Your company has defined privileged users for their AWS Account. These users are administrators for key resources defined in the company. There is now a mandate to enhance the security authentication for these users. How can this be accomplished?
Please select:

• A.Enable MFA for these user accounts
• B.Enable versioning for these user accounts
• C.Enable accidental deletion for these user accounts
• D.Disable root access for the users

Comment: *

Name: *

Email: *

Verification: *

Your company has a set of EBS volumes defined in AWS. The security mandate is that all EBS volumes are encrypted. What can be done to notify the IT admin staff if there are any unencrypted volumes in the account.
Please select:

• A.Use AWS Inspector to inspect all the EBS volumes
• B.Use AWS Config to check for unencrypted EBS volumes
• C.Use AWS Guard duty to check for the unencrypted EBS volumes
• D.Use AWS Lambda to check for the unencrypted EBS volumes

Correct Answer: B

Explanation
The enc
config rule for AWS Config can be used to check for unencrypted volumes.
encrypted-volurrn
5 volumes that are in an attached state are encrypted. If you specify the ID of a KMS key for encryptio using the kmsld parameter, the rule checks if the EBS volumes in an attached state are encrypted with that KMS key*1.
Options A and C are incorrect since these services cannot be used to check for unencrypted EBS volumes Option D is incorrect because even though this is possible, trying to implement the solution alone with just the Lambda servk would be too difficult For more information on AWS Config and encrypted volumes, please refer to below URL:

https://docs.aws.amazon.com/config/latest/developerguide/encrypted-volumes.html Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

A company has several workloads running on AWS Employees are required to authenticate using on-premises ADFS and SSO to access the AWS Management Console Developers migrated an existing legacy web application to an Amazon EC2 instance Employees need to access this application from anywhere on the internet but currently, mere is no authentication system but into the application.
How should the Security Engineer implement employee-only access to this system without changing the application?

• A.Create an AWS Lambda custom authorizer as the authenticator for a reverse proxy on Amazon EC2 Ensure the security group on Amazon EC2 only allows access from the Lambda function.
• B.Active Directory user names and passwords
• C.Place the application behind an Application Load Balancer (ALB) Use Amazon Cognito as authentication (or the ALB Define a SAML-based Amazon Cognito user pool and connect it to ADFS implement AWS SSO in the master account and link it to ADFS as an identity provide' Define the EC2 instance as a managed resource, then apply an IAM policy on the resource
• D.Define an Amazon Cognito identity pool then install the connector on the Active Directory server Use the Amazon Cognito SDK on the application instance to authenticate the employees using their

Comment: *

Name: *

Email: *

Verification: *

A company hosts data in S3. There is a requirement to control access to the S3 buckets. Which are the 2 ways in which this can be achieved?
Please select:

• A.Use Bucket policies
• B.Use the Secure Token service
• C.Use IAM user policies
• D.Use AWS Access Keys

Comment: *

Name: *

Email: *

Verification: *

A new application will be deployed on EC2 instances in private subnets. The application will transfer sensitive data to and from an S3 bucket. Compliance requirements state that the data must not traverse the public internet. Which solution meets the compliance requirement?
Please select:

• A.Access the S3 bucket through a proxy server
• B.Access the S3 bucket through a NAT gateway.
• C.Access the S3 bucket through a VPC endpoint for S3
• D.Access the S3 bucket through the SSL protected S3 endpoint

Comment: *

Name: *

Email: *

Verification: *