A company runs an application on AWS that needs to be accessed only by employees.Most employees work from the office, but others work remotely or travel.How can the Security Engineer protect this workload so that only employees can access it?Read More →
For compliance reasons, an organization limits the use of resources to three specific AWS regions.It wants to be alerted when any resources are launched in unapproved regions.Which of the following approaches will provide alerts on any resources launched in an unapproved region?Read More →
The Security Engineer is managing a traditional three-tier web application that is running on Amazon EC2 instances.The application has become the target of increasing numbers of malicious attacks from the Internet.What steps should the Security Engineer take to check for known vulnerabilities and limit the attack surface? (Choose two.)Read More →
A Security Engineer has discovered that, although encryption was enabled on the Amazon S3 bucket examplebucket, anyone who has access to the bucket has the ability to retrieve the files.The Engineer wants to limit access to each IAM user can access an assigned folder only.What should the Security Engineer do to achieve this?Read More →
A company has identified two security concerns.One concern is unencrypted Amazon Elastic Block Store (Amazon EBS) volumes.The other concern is public IP addresses that are assigned to Amazon EC2 instances.A security engineer must build a solution to prevent and remediate these security issues.What should the security engineer do to meet these requirements with the LEAST amount of effort?Read More →
A security team is using Amazon EC2 Image Builder to build a hardened AMI with forensic capabilities.An AWS Key Management Service (AWS KMS) key will encrypt the forensic AMI.EC2 Image Builder successfully installs the required patches and packages in the security team’s AWS account.The security team uses a federated IAM role in the same AWS account to sign in to the AWS Management Console and attempts to launch the forensic AMI.The EC2 instance launches and immediately terminates.What should the security team do to launch the EC2 instance successfully?Read More →
A company’s security policy requires that VPC Flow Logs are enabled on all VPCs.A Security Engineer is looking to automate the process of auditing the VPC resources for compliance.What combination of actions should the Engineer take? (Choose two.)Read More →
A Security Engineer is implementing a solution to allow users to seamlessly encrypt Amazon S3 objects without having to touch the keys directly.The solution must be highly scalable without requiring continual management.Additionally, the organization must be able to immediately delete the encryption keys.Which solution meets these requirements?Read More →
A Security Engineer must design a system that can detect whether a file on an Amazon EC2 host has been modified.The system must then alert the SecurityEngineer of the modification.What is the MOST efficient way to meet these requirements?Read More →
AWS CloudTrail is being used to monitor API calls in an organization.An audit revealed that CloudTrail is failing to deliver events to Amazon S3 as expected.What initial actions should be taken to allow delivery of CloudTrail events to S3? (Choose two.)Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.