A company is hosting a website that must be accessible to users for HTTPS traffic. Also port 22 should be open for administrative purposes. The administrator's workstation has a static IP address of 203.0.113.1/32. Which of the following security group configurations are the MOST secure but still functional to support these requirements? Choose 2 answers from the options given below Please select:

• A.Port 443 coming from 0.0.0.0/0
• B.Port 443 coming from 10.0.0.0/16
• C.Port 22 coming from 0.0.0.0/0
• D.Port 22 coming from 203.0.113.1/32

Comment: *

Name: *

Email: *

Verification: *

Every application in a company's portfolio has a separate AWS account for development and production. The security team wants to prevent the root user and all 1AM users in the production accounts from accessing a specific set of unneeded services. How can they control this functionality?
Please select:

• A.Create a Service Control Policy that denies access to the services. Assemble all production accounts in an organizational unit. Apply the policy to that organizational unit.
• B.Create a Service Control Policy that denies access to the services. Apply the policy to the root account.
• C.Create an 1AM policy that denies access to the services. Associate the policy with an 1AM group and enlist all users and the root users in this group.
• D.Create an 1AM policy that denies access to the services. Create a Config Rule that checks that all users have the policy m assigned. Trigger a Lambda function that adds the policy when found missing.

Comment: *

Name: *

Email: *

Verification: *

A company has a requirement to create a DynamoDB table. The company's software architect has provided the following CLI command for the DynamoDB table

Which of the following has been taken of from a security perspective from the above command?
Please select:

• A.Since the ID is hashed, it ensures security of the underlying table.
• B.The above command ensures data encryption at rest for the Customer table
• C.The above command ensures data encryption in transit for the Customer table
• D.The right throughput has been specified from a security perspective

Comment: *

Name: *

Email: *

Verification: *

Your developer is using the KMS service and an assigned key in their Java program. They get the below error when running the code arn:aws:iam::113745388712:user/UserB is not authorized to perform: kms:DescribeKey Which of the following could help resolve the issue?
Please select:

• A.Ensure that UserB is given the right IAM role to access the key
• B.Ensure that UserB is given the right permissions in the IAM policy
• C.Ensure that UserB is given the right permissions in the Key policy
• D.Ensure that UserB is given the right permissions in the Bucket policy

Correct Answer: C

Explanation
You need to ensure that UserB is given access via the Key policy for the Key

Option is invalid because you don't assign roles to 1AM users
For more information on Key policies please visit the below Link:
https://docs.aws.amazon.com/kms/latest/developerguide/key-poli
The correct answer is: Ensure that UserB is given the right permissions in the Key policy

Comment: *

Name: *

Email: *

Verification: *

A company uses Microsoft Active Directory for access management for on-premises resources and wants to use the same mechanism for accessing its IAM accounts. Additionally, the development team plans to launch a public-facing application for which they need a separate authentication solution.
When coma nation of the following would satisfy these requirements? (Select TWO)

• A.Use AD Connector tor application authentication.
• B.Establish network connectivity between on-premises and the user's VPC
• C.Use Amazon Cognito user pools for application authentication
• D.Set up domain controllers on Amazon EC2 to extend the on-premises directory to IAM
• E.Set up federated sign-in to IAM through ADFS and SAML.

Comment: *

Name: *

Email: *

Verification: *