Security Specialty (Page 29)

A company is observing frequent bursts of unusual traffic to its corporate website.The IP address ranges that inflate the requests keep changing, and the volumes of traffic are increasing.A security engineer needs to implement a solution to protect the website from a potential DDoS attack.The solution must rack the rate of requests from IP addresses.When the requests from a particular IP address exceed a specific rate, the solution must limit the amount of traffic that can reach the website from that IP address.Which solution will meet these requirements?Read More →

A company finds that one of its Amazon EC2 instances suddenly has a high CPU usage.The company does not know whether the EC2 instance is compromised or whether the operating system is performing background cleanup.Which combination of steps should a security engineer take before investigating the issue? (Choose three.)Read More →

An organizational must establish the ability to delete an AWS KMS Customer Master Key (CMK) within a 24-hour timeframe to keep it from being used for encrypt or decrypt operations.Which of the following actions will address this requirement?Read More →

A company uses Microsoft Active Directory for access management for on-premises resources, and wants to use the same mechanism for accessing its AWS accounts.Additionally, the Development team plans to launch a public-facing application for which they need a separate authentication solution.Which combination of the following would satisfy these requirements? (Choose two.)Read More →

A company recently performed an annual security assessment of its AWS environment.The assessment showed the audit logs are not available beyond 90 days and that unauthorized changes to IAM policies are made without detection.How should a Security Engineer resolve these issues?Read More →

A Security Engineer is asked to update an AWS CloudTrail log file prefix for an existing trail.When attempting to save the change in the CloudTrail console, theSecurity Engineer receives the following error message: `There is a problem with the bucket policy.`What will enable the Security Engineer to save the change?Read More →

A company needs a forensic-logging solution for hundreds of applications running in Docker on Amazon EC2.The solution must perform real-time analytics on the logs, must support the replay of messages, and must persist the logs.Which AWS services should be used to meet these requirements? (Choose two.)Read More →

A company’s architecture requires that its three Amazon EC2 instances run behind an Application Load Balancer (ALB).The EC2 instances transmit sensitive data between each other.Developers use SSL certificates to encrypt the traffic between the public users and the ALB.However, the Developers are unsure of how to encrypt the data in transit between the ALB and the EC2 instances and the traffic between the EC2 instances.Which combination of activities must the company implement to meet its encryption requirements? (Choose two.)Read More →

A Security Engineer has launched multiple Amazon EC2 instances from a private AMI using an AWS CloudFormation template.The Engineer notices instances terminating right after they are launched.What could be causing these terminations?Read More →

Authorized Administrators are unable to connect to an Amazon EC2 Linux bastion host using SSH over the Internet.The connection either fails to respond or generates the following error message:Network error: Connection timed out.What could be responsible for the connection failure? (Choose three.)Read More →