CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 24
1. A customer has an instance hosted in the AWS(Amazon Web Service) Public Cloud. The VPC and subnet used to host the Instance have been created with the default settings for the Network Access Control Lists. They need to provide an IT Administrator secure access to the underlying instance. How can this be accomplished.
A) Ensure that the security group allows Inbound SSH traffic from the IT Administrator's Workstation
B) Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT Administrator's Workstation
C) Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT Administrator's Workstation
D) Ensure that the security group allows Outbound SSH traffic from the IT Administrator's Workstation
2. A company has resources hosted in their AWS(Amazon Web Service) Account. There is a requirement to monitor all API activity for all regions. The audit needs to be applied for future regions as well Which of the following can be used to fulfill this requirement.
A) Ensure Cloud trail for each region. Then enable for each future region.
B) Create a Cloud trail for each region. Use Cloud formation to enable the trail for all future regions.
C) Ensure one Cloud trail trail Is enabled for all regions.
D) Create a Cloud trail for each region. Use AWS(Amazon Web Service) Config to enable the trail for all future regions.
3. Your company has a set of EC2 Instances that are placed behind an ELB. Some of the applications hosted on these instances communicate via a legacy protocol. There is a security mandate that all traffic between the client and the EC2 Instances need to be secure. How would you accomplish this?
A) Use a Classic Load balancer and terminate the SSL connection at the ELB
B) Use an Application Load balancer and terminate the SSL connection at the EC2 Instances
C) Use a Classic Load balancer and terminate the SSL connection at the EC2 Instances
D) Use an Application Load balancer and terminate the SSL connection at the ELB
4. Your company manages thousands of EC2 Instances. There is a mandate to ensure that all servers don't have any critical security flaws. Which of the following can be done to ensure this? Choose 2 answers from the options given below.(Select 2answers)
A) Use AWS(Amazon Web Service) Inspector to ensure that the servers have no critical flaws.
B) Use AWS(Amazon Web Service) Inspector to patch the servers
C) Use AWS(Amazon Web Service) SSM to patch the servers
D) Use AWS(Amazon Web Service) Config to ensure that the servers have no critical flaws.
5. A company hosts data in S3. There is now a mandate that going forward all data in the S3 bucket needs to encrypt at rest. How can this be achieved? Please select:
A) Use AWS(Amazon Web Service) Access keys to encrypt the data
B) Use SSL certificates to encrypt the data
C) Enable server side encryption on the S3 bucket
D) Enable MFA on the 53 bucket
A) Ensure that the security group allows Inbound SSH traffic from the IT Administrator's Workstation
B) Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT Administrator's Workstation
C) Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT Administrator's Workstation
D) Ensure that the security group allows Outbound SSH traffic from the IT Administrator's Workstation
2. A company has resources hosted in their AWS(Amazon Web Service) Account. There is a requirement to monitor all API activity for all regions. The audit needs to be applied for future regions as well Which of the following can be used to fulfill this requirement.
A) Ensure Cloud trail for each region. Then enable for each future region.
B) Create a Cloud trail for each region. Use Cloud formation to enable the trail for all future regions.
C) Ensure one Cloud trail trail Is enabled for all regions.
D) Create a Cloud trail for each region. Use AWS(Amazon Web Service) Config to enable the trail for all future regions.
3. Your company has a set of EC2 Instances that are placed behind an ELB. Some of the applications hosted on these instances communicate via a legacy protocol. There is a security mandate that all traffic between the client and the EC2 Instances need to be secure. How would you accomplish this?
A) Use a Classic Load balancer and terminate the SSL connection at the ELB
B) Use an Application Load balancer and terminate the SSL connection at the EC2 Instances
C) Use a Classic Load balancer and terminate the SSL connection at the EC2 Instances
D) Use an Application Load balancer and terminate the SSL connection at the ELB
4. Your company manages thousands of EC2 Instances. There is a mandate to ensure that all servers don't have any critical security flaws. Which of the following can be done to ensure this? Choose 2 answers from the options given below.(Select 2answers)
A) Use AWS(Amazon Web Service) Inspector to ensure that the servers have no critical flaws.
