CLF-C02 Flashcards

Question

Which Amazon EC2 instance type balances compute, memory, and networking resources? A - Memory optimized B - Storage optimized C - General purpose D - Compute optimized

Answer 1

**General purpose**

Answer 2

**Memory optimized**

Answer 3

**Compute optimized**

Answer 4

**Standard Reserved Instances ** require you to specify: * instance family and size * platform description * tenancy * Region Your specified amount of EC2 instances are covered over a 1-year or 3-year term.

Answer 5

**EC2 Instance Savings Plans** EC2 Instance Savings Plans reduce your EC2 instance costs when you make an hourly spend commitment to an instance family and Region for a 1-year or 3-year term.

Answer 6

**Amazon Simple Notification Service (Amazon SNS).** Amazon SNS is a publish/subscribe service. Using Amazon SNS topics, a publisher publishes messages to subscribers.

Answer 7

**Compute optimized**

Answer 8

**1 year & 3 years** Reserved Instances require a commitment of either 1 year or 3 years. The 3-year option offers a larger discount.

Answer 9

**Spot Instance**

Answer 10

**Ensuring that no single Amazon EC2 instance has to carry the full workload on its own.** Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.

Answer 11

**Amazon Elastic Kubernetes Service (Amazon EKS).** Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Answer 12

**A single data center or group of data centers within a Region.**

Answer 13

**A Region consists of three or more Availability Zones.** For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.

Answer 14

**Compliance with data governance and legal requirements & Proximity to your customers** Two other factors to consider when selecting a Region are pricing and the services that are available in a Region.

Answer 15

**A global content delivery service.** Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Answer 16

**Edge location.**

Answer 17

**Extend AWS infrastructure and services to different locations, including your on-premises data center.**

Answer 18

**It is stateless and allows all inbound and outbound traffic.** Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound. Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs. By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.

Answer 19

**Translating a domain name to an IP address.** For example, if you want to visit AnyCompany’s website, you enter the domain name into your PC and this request is sent to a DNS server. Next, the DNS server asks the web server for the IP address that corresponds to AnyCompany’s website. The web server responds by providing the IP address for AnyCompany’s website, 192.0.2.0.

Answer 20

**Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.** A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private. Public subnets contain resources that need to be accessible by the public, such as an online store’s website. Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

Answer 21

**AWS Direct Connect**

Answer 22

**Security groups are stateful and deny all inbound traffic by default.** Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance. By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

Answer 23

**Internet gateway.**

Answer 24

**Amazon Route 53.** Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS. Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.

Answer 25

**Best for data that requires retention & Separate drives from the host computer of an EC2 instance**

Answer 26

**S3 Standard-IA.** The S3 Standard-IA storage class is ideal for data that is infrequently accessed but requires high availability when needed. Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but at a lower storage price.

Answer 27

**Using SQL to organize data & Storing data in an Amazon Aurora database** The other three response options are scenarios in which you should use Amazon DynamoDB.

Answer 28

**Amazon S3 Glacier Flexible Retrieval & Amazon S3 Glacier Deep Archive** Objects stored in the Amazon S3 Glacier Flexible Retrieval storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the Amazon S3 Glacier Deep Archive storage class can be retrieved within 12 hours.

Answer 29

**EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.** An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached. Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.

Answer 30

**Amazon Simple Storage Service (Amazon S3).**

Answer 31

**A serverless key-value database service.** Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.

Answer 32

**Amazon Redshift.** Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

Answer 33

**Patching software on Amazon EC2 instances & Setting permissions for Amazon S3 objects** The other three response options are tasks that are the responsibility of AWS.

Answer 34

**An individual member account & An organizational unit (OU)** In AWS Organizations, you can apply service control policies (SCPs) to the organization root, an individual member account, or an OU. An SCP affects all IAM users, groups, and roles within an account, including the AWS account root user. You can apply IAM policies to IAM users, groups, or roles. You cannot apply an IAM policy to the AWS account root user.

