CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 17
1. A company is planning on extending their on-premise AWS(Amazon Web Service) Infrastructure to the AWS(Amazon Web Service) Cloud. They need to have a solution that would give core benefits of traffic encryption and ensure latency is kept to a minimum. Which of the following would help fulfil this requirement? Choose 2 answers from the options given below(Select 2answers)
A) AWS VPC Peering
B) AWS NAT gateways
C) AWS Direct Connect
D) AWS VPN
2. You are working for a company and been allocated the task for ensuring that there is a federated authentication mechanism setup between AWS(Amazon Web Service) and their On-premise Active Directory. Which of the following are Important steps that need to be covered In this process? Choose 2 answers from the options given below.(Select 2answers)
A) Ensure the right match is in place for On-premise AD Groups and AM Groups.
B) Ensure the right match is In place for On-premise AD Groups and IAM Roles.
C) Configure AWS(Amazon Web Service) as the relying party in Active Directory
D) Configure AWS(Amazon Web Service) as the relying party in Active Directory Federation services
3. One of your company's EC2 Instances have been compromised. The company has strict policies and needs a thorough investigation on to finding the culprit for the security breach. What would you do in this case. Choose 3 answers from the options given below.(Select 3answers)
A) Ensure logging and audit is enabled for all services
B) Ensure that all access keys are rotated.
C) Isolate the machine from the network
D) Ensure all passwords for all IAM users are changed
E) Take a snapshot of the EBS volume
4. You need to inspect the running processes on an EC2 Instance that may have a security issue. How can you achieve this in the easiest way possible. Also you need to ensure that the process does not interfere with the continuous running of the instance.
A) Use AWS(Amazon Web Service) Cloudtrail to record the processes running on the server to an S3 bucket.
B) Use the SSM Run command to send the list of running processes information to an S3 bucket.
C) Use AWS(Amazon Web Service) Cloudwatch to record the processes running on the server
D) Use AWS(Amazon Web Service) Config to see the changed process information on the server
5. Development teams in your organization use 53 buckets to store the log files for various application hosted in development environments in AWS. The developers want to keep the logs for one month for troubleshooting purposes, and then purge the logs. What feature will enable this requirement?
A) Configuring lifecycle configuration rules on the S3 bucket
B) Creating an lAM policy for the S3 bucket.
C) Enabling CORS on the S3 bucket.
D) Adding a bucket policy on the S3 bucket.
A) AWS VPC Peering
B) AWS NAT gateways
C) AWS Direct Connect
D) AWS VPN
2. You are working for a company and been allocated the task for ensuring that there is a federated authentication mechanism setup between AWS(Amazon Web Service) and their On-premise Active Directory. Which of the following are Important steps that need to be covered In this process? Choose 2 answers from the options given below.(Select 2answers)
A) Ensure the right match is in place for On-premise AD Groups and AM Groups.
B) Ensure the right match is In place for On-premise AD Groups and IAM Roles.
C) Configure AWS(Amazon Web Service) as the relying party in Active Directory
D) Configure AWS(Amazon Web Service) as the relying party in Active Directory Federation services
3. One of your company's EC2 Instances have been compromised. The company has strict policies and needs a thorough investigation on to finding the culprit for the security breach. What would you do in this case. Choose 3 answers from the options given below.(Select 3answers)
A) Ensure logging and audit is enabled for all services
B) Ensure that all access keys are rotated.
C) Isolate the machine from the network
D) Ensure all passwords for all IAM users are changed
E) Take a snapshot of the EBS volume
4. You need to inspect the running processes on an EC2 Instance that may have a security issue. How can you achieve this in the easiest way possible. Also you need to ensure that the process does not interfere with the continuous running of the instance.
A) Use AWS(Amazon Web Service) Cloudtrail to record the processes running on the server to an S3 bucket.
B) Use the SSM Run command to send the list of running processes information to an S3 bucket.
C) Use AWS(Amazon Web Service) Cloudwatch to record the processes running on the server
D) Use AWS(Amazon Web Service) Config to see the changed process information on the server
5. Development teams in your organization use 53 buckets to store the log files for various application hosted in development environments in AWS. The developers want to keep the logs for one month for troubleshooting purposes, and then purge the logs. What feature will enable this requirement?
A) Configuring lifecycle configuration rules on the S3 bucket
B) Creating an lAM policy for the S3 bucket.
C) Enabling CORS on the S3 bucket.
D) Adding a bucket policy on the S3 bucket.
1. Right Answer: C,D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following which supports the above requirement Option B is invalid because VPC peering is only used for connection between VPC's and cannot be used to connect On-premise infrastructure to the AWS(Amazon Web Service) Cloud. Option C is invalid because NAT gateways is used to connect instances in a private subnet to the Internet For more information on VPN Connections, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html
2. Right Answer: B,D
Explanation:
3. Right Answer: A,C,E
Explanation: Some of the important aspects in such a situation are 1) First isolate the instance so that no further security harm can occur on other AWS(Amazon Web Service) resources 2) Take a snapshot of the EBS volume for further investigation. This is incase if you need to shutdown the initial instance and do a separate investigation on the data 3) Ensure that logging is enabled for all services. Here you could investigate any abnormal behavior which could have been caused by the security breach. Option D and E are invalid because they could have adverse effects for the other IAM users. For more information on adopting a security framework, please refer to below URL https://d1.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf
4. Right Answer: B
Explanation: The SSM Run command can be used to send OS specific commands to an Instance. Here you can check and see the running processes on an instance and then send the output to an S3 bucket. Option A is invalid because this is used to record API activity and cannot be used to record running processes. Option B is invalid because Cloudwatch is a logging and metric service and cannot be used to record running processes. Option D is invalid because AWS(Amazon Web Service) Config is a configuration service and cannot be used to record running processes. For more information on the Systems Manager Run command, please visit the following url https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html
5. Right Answer: A
Explanation:
Explanation: The AWS(Amazon Web Service) Documentation mentions the following which supports the above requirement Option B is invalid because VPC peering is only used for connection between VPC's and cannot be used to connect On-premise infrastructure to the AWS(Amazon Web Service) Cloud. Option C is invalid because NAT gateways is used to connect instances in a private subnet to the Internet For more information on VPN Connections, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html
2. Right Answer: B,D
Explanation:
3. Right Answer: A,C,E
Explanation: Some of the important aspects in such a situation are 1) First isolate the instance so that no further security harm can occur on other AWS(Amazon Web Service) resources 2) Take a snapshot of the EBS volume for further investigation. This is incase if you need to shutdown the initial instance and do a separate investigation on the data 3) Ensure that logging is enabled for all services. Here you could investigate any abnormal behavior which could have been caused by the security breach. Option D and E are invalid because they could have adverse effects for the other IAM users. For more information on adopting a security framework, please refer to below URL https://d1.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf
4. Right Answer: B
Explanation: The SSM Run command can be used to send OS specific commands to an Instance. Here you can check and see the running processes on an instance and then send the output to an S3 bucket. Option A is invalid because this is used to record API activity and cannot be used to record running processes. Option B is invalid because Cloudwatch is a logging and metric service and cannot be used to record running processes. Option D is invalid because AWS(Amazon Web Service) Config is a configuration service and cannot be used to record running processes. For more information on the Systems Manager Run command, please visit the following url https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html
5. Right Answer: A
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment