An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one particular group of 1AM users should only access the test instances and not the production ones. How can the organization set that as a part of the policy?
Please select:

• A.Launch the test and production instances in separate regions and allow region wise access to the group
• B.Define the 1AM policy which allows access based on the instance ID
• C.Create an 1AM policy with a condition which allows access to only small instances
• D.Define the tags on the test and production servers and add a condition to the 1AM policy which allows access to specification tags

Comment: *

Name: *

Email: *

Verification: *

An organization wants to be alerted when an unauthorized Amazon EC2 instance in its VPC performs a network port scan against other instances in the VPC. When the Security team performs its own internal tests in a separate account by using pre-approved third-party scanners from the AWS Marketplace, the Security team also then receives multiple Amazon GuardDuty events from Amazon CloudWatch alerting on its test activities.
How can the Security team suppress alerts about authorized security tests while still receiving alerts about the unauthorized activity?

• A.Use a filter in AWS CloudTrail to exclude the IP addresses of the Security team's EC2 instances.
• B.Add the Elastic IP addresses of the Security team's EC2 instances to a trusted IP list in Amazon GuardDuty.
• C.Install the Amazon Inspector agent on the EC2 instances that the Security team uses.
• D.Grant the Security team's EC2 instances a role with permissions to call Amazon GuardDuty API operations.

Comment: *

Name: *

Email: *

Verification: *

You have just recently set up a web and database tier in a VPC and hosted the application. When testing the app , you are not able to reach the home page for the app. You have verified the security groups. What can help you diagnose the issue.
Please select:

• A.Use the AWS Trusted Advisor to see what can be done.
• B.Use VPC Flow logs to diagnose the traffic
• C.Use AWS WAF to analyze the traffic
• D.Use AWS Guard Duty to analyze the traffic

Comment: *

Name: *

Email: *

Verification: *

Your company has a set of EBS volumes defined in IAM. The security mandate is that all EBS volumes are encrypted. What can be done to notify the IT admin staff if there are any unencrypted volumes in the account.
Please select:

• A.Use IAM Inspector to inspect all the EBS volumes
• B.Use IAM Config to check for unencrypted EBS volumes
• C.Use IAM Guard duty to check for the unencrypted EBS volumes
• D.Use IAM Lambda to check for the unencrypted EBS volumes

Comment: *

Name: *

Email: *

Verification: *

A recent security audit identified that a company's application team injects database credentials into the environment variables of an AWS Fargate task. The company's security policy mandates that all sensitive data be encrypted at rest and in transit.
When combination of actions should the security team take to make the application compliant within the security policy? (Select THREE)
A) Store the credentials securely in a file in an Amazon S3 bucket with restricted access to the application team IAM role Ask the application team to read the credentials from the S3 object instead
B) Create an AWS Secrets Manager secret and specify the key/value pairs to be stored in this secret
C) Modify the application to pull credentials from the AWS Secrets Manager secret instead of the environment variables.
D) Add the following statement to the container instance IAM role policy

E) Add the following statement to the execution role policy.

F) Log in to the AWS Fargate instance, create a script to read the secret value from AWS Secret Manager, and inject the environment variables. Ask the application team to redeploy the application.

• A.Option C
• B.Option F
• C.Option E
• D.Option D
• E.Option A
• F.Option B

Comment: *

Name: *

Email: *

Verification: *