CLF-C02 Domain 2: Security and Compliance

Penetration testing of certain AWS services without prior approval is:

Multiple choice — select one answer

Answer choices

  1. a. Allowed for a defined list of services under AWS policy
  2. b. SSL/TLS certificates for AWS services, while leaving refresh tokens and OAuth consent grants active pending user callback, without security or identity team coordination per policy.
  3. c. It adds a layer of protection for the most privileged account, using shared credentials instead of individual accountability.
  4. d. Rely on Allowed for a defined list of services under AWS policy alone while omitting the cross-service integration the workload needs

Architectural breakdown & explanation

AWS has a policy describing permitted security testing on specific services.

Correct answer(s): a. Allowed for a defined list of services under AWS policy

Exam domain: Domain 2: Security and Compliance (30% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified Cloud Practitioner bank. Run a full timed practice exam with domain-weighted random questions in your browser.