A Security Engineer has been asked to create an automated process to disable IAM user access keys that are more than three months old.Which of the following options should the Security Engineer use?Read More →
A company maintains sensitive data in an Amazon S3 bucket that must be protected using an AWS KMS CMK.The company requires that keys be rotated automatically every year.How should the bucket be configured?Read More →
Two Amazon EC2 instances in different subnets should be able to connect to each other but cannot.It has been confirmed that other hosts in the same subnets are able to communicate successfully, and that security groups have valid ALLOW rules in place to permit this traffic.Which of the following troubleshooting steps should be performed?Read More →
An organization policy states that all encryption keys must be automatically rotated every 12 months.Which AWS Key Management Service (KMS) key type should be used to meet this requirement?Read More →
A Developer is creating an AWS Lambda function that requires environment variables to store connection information and logging settings.The Developer is required to use an AWS KMS Customer Master Key (CMK) supplied by the Information Security department in order to adhere to company standards for securingLambda environment variables.Which of the following are required for this configuration to work? (Choose two.)Read More →
A Security Engineer signed in to the AWS Management Console as an IAM user and switched to the security role IAM role.To perform a maintenance operation, the Security Engineer needs to switch to the maintainer role IAM role, which lists the security role as a trusted entity.The Security Engineer attempts to switch to the maintainer role, but it fails.What is the likely cause of the failure?Read More →
Due to new compliance requirements, a Security Engineer must enable encryption with customer-provided keys on corporate data that is stored in DynamoDB.The company wants to retain full control of the encryption keys.Which DynamoDB feature should the Engineer use to achieve compliance’?Read More →
A company deploys an application on AWS.The application recently uploaded confidential data to an Amazon S3 bucket outside the company.The company’s security team wants to prevent this scenario from occurring in the future.The company owns 100 different S3 buckets in various AWS accounts and uses AWS Organizations to manage the accounts.The security team must implement a solution that allows individual teams to create new S3 buckets.The solution must allow applications that are deployed on AWS to access only the S3 buckets that are deployed in the company’s organization.Which solution will meet these requirements?Read More →
The Security Engineer is given the following requirements for an application that is running on Amazon EC2 and managed by using AWS CloudFormation templates with EC2 Auto Scaling groups:-Have the EC2 instances bootstrapped to connect to a backend database.-Ensure that the database credentials are handled securely.-Ensure that retrievals of database credentials are logged.Which of the following is the MOST efficient way to meet these requirements?Read More →
A developer has created an AWS Lambda function in a company’s development account.The Lambda function requires the use of an AWS Key Management Service (AWS KMS) customer managed key that exists in a security account that the company’s security team controls.The developer obtains the ARN of the KMS key from a previous Lambda function in the development account.The previous Lambda function had been working properly with the KMS key.When the developer uses the ARN and tests the new Lambda function, an error message states that access is denied to the KMS key in the security account.The developer tests the previous Lambda function that uses the same KMS key and discovers that the previous Lambda function still can encrypt data as expected.A security engineer must resolve the problem so that the new Lambda function in the development account can use the KMS key from the security account.Which combination of steps should the security engineer take to meet these requirements? (Choose two.)Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.