Plantir Data Engineering Certification Actual
Exam Newest 2025/2026 With
Questions And 100% Correct Answers |Already Graded
A+||Latest Version!|
1. When creating a new security group, which of the
following are true? (Choose two.)
A. All inbound traffic is allowed by default.
B. All outbound traffic is allowed by default.
C. Connections that are allowed in must also explicitly be
allowed back out.
D. Connections that are allowed in are automatically
allowed back out. - ANSWER-B, D
,2. You have a government-regulated system that will store
a large amount of data on S3 standard. You must encrypt
all data and preserve a clear audit trail for traceability and
third-party auditing. Security policies dictate that
encryption must be consistent across the entire data store.
Which of the following encryption approaches would be
best?
A. SSE-C
B. SSE-KMS
C. SSE-C
D. Encrypt the data prior to upload to S3 and decrypt the
data when returning it to the client. - ANSWER-B
,3. You are creating a bastion host to allow SSH access to
a set of EC2 instances in a private subnet within your
organization's VPC. Which of the following should be done
as part of configuring the bastion host? (Choose two.)
A. Ensure that the bastion host is exposed directly to the
Internet.
B. Place the bastion host within the private subnet.
C. Add a route from the bastion host IP into the private
subnet into the subnet's NACLs.
D. Ensure that the bastion host is within the same security
group as the hosts within the private subnet. - ANSWER-
A, C
, 4. Which of the following are invalid IAM actions? (Choose
two.)
A. Limiting the root account SSH access to all EC2
instances
B. Allowing a user account SSH access to all EC2
instances
C. Removing console access for the root account
D. Removing console access for all non-root user
accounts - ANSWER-A,C
5. Which of the following statements is true?
A. You should store application keys only in your
application's .aws file.
Exam Newest 2025/2026 With
Questions And 100% Correct Answers |Already Graded
A+||Latest Version!|
1. When creating a new security group, which of the
following are true? (Choose two.)
A. All inbound traffic is allowed by default.
B. All outbound traffic is allowed by default.
C. Connections that are allowed in must also explicitly be
allowed back out.
D. Connections that are allowed in are automatically
allowed back out. - ANSWER-B, D
,2. You have a government-regulated system that will store
a large amount of data on S3 standard. You must encrypt
all data and preserve a clear audit trail for traceability and
third-party auditing. Security policies dictate that
encryption must be consistent across the entire data store.
Which of the following encryption approaches would be
best?
A. SSE-C
B. SSE-KMS
C. SSE-C
D. Encrypt the data prior to upload to S3 and decrypt the
data when returning it to the client. - ANSWER-B
,3. You are creating a bastion host to allow SSH access to
a set of EC2 instances in a private subnet within your
organization's VPC. Which of the following should be done
as part of configuring the bastion host? (Choose two.)
A. Ensure that the bastion host is exposed directly to the
Internet.
B. Place the bastion host within the private subnet.
C. Add a route from the bastion host IP into the private
subnet into the subnet's NACLs.
D. Ensure that the bastion host is within the same security
group as the hosts within the private subnet. - ANSWER-
A, C
, 4. Which of the following are invalid IAM actions? (Choose
two.)
A. Limiting the root account SSH access to all EC2
instances
B. Allowing a user account SSH access to all EC2
instances
C. Removing console access for the root account
D. Removing console access for all non-root user
accounts - ANSWER-A,C
5. Which of the following statements is true?
A. You should store application keys only in your
application's .aws file.
