- All Exams Instant Download
A security engineer needs to provide a solution that corrects the error and minimizes operational overhead Which solution meets these requirements?
A company uses a third-party identity provider and SAML-based SSO for its AWS accounts After the third-party identity provider renewed an expired signing certificate users saw the following message when trying to log in: A security engineer needs to provide a solution that corrects the error and minimizes operational overhead...
Which option meets these requirements?
A company has decided to use encryption in its AWS account to secure the objects in Amazon S3 using server-side encryption. Object sizes range from 16.000 B to 5 MB. The requirements are as follows: • The key material must be generated and stored in a certified Federal Information Processing...
How can the Engineer perform the key rotation process MOST efficiently?
A company has a compliance requirement to rotate its encryption keys on an annual basis. A Security Engineer needs a process to rotate the KMS Customer Master Keys (CMKs) that were created using imported key material. How can the Engineer perform the key rotation process MOST efficiently?A . Create a...
Which solution would solve this problem?
A company has recently recovered from a security incident that required the restoration of Amazon EC2 instances from snapshots. After performing a gap analysis of its disaster recovery procedures and backup strategies, the company is concerned that, next time, it will not be able to recover the EC2 instances if...
What should the security engineer do to resolve this issue?
A company is using AWS Organizations to manage multiple AWS member accounts. All of these accounts have Amazon GuardDuty enabled in all Regions. The company's AW5 Security Operations Center has a centralized security account for logging and monitoring. One of the member accounts has received an excessively high bill A...
What can be done to implement the above policy?
A company has a customer master key (CMK) with imported key materials. Company policy requires that all encryption keys must be rotated every year. What can be done to implement the above policy?A . Enable automatic key rotation annually for the CMC . Use AWS Command Line Interface to create...
Which of the following solutions will meet these requirements?
Compliance requirements state that all communications between company on-premises hosts and EC2 instances be encrypted in transit. Hosts use custom proprietary protocols for their communication, and EC2 instances need to be fronted by a load balancer for increased availability. Which of the following solutions will meet these requirements?A . Offload...
Which of the following actions should the Engineer perform to get further guidance?
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards. Which of the following actions should the Engineer perform to get further guidance?A . Read the AWS Customer Agreement.B . Use AWS Artifact to access AWS compliance...
Which AWS Key Management Service (KMS) key type should be used to meet this requirement?
An organization policy states that all encryption keys must be automatically rotated every 12 months. Which AWS Key Management Service (KMS) key type should be used to meet this requirement?A . AWS managed Customer Master Key (CMK)B . Customer managed CMK with AWS generated key materialC . Customer managed CMK...
Which design will meet the requirements with MINIMUM effort?
An application outputs logs to a text file. The logs must be continuously monitored for security incidents. Which design will meet the requirements with MINIMUM effort?A . Create a scheduled process to copy the component’s logs into Amazon S3. Use S3 events to trigger a Lambda function that updates Amazon...
