CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 26
1. A company has an existing AWS(Amazon Web Service) account and a set of critical resources hosted in that account. The employee who was in-charge of the root account has left the company. What must be now done to secure the account. Choose 3 answers from the options given below.(Select 3answers)
A) Delete the access keys for the root account
B) Delete all custom created IAM policies
C) Change the password for the root account
D) Change the password for all IAM users
E) Change the access keys for all IAM users.
F) Confirm MFA to a secure device
2. Which technique can be used to integrate AWS(Amazon Web Service) lAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service? Please select:
A) Use lAM roles to automatically rotate the lAM credentials when LDAP credentials are updated.
B) Use AWS(Amazon Web Service) Security Token Service from an identity broker to issue short-lived AWS(Amazon Web Service) credentials.
C) Use an lAM policy that references the LDAP account identifiers and the AWS(Amazon Web Service) credentials
D) Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS(Amazon Web Service) and LDAP
3. One of your company?s EC2 Instances have been compromised. The company has strict policies and needs a thorough investigation on to finding the culprit for the security breach. What would you do in this case. Choose 3 answers from the options given below. Please select:(Select 3answers)
A) Take a snapshot of the EBS volume
B) Ensure that all access keys are rotated.
C) Ensure all passwords for all lAM users are changed
D) Isolate the machine from the network
E) Make sure that logs are stored securely for auditing and troubleshooting purpose
4. You are working for a company and been allocated the task for ensuring that there is a federated authentication mechanism setup between AWS(Amazon Web Service) and their On-premise Active Directory. Which of the following are important steps that need to be covered in this process? Choose 2 answers from the options given below.(Select 2answers)
A) Ensure the right match is in place for On-premise AD Groups and IAM Groups.
B) Ensure the right match is in place for On-premise AD Groups and IAM Roles.
C) Configure AWS(Amazon Web Service) as the relying party in Active Directory Federation services
D) Configure AWS(Amazon Web Service) as the relying party in Active Directory
5. In order to encrypt data in transit for a connection to an AWS(Amazon Web Service) RDS instance, which of the following would you implement
A) Transparent data encryption
B) Data keys from AWS(Amazon Web Service) KMS
C) Data Keys from Cloud HSM
D) SSL from your application
A) Delete the access keys for the root account
B) Delete all custom created IAM policies
C) Change the password for the root account
D) Change the password for all IAM users
E) Change the access keys for all IAM users.
F) Confirm MFA to a secure device
2. Which technique can be used to integrate AWS(Amazon Web Service) lAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service? Please select:
A) Use lAM roles to automatically rotate the lAM credentials when LDAP credentials are updated.
B) Use AWS(Amazon Web Service) Security Token Service from an identity broker to issue short-lived AWS(Amazon Web Service) credentials.
C) Use an lAM policy that references the LDAP account identifiers and the AWS(Amazon Web Service) credentials
D) Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS(Amazon Web Service) and LDAP
3. One of your company?s EC2 Instances have been compromised. The company has strict policies and needs a thorough investigation on to finding the culprit for the security breach. What would you do in this case. Choose 3 answers from the options given below. Please select:(Select 3answers)
A) Take a snapshot of the EBS volume
B) Ensure that all access keys are rotated.
C) Ensure all passwords for all lAM users are changed
D) Isolate the machine from the network
E) Make sure that logs are stored securely for auditing and troubleshooting purpose
4. You are working for a company and been allocated the task for ensuring that there is a federated authentication mechanism setup between AWS(Amazon Web Service) and their On-premise Active Directory. Which of the following are important steps that need to be covered in this process? Choose 2 answers from the options given below.(Select 2answers)
A) Ensure the right match is in place for On-premise AD Groups and IAM Groups.
B) Ensure the right match is in place for On-premise AD Groups and IAM Roles.
C) Configure AWS(Amazon Web Service) as the relying party in Active Directory Federation services
D) Configure AWS(Amazon Web Service) as the relying party in Active Directory
5. In order to encrypt data in transit for a connection to an AWS(Amazon Web Service) RDS instance, which of the following would you implement
A) Transparent data encryption
B) Data keys from AWS(Amazon Web Service) KMS
C) Data Keys from Cloud HSM
D) SSL from your application
1. Right Answer: A,C,F
Explanation: Now if the root account has a chance to be compromised , then you have to carry out the below steps 1. Delete the access keys for the root account 2. Confirm MFA to a secure device 3. Change the password for the root account This will ensure the employee who has left has no change to compromise the resources in AWS. Option A is invalid because this would hamper the working of the current IAM users Option B is invalid because this could hamper the current working of services in your AWS(Amazon Web Service) account Option F is invalid because this would hamper the working of the current IAM users For more information on IAM root user, please visit the following url https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
2. Right Answer: D
Explanation:
3. Right Answer: A,B,C
Explanation:
4. Right Answer: B,C
Explanation: The AWS(Amazon Web Service) Documentation mentions some key aspects with regards to the configuration of On-premise AD with AWS One is the Groups configuration in AD And next is the configuration of the relying party which is AWS(Amazon Web Service) ADFS federation occurs with the participation of two parties; the identity or claims provider (in this case the owner of the identity repository ' Active Directory) and the relying party, which is another application that wishes to outsource authentication to the identity provider; in this case Amazon Secure Token Service (STS). The relying party is a federation partner that is represented by a claims provider trust in the federation service. Option B is invalid because AD groups should not be matched to IAM Groups Option C is invalid because the relying party should be configured in Active Directory Federation services For more information on the federated access, please visit the following url https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/
5. Right Answer: D
Explanation:
Explanation: Now if the root account has a chance to be compromised , then you have to carry out the below steps 1. Delete the access keys for the root account 2. Confirm MFA to a secure device 3. Change the password for the root account This will ensure the employee who has left has no change to compromise the resources in AWS. Option A is invalid because this would hamper the working of the current IAM users Option B is invalid because this could hamper the current working of services in your AWS(Amazon Web Service) account Option F is invalid because this would hamper the working of the current IAM users For more information on IAM root user, please visit the following url https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html
2. Right Answer: D
Explanation:
3. Right Answer: A,B,C
Explanation:
4. Right Answer: B,C
Explanation: The AWS(Amazon Web Service) Documentation mentions some key aspects with regards to the configuration of On-premise AD with AWS One is the Groups configuration in AD And next is the configuration of the relying party which is AWS(Amazon Web Service) ADFS federation occurs with the participation of two parties; the identity or claims provider (in this case the owner of the identity repository ' Active Directory) and the relying party, which is another application that wishes to outsource authentication to the identity provider; in this case Amazon Secure Token Service (STS). The relying party is a federation partner that is represented by a claims provider trust in the federation service. Option B is invalid because AD groups should not be matched to IAM Groups Option C is invalid because the relying party should be configured in Active Directory Federation services For more information on the federated access, please visit the following url https://aws.amazon.com/blogs/security/aws-federated-authentication-with-active-directory-federation-services-ad-fs/
5. Right Answer: D
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment