- All Exams Instant Download
What should the Security Engineer do to meet these requirements?
An organization wants to deploy a three-tier web application whereby the application servers run on Amazon EC2 instances. These EC2 instances need access to credentials that they will use to authenticate their SQL connections to an Amazon RDS DB instance. Also, AWS Lambda functions must issue queries to the RDS...
Which architecture should the Security Engineer use to meet these requirements?
The Security Engineer is managing a web application that processes highly sensitive personal information. The application runs on Amazon EC2. The application has strict compliance requirements, which instruct that all incoming traffic to the application is protected from common web exploits and that all outgoing traffic from the EC2 instances...
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory. What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?A . AWS IAM groupsB . AWS...
Based on the architecture shown in the image, what is the BEST way to protect the site against future attacks while minimizing the ongoing operational overhead?
A company recently experienced a DDoS attack that prevented its web server from serving content. The website is static and hosts only HTML, CSS, and PDF files that users download. Based on the architecture shown in the image, what is the BEST way to protect the site against future attacks...
What is the MOST cost-effective way to correct this?
The Security Engineer implemented a new vault lock policy for 10TB of data and called initiatevault-lock12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault. What is the MOST cost-effective way to correct this?A . Call the abort-vault-lock operation, fix the typo, and...
What is the MOST likely cause of the authentication errors?
A company’s database developer has just migrated an Amazon RDS database credential to be stored and managed by AWS Secrets Manager. The developer has also enabled rotation of the credential within the Secrets Manager console and set the rotation to change every 30 days. After a short period of time,...
Which of the following approaches achieve this requirement?
A company requires that IP packet data be inspected for invalid or malicious content. Which of the following approaches achieve this requirement? (Choose two.)A . Configure a proxy solution on Amazon EC2 and route all outbound VPC traffic through it. Perform inspection within proxy software on the EC2 instance.B ....
How can this be accomplished?
A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user’s IAM permissions in the case of a security incident. How can this be accomplished?A . Use AWS Config to review the IAM policy assigned to users before and after the...
