1. Right Answer: A,B
Explanation: The Web security groups should allow access for ports 80 and 443 for HTTP and HTTPS traffic to all users from the internet. The database security group should just allow access from the web security group from port 1433. Option C is invalid because this is not a valid configuration Option D is invalid because database security should not be allowed on the internet For more information on Security Groups please visit the below URL https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
2. Right Answer: A,D
Explanation: The Web security groups should allow access for ports 80 and 443 for HTTP and HTTPS traffic to all users from the internet. The database security group should just allow access from the web security group from port 1433. Option C is invalid because this is not a valid configuration Option D is invalid because database security should not be allowed on the internet For more information on Security Groups please visit the below URL https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
3. Right Answer: A
Explanation: This concept is given in the AWS(Amazon Web Service) Documentation Option A,B and D are all invalid because the first step is to get prior authorization from AWS(Amazon Web Service) for penetration tests For more information on penetration testing, please visit the below URL https://aws.amazon.com/security/penetration-testing/
4. Right Answer: A,B,D
Explanation: One of the articles from AWS(Amazon Web Service) mentions what should be done in such a scenario If you suspect that your account has been compromised, or if you have received a notification from AWS(Amazon Web Service) that the account has been compromised, perform the following tasks: Change your AWS(Amazon Web Service) root account password and the passwords of any IAM users. Delete or rotate all root and AWS(Amazon Web Service) Identity and Access Management (IAM) access keys. Delete any resources on your account you didn't create, especially running EC2 instances, EC2 spot bids, or IAM users. Respond to any notifications you received from AWS(Amazon Web Service) Support through the AWS(Amazon Web Service) Support Center. Option C is invalid because there could be compromised instances or resources running on your environment. They should be shutdown or stopped immediately. For more information on the article, please visit the below URL https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/
5. Right Answer: C,D
Explanation:
Write a public review