- All Exams Instant Download
How can the Engineer assess the impact of the key exposure and ensure that the credentials were not misused?
An employee accidentally exposed an AWS access key and secret access key during a public presentation. The company Security Engineer immediately disabled the key. How can the Engineer assess the impact of the key exposure and ensure that the credentials were not misused? (Choose two.)A . Analyze AWS CloudTrail for...
Which key policy would allow the application to do this while granting least privilege?
An application developer is using an AWS Lambda function that must use AWS KMS to perform encrypt and decrypt operations for API keys that are less than 2 KB. Which key policy would allow the application to do this while granting least privilege? A . Option AB . Option BC...
What could be responsible for the connection failure?
Authorized Administrators are unable to connect to an Amazon EC2 Linux bastion host using SSH over the internet. The connection either fails to respond or generates the following error message: Network error: Connection timed out. What could be responsible for the connection failure? (Select THREE)A . The NAT gateway in...
Which combination of steps would meet the requirements?
A company Is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The security team has the following requirements for the architecture: • Data must be encrypted in transit. • Data must be encrypted at rest. • The bucket must be...
What is the MOST cost-effective way to correct this?
The Security Engineer implemented a new vault lock policy for 10TB of data and called initiatevault-lock12 hours ago. The Audit team identified a typo that is allowing incorrect access to the vault. What is the MOST cost-effective way to correct this?A . Call the abort-vault-lockoperation, fix the typo, and call...
What mechanism will allow the company to implement all required network rules without incurring additional cost?
A company has complex connectivity rules governing ingress, egress, and communications between Amazon EC2 instances. The rules are so complex that they cannot be implemented within the limits of the maximum number of security groups and network access control lists (network ACLs). What mechanism will allow the company to implement...
Which of the following options will mitigate the threat?
A threat assessment has identified a risk whereby an internal employee could exfiltrate sensitive data from production host running inside AWS (Account 1). The threat was documented as follows: Threat description: A malicious actor could upload sensitive data from Server X by configuring credentials for an AWS account (Account 2)...
What will enable the security engineer to saw the change?
A security engineer is asked to update an AW3 CoudTrail log file prefix for an existing trail. When attempting to save the change in the CloudTrail console, the security engineer receives the following error message. "There is a problem with the bucket policy'' What will enable the security engineer to...
What is the likely cause of this access denial?
A Security Engineer creates an Amazon S3 bucket policy that denies access to all users. A few days later, the Security Engineer adds an additional statement to the bucket policy to allow read-only access to one other employee Even after updating the policy the employee still receives an access denied...
Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?
An application has been written that publishes custom metrics to Amazon CloudWatch. Recently, IAM changes have been made on the account and the metrics are no longer being reported. Which of the following is the LEAST permissive solution that will allow the metrics to be delivered?A . Add a statement...
