CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 48
1. Your development team has started using AWS(Amazon Web Service) resources for development purposes. The AWS(Amazon Web Service) account has just been created. Your IT Security team is worried about possible leakage of AWS(Amazon Web Service) keys. What is the first level of measure that should be taken to protect the AWS(Amazon Web Service) account.
A) Restrict access using IAM policies (Incorrect)
B) Create IAM Roles
C) Create IAM Groups
D) Delete the AWS(Amazon Web Service) keys for the root account
2. Your current setup in AWS(Amazon Web Service) consists of the following architecture. 2 public subnets, one subnet which has the web servers accessed by users across the internet and the other subnet for the database server. Which of the following changes to the architecture would add a better security boundary to the resources hosted In your setup Please select:
A) Consider moving the web server to a private subnet
B) Consider moving both the web and database server to a private subnet
C) Consider creating a private subnet and adding a NAT instance to that subnet
D) Consider moving the database server to a private subnet
3. You are building a large-scale confidential documentation web server on AWS(Amazon Web Service) and all of the documentation for it will be stored on 53. One of the requirements is that it cannot be publicly accessible from S3 directly, and you will need to use Cloud Front to accomplish this. Which of the methods listed below would satisfy the requirements as outlined? Choose an answer from the options below Please select:
A) Create individual policies for each bucket the documents are stored in and in that policy grant access to only Cloud Front
B) Create an Identity and Access Management (IAM) user for Cloud Front and grant access to the objects in your 53 bucket to that IAM User.
C) Create an 53 bucket policy that lists the Cloud Front distribution ID as the Principal and the target bucket as the Amazon Resource Name
D) Create an Origin Access Identity (CAl) for Cloud Front and grant access to the objects in your S3 bucket to that CAl.
4. You have an instance setup in a test environment in AWS. You installed the required application and the promoted the server to a production environment. Your IT Security team has advised that there maybe traffic flowing In from an unknown IP address to port 22. How can this be mitigated immediately? Please select:
A) Remove the rule for incoming traffic on port 22 for the Security Group
B) Change the Instance type for the Instance
C) Shutdown the instance
D) Change the AMI for the instance
5. You want to get a list of vulnerabilities for an EC2 Instance as per the guidelines set by the Center of Internet Security. How can you go about doing this?
A) Use AWS(Amazon Web Service) Inspector
B) Use AWS(Amazon Web Service) Macie (Incorrect)
C) Use AWS(Amazon Web Service) Trusted Advisor
D) Enable AWS(Amazon Web Service) Guard Duty for the Instance
A) Restrict access using IAM policies (Incorrect)
B) Create IAM Roles
C) Create IAM Groups
D) Delete the AWS(Amazon Web Service) keys for the root account
2. Your current setup in AWS(Amazon Web Service) consists of the following architecture. 2 public subnets, one subnet which has the web servers accessed by users across the internet and the other subnet for the database server. Which of the following changes to the architecture would add a better security boundary to the resources hosted In your setup Please select:
A) Consider moving the web server to a private subnet
B) Consider moving both the web and database server to a private subnet
C) Consider creating a private subnet and adding a NAT instance to that subnet
D) Consider moving the database server to a private subnet
3. You are building a large-scale confidential documentation web server on AWS(Amazon Web Service) and all of the documentation for it will be stored on 53. One of the requirements is that it cannot be publicly accessible from S3 directly, and you will need to use Cloud Front to accomplish this. Which of the methods listed below would satisfy the requirements as outlined? Choose an answer from the options below Please select:
A) Create individual policies for each bucket the documents are stored in and in that policy grant access to only Cloud Front
B) Create an Identity and Access Management (IAM) user for Cloud Front and grant access to the objects in your 53 bucket to that IAM User.
C) Create an 53 bucket policy that lists the Cloud Front distribution ID as the Principal and the target bucket as the Amazon Resource Name
D) Create an Origin Access Identity (CAl) for Cloud Front and grant access to the objects in your S3 bucket to that CAl.
4. You have an instance setup in a test environment in AWS. You installed the required application and the promoted the server to a production environment. Your IT Security team has advised that there maybe traffic flowing In from an unknown IP address to port 22. How can this be mitigated immediately? Please select:
A) Remove the rule for incoming traffic on port 22 for the Security Group
B) Change the Instance type for the Instance
C) Shutdown the instance
D) Change the AMI for the instance
5. You want to get a list of vulnerabilities for an EC2 Instance as per the guidelines set by the Center of Internet Security. How can you go about doing this?
A) Use AWS(Amazon Web Service) Inspector
B) Use AWS(Amazon Web Service) Macie (Incorrect)
C) Use AWS(Amazon Web Service) Trusted Advisor
D) Enable AWS(Amazon Web Service) Guard Duty for the Instance
1. Right Answer: D
Explanation: The first level or measure that should be taken is to delete the keys for the IAM root user When you log into your account and go to your Security Access dashboard , this is the first step that can be seen Option B and C are wrong because creation of IAM groups and roles will not change the impact of leakage of AWS(Amazon Web Service) root access keys Option D is wrong because the first key aspect is to protect the access keys for the root account For more information on best practises for Security Access keys, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html
2. Right Answer: D
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation: The AWS(Amazon Web Service) Inspector service can inspect EC2 Instances based on specific Rules. One of the rules packages is based on the guidelines set by the Center of Internet Security Option A is invalid because this can be used to protect an instance but not give the list of vulnerabilities Option B and D are invalid because these services cannot give a list of vulnerabilities For more information on the guidelines, please visit the below URL https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cis.html
Explanation: The first level or measure that should be taken is to delete the keys for the IAM root user When you log into your account and go to your Security Access dashboard , this is the first step that can be seen Option B and C are wrong because creation of IAM groups and roles will not change the impact of leakage of AWS(Amazon Web Service) root access keys Option D is wrong because the first key aspect is to protect the access keys for the root account For more information on best practises for Security Access keys, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html
2. Right Answer: D
Explanation:
3. Right Answer: D
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation: The AWS(Amazon Web Service) Inspector service can inspect EC2 Instances based on specific Rules. One of the rules packages is based on the guidelines set by the Center of Internet Security Option A is invalid because this can be used to protect an instance but not give the list of vulnerabilities Option B and D are invalid because these services cannot give a list of vulnerabilities For more information on the guidelines, please visit the below URL https://docs.aws.amazon.com/inspector/latest/userguide/inspector_cis.html
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment