Security Specialty (Page 18)

An organization is using Amazon CloudWatch Logs with agents deployed on its Linux Amazon EC2 instances.The agent configuration files have been checked and the application log files to be pushed are configured correctly.A review has identified that logging from specific instances is missing.Which steps should be taken to troubleshoot the issue? (Choose two.)Read More →

A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user’s IAM permissions in the case of a security incident.How can this be accomplished?Read More →

A company wants to deploy an application in a private VPC that will not be connected to the internet.The company’s security team will not allow bastion hosts or methods using SSH to log in to Amazon EC2 instances.The application team plans to use AWS Systems Manager Session Manager to connect to and manage the EC2 instances.Which combination of steps should the security team take? (Choose three.)Read More →

Example.com hosts its internal document repository on Amazon EC2 instances.The application runs on EC2 instances and previously stored the documents on encrypted Amazon EBS volumes.To optimize the application for scale, example.com has moved the files to Amazon S3.The security team has mandated that all the files are securely deleted from the EBS volume, and it must certify that the data is unreadable before releasing the underlying disks.Which of the following methods will ensure that the data is unreadable by anyone else?Read More →

The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data.Pattern:”randomID_datestamp_PII.csv”Example:”1234567_12302017_000-00-0000 csv”The bucket where these objects are being stored is using server-side encryption (SSE).Which solution is the most secure and cost-effective option to protect the sensitive data?Read More →

The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs.After the switch, some users on older devices are no longer able to connect to the website.What is causing this situation?Read More →

An application has a requirement to be resilient across not only Availability Zones within the application’s primary region but also be available within another region altogether.Which of the following supports this requirement for AWS resources that are encrypted by AWS KMS?Read More →

An organization has tens of applications deployed on thousands of Amazon EC2 instances.During testing, the Application team needs information to let them know whether the network access control lists (network ACLs) and security groups are working as expected.How can the Application team’s requirements be met?Read More →

An organization operates a web application that serves users globally.The application runs on Amazon EC2 instances behind an Application Load Balancer.There is an Amazon CloudFront distribution in front of the load balancer, and the organization uses AWS WAF.The application is currently experiencing a volumetric attack whereby the attacker is exploiting a bug in a popular mobile game.The application is being flooded with HTTP requests from all over the world with the User-Agent set to the following string: Mozilla/5.0 (compatible; ExampleCorp;ExampleGame/1.22; Mobile/1.0)What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?Read More →

An organization is moving non-business-critical applications to AWS while maintaining a mission-critical application in an on-premises data center.An on-premises application must share limited confidential information with the applications in AWS.The internet performance is unpredictable.Which configuration will ensure continued connectivity between sites MOST securely?Read More →