Here you have the best Amazon CLF-C02 practice exam questions
A company plans to use an Amazon Snowball Edge device to transfer files to the AWS Cloud.
Which activities related to a Snowball Edge device are available to the company at no cost?
The company can use the Snowball Edge appliance without incurring costs for up to a 10-day period. AWS generally includes 10 days of usage in their service fee for the Snowball Edge device. This means that there will be no additional charge for the first 10 days of use. Other activities, like daily use beyond the 10-day period and data transfer out of Amazon S3, typically incur additional charges. Therefore, using the device for 10 days is a cost-free activity for the company.
A company has deployed applications on Amazon EC2 instances. The company needs to assess application vulnerabilities and must identify infrastructure deployments that do not meet best practices.
Which AWS service can the company use to meet these requirements?
Amazon Inspector is specifically designed to assess the security of applications deployed on Amazon EC2 instances. It identifies vulnerabilities and deviations from best practices, providing detailed findings that help improve the security posture of your applications. This makes it the most suitable service for the company's need to assess application vulnerabilities and identify infrastructure deployments that do not meet best practices.
A company has a centralized group of users with large file storage requirements that have exceeded the space available on premises. The company wants to extend its file storage capabilities for this group while retaining the performance benefit of sharing content locally.
What is the MOST operationally efficient AWS solution for this scenario?
To extend file storage capabilities while retaining local performance benefits, deploying an AWS Storage Gateway file gateway is the most operationally efficient solution. This enables seamless extension of on-premises file storage into the AWS Cloud, providing low-latency access to data stored in Amazon S3, and maintaining the performance benefit of local access. It also centralizes storage management and simplifies administration, eliminating the need for individual S3 buckets for each user.
According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?
According to security best practices, the most secure way to give an Amazon EC2 instance access to an Amazon S3 bucket is by having the EC2 instance assume a role to obtain the necessary privileges. This method employs AWS Identity and Access Management (IAM) roles to grant temporary permissions to the instance. This approach is preferred because it eliminates the need to hard code or store access keys directly on the instance or in application code, thereby reducing the risk of credential exposure and adhering to the principle of least privilege. By assuming a role, the EC2 instance is granted only the permissions it needs for a limited duration, enhancing overall security.
Which option is a customer responsibility when using Amazon DynamoDB under the AWS Shared Responsibility Model?
Under the AWS Shared Responsibility Model, AWS is responsible for the physical security, patching, and encryption of data at rest in DynamoDB. The customer is responsible for managing access to their DynamoDB tables, which includes defining permissions, roles, and policies to control who can access the tables and what actions they can perform. This involves setting up appropriate IAM policies and roles to restrict access to authorized users and applications.