A security engineer recently enabled the me-south-1 Region.The security engineer is now assuming an IAM role and is making an API call to an endpoint in me-south-1.The API call returns the following error: “AuthFailure: AWS was not able to validate the provided access credentials”.Which solutions will resolve this error? (Choose two.)Read More →
A security engineer is evaluating a company’s use of AWS Key Management Service (AWS KMS).The security engineer must implement a hybrid solution with two sets of keys to meet the following requirements:• Set 1: The company needs granular control over the keys so that the company can maintain a copy of the keys in the key management infrastructure and reimport the keys at any time.The company needs the ability to set the expiration period to 3 days for the keys.• Set 2: No restrictions exist regarding immediate key deletion.A waiting period of 14 days is acceptable for keys to be marked deleted.Which solution will meet these requirements?Read More →
A security engineer needs to implement an intrusion detection system (IDS) for a shipping company.The findings from the system must generate alerts that can be sent to an email distribution group that the company’s operations team uses.The security engineer must maximize the coverage that the IDS provides.Which combination of steps should the security engineer take to meet these requirements? (Choose two.)Read More →
A developer has created an AWS Lambda function in a company’s development account.The Lambda function requires the use of an AWS Key Management Service (AWS KMS) customer managed key that exists in a security account that the company’s security team controls.The developer obtains the ARN of the KMS key from a previous Lambda function in the development account.The previous Lambda function had been working properly with the KMS key.When the developer uses the ARN and tests the new Lambda function, an error message states that access is denied to the KMS key in the security account.The developer tests the previous Lambda function that uses the same KMS key and discovers that the previous Lambda function still can encrypt data as expected.A security engineer must resolve the problem so that the new Lambda function in the development account can use the KMS key from the security account.Which combination of steps should the security engineer take to meet these requirements? (Choose two.)Read More →
The Security Engineer is given the following requirements for an application that is running on Amazon EC2 and managed by using AWS CloudFormation templates with EC2 Auto Scaling groups:-Have the EC2 instances bootstrapped to connect to a backend database.-Ensure that the database credentials are handled securely.-Ensure that retrievals of database credentials are logged.Which of the following is the MOST efficient way to meet these requirements?Read More →
A company deploys an application on AWS.The application recently uploaded confidential data to an Amazon S3 bucket outside the company.The company’s security team wants to prevent this scenario from occurring in the future.The company owns 100 different S3 buckets in various AWS accounts and uses AWS Organizations to manage the accounts.The security team must implement a solution that allows individual teams to create new S3 buckets.The solution must allow applications that are deployed on AWS to access only the S3 buckets that are deployed in the company’s organization.Which solution will meet these requirements?Read More →
Due to new compliance requirements, a Security Engineer must enable encryption with customer-provided keys on corporate data that is stored in DynamoDB.The company wants to retain full control of the encryption keys.Which DynamoDB feature should the Engineer use to achieve compliance’?Read More →
A Security Engineer signed in to the AWS Management Console as an IAM user and switched to the security role IAM role.To perform a maintenance operation, the Security Engineer needs to switch to the maintainer role IAM role, which lists the security role as a trusted entity.The Security Engineer attempts to switch to the maintainer role, but it fails.What is the likely cause of the failure?Read More →
A Developer is creating an AWS Lambda function that requires environment variables to store connection information and logging settings.The Developer is required to use an AWS KMS Customer Master Key (CMK) supplied by the Information Security department in order to adhere to company standards for securingLambda environment variables.Which of the following are required for this configuration to work? (Choose two.)Read More →
An organization policy states that all encryption keys must be automatically rotated every 12 months.Which AWS Key Management Service (KMS) key type should be used to meet this requirement?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.