- All Exams Instant Download
Which option for the use of the AWS Key Management Service (KMS) supports key management best practices that focus on minimizing the potential scope of data exposed by a possible future key compromise?
Which option for the use of the AWS Key Management Service (KMS) supports key management best practices that focus on minimizing the potential scope of data exposed by a possible future key compromise?A . Use KMS automatic key rotation to replace the master key, and use this new master key...
What is causing this situation?
The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs. After the switch, some users on older devices are no longer able to connect to the website. What is causing this situation?A . Application Load Balancers do not support older web...
Which of the following meet these security requirements?
A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements: - Encryption in transit - Encryption at rest - Logging of all object retrievals in AWS CloudTrail Which of the following meet these security requirements? (Choose three.)A . Specify “aws:SecureTransport”: “true” within a condition...
Which AWS Key Management Service (KMS) key type should be used to meet this requirement?
An organization policy states that all encryption keys must be automatically rotated every 12 months. Which AWS Key Management Service (KMS) key type should be used to meet this requirement?A . AWS managed Customer Master Key (CMK)B . Customer managed CMK with AWS generated key materialC . Customer managed CMK...
Which steps should be taken to troubleshoot the issue?
An organization is using Amazon CloudWatch Logs with agents deployed on its Linux Amazon EC2 instances. The agent configuration files have been checked and the application log files to be pushed are configured correctly. A review has identified that logging from specific instances is missing. Which steps should be taken...
Which solution would remediate the audit finding while minimizing the effort required?
An organization has a system in AWS that allows a large number of remote workers to submit data files. File sizes vary from a few kilobytes to several megabytes. A recent audit highlighted a concern that data files are not encrypted while in transit over untrusted networks. Which solution would...
How can edge security be enhanced to safeguard the Amazon EC2 instances against attack?
An application is currently secured using network access control lists and security groups. Web servers are located in public subnets behind an Application Load Balancer (ALB); application servers are located in private subnets. How can edge security be enhanced to safeguard the Amazon EC2 instances against attack? (Choose two.)A ....
What is the MOST cost-effective way to manage the storage of credentials?
A water utility company uses a number of Amazon EC2 instances to manage updates to a fleet of 2,000 Internet of Things (IoT) field devices that monitor water quality. These devices each have unique access credentials. An operational safety policy requires that access to specific credentials is independently auditable. What...
What additional items need to be added to the IAM user policy?
An IAM user with fill EC2 permissions could bot start an Amazon EC2 instance after it was stopped for a maintenance task. Upon starting the instance, the instance state would change to “Pending”, but after a few seconds, it would switch back to “Stopped”. An inspection revealed that the instance...
What solution will allow the Security team to complete this request?
During a recent security audit, it was discovered that multiple teams in a large organization have placed restricted data in multiple Amazon S3 buckets, and the data may have been exposed. The auditor has requested that the organization identify all possible objects that contain personally identifiable information (PII) and then...
