Question: 1
You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access from the
offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified
IP address block?
A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access
from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP
address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block D. Modify
the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in
that VPC to deny access from the IP address block
Answer: B
Question: 2
The operations team and the development team want a single place to view both operating system
and application logs.How should you implement this using AWS services? Choose two answers
A. Using AWS CloudFormation, create a CloudWatch Logs LogGroup and send the operating system
and application logs of interest using the CloudWatch Logs Agent
B. Using AWS CloudFormation and configuration management, set up remote logging to send
events via UDP packets to CloudTrail
C. Using configuration management, set up remote logging to send events to Amazon Kinesis and
insert these into Amazon CloudSearch or Amazon Redshift, depending on available analytic tools
D. Using AWS CloudFormation, create a CloudWatch Logs LogGroup. Because the CloudWatch log
agent automatically sends all operating system logs, you only have to configure the application logs
for sending off-machine
E. Using AWS CloudFormation, merge the application logs with the operating system logs, and use
IAM Roles to allow both teams to have access to view console output from Amazon EC2
Answer: A, C
Question: 3
You are working with customer who has 10 TB of archival data that they want to migrate to Amazon
Glacier. The customer has a 1Mbps connection to the Internet. Which service or feature provide the
fastest method of getting the data into Amazon Glacier?
A. Amazon Glacier multipart upload
B. AWS Storage Gateway
C. VM Import/Export
D. AWS Import/Export
Answer: D
Question: 4
A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is
experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the
IOPS of the volume?
A. The application does not have enough IO for the volume
B. The instance is EBS optimized
C. The EC2 instance has 10 Gigabit Network connectivity
D. The volume size is too large
Answer: D
Question: 5
You want to securely distribute credentials for your Amazon RDS instance to your fleet of web server
instances. The credentials are stored in a file that is controlled by a configuration management
system.How do you securely deploy the credentials in an automated manner across the fleet of web server
instances, which can number in the hundreds, while retaining the ability to roll back if needed?
A. Store your credential files in an Amazon S3 bucket. Use Amazon S3 server-side encryption on the
credential files. Have a scheduled job that pulls down the credential files into the instances every 10
minutes
B. Store the credential files in your version-controlled repository with the rest of your code. Have a
post-commit action in version control that kicks off a job in your continuous integration system which
securely copies the new credentials files to all web server instances
C. Insert credential files into user data and use an instance lifecycle policy to periodically refresh the
files from the user data
D. Keep credential files as a binary blob in an Amazon RDS MySQL DB instance, and have a script on
each Amazon EC2 instance that pulls the files down from the RDS instance
E. Store the credential files in your version-controlled repository with the rest of your code. Use a
parallel file copy program to send the credential files from your local machine to the Amazon EC2
instances
Answer: D
Source link:
https://www.amazondumps.com/bds-c00-dumps.html
Related Links:
Related Links:
No comments:
Post a Comment