Free AWS Cloud Practitioner CLF-C02 Actual Exam Questions – Edition - Question 7 Discussion
Elastic
Load Balancers in a way that is approved by AWS?
Option C makes sense since AWS lets you do penetration tests on these resources if you stick to their approved process, which covers EC2, NAT gateways, and ELBs specifically.
Probably C since AWS permits penetration testing if you follow their rules exactly.
C imo. While Amazon Inspector is great for EC2, it doesn’t fully cover NAT gateways and ELBs security assessments. AWS does allow penetration testing on many services, including those, but only if you follow their guidelines and get approval first. So performing penetration testing (C) with AWS’s approval is the way to go for a comprehensive security check. Options A and D don’t really fit since flooding requests isn’t allowed and the dashboard just reports status, not security.
D imo, because the AWS Service Health Dashboard just shows status info, not security assessments. So it’s not really a way to conduct approved security checks on those resources.
B/C? Penetration testing (C) might seem like a good choice since it’s a way to test security, but AWS has restrictions and usually requires prior approval before doing pen tests. Amazon Inspector (B) is built specifically for automated security assessments and has AWS approval, so it’s the safer bet. The others don’t really fit—A is basically an attack, and D just shows AWS health status, nothing to do with security checks on your resources. So between B and C, B feels more straightforward and compliant.
B. Amazon Inspector is definitely the safest and AWS-approved tool for this kind of security assessment. Option A, flooding a target, is basically a DDoS attack and obviously not allowed. Option C, penetration testing, is only permitted if you follow AWS’s strict guidelines and get prior approval for certain services—otherwise, it could violate terms. D doesn’t really fit since the Service Health Dashboard just shows service status, not security assessments. So B makes the most sense here as the officially supported way.
Option B is the go-to, since Amazon Inspector is designed for approved assessments. A sounds like a risky trap and