0 of 50 Questions completed
Questions:
You have already completed the quiz before. Hence you can not start it again.
You must sign in or sign up to start the quiz.
You must first complete the following:
Quiz complete. Results are being recorded.
0 of 50 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0 )
Earned Point(s): 0 of 0 , (0 )
0 Essay(s) Pending (Possible Point(s): 0 )
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Current
Review
Answered
Correct
Incorrect
Question 1 of 50
1 point(s)
How can you make your data encrypted in transit for connection with RDS instance?
Question 2 of 50
1 point(s)
An organization uses EBS volumes in AWS, and for security purpose, they want all volumes to be encrypted and they want to get notified about any unencrypted volume in the How can this be done?
Question 3 of 50
1 point(s)
You have a setup in which you use logging enabled S3 buckets. If changes to the S3 bucket are made, a config rule will be checked. If logging is deactivated, a function of Lambda is invoked. The Lambda function again allows the S3 bucket to log in. The whole flow is now a problem. You have checked the invoking of the Lambda function. However, the Lambda function does not re-open when logging for the bucket is disabled. Which one of the following might be a problem?
Question 4 of 50
1 point(s)
An organization uses EC2 instances, and they have compromised instances. They have strict policies and want to find out the culprit of the security How would they do this? (choose any 3)
Question 5 of 50
1 point(s)
How does the data forwarded to S3 can be encrypted at rest?
Question 6 of 50
1 point(s)
An enterprise has its AWS account in which it hosts the resources. All API activities in all regions must be monitored. The audit must also be carried out in future regions. To meet this requirement, which of the following could be used?
Question 7 of 50
1 point(s)
A company is planning to use AWS for hosting the resources. They have multiple independent departments that also want to use AWS. Which of the following methods could be used to manage the accounts?
Question 8 of 50
1 point(s)
From the following options, which is best to view event logs of all API on AWS which is read-only access to the auditor?
Question 9 of 50
1 point(s)
An organization has an application in which it has multiple types of users like some have read-only access, or others have contributor access. The application is using AWS Cognito for authenticating. How would they manage the users?
Question 10 of 50
1 point(s)
An enterprise uses Linux EC2 instance in AWS, and they want secure authentication to the instance from Windows. How can this requirement be met?
Question 11 of 50
1 point(s)
An organization is using AWS resource for its infrastructure, and now they are searching for the security aspect of their CI / CD pipeline. They want to ensure that there should not be any high-security vulnerabilities in the EC2 instances. They also want to make sure that the DevSecOps process is complete. How can they meet this requirement?
Question 12 of 50
1 point(s)
How will you make sure that your S3 bucket on AWS is only accessible via VPC endpoint?
Question 13 of 50
1 point(s)
An enterprise uses AWS to host its infrastructure on AWS EC2 instances. The EC2 instances are subjected to strict security regulations. You need a quick investigation of the underlying EC2 instance during a possible security violation. Which service can help you provide a test environment for the violated case quickly?
Question 14 of 50
1 point(s)
You have a huge number of keys specified in AWS KMS. You have an application which uses the keys very frequently. How can the cost of access keys in AWS KMS service be reduced?
Question 15 of 50
1 point(s)
An organization has one compromised EC2 instance. Which of the following steps are needed for applying digital forensics on the instance? (choose any 2)
Question 16 of 50
1 point(s)
There is a set of AWS-hosted applications, database, and web servers. Behind an ELB, the web servers are located. The application, database and web servers have separate security groups. The security groups of the network were defined with some configuration. Contact between the application and database servers is problematic. What ideal set of MINIMAL steps would you take to resolve the problems between only the application and the database server?
Question 17 of 50
1 point(s)
Your development team needs to use AWS Lambda service for running multiple scripts, and now they need to understand the errors encountered during the running of the script. How can they do this?
Question 18 of 50
1 point(s)
In AWS Public Cloud the client has an RHEL Linux instance. The VPC and subnet used to host the instance that were created with the Network Access Control Lists default settings. You must provide secure access to the underlying instance for the IT Administrator. How can this be done?
Question 19 of 50
1 point(s)
An organization uses the AWS cloud for creating a private connection from on-premises IT infrastructure to AWS. Now, they want a solution of getting core benefits of traffic encryption, while ensuring that the latency is kept to minimum. How would they achieve their requirement? (choose any 2)
Question 20 of 50
1 point(s)
From the following options, which is best to generate encryption keys based on FIPS 140-2 level 3? (choose any 2)
Question 21 of 50
1 point(s)
A huge multinational enterprise has thousands of EC2 instances on AWS, and now they want to make sure that all servers are not occupying any critical security flaws. How can this requirement be fulfilled? (choose any 2)
Question 22 of 50
1 point(s)
In Amazon Linux AMI instances, a company is trying to use AWS Systems Manager. The command run does not work on a number of instances. How would they diagnose the problem? (choose any 2)
Question 23 of 50
1 point(s)
A company has an EC2 instance with EBS volume, and encryption of this is done via KMS. Now, some hacker deletes the customer key that is used for encryption. Then how can they decrypt the data?
Question 24 of 50
1 point(s)
You must use the keys available in the CloudFront to serve private content. How is this possible?
Question 25 of 50
1 point(s)
For a number of EC2 instances, you must perform penetration tests on the AWS Cloud. How can you do this? (choose any 2)
Question 26 of 50
1 point(s)
The AWS KMS service provides you with a set of customer keys. These keys were used for approximately six months. Now, you are attempting to use new KMS functions for the existing key set, but you are unable to do so. What could be the issue behind this?
Question 27 of 50
1 point(s)
If you want to use your own DNS managed instance rather than using AWS DNS service for routing DNS request from the instance in VPC then how would you do this?
Question 28 of 50
1 point(s)
How do you make sure to inspect the running process on EC2 instance without interrupting its continuous running for security issues?
Question 29 of 50
1 point(s)
A company hired you and assigned you a task to make sure that AWS and its on-site Active Directory are federated authentication mechanisms. What are the important steps that must be taken in this process? (choose any 2)
Question 30 of 50
1 point(s)
If you want to get the point in time API activity of any suspicious API activity that occurred 15 days ago. How would you get that?
Question 31 of 50
1 point(s)
A set of EC2 instances is currently held by your company in the VPC. The IT Security department suspects that the instances will be attacked by DDos. What can you do to minify the chances of attack on the IP addresses that receive a large number of applications?
Question 32 of 50
1 point(s)
An incident reaction plan was drafted a few months ago by an IT team of the enterprise. The response plan is regularly implemented. Since its inception, no changes has been made to the response plan. Which of the following is the correct plan statement?
Question 33 of 50
1 point(s)
There is an S3 bucket currently hosted in an AWS account. It contains information that a partner account needs to access. What is the safest way to access S3 buckets in your account with your partner account? (choose any 3)
Question 34 of 50
1 point(s)
An organization uses AWS to host its web application for which they create EC2 instance in public subnet. Now, they need to connect an EC2 instance which will host Oracle DB. How would they do all this in a secure way? (choose an 2)
Question 35 of 50
1 point(s)
A company uses S3 bucket to store log files. These log files are used for analysis after that, they purge these files. How would they do this configuration in S3 bucket?
Question 36 of 50
1 point(s)
A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What is the other step that needs to be followed in order to ensure that the AD domain join can work as intended?
Question 37 of 50
1 point(s)
How do you ensure that the object in the primary region is available in the secondary region on the failure of the primary region? (choose any 2)
Question 38 of 50
1 point(s)
You try to patch a set of EC2 systems with the Systems Manager. Some of the systems are not covered by the patch. Which of these can be used to resolve the problem? (choose any 3)
Question 39 of 50
1 point(s)
How can I integrate the AWS IAM with a local LDAP (Lightweight Directory Access Protocol) directory service? What technique can be used?
Question 40 of 50
1 point(s)
How do you make CloudTrail logs encrypted when they are being delivered in AWS account?
Question 41 of 50
1 point(s)
A company has an application which currently uses customer keys which are generated via AWS KMS in the US East Now, they want to use the same set of keys from the EU-Central region. How can this be accomplished?
Question 42 of 50
1 point(s)
A set of keys was developed for your company with AWS KMS. You must ensure that only certain services are used for each key. For instance, they want to use only one key for the S3 service. How can you do that?
Question 43 of 50
1 point(s)
An enterprise is using AWS to host its java-based application on EC2 instance. That application can access the DynamoDB table and currently instance serving production based user. How securely an instance can access the DynamoDB table?
Question 44 of 50
1 point(s)
A company uses a cluster Redshift to store its data storage facility. The Internal IT Security team is required to ensure that Redshift database data should be encrypted. How can we accomplish that?
Question 45 of 50
1 point(s)
An enterprise uses S3 to put its critical data and metadata. They want all of their data and metadata to be encrypted. What steps are needed to ensure that metadata is encrypted?
Question 46 of 50
1 point(s)
A security team must submit daily briefings to the CISO containing a report that misses out on the latest security patches on thousands of EC2 instances and on-site servers. All servers must comply within 24 hours to ensure that they do not appear in the report on the next day. How does the security team meet these requirements?
Question 47 of 50
1 point(s)
An organization uses a number of EC2 instances and wants to identify the SG that allows unrestricted access to the resource. How would they fulfill their requirement?
Question 48 of 50
1 point(s)
A company uses AWS KMS service to create customer keys. These keys are used for 6 months and now they are trying to use new KMS features for an existing set of keys but are unable to do that. Why is that?
Question 49 of 50
1 point(s)
For your AWS account, an enterprise has specified privileged users. They are the administrator for key corporate resources. The security authentication for these users is now mandated to improve. How can this be done?
Question 50 of 50
1 point(s)
From the following options, which is not the best practice of security audit?