[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (9)

A. Amazon S3: Amazon S3 (Simple Storage Service) is an object storage service and is not a database.

B. Amazon DynamoDB: A fully managed NoSQL database service, but it is not MySQL-compatible.

C. Amazon Redshift: A fully managed data warehouse service, not a MySQL-compatible database.

D. Amazon Aurora: A fully managed relational database engine compatible with MySQL and PostgreSQL. It offers the performance and availability of commercial databases with the simplicity and cost-effectiveness of open-source databases.

#162. Which AWS service supports a hybrid architecture that gives users the ability to extend AWS infrastructure, AWS services, APIs, and tools to data centers, co-location environments, or on-premises facilities?

A. AWS Snowmobile
B. AWS Local Zones
C. AWS Outposts
D. AWS Fargate

Selected Answer: C

A. AWS Snowmobile: AWS Snowmobile is a service designed for large-scale data transfers, not for extending AWS infrastructure to on-premises facilities.

B. AWS Local Zones: AWS Local Zones are a type of AWS infrastructure deployment that places compute, storage, database, and other services closer to a specific geographic area, but they are not specifically designed for hybrid architectures.

C. AWS Outposts: AWS Outposts is designed to bring native AWS services, infrastructure, and operating models to virtually any data center, co-location space, or on-premises facility.

D. AWS Fargate: AWS Fargate is a serverless compute engine for containers and is not focused on hybrid architectures.

#163. Which AWS service can run a managed PostgreSQL database that provides online transaction processing (OLTP)?

A. Amazon DynamoDB
B. Amazon Athena
C. Amazon RDS
D. Amazon EMR

Selected Answer: C

A. Amazon DynamoDB: Amazon DynamoDB is a fully managed NoSQL database service and is not specifically designed for PostgreSQL databases.

B. Amazon Athena: Amazon Athena is an interactive query service that allows you to analyze data in Amazon S3 using standard SQL. It is not designed for managing PostgreSQL databases.

C. Amazon RDS: Amazon RDS (Relational Database Service) provides managed database services, including PostgreSQL. It is suitable for online transaction processing (OLTP) workloads.

D. Amazon EMR: Amazon EMR (Elastic MapReduce) is a cloud-based big data platform that uses Apache Hadoop and other open-source frameworks. It is not designed for managing PostgreSQL databases.

#164. A company wants to provide managed Windows virtual desktops and applications to its remote employees over secure network connections. Which AWS services can the company use to meet these requirements? (Choose two.)

A. Amazon Connect
B. Amazon AppStream 2.0
C. Amazon WorkSpaces
D. AWS Site-to-Site VPN
E. Amazon Elastic Container Service (Amazon ECS)

Selected Answer: BC

A. Amazon Connect: A cloud-based contact center service and is not designed for providing managed Windows virtual desktops.

B. Amazon AppStream 2.0: A fully managed application streaming service that allows you to securely deliver desktop applications to users. It is suitable for providing managed Windows virtual desktops and applications.

C. Amazon WorkSpaces: A fully managed desktop computing service that provides virtual Windows desktops to users. It allows remote employees to access Windows desktops and applications securely.

D. AWS Site-to-Site VPN: A networking service for securely connecting on-premises networks to AWS, and it is not directly related to providing managed Windows virtual desktops.

E. Amazon Elastic Container Service (Amazon ECS): A container orchestration service and is not designed for providing managed Windows virtual desktops.

#165. A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports. Which AWS service will meet this requirement?

A. AWS Trusted Advisor
B. Amazon CloudWatch
C. Amazon GuardDuty
D. AWS Health Dashboard

Selected Answer : C

A. AWS Trusted Advisor: A service that provides best practices and recommendations for your AWS environment. It includes security checks, such as identifying security groups with unrestricted access.

B. Amazon CloudWatch: A monitoring service, and while it can provide insights into resource utilization and logs, it doesn't specifically focus on identifying misconfigured security groups.

C. Amazon GuardDuty: A threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts. GuardDuty doesn't specifically perform configuration checks for security groups with unrestricted access.

D. AWS Health Dashboard: Provides information about the status of AWS services. It doesn't typically perform detailed security configuration checks.

#166. Which AWS service is a key-value database that provides sub-millisecond latency on a large scale?

A. Amazon DynamoDB
B. Amazon Aurora
C. Amazon DocumentDB (with MongoDB compatibility)
D. Amazon Neptune

Selected Answer: A

A. Amazon DynamoDB: A key-value and document database that provides single-digit millisecond latency at any scale. It is a fully managed NoSQL database service designed for applications that require consistent, single-digit millisecond latency, regardless of the volume of requests.

B. Amazon Aurora: A MySQL and PostgreSQL-compatible relational database engine that offers high performance and availability. While it provides low-latency reads, it is not specifically designed as a key-value database.

C. Amazon DocumentDB (with MongoDB compatibility): A fully managed document database service that is compatible with MongoDB. It is designed for applications that work with JSON-like documents, and it provides the scalability and availability of a NoSQL database.

D. Amazon Neptune: A fully managed graph database service that supports graph models. It is designed for applications with highly connected data, and it is not specifically focused on providing sub-millisecond latency for key-value access.

#167. A company is deploying a machine learning (ML) research project that will require a lot of compute power over several months. The ML processing jobs do not need to run at specific times.
Which Amazon EC2 instance purchasing option will meet these requirements at the lowest cost?

A. On-Demand Instances
B. Spot Instances
C. Reserved Instances
D. Dedicated Instances

Selected Answer: B

A. On-Demand Instances: On-Demand Instances provide the highest level of flexibility and do not require any upfront commitment. On-Demand Instances are suitable for workloads with variable usage patterns, but they are generally more expensive than other purchasing options.

B. Spot Instances: Spot Instances are the most cost-effective option for scenarios where the workload is flexible and can be interrupted. Spot Instances allow you to use spare EC2 capacity at a significantly lower cost than On-Demand Instances. Spot Instances are suitable for workloads like batch processing, data analysis, and machine learning jobs that do not require continuous, uninterrupted operation.

C. Reserved Instances: Reserved Instances involve a commitment to a specific instance type in a particular region for a term of 1 or 3 years. In exchange for this commitment, users receive a significant discount compared to On-Demand Instances.

D. Dedicated Instances: Dedicated Instances are instances that run on hardware dedicated to a single customer. They are typically used in scenarios where compliance or regulatory requirements mandate dedicated hardware.

#168. Which AWS services or features provide disaster recovery solutions for Amazon EC2 instances? (Choose two.)

A. EC2 Reserved Instances
B. EC2 Amazon Machine Images (AMIs)
C. Amazon Elastic Block Store (Amazon EBS) snapshots
D. AWS Shield
E. Amazon GuardDuty

Selected Answer: BC

B. EC2 Amazon Machine Images (AMIs): Creating AMIs is a common practice for disaster recovery. AMIs allow you to capture the configuration, data, and permissions of your EC2 instances. In the event of a failure, you can launch new instances from the saved AMIs to quickly recover.

C. Amazon Elastic Block Store (Amazon EBS) snapshots: Enable you to create point-in-time copies of your EBS volumes. Snapshots are often used as part of a disaster recovery strategy, allowing you to restore volumes or create new volumes in case of data loss or instance failure.

EC2 Reserved Instances (Option A) are a billing discount model for reserved capacity, and they are not inherently designed for disaster recovery.

AWS Shield (Option D) is a managed Distributed Denial of Service (DDoS) protection service, and Amazon GuardDuty (Option E) is a threat detection service. While they contribute to overall security, they are not specific disaster recovery solutions for EC2 instances

#169. Which AWS service provides command line access to AWS tools and resources directly from a web browser?

A. AWS CloudHSM
B. AWS CloudShell
C. Amazon WorkSpaces
D. AWS Cloud Map

Selected Answer: B

B. AWS CloudShell: A browser-based shell provided by AWS that enables command-line access to AWS resources directly from the AWS Management Console. Users can use AWS CloudShell to run AWS CLI commands and use various AWS tools without installing any additional software. It provides a convenient and secure way to interact with AWS resources in the cloud.

The other options (A, C, D) are not correct in the context of providing command line access to AWS tools and resources directly from a web browser:

A. AWS CloudHSM: AWS CloudHSM (Hardware Security Module) is a service that provides hardware-based key storage for sensitive data and cryptographic operations. It is not designed for providing command line access to AWS tools and resources from a web browser.

C. Amazon WorkSpaces: Amazon WorkSpaces is a managed desktop computing service, providing virtual desktops in the cloud. It is not specifically designed for providing command line access.

D. AWS Cloud Map: AWS Cloud Map is a service for dynamic, highly available DNS-based service discovery. It is not designed for providing command line access to AWS tools and resources from a web browser.

#170. A network engineer needs to build a hybrid cloud architecture connecting on-premises networks to the AWS Cloud using AWS Direct Connect. The company has a few VPCs in a single AWS Region and expects to increase the number of VPCs to hundreds over time. Which AWS service or feature should the engineer use to simplify and scale this connectivity as the VPCs increase in number?

A. VPC endpoints
B. AWS Transit Gateway
C. Amazon Route 53
D. AWS Secrets Manager

Selected Answer: B

A. VPC endpoints: Enable private connectivity between your VPC and supported AWS services. While useful for accessing AWS services without going over the internet, it doesn't directly address the need for connecting multiple VPCs and on-premises networks.

B. AWS Transit Gateway: A service that enables customers to connect multiple Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub. It simplifies the connectivity and routing between VPCs, making it easier to scale as the number of VPCs increases. With AWS Transit Gateway, network engineers can manage the connectivity centrally, making it a suitable solution for scenarios where multiple VPCs need to connect to on-premises networks.

C. Amazon Route 53: A scalable domain name system (DNS) web service.

D. AWS Secrets Manager: A service for managing sensitive information such as API keys, passwords, and database credentials.

#171. A company wants to assess its operational readiness. It also wants to identify and mitigate any operational risks ahead of a new product launch.
Which AWS Support plan offers guidance and support for this kind of event at no additional charge?

A. AWS Business Support
B. AWS Basic Support
C. AWS Developer Support
D. AWS Enterprise Support

Selected Answer: D

A. AWS Business Support: This plan provides a higher level of support than AWS Basic Support and includes 24/7 access to Cloud Support Engineers. It is suitable for businesses running production workloads.

B. AWS Basic Support: This is the free plan that provides access to documentation, forums, and basic support features. It is ideal for customers who are getting started with AWS.

C. AWS Developer Support: This plan is designed for developers running non-production workloads. It includes business hours access to Cloud Support Engineers and is suitable for development and testing environments.

D. AWS Enterprise Support: This is the premium support plan providing a wide range of benefits, including 24/7 access to Cloud Support Engineers, a Technical Account Manager (TAM), and more. It is suitable for enterprises running business-critical workloads

For assessing operational readiness, identifying, and mitigating operational risks ahead of a new product launch, AWS Enterprise Support offers guidance and support at no additional charge.

#172. A company wants to establish a schedule for rotating database user credentials.
Which AWS service will support this requirement with the LEAST amount of operational overhead?

A. AWS Systems Manager
B. AWS Secrets Manager
C. AWS License Manager
D. AWS Managed Services

Selected Answer: B

A. AWS Systems Manager: It is a management service that allows you to automate operational tasks across your AWS resources. While it provides a wide range of automation capabilities, it is not specialized for the specific task of rotating database credentials.

B. AWS Secrets Manager: This service is specifically designed for managing sensitive information like API keys, passwords, and database credentials. It includes automatic rotation of secrets to enhance security and reduce operational overhead.

C. AWS License Manager: This service focuses on helping you manage your software licenses and ensure compliance. It does not offer specific features for rotating database credentials.

D. AWS Managed Services: This service is designed to provide ongoing management of your AWS infrastructure. While it covers various operational aspects, it doesn't have specific features for credential rotation.

#173. Which AWS service or feature can be used to create a private connection between an on-premises workload and an AWS Cloud workload?

