Amazon AWS Certified Cloud Practitioner CLF-C02 Exam Questions

Answer : B

AWS Enterprise Support is the AWS Support plan that includes an AWS concierge whom the company can ask for assistance.According to the AWS Support Plans page, AWS Enterprise Support provides 'a dedicated Technical Account Manager (TAM) who provides advocacy and guidance to help plan and build solutions using best practices, coordinate access to subject matter experts, and proactively keep your AWS environment operationally healthy.'2AWS Business Support, AWS Developer Support, and AWS Basic Support do not include a TAM or a concierge service.

Answer : D

Answer : A

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. With AWS Config, you can review changes in configurations and relationships between AWS resources, dive into detailed resource configuration histories, and determine your overall compliance against the configurations specified in your internal guidelines.This can help you simplify compliance auditing, security analysis, change management, and operational troubleshooting1.

Answer : B

AWS Direct Connect gives users the ability to provision a dedicated and private network connection from their internal network to AWS. AWS Direct Connect links the user's internal network to an AWSDirect Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to the user's router, the other to an AWS Direct Connect router.With this connection in place, the user can create virtual interfaces directly to the AWS cloud and Amazon Virtual Private Cloud (Amazon VPC), bypassing internet service providers in the network path2.

Answer : A

Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud. It allows you to launch virtual servers, called instances, with different configurations of CPU, memory, storage, and networking resources. AWS Compute Optimizer analyzes the specifications and utilization metrics of your Amazon EC2 instances and generates recommendations for optimal instance types that can reduce costs and improve performance.You can view the recommendations on the AWS Compute Optimizer console or the Amazon EC2 console12.

Amazon RDS, Amazon Lightsail, and AWS Step Functions are not supported by AWS Compute Optimizer. Amazon RDS is a managed relational database service that lets you set up, operate, and scale a relational database in the cloud. Amazon Lightsail is an easy-to-use cloud platform that offers everything you need to build an application or website, plus a cost-effective, monthly plan.AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly3.

Answer : C

C is correct because turning on multi-factor authentication (MFA) for added security during the login process is one of the IAM security best practices recommended by AWS. MFA adds an extra layer of protection on top of the user name and password, making it harder for attackers to access the AWS account. A is incorrect because using the account root user access keys for administrative tasks is not a good practice, as the root user has full access to all the resources in the AWS account and can cause irreparable damage if compromised. AWS recommends creating individual IAM users with the least privilege principle and using roles for applications that run on Amazon EC2 instances. B is incorrect because granting broad permissions so that all company employees can access the resources they need is not a good practice, as it increases the risk of unauthorized or accidental actions on the AWS resources. AWS recommends granting only the permissions that are required to perform a task and using groups to assign permissions to IAM users. D is incorrect because avoiding rotating credentials to prevent issues in production applications is not a good practice, as it increases the risk of credential leakage or compromise. AWS recommends rotating credentials regularly and using temporary security credentials from AWS STS when possible.

Answer : B

Establishing an AWS Direct Connect connection between the VPC and the company's on-premises network is the action that the company should take to meet the requirement of having a dedicated connection between the VPC and the company's on-premises network. AWS Direct Connect is a service that lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using AWS Direct Connect, you can create a private connection between AWS and your datacenter, office, or colocation environment, which can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. Establishing a VPN connection between the VPC and the company's on-premises network is an action that the company can take to create a secure and encrypted connection between the VPC and the company's on-premises network, but it is not a dedicated connection, as it uses the public internet as the transport mechanism. Attaching an internet gateway to the VPC and using the AWS public endpoints for connectivity is an action that the company can take to enable communication between the VPC and the internet, but it is not a dedicated connection, as it also uses the public internet as the transport mechanism. Configuring Amazon Connect to provide connectivity between the VPC and the company's on-premises network is not an action that the company can take, because Amazon Connect is a service that lets you set up and manage a contact center in the cloud, but it does not provide network connectivity between the VPC and the company's on-premises network.