CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 12
1. You need to have a cloud security device which would allow to generate encryption keys based on FIPS 140-2 Level 3. select Which of the following can be used for this purpose. ?
A) AWS Customer Keys
B) AWS Cloud HSM
C) AWS KMS
D) AWS managed keys
2. You are designing a custom IAM policy that would allow uses to list buckets in S3 only if they are MFA authenticated. Which of the following would best match this requirement?
A) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'Bool': {'aws:MultiFactorAuthPresent':false} } } }
B) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'aws:MultiFactorAuthPresent':false } } }
C) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'aws:MultiFactorAuthPresent':true } } }
D) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'Bool': {'aws:MultiFactorAuthPresent': true} } } }
3. You want to track access requests for a particular S3 bucket. How can you achieve this in the easiest possible way?
A) Enable Cloudwatch metrics for the bucket
B) Enable AWS(Amazon Web Service) Config for the S3 bucket
C) Enable server access logging for the bucket
D) Enable Cloudwatch logs for the bucket
4. You are planning to use AWS(Amazon Web Service) Config to check the configuration of the resources in your AWS(Amazon Web Service) account. You are planning on using an existing IAM role and using it for the AWS(Amazon Web Service) Config resource. Which of the following is required to ensure the AWS(Amazon Web Service) config service can work as required?
A) Ensure that there is a grant policy in place for the AWS(Amazon Web Service) Config service within the role
B) Ensure that there is a trust policy in place for the AWS(Amazon Web Service) Config service within the role
C) Ensure that there is a user policy in place for the AWS(Amazon Web Service) Config service within the role
D) Ensure that there is a group policy in place for the AWS(Amazon Web Service) Config service within the role
5. You are trying to use the Systems Manager to patch a set of EC2 systems. Some of the systems are not getting covered in the patching process. Which of the following can be used to troubleshoot the issue? Choose 3 answers from the options given below. Please select:(Select 3answers)
A) Check to see If the AM user has the right permissions for EC2
B) Check to see if the right role has been assigned to the EC2 Instances
C) Ensure that agent is running on the Instances.
D) Check the Instance status by using the Health API.
A) AWS Customer Keys
B) AWS Cloud HSM
C) AWS KMS
D) AWS managed keys
2. You are designing a custom IAM policy that would allow uses to list buckets in S3 only if they are MFA authenticated. Which of the following would best match this requirement?
A) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'Bool': {'aws:MultiFactorAuthPresent':false} } } }
B) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'aws:MultiFactorAuthPresent':false } } }
C) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'aws:MultiFactorAuthPresent':true } } }
D) { 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' ], 'Resource': 'Resource': 'arn:aws:s3:::*', 'Condition': { 'Bool': {'aws:MultiFactorAuthPresent': true} } } }
3. You want to track access requests for a particular S3 bucket. How can you achieve this in the easiest possible way?
A) Enable Cloudwatch metrics for the bucket
B) Enable AWS(Amazon Web Service) Config for the S3 bucket
C) Enable server access logging for the bucket
D) Enable Cloudwatch logs for the bucket
4. You are planning to use AWS(Amazon Web Service) Config to check the configuration of the resources in your AWS(Amazon Web Service) account. You are planning on using an existing IAM role and using it for the AWS(Amazon Web Service) Config resource. Which of the following is required to ensure the AWS(Amazon Web Service) config service can work as required?
A) Ensure that there is a grant policy in place for the AWS(Amazon Web Service) Config service within the role
B) Ensure that there is a trust policy in place for the AWS(Amazon Web Service) Config service within the role
C) Ensure that there is a user policy in place for the AWS(Amazon Web Service) Config service within the role
D) Ensure that there is a group policy in place for the AWS(Amazon Web Service) Config service within the role
5. You are trying to use the Systems Manager to patch a set of EC2 systems. Some of the systems are not getting covered in the patching process. Which of the following can be used to troubleshoot the issue? Choose 3 answers from the options given below. Please select:(Select 3answers)
A) Check to see If the AM user has the right permissions for EC2
B) Check to see if the right role has been assigned to the EC2 Instances
C) Ensure that agent is running on the Instances.
D) Check the Instance status by using the Health API.
1. Right Answer: D
Explanation:
2. Right Answer: D
Explanation: The Condition clause can be used to ensure users can only work with resources if they are MFA authenticated. Option B and C are wrong since the aws:MultiFactorAuthPresent clause should be marked as true. Here you are saying that only if the user has been MFA activated , that means it is true , then allow access. Option D is invalid because the 'bool clause is missing in the evaluation for the condition clause. For more information on an example on such a policy, please visit the following url https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_mfa-dates.html
3. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Options B and C are incorrect Cloudwatch is used for metrics and logging and cannot be used to track access requests. Option D is incorrect since this can be used for Configuration management but for not for tracking S3 bucket requests. For more information on S3 server logs, please refer to below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
4. Right Answer: B
Explanation: You need to ensure that there is a trust policy in place for the AWS(Amazon Web Service) Config service as shown below { 'Version': '2012-10-17', 'Statement': [ { 'Sid': '', 'Effect': 'Allow', 'Principal': { 'Service': 'config.amazonaws.com' }, 'Action': 'sts:AssumeRole' } ] } Options B,C and D are invalid because you need to ensure a trust policy is in place and not a grant, user or group policy For more information on the IAM role permissions please visit the below Link: https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html
5. Right Answer: A,B,C
Explanation:
Explanation:
2. Right Answer: D
Explanation: The Condition clause can be used to ensure users can only work with resources if they are MFA authenticated. Option B and C are wrong since the aws:MultiFactorAuthPresent clause should be marked as true. Here you are saying that only if the user has been MFA activated , that means it is true , then allow access. Option D is invalid because the 'bool clause is missing in the evaluation for the condition clause. For more information on an example on such a policy, please visit the following url https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_mfa-dates.html
3. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following To track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Options B and C are incorrect Cloudwatch is used for metrics and logging and cannot be used to track access requests. Option D is incorrect since this can be used for Configuration management but for not for tracking S3 bucket requests. For more information on S3 server logs, please refer to below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html
4. Right Answer: B
Explanation: You need to ensure that there is a trust policy in place for the AWS(Amazon Web Service) Config service as shown below { 'Version': '2012-10-17', 'Statement': [ { 'Sid': '', 'Effect': 'Allow', 'Principal': { 'Service': 'config.amazonaws.com' }, 'Action': 'sts:AssumeRole' } ] } Options B,C and D are invalid because you need to ensure a trust policy is in place and not a grant, user or group policy For more information on the IAM role permissions please visit the below Link: https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html
5. Right Answer: A,B,C
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment