Question 499 the

  • No School
  • AA 1
  • dejahwalker1411
  • 262
  • 95% (22) 21 out of 22 people found this document helpful

This preview shows page 231 - 233 out of 262 pages.

QUESTION 499The AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt yourdata. AWS KMS is integrated with other AWS services including Amazon EBS, Amazon S3, Amazon Redshift, Elastic Transcoder, Amazon WorkMail, and AmazonRDS to make it simple to encrypt your data with encryption keys that you manage. AWS KMS is also integrated with AWS CloudTrail to provide you with key usagelogs to help meet your regulatory and compliance needs. Which of the following types of cryptography keys is supported by AWS KMS currently?A.Private ephemeral key agreement cryptographyB.Symmetric and asymmetric random number generation key cryptographyC.Asymmetric key cryptography and symmetric key cryptographyD.Only symmetric key cryptographyCorrect Answer: DSection: (none)ExplanationExplanation/Reference:Explanation:The AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt yourdata. AWS KMS is integrated with other AWS services including Amazon EBS, Amazon S3, Amazon Redshift, Elastic Transcoder, Amazon WorkMail, and AmazonRDS to make it simple to encrypt your data with encryption keys that you manage. AWS KMS is also integrated with AWS CloudTrail to provide you with key usagelogs to help meet your regulatory and compliance needs. AWS KMS currently supports only symmetric (private) key cryptography. QUESTION 500In AWS Identity and Access Management (IAM), you can make use of the ______ APIs to grant users temporary access to your resources.A.AWS Security Transport Service (STS)B.AWS Security Tree Service (STS)C.AWS Security Task Service (STS)D.AWS Security Token Service (STS)Correct Answer: DSection: (none)ExplanationExplanation/Reference:VCEConvert.com
Explanation:AWS Security Token Service enables the creation of temporary credentials that can be used along with IAM in order to grant access to trusted entities and users toyour AWS resources for a predefined amount of time.QUESTION 501An IAM user has two conflicting policies as part of two separate groups. One policy allows him to access an S3 bucket, while another policy denies him the access.Can the user access that bucket?A.Yes, alwaysB. NoC.Yes, provided he accesses with the group which has S3 accessD.Yes, but just read only access of the bucketCorrect Answer: BSection: (none)ExplanationExplanation/Reference:Explanation:When a request is made, the AWS IAM policy decides whether a given request should be allowed or denied. The evaluation logic follows these rules:By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.)An explicit allow policy overrides this default.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture