AWS Certified Cloud Practitioner Study Guide With 500 Practice Test Questions: Foundational (CLF-C02) Exam

AWS Certification Books from Sybex

AWS®

Certified Cloud Practitioner

Study Guide

Foundational (CLF-C02) Exam

Second Edition

Ben Piper

David Clinton

Copyright © 2024 by John Wiley & Sons. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada and the United Kingdom.

ISBNs: 9781394235636 (paperback), 9781394235643 (ePub), 9781394235650 (ePDF)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. AWS is a registered trademark of Amazon Technologies, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and authors have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2023947983

Cover image: ©Jeremy Woodhouse/Getty Images, Inc.

Cover design: Wiley

Acknowledgments

We would like to thank the following people who helped us create this AWS® Certified Cloud Practitioner Study Guide: Foundational CLF-C02 Exam, Second Edition.

First, a special thanks to our friends at Wiley. Kenyon Brown, senior acquisitions editor, got the ball rolling on this project and put all the pieces together. Our project editor, Gus Miklos, kept us on track and moving in the right direction. Thanks to production specialist Magesh Elangovan and copyeditor Liz Welch. We're also very grateful to our sharp-eyed technical editor, John Mueller, and Ashirvad Moses—we may not know exactly what a managing editor is, but we do know that this one made a big difference.

Lastly—once again—the authors would like to thank each other!

About the Authors

David Clinton is a Linux server and cloud admin who has worked with IT infrastructure in both academic and enterprise environments. He has authored many technology books—including AWS Certified Solutions Architect Study Guide: Associate SAA-C03 Exam, Fourth Edition (Sybex, 2022)—and created 20 video courses teaching Amazon Web Services and Linux administration, server virtualization, and IT security for Pluralsight.

In a previous life, David spent 20 years as a high school teacher. He currently lives in Toronto, Canada, with his wife and family and can be reached through his website: https://bootstrap-it.com.

Ben Piper is a cloud and networking consultant who has authored multiple books including the AWS Certified Solutions Architect Study Guide: Associate SAA-C03 Exam, Fourth Edition (Sybex, 2022). He has created more than 20 training courses covering Amazon Web Services, Cisco routing and switching, Citrix, Puppet configuration management, and Windows Server Administration. You can contact Ben by visiting his website: https://benpiper.com.

Table of Exercises

Introduction

Studying for any certification always involves deciding how much of your studying should be practical hands-on experience and how much should be simply memorizing facts and figures. Between the two of us, we've taken more than 20 different IT certification exams, so we know how important it is to use your study time wisely. We've designed this book to help you discover your strengths and weaknesses on the AWS platform so that you can focus your efforts properly. Whether you've been working with AWS for a long time or you're relatively new to it, we encourage you to carefully read this book from cover to cover.

Passing the AWS Certified Cloud Practitioner exam won't require you to know how to provision and launch complex, multitier cloud deployments. But you will need to be broadly familiar with the workings of a wide range of AWS services. Everything you'll have to know should be available in this book, but you may sometimes find yourself curious about finer details. Feel free to take advantage of Amazon's official documentation, which is generally available in HTML, PDF, and Kindle formats.

Even though the AWS Certified Cloud Practitioner Study Guide: CLF-C02 Exam skews a bit more to the theoretical side than other AWS certifications, there's still a great deal of value in working through each chapter's hands-on exercises. The exercises here aren't meant to turn you into a solutions architect who knows how things work but to help you understand why they're so important.

Bear in mind that some of the exercises and figures rely on the AWS Management Console, which is in constant flux. As such, screenshots and step-by-step details of exercises may change. If what you see in the Management Console doesn't match the way it's described in this book, use it as an opportunity to dig into the AWS online documentation or experiment on your own.

Each chapter includes review questions to thoroughly test your understanding of the services you've seen. We've designed the questions to help you realistically gauge your understanding and readiness for the exam. Although the difficulty level will vary between questions, you can be sure there's no fluff. Once you complete a chapter's review questions, refer to Appendix A for the correct answers and detailed explanations.

The book also comes with a self-assessment exam at the beginning with 25 questions, two practice exams with a total of 100 questions, and flashcards to help you learn and retain key facts needed to prepare for the exam.

Changes to AWS services happen frequently, so you can expect that some information in this book might fall behind over time. To help you keep up, we've created a place where we'll announce relevant updates and where you can also let us know of issues you encounter. Check in regularly to this resource at https://awsccp.github.io.

What Does This Book Cover?

This book covers topics you need to know to prepare for the Amazon Web Services (AWS) Certified Cloud Practitioner exam:

Chapter 1: The Cloud This chapter describes the core features of a cloud environment that distinguish it from traditional data center operations. It discusses how cloud platforms provide greater availability, scalability, and elasticity and what role technologies such as virtualization and automated, metered billing play.

Chapter 2: Understanding Your AWS Account In this chapter, you'll learn about AWS billing structures, planning and monitoring your deployment costs, and how you can use the Free Tier for a full year to try nearly any AWS service in real-world operations for little or no cost.

Chapter 3: Getting Support on AWS This chapter is focused on where to find support with a problem that needs solving or when you're trying to choose between complex options. You'll learn about what's available under the free Basic Support plan as opposed to the Developer, Business, and Enterprise levels.

Chapter 4: Understanding the AWS Environment In this chapter, we discuss how to enhance security and availability, and how Amazon organizes its resources in geographic regions and availability zones. You'll also learn about Amazon's global network of edge locations built to provide superior network performance for your applications.

Chapter 5: Securing Your AWS Resources The focus of this chapter is security. You'll learn how you control access to your AWS-based resources through identities, authentication, and roles. You'll also learn about data encryption and how AWS can simplify your regulatory compliance.

Chapter 6: Working with Your AWS Resources How will your team access AWS resources so they can effectively manage them? This chapter will introduce you to the AWS Management Console, the AWS Command-Line Interface, software development kits, and various infrastructure monitoring tools.

Chapter 7: The Core Compute Services Providing an alternative to traditional physical compute services is a cornerstone of cloud computing. This chapter discusses Amazon's Elastic Compute Cloud (EC2), Lightsail, and Elastic Beanstalk services. We also take a quick look at various serverless workload models.

Chapter 8: The Core Storage Services This chapter explores Amazon's object storage services including Simple Storage Service (S3) and Glacier for inexpensive and highly accessible storage, and Storage Gateway and Snowball for integration with your local resources.

Chapter 9: The Core Database Services Here you will learn about how data is managed at scale on AWS, exploring the SQL-compatible Relational Database Service (RDS), the NoSQL DynamoDB platform, and Redshift for data warehousing.

Chapter 10: The Core Networking Services AWS lets you control network access to your resources through virtual private clouds (VPCs), virtual private networks (VPNs), DNS routing through the Route 53 service, and network caching via CloudFront. This chapter focuses on all of them.

Chapter 11: Automating Your AWS Workloads This chapter covers the AWS services designed to permit automated deployments and close DevOps integration connecting your development processes with your Amazon-based application environments.

Chapter 12: Common Use-Case Scenarios This chapter illustrates some real-world, cloud-optimized deployment architectures to give you an idea of the kinds of application environments you can build on AWS.

Appendix A: Answers to Review Questions This appendix provides the answers and brief explanations for the questions at the end of each chapter.

Appendix B: Additional Services To make sure you're at least familiar with the full scope of AWS infrastructure, this appendix provides brief introductions to many of the services not mentioned directly in the chapters of this book.

Interactive Online Learning Environment and Test Bank

The authors have worked hard to create some really great tools to help you with your certification process. The interactive online learning environment that accompanies this AWS Certified Cloud Practitioner Study Guide includes a test bank with study tools to help you prepare for the certification exam—and increase your chances of passing it the first time! The test bank includes the following:

Sample Tests All the questions in this book are included online, including the assessment test at the end of this introduction and the review questions printed after each chapter. In addition, there are two practice exams with 50 questions each. Use these questions to assess how you're likely to perform on the real exam. The online test bank runs on multiple devices.

Flashcards The online text banks include 100 flashcards specifically written to hit you hard, so don't get discouraged if you don't ace your way through them at first. They're there to ensure that you're really ready for the exam. And no worries—armed with the review questions, practice exams, and flashcards, you'll be more than prepared when exam day comes. Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.

We plan to update any errors or changes to the AWS platform that aren't currently reflected in these questions as we discover them here: https://awsccp.github.io.

Should you notice any problems before we do, please be in touch.

Glossary A glossary of key terms from this book is available as a fully searchable PDF.

Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.

Like all exams, the AWS Certified Cloud Practitioner exam certification from AWS is updated periodically and may eventually be retired or replaced. At some point after AWS is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.

Exam Objectives

According to the AWS Certified Cloud Practitioner Exam Guide, the AWS Certified Cloud Practitioner (CLF-C02) examination is intended for individuals who have the knowledge and skills necessary to effectively demonstrate an overall understanding of the AWS Cloud, independent of specific technical roles addressed by other AWS certifications (for example, solution architects or SysOps administrators).

