DBS-C01 Database Security • Complete Question Bank
Complete DBS-C01 Database Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowRoot",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": "kms:*",
"Resource": "*"
},
{
"Sid": "AllowAppUser",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/app-user"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:ViaService": "rds.us-east-1.amazonaws.com"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kms:Decrypt",
"Resource": "arn:aws:kms:us-east-1:123456789012:key/abc12345-...",
"Condition": {
"StringEquals": {
"kms:ViaService": "secretsmanager.us-east-1.amazonaws.com",
"kms:CallerAccount": "123456789012"
}
}
}
]
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Single attribute used to distribute data across partitions
Attribute that determines order within a partition
Index with a different partition and sort key for alternate query patterns
Index with the same partition key but different sort key
Time-ordered sequence of item-level changes in a table
Drag a concept onto its matching description — or click a concept then click the description.
Migrates databases to AWS with minimal downtime
Converts database schema and code to target engine
Physical device for large-scale data transfer
Continuous replication for ongoing changes
ETL service for preparing and transforming data
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:ModifyDBInstance"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "rds:DeleteDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-db"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
],
"Resource": "arn:aws:kms:us-east-1:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
"Condition": {
"StringEquals": {
"kms:ViaService": "rds.us-east-1.amazonaws.com",
"aws:SourceVpce": "vpce-12345678"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds-db:connect"
],
"Resource": [
"arn:aws:rds-db:us-east-1:123456789012:dbuser:db-ABCDEFGHIJKL01234/db_user1"
]
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "arn:aws:kms:us-east-1:123456789012:key/abc12345-1234-1234-1234-123456789012"
},
{
"Effect": "Allow",
"Action": [
"rds:CreateDBSnapshot",
"rds:ModifyDBInstance"
],
"Resource": "*"
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt",
"kms:Encrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*"
],
"Resource": "arn:aws:kms:us-east-1:123456789012:key/abc12345-1234-1234-1234-123456789012",
"Condition": {
"StringEquals": {
"kms:ViaService": "s3.us-east-1.amazonaws.com",
"kms:CallerAccount": "123456789012"
}
}
}
]
}[
{
"user": "admin",
"host": "10.0.1.5",
"db": "prod",
"command": "Query",
"time": "0",
"state": "Sending data",
"info": "SELECT * FROM credit_cards"
},
{
"user": "app_user",
"host": "10.0.2.10",
"db": "prod",
"command": "Query",
"time": "0",
"state": "Sending data",
"info": "SELECT card_number FROM credit_cards WHERE user_id=123"
}
]{
"Statement": [
{
"Effect": "Allow",
"Action": "rds:CreateDBSecurityGroup",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"rds:AuthorizeDBSecurityGroupIngress",
"rds:RevokeDBSecurityGroupIngress"
],
"Resource": "arn:aws:rds:us-east-1:123456789012:secgrp:my-security-group"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "rds:ModifyDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-*"
},
{
"Effect": "Allow",
"Action": "rds:ModifyDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:dev-*",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:CreateDBSnapshot"
],
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-db"
},
{
"Effect": "Deny",
"Action": "rds:DeleteDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-db"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:CreateDBSnapshot",
"rds:DeleteDBSnapshot"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "rds:DeleteDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-db"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:CreateDBSnapshot"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "rds:DeleteDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-db"
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:GetItem",
"Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/Orders",
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:Attributes": ["order_id", "customer_id", "status"]
}
}
}
]
}Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:CreateDBInstance"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "rds:DeleteDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-*"
}
]
}Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "rds:CreateDBInstance",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "rds:CreateDBInstance",
"Resource": "*",
"Condition": {
"Bool": {
"rds:StorageEncrypted": "false"
}
}
}
]
}
```Refer to the exhibit.
IAM policy attached to a user:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::my-db-backups/*"
}
]
}Refer to the exhibit.
CloudFormation snippet:
Resources:
MyDBInstance:
Type: AWS::RDS::DBInstance
Properties:
Engine: mysql
DBInstanceClass: db.t3.medium
AllocatedStorage: 100
StorageEncrypted: true
KmsKeyId: !Ref MyKMSKey
MasterUsername: admin
MasterUserPassword: !Ref DBPassword
MyKMSKey:
Type: AWS::KMS::Key
Properties:
KeyPolicy:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
Action: "kms:*"
Resource: "*"{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:ModifyDBInstance"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "rds:DeleteDBInstance",
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-*"
}
]
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kms:Decrypt",
"Resource": "arn:aws:kms:us-east-1:123456789012:key/abc123",
"Condition": {
"StringEquals": {
"kms:ViaService": "s3.amazonaws.com"
}
}
}
]
}Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:ModifyDBInstance"
],
"Resource": "arn:aws:rds:us-east-1:123456789012:db:prod-db"
},
{
"Effect": "Allow",
"Action": "rds:DescribeDBInstances",
"Resource": "*"
}
]
}
```