CV0-004 Security • Complete Question Bank
Complete CV0-004 Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. # iptables -L -n -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 100 12000 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 50 6000 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 20 2400 ACCEPT tcp -- eth0 * 10.0.0.0/8 0.0.0.0/0 tcp dpt:443 10 1200 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:role/AdminRole"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"s3:x-amz-server-side-encryption": "AES256"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
```Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Data stored as objects with metadata
Data divided into blocks; used in SAN
Data stored in a hierarchical file system
Temporary storage tied to instance lifecycle
Drag a concept onto its matching description — or click a concept then click the description.
Test network connectivity
Trace path to destination
Query DNS records
Display network connections and ports
Transfer data using various protocols
Refer to the exhibit.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "203.0.113.0/24"
}
}
}
]
}
```Refer to the exhibit.
```
$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389
```Refer to the exhibit. ``` [critical] [security] [user_data] [user_data_1e3b] User credentials stored in user data where they are accessible to all users with read access. ```
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::confidential/*",
"Principal": "*"
}
]
}Refer to the exhibit.
Condition: {
IpAddress: {
"aws:SourceIp": "192.168.1.0/24"
}
}Refer to the exhibit. Snapshot ID: snap-123 Status: failed Error: "The snapshot uses a KMS key that is not available in this region."
Refer to the exhibit.
```
[user@bastion ~]$ gcloud compute instances list --format="value(name,zone,status)"
web-server-1 us-central1-a RUNNING
web-server-2 us-central1-b RUNNING
db-server us-central1-a RUNNING
[user@bastion ~]$ gcloud compute ssh web-server-1 --command="sudo systemctl status nginx"
● nginx.service - A high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2024-03-14 10:23:45 UTC; 1h 30min ago
[user@bastion ~]$ gcloud compute firewall-rules list --filter="allowed=('tcp:22')"
NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED
allow-ssh default INGRESS 1000 tcp:22 False
[user@bastion ~]$ gcloud compute firewall-rules describe allow-ssh
allowed:
- IPProtocol: tcp
ports:
- '22'
sourceRanges:
- 0.0.0.0/0
```