CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 3
1. A Devops team is currently looking at the security aspect of their CI/CD pipeline. They are making use of AWS(Amazon Web Service) resources for their infrastructure. They want to ensure that the EC2 Instances don't have any high security vulnerabilities. They want to ensure a complete DevSecOps process. How can this be achieved?
A) Use AWS(Amazon Web Service) Trusted Advisor API's in the pipeline for the EC2 Instances
B) Use AWS(Amazon Web Service) Config to check the state of the EC2 instance for any sort of security issues.
C) Use AWS(Amazon Web Service) Inspector API's in the pipeline for the EC2 Instances
D) Use AWS(Amazon Web Service) Security Groups to ensure no vulnerabilities are present
2. A company is planning to run a number of Admin related scripts using the AWS(Amazon Web Service) Lambda service. There is a need to understand if there are any errors encountered when the script run. How can this be accomplished in the most effective manner?
A) Use Cloud trail to monitor for errors
B) Use the AWS(Amazon Web Service) Inspector service to monitor for errors
C) Use the AWS(Amazon Web Service) Config service to monitor for errors
D) Use Cloud watch metrics and logs to watch for errors
3. Your company has a hybrid environment , with on-premise servers and servers hosted in the AWS(Amazon Web Service) cloud. They are planning to use the Systems Manager for patching servers. Which of the following is a pre-requisite for this to work?
A) Ensure that the on-premise servers are running on Hyper-V.
B) Ensure that an IAM User is created
C) Ensure that an IAM Group is created for the on-premise servers
D) Ensure that an IAM service role is created
4. Your company has an external web site. This web site needs to access the objects in an S3 bucket. Which of the following would allow the web site to access the objects in the most secure manner?
A) Use the aws:sites key in the condition clause for the bucket policy
B) Grant a role that can be assumed by the web site
C) Grant public access for the bucket via the bucket policy
D) Use the aws:Referer key in the condition clause for the bucket policy
5. You need to inspect the running processes on an EC2 Instance that may have a security issue. How can you achieve this in the easiest way possible. Also you need to ensure that the process does not interfere with the continuous running of the instance. Please select:
A) Use the SSM Run command to send the list of running processes information to an S3 bucket.
B) Use AWS(Amazon Web Service) Configure to see the changed process information on the server
C) Use AWS(Amazon Web Service) Cloud watch to record the processes running on the server
D) Use AWS(Amazon Web Service) Cloud trail to record the processes running on the server to an S3 bucket
A) Use AWS(Amazon Web Service) Trusted Advisor API's in the pipeline for the EC2 Instances
B) Use AWS(Amazon Web Service) Config to check the state of the EC2 instance for any sort of security issues.
C) Use AWS(Amazon Web Service) Inspector API's in the pipeline for the EC2 Instances
D) Use AWS(Amazon Web Service) Security Groups to ensure no vulnerabilities are present
2. A company is planning to run a number of Admin related scripts using the AWS(Amazon Web Service) Lambda service. There is a need to understand if there are any errors encountered when the script run. How can this be accomplished in the most effective manner?
A) Use Cloud trail to monitor for errors
B) Use the AWS(Amazon Web Service) Inspector service to monitor for errors
C) Use the AWS(Amazon Web Service) Config service to monitor for errors
D) Use Cloud watch metrics and logs to watch for errors
3. Your company has a hybrid environment , with on-premise servers and servers hosted in the AWS(Amazon Web Service) cloud. They are planning to use the Systems Manager for patching servers. Which of the following is a pre-requisite for this to work?
A) Ensure that the on-premise servers are running on Hyper-V.
B) Ensure that an IAM User is created
C) Ensure that an IAM Group is created for the on-premise servers
D) Ensure that an IAM service role is created
4. Your company has an external web site. This web site needs to access the objects in an S3 bucket. Which of the following would allow the web site to access the objects in the most secure manner?
A) Use the aws:sites key in the condition clause for the bucket policy
B) Grant a role that can be assumed by the web site
C) Grant public access for the bucket via the bucket policy
D) Use the aws:Referer key in the condition clause for the bucket policy
5. You need to inspect the running processes on an EC2 Instance that may have a security issue. How can you achieve this in the easiest way possible. Also you need to ensure that the process does not interfere with the continuous running of the instance. Please select:
A) Use the SSM Run command to send the list of running processes information to an S3 bucket.
B) Use AWS(Amazon Web Service) Configure to see the changed process information on the server
C) Use AWS(Amazon Web Service) Cloud watch to record the processes running on the server
D) Use AWS(Amazon Web Service) Cloud trail to record the processes running on the server to an S3 bucket
1. Right Answer: C
Explanation: Amazon Inspector offers a programmatic way to find security defects or misconfigurations in your operating systems and applications. Because you can use API calls to access both the processing of assessments and the results of your assessments, integration of the findings into workflow and notification systems is simple. DevOps teams can integrate Amazon Inspector into their CI/CD pipelines and use it to identify any pre-existing issues or when new issues are introduced. Option A,C and D are all incorrect since these services cannot check for Security Vulnerabilities. These can only be checked by the AWS(Amazon Web Service) Inspector service. For more information on AWS(Amazon Web Service) Security best practises, please refer to below URL https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
2. Right Answer: D
Explanation:
3. Right Answer: D
Explanation: You need to ensure that an IAM service role is created for allowing the on-premise servers to communicate with the AWS(Amazon Web Service) Systems Manager. Option A is incorrect since it is not necessary that servers should only be running Hyper-V Options C and D are incorrect since it is not necessary that IAM users and groups are created For more information on the Systems Manager role please refer to the below url https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html
4. Right Answer: D
Explanation: An example of this is given in the AWS(Amazon Web Service) Documentation Option A is invalid because giving public access is not a secure way to provide access Option C is invalid because aws:sites is not a valid condition key Option D is invalid because IAM roles will not be assigned to web sites For more information on example bucket policies please visit the below Link: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
5. Right Answer: A
Explanation:
Explanation: Amazon Inspector offers a programmatic way to find security defects or misconfigurations in your operating systems and applications. Because you can use API calls to access both the processing of assessments and the results of your assessments, integration of the findings into workflow and notification systems is simple. DevOps teams can integrate Amazon Inspector into their CI/CD pipelines and use it to identify any pre-existing issues or when new issues are introduced. Option A,C and D are all incorrect since these services cannot check for Security Vulnerabilities. These can only be checked by the AWS(Amazon Web Service) Inspector service. For more information on AWS(Amazon Web Service) Security best practises, please refer to below URL https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
2. Right Answer: D
Explanation:
3. Right Answer: D
Explanation: You need to ensure that an IAM service role is created for allowing the on-premise servers to communicate with the AWS(Amazon Web Service) Systems Manager. Option A is incorrect since it is not necessary that servers should only be running Hyper-V Options C and D are incorrect since it is not necessary that IAM users and groups are created For more information on the Systems Manager role please refer to the below url https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html
4. Right Answer: D
Explanation: An example of this is given in the AWS(Amazon Web Service) Documentation Option A is invalid because giving public access is not a secure way to provide access Option C is invalid because aws:sites is not a valid condition key Option D is invalid because IAM roles will not be assigned to web sites For more information on example bucket policies please visit the below Link: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
5. Right Answer: A
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment