You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users?
Please select:

• A.Generate pre-signed URLs for each user as they request access to protected S3 content
• B.Create an 1AM user for each subscribed user and assign the GetObject permission to each 1AM user
• C.Create an S3 bucket policy that limits access to your private content to only your subscribed users'credentials
• D.Crpafp a Cloud Front Clriein Identity user for vnur suhsrrihprl users and assign the GptOhiprt oprmissinn to this user

Comment: *

Name: *

Email: *

Verification: *

A company plans to move most of its IT infrastructure to AWS. The company wants to leverage its existing on-premises Active Directory as an identity provider for AWS.
Which steps should be taken to authenticate to AWS services using the company's on-premises Active Directory? (Choose three).

• A.Configure IAM as a trusted relying party for Amazon Cloud Directory.
• B.Create a SAML provider with IAM.
• C.Create IAM roles with permissions corresponding to each Active Directory group.
• D.Create IAM groups with permissions corresponding to each Active Directory group.
• E.Create a SAML provider with Amazon Cloud Directory.
• F.Configure AWS as a trusted relying party for the Active Directory

Comment: *

Name: *

Email: *

Verification: *

Your company use AWS KMS for management of its customer keys. From time to time, there is a requirement to delete existing keys as part of housekeeping activities. What can be done during the deletion process to verify that the key is no longer being used.
Please select:

• A.Use CloudTrail to see if any KMS API request has been issued against existing keys
• B.Use Key policies to see the access level for the keys
• C.Rotate the keys once before deletion to see if other services are using the keys
• D.Change the IAM policy for the keys to see if other services are using the keys

Comment: *

Name: *

Email: *

Verification: *

An organization has setup multiple 1AM users. The organization wants that each 1AM user accesses the 1AM console only within the organization and not from outside. How can it achieve this?
Please select:

• A.Create an 1AM policy with the security group and use that security group for AWS console login
• B.Create an 1AM policy with a condition which denies access when the IP address range is not from the organization
• C.Configure the EC2 instance security group which allows traffic only from the organization's IP range
• D.Create an 1AM policy with VPC and allow a secure gateway between the organization and AWS Console

Comment: *

Name: *

Email: *

Verification: *

A company uses a third-party identity provider and SAML-based SSO for its AWS accounts After the third-party identity provider renewed an expired signing certificate users saw the following message when trying to log in:

A security engineer needs to provide a solution that corrects the error and minimizes operational overhead Which solution meets these requirements?

• A.Configure the AWS identity provider entity defined in AWS Identity and Access Management (IAM) to synchronously fetch the new public key by using the AWS Management Console.
• B.Upload the third-party signing certificate's new private key to the AWS identity provider entity defined in AWS identity and Access Management (IAM) by using the AWS Management Console
• C.Download the updated SAML metadata tile from the identity service provider Update the file in the AWS identity provider entity defined in AWS Identity and Access Management (IAM) by using the AWS CLI
• D.Sign the identity provider's metadata file with the new public key Upload the signature to the AWS identity provider entity defined in AWS Identity and Access Management (IAM) by using the AWS CLI.

Comment: *

Name: *

Email: *

Verification: *