CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 62
1. You are planning on using the AWS(Amazon Web Service) KMS service for managing keys for your application. For which of the following can the KMS CMK keys be used for encrypting? Choose 2 answers from the options given below Please select:(Select 2answers)
A) Image Objects
B) Large files
C) RSA Keys
D) Password
2. Your team is experimenting with the API gateway service for an application. There is a need to implement a custom module which can be used for authentication/authorization for calls made to the API gateway. How can this be achieved?
A) Use the request parameters for authorization
B) Use the gateway authorizer
C) Use CORS on the API gateway
D) Use a Lambda authorizer
3. Your company has defined a set of S3 buckets in AWS. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?
A) Monitor the S3 API calls by using Cloud trail logging
B) Monitor the 53 API calls by using Cloud watch logging
C) Enable VPC flow logs to know the source IP addresses
D) Enable AWS(Amazon Web Service) Inspector for the 53 bucket
4. You want to ensure that you keep a check on the Active EBS Volumes, Active snapshots and Elastic IP addresses you use so that you dontt go beyond the service limit. Which of the below services can help in this regard?
A) AWS EC2
B) AWS Trusted Advisor
C) AWSSNS
D) AWS Cloud watch
5. You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your server?s on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the Internet. You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways. Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above?
A) End-to-end Identity authentication
B) Peer Identity authentication between VPN gateway and customer gateway
C) Data encryption across the Internet
D) End-to-end protection of data in transit
E) Data integrity protection across the Internet
F) Protection of data in transit over the Internet
A) Image Objects
B) Large files
C) RSA Keys
D) Password
2. Your team is experimenting with the API gateway service for an application. There is a need to implement a custom module which can be used for authentication/authorization for calls made to the API gateway. How can this be achieved?
A) Use the request parameters for authorization
B) Use the gateway authorizer
C) Use CORS on the API gateway
D) Use a Lambda authorizer
3. Your company has defined a set of S3 buckets in AWS. They need to monitor the S3 buckets and know the source IP address and the person who make requests to the S3 bucket. How can this be achieved?
A) Monitor the S3 API calls by using Cloud trail logging
B) Monitor the 53 API calls by using Cloud watch logging
C) Enable VPC flow logs to know the source IP addresses
D) Enable AWS(Amazon Web Service) Inspector for the 53 bucket
4. You want to ensure that you keep a check on the Active EBS Volumes, Active snapshots and Elastic IP addresses you use so that you dontt go beyond the service limit. Which of the below services can help in this regard?
A) AWS EC2
B) AWS Trusted Advisor
C) AWSSNS
D) AWS Cloud watch
5. You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your server?s on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the Internet. You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways. Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above?
A) End-to-end Identity authentication
B) Peer Identity authentication between VPN gateway and customer gateway
C) Data encryption across the Internet
D) End-to-end protection of data in transit
E) Data integrity protection across the Internet
F) Protection of data in transit over the Internet
1. Right Answer: C,D
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: C
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: B
Explanation:
5. Right Answer: C
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment