ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 198 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 198
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

One of the AWS account owners faced a major challenge in June as his account was hacked and the hacker deleted all the data from his AWS account. This resulted in a major blow to the business.
Which of the below mentioned steps would not have helped in preventing this action?

  • A. Setup an MFA for each user as well as for the root account user.
  • B. Take a backup of the critical data to offsite / on premise.
  • C. Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
  • D. Do not share the AWS access and secret access keys with others as well do not store it inside programs, instead use IAM roles.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
AWS security follows the shared security model where the user is as much responsible as Amazon. If the user wants to have secure access to AWS while hosting applications on EC2, the first security rule to follow is to enable MFA for all users. This will add an added security layer. In the second step, the user should never give his access or secret access keys to anyone as well as store inside programs. The better solution is to use IAM roles. For critical data of the organization, the user should keep an offsite/ in premise backup which will help to recover critical data in case of security breach. It is recommended to have AWS AMIs and snapshots as well as keep them at other regions so that they will help in the DR scenario. However, in case of a data security breach of the account they may not be very helpful as hacker can delete that.
Therefore, creating an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions, would not have helped in preventing this action.
by virtual at Feb. 19, 2020, 9:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
amministrazione
1 year ago
C. Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
upvoted 1 times
...
SkyZeroZx
2 years, 2 months ago
Selected Answer: C
C is my answer. However, i think the answer could have been worded better. instead of "what could have prevented the action", it should have included "what could have mitigated the action" as well.
upvoted 1 times
...
CloudHandsOn
2 years, 4 months ago
C is my answer. However, i think the answer could have been worded better. instead of "what could have prevented the action", it should have included "what could have mitigated the action" as well.
upvoted 1 times
CloudHandsOn
2 years, 4 months ago
I meant "what would have NOT helped prevent the action" and "what would have NOT helped mitigate the action"
upvoted 1 times
...
...
cldy
3 years, 8 months ago
C. Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
upvoted 1 times
...
FERIN_01
3 years, 9 months ago
C. Its a negative question asking option not prevented this incident. As per author keeping back-up in AWS also can be deleted by hacker hence it is not secure option.
upvoted 1 times
...
01037
3 years, 9 months ago
I think neither B nor C could help PREVENT the action. They can only mediate the result.
upvoted 1 times
bamjive06
3 years, 9 months ago
Correct, and since the user got hacked, should this bad boys drink demons, they could wipe staff here and far. So B is better
upvoted 1 times
...
...
ramikhreim
3 years, 10 months ago
Which of the below mentioned steps would NOT have helped in preventing this action. C is the answer the Hacker have access to all regions in this account that will not help i preventing
upvoted 2 times
...
JAWS1600
3 years, 10 months ago
I take back my previous answer. After reading the question again "would not have helped" - Correct answer is C.
upvoted 1 times
...
JAWS1600
3 years, 10 months ago
B. Issue with A - if hacker hacked an account, he would be able to delete the data in other regions. The safest option is to keep data offsite or on-prem. One option is to copy the data backup to EFS and mount EFS on on-prem. Second option will be to copy the backup using aws s3 cli.
upvoted 1 times
...
JAWS1600
3 years, 10 months ago
B. Issue with A - if hacker hacked an account, he would be able to delete the data in other regions. The safest option is to keep data offsite or on-prem. One option is to copy the data backup to EFS and mount EFS on on-prem. Second option will be to copy the backup using aws s3 cli.
upvoted 2 times
...
Asds
3 years, 11 months ago
A for sure.... MFA is the most secure thing to do at first when it comes to AWS accounts ..
upvoted 3 times
doyb
3 years, 10 months ago
'would not' so Answer is C
upvoted 3 times
...
...
virtual
3 years, 11 months ago
This can be the right answer, but it is quite disappointing ...
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel