1. You company has mandated that all data in AWS(Amazon Web Service) be encrypted at rest. How can you achieve this for EBS volumes? Choose 2 answers from the options given below Please select:(Select 2answers)

A) Use TrueEncrypt for EBS volumes on Linux instances
B) Enable encryption on existing EBS volumes
C) Use Windows bit locker for EBS volumes on Windows instances
D) Use AWS(Amazon Web Service) KMS to encrypt the existing EBS volumes



2. You currently operate a web application In the AWS(Amazon Web Service) US-East region. The application runs on an auto-scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2,IAM and RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

A) Create three new Cloud Trail trails with three new 53 buckets to store the logs one for the AWS(Amazon Web Service) Management console, one for AWS(Amazon Web Service) SDK5 and one for command line tools. Use lAM roles and 53 bucket policies on the 53 buckets that store your logs
B) Create a new Cloud Trail trail with an existing 53 bucket to store the logs and with the global services option selected. Use 53 ACL5 and Multi Factor Authentication (MFA) Delete on the 53 bucket that stores your logs,
C) Create a new Cloud Trail trail with one new 53 bucket to store the logs and with the global services option selected. Use lAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that storl > your logs.
D) Create a new Cloud Trail with one new S3 bucket to store the logs. Configure SNS to send log file delivery notifications to your management system. Use policies on the S3 bucket that stores your logs.



3. You are creating a Lambda function which will be triggered by a Cloud watch Event. The data from these events needs to be stored in a Dynamo DB table. How should the Lambda function be given access to the Dynamo DB table? Please select:

A) Use the AWS(Amazon Web Service) Access keys which has access to Dynamo DB and then place it in an 53 bucket
B) Put the AWS(Amazon Web Service) Access keys in the Lambda function since the Lambda function by default is secure
C) Create a VPC endpoint for the Dynamo DB table. Access the VPC endpoint from the Lambda function.
D) Use an AM role which has permissions to the Dynamo DB table and attach it to the Lambda function



4. You work at a company that makes use of AWS(Amazon Web Service) resources. One of the key security policies is to ensure that all data is encrypted both at rest and in transit. Which of the following is one of the right ways to implement this?

A) Using S3 Server Side Encryption (SSE) to store the information
B) Enabling Proxy Protocol
C) SSL termination on the ELB
D) Enabling sticky sessions on your load balancer



5. Your company is planning on using AWS(Amazon Web Service) EC2 and ELB for deployment for their web applications. The securil policy mandates that all traffic should be encrypted. Which of the below options will ensure that this requirement Is met. Choose 2 answers from the options below.(Select 2answers)

A) Ensure the I-ITTPS listener sends requests to the instances on port 80
B) Ensure the load balancer listens on port 80
C) Ensure the HTTPS listener sends requests to the instances on port 443
D) Ensure the load balancer listens on port 443