Amazon CLF-C02 AWS Certified Cloud Practitioner Exam Practice Test

Answer : B

Amazon Inspector is a service that provides automated security assessment and management for AWS resources, such as Amazon EC2 instances. Amazon Inspector can scan applications for common vulnerabilities, such as SQL injection, cross-site scripting, and remote code execution. Amazon Inspector can also check the configuration of AWS resources against security best practices, such as the CIS Benchmarks and the AWS Security Best Practices.Amazon Inspector can help customers identify and remediate security issues, comply with security standards, and improve the security posture of their AWS environment12.Reference:

Amazon Inspector

Improved, Automated Vulnerability Management for Cloud Workloads with a New Amazon Inspector | AWS News Blog

Answer : D

AWS SDKs are a set of tools that allow users to connect with AWS and deploy resources programmatically. AWS SDKs provide libraries, code samples, documentation, and other resources to help users write code that interacts with AWS APIs. AWS SDKs support various programming languages, such as Java, Python, Ruby, .NET, Node.js, Go, and more. AWS SDKs make it easier for users to access AWS services, such as Amazon S3, Amazon EC2, Amazon DynamoDB, AWS Lambda, and more, from their applications. AWS SDKs also handle tasks such as authentication, error handling, retries, and data serialization, so users can focus on their application logic .

The other options are not AWS services or tools that give users the ability to connect with AWS and deploy resources programmatically.Amazon QuickSight is a business intelligence service that lets users create and share interactive dashboards and visualizations1.AWS PrivateLink is a service that enables users to securely access services hosted on AWS in a scalable and cost-effective manner2.AWS Direct Connect is a service that establishes a dedicated network connection between a user's premises and AWS3.

Answer : A

AWS Trusted Advisor is a service that provides real-time guidance to help optimize AWS resources, improve security, and maximize performance. It includes a Security category that can identify security group configurations that allow unrestricted access to specific ports.It offers recommendations and alerts to help remediate misconfigurations and ensure proper security practices1.Reference:

Amazon CLF-C02: Which AWS service monitor for misconfigured security groups allowing unrestricted access to specific ports - PUPUWEB

Answer : C

AWS CloudTrail is the service that can be used to meet these requirements. AWS CloudTrail is a service that records AWS API calls for your account and delivers log files to you.The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service1. You can use CloudTrail to track the activity in your AWS accounts, such as who made an API call, when it was made, and what resources were affected.You can also use CloudTrail to monitor the compliance, security, and governance of your AWS environment2. The other services are not designed to track the activity and API calls in your AWS accounts. Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications.You can use CloudWatch to set alarms, visualize data, and automate actions based on predefined thresholds or rules3. Amazon Inspector is a service that helps you improve the security and compliance of your applications running on AWS.Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices4. AWS IAM is a service that enables you to manage access to AWS services and resources securely. IAM allows you to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.Reference:AWS CloudTrail,AWS CloudTrail -- Capture AWS API Activity,Amazon CloudWatch,Amazon Inspector, [AWS IAM]

Answer : B

AWS WAF is a web application firewall service that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.You can use AWS WAF to create rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define1.AWS WAF also integrates with other AWS services, such as Amazon CloudFront, Amazon API Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense against web attacks2. Therefore, AWS WAF meets the requirements of the social media company, compared to the other options.

The other options are not suitable for the social media company's requirements, because:

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.However, Amazon Inspector does not provide a web application firewall service that can block malicious web requests3.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.However, Amazon GuardDuty does not provide a web application firewall service that can block malicious web requests4.

Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Amazon CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, and visualizes it using automated dashboards, alarms, and notifications. However, Amazon CloudWatch does not provide a web application firewall service that can block malicious web requests.

What Is AWS WAF? - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

AWS WAF Features - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

What Is Amazon Inspector? - Amazon Inspector

What Is Amazon GuardDuty? - Amazon GuardDuty

[What Is Amazon CloudWatch? - Amazon CloudWatch]

Answer : C

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data can be published to the following locations: Amazon CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose.You can use VPC Flow Logs to monitor network traffic, diagnose security issues, troubleshoot connectivity problems, and perform network forensics1.Reference:

Logging IP traffic using VPC Flow Logs - Amazon Virtual Private Cloud

Answer : A

AWS Budgets is a service that allows you to set custom budgets for your AWS costs and usage, and receive alerts via email or Amazon SNS notifications if you exceed or are forecasted to exceed your budgeted amount1.You can create budgets based on different dimensions, such as service, linked account, tag, or purchase option, and define various types of alerts, such as actual, forecasted, or RI utilization alerts2.You can also configure custom actions to automatically execute remediation tasks or workflows when a budget threshold is breached3. AWS Budgets is the only service among the options that can send alerts to customers if custom spending thresholds are exceeded.The other options are not AWS services that provide this functionality.