A company accidentally deleted the private key for an Amazon Elastic Block Store (Amazon EBS)-backed Amazon EC2 instance.A security engineer needs to regain access to the instance.Which combination of steps will meet this requirement? (Choose two.)Read More →
A company has a website with an Amazon CloudFront HTTPS distribution an Application Load Balancer (ALB) with multiple web instances for dynamic website content, and an Amazon S3 bucket for static website content.The company’s security engineer recently updated the website security requirements:✑ HTTPS needs to be enforced for all data in transit with specific ciphers.✑ The CloudFront distribution needs to be accessible from the internet only.Which solution will meet these requirements?Read More →
While securing the connection between a company’s VPC and its on-premises data center, a Security Engineer sent a ping command from an on-premises host(IP address 203.0.113.12) to an Amazon EC2 instance (IP address 172.31.16.139).The ping command did not return a response.The flow log in the VPC showed the following:2 123456789010 eni-1235b8ca 203.0.113.12 172.31.16.139 0 0 1 4 336 1432917027 1432917142 ACCEPT OK2 123456789010 eni-1235b8ca 172.31.16.139 203.0.113.12 0 0 1 4 336 1432917094 1432917142 REJECT OKWhat action should be performed to allow the ping to work?Read More →
A company’s AWS CloudTrail logs are all centrally stored in an Amazon S3 bucket.The security team controls the company’s AWS account.The security team must prevent unauthorized access and tampering of the CloudTrail logs.Which combination of steps should the security team take? (Choose three.)Read More →
A company uses AWS Signer with all of the company’s AWS Lambda functions.A developer recently stopped working for the company.The company wants to ensure that all the code that the developer wrote can no longer be deployed to the Lambda functions.Which solution will meet this requirement?Read More →
A company uses AWS Key Management Service (AWS KMS).During an attempt to attach an encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon EC2 instance, the attachment fails.The company discovers that a customer managed key has become unusable because the key material for the key was deleted.The company needs the data that is on the EBS volume.A security engineer must recommend a solution to decrypt the EBS volume’s encrypted data key.The solution must also attach the volume to the EC2 instance.Which solution will meet these requirements?Read More →
Users report intermittent availability of a web application hosted on AWS.Monitoring systems report an excess of abnormal network traffic followed by high CPU utilization on the application web tier.Which of the following techniques will improve the availability of the application? (Choose two.)Read More →
A security engineer is setting up a new AWS account.The engineer has been asked to continuously monitor the company’s AWS account using automated compliance checks based on AWS best practices and Center for Internet Security (CIS) AWS Foundations Benchmarks.How can the security engineer accomplish this using AWS services?Read More →
A security team has received an alert from Amazon GuardDuty that AWS CloudTrail logging has been disabled.The security team’s account has AWS Config, Amazon Inspector, Amazon Detective, and AWS Security Hub enabled.The security team wants to identify who disabled CloudTrail and what actions were performed while CloudTrail was disabled.What should the security team do to obtain this information?Read More →
An IAM user receives an Access Denied message when the user attempts to access objects in an Amazon S3 bucket.The user and the S3 bucket are in the same AWS account.The S3 bucket is configured to use server-side encryption with AWS KMS keys (SSE-KMS) to encrypt all of its objects at rest by using a customer managed key from the same AWS account.The S3 bucket has no bucket policy defined.The IAM user has been granted permissions through an IAM policy that allows the kms:Decrypt permission to the customer managed key.The IAM policy also allows the s3:List* and s3:Get* permissions for the S3 bucket and its objects.Which of the following is a possible reason that the IAM user cannot access the objects in the S3 bucket?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.