B) Use AWS(Amazon Web Service) Inspector to patch the servers
C) Use AWS(Amazon Web Service) SSM to patch the servers
D) Use AWS(Amazon Web Service) Config to ensure that the servers have no critical flaws.
5. A company hosts data in S3. There is now a mandate that going forward all data in the S3 bucket needs to encrypt at rest. How can this be achieved? Please select:
A) Use AWS(Amazon Web Service) Access keys to encrypt the data
B) Use SSL certificates to encrypt the data
C) Enable server side encryption on the S3 bucket
D) Enable MFA on the 53 bucket
1. Right Answer: A
Explanation: Options A & B are invalid as default NACL rule will allow all inbound and outbound traffic. The requirement is that the IT administrator should be able to access this EC2 instance from his workstation. For that we need to enable the Security Group of EC2 instance to allow traffic from the IT administrator's workstation.Hence choice C is correct. Option D is incorrect as we need to enable the Inbound SSH traffic on the EC2 instance Security Group since the traffic originates from the IT admin's workstation.
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation: Since there are applications which work on legacy protocols, you need to ensure that the ELB can be used at the network layer as well and hence you should choose the Classic ELB. Since the traffic needs to be secure till the EC2 Instances , the SSL termination should occur on the Ec2 Instances. Option A and C are invalid because you need to use a Classic Load balancer since this is a legacy application. Option B is incorrect since encryption is required until the EC2 Instance For more information on HTTPS listeners for classic load balancers, please refer to below URL https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-https-load-balancers.html
4. Right Answer: A,C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following on AWS(Amazon Web Service) Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. Option A is invalid because the AWS(Amazon Web Service) Config service is not used to check the vulnerabilities on servers Option C is invalid because the AWS(Amazon Web Service) Inspector service is not used to patch servers For more information on AWS(Amazon Web Service) Inspector, please visit the following url https://aws.amazon.com/inspector/ Once you understand the list of servers which require critical updates , you can rectify them by installing the required patches via the SSM tool. For more information on the Systems Manager, please visit the following url https://docs.aws.amazon.com/systems-manager/latest/APIReference/Welcome.html
5. Right Answer: C
Explanation:
Explanation: Options A & B are invalid as default NACL rule will allow all inbound and outbound traffic. The requirement is that the IT administrator should be able to access this EC2 instance from his workstation. For that we need to enable the Security Group of EC2 instance to allow traffic from the IT administrator's workstation.Hence choice C is correct. Option D is incorrect as we need to enable the Inbound SSH traffic on the EC2 instance Security Group since the traffic originates from the IT admin's workstation.
2. Right Answer: C
Explanation:
3. Right Answer: C
Explanation: Since there are applications which work on legacy protocols, you need to ensure that the ELB can be used at the network layer as well and hence you should choose the Classic ELB. Since the traffic needs to be secure till the EC2 Instances , the SSL termination should occur on the Ec2 Instances. Option A and C are invalid because you need to use a Classic Load balancer since this is a legacy application. Option B is incorrect since encryption is required until the EC2 Instance For more information on HTTPS listeners for classic load balancers, please refer to below URL https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-https-load-balancers.html
4. Right Answer: A,C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following on AWS(Amazon Web Service) Inspector Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. Option A is invalid because the AWS(Amazon Web Service) Config service is not used to check the vulnerabilities on servers Option C is invalid because the AWS(Amazon Web Service) Inspector service is not used to patch servers For more information on AWS(Amazon Web Service) Inspector, please visit the following url https://aws.amazon.com/inspector/ Once you understand the list of servers which require critical updates , you can rectify them by installing the required patches via the SSM tool. For more information on the Systems Manager, please visit the following url https://docs.aws.amazon.com/systems-manager/latest/APIReference/Welcome.html
5. Right Answer: C
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment