CLF-C02 Which Command Should the Administrator Use Practice Questions

Explanation: This scenario illustrates the 'on-demand self-service' characteristic, one of the five essential attributes defined by NIST (National Institute of Standards and Technology) for cloud computing. On-demand self-service allows users to provision and manage computing resources (such as virtual machines, storage, or databases) automatically, without requiring human interaction with the service provider. AWS enables this through the Management Console, CLI, SDKs, and APIs, giving developers immediate access to resources when needed. The absence of manual approval or procurement delays is the key feature. The other options represent other core cloud characteristics: broad network access (access from various client devices), resource pooling (multi-tenancy and location independence), and rapid elasticity (automatic scaling based on demand).

Explanation: On-demand self-service is one of the five essential characteristics defined by NIST. It allows users to provision computing resources (like EC2 instances, storage, databases) automatically, without requiring human interaction from the service provider. In this scenario, the developer directly provisions the test environment through the AWS Management Console without needing approval or assistance from the IT team, which directly demonstrates on-demand self-service. Resource pooling refers to multi-tenant sharing of resources. Measured service refers to metering usage for billing and optimization. Rapid elasticity refers to the ability to scale resources up or down quickly. While these are also essential characteristics, the scenario specifically highlights the lack of human interaction required to obtain resources.

Explanation: AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides managed rules that can automatically check resource configurations against desired policies. The 'iam-user-mfa-enabled' managed rule checks whether IAM users have MFA enabled. AWS Config can also trigger Amazon Simple Notification Service (SNS) notifications when resources become non-compliant. This makes AWS Config the correct choice for continuously monitoring and alerting on MFA compliance. AWS CloudTrail records API activity but does not evaluate compliance against rules. Amazon GuardDuty is a threat detection service that monitors for malicious behavior, not configuration compliance. AWS Trusted Advisor provides best practice checks and recommendations, including MFA for the root account, but it does not provide automated continuous evaluation of all IAM users or event-driven notifications for new non-compliant users.

Explanation: Amazon S3 Transfer Acceleration (TA) is designed to speed up uploads to S3 by using AWS edge locations and optimized network paths. When enabled on a bucket, clients can upload to a distinct URL that routes traffic through edge locations over the AWS backbone network. This reduces latency and improves throughput for geographically dispersed users. Amazon CloudFront is for caching and delivering content, not for accelerating uploads. AWS Global Accelerator improves TCP/UDP traffic for applications like web servers but is not directly integrated with S3 bucket uploads. S3 cross-region replication is an asynchronous copy mechanism for durability or compliance, not for upload acceleration.

Explanation: Amazon S3 Lifecycle policies allow you to define rules that automatically transition objects between storage classes based on the object's age. In this scenario, logs can be stored in S3 Standard for the first 30 days, then transitioned to S3 Standard-IA (Infrequent Access) for the next 60 days, and finally to S3 Glacier Instant Retrieval for the remaining retention period. This approach optimizes costs while ensuring objects are still retrievable within minutes when needed. S3 Object Lock (A) is used for write-once-read-many (WORM) compliance, not for cost optimization. S3 Transfer Acceleration (C) speeds up uploads over long distances. S3 Replication (D) copies objects across buckets, but does not automatically change storage classes over time.