Architecting on AWS 学习笔记系列文章导航页面
29.You are deploying an application on Amazon EC2, which must call AWS APIs.
What method should you use to securely pass credentials to the application?
A. Pass API credentials to the instance using Instance userdata.
B. Store API credentials as an object in Amazon S3.
C. Embed the API credentials into your application.
D. Assign IAM roles to the EC2 Instances
30.The security policy of an organization requires an application to encrypt data before writing to the disk.
Which solution should the organization use to meet this requirement?
A. AWS KMS API
B. AWS Certificate Manager
C. API Gateway with STS
D. IAM Access Key
Note:
The AWS Certificate Manager can be used to generate SSL certificates to encrypt traffic in transit, but not at rest.
The IAM Access Key is used for secure access to EC2 instances.
AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS KMS is integrated with other AWS services including Amazon Elastic Block Store (Amazon EBS), Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon Elastic Transcoder, Amazon WorkMail, Amazon Relational Database Service (Amazon RDS), and others to make it simple to encrypt your data with encryption keys that you manage. For more information on AWS KMS, please visit the following URL: (https://docs.aws.amazon.com/kms/latest/developerguide/overview.html)
31.An application currently stores all its data on Amazon EBS Volumes.
All EBS volumes must be backed up durably across multiple Availability Zones. What is the MOST resilient and cost-effective way to back up the volumes?
A. Take regular EBS snapshots
B. Enable EBS volume encryption.
C. Create a script to copy data to an EC2 Instance store.
D. Mirror data across 2 EBS volumes. (inefficient in comparison with the existing option for EBS snapshots.)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
