1. Your company has been using AWS(Amazon Web Service) for hosting EC2 Instances for their web and database applications. They want to have a compliance check to see the following Whether any ports are left open other than admin ones like SSH and RDP Whether any ports to the database server other than ones from the web server security group are open Which of the following can help achieve this in the easiest way possible. You don't want to carry out an extra configuration changes?

A) AWS Trusted Advisor
B) AWS Config
C) AWS Inspector
D) AWS Guard Duty



2. Your company has the following setup in AWS(Amazon Web Service) ? a. A set of EC2 Instances hosting a web application b. An application load balancer placed in front of the EC2 instances There seems to be a set of malicious requests coming from a set of IP addresses. Which of the following can be used to protect against these requests? Please select:

A) Use Security Groups to block the IP addresses
B) Use VPC Flow Logs to block the IP addresses
C) Use AWS(Amazon Web Service) WAF to block The IP addresses
D) Use AWS(Amazon Web Service) inspector to block the iP addresses



3. A company has a set of EC2 Instances hosted in AWS. The EC2 Instances have EBS volumes which is used to store critical information. There is a business continuity requirement to ensure high availability for the EBS volumes. How can you achieve this? Please select:

A) Use lifecycle policies for the EBS volumes
B) Use EBS Snapshots
C) Use EBS volume encryption
D) Use EBS volume replication



4. An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one particular group of lAM users should only access the test Instances and not the production ones. How can the organization set that as a part of the policy? Please select:

A) Define the lAM policy which allows access based on the instance ID
B) Launch the test and production Instances In separate regions and allow region wise access to the group
C) Define the tags on the test and production servers and add a condition to the lAM policy which allows access to specific tags
D) Create an lAM policy with a condition which allows access to only small instances



5. Your CTO thinks your AWS(Amazon Web Service) account was hacked. What is the only way to know for certain if there was unauthorized access and what they did, assuming your hackers are very sophisticated AWS(Amazon Web Service) engineers and doing everything they can to cover their tracks?

A) Use AWS(Amazon Web Service) Config Timeline forensics.
B) Use AWS(Amazon Web Service) Config SNS Subscriptions and process events in real time.
C) Use Cloud Trail backed up to AWS(Amazon Web Service) 53 and Glacier
D) Use Cloud Trail Log File Integrity Validation. .