Instant Access Amazon.AWS-Security-Specialty.v2022-01-27.q425 Actual Practice Test Engine for Free (Page 3)

40%off

AWS-Security-Specialty Premium Dumps

Latest AWS-Security-Specialty Exam Premium Dumps provide by TrainingQuiz.com to help you Passing AWS-Security-Specialty Exam! TrainingQuiz.com offers the updated AWS-Security-Specialty exam dumps, the TrainingQuiz.com AWS-Security-Specialty exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com AWS-Security-Specialty pdf dumps with Exam Engine here:

(592 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 6

A company requires that data stored in AWS be encrypted at rest. Which of the following approaches achieve this requirement? Select 2 answers from the options given below.
Please select:

A.When storing data in Amazon EBS, use only EBS-optimized Amazon EC2 instances.
B.When storing data in EBS, encrypt the volume by using AWS KMS.
C.When storing data in Amazon S3, use object versioning and MFA Delete.
D.When storing data in Amazon EC2 Instance Store, encrypt the volume by using KMS.
E.When storing data in S3, enable server-side encryption.

Question 7

A company's security engineer is configuring Amazon S3 permissions to ban all current and future public buckets However, the company hosts several websites directly off S3 buckets with public access enabled The engineer needs to bock me pubic S3 buckets without causing any outages on me easting websites The engineer has set up an Amazon CloudFrom distribution (or each website Which set or steps should the security engineer implement next?

A.Configure an S3 bucket as the origin for me CloudFront distribution Configure the S3 bucket policy to accept connections from the CloudFront points of presence only Switch the DNS records for the websites to point to the CloudFront distribution Enable block public access settings at me account level
B.Configure an S3 bucket as the origin an origin access identity (OAI) for the CloudFront distribution Switch the DNS records from websites to point to the CloudFront distribution Enable Nock public access settings at the account level
C.Configure an S3 bucket as the origin with an origin access identity (OAI) for the CloudFront distribution Switch the ONS records tor the websites to point to the CloudFront disinfection Then, tor each S3 bucket enable block public access settings
D.Configure an S3 bucket as the origin with an origin access identity (OAI) for the CloudFront distribution Enable block public access settings at the account level

Question 8

Your company has been using AWS for hosting EC2 Instances for their web and database applications. They want to have a compliance check to see the following Whether any ports are left open other than admin ones like SSH and RDP Whether any ports to the database server other than ones from the web server security group are open Which of the following can help achieve this in the easiest way possible. You don't want to carry out an extra configuration changes?
Please select:

A.AWS Config
B.AWS Trusted Advisor
C.AWS Inspector D.AWSGuardDuty

Question 9

An external auditor finds that a company's user passwords have no minimum length. The company is currently using two identity providers:
* AWS IAM federated with on-premises Active Directory
* Amazon Cognito user pools to accessing an AWS Cloud application developed by the company Which combination of actions should the security engineer take to solve this issue? (Choose two.)

A.Update the password length policy in the on-premises Active Directory configuration.
B.Update the password length policy in the IAM configuration.
C.Enforce an IAM policy in Amazon Cognito and AWS IAM with a minimum password length condition.
D.Create an SCP with AWS Organizations that enforces a minimum password length for AWS IAM and Amazon Cognito.
E.Update the password length policy in the Amazon Cognito configuration.

Question 10

An organization has a system in AWS that allows a large number of remote workers to submit data files. File sizes vary from a few kilobytes to several megabytes. A recent audit highlighted a concern that data files are not encrypted while in transit over untrusted networks.
Which solution would remediate the audit finding while minimizing the effort required?

A.Use AWS Certificate Manager to provision a certificate on an Elastic Load Balancing in front of the web service's servers.
B.Create a new VPC with an Amazon VPC VPN endpoint, and update the web service's DNS record.
C.Upload an SSL certificate to IAM, and configure Amazon CloudFront with the passphrase for the private key.
D.Call KMS.Encrypt() in the client, passing in the data file contents, and call KMS.Decrypt() server-side.