To be successful, you'll be expected to be able to describe the following:

The AWS Cloud and its basic global infrastructure

AWS Cloud architectural principles

The AWS Cloud value proposition

Key AWS services along with their common use cases (for example, highly available web applications or data analysis)

The basic security and compliance practices relating to the AWS platform and the shared security model

AWS billing, account management, and pricing models

Documentation and technical assistance resources

Basic characteristics for deploying and operating in the AWS Cloud

AWS recommends that candidates have at least six months of experience with the AWS Cloud in any role, including technical, managerial, sales, purchasing, or financial. They should also possess general knowledge of information technology and application servers and their uses in the AWS Cloud.

Objective Map

The exam covers four domains, with each domain broken down into objectives. The following table lists each domain and its weighting in the exam, along with the chapters in the book where that domain's objectives are covered.

How to Contact the Publisher

If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line Possible Book Errata Submission.

Assessment Test

Which of the following describes the cloud design principle of scalability?

The ability to automatically increase available compute resources to meet growing user demand

The ability to route incoming client requests between multiple application servers

The ability to segment physical resources into multiple virtual partitions

The ability to reduce production costs by spreading capital expenses across many accounts

Which of the following best describes the cloud service model known as infrastructure as a service (IaaS)?

End-user access to software applications delivered over the Internet

Access to a simplified interface through which customers can directly deploy their application code without having to worry about managing the underlying infrastructure

Customer rental of the use of measured units of a provider's physical compute, storage, and networking resources

Abstracted interfaces built to manage clusters of containerized workloads

How does AWS ensure that no single customer consumes an unsustainable proportion of available resources?

AWS allows customers to consume as much as they're willing to pay for, regardless of general availability.

AWS imposes default limits on the use of its service resources but allows customers to request higher limits.

AWS imposes hard default limits on the use of its service resources.

AWS imposes default limits on the use of its services by Basic account holders; Premium account holders face no limits.

The AWS Free Tier is designed to give new account holders the opportunity to get to know how their services work without necessarily costing any money. How does it work?

You get service credits that can be used to provision and launch a few typical workloads.

You get full free access to a few core AWS services for one month.

You get low-cost access to many core AWS services for three months.

You get free lightweight access to many core AWS services for a full 12 months.

AWS customers receive production system down support within one hour when they subscribe to which support plan(s)?

Enterprise.

Business and Enterprise.

Developer and Basic.

All plans get this level of support.

AWS customers get full access to the AWS Trusted Advisor best practice checks when they subscribe to which support plan(s)?

All plans get this level of support.

Basic and Business.

Business and Enterprise.

Developer, Business, and Enterprise.

The AWS Shared Responsibility Model illustrates how AWS itself (as opposed to its customers) is responsible for which aspects of the cloud environment?

The redundancy and integrity of customer-added data

The underlying integrity and security of AWS physical resources

Data and configurations added by customers

The operating systems run on EC2 instances

Which of these is a designation for one or more AWS data centers within a single geographic area?

Availability zone

Region

Network subnet

Geo-unit

How, using security best practices, should your organization's team members access your AWS account resources?

Only a single team member should be given any account access.

Through a jointly shared single account user who's been given full account-wide permissions.

Through the use of specially created users, groups, and roles, each given the fewest permissions necessary.

Ideally, resource access should occur only through the use of access keys.

Which of the following describes a methodology that protects your organization's data when it's on-site locally, in transit to AWS, and stored on AWS?

Client-side encryption

Server-side encryption

Cryptographic transformation

Encryption at rest

What authentication method will you use to access your AWS resources remotely through the AWS Command-Line Interface (CLI)?

Strong password

Multifactor authentication

SSH key pairs

Access keys

Which of these is the primary benefit from using resource tags with your AWS assets?

Tags enable the use of remote administration operations via the AWS CLI.

Tags make it easier to identify and administrate running resources in a busy AWS account.

Tags enhance data security throughout your account.

Some AWS services won't work without the use of resource tags.

What defines the base operating system and software stack that will be available for a new Elastic Compute Cloud (EC2) instance when it launches?

The Virtual Private Cloud (VPC) into which you choose to launch your instance.

The instance type you select.

The Amazon Machine Image (AMI) you select.

You don't need to define the base OS—you can install that once the instance launches.

Which of the following AWS compute services offers an administration experience that most closely resembles the way you would run physical servers in your own local data center?

Simple Storage Service (S3)

Elastic Container Service (ECS)

Elastic Compute Cloud (EC2)

Lambda

Which of the following AWS object storage services offers the lowest ongoing charges, but at the cost of some convenience?

S3 Glacier

Storage Gateway

Simple Storage Service (S3)

Elastic Block Store (EBS)

Which of the following AWS storage services can make the most practical sense for petabyte-sized archives that currently exist in your local data center?

