Sale!

AWS Certified Security Specialty

$25.00 $19.95

  • Passing Score: 800
  • Time Limit: 120 min
  • File Version: 5.0
  • Q&A: 139
  • Updated October 2020
Recommend this page

Description


Advance your career in Artificial intelligence and get $50 off on a Udacity Nanodegree Programs

Exam Demo

AWS Certified Security Specialty

QUESTION 1
The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using
an identified access key.
What approach would enable the Security team to find out what the former employee may have done within AWS?
A. Use the AWS CloudTrail console to search for user activity.
B. Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
C. Use AWS Config to see what actions were taken by the user.
D. Use Amazon Athena to query CloudTrail logs stored in Amazon S3.

Correct Answer: A

QUESTION 2
The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock 12 hours ago. The Audit team
identified a typo that is allowing incorrect access to the vault.
What is the MOST cost-effective way to correct this?
A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lock again.
B. Copy the vault data to Amazon S3, delete the vault, and create a new vault with the data.
C. Update the policy, keeping the vault lock in place.
D. Update the policy and call initiate-vault-lock again to apply the new policy.

Correct Answer: A

QUESTION 3
A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory.

What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
A. AWS IAM groups
B. AWS IAM users
C. AWS IAM roles
D. AWS IAM access keys

Correct Answer: C

Reference: https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/

QUESTION 4
A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each
account targeted for audit. The Auditor is having trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)
A. The external ID used by the Auditor is missing or incorrect.
B. The Auditor is using the incorrect password.
C. The Auditor has not been granted sts:AssumeRole for the role in the destination account.
D. The Amazon EC2 role used by the Auditor must be set to the destination account role.
E. The secret key used by the Auditor is missing or incorrect.
F. The role ARN used by the Auditor is missing or incorrect.

Correct Answer: CEF

QUESTION 5
Compliance requirements state that all communications between company on-premises hosts and EC2 instances be encrypted in transit. Hosts use
custom proprietary protocols for their communication, and EC2 instances need to be fronted by a load balancer for increased availability.
Which of the following solutions will meet these requirements?
A. Offload SSL termination onto an SSL listener on a Classic Load Balancer, and use a TCP connection between the load balancer and the EC2 instances.
B. Route all traffic through a TCP listener on a Classic Load Balancer, and terminate the TLS connection on the EC2 instances.
C. Create an HTTPS listener using an Application Load Balancer, and route all of the communication through that load balancer.
D. Offload SSL termination onto an SSL listener using an Application Load Balancer, and re-spawn and SSL connection between the load balancer and
the EC2 instances.

Correct Answer: C

Career skills to jumpstart your future.

0/5 (0 Reviews)