Instant Access Amazon.AWS-Security-Specialty.v2023-07-18.q577 Actual Practice Test Engine for Free (Page 16)

40%off

AWS-Security-Specialty Premium Dumps

Latest AWS-Security-Specialty Exam Premium Dumps provide by TrainingQuiz.com to help you Passing AWS-Security-Specialty Exam! TrainingQuiz.com offers the updated AWS-Security-Specialty exam dumps, the TrainingQuiz.com AWS-Security-Specialty exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com AWS-Security-Specialty pdf dumps with Exam Engine here:

(592 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 71

You need to have a requirement to store objects in an S3 bucket with a key that is automatically managed and rotated. Which of the following can be used for this purpose?
Please select:

A.IAM KMS
B.IAM S3 Server side encryption
C.IAM Customer Keys
D.IAM Cloud HSM

Question 72

A company hosts a critical web application on the AWS Cloud. This is a key revenue generating application for the company. The IT Security team is worried about potential DDos attacks against the web site. The senior management has also specified that immediate action needs to be taken in case of a potential DDos attack. What should be done in this regard?
Please select:

A.Consider using the AWS Shield Service
B.Consider using VPC Flow logs to monitor traffic for DDos attack and quickly take actions on a trigger of a potential attack.
C.Consider using the AWS Shield Advanced Service
D.Consider using Cloudwatch logs to monitor traffic for DDos attack and quickly take actions on a trigger of a potential attack.

Question 73

A company has external vendors that must deliver files to the company. These vendors have cross-account that gives them permission to upload objects to one of the company's S3 buckets.
What combination of steps must the vendor follow to successfully deliver a file to the company? Select 2 answers from the options given below Please select:

A.Attach an 1AM role to the bucket that grants the bucket owner full permissions to the object
B.Add a grant to the objects ACL giving full permissions to bucket owner.
C.Encrypt the object with a KMS key controlled by the company.
D.Add a bucket policy to the bucket that grants the bucket owner full permissions to the object
E.Upload the file to the company's S3 bucket

Question 74

A Web Administrator for the website example.com has created an Amazon CloudFront distribution for dev.example.com, with a requirement to configure HTTPS using a custom TLS certificate imported to IAM Certificate Manager.
Which combination of steps is required to ensure availability of the certificate in the CloudFront console?
(Choose two.)

A.Ensure that the certificate, private key, and certificate chain are PKCS #12-encoded.
B.Call UploadServerCertificate with /cloudfront/dev/ in the path parameter.
C.Ensure that the certificate, private key, and certificate chain are PEM-encoded.
D.Import the certificate in the us-east-1 (N. Virginia) Region.
E.Import the certificate with a 4,096-bit RSA public key.

Question 75

A company has deployed a custom DNS server in AWS. The Security Engineer wants to ensure that Amazon EC2 instances cannot use the Amazon-provided DNS.
How can the Security Engineer block access to the Amazon-provided DNS in the VPC?

A.Deny access to the Amazon DNS IP within all security groups.
B.Add a rule to all network access control lists that deny access to the Amazon DNS IP.
C.Add a route to all route tables that black holes traffic to the Amazon DNS IP.
D.Disable DNS resolution within the VPC configuration.