An employee accidentally exposed an AWS access key and secret access key during a public presentation. The company Security Engineer immediately disabled the key.
How can the Engineer assess the impact of the key exposure and ensure that the credentials were not misused?
(Choose two.)

• A.Analyze AWS CloudTrail for activity.
• B.Analyze Amazon CloudWatch Logs for activity.
• C.Download and analyze the IAM Use report from AWS Trusted Advisor.
• D.Analyze the resource inventory in AWS Config for IAM user activity.
• E.Download and analyze a credential report from IAM.

Comment: *

Name: *

Email: *

Verification: *

The Security Engineer for a mobile game has to implement a method to authenticate users so that they can save their progress. Because most of the users are part of the same OpenID-Connect compatible social media website, the Security Engineer would like to use that as the identity provider.
Which solution is the SIMPLEST way to allow the authentication of users using their social media identities?

• A.Amazon Cognito
• B.AssumeRoleWithWebIdentity API
• C.Amazon Cloud Directory
• D.Active Directory (AD) Connector

Comment: *

Name: *

Email: *

Verification: *

You want to ensure that you keep a check on the Active EBS Volumes, Active snapshots and Elastic IP addresses you use so that you don't go beyond the service limit. Which of the below services can help in this regard?
Please select:

• A.IAM Cloudwatch
• B.IAM EC2
• C.IAM Trusted Advisor
• D.IAM SNS

Correct Answer: C

Explanation
Below is a snapshot of the service limits that the Trusted Advisor can monitor

Option A is invalid because even though you can monitor resources, it cannot be checked against the service limit.
Option B is invalid because this is the Elastic Compute cloud service Option D is invalid because it can be send notification but not check on service limit For more information on the Trusted Advisor monitoring, please visit the below URL:
https://IAM.amazon.com/premiumsupport/ta-faqs>
The correct answer is: IAM Trusted Advisor
Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

A company's information security team want to do near-real-time anomaly detection on Amazon EC2 performance and usage statistics. Log aggregation is the responsibility of a security engineer. To do the study, the Engineer needs gather logs from all of the company's IAM accounts in a single place.
How should the Security Engineer go about doing this?

• A.Log in to each account four times a day and filter the IAM CloudTrail log data, then copy and paste the logs in to the Amazon S3 bucket in the destination account.
• B.Set up Amazon CloudWatch to stream data to an Amazon S3 bucket in each source account. Set up bucket replication for each source account into a centralized bucket owned by the Security Engineer.
• C.Set up an IAM Config aggregator to collect IAM configuration data from multiple sources.
• D.Set up Amazon CloudWatch cross-account log data sharing with subscriptions in each account. Send the logs to Amazon Kinesis Data Firehose in the Security Engineer's account.

Comment: *

Name: *

Email: *

Verification: *

You are responsible to deploying a critical application onto AWS. Part of the requirements for this application is to ensure that the controls set for this application met PCI compliance. Also there is a need to monitor web application logs to identify any malicious activity. Which of the following services can be used to fulfil this requirement. Choose 2 answers from the options given below Please select:

• A.Amazon Cloudwatch Logs
• B.Amazon VPC Flow Logs
• C.Amazon AWS Config
• D.Amazon Cloudtrail

Comment: *

Name: *

Email: *

Verification: *