An organization operates a web application that serves users globally. The application runs on Amazon EC2 instances behind an Application Load Balancer. There is an Amazon CloudFront distribution in front of the load balancer, and the organization uses AWS WAF. The application is currently experiencing a volumetric attack whereby the attacker is exploiting a bug in a popular mobile game.
The application is being flooded with HTTP requests from all over the world with the User-Agent set to the following string: Mozilla/5.0 (compatible; ExampleCorp; ExampleGame/1.22; Mobile/1.0) What mitigation can be applied to block attacks resulting from this bug while continuing to service legitimate requests?

• A.Create a geographic restriction on the CloudFront distribution to prevent access to the application from most geographic regions
• B.Create a rate-based rule in AWS WAF to limit the total number of requests that the web application services.
• C.Create an IP-based blacklist in AWS WAF to block the IP addresses that are originating from requests that contain ExampleGame/1.22 in the User-Agent header.
• D.Create a rule in AWS WAF rules with conditions that block requests based on the presence of ExampleGame/1.22 in the User-Agent header

Comment: *

Name: *

Email: *

Verification: *

You are responsible to deploying a critical application onto AWS. Part of the requirements for this application is to ensure that the controls set for this application met PCI compliance. Also there is a need to monitor web application logs to identify any malicious activity. Which of the following services can be used to fulfil this requirement. Choose 2 answers from the options given below
Please select:

• A.Amazon Cloudwatch Logs
• B.Amazon VPC Flow Logs
• C.Amazon AWS Config
• D.Amazon Cloudtrail

Comment: *

Name: *

Email: *

Verification: *

A company has an existing AWS account and a set of critical resources hosted in that account. The employee who was in-charge of the root account has left the company. What must be now done to secure the account. Choose 3 answers from the options given below.
Please select:

• A.Change the access keys for all IAM users.
• B.Delete all custom created IAM policies
• C.Delete the access keys for the root account
• D.Confirm MFAtoa secure device
• E.Change the password for the root account
• F.Change the password for all IAM users

Comment: *

Name: *

Email: *

Verification: *

You have an instance setup in a test environment in AWS. You installed the required application and the promoted the server to a production environment. Your IT Security team has advised that there maybe traffic flowing in from an unknown IP address to port 22. How can this be mitigated immediately?
Please select:

• A.Shutdown the instance
• B.Remove the rule for incoming traffic on port 22 for the Security Group
• C.Change the AMI for the instance
• D.Change the Instance type for the instance

Comment: *

Name: *

Email: *

Verification: *

An IAM user with fill EC2 permissions could bot start an Amazon EC2 instance after it was stopped for a maintenance task. Upon starting the instance, the instance state would change to "Pending", but after a few seconds, it would switch back to "Stopped".
An inspection revealed that the instance has attached Amazon EBS volumes that were encrypted by using a Customer Master Key (CMK). When these encrypted volumes were detached, the IAM user was able to start the EC2 instances.
The IAM user policy is as follows:

What additional items need to be added to the IAM user policy? (Choose two.)

• A.kms:GenerateDataKey
• B.kms:Decrypt
• C.kms:CreateGrant
• D."Condition": {"Bool": {"kms:ViaService": "ec2.us-west-2.amazonaws.com"}}
• E."Condition": {"Bool": {"kms:GrantIsForAWSResource": true}}

Comment: *

Name: *

Email: *

Verification: *