- All Exams Instant Download
Which of the following may be causing this problem?
A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The Auditor is having trouble accessing some of the accounts. Which of the following may be causing this problem? (Choose three.)A...
What approach enables the Administrator to search through the logs MOST efficiently?
A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated. What approach enables the Administrator to search through the logs MOST efficiently?A...
What is the MOST likely cause of the authentication errors?
A company’s database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager. The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days. After a short period of time,...
What could have been done to detect and automatically remediate the incident?
During a recent internal investigation, it was discovered that all API logging was disabled in a production account, and the root user had created new API keys that appear to have been used several times. What could have been done to detect and automatically remediate the incident?A . Using Amazon...
Which of the following solutions will meet these requirements?
Compliance requirements state that all communications between company on-premises hosts and EC2 instances be encrypted in transit. Hosts use custom proprietary protocols for their communication, and EC2 instances need to be fronted by a load balancer for increased availability. Which of the following solutions will meet these requirements?A . Offload...
Which AWS Key Management Service (KMS) key type should be used to meet this requirement?
An organization policy states that all encryption keys must be automatically rotated every 12 months. Which AWS Key Management Service (KMS) key type should be used to meet this requirement?A . AWS managed Customer Master Key (CMK)B . Customer managed CMK with AWS generated key materialC . Customer managed CMK...
Which of the following options should the Security Engineer use?
A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old. Which of the following options should the Security Engineer use?A . In the AWS Console, choose the IAM service and select “Users”. Review the “Access Key...
What is a scalable and efficient approach to meet this requirement?
A Security Engineer must enforce the use of only Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, and AWS STS in specific accounts. What is a scalable and efficient approach to meet this requirement?A . Set up an AWS Organizations hierarchy, and replace the FullAWSAccess policy with the following Service...
How can the Application team’s requirements be met?
An organization has tens of applications deployed on thousands of Amazon EC2 instances. During testing, the Application team needs information to let them know whether the network access control lists (network ACLs) and security groups are working as expected. How can the Application team’s requirements be met?A . Turn on...
What is the MOST likely cause of the authentication errors?
A company’s database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager. The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days. After a short period of time,...