Saving to a Glacier Vault

Saving to a Simple Storage Service (S3) bucket

Saving to an Elastic Block Store (EBS) volume

Saving to an AWS Snowball device

Which of the following will provide the most reliable and scalable relational database experience on AWS?

Relational Database Service (RDS)

Running a database on an EC2 instance

DynamoDB

Redshift

What's the best and simplest way to increase reliability of an RDS database instance?

Increase the available IOPS.

Choose the Aurora database engine when you configure your instance.

Enable Multi-AZ.

Duplicate the database in a second AWS region.

How does AWS describe an isolated networking environment into which you can launch compute resources while closely controlling network access?

Security group

Virtual private cloud (VPC)

Availability zone

Internet gateway

What service does AWS use to provide a content delivery network (CDN) for its customers?

VPC peering

Internet gateway

Route 53

CloudFront

What is Amazon's Git-compliant version control service for integrating your source code with AWS resources?

CodeCommit

CodeBuild

CodeDeploy

Cloud9

Which AWS service allows you to build a script-like template representing complex resource stacks that can be used to launch precisely defined environments involving the full range of AWS resources?

LightSail

EC2

CodeDeploy

CloudFormation

What is Amazon Athena?

A service that permits queries against data stored in Amazon S3

A service that permits processing and analyzing of real-time video and data streams

A NoSQL database engine

A Greece-based Amazon Direct Connect service partner

What is Amazon Kinesis?

A service that permits queries against data stored in Amazon S3

A service that permits processing and analyzing of real-time video and data streams

A no-SQL database engine

A Greece-based Amazon Direct Connect service partner

What is Amazon Cognito?

A service that can manage authentication and authorization for your public-facing applications

A service that automates the administration of authentication secrets used by your AWS resources

A service that permits processing and analyzing of real-time video and data streams

A relational database engine

Answers to Assessment Test

A. A scalable deployment will automatically scale up its capacity to meet growing user demand without the need for manual interference. For more information, see Chapter 1.

C. IaaS is a model that gives customers access to virtualized units of a provider's physical resources. IaaS customers manage their infrastructure much the way they would local, physical servers. For more information, see Chapter 1.

B. AWS applies usage limits on most features of its services. However, in many cases, you can apply for a limit to be lifted. For more information, see Chapter 2.

D. The Free Tier offers you free lightweight access to many core AWS services for a full 12 months. For more information, see Chapter 2.

B. Production system down support within one hour is available only to subscribers to the Business or Enterprise support plans. For more information, see Chapter 3.

D. All support plans come with full access to Trusted Advisor except for the (free) Basic plan. For more information, see Chapter 3.

B. According to the Shared Responsibility Model, AWS is responsible for the underlying integrity and security of AWS physical resources, but not the integrity of the data and configurations added by customers. For more information, see Chapter 4.

A. An availability zone is one or more physical data centers located within a single AWS region. For more information, see Chapter 4.

C. Team members should each be given identities (as users, groups, and/or roles) configured with exactly the permissions necessary to do their jobs and no more. For more information, see Chapter 5.

A. End-to-end encryption that protects data at every step of its life cycle is called client-side encryption. For more information, see Chapter 5.

D. AWS CLI requests are authenticated through access keys. For more information, see Chapter 6.

B. Resource tags—especially when applied with consistent naming patterns—can make it easier to visualize and administrate resources on busy accounts. For more information, see Chapter 6.

C. The AMI you select while configuring your new instance defines the base OS. For more information, see Chapter 7.

C. You can administer EC2 instances using techniques that are similar to the way you'd work with physical servers. For more information, see Chapter 7.

A. Amazon Glacier can reliably store large amounts of data for a very low price but requires CLI or SDK administration access, and retrieving your data can take hours. For more information, see Chapter 8.

D. You can transfer large data stores to the AWS cloud (to S3 buckets) by having Amazon send you a Snowball device to which you copy your data and which you then ship back to Amazon. For more information, see Chapter 8.

A. RDS offers a managed and highly scalable database environment for most popular relational database engines (including MySQL, MariaDB, and Oracle). For more information, see Chapter 9.

C. Multi-AZ will automatically replicate your database in a second availability zone for greater reliability. It will, of course, also double your costs. For more information, see Chapter 9.

B. A VPC is an isolated networking environment into which you can launch compute resources while closely controlling network access. For more information, see Chapter 10.

D. CloudFront is a content delivery network (CDN) that distributes content through its global network of edge locations. For more information, see Chapter 10.

A. CodeCommit is a Git-compliant version control service for integrating your source code with AWS resources. For more information, see Chapter 11.

D. CloudFormation templates can represent complex resource stacks that can be used to launch precisely defined environments involving the full range of AWS resources. For