CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
AWS Certified Security - Specialty - Part 9
1. You work as an administrator for a company. The company hosts a number of resources using AWS. There is an incident of a suspicious API activity which occurred 11 days ago. The Security Admin has asked to get the API activity from that point in time. How can this be achieved?
A) Use AWS(Amazon Web Service) Config to get the API calls which were made 11 days ago.
B) Search the Cloud trail event history on the API events which occurred 11 days ago
C) Search the Cloud Watch logs to find for the suspicious activity which occurred 11 days ago
D) Search the Cloud Watch metrics to find for the suspicious activity which occurred 11 days ago
2. A company is planning on using AWS(Amazon Web Service) for hosting their applications. They want complete separation and isolation of their production , testing and development environments. Which of the following is an ideal way to design such a setup?
A) Use separate IAM Policies for each of the environments
B) Use separate AWS(Amazon Web Service) accounts for each of the environments
C) Use separate IAM Roles for each of the environments
D) Use separate VPC's for each of the environments
3. A customer has an instance hosted in the AWS(Amazon Web Service) Public Cloud. The VPC and subnet used to host the Instance have been created with the default settings for the Network Access Control Lists. They need to provide an IT Administrator secure access to the underlying instance. How can this be accomplished?
A) Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT Administrators Workstation
B) Ensure that the security group allows Outbound SSH traffic from the IT Administrators Workstation
C) Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT Administrators Workstation
D) Ensure that the security group allows Inbound SSH traffic from the IT Administrators Workstation
4. Your company hosts critical data in an S3 bucket. There is a requirement to ensure that all data is encrypted. There Is also metadata about the Information stored in the bucket that needs to be encrypted as well. Which of the below measures would you take to ensure that the metadata is encrypted?
A) Put the metadata as metadata for each object in the S3 bucket and then enable 53 Server KMS encryption.
B) Put the metadata as metadata for each object in the 53 bucket and then enable 53 Server side encryption
C) Put the metadata in a Dynamo DB table and ensure the table is encrypted during creation time
D) Put the metadata in the S3 bucket itself.
5. A company has an existing AWS(Amazon Web Service) account and a set of critical resources hosted in that account. The employ who was In-charge of the root account has left the company. What must be now done to secure the account Choose 3 answers from the options given below.(Select 3answers)
A) Delete all custom created IAM policies
B) Delete the access keys for the root account
C) Change the password for the root account
D) Change the password for all IAM users
E) Change the access keys for all IAM users
F) Confirm MFA to a secure device
A) Use AWS(Amazon Web Service) Config to get the API calls which were made 11 days ago.
B) Search the Cloud trail event history on the API events which occurred 11 days ago
C) Search the Cloud Watch logs to find for the suspicious activity which occurred 11 days ago
D) Search the Cloud Watch metrics to find for the suspicious activity which occurred 11 days ago
2. A company is planning on using AWS(Amazon Web Service) for hosting their applications. They want complete separation and isolation of their production , testing and development environments. Which of the following is an ideal way to design such a setup?
A) Use separate IAM Policies for each of the environments
B) Use separate AWS(Amazon Web Service) accounts for each of the environments
C) Use separate IAM Roles for each of the environments
D) Use separate VPC's for each of the environments
3. A customer has an instance hosted in the AWS(Amazon Web Service) Public Cloud. The VPC and subnet used to host the Instance have been created with the default settings for the Network Access Control Lists. They need to provide an IT Administrator secure access to the underlying instance. How can this be accomplished?
A) Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT Administrators Workstation
B) Ensure that the security group allows Outbound SSH traffic from the IT Administrators Workstation
C) Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT Administrators Workstation
D) Ensure that the security group allows Inbound SSH traffic from the IT Administrators Workstation
4. Your company hosts critical data in an S3 bucket. There is a requirement to ensure that all data is encrypted. There Is also metadata about the Information stored in the bucket that needs to be encrypted as well. Which of the below measures would you take to ensure that the metadata is encrypted?
A) Put the metadata as metadata for each object in the S3 bucket and then enable 53 Server KMS encryption.
B) Put the metadata as metadata for each object in the 53 bucket and then enable 53 Server side encryption
C) Put the metadata in a Dynamo DB table and ensure the table is encrypted during creation time
D) Put the metadata in the S3 bucket itself.
5. A company has an existing AWS(Amazon Web Service) account and a set of critical resources hosted in that account. The employ who was In-charge of the root account has left the company. What must be now done to secure the account Choose 3 answers from the options given below.(Select 3answers)
A) Delete all custom created IAM policies
B) Delete the access keys for the root account
C) Change the password for the root account
D) Change the password for all IAM users
E) Change the access keys for all IAM users
F) Confirm MFA to a secure device
1. Right Answer: B
Explanation:
2. Right Answer: B
Explanation: A recommendation from the AWS(Amazon Web Service) Security Best practises highlights this as well Option A is partially valid , you can segregate resources , but a best practise is to have multiple accounts for this setup. Options B and C are invalid because from a maintenance perspective this could become very difficult For more information on the Security Best practices, please visit the following URL: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
3. Right Answer: D
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: A,E,F
Explanation:
Explanation:
2. Right Answer: B
Explanation: A recommendation from the AWS(Amazon Web Service) Security Best practises highlights this as well Option A is partially valid , you can segregate resources , but a best practise is to have multiple accounts for this setup. Options B and C are invalid because from a maintenance perspective this could become very difficult For more information on the Security Best practices, please visit the following URL: https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
3. Right Answer: D
Explanation:
4. Right Answer: C
Explanation:
5. Right Answer: A,E,F
Explanation:
Tags:
aws cloud awc cloud cerification certified aws aws certifications aws cloud practitioner aws solution architect aws training aws certified cloud practitioner aws exam aws certification exam aws practice exams aws 2023 aws updated questions aws questions aws cert aws certified solutions architect aws solution architect associate aws training and certification aws certified developer associate certification for devops0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment