CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 51
1. Which of the following is used as a secure way to log into an EC2 Linux Instance?
A) AWS Access keys
B) Key pairs
C) IAM User name and password
D) AWS SDK keys (Incorrect)
2. Which of the following is used as a secure way to log into an EC2 Linux Instance? Please select:
A) AWS SD keys
B) Key pairs
C) IAM User name and password
D) AWS Access keys
3. You have an Ec2 Instance in a private subnet which needs to access the KMS service. Which of the below methods can help fulfil this requirement, keeping security in perspective
A) Use VPC Peering (Incorrect)
B) Attach a VPN connection to the VPC
C) Use a VPC endpoint
D) Attach an Internet gateway to the subnet
4. You have just recently set up a web and database tier in a VPC and hosted the application. When testing the application , you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the Issue. Please select:
A) Use AWS(Amazon Web Service) WAF to analyze the traffic
B) Use the AWS(Amazon Web Service) Trusted Advisor to see what can be done.
C) Use AWS(Amazon Web Service) Guard Duty to analyze the traffic
D) Use VPC Flow logs to diagnose the traffic
5. Your company has defined a number of EC2 Instances over a period of 6 months. They want to know if any of the security groups allow unrestricted access to a resource. What is the best option to accomplish this requirement?
A) Use AWS(Amazon Web Service) Config to see which security groups have compromised access.
B) Use the AWS(Amazon Web Service) Trusted Advisor to see which security groups have compromised access.
C) Use the AWS(Amazon Web Service) CLI to query the security groups and then filter for the rules which have unrestricted access (Incorrect)
D) Use AWS(Amazon Web Service) Inspector to inspect all the security Groups
A) AWS Access keys
B) Key pairs
C) IAM User name and password
D) AWS SDK keys (Incorrect)
2. Which of the following is used as a secure way to log into an EC2 Linux Instance? Please select:
A) AWS SD keys
B) Key pairs
C) IAM User name and password
D) AWS Access keys
3. You have an Ec2 Instance in a private subnet which needs to access the KMS service. Which of the below methods can help fulfil this requirement, keeping security in perspective
A) Use VPC Peering (Incorrect)
B) Attach a VPN connection to the VPC
C) Use a VPC endpoint
D) Attach an Internet gateway to the subnet
4. You have just recently set up a web and database tier in a VPC and hosted the application. When testing the application , you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the Issue. Please select:
A) Use AWS(Amazon Web Service) WAF to analyze the traffic
B) Use the AWS(Amazon Web Service) Trusted Advisor to see what can be done.
C) Use AWS(Amazon Web Service) Guard Duty to analyze the traffic
D) Use VPC Flow logs to diagnose the traffic
5. Your company has defined a number of EC2 Instances over a period of 6 months. They want to know if any of the security groups allow unrestricted access to a resource. What is the best option to accomplish this requirement?
A) Use AWS(Amazon Web Service) Config to see which security groups have compromised access.
B) Use the AWS(Amazon Web Service) Trusted Advisor to see which security groups have compromised access.
C) Use the AWS(Amazon Web Service) CLI to query the security groups and then filter for the rules which have unrestricted access (Incorrect)
D) Use AWS(Amazon Web Service) Inspector to inspect all the security Groups
1. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Key pairs consist of a public key and a private key. You use the private key to create a digital signature, and then AWS(Amazon Web Service) uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront. Option A,C and D are all wrong because these are not used to log into EC2 Linux Instances For more information on AWS(Amazon Web Service) Security credentials, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
2. Right Answer: B
Explanation:
3. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You can connect directly to AWS(Amazon Web Service) KMS through a private endpoint in your VPC instead of connecting over the internet. When you use a VPC endpoint, communication between your VPC and AWS(Amazon Web Service) KMS is conducted entirely within the AWS(Amazon Web Service) network. Option B is invalid because this could open threats from the internet Option C is invalid because this is normally used for communication between on-premise environments and AWS. Option D is invalid because this is normally used for communication between VPC's For more information on accessing KMS via an endpoint, please visit the following url https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation: The AWS(Amazon Web Service) Trusted Advisor can check security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). If you go to AWS(Amazon Web Service) Trusted Advisor , you can see the details Option A is invalid because AWS(Amazon Web Service) Inspector is used to detect security vulnerabilities in instances and not for security groups. Option C is invalid because this can be used to detect changes in security groups but not show you security groups that have compromised access. Option D is partially valid but would just be a maintenance over head For more information on the AWS(Amazon Web Service) Trusted Advisor, please visit the below URL https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Key pairs consist of a public key and a private key. You use the private key to create a digital signature, and then AWS(Amazon Web Service) uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront. Option A,C and D are all wrong because these are not used to log into EC2 Linux Instances For more information on AWS(Amazon Web Service) Security credentials, please visit the below URL https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
2. Right Answer: B
Explanation:
3. Right Answer: C
Explanation: The AWS(Amazon Web Service) Documentation mentions the following You can connect directly to AWS(Amazon Web Service) KMS through a private endpoint in your VPC instead of connecting over the internet. When you use a VPC endpoint, communication between your VPC and AWS(Amazon Web Service) KMS is conducted entirely within the AWS(Amazon Web Service) network. Option B is invalid because this could open threats from the internet Option C is invalid because this is normally used for communication between on-premise environments and AWS. Option D is invalid because this is normally used for communication between VPC's For more information on accessing KMS via an endpoint, please visit the following url https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation: The AWS(Amazon Web Service) Trusted Advisor can check security groups for rules that allow unrestricted access to a resource. Unrestricted access increases opportunities for malicious activity (hacking, denial-of-service attacks, loss of data). If you go to AWS(Amazon Web Service) Trusted Advisor , you can see the details Option A is invalid because AWS(Amazon Web Service) Inspector is used to detect security vulnerabilities in instances and not for security groups. Option C is invalid because this can be used to detect changes in security groups but not show you security groups that have compromised access. Option D is partially valid but would just be a maintenance over head For more information on the AWS(Amazon Web Service) Trusted Advisor, please visit the below URL https://aws.amazon.com/premiumsupport/trustedadvisor/best-practices/
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment