-
Practice Exams Review Mode Set 2 Q21 & Q48
updated 3 months, 2 weeks ago
2 Members
·
2
Posts
-
Hello,
Can someone please elaborate more on those two questions from the practice exams in review mode set 2?
Question 21:
Category: CCP – Security and Compliance
There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?
- Set your S3 buckets to private so that objects are not publicly readable/writable
- Configure MFA delete on the S3 bucket. (marked as correct)
- Set up stricter IAM policies that will prevent users from deleting S3 objects
- Create access control policies so that only you can perform S3-related action
The answer states that “MFA deletion prevents unwanted access”. That is not the same as unauthorized access. With MFA the user who initiates the delete action needs to confirm the deletion process with a MFA code. However, the deletion would still be happening without the owner’s knowledge and not prevent unauthorized access. So why is this answer marked as correct?
Question 48:
Category: CCP – Cloud Technology and Services
Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?
- Lambda@Edge
- AWS Snowball Edge (marked as correct)
- AWS Snowcone
- AWS Snowmobile
The answer doesn’t say anything about moving petabytes of data with AWS Snowball Edge. And the AWS documentation (https://docs.aws.amazon.com/snowball/latest/developer-guide/device-differences.html) states on the first paragraph: “You can use these devices to move terabytes of data”. Isn’t the snowmobile the only service which is capable of moving petabytes?
-
Hello kmeraner,
Thank you for posting your inquiry.
For Question 21:
There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?
-Set your S3 buckets to private so that objects are not publicly readable/writable
–Configure MFA delete on the S3 bucket.
-Set up stricter IAM policies that will prevent users from deleting S3 objects
-Create access control policies so that only you can perform S3-related action
The correct answer indeed is “Configure MFA delete on the S3 bucket.” By setting up MFA, you add an extra layer of protection for your AWS accounts. This is very useful for preventing unwanted access or deletion of your AWS resources. It is important to note that only the bucket owner (root account) can enable MFA delete. This ensures that accidental deletions are mitigated, as the team initiating the deletion they must provide the MFA code, which the bucket owner only has.
For further readings, you can visit here:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
For Question 48:
Which of the following is a data transport solution that accelerates moving terabytes to petabytes of data into and out of AWS using appliances with on-board storage and compute capabilities?
-Lambda@Edge
–AWS Snowball Edge
-AWS Snowcone
-AWS Snowmobile
The correct answer is “AWS Snowball Edge”. Snowball Edge allows you to transfer 80 TB to a single Snowball Edge device and can transfer larger data sets with multiple Snowball Edge devices allowing you to transfer terabytes to petabytes of data in and out of AWS. For references, you can check it here. On the other hand, AWS Snowmobile is an exabyte-scale data transfer service, and designed for large data migration.
Hope this explanation helps you. If you have further questions please don’t hesitate to contact us.
Regards,
Nikee @ Tutorials Dojo
Log in to reply.