CLF-C02: AWS Certified Cloud Practitioner
Which scenarios should a user report to the AWS Abuse team? (Select two.)
A DDoS attack is being made on an AWS resource.
A SQL injection attack is being made from an IP address that is not an AWS address.
AWS resources are being used to host objectionable or illegal content.
A company's resources are being used in a way that is inconsistent with corporate policy.
A company is receiving HTTPS requests on a web server that is serving HTTP.
Answers are;
A DDoS attack is being made on an AWS resource.
C. AWS resources are being used to host objectionable or illegal content.
The AWS Trust & Safety team can assist following types of abusive behavior:
Denial-of-service (DoS) attacks: Your logs show that one or more AWS-owned IP addresses are used to flood ports on your resources with packets. You also believe that this is an attempt to overwhelm or crash your server or the software running on your server.
Intrusion attempts: Your logs show that one or more AWS-owned IP addresses are used to attempt to log in to your resources.
Hosting prohibited content: You have evidence that AWS resources are used to host or distribute prohibited content, such as illegal content or copyrighted content without the consent of the copyright holder.
• Spam – receving undesired emails from AWS-owned IP address, websites & forums spammed by AWS resources
• Port scanning – sending packets to your ports to discover the unsecured ones
• Distributing malware – AWS resources distributing softwares to harm computers
Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/report-aws-abuse/
According to the AWS shared responsibility model, which of the following is the customer's obligation?
Patching underlying infrastructure
Physical security
Patching Amazon EC2 instances
Patching network infrastructure
Answer is Patching Amazon EC2 instances
AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. Patching EC2 instance is customer's reponsibility
Which of the following is the customer's obligation under the shared responsibility model?
Ensuring that disk drives are wiped after use.
Ensuring that firmware is updated on hardware devices.
Ensuring that data is encrypted at rest.
Ensuring that network cables are category six or higher.
Answer is Ensuring that data is encrypted at rest.
Data encryption at rest and in transit, setting up data encryption, enabling encryption is done by customer.
Reference:
https://www.whizlabs.com/blog/aws-security-shared-responsibility/
Which action, in terms of AWS Cloud architecture, is compatible with the concept of least privilege?
Allow users the minimum access that is needed to do a task.
Prevent managers from accessing important source code.
Provide only the permissions that are needed for users to do their jobs in the current month.
Assign permissions that are based on job titles.
Answer is Allow users the minimum access that is needed to do a task.
Allow users the minimum access that is needed to do a task.
Reference:
https://aws.amazon.com/blogs/security/techniques-for-writing-least-privilege-iam-policies/
Which of the following are customer duties under the AWS shared responsibility model? (Select two.)
Setting up server-side encryption on an Amazon S3 bucket
Amazon RDS instance patching
Network and firewall configurations
Physical security of data center facilities
Compute capacity availability
Answers are;
A. Setting up server-side encryption on an Amazon S3 bucket
C. Network and firewall configurations
S3 buckets: Server-side encryption of objects is not enabled by default and the customer needs to opt-in. Only S3 Glacier is encrypted by default.
Encryption Opt-in:
• EBS volumes: encrypt volumes
• S3 buckets: Server-side encryption of objects
• Redshift database: encryption of data
• RDS database: encryption of data
• EFS drives: encryption of data
• Encryption Automatically enabled:
• CloudTrail Logs
• S3 Glacier
• Storage Gateway
Customer is responsible for Firewall configuration.
Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/
Which of the following tasks is the AWS customer's duty under the shared responsibility model? (Select two.)
Ensuring that application data is encrypted at rest
Ensuring that AWS NTP servers are set to the correct time
Ensuring that users have received security training in the use of AWS services
Ensuring that access to data centers is restricted
Ensuring that hardware is disposed of properly
Answers are;
A. Ensuring that application data is encrypted at rest
C. Ensuring that users have received security training in the use of AWS services
Customer trains user on use of AWS services
Before transferring an environment to the AWS Cloud, a cloud practitioner must receive AWS compliance reports.
How are these reports produced?
Contact the AWS Compliance team
Download the reports from AWS Artifact
Open a case with AWS Support
Generate the reports with Amazon Macie
Answer is Download the reports from AWS Artifact
AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Agreements available in AWS Artifact include the Business Associate Addendum (BAA) and the Nondisclosure Agreement (NDA).
What may be associated to an Amazon EC2 instance through AWS Identity and Access Management (IAM) to initiate service requests?
Group
Role
Policy
Access key
Which of the following actions is the customer's responsibility under the AWS shared responsibility model? (Select two.)
Patching operating system components for Amazon Relational Database Server (Amazon RDS)
Encrypting data on the client-side
Training the data center staff
Configuring Network Access Control Lists (ACL)
Maintaining environmental controls within a data center
Answers are;
B. Encrypting data on the client-side
D. Configuring Network Access Control Lists (ACL)
Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/
Which of the following is a duty of AWS under the AWS shared responsibility model?
Enabling server-side encryption for objects stored in S3
Applying AWS IAM security policies
Patching the operating system on an Amazon EC2 instance
Applying updates to the hypervisor
Answer is Applying updates to the hypervisor
Customer is responsible for IAM.
Reference:
https://aws.amazon.com/compliance/shared-responsibility-model/