Answer 35

**Access AWS compliance reports on-demand. & Review, accept, and manage agreements with AWS.**

Answer 36

**A document that grants or denies permissions to AWS services and resources.** IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.

Answer 37

**IAM role.** An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.

Answer 38

**Granting only the permissions that are needed to perform specific job tasks.** When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.

Answer 39

**AWS Shield.** As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.

Answer 40

**Create cryptographic keys.** AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Answer 41

**Track user activities and API requests throughout your AWS infrastructure & Filter logs to assist with operational analysis and troubleshooting** The other response options are tasks that you can perform in Amazon CloudWatch.

Answer 42

**Monitor your resources’ utilization and performance & Access metrics from a single dashboard**

Answer 43

**AWS Trusted Advisor.** AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.

Answer 44

**Performance & Fault tolerance** AWS Trusted Advisor continuously inspects your AWS environment and provides best practice recommendations across five categories: cost optimization, performance, security, fault tolerance, and service limits.

Answer 45

**12 months.** The AWS Free Tier consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials. For 12 months after you first sign up for an AWS account, you can take advantage of offers in the 12 Months Free category. Examples of offers in this category include specific amounts of Amazon S3 Standard Storage, thresholds for monthly hours of Amazon EC2 compute time, and amounts of Amazon CloudFront data transfer out.

Answer 46

**Business.** Only the Business, Enterprise On-Ramp, and Enterprise Support plans include all AWS Trusted Advisor checks. Of these three Support plans, the Business Support plan has a lower cost.

Answer 47

**Combine usage across accounts to receive volume pricing discounts.**

Answer 48

**AWS Cost Explorer.** AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

Answer 49

**AWS Budgets.** In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted. Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.

Answer 50

**Enterprise.** A Technical Account Manager (TAM) is available only to AWS customers with the Enterprise On-Ramp and Enterprise Support plans. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Answer 51

**AWS Marketplace.** AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Answer 52

**Platform Perspective.** The Platform Perspective of the AWS Cloud Adoption Framework also includes principles for implementing new solutions and migrating on-premises workloads to the cloud.

Answer 53

**Repurchasing.** Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.

Answer 54

**80 TB.** Snowball Edge Storage Optimized is a device that enables you to transfer large amounts of data into and out of AWS. It provides 80 TB of usable HDD storage.

Answer 55

**Amazon SageMaker.** With Amazon SageMaker, you can quickly and easily begin working on machine learning projects. You do not need to follow the traditional process of manually bringing together separate tools and workflows.

Answer 56

**Security Perspective.** The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas on non-compliance and plan ongoing security initiatives.

Answer 57

**Retaining & Rehosting** The application migration strategies are rehosting, replatforming, refactoring/re-architecting, repurchasing, retaining, and retiring.

Answer 58

**100 PB.** AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi trailer truck.

Answer 59

**Amazon Lex.** In Amazon Lex, you can quickly build, test, and deploy conversational chatbots to use in your applications.

Answer 60

**Reliability.**

Answer 61

**Receiving lower pay-as-you-go prices as the result of AWS customers’ aggregated usage of services.** Because usage from hundreds of thousands of customers is aggregated in the cloud, providers such as AWS can achieve higher economies of scale. The economies of scale translate into lower pay-as-you-go prices.

Answer 62

**Operational Excellence.**

Answer 63

**Increase speed and agility. & Stop spending money running and maintaining data centers.** The six advantages of cloud computing are: * Trade upfront expense for variable expense. * Benefit from massive economies of scale. * Stop guessing capacity. * Increase speed and agility. * Stop spending money running and maintaining data centers. * Go global in minutes.

Answer 64

**Refactoring.**

Answer 65

**AWS Elastic Beanstalk.** Businesses upload their application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

Answer 66

**Security group.** A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic. Businesses can add custom rules to configure which traffic should be allowed or denied.

