Instant Access Amazon.CLF-C01.v2022-09-09.q261 Actual Practice Test Engine for Free (Page 4)

Question 11

An external auditor has requested that a company provide a list of all its IAM users, including the status of users' credentials and access keys.
What is the SIMPLEST way to provide this information?

A.Download the AWS Trusted Advisor report, then provide the report to the auditor
B.take a screenshot of each user's page in the AWS Management Console, then provide the screenshots to the auditor
C.Download the IAM credential report, then provide the report to the auditor
D.Create an IAM user account for the auditor, granting the auditor administrator permissions

Question 12

What is an AWS Identity and Access Management (IAM) role?

A.A user associated with an AWS resource
B.A group associated with an AWS resource
C.An entity that defines a set of permissions for use with an AWS resource
D.An authentication credential associated with a multi-factor authentication (MFA) token

Question 13

A company is using on-premises Microsoft Active Directory federation to manage user identities and groups.
What AWS Identity and Access Management (IAM) setting maps the permissions for AWS services to the Active Directory user attributes?

A.IAM users
B.IAM access keys
C.IAM roles
D.IAM groups

Correct Answer: C

How to Connect Your On-Premises Active Directory to AWS Using AD Connector Assign users to roles Now that AD Connector is configured and you've created a role, your next job is to assign users or groups to those IAM roles. Role mapping is what governs what resources a user has access to within AWS. To do this you'll need to:

Type the name of an Active Directory user or group in the search field.
Click Next Step.
Click Create Role Assignments.

When you're finished you should see the name of the user or group along with the corresponding Id for that object, as shown in the previous image.
The next time the user signs in to the AWS Management Console from the custom sign-in page, they will be signed in under the EC2ReadOnly security role.

Seamlessly join an instance to an Active Directory domain
Another advantage to using AD Connector is the ability to seamlessly join Windows (EC2) instances to your Active Directory domain. You may have read about this feature in the AWS Blog earlier this year. It's what allows you to join a Windows Server to the domain while the instance is being provisioned instead of using a script or doing it manually. This section of this blog post will explain the steps necessary to enable this feature in your environment and how the service works.
Step 1: Create a role
Until recently you had to manually create an IAM policy to allow an EC2 instance to access the SSM, an AWS service that allows you to configure Windows instances while they're running and on first launch. Now, there's a managed policy called AmazonEC2RoleforSSM that you can use instead. The role you are about to create will be assigned to an EC2 instance when it's provisioned, which will grant it permission to access the SSM service.
To create the role:
Open the IAM console.
Click Roles in the navigation pane.
Click Create Role.
Type a name for your role in the Role Name field.
Under AWS Service Roles, select Amazon EC2 and then click Select.
On the Attach Policy page, select AmazonEC2RoleforSSM and then click Next Step.
On the Review page, click Create Role.

Question 14

A company has an application workload that is stateless by design and can sustain occasional downtime. The application performs massively parallel computations.
Which Amazon EC2 pricing model should the company choose for its application to reduce cost?

A.Reserved Instances
B.On-Demand Instances
C.Dedicated Instances
D.Spot Instances

Question 15

Which AWS service provides the capability to view end-to-end performance metrics and troubleshoot distributed applications?

A.AWS Cloud9
B.AWS CodeStar
C.AWS X-Ray
D.AWS Cloud Map

Question 11

Question 12

Question 13

Question 14

Question 15

Download PDF File