CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 14
1. An application running on EC2 instances processes sensitive information stored on Amazon 53. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?
A) Access the data through an Internet Gateway.
B) Access the data through a VPC endpoint for Amazon 53
C) Access the data through a NAT Gateway
D) Access the data through a VPN connection.
2. An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS(Amazon Web Service) account. The company has multiple AWS(Amazon Web Service) accounts, and the auditor needs access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs from all accounts? Choose the correct answer from the options below
A) Configure the CloudTrail service in each AWS(Amazon Web Service) account and have the logs delivered to a single AWS(Amazon Web Service) bucket in the primary account and grant the auditor access to that single bucket in the primary account.
B) Configure the CloudTrail service in each AWS(Amazon Web Service) account, and have the logs delivered to an AWS(Amazon Web Service) bucket on each account, while granting the auditor permissions to the bucket via roles in the secondary accounts and a single primary IAM account that can assume a read-only role in the secondary AWS(Amazon Web Service) accounts.
C) Configure the CloudTrail service in the primary AWS(Amazon Web Service) account and configure consolidated billing for all the secondary accounts. Then grant the auditor access to the S3 bucket that receives the CloudTrail log files.
D) Configure the CloudTrail service in each AWS(Amazon Web Service) account and enable consolidated logging inside of CloudTrail.
3. Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company's AWS(Amazon Web Service) Account. Which would be the easiest way to ensure these vulnerabilities are remediated?
A) Use AWS(Amazon Web Service) Systems Manager to patch the servers
B) Use AWS(Amazon Web Service) CLI commands to download the updates and patch the servers.
C) Use AWS(Amazon Web Service) Inspector to patch the servers
D) Create AWS(Amazon Web Service) Lambda functions to download the updates and patch the servers.
4. Your company has just started using AWS(Amazon Web Service) and created an AWS(Amazon Web Service) account. They are aware of the potential issues when root access is enabled. How can they best safeguard the account when it comes to root access? Choose 2 answers from the options given below(Select 2answers)
A) Change the password for the root account.
B) Create an Admin IAM user with the necessary permissions
C) Delete the root access account
D) Delete the root access keys
5. You need to create a linux EC2 instance in AWS. Which of the following steps is used to ensure secure authentication to the EC2 Instance from a windows machine. Choose 2 answers from the options given below?(Select 2answers)
A) Ensure the password is passed securely using SSL
B) Ensure to create a strong password for logging into the EC2 Instance
C) Create a key pair using putty
D) Use the private key to log into the instance
A) Access the data through an Internet Gateway.
B) Access the data through a VPC endpoint for Amazon 53
C) Access the data through a NAT Gateway
D) Access the data through a VPN connection.
2. An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS(Amazon Web Service) account. The company has multiple AWS(Amazon Web Service) accounts, and the auditor needs access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs from all accounts? Choose the correct answer from the options below
A) Configure the CloudTrail service in each AWS(Amazon Web Service) account and have the logs delivered to a single AWS(Amazon Web Service) bucket in the primary account and grant the auditor access to that single bucket in the primary account.
B) Configure the CloudTrail service in each AWS(Amazon Web Service) account, and have the logs delivered to an AWS(Amazon Web Service) bucket on each account, while granting the auditor permissions to the bucket via roles in the secondary accounts and a single primary IAM account that can assume a read-only role in the secondary AWS(Amazon Web Service) accounts.
C) Configure the CloudTrail service in the primary AWS(Amazon Web Service) account and configure consolidated billing for all the secondary accounts. Then grant the auditor access to the S3 bucket that receives the CloudTrail log files.
D) Configure the CloudTrail service in each AWS(Amazon Web Service) account and enable consolidated logging inside of CloudTrail.
3. Your IT Security team has identified a number of vulnerabilities across critical EC2 Instances in the company's AWS(Amazon Web Service) Account. Which would be the easiest way to ensure these vulnerabilities are remediated?
A) Use AWS(Amazon Web Service) Systems Manager to patch the servers
B) Use AWS(Amazon Web Service) CLI commands to download the updates and patch the servers.
C) Use AWS(Amazon Web Service) Inspector to patch the servers
D) Create AWS(Amazon Web Service) Lambda functions to download the updates and patch the servers.
4. Your company has just started using AWS(Amazon Web Service) and created an AWS(Amazon Web Service) account. They are aware of the potential issues when root access is enabled. How can they best safeguard the account when it comes to root access? Choose 2 answers from the options given below(Select 2answers)
A) Change the password for the root account.
