A Security Engineer must enforce the use of only Amazon EC2, Amazon S3, Amazon RDS, Amazon DynamoDB, and AWS STS in specific accounts.
What is a scalable and efficient approach to meet this requirement?

• A.Option A
• B.Option B
• C.Option D
• D.Option C

Comment: *

Name: *

Email: *

Verification: *

A company recently experienced a DDoS attack that prevented its web server from serving content. The website is static and hosts only HTML, CSS, and PDF files that users download.
Based on the architecture shown in the image, what is the BEST way to protect the site against future attacks while minimizing the ongoing operational overhead?

• A.Move all the files to an Amazon S3 bucket. Have the web server serve the files from the S3 bucket.
• B.Launch a second Amazon EC2 instance in a new subnet. Launch an Application Load Balancer in front of both instances.
• C.Launch an Application Load Balancer in front of the EC2 instance. Create an Amazon CloudFront distribution in front of the Application Load Balancer.
• D.Move all the files to an Amazon S3 bucket. Create a CloudFront distribution in front of the bucket and terminate the web server.

Comment: *

Name: *

Email: *

Verification: *

Your development team has started using AWS resources for development purposes. The AWS account has just been created. Your IT Security team is worried about possible leakage of AWS keys. What is the first level of measure that should be taken to protect the AWS account.
Please select:

• A.Delete the AWS keys for the root account
• B.Create 1AM Groups
• C.Create 1AM Roles
• D.Restrict access using 1AM policies

Correct Answer: A

Explanation
The first level or measure that should be taken is to delete the keys for the 1AM root user When you log into your account and go to your Security Access dashboard, this is the first step that can be seen

Option B and C are wrong because creation of 1AM groups and roles will not change the impact of leakage of AWS root access keys Option D is wrong because the first key aspect is to protect the access keys for the root account For more information on best practises for Security Access keys, please visit the below URL:
https://docs.aws.amazon.com/eeneral/latest/gr/aws-access-keys-best-practices.html The correct answer is: Delete the AWS keys for the root account Submit your Feedback/Queries to our Experts

Comment: *

Name: *

Email: *

Verification: *

You are building a large-scale confidential documentation web server on AWSand all of the documentation for it will be stored on S3. One of the requirements is that it cannot be publicly accessible from S3 directly, and you will need to use Cloud Front to accomplish this. Which of the methods listed below would satisfy the requirements as outlined? Choose an answer from the options below Please select:

• A.Create an Identity and Access Management (IAM) user for CloudFront and grant access to the objects in your S3 bucket to that IAM User.
• B.Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAl.
• C.Create individual policies for each bucket the documents are stored in and in that policy grant access to only CloudFront.
• D.Create an S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Comment: *

Name: *

Email: *

Verification: *

In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket. There is concern that some users may bypass the CloudFront distribution and access the S3 bucket directly.
What must be done to prevent users from accessing the S3 objects directly by using URLs?

• A.Change the S3 bucket/object permission so that only the bucket owner has access.
• B.Redirect S3 bucket access to the corresponding CloudFront distribution.
• C.Set up a CloudFront origin access identity (OAI), and change the S3 bucket/object permission so that only the OAI has access.
• D.Create IAM roles for CloudFront, and change the S3 bucket/object permission so that only the IAM role has access.

Comment: *

Name: *

Email: *

Verification: *