AWS SCS-C02 Practice Test: TLS Termination and Security
15 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the company's requirement for the TLS traffic to the Classic Load Balancer?

  • It should use the latest IAM predefined ELBSecurityPolicy-TLS-1-2017-01 security policy
  • It should use a TCP listener with a custom security policy
  • It should use a certificate managed by Amazon Certification Manager
  • It should use a custom security policy that allows only perfect forward secrecy cipher suites (correct)
  • What type of listener should be used for the Classic Load Balancer according to the requirements?

  • HTTPS listener with a custom security policy that allows only perfect forward secrecy cipher suites (correct)
  • TCP listener with a custom security policy that allows only perfect forward secrecy cipher suites
  • HTTP listener with the latest IAM predefined ELBSecurityPolicy-TLS-1-2017-01 security policy
  • HTTPS listener with a certificate managed by Amazon Certification Manager
  • What is the purpose of using perfect forward secrecy cipher suites in this scenario?

  • To ensure secure TLS traffic even if the certificate private key is leaked (correct)
  • To allow only TCP traffic through the load balancer
  • To use the latest IAM predefined ELBSecurityPolicy-TLS-1-2017-01 security policy
  • To manage certificates using Amazon Certification Manager
  • Which type of security policy should be used for the listener on the Classic Load Balancer?

    <p>A security policy allowing only perfect forward secrecy cipher suites</p> Signup and view all the answers

    What is the purpose of a Classic Load Balancer's HTTPS listener in this scenario?

    <p>To terminate TLS connections using a custom security policy</p> Signup and view all the answers

    Why should the company use a custom security policy for the HTTPS listener on the Classic Load Balancer?

    <p>To ensure secure TLS traffic even if the certificate private key is leaked</p> Signup and view all the answers

    What is the purpose of a custom security policy for the HTTPS listener on the Classic Load Balancer?

    <p>To ensure that only perfect forward secrecy cipher suites are supported</p> Signup and view all the answers

    What does an HTTPS listener using a custom security policy do for a Classic Load Balancer?

    <p>Checks for unrestricted public write access in Amazon S3 buckets</p> Signup and view all the answers

    What should a Security Engineer do to ensure that newly acquired IAM accounts follow the corporation's security best practices?

    <p>Set up IAM Systems Manager to monitor S3 bucket policies for public write access</p> Signup and view all the answers

    What is the purpose of using Amazon Macie in the company's AWS account?

    <p>To continuously check the configuration of all S3 buckets</p> Signup and view all the answers

    What does AWS Firewall Manager primarily help with in the company's AWS account?

    <p>Managing security policies and automating enforcement across AWS accounts</p> Signup and view all the answers

    What is the main function of Amazon Inspector in the company's AWS account?

    <p>Reviewing resources and invoking CloudWatch alarms for vulnerable resources</p> Signup and view all the answers

    How does an HTTPS listener using a custom security policy help ensure secure traffic to a Classic Load Balancer?

    <p>By supporting only perfect forward secrecy cipher suites</p> Signup and view all the answers

    What does Amazon Shield Advanced primarily provide protection against in the company's AWS account?

    <p>Active DDoS events targeting the AWS account</p> Signup and view all the answers

    How can an IAM role within an Amazon EC2 instance contribute to monitoring S3 buckets?

    <p>By checking the status of all S3 buckets through a cron job</p> Signup and view all the answers

    More Like This

    Amazon Web Services Quiz
    24 questions

    Amazon Web Services Quiz

    SteadiestBlueTourmaline1325 avatar
    SteadiestBlueTourmaline1325
    Use Quizgecko on...
    Browser
    Browser