CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 19
1. You have been given a new brief from your supervisor for a client who needs a web application set up on AWS. The most Important requirement is that My SQL must be used as the database, and this database must not be hosted in the public cloud, but rather at the client?s data center due to security risks. Which of the following solutions would be the best to assure that the client?s requirements are met? Choose the correct answer from the options below Please select:
A) Build the application server on a public subnet and the database at the client?s data center. Connect them with a VPN connection which uses IPsec.
B) Build the application server on a public subnet and the database on a private subnet with a NAT Instance between them.
C) Use the public subnet for the application server and use RDS with a storage gateway to access and synchronize the data securely from the local data center
D) Build the application server on a public subnet and build the database in a private subnet with a secure ssh connection to the private subnet from the client?s data center.
2. You have a requirement to serve up private content using the keys available with Cloudfront. How can this be achieved?
A) Add the keys to the S3 bucket
B) Add the keys to the backend distribution.
C) Use AWS(Amazon Web Service) Access keys
D) Create pre-signed URL's
3. Your company currently has a set of EC2 Instances hosted in a VPC. The IT Security department is suspecting a possible DDos attack on the instances. What can you do to zero In on the lP addresses which are receiving a flurry of requests.
A) Use AWS(Amazon Web Service) Cloud trail to get the IP addresses accessing the EC2 Instances
B) Use AWS(Amazon Web Service) Trusted Advisor to get the IP addresses accessing the EC2 Instances
C) Use VPC Flow logs to get the IP addresses accessing the EC2 Instances
D) Use AWS(Amazon Web Service) Config to get the IP addresses accessing the EC2 Instances
4. When you enable automatic key rotation for an existing CMK key where the backing key is managed by AWS, after how long is the key rotated?
A) After 30 days
B) After 128 days
C) After3years
D) After 36Sdays
5. A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?
A) Use S3 Encryption
B) Use AWS(Amazon Web Service) KMS Customer Default master key
C) Use SSL/TLS for encrypting the data
D) Encrypt the EBS volumes of the underlying EC2 Instances
A) Build the application server on a public subnet and the database at the client?s data center. Connect them with a VPN connection which uses IPsec.
B) Build the application server on a public subnet and the database on a private subnet with a NAT Instance between them.
C) Use the public subnet for the application server and use RDS with a storage gateway to access and synchronize the data securely from the local data center
D) Build the application server on a public subnet and build the database in a private subnet with a secure ssh connection to the private subnet from the client?s data center.
2. You have a requirement to serve up private content using the keys available with Cloudfront. How can this be achieved?
A) Add the keys to the S3 bucket
B) Add the keys to the backend distribution.
C) Use AWS(Amazon Web Service) Access keys
D) Create pre-signed URL's
3. Your company currently has a set of EC2 Instances hosted in a VPC. The IT Security department is suspecting a possible DDos attack on the instances. What can you do to zero In on the lP addresses which are receiving a flurry of requests.
A) Use AWS(Amazon Web Service) Cloud trail to get the IP addresses accessing the EC2 Instances
B) Use AWS(Amazon Web Service) Trusted Advisor to get the IP addresses accessing the EC2 Instances
C) Use VPC Flow logs to get the IP addresses accessing the EC2 Instances
D) Use AWS(Amazon Web Service) Config to get the IP addresses accessing the EC2 Instances
4. When you enable automatic key rotation for an existing CMK key where the backing key is managed by AWS, after how long is the key rotated?
A) After 30 days
B) After 128 days
C) After3years
D) After 36Sdays
5. A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?
A) Use S3 Encryption
B) Use AWS(Amazon Web Service) KMS Customer Default master key
C) Use SSL/TLS for encrypting the data
D) Encrypt the EBS volumes of the underlying EC2 Instances
1. Right Answer: A
Explanation:
2. Right Answer: D
Explanation: Option A and B are invalid because you will not add keys to either the backend distribution or the S3 bucket. Option D is invalid because this is used for programmatic access to AWS(Amazon Web Service) resources You can use Cloudfront key pairs to create a trusted pre-signed URL which can be distributed to users For more information on Cloudfront private trusted content, please visit the following url https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
3. Right Answer: C
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Amazon Redshift uses a hierarchy of encryption keys to encrypt the database. You can use either AWS(Amazon Web Service) Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys. Option A is invalid because its the cluster that needs to be encrypted Option C is invalid because this encrypts objects in transit and not objects at rest Option D is invalid because this is used only for objects in S3 buckets For more information on Redshift encryption, please visit the following url https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html
Explanation:
2. Right Answer: D
Explanation: Option A and B are invalid because you will not add keys to either the backend distribution or the S3 bucket. Option D is invalid because this is used for programmatic access to AWS(Amazon Web Service) resources You can use Cloudfront key pairs to create a trusted pre-signed URL which can be distributed to users For more information on Cloudfront private trusted content, please visit the following url https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
3. Right Answer: C
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Amazon Redshift uses a hierarchy of encryption keys to encrypt the database. You can use either AWS(Amazon Web Service) Key Management Service (AWS KMS) or a hardware security module (HSM) to manage the top-level encryption keys in this hierarchy. The process that Amazon Redshift uses for encryption differs depending on how you manage keys. Option A is invalid because its the cluster that needs to be encrypted Option C is invalid because this encrypts objects in transit and not objects at rest Option D is invalid because this is used only for objects in S3 buckets For more information on Redshift encryption, please visit the following url https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment