CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 15
1. A company is using a Red shift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Red shift database. How can this be achieved?
A) Encrypt the EBS volumes of the underlying EC2 Instances
B) Use SSL/TLS for encrypting the data 1?
C) Use AWS(Amazon Web Service) KMS Customer Default master key
D) Use 53 Encryption
2. One of the EC2 Instances in your company has been compromised. What steps would you take to ensure that you could apply digital forensics on the Instance. Select 2 answers from the options given below(Select 2answers)
A) Ensure that the security groups only allow communication to this forensic instance
B) Terminate the instance
C) Remove the role applied to the Ec2 Instance
D) Create a separate forensic instance
3. You work as an administrator for a company. The company hosts a number of resources using AWS. There is an incident of a suspicious API activity which occurred 11 days ago. The Security Admin has asked to get the API activity from that point in time. How can this be achieved?
A) Search the Cloud Watch metrics to find for the suspicious activity which occurred 11 days ago
B) Search the Cloud Watch logs to find for the suspicious activity which occurred 11 days ago
C) Search the Cloudtrail event history on the API events which occurred 11 days ago.
D) Use AWS(Amazon Web Service) Config to get the API calls which were made 11 days ago.
4. You need to have a requirement o store objects in an S3 bucket with a key that is automatically managed and rotated. Which of the following can be used for this purpose?
A) AWS Cloud HSM
B) AWS KMS
C) AWS S3 Server side encryption
D) AWS Customer Keys
5. Your team is designing a web application. The users for this web application would need to sign in via an external ID provider such as face book or Google. Which of the following AWS(Amazon Web Service) service would you use for authentication?
A) AWS Cognito
B) AWS Config
C) CAWS IAM
D) AWS SAML
A) Encrypt the EBS volumes of the underlying EC2 Instances
B) Use SSL/TLS for encrypting the data 1?
C) Use AWS(Amazon Web Service) KMS Customer Default master key
D) Use 53 Encryption
2. One of the EC2 Instances in your company has been compromised. What steps would you take to ensure that you could apply digital forensics on the Instance. Select 2 answers from the options given below(Select 2answers)
A) Ensure that the security groups only allow communication to this forensic instance
B) Terminate the instance
C) Remove the role applied to the Ec2 Instance
D) Create a separate forensic instance
3. You work as an administrator for a company. The company hosts a number of resources using AWS. There is an incident of a suspicious API activity which occurred 11 days ago. The Security Admin has asked to get the API activity from that point in time. How can this be achieved?
A) Search the Cloud Watch metrics to find for the suspicious activity which occurred 11 days ago
B) Search the Cloud Watch logs to find for the suspicious activity which occurred 11 days ago
C) Search the Cloudtrail event history on the API events which occurred 11 days ago.
D) Use AWS(Amazon Web Service) Config to get the API calls which were made 11 days ago.
4. You need to have a requirement o store objects in an S3 bucket with a key that is automatically managed and rotated. Which of the following can be used for this purpose?
A) AWS Cloud HSM
B) AWS KMS
C) AWS S3 Server side encryption
D) AWS Customer Keys
5. Your team is designing a web application. The users for this web application would need to sign in via an external ID provider such as face book or Google. Which of the following AWS(Amazon Web Service) service would you use for authentication?
A) AWS Cognito
B) AWS Config
C) CAWS IAM
D) AWS SAML
1. Right Answer: C
Explanation:
2. Right Answer: A,D
Explanation: Option A is invalid because removing the role will not help completely in such a situation Option D is invalid because terminating the instance means that you cannot conduct forensic analysis on the instance One way to isolate an affected EC2 instance for investigation is to place it in a Security Group that only the forensic investigators can access. Close all ports except to receive inbound SSH or RDP traffic from one single IP address from which the investigators can safely examine the instance. For more information on security scenarios for your EC2 Instance, please refer to below URL https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_11_TSB_Final.pdf
3. Right Answer: C
Explanation: The Cloud Trail event history allows to view events which are recorded for 90 days. So one can use a metric filter to gather the API calls from 11 days ago. Option A and C is invalid because Cloudwatch is used for logging and not for monitoring API activity Option D is invalid because AWS(Amazon Web Service) Config is a configuration service and not for monitoring API activity For more information on AWS(Amazon Web Service) Cloudtrail, please visit the following url https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html
4. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Server-side encryption protects data at rest. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) uses strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data. All other options are invalid since here you need to ensue the keys are manually rotated since you manage the entire key set. Using AWS(Amazon Web Service) S3 Server side encryption , AWS(Amazon Web Service) will manage the rotation of keys automatically. For more information on Server side encryption, please visit the following url https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: A,D
Explanation: Option A is invalid because removing the role will not help completely in such a situation Option D is invalid because terminating the instance means that you cannot conduct forensic analysis on the instance One way to isolate an affected EC2 instance for investigation is to place it in a Security Group that only the forensic investigators can access. Close all ports except to receive inbound SSH or RDP traffic from one single IP address from which the investigators can safely examine the instance. For more information on security scenarios for your EC2 Instance, please refer to below URL https://d1.awsstatic.com/Marketplace/scenarios/security/SEC_11_TSB_Final.pdf
3. Right Answer: C
Explanation: The Cloud Trail event history allows to view events which are recorded for 90 days. So one can use a metric filter to gather the API calls from 11 days ago. Option A and C is invalid because Cloudwatch is used for logging and not for monitoring API activity Option D is invalid because AWS(Amazon Web Service) Config is a configuration service and not for monitoring API activity For more information on AWS(Amazon Web Service) Cloudtrail, please visit the following url https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html
4. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Server-side encryption protects data at rest. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) uses strong multi-factor encryption. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it rotates regularly. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data. All other options are invalid since here you need to ensue the keys are manually rotated since you manage the entire key set. Using AWS(Amazon Web Service) S3 Server side encryption , AWS(Amazon Web Service) will manage the rotation of keys automatically. For more information on Server side encryption, please visit the following url https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
5. Right Answer: A
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment