CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 8
1. Your developer is using the KMS service and an assigned key in their Java program. They get the below error when running the codearn:aws:iam::113745388712:user/UserB is not authorized to perform: kms:DescribeKey Which of the following could help resolve the issue?
A) Ensure that UserB is given the right permissions in the Bucket policy
B) Ensure that UserB is given the right permissions in the IAM policy
C) Ensure that UserB is given the right IAM role to access the key
D) Ensure that UserB is given the right permissions in the Key policy
2. Your team is designing a web application. The users for this web application would need to sign in via an external ID provider such as facebook or Google. Which of the following AWS(Amazon Web Service) service would you use for authentication?
A) AWS IAM
B) AWS Config
C) AWS SAML
D) AWS Cognito
3. You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your server's on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the internet. You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways. Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? Choose 4 answers form the options below(Select 3answers)
A) Data encryption across the Internet
B) Data integrity protection across the Internet
C) End-to-end protection of data in transit
D) End-to-end Identity authentication
E) Peer identity authentication between VPN gateway and customer gateway
F) Protection of data in transit over the Internet
4. A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The IT Security department has a suspicion that a DDos attack is coming from a suspecting IP. How can you protect the subnets from this attack?
A) Change the Outbound NACL to deny access from the suspecting IP (Incorrect)
B) Change the Inbound Security Groups to deny access from the suspecting IP
C) Change the Outbound Security Groups to deny access from the suspecting IP
D) Change the Inbound NACL to deny access from the suspecting IP
5. You have a set of Customer keys created using the AWS(Amazon Web Service) KMS service. These keys have been used for around 6 months. You are now trying to use the new KMS features for the existing set of key?s but are not able to do so. What could be the reason for this. Please select:
A) You have not explicitly given access via the key policy
B) You have not given access via the IAM roles *
C) You have not explicitly given access iia AM users
D) You have not explicitly given access via the IAM policy
A) Ensure that UserB is given the right permissions in the Bucket policy
B) Ensure that UserB is given the right permissions in the IAM policy
C) Ensure that UserB is given the right IAM role to access the key
D) Ensure that UserB is given the right permissions in the Key policy
2. Your team is designing a web application. The users for this web application would need to sign in via an external ID provider such as facebook or Google. Which of the following AWS(Amazon Web Service) service would you use for authentication?
A) AWS IAM
B) AWS Config
C) AWS SAML
D) AWS Cognito
3. You are designing a connectivity solution between on-premises infrastructure and Amazon VPC. Your server's on-premises will be communicating with your VPC instances. You will be establishing IPSec tunnels over the internet. You will be using VPN gateways and terminating the IPsec tunnels on AWS-supported customer gateways. Which of the following objectives would you achieve by implementing an IPSec tunnel as outlined above? Choose 4 answers form the options below(Select 3answers)
A) Data encryption across the Internet
B) Data integrity protection across the Internet
C) End-to-end protection of data in transit
D) End-to-end Identity authentication
E) Peer identity authentication between VPN gateway and customer gateway
F) Protection of data in transit over the Internet
4. A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet that was created with default ACL settings. The IT Security department has a suspicion that a DDos attack is coming from a suspecting IP. How can you protect the subnets from this attack?
A) Change the Outbound NACL to deny access from the suspecting IP (Incorrect)
B) Change the Inbound Security Groups to deny access from the suspecting IP
C) Change the Outbound Security Groups to deny access from the suspecting IP
D) Change the Inbound NACL to deny access from the suspecting IP
5. You have a set of Customer keys created using the AWS(Amazon Web Service) KMS service. These keys have been used for around 6 months. You are now trying to use the new KMS features for the existing set of key?s but are not able to do so. What could be the reason for this. Please select:
A) You have not explicitly given access via the key policy
B) You have not given access via the IAM roles *
C) You have not explicitly given access iia AM users
D) You have not explicitly given access via the IAM policy
1. Right Answer: D
Explanation: You need to ensure that UserB is given access via the Key policy for the Key Option A is invalid because you don't assign roles to IAM users Options B and D are invalid because the permissions are not pertinent to the IAM or bucket policy For more information on Key policies please visit the below Link: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
2. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, or Google. Option B is incorrect since this is used for identity federation Option C is incorrect since this is pure Identity and Access management Option D is incorrect since AWS(Amazon Web Service) is a configuration service For more information on AWS(Amazon Web Service) Cognito please refer to the below link https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html
3. Right Answer: A,B,E
Explanation: IPSec is a widely adopted protocol that can be used to provide end to end protection for data Options A and B are invalid because there is no complete guarantee of end to end encryption using IPSec For more information on IPSec, please visit the following URL: https://en.wikipedia.org/wiki/IPsec
4. Right Answer: D
Explanation: Option A and B are invalid because by default the Security Groups already block traffic. You can use NACL's as an additional security layer for the subnet to deny traffic. Option D is invalid since just changing the Inbound Rules is sufficient. The AWS(Amazon Web Service) Documentation mentions the following A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. For more information on Network Access Control Lists, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
5. Right Answer: A
Explanation:
Explanation: You need to ensure that UserB is given access via the Key policy for the Key Option A is invalid because you don't assign roles to IAM users Options B and D are invalid because the permissions are not pertinent to the IAM or bucket policy For more information on Key policies please visit the below Link: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
2. Right Answer: D
Explanation: The AWS(Amazon Web Service) Documentation mentions the following Amazon Cognito provides authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a user name and password, or through a third party such as Facebook, Amazon, or Google. Option B is incorrect since this is used for identity federation Option C is incorrect since this is pure Identity and Access management Option D is incorrect since AWS(Amazon Web Service) is a configuration service For more information on AWS(Amazon Web Service) Cognito please refer to the below link https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html
3. Right Answer: A,B,E
Explanation: IPSec is a widely adopted protocol that can be used to provide end to end protection for data Options A and B are invalid because there is no complete guarantee of end to end encryption using IPSec For more information on IPSec, please visit the following URL: https://en.wikipedia.org/wiki/IPsec
4. Right Answer: D
Explanation: Option A and B are invalid because by default the Security Groups already block traffic. You can use NACL's as an additional security layer for the subnet to deny traffic. Option D is invalid since just changing the Inbound Rules is sufficient. The AWS(Amazon Web Service) Documentation mentions the following A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. For more information on Network Access Control Lists, please visit the following url https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_ACLs.html
5. Right Answer: A
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment