AWS Certified Security Specialty Questions Bank Updated 2021
4 Practice Exams
325 Questions
Some Questions:
A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet.Which solution meets the compliance requirement?
a) Access the S3 bucket through the SSL protected S3 endpoint (Incorrect)
B)Access the S3 bucket through a VPC endpoint for S3
C) Access the S3 bucket through a proxy server
D) Access the S3 bucket through a NAT gateway.
Explanation: The AWS(Amazon Web Service) Documentation mentions the following A VPC endpoint enables you to privately connect your VPC to supported AWS(Amazon Web Service) services and VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS(Amazon Web Service) Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network. Option A is invalid because using a proxy server is not sufficient enough Option B and D are invalid because you need secure communication which should not traverse the internet For more information on VPC endpoints
You need to ensure that objects in an S3 bucket are available in another region. This is because of the criticality of the data that is hosted in the S3 bucket. How can you achieve this in the easiest way possible?
A)Enable cross region replication for the bucket
B)Write a script to copy the objects to another bucket in the destination region
C) Create an S3 snapshot in the destination region
D) Enable versioning which will copy the objects to the destination region (Incorrect)
Explanation: Option B is partially correct but a big maintenance over head to create and maintain a script when the functionality is already available in S3 Option C is invalid because snapshots are not available in S3 Option D is invalid because versioning will not replicate objects The AWS(Amazon Web Service) Documentation mentions the following Cross-region replication is a bucket-level configuration that enables automatic, asynchronous copying of objects across buckets in different AWS(Amazon Web Service) Regions. For more information on Cross region replication in the Simple Storage Service
