CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 45
1. Your company has a set of resources defined in the AWS(Amazon Web Service) Cloud. Their IT audit department has requested to get a list of resources that have been defined across the account. How can this be achieved in the easiest manner?
A) Create a powershell script using the AWS(Amazon Web Service) CLI. Query for all resources with the tag of production.
B) Create a bash shell script with the AWS(Amazon Web Service) CLI. Query for all resources in all regions. Store the results in an S3 bucket.
C) Use AWS(Amazon Web Service) Config to get the list of all resources
D) Use Cloud Trail to get the list of all resources
2. A company wants to have a secure way of generating, storing and managing cryptographic keys. But they want to have exclusive access for the keys. Which of the following can be used for this purpose?
A) Use Cloud HSM
B) Use S3 Server Side encryption
C) Use KMS and use an external key material
D) Use KMS and the normal KMS encryption keys
3. You have enabled Cloudtrail logs for your company's AWS(Amazon Web Service) account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How can this be achieved?
A) Enable Server side encryption for the destination S3 bucket (Incorrect)
B) Enable SSL certificates for the Cloudtrail logs
C) Enable Server side encryption for the trail
D) There is no need to do anything since the logs will already be encrypted
4. You want to launch an EC2 Instance with your own key pair in AWS. How can you achieve this? Choose 2 answers from the options given below. Each option forms part of the solution?(Select 2answers)
A) Use a third party tool to create the Key pair
B) Import the public key pair into EC2
C) Import the private key pair into EC2
D) Create a new key pair using the AWS(Amazon Web Service) CLI
5. Your company is planning on hosting an internal network in AWS, They want machines in the VPC to authenticate using private certificates. They want to minimize the work and maintenance in working with certificates. What is the ideal way to fulfill this requirement.
A) Consider using AWS(Amazon Web Service) Access keys to generate the certificates
B) Turn on VPC Flow Logs and carry out the penetration test
C) Consider using AWS(Amazon Web Service) Trusted Advisor for managing the certificates
D) Consider using Windows Server 2016 Certificate Manager
A) Create a powershell script using the AWS(Amazon Web Service) CLI. Query for all resources with the tag of production.
B) Create a bash shell script with the AWS(Amazon Web Service) CLI. Query for all resources in all regions. Store the results in an S3 bucket.
C) Use AWS(Amazon Web Service) Config to get the list of all resources
D) Use Cloud Trail to get the list of all resources
2. A company wants to have a secure way of generating, storing and managing cryptographic keys. But they want to have exclusive access for the keys. Which of the following can be used for this purpose?
A) Use Cloud HSM
B) Use S3 Server Side encryption
C) Use KMS and use an external key material
D) Use KMS and the normal KMS encryption keys
3. You have enabled Cloudtrail logs for your company's AWS(Amazon Web Service) account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How can this be achieved?
A) Enable Server side encryption for the destination S3 bucket (Incorrect)
B) Enable SSL certificates for the Cloudtrail logs
C) Enable Server side encryption for the trail
D) There is no need to do anything since the logs will already be encrypted
4. You want to launch an EC2 Instance with your own key pair in AWS. How can you achieve this? Choose 2 answers from the options given below. Each option forms part of the solution?(Select 2answers)
A) Use a third party tool to create the Key pair
B) Import the public key pair into EC2
C) Import the private key pair into EC2
D) Create a new key pair using the AWS(Amazon Web Service) CLI
5. Your company is planning on hosting an internal network in AWS, They want machines in the VPC to authenticate using private certificates. They want to minimize the work and maintenance in working with certificates. What is the ideal way to fulfill this requirement.
A) Consider using AWS(Amazon Web Service) Access keys to generate the certificates
B) Turn on VPC Flow Logs and carry out the penetration test
C) Consider using AWS(Amazon Web Service) Trusted Advisor for managing the certificates
D) Consider using Windows Server 2016 Certificate Manager
1. Right Answer: C
Explanation: The most feasible option is to use AWS(Amazon Web Service) Config. When you turn on AWS(Amazon Web Service) Config , you will get a list of resources defined in your AWS(Amazon Web Service) Account. A sample snapshot of the resources dashboard in AWS(Amazon Web Service) Config is shown below Option A is incorrect because this would give the list of production based resources and now all resources. Option B is partially correct. But this will just add more maintenance overhead. Option C is incorrect because this can be used to log API activities but not give an account of all resources For more information on AWS(Amazon Web Service) Config, please visit the below URL https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html
2. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following The AWS(Amazon Web Service) CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS(Amazon Web Service) cloud. AWS(Amazon Web Service) and AWS(Amazon Web Service) Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS(Amazon Web Service) platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. CloudHSM allows you to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by you. Option A,B and C are invalid because in all of these cases , the management of the key will be with AWS. Here the question specifically mentions that you want to have exclusive access over the keys. This can be achieved with Cloud HSM For more information on CloudHSM, please visit the following url https://aws.amazon.com/cloudhsm/faqs/
3. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS(Amazon Web Service) Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications. Option A,C and D are not valid since logs will already be encrypted For more information on how Cloudtrail works, please visit the following URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html
4. Right Answer: B,C
Explanation:
5. Right Answer: B
Explanation:
Explanation: The most feasible option is to use AWS(Amazon Web Service) Config. When you turn on AWS(Amazon Web Service) Config , you will get a list of resources defined in your AWS(Amazon Web Service) Account. A sample snapshot of the resources dashboard in AWS(Amazon Web Service) Config is shown below Option A is incorrect because this would give the list of production based resources and now all resources. Option B is partially correct. But this will just add more maintenance overhead. Option C is incorrect because this can be used to log API activities but not give an account of all resources For more information on AWS(Amazon Web Service) Config, please visit the below URL https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html
2. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following The AWS(Amazon Web Service) CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS(Amazon Web Service) cloud. AWS(Amazon Web Service) and AWS(Amazon Web Service) Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS(Amazon Web Service) platform, but for some applications and data subject to contractual or regulatory mandates for managing cryptographic keys, additional protection may be necessary. CloudHSM complements existing data protection solutions and allows you to protect your encryption keys within HSMs that are designed and validated to government standards for secure key management. CloudHSM allows you to securely generate, store and manage cryptographic keys used for data encryption in a way that keys are accessible only by you. Option A,B and C are invalid because in all of these cases , the management of the key will be with AWS. Here the question specifically mentions that you want to have exclusive access over the keys. This can be achieved with Cloud HSM For more information on CloudHSM, please visit the following url https://aws.amazon.com/cloudhsm/faqs/
3. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption (SSE). You can also choose to encrypt your log files with an AWS(Amazon Web Service) Key Management Service (AWS KMS) key. You can store your log files in your bucket for as long as you want. You can also define Amazon S3 lifecycle rules to archive or delete log files automatically. If you want notifications about log file delivery and validation, you can set up Amazon SNS notifications. Option A,C and D are not valid since logs will already be encrypted For more information on how Cloudtrail works, please visit the following URL https://docs.aws.amazon.com/awscloudtrail/latest/userguide/how-cloudtrail-works.html
4. Right Answer: B,C
Explanation:
5. Right Answer: B
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment