Instant Access Amazon.AWS-Security-Specialty.v2023-07-18.q577 Actual Practice Test Engine for Free (Page 18)

40%off

AWS-Security-Specialty Premium Dumps

Latest AWS-Security-Specialty Exam Premium Dumps provide by TrainingQuiz.com to help you Passing AWS-Security-Specialty Exam! TrainingQuiz.com offers the updated AWS-Security-Specialty exam dumps, the TrainingQuiz.com AWS-Security-Specialty exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com AWS-Security-Specialty pdf dumps with Exam Engine here:

(592 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 81

Your development team is using access keys to develop an application that has access to S3 and DynamoDB. A new security policy has outlined that the credentials should not be older than 2 months, and should be rotated. How can you achieve this?
Please select:

A.Use the application to rotate the keys in every 2 months via the SDK
B.Use a script to query the creation date of the keys. If older than 2 months, create new access key and update all applications to use it inactivate the old key and delete it.
C.Delete the user associated with the keys after every 2 months. Then recreate the user again.
D.Delete the IAM Role associated with the keys after every 2 months. Then recreate the IAM Role again.

Question 82

A company is using a Redshift cluster to store their data warehouse. There is a requirement from the Internal IT Security team to ensure that data gets encrypted for the Redshift database. How can this be achieved?
Please select:

A.Encrypt the EBS volumes of the underlying EC2 Instances
B.Use AWS KMS Customer Default master key
C.Use SSL/TLS for encrypting the data
D.Use S3 Encryption

Question 83

An application is designed to run on an EC2 Instance. The applications needs to work with an S3 bucket. From a security perspective , what is the ideal way for the EC2 instance/ application to be configured?
Please select:

A.Use the AWS access keys ensuring that they are frequently rotated.
B.Assign an IAM user to the application that has specific access to only that S3 bucket
C.Assign an IAM Role and assign it to the EC2 Instance
D.Assign an IAM group and assign it to the EC2 Instance

Question 84

Which technique can be used to integrate IAM IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
Please select:

A.Use an IAM policy that references the LDAP account identifiers and the IAM credentials.
B.Use SAML (Security Assertion Markup Language) to enable single sign-on between IAM and LDAP.
C.Use IAM Security Token Service from an identity broker to issue short-lived IAM credentials.
D.Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated.

Question 85

A recent security audit identified that a company's application team injects database credentials into the environment variables of an AWS Fargate task. The company's security policy mandates that all sensitive data be encrypted at rest and in transit.
Which combination of actions should the security team take to make the application compliant with the security policy? (Choose three.)

A.Store the credentials securely in a file in an Amazon S3 bucket with restricted access to the application team IAM role. Ask the application team to read the credentials from the S3 object instead.
B.Add the following statement to the container instance IAM role policy:
C.Log in to the AWS Fargate instance, create a script to read the secret value from AWS Secrets Manager, and inject the environment variables. Ask the application team to redeploy the application.
D.Modify the application to pull credentials from the AWS Secrets Manager secret instead of the environment variables.
E.Create an AWS Secrets Manager secret and specify the key/value pairs to be stored in this secret.
F.Add the following statement to the task execution role policy: