Question 1easymultiple choice
Read the full Cloud Platform and Infrastructure Security explanation →CCSP Cloud Platform and Infrastructure Security • Complete Question Bank
Complete CCSP Cloud Platform and Infrastructure Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Hardware-based key generation and storage
Software-based key lifecycle management
Customer-managed keys in cloud provider HSM
Customer holds and manages own keys
Refer to the exhibit.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"BoolIfExists": {
"aws:SecureTransport": "false"
}
}
}
]
}Refer to the exhibit.
Resources:
WebSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Web server security group
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 443
ToPort: 443
CidrIp: 0.0.0.0/0Refer to the exhibit.
[CloudTrail Log Entry]
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"arn": "arn:aws:iam::123456789012:user/john.doe",
"accountId": "123456789012"
},
"eventTime": "2024-04-01T14:30:00Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "AuthorizeSecurityGroupIngress",
"requestParameters": {
"groupId": "sg-0123456789abcdef0",
"ipPermissions": {
"items": [
{
"ipProtocol": "tcp",
"fromPort": 22,
"toPort": 22,
"ipRanges": [
{"cidrIp": "0.0.0.0/0"}
]
}
]
}
},
"responseElements": {
"requestId": "abc123",
"_return": true
}
}{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Principal": "*"
}
]
}[Error] Failed to launch instance i-123456: InsufficientInstanceCapacity – There is no capacity available for the requested instance type in this Availability Zone.
{
"SecurityGroup": {
"GroupName": "sg-web",
"IngressRules": [
{ "Protocol": "TCP", "PortRange": "443", "SourceCIDR": "10.0.0.0/8" },
{ "Protocol": "TCP", "PortRange": "22", "SourceCIDR": "0.0.0.0/0" }
],
"EgressRules": [
{ "Protocol": "TCP", "PortRange": "443", "DestinationCIDR": "0.0.0.0/0" }
]
}
}