A company hosts a large amount of data in AWS. The company wants to identify if any of the data should be considered sensitive.
Which AWS service will meet the requirement?
A. Amazon Inspector
B. Amazon Macie
C. AWS Identity and Access Management (IAM)
D. Amazon CloudWatch
Correct Answer: B
Amazon Macie is a fully managed service that uses machine learning and pattern matching to help you detect, classify, and better protect your sensitive data stored in the AWS Cloud1. Macie can automatically discover and scan your
Amazon S3 buckets for sensitive data such as personally identifiable information (PII), financial information, healthcare information, intellectual property, and credentials1. Macie also provides you with a dashboard that shows the type,
location, and volume of sensitive data in your AWS environment, as well as alerts and findings on potential security issues1. The other options are not suitable for identifying sensitive data in AWS. Amazon Inspector is a service that helps you
find security vulnerabilities and deviations from best practices in your Amazon EC2 instances2. AWS Identity and Access Management (IAM) is a service that helps you manage access to your AWS resources by creating users, groups, roles,
and policies3. Amazon CloudWatch is a service that helps you monitor and troubleshoot your AWS resources and applications by collecting metrics, logs, events, and alarms4.
References:
1: What Is Amazon Macie? - Amazon Macie
2: What Is Amazon Inspector? - Amazon Inspector
3: What Is IAM? - AWS Identity and Access Management
4: What Is Amazon CloudWatch? - Amazon CloudWatch
Question 242:
A company has all of its servers in the us-east-1 Region. The company is considering the deployment of additional servers different Region. Which AWS tool should the company use to find pricing information for other Regions?
A. Cost Explorer
B. AWS Budgets
C. AWS Purchase Order Management
D. AWS Pricing Calculator
Correct Answer: D
AWS Pricing Calculator lets customers explore AWS services, and create an estimate for the cost of their use cases on AWS. AWS Pricing Calculator can also compare the costs of different AWS Regions and configurations. Cost Explorer is a tool that enables customers to visualize, understand, and manage their AWS costs and usage over time. AWS Budgets gives customers the ability to set custom budgets that alert them when their costs or usage exceed (or are forecasted to exceed) their budgeted amount. AWS Purchase Order Management is a feature that allows customers to pay for their AWS invoices using purchase orders.
Question 243:
A company wants to launch multiple workloads on AWS. Each workload is related to a different business unit. The company wants to separate and track costs for each business unit.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS Organizations and create one account for each business unit.
B. Use a spreadsheet to control the owners and cost of each resource.
C. Use an Amazon DynamoDB table to record costs for each business unit.
D. Use the AWS Billing console to assign owners to resources and track costs.
Correct Answer: A
AWS Organizations is a service that helps you centrally manage and govern your AWS environment. You can use AWS Organizations to create multiple accounts for different business units, and group them into organizational units (OUs)
that reflect your organizational structure1. By doing so, you can separate and track costs for each business unit using the account ID as a cost allocation tag2. You can also use AWS Organizations to apply policies and controls to your
accounts, such as service control policies (SCPs) and tag policies1.
The other options are not suitable for meeting the requirements with the least operational overhead. Using a spreadsheet or a DynamoDB table to control and record costs for each business unit would require manual data entry and
maintenance, which is prone to errors and inconsistencies. Using the AWS Billing console to assign owners to resources and track costs would also require manual tagging of each resource, which is time-consuming and inefficient.
References:
1: What Is AWS Organizations? - AWS Organizations
2: Cost Tagging and Reporting with AWS Organizations | AWS Cloud Financial Management
Question 244:
A company wants its Amazon EC2 instances to share the same geographic area but use multiple independent underlying power sources.
Which solution achieves this goal?
A. Use EC2 instances in a single Availability Zone.
B. Use EC2 instances in multiple AWS Regions.
C. Use EC2 instances in multiple Availability Zones in the same AWS Region.
D. Use EC2 instances in the same edge location and the same AWS Region.
Correct Answer: C
The solution that achieves the goal of having Amazon EC2 instances share the same geographic area but use multiple independent underlying power sources is to use EC2 instances in multiple Availability Zones in the same AWS Region. An Availability Zone is a physically isolated location within an AWS Region that has its own power, cooling, and network connectivity. An AWS Region is a geographical area that consists of two or more Availability Zones. By using multiple Availability Zones, users can increase the fault tolerance and resilience of their applications, as well as reduce latency for end users3. Using EC2 instances in a single Availability Zone, multiple AWS Regions, or the same edge location and the same AWS Region would not meet the requirement of having multiple independent power sources.
Question 245:
Which company needs to apply security rules to a subnet for Amazon EC2 instances.
Which AWS service or feature provides this functionality?
A. Network ACLs
B. Security groups
C. AWS Certificate Manager (ACM)
D. AWS Config
Correct Answer: A
Network ACLs (network access control lists) are an AWS service or feature that provides the functionality of applying security rules to a subnet for EC2 instances. A subnet is a logical partition of an IP network within a VPC (virtual private cloud). A VPC is a logically isolated section of the AWS Cloud where the company can launch AWS resources in a virtual network that they define. A network ACL is a virtual firewall that controls the inbound and outbound traffic for one or more subnets. The company can use network ACLs to allow or deny traffic based on protocol, port, or source and destination IP address. Network ACLs are stateless, meaning that they do not track the traffic that flows through them. Therefore, the company must create rules for both inbound and outbound traffic4
Question 246:
Which AWS Support plan is the minimum recommended tier for users who have production workloads on AWS?
A. AWS Developer Support
B. AWS Enterprise Support
C. AWS Business Support
D. AWS Enterprise On-Ramp Support
Correct Answer: C
AWS Business Support is the minimum recommended tier for users who have production workloads on AWS. AWS Business Support provides 24x7 access to cloud support engineers via phone, chat, or email, as well as a guaranteed response time of less than one hour for urgent issues. AWS Business Support also includes access to AWS Trusted Advisor, a tool that provides real-time guidance to help you provision your resources following AWS best practices4.
Question 247:
A company has migrated its workloads to AWS. The company wants to adopt AWS at scale and operate more efficiently and securely.
Which AWS service or framework should the company use for operational support?
A. AWS Support
B. AWS Cloud Adoption Framework (AWS CAF)
C. AWS Managed Services (AMS)
D. AWS Well-Architected Framework
Correct Answer: C
AWS Managed Services (AMS) helps you adopt AWS at scale and operate more efficiently and securely. We leverage standard AWS services and offer operational guidance with specialized automations, skills, and experience that are contextual to your environment and applications.
Question 248:
A developer has been hired by a large company and needs AWS credentials.
Which are security best practices that should be followed? (Select TWO.)
A. Grant the developer access to only the AWS resources needed to perform the job.
B. Share the AWS account root user credentials with the developer.
C. Add the developer to the administrator's group in AWS IAM.
D. Configure a password policy that ensures the developer's password cannot be changed.
E. Ensure the account password policy requires a minimum length.
Correct Answer: AE
The security best practices that should be followed are A and E. A. Grant the developer access to only the AWS resources needed to perform the job. This is an example of the principle of least privilege, which means giving the minimum permissions necessary to achieve a task. This reduces the risk of unauthorized access, data leakage, or accidental damage to AWS resources. You can use AWS Identity and Access Management (IAM) to create users, groups, roles, and policies that grant fine- grained access to AWS resources12.
E. Ensure the account password policy requires a minimum length. This is a basic security measure that helps prevent brute-force attacks or guessing of passwords. A longer password is harder to crack than a shorter one. You can use IAM to configure a password policy that enforces a minimum password length, as well as other requirements such as complexity, expiration, and history34.
B. Share the AWS account root user credentials with the developer. This is a bad practice that should be avoided. The root user has full access to all AWS resources and services, and can perform sensitive actions such as changing billing information, closing the account, or deleting all resources. Sharing the root user credentials exposes your account to potential compromise or misuse. You should never share your root user credentials with anyone, and use them only for account administration tasks5 . C. Add the developer to the administrator's group in IAM. This is also a bad practice that should be avoided. The administrator's group has full access to all AWS resources and services, which is more than what a developer needs to perform their job. Adding the developer to the administrator's group violates the principle of least privilege and increases the risk of unauthorized access, data leakage, or accidental damage to AWS resources. You should create a custom group for the developer that grants only the necessary permissions for their role12.
D. Configure a password policy that ensures the developer's password cannot be changed. This is another bad practice that should be avoided. Preventing the developer from changing their password reduces their ability to protect their credentials and comply with security policies. For example, if the developer's password is compromised, they cannot change it to prevent further unauthorized access. Or if the company requires periodic password rotation, they cannot update their password to meet this requirement. You should allow the developer to change their password as needed, and enforce a password policy that sets reasonable rules for password management34.
Question 249:
A company uses AWS for its web application. The company wants to minimize latency and perform compute operations for the application as close to end users as possible.
Which AWS service or infrastructure component will provide this functionality?
A. AWS Regions
B. Availability Zones
C. Edge locations
D. AWS Direct Connect
Correct Answer: C
Edge locations are sites that Amazon CloudFront uses to cache copies of your content for faster delivery to users at any location. You can use Amazon CloudFront to deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations. Requests for your content are automatically routed to the nearest edge location, so content is delivered with the best possible performance3. Edge locations can also host AWS Lambda functions to perform compute operations for your web application as close to end users as possible4.
Question 250:
Which AWS services can be used to store files? (Select TWO.)
A. Amazon S3
B. AWS Lambda
C. Amazon Elastic Block Store (Amazon EBS)
D. Amazon SageMaker
E. AWS Storage Gateway
Correct Answer: AC
Amazon S3 and Amazon EBS are two AWS services that can be used to store files . Amazon S3 is an object storage service that offers high scalability, durability, availability, and performance. Amazon EBS is a block storage service that provides persistent and low-latency storage volumes for Amazon EC2 instances. AWS Lambda, Amazon SageMaker, and AWS Storage Gateway are other AWS services that have different purposes, such as serverless computing, machine learning, and hybrid cloud storage .
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CLF-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.