an instance? (Choose two.)

A. Security groups
B. Amazon Virtual Private Cloud (Amazon VPC) flow logs
C. Network ACLs
D. Amazon CloudWatch
E. AWS CloudTrail

Selected Answer: AC

A. Security groups: Act as a virtual firewall for instances, controlling inbound and outbound traffic. They are associated with instances and operate at the instance level. You can configure security group rules to allow or deny traffic based on IP addresses, port ranges, and protocols.

B. Amazon Virtual Private Cloud (Amazon VPC) flow logs: Capture information about the IP traffic going to and from network interfaces in a VPC. While they provide visibility into network traffic, they don't block or control traffic.

C. Network ACLs: Are an additional layer of security for your VPC. They operate at the subnet level and are stateless, meaning they evaluate rules for inbound and outbound traffic separately. Network ACLs can be used to allow or deny traffic based on IP addresses, port ranges, and protocols.

D. Amazon CloudWatch: A monitoring service that collects and tracks metrics, logs, and events from various AWS resources. It is not used for blocking network traffic to an instance.

E. AWS CloudTrail: Provides a record of actions taken by users, roles, or services within an AWS account. It does not block network traffic but helps in auditing and tracking API calls.

#160. Which AWS service can identify when an Amazon EC2 instance was terminated?

A. AWS Identity and Access Management (IAM)
B. AWS CloudTrail
C. AWS Compute Optimizer
D. Amazon EventBridge

Selected Answer: B

A. AWS Identity and Access Management (IAM): Is used for managing access to AWS services and resources. It does not provide detailed logs of instance termination events.

B. AWS CloudTrail: A service that records API calls and related events for your AWS account. It provides visibility into user activity, resource changes, and important events. CloudTrail logs can be used to identify when an Amazon EC2 instance was terminated, along with other activities and events within your AWS environment.

C. AWS Compute Optimizer: Analyzes the configuration and utilization of EC2 instances to make recommendations for optimal performance. It does not log specific events like instance termination.

D. Amazon EventBridge: A serverless event bus service that makes it easy to connect different applications using events. While it can be used for event-driven architectures, it doesn't focus on logging and tracking instance termination events.

■ 마무리

'Certified Cloud Practitioner CLF-C02'에 대해서 정리해 봤습니다.

그럼 오늘 하루도 즐거운 나날 되길 기도하겠습니다

좋아요와 댓글 부탁드립니다 :)

감사합니다.

저작자표시 비영리 동일조건

'AWS > Certified Cloud Practitioner (CLF)' 카테고리의 다른 글

[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (9) (2)	2024.08.25
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (7) (0)	2024.08.18
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (6) (0)	2024.08.17
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (5) (0)	2024.08.17
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (4) (0)	2024.08.16