Real Amazon AWS-Certified-Solutions-Architect-Professional Dumps with PDF (2019/July Updated)

2019/July dumps4u Amazon AWS-Certified-Solutions-Architect-Professional Exam Dumps with PDF New Updated Today!

Following are some new Amazon AWS-Certified-Solutions-Architect-Professional Real Exam Questions:


Question: 1

Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance. Which of these options would allow you to encrypt your data at rest? (Choose 3)

A. Implement third party volume encryption tools

B. Implement SSL/TLS for all services running on the server

C. Encrypt data inside your applications before storing it on EBS

D. Encrypt data using native data encryption drivers at the file systemlevel

E. Do nothing as EBS volumes are encrypted by default


Answer: A,C,D


Question: 2

A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the application’s X.509 certificate that contains the private key.

A. Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.

B. Configure the web servers to retrieve the certificate upon boot from an CloudHSM is managed by the security officers.

C. Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers

D. Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.


Answer: D

Explanation: You'll terminate the SSL at ELB. and the web request will get unencrypted to the EC2 instance, even if the certs are stored in S3, it has to be configured on the web servers or load balancers somehow, which becomes difficult if the keys are stored in S3. However, keeping the keys in the cert store and using IAM to restrict access gives a clear separation of concern between security officers and developers. Developer’s personnel can still configure SSL on ELB without actually handling the keys.

1.|2019 Latest Amazon AWS-Certified-Solutions-Architect-Professional Exam Dumps (PDF) Download:

https://www.dumps4u.com/aws-certified-solutions-architect-professional-dumps/

2.|2019 Latest Amazon AWS-Certified-Solutions-Architect-Professional Exam Questions & Answers Download:

https://www.dumps4u.com/vendor/amazon/