Amazon CLF-C02 Practice Test - Questions Answers, Page 71

Under the AWS shared responsibility model, AWS is responsible for the security 'of' the cloud, which includes the physical infrastructure, networking, and hypervisor layer. The customer, however, is responsible for security 'in' the cloud, which includes managing the security of their data, patching and maintaining their guest operating system and applications, and managing identity and access. The responsibilities of shredding disk drives, preventing packet capture at the hypervisor level, and physical monitoring are handled by AWS as part of its responsibility for security 'of' the cloud.

An IAM user is created when the company needs to provide unique credentials (username and password) to individuals who need access to the AWS Management Console or programmatic access (using access keys) to AWS services.

B . When the company creates AWS access credentials for individuals: Correct, as an IAM user is created to provide credentials for specific individuals.

D . When the company needs to add users to IAM groups: Correct, as IAM users can be added to groups to apply permissions and policies at a group level.

A . When an application that runs on Amazon EC2 instances requires access to other AWS services: Incorrect, as an IAM role is more appropriate for applications running on EC2 to assume temporary credentials.

C . When the company creates an application that runs on a mobile phone that makes requests to AWS: Incorrect, as using Cognito or a role with temporary credentials is more suitable.

E . When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time: Incorrect, as this use case typically involves IAM roles combined with AWS Single Sign-On (SSO).

AWS Cloud References:

IAM Users and Groups

IAM Roles

AWS Outposts is an AWS offering that brings AWS infrastructure and services to a customer's on-premises location. It allows companies to run AWS services locally while meeting any regulatory or compliance requirements to keep data or applications on-premises. Dedicated Instances are EC2 instances that run on hardware dedicated to a single customer but are still within AWS data centers. Amazon CloudFront is a CDN service, and AWS Fargate is a serverless compute engine for containers, neither of which meets the requirement for running an application on-premises. References:

AWS Outposts

The correct answer is D. AWS Snowball Edge.

AWS Snowball Edge is a physical device that can be used to collect and process data locally and then transfer it to AWS. It is designed for situations where there is limited or intermittent network connectivity, or where bandwidth costs are high. AWS Snowball Edge can store up to 80 TB of data and has compute and storage capabilities to run applications on the device1.

AWS Database Migration Service (AWS DMS) is a service that helps migrate databases to AWS. It does not collect or process data locally, nor does it work offline2.

AWS DataSync is a service that helps transfer data between on-premises storage systems and AWS storage services. It does not collect or process data locally, and it requires a network connection to work3.

AWS Backup is a service that helps automate and manage backups across AWS services. It does not collect or process data locally, nor does it transfer data to AWS. It only backs up data that is already in AWS4.

References:

AWS Glue is a serverless data integration service designed to discover, prepare, move, and integrate data from multiple sources for data analytics and machine learning purposes. It provides a managed ETL (Extract, Transform, Load) service that is ideal for preparing and transforming data for analytics. AWS Data Exchange is used for finding and subscribing to third-party data, Amazon Athena is for querying data stored in Amazon S3 using SQL, and Amazon EMR is for big data processing using Apache Hadoop and Spark, but AWS Glue is specifically designed for data integration and preparation tasks.

AWS Cost Explorer provides a visualization of historical AWS spending patterns and allows users to project future costs based on past usage. It offers advanced filtering and grouping features, enabling users to analyze costs and usage at a granular level. The AWS Cost and Usage Report provides detailed AWS cost and usage data but does not offer visualization or future cost projections. AWS Budgets is used for setting custom cost and usage budgets and receiving alerts. Amazon CloudWatch is for monitoring AWS resources and applications, not for cost management.

AWS Key Management Service (AWS KMS) is designed to integrate with various AWS services to encrypt data at rest. It provides a secure and highly available service to create, control, and manage encryption keys used to encrypt your data. AWS Certificate Manager (ACM) is for managing SSL/TLS certificates, AWS Identity and Access Management (IAM) is for managing user access and permissions, and AWS Security Hub is for security monitoring and compliance, but none of these services provide data encryption at rest like AWS KMS.

AWS Shield Advanced provides enhanced protection against DDoS attacks and includes access to the AWS DDoS Response Team (DRT) to help mitigate complex DDoS events. AWS Shield Standard offers basic DDoS protection, which is included with AWS services, but does not provide access to the DRT. AWS WAF is a web application firewall, and AWS Enterprise Support is a premium support plan but does not specifically provide DDoS mitigation services or access to the DRT.

Refactoring involves re-architecting and modifying an application to take advantage of cloud-native features. In this case, the company wants to modernize a monolithic application by breaking it into microservices. This process aligns with the Refactor strategy, which is aimed at modernizing and re-architecting applications. Rehost, Repurchase, and Replatform do not involve the level of re-architecting needed to move from a monolithic to a microservices architecture.