Amazon CLF-C02 Practice Test - Questions Answers, Page 54

The AWS Cloud Adoption Framework (AWS CAF) security perspective helps users achieve the confidentiality, integrity, and availability of their data and cloud workloads. It comprises nine capabilities that are grouped into three categories: preventive, detective, and responsive. Incident response and infrastructure protection are two of the capabilities in the responsive and preventive categories, respectively. Incident response helps users prepare for and respond to security incidents in a timely and effective manner, using tools and processes that leverage AWS features and services. Infrastructure protection helps users implement security controls and mechanisms to protect their cloud resources, such as network, compute, storage, and database, from unauthorized access or malicious attacks.Reference:Security perspective: compliance and assurance,AWS Cloud Adoption Framework

An IAM credential report is a feature of AWS Identity and Access Management (IAM) that allows you to view and download a report that lists all IAM users in your account and the status of their various credentials, such as passwords, access keys, and MFA devices.You can use this report to audit the security status of your IAM users and ensure that they follow the best practices for credential management1.Reference:1:AWS Documentation - IAM User Guide - Getting credential reports for your AWS account

Making frequent, small, reversible changes is one of the design principles for operational excellence in the AWS Cloud, as defined by the AWS Well-Architected Framework. This principle means that you should design your workloads to allow for rapid and safe changes, such as deploying updates, rolling back failures, and experimenting with new features.By making small and reversible changes, you can reduce the risk of errors, minimize the impact of failures, and increase the speed of recovery2.Reference:2:AWS Documentation - AWS Well-Architected Framework - Operational Excellence Pillar

Amazon EC2 instance store provides temporary block-level storage for your EC2 instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content. It can also be used to store temporary data that you replicate across a fleet of instances, such as a load-balanced pool of web servers. An instance store consists of one or more instance store volumes exposed as block devices. The size of an instance store as well as the number of devices available varies by instance type and instance size. The virtual devices for instance store volumes are ephemeral[0-23]. Instance types that support one instance store volume have ephemeral0. Instance types that support two or more instance store volumes have ephemeral0, ephemeral1, and so on. Instance store pricing Instance store volumes are included as part of the instance's usage cost. The data on an instance store volume persists even if the instance is rebooted. However, the data does not persist if the instance is stopped, hibernated, or terminated. When the instance is stopped, hibernated, or terminated, every block of the instance store volume is cryptographically erased. Therefore, do not rely on instance store volumes for valuable, long-term data. If you need to retain the data stored on an instance store volume beyond the lifetime of the instance, you need to manually copy that data to more persistent storage, such as an Amazon EBS volume, an Amazon S3 bucket, or an Amazon EFS file system. There are some events that can result in your data not persisting throughout the lifetime of the instance.The following table indicates whether data on instance store volumes is persisted during specific events, for both virtualized and bare metal instances1.Reference:Amazon EC2 instance store - Amazon Elastic Compute Cloud

AWS Outposts is a fully managed service that extends AWS infrastructure, services, APIs, and tools to customer premises. By providing local access to AWS managed infrastructure, AWS Outposts enables customers to build and run applications on premises using the same programming interfaces as in AWS Regions, while using local compute and storage resources for lower latency and local data processing needs. An Outpost is a pool of AWS compute and storage capacity deployed at a customer site. AWS operates, monitors, and manages this capacity as part of an AWS Region. You can create subnets on your Outpost and specify them when you create AWS resources such as EC2 instances, EBS volumes, ECS clusters, and RDS instances. Instances in Outpost subnets communicate with other instances in the AWS Region using private IP addresses, all within the same VPC. Outposts solutions allow you to extend and run native AWS services on premises, and is available in a variety of form factors, from 1U and 2U Outposts servers to 42U Outposts racks, and multiple rack deployments.With AWS Outposts, you can run some AWS services locally and connect to a broad range of services available in the local AWS Region2. AWS Outposts is a hybrid cloud deployment model that uses AWS Outposts as part of the application deployment infrastructure. Hybrid cloud is a cloud computing environment that uses a mix of on-premises, private cloud, and public cloud services with orchestration between the platforms. Hybrid cloud provides businesses with greater flexibility, more deployment options, and optimized costs.By using AWS Outposts, customers can benefit from the fully managed infrastructure, services, APIs, and tools of AWS on premises, while still having access to the full range of AWS services available in the Region for a truly consistent hybrid experience3.Reference:On-Premises Private Cloud - AWS Outposts Family - AWS,What is AWS Outposts? - AWS Outposts

Amazon EC2 Auto Scaling is a service that helps you maintain application availability and allows you to automatically add or remove EC2 instances according to definable conditions. You can create collections of EC2 instances, called Auto Scaling groups, and specify the minimum and maximum number of instances in each group. You can also define scaling policies that adjust the number of instances based on the demand on your application.Amazon EC2 Auto Scaling helps you improve the performance, reliability, and cost-efficiency of your EC2 workloads123.Reference:1:VDI Desktops - Amazon WorkSpaces Family - AWS,2:What is Amazon EC2 Auto Scaling? - Amazon EC2 Auto Scaling,3:Discover Amazon EC2 Auto Scaling Unit | Salesforce Trailhead

AWS Workspaces is a service that provides fully managed, secure, and reliable virtual desktops for your employees. You can access your personal Windows environment on various devices, such as Android, iOS, Fire, Mac, PC, Chromebook, and Linux. You can choose from different bundles of CPU, memory, storage, and software options to suit your needs. You can also integrate AWS Workspaces with your existing Active Directory, VPN, and security policies.AWS Workspaces helps you reduce the cost and complexity of managing your desktop infrastructure, while enhancing the productivity and security of your remote workers456.Reference:4:Amazon WorkSpaces Client Download,5:VDI Desktops - Amazon WorkSpaces Family - AWS,6:Amazon WorkSpaces

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation. Security Hub collects findings from the security services enabled across your AWS accounts, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings from partner security products using a standardized AWS Security Finding Format, eliminating the need for time-consuming data parsing and normalization efforts. Customers can designate an administrator account that can access all findings across their accounts.Reference:AWS Security Hub Overview,AWS Security Hub FAQs

Amazon CloudFront and AWS Global Accelerator are two AWS services that make use of global edge locations. Edge locations are AWS sites that are deployed worldwide in major cities and places with a high population.Edge locations are used to cache data and reduce latency for end-user access1.

Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds.Amazon CloudFront uses a global network of over 200 edge locations and 13 regional edge caches to cache your content closer to your viewers, improving performance and reducing costs23.

AWS Global Accelerator is a networking service that improves the availability and performance of your applications with local or global users. AWS Global Accelerator uses the AWS global network to route user traffic to the optimal endpoint based on health, performance, and policies.AWS Global Accelerator uses over 100 edge locations to bring your application endpoints closer to your users, reducing network hops and improving user experience45.Reference:1:AWS for the Edge - Amazon Web Services (AWS),2:Content Delivery Network (CDN) - Amazon CloudFront - AWS,3:Amazon CloudFront Documentation,4:AWS Global Accelerator - Amazon Web Services,5:AWS Global Accelerator Documentation