Published - Fri, 03 Mar 2023

AWS Certified Security - Specialty - Part 40

AWS Certified Security - Specialty - Part 40

1. A company requires that data stored in AWS(Amazon Web Service) be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.(Select 2answers)

A) When storing data in S3, enable server-side encryption.
B) When storing data in Amazon EBS, use only EBS - optimized Amazon EC2 instances.
C) When storing data in Amazon S3, use object versioning and MFA Delete.
D) When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS. (Incorrect)
E) When storing data in EBS, encrypt the volume by using AWS(Amazon Web Service) KMS.


2. A company has a set of resources defined in AWS. It is mandated that all API calls to the resources be monitored. Also all API calls must be stored for lookup purposes. Any log data greater than 6 months must be archived. Which of the following meets these requirements? Choose 2 answers from the options given below. Each answer forms part of the solution.(Select 2answers)

A) Enable CloudTrail logging in all accounts into S3 buckets
B) Enable CloudTrail logging in all accounts into Amazon Glacier
C) Ensure a lifecycle policy is defined on the S3 bucket to move the data to EBS volumes after 6 months.
D) Ensure a lifecycle policy is defined on the S3 bucket to move the data to Amazon Glacier after 6 months.



3. You have a bucket and a VPC defined in AWS. You need to ensure that the bucket can only be accessed by the VPC endpoint. How can you accomplish this? Please select:

A) Modify the route tables to allow access for the VPC endpoint
B) Modify the bucket Policy for the bucket to allow access for the VPC endpoint
C) Modify the security groups for the VPC to allow access to the S3 bucket
D) Modify the lAM Policy for the bucket to allow access for the VPC endpoint



4. Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc be disabled on all servers. The security team would like to regularly check all servers to ensure compliance with this requirement by using a scheduled CloudWatch event to trigger a review of the current infrastructure. What process will check compliance of the company's EC2 instances?

A) Query the Trusted Advisor API for all best practice security checks and check for 'action recommened status.
B) Enable a GuardDuty threat detection analysis targeting the port configuration on every EC2 instance. (Incorrect)
C) Trigger an AWS(Amazon Web Service) Config Rules evaluation of the restricted-common-ports rule against every EC2 instance.
D) Run an Amazon Inspector assessment using the Runtime Behavior Analysis rules package against every EC2 instance.



5. Your company makes use of S3 buckets for storing data. There is a company policy that all services should have logging enabled. How can you ensure that logging is always enabled for created 53 buckets in the AWS(Amazon Web Service) Account?

A) Use AWS(Amazon Web Service) Cloud watch metrics to check whether logging is enabled for buckets
B) Use AWS(Amazon Web Service) Cloud watch logs to check whether logging is enabled for buckets
C) Use AWS(Amazon Web Service) Inspector to inspect all S3 buckets and enable logging for those where it is not enabled
D) Use AWS(Amazon Web Service) Configure Rules to check whether logging is enabled for buckets



1. Right Answer: A,E
Explanation: The AWS(Amazon Web Service) Documentation mentions the following To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the AWS-managed CMK for Amazon EBS in your account. If there is no AWS-managed CMK for Amazon EBS in your account, Amazon EBS creates one. Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the below options of protecting data at rest in Amazon S3. Use Server-Side Encryption ' You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects. Use Client-Side Encryption ' You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools. Option A is invalid because using EBS'optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store For more information on EBS encryption, please visit the below URL https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html For more information on S3 encryption, please visit the below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

2. Right Answer: A,D
Explanation: Cloudtrail publishes the trail of API logs to an S3 bucket Option B is invalid because you cannot put the logs into Glacier from CloudTrail Option C is invalid because lifecycle policies cannot be used to move data to EBS volumes For more information on Cloudtrail logging, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html You can then use Lifecycle policies to transfer data to Amazon Glacier after 6 months For more information on S3 lifecycle policies, please visit the below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html

3. Right Answer: B
Explanation:

4. Right Answer: C
Explanation: Option B is incorrect because querying Trusted Advisor API's are not possible Option C is incorrect because GuardDuty should be used to detect threats and not check the compliance of security protocols. Option D is incorrect because Amazon Inspector can be used to check for vulnerabilities only One of the Inbuilt AWS(Amazon Web Service) Config Rules is built specifically for this purpose For more information on AWS(Amazon Web Service) Config managed rules , please refer to below URL https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html

5. Right Answer: D
Explanation:

Created by

Mary Smith

View profile

Comments (0)

Search
Popular categories
CompTIA
835
Isaca
787
AWS
608
Others
545
IT Exams
133
Project Management
72
All categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
CA Foundation Business Economics Questions 2023 - Part 32
Questions 1. Generally an economy is considered under developed ifA) The standard of living of people & Productivity is low.B) Agriculture is the main occupation of the peopleC) The production techniques are backward.D) All of the above.2. Which of the following statement is correct?A) Agriculture occupies 10 per cent population of India.B) Nearly 5 per cent population of India is below the poverty line.C) The production techniques in agriculture are backward.D) None of the above.3. Which of the statements is correct?A) The tertiary sector contributes the maximum to the GDP.B) India is basically a socialist economy.C) The distribution of income and wealth is quite equitable.D) None of the above.4. In perfect competition in the short run there will be __________ possibilitiesA) Normal profits.B) Supernormal profits.C) LossD) All of above5. ______________ measure generally gives the lowest estimate of unemployment especially for poor economy.A) Usual status.B) CWS.C) CDS.D) CMS. Right Answer and Explanation: 1. Right Answer: DExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: DExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
CA Foundation Business Economics Questions 2023 - Part 31
Questions 1. When the price of a complementary of commodity X falls, the demand for X-A) FallsB) RisesC) Remains unchangedD) any of the above2. Which of the following is the method of measuring elasticity of demand when change in price of a commodity is substantial?A) Arc methodB) Point methodC) Percentage methodD) none of the above3. FERA stands for -A) Foreign Exchange Recommendation ActB) Foreign Exchange Regulation ActC) Finance and Export Regulation AssociationD) Funds Export Revaluation Act4. Nearly _____percent of working population is engaged in the service sector.A) 23 per centB) 45 per centC) 80 per centD) 50 per cent5. ACRP stands for â??A) Agro-Commodity Regional PlanningB) Agro-Climatic Rational PlanningC) Agro-Climatic Regional PlanningD) Allied-Climatic Regional Planning Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: AExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
CA Foundation Business Economics Questions 2023 - Part 30
Questions 1. Literacy rate calculated considering total population into account is known asA) Crude Literacy RateB) Total Literacy RateC) Mean Literacy RateD) None of the above2. In order to encourage investment in the economy, the RBI mayA) Increase Bank RateB) Sell securities in the open marketC) Buy securities in the open marketD) None of above3. Most of unemployment in India is __________A) VoluntaryB) StructuralC) FrictionalD) Technical4. Under a Command economy â??A) State plays a major roleB) Market plays major roleC) Both a & bD) Neither a nor b5. _______is the apex bank for agriculture credit in India.A) RBIB) SIDBIC) NABARDD) ICICI Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: CExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023

 All blogs