Amazon CLF-C02 Practice Test - Questions Answers, Page 33

Amazon Lightsail is an easy-to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan1. It is designed for developers who have little or no prior cloud experience and want to launch and manage applications on AWS with minimal complexity2. Amazon SageMaker is a service for building, training, and deploying machine learning models3. AWS Lambda is a service that lets you run code without provisioning or managing servers4.

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service.

AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices, including security and performance. It can help you monitor for misconfigured security groups that are allowing unrestricted access to specific ports. Amazon CloudWatch is a service that monitors your AWS resources and the applications you run on AWS.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. AWS Health Dashboard provides relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities.

IAM access keys are long-term credentials that consist of an access key ID and a secret access key.

You use access keys to sign programmatic requests that you make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account user name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH. AWS Key Management Service (AWS KMS) keys are used to encrypt and decrypt your data using the AWS Encryption SDK or the AWS CLI.

Refining operation procedures frequently is one of the design principles of the operational excellence pillar of the AWS Well-Architected Framework. It means that you should review and validate your processes regularly to ensure they are effective and that staff are familiar with them. Performing operations as code, making frequent, small, reversible changes, and structuring the company to support business outcomes are design principles of other pillars of the AWS Well-Architected Framework.

Amazon Route 53 and AWS WAF are AWS services that can be configured at the Region level.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service that lets you register domain names, route traffic to resources, and check the health of your resources. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Amazon EC2, Amazon CloudFront, and Amazon DynamoDB are AWS services that can be configured at the global level or the Availability Zone level .

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. You can use CloudTrail to identify who accessed an AWS service and what action was performed for a given time period. Amazon CloudWatch, AWS Security Hub, and Amazon Inspector are AWS services that provide different types of monitoring and security capabilities.

AWS Shield Advanced is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield Advanced provides you with 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration. AWS Shield Advanced also provides near real-time visibility into attacks, advanced attack mitigation capabilities, and integration with AWS WAF and AWS Firewall Manager1. AWS Shield is a standard service that provides always-on detection and automatic inline mitigations to minimize application downtime and latency, but it does not offer the same level of features and support as AWS Shield Advanced2. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it does not provide DDoS protection3. Network ACLs are stateless filters that can be associated with a subnet to control the traffic to and from the subnet, but they are not designed to protect against DDoS attacks

AWS Cloud Adoption Framework (AWS CAF) is a tool that helps organizations understand how cloud adoption transforms the way they work, and it provides structure to identify and address gaps in skills and processes. Applying the AWS CAF in your organization results in an actionable plan that helps you prepare the cloud environment, enable your staff with new skills, and migrate your applications. AWS Pricing Calculator is a tool that helps you estimate the cost of AWS services for your use cases and compare the cost of different AWS service configurations. AWS Well-Architected Framework is a tool that helps you review and improve your cloud-based architectures and better understand the business impact of your design decisions. AWS Budgets is a tool that helps you plan your service usage, service costs, and instance reservations, and track how close your plan is to your budgeted amount.

Changing AWS Support plans is a task that must be performed by using the AWS account root user credentials. The root user is the email address that you used to sign up for AWS. It has complete access to all AWS services and resources in the account. You should use the root user only to perform a few account and service management tasks, such as changing AWS Support plans, closing the account, or changing the account name or email address. Making changes to AWS production resources, accessing AWS Cost and Usage Reports, and granting auditors access to an AWS account for a compliance audit are tasks that can be performed by using IAM users or roles, which are entities that you create in AWS to delegate permissions to access AWS services and resources.