Domain 3: Design Secure Applications and Architectures Flashcards

1
Q

Encrypt EBS volumes restored from the unencrypted EBS snapshots

A

Copy the snapshot and enable encryption with a new symmetric CMK while creating an EBS volume using the snapshot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Limit the maximum number of requests from a single IP address.

A

Create a rate-based rule in AWS WAF and set the rate limit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Grant the bucket owner full access to all uploaded objects in the S3 bucket.

A

Create a bucket policy that requires users to set the object’s ACL to bucket-owner-full-control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Protect objects in the S3 bucket from accidental deletion or overwrite.

A

Enable versioning and MFA delete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Access resources on both on-premises and AWS using on-premises credentials that are stored in Active Directory.

A

Set up SAML 2.0-Based Federation by using a Microsoft Active Directory Federation Service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Secure the sensitive data stored in EBS volumes

A

Enable EBS Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Ensure that the data-in-transit and data-at-rest of the Amazon S3 bucket is always encrypted

A

Enable Amazon S3 Server-Side or use Client-Side Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Secure the web application by allowing multiple domains to serve SSL traffic over the same IP address.

A

Use AWS Certificate Manager to generate an SSL certificate. Associate the certificate to the CloudFront distribution and enable Server Name Indication (SNI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Control the access for several S3 buckets by using a gateway endpoint to allow access to trusted buckets.

A

Create an endpoint policy for trusted S3 buckets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Enforce strict compliance by tracking all the configuration changes made to any AWS services.

A

Set up a rule in AWS Config to identify compliant and non-compliant services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Provide short-lived access tokens that act as temporary security credentials to allow access to AWS resources.

A

Use AWS Security Token Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Encrypt and rotate all the database credentials, API keys, and other secrets on a regular basis.

A

Use AWS Secrets Manager and enable automatic rotation of credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly