Your organization is preparing for a security assessment of your use of AWS. In preparation for this assessment, which three IAM best practices should you consider implementing?
Please select:

• A.Create individual IAM users
• B.Configure MFA on the root account and for privileged IAM users
• C.Assign IAM users and groups configured with policies granting least privilege access
• D.Ensure all users have been assigned and dre frequently rotating a password, access ID/secret key, and X.509 certificate

Correct Answer: A,B,C

When you go to the security dashboard, the security status will show the best practices for initiating the first level of security.

Option D is invalid because as per the dashboard, this is not part of the security recommendation For more information on best security practices please visit the URL:
https://aws.amazon.com/whitepapers/aws-security-best-practices;
The correct answers are: Create individual IAM users, Configure MFA on the root account and for privileged IAM users. Assign IAM users and groups configured with policies granting least privilege access Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

A company is developing a new mobile app for social media sharing. The company's development team has decided to use Amazon S3 to store at media files generated by mobile app users The company wants to allow users to control whether their own tiles are public, private, of shared with other users in their social network what should the development team do to implement the type of access control with the LEAST administrative effort?

• A.Use IAM groups tor sharing files between application social network users
• B.Store each user's files in a separate S3 bucket and apery a bucket policy based on the user's sharing settings
• C.Generate presigned UPLs for each file access
• D.Use individual ACLs on each S3 object.

Comment: *

Name: *

Email: *

Verification: *

One of your company's EC2 Instances have been compromised. The company has strict po thorough investigation on finding the culprit for the security breach. What would you do in from the options given below.
Please select:

• A.Take a snapshot of the EBS volume
• B.Isolate the machine from the network
• C.Make sure that logs are stored securely for auditing and troubleshooting purpose
• D.Ensure all passwords for all 1AM users are changed
• E.Ensure that all access kevs are rotated.

Comment: *

Name: *

Email: *

Verification: *

You have a set of 100 EC2 Instances in an AWS account. You need to ensure that all of these instances are patched and kept to date. All of the instances are in a private subnet. How can you achieve this. Choose 2 answers from the options given below Please select:

• A.Ensure a NAT gateway is present to download the updates
• B.Use the Systems Manager to patch the instances
• C.Ensure an internet gateway is present to download the updates
• D.Use the AWS inspector to patch the updates

Correct Answer: A,B

Explanation
Option C is invalid because the instances need to remain in the private:
Option D is invalid because AWS inspector can only detect the patches
One of the AWS Blogs mentions how patching of Linux servers can be accomplished. Below is the diagram representation of the architecture setup

For more information on patching Linux workloads in AWS, please refer to the Lin.
https://aws.amazon.com/blogs/security/how-to-patch-linux-workloads-on-awsj The correct answers are: Ensure a NAT gateway is present to download the updates. Use the Systems Manager to patch the instances Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

A company's Security Officer is concerned about the risk of AWS account root user logins and has assigned a Security Engineer to implement a notification solution for near-real-time alerts upon account root user logins.
How should the Security Engineer meet these requirements?

• A.Save VPC Plow Logs to an Amazon S3 bucket in the Security team's account and process the VPC Flow Logs with their logging solutions for account root user logins Send an Amazon SNS notification to the Security team upon encountering the account root user login events
• B.Create a cron job that runs a script lo download the AWS 1AM security credentials We. parse the file for account root user logins and email the Security team's distribution
  1st
• C.Save AWS CloudTrail logs to an Amazon S3 bucket in the Security team's account Process the CloudTrail logs with the Security Engineer's logging solution for account root user logins Send an Amazon SNS notification to the Security team upon encountering the account root user login events
• D.Run AWS CloudTrail logs through Amazon CloudWatch Events to detect account roo4 user logins and trigger an AWS Lambda function to send an Amazon SNS notification to the Security team's distribution list.

Comment: *

Name: *

Email: *

Verification: *