- All Exams Instant Download
Which solution will resolve this error?
A company is testing its incident response plan for compromised credentials. The company runs a database on an Amazon EC2 instance and stores the sensitive data-base credentials as a secret in AWS Secrets Manager. The secret has rotation configured with an AWS Lambda function that uses the generic rotation function...
You work at a company that makes use of IAM resources. One of the key security policies is to ensure that all data i encrypted both at rest and in transit.
You work at a company that makes use of IAM resources. One of the key security policies is to ensure that all data i encrypted both at rest and in transit. Which of the following is one of the right ways to implement this.A . Use S3 SSE and use...
What should the security engineer do next to meet this requirement?
A company wants to monitor the deletion of customer managed CMKs A security engineer must create an alarm that will notify the company before a CMK is deleted. The security engineer has configured the integration of IAM CloudTrail with Amazon CloudWatch What should the security engineer do next to meet...
Which solution will meet these requirements MOST securely?
A company uses AWS Organizations to run workloads in multiple AWS accounts Currently the individual team members at the company access all Amazon EC2 instances remotely by using SSH or Remote Desktop Protocol (RDP) The company does not have any audit trails and security groups are occasionally open. The company...
Which statement should the security specialist include in the policy?
A company uses an Amazon S3 bucket to store reports Management has mandated that all new objects stored in this bucket must be encrypted at rest using server-side encryption with a client-specified IAM Key Management Service (IAM KMS) CMK owned by the same account as the S3 bucket. The IAM...
Which approach should the team take to accomplish this task?
Amazon GuardDuty has detected communications to a known command and control endpoint from a company's Amazon EC2 instance. The instance was found to be running a vulnerable version of a common web framework. The company's security operations team wants to quickly identity other compute resources with the specific version of...
Which combination of steps should the security engineer take to allow the EC2 instances that are running in these two subnets to communicate again?
An AWS account that is used for development projects has a VPC that contains two subnets. The first subnet is named public-subnet-1 and has the CIDR block 192.168.1.0/24 assigned. The other subnet is named private-subnet-2 and has the CIDR block 192.168.2.0/24 assigned. Each subnet contains Amazon EC2 instances. Each subnet...
Which combination of steps must the company perform to meet this requirement?
A company is using AWS Organizations to manage multiple accounts. The company needs to allow an IAM user to use a role to access resources that are in another organization's AWS account. Which combination of steps must the company perform to meet this requirement? (Select TWO.)A . Create an identity...
What is the BEST way to monitor, on a recurring basis, whether all EBS volumes are encrypted?
Auditors for a health care company have mandated that all data volumes be encrypted at rest Infrastructure is deployed mainly via IAM CloudFormation however third-party frameworks and manual deployment are required on some legacy systems What is the BEST way to monitor, on a recurring basis, whether all EBS volumes...
Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE)
Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE) A. Default AWS Certificate Manager certificate B. Custom SSL certificate stored in AWS KMS C. Default CloudFront certificate D. Custom SSL certificate stored in AWS Certificate Manager E. Default SSL certificate stored in AWS...
