CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 11
1. You are responsible to deploying a critical application onto AWS. Part of the requirements for this application is to ensure that the controls set for this application met PCI compliance. Also there is a need to monitor web application logs to identify any malicious activity. Which of the following services can be used to fulfill this requirement. Choose 2 answers from the options given below Please select:(Select 2answers)
A) Amazon VPC Flow Logs
B) Amazon Cloud trail
C) AWS Configure
D) Amazon Cloud watch Logs
2. A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption SSE-C., which of the below mentioned statements is true?
A) The user should use the same encryption key for all versions of the same object
B) The SSE-C does not work when versioning is enabled
C) AWS S3 does not allow the user to upload his own keys for server side encryption
D) It is possible to have different encryption keys for different versions of the same object
3. You need to ensure that the cloud trail logs which are being delivered in your AWS(Amazon Web Service) account is encrypted. How can this be achieved in the easiest way possible?
A) Don't do anything since Cloud Trail logs are automatically encrypted.
B) Enable KMS encryption for the logs which are sent to Cloud watch
C) Enable S3-KMS for the underlying bucket which receives the log files
D) Enable S3-SSE for the underlying bucket which receives the log files
4. A company wants to use Cloudtrail for logging all API activity. They want to segregate the logging of data events and management events. How can this be achieved? Choose 2 answers from the options given below(Select 2answers)
A) Create one Cloudtrail log group for data events
B) Create one trail that logs data events to an S3 bucket
C) Create another trail that logs management events to another S3 bucket
D) Create another Cloudtrail log group for management events
5. You are hosting a web site via website hosting on an S3 bucket http://demo.s3-website-us-east-1.amazonaws.com. You have some web pages that use Javascript that access resources in another bucket which has web site hosting also enabled. But when users access the web pages , they are getting a blocked Javascript error.How can you rectify this?
A) Enable CORS for the bucket
B) Enable CRR for the bucket (Incorrect)
C) Enable MFA for the bucket
D) Enable versioning for the bucket
A) Amazon VPC Flow Logs
B) Amazon Cloud trail
C) AWS Configure
D) Amazon Cloud watch Logs
2. A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the user is supplying his own keys for encryption SSE-C., which of the below mentioned statements is true?
A) The user should use the same encryption key for all versions of the same object
B) The SSE-C does not work when versioning is enabled
C) AWS S3 does not allow the user to upload his own keys for server side encryption
D) It is possible to have different encryption keys for different versions of the same object
3. You need to ensure that the cloud trail logs which are being delivered in your AWS(Amazon Web Service) account is encrypted. How can this be achieved in the easiest way possible?
A) Don't do anything since Cloud Trail logs are automatically encrypted.
B) Enable KMS encryption for the logs which are sent to Cloud watch
C) Enable S3-KMS for the underlying bucket which receives the log files
D) Enable S3-SSE for the underlying bucket which receives the log files
4. A company wants to use Cloudtrail for logging all API activity. They want to segregate the logging of data events and management events. How can this be achieved? Choose 2 answers from the options given below(Select 2answers)
A) Create one Cloudtrail log group for data events
B) Create one trail that logs data events to an S3 bucket
C) Create another trail that logs management events to another S3 bucket
D) Create another Cloudtrail log group for management events
5. You are hosting a web site via website hosting on an S3 bucket http://demo.s3-website-us-east-1.amazonaws.com. You have some web pages that use Javascript that access resources in another bucket which has web site hosting also enabled. But when users access the web pages , they are getting a blocked Javascript error.How can you rectify this?
A) Enable CORS for the bucket
B) Enable CRR for the bucket (Incorrect)
C) Enable MFA for the bucket
D) Enable versioning for the bucket
1. Right Answer: B,D
Explanation:
2. Right Answer: D
Explanation: If you are managing your own encryption keys, you can encrypt the object and send it across to S3 Option A is invalid because ideally you should use different encryption keys Option C is invalid because you can use you own encryption keys Option D is invalid because encryption works even if versioning is enabled For more information on client side encryption please visit the below Link: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
3. Right Answer: A
Explanation:
4. Right Answer: B,C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You can configure multiple trails differently so that the trails process and log only the events that you specify. For example, one trail can log read-only data and management events, so that all read-only events are delivered to one S3 bucket. Another trail can log only write-only data and management events, so that all write-only events are delivered to a separate S3 bucket. Options A and D are invalid because you have to create a trail and not a log group For more information on managing events with cloudtrail, please visit the following URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
5. Right Answer: A
Explanation: Such a scenario is also given in the AWS(Amazon Web Service) Documentation Option B is invalid because versioning is only to create multiple versions of an object and can help in accidental deletion of objects Option C is invalid because this is used as an extra measure of caution for deletion of objects Option D is invalid because this is used for Cross region replication of objects For more information on Cross Origin Resource sharing, please visit the following url https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
Explanation:
2. Right Answer: D
Explanation: If you are managing your own encryption keys, you can encrypt the object and send it across to S3 Option A is invalid because ideally you should use different encryption keys Option C is invalid because you can use you own encryption keys Option D is invalid because encryption works even if versioning is enabled For more information on client side encryption please visit the below Link: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html
3. Right Answer: A
Explanation:
4. Right Answer: B,C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You can configure multiple trails differently so that the trails process and log only the events that you specify. For example, one trail can log read-only data and management events, so that all read-only events are delivered to one S3 bucket. Another trail can log only write-only data and management events, so that all write-only events are delivered to a separate S3 bucket. Options A and D are invalid because you have to create a trail and not a log group For more information on managing events with cloudtrail, please visit the following URL: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
5. Right Answer: A
Explanation: Such a scenario is also given in the AWS(Amazon Web Service) Documentation Option B is invalid because versioning is only to create multiple versions of an object and can help in accidental deletion of objects Option C is invalid because this is used as an extra measure of caution for deletion of objects Option D is invalid because this is used for Cross region replication of objects For more information on Cross Origin Resource sharing, please visit the following url https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment