- All Exams Instant Download
What is the MOST efficient way to meet these requirements?
A Software Engineer wrote a customized reporting service that will run on a fleet of Amazon EC2 instances. The company security policy states that application logs for the reporting service must be centrally collected. What is the MOST efficient way to meet these requirements?A . Write an AWS Lambda function...
What approach enables the Administrator to search through the logs MOST efficiently?
A Security Administrator is performing a log analysis as a result of a suspected AWS account compromise. The Administrator wants to analyze suspicious AWS CloudTrail log files but is overwhelmed by the volume of audit logs being generated. What approach enables the Administrator to search through the logs MOST efficiently?A...
What can be done to implement the above policy?
A company has a customer master key (CMK) with imported key materials. Company policy requires that all encryption keys must be rotated every year. What can be done to implement the above policy?A . Enable automatic key rotation annually for the CMC . Use AWS Command Line interface to create...
Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM change have been made on the account and the metrics are no longer being reported. Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?A . Add a statement...
How can the Security Engineer further protect currently running instances?
A Developer’s laptop was stolen. The laptop was not encrypted, and it contained the SSH key used to access multiple Amazon EC2 instances. A Security Engineer has verified that the key has not been used, and has blocked port 22 to all EC2 instances while developing a response plan. How...
What does the statement allow?
A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies found this statement in each key policy in the company AWS account. What does the statement allow?A . All principals from all AWS accounts to use the key.B . Only the root user from account 111122223333...
The mail application should be configured to connect to which of the following endpoints and corresponding ports?
A Systems Engineer has been tasked with configuring outbound mail through Simple Email Service (SES) and requires compliance with current TLS standards. The mail application should be configured to connect to which of the following endpoints and corresponding ports?A . email.us-east-1.amazonaws.com over port 8080B . email-pop3.us-east-1.amazonaws.com over port 995C ....
Which CMK-related issues could be responsible?
The Development team receives an error message each time the team members attempt to encrypt or decrypt a Secure String parameter from the SSM Parameter Store by using an AWS KMS customer managed key (CMK). Which CMK-related issues could be responsible? (Choose two.)A . The CMK specified in the application...
What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)?
What is the function of the following AWS Key Management Service (KMS) key policy attached to a customer master key (CMK)? A . The Amazon WorkMail and Amazon SES services have delegated KMS encrypt and delegated KMS encrypt and decrypt permissions to the ExampleUser principal in the 111122223333 account.B ....
Which action should the Security Engineer take to allow communication over the public IP addresses?
A Security Engineer launches two Amazon EC2 instances in the same Amazon VPC but in separate Availability Zones. Each instance has a public IP address and is able to connect to external hosts on the internet. The two instances are able to communicate with each other by using their private...
