Published - Fri, 03 Mar 2023

AWS Certified Security - Specialty - Part 49

AWS Certified Security - Specialty - Part 49

1. Your IT Security department has mandated that all data on EBS volumes created for underlying EC2 Instances need to be encrypted. Which of the following can help achieve this?

A) AWS KMS API
B) API Gateway with STS
C) IAM Access Key (Incorrect)
D) AWS Certificate Manager



2. A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below(Select 2answers)

A) Port 22 coming from 10.0.0.0/16
B) Port 22 coming from 0.0.0.0/0
C) Port 443 coming from 10.0.0.0/16
D) Port 443 coming from 0.0.0.0/0



3. Your company has a set of resources defined in the AWS(Amazon Web Service) Cloud. Their IT audit department has requested to get a list of resources that have been defined across the account. How can this be achieved in the easiest manner?

A) Create a bash shell script with the AWS(Amazon Web Service) CLI. Query for all resources in all regions. Store the results in an S3 bucket.
B) Use AWS(Amazon Web Service) Config to get the list of all resources
C) Create a powershell script using the AWS(Amazon Web Service) CLI. Query for all resources with the tag of production.
D) Use Cloud Trail to get the list of all resources



4. You need to ensure that objects in an S3 bucket are available in another region. This is because of the criticality of the data that is hosted In the S3 bucket. How can you achieve this in the easiest way possible?

A) Enable versioning which will copy the objects to the destination region
B) Write a script to copy the objects to another bucket in the destination region
C) Enable cross region replication for the bucket
D) Create an 53 snapshot in the destination region



5. Your company has a requirement to monitor all root user activity. How can this best be achieved? Choose 2 answers from the options given below. Each answer forms part of the solution(Select 2answers)

A) Create a Cloudwatch Logs Rule
B) Use Cloudtrail API call (Incorrect)
C) Create a Cloudwatch Events Rule
D) Use a Lambda function



1. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following on AWS(Amazon Web Service) KMS AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS(Amazon Web Service) KMS is integrated with other AWS(Amazon Web Service) services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage Option B is incorrect - The AWS(Amazon Web Service) Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest Option C is incorrect is again used for issuing tokens when using API gateway for traffic in transit. Option D is used for secure access to EC2 Instances For more information on AWS(Amazon Web Service) KMS, please visit the following url https://docs.aws.amazon.com/kms/latest/developerguide/overview.html

2. Right Answer: A,D
Explanation: vSince HTTPS traffic is required for all users on the Internet , Port 443 should be open on all IP addresses. For port 22 , the traffic should be restricted to an internal subnet. Option B is invalid , because this only allow traffic from a particular CIDR block and not from the internet Option C is invalid because allowing port 22 from the internet is a security risk For more information on AWS(Amazon Web Service) Security Groups, please visit the following url https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html

3. Right Answer: B
Explanation: The most feasible option is to use AWS(Amazon Web Service) Config. When you turn on AWS(Amazon Web Service) Config , you will get a list of resources defined in your AWS(Amazon Web Service) Account. A sample snapshot of the resources dashboard in AWS(Amazon Web Service) Config is shown below Option A is incorrect because this would give the list of production based resources and now all resources. Option B is partially correct. But this will just add more maintenance overhead. Option C is incorrect because this can be used to log API activities but not give an account of all resources For more information on AWS(Amazon Web Service) Config, please visit the below URL https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html

4. Right Answer: C
Explanation:

5. Right Answer: C,D
Explanation: Below is a snippet from the AWS(Amazon Web Service) blogs on a solution Option B is invalid because you need to create a Cloudwatch Events Rule and there is such thing as a Cloudwatch Logs Rule Option D is invalid because Cloud Trail API calls can be recorded but cannot be used to send across notifications For more information on this blog article, please visit the following url https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/

Created by

Mary Smith

View profile

Comments (0)

Search
Popular categories
CompTIA
835
Isaca
787
AWS
608
Others
545
IT Exams
133
Project Management
72
All categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
CA Foundation Business Economics Questions 2023 - Part 32
Questions 1. Generally an economy is considered under developed ifA) The standard of living of people & Productivity is low.B) Agriculture is the main occupation of the peopleC) The production techniques are backward.D) All of the above.2. Which of the following statement is correct?A) Agriculture occupies 10 per cent population of India.B) Nearly 5 per cent population of India is below the poverty line.C) The production techniques in agriculture are backward.D) None of the above.3. Which of the statements is correct?A) The tertiary sector contributes the maximum to the GDP.B) India is basically a socialist economy.C) The distribution of income and wealth is quite equitable.D) None of the above.4. In perfect competition in the short run there will be __________ possibilitiesA) Normal profits.B) Supernormal profits.C) LossD) All of above5. ______________ measure generally gives the lowest estimate of unemployment especially for poor economy.A) Usual status.B) CWS.C) CDS.D) CMS. Right Answer and Explanation: 1. Right Answer: DExplanation: 2. Right Answer: CExplanation: 3. Right Answer: AExplanation: 4. Right Answer: DExplanation: 5. Right Answer: AExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
CA Foundation Business Economics Questions 2023 - Part 31
Questions 1. When the price of a complementary of commodity X falls, the demand for X-A) FallsB) RisesC) Remains unchangedD) any of the above2. Which of the following is the method of measuring elasticity of demand when change in price of a commodity is substantial?A) Arc methodB) Point methodC) Percentage methodD) none of the above3. FERA stands for -A) Foreign Exchange Recommendation ActB) Foreign Exchange Regulation ActC) Finance and Export Regulation AssociationD) Funds Export Revaluation Act4. Nearly _____percent of working population is engaged in the service sector.A) 23 per centB) 45 per centC) 80 per centD) 50 per cent5. ACRP stands for â??A) Agro-Commodity Regional PlanningB) Agro-Climatic Rational PlanningC) Agro-Climatic Regional PlanningD) Allied-Climatic Regional Planning Right Answer and Explanation: 1. Right Answer: BExplanation: 2. Right Answer: AExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
CA Foundation Business Economics Questions 2023 - Part 30
Questions 1. Literacy rate calculated considering total population into account is known asA) Crude Literacy RateB) Total Literacy RateC) Mean Literacy RateD) None of the above2. In order to encourage investment in the economy, the RBI mayA) Increase Bank RateB) Sell securities in the open marketC) Buy securities in the open marketD) None of above3. Most of unemployment in India is __________A) VoluntaryB) StructuralC) FrictionalD) Technical4. Under a Command economy â??A) State plays a major roleB) Market plays major roleC) Both a & bD) Neither a nor b5. _______is the apex bank for agriculture credit in India.A) RBIB) SIDBIC) NABARDD) ICICI Right Answer and Explanation: 1. Right Answer: AExplanation: 2. Right Answer: CExplanation: 3. Right Answer: BExplanation: 4. Right Answer: AExplanation: 5. Right Answer: CExplanation: .col-md-12 { -webkit-user-select: none; -ms-user-select: none; user-select: none; } .flash-sale-container{background:#134981;text-align:center;padding:2%;} p.flash-sale-text{ font-size:24px;font-family:"Poppins";letter-spacing:2px;line-height:1.4em; } span.flash-break{ display:block; } .flash-sale-text { -webkit-animation-name:flash; animation: blink 1.5s infinite; } @keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } } @-webkit-keyframes blink{ 0% { color: #D3585F; } 20% { color: #D3585F; } 40% { color: #FFF; } 60% { color: #FFF; } 80% { color: #D3585F; } 100% { color: #D3585F; } }

Fri, 03 Mar 2023

 All blogs