A company has an encrypted Amazon S3 bucket.An Application Developer has an IAM policy that allows access to the S3 bucket, but the Application Developer is unable to access objects within the bucket.What is a possible cause of the issue?Read More →
A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to AWS Certificate Manager.Which combination of steps is required to ensure availability of the certificate in the CloudFront console? (Choose two.)Read More →
A company is hosting a set of application, database, and web server instances in the AWS Cloud.Each set of instances has separate security groups.The company has properly defined the network ACLs.The company discovers an issue with the communication between the application and database instances.Which set of steps should a security engineer take to troubleshoot the issue?Read More →
A company has several workloads running on AWS.Employees are required to authenticate using on-premises ADFS and SSO to access the AWS ManagementConsole.Developers migrated an existing legacy web application to an Amazon EC2 instance.Employees need to access this application from anywhere on the internet, but currently, there is no authentication system built into the application.How should the Security Engineer implement employee-only access to this system without changing the application?Read More →
A company is using an AWS owned CMK in its application to encrypt files in an AWS account.The company’s security team wants to have the ability to change to new key material for new files whenever there is a potential key breach.A security engineer must implement a solution that gives the security team the ability to change the key whenever the team wants to do so.Which solution will meet these requirements?Read More →
A company is migrating its Amazon EC2 based applications to use Instance Metadata Service Version 2 (IMDSv2).A security engineer needs to determine whether any of the EC2 instances are still using Instance Metadata Service Version 1 (IMDSv1).What should the security engineer do to confirm that the IMDSv1 endpoint is no longer being used?Read More →
A company recently began using Amazon Route 53 as its DNS provider.The company must log public DNS queries that Route 53 receives.The company has activated Route 53 public DNS query logging.The queries must be stored in a highly durable storage solution that deletes logs that are older than 1 year.Which solution will meet these requirements MOST cost-effectively?Read More →
A Security Engineer is trying to determine whether the encryption keys used in an AWS service are in compliance with certain regulatory standards.Which of the following actions should the Engineer perform to get further guidance?Read More →
The Security Engineer for a mobile game has to implement a method to authenticate users so that they can save their progress.Because most of the users are part of the same OpenID-Connect compatible social media website, the Security Engineer would like to use that as the identity provider.Which solution is the SIMPLEST way to allow the authentication of users using their social media identities?Read More →
A Software Engineer is trying to figure out why network connectivity to an Amazon EC2 instance does not appear to be working correctly.Its security group allows inbound HTTP traffic from 0.0.0.0/0, and the outbound rules have not been modified from the default.A custom network ACL associated with its subnet allows inbound HTTP traffic from 0.0.0.0/0 and has no outbound rules.What would resolve the connectivity issue?Read More →
© 2025. Tip2Cloud doesn't offer any real exam questions. All questions & answers were supported by AI.