Skip to content
Tip 2 Cloud

Learn & move to cloud

Security Specialty (Page 23)

Which solution will meet these requirements?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

A company has an application on Amazon EC2 instances that store confidential customer data.The company must restrict access to customer data.A security engineer requires secure access to the instances that host the application.According to company policy, users must not open any inbound ports, maintain bastion hosts, or manage SSH keys for the EC2 instances.The security engineer wants to monitor, store, and access all session activity logs.The logs must be encrypted.Which solution will meet these requirements?Read More →

How can the security engineers meet these requirements?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

A company plans to create individual child accounts within an existing organization in AWS Organizations for each of its DevOps teams.AWS CloudTrail has been enabled and configured on all accounts to write audit logs to an Amazon S3 bucket in a centralized AWS account.A security engineer needs to ensure thatDevOps team members are unable to modify or disable this configuration.How can the security engineers meet these requirements?Read More →

Which combination of AWS services and features will provide protection in this scenario?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

A company is undergoing a layer 3 and layer 4 DDoS attack on its web servers running on AWS.Which combination of AWS services and features will provide protection in this scenario? (Choose three.)Read More →

Which configuration will ensure continued connectivity between sites MOST securely?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

An organization is moving non-business-critical applications to AWS while maintaining a mission-critical application in an on-premises data center.An on-premises application must share limited confidential information with the applications in AWS.The internet performance is unpredictable.Which configuration will ensure continued connectivity between sites MOST securely?Read More →

0)What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

An organization operates a web application that serves users globally.The application runs on Amazon EC2 instances behind an Application Load Balancer.There is an Amazon CloudFront distribution in front of the load balancer, and the organization uses AWS WAF.The application is currently experiencing a volumetric attack whereby the attacker is exploiting a bug in a popular mobile game.The application is being flooded with HTTP requests from all over the world with the User-Agent set to the following string: Mozilla/5.0 (compatible; ExampleCorp;ExampleGame/1.22; Mobile/1.0)What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?Read More →

How can the Application team’s requirements be met?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

An organization has tens of applications deployed on thousands of Amazon EC2 instances.During testing, the Application team needs information to let them know whether the network access control lists (network ACLs) and security groups are working as expected.How can the Application team’s requirements be met?Read More →

Which of the following supports this requirement for AWS resources that are encrypted by AWS KMS?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

An application has a requirement to be resilient across not only Availability Zones within the application’s primary region but also be available within another region altogether.Which of the following supports this requirement for AWS resources that are encrypted by AWS KMS?Read More →

What is causing this situation?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

The Information Technology department has stopped using Classic Load Balancers and switched to Application Load Balancers to save costs.After the switch, some users on older devices are no longer able to connect to the website.What is causing this situation?Read More →

Which solution is the most secure and cost-effective option to protect the sensitive data?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

The Security Engineer has discovered that a new application that deals with highly sensitive data is storing Amazon S3 objects with the following key pattern, which itself contains highly sensitive data.Pattern:”randomID_datestamp_PII.csv”Example:”1234567_12302017_000-00-0000 csv”The bucket where these objects are being stored is using server-side encryption (SSE).Which solution is the most secure and cost-effective option to protect the sensitive data?Read More →

Which of the following methods will ensure that the data is unreadable by anyone else?

2025-01-09
By: study aws cloud
On: January 9, 2025
In: SCS-C01
With: 0 Comments

Example.com hosts its internal document repository on Amazon EC2 instances.The application runs on EC2 instances and previously stored the documents on encrypted Amazon EBS volumes.To optimize the application for scale, example.com has moved the files to Amazon S3.The security team has mandated that all the files are securely deleted from the EBS volume, and it must certify that the data is unreadable before releasing the underlying disks.Which of the following methods will ensure that the data is unreadable by anyone else?Read More →

Posts pagination

Previous 1 … 22 23 24 … 41 Next

Recent Posts

  • Which of the below mentioned statements helps the user disable connection draining on the ELB?
  • What change should the SysOps Administrator make to the company’s existing AWS setup to achieve this result?
  • How can the user configure this?
  • How can the user achieve DR?
  • What two actions could you take to rectify this?

Categories

  • CLF-C01
  • CLF-C02
  • DBS-C01
  • DOP-C01
  • DOP-C02
  • DVA-C01
  • DVA-C02
  • MLS-C01
  • SAA-C02
  • SAA-C03
  • SAP-C01
  • SAP-C02
  • SCS-C01
  • SOA-C01
  • SOA-C02

© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.