Instant Access Amazon.AWS-Security-Specialty.v2023-07-18.q577 Actual Practice Test Engine for Free (Page 15)

Question 66

What are the MOST secure ways to protect the AWS account root user of a recently opened AWS account? (Choose two.)

A.Do not create access keys for the AWS account root user; instead, create AWS IAM users
B.Use the AWS account root user access keys instead of the AWS Management Console
C.Enable multi-factor authentication for the AWS IAM users with the AdministratorAccess managed policy attached to them
D.Use AWS KMS to encrypt all AWS account root user and AWS IAM access keys and set automatic rotation to 30 days
E.Enable multi-factor authentication for the AWS account root user

Question 67

Your developer is using the KMS service and an assigned key in their Java program. They get the below error when running the code arn:aws:iam::113745388712:user/UserB is not authorized to perform: kms:DescribeKey Which of the following could help resolve the issue?
Please select:

A.Ensure that UserB is given the right IAM role to access the key
B.Ensure that UserB is given the right permissions in the IAM policy
C.Ensure that UserB is given the right permissions in the Key policy
D.Ensure that UserB is given the right permissions in the Bucket policy

Question 68

An organization operates a web application that serves users globally. The application runs on Amazon EC2 instances behind an Application Load Balancer. There is an Amazon CloudFront distribution in front of the load balancer, and the organization uses AWS WAF. The application is currently experiencing a volumetric attack whereby the attacker is exploiting a bug in a popular mobile game.
The application is being flooded with HTTP requests from all over the world with the User-Agent set to the following string: Mozilla/5.0 (compatible; ExampleCorp; ExampleGame/1.22; Mobile/1.0) What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?

A.Create a rule in AWS WAF rules with conditions that block requests based on the presence of ExampleGame/1.22 in the User-Agent header
B.Create a geographic restriction on the CloudFront distribution to prevent access to the application from most geographic regions
C.Create a rate-based rule in AWS WAF to limit the total number of requests that the web application services.
D.Create an IP-based blacklist in AWS WAF to block the IP addresses that are originating from requests that contain ExampleGame/1.22 in the User-Agent header.

Question 69

You are trying to use the Systems Manager to patch a set of EC2 systems. Some of the systems are not getting covered in the patching process. Which of the following can be used to troubleshoot the issue? Choose 3 answers from the options given below.
Please select:

A.Check to see if the right role has been assigned to the EC2 instances
B.Check to see if the 1AM user has the right permissions for EC2
C.Ensure that agent is running on the instances.
D.Check the Instance status by using the Health API.

Question 70

Which of the following is the responsibility of the customer? Choose 2 answers from the options given below.
Please select:

A.Management of the Edge locations
B.Encryption of data at rest
C.Protection of data in transit
D.Decommissioning of old storage devices

Question 66

Question 67

Question 68

Question 69

Question 70

Download PDF File