B) Create an Admin IAM user with the necessary permissions
C) Delete the root access account
D) Delete the root access keys
5. You need to create a linux EC2 instance in AWS. Which of the following steps is used to ensure secure authentication to the EC2 Instance from a windows machine. Choose 2 answers from the options given below?(Select 2answers)
A) Ensure the password is passed securely using SSL
B) Ensure to create a strong password for logging into the EC2 Instance
C) Create a key pair using putty
D) Use the private key to log into the instance
1. Right Answer: B
Explanation:
2. Right Answer: A
Explanation: Given the current requirements, assume the method of 'least privilege' security design and only allow the auditor access to the minimum amount of AWS(Amazon Web Service) resources as possible. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS(Amazon Web Service) account. With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS(Amazon Web Service) infrastructure. CloudTrail provides a history of AWS(Amazon Web Service) API calls for your account, including API calls made through the AWS(Amazon Web Service) Management Console, AWS(Amazon Web Service) SDKs, command line tools, and other AWS(Amazon Web Service) services. This history simplifies security analysis, resource change tracking, and troubleshooting Option A is incorrect since the auditor should only be granted access in one location Option B is incorrect since consolidated billing is not a key requirement as part of the question Option C is incorrect since there is not consolidated logging For more information on Cloudtrail please refer to the below url https://aws.amazon.com/cloudtrail/
3. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You can quickly remediate patch and association compliance issues by using Systems Manager Run Command. You can target either instance IDs or Amazon EC2 tags and execute the AWS-RefreshAssociation document or the AWS-RunPatchBaseline document. If refreshing the association or re-running the patch baseline fails to resolve the compliance issue, then you need to investigate your associations, patch baselines, or instance configurations to understand why the Run Command executions did not resolve the problem Options A and B are invalid because even though this is possible , still from a maintenance perspective it would be difficult to maintain the Lambda functions Option C is invalid because this service cannot be used to patch servers For more information on using Systems Manager for compliance remediation please visit the below Link: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-fixing.html
4. Right Answer: B,D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following All AWS(Amazon Web Service) accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. Because you can't restrict permissions for root user credentials, we recommend that you delete your root user access keys. Then create AWS(Amazon Web Service) Identity and Access Management (IAM) user credentials for everyday interaction with AWS. Option A is incorrect since you cannot delete the root access account. Option C is partially correct but cannot be used as the ideal solution for safeguarding the account For more information on root access vs admin IAM users, please refer to below URL https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html
5. Right Answer: B,D
Explanation:
Explanation:
2. Right Answer: A
Explanation: Given the current requirements, assume the method of 'least privilege' security design and only allow the auditor access to the minimum amount of AWS(Amazon Web Service) resources as possible. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS(Amazon Web Service) account. With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS(Amazon Web Service) infrastructure. CloudTrail provides a history of AWS(Amazon Web Service) API calls for your account, including API calls made through the AWS(Amazon Web Service) Management Console, AWS(Amazon Web Service) SDKs, command line tools, and other AWS(Amazon Web Service) services. This history simplifies security analysis, resource change tracking, and troubleshooting Option A is incorrect since the auditor should only be granted access in one location Option B is incorrect since consolidated billing is not a key requirement as part of the question Option C is incorrect since there is not consolidated logging For more information on Cloudtrail please refer to the below url https://aws.amazon.com/cloudtrail/
3. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You can quickly remediate patch and association compliance issues by using Systems Manager Run Command. You can target either instance IDs or Amazon EC2 tags and execute the AWS-RefreshAssociation document or the AWS-RunPatchBaseline document. If refreshing the association or re-running the patch baseline fails to resolve the compliance issue, then you need to investigate your associations, patch baselines, or instance configurations to understand why the Run Command executions did not resolve the problem Options A and B are invalid because even though this is possible , still from a maintenance perspective it would be difficult to maintain the Lambda functions Option C is invalid because this service cannot be used to patch servers For more information on using Systems Manager for compliance remediation please visit the below Link: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-compliance-fixing.html
4. Right Answer: B,D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following All AWS(Amazon Web Service) accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. Because you can't restrict permissions for root user credentials, we recommend that you delete your root user access keys. Then create AWS(Amazon Web Service) Identity and Access Management (IAM) user credentials for everyday interaction with AWS. Option A is incorrect since you cannot delete the root access account. Option C is partially correct but cannot be used as the ideal solution for safeguarding the account For more information on root access vs admin IAM users, please refer to below URL https://docs.aws.amazon.com/general/latest/gr/root-vs-iam.html
5. Right Answer: B,D
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment