Question No 1
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?
A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block
Answer: B
Question No 2
You are working with customer who has 10 TB of archival data that they want to migrate to Amazon Glacier. The customer has a 1Mbps connection to the Internet. Which service or feature provide the fastest method of getting the data into Amazon Glacier?
A. Amazon Glacier multipart upload
B. AWS Storage Gateway
C. VM Import/Export
D. AWS Import/Export
Answer: D
Question No 3
A us-based company is expanding their web presence into Europe. The company wants to extend their AWS infrastructure from Northern Virginia (us-east-1) into the Dublin (eu-west-1) region. Which of the following options would enable an equivalent experience for users on both continents?
A. Use a public-facing load balancer per region to load-balancer web traffic, and enable HTTP health checks
B. Use a public-facing load balancer per region to load balancer web traffic, and enable sticky sessions
C. Use Amazon Route S3, and apply a geolocation routing policy to distribution traffic across both regions
D. Use Amazon Route S3, and apply a weighted routing policy to distribute traffic across both regions
Answer: C
Question No 4
You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application. Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers
A. Set permissions on the object to public read during upload
B. Configure the bucket ACL to sell all objects to public read
C. Configure the bucket policy to set all objects to public read
D. Use AWS identity and access Management roles to set the bucket to public read
E. Amazon S3 objects default to public read, so no action is needed
Answer: B, C
Question No 5
In AWS, which security aspects are the customer’s responsibility? Choose 4 answers
A. Life-Cycle management of IAM credentials B. Security Group and ACL settings
C. Controlling physical access to compute resources
D. Path management on the EC2 instance’s operating system
E. Encryption of EBS volumes
F. Decommissioning storage devices
Answer: A, B, D, E
For More Info:
https://www.dumpsprofessor.com/
0 comments:
Post a Comment