Question 1: What requirement must you adhere to in order to deploy an AWS CloudHSM?
Run the HSM in two regions
Provision the HSM in a VPC
Deploy an EBS volume for the HSM
Call AWS Support first to enable it
Answer: Provision the HSM in a VPC
Question 2: What AWS KMS keys are used to encrypt and decrypt data in AWS?
Customer master keys
AWS master keys
Seller recrypt keys
User recrypt keys
Answer: Customer master keys
Question 3: How much data can you encrypt/decrypt using a Customer Master Key?
Up to 4MB
Up to 4TB
Up to 1MB
Up to 4KB
Answer: Up to 4KB
Question 4: The purpose of encrypting data when it is in transit between systems and services is to prevent (choose 3 correct answers):
Unauthenticated server and client communication
Eavesdropping
Unauthorized alterations
Unauthorized copying
Answers: Eavesdropping, Unauthorized alterations, Unauthorized copying
Question 5: Which protocol below is an industry-standard cryptographic protocol used for encrypting data at the transport layer?
HTTPS
TLS
X.509
IPSec
Answer: TLS
Question 6: How do you encrypt an existing unencrypted EBS volume?
EBS volumes are encrypted at rest by default
Enable Encryption by Default feature
Take a snapshot for an EBS volume and create a new encrypted volume for this snapshot
Enable encryption for an EC2 instance, which will encrypt the attached EBS volumes
Answer: Take a snapshot for an EBS volume and create a new encrypted volume for this snapshot
Question 7: Can you encrypt just a subset of items in a DynamoDB table?
Yes
No
Answer: No
Question 8: When you enable encryption for an RDS DB instance, what would not be encrypted?
JBDC connection
Transaction logs
Automated backups
Read Replicas
Snapshots
Answer: JBDC connection
.png)
0 Comments