- All Exams Instant Download
How should a Security Engineer accomplish this?
A company requires that SSH commands used to access its AWS instance be traceable to the user who executed each command. How should a Security Engineer accomplish this?A . Allow inbound access on port 22 at the security group attached to the instance Use AWS Systems Manager Session Manager for...
Which combination of steps is required to ensure availability of the certificate in the CloudFront console?
A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to AWS Certificate Manager. Which combination of steps is required to ensure availability of the certificate in the CloudFront console? (Choose two.)A ....
Which action should the Security Engineer take to allow communication over the public IP addresses?
A Security Engineer launches two Amazon EC2 instances in the same Amazon VPC but in separate Availability Zones. Each instance has a public IP address and is able to connect to external hosts on the internet. The two instances are able to communicate with each other by using their private...
What should the Security Engineer do to make the proxy EC2 instances route traffic to the internet?
A company is configuring three Amazon EC2 instances with each instance in a separate Availability Zone. The EC2 instances wilt be used as transparent proxies for outbound internet traffic for ports 80 and 443 so the proxies can block traffic to certain internet destinations as required by the company's security...
How can the Application team’s requirements be met?
An organization has tens of applications deployed on thousands of Amazon EC2 instances. During testing, the Application team needs information to let them know whether the network access control lists (network ACLs) and security groups are working as expected. How can the Application team’s requirements be met?A . Turn on...
What should be done to provide a consolidated compliance overview for the security team?
Topic 1, Exam Pool OCT A company's security team has defined a set of AWS Config rules that must be enforced globally in all AWS accounts the company owns. What should be done to provide a consolidated compliance overview for the security team?A . Use AWS Organizations to limit AWS...
How can this be accomplished?
A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user’s IAM permissions in the case of a security incident. How can this be accomplished?A . Use AWS Config to review the IAM policy assigned to users before and after the...
Which combination of actions would build the required solution?
A company has several production AWS accounts and a central security AWS account. The security account is used for centralized monitoring and has IAM privileges to all resources in every corporate account. All of the company's Amazon S3 buckets are tagged with a value denoting the data classification of their...
How can the Security Engineer further protect currently running instances?
A Developer’s laptop was stolen. The laptop was not encrypted, and it contained the SSH key used to access multiple Amazon EC2 instances. A Security Engineer has verified that the key has not been used, and has blocked port 22 to all EC2 instances while developing a response plan. How...
Which of the following troubleshooting steps should be performed?
Two Amazon EC2 instances in different subnets should be able to connect to each other but cannot. It has been confirmed that other hosts in the same subnets are able to communicate successfully, and that security groups have valid ALLOW rules in place to permit this traffic. Which of the...
