What is the result of the following bucket policy?

Choose the correct answer:
Please select:

• A.It will allow all access to the bucket mybucket
• B.It will allow the user mark from AWS account number 111111111 all access to the bucket but deny everyone else all access to the bucket
• C.It will deny all access to the bucket mybucket
• D.None of these

Comment: *

Name: *

Email: *

Verification: *

A company has a web-based application using Amazon CloudFront and running on Amazon Elastic Container Service (Amazon ECS) behind an Application Load Balancer (ALB). The ALB is terminating TLS and balancing load across ECS service tasks A security engineer needs to design a solution to ensure that application content is accessible only through CloudFront and that I is never accessible directly.
How should the security engineer build the MOST secure solution?

• A.Add an origin custom header Set the viewer protocol policy to redirect HTTP to HTTPS. Set the origin protocol policy to HTTPS only Update the application to validate the CloudFront custom header
• B.Add an origin custom header Set the viewer protocol policy to redirect HTTP to HTTPS Set the origin protocol policy to HTTP only Update the application to validate the CloudFront custom header.
• C.Add an origin custom header Set the viewer protocol policy to HTTP and HTTPS Set the origin protocol pokey to HTTPS only Update the application to validate the CloudFront custom header
• D.Add an origin custom header Set the viewer protocol policy to HTTPS only Set the origin protocol policy to match viewer Update the application to validate the CloudFront custom header.

Comment: *

Name: *

Email: *

Verification: *

A company is planning on using AWS for hosting their applications. They want complete separation and isolation of their production , testing and development environments. Which of the following is an ideal way to design such a setup?
Please select:

• A.Use separate VPCs for each of the environments
• B.Use separate 1AM Roles for each of the environments
• C.Use separate 1AM Policies for each of the environments
• D.Use separate AWS accounts for each of the environments

Correct Answer: D

Explanation
A recommendation from the AWS Security Best practices highlights this as well

option A is partially valid, you can segregate resources, but a best practise is to have multiple accounts for this setup.
Options B and C are invalid because from a maintenance perspective this could become very difficult For more information on the Security Best practices, please visit the following URL:
https://dl.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf The correct answer is: Use separate AWS accounts for each of the environments Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

Your company has just started using AWS and created an AWS account. They are aware of the potential issues when root access is enabled. How can they best safeguard the account when it comes to root access? Choose 2 answers fro the options given below Please select:

• A.Delete the root access account
• B.Create an Admin IAM user with the necessary permissions
• C.Change the password for the root account.
• D.Delete the root access keys

Comment: *

Name: *

Email: *

Verification: *

A company hosts a web-based application that captures and stores sensitive data in an Amazon DynamoDB table. A security audit reveals that the application does not provide end-to-end data protection or the ability to detect unauthorized data changes The software engineering team needs to make changes that will address the audit findings.
Which set of steps should the software engineering team take?

• A.Use AWS Certificate Manager (ACM) Private Certificate Authority Encrypt the data in transit.
• B.Use a DynamoDB encryption client. Use client-side encryption and sign the table items
• C.Use the AWS Encryption SDK. Use client-side encryption and sign the table items.
• D.Use an AWS Key Management Service (AWS KMS) CMK. Encrypt the data at rest.

Comment: *

Name: *

Email: *

Verification: *