Amazon CLF-C02 Practice Test - Questions Answers, Page 55

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You can use IAM to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.IAM is always provided at no charge12.Reference:1:AWS Identity and Access Management (IAM) - Amazon Web Services (AWS),2:Which aws service is always provided at no charge? - Brainly.in

Amazon S3 is a service that provides durable storage for static content and infinitely scalable data storage infrastructure at the lowest cost. Amazon S3 is an object storage service that allows you to store and retrieve any amount of data from anywhere on the internet. Amazon S3 offers industry-leading scalability, availability, and performance, as well as 99.999999999% (11 9s) of durability and multi-AZ resilience.Amazon S3 also provides various storage classes that offer different levels of performance and cost optimization, such as S3 Standard, S3 Intelligent-Tiering, S3 Standard-Infrequent Access (S3 Standard-IA), S3 One Zone-Infrequent Access (S3 One Zone-IA), and S3 Glacier456.Amazon S3 is ideal for storing static content, such as images, videos, documents, and web pages, as well as building data lakes, backup and archive solutions, big data analytics, and machine learning applications456.Reference:4:Cloud Storage on AWS,5:Object Storage - Amazon Simple Storage Service (S3) - AWS,6:Amazon S3 Documentation

When you run a NoSQL database on Amazon EC2 instances, you are responsible for managing the database layer and the guest operating system of the instances. This means that you need to perform tasks such as updating the operating system, maintaining high availability, and configuring the security group firewall. AWS is responsible for managing the physical infrastructure that hosts the EC2 instances. This means that AWS ensures that the hardware and firmware of the servers, routers, switches, and other devices are updated and secure.AWS also handles the power, cooling, networking, and security of the data centers12.Reference:CLF-C02: Which task is responsibility of AWS to run NoSQL database on ...,Best Practices for Hosting NoSQL Databases on Amazon EC2

AWS CloudTrail is a service that provides a record of actions taken by a user, role, or an AWS service in your AWS account. CloudTrail captures all API calls for AWS services as events, including calls from the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services.You can use CloudTrail to monitor, audit, and troubleshoot your AWS account activity34.AWS Trusted Advisor is a service that provides best practices recommendations for cost optimization, performance, security, and fault tolerance in your AWS account5.Amazon Inspector is a service that helps you improve the security and compliance of your applications deployed on AWS by automatically assessing them for vulnerabilities and deviations from best practices6.AWS X-Ray is a service that helps you analyze and debug your applications by collecting data about the requests that your application serves, and providing tools to view, filter, and gain insights into that data7.Reference:Logging AWS Audit Manager API calls with CloudTrail,Logging AWS Account Management API calls using AWS CloudTrail,Review API calls in your AWS account using CloudTrail,Monitor the usage of AWS API calls using Amazon CloudWatch,Which service enables customers to audit API calls in their AWS ...

The People perspective in the AWS Cloud Adoption Framework (AWS CAF) serves as a bridge between technology and business, accelerating the cloud journey to help organizations more rapidly evolve to a culture of continuous growth, learning, and where change becomes business-as-normal, with focus on culture, organizational structure, leadership, and workforce1.Reference:People Perspective - AWS Cloud Adoption Framework

AWS Software Development Kit (SDK) is a set of platform-specific building tools for developers. It allows developers to access AWS services from application code using familiar programming languages.It provides pre-built components and libraries that can be incorporated into applications, as well as tools to debug, monitor, and optimize performance2.Reference:What is SDK? - SDK Explained - AWS

Amazon Macie is a data security and privacy service offered by AWS that uses machine learning and pattern matching to discover the sensitive data stored within Amazon S3. You can define your own custom type of sensitive data category that might be unique to your business or use case. Macie also provides you with dashboards and alerts that give you visibility into how your data is being accessed or moved. Macie helps you protect your data by enabling you to apply data protection techniques such as encryption, deletion, access control, and auditing.Reference:Strengthen the security of sensitive data stored in Amazon S3 by using additional AWS services,Security best practices for Amazon S3,Sensitive Data Protection on AWS,Sensitive Data Protection on Amazon Web Services

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS's security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) attestation of compliance, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). AWS Artifact helps you answer the most frequently asked security and compliance questions that AWS receives from its users.Reference:Compliance FAQ,Compliance Solutions Guide

Security groups and network ACLs are two AWS services that can be used to block network traffic to an instance. Security groups are virtual firewalls that control the inbound and outbound traffic for your instances at the instance level. You can specify which protocols, ports, and source or destination IP addresses are allowed or denied for each instance.Security groups are stateful, which means that they automatically allow return traffic for any allowed inbound or outbound traffic123. Network ACLs are virtual firewalls that control the inbound and outbound traffic for your subnets at the subnet level. You can create rules to allow or deny traffic based on protocols, ports, and source or destination IP addresses.Network ACLs are stateless, which means that you have to explicitly allow return traffic for any allowed inbound or outbound traffic456.Reference:1:Security groups for your VPC - Amazon Virtual Private Cloud,2:Security Groups for Your VPC - Amazon Elastic Compute Cloud,3:AWS Security Groups: Everything You Need to Know,4:Network ACLs - Amazon Virtual Private Cloud,5:Control traffic to subnets using network ACLs - Amazon Virtual Private Cloud,6:AWS Network ACLs: Everything You Need to Know