Does Amazon RDS support SSL encryption for SQL Server DB Instances?
A
Amazon RDS supports SSL encryption for SQL Server DB Instances. Using SSL, you can encrypt connections between your applications and your SQL Server
DB Instances. This is available for all the versions of Microsoft SQL Server.
Reference:
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBEngine.SQLServer.html
Amazon Cognito supports web identity federation through _____.
B
Amazon Cognito supports developer authenticated identities, in addition to web identity federation through Facebook, Google, and Amazon.
Reference:
http://docs.aws.amazon.com/cognito/devguide/identity/developer-authenticated-identities/
A user has created an application which will be hosted on EC2. The application makes API calls to DynamoDB to fetch certain data. The application running on this instance is using the SDK for making these calls to DynamoDB. Which of the below mentioned statements is true with respect to the best practice for security in this scenario?
C
With AWS IAM a user is creating an application which runs on an EC2 instance and makes requests to AWS, such as DynamoDB or S3 calls. Here it is recommended that the user should not create an IAM user and pass the user's credentials to the application or embed those credentials inside the ap-plication.
Instead, the user should use roles for EC2 and give that role access to DynamoDB /S3. When the roles are attached to EC2, it will give temporary security credentials to the application hosted on that EC2, to connect with DynamoDB / S3.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
A user is trying to create a list of IAM users with the AWS console. When the IAM users are creat-ed which of the below mentioned credentials will be enabled by default for the user?
B
Newly created IAM users have no password and no access key (access key ID and secret access key). If the user needs to administer your AWS resources using the AWS Management Console, you can create a password for the user. If the user needs to interact with AWS programmatically (using the command line interface (CLI), the AWS SDK, or service-specific APIs), you can create an access key for that user. The credentials you create for users are what they use to uniquely identi-fy themselves to AWS.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_WorkingWithGroupsAndUsers.html
You are setting up security groups for both incoming traffic and outgoing traffic in your VPC net-work on the AWS CLI. Which of the following AWS CLI commands would you use for adding one or more incoming traffic rules to a security group?
B
When setting up security groups for incoming traffic in your VPC network, to add one or more in-gress (incoming traffic) rules to a security group. authorize- security-group-ingress (AWS CLI). ec2-authorize (Amazon EC2 CLI). Grant-EC2SecurityGroupIngress (AWS Tools for Windows Pow-erShell) In computer networking, ingress filtering is a technique used to make sure that incoming packets are actually from the networks that they claim to be from. In computer networking, egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically, it is information from a private TCP/IP computer network to the Internet that is controlled.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html
The IAM entity "AWS Account" is similar to:
A
In IAM the AWS Account is the role with most important permissions. It's equivalent to the root account in a UNIX environment.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html
AWS KMS (Key Management Service) uses symmetric key cryptography to perform encryption and decryption. Symmetric key cryptography uses the same algorithm and key to both encrypt and de-crypt digital data. The unencrypted data is typically called plaintext whether it is text or not, and the encrypted data is typically called _____.
A
Encryption and Decryption -
AWS KMS uses symmetric key cryptography to perform encryption and decryption. Symmetric key cryptography uses the same algorithm and key to both encrypt and decrypt digital data. The Unen-crypted data is typically called plaintext whether it is text or not. The encrypted data is typically called ciphertext.
Reference:
http://docs.aws.amazon.com/kms/latest/developerguide/crypto_overview.html
Bob is an IAM user who has access to the EC2 services. Admin is an IAM user who has access to all the AWS services including IAM. Can Bob change his own password?
D
The IAM users by default cannot change their password. The root owner or IAM administrator needs to set the policy in the password policy page, which should allow the user to change their password. Once it is enabled, the IAM user can always change their own passwords from the AWS console or CLI.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingUserPwdSelf.html
ABC has three AWS accounts. They have created separate IAM users within each account.
ABC wants a single IAM login URL such as https://abc.signin.aws.amazon.com/console/ for use by IAM users in all three accounts.
How can this be achieved?
D
Users can create an alias for they accounts, but the alias should be unique to the account. For example, the alias "abc" can be assigned to only one account. If a user wants the URL of the AWS IAM sign-in page to have a company name instead of the AWS account ID, he can create an alias for his AWS account ID.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html
Which of the following Identity and Access Management (IAM) policy keys of AWS Direct Con-nect is used for date/time conditions?
A
AWS Direct Connect implements the following policy keys of Identity and Access Management: aws:CurrentTime (for date/time conditions) aws:EpochTime (the date in epoch or UNIX time, for use with date/time conditions) aws:SecureTransport (Boolean representing whether the request was sent using SSL) aws:SourceIp (the requester's IP address, for use with IP address conditions) aws:UserAgent (in-formation about the requester's client application, for use with string conditions)
Reference:
http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html
