Amazon CLF-C02 Exam

AWS WAF is a web application firewall service that helps protect web applications from common web exploits that could affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.You can use AWS WAF to create rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define1.AWS WAF also integrates with other AWS services, such as Amazon CloudFront, Amazon API Gateway, AWS AppSync, and AWS Load Balancer, to provide a comprehensive defense against web attacks2. Therefore, AWS WAF meets the requirements of the social media company, compared to the other options.

The other options are not suitable for the social media company's requirements, because:

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.However, Amazon Inspector does not provide a web application firewall service that can block malicious web requests3.

Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in Amazon S3. Amazon GuardDuty analyzes and processes the following data sources: VPC Flow Logs, AWS CloudTrail event logs, and DNS logs.However, Amazon GuardDuty does not provide a web application firewall service that can block malicious web requests4.

Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. Amazon CloudWatch collects monitoring and operational data in the form of logs, metrics, and events, and visualizes it using automated dashboards, alarms, and notifications. However, Amazon CloudWatch does not provide a web application firewall service that can block malicious web requests.

What Is AWS WAF? - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

AWS WAF Features - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

What Is Amazon Inspector? - Amazon Inspector

What Is Amazon GuardDuty? - Amazon GuardDuty

[What Is Amazon CloudWatch? - Amazon CloudWatch]

The correct answer isBandC. EC2 Amazon Machine Images (AMIs) and Amazon Elastic Block Store (Amazon EBS) snapshots are two AWS services that provide disaster recovery solutions for Amazon EC2 instances.

EC2 AMIsare preconfigured templates that contain the software configuration and data required to launch an EC2 instance. You can create AMIs from your running EC2 instances and use them to launch new instances in the same or different AWS Regions.This way, you can quickly recover your EC2 instances in case of a disaster that affects your primary Region or Availability Zone1.

Amazon EBS snapshotsare incremental backups of your Amazon EBS volumes. You can create snapshots of your volumes and store them in Amazon S3, which is a highly durable and scalable storage service. You can use snapshots to restore your volumes to a previous point in time or to create new volumes from snapshots.Snapshots can also be copied across AWS Regions, enabling you to recover your data in another Region in case of a disaster2.

The other options are not directly related to disaster recovery for EC2 instances:

EC2 Reserved Instancesare a pricing model that allows you to reserve EC2 capacity for a specific period of time and receive a discount on the hourly charge.Reserved Instances do not provide any disaster recovery benefits, as they are only a billing option3.

AWS Shieldis a managed service that protects your AWS resources from distributed denial-of-service (DDoS) attacks. AWS Shield provides basic protection for all AWS customers at no additional charge, and advanced protection for customers who need higher levels of detection and mitigation.AWS Shield does not provide any disaster recovery benefits, as it is only a security service4.

Amazon GuardDutyis a threat detection service that monitors your AWS account and workloads for malicious or unauthorized activity. Amazon GuardDuty analyzes various data sources, such as AWS CloudTrail, Amazon VPC Flow Logs, and DNS logs, to identify potential threats and alert you via Amazon CloudWatch Events or AWS Lambda.Amazon GuardDuty does not provide any disaster recovery benefits, as it is only a monitoring service5.

AWS Trusted Advisor is the service that can meet these requirements. AWS Trusted Advisor is a service that helps you optimize your AWS environment by providing recommendations based on AWS best practices. Trusted Advisor continuously evaluates your AWS resources and services across five categories: cost optimization, performance, service limits, fault tolerance, and security. You can view the recommendations on the Trusted Advisor console or access them programmatically using the Trusted Advisor API. You can also set up notifications and alerts for any changes in the status of your checks.Trusted Advisor can help you improve your AWS environment by reducing costs, enhancing performance, increasing security, and ensuring reliability12. The other services are not designed to provide best practice recommendations in five categories. AWS Shield is a service that protects your AWS resources from distributed denial-of-service (DDoS) attacks. AWS WAF is a service that helps you protect your web applications from common web exploits.AWS Service Catalog is a service that enables you to create and manage catalogs of IT services that are approved for use on AWS34.Reference:AWS Trusted Advisor,Achieve operational excellence with AWS Trusted Advisor,AWS Shield,AWS WAF, [AWS Service Catalog]

AWS Organizations is the AWS service or feature that allows users to create new AWS accounts, group multiple accounts to organize workflows, and apply policies to groups of accounts. AWS Organizations enables users to centrally manage and govern their AWS environment across multiple accounts. Users can create organizational units (OUs) to group accounts based on their business needs, such as by function, project, or region. Users can also apply service control policies (SCPs) to OUs or individual accounts to define the permissions and restrictions for the AWS services and resources that they can access.AWS Organizations also offers features such as consolidated billing, account creation automation, and trusted access12.Reference:

AWS Organizations

What is AWS Organizations?

AWS CloudTrail is a service that provides a record of actions taken by a user, role, or an AWS service in your AWS account. CloudTrail captures all API calls for AWS services as events, including calls from the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services.You can use CloudTrail to monitor, audit, and troubleshoot your AWS account activity34.AWS Trusted Advisor is a service that provides best practices recommendations for cost optimization, performance, security, and fault tolerance in your AWS account5.Amazon Inspector is a service that helps you improve the security and compliance of your applications deployed on AWS by automatically assessing them for vulnerabilities and deviations from best practices6.AWS X-Ray is a service that helps you analyze and debug your applications by collecting data about the requests that your application serves, and providing tools to view, filter, and gain insights into that data7.Reference:Logging AWS Audit Manager API calls with CloudTrail,Logging AWS Account Management API calls using AWS CloudTrail,Review API calls in your AWS account using CloudTrail,Monitor the usage of AWS API calls using Amazon CloudWatch,Which service enables customers to audit API calls in their AWS ...