- All Exams Instant Download
What are some ways the Engineer could achieve this?
A website currently runs on Amazon EC2 with mostly static content on the site. Recently, the site was subjected to a ODoS attack, and a Security Engineer was tasked with redesigning the edge security to help mitigate this risk in the future What are some ways the Engineer could achieve...
Which solution addresses these requirements?
A company's Developers plan to migrate their on-premises applications to Amazon EC2 instances running Amazon Linux AMIs. The applications are accessed by a group of partner companies. The Security Engineer needs to implement the following host-based security measures for these instances: • Block traffic from documented known bad IP addresses...
Which AWS services should be included in the plan?
A security engineer is designing an incident response plan to address the risk of a compromised Amazon EC2 instance. The plan must recommend a solution to meet the following requirements: • A trusted forensic environment must be provisioned • Automated response processes must be orchestrated Which AWS services should be...
Which CMK-related issues could be responsible?
The Development team receives an error message each time the team members attempt to encrypt or decrypt a Secure String parameter from the SSM Parameter Store by using an AWS KMS customer managed key (CMK). Which CMK-related issues could be responsible? (Choose two.)A . The CMK specified in the application...
What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?
What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)? A . The Amazon WorkMail and Amazon SES services have delegated KMS encrypt and decrypt permissions to the ExampleUser principal in the 111122223333 account.B . The ExampleUser principal can...
Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE)
Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE)A . Default AWS Certificate Manager certificateB . Custom SSL certificate stored in AWS KMSC . Default CloudFront certificateD . Custom SSL certificate stored in AWS Certificate ManagerE . Default SSL certificate stored in AWS...
Which combination of steps should the security engineer recommend?
A company has a VPC with several Amazon EC2 instances behind a NAT gateway. The company's security policy states that all network traffic must be logged and must include the original source and destination IP addresses. The existing VPC Flow Logs do not include this information. A security engineer needs...
Which configurations will support these requirements?
A Security Administrator has a website hosted in Amazon S3. The Administrator has been given the following requirements: - Users may access the website by using an Amazon CloudFront distribution. - Users may not access the website directly by using an Amazon S3 URL. Which configurations will support these requirements?...
What will enable the security engineer to saw the change?
A security engineer is asked to update an AW3 CoudTrail log file prefix for an existing trail. When attempting to save the change in the CloudTrail console, the security engineer receives the following error message. "There is a problem with the bucket policy'' What will enable the security engineer to...
What are the MOST effective steps to take lo ensure that the instance is not further manipulated while allowing the Engineer to understand what happened?
A Security Engineer noticed an anomaly within a company EC2 instance as shown in the image. The Engineer must now investigate what e causing the anomaly. What are the MOST effective steps to take lo ensure that the instance is not further manipulated while allowing the Engineer to understand what...
