CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 30
1. A security engineer must ensure that all infrastructure launched in the company AWS(Amazon Web Service) account be monitored for deviation from compliance rules, specifically that all EC2 instances are launched from one of a specified list of AMIs and that all attached EBS volumes are encrypted. Infrastructure not in compliance should be terminated. What combination of steps should the Engineer implement? Select 2 answers from the options given below.(Select 2answers)
A) Set up a CloudWatch event based on Amazon inspector findings
B) Set up a CloudWatch event based on Trusted Advisor metrics
C) Trigger a CLI command from a CloudWatch event that terminates the infrastructure
D) Monitor compliance with AWS(Amazon Web Service) Config Rules triggered by configuration changes
E) Trigger a Lambda function from a scheduled CloudWatch event that terminates non-compliant infrastructure.
2. Your application currently use AWS(Amazon Web Service) Cognito for authenticating users. Your application consists of different types of users. Some users are only allowed read access to the application and others are given contributor access. How would you manage the access effectively?(Select 2answers)
A) Create different cognito endpoints, one for the readers and the other for the contributors.
B) This needs to be managed via Web security tokens
C) Create different cognito groups. one for the readers and the other for the contributors.
D) You need to manage this within the application itself
3. A company wants to have a secure way of generating, storing and managing cryptographic keys. But they want to have exclusive access for the keys. Which of the following can be used for this purpose? Please select:
A) Use KMS and use an external key material
B) Use KMS and the normal KMS encryption keys
C) Use 53 Server Side encryption
D) Use Cloud 1-ISM
4. A company has a large set of keys defined in AWS(Amazon Web Service) KMS. Their developers frequently use the keys for the applications being developed. What is one of the ways that can be used to reduce the cost of accessing the keys In the AWS(Amazon Web Service) KMS service.
A) Create an alias of the key
B) Use the right key policy
C) Enable rotation of the keys
D) Use Data key caching
5. You have a vendor that needs access to an AWS(Amazon Web Service) resource. You create an AWS(Amazon Web Service) user account. You want to restrict access to the resou using a policy for just that user over a brief period. Which of the following would be an ideal policy to use?
A) An Inline Policy
B) Abucket ACL
C) An AWS(Amazon Web Service) Managed Policy
D) A Bucket Policy
A) Set up a CloudWatch event based on Amazon inspector findings
B) Set up a CloudWatch event based on Trusted Advisor metrics
C) Trigger a CLI command from a CloudWatch event that terminates the infrastructure
D) Monitor compliance with AWS(Amazon Web Service) Config Rules triggered by configuration changes
E) Trigger a Lambda function from a scheduled CloudWatch event that terminates non-compliant infrastructure.
2. Your application currently use AWS(Amazon Web Service) Cognito for authenticating users. Your application consists of different types of users. Some users are only allowed read access to the application and others are given contributor access. How would you manage the access effectively?(Select 2answers)
A) Create different cognito endpoints, one for the readers and the other for the contributors.
B) This needs to be managed via Web security tokens
C) Create different cognito groups. one for the readers and the other for the contributors.
D) You need to manage this within the application itself
3. A company wants to have a secure way of generating, storing and managing cryptographic keys. But they want to have exclusive access for the keys. Which of the following can be used for this purpose? Please select:
A) Use KMS and use an external key material
B) Use KMS and the normal KMS encryption keys
C) Use 53 Server Side encryption
D) Use Cloud 1-ISM
4. A company has a large set of keys defined in AWS(Amazon Web Service) KMS. Their developers frequently use the keys for the applications being developed. What is one of the ways that can be used to reduce the cost of accessing the keys In the AWS(Amazon Web Service) KMS service.
A) Create an alias of the key
B) Use the right key policy
C) Enable rotation of the keys
D) Use Data key caching
5. You have a vendor that needs access to an AWS(Amazon Web Service) resource. You create an AWS(Amazon Web Service) user account. You want to restrict access to the resou using a policy for just that user over a brief period. Which of the following would be an ideal policy to use?
A) An Inline Policy
B) Abucket ACL
C) An AWS(Amazon Web Service) Managed Policy
D) A Bucket Policy
1. Right Answer: D,E
Explanation: You can use AWS(Amazon Web Service) Config to monitor for such Events Option A is invalid because you cannot set Cloudwatch events based on Trusted Advisor checks. Option C is invalid Amazon inspector cannot be used to check whether instances are launched from a specific AMI Option E is invalid because triggering a CLI command is not the preferred option , instead you should use Lambda functions for all automation purposes. For more information on Config Rules please see the below link https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html These events can then trigger a lambda function to terminate instances For more information on Cloudwatch events please see the below link https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
2. Right Answer: A,C
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: A
Explanation:
Explanation: You can use AWS(Amazon Web Service) Config to monitor for such Events Option A is invalid because you cannot set Cloudwatch events based on Trusted Advisor checks. Option C is invalid Amazon inspector cannot be used to check whether instances are launched from a specific AMI Option E is invalid because triggering a CLI command is not the preferred option , instead you should use Lambda functions for all automation purposes. For more information on Config Rules please see the below link https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html These events can then trigger a lambda function to terminate instances For more information on Cloudwatch events please see the below link https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.html
2. Right Answer: A,C
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: A
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment