Nov 29, 2023

ニュース:1.LINEヤフー、2.ドメイン放棄手続き、3.さくらインターネット

LINEヤフー、不正アクセスで約44万件超の個人情報が漏え
 原因は委託先企業の
PCのマルウェア感染 (11/27)

https://internet.watch.impress.co.jp/docs/news/1550141.html

 

不正アクセスによる、情報漏えいに関するお知らせとお詫び (11/27)

https://ly.swcms.net/ja/ir/news/auto_20231127594672/main/0/link/Notice%20and%20apology%20regarding%20information%20leakage%20due%20to%20unauthorized%20access_JP.pdf

『二次被害のおそれがあると評価したユーザーの皆さまには、個別にご連絡いたします .. 
なお、個別にご連絡ができない皆さまには、本発表を以て、通知とさせていただきます。』

 

http://www.st.ryukoku.ac.jp/~kjm/security/memo/2023/11.html#20231129__line

 『対応実施から通知開始まで 1 か月かかっているなあ。
 影響対象の洗い出しに 1 か月かかったということなんだろうか。』


   916回 またやらかした!LINEヤフー情報漏洩 だから私は使わない (11/28)

   https://www.youtube.com/watch?v=2YVCivd2vhs


 

・ドメインの放棄 企業はどのようにドメインを捨てるべきか? (11/26)

https://webweb.hatenablog.com/blog/seo/expired-domain

『運用終了したドメインは、まずは1年間301リダイレクトを行うことをお勧めします。

 .. 

私は、1年のリダイレクトを終了した後でサイトにアクセス出来ない状態で10年放置するのが望ましい対応と考えます。』

 

・さくらインターネット、「ガバメントクラウド」のサービス提供事業者に国内事業者として初めて選定 (11/29)

https://internet.watch.impress.co.jp/docs/news/1550458.html

Nov 28, 2023

ニュース:1.QRコード事件、2.ブッキング・ドットコム悪用

・「いなげや」QRコードから不正サイトに誘導、カード情報抜き取られる被害 (11/10)

https://www.itmedia.co.jp/news/articles/2311/10/news120.html

『ネットスーパーの入会案内ポスター/チラシに記載したQRコードが、予定していない不正サイトにアクセスする事象が発生し、一部の顧客のクレジットカード情報が抜き取られる被害が発生した

 

 短縮URLサービス利用時に表示された悪質な広告についてまとめてみた (11/12)

https://piyolog.hatenadiary.jp/entry/2023/11/12/014635

QRコードの読込先として記載されていたURL .. 短縮URLサービス「オンラインツール (onl.jp)」を使用していた .. 短縮先として指定されたURLへ遷移する前に当該サービスの読込ページが表示される場合があり .. Start」や「OKなどと誤ってつい押してしまいそうな悪質な広告が配信される場合がある .. そのまま操作を進めると「モバイルアクティベーションをする必要がある」などと何らかの入会などを装うサイトに接続し、クレジットカード情報の入力画面に誘導される。』

 

・オートバックスのDMにあるQRコードにアクセスしたら詐欺サイトに飛ばされてクレカ決済されてしまった「QRコードを乗っ取られた?」 (11/11)

https://togetter.com/li/2257076

 

・ブッキング・ドットコム悪用して客のカード情報盗む 世界規模で被害 (11/11)

 https://www.asahi.com/articles/ASRCC5GK1RC2ULZU00D.html

『世界最大級の宿泊予約サイト「ブッキング・ドットコム」の仕組みが悪用され、ホテルなど宿泊施設のパソコン端末がハッキングされて予約客のクレジットカード情報が盗まれる被害が、今年5月以降に日本国内で相次いでいる..

今回の被害は何者かが旅行者を装い、ホテルに英文のメールを送りつけることで始まる。メールにはウイルス感染を誘発するリンクが埋め込まれており、ブッキング・ドットコム用のホテルのID、パスワードを詐取。何者かはそれを使ってブッキング・ドットコムのサイトに不正にアクセスし、ホテルを装って旅行者にメッセージを送る。「事前決済が必要」と虚偽を伝え、同社に似せた偽サイトにカード番号を入力させて盗む、「フィッシング」という手法だ』

 

 Booking.comへの不正アクセス、国内ホテルでの被害相次ぐ (06/20)

https://xtech.nikkei.com/atcl/nxt/column/18/00598/021300221/

 

Nov 3, 2023

Skill Assessment - AWS Q100

100. Which is default user in Ec2 Linux-red hat/amazon.

l  root

l  Ec2user

l  ec2-user

l  linux

 

 

Q101. When using Systems Manager, you can create policies through Systems Manager ____.

l  Policy Manager

l  State Manager

l  Documents

l  Inventory

 

 

Q102. Businesses are increasingly moving towards hybrid cloud environments with automated IT.

What Amazon EC2 State Manager feature is particularly useful for these companies?

l  validity

l  consistency

l  reliability

l  redundancy

 

 

Q103. Your DevOps manager has noticed that there is a problem with the installation of the MySQL software

in one of your Windows instances and asks you to repair it.

