Published - Fri, 03 Mar 2023
AWS Certified Security - Specialty - Part 34
1. Your company has an EC2 Instance that is hosted in an AWS(Amazon Web Service) VPC. There is a requirement to ensure that logs files from the EC2 Instance are stored accordingly. The access should also be limited for the destination of the log files. How can this be accomplished? Choose 2 answers from the options given below. Each answer forms part of the solution(Select 2answers)
A) Create an IAM policy that gives the desired level of access to the Cloudtrail trail
B) Stream the log files to a separate Cloudtrail trail
C) Stream the log files to a separate Cloudwatch Log group
D) Create an IAM policy that gives the desired level of access to the Cloudwatch Log group
2. A company hosts data in S3. There is a requirement to control access to the S3 buckets. Which are the 2 ways in which this can be achieved?(Select 2answers)
A) Use AWS(Amazon Web Service) Access Keys (Incorrect)
B) Use the Secure Token service
C) Use Bucket policies
D) Use IAM user policies
3. Your company has just started using AWS(Amazon Web Service) and created an AWS(Amazon Web Service) account. They are aware of the potential issues when root access is enabled. How can they best safeguard the account when it comes to root access? Choose 2 answers from the options given below Please select:(Select 2answers)
A) Delete the root access keys
B) Delete the root access account
C) Change the password for the root account.
D) Create an Admin lAM user with the necessary permissions
4. When managing permissions for the API gateway, what can be used to ensure that the right level of permissions are given to developers, IT admins and users? These permissions should be easily managed.
A) Use the secure token service to manage the permissions for the different users
B) Use IAM Policies to create different policies for the different types of users.
C) Use the AWS(Amazon Web Service) Config tool to manage the permissions for the different users
D) Use IAM Access Keys to create sets of keys for the different types of users. (Incorrect)
5. Your company use AWS(Amazon Web Service) KMS for management of its customer keys. From time to time , there is a requirement to delete existing keys as part of housekeeping activities. What can be done during the deletion process to verify that the key is no longer being used?
A) Change the lAM policy for the keys to see if other services are using the keys
B) Use Cloud Trail to see if any KMS API request has been issued against existing keys
C) Rotate the keys once before deletion to see if other services are using the keys
D) Use Key policies to see the access level for the keys
A) Create an IAM policy that gives the desired level of access to the Cloudtrail trail
B) Stream the log files to a separate Cloudtrail trail
C) Stream the log files to a separate Cloudwatch Log group
D) Create an IAM policy that gives the desired level of access to the Cloudwatch Log group
2. A company hosts data in S3. There is a requirement to control access to the S3 buckets. Which are the 2 ways in which this can be achieved?(Select 2answers)
A) Use AWS(Amazon Web Service) Access Keys (Incorrect)
B) Use the Secure Token service
C) Use Bucket policies
D) Use IAM user policies
3. Your company has just started using AWS(Amazon Web Service) and created an AWS(Amazon Web Service) account. They are aware of the potential issues when root access is enabled. How can they best safeguard the account when it comes to root access? Choose 2 answers from the options given below Please select:(Select 2answers)
A) Delete the root access keys
B) Delete the root access account
C) Change the password for the root account.
D) Create an Admin lAM user with the necessary permissions
4. When managing permissions for the API gateway, what can be used to ensure that the right level of permissions are given to developers, IT admins and users? These permissions should be easily managed.
A) Use the secure token service to manage the permissions for the different users
B) Use IAM Policies to create different policies for the different types of users.
C) Use the AWS(Amazon Web Service) Config tool to manage the permissions for the different users
D) Use IAM Access Keys to create sets of keys for the different types of users. (Incorrect)
5. Your company use AWS(Amazon Web Service) KMS for management of its customer keys. From time to time , there is a requirement to delete existing keys as part of housekeeping activities. What can be done during the deletion process to verify that the key is no longer being used?
A) Change the lAM policy for the keys to see if other services are using the keys
B) Use Cloud Trail to see if any KMS API request has been issued against existing keys
C) Rotate the keys once before deletion to see if other services are using the keys
D) Use Key policies to see the access level for the keys
1. Right Answer: C,D
Explanation: You can create a Log group and send all logs from the EC2 Instance to that group. You can then limit the access to the Log groups via an IAM policy. Option A is invalid because Cloudtrail is used to record API activity and not for storing log files Option C is invalid because Cloudtrail is the wrong service to be used for this requirement For more information on Access to Cloudwatch logs, please visit the following url https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/auth-and-access-control-cwl.html
2. Right Answer: C,D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies. Access policies you attach to your resources (buckets and objects) are referred to as resource-based policies. For example, bucket policies and access control lists (ACLs) are resource-based policies. You can also attach access policies to users in your account. These are called user policies. You may choose to use resource-based policies, user policies, or some combination of these to manage permissions to your Amazon S3 resources. Option B and D are invalid because these cannot be used to control access to S3 buckets For more information on S3 access control, please refer to the below link https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
3. Right Answer: A,D
Explanation:
4. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You control access to Amazon API Gateway with IAM permissions by controlling access to the following two API Gateway component processes: To create, deploy, and manage an API in API Gateway, you must grant the API developer permissions to perform the required actions supported by the API management component of API Gateway. To call a deployed API or to refresh the API caching, you must grant the API caller permissions to perform required IAM actions supported by the API execution component of API Gateway. Option A , B and C are invalid because these cannot be used to control access to AWS(Amazon Web Service) services. This needs to be done via policies For more information on permissions with the API gateway, please visit the following url https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html
5. Right Answer: B
Explanation:
Explanation: You can create a Log group and send all logs from the EC2 Instance to that group. You can then limit the access to the Log groups via an IAM policy. Option A is invalid because Cloudtrail is used to record API activity and not for storing log files Option C is invalid because Cloudtrail is the wrong service to be used for this requirement For more information on Access to Cloudwatch logs, please visit the following url https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/auth-and-access-control-cwl.html
2. Right Answer: C,D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Amazon S3 offers access policy options broadly categorized as resource-based policies and user policies. Access policies you attach to your resources (buckets and objects) are referred to as resource-based policies. For example, bucket policies and access control lists (ACLs) are resource-based policies. You can also attach access policies to users in your account. These are called user policies. You may choose to use resource-based policies, user policies, or some combination of these to manage permissions to your Amazon S3 resources. Option B and D are invalid because these cannot be used to control access to S3 buckets For more information on S3 access control, please refer to the below link https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html
3. Right Answer: A,D
Explanation:
4. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You control access to Amazon API Gateway with IAM permissions by controlling access to the following two API Gateway component processes: To create, deploy, and manage an API in API Gateway, you must grant the API developer permissions to perform the required actions supported by the API management component of API Gateway. To call a deployed API or to refresh the API caching, you must grant the API caller permissions to perform required IAM actions supported by the API execution component of API Gateway. Option A , B and C are invalid because these cannot be used to control access to AWS(Amazon Web Service) services. This needs to be done via policies For more information on permissions with the API gateway, please visit the following url https://docs.aws.amazon.com/apigateway/latest/developerguide/permissions.html
5. Right Answer: B
Explanation:
Created by
Comments (0)
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review