Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CLF-C02 > Unsure 1 > Flashcards

Unsure 1 Flashcards

1
Q

A company wants to have control over creating and using its own keys for encryption on AWS services. Which of the following can be used for this use-case?

Customer managed key (CMK)
AWS owned key
AWS managed key

A

Customer managed key (CMK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a benefit of using AWS managed services such as Amazon Relational Database Service (Amazon RDS) over an on-premises DB?

A

Better performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

T/F - One way to protect data in your RDS DB is to use RDS read replica mode with automatic failover to the standby

A

False, you can only use automatic failover with Multi-AZ deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

T/F - An advantage of AWS is to trade variable expense for capital expense

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

T/F - DynamoDB supports reservations

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

T/F - An advantage of AWS is to trade capital expense for variable expense

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

T/F - S3 supports reservations

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T/F - A Network Address Translation gateway (NAT gateway) is managed by AWS

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

T/F - Security groups have allow and deny rules

A

False, they only have allow rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security groups act at the ________ level, not the ______ level

A

instance; subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F - NACLs have allow and deny rules

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You can use an ______ ___ __ and ______ ______ ___ to access AWS resources programmatically

A

Access Key ID; Secret Access Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

T/F - AWS Shield Advanced provides expanded DDoS attack protection for web applications running on the Global Accelerator

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on Beanstalk

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AWS Shield Advanced provides expanded DDoS attack protection for web applications running on Route 53

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Shield Advanced also provides extended DDoS attack protection for the following 3 services:

A

EC2, ELB, CloudFront

16
Q

A company runs an application on a fleet of EC2 instances. The company wants to automate the traditional maintenance like running assessments and checking for OS vulnerabilities.

Why is GuardDuty NOT an applicable service for this hypothetical? What is ideal for this?

A

GuardDuty is designed for account-level threat detection, not instance-level maintenance like checking OS vulnerabilities on EC2 instances. Its broader, analyzing account activity rather than specific instances.

Inspector is ideal here.

CLF-C02 (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions