Review Questions
-
When creating a new security group, which of the following are true? (Choose two.)
- All inbound traffic is allowed by default.
- All outbound traffic is allowed by default.
- Connections that are allowed in must also explicitly be allowed back out.
- Connections that are allowed in are automatically allowed back out.
-
You have a government-regulated system that will store a large amount of data on S3 standard. You must encrypt all data and preserve a clear audit trail for traceability and third-party auditing. Security policies dictate that encryption must be consistent across the entire data store. Which of the following encryption approaches would be best?
- SSE-C
- SSE-KMS
- SSE-C
- Encrypt the data prior to upload to S3 and decrypt the data when returning it to the client.
-
You are creating a bastion host to allow SSH access to a set of EC2 instances in a private subnet within your organization’s VPC. Which of the following should be done as part of configuring...