CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 13
1. You have a bucket and a VPC defined in AWS. You need to ensure that the bucket can only be accessed by the VPC endpoint. How can you accomplish this?
A) Modify the bucket Policy for the bucket to allow access for the VPC endpoint
B) Modify the route tables to allow access for the VPC endpoint
C) Modify the security groups for the VPC to allow access to the S3 bucket
D) Modify the IAM Policy for the bucket to allow access for the VPC endpoint
2. You have an EBS volume attached to an EC2 Instance which uses KMS for Encryption. Someone has now gone ahead and deleted the Customer Key which was used for the EBS encryption. What should be done to ensure the data can be decrypted?
A) Request AWS(Amazon Web Service) Support to recover the key
B) Create a new Customer Key using KMS and attach it to the existing volume
C) . Use AWS(Amazon Web Service) Configure to recover the key
D) Copy the data from the EBS volume before detaching it from the Instance
3. A company has been using the AWS(Amazon Web Service) KMS service for managing its keys. They are planning on carrying out housekeeping activities and deleting keys which are no longer in use. What are the ways that can be incorporated to see which keys are in use? Choose 2 answers from the options given below(Select 2answers)
A) See who is assigned permissions to the master key
B) Determine the age of the master key
C) Use AWS(Amazon Web Service) cloudwatch events for events generated for the key
D) See Cloudtrail for usage of the key
4. You have a requirement to conduct penetration testing on the AWS(Amazon Web Service) Cloud for a couple of EC2 Instances. Ho. could you go about doing this? Choose 2 right answers from the options given below. Please select:(Select 2answers)
A) Work with an AWS(Amazon Web Service) partner and no need for prior approval request from AWS
B) Get prior approval from AWS(Amazon Web Service) for conducting the test
C) Use a pre-approved penetration testing tool.
D) Choose any of the AWS(Amazon Web Service) instance type
5. Your company is planning on AWS(Amazon Web Service) on hosting its AWS(Amazon Web Service) resources. There is a company policy which mandates that all security keys are completed managed within the company itself. Which of the following is the correct measure of following this policy?
A) Generating the key pairs for the EC2 Instances using puttygen
B) Use the EC2 Key pairs that come with AWS
C) Using the AWS(Amazon Web Service) KMS service for creation of the keys and the company managing the key lifecycle thereafter.
D) Use S3 server-side encryption
A) Modify the bucket Policy for the bucket to allow access for the VPC endpoint
B) Modify the route tables to allow access for the VPC endpoint
C) Modify the security groups for the VPC to allow access to the S3 bucket
D) Modify the IAM Policy for the bucket to allow access for the VPC endpoint
2. You have an EBS volume attached to an EC2 Instance which uses KMS for Encryption. Someone has now gone ahead and deleted the Customer Key which was used for the EBS encryption. What should be done to ensure the data can be decrypted?
A) Request AWS(Amazon Web Service) Support to recover the key
B) Create a new Customer Key using KMS and attach it to the existing volume
C) . Use AWS(Amazon Web Service) Configure to recover the key
D) Copy the data from the EBS volume before detaching it from the Instance
3. A company has been using the AWS(Amazon Web Service) KMS service for managing its keys. They are planning on carrying out housekeeping activities and deleting keys which are no longer in use. What are the ways that can be incorporated to see which keys are in use? Choose 2 answers from the options given below(Select 2answers)
A) See who is assigned permissions to the master key
B) Determine the age of the master key
C) Use AWS(Amazon Web Service) cloudwatch events for events generated for the key
D) See Cloudtrail for usage of the key
4. You have a requirement to conduct penetration testing on the AWS(Amazon Web Service) Cloud for a couple of EC2 Instances. Ho. could you go about doing this? Choose 2 right answers from the options given below. Please select:(Select 2answers)
A) Work with an AWS(Amazon Web Service) partner and no need for prior approval request from AWS
B) Get prior approval from AWS(Amazon Web Service) for conducting the test
C) Use a pre-approved penetration testing tool.
D) Choose any of the AWS(Amazon Web Service) instance type
5. Your company is planning on AWS(Amazon Web Service) on hosting its AWS(Amazon Web Service) resources. There is a company policy which mandates that all security keys are completed managed within the company itself. Which of the following is the correct measure of following this policy?
A) Generating the key pairs for the EC2 Instances using puttygen
B) Use the EC2 Key pairs that come with AWS
C) Using the AWS(Amazon Web Service) KMS service for creation of the keys and the company managing the key lifecycle thereafter.
D) Use S3 server-side encryption
1. Right Answer: A
Explanation: This is mentioned in the AWS(Amazon Web Service) Documentation Options A and B are incorrect because using Security Groups nor route tables will help to allow access specifically for that bucket via the VPC endpoint. Here you specifically need to ensure the bucket policy is changed. Option C is incorrect because it is the bucket policy that needs to be changed and not the IAM policy. For more information on example bucket policies for VPC endpoints, please refer to below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html
2. Right Answer: D
Explanation:
3. Right Answer: A,D
Explanation: The direct ways that can be used to see how the key is being used is to see the current access permissions and cloudtrail logs Option A is invalid because seeing how long ago the key was created would not determine the usage of the key Option D is invalid because Cloudtrail is better for seeing for events generated by the key This is also mentioned in the AWS(Amazon Web Service) Documentation For more information on determining the usage of CMK keys, please visit the following URL: https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html
4. Right Answer: B,C
Explanation:
5. Right Answer: A
Explanation: By ensuring that you generate the key pairs for EC2 Instances, you will have complete control of the access keys. Options A,C and D are invalid because all of these processes means that AWS(Amazon Web Service) has ownership of the keys. And the question specifically mentions that you need ownership of the keys For information on security for Compute Resources, please visit the below URL: https://d1.awsstatic.com/whitepapers/Security/Security_Compute_Services_Whitepaper.pdf
Explanation: This is mentioned in the AWS(Amazon Web Service) Documentation Options A and B are incorrect because using Security Groups nor route tables will help to allow access specifically for that bucket via the VPC endpoint. Here you specifically need to ensure the bucket policy is changed. Option C is incorrect because it is the bucket policy that needs to be changed and not the IAM policy. For more information on example bucket policies for VPC endpoints, please refer to below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html
2. Right Answer: D
Explanation:
3. Right Answer: A,D
Explanation: The direct ways that can be used to see how the key is being used is to see the current access permissions and cloudtrail logs Option A is invalid because seeing how long ago the key was created would not determine the usage of the key Option D is invalid because Cloudtrail is better for seeing for events generated by the key This is also mentioned in the AWS(Amazon Web Service) Documentation For more information on determining the usage of CMK keys, please visit the following URL: https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys-determining-usage.html
4. Right Answer: B,C
Explanation:
5. Right Answer: A
Explanation: By ensuring that you generate the key pairs for EC2 Instances, you will have complete control of the access keys. Options A,C and D are invalid because all of these processes means that AWS(Amazon Web Service) has ownership of the keys. And the question specifically mentions that you need ownership of the keys For information on security for Compute Resources, please visit the below URL: https://d1.awsstatic.com/whitepapers/Security/Security_Compute_Services_Whitepaper.pdf
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment