Editing AWS Certified Security - Specialty: 9 Sample questions
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 6: | Line 6: | ||
:C) Create a [[VPC endpoint]] for [[AWS KMS]] with private DNS enabled. | :C) Create a [[VPC endpoint]] for [[AWS KMS]] with private DNS enabled. | ||
:D) Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. | :D) Use the KMS Import Key feature to securely transfer the AWS KMS key over a VPN. | ||
− | :E) Add the following condition to the AWS KMS key policy: <code>" | + | :E) Add the following condition to the AWS KMS key policy: <code>"aws:SourceIp": "10.0.0.0/16"</code> |
Line 62: | Line 62: | ||
:A) Enable [[AES-256]] encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket. | :A) Enable [[AES-256]] encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket. | ||
:B) Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket. | :B) Enable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket. | ||
− | :C) Add a bucket policy that includes a deny if a <code>[[PutObject]]</code> request does not include <code> | + | :C) Add a bucket policy that includes a deny if a <code>[[PutObject]]</code> request does not include <code>aws:SecureTransport</code>. |
− | :D) Add a | + | :D) Add a bucket policy with <code>aws:SourceIp</code> to allow uploads and downloads from the corporate intranet only. |
:E) Enable [[Amazon Macie]] to monitor and act on changes to the data lake's S3 bucket. | :E) Enable [[Amazon Macie]] to monitor and act on changes to the data lake's S3 bucket. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == |
Advertising: