1215 お客様のコメント
クリック」
質問 1:
A company has recently recovered from a security incident that required the restoration of Amazon EC2 instances from snapshots.
After performing a gap analysis of its disaster recovery procedures and backup strategies, the company is concerned that, next time, it will not be able to recover the EC2 instances if the IAM account was compromised and Amazon EBS snapshots were deleted.
All EBS snapshots are encrypted using an IAM KMS CMK.
Which solution would solve this problem?
A. Create a new IAM account with limited privileges. Allow the new account to access the IAM KMS key used to encrypt the EBS snapshots, and copy the encrypted snapshots to the new account on a recuning basis
B. Use IAM Backup to copy EBS snapshots to Amazon S3.
C. Use IAM Systems Manager to distribute a configuration that performs local backups of all attached disks to Amazon S3.
D. Create a new Amazon S3 bucket Use EBS lifecycle policies to move EBS snapshots to the new S3 bucket. Move snapshots to Amazon S3 Glacier using lifecycle policies, and apply Glacier Vault Lock policies to prevent deletion
正解:D
質問 2:
A security alert has been raised for an Amazon EC2 instance in a customer account that is exhibiting strange behavior. The Security Engineer must first isolate the EC2 instance and then use tools for further investigation.
What should the Security Engineer use to isolate and research this event? (Choose three.)
A. IAM CloudTrail
B. VPC Flow Logs
C. IAM Key Management Service (IAM KMS)
D. Amazon Athena
E. IAM Firewall Manager
F. Security groups
正解:A,B,F
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following minimizes the potential attack surface for applications?
A. Use security groups to provide stateful firewalls for Amazon EC2 instances at the hypervisor level.
B. Use network ACLs to provide stateful firewalls at the VPC level to prevent access to any specific IAM resource.
C. Use IAM Direct Connect for secure trusted connections between EC2 instances within private subnets.
D. Design network security in a single layer within the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) to facilitate quicker responses to threats.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You have setup a set of applications across 2 VPC's. You have also setup VPC Peering. The applications are still not able to communicate across the Peering connection. Which network troubleshooting steps should be taken to resolve the issue?
Please select:
A. Ensure the applications are hosted in a public subnet
B. Check to see if the VPC has an Internet gateway attached.
C. Check to see if the VPC has a NAT gateway attached.
D. Check the Route tables for the VPC's
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A company has a set of EC2 instances hosted in IAM. These instances have EBS volumes for storing critical information. There is a business continuity requirement and in order to boost the agility of the business and to ensure data durability which of the following options are not required.
Please select:
A. Use lifecycle policies for the EBS volumes
B. Use EBS volume replication
C. Use EBS volume encryption
D. Use EBS Snapshots
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A company plans to move most of its IT infrastructure to IAM. The company wants to leverage its existing on-premises Active Directory as an identity provider for IAM.
Which steps should be taken to authenticate to IAM services using the company's on-premises Active Directory? (Choose three).
A. Create IAM groups with permissions corresponding to each Active Directory group.
B. Configure IAM as a trusted relying party for the Active Directory
C. Configure IAM as a trusted relying party for Amazon Cloud Directory.
D. Create a SAML provider with IAM.
E. Create a SAML provider with Amazon Cloud Directory.
F. Create IAM roles with permissions corresponding to each Active Directory group.
正解:B,D,F
解説: (Pass4Test メンバーにのみ表示されます)
A company has recently recovered from a security incident that required the restoration of Amazon EC2 instances from snapshots.
After performing a gap analysis of its disaster recovery procedures and backup strategies, the company is concerned that, next time, it will not be able to recover the EC2 instances if the IAM account was compromised and Amazon EBS snapshots were deleted.
All EBS snapshots are encrypted using an IAM KMS CMK.
Which solution would solve this problem?
A. Create a new IAM account with limited privileges. Allow the new account to access the IAM KMS key used to encrypt the EBS snapshots, and copy the encrypted snapshots to the new account on a recuning basis
B. Use IAM Backup to copy EBS snapshots to Amazon S3.
C. Use IAM Systems Manager to distribute a configuration that performs local backups of all attached disks to Amazon S3.
D. Create a new Amazon S3 bucket Use EBS lifecycle policies to move EBS snapshots to the new S3 bucket. Move snapshots to Amazon S3 Glacier using lifecycle policies, and apply Glacier Vault Lock policies to prevent deletion
正解:D
質問 2:
A security alert has been raised for an Amazon EC2 instance in a customer account that is exhibiting strange behavior. The Security Engineer must first isolate the EC2 instance and then use tools for further investigation.
What should the Security Engineer use to isolate and research this event? (Choose three.)
A. IAM CloudTrail
B. VPC Flow Logs
C. IAM Key Management Service (IAM KMS)
D. Amazon Athena
E. IAM Firewall Manager
F. Security groups
正解:A,B,F
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which of the following minimizes the potential attack surface for applications?
A. Use security groups to provide stateful firewalls for Amazon EC2 instances at the hypervisor level.
B. Use network ACLs to provide stateful firewalls at the VPC level to prevent access to any specific IAM resource.
C. Use IAM Direct Connect for secure trusted connections between EC2 instances within private subnets.
D. Design network security in a single layer within the perimeter network (also known as DMZ, demilitarized zone, and screened subnet) to facilitate quicker responses to threats.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
You have setup a set of applications across 2 VPC's. You have also setup VPC Peering. The applications are still not able to communicate across the Peering connection. Which network troubleshooting steps should be taken to resolve the issue?
Please select:
A. Ensure the applications are hosted in a public subnet
B. Check to see if the VPC has an Internet gateway attached.
C. Check to see if the VPC has a NAT gateway attached.
D. Check the Route tables for the VPC's
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
A company has a set of EC2 instances hosted in IAM. These instances have EBS volumes for storing critical information. There is a business continuity requirement and in order to boost the agility of the business and to ensure data durability which of the following options are not required.
Please select:
A. Use lifecycle policies for the EBS volumes
B. Use EBS volume replication
C. Use EBS volume encryption
D. Use EBS Snapshots
正解:B,C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
A company plans to move most of its IT infrastructure to IAM. The company wants to leverage its existing on-premises Active Directory as an identity provider for IAM.
Which steps should be taken to authenticate to IAM services using the company's on-premises Active Directory? (Choose three).
A. Create IAM groups with permissions corresponding to each Active Directory group.
B. Configure IAM as a trusted relying party for the Active Directory
C. Configure IAM as a trusted relying party for Amazon Cloud Directory.
D. Create a SAML provider with IAM.
E. Create a SAML provider with Amazon Cloud Directory.
F. Create IAM roles with permissions corresponding to each Active Directory group.
正解:B,D,F
解説: (Pass4Test メンバーにのみ表示されます)
Ninomiya -
とりあえずこれさえ取得すれば大丈夫です。一般的に通用します。