Question: 1
You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access from the
offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified
IP address block?
A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access
from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP
address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in
that VPC to deny access from the IP address block
Answer: B
Question: 2
The operations team and the development team want a single place to view both operating system
and application logs.
How should you implement this using AWS services? Choose two answers
A. Using AWS CloudFormation, create a CloudWatch Logs LogGroup and send the operating system
and application logs of interest using the CloudWatch Logs Agent
B. Using AWS CloudFormation and configuration management, set up remote logging to send
events via UDP packets to CloudTrail
C. Using configuration management, set up remote logging to send events to Amazon Kinesis and
insert these into Amazon CloudSearch or Amazon Redshift, depending on available analytic tools
D. Using AWS CloudFormation, create a CloudWatch Logs LogGroup. Because the CloudWatch log
agent automatically sends all operating system logs, you only have to configure the application logs
for sending off-machine
E. Using AWS CloudFormation, merge the application logs with the operating system logs, and use
IAM Roles to allow both teams to have access to view console output from Amazon EC2
Answer: A,C
Question: 3
You are working with customer who has 10 TB of archival data that they want to migrate to Amazon
Glacier. The customer has a 1Mbps connection to the Internet. Which service or feature provide the
fastest method of getting the data into Amazon Glacier?
A. Amazon Glacier multipart upload
B. AWS Storage Gateway
C. VM Import/Export
D. AWS Import/Export
Answer: D
Question: 4
A user has provisioned 2000 IOPS to the EBS volume. The application hosted on that EBS is
experiencing less IOPS than provisioned. Which of the below mentioned options does not affect the
IOPS of the volume?
A. The application does not have enough IO for the volume
B. The instance is EBS optimized
C. The EC2 instance has 10 Gigabit Network connectivity
D. The volume size is too large
Answer: D
Question: 5
You need to configure an Amazon S3 bucket to serve static assets for your public-facing web
application. Which methods ensure that all objects uploaded to the bucket are set to public read?
Choose 2 answers
A. Set permissions on the object to public read during upload
B. Configure the bucket ACL to sell all objects to public read
C. Configure the bucket policy to set all objects to public read
D. Use AWS identity and access Management roles to set the bucket to public read
E. Amazon S3 objects default to public read, so no action is needed
Answer: B,C
https://www.realexamdumps.com/amazon/bds-c00-practice-test.html
No comments:
Post a Comment