CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 52
1. A company wishes to enable Single Sign On (SSO) so its employees can login to the management console using their corporate directory identity. Which steps below are required as part of the process?
A) Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity
B) Create a Lambda function to assign IAM roles to the temporary security tokens provided to the users.
C) Create IAM policies that can be mapped to group memberships In the corporate directory.
D) Create a Direct Connect connection
E) Create IAM users that can be mapped to the employees? corporate identities
2. When you enable automatic key rotation for an existing CMK key where the backing key is managed by AWS(Amazon Web Service) , after how long is the key rotated?
A) After 365 days
B) After 128 days
C) After 3 years (Incorrect)
D) After 30 days
3. You have an S3 bucket hosted in AWS. This is used to host promotional videos uploaded by yourself. You need to provide access to users for a limited duration of time. How can this be achieved?
A) Use IAM policies with a timestamp to limit the access (Incorrect)
B) Use Pre-signed URL's
C) Use IAM Roles with a timestamp to limit the access
D) Use versioning and enable a timestamp for each version
4. You have a web site that is sitting behind AWS(Amazon Web Service) Cloudfront. You need to protect the web site against threats such as SQL injection and Cross site scripting attacks. Which of the following service can help in such a scenario
A) AWS Trusted Advisor
B) AWS Inspector
C) AWS Config (Incorrect)
D) AWS WAF
5. Your company has mandated that all calls to the AWS(Amazon Web Service) KMS service be recorded. How can this be achieved? Please select:
A) Enable Cloud watch logs
B) Enable a trail in Cloud trail
C) Enable logging on the KMS service
D) Use Cloud watch metrics
A) Create an IAM role that establishes a trust relationship between IAM and the corporate directory identity
B) Create a Lambda function to assign IAM roles to the temporary security tokens provided to the users.
C) Create IAM policies that can be mapped to group memberships In the corporate directory.
D) Create a Direct Connect connection
E) Create IAM users that can be mapped to the employees? corporate identities
2. When you enable automatic key rotation for an existing CMK key where the backing key is managed by AWS(Amazon Web Service) , after how long is the key rotated?
A) After 365 days
B) After 128 days
C) After 3 years (Incorrect)
D) After 30 days
3. You have an S3 bucket hosted in AWS. This is used to host promotional videos uploaded by yourself. You need to provide access to users for a limited duration of time. How can this be achieved?
A) Use IAM policies with a timestamp to limit the access (Incorrect)
B) Use Pre-signed URL's
C) Use IAM Roles with a timestamp to limit the access
D) Use versioning and enable a timestamp for each version
4. You have a web site that is sitting behind AWS(Amazon Web Service) Cloudfront. You need to protect the web site against threats such as SQL injection and Cross site scripting attacks. Which of the following service can help in such a scenario
A) AWS Trusted Advisor
B) AWS Inspector
C) AWS Config (Incorrect)
D) AWS WAF
5. Your company has mandated that all calls to the AWS(Amazon Web Service) KMS service be recorded. How can this be achieved? Please select:
A) Enable Cloud watch logs
B) Enable a trail in Cloud trail
C) Enable logging on the KMS service
D) Use Cloud watch metrics
1. Right Answer: C
Explanation:
2. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation states the following Automatic key rotation is disabled by default on customer managed CMKs. When you enable (or re-enable) key rotation, AWS(Amazon Web Service) KMS automatically rotates the CMK 365 days after the enable date and every 365 days thereafter. Option A,B and D are automatically invalid because the default is 365 days For more information on key rotation please visit the below URL https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
3. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects. Option A is invalid because this can be used to prevent accidental deletion of objects Option C is invalid because timestamps are not possible for Roles Option D is invalid because policies is not the right way to limit access based on time For more information on pre-signed URL's, please visit the URL https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
4. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following AWS(Amazon Web Service) WAF is a web application firewall that helps detect and block malicious web requests targeted at your web applications. AWS(Amazon Web Service) WAF allows you to create rules that can help protect against common web exploits like SQL injection and cross-site scripting. With AWS(Amazon Web Service) WAF you first identify the resource (either an Amazon CloudFront distribution or an Application Load Balancer) that you need to protect. Option A is invalid because this will only give advise on how you can better the security in your AWS(Amazon Web Service) account, but not protect against threats mentioned in the question. Option C is invalid because this can be used to scan EC2 Instances for vulnerabilities but not protect against threats mentioned in the question. Option D is invalid because this can be used to check config changes but not protect against threats mentioned in the question. For more information on AWS(Amazon Web Service) WAF, please visit the following url https://aws.amazon.com/waf/details/
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation states the following Automatic key rotation is disabled by default on customer managed CMKs. When you enable (or re-enable) key rotation, AWS(Amazon Web Service) KMS automatically rotates the CMK 365 days after the enable date and every 365 days thereafter. Option A,B and D are automatically invalid because the default is 365 days For more information on key rotation please visit the below URL https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
3. Right Answer: B
Explanation: The AWS(Amazon Web Service) Documentation mentions the following All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects. Option A is invalid because this can be used to prevent accidental deletion of objects Option C is invalid because timestamps are not possible for Roles Option D is invalid because policies is not the right way to limit access based on time For more information on pre-signed URL's, please visit the URL https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
4. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following AWS(Amazon Web Service) WAF is a web application firewall that helps detect and block malicious web requests targeted at your web applications. AWS(Amazon Web Service) WAF allows you to create rules that can help protect against common web exploits like SQL injection and cross-site scripting. With AWS(Amazon Web Service) WAF you first identify the resource (either an Amazon CloudFront distribution or an Application Load Balancer) that you need to protect. Option A is invalid because this will only give advise on how you can better the security in your AWS(Amazon Web Service) account, but not protect against threats mentioned in the question. Option C is invalid because this can be used to scan EC2 Instances for vulnerabilities but not protect against threats mentioned in the question. Option D is invalid because this can be used to check config changes but not protect against threats mentioned in the question. For more information on AWS(Amazon Web Service) WAF, please visit the following url https://aws.amazon.com/waf/details/
5. Right Answer: B
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment