CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 23
1. Your IT Security department has mandated that all data on EBS volumes created for underlying EC2 Instances need to be encrypted. Which of the following can help achieve this? Please select:
A) API Gateway with STS
B) IAM Access Key
C) AWS KMSAPI
D) AWS Certificate Manager
2. Your company has a requirement to work with a Dynamo DB table. There is a security mandate that all data should be encrypted at rest. What is the easiest way to accomplish this for Dynamo DB. Please select:
A) Use S3 buckets to encrypt the data before sending it to Dynamo DB
B) Use the AWS(Amazon Web Service) SDK to encrypt the data before sending it to the Dynamo DB table
C) Encrypt the Dynamo DB table using KMS during its creation
D) Encrypt the table using AWS(Amazon Web Service) KMS after it is created
3. A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What is the other step that needs to be followed to ensure that the AD domain join can work as intended
A) Ensure that the AD is placed in a public subnet
B) Ensure the security groups for the AD hosted subnet has the right rule for relevant subnets
C) Change the VPC peering connection to a Direct Connect connection
D) Change the VPC peering connection to a VPN connection
4. Your company has a set of EC2 Instances defined in AWS. They need to ensure that all traffic packets are monitored and inspected for any security threats. How can this be achieved? Choose 2 answers from the options given below Please select:(Select 2answers)
A) Use VPC Flow logs
B) Use a host based intrusion detect Ion system
C) Use a third party firewall installed on a central EC2 Instance .
D) Use Network Access control lists logging
5. A company hosts data in S3. There is now a mandate that going forward all data in the S3 bucket needs to encrypt at rest. How can this be achieved?
A) Use SSL certificates to encrypt the data
B) Use AWS(Amazon Web Service) Access keys to encrypt the data
C) Enable server side encryption on the S3 bucket
D) Enable MFA on the S3 bucket
A) API Gateway with STS
B) IAM Access Key
C) AWS KMSAPI
D) AWS Certificate Manager
2. Your company has a requirement to work with a Dynamo DB table. There is a security mandate that all data should be encrypted at rest. What is the easiest way to accomplish this for Dynamo DB. Please select:
A) Use S3 buckets to encrypt the data before sending it to Dynamo DB
B) Use the AWS(Amazon Web Service) SDK to encrypt the data before sending it to the Dynamo DB table
C) Encrypt the Dynamo DB table using KMS during its creation
D) Encrypt the table using AWS(Amazon Web Service) KMS after it is created
3. A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What is the other step that needs to be followed to ensure that the AD domain join can work as intended
A) Ensure that the AD is placed in a public subnet
B) Ensure the security groups for the AD hosted subnet has the right rule for relevant subnets
C) Change the VPC peering connection to a Direct Connect connection
D) Change the VPC peering connection to a VPN connection
4. Your company has a set of EC2 Instances defined in AWS. They need to ensure that all traffic packets are monitored and inspected for any security threats. How can this be achieved? Choose 2 answers from the options given below Please select:(Select 2answers)
A) Use VPC Flow logs
B) Use a host based intrusion detect Ion system
C) Use a third party firewall installed on a central EC2 Instance .
D) Use Network Access control lists logging
5. A company hosts data in S3. There is now a mandate that going forward all data in the S3 bucket needs to encrypt at rest. How can this be achieved?
A) Use SSL certificates to encrypt the data
B) Use AWS(Amazon Web Service) Access keys to encrypt the data
C) Enable server side encryption on the S3 bucket
D) Enable MFA on the S3 bucket
1. Right Answer: C
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: B
Explanation: In addition to VPC peering and setting the right route tables , the security groups for the AD EC2 instance needs to ensure the right rules are put in place for allowing incoming traffic. Option A and B is invalid because changing the connection type will not help. This is a problem with the Security Groups. Option D is invalid since the AD should not be placed in a public subnet For more information on allowing ingress traffic for AD, please visit the following url https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/ingress.html
4. Right Answer: B,C
Explanation:
5. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Server-side encryption is about data encryption at rest'that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Options A and B are invalid because neither Access Keys nor SSL certificates can be used to encrypt data. Option D is invalid because MFA is just used as an extra level of security for S3 buckets For more information on S3 server side encryption, please refer to the below link https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
Explanation:
2. Right Answer: C
Explanation:
3. Right Answer: B
Explanation: In addition to VPC peering and setting the right route tables , the security groups for the AD EC2 instance needs to ensure the right rules are put in place for allowing incoming traffic. Option A and B is invalid because changing the connection type will not help. This is a problem with the Security Groups. Option D is invalid since the AD should not be placed in a public subnet For more information on allowing ingress traffic for AD, please visit the following url https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/ingress.html
4. Right Answer: B,C
Explanation:
5. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Server-side encryption is about data encryption at rest'that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it. As long as you authenticate your request and you have access permissions, there is no difference in the way you access encrypted or unencrypted objects. Options A and B are invalid because neither Access Keys nor SSL certificates can be used to encrypt data. Option D is invalid because MFA is just used as an extra level of security for S3 buckets For more information on S3 server side encryption, please refer to the below link https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment