AWS SCS-C02 Practice Test: TLS Termination and Security

Questions and Answers

PDF Questions PDF Answers

What is the company's requirement for the TLS traffic to the Classic Load Balancer?

It should use the latest IAM predefined ELBSecurityPolicy-TLS-1-2017-01 security policy

It should use a TCP listener with a custom security policy

It should use a certificate managed by Amazon Certification Manager

It should use a custom security policy that allows only perfect forward secrecy cipher suites (correct)

What type of listener should be used for the Classic Load Balancer according to the requirements?

HTTPS listener with a custom security policy that allows only perfect forward secrecy cipher suites (correct)

TCP listener with a custom security policy that allows only perfect forward secrecy cipher suites

HTTP listener with the latest IAM predefined ELBSecurityPolicy-TLS-1-2017-01 security policy

HTTPS listener with a certificate managed by Amazon Certification Manager

What is the purpose of using perfect forward secrecy cipher suites in this scenario?

To ensure secure TLS traffic even if the certificate private key is leaked (correct)

To allow only TCP traffic through the load balancer

To use the latest IAM predefined ELBSecurityPolicy-TLS-1-2017-01 security policy

To manage certificates using Amazon Certification Manager

Which type of security policy should be used for the listener on the Classic Load Balancer?

A security policy allowing only perfect forward secrecy cipher suites

What is the purpose of a Classic Load Balancer's HTTPS listener in this scenario?

To terminate TLS connections using a custom security policy

Why should the company use a custom security policy for the HTTPS listener on the Classic Load Balancer?

To ensure secure TLS traffic even if the certificate private key is leaked

What is the purpose of a custom security policy for the HTTPS listener on the Classic Load Balancer?

To ensure that only perfect forward secrecy cipher suites are supported

What does an HTTPS listener using a custom security policy do for a Classic Load Balancer?

Checks for unrestricted public write access in Amazon S3 buckets

What should a Security Engineer do to ensure that newly acquired IAM accounts follow the corporation's security best practices?

Set up IAM Systems Manager to monitor S3 bucket policies for public write access

What is the purpose of using Amazon Macie in the company's AWS account?

To continuously check the configuration of all S3 buckets

What does AWS Firewall Manager primarily help with in the company's AWS account?

Managing security policies and automating enforcement across AWS accounts

What is the main function of Amazon Inspector in the company's AWS account?

Reviewing resources and invoking CloudWatch alarms for vulnerable resources

How does an HTTPS listener using a custom security policy help ensure secure traffic to a Classic Load Balancer?

By supporting only perfect forward secrecy cipher suites

What does Amazon Shield Advanced primarily provide protection against in the company's AWS account?

Active DDoS events targeting the AWS account

How can an IAM role within an Amazon EC2 instance contribute to monitoring S3 buckets?

By checking the status of all S3 buckets through a cron job