AWS Security - Semana 5
Professional Development
•10 Qs
Similar activities
Team Quiz 1
Professional Development
•15 Qs
AWS Practitioner - 10
Professional Development
•10 Qs
AWS Timed Quiz -1
Professional Development
•13 Qs
Terraform101
Professional Development
•10 Qs
Quiz Cloud Practitioner
Professional Development
•10 Qs
MQ and ECS
Professional Development
•8 Qs
Exam Prep 2
Professional Development
•10 Qs
Is Your AWS Cloud Well Architected
Professional Development
•10 Qs
AWS Security - Semana 5
Quiz
•
Computers
•
Professional Development
•
Hard
Jorge Flores
Used 22+ times
FREE Resource
10 questions
Show all answers
1.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
Your company has been using AWS for hosting EC2 Instances for their web and database applications. They want to have a compliance check to see the following Whether any ports are left open other than admin ones like SSH and RDP Whether any ports to the database server other than ones from the web server security group are open Which of the following can help achieve this in the easiest way possible?. You don't want to carry out an extra configuration changes.
Inspector
Config
Trusted Advisor
IAM
2.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
You have been given a new brief from your supervisor for a client who needs a web application set up on AWS. The a most important requirement is that MySQL must be used as the database, and this database must not be hosted in the public cloud, but rather at the client's data center due to security risks. Which of the following solutions would be the ^ best to assure that the client's requirements are met? Choose the correct answer from the options below Please select:
Build the application server on a public subnet and the database at the client's data center. Connect them with a VPN connection which uses IPsec.
Use the public subnet for the application server and use RDS with a storage gateway to access and synchronize the data securely from the local data center.
Build the application server on a public subnet and the database on a private subnet with a NAT instance between them.
Build the application server on a public subnet and build the database in a private subnet with a secure ssh connection to the private subnet from the client's data center.
3.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported.
Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream
Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData.
Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com.
Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.
4.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
A company wants to have an Intrusion detection system available for their VPC in AWS. They want to have complete control over the system. Which of the following would be ideal to implement?
Please select:
Use AWS WAF to catch all intrusions occurring on the systems in the VPC
Use a custom solution available in the AWS Marketplace
Use VPC Flow logs to detect the issues and flag them accordingly.
Use AWS Cloudwatch to monitor all traffic
5.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS account. The company has multiple AWS accounts, and the auditor needs access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs from all accounts? Choose the correct answer from the options below Please select:
A. Configure the CloudTrail service in each AWS account, and have the logs delivered to an AWS bucket on each account, while granting the auditor permissions to the bucket via roles in the secondary accounts and a single primary 1AM account that can assume a read-only role in the secondary AWS accounts.
B. Configure the CloudTrail service in the primary AWS account and configure consolidated billing for all the secondary accounts. Then grant the auditor access to the S3 bucket that receives the CloudTrail log files.
C. Configure the CloudTrail service in each AWS account and enable consolidated logging inside of CloudTrail.
D. Configure the CloudTrail service in each AWS account and have the logs delivered to a single AWS bucket in the primary account and erant the auditor access to that single bucket in the orimarv account.
6.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
An organization wants to be alerted when an unauthorized Amazon EC2 instance in its VPC performs a network port scan against other instances in the VPC. When the Security team performs its own internal tests in a separate account by using pre-approved third-party scanners from the AWS Marketplace, the Security team also then receives multiple Amazon GuardDuty events from Amazon CloudWatch alerting on its test activities.
How can the Security team suppress alerts about authorized security tests while still receiving alerts about the unauthorized activity?
Grant the Security team's EC2 instances a role with permissions to call Amazon GuardDuty API operations.
B. Add the Elastic IP addresses of the Security team's EC2 instances to a trusted IP list in Amazon GuardDuty.
C. Use a filter in AWS CloudTrail to exclude the IP addresses of the Security team's EC2 instances.
D. Install the Amazon Inspector agent on the EC2 instances that the Security team uses.
7.
MULTIPLE SELECT QUESTION
45 sec • 1 pt
One of the EC2 Instances in your company has been compromised. What steps would you take to ensure that you could apply digital forensics on the Instance. Select 2 answers from the options given below Please select:
A. Remove the role applied to the Ec2 Instance
B. Create a separate forensic instance
C. Ensure that the security groups only allow communication to this forensic instance
D. Terminate the instance
Create a free account and access millions of resources
Similar Resources on Wayground
6 questions
CloudF and Accelerator
Quiz
•
Professional Development
10 questions
雲端從業人員Module 2 知識點檢查
Quiz
•
Professional Development
10 questions
SAA-C03 - Módulo 9
Quiz
•
Professional Development
10 questions
FPT SAS - Cloud Security Training - AWS VPC
Quiz
•
Professional Development
15 questions
S3 Summary
Quiz
•
Professional Development
10 questions
AWS EBS Quiz
Quiz
•
Professional Development
13 questions
AWS Timed Quiz -1
Quiz
•
Professional Development
10 questions
Terraform101
Quiz
•
Professional Development
Popular Resources on Wayground
50 questions
Trivia 7/25
Quiz
•
12th Grade
11 questions
Standard Response Protocol
Quiz
•
6th - 8th Grade
11 questions
Negative Exponents
Quiz
•
7th - 8th Grade
12 questions
Exponent Expressions
Quiz
•
6th Grade
4 questions
Exit Ticket 7/29
Quiz
•
8th Grade
20 questions
Subject-Verb Agreement
Quiz
•
9th Grade
20 questions
One Step Equations All Operations
Quiz
•
6th - 7th Grade
18 questions
"A Quilt of a Country"
Quiz
•
9th Grade