Fausto Busuito
commited on
Commit
•
54c53e2
1
Parent(s):
96884ca
Application changes
Browse files- questions/Amazon.SAA-C03.v2024-10-25.json +12 -12
- templates/quiz.html +1 -1
questions/Amazon.SAA-C03.v2024-10-25.json
CHANGED
@@ -256,10 +256,10 @@
|
|
256 |
{
|
257 |
"question": "A law firm needs to share information with the public The information includes hundreds of files that must be publicly readable Modifications or deletions of the files by anyone before a designated future date are prohibited. Which solution will meet these requirements in the MOST secure way?",
|
258 |
"options": [
|
259 |
-
"Upload all files to an Amazon S3 bucket that is configured for static website hosting. Grant read- only
|
260 |
"Create a new Amazon S3 bucket with S3 Versioning enabled Use S3 Object Lock with a retention period in accordance with the designated date Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objrcts.",
|
261 |
"Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.",
|
262 |
-
"Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only
|
263 |
],
|
264 |
"correct": [
|
265 |
"B"
|
@@ -292,10 +292,10 @@
|
|
292 |
{
|
293 |
"question": "A company is designing a microservice-based architecture tor a new application on AWS. Each microservice will run on its own set of Amazon EC2 instances. Each microservice will need to interact with multiple AWS services such as Amazon S3 and Amazon Simple Queue Service (Amazon SQS). The company wants to manage permissions for each EC2 instance based on the principle of least privilege. Which solution will meet this requirement?",
|
294 |
"options": [
|
295 |
-
"Assign an
|
296 |
-
"Create a single
|
297 |
"Use AWS Organizations to create a separate account for each microservice. Manage permissions at the account level.",
|
298 |
-
"Create individual
|
299 |
],
|
300 |
"correct": [
|
301 |
"D"
|
@@ -368,12 +368,12 @@
|
|
368 |
]
|
369 |
},
|
370 |
{
|
371 |
-
"question": "A company needs a solution to prevent AWS CloudFormation stacks from deploying AWS Identity and Access Management (
|
372 |
"options": [
|
373 |
"Use AWS Control Tower proactive controls to block deployment of EC2 instances with public IP addresses and inline policies with elevated access or \"*\"",
|
374 |
"Use AWS Control Tower detective controls to block deployment of EC2 instances with public IP addresses and inline policies with elevated access or \"\"",
|
375 |
-
"Use AWS Config to create rules for EC2 and
|
376 |
-
"Use a service control policy (SCP) to block actions for the EC2 instances and
|
377 |
],
|
378 |
"correct": [
|
379 |
"D"
|
@@ -420,12 +420,12 @@
|
|
420 |
]
|
421 |
},
|
422 |
{
|
423 |
-
"question": "A company has applications that run on Amazon EC2 instances. The EC2 instances connect to Amazon RDS databases by using an
|
424 |
"options": [
|
425 |
-
"Create a new
|
426 |
-
"Create an
|
427 |
"Enable Default Host Configuration Management in Systems Manager to manage the EC2 instances.",
|
428 |
-
"Remove the existing policies from the existing
|
429 |
],
|
430 |
"correct": [
|
431 |
"C"
|
|
|
256 |
{
|
257 |
"question": "A law firm needs to share information with the public The information includes hundreds of files that must be publicly readable Modifications or deletions of the files by anyone before a designated future date are prohibited. Which solution will meet these requirements in the MOST secure way?",
|
258 |
"options": [
|
259 |
+
"Upload all files to an Amazon S3 bucket that is configured for static website hosting. Grant read- only IAM permissions to any AWS principals that access the S3 bucket until the designated date.",
|
260 |
"Create a new Amazon S3 bucket with S3 Versioning enabled Use S3 Object Lock with a retention period in accordance with the designated date Configure the S3 bucket for static website hosting. Set an S3 bucket policy to allow read-only access to the objrcts.",
|
261 |
"Create a new Amazon S3 bucket with S3 Versioning enabled Configure an event trigger to run an AWS Lambda function in case of object modification or deletion. Configure the Lambda function to replace the objects with the original versions from a private S3 bucket.",
|
262 |
+
"Upload all files to an Amazon S3 bucket that is configured for static website hosting. Select the folder that contains the files. Use S3 Object Lock with a retention period in accordance with the designated date. Grant read-only IAM permissions to any AWS principals that access the S3 bucket."
