Amazon CLF-C02 Practice Test - Questions Answers, Page 33
List of questions
Question 321
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is running its application in the AWS Cloud. The company wants to periodically review its AWS account for cost optimization opportunities.
Which AWS service or tool can the company use to meet these requirements?
Explanation:
AWS Cost Explorer is an AWS service or tool that the company can use to periodically review its AWS account for cost optimization opportunities. AWS Cost Explorer is a tool that enables the company to visualize, understand, and manage their AWS costs and usage over time. The company can use AWS Cost Explorer to access interactive graphs and tables that show the breakdown of their costs and usage by service, region, account, tag, and more. The company can also use AWS Cost Explorer to forecast their future costs, identify trends and anomalies, and discover potential savings by using Reserved Instances or Savings Plans.
Question 322
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A developer who has no AWS Cloud experience wants to use AWS technology to build a web application.
Which AWS service should the developer use to start building the application?
Explanation:
Amazon Lightsail is an easy-to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan1. It is designed for developers who have little or no prior cloud experience and want to launch and manage applications on AWS with minimal complexity2. Amazon SageMaker is a service for building, training, and deploying machine learning models3. AWS Lambda is a service that lets you run code without provisioning or managing servers4.
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service.
Question 323
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company wants to monitor for misconfigured security groups that are allowing unrestricted access to specific ports.
Which AWS service will meet this requirement?
Explanation:
AWS Trusted Advisor is an online tool that provides you real time guidance to help you provision your resources following AWS best practices, including security and performance. It can help you monitor for misconfigured security groups that are allowing unrestricted access to specific ports. Amazon CloudWatch is a service that monitors your AWS resources and the applications you run on AWS.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. AWS Health Dashboard provides relevant and timely information to help you manage events in progress, and provides proactive notification to help you plan for scheduled activities.
Question 324
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
An IT engineer needs to access AWS services from an on-premises application.
Which credentials or keys does the application need for authentication?
Explanation:
IAM access keys are long-term credentials that consist of an access key ID and a secret access key.
You use access keys to sign programmatic requests that you make to AWS. If you need to access AWS services from an on-premises application, you can use IAM access keys to authenticate your requests. AWS account user name and password are used to sign in to the AWS Management Console. Amazon EC2 key pairs are used to connect to your EC2 instances using SSH. AWS Key Management Service (AWS KMS) keys are used to encrypt and decrypt your data using the AWS Encryption SDK or the AWS CLI.
Question 325
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company simulates workflows to review and validate that all processes are effective and that staff are familiar with the processes.
Which design principle of the AWS Well-Architected Framework is the company following with this practice?
Explanation:
Refining operation procedures frequently is one of the design principles of the operational excellence pillar of the AWS Well-Architected Framework. It means that you should review and validate your processes regularly to ensure they are effective and that staff are familiar with them. Performing operations as code, making frequent, small, reversible changes, and structuring the company to support business outcomes are design principles of other pillars of the AWS Well-Architected Framework.
Question 326
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company wants to launch its web application in a second AWS Region. The company needs to determine which services must be regionally configured for this launch.
Which AWS services can be configured at the Region level? (Select TWO.)
Explanation:
Amazon Route 53 and AWS WAF are AWS services that can be configured at the Region level.
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service that lets you register domain names, route traffic to resources, and check the health of your resources. AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits that may affect availability, compromise security, or consume excessive resources. Amazon EC2, Amazon CloudFront, and Amazon DynamoDB are AWS services that can be configured at the global level or the Availability Zone level .
Question 327
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company needs to identify who accessed an AWS service and what action was performed for a given time period.
Which AWS service should the company use to meet this requirement?
Explanation:
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. You can use CloudTrail to identify who accessed an AWS service and what action was performed for a given time period. Amazon CloudWatch, AWS Security Hub, and Amazon Inspector are AWS services that provide different types of monitoring and security capabilities.
Question 328
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is running its application in the AWS Cloud and wants to protect against a DDoS attack.
The company's security team wants near real-time visibility into DDoS attacks.
Which AWS service or traffic filter will meet these requirements with the MOST features for DDoS protection?
Explanation:
AWS Shield Advanced is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield Advanced provides you with 24x7 access to the AWS DDoS Response Team (DRT) and protection against DDoS attacks of any size or duration. AWS Shield Advanced also provides near real-time visibility into attacks, advanced attack mitigation capabilities, and integration with AWS WAF and AWS Firewall Manager1. AWS Shield is a standard service that provides always-on detection and automatic inline mitigations to minimize application downtime and latency, but it does not offer the same level of features and support as AWS Shield Advanced2. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it does not provide DDoS protection3. Network ACLs are stateless filters that can be associated with a subnet to control the traffic to and from the subnet, but they are not designed to protect against DDoS attacks
Question 329
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
A company is planning to migrate its application to the AWS Cloud.
Which AWS tool or set of resources should the company use to analyze and asses its readiness for migration?
Explanation:
AWS Cloud Adoption Framework (AWS CAF) is a tool that helps organizations understand how cloud adoption transforms the way they work, and it provides structure to identify and address gaps in skills and processes. Applying the AWS CAF in your organization results in an actionable plan that helps you prepare the cloud environment, enable your staff with new skills, and migrate your applications. AWS Pricing Calculator is a tool that helps you estimate the cost of AWS services for your use cases and compare the cost of different AWS service configurations. AWS Well-Architected Framework is a tool that helps you review and improve your cloud-based architectures and better understand the business impact of your design decisions. AWS Budgets is a tool that helps you plan your service usage, service costs, and instance reservations, and track how close your plan is to your budgeted amount.
Question 330
![Export Export](https://examgecko.com/assets/images/icon-download-24.png)
Which task must a user perform by using the AWS account root user credentials?
Explanation:
Changing AWS Support plans is a task that must be performed by using the AWS account root user credentials. The root user is the email address that you used to sign up for AWS. It has complete access to all AWS services and resources in the account. You should use the root user only to perform a few account and service management tasks, such as changing AWS Support plans, closing the account, or changing the account name or email address. Making changes to AWS production resources, accessing AWS Cost and Usage Reports, and granting auditors access to an AWS account for a compliance audit are tasks that can be performed by using IAM users or roles, which are entities that you create in AWS to delegate permissions to access AWS services and resources.
Question