Published - Fri, 03 Mar 2023

AWS Certified Security - Specialty - Part 35

AWS Certified Security - Specialty - Part 35

1. You have an Ec2 Instance in a private subnet which needs to access the KMS service. Which of the below methods can help fulfill this requirement keeping security in perspective Please select:

A) Use a VPC endpoint
B) Use VPC Peering
C) Attach a VPN connection to the VPC
D) Attach an Internet gateway to the subnet



2. Your company has a set of 1000 EC2 Instances defined in an AWS(Amazon Web Service) Account. They want to effectively automate several administrative tasks on these instances. Which of the following would be an effective way to achieve this?

A) Use the AWS(Amazon Web Service) Inspector
B) Use the AWS(Amazon Web Service) Systems Manager Run Command
C) Use the AWS(Amazon Web Service) Systems Manager Parameter Store
D) Use AWS(Amazon Web Service) Config (Incorrect)



3. A company has a legacy application that outputs all logs to a local text file. Logs from all applications running on AWS(Amazon Web Service) must be continually monitored for security related messages. What can be done to allow the company to deploy the legacy application on Amazon EC2 and still meet the monitoring requirement?

A) Install the Amazon Inspector agent on any EC2 instance running the legacy application. Generate CloudWatch alerts based on any Amazon Inspector findings. (Incorrect)
B) Create a Lambda function that mounts the EBS volume with the logs and scans the logs for security incidents. Trigger the function every 5 minutes with a scheduled Cloudwatch event.
C) Send the local text log files to CloudWatch Logs and configure a CloudWatch metric filter. Trigger cloudWatch alarms based on the metrics.
D) Export the local text log files to CloudTrail. Create a Lambda function that queries the CloudTrail logs for security incidents using Athena.



4. You have a web site that is sitting behind AWS(Amazon Web Service) Cloud front. You need to protect the web site against threats such as SQL injection and Cross site scripting attacks. Which of the following service can help in such a scenario Please select:

A) AWS WAF
B) AWS Inspector
C) AWS Configuration
D) AWS Trusted Advisor



5. You are responsible to deploying a critical application onto AWS. Part of the requirements for this application is to ensure that the controls set for this application met PCI compliance. Also there is a need to monitor web application logs to identify any malicious activity. Which of the following services can be used to fulfil this requirement. Choose 2 answers from the options given below(Select 2answers)

A) Amazon Cloudwatch Logs
B) Amazon AWS(Amazon Web Service) Config
C) Amazon VPC Flow Logs
D) Amazon Cloudtrail



1. Right Answer: A
Explanation:

2. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager. Run Command enables you to automate common administrative tasks and perform ad hoc configuration changes at scale. You can use Run Command from the AWS(Amazon Web Service) console, the AWS(Amazon Web Service) Command Line Interface, AWS(Amazon Web Service) Tools for Windows PowerShell, or the AWS(Amazon Web Service) SDKs. Run Command is offered at no additional cost. Option A is invalid because this service is used to store parameters Option C is invalid because this service is used to scan vulnerabilities in an EC2 Instance. Option D is invalid because this service is used to check for configuration changes For more information on executing remote commands, please visit the below URL https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html

3. Right Answer: C
Explanation: One can send the log files to Cloudwatch Logs. Log files can also be sent from On-premise servers. You can then specify metrics to search the logs for any specific values. And then create alarms based on these metrics. Option A is invalid because this will be just a long over drawn process to achieve this requirement Option C is invalid because AWS(Amazon Web Service) Inspector cannot be used to monitor for security related messages. Option D is invalid because files cannot be exported to AWS(Amazon Web Service) Cloudtrail For more information on Cloudwatch logs agent, please visit the below URL https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html

4. Right Answer: A
Explanation:

5. Right Answer: A,D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following about these services AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS(Amazon Web Service) account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS(Amazon Web Service) infrastructure. CloudTrail provides event history of your AWS(Amazon Web Service) account activity, including actions taken through the AWS(Amazon Web Service) Management Console, AWS(Amazon Web Service) SDKs, command line tools, and other AWS(Amazon Web Service) services. This event history simplifies security analysis, resource change tracking, and troubleshooting. Option B is incorrect because VPC flow logs can only check for flow to instances in a VPC Option C is incorrect because this can check for configuration changes only For more information on Cloudtrail, please refer to below URL https://aws.amazon.com/cloudtrail/ You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS(Amazon Web Service) CloudTrail, Amazon Route 53, and other sources. You can then retrieve the associated log data from CloudWatch Logs. For more information on Cloudwatch logs, please refer to below URL http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

Created by

Mary Smith

View profile

Comments (0)

Search
Popular categories
CompTIA
835
Isaca
787
AWS
608
Others
545
IT Exams
133
Project Management
72
All categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
CA Foundation Business Economics Questions 2023 - Part 32
Questions 1. Generally an economy is considered under developed ifA) The standard of living of people & Productivity is low.B) Agriculture is the main occupation of the peopleC) The production techniques are backward.D) All of the above.2. Which of the following statement is correct?A) Agriculture occupies 10 per cent population of India.B) Nearly 5 per cent population of India is below the poverty line.C) The production techniques in agriculture are backward.D) None of the above.3. Which of the statements is correct?A) The tertiary sector contributes the maximum to the GDP.B) India is basically a socialist economy.C) The distribution of income and wealth is quite equitable.D) None of the above.4. In perfect competition in the short run there will be __________ possibilitiesA) Normal profits.B) Supernormal profits.C) LossD) All of above5. ______________ measure generally gives the lowest estimate of unemployment especially for poor economy.A) Usual status.B) CWS.C) CDS.D) CMS. Right Answer and Explanation: 1. Right Answer: DExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: DExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
CA Foundation Business Economics Questions 2023 - Part 31
Questions 1. When the price of a complementary of commodity X falls, the demand for X-A) FallsB) RisesC) Remains unchangedD) any of the above2. Which of the following is the method of measuring elasticity of demand when change in price of a commodity is substantial?A) Arc methodB) Point methodC) Percentage methodD) none of the above3. FERA stands for -A) Foreign Exchange Recommendation ActB) Foreign Exchange Regulation ActC) Finance and Export Regulation AssociationD) Funds Export Revaluation Act4. Nearly _____percent of working population is engaged in the service sector.A) 23 per centB) 45 per centC) 80 per centD) 50 per cent5. ACRP stands for â??A) Agro-Commodity Regional PlanningB) Agro-Climatic Rational PlanningC) Agro-Climatic Regional PlanningD) Allied-Climatic Regional Planning Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: AExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
CA Foundation Business Economics Questions 2023 - Part 30
Questions 1. Literacy rate calculated considering total population into account is known asA) Crude Literacy RateB) Total Literacy RateC) Mean Literacy RateD) None of the above2. In order to encourage investment in the economy, the RBI mayA) Increase Bank RateB) Sell securities in the open marketC) Buy securities in the open marketD) None of above3. Most of unemployment in India is __________A) VoluntaryB) StructuralC) FrictionalD) Technical4. Under a Command economy â??A) State plays a major roleB) Market plays major roleC) Both a & bD) Neither a nor b5. _______is the apex bank for agriculture credit in India.A) RBIB) SIDBIC) NABARDD) ICICI Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: CExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023

 All blogs