A recent security audit found that AWS CloudTrail logs are insufficiently protected from tampering and unauthorized access.Which actions must the Security Engineer take to access these audit findings? (Choose three.)Read More →
A global company must mitigate and respond to DDoS attacks at Layers 3, 4 and 7.All of the company’s AWS applications are serverless with static content hosted on Amazon S3 using Amazon CloudFront and Amazon Route 53.Which solution will meet these requirements?Read More →
A company has deployed servers on Amazon EC2 instances in a VPC.External vendors access these servers over the internet.Recently, the company deployed a new application on EC2 instances in a new CIDR range.The company needs to make the application available to the vendors.A security engineer verified that the associated security groups and network ACLs are allowing the required ports in the inbound diction.However, the vendors cannot connect to the application.Which solution will provide the vendors access to the application?Read More →
A Software Engineer is trying to figure out why network connectivity to an Amazon EC2 instance does not appear to be working correctly.Its security group allows inbound HTTP traffic from 0.0.0.0/0, and the outbound rules have not been modified from the default.A custom network ACL associated with its subnet allows inbound HTTP traffic from 0.0.0.0/0 and has no outbound rules.What would resolve the connectivity issue?Read More →
The Security Engineer for a mobile game has to implement a method to authenticate users so that they can save their progress.Because most of the users are part of the same OpenID-Connect compatible social media website, the Security Engineer would like to use that as the identity provider.Which solution is the SIMPLEST way to allow the authentication of users using their social media identities?Read More →
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards.Which of the following actions should the Engineer perform to get further guidance?Read More →
A company recently began using Amazon Route 53 as its DNS provider.The company must log public DNS queries that Route 53 receives.The company has activated Route 53 public DNS query logging.The queries must be stored in a highly durable storage solution that deletes logs that are older than 1 year.Which solution will meet these requirements MOST cost-effectively?Read More →
A company is migrating its Amazon EC2 based applications to use Instance Metadata Service Version 2 (IMDSv2).A security engineer needs to determine whether any of the EC2 instances are still using Instance Metadata Service Version 1 (IMDSv1).What should the security engineer do to confirm that the IMDSv1 endpoint is no longer being used?Read More →
A company is using an AWS owned CMK in its application to encrypt files in an AWS account.The company’s security team wants to have the ability to change to new key material for new files whenever there is a potential key breach.A security engineer must implement a solution that gives the security team the ability to change the key whenever the team wants to do so.Which solution will meet these requirements?Read More →
A company has several workloads running on AWS.Employees are required to authenticate using on-premises ADFS and SSO to access the AWS ManagementConsole.Developers migrated an existing legacy web application to an Amazon EC2 instance.Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.How should the Security Engineer implement employee-only access to this system without changing the application?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.