Answer 67

**A fully isolated portion of the AWS global infrastructure.** An Availability Zone is a single data center or a group of data centers within a Region. Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

Answer 68

**Amazon Elastic Block Store (Amazon EBS).** Amazon EBS provides block-level storage volumes for Amazon EC2 instances. If a person stops or terminates an Amazon EC2 instance, all the data on the attached EBS volume remains available.

Answer 69

**Amazon Elastic Kubernetes Service (Amazon EKS).** Amazon EKS is a fully managed service that runs Kubernetes on AWS. Kubernetes is open-source software that deploys and manages containerized applications at scale. Containers provide a standard way to package an application's code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.

Answer 70

**Performance.** In this category, AWS Trusted Advisor also helps improve the performance of services by providing recommendations for how to take advantage of provisioned throughput.

Answer 71

**Performance Efficiency.** The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Answer 72

**Connect user requests to infrastructure in AWS and outside of AWS. & Manage DNS records for domain names** Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS. Additionally, businesses can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.

Answer 73

**A digital catalog that includes thousands of listings from independent software vendors.** Businesses can use AWS Marketplace to find, test, and buy software that runs on AWS.

Answer 74

**Businesses pay only for compute time while their code is running.** AWS Lambda is a service that runs code without needing to provision or manage servers.

Answer 75

**Instance store.** Instance stores are ideal for temporary data that does not need to be kept long term. When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

Answer 76

**A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances.** A load balancer acts as a single point of contact for all incoming web traffic to an Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.

Answer 77

**AWS Command Line Interface.** The AWS Command Line Interface (AWS CLI) provides the capability to control multiple AWS services directly from the command line within one tool. For example, a person can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.

Answer 78

**AWS Organizations.** In AWS Organizations, businesses centrally control permissions for their accounts by using service control policies (SCPs). Additionally, businesses can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.

Answer 79

**EC2 Instance Savings Plans.** EC2 Instance Savings Plans reduces compute costs by committing to a consistent hourly spend for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any EC2 usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any EC2 usage beyond the commitment is charged at regular On-Demand Instance rates.

Answer 80

**AWS CloudTrail.** With CloudTrail, a person can view a complete history of user activity and API calls for their applications and resources. Events are typically updated in CloudTrail within 15 minutes after an API call was made. A person can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.

Answer 81

**Amazon DynamoDB.** Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”. In a key-value database, you can add or remove attributes from items in the table at any time. Additionally, not every item in the table has to have the same attributes.

Answer 82

**Amazon Simple Queue Service (Amazon SQS).** Amazon SQS is a message queuing service. Using Amazon SQS, an application developer can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available. In Amazon SQS, an application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

Answer 83

**A service that provides intelligent threat detection for your AWS infrastructure and resources.** AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within an AWS environment.

Answer 84

**Amazon S3 Intelligent-Tiering.** In the Amazon S3 Intelligent-Tiering storage class, Amazon S3 monitors object access patterns. If an object has not been accessed for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, Amazon S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, Amazon S3 Standard.

Answer 85

**AWS Snowmobile.** AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck.

Answer 86

**Operations Perspective.** The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.

Answer 87

**AWS Cost Explorer.** With AWS Cost Explorer, businesses can quickly create custom reports to analyze their AWS cost and usage data.

Answer 88

**Deliver content to customers through a global network of edge locations.** Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Answer 89

**Maintaining virtualization infrastructure & Configuring AWS infrastructure devices ** The other three response options are tasks that are the responsibilities of customers.

Answer 90

**AWS Direct Connect.** AWS Direct Connect is a service that establishes a dedicated private connection between an on-premises data center and VPC. The private connection that AWS Direct Connect provides helps reduce network costs and increase the amount of bandwidth that can travel through a network.

Answer 91

**S3 Standard & S3 Standard-IA ** In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects access patterns. If an object has not accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If an object is accessed in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.

Answer 92

**Amazon Augmented AI.** Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, a person can also create their own workflows for machine learning models built on Amazon SageMaker or any other tools.

Answer 93

Enterprise & Business