CLF-C02 Domain 2: Security and Compliance

IAM Access Analyzer helps identify:

Multiple choice — select one answer

Answer choices

  1. a. S3 server-side encryption with KMS or S3-managed keys, using shared credentials instead of individual accountability.
  2. b. Assess, audit, and evaluate configurations of AWS resources
  3. c. Resources shared with external entities
  4. d. Rely on Resources shared with external entities alone while omitting the cross-service integration the workload needs, without security or identity team coordination per policy.

Architectural breakdown & explanation

Access Analyzer finds unintended access from outside your account or organization.

Correct answer(s): c. Resources shared with external entities

Exam domain: Domain 2: Security and Compliance (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Cloud Practitioner bank. Run a full timed practice exam with domain-weighted random questions in your browser.