Instant Access Amazon.AWS-Security-Specialty.v2023-07-18.q577 Actual Practice Test Engine for Free (Page 19)

40%off

AWS-Security-Specialty Premium Dumps

Latest AWS-Security-Specialty Exam Premium Dumps provide by TrainingQuiz.com to help you Passing AWS-Security-Specialty Exam! TrainingQuiz.com offers the updated AWS-Security-Specialty exam dumps, the TrainingQuiz.com AWS-Security-Specialty exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com AWS-Security-Specialty pdf dumps with Exam Engine here:

(592 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 86

Which technique can be used to integrate AWS IAM (Identity and Access Management) with an on-premise LDAP (Lightweight Directory Access Protocol) directory service?
Please select:

A.Use an IAM policy that references the LDAP account identifiers and the AWS credentials.
B.Use SAML (Security Assertion Markup Language) to enable single sign-on between AWS and LDAP.
C.Use AWS Security Token Service from an identity broker to issue short-lived AWS credentials.
D.Use IAM roles to automatically rotate the IAM credentials when LDAP credentials are updated.

Question 87

The Security Engineer is managing a traditional three-tier web application that is running on Amazon EC2 instances. The application has become the target of increasing numbers of malicious attacks from the Internet.
What steps should the Security Engineer take to check for known vulnerabilities and limit the attack surface?
(Choose two.)

A.Use AWS Key Management Services to encrypt all the traffic between the client and application servers.
B.Use AWS Certificate Manager to encrypt all traffic between the client and application servers.
C.Review the application security groups to ensure that only the necessary ports are open.
D.Use Amazon Inspector to periodically scan the backend instances.
E.Use Elastic Load Balancing to offload Secure Sockets Layer encryption.

Question 88

While analyzing a company's security solution, a Security Engineer wants to secure the AWS account root user.
What should the Security Engineer do to provide the highest level of security for the account?

A.Create a new IAM user that has administrator permissions in the AWS account. Delete the password for the AWS account root user.
B.Create a new IAM user that has administrator permissions in the AWS account. Modify the permissions for the existing IAM users.
C.Replace the access key for the AWS account root user. Delete the password for the AWS account root user.
D.Create a new IAM user that has administrator permissions in the AWS account. Enable multi-factor authentication for the AWS account root user.

Question 89

An organization is moving non-business-critical applications to AWS while maintaining a mission-critical application in an on-premises data center. An on-premises application must share limited confidential information with the applications in AWS. The internet performance is unpredictable.
Which configuration will ensure continued connectivity between sites MOST securely?

A.AWS Direct Connect
B.VPN Gateway over AWS Direct Connect
C.AWS Snowball Edge
D.VPN and a cached storage gateway

Question 90

A Security Engineer has launched multiple Amazon EC2 instances from a private AMI using an AWS CloudFormation template. The Engineer notices instances terminating right after they are launched.
What could be causing these terminations?

A.The IAM user launching those instances is missing ec2:RunInstances permissions
B.The AMI used was encrypted and the IAM user does not have the required AWS KMS permissions
C.The instance profile used with the EC2 instances is unable to query instance metadata
D.AWS currently does not have sufficient capacity in the Region