❎
TutorialsDojo Wrong Answers (AWS Sec Spec)
  • Jon Bonso (TutorialsDojo) Practice Test Scores
  • Incident Response (57%)
    • GuardDuty
    • Inspector
    • Macie
    • CloudTrail with CloudWatch Logs
    • Security Groups
    • Setting up an automated system to manage the access keys in the company's AWS account
  • Logging & Monitoring (68%)
    • Deliver CloudTrail logs from accounts into a single Amazon S3 bucket
    • Troubleshooting Elastic Beanstalk Logs
    • API History for a User: CloudWatch vs CloudTrail
    • ElastiSearch
    • Deliver CloudTrail Logs to a specific S3 bucket
    • CloudTrail Management & Data Events
    • CloudWatch Events + Config
  • Infrastructure Security (70%)
    • SSM Parameter Store vs Secrets Manager
    • Working with on-premises instances for CodeDeploy
    • One specific EC2 instance not receiving inbound connections from the Internet
    • Controlling access from VPC endpoints with bucket policies
    • Shield + WAF for DDoS Mitigation
    • Turn off Access to your Instance Metadata
    • Protect a Web Tier in a Public Subnet
    • Track changes in each user's IAM permissions
    • Switch from one IAM role to another
  • Identity and Access Management (71%)
    • Removing the default FullAWSAccess SCP
    • Active Directory Trust Relationships
    • Cognito User Pool Groups
  • Data Protection (67%)
  • Access Denied error when uploading an encrypted large file to S3 bucket
  • Kinesis Data Analytics
  • CloudTrail Encryption
  • S3 Server-side Encryption
  • Envelope Encryption
  • S3 Best Practice
  • KMS Key Policies
  • kms:GrantIsForAWSResource
  • Migrating data from encrypted EBS volume to an unencrypted EBS volume
  • S3 Encryption & Logging & Secure Transport
  • Review Mode - Test 1 (93%)
    • Consolidated Billing
    • Controlling network traffic to EC2 instances
    • CloudFront Security
    • SSL VPN
    • Have CloudTrail deliver log files from multiple AWS accounts into a Single S3 bucket
  • Review Mode - Test 2 (90%)
    • Troubleshooting CMK issues in SSM Parameter Store
    • Macie for Monitoring
    • SCPs
    • ELBs
    • CloudWatch Troubleshooting
    • ACM Private CA
    • Firewall Manager
Powered by GitBook
On this page

Was this helpful?

  1. Incident Response (57%)

Security Groups

  • Private IPv4 addresses are not reachable over the Internet, and can be used for communication between the instances in your VPC.

  • When you launch an instance into a VPC, a primary private IP address from the IPv4 address range of the subnet is assigned to the default network interface (eth0) of the instance.

  • CAN'T USE THE INSTANCE ID IN A SECURITY GROUP.

  • SOURCE IN THE INBOUND RULE OF A SECURITY GROUP CAN BE:

    • SINGLE IP ADDRESS

    • RANGE OF ADDRESSES

    • ANOTHER VPC SECURITY GROUP

PreviousCloudTrail with CloudWatch LogsNextSetting up an automated system to manage the access keys in the company's AWS account

Last updated 4 years ago

Was this helpful?