CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 5
1. Which of the below services can be integrated with the AWS(Amazon Web Service) Web application firewall service. Choose 2 answers from the options given below(Select 2answers)
A) AWS Cloudfront
B) AWS Lambda
C) AWS Application Load Balancer
D) AWS Classic Load Balancer
2. A large organization is planning on AWS(Amazon Web Service) to host their resources. They have a number of autonomous departments that wish to use AWS. What could be the strategy to adopt for managing the accounts.
A) Use multiple AWS(Amazon Web Service) accounts , each account for each department
B) Use multiple IAM roles , each group for each department
C) Use multiple VPC's in the account, each VPC for each department
D) Use multiple IAM groups , each group for each department
3. A company hosts critical data in an S3 bucket. Even though they have assigned the appropriate permissions to the bucket , they are still worried about data deletion. What measures can be taken to restrict the risk of data deletion on the bucket. Choose 2 answers from the options given below(Select 2answers)
A) Enable data in transit for the objects in the bucket
B) Enable versioning on the S3 bucket
C) Enable data at rest for the objects in the bucket
D) Enable MFA Delete in the bucket policy
4. Your application currently uses customer keys which are generated via AWS(Amazon Web Service) KMS in the US east region. Y now want to use the same set of keys from the EU-Central region. How can this be accomplished? Please select:
A) This is not possible since keys from KMS are region specific
B) Use key rotation and rotate the existing keys to the EUCentral region
C) Use the backing key from the US east region and use it in the EUCentral region
D) Export the key from the US east region and import them into the EUCentral region
5. You have several S3 buckets defined in your AWS(Amazon Web Service) account. You need to give access to external AWS(Amazon Web Service) accounts to these S3 buckets. Which of the following can allow you to define the permissions for the external accounts? Choose 2 answers from the options given below(Select 2answers)
A) Buckets ACL's
B) Bucket policies
C) IAM users
D) IAM policies
A) AWS Cloudfront
B) AWS Lambda
C) AWS Application Load Balancer
D) AWS Classic Load Balancer
2. A large organization is planning on AWS(Amazon Web Service) to host their resources. They have a number of autonomous departments that wish to use AWS. What could be the strategy to adopt for managing the accounts.
A) Use multiple AWS(Amazon Web Service) accounts , each account for each department
B) Use multiple IAM roles , each group for each department
C) Use multiple VPC's in the account, each VPC for each department
D) Use multiple IAM groups , each group for each department
3. A company hosts critical data in an S3 bucket. Even though they have assigned the appropriate permissions to the bucket , they are still worried about data deletion. What measures can be taken to restrict the risk of data deletion on the bucket. Choose 2 answers from the options given below(Select 2answers)
A) Enable data in transit for the objects in the bucket
B) Enable versioning on the S3 bucket
C) Enable data at rest for the objects in the bucket
D) Enable MFA Delete in the bucket policy
4. Your application currently uses customer keys which are generated via AWS(Amazon Web Service) KMS in the US east region. Y now want to use the same set of keys from the EU-Central region. How can this be accomplished? Please select:
A) This is not possible since keys from KMS are region specific
B) Use key rotation and rotate the existing keys to the EUCentral region
C) Use the backing key from the US east region and use it in the EUCentral region
D) Export the key from the US east region and import them into the EUCentral region
5. You have several S3 buckets defined in your AWS(Amazon Web Service) account. You need to give access to external AWS(Amazon Web Service) accounts to these S3 buckets. Which of the following can allow you to define the permissions for the external accounts? Choose 2 answers from the options given below(Select 2answers)
A) Buckets ACL's
B) Bucket policies
C) IAM users
D) IAM policies
1. Right Answer: A,C
Explanation: The AWS(Amazon Web Service) documentation mentions the following on the Application Load Balancer AWS(Amazon Web Service) WAF can be deployed on Amazon CloudFront and the Application Load Balancer (ALB). As part of Amazon CloudFront it can be part of your Content Distribution Network (CDN) protecting your resources and content at the Edge locations and as part of the Application Load Balancer it can protect your origin web servers running behind the ALBs. Options B and D are invalid because only Cloudfront and the Application Load Balancer services are supported by AWS(Amazon Web Service) WAF. For more information on the web application firewall please refer to the below URL: https://aws.amazon.com/waf/faq/
2. Right Answer: A
