00:00so let's continue with question number 24 for aws cloud practitioner exam practice test
00:06so which amazon so which featuring amazon virtual private cloud is a stateful and operates
00:14at instance level to control inbound and outbound traffic for an amazon ec2 instance so
00:21nacl is not security groups is the right answer waf is web application firewall aw shield is to
00:28protect against threat so b is the correct answer yes security groups are instance
00:35level virtual firewalls that are stateful uh nacl are stateless and operate at subnet level
00:42so which aw service provides comprehensive recommendation for uh cost optimization
00:49security performance often referred to an automated cloud expert so aws trusted advisor
00:57is often referred to an automated cloud expert so trusted advisor is a service used for identifying
01:06security issues and managing environments for cost optimization and performance
01:12what is the primary purpose of cross account iam roles to create permanent security to enforce mfa
01:20to allow temporary and delegated access to resources in one aws account by an identity
01:27in another aws account so c is the direct answer cross account iam roles are an authenticated method that
01:34allows users in one account to temporarily assume a role in another account to access resources
01:43so moving to the next question which method is used to manage access to aws management console providing a
01:50single sign on experience for users to access multiple aws accounts and applications so you can always see c is
01:58the correct answer aws im identity center which is aws single sign on it is used for federated identity
02:07management providing users with a single sign on to multiple aws accounts and cloud applications
02:15moving to the next question to prevent unauthorized access unauthorized users from using stolen credentials
02:22for api access a customer should rely on which iam resource for storing credentials securely
02:30c is the correct answer c aws secret manager is aws system manager secret
02:51uh credential storage it's a credential storage it's a credential storage service like aws secret manager
02:57and aws system manager parameter store are used to secure access keys and passwords
03:05so which concept of cloud security includes both encryption in transit and encryption at rest
03:13so it is the b benefits of cloud security uh identifying different encryption options such as encryption in transit and at rest is a core benefit of cloud security
03:28so moving to the next question which two services can be used to monitor and manage uh environments for governance and compliance
03:37so cloud watch and uh config are the two services which is used to manager
03:47so governance and tabla include monitoring with aws cloud watch and auditing with aws config yes
03:57question number 31 when users should perform a task that only the account root can perform so
04:06uh b is the correct answer because you have to protect the root user it is critical to understand that
04:14account root user should be protected and used for a limited number of tasks only such as changing the support
04:22plan so which service in web is a web application firewall that helps protect web application for common
04:32experts so w is waf is a web application firewall basically c is is the correct answer
04:43moving to the next question which is uh if a user is looking for security related documentation and
04:50information which aws resource is most likely to contain blog post so b is the correct answer aws security
04:58blogs so aws security blog is especially listed uh as a source of security information that aws provides
05:08so what is an example of a shared responsibility between aws and the customer so patching and configuring
05:13a running guest operating system is a shared uh responsibility between the aws customer and the aws
05:24so these we have covered till question number 34 from question number 35 to 65 we'll continue in the another
05:30video
