Premium

AWS Certified Developer - Associate Questions and Answers (Dumps and Practice Questions)



Question : How can you secure data at rest on an EBS volume?
: How can you secure data at rest on an EBS volume?
1. Attach the volume to an instance using EC2's SSL interface.
2. Write the data randomly instead of sequentially.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Encrypt the volume using the S3 server-side encryption service.
5. Create an IAM policy that restricts read and write access to the volume.

Correct Answer : Get Lastest Questions and Answer :

We take data protection very seriously! Over the years we have added a number of security and encryption features to various parts of AWS. We protect data at rest with Server Side Encryption for Amazon S3 and Amazon Glacier, multiple tiers of encryption for Amazon Redshift, and Transparent Data Encryption for Oracle and SQL Server databases via Amazon RDS. We protect data in motion with extensive support for SSL/TLS in CloudFront, Amazon RDS, and Elastic Load Balancing.

Today we are giving you yet another option, with support for encryption of EBS data volumes and the associated snapshots. You can now encrypt data stored on an EBS volume at rest and in motion by setting a single option. When you create an encrypted EBS volume and attach it to a supported instance type, data on the volume, disk I/O, and snapshots created from the volume are all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage.
Adding encryption to a provisioned IOPS (PIOPS) volume will not affect the provisioned performance. Encryption has a minimal effect on I/O latency.

The snapshots that you take of an encrypted EBS volume are also encrypted and can be moved between AWS Regions as needed. You cannot share encrypted snapshots with other AWS accounts and you cannot make them public.

As I mentioned earlier, your data is encrypted before it leaves the EC2 instance. In order to be able to do this efficiently and with low latency, the EBS encryption feature is only available on EC2's M3, C3, R3, CR1, G2, and I2 instances. You cannot attach an encrypted EBS volume to other instance types.

Also, you cannot enable encryption for an existing EBS volume. Instead, you must create a new, encrypted volume and copy the data from the old one to the new one using the file manipulation tool of your choice. Rsync (Linux) and Robocopy (Windows) are two good options, but there are many others.

Each newly created volume gets a unique 256-bit AES key; volumes created from encrypted snapshots share the key. You do not need to manage the encryption keys because they are protected by our own key management infrastructure, which implements strong logical and physical security controls to prevent unauthorized access. Your data and associated keys are encrypted using the industry-standard AES-256 algorithm.






Question : Which of the following are IAM credentials that AWS supports
1. AWS Access Key
2. X.509 certificate
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Multi Factor Authentication

: Which of the following are IAM credentials that AWS supports
1. 1,2,3
2. 2,3,4
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1,2,3,4

Correct Answer : Get Lastest Questions and Answer :

An IAM user can have any combination of credentials that AWS supports - AWS Access Key, X.509 certificate, password for web app logins, or Multi Factor Authentication (MFA) device. This allows users to interact with AWS in any manner that makes sense for them - an employee might have both an AWS Access Key and a password; a software system might have only an AWS Access Key to make programmatic calls; and an outside contractor might have only an X.509 certificate to use the EC2 command line interface.





Question : The AWS Account holder can manage

: The AWS Account holder can manage
1. users
2. groups
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 3
5. 1,2 and 3

Correct Answer : Get Lastest Questions and Answer :
The AWS Account holder can manage users, groups, security credentials and permissions. In addition, permission may be granted to individual users to place calls to IAM APIs in order to manage other users. For example, an administrator user may be created to manage users for a corporation - a recommended practice. When a user has been granted permission to manage other users they can do this via the IAM APIs, Command Line Tools, or via the IAM console.




Related Questions

Question : In DynamoDB, If a specific hash key element has a large range key element set,
and the results cannot be retrieved in a single Query request,
the ______continuation parameter allows you to submit a new query request
from the last retrieved item without re-processing the data already retrieved.


 : In DynamoDB, If a specific hash key element has a large range key element set,
1. Pagination
2. LastEvaluatedKey
3. Access Mostly Uused Products by 50000+ Subscribers
4. BatchGetItem


Question : You are trying to create a bucket named GOOGLE but not able to create, what could be reason ?
 : You are trying to create a bucket named GOOGLE but not able to create, what could be reason ?
1. GOOGLE bucket is the reserved for Google.com
2. GOOGLE bucket is already used in the region, which you have chosen.
2. GOOGLE bucket is already used on S3, and it can not be re-used
2. AWS check before creating the buckte that, if domain exist then it will not create bucket.



Question : The metadata which you store for an object is always encrypted ?
 : The metadata which you store for an object is always encrypted ?
1. True
2. False


Question : While storing the "hadoopexam_logo.jpg" in S, you have to store Creator information as well, but you want to hide(or made Author name private) information
hence, you chose the storing Author information in MetaData, is this correct way to implement your requirement?
 : While storing the
1. Yes
2. No



Question :
When you change a user's name or path in IAM, which of the following statements describe better what happens after the change is applied?

1: Any policies attached to the user stay with the user under the new name.
2: The user stays in the same groups under the new name.
3: The unique ID for the user remains the same"

 :
1. 2 and 3 NOT 1
2. 1 and 3 NOT 2
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1, 2 and 3



Question : Select correct statement which applies to S metadata
1. Object metadata is not encrypted
2. You should not store private data in object metadata
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Object metadata is optional
: Select correct statement which applies to S metadata
1. 1,2
2. 2,3
 3. Access Mostly Uused Products by 50000+ Subscribers
4. 1,2,4
5. 1,3,4