- All Exams Instant Download
When combination of actions should the security team take to make the application compliant within the security policy?
A recent security audit identified that a company's application team injects database credentials into the environment variables of an AWS Fargate task. The company's security policy mandates that all sensitive data be encrypted at rest and in transit. When combination of actions should the security team take to make the...
What will enable the security engineer to saw the change?
A security engineer is asked to update an AW3 CoudTrail log file prefix for an existing trail. When attempting to save the change in the CloudTrail console, the security engineer receives the following error message. "There is a problem with the bucket policy'' What will enable the security engineer to...
How should the Security Engineer meet these requirements?
A company's Security Officer is concerned about the risk of AWS account root user logins and has assigned a Security Engineer to implement a notification solution for near-real-time alerts upon account root user logins. How should the Security Engineer meet these requirements?A . Create a cron job that runs a...
Which of the following options should the Security Engineer use?
A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old. Which of the following options should the Security Engineer use?A . In the AWS Console, choose the IAM service and select “Users”. Review the “Access Key...
How can the security team continue using GuardDuty while meeting these requirements?
A global company that deals with International finance is investing heavily in cryptocurrencies and wants to experiment with mining technologies using AWS. The company's security team has enabled Amazon GuardDuty and is concerned by the number of findings being generated by the accounts. The security team wants to minimize the...
A company has a VPC with an IPv6 address range and a public subnet with an IPv6 address block. The VPC currently hosts some public Amazon EC2 instances but a Security Engineer needs to migrate a second application into the VPC that also requires IPv6 connectivity.
A company has a VPC with an IPv6 address range and a public subnet with an IPv6 address block. The VPC currently hosts some public Amazon EC2 instances but a Security Engineer needs to migrate a second application into the VPC that also requires IPv6 connectivity. This new application will...
What is the MOST secure way to accomplish this?
A security engineer has created an Amazon Cognito user pool. The engineer needs to manually verify the ID and access token sent by the application for troubleshooting purposes What is the MOST secure way to accomplish this?A . Extract the subject (sub), audience (aud), and cognito:username from the ID token...
How should a security engineer resolve these issues?
A company recently performed an annual security assessment of its AWS environment. The assessment showed that audit logs are not available beyond 90 days and that unauthorized changes to IAM policies are made without detection. How should a security engineer resolve these issues?A . Create an Amazon S3 lifecycle policy...
What policy should the Engineer implement?
To meet regulatory requirements, a Security Engineer needs to implement an IAM policy that restricts the use of AWS services to the us-east-1 Region. What policy should the Engineer implement? A) B) C) D) A . Option AB . Option BC . Option CD . Option DView AnswerAnswer: A
Which AWS Key Management Service (KMS) key type should be used to meet this requirement?
An organization policy states that all encryption keys must be automatically rotated every 12 months. Which AWS Key Management Service (KMS) key type should be used to meet this requirement?A . AWS managed Customer Master Key (CMK)B . Customer managed CMK with AWS generated key materialC . Customer managed CMK...
