CLF-C02 Dumps
CLF-C02 Braindumps CLF-C02 Real Questions CLF-C02 Practice Test
CLF-C02 Actual Questions
killexams.com
AWS Certified Cloud Practitioner
https://killexams.com/pass4sure/exam-detail/CLF-C02
Which tasks are the responsibility of AWS, according to the AWS shared responsibility model? (Select TWO.)
Patch AWS network devices.
Set user password rules.
Provide physical security for compute resources.
Configure security groups.
Patch the operating system of an Amazon EC2 instance.
Explanation:
The correct answers are A and C because patching AWS network devices and providing physical security for compute resources are tasks that are the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are tasks that are the responsibility of the customer, according to the AWS shared responsibility model. Setting user password rules, configuring security groups, and patching the operating system of an Amazon EC2 instance are all tasks that the customer has to perform to secure their AWS environment.
Reference: AWS Shared Responsibility Model
Which AWS service or feature captures information about the network traffic to and from an Amazon EC2 instance?
VPC Reachability Analyzer
Amazon Athena
VPC Flow Logs
AWS X-Ray
Explanation:
The correct answer is C because VPC Flow Logs is an AWS service or feature that captures information about the
network traffic to and from an Amazon EC2 instance. VPC Flow Logs is a feature that enables customers to capture information about the IP traffic going to and from network interfaces in their VPC. VPC Flow Logs can help customers to monitor and troubleshoot connectivity issues, such as traffic not reaching an instance or traffic being rejected by a security group. The other options are incorrect because they are not AWS services or features that capture information about the network traffic to and from an Amazon EC2 instance. VPC Reachability Analyzer is an AWS service or feature that enables customers to perform connectivity testing between resources in their VPC and identify configuration issues that prevent connectivity. Amazon Athena is an AWS service that enables customers to query data stored in Amazon S3 using standard SQL. AWS X-Ray is an AWS service that enables customers to analyze and debug distributed applications, such as those built using a microservices architecture.
Reference: VPC Flow Logs
Which of the following are pillars of the AWS Well-Architected Framework? (Select TWO.)
Availability
Reliability
Scalability
Responsive design
Operational excellence
Explanation:
The correct answers to the questions are B and E because reliability and operational excellence are pillars of the AWS Well-Architected Framework. The AWS Well-Architected Framework is a set of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. The AWS Well-Architected Framework consists of five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. Each pillar has a set of design principles that describe the characteristics of a well-architected system. Reliability is the pillar that focuses on the ability of a system to recover from failures and meet business and customer demand. Operational excellence is the pillar that focuses on the ability of a system to run and monitor processes that support business outcomes and continually improve. The other options are incorrect because they are not pillars of the AWS Well-Architected Framework. Availability, scalability, and responsive design are important aspects of cloud architecture, but they are not separate pillars in the framework. Availability and scalability are related to the reliability and performance efficiency pillars, while responsive design is related to the customer experience and user interface.
Reference: AWS Well-Architected Framework
Which tasks are customer responsibilities according to the AWS shared responsibility model? (Select TWO.)
Determine application dependencies with operating systems.
Provide user access with AWS Identity and Access Management (1AM).
Secure the data center in an Availability Zone.
Patch the hypervisor.
Provide network availability in Availability Zones.
Explanation:
The correct answer to the question is B because providing user access with AWS Identity and Access Management (IAM) is a customer responsibility according to the AWS shared responsibility model.
The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. IAM is an AWS service that enables customers to manage access and permissions to AWS resources and services. Customers are responsible for creating and managing IAM users, groups, roles, and policies, and ensuring that they follow the principle of least privilege.
Reference: AWS Shared Responsibility Model
A user wants to identify any security group that is allowing unrestricted incoming SSH traffic. Which AWS service can be used to accomplish this goal?
Amazon Cognito
AWS Shield
Amazon Macie
AWS Trusted Advisor
Explanation:
The correct answer to the question is D because AWS Trusted Advisor is an AWS service that can be used to accomplish the goal of identifying any security group that is allowing unrestricted incoming SSH traffic. AWS Trusted Advisor is a service that provides customers with recommendations that help them follow AWS best practices. Trusted Advisor evaluates the customerĂ¢s AWS environment and identifies ways to optimize their AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas. One of the checks that Trusted Advisor performs is the Security Groups - Specific Ports Unrestricted check, which flags security groups that allow unrestricted access to specific ports, such as port 22 for SSH. Customers can use this check to review and modify their security group rules to restrict SSH access to only authorized sources.
Reference: Security Groups - Specific Ports Unrestricted
Which AWS feature or resource is a deployable Amazon EC2 instance template that is prepackaged with software and security requirements?
Amazon Elastic Block Store (Amazon EBS) volume
AWS CloudFormation template
Amazon Elastic Block Store (Amazon EBS) snapshot
Amazon Machine Image (AMI)
Explanation:
An Amazon Machine Image (AMI) is a deployable Amazon EC2 instance template that is prepackaged with software and security requirements. It provides the information required to launch an instance, which is a virtual server in the cloud. You can use an AMI to launch as many instances as you need. You can also create your own custom AMIs or use AMIs shared by other AWS users1.
Which AWS service is a highly available and scalable DNS web service?
Amazon VPC
Amazon CloudFront
Amazon Route 53
Amazon Connect
Explanation:
Amazon Route 53 is a highly available and scalable DNS web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating domain names into the numeric IP addresses that computers use to connect to each other2. Amazon Route 53 also offers other features such as health checks, traffic management, domain name registration, and DNSSEC3.
Which of the following is a characteristic of the AWS account root user?
The root user is the only user that can be configured with multi-factor authentication (MFA).
The root user is the only user that can access the AWS Management Console.
The root user is the first sign-in identity that is available when an AWS account is created.
The root user has a password that cannot be changed.
Explanation:
The AWS account root user is the first sign-in identity that is available when an AWS account is created. It has complete access to all AWS services and resources in the account. The root user email address and password are the same credentials that are used to sign in to the AWS Management Console4. The root user should be used only to perform a few account and service management tasks. For day-to-day tasks, it is recommended to use AWS Identity
and Access Management (IAM) users or roles instead.
Which AWS service provides the ability to host a NoSQL database in the AWS Cloud?
Amazon Aurora
Amazon DynamoDB
Amazon RDS
Amazon Redshift
Explanation:
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. It supports both key-value and document data models, and allows you to create tables that can store and retrieve any amount of data, and serve any level of request traffic. You can also use DynamoDB Streams to capture data modification events in DynamoDB tables.