CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 54
1. You have an S3 bucket defined in AWS. You want to ensure that you encrypt the data before sending it across the wire. What Is the best way to achieve this, Please select:
A) Use the AWS(Amazon Web Service) Encryption CLI to encrypt the data first
B) Use a Lambda function to encrypt the data before sending it to the 53 bucket
C) Enable server side encryption for the S3 bucket. This request will ensure that the data is encrypted first.
D) Enable client side encryption for the 53 bucket
2. A company wants to have an Intrusion detection system available for their VPC in AWS. They want to have complete control over the system. Which of the following would be ideal to implement?
A) Use AWS(Amazon Web Service) Cloudwatch to monitor all traffic (Incorrect)
B) Use VPC Flow logs to detect the issues and flag them accordingly.
C) Use AWS(Amazon Web Service) WAF to catch all intrusions occurring on the systems in the VPC
D) Use a custom solution available in the AWS(Amazon Web Service) Marketplace
3. Your IT Security department has mandated that all data on EBS volumes created for underlying EC2 Instances need to be encrypted. Which of the following can help achieve this?
A) API Gateway with STS
B) IAM Access Key (Incorrect)
C) AWS Certificate Manager
D) AWS KMS API
4. You have an S3 bucket hosted in AWS. This is used to host promotional videos uploaded by yourself. You need to provide access to users for a limited duration of time. How can this be achieved?
A) Use Pre-signed URL's
B) Use IAM Roles with a timestamp to limit the access
C) Use IAM policies with a timestamp to limit the access (Incorrect)
D) Use versioning and enable a timestamp for each version
5. You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API In order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security?(Select 2answers)
A) Save your API credentials in a public Github repository
B) Save the API credentials to your PHP files.
C) Dont save your API credentials. Instead create a role In lAM and assign this role to an EC2 instance when you first create It.
D) Pass API credentials to the instance using instance userdata,
A) Use the AWS(Amazon Web Service) Encryption CLI to encrypt the data first
B) Use a Lambda function to encrypt the data before sending it to the 53 bucket
C) Enable server side encryption for the S3 bucket. This request will ensure that the data is encrypted first.
D) Enable client side encryption for the 53 bucket
2. A company wants to have an Intrusion detection system available for their VPC in AWS. They want to have complete control over the system. Which of the following would be ideal to implement?
A) Use AWS(Amazon Web Service) Cloudwatch to monitor all traffic (Incorrect)
B) Use VPC Flow logs to detect the issues and flag them accordingly.
C) Use AWS(Amazon Web Service) WAF to catch all intrusions occurring on the systems in the VPC
D) Use a custom solution available in the AWS(Amazon Web Service) Marketplace
3. Your IT Security department has mandated that all data on EBS volumes created for underlying EC2 Instances need to be encrypted. Which of the following can help achieve this?
A) API Gateway with STS
B) IAM Access Key (Incorrect)
C) AWS Certificate Manager
D) AWS KMS API
4. You have an S3 bucket hosted in AWS. This is used to host promotional videos uploaded by yourself. You need to provide access to users for a limited duration of time. How can this be achieved?
A) Use Pre-signed URL's
B) Use IAM Roles with a timestamp to limit the access
C) Use IAM policies with a timestamp to limit the access (Incorrect)
D) Use versioning and enable a timestamp for each version
5. You working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API In order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security?(Select 2answers)
A) Save your API credentials in a public Github repository
B) Save the API credentials to your PHP files.
C) Dont save your API credentials. Instead create a role In lAM and assign this role to an EC2 instance when you first create It.
D) Pass API credentials to the instance using instance userdata,
1. Right Answer: A
Explanation:
2. Right Answer: D
Explanation: Sometimes companies want to have custom solutions in place for monitoring Intrusions to their systems. In such a case , you can use the AWS(Amazon Web Service) Marketplace for looking at custom solutions. Option A,C and D are all invalid because they cannot be used to conduct intrusion detection or prevention For more information on using custom security solutions please visit the below URL https://d1.awsstatic.com/Marketplace/security/AWSMP_Security_Solution%20Overview.pdf
3. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following on AWS(Amazon Web Service) KMS AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS(Amazon Web Service) KMS is integrated with other AWS(Amazon Web Service) services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage Option B is incorrect - The AWS(Amazon Web Service) Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest Option C is incorrect is again used for issuing tokens when using API gateway for traffic in transit. Option D is used for secure access to EC2 Instances For more information on AWS(Amazon Web Service) KMS, please visit the following url https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
4. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects. Option A is invalid because this can be used to prevent accidental deletion of objects Option C is invalid because timestamps are not possible for Roles Option D is invalid because policies is not the right way to limit access based on time For more information on pre-signed URL's, please visit the URL https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
5. Right Answer: A,C
Explanation:
Explanation:
2. Right Answer: D
Explanation: Sometimes companies want to have custom solutions in place for monitoring Intrusions to their systems. In such a case , you can use the AWS(Amazon Web Service) Marketplace for looking at custom solutions. Option A,C and D are all invalid because they cannot be used to conduct intrusion detection or prevention For more information on using custom security solutions please visit the below URL https://d1.awsstatic.com/Marketplace/security/AWSMP_Security_Solution%20Overview.pdf
3. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following on AWS(Amazon Web Service) KMS AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS(Amazon Web Service) KMS is integrated with other AWS(Amazon Web Service) services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage Option B is incorrect - The AWS(Amazon Web Service) Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest Option C is incorrect is again used for issuing tokens when using API gateway for traffic in transit. Option D is used for secure access to EC2 Instances For more information on AWS(Amazon Web Service) KMS, please visit the following url https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
4. Right Answer: A
Explanation: The AWS(Amazon Web Service) Documentation mentions the following All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects. Option A is invalid because this can be used to prevent accidental deletion of objects Option C is invalid because timestamps are not possible for Roles Option D is invalid because policies is not the right way to limit access based on time For more information on pre-signed URL's, please visit the URL https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
5. Right Answer: A,C
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment