- All Exams Instant Download
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory. What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?A . AWS IAM groupsB . AWS...
Which action should the Engineer take based on this situation?
A Security Engineer received an AWS Abuse Notice listing EC2 instance IDs that are reportedly abusing other hosts. Which action should the Engineer take based on this situation? (Choose three.)A . Use AWS Artifact to capture an exact image of the state of each instance.B . Create EBS Snapshots of...
How can the Administrator restrict usage of member root user accounts across the organization?
A Security Administrator is restricting the capabilities of company root user accounts. The company uses AWS Organizations and has enabled it for all feature sets, including consolidated billing. The top-level account is used for billing and administrative purposes, not for operational AWS resource purposes. How can the Administrator restrict usage...
Which of the following approaches achieve this requirement?
A company requires that IP packet data be inspected for invalid or malicious content. Which of the following approaches achieve this requirement? (Choose two.)A . Configure a proxy solution on Amazon EC2 and route all outbound VPC traffic through it. Perform inspection within proxy software on the EC2 instance.B ....
Which configurations will support these requirements?
A Security Administrator has a website hosted in Amazon S3. The Administrator has been given the following requirements: - Users may access the website by using an Amazon CloudFront distribution. - Users may not access the website directly by using an Amazon S3 URL. Which configurations will support these requirements?...
How can edge security be enhanced to safeguard the Amazon EC2 instances against attack?
An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets. How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)A ....
Which of the following may be causing this problem?
A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The Auditor is having trouble accessing some of the accounts. Which of the following may be causing this problem? (Choose three.)A...
What is the MOST cost-effective way to correct this?
The Security Engineer implemented a new vault lock policy for 10TB of data and called initiatevault-lock12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault. What is the MOST cost-effective way to correct this?A . Call the abort-vault-lockoperation, fix the typo, and call...
What are the latest specification of RAML available?
What are the latest specification of RAML available?A . 0.8B . 1C . 2D . 1.8View AnswerAnswer: B
Which of the following actions should the Engineer perform to get further guidance?
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards. Which of the following actions should the Engineer perform to get further guidance?A . Read the AWS Customer Agreement.B . Use AWS Artifact to access AWS compliance...
