304. Which of the following statements about this S3 bucket policy is true? Denies the server with the IP address 192.166 100.0 full access to the "mybucket" bucket Denies the server with the IP address 192.166 100.188 full access to the "mybucket bucket Grants all the servers within the 192 168 100 0/24 subnet full access to the "mybucket" bucket Grants all the servers within the 192 168 100 188/32 subnet full access to the "mybucket" bucket.
307. How can you secure data at rest on an EBS volume? Encrypt the volume using the S3 server-side encryption service. Attach the volume to an instance using EC2's SSL interface. Create an IAM policy that restricts read and write access to the volume. Write the data randomly instead of sequentially. Use an encrypted file system on top of the EBS volume.
You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly.
What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? (Choose three.) The number of outstanding IOs waiting to access the disk. The amount of write latency. The amount of disk space occupied by binary logs on the master. The amount of time a Read Replica DB Instance lags behind the source DB Instance The average number of disk I/O operations per second.
A .NET application that you manage is running in Elastic Beanstalk. Your developers tell you they will need access to application log files to debug issues that arise. The infrastructure will scale up and down.
How can you ensure the developers will be able to access only the log files? Access the log files directly from Elastic Beanstalk Enable log file rotation to S3 within the Elastic Beanstalk configuration Ask your developers to enable log file rotation in the applications web.config file Connect to each Instance launched by Elastic Beanstalk and create a Windows Scheduled task to rotate.
326. A user needs to put sensitive data in an Amazon S3 bucket that can be accessed through an S3 VPC endpoint only. The user must ensure that resources in the VPC can only access the single S3 bucket.
Which combination of actions will meet the requirements? (select TWO.) Configure the bucket policy to only allow access through the S3 Private Endpoint. Modify the VPC endpoint policy on the bucket to only allow the VPC to access it. Modify the VPC peering configuration to only allow access to the S3 private Endpoint. Configure the VPC endpoint policy to only allow the VPC to access the specific S3 bucket. Configure the IAM policy attached to the S3 bucket to only allow access from the specific VPC.
330. An Administrator has an Amazon EC2 instance with an IPv6 address. The Administrator needs to prevent direct access to this instance from the Internet.
The Administrator should place the EC2 instance in a: Private Subnet with an egress-only Internet Gateway attached to the subnet and placed in the subnet Route Table. Public subnet with an egress-only Internet Gateway attached to the VPC and placed in the VPC Route Table. Private subnet with an egress-only Internet Gateway attached to the VPC and placed in the subnet Route Table. Public subnet and a security group that blocks inbound IPv6 traffic attached to the interface.
As part of an operational audit, an Administrator is tasked with showing that all security responsibilities under the customers control are properly executed.
Which of the following items is the customer responsible for providing to the auditor? (Select TWO.) Physical data center access logs AWS CloudTrail logs showing API calls Amazon EC2 instance system logs Storage device destruction records Xen Hypervisor system logs.
A company is auditing their infrastructure to obtain a compliance certification.
Which of the following options are the companys responsibility within the Shared Responsibility Model? (Select two.) AWS API endpoint SSL Certificates EC2 Instance Operating System updates EBS Encryption-at-result algorithms IAM user password policies AWS Hypervisor software updates.
Which two steps are required to generate a report detailing specific cost allocation tags when creating a Monthly Cost Allocation report (Select two.) Use AWS CloudTrail to export the events for the specified resources. Use an AWS Lambda function to read the resources metadata, and write the specified tags to a DynamoDB table. Activate the "requested" tags by clicking Manage report tags on the Billing Preferences page. Select the checkbox for Cost Allocation Report in the AWS account’s Billing Management Console. Create a new Budget using the Billing Management Console, use the "Include costs related to Tags".
A company has a fleet of EC2 instances, and needs to remotely execute scripts for all of the instances.
Which Amazon EC2 Systems Manager feature allows this? System Manager Automation System Manager Run Command System Manager Parameter Store System Manager Inventory.
An application hosted on AWS is going through an external compliance assessment. An Administrator has been tasked with providing proof of physical security at the facilities that are hosting the application.
What should the Administrator do? Work with AWS support to schedule a tour for the auditors. Send a copy of the AWS Security whitepaper to the auditors. Obtain a relevant report from AWS Artifact and share it with the auditors. Find the address for the AWS Direct Connect facility on the AWS Website.
|
