CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 64
1. A web application runs in a VPC on EC2 instances behind an ELB Application Load Balancer. The application stores data in an RD My SQL DB instance. A Linux bastion host is used to apply schema updates to the database - administrators connect to the host SSH from a corporate workstation. The following security groups are applied to the infrastructure - sgLB associated with the ELB sgWeb - associated with the EC2 instances. sgDB - associated with the database sgBastion associated with the bastion host Which security group configuration will allow the application to be secure and functional?
A) sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 443 traffic from 0.0.0.0/0 sgDB ;allow port 3306 traffic from sgWeb and sgBastion sgBastlon: allow port 22 traffic from the corporate IP address range
B) sgLB allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb ;allow port 80 and 443 traffic from sgLB sgDB :allow port 3306 traffic from sgWeb and sgLB sgBastion: allow port 22 traffic from the VPC IP address range
C) sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 4.43 traffic from SgLB sgDB :allow port 3306 traffic from sgWeb and sgBastion sgBastion: allow port 22 traffic from the corporate lP address range
D) sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 443 traffic from sgLB sgDB :allow port 3306 traffic from sgWeb and sgBastlon sgBastion: allow port 22 traffic from the VPC IP address range
2. Your company is planning on developing an application in AWS. This is a web based application. The application users will use their facebook or google Identities for authentication. You want to have the ability to manage user profiles without having to add extra coding to manage this. Which of the below would assist in this.
A) Use lAM users to manage the user profiles
B) Create an OIDC identity provider in AWS
C) Create a SAML provider in AWS
D) Use AWS(Amazon Web Service) Cognito to manage the user profiles
3. A security engineer must ensure that all infrastructure launched in the company AWS(Amazon Web Service) account be monitored for deviation from compliance rules, specifically that all EC2 instances are launched from one of a specified list of AMIs and that all attached EBS volume are encrypted. Infrastructure not in compliance should be terminated. What combination of steps should the Engineer implement? Select 2 answers from the options given below?(Select 2answers)
A) Set up a Cloud Watch event based on Amazon inspector findings
B) Trigger a Lambda function from a scheduled Cloud Watch event that terminates noncompliant infrastructure.
C) Trigger a CLI command from a Cloud Watch event that terminates the infrastructure
D) Monitor compliance with AWS(Amazon Web Service) Configure Rules triggered by configuration changes
E) Set up a Cloud Watch event based on Trusted Advisor metrics
4. A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user Is planning to host a web server In the pub subnet with port 80 and a Database server in the private subnet with port 3306. The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). which of the below mentioned entries is required in the private subnet database security group DBSecGrp? Please select:
A) Allow Outbound on port 80 for Destination NAT Instance IP
B) Allow Outbound on port 3306 for Destination Web Server Security Group WebSecGrp
C) Allow Inbound on port 3306 from source 20.0.0.0/16
D) Allow Inbound on port 3306 for Source Web Server Security Group WebSecGrp.
5. You have private video content in 53 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users? Please select:
A) Create an 53 bucket policy that limits access to your private content to only your subscribed users credentials
B) Generate pre-signed URL5 for each user as they request access to protected 53 content v
C) Create a Cloud Front Origin Identity user for your subscribed users and assign the Get Object permission to this user
D) Create an AM user for each subscribed user and assign the Get Object permission to each lAM user
A) sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 443 traffic from 0.0.0.0/0 sgDB ;allow port 3306 traffic from sgWeb and sgBastion sgBastlon: allow port 22 traffic from the corporate IP address range
B) sgLB allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb ;allow port 80 and 443 traffic from sgLB sgDB :allow port 3306 traffic from sgWeb and sgLB sgBastion: allow port 22 traffic from the VPC IP address range
C) sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 4.43 traffic from SgLB sgDB :allow port 3306 traffic from sgWeb and sgBastion sgBastion: allow port 22 traffic from the corporate lP address range
D) sgLB :allow port 80 and 443 traffic from 0.0.0.0/0 sgWeb :allow port 80 and 443 traffic from sgLB sgDB :allow port 3306 traffic from sgWeb and sgBastlon sgBastion: allow port 22 traffic from the VPC IP address range
2. Your company is planning on developing an application in AWS. This is a web based application. The application users will use their facebook or google Identities for authentication. You want to have the ability to manage user profiles without having to add extra coding to manage this. Which of the below would assist in this.
A) Use lAM users to manage the user profiles
B) Create an OIDC identity provider in AWS
C) Create a SAML provider in AWS
D) Use AWS(Amazon Web Service) Cognito to manage the user profiles
3. A security engineer must ensure that all infrastructure launched in the company AWS(Amazon Web Service) account be monitored for deviation from compliance rules, specifically that all EC2 instances are launched from one of a specified list of AMIs and that all attached EBS volume are encrypted. Infrastructure not in compliance should be terminated. What combination of steps should the Engineer implement? Select 2 answers from the options given below?(Select 2answers)
A) Set up a Cloud Watch event based on Amazon inspector findings
B) Trigger a Lambda function from a scheduled Cloud Watch event that terminates noncompliant infrastructure.
C) Trigger a CLI command from a Cloud Watch event that terminates the infrastructure
D) Monitor compliance with AWS(Amazon Web Service) Configure Rules triggered by configuration changes
E) Set up a Cloud Watch event based on Trusted Advisor metrics
4. A user has created a VPC with the public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The public subnet uses CIDR 20.0.1.0/24. The user Is planning to host a web server In the pub subnet with port 80 and a Database server in the private subnet with port 3306. The user is configuring a security group for the public subnet (WebSecGrp) and the private subnet (DBSecGrp). which of the below mentioned entries is required in the private subnet database security group DBSecGrp? Please select:
A) Allow Outbound on port 80 for Destination NAT Instance IP
B) Allow Outbound on port 3306 for Destination Web Server Security Group WebSecGrp
C) Allow Inbound on port 3306 from source 20.0.0.0/16
D) Allow Inbound on port 3306 for Source Web Server Security Group WebSecGrp.
5. You have private video content in 53 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users? Please select:
A) Create an 53 bucket policy that limits access to your private content to only your subscribed users credentials
B) Generate pre-signed URL5 for each user as they request access to protected 53 content v
C) Create a Cloud Front Origin Identity user for your subscribed users and assign the Get Object permission to this user
D) Create an AM user for each subscribed user and assign the Get Object permission to each lAM user
1. Right Answer: C
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: B,D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation:
Explanation:
2. Right Answer: D
Explanation:
3. Right Answer: B,D
Explanation:
4. Right Answer: D
Explanation:
5. Right Answer: B
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment