Home / Amazon / CLF-C02

Question list

List of questions

Question 1

(4)

According to the AWS shared responsibility model, which of the following are AWS responsibilities? (Select TWO.)

Question 2

(3)

Which options does AWS make available for customers who want to learn about security in the cloud in an instructor-led setting? (Select TWO.)

Question 3

(4)

A company is using a third-party service to back up 10 TB of data to a tape library. The on-premises backup server is running out of space. The company wants to use AWS services for the backups with

Question 4

(3)

Which AWS Support plan provides customers with access to an AWS technical account manager (TAM)?

Question 5

(4)

A company is designing a web application that will run on Amazon EC2 instances. Which AWS services and features will improve availability and reduce the impact of failures for this application? (S

Question 6

(3)

An Availability Zone consists of:

Question 7

(3)

A company wants to ensure that two Amazon EC2 instances are in separate data centers with minimal communication latency between the data centers. How can the company meet this requirement?

Question 8

(3)

A company wants to host its relational databases on AWS. The databases have predefined schemas that the company needs to replicate on AWS. Which AWS services could the company use for the databases

Question 9

(3)

Which of the following are benefits that a company receives when it moves an on-premises production workload to AWS? (Select TWO.)

Question 10

(3)

A company needs a content delivery network that provides secure delivery of data, videos, applications, and APIs to users globally with low latency and high transfer speeds. Which AWS service meets

Question 606 - CLF-C02 discussion

A user wants to allow applications running on an Amazon EC2 instance to make calls to other AWS services. The access granted must be secure. Which AWS service or feature should be used?

Security groups

AWS Firewall Manager

IAM roles

IAM user SSH keys

Suggested answer: C

Explanation:

IAM roles are a secure way to grant permissions to applications running on an Amazon EC2 instance to make calls to other AWS services. IAM roles are entities that have specific permissions policies attached to them. You can create an IAM role and associate it with an EC2 instance when you launch it or later. The applications on the instance can then use the temporary credentials provided by the role to access AWS resources that the role allows.This way, you do not have to store any long-term credentials or access keys on the instance, which reduces the risk of compromise or misuse12.

The other options are not correct, because:

Security groups are virtual firewalls that control the inbound and outbound traffic for your EC2 instances.Security groups do not grant permissions to access other AWS services, but rather filter the network traffic based on rules that you define3.

AWS Firewall Manager is a service that helps you centrally configure and manage firewall rules across your accounts and resources. AWS Firewall Manager works with AWS WAF, AWS Shield Advanced, and Amazon VPC security groups.AWS Firewall Manager does not grant permissions to access other AWS services, but rather helps you enforce consistent security policies across your AWS infrastructure4.

IAM user SSH keys are credentials that allow you to connect to your EC2 instance using SSH.SSH keys do not grant permissions to access other AWS services, but rather authenticate your identity when you log in to your instance5.

Using an IAM role to grant permissions to applications running on Amazon EC2 instances - AWS Identity and Access Management

IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud

Security groups for your VPC - Amazon Virtual Private Cloud

What is AWS Firewall Manager? - AWS Firewall Manager

Connecting to your Linux instance using SSH - Amazon Elastic Compute Cloud

Show Answer

asked 16/09/2024

Mark Oh

36 questions

Your answer: A B C D

0 comments

Sorted by