ExamGecko
Home / Amazon / CLF-C02 / List of questions
Ask Question

Amazon CLF-C02 Practice Test - Questions Answers, Page 30

List of questions

Question 291

Report
Export
Collapse

A company wants to store data with high availability, encrypt the data at rest, and have direct access to the data over the internet.

Which AWS service will meet these requirements MOST cost-effectively?

Amazon Elastic Block Store (AmazonEBS)
Amazon Elastic Block Store (AmazonEBS)
Amazon S3
Amazon S3
Most voted
(1)
Most voted
Amazon Elastic File System (Amazon EFS)
Amazon Elastic File System (Amazon EFS)
AWS Storage Gateway
AWS Storage Gateway
Suggested answer: C

Explanation:

Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. It is built to scale on demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.

Amazon EFS offers two storage classes: the Standard storage class, and the Infrequent Access storage class (EFS IA). EFS IA provides price/performance that is cost-optimized for files not accessed every day. Amazon EFS encrypts data at rest and in transit, and supports direct access over the internet4.

asked 16/09/2024
Maria Janice Lecias
49 questions

Question 292

Report
Export
Collapse

Which AWS service or feature enables users to encrypt data at rest in Amazon S3?

1AM policies
1AM policies
Server-side encryption
Server-side encryption
Amazon GuardDuty
Amazon GuardDuty
Client-side encryption
Client-side encryption
Suggested answer: B

Explanation:

Server-side encryption is an encryption option that Amazon S3 provides to encrypt data at rest in Amazon S3. With server-side encryption, Amazon S3 encrypts an object before saving it to disk in its data centers and decrypts it when you download the objects. You have three server-side encryption options to choose from: SSE-S3, SSE-C, and SSE-KMS. SSE-S3 uses keys that are managed by Amazon S3. SSE-C allows you to manage your own encryption keys. SSE-KMS uses keys that are managed by AWS Key Management Service (AWS KMS)5.

asked 16/09/2024
Tristan Zerner
45 questions

Question 293

Report
Export
Collapse

An auditor is preparing for an annual security audit. The auditor requests certification details for a company's AWS hosted resources across multiple Availability Zones in the us-east-1 Region.

How should the company respond to the auditor's request?

Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
Open an AWS Support ticket to request that the AWS technical account manager (TAM) respond and help the auditor.
Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company operates.
Open an AWS Support ticket to request that the auditor receive approval to conduct an onsite assessment of the AWS data centers in which the company operates.
Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
Explain to the auditor that AWS does not need to be audited because the company's application is hosted in multiple Availability Zones.
Use AWS Artifact to download the applicable report for AWS security controls. Provide the report to the auditor.
Use AWS Artifact to download the applicable report for AWS security controls. Provide the report to the auditor.
Suggested answer: D

Explanation:

AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS' security and compliance reports and select online agreements.

Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA). You can use AWS Artifact to download the applicable report for AWS security controls and provide it to the auditor.

asked 16/09/2024
Stefan Duerr
26 questions

Question 294

Report
Export
Collapse

Which benefits can customers gain by using AWS Marketplace? (Select TWO.)

Speed of business
Speed of business
Fewer legal objections
Fewer legal objections
Ability to pay with credit cards
Ability to pay with credit cards
No requirement for product licenses for any products
No requirement for product licenses for any products
Free use of all services for the first hour
Free use of all services for the first hour
Suggested answer: A, B

Explanation:

AWS Marketplace is a digital catalog that offers thousands of software products and solutions from independent software vendors (ISVs) and AWS partners. Customers can use AWS Marketplace to find, buy, and deploy software on AWS. Some of the benefits of using AWS Marketplace are:

Speed of business: You can quickly and easily discover and deploy software that meets your business needs, without having to go through lengthy procurement processes. You can also use AWS Marketplace to test and compare different solutions before making a purchase decision.

Fewer legal objections: You can benefit from standardized contract terms and conditions that are pre-negotiated between AWS and the ISVs. This reduces the time and effort required to review and approve legal agreements.

asked 16/09/2024
Rozsahegyi Jozsef
34 questions

Question 295

Report
Export
Collapse

A company wants to receive alerts to monitor its overall operating costs for its AWS public cloud infrastructure.

Which AWS offering will meet these requirements?

Amazon EventBridge
Amazon EventBridge
Compute Savings Plans
Compute Savings Plans
AWS Budgets
AWS Budgets
Migration Evaluator
Migration Evaluator
Suggested answer: C

Explanation:

AWS Budgets is a service that enables you to plan your service usage, service costs, and instance reservations. You can use AWS Budgets to create custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to monitor how close your usage and costs are to meeting your reservation purchases1

asked 16/09/2024
Abigail Bormann
40 questions

Question 296

Report
Export
Collapse

According to the AWS shared responsibility model, which task is the customer's responsibility?

Maintaining the infrastructure needed to run AWS Lambda
Maintaining the infrastructure needed to run AWS Lambda
Updating the operating system of Amazon DynamoDB instances
Updating the operating system of Amazon DynamoDB instances
Maintaining Amazon S3 infrastructure
Maintaining Amazon S3 infrastructure
Updating the guest operating system on Amazon EC2 instances
Updating the guest operating system on Amazon EC2 instances
Suggested answer: D

Explanation:

The AWS shared responsibility model describes the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the hardware, software, networking, and facilities that run AWS services. The customer is responsible for security in the cloud, which includes the customer data, applications, operating systems, and network and firewall configurations. Therefore, updating the guest operating system on Amazon EC2 instances is the customer's responsibility2

asked 16/09/2024
Gajendran Balasingam
39 questions

Question 297

Report
Export
Collapse

Which of the following actions are controlled with AWS Identity and Access Management (1AM)?

(Select TWO.)

Control access to AWS service APIs and to other specific resources.
Control access to AWS service APIs and to other specific resources.
Provide intelligent threat detection and continuous monitoring.
Provide intelligent threat detection and continuous monitoring.
Protect the AWS environment using multi-factor authentication (MFA).
Protect the AWS environment using multi-factor authentication (MFA).
Grant users access to AWS data centers.
Grant users access to AWS data centers.
Provide firewall protection for applications from common web attacks.
Provide firewall protection for applications from common web attacks.
Suggested answer: A, C

Explanation:

AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely. You can use IAM to perform the following actions:

Control access to AWS service APIs and to other specific resources: You can create users, groups, roles, and policies that define who can access which AWS resources and how. You can also use IAM to grant temporary access to users or applications that need to perform certain tasks on your behalf3 Protect the AWS environment using multi-factor authentication (MFA): You can enable MFA for your IAM users and root user to add an extra layer of security to your AWS account. MFA requires users to provide a unique authentication code from an approved device or SMS text message, in addition to their user name and password, when they sign in to AWS4

asked 16/09/2024
Michael Weaver
22 questions

Question 298

Report
Export
Collapse

A company needs to securely store important credentials that an application uses to connect users to a database.

Which AWS service can meet this requirement with the MINIMAL amount of operational overhead?

AWS Key Management Service (AWS KMS)
AWS Key Management Service (AWS KMS)
AWS Config
AWS Config
AWS Secrets Manager
AWS Secrets Manager
Amazon GuardDuty
Amazon GuardDuty
Suggested answer: C

Explanation:

AWS Secrets Manager is a service that helps you protect secrets needed to access your applications, services, and IT resources. You can use AWS Secrets Manager to store, rotate, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. AWS Secrets Manager eliminates the need to hardcode sensitive information in plain text, and reduces the risk of unauthorized access or leakage. AWS Secrets Manager also integrates with other AWS services, such as AWS Lambda, Amazon RDS, and AWS CloudFormation, to simplify the management of secrets across your environment5

asked 16/09/2024
Hector Quintero
47 questions

Question 299

Report
Export
Collapse

Which AWS service or feature is associated with a subnet in a VPC and is used to control inbound and outbound traffic?

Amazon Inspector
Amazon Inspector
Network ACLs
Network ACLs
AWS Shield
AWS Shield
VPC Flow Logs
VPC Flow Logs
Suggested answer: B

Explanation:

Network ACLs (network access control lists) are an optional layer of security for your VPC that act as a firewall for controlling traffic in and out of one or more subnets. You can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not track the traffic that flows through them. Therefore, you must create rules for both inbound and outbound traffic.

asked 16/09/2024
saharat pinsaran
43 questions

Question 300

Report
Export
Collapse

Which task does AWS perform automatically?

Encrypt data that is stored in Amazon DynamoDB.
Encrypt data that is stored in Amazon DynamoDB.
Most voted
(1)
Most voted
Patch Amazon EC2 instances.
Patch Amazon EC2 instances.
Encrypt user network traffic.
Encrypt user network traffic.
Create TLS certificates for users' websites.
Create TLS certificates for users' websites.
Suggested answer: B

Explanation:

AWS performs some tasks automatically to help you manage and secure your AWS resources. One of these tasks is patching Amazon EC2 instances. AWS provides two options for patching your EC2 instances: managed instances and patch baselines. Managed instances are a group of EC2 instances or on-premises servers that you can manage using AWS Systems Manager. Patch baselines define the patches that AWS Systems Manager applies to your instances. You can use AWS Systems Manager to automate the process of patching your instances based on a schedule or a maintenance window.

asked 16/09/2024
ronald ramos
44 questions
Total 798 questions
Go to page: of 80

Related questions