Published - Fri, 03 Mar 2023
AWS Certified Security - Specialty - Part 50
1. Your company has defined privileged users for their AWS(Amazon Web Service) Account. These users are administrators for key resources defined in the company. There is now a mandate to enhance the security authentication for these users. How can this be accomplished?
A) Enable accidental deletion for these user accounts
B) Disable root access for the users (Incorrect)
C) Enable versioning for these user accounts
D) Enable MFA for these user accounts
2. Your company has defined a number of EC2 Instances over a period of 6 months. They want to know if any of the security groups allow unrestricted access to a resource. What is the best option to accomplish this requirement?
A) Use the AWS(Amazon Web Service) Trusted Advisor to see which security groups have compromised access.
B) Use AWS(Amazon Web Service) Configure to see which security groups have compromised access.
C) Use AWS(Amazon Web Service) Inspector to inspect all the security Groups
D) Use the AWS(Amazon Web Service) CLI to query the security groups and then filter for the rules which have unrestricted access
3. Which of the following is not a best practice for carrying out a security audit?
A) Whenever there are changes in your organization (Incorrect)
B) Conduct an audit if you ever suspect that an unauthorized person might have accessed your account
C) Conduct an audit on a yearly basis
D) Conduct an audit if application instances have been added to your account
4. You have a vendor that needs access to an AWS(Amazon Web Service) resource. You create an AWS(Amazon Web Service) user account. You want to restrict access to the resource using a policy for just that user over a brief period. Which of the following would be an ideal policy to use?
A) An AWS(Amazon Web Service) Managed Policy
B) An Inline Policy
C) A Bucket Policy
D) A bucket ACL (Incorrect)
5. A security team must present a daily briefing to the CISO that includes a report of which of the company?s thousands of EC2 instances and on-premises servers are missing the latest security patches. All instances/servers must be brought into compliance within 24 hours so they do not show up on the next day?s report. How can the security team fulfill these requirements?
A) Use Systems Manger Patch Manger to generate the report of out of compliance instances/ servers. Use Systems Manager Patch Mang to install the missing patches.
B) Use Amazon Quick Sight and Cloud Trail to generate the report of out of compliance instances/servers. Redeploy all out of compliance Instances/servers using an AMI with the latest patches.
C) Use Trusted Advisor to generate the report of out of compliance instances/ servers. Use Systems Manger Patch Manger to install the missing patches.
D) Use Systems Manger Patch Manger to generate the report of out of compliance Instances) servers. Redeploy all out of compliance instances/servers using an AMI with the latest patches.
A) Enable accidental deletion for these user accounts
B) Disable root access for the users (Incorrect)
C) Enable versioning for these user accounts
D) Enable MFA for these user accounts
2. Your company has defined a number of EC2 Instances over a period of 6 months. They want to know if any of the security groups allow unrestricted access to a resource. What is the best option to accomplish this requirement?
A) Use the AWS(Amazon Web Service) Trusted Advisor to see which security groups have compromised access.
B) Use AWS(Amazon Web Service) Configure to see which security groups have compromised access.
C) Use AWS(Amazon Web Service) Inspector to inspect all the security Groups
D) Use the AWS(Amazon Web Service) CLI to query the security groups and then filter for the rules which have unrestricted access
3. Which of the following is not a best practice for carrying out a security audit?
A) Whenever there are changes in your organization (Incorrect)
B) Conduct an audit if you ever suspect that an unauthorized person might have accessed your account
C) Conduct an audit on a yearly basis
D) Conduct an audit if application instances have been added to your account
4. You have a vendor that needs access to an AWS(Amazon Web Service) resource. You create an AWS(Amazon Web Service) user account. You want to restrict access to the resource using a policy for just that user over a brief period. Which of the following would be an ideal policy to use?
A) An AWS(Amazon Web Service) Managed Policy
B) An Inline Policy
C) A Bucket Policy
D) A bucket ACL (Incorrect)
5. A security team must present a daily briefing to the CISO that includes a report of which of the company?s thousands of EC2 instances and on-premises servers are missing the latest security patches. All instances/servers must be brought into compliance within 24 hours so they do not show up on the next day?s report. How can the security team fulfill these requirements?
A) Use Systems Manger Patch Manger to generate the report of out of compliance instances/ servers. Use Systems Manager Patch Mang to install the missing patches.
B) Use Amazon Quick Sight and Cloud Trail to generate the report of out of compliance instances/servers. Redeploy all out of compliance Instances/servers using an AMI with the latest patches.
C) Use Trusted Advisor to generate the report of out of compliance instances/ servers. Use Systems Manger Patch Manger to install the missing patches.
D) Use Systems Manger Patch Manger to generate the report of out of compliance Instances) servers. Redeploy all out of compliance instances/servers using an AMI with the latest patches.
1. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following as a best practise for IAM users For extra security, enable multi-factor authentication (MFA) for privileged IAM users (users who are allowed access to sensitive resources or APIs). With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP). Users must provide both their normal credentials (like their user name and password) and the OTP. The MFA device can either be a special piece of hardware, or it can be a virtual device (for example, it can run in an app on a smartphone). Option B,C and D are invalid because no such security options are available in AWS For more information on IAM best practises, please visit the below URL ttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
2. Right Answer: A
Explanation:
3. Right Answer: C
Explanation: A year's time is generally too long a gap for conducting security audits The AWS(Amazon Web Service) Documentation mentions the following You should audit your security configuration in the following situations: On a periodic basis. If there are changes in your organization, such as people leaving. If you have stopped using one or more individual AWS(Amazon Web Service) services. This is important for removing permissions that users in your account no longer need. If you've added or removed software in your accounts, such as applications on Amazon EC2 instances, AWS(Amazon Web Service) OpsWorks stacks, AWS(Amazon Web Service) CloudFormation templates, etc. If you ever suspect that an unauthorized person might have accessed your account. Option B , C and D are all the right ways and recommended best practises when it comes to conducting audits For more information on Security Audit guideline, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html
4. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation gives an example on such a case Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the principal entity that it's applied to. For example, you want to be sure that the permissions in a policy are not inadvertently assigned to a principal entity other than the one they're intended for. When you use an inline policy, the permissions in the policy cannot be inadvertently attached to the wrong principal entity. In addition, when you use the AWS(Amazon Web Service) Management Console to delete that principal entity, the policies embedded in the principal entity are deleted as well. That's because they are part of the principal entity. Option A is invalid because AWS(Amazon Web Service) Managed Polices are ok for a group of users , but for individual users , inline policies are better. Option C and D are invalid because they are specifically meant for access to S3 buckets For more information on policies, please visit the following url https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
5. Right Answer: A
Explanation:
Explanation: The AWS(Amazon Web Service) Documentation mentions the following as a best practise for IAM users For extra security, enable multi-factor authentication (MFA) for privileged IAM users (users who are allowed access to sensitive resources or APIs). With MFA, users have a device that generates a unique authentication code (a one-time password, or OTP). Users must provide both their normal credentials (like their user name and password) and the OTP. The MFA device can either be a special piece of hardware, or it can be a virtual device (for example, it can run in an app on a smartphone). Option B,C and D are invalid because no such security options are available in AWS For more information on IAM best practises, please visit the below URL ttps://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
2. Right Answer: A
Explanation:
3. Right Answer: C
Explanation: A year's time is generally too long a gap for conducting security audits The AWS(Amazon Web Service) Documentation mentions the following You should audit your security configuration in the following situations: On a periodic basis. If there are changes in your organization, such as people leaving. If you have stopped using one or more individual AWS(Amazon Web Service) services. This is important for removing permissions that users in your account no longer need. If you've added or removed software in your accounts, such as applications on Amazon EC2 instances, AWS(Amazon Web Service) OpsWorks stacks, AWS(Amazon Web Service) CloudFormation templates, etc. If you ever suspect that an unauthorized person might have accessed your account. Option B , C and D are all the right ways and recommended best practises when it comes to conducting audits For more information on Security Audit guideline, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-security-audit-guide.html
4. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation gives an example on such a case Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the principal entity that it's applied to. For example, you want to be sure that the permissions in a policy are not inadvertently assigned to a principal entity other than the one they're intended for. When you use an inline policy, the permissions in the policy cannot be inadvertently attached to the wrong principal entity. In addition, when you use the AWS(Amazon Web Service) Management Console to delete that principal entity, the policies embedded in the principal entity are deleted as well. That's because they are part of the principal entity. Option A is invalid because AWS(Amazon Web Service) Managed Polices are ok for a group of users , but for individual users , inline policies are better. Option C and D are invalid because they are specifically meant for access to S3 buckets For more information on policies, please visit the following url https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html
5. Right Answer: A
Explanation:
Created by
Comments (0)
Search
Popular categories
Latest blogs
CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Write a public review