Amazon CLF-C02 AWS Certified Cloud Practitioner Exam Practice Test

Page: 1 / 14
Total 625 questions
Question 1
Question 2

Which AWS service or tool gives users the ability to connect with AWS and deploy resources programmatically?



Answer : D

AWS SDKs are a set of tools that allow users to connect with AWS and deploy resources programmatically. AWS SDKs provide libraries, code samples, documentation, and other resources to help users write code that interacts with AWS APIs. AWS SDKs support various programming languages, such as Java, Python, Ruby, .NET, Node.js, Go, and more. AWS SDKs make it easier for users to access AWS services, such as Amazon S3, Amazon EC2, Amazon DynamoDB, AWS Lambda, and more, from their applications. AWS SDKs also handle tasks such as authentication, error handling, retries, and data serialization, so users can focus on their application logic .

The other options are not AWS services or tools that give users the ability to connect with AWS and deploy resources programmatically.Amazon QuickSight is a business intelligence service that lets users create and share interactive dashboards and visualizations1.AWS PrivateLink is a service that enables users to securely access services hosted on AWS in a scalable and cost-effective manner2.AWS Direct Connect is a service that establishes a dedicated network connection between a user's premises and AWS3.


Question 3
Question 4

A company needs to track the activity in its AWS accounts, and needs to know when an API call is made against its AWS resources. Which AWS tool or service can be used to meet these requirements?



Answer : C

AWS CloudTrail is the service that can be used to meet these requirements. AWS CloudTrail is a service that records AWS API calls for your account and delivers log files to you.The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service1. You can use CloudTrail to track the activity in your AWS accounts, such as who made an API call, when it was made, and what resources were affected.You can also use CloudTrail to monitor the compliance, security, and governance of your AWS environment2. The other services are not designed to track the activity and API calls in your AWS accounts. Amazon CloudWatch is a service that monitors and collects metrics, logs, and events from your AWS resources and applications.You can use CloudWatch to set alarms, visualize data, and automate actions based on predefined thresholds or rules3. Amazon Inspector is a service that helps you improve the security and compliance of your applications running on AWS.Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices4. AWS IAM is a service that enables you to manage access to AWS services and resources securely. IAM allows you to create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.Reference:AWS CloudTrail,AWS CloudTrail -- Capture AWS API Activity,Amazon CloudWatch,Amazon Inspector, [AWS IAM]


Question 5

A social media company wants to protect its web application from common web exploits such as SQL injections and cross-site scripting. Which AWS service will meet these requirements?



Answer : B

AWS WAF is a web application firewall service that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.You can use AWS WAF to create rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define1.AWS WAF also integrates with other AWS services, such as Amazon CloudFront, Amazon API Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense against web attacks2. Therefore, AWS WAF meets the requirements of the social media company, compared to the other options.

The other options are not suitable for the social media company's requirements, because:

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.However, Amazon Inspector does not provide a web application firewall service that can block malicious web requests3.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.However, Amazon GuardDuty does not provide a web application firewall service that can block malicious web requests4.

Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Amazon CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, and visualizes it using automated dashboards, alarms, and notifications. However, Amazon CloudWatch does not provide a web application firewall service that can block malicious web requests.


What Is AWS WAF? - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

AWS WAF Features - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

What Is Amazon Inspector? - Amazon Inspector

What Is Amazon GuardDuty? - Amazon GuardDuty

[What Is Amazon CloudWatch? - Amazon CloudWatch]

Question 6
Question 7
Page:    1 / 14   
Total 625 questions