1. Right Answer: A,E
Explanation: The AWS(Amazon Web Service) Documentation mentions the following To create an encrypted Amazon EBS volume, select the appropriate box in the Amazon EBS section of the Amazon EC2 console. You can use a custom customer master key (CMK) by choosing one from the list that appears below the encryption box. If you do not specify a custom CMK, Amazon EBS uses the AWS-managed CMK for Amazon EBS in your account. If there is no AWS-managed CMK for Amazon EBS in your account, Amazon EBS creates one. Data protection refers to protecting data while in-transit (as it travels to and from Amazon S3) and at rest (while it is stored on disks in Amazon S3 data centers). You can protect data in transit by using SSL or by using client-side encryption. You have the below options of protecting data at rest in Amazon S3. Use Server-Side Encryption ' You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects. Use Client-Side Encryption ' You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools. Option A is invalid because using EBS'optimized Amazon EC2 instances alone will not guarantee protection of instances at rest. Option C is invalid because this will not encrypt data at rest for S3 objects. Option D is invalid because you don't store data in Instance store For more information on EBS encryption, please visit the below URL https://docs.aws.amazon.com/kms/latest/developerguide/services-ebs.html For more information on S3 encryption, please visit the below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html
2. Right Answer: A,D
Explanation: Cloudtrail publishes the trail of API logs to an S3 bucket Option B is invalid because you cannot put the logs into Glacier from CloudTrail Option C is invalid because lifecycle policies cannot be used to move data to EBS volumes For more information on Cloudtrail logging, please visit the below URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html You can then use Lifecycle policies to transfer data to Amazon Glacier after 6 months For more information on S3 lifecycle policies, please visit the below URL https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
3. Right Answer: B
Explanation:
4. Right Answer: C
Explanation: Option B is incorrect because querying Trusted Advisor API's are not possible Option C is incorrect because GuardDuty should be used to detect threats and not check the compliance of security protocols. Option D is incorrect because Amazon Inspector can be used to check for vulnerabilities only One of the Inbuilt AWS(Amazon Web Service) Config Rules is built specifically for this purpose For more information on AWS(Amazon Web Service) Config managed rules , please refer to below URL https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html
5. Right Answer: D
Explanation:
Write a public review