CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 18
1. You need to have a requirement to store objects in an 53 bucket with a key that is automatically managed and rotated. Which of the following can be used for this purpose?
A) AWS Customer Keys
B) AWS KMS
C) AWS Cloud HSM
D) AWS S3 Server side encryption
2. How can you ensure that instance in an VPC does not use AWS(Amazon Web Service) DNS for routing DNS requests. You want to use your own managed DNS instance. How can this be achieved?
A) Change the subnet configuration to allow DNS requests from the new DNS Server
B) Change the existing DHCP options set
C) Change the route table for the VPC
D) Create a new DHCP options set and replace the existing one.
3. Your company has a requirement to monitor all root user activity. How can this best be achieved? Choose 2 answers from the options given below. Each answer forms part of the solution(Select 2answers)
A) Use Cloudtrail API call (Incorrect)
B) Create a Cloudwatch Logs Rule
C) Create a Cloudwatch Events Rule
D) Use a Lambda function
4. A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What Is the other step that needs to be followed to ensure that the AD domain join can work as intended Please select:
A) Change the VPC peering connection to a VPN connection
B) Ensure that the AD is placed In a public subnet
C) Ensure the security groups for the AD hosted subnet has the right rule for relevant subnets
D) Change the VPC peering connection to a Direct Connect connection
5. You are designing a custom IAM policy that would allow uses to list buckets in 53 only if they are MFA authenticated. Which of the following would best match this requirement?
A) Version': '201 2-1 0-17'. 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets'. 's3:GetBucketLocation' 'Resource': 'Resource': 'arn:aws:s3:::t', 'Condition': ( 'aws: Multi Factor Auth Present':true ) )
B) Please select: 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets'. 's3:GetBucketLocation' 1. Resource?: 'Resource': arn:aws:s3:::*, 'Condition': { 'Bool': f'aws: Multi Factor Auth Present': true) ) ) )
C) Version: '2012-1 0-1 7', 'Statement': { Effect': 'All ow? 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' 'Resource': 'Resource': 'arn:aws:s3:: :*hI, Condition': { 'Bool': ('aws:MultiFactorAuthPresent':false) )
D) Version: '2012-10-17', 'Statement': ( 'Effect': 'Allow'. TMAction': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' 1. 'Resource': 'Resource': Iarn:aws:s3:::*, 'Condition': ( 'aws:M ultiFactorAuthPresent':false )
A) AWS Customer Keys
B) AWS KMS
C) AWS Cloud HSM
D) AWS S3 Server side encryption
2. How can you ensure that instance in an VPC does not use AWS(Amazon Web Service) DNS for routing DNS requests. You want to use your own managed DNS instance. How can this be achieved?
A) Change the subnet configuration to allow DNS requests from the new DNS Server
B) Change the existing DHCP options set
C) Change the route table for the VPC
D) Create a new DHCP options set and replace the existing one.
3. Your company has a requirement to monitor all root user activity. How can this best be achieved? Choose 2 answers from the options given below. Each answer forms part of the solution(Select 2answers)
A) Use Cloudtrail API call (Incorrect)
B) Create a Cloudwatch Logs Rule
C) Create a Cloudwatch Events Rule
D) Use a Lambda function
4. A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What Is the other step that needs to be followed to ensure that the AD domain join can work as intended Please select:
A) Change the VPC peering connection to a VPN connection
B) Ensure that the AD is placed In a public subnet
C) Ensure the security groups for the AD hosted subnet has the right rule for relevant subnets
D) Change the VPC peering connection to a Direct Connect connection
5. You are designing a custom IAM policy that would allow uses to list buckets in 53 only if they are MFA authenticated. Which of the following would best match this requirement?
A) Version': '201 2-1 0-17'. 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets'. 's3:GetBucketLocation' 'Resource': 'Resource': 'arn:aws:s3:::t', 'Condition': ( 'aws: Multi Factor Auth Present':true ) )
B) Please select: 'Version': '2012-10-17', 'Statement': { 'Effect': 'Allow', 'Action': [ 's3:ListAllMyBuckets'. 's3:GetBucketLocation' 1. Resource?: 'Resource': arn:aws:s3:::*, 'Condition': { 'Bool': f'aws: Multi Factor Auth Present': true) ) ) )
C) Version: '2012-1 0-1 7', 'Statement': { Effect': 'All ow? 'Action': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' 'Resource': 'Resource': 'arn:aws:s3:: :*hI, Condition': { 'Bool': ('aws:MultiFactorAuthPresent':false) )
D) Version: '2012-10-17', 'Statement': ( 'Effect': 'Allow'. TMAction': [ 's3:ListAllMyBuckets', 's3:GetBucketLocation' 1. 'Resource': 'Resource': Iarn:aws:s3:::*, 'Condition': ( 'aws:M ultiFactorAuthPresent':false )
1. Right Answer: D
Explanation:
2. Right Answer: D
Explanation: In order to use your own DNS server , you need to ensure that you create a new custom DHCP options set with the IP of the custom DNS server. You cannot modify the existing set , so you need to create a new one. Option A is invalid because you cannot make changes to an existing DHCP options Set. Option C is invalid because this can only be used to work with Routes and not with a custom DNS solution. Option D is invalid because this needs to be done at the VPC level and not at the Subnet level For more information on DHCP options set, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html
3. Right Answer: C,D
Explanation: Below is a snippet from the AWS(Amazon Web Service) blogs on a solution Option B is invalid because you need to create a Cloudwatch Events Rule and there is such thing as a Cloudwatch Logs Rule Option D is invalid because Cloud Trail API calls can be recorded but cannot be used to send across notifications For more information on this blog article, please visit the following url https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/
4. Right Answer: C
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: D
Explanation: In order to use your own DNS server , you need to ensure that you create a new custom DHCP options set with the IP of the custom DNS server. You cannot modify the existing set , so you need to create a new one. Option A is invalid because you cannot make changes to an existing DHCP options Set. Option C is invalid because this can only be used to work with Routes and not with a custom DNS solution. Option D is invalid because this needs to be done at the VPC level and not at the Subnet level For more information on DHCP options set, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html
3. Right Answer: C,D
Explanation: Below is a snippet from the AWS(Amazon Web Service) blogs on a solution Option B is invalid because you need to create a Cloudwatch Events Rule and there is such thing as a Cloudwatch Logs Rule Option D is invalid because Cloud Trail API calls can be recorded but cannot be used to send across notifications For more information on this blog article, please visit the following url https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/
4. Right Answer: C
Explanation:
5. Right Answer: B
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment