Home/ Practice/ CLF-C02 Questions/ Page 1

AWS CLF-C02 Free Practice Questions — Page 1

Cloud Practitioner • 5 questions • Answers & explanations included

Question 1

A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud. Which activities related to a Snowball Edge device are available to the company at no cost?

A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days
Show Answer & Explanation

Correct Answer: C. The transfer of data from the Snowball Edge appliance into Amazon S3

AWS encourages data migration into its ecosystem by offering free data transfer-in for the Snowball Edge service. While there are service fees for the device itself and shipping costs, the actual movement of data from the physical appliance into your Amazon S3 buckets does not incur a per-gigabyte data transfer charge. In contrast, Option B is incorrect because transferring data out of Amazon S3 to a Snowball device is considered data egress and is subject to per-gigabyte pricing.

Question 2

A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices. Which AWS service can the company use to meet these requirements?

A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty
Show Answer & Explanation

Correct Answer: B. Amazon Inspector

Amazon Inspector is specifically designed to assess the security of applications deployed on Amazon EC2 instances. It identifies vulnerabilities and deviations from best practices, providing detailed findings that help improve the security posture of your applications. This makes it the most suitable service for the company's need to assess application vulnerabilities and identify infrastructure deployments that do not meet best practices.

Question 3

A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally. What is the MOST operationally efficient AWS solution for this scenario?

A. Create an Amazon S3 bucket for each user. Mount each bucket by using an S3 file system mounting utility.
B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.
C. Move each user’s working environment to Amazon WorkSpaces. Set up an Amazon WorkDocs account for each user.
D. Deploy an Amazon EC2 instance and attach an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume. Share the EBS volume directly with the users.
Show Answer & Explanation

Correct Answer: B. Configure and deploy an AWS Storage Gateway file gateway. Connect each user’s workstation to the file gateway.

To extend file storage capabilities while retaining local performance benefits, deploying an AWS Storage Gateway file gateway is the most operationally efficient solution. This enables seamless extension of on-premises file storage into the AWS Cloud, providing low-latency access to data stored in Amazon S3, and maintaining the performance benefit of local access. It also centralizes storage management and simplifies administration, eliminating the need for individual S3 buckets for each user.

Question 4

According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?

A. Hard code an IAM user’s secret key and access key directly in the application, and upload the file.
B. Store the IAM user’s secret key and access key in a text file on the EC2 instance, read the keys, then upload the file.
C. Have the EC2 instance assume a role to obtain the privileges to upload the file.
D. Modify the S3 bucket policy so that any service can upload to it at any time.
Show Answer & Explanation

Correct Answer: C. Have the EC2 instance assume a role to obtain the privileges to upload the file.

According to security best practices, the most secure way to give an Amazon EC2 instance access to an Amazon S3 bucket is by having the EC2 instance assume a role to obtain the necessary privileges. This method employs AWS Identity and Access Management (IAM) roles to grant temporary permissions to the instance. This approach is preferred because it eliminates the need to hard code or store access keys directly on the instance or in application code, thereby reducing the risk of credential exposure and adhering to the principle of least privilege. By assuming a role, the EC2 instance is granted only the permissions it needs for a limited duration, enhancing overall security.

Question 5

Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?

A. Physical security of DynamoDB
B. Patching of DynamoDB
C. Access to DynamoDB tables
D. Encryption of data at rest in DynamoDB
Show Answer & Explanation

Correct Answer: C. Access to DynamoDB tables

Under the AWS Shared Responsibility Model, AWS is responsible for the physical security, patching, and encryption of data at rest in DynamoDB. The customer is responsible for managing access to their DynamoDB tables, which includes defining permissions, roles, and policies to control who can access the tables and what actions they can perform. This involves setting up appropriate IAM policies and roles to restrict access to authorized users and applications.

Ready for the Full CLF-C02 Experience?

Access all 144 pages of practice questions, track your progress, and simulate the real exam with timed mode.

Start Interactive Quiz →