What would be the recommended way to fix this issue with AWS Systems Manager?

l  Write a Power Shell script that re-installs the msi file and run it with Run Command.

l  Execute the AWS-ApplyPatchBaseline command.

l  Allow State Manager to automatically fix it on batch.

l  Use Run Command to execute the AWS-InstallApplication document.

 

ChatGPT answered differently ..

The recommended way to fix the issue with the installation of the MySQL software in a Windows instance using AWS Systems Manager would be to write a PowerShell script that reinstalls the MSI file and then execute it using AWS Systems Manager Run Command.

 

This method leverages the flexibility of AWS Systems Manager Run Command, allowing you to remotely run scripts or commands on your managed instances, including running a PowerShell script to reinstall the MySQL software MSI file. This approach provides direct control and allows you to address specific issues with the installation.

 

Executing the "AWS-InstallApplication" document or "AWS-ApplyPatchBaseline" command might not be the most appropriate actions for repairing the MySQL software installation issue, as these are more suited for specific purposes like applying patches or installing applications based on predefined configurations.

 

Instead, using Run Command with a custom PowerShell script to fix the issue by reinstalling the MySQL software would be the recommended approach in this scenario.

 

 

Q104. Within EC2 Systems Manager, you can use Patch ____ to pick the patches you want to install with your instances.

l  Levels

l  Manager

l  Baselines

l  Policy

 

 

Q105. When is an AWS Batch job's status runnable?

l  When a submitted job's resources are being deployed

l  When a submitted job has been evaluated

l  When a submitted, evaluated job has zero dependencies outstanding

l  When a submitted job is next in the job queue

 

 

Q106. Which statement regarding AWS Batch automated retries is correct?

l  Each job is provided a single job attempt by default, but a user can modify this to unlimited attempts if desired.

l  Each job is provided a single job attempt by default, but the AWS Batch job scheduler may modify this after evaluating the submitted job.

l  Each job is provided a single job attempt by default, but a user can modify this to as many as 10 attempts if desired.

l  Each job is limited to a single attempt before being classified as succeeded or failed.

 

ChatGPT also adds ..

By default, each job in AWS Batch is provided a single job attempt. However, users have the flexibility to modify the number of attempts to as many as 10, if needed, through job definition parameters. This allows users to set up retry attempts for jobs that might fail for various reasons, providing resilience and the opportunity for failed jobs to be retried multiple times before being classified as succeeded or failed.

 

 

Q107. What AWS Batch job parameter can you specify to prevent an unsuccessful job from being stuck in a loop?

l  The duration of job timeout

l  A resource expenditure cap

l  The number of automated job retries

l  An AWS Batch job agent

 

 

Q108. In which of the following AWS Batch components can a user set a priority level, for time-sensitive or low-priority jobs?

l  Within the job scheduler

l  Within the job itself

l  Within the job definition

l  Within a job queue

 

ChatGPT adds ..

In AWS Batch, job queues are used to submit jobs. These job queues can have various priority levels assigned to them. When a job is submitted to a job queue, the priority level of that job queue determines the priority of the job.

 

Users can assign different jobs to different queues, which helps in managing priorities. Jobs in higher priority queues will be scheduled and executed before jobs in lower priority queues, allowing for prioritization of time-sensitive jobs or the assignment of low-priority tasks.

 

Therefore, the priority level for time-sensitive or low-priority jobs is set within the job queue in AWS Batch.

 

 

Q109. You may invalidate up to _ path files each month from Amazon CloudFront at no additional charge.

l  100

l  5,000

l  1,000

l  500

 

 

Q110. Which of the following is recommended when you want to analyze Access Logs

of a single stream more quickly and accurately for a given period?

l  Check all the log files you receive for a given period one by one.

l  Analyze all the log files line by line.

l  Combine all the log files you receive for a given period into one file.

l  Compare log files with Amazon CloudWatch results.

 

 

Q111. In regard to Amazon CloudFront, when you create a new web distribution, the Path Pattern for the default cache behavior is set to **_**.

 

l  (all files) and cannot be changed

l  HTML files and cannot be changed

l  HTML files and can be changed

l  (all files) and can be changed

 

ChatGPT answers quite differently ..

When you create a new web distribution in Amazon CloudFront, the Path Pattern for the default cache behavior is set to _ which represents "all files" and it can be changed.

 

The _ wildcard character in the Path Pattern denotes a catch-all or a wildcard match for any file or path requested. This default cache behavior path pattern matches any request path, indicating that the cache behavior applies to all types of files in the distribution.

 

However, the default cache behavior's path pattern can indeed be changed by the user according to their specific requirements for caching rules and behaviors for different file types or paths.

 

注、Amazon CloudFrontAWSが提供するグローバルなコンテンツ配信ネットワーク。

そのキャッシュのヒット効率やリソース使用量を制御するため、デフォルトでは変更可能なのではとの素朴な疑問が残る。

 

下記参考サイトは過去問回答と同じだが、正しい問いか?

参考https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html

 

 

Q112. In Amazon CloudFront, if you add a CNAME for www.example.com to your distribution,

you also need to create (or update) a CNAME record with your DNS service.

l  TRUE

l  False, you cannot add a CNAME to your distribution.

l  False, you should add a CNAME record with your CloudWatch metrics and not the DNS.

l  False, it is not necessary to create a CNAME record with your DNS service as it is done automatically by Amazon.

 

ChatGPT also adds ..

The statement is TRUE.

 

If you add a CNAME for www.example.com to your Amazon CloudFront distribution, you will need to create (or update) a CNAME record with your DNS service. This action is necessary for the DNS to correctly route traffic to your CloudFront distribution using your custom domain (www.example.com, in this case).

 

When you set up a CNAME in your CloudFront distribution, it generates a CloudFront domain name (like d1234567890.cloudfront.net). However, to use a custom domain like www.example.com, you must create a CNAME record in your DNS service that points to the CloudFront domain name. This linkage ensures that requests to your custom domain are correctly routed to the associated CloudFront distribution.

 

 

Q113. Which of the following statements is true of Amazon CloudFront

when you can control how long your objects stay in a CloudFront cache before it forwards another request to your origin?

l  All answers listed are correct.

l  Reducing the duration allows you to serve dynamic content.

l  Increasing the duration means your customers get better performance.

l  A longer duration also reduces the load on your origin.

 

 

Q114. You are tasked with supporting users of a mobile app.

The app allows users to view content (e.g., images) but only upload images if they are logged in to the app via Cognito.

Which option would require the least amount of development time and provide the highest security to prevent non-authenticated users from posting content?

l  Create a Cognito Identity Pool with roles for both authorized and unauthorized user and appropriate permissions on those roles.

l  Switch API access keys at run-time based on the user's log in state.

l  Set policies on the database table (DynamoDB or RDS) for user permissions.

l  Expose an API Gateway for public use to fetch content and a second API for writing content requiring an auth token.

 

 

Q115. If a user requires programmatic access to your AWS resources, what is required to authenticate?

l  Access Keys

l  Key pair

l  MFA activated on the user account

l  A role association

 

Ref. http://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

 

ChatGPT also says …

If a user requires programmatic access to your AWS resources, they need Access Keys for authentication. 

l  Access Keys, which consist of an Access Key ID and a Secret Access Key, are used to authenticate programmatic access to AWS resources. These keys are essential for using AWS APIs, Command Line Interface (CLI), AWS SDKs, or any other tool or service that communicates with AWS services programmatically. They provide the necessary credentials to authenticate and access AWS resources securely. 

l  MFA (Multi-Factor Authentication) activated on the user account adds an extra layer of security but is not specifically used for programmatic access through access keys.

l  A key pair is typically used for SSH access to AWS instances and is not related to programmatic access in the AWS environment.

l  Role association, while crucial for defining permissions and access to resources, does not directly serve as the means for programmatic access; it's more about the permissions a user or entity has in the AWS environment.

 

 

Q116. **___** are predefined, out-of-the-box policies that grant permissions for common use cases to eliminate the need to determine what permissions are needed.

l  Resource policies

l  AWS managed policies

l  Customer managed policies

l  Inline policies

 

Ref. http://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

 

 

Q117. Within an IAM policy, the __ _ ____ are top-level policy elements whereas the rest of them are statement-level elements.

l  ID and Principal

l  Version and ID

l  ID and Statement

l  Version and Statement

 

Ref. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html

 

 

Q118. Return traffic to all EC2 instances in a VPC's new public subnet is somehow blocked.

You would like to ensure that return traffic from all potential clients is received moving forward. Which port range should you allow to ensure that return traffic from all potential clients is received?

l  1-1024

l  1024-65535

l  1024-50000

l  1-65535

 

Ref. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html#VPC_ACLs_Ephemeral_Ports

 

 

Q119. You manage AWS credentials for a company that is onboarding two new employees:

one is an HR administrator, and the other is a developer. The Dev team is large and has an IAM group within the company's AWS accounts, but Human Resources currently has a single employee with no plans to expand the department. It is company policy to provide long-term credentials to AWS employees in a manner that allows simple reassignment in the case of any promotions or resignations. How can you provide appropriate AWS access to the new developer and follow company policy? (Choose 2 answers)

l  Attach appropriate IAM policies to the new developer's IAM user.

l  Add the new developer to the Developer IAM Group.

l  Attach a new IAM role to the new developer's IAM user.

l  Create a new IAM user for the developer.

 

Ref. https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html

 

 

Q120. Which of the following is a fully-managed AWS database service?

l  Amazon s3

l  Amazon RDS

l  Amazon MQ

l  Amazon VPC

 

 

Q121. Which AWS database service is a fully managed, serverless, multi-model database that supports document, key-value, and wide-column data models?

l  Amazon RDS

l  Amazon Redshift

l  Amazon DynamoDB

l  Amazon Neptune

l  Amazon Aurora

 

 

過去問

https://github.com/Ebazhanov/linkedin-skill-assessments-quizzes/blob/main/aws/aws-quiz.md