- All Exams Instant Download
Which solution will meet these requirements?
A company discovers a billing anomaly in its AWS account. A security consultant investigates the anomaly and discovers that an employee who left the company 30 days ago still has access to the account. The company has not monitored account activity in the past. The security consultant needs to determine...
Which solution meets these requirements?
A company is using Amazon Elastic Container Service (Amazon ECS) to deploy an application that deals with sensitive data During a recent security audit, the company identified a security issue in which Amazon RDS credentials were stored with the application code In the company's source code repository A security engineer...
Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE)
Which of the following are valid configurations for using SSL certificates with Amazon CloudFront? (Select THREE) A. Default AWS Certificate Manager certificate B. Custom SSL certificate stored in AWS KMS C. Default CloudFront certificate D. Custom SSL certificate stored in AWS Certificate Manager E. Default SSL certificate stored in AWS...
What should the security engineer do next to meet these requirements?
A company needs to store multiple years of financial records. The company wants to use Amazon S3 to store copies of these documents. The company must implement a solution to prevent the documents from being edited, replaced, or deleted for 7 years after the documents are stored in Amazon S3....
How will the security engineer be able to comply with these requirements?
Within a VPC, a corporation runs an Amazon RDS Multi-AZ DB instance. The database instance is connected to the internet through a NAT gateway via two subnets. Additionally, the organization has application servers that are hosted on Amazon EC2 instances and use the RDS database. These EC2 instances have been...
Which SCP should the security engineer attach to the root of the organization to meet these requirements?
A company deploys a set of standard IAM roles in AWS accounts. The IAM roles are based on job functions within the company. To balance operational efficiency and security, a security engineer implemented AWS Organizations SCPs to restrict access to critical security services in all company accounts. All of the...
Which approach should the team take to accomplish this task?
Amazon GuardDuty has detected communications to a known command and control endpoint from a company's Amazon EC2 instance. The instance was found to be running a vulnerable version of a common web framework. The company's security operations team wants to quickly identity other compute resources with the specific version of...
What should the Security Engineer do to block the malicious bot?
A Security Engineer receives alerts that an Amazon EC2 instance on a public subnet is under an SFTP brute force attack from a specific IP address, which is a known malicious bot. What should the Security Engineer do to block the malicious bot?A . Add a deny rule to the...
Which combination of steps should a security engineer implement to grant appropriate access?
A developer is building a serverless application hosted on AWS that uses Amazon Redshift as a data store The application has separate modules for readwrite and read-only functionality The modules need their own database users for compliance reasons Which combination of steps should a security engineer implement to grant appropriate...
What is the FASTEST way for the security engineer to identify the federated user?
A company uses an external identity provider to allow federation into different IAM accounts. A security engineer for the company needs to identify the federated user that terminated a production Amazon EC2 instance a week ago. What is the FASTEST way for the security engineer to identify the federated user?A...
