AWS SCS-C02 Practice Test: TLS Termination and Security

15 Questions

What is the company's requirement for the TLS traffic to the Classic Load Balancer?

It should use a custom security policy that allows only perfect forward secrecy cipher suites

What type of listener should be used for the Classic Load Balancer according to the requirements?

HTTPS listener with a custom security policy that allows only perfect forward secrecy cipher suites

What is the purpose of using perfect forward secrecy cipher suites in this scenario?

To ensure secure TLS traffic even if the certificate private key is leaked

Which type of security policy should be used for the listener on the Classic Load Balancer?

A security policy allowing only perfect forward secrecy cipher suites

What is the purpose of a Classic Load Balancer's HTTPS listener in this scenario?

To terminate TLS connections using a custom security policy

Why should the company use a custom security policy for the HTTPS listener on the Classic Load Balancer?

To ensure secure TLS traffic even if the certificate private key is leaked

What is the purpose of a custom security policy for the HTTPS listener on the Classic Load Balancer?

To ensure that only perfect forward secrecy cipher suites are supported

What does an HTTPS listener using a custom security policy do for a Classic Load Balancer?

Checks for unrestricted public write access in Amazon S3 buckets

What should a Security Engineer do to ensure that newly acquired IAM accounts follow the corporation's security best practices?

Set up IAM Systems Manager to monitor S3 bucket policies for public write access

What is the purpose of using Amazon Macie in the company's AWS account?

To continuously check the configuration of all S3 buckets

What does AWS Firewall Manager primarily help with in the company's AWS account?

Managing security policies and automating enforcement across AWS accounts

What is the main function of Amazon Inspector in the company's AWS account?

Reviewing resources and invoking CloudWatch alarms for vulnerable resources

How does an HTTPS listener using a custom security policy help ensure secure traffic to a Classic Load Balancer?

By supporting only perfect forward secrecy cipher suites

What does Amazon Shield Advanced primarily provide protection against in the company's AWS account?

Active DDoS events targeting the AWS account

How can an IAM role within an Amazon EC2 instance contribute to monitoring S3 buckets?

By checking the status of all S3 buckets through a cron job

Test your knowledge on TLS termination and security in a distributed web application deployment on Amazon Web Services (AWS) using Classic Load Balancer. Evaluate your understanding of ensuring secure TLS traffic to the load balancer.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.