Published - Fri, 03 Mar 2023

AWS Certified Security - Specialty - Part 39

AWS Certified Security - Specialty - Part 39

1. Every application in a company's portfolio has a separate AWS(Amazon Web Service) account for development and production. The security team wants to prevent the root user and all IAM users in the production accounts from accessing a specific set of unneeded services. How can they control this functionality?

A) Create an IAM policy that denies access to the services. Associate the policy with an IAM group and enlist all users and the root users in this group. (Incorrect)
B) Create an IAM policy that denies access to the services. Create a Config Rule that checks that all users have the policy assigned. Trigger a Lambda function that adds the policy when found missing.
C) Create a Service Control Policy that denies access to the services. Assemble all production accounts in an organizational unit. Apply the policy to that organizational unit.
D) Create a Service Control Policy that denies access to the services. Apply the policy to the root account.



2. You want to track access requests for a particular 53 bucket. How can you achieve this in the easiest possible way?

A) Enable server access logging for the bucket
B) Enable Cloud watch logs for the bucket
C) Enable AWS(Amazon Web Service) Config for the 53 bucket
D) Enable Cloud watch metrics for the bucket



3. Your company makes use of S3 buckets for storing data. There is a company policy that all services should have logging enabled. How can you ensure that logging is always enabled for created S3 buckets in the AWS(Amazon Web Service) Account?

A) Use AWS(Amazon Web Service) Config Rules to check whether logging is enabled for buckets
B) Use AWS(Amazon Web Service) Inspector to inspect all S3 buckets and enable logging for those where it is not enabled
C) Use AWS(Amazon Web Service) Cloudwatch metrics to check whether logging is enabled for buckets
D) Use AWS(Amazon Web Service) Cloudwatch logs to check whether logging is enabled for buckets (Incorrect)



4. Your company has confidential documents stored in the simple storage service. Due to compliance requirements, you have to ensure that the data in the S3 bucket is available in a different geographical location. As an architect what is the change you would make to comply with this requirement.

A) Enable Cross region replication for the S3 bucket
B) Create a snapshot of the S3 bucket and copy it to another region
C) Copy the data to an EBS Volume in another Region
D) Apply Multi-AZ for the underlying S3 bucket



5. A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The IT Security department has a suspicion that a DDos attack is coming from a suspecting IP. How can you protect the subnets from this attack? Please select:

A) Change the In bound Security Groups to deny access from the suspecting IP
B) Change the Outbound Security Groups to deny access from the suspecting IP
C) Change the Inbound NACL to deny access from the suspecting IP
D) Change the Outbound NACL to deny access from the suspecting lP



1. Right Answer: C
Explanation: As an administrator of the master account of an organization, you can restrict which AWS(Amazon Web Service) services and individual API actions the users and roles in each member account can access. This restriction even overrides the administrators of member accounts in the organization. When AWS(Amazon Web Service) Organizations blocks access to a service or API action for a member account, a user or role in that account can't access any prohibited service or API action, even if an administrator of a member account explicitly grants such permissions in an IAM policy. Organization permissions overrule account permissions. Option B is invalid because service policies cannot be assigned to the root account at the account level. Option C and D are invalid because IAM policies alone at the account level would not be able to suffice the requirement For more information on attaching an IAM policy to a group, please visit the below URL https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups_manage_attach-policy.html

2. Right Answer: A
Explanation:

3. Right Answer: A
Explanation: This is given in the AWS(Amazon Web Service) Documentation as an example rule in AWS(Amazon Web Service) Config Option A is invalid because AWS(Amazon Web Service) Inspector cannot be used to scan all buckets Option C and D are invalid because Cloudwatch cannot be used to check for logging enablement for buckets. For more information on Config Rules please see the below link https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config-rules.html

4. Right Answer: A
Explanation: This is mentioned clearly as a use case for S3 cross-region replication You might configure cross-region replication on a bucket for various reasons, including the following: Compliance requirements ' Although, by default, Amazon S3 stores your data across multiple geographically distant Availability Zones, compliance requirements might dictate that you store data at even further distances. Cross-region replication allows you to replicate data between distant AWS(Amazon Web Service) Regions to satisfy these compliance requirements. Option A is invalid because Multi-AZ cannot be used to S3 buckets Option B is invalid because copying it to an EBS volume is not a recommended practice Option C is invalid because creating snapshots is not possible in S3 For more information on S3 cross-region replication, please visit the following url https://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html

5. Right Answer: C
Explanation:

Created by

Mary Smith

View profile

Comments (0)

Search
Popular categories
CompTIA
835
Isaca
787
AWS
608
Others
545
IT Exams
133
Project Management
72
All categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
CA Foundation Business Economics Questions 2023 - Part 32
Questions 1. Generally an economy is considered under developed ifA) The standard of living of people & Productivity is low.B) Agriculture is the main occupation of the peopleC) The production techniques are backward.D) All of the above.2. Which of the following statement is correct?A) Agriculture occupies 10 per cent population of India.B) Nearly 5 per cent population of India is below the poverty line.C) The production techniques in agriculture are backward.D) None of the above.3. Which of the statements is correct?A) The tertiary sector contributes the maximum to the GDP.B) India is basically a socialist economy.C) The distribution of income and wealth is quite equitable.D) None of the above.4. In perfect competition in the short run there will be __________ possibilitiesA) Normal profits.B) Supernormal profits.C) LossD) All of above5. ______________ measure generally gives the lowest estimate of unemployment especially for poor economy.A) Usual status.B) CWS.C) CDS.D) CMS. Right Answer and Explanation: 1. Right Answer: DExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: DExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
CA Foundation Business Economics Questions 2023 - Part 31
Questions 1. When the price of a complementary of commodity X falls, the demand for X-A) FallsB) RisesC) Remains unchangedD) any of the above2. Which of the following is the method of measuring elasticity of demand when change in price of a commodity is substantial?A) Arc methodB) Point methodC) Percentage methodD) none of the above3. FERA stands for -A) Foreign Exchange Recommendation ActB) Foreign Exchange Regulation ActC) Finance and Export Regulation AssociationD) Funds Export Revaluation Act4. Nearly _____percent of working population is engaged in the service sector.A) 23 per centB) 45 per centC) 80 per centD) 50 per cent5. ACRP stands for â??A) Agro-Commodity Regional PlanningB) Agro-Climatic Rational PlanningC) Agro-Climatic Regional PlanningD) Allied-Climatic Regional Planning Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: AExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
CA Foundation Business Economics Questions 2023 - Part 30
Questions 1. Literacy rate calculated considering total population into account is known asA) Crude Literacy RateB) Total Literacy RateC) Mean Literacy RateD) None of the above2. In order to encourage investment in the economy, the RBI mayA) Increase Bank RateB) Sell securities in the open marketC) Buy securities in the open marketD) None of above3. Most of unemployment in India is __________A) VoluntaryB) StructuralC) FrictionalD) Technical4. Under a Command economy â??A) State plays a major roleB) Market plays major roleC) Both a & bD) Neither a nor b5. _______is the apex bank for agriculture credit in India.A) RBIB) SIDBIC) NABARDD) ICICI Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: CExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023

 All blogs