|
263 |
],
|
264 |
"correct": [
|
265 |
"B"
|
|
|
292 |
{
|
293 |
"question": "A company is designing a microservice-based architecture tor a new application on AWS. Each microservice will run on its own set of Amazon EC2 instances. Each microservice will need to interact with multiple AWS services such as Amazon S3 and Amazon Simple Queue Service (Amazon SQS). The company wants to manage permissions for each EC2 instance based on the principle of least privilege. Which solution will meet this requirement?",
|
294 |
"options": [
|
295 |
+
"Assign an IAM user to each micro-service. Use access keys stored within the application code to authenticate AWS service requests.",
|
296 |
+
"Create a single IAM role that has permission to access all AWS services. Associate the IAM role with all EC2 instances that run the microservices",
|
297 |
"Use AWS Organizations to create a separate account for each microservice. Manage permissions at the account level.",
|
298 |
+
"Create individual IAM roles based on the specific needs of each microservice. Associate the IAM roles with the appropriate EC2 instances."
|
299 |
],
|
300 |
"correct": [
|
301 |
"D"
|
|
|
368 |
]
|
369 |
},
|
370 |
{
|
371 |
+
"question": "A company needs a solution to prevent AWS CloudFormation stacks from deploying AWS Identity and Access Management (IAM) resources that include an inline policy or \"*\" in the statement The solution must also prohibit deployment ot Amazon EC2 instances with public IP addresses The company has AWS Control Tower enabled in its organization in AWS Organizations. Which solution will meet these requirements?",
|
372 |
"options": [
|
373 |
"Use AWS Control Tower proactive controls to block deployment of EC2 instances with public IP addresses and inline policies with elevated access or \"*\"",
|
374 |
"Use AWS Control Tower detective controls to block deployment of EC2 instances with public IP addresses and inline policies with elevated access or \"\"",
|
375 |
+
"Use AWS Config to create rules for EC2 and IAM compliance Configure the rules to run an AWS Systems Manager Session Manager automation to delete a resource when it is not compliant",
|
376 |
+
"Use a service control policy (SCP) to block actions for the EC2 instances and IAM resources if the actions lead to noncompliance"
|
377 |
],
|
378 |
"correct": [
|
379 |
"D"
|
|
|
420 |
]
|
421 |
},
|
422 |
{
|
423 |
+
"question": "A company has applications that run on Amazon EC2 instances. The EC2 instances connect to Amazon RDS databases by using an IAM role that has associated policies. The company wants to use AWS Systems Manager to patch the EC2 instances without disrupting the running applications. Which solution will meet these requirements?",
|
424 |
"options": [
|
425 |
+
"Create a new IAM role. Attach the AmazonSSMManagedlnstanceCore policy to the new IAM role. Attach the new IAM role to the EC2 instances and the existing IAM role.",
|
426 |
+
"Create an IAM user. Attach the AmazonSSMManagedlnstanceCore policy to the IAM user. 24 23 Configure Systems Manager to use the IAM user to manage the EC2 instances.",
|
427 |
"Enable Default Host Configuration Management in Systems Manager to manage the EC2 instances.",
|
428 |
+
"Remove the existing policies from the existing IAM role. Add the AmazonSSMManagedlnstanceCore policy to the existing IAM role."
|
429 |
],
|
430 |
"correct": [
|
431 |
"C"
|
templates/quiz.html
CHANGED
@@ -19,7 +19,7 @@
|
|
19 |
</script>
|
20 |
</head>
|
21 |
<body onload="updateTimer()">
|
22 |
-
<h1>Question {{ question_number }} of {{ total_questions }}
|
23 |
<p>{{ question.question }}</p>
|
24 |
<form action="{{ url_for('quiz') }}" method="post">
|
25 |
{% if multiple_selection %}
|
|
|
19 |
</script>
|
20 |
</head>
|
21 |
<body onload="updateTimer()">
|
22 |
+
<h1>Question {{ question_number }} of {{ total_questions }} | {{ selected_file }} <span id="timer"></span></h1>
|
23 |
<p>{{ question.question }}</p>
|
24 |
<form action="{{ url_for('quiz') }}" method="post">
|
25 |
{% if multiple_selection %}
|