Explanation: A recommendation for this is given in the AWS(Amazon Web Service) Security best practises Option A is incorrect since this would be applicable for resources in a VPC Options B and C are incorrect since operationally it would be difficult to manage For more information on AWS(Amazon Web Service) Security best practises please refer to the below url https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
3. Right Answer: B,D
Explanation: One of the AWS(Amazon Web Service) Security blogs mentions the following Versioning keeps multiple versions of an object in the same bucket. When you enable it on a bucket, Amazon S3 automatically adds a unique version ID to every object stored in the bucket. At that point, a simple DELETE action does not permanently delete an object version; it merely associates a delete marker with the object. If you want to permanently delete an object version, you must specify its version ID in your DELETE request. You can add another layer of protection by enabling MFA Delete on a versioned bucket. Once you do so, you must provide your AWS(Amazon Web Service) account's access keys and a valid code from the account's MFA device in order to permanently delete an object version or suspend or reactivate versioning on the bucket. Option B is invalid because enabling encryption does not guarantee risk of data deletion. Option D is invalid because this option does not guarantee risk of data deletion. For more information on AWS(Amazon Web Service) S3 versioning and MFA please refer to the below URL: https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/
4. Right Answer: C
Explanation:
5. Right Answer: A,B
Explanation: The AWS(Amazon Web Service) Security whitepaper gives the type of access control and to what level the control can be given Options A and C are incorrect since for external access to buckets , you need to use either Bucket policies or Bucket ACL's For more information on Security for storage services role please refer to the below url https://d1.awsstatic.com/whitepapers/Security/Security_Storage_Services_Whitepaper.pdf
Explanation: The AWS(Amazon Web Service) documentation mentions the following on the Application Load Balancer AWS(Amazon Web Service) WAF can be deployed on Amazon CloudFront and the Application Load Balancer (ALB). As part of Amazon CloudFront it can be part of your Content Distribution Network (CDN) protecting your resources and content at the Edge locations and as part of the Application Load Balancer it can protect your origin web servers running behind the ALBs. Options B and D are invalid because only Cloudfront and the Application Load Balancer services are supported by AWS(Amazon Web Service) WAF. For more information on the web application firewall please refer to the below URL: https://aws.amazon.com/waf/faq/
2. Right Answer: A
Explanation: A recommendation for this is given in the AWS(Amazon Web Service) Security best practises Option A is incorrect since this would be applicable for resources in a VPC Options B and C are incorrect since operationally it would be difficult to manage For more information on AWS(Amazon Web Service) Security best practises please refer to the below url https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
3. Right Answer: B,D
Explanation: One of the AWS(Amazon Web Service) Security blogs mentions the following Versioning keeps multiple versions of an object in the same bucket. When you enable it on a bucket, Amazon S3 automatically adds a unique version ID to every object stored in the bucket. At that point, a simple DELETE action does not permanently delete an object version; it merely associates a delete marker with the object. If you want to permanently delete an object version, you must specify its version ID in your DELETE request. You can add another layer of protection by enabling MFA Delete on a versioned bucket. Once you do so, you must provide your AWS(Amazon Web Service) account's access keys and a valid code from the account's MFA device in order to permanently delete an object version or suspend or reactivate versioning on the bucket. Option B is invalid because enabling encryption does not guarantee risk of data deletion. Option D is invalid because this option does not guarantee risk of data deletion. For more information on AWS(Amazon Web Service) S3 versioning and MFA please refer to the below URL: https://aws.amazon.com/blogs/security/securing-access-to-aws-using-mfa-part-3/
4. Right Answer: C
Explanation:
5. Right Answer: A,B
Explanation: The AWS(Amazon Web Service) Security whitepaper gives the type of access control and to what level the control can be given Options A and C are incorrect since for external access to buckets , you need to use either Bucket policies or Bucket ACL's For more information on Security for storage services role please refer to the below url https://d1.awsstatic.com/whitepapers/Security/Security_Storage_Services_Whitepaper.pdf
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment