You are working in the media industry and you have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to be able to function. Where should you store your API credentials whilst maintaining the maximum level of security?
Please select:

• A.Save the API credentials to your PHP files.
• B.Don't save your API credentials, instead create a role in 1AM and assign this role to an EC2 instance when you first create it.
• C.Save your API credentials in a public Github repository.
• D.Pass API credentials to the instance using instance userdata.

Comment: *

Name: *

Email: *

Verification: *

A company's policy requires that all API keys be encrypted and stored separately from source code in a centralized security account. This security account is managed by the company's security team However, an audit revealed that an API key is steed with the source code of an AWS Lambda function m an AWS CodeCommit repository in the DevOps account How should the security learn securely store the API key?

• A.Store the API key in an Amazon S3 bucket in the security account using server-side encryption with Amazon S3 managed encryption keys (SSE-S3) to encrypt the key Create a resigned URL tor the S3 key. and specify the URL m a Lambda environmental variable in the AWS CloudFormation template Update the Lambda function code to retrieve the key using the URL and call the API
• B.Create a secret in AWS Secrets Manager in the security account to store the API key using AWS Key Management Service (AWS KMS) tor encryption Grant access to the 1AM role used by the Lambda function so that the function can retrieve the key from Secrets Manager and call the API
• C.Create an encrypted environment variable for the Lambda function to store the API key using AWS Key Management Service (AWS KMS) tor encryption Grant access to the 1AM role used by the Lambda function so that the function can decrypt the key at runtime
• D.Create a CodeCommit repository in the security account using AWS Key Management Service (AWS KMS) tor encryption Require the development team to migrate the Lambda source code to this repository

Comment: *

Name: *

Email: *

Verification: *

You have several S3 buckets defined in your AWS account. You need to give access to external AWS accounts to these S3 buckets. Which of the following can allow you to define the permissions for the external accounts? Choose 2 answers from the options given below
Please select:

• A.IAM policies
• B.Buckets ACL's
• C.IAM users
• D.Bucket policies

Correct Answer: B,D

The AWS Security whitepaper gives the type of access control and to what level the control can be given

Options A and C are incorrect since for external access to buckets, you need to use either Bucket policies or Bucket ACL's or more information on Security for storage services role please refer to the below URL:
https://d1.awsstatic.com/whitepapers/Security/Security Storage Services Whitepaper.pdf
The correct answers are: Buckets ACL's, Bucket policies
Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

A company has a requirement to create a DynamoDB table. The company's software architect has provided the following CLI command for the DynamoDB table

Which of the following has been taken of from a security perspective from the above command?
Please select:

• A.Since the ID is hashed, it ensures security of the underlying table.
• B.The above command ensures data encryption at rest for the Customer table
• C.The above command ensures data encryption in transit for the Customer table
• D.The right throughput has been specified from a security perspective

Comment: *

Name: *

Email: *

Verification: *

A company has several critical applications running on a large fleet of Amazon EC2 instances. As part of a security operations review, the company needs to apply a critical operating system patch to EC2 instances within 24 hours of the patch becoming available from the operating system vendor. The company does not have a patching solution deployed on AWS, but does have AWS Systems Manager configured. The solution must also minimize administrative overhead.
What should a security engineer recommend to meet these requirements?

• A.Use the AWS Systems Manager Run Command to patch affected instances.
• B.Create an AWS Config rule defining the patch as a required configuration for EC2 instances.
• C.Use AWS Systems Manager Session Manager to log in to each affected instance and apply the patch.
• D.Use an AWS Systems Manager Patch Manager predefined baseline to patch affected instances.

Comment: *

Name: *

Email: *

Verification: *