Data Protection Exam
1. You are working for a company which runs a financial
investments blog. Your researchers work with a number of
different partners to gather insights into the financial
markets. You have engaged a company called Toplnsights to
provide a series of market research reports which they are
committed
to completing over the next 6 months. You have asked them
to provide the completed reports in pdf format and save them
to an S3 bucket that you own. Topinsights already use S3 to
store all of their internal documentation. What will you need
to do to enable Topinsights to deliver their reports to your S3
bucket?: Create an IAM role with write permission to the S3
bucket. Configure a trust relationship between your AWS account
and the AWS account belonging to Top insights.
,2. You are working for an investment bank which is designing
a new trad- ing data, and use machine learning to predict stock
market performance. The application is running in AWS and
needs to access the historical data
stored in a proprietary time series database located in your
data center. This information is highly confidential and could
cause serious repercussions if any data was ever leaked to
the public or your competitors. The application itself is
extremely sensitive to network inconsistencies and during
testing it frequently crashes if the network is not reliable. How
should you configure the network connectivity for this
application?: Configure a VPN between your VPC and the data
center over a Direct Connect connection.
3. You are using a CMK with imported key material. The key
has been in use for one year already and your company policy
states that keys must be rotated on an annual basis. What
should you do?: Create a new CMK, import new key material
into the new CMK
, 4. You are using Glacier to store historical data which you
need to keep for 7 years according to your company's
security policy. A vault lock policy is in place to prevent the
data from being tampered with. A new Head of Security has
started at your company and they are in the process of
updating many
of the existing security policies, including reducing the
retention policy for these historical files to only 5 years. You
have been asked to implement the new retention policy this
week, what is the best way of approaching this? It
is not possible to implement this.: It is not possible to
implement this. You cannot change the vault lock once it is
activated
5. AWS Systems Manager Parameter Store provides secure,
hierarchical stor- age for configuration data and secrets
management. Which of the following AWS services natively
support Parameter Store?: AWS CloudFormation Ama- zon
EC2 AWS Lambda x Amazon RDS
1. You are working for a company which runs a financial
investments blog. Your researchers work with a number of
different partners to gather insights into the financial
markets. You have engaged a company called Toplnsights to
provide a series of market research reports which they are
committed
to completing over the next 6 months. You have asked them
to provide the completed reports in pdf format and save them
to an S3 bucket that you own. Topinsights already use S3 to
store all of their internal documentation. What will you need
to do to enable Topinsights to deliver their reports to your S3
bucket?: Create an IAM role with write permission to the S3
bucket. Configure a trust relationship between your AWS account
and the AWS account belonging to Top insights.
,2. You are working for an investment bank which is designing
a new trad- ing data, and use machine learning to predict stock
market performance. The application is running in AWS and
needs to access the historical data
stored in a proprietary time series database located in your
data center. This information is highly confidential and could
cause serious repercussions if any data was ever leaked to
the public or your competitors. The application itself is
extremely sensitive to network inconsistencies and during
testing it frequently crashes if the network is not reliable. How
should you configure the network connectivity for this
application?: Configure a VPN between your VPC and the data
center over a Direct Connect connection.
3. You are using a CMK with imported key material. The key
has been in use for one year already and your company policy
states that keys must be rotated on an annual basis. What
should you do?: Create a new CMK, import new key material
into the new CMK
, 4. You are using Glacier to store historical data which you
need to keep for 7 years according to your company's
security policy. A vault lock policy is in place to prevent the
data from being tampered with. A new Head of Security has
started at your company and they are in the process of
updating many
of the existing security policies, including reducing the
retention policy for these historical files to only 5 years. You
have been asked to implement the new retention policy this
week, what is the best way of approaching this? It
is not possible to implement this.: It is not possible to
implement this. You cannot change the vault lock once it is
activated
5. AWS Systems Manager Parameter Store provides secure,
hierarchical stor- age for configuration data and secrets
management. Which of the following AWS services natively
support Parameter Store?: AWS CloudFormation Ama- zon
EC2 AWS Lambda x Amazon RDS
