- All Exams Instant Download
How can the InfoSec team ensure compliance with this mandate?
The InfoSec team has mandated that in the future only approved Amazon Machine Images (AMIs) can be used. How can the InfoSec team ensure compliance with this mandate?A . Terminate all Amazon EC2 instances and relaunch them with approved AMIs.B . Patch all running instances by using AWS Systems Manager.C...
Which CMK-related issues could be responsible?
The Development team receives an error message each time the team members attempt to encrypt or decrypt a Secure String parameter from the SSM Parameter Store by using an AWS KMS customer managed key (CMK). Which CMK-related issues could be responsible? (Choose two.)A . The CMK specified in the application...
Which solution is the SIMPLEST way to allow the authentication of users using their social media identities?
The Security Engineer for a mobile game has to implement a method to authenticate users so that they can save their progress. Because most of the users are part of the same OpenID-Connect compatible social media website, the Security Engineer would like to use that as the identity provider. Which...
Which of the following options will mitigate the threat?
A threat assessment has identified a risk whereby an internal employee could exfiltrate sensitive data from production host running inside AWS (Account 1). The threat was documented as follows: Threat description: A malicious actor could upload sensitive data from Server X by configuring credentials for an AWS account (Account 2)...
Which steps should be taken to troubleshoot the issue?
An organization is using Amazon CloudWatch Logs with agents deployed on its Linux Amazon EC2 instances. The agent configuration files have been checked and the application log files to be pushed are configured correctly. A review has identified that logging from specific instances is missing. Which steps should be taken...
Which configurations will support these requirements?
A Security Administrator has a website hosted in Amazon S3. The Administrator has been given the following requirements: - Users may access the website by using an Amazon CloudFront distribution. - Users may not access the website directly by using an Amazon S3 URL. Which configurations will support these requirements?...
What is a scalable and efficient approach to meet this requirement?
A Security Engineer must enforce the use of only Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, and AWS STS in specific accounts. What is a scalable and efficient approach to meet this requirement?A . Set up an AWS Organizations hierarchy, and replace the FullAWSAccess policy with the following Service...
What mechanism will allow the company to implement all required network rules without incurring additional cost?
A company has complex connectivity rules governing ingress, egress, and communications between Amazon EC2 instances. The rules are so complex that they cannot be implemented within the limits of the maximum number of security groups and network access control lists (network ACLs). What mechanism will allow the company to implement...
Which of the following meets these requirements?
A company will store sensitive documents in three Amazon S3 buckets based on a data classification scheme of “Sensitive,” “Confidential,” and “Restricted.” The security solution must meet all of the following requirements: Each object must be encrypted using a unique key. Items that are stored in the “Restricted” bucket require...
What approach would enable the Security team to find out what the former employee may have done within AWS?
The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key. What approach would enable the Security team to find out what the former employee may have done within AWS?A . Use the...
