ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 44 discussion

Exam question from Amazon's AWS-SysOps
Question #: 44
Topic #: 1
[All AWS-SysOps Questions]

You are running a web-application on AWS consisting of the following components an Elastic Load Balancer (ELB) an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and Relational DataBase Service (RDS) MySQL.
Which security measures fall into AWS's responsibility?

  • A. Protect the EC2 instances against unsolicited access by enforcing the principle of least-privilege access
  • B. Protect against IP spoofing or packet sniffing
  • C. Assure all communication between EC2 instances and ELB is encrypted
  • D. Install latest security patches on ELB. RDS and EC2 instances
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf
by awscertified at March 3, 2020, 1:20 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Finger41
8 months, 2 weeks ago
Selected Answer: B
IP Spoofing. Amazon EC2 instances cannot send spoofed network traffic. The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own. https://d1.awsstatic.com/whitepapers/Security/Networking_Security_Whitepaper.pdf
upvoted 1 times
...
xxxdolorxxx
1 year, 6 months ago
I'm not sure that B is correct. I could be, but if I set up an EC2 server with an HTTP connection, couldn't someone easily snif packets being sent?
upvoted 1 times
xxxdolorxxx
1 year, 6 months ago
I checked the link it says: EC2 instances running within an Amazon VPC inherit all of the benefits described below related to the guest OS and protection against packet sniffing. . So I'm going with B.
upvoted 1 times
...
...
TroyMcLure
1 year, 6 months ago
Correct Answer: B
upvoted 1 times
...
RicardoD
1 year, 6 months ago
B is the answer IP spoofing – AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own. Packet Sniffing by other tenants – It is not possible for a virtual instance running in promiscuous mode to receive or “sniff” traffic that is intended for a different virtual instance
upvoted 3 times
...
a_w_s
1 year, 6 months ago
B is the good answer ... D is not good because there’s a mix of customer and AWS parts of responsibilities ...
upvoted 3 times
...
awscertified
1 year, 7 months ago
B. Protect against IP spoofing or packet sniffing
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago