A company is planning on using AWS for hosting their applications. They want complete separation and isolation of their production , testing and development environments. Which of the following is an ideal way to design such a setup?
Please select:

• A.Use separate VPCs for each of the environments
• B.Use separate IAM Roles for each of the environments
• C.Use separate IAM Policies for each of the environments
• D.Use separate AWS accounts for each of the environments

Correct Answer: D

A recommendation from the AWS Security Best practices highlights this as well

option A is partially valid, you can segregate resources, but a best practise is to have multiple accounts for this setup.
Options B and C are invalid because from a maintenance perspective this could become very difficult For more information on the Security Best practices, please visit the following URL:
https://dl.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf The correct answer is: Use separate AWS accounts for each of the environments Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

A Security Engineer has created an Amazon CloudWatch event that invokes an AWS Lambda function daily.
The Lambda function runs an Amazon Athena query that checks AWS CloudTrail logs in Amazon S3 to detect whether any IAM user accounts or credentials have been created in the past 30 days. The results of the Athena query are created in the same S3 bucket. The Engineer runs a test execution of the Lambda function via the AWS Console, and the function runs successfully.
After several minutes, the Engineer finds that his Athena query has failed with the error message: "Insufficient Permissions". The IAM permissions of the Security Engineer and the Lambda function are shown below:
Security Engineer

Lambda function execution role

What is causing the error?

• A.The Lambda function does not have permissions to access the CloudTrail S3 bucket.
• B.The Athena service does not support invocation through Lambda.
• C.The Security Engineer does not have permissions to start the Athena query execution.
• D.The Lambda function does not have permissions to start the Athena query execution.

Comment: *

Name: *

Email: *

Verification: *

You have just received an email from AWS Support stating that your AWS account might have been compromised. Which of the following steps would you look to carry out immediately. Choose 3 answers from the options below.
Please select:

• A.Change the root account password.
• B.Rotate all 1AM access keys
• C.Keep all resources running to avoid disruption
• D.Change the password for all 1AM users.

Comment: *

Name: *

Email: *

Verification: *

Your IT Security team has advised to carry out a penetration test on the resources in their company's AWS Account. This is as part of their capability to analyze the security of the Infrastructure. What should be done first in this regard?
Please select:

• A.Turn on Cloud trail and carry out the penetration test
• B.Turn on VPC Flow Logs and carry out the penetration test
• C.Submit a request to AWS Support
• D.Use a custom AWS Marketplace solution for conducting the penetration test

Comment: *

Name: *

Email: *

Verification: *

You are creating a Lambda function which will be triggered by a Cloudwatch Event. The data from these events needs to be stored in a DynamoDB table. How should the Lambda function be given access to the DynamoDB table?
Please select:

• A.Put the AWS Access keys in the Lambda function since the Lambda function by default is secure
• B.Use an IAM role which has permissions to the DynamoDB table and attach it to the Lambda function.
• C.Use the AWS Access keys which has access to DynamoDB and then place it in an S3 bucket.
• D.Create a VPC endpoint for the DynamoDB table. Access the VPC endpoint from the Lambda function.

Comment: *

Name: *

Email: *

Verification: *