Free Amazon Web Services CLF-C02 Practice Exam with Questions & Answers | Set: 3

The AWS Cloud Adoption Framework (AWS CAF) is a tool that helps organizations plan and execute their cloud transformation journey. The AWS CAF defines four phases of the cloud transformation journey: Envision, Align, Launch, and Scale. Each phase has a specific purpose and outcome1:

Envision: This phase helps you define your vision, goals, and expected outcomes for your cloud transformation. It also helps you identify and prioritize transformation opportunities across four domains: business, people, governance, and platform2.

Align: This phase helps you identify capability gaps across six perspectives: business, people, governance, platform, security, and operations. It also helps you create strategies for improving your cloud readiness, ensure stakeholder alignment, and facilitate relevant organizational change management activities3.

Launch: This phase helps you deliver pilot initiatives in production and demonstrate incremental business value. It also helps you learn from pilots and adjust your approach before scaling to full production4.

Scale: This phase helps you expand production pilots and business value to desired scale and ensure that the business benefits associated with your cloud investments are realized and sustained.

The options A and B are the correct AWS CAF cloud transformation journey recommendations, as they are part of the four phases defined by the AWS CAF. The options C, D, and E are not AWS CAFcloud transformation journey recommendations, as they are not part of the four phases defined by the AWS CAF

Amazon EC2 instance store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data,and other temporary content. It can also be used to store temporary data that you replicate across a fleet of instances, such as a load-balanced pool of web servers. An instance store consists of one or more instance store volumes exposed as block devices. The size of an instance store as well as the number of devices available varies by instance type and instance size. The virtual devices for instance store volumes are ephemeral[0-23]. Instance types that support one instance store volume have ephemeral0. Instance types that support two or more instance store volumes have ephemeral0, ephemeral1, and so on. Instance store pricing Instance store volumes are included as part of the instance’s usage cost. The data on an instance store volume persists even if the instance is rebooted. However, the data does not persist if the instance is stopped, hibernated, or terminated. When the instance is stopped, hibernated, or terminated, every block of the instance store volume is cryptographically erased. Therefore, do not rely on instance store volumes for valuable, long-term data. If you need to retain the data stored on an instance store volume beyond the lifetime of the instance, you need to manually copy that data to more persistent storage, such as an Amazon EBS volume, an Amazon S3 bucket, or an Amazon EFS file system. There are some events that can result in your data not persisting throughout the lifetime of the instance. The following table indicates whether data on instance store volumes is persisted during specific events, for both virtualized and bare metal instances1. References: Amazon EC2 instance store - Amazon Elastic Compute Cloud

Amazon Simple Queue Service (Amazon SQS) and AWS Step Functions are AWS services that can be used to achieve a loosely coupled architecture. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. Using Step Functions, you can design and run workflows that stitch together services such as AWS Lambda and Amazon SNS into feature-rich applications. References: Amazon SQS, AWS Step Functions

"The Reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle." https://docs.aws.amazon.com/wellarchitected/latest/framework/reliability.html

AWS Identity and Access Management (IAM) is a service that helps you securely control access to AWS resources for your users. You use IAM to control who can use your AWS resources (authentication) and what resources they can use and in what ways (authorization). IAM also enables you to follow the principle of least privilege, which means granting only the permissions that are necessary to perform a task1. References: AWS Identity and Access Management (IAM) - AWS Documentation

AWS PrivateLink provides private connectivity between VPCs, AWS services, and on-premises applications without exposing traffic to the public internet. It enables private access to AWS services by creating private endpoints within a VPC, which enhances security and simplifies network architecture by keeping all communication on the AWS network. This service is ideal for scenarios where a company wants to connect AWS services and VPCs privately.

AWS Secrets Manager is a service that helps you protect access to your applications, services, and IT resources. This service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. Secrets Manager offers secret rotation with built-in integration for Amazon RDS, Amazon Redshift, Amazon DocumentDB, and other AWS services1. You can also extend Secrets Manager to rotate other types of secrets, such as credentials for Oracle, SQL Server, or MongoDB databases, by using custom AWS Lambda functions2. Secrets Manager enables you to control access to secrets using fine-grained permissions and audit secret rotation centrally for resources in the AWS Cloud, third-party services, and on-premises3. Therefore, AWS Secrets Manager supports the requirement of rotating database user credentials with the least amount of operational overhead, compared to the other options. References:

What Is AWS Secrets Manager? - AWS Secrets Manager

Rotating Your AWS Secrets Manager Secrets - AWS Secrets Manager

AWS Secrets Manager Features - AWS Secrets Manager

Rehosting ("lift and shift") is a migration strategy where applications are moved to the cloud with minimal changes, making it the least effort-intensive method for applications incompatible with the cloud. Repurchasing involves moving to a different product, often a SaaS solution, which can also minimize migration effort by avoiding the need for application-level changes. Retiring, replatforming, and refactoring require significant effort either in terms of analyzing and shutting down the application, making changes to the underlying platform, or redesigning the application architecture, respectively.

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation. Security Hub collects findings from the security services enabled across your AWS accounts, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings from partner security products using a standardized AWS Security Finding Format, eliminating the need for time-consuming data parsing and normalization efforts. Customers can designate an administrator account that can access all findings across their accounts. References: AWS Security Hub Overview, AWS Security Hub FAQs

Understanding Performance Efficiency: This pillar of the AWS Well-Architected Framework focuses on using computing resources efficiently to meet system requirements and maintain that efficiency as demand changes and technologies evolve.

Key Aspects of Performance Efficiency:

Selection: Choose the right resources for the job. This includes using the most appropriate instance types, storage options, and database services.

Review: Regularly review your architecture to take advantage of the latest AWS services and features, and to ensure you're using the best possible resource for your needs.

Monitoring: Continuously monitor your system performance, gather metrics, and use those metrics to make informed decisions about scaling and performance optimization.

Trade-offs: Understand the trade-offs between various performance-related aspects, such as cost, latency, and durability, and make decisions that align with your business goals.

How to Implement Performance Efficiency:

Use Auto Scaling: Implement Auto Scaling to automatically adjust the number of resources based on the demand.

Choose Appropriate Storage Options: Select the right storage solution (e.g., S3, EBS, or EFS) based on performance and access patterns.

Optimize Networking: Utilize Amazon CloudFront, AWS Global Accelerator, and VPC to optimize your network performance.

Regular Review and Testing: Regularly review your architecture, test performance under various loads, and adjust configurations as needed.

AWS Well-Architected Framework

Performance Efficiency Pillar

AWS Storage Gatewayis a hybrid cloud storage service that provides on-premises access to virtually unlimited cloud storage. TheFile Gatewayconfiguration allows for on-premises applications to store data in Amazon S3 using NFS and SMB protocols, while keeping frequently accessed data cached locally. This meets the company's requirement for cloud-based storage that is locally cached.

B. AWS Snowcone: Incorrect, as it is a portable edge computing and storage device, not a storage service that provides local caching for cloud storage.

C. AWS Backup: Incorrect, as it is a centralized backup service to automate data protection across AWS services but does not provide local caching.

D. Amazon Elastic File System (Amazon EFS): Incorrect, as it provides scalable file storage for use with Amazon EC2 but does not offer local caching for on-premises storage needs.

AWS Cloud References:

AWS Storage Gateway

AWS Workspaces is a service that provides fully managed, secure, and reliable virtual desktops for your employees. You can access your personal Windows environment on various devices, such as Android, iOS, Fire, Mac, PC, Chromebook, and Linux. You can choose from different bundles of CPU, memory, storage, and software options to suit your needs. You can also integrate AWS Workspaces with your existing Active Directory, VPN, and security policies. AWS Workspaces helps you reduce the cost and complexity of managing your desktop infrastructure, while enhancing the productivity and security of your remote workers456. References: 4: Amazon WorkSpaces Client Download, 5: VDI Desktops - Amazon WorkSpaces Family - AWS, 6: Amazon WorkSpaces

TheAWS Cloud Development Kit (AWS CDK)currently supports multiple programming languages, includingPythonandTypeScript. These languages allow developers to define cloud infrastructure using familiar programming constructs. Python and TypeScript are among the first languages supported by AWS CDK, which also supports Java, C#, and JavaScript. This enables developers to use their existing programming skills and tools to define cloud infrastructure in code.

B. Swift: Incorrect, as Swift is not currently supported by AWS CDK.

D. Ruby: Incorrect, as Ruby is not currently supported by AWS CDK.

E. PHP: Incorrect, as PHP is not currently supported by AWS CDK.

AWS Cloud References:

AWS Cloud Development Kit (AWS CDK)

AWS Organizationsis a no-cost service that helps you centrally manage and govern your environment as you grow and scale your AWS resources. With AWS Organizations, you can create new AWS accounts, invite existing accounts to join your organization, and apply policies to groups of accounts for governance. While some features within AWS services incur additional costs, using AWS Organizations itself does not add any direct costs.

A. Amazon SageMaker: Incorrect, as it is a fully managed service for building, training, and deploying machine learning models, and it is not free.

B. AWS Config: Incorrect, as while it offers some free-tier usage, it generally incurs charges for recording and evaluating configuration changes.

D. Amazon CloudWatch: Incorrect, as certain CloudWatch metrics, custom metrics, and alarms have associated costs beyond the free tier.

AWS Cloud References:

AWS Organizations

AnIAM useris created when the company needs to provide unique credentials (username and password) to individuals who need access to the AWS Management Console or programmatic access (using access keys) to AWS services.

B. When the company creates AWS access credentials for individuals: Correct, as an IAM user is created to provide credentials for specific individuals.

D. When the company needs to add users to IAM groups: Correct, as IAM users can be added to groups to apply permissions and policies at a group level.

A. When an application that runs on Amazon EC2 instances requires access to other AWS services: Incorrect, as an IAM role is more appropriate for applications running on EC2 to assume temporary credentials.

C. When the company creates an application that runs on a mobile phone that makes requests to AWS: Incorrect, as using Cognito or a role with temporary credentials is more suitable.

E. When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time: Incorrect, as this use case typically involves IAM roles combined with AWS Single Sign-On (SSO).

AWS Cloud References:

IAM Users and Groups

IAM Roles