CLF C02 Questions and Answerss
1. A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.Which activities
related to a Snowball Edge device are available to the company at no cost?
A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days: C
Data transfer IN to Amazon S3 is $0.00 per GB (except for small files as explained below). Data transfer OUT of Amazo
S3 is priced by region.
2. A company has deployed applications on Amazon EC2 instances. The com- pany needs to assess application
vulnerabilities and must identify infrastruc- ture deployments that do not meet best practices.Which AWS service
can the company use to meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty: answer B: Amazon Inspector is an automated vulnerability management service that helps
improve the security and compliance of applications deployed on AWS. Amazon
Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
3. S3 min and max file size: min: 0 byte max: 5 terabytes
4. What AWS service or feature acts as a firewall for Amazon EC2?
A. Network ACLs
B. Amazon Virtual Private Cloud
C. Elastic Network Interface (ENI)
D. AWS WAF
E. Security Group: E. Security Group
5. What AWS service can help protect apps running on AWS from DDos attacks?
A. AWS WAF
B. Amazon Shield
, CLF C02 Questions and Answerss
C. Amazon Inspector
D. Amazon GuardDuty
E. Security Groups: B. Amazon Shield
6. A company wants to find out if a security group configuration was changed,
,and by who. What two AWS services could be used to determine this?
A. AWS Inspector
B. AWS Config
C. Amazon CloudWatch
D. AWS Iam
E. AWS Cloudtrail: B. AWS Config
E. Cloudtrail
7. Which AWS service uses machine learning to help discover sensitive data that is stored in Amazon S3 bucket?
A. AWS Shield
B. AWS Network Firewall
C. Amazon Macie
D. AWS Iam
E. Amazon GuardDuty: C. Amazon Macie
8. A company runs on premises. It wants to forecast the cost of running a large app on AWS. Which AWS service
or tool can help obtain this info?
A. Cost Explorer
B. AWS Pricing Calculator
C. Amazon Macie
D. AWS Application Migration Service
E. AWS Trusted Advisor: B. AWS Pricing Calculator
9. Which AWS feature can help enable network traffic filtering at the subnet level?
A. Internet Gateway
B. Security Groups
C. Amazon Inspector
D. AWS WAF
E. Network Access Control List: E. NACL
, CLF C02 Questions and Answerss
10. Which tool allows users to access and download compliance reports about the AWS infrastructure
A. AWS Artifact
B. Amazon Security Hub
, CLF C02 Questions and Answerss
C. AWS Systems Manager
D. AWS Config
E. AWS IAM Access Analyzer: A. AWS Artifact
11.A customer trying to determine responsibility for patching the host oper- ating system of an EC2 instance.
who? based on shared responsibility model
A. AWS
B. The operating system software vendor (Redhat, etc)
C. customer
D. both customer and aws
E. EC2 instances are a managed service and patching is not neccessary: C. Customer
12.Which of the aws global infrastructure benefits is related to an architecture ability to withstand failures with
minimal downtime?
A. security
B. Availability
C. Performance
D. Scalability
E. Flexibility: B
13.which service help monitor aws accounts for potential security threats
A. AWS Inspector
B. AWS Secrets Manager
C. Amazon Cognito
D. AWS Guard Duty
E. AWS Shield: D. AWS Guard Duty
14.which service can be used to send both text and email messages between distributed system: Amazon SNS
15.a customer requires a non relational database on aws. they have small and do not want to maintain database
instances or the database software aspect
A. Amazon Aurora
B. Self managed open source database on ec2
C. Amazon Dynamo DB
D. Amazon RDS
1. A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.Which activities
related to a Snowball Edge device are available to the company at no cost?
A. Use of the Snowball Edge appliance for a 10-day period
B. The transfer of data out of Amazon S3 and to the Snowball Edge appliance
C. The transfer of data from the Snowball Edge appliance into Amazon S3
D. Daily use of the Snowball Edge appliance after 10 days: C
Data transfer IN to Amazon S3 is $0.00 per GB (except for small files as explained below). Data transfer OUT of Amazo
S3 is priced by region.
2. A company has deployed applications on Amazon EC2 instances. The com- pany needs to assess application
vulnerabilities and must identify infrastruc- ture deployments that do not meet best practices.Which AWS service
can the company use to meet these requirements?
A. AWS Trusted Advisor
B. Amazon Inspector
C. AWS Config
D. Amazon GuardDuty: answer B: Amazon Inspector is an automated vulnerability management service that helps
improve the security and compliance of applications deployed on AWS. Amazon
Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After
performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
3. S3 min and max file size: min: 0 byte max: 5 terabytes
4. What AWS service or feature acts as a firewall for Amazon EC2?
A. Network ACLs
B. Amazon Virtual Private Cloud
C. Elastic Network Interface (ENI)
D. AWS WAF
E. Security Group: E. Security Group
5. What AWS service can help protect apps running on AWS from DDos attacks?
A. AWS WAF
B. Amazon Shield
, CLF C02 Questions and Answerss
C. Amazon Inspector
D. Amazon GuardDuty
E. Security Groups: B. Amazon Shield
6. A company wants to find out if a security group configuration was changed,
,and by who. What two AWS services could be used to determine this?
A. AWS Inspector
B. AWS Config
C. Amazon CloudWatch
D. AWS Iam
E. AWS Cloudtrail: B. AWS Config
E. Cloudtrail
7. Which AWS service uses machine learning to help discover sensitive data that is stored in Amazon S3 bucket?
A. AWS Shield
B. AWS Network Firewall
C. Amazon Macie
D. AWS Iam
E. Amazon GuardDuty: C. Amazon Macie
8. A company runs on premises. It wants to forecast the cost of running a large app on AWS. Which AWS service
or tool can help obtain this info?
A. Cost Explorer
B. AWS Pricing Calculator
C. Amazon Macie
D. AWS Application Migration Service
E. AWS Trusted Advisor: B. AWS Pricing Calculator
9. Which AWS feature can help enable network traffic filtering at the subnet level?
A. Internet Gateway
B. Security Groups
C. Amazon Inspector
D. AWS WAF
E. Network Access Control List: E. NACL
, CLF C02 Questions and Answerss
10. Which tool allows users to access and download compliance reports about the AWS infrastructure
A. AWS Artifact
B. Amazon Security Hub
, CLF C02 Questions and Answerss
C. AWS Systems Manager
D. AWS Config
E. AWS IAM Access Analyzer: A. AWS Artifact
11.A customer trying to determine responsibility for patching the host oper- ating system of an EC2 instance.
who? based on shared responsibility model
A. AWS
B. The operating system software vendor (Redhat, etc)
C. customer
D. both customer and aws
E. EC2 instances are a managed service and patching is not neccessary: C. Customer
12.Which of the aws global infrastructure benefits is related to an architecture ability to withstand failures with
minimal downtime?
A. security
B. Availability
C. Performance
D. Scalability
E. Flexibility: B
13.which service help monitor aws accounts for potential security threats
A. AWS Inspector
B. AWS Secrets Manager
C. Amazon Cognito
D. AWS Guard Duty
E. AWS Shield: D. AWS Guard Duty
14.which service can be used to send both text and email messages between distributed system: Amazon SNS
15.a customer requires a non relational database on aws. they have small and do not want to maintain database
instances or the database software aspect
A. Amazon Aurora
B. Self managed open source database on ec2
C. Amazon Dynamo DB
D. Amazon RDS
