A company has an application hosted in an Amazon EC2 instance and wants the application to access secure strings stored in AWS Systems Manager ParameterStore.When the application tries to access the secure string key value, it fails.Which factors could be the cause of this failure? (Choose two.)Read More →
A company wants to deploy a distributed web application on a fleet of EC2 instances.The fleet will be fronted by a Classic Load Balancer that will be configured to terminate the TLS connection.The company wants to make sure that all past and current TLS traffic to the Classic Load Balancer stays secure, even if the certificate private key is leaked.To ensure the company meets these requirements, a Security Engineer can configure a Classic Load Balancer with:Read More →
A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS Infrastructure.Which of the following solutions would provide the MOST scalable solution?Read More →
A company has an AWS account and allows a third-party contractor, who uses another AWS account, to assume certain IAM roles.The company wants to ensure that IAM roles can be assumed by the contractor only if the contractor has multi-factor authentication enabled on their IAM user accounts.What should the company do to accomplish this?Read More →
During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent.Why were there no alerts on the sudo commands?Read More →
A large company wants its Compliance team to audit its Amazon S3 buckets to identify if personally identifiable information (PII) is stored in them.The company has hundreds of S3 buckets and has asked the Security Engineers to scan every bucket.How can this task be accomplished?Read More →
A company’s Chief Security Officer has requested that a Security Analyst review and improve the security posture of each company AWS account.The SecurityAnalyst decides to do this by improving AWS account root user security.Which actions should the Security Analyst take to meet these requirements? (Choose three.)Read More →
An organization has a multi-petabyte workload that it is moving to Amazon S3, but the CISO is concerned about cryptographic wear-out and the blast radius if a key is compromised.How can the CISO be assured that AWS KMS and Amazon S3 are addressing the concerns? (Choose two.)Read More →
A Security Engineer accidentally deleted the imported key material in an AWS KMS CMK.What should the Security Engineer do to restore the deleted key material?Read More →
A Security Engineer is troubleshooting a connectivity issue between a web server that is writing log files to the logging server in another VPC.The Engineer has confirmed that a peering relationship exists between the two VPCs.VPC flow logs show that requests sent from the web server are accepted by the logging server, but the web server never receives a reply.Which of the following actions could fix this issue?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.