Practice set
AWS Certified Cloud Practitioner CLF-C02 questions
Question 1mediummultiple choice
Full question →A cloud provider uses shared physical infrastructure to serve many customers. Each customer's compute and storage resources are logically isolated and secure, but the underlying hardware is pooled across all customers. Which essential characteristic of cloud computing does this scenario BEST describe?
Question 2mediummultiple choice
Full question →A company archives historical transaction records in Amazon S3. The records are accessed frequently for the first 30 days after creation. After 30 days, access drops sharply to only a few times per year, but the company must be able to retrieve any record within 5 minutes if needed. The company wants to minimize storage costs while meeting the retrieval time requirement. Which combination of S3 storage classes should the company use?
Question 3mediummultiple choice
Full question →A company based in Germany needs to store and process customer data that, by law, must remain within the European Union (EU). The company plans to use AWS services. Which AWS Global Infrastructure element is the MOST important for the company to evaluate when choosing where to deploy its resources?
Question 4easymultiple choice
Full question →A company collects sensor data from IoT devices and stores the data in Amazon S3. For the first 90 days, the data is accessed frequently for real-time analysis. After 90 days, the data is rarely accessed but must be retrievable within 24 hours for compliance audits. After 365 days, the data must be retained for legal purposes but can be deleted after 7 years. Which S3 storage class should the company use for the data from day 91 to day 365 to minimize storage costs while meeting the retrieval time requirement?
Question 5mediummultiple choice
Full question →A company has a mobile application that allows users to upload profile photos. When a new photo is uploaded to an Amazon S3 bucket, the application must automatically create a thumbnail version and store it in another S3 bucket. The company wants a solution that runs only when needed, scales automatically, and requires no management of underlying servers. Which AWS service should the company use to meet these requirements?
Question 6easymultiple choice
Full question →A company currently runs its infrastructure in a colocation data center. The CIO wants to estimate the total cost of ownership (TCO) of migrating the existing workload to AWS, compared to continuing with the on-premises solution. The company has detailed data on current server specifications, power, cooling, and labor costs. Which AWS tool should the company use to perform this analysis?
Question 7mediummultiple choice
Full question →A company currently uses the AWS Basic Support plan. The CTO wants to access the complete set of AWS Trusted Advisor checks, including those related to cost optimization and performance. Additionally, the CTO requires a guaranteed response time of less than 15 minutes for critical business-impairing issues. Which AWS Support plan should the company choose to meet all of these requirements?
Question 8mediummultiple choice
Full question →A company develops a mobile application that allows employees to upload sales reports to an Amazon S3 bucket. The application must work reliably from any location, including from corporate offices, remote home offices, and international travel locations. The solution uses standard HTTPS requests over the internet. Which essential characteristic of cloud computing does this scenario best illustrate?
Question 9mediummultiple choice
Full question →A company expects a steady baseline usage of AWS compute services (Amazon EC2, AWS Lambda, and AWS Fargate) over the next three years. They want to reduce costs compared to On-Demand pricing while maintaining the flexibility to change instance families, regions, or even switch between compute services (e.g., from EC2 to Lambda) without losing their discount. Which AWS pricing option should the company choose?
Question 10mediummultiple choice
Full question →A company generates large log files from its application and stores them in an Amazon S3 bucket. During the first 30 days, logs are frequently accessed for troubleshooting. After 30 days, logs are accessed infrequently (a few times per month). After 90 days, logs are rarely accessed but must be retained for compliance for one year, with retrieval possible within minutes if needed. The company wants to minimize storage costs while meeting these access and retention requirements. Which S3 feature should the company configure?
Question 11mediummultiple choice
Full question →A company handles credit card transactions and must comply with the Payment Card Industry Data Security Standard (PCI DSS). The company's compliance officer needs to review AWS's PCI DSS compliance reports and also download and sign the AWS Business Associate Addendum (BAA) for HIPAA eligibility. The company wants a single, managed AWS service that provides on-demand access to these compliance documents and agreements. Which AWS service should the compliance officer use?
Question 12mediummultiple choice
Full question →A company has 20 AWS accounts managed under AWS Organizations. The finance team wants to centralize billing so that the company receives volume discounts for the aggregated usage across all accounts. Additionally, the team needs to set monthly budgets for each department and automatically receive email notifications when a department's spending reaches 80% of its budget threshold. Which combination of AWS features or services should the company use to meet these requirements?
Question 13mediummultiple choice
Full question →A company has 200 IAM users. The security team needs to automatically verify that every IAM user has enabled multi-factor authentication (MFA) for console access. They also need to receive a notification whenever a new user is created without MFA so they can enforce the policy. Which AWS service should the security team use to meet these requirements?
Question 14mediummultiple choice
Full question →A company has 50 IAM users in a single AWS account. The security policy requires that every IAM user must have a virtual MFA device enabled for AWS Management Console access. The company wants to automatically detect any user who disables or has an inactive MFA device and immediately revoke that user's ability to access AWS resources by disabling their access keys. The solution must be fully managed, require no custom scripts, and use native AWS services. Which AWS service should the company use to define the compliance rule and automatically trigger the remediation action?
Question 15mediummultiple choice
Full question →A company has 50 TB of historical data stored on on-premises network-attached storage (NAS). The company wants to transfer this data to Amazon S3. The internet connection provides only 10 Mbps upload speed, and the company wants to complete the transfer within 2 weeks. The data is not sensitive and does not require encryption during transfer. Which AWS service should the company use to meet these requirements?
Question 16mediummultiple choice
Full question →A company has 50 TB of on-premises file server data that must be transferred to Amazon S3. The company's internet connection is limited to 100 Mbps, and the data transfer must not impact daily business operations. The company needs a physical device to securely copy the data and then ship it to AWS for ingestion. Which AWS service should the company use?
Question 17mediummultiple choice
Full question →A company has a compliance policy requiring that all Amazon EC2 instances in its production environment must have the tag "Environment=Production" and must be associated with a security group named "Prod-SG". The company wants to continuously monitor its AWS account and automatically detect any EC2 instances that do not meet these requirements. The IT team needs a service that can evaluate the configuration of resources against these rules and send notifications when a non-compliant resource is detected. Which AWS service should the company use?
Question 18mediummultiple choice
Full question →A company has a compliance policy requiring that all data at rest in Amazon S3 be encrypted with a key that is automatically rotated every year. The company wants to manage the encryption keys themselves, maintain control over access policies, and have AWS handle the key rotation automatically. Which AWS service should the company use?
Question 19mediummultiple choice
Full question →A company has a compliance requirement that all Amazon S3 buckets must have server-side encryption (SSE) enabled and must block all public access. The company has hundreds of existing S3 buckets and creates new ones regularly. The security team needs a centralized AWS service that can continuously evaluate all buckets against these two rules, automatically detect noncompliant buckets, and then automatically remediate them by enabling SSE and blocking public access. Additionally, the team wants to receive notifications when compliance changes occur. Which AWS service should the security team use?
Question 20mediummultiple choice
Full question →A company has a development environment running on Amazon EC2 instances. To control costs, the team wants to set a monthly budget of $5,000 for this environment. If the forecasted cost for the month exceeds $6,000 (20% over budget), they want AWS to automatically stop all non-critical EC2 instances to prevent further spending. Which AWS feature should the team use to implement this automated cost control?
Question 21mediummultiple choice
Full question →A company has a global user base that uploads images to an Amazon S3 bucket in the us-east-1 Region. Users report slow upload speeds and frequent timeouts when uploading large files from distant locations. The company wants to use the AWS global network and edge locations to accelerate uploads to the S3 bucket. The solution must require minimal infrastructure changes on the client side and must be configured at the bucket level. Which AWS feature should the company enable?
Question 22mediummultiple choice
Full question →A company has a monthly budget of $10,000 for its development AWS account. The project manager wants to receive an automated email alert when the actual costs for the current month reach 80% of the budget. The project manager does not want to build any custom code or manage any infrastructure for this alert. Which approach should the project manager take to meet these requirements?
Question 23mediummultiple choice
Full question →A company has a security policy that requires all Amazon EBS volumes attached to production Amazon EC2 instances to be encrypted at rest using customer-managed encryption keys. The policy also mandates that the encryption keys must be automatically rotated every 365 days. The company wants to minimize operational overhead by using a managed AWS service for key management and automatic rotation. Which AWS service should the company use to meet these requirements?
Question 24mediummultiple choice
Full question →