Your company has been using AWS for hosting EC2 Instances for their web and database applications. They want to have a compliance check to see the following Whether any ports are left open other than admin ones like SSH and RDP Whether any ports to the database server other than ones from the web server security group are open Which of the following can help achieve this in the easiest way possible?. You don't want to carry out an extra configuration changes.
AWS Security - Semana 5
Professional Development
•10 Qs
Similar activities
AWS ACF Módulo 10 - Auto Scaling e monitoramento
Professional Development
•10 Qs
CW CT AC
Professional Development
•10 Qs
AWS Security Clase 5
Professional Development
•8 Qs
Fundamentos Arquitectura y DevOps AWS Cloud - Sesion 4
Professional Development
•13 Qs
How are you doing?
Professional Development
•10 Qs
AWS Cloud
Professional Development
•15 Qs
AWS Architect Class 10
Professional Development
•6 Qs
ACDR2024 Q1
Professional Development
•10 Qs
AWS Security - Semana 5
Quiz
•
Computers
•
Professional Development
•
Hard
Jorge Flores
Used 22+ times
FREE Resource
10 questions
Show all answers
1.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
Inspector
Config
Trusted Advisor
IAM
2.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
You have been given a new brief from your supervisor for a client who needs a web application set up on AWS. The a most important requirement is that MySQL must be used as the database, and this database must not be hosted in the public cloud, but rather at the client's data center due to security risks. Which of the following solutions would be the ^ best to assure that the client's requirements are met? Choose the correct answer from the options below Please select:
Build the application server on a public subnet and the database at the client's data center. Connect them with a VPN connection which uses IPsec.
Use the public subnet for the application server and use RDS with a storage gateway to access and synchronize the data securely from the local data center.
Build the application server on a public subnet and the database on a private subnet with a NAT instance between them.
Build the application server on a public subnet and build the database in a private subnet with a secure ssh connection to the private subnet from the client's data center.
3.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported.
Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
Add a statement to the IAM policy used by the application to allow logs:putLogEvents and logs:createLogStream
Add a statement to the IAM policy used by the application to allow cloudwatch:putMetricData.
Add a trust relationship to the IAM role used by the application for cloudwatch.amazonaws.com.
Modify the IAM role used by the application by adding the CloudWatchFullAccess managed policy.
4.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
A company wants to have an Intrusion detection system available for their VPC in AWS. They want to have complete control over the system. Which of the following would be ideal to implement?
Please select:
Use AWS WAF to catch all intrusions occurring on the systems in the VPC
Use a custom solution available in the AWS Marketplace
Use VPC Flow logs to detect the issues and flag them accordingly.
Use AWS Cloudwatch to monitor all traffic
5.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
An auditor needs access to logs that record all API events on AWS. The auditor only needs read-only access to the log files and does not need access to each AWS account. The company has multiple AWS accounts, and the auditor needs access to all the logs for all the accounts. What is the best way to configure access for the auditor to view event logs from all accounts? Choose the correct answer from the options below Please select:
A. Configure the CloudTrail service in each AWS account, and have the logs delivered to an AWS bucket on each account, while granting the auditor permissions to the bucket via roles in the secondary accounts and a single primary 1AM account that can assume a read-only role in the secondary AWS accounts.
B. Configure the CloudTrail service in the primary AWS account and configure consolidated billing for all the secondary accounts. Then grant the auditor access to the S3 bucket that receives the CloudTrail log files.
C. Configure the CloudTrail service in each AWS account and enable consolidated logging inside of CloudTrail.
D. Configure the CloudTrail service in each AWS account and have the logs delivered to a single AWS bucket in the primary account and erant the auditor access to that single bucket in the orimarv account.
6.
MULTIPLE CHOICE QUESTION
2 mins • 1 pt
An organization wants to be alerted when an unauthorized Amazon EC2 instance in its VPC performs a network port scan against other instances in the VPC. When the Security team performs its own internal tests in a separate account by using pre-approved third-party scanners from the AWS Marketplace, the Security team also then receives multiple Amazon GuardDuty events from Amazon CloudWatch alerting on its test activities.
How can the Security team suppress alerts about authorized security tests while still receiving alerts about the unauthorized activity?
Grant the Security team's EC2 instances a role with permissions to call Amazon GuardDuty API operations.
B. Add the Elastic IP addresses of the Security team's EC2 instances to a trusted IP list in Amazon GuardDuty.
C. Use a filter in AWS CloudTrail to exclude the IP addresses of the Security team's EC2 instances.
D. Install the Amazon Inspector agent on the EC2 instances that the Security team uses.
7.
MULTIPLE SELECT QUESTION
45 sec • 1 pt
One of the EC2 Instances in your company has been compromised. What steps would you take to ensure that you could apply digital forensics on the Instance. Select 2 answers from the options given below Please select:
A. Remove the role applied to the Ec2 Instance
B. Create a separate forensic instance
C. Ensure that the security groups only allow communication to this forensic instance
D. Terminate the instance
Create a free account and access millions of resources
Create resources
Host any resource
Get auto-graded reports
Microsoft
Apple
Others
Similar Resources on Quizizz
13 questions
Fundamentos Arquitectura y DevOps AWS Cloud - Sesion 4
Quiz
•
Professional Development
10 questions
AWS ACF Módulo 9 - Arquitetura de nuvem
Quiz
•
Professional Development
15 questions
AWS Cloud
Quiz
•
Professional Development
8 questions
AWS Basics Quiz
Quiz
•
Professional Development
12 questions
AWS Skill Up!
Quiz
•
Professional Development
10 questions
AWS EBS Quiz
Quiz
•
Professional Development
10 questions
CW CT AC
Quiz
•
Professional Development
8 questions
AWS Security Clase 5
Quiz
•
Professional Development
Popular Resources on Quizizz
15 questions
Character Analysis
Quiz
•
4th Grade
17 questions
Chapter 12 - Doing the Right Thing
Quiz
•
9th - 12th Grade
10 questions
American Flag
Quiz
•
1st - 2nd Grade
20 questions
Reading Comprehension
Quiz
•
5th Grade
30 questions
Linear Inequalities
Quiz
•
9th - 12th Grade
20 questions
Types of Credit
Quiz
•
9th - 12th Grade
18 questions
Full S.T.E.A.M. Ahead Summer Academy Pre-Test 24-25
Quiz
•
5th Grade
14 questions
Misplaced and Dangling Modifiers
Quiz
•
6th - 8th Grade