A. Amazon Route 53
B. Amazon Macie
C. AWS Direct Connect
D. AWS PrivateLink

Selected Answer: C

Amazon Route 53: This is a scalable domain name system (DNS) web service and is not directly related to creating private connections between on-premises and AWS Cloud workloads.

Amazon Macie: This is a security service that uses machine learning to automatically discover, classify, and protect sensitive data. It is not designed for creating private connections.

AWS Direct Connect: Establishes dedicated network connections from your on-premises data centers to AWS. It can enhance network performance, reduce latency, and provide a more reliable connection compared to public internet connections. AWS Direct Connect is specifically designed for creating private and dedicated connections between on-premises infrastructure and AWS resources.

AWS PrivateLink: Designed for secure and scalable access to AWS services directly from your VPC without traversing the public internet. It's particularly useful when you want to access AWS services from your VPC without using public IP addresses and want to keep the traffic within the AWS network.

For creating a private connection between on-premises and AWS, AWS Direct Connect is the most suitable option.

#174. Which AWS service is used to provide encryption for Amazon EBS?

A. AWS Certificate Manager
B. AWS Systems Manager
C. AWS KMS
D. AWS Config

Selected Answer: C

A. AWS Certificate Manager (ACM): Primarily used for managing SSL/TLS certificates used in conjunction with AWS services like Elastic Load Balancer (ELB) or Amazon CloudFront to enable secure communication over HTTPS. It is not directly related to encrypting Amazon EBS volumes.

B. AWS Systems Manager: Allows you to automate operational tasks across your AWS resources. While it provides features for managing system configurations, patching, and automation, it is not specifically designed for encrypting Amazon EBS volumes.

C. AWS Key Management Service (AWS KMS): A fully managed service that makes it easy for you to create, control, and manage encryption keys used to encrypt your data. It integrates seamlessly with other AWS services, including Amazon EBS, for encryption purposes.

D. AWS Config: Enables you to assess, audit, and evaluate the configurations of your AWS resources. It does not directly provide encryption for Amazon EBS volumes.

#175. A company wants to manage its AWS Cloud resources through a web interface.
Which AWS service will meet this requirement?

A. AWS Management Console
B. AWS CLI
C. AWS SDK
D. AWS Cloud9

Selected Answer: A

A. AWS Management Console: A web-based interface that allows users to access and manage their AWS resources using a graphical user interface (GUI). This console provides an easy-to-use platform for various AWS services.

B. AWS CLI (Command Line Interface): Command-line tool that allows users to interact with AWS services using commands in the terminal or command prompt. It is not a web interface but a command-line tool.

C. AWS SDK (Software Development Kit): Libraries and tools provided by AWS to help developers interact with AWS services programmatically. They are used for developing applications and are not a web interface.

D. AWS Cloud9: An integrated development environment (IDE) that allows users to write, run, and debug code directly in the browser. While it provides an interface, it is specifically designed for development tasks rather than general resource management.

#176. Which of the following are advantages of the AWS Cloud? (Choose two.)

A. Trade variable expenses for capital expenses
B. High economies of scale
C. Launch globally in minutes
D. Focus on managing hardware infrastructure
E. Overprovision to ensure capacity

Selected Answer: BC

B. High economies of scale: AWS Cloud leverages high economies of scale, allowing customers to benefit from cost savings due to the massive scale of AWS infrastructure. This enables cost-effective solutions for businesses.

C. Launch globally in minutes: One of the advantages of the AWS Cloud is the ability to deploy applications and resources globally in a matter of minutes. This quick global deployment facilitates flexibility and responsiveness to changing business needs.

Option A is not accurate. The AWS Cloud allows organizations to shift from capital expenses (CapEx) to variable expenses (OpEx), not the other way around.

Option D is not accurate. With AWS Cloud, customers can focus on building and innovating applications rather than managing the hardware infrastructure.

Option E is not accurate. Overprovisioning is not considered an advantage in the AWS Cloud. Instead, AWS provides scalability, allowing users to scale resources up or down based on demand, avoiding the need for unnecessary overprovisioning.

#177. Which AWS Cloud benefit is shown by an architecture’s ability to withstand failures with minimal downtime?

A. Agility
B. Elasticity
C. Scalability
D. High availability

Selected Answer: D

D. High availability: An architecture's ability to withstand failures with minimal downtime is a key aspect of high availability in the AWS Cloud. High availability ensures that applications remain operational and accessible even in the face of component failures or disruptions.

Options A, B, and C also represent important cloud benefits but are not specifically tied to an architecture's ability to withstand failures:

Agility (Option A): This refers to the ability to quickly and easily adapt to changes, innovate, and respond to evolving business needs.

Elasticity (Option B): Elasticity is the ability to dynamically scale resources up or down based on demand. It helps optimize costs and ensures that the application can handle varying workloads.

Scalability (Option C): Scalability involves the ability to increase or decrease the size of resources to accommodate changes in demand. It is related to both elasticity and the ability to handle growth.

#178. A developer needs to maintain a development environment infrastructure and a production environment infrastructure in a repeatable fashion.
Which AWS service should the developer use to meet these requirements?

A. AWS Ground Station
B. AWS Shield
C. AWS IoT Device Defender
D. AWS CloudFormation

Selected Answer: D

A. AWS Ground Station: AWS Ground Station is a service for satellite data processing.

B. AWS Shield: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service. It is focused on protecting applications from DDoS attacks.

C. AWS IoT Device Defender: AWS IoT Device Defender is a service that helps you secure your IoT devices.

D. AWS CloudFormation: A service that allows you to define and provision AWS infrastructure as code in a safe, predictable, and repeatable manner. It enables the developer to create and manage a collection of AWS resources by describing the infrastructure in a template. This helps in maintaining both development and production environments consistently.

#179. Which task is the customer’s responsibility, according to the AWS shared responsibility model?

A. Maintain the security of the AWS Cloud.
B. Configure firewalls and networks.
C. Patch the operating system of Amazon RDS instances.
D. Implement physical and environmental controls.

Selected Answer: B

A. Maintain the security of the AWS Cloud: This is a shared responsibility between AWS and the customer. AWS is responsible for the security of the cloud (such as infrastructure, hardware, software, and facilities), while the customer is responsible for security in the cloud (such as data, identity and access management, applications, etc.).

B. Configure firewalls and networks: This is a customer responsibility. Customers have control over configuring security groups, network access control lists (ACLs), and other network-related configurations to control traffic to and from their resources.

C. Patch the operating system of Amazon RDS instances: This is not the responsibility of the customer for Amazon RDS. AWS manages the patching of the underlying operating system for RDS instances. Customers are responsible for patching the databases and application software, but not the OS.

D. Implement physical and environmental controls: This is an Amazon responsibility. Amazon is responsible for implementing physical security controls to secure their own content, platforms, applications, systems, and networks

#180. Which AWS service helps deliver highly available applications with fast failover for multi-Region and Multi-AZ architectures?

A. AWS WAF
B. AWS Global Accelerator
C. AWS Shield
D. AWS Direct Connect

Selected Answer: B

A. AWS WAF (Web Application Firewall): It is a web application firewall that helps protect web applications from common web exploits.

B. AWS Global Accelerator: A service that uses static IP addresses to route traffic over the AWS global network to optimal AWS endpoints based on health, geography, and routing policies. It provides highly available and performant applications with features like fast failover for multi-Region and Multi-AZ (Availability Zone) architectures.

C. AWS Shield: It is a managed Distributed Denial of Service (DDoS) protection service.

D. AWS Direct Connect: It provides dedicated network connections from on-premises data centers to AWS, enhancing network performance.

■ 마무리

'Certified Cloud Practitioner CLF-C02'에 대해서 정리해 봤습니다.

그럼 오늘 하루도 즐거운 나날 되길 기도하겠습니다

좋아요와 댓글 부탁드립니다 :)

감사합니다.

저작자표시 비영리 동일조건

'AWS > Certified Cloud Practitioner (CLF)' 카테고리의 다른 글

[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (8) (0)	2024.08.24
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (7) (0)	2024.08.18
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (6) (0)	2024.08.17
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (5) (0)	2024.08.17
[AWS] Certified Cloud Practitioner CLF-C02 Dump 문제 정리 (4) (0)	2024.08.16