Which of the following is the correct sequence of how KMS manages the keys when used along with the Redshift cluster service Please select:

• A.The master keys encrypts the cluster key. The cluster key encrypts the database key. The database key encrypts the data encryption keys.
• B.The master keys encrypts the database key. The database key encrypts the data encryption keys.
• C.The master keys encrypts the data encryption keys. The data encryption keys encrypts the database key
• D.The master keys encrypts the cluster key, database key and data encryption keys

Comment: *

Name: *

Email: *

Verification: *

A company is running an application in The eu-west-1 Region. The application uses an IAM Key Management Service (IAM KMS) CMK to encrypt sensitive data. The company plans to deploy the application in the eu-north-1 Region.
A security engineer needs to implement a key management solution for the application deployment in the new Region. The security engineer must minimize changes to the application code.
Which change should the security engineer make to the IAM KMS configuration to meet these requirements?

• A.Allocate a new CMK to eu-north-1. Create the same alias name for both keys. Configure the application deployment to use the key alias.
• B.Allocate a new CMK to eu-north-1. Create an alias for eu-'-1. Change the application code to point to the alias for eu-'-1.
• C.Allocate a new CMK to eu-north-1 to be used by the application that is deployed in that Region.
• D.Update the key policies in eu-west-1. Point the application in eu-north-1 to use the same CMK as the application in eu-west-1.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is used as a secure way to log into an EC2 Linux Instance?
Please select:

• A.IAM User name and password
• B.Key pairs
• C.AWS Access keys
• D.AWS SDK keys

Comment: *

Name: *

Email: *

Verification: *

Your company makes use of S3 buckets for storing data. There is a company policy that all services should have logging enabled. How can you ensure that logging is always enabled for created S3 buckets in the AWS Account?
Please select:

• A.Use AWS Inspector to inspect all S3 buckets and enable logging for those where it is not enabled
• B.Use AWS Config Rules to check whether logging is enabled for buckets
• C.Use AWS Cloudwatch metrics to check whether logging is enabled for buckets
• D.Use AWS Cloudwatch logs to check whether logging is enabled for buckets

Comment: *

Name: *

Email: *

Verification: *

A large organization is planning on AWS to host their resources. They have a number of autonomous departments that wish to use AWS. What could be the strategy to adopt for managing the accounts.
Please select:

• A.Use multiple VPCs in the account each VPC for each department
• B.Use multiple 1AM groups, each group for each department
• C.Use multiple 1AM roles, each group for each department
• D.Use multiple AWS accounts, each account for each department

Correct Answer: D

A recommendation for this is given in the AWS Security best practices

Option A is incorrect since this would be applicable for resources in a VPC Options B and C are incorrect since operationally it would be difficult to manage For more information on AWS Security best practices please refer to the below URL
https://d1.awsstatic.com/whitepapers/Security/AWS Security Best Practices.pdl The correct answer is: Use multiple AWS accounts, each account for each department Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *