Published - Fri, 03 Mar 2023

AWS Certified Security - Specialty - Part 46

AWS Certified Security - Specialty - Part 46

1. You have enabled Cloud trail logs for your company?s AWS(Amazon Web Service) account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How can this be achieved? Please select

A) Enable Server side encryption for the trail
B) There is no need to do anything since the logs will already be encrypted
C) Enable Server side encryption for the destination S3 bucket
D) Enable SSL certificates for the Cloud trail logs



2. You have a web site that is sitting behind AWS(Amazon Web Service) Cloudfront. You need to protect the web site against threats such as SQL injection and Cross site scripting attacks. Which of the following service can help in such a scenario

A) AWS Config (Incorrect)
B) AWS WAF
C) AWS Inspector
D) AWS Trusted Advisor



3. Your company has an EC2 Instance that is hosted in an AWS(Amazon Web Service) VPC. There is a requirement to ensure that logs files from the EC2 Instance are stored accordingly. The access should also be limited for the destination of the log files. How can this be accomplished? Choose 2 answers from the options given below. Each answer forms part of the solution(Select 2answers)

A) Stream the log files to a separate Cloudtrail trail
B) Create an IAM policy that gives the desired level of access to the Cloudtrail trail
C) Create an IAM policy that gives the desired level of access to the Cloudwatch Log group
D) Stream the log files to a separate Cloudwatch Log group



4. A security team is creating a response plan in the event an employee executes unauthorized actions on AWS(Amazon Web Service) infrastructure. They want to include steps to determine if the employee's IAM permissions changed as part of the incident. What steps should the team document in the plan?

A) Use Trusted Advisor to examine the employee's IAM permissions prior to the incident and compare them to the employee's current IAM permissions.
B) Use AWS(Amazon Web Service) Config to examine the employee's IAM permissions prior to the incident and compare them to the employee's current IAM permissions.
C) Use CloudTrail to examine the employee's IAM permissions prior to the incident and compare them to the employee's current IAM permissions. (Incorrect)
D) Use Macie to examine the employee's IAM permissions prior to the incident and compare them to the employee's current IAM permissions.



5. A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The IT Security department has a suspicion that a DDos attack is coming from a suspecting IP. How can you protect the subnets from this attack?

A) Change the Inbound Security Groups to deny access from the suspecting IP
B) Change the Inbound NACL to deny access from the suspecting IP
C) Change the Outbound Security Groups to deny access from the suspecting IP
D) Change the Outbound NACL to deny access from the suspecting IP (Incorrect)



1. Right Answer: B
Explanation:

2. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following AWS(Amazon Web Service) WAF is a web application firewall that helps detect and block malicious web requests targeted at your web applications. AWS(Amazon Web Service) WAF allows you to create rules that can help protect against common web exploits like SQL injection and cross-site scripting. With AWS(Amazon Web Service) WAF you first identify the resource (either an Amazon CloudFront distribution or an Application Load Balancer) that you need to protect. Option A is invalid because this will only give advise on how you can better the security in your AWS(Amazon Web Service) account, but not protect against threats mentioned in the question. Option C is invalid because this can be used to scan EC2 Instances for vulnerabilities but not protect against threats mentioned in the question. Option D is invalid because this can be used to check config changes but not protect against threats mentioned in the question. For more information on AWS(Amazon Web Service) WAF, please visit the following url https://aws.amazon.com/waf/details/

3. Right Answer: C,D
Explanation: You can create a Log group and send all logs from the EC2 Instance to that group. You can then limit the access to the Log groups via an IAM policy. Option A is invalid because Cloudtrail is used to record API activity and not for storing log files Option C is invalid because Cloudtrail is the wrong service to be used for this requirement For more information on Access to Cloudwatch logs, please visit the following url https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/auth-and-access-control-cwl.html

4. Right Answer: B
Explanation: You can use the AWS(Amazon Web Service) Config history to see the history of a particular item. The below snapshot shows an example configuration for a user in AWS(Amazon Web Service) Config Option B,C and D are all invalid because these services cannot be used to see the history of a particular configuration item. This can only be accomplished by AWS(Amazon Web Service) Config. For more information on tracking changes in AWS(Amazon Web Service) Config, please visit the below URL https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/TrackingChanges.html

5. Right Answer: B
Explanation: Option A and B are invalid because by default the Security Groups already block traffic. You can use NACL's as an additional security layer for the subnet to deny traffic. Option D is invalid since just changing the Inbound Rules is sufficient. The AWS(Amazon Web Service) Documentation mentions the following A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. For more information on Network Access Control Lists, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html

Created by

Mary Smith

View profile

Comments (0)

Search
Popular categories
CompTIA
835
Isaca
787
AWS
608
Others
545
IT Exams
133
Project Management
72
All categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
CA Foundation Business Economics Questions 2023 - Part 32
Questions 1. Generally an economy is considered under developed ifA) The standard of living of people & Productivity is low.B) Agriculture is the main occupation of the peopleC) The production techniques are backward.D) All of the above.2. Which of the following statement is correct?A) Agriculture occupies 10 per cent population of India.B) Nearly 5 per cent population of India is below the poverty line.C) The production techniques in agriculture are backward.D) None of the above.3. Which of the statements is correct?A) The tertiary sector contributes the maximum to the GDP.B) India is basically a socialist economy.C) The distribution of income and wealth is quite equitable.D) None of the above.4. In perfect competition in the short run there will be __________ possibilitiesA) Normal profits.B) Supernormal profits.C) LossD) All of above5. ______________ measure generally gives the lowest estimate of unemployment especially for poor economy.A) Usual status.B) CWS.C) CDS.D) CMS. Right Answer and Explanation: 1. Right Answer: DExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: DExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
CA Foundation Business Economics Questions 2023 - Part 31
Questions 1. When the price of a complementary of commodity X falls, the demand for X-A) FallsB) RisesC) Remains unchangedD) any of the above2. Which of the following is the method of measuring elasticity of demand when change in price of a commodity is substantial?A) Arc methodB) Point methodC) Percentage methodD) none of the above3. FERA stands for -A) Foreign Exchange Recommendation ActB) Foreign Exchange Regulation ActC) Finance and Export Regulation AssociationD) Funds Export Revaluation Act4. Nearly _____percent of working population is engaged in the service sector.A) 23 per centB) 45 per centC) 80 per centD) 50 per cent5. ACRP stands for â??A) Agro-Commodity Regional PlanningB) Agro-Climatic Rational PlanningC) Agro-Climatic Regional PlanningD) Allied-Climatic Regional Planning Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: AExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
CA Foundation Business Economics Questions 2023 - Part 30
Questions 1. Literacy rate calculated considering total population into account is known asA) Crude Literacy RateB) Total Literacy RateC) Mean Literacy RateD) None of the above2. In order to encourage investment in the economy, the RBI mayA) Increase Bank RateB) Sell securities in the open marketC) Buy securities in the open marketD) None of above3. Most of unemployment in India is __________A) VoluntaryB) StructuralC) FrictionalD) Technical4. Under a Command economy â??A) State plays a major roleB) Market plays major roleC) Both a & bD) Neither a nor b5. _______is the apex bank for agriculture credit in India.A) RBIB) SIDBIC) NABARDD) ICICI Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: CExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023

 All blogs