A company has an application that uses AWS services. During scaling events, the company wants to keep application usage within AWS service quotas.
Which AWS services or tools can report on the quotas so that the company can improve the reliability of the application? (Select TWO.)
A. Service Quotas console
B. AWS Trusted Advisor
C. AWS Systems Manager
D. AWS Shield
E. AWS Cost Explorer
Correct Answer: AB
The correct answers are A and B because Service Quotas console and AWS Trusted Advisor are AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. Service Quotas console is an AWS tool that enables users to view and manage their quotas for AWS services from a central location. Users can use Service Quotas console to request quota increases, track quota usage, and set up alarms for approaching quota limits. AWS Trusted Advisor is an AWS service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. One of the categories of checks that AWS Trusted Advisor performs is service limits, which monitors the usage of each AWS service and alerts users when they are close to reaching the default limit. The other options are incorrect because they are not AWS services or tools that can report on the quotas so that the company can improve the reliability of the application. AWS Systems Manager is an AWS service that enables users to automate operational tasks, manage configuration and compliance, and monitor system health and performance. AWS Shield is an AWS service that protects users from distributed denial of service (DDoS) attacks. AWS Cost Explorer is an AWS tool that enables users to visualize, understand, and manage their AWS costs and usage. Reference: Service Quotas, AWS Trusted Advisor FAQs
Question 622:
Which AWS service uses a combination of publishers and subscribers?
A. AWS Lambda
B. Amazon Simple Notification Service (Amazon SNS)
C. Amazon CloudWatch
D. AWS CloudFormation
Correct Answer: B
Amazon Simple Notification Service (Amazon SNS) is a service that provides fully managed pub/sub messaging. Pub/sub messaging is a pattern that uses a combination of publishers and subscribers. Publishers are entities that produce messages and send them to topics. Subscribers are entities that receive messages from topics. Topics are logical access points that act as communication channels between publishers and subscribers. Amazon SNS enables applications to decouple, scale, and coordinate the delivery of messages to multiple endpoints, such as email, SMS, mobile push notifications, Lambda functions, SQS queues, and HTTP/S endpoints. Amazon SNS OverviewAWS Certified Cloud Practitioner
-aws.amazon.com
Question 623:
Which AWS service or feature offers HTTP attack protection to users running public-facing web applications?
A. Security groups
B. Network ACLs
C. AWS Shield Standard
D. AWS WAF
Correct Answer: D
AWS WAF is the AWS service or feature that offers HTTP attack protection to users running public-facing web applications. AWS WAF is a web application firewall that helps users protect their web applications from common web exploits, such as SQL injection, cross-site scripting, and bot attacks. Users can create custom rules to define the web traffic that they want to allow, block, or count. Users can also use AWS Managed Rules, which are pre-configured rules that are curated and maintained by AWS or AWS Marketplace Sellers. AWS WAF can be integrated with other AWS services, such as Amazon CloudFront, Amazon API Gateway, and Application Load Balancer, to provide comprehensive security for web applications. [AWS WAF Overview] AWS Certified Cloud Practitioner - aws.amazon.com
Question 624:
Which AWS Support plan provides customers with access to an AWS technical account manager (TAM)?
A. AWS Basic Support
B. AWS Developer Support
C. AWS Business Support
D. AWS Enterprise Support
Correct Answer: D
The correct answer is D because AWS Enterprise Support is the support plan that provides customers with access to an AWS technical account manager (TAM). AWS Enterprise Support is the highest level of support plan offered by AWS, and it provides customers with the most comprehensive and personalized support experience. An AWS TAM is a dedicated technical resource who works closely with customers to understand their business and technical needs, provide proactive guidance, and coordinate support across AWS teams. The other options are incorrect because they are not support plans that provide customers with access to an AWS TAM. AWS Basic Support is the default and free support plan that provides customers with access to online documentation, forums, and account information. AWS Developer Support is the lowest level of paid support plan that provides customers with access to technical support during business hours, general guidance, and best practice recommendations. AWS Business Support is the intermediate level of paid support plan that provides customers with access to technical support 24/7, system health checks, architectural guidance, and case management. Reference: AWS Support Plans
Question 625:
A security engineer wants a single-tenant AWS solution to create, control, and manage their own cryptographic keys to meet regulatory compliance requirements for data security.
Which AWS service should the engineer use?
A. AWS Key Management Service (AWS KMS)
B. AWS Certificate Manager (ACM)
C. AWS CloudHSM
D. AWS Systems Manager
Correct Answer: C
The correct answer is C because AWS CloudHSM is an AWS service that enables the security engineer to meet the requirements. AWS CloudHSM is a service that provides customers with dedicated hardware security modules (HSMs) to create, control, and manage their own cryptographic keys in the AWS Cloud. AWS CloudHSM allows customers to meet strict regulatory compliance requirements for data security, such as FIPS 140-2 Level 3, PCI-DSS, and HIPAA. The other options are incorrect because they are not AWS services that enable the security engineer to meet the requirements. AWS Key Management Service (AWS KMS) is a service that provides customers with a fully managed, scalable, and integrated key management system to create and control encryption keys for AWS services and applications. AWS KMS does not provide customers with single-tenant or dedicated HSMs. AWS Certificate Manager (ACM) is a service that provides customers with a simple and secure way to provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and internal connected resources. ACM does not provide customers with HSMs or cryptographic keys. AWS Systems Manager is a service that provides customers with a unified user interface to view operational data from multiple AWS services and automate operational tasks across their AWS resources. AWS Systems Manager does not provide customers with HSMs or cryptographic keys. Reference: AWS CloudHSM FAQs
Question 626:
Which AWS benefit is demonstrated by on-demand technology services that enable companies to replace upfront fixed expenses with variable expenses?
A. High availability
B. Economies of scale
C. Pay-as-you-go pricing
D. Global reach
Correct Answer: C
Pay-as-you-go pricing is an AWS benefit that demonstrates the ability of users to replace upfront fixed expenses with variable expenses. With pay-as-you-go pricing, users only pay for the resources they consume, without any long-term contracts or commitments. This can lower the total cost of ownership and increase the return on investment. Pay-as-you-go pricing also provides flexibility and scalability, as users can adjust their resource usage according to their changing needs and demands. AWS Cloud Value FrameworkAWS Certified Cloud Practitioner - aws.amazon.com
Question 627:
Which AWS service will help a company identify the user who deleted an Amazon EC2 instance yesterday?
A. Amazon CloudWatch
B. AWS Trusted Advisor
C. AWS CloudTrail
D. Amazon Inspector
Correct Answer: C
The correct answer is C because AWS CloudTrail is a service that will help a company identify the user who deleted an Amazon EC2 instance yesterday. AWS CloudTrail is a service that enables users to track user activity and API usage across their AWS account. AWS CloudTrail records the details of every API call made to AWS services, such as the identity of the caller, the time of the call, the source IP address of the caller, the parameters and responses of the call, and more. Users can use AWS CloudTrail to audit, monitor, and troubleshoot their AWS resources and actions. The other options are incorrect because they are not services that will help a company identify the user who deleted an Amazon EC2 instance yesterday. Amazon CloudWatch is a service that enables users to collect, analyze, and visualize metrics, logs, and events from their AWS resources and applications. AWS Trusted Advisor is a service that provides real-time guidance to help users follow AWS best practices for security, performance, cost optimization, and fault tolerance. Amazon Inspector is a service that helps users find security vulnerabilities and deviations from best practices in their Amazon EC2 instances. Reference: AWS CloudTrail FAQs
Question 628:
A company is migrating an application that includes an Oracle database to AWS. The company cannot rewrite the application.
To which AWS service could the company migrate the database?
A. Amazon Athena
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon DocumentDB (with MongoDB compatibility)
Correct Answer: C
Amazon Relational Database Service (Amazon RDS) is a service that provides fully managed relational database engines. Amazon RDS supports several database engines, including Oracle, MySQL, PostgreSQL, MariaDB, SQL Server, and Amazon Aurora. Amazon RDS can be used to migrate an application that includes an Oracle database to AWS without rewriting the application, as long as the application is compatible with the Oracle version and edition supported by Amazon RDS. Amazon RDS can also provide benefits such as high availability, scalability, security, backup and restore, and performance optimization. [Amazon RDS Overview] AWS Certified Cloud Practitioner - aws.amazon.com
Question 629:
Which task is the responsibility of AWS, according to the AWS shared responsibility model?
A. Set up multi-factor authentication (MFA) for each Workspaces user account.
B. Ensure the environmental safety and security of the AWS infrastructure that hosts Workspaces.
C. Provide security for Workspaces user accounts through AWS Identity and Access Management (IAM).
D. Configure AWS CloudTrail to log API calls and user activity. A company stores data in an Amazon S3 bucket. The company must control who has permission to read, write, or delete objects that the company stores in the S3 bucket.
Correct Answer: B
The correct answer is B because ensuring the environmental safety and security of the AWS infrastructure that hosts Workspaces is the responsibility of AWS, according to the AWS shared responsibility model. The AWS shared responsibility model is a framework that defines the division of responsibilities between AWS and the customer for security and compliance. AWS is responsible for the security of the cloud, which includes the global infrastructure, such as the regions, availability zones, and edge locations; the hardware, software, networking, and facilities that run the AWS services; and the virtualization layer that separates the customer instances and storage. The customer is responsible for the security in the cloud, which includes the customer data, the guest operating systems, the applications, the identity and access management, the firewall configuration, and the encryption. The other options are incorrect because they are the responsibility of the customer, according to the AWS shared responsibility model. Setting up multi-factor authentication (MFA) for each Workspaces user account, providing security for Workspaces user accounts through AWS Identity and Access Management (IAM), configuring AWS CloudTrail to log API calls and user activity, and encrypting data at rest and in transit are all tasks that the customer has to perform to secure their Workspaces environment. Reference: AWS Shared Responsibility Model, Amazon WorkSpaces Security
Question 630:
A cloud engineer needs to download AWS security and compliance documents for an upcoming audit.
Which AWS service can provide the documents?
A. AWS Trusted Advisor
B. AWS Artifact
C. AWS Well-Architected Tool
D. AWS Systems Manager
Correct Answer: B
AWS Artifact is the AWS service that can provide security and compliance documents for an upcoming audit. AWS Artifact is a self-service portal that allows users to access and download AWS compliance reports and agreements. These documents provide evidence of AWS's compliance with global, regional, and industry-specific security standards and regulations
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Amazon exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CLF-C02 exam preparations and Amazon certification application, do not hesitate to visit our Vcedump.com to find your solutions here.