How can you make your data encrypted in transit for connection with RDS instance?
Correct
Incorrect
Question 2 of 50
2. Question
1 point(s)
An organization uses EBS volumes in AWS, and for security purpose, they want all volumes to be encrypted and they want to get notified about any unencrypted volume in the How can this be done?
Correct
Incorrect
Question 3 of 50
3. Question
1 point(s)
You have a setup in which you use logging enabled S3 buckets. If changes to the S3 bucket are made, a config rule will be checked. If logging is deactivated, a function of Lambda is invoked. The Lambda function again allows the S3 bucket to log in. The whole flow is now a problem. You have checked the invoking of the Lambda function. However, the Lambda function does not re-open when logging for the bucket is disabled. Which one of the following might be a problem?
Correct
Incorrect
Question 4 of 50
4. Question
1 point(s)
An organization uses EC2 instances, and they have compromised instances. They have strict policies and want to find out the culprit of the security How would they do this? (choose any 3)
Correct
Incorrect
Question 5 of 50
5. Question
1 point(s)
How does the data forwarded to S3 can be encrypted at rest?
Correct
Incorrect
Question 6 of 50
6. Question
1 point(s)
An enterprise has its AWS account in which it hosts the resources. All API activities in all regions must be monitored. The audit must also be carried out in future regions. To meet this requirement, which of the following could be used?
Correct
Incorrect
Question 7 of 50
7. Question
1 point(s)
A company is planning to use AWS for hosting the resources. They have multiple independent departments that also want to use AWS. Which of the following methods could be used to manage the accounts?
Correct
Incorrect
Question 8 of 50
8. Question
1 point(s)
From the following options, which is best to view event logs of all API on AWS which is read-only access to the auditor?
Correct
Incorrect
Question 9 of 50
9. Question
1 point(s)
An organization has an application in which it has multiple types of users like some have read-only access, or others have contributor access. The application is using AWS Cognito for authenticating. How would they manage the users?
Correct
Incorrect
Question 10 of 50
10. Question
1 point(s)
An enterprise uses Linux EC2 instance in AWS, and they want secure authentication to the instance from Windows. How can this requirement be met?
Correct
Incorrect
Question 11 of 50
11. Question
1 point(s)
An organization is using AWS resource for its infrastructure, and now they are searching for the security aspect of their CI / CD pipeline. They want to ensure that there should not be any high-security vulnerabilities in the EC2 instances. They also want to make sure that the DevSecOps process is complete. How can they meet this requirement?
Correct
Incorrect
Question 12 of 50
12. Question
1 point(s)
How will you make sure that your S3 bucket on AWS is only accessible via VPC endpoint?
Correct
Incorrect
Question 13 of 50
13. Question
1 point(s)
An enterprise uses AWS to host its infrastructure on AWS EC2 instances. The EC2 instances are subjected to strict security regulations. You need a quick investigation of the underlying EC2 instance during a possible security violation. Which service can help you provide a test environment for the violated case quickly?
Correct
Incorrect
Question 14 of 50
14. Question
1 point(s)
You have a huge number of keys specified in AWS KMS. You have an application which uses the keys very frequently. How can the cost of access keys in AWS KMS service be reduced?
Correct
Incorrect
Question 15 of 50
15. Question
1 point(s)
An organization has one compromised EC2 instance. Which of the following steps are needed for applying digital forensics on the instance? (choose any 2)
Correct
Incorrect
Question 16 of 50
16. Question
1 point(s)
There is a set of AWS-hosted applications, database, and web servers. Behind an ELB, the web servers are located. The application, database and web servers have separate security groups. The security groups of the network were defined with some configuration. Contact between the application and database servers is problematic. What ideal set of MINIMAL steps would you take to resolve the problems between only the application and the database server?
Correct
Incorrect
Question 17 of 50
17. Question
1 point(s)
Your development team needs to use AWS Lambda service for running multiple scripts, and now they need to understand the errors encountered during the running of the script. How can they do this?
Correct
Incorrect
Question 18 of 50
18. Question
1 point(s)
In AWS Public Cloud the client has an RHEL Linux instance. The VPC and subnet used to host the instance that were created with the Network Access Control Lists default settings. You must provide secure access to the underlying instance for the IT Administrator. How can this be done?
Correct
Incorrect
Question 19 of 50
19. Question
1 point(s)
An organization uses the AWS cloud for creating a private connection from on-premises IT infrastructure to AWS. Now, they want a solution of getting core benefits of traffic encryption, while ensuring that the latency is kept to minimum. How would they achieve their requirement? (choose any 2)
Correct
Incorrect
Question 20 of 50
20. Question
1 point(s)
From the following options, which is best to generate encryption keys based on FIPS 140-2 level 3? (choose any 2)
Correct
Incorrect
Question 21 of 50
21. Question
1 point(s)
A huge multinational enterprise has thousands of EC2 instances on AWS, and now they want to make sure that all servers are not occupying any critical security flaws. How can this requirement be fulfilled? (choose any 2)
Correct
Incorrect
Question 22 of 50
22. Question
1 point(s)
In Amazon Linux AMI instances, a company is trying to use AWS Systems Manager. The command run does not work on a number of instances. How would they diagnose the problem? (choose any 2)
Correct
Incorrect
Question 23 of 50
23. Question
1 point(s)
A company has an EC2 instance with EBS volume, and encryption of this is done via KMS. Now, some hacker deletes the customer key that is used for encryption. Then how can they decrypt the data?
Correct
Incorrect
Question 24 of 50
24. Question
1 point(s)
You must use the keys available in the CloudFront to serve private content. How is this possible?
Correct
Incorrect
Question 25 of 50
25. Question
1 point(s)
For a number of EC2 instances, you must perform penetration tests on the AWS Cloud. How can you do this? (choose any 2)
Correct
Incorrect
Question 26 of 50
26. Question
1 point(s)
The AWS KMS service provides you with a set of customer keys. These keys were used for approximately six months. Now, you are attempting to use new KMS functions for the existing key set, but you are unable to do so. What could be the issue behind this?
Correct
Incorrect
Question 27 of 50
27. Question
1 point(s)
If you want to use your own DNS managed instance rather than using AWS DNS service for routing DNS request from the instance in VPC then how would you do this?
Correct
Incorrect
Question 28 of 50
28. Question
1 point(s)
How do you make sure to inspect the running process on EC2 instance without interrupting its continuous running for security issues?
Correct
Incorrect
Question 29 of 50
29. Question
1 point(s)
A company hired you and assigned you a task to make sure that AWS and its on-site Active Directory are federated authentication mechanisms. What are the important steps that must be taken in this process? (choose any 2)
Correct
Incorrect
Question 30 of 50
30. Question
1 point(s)
If you want to get the point in time API activity of any suspicious API activity that occurred 15 days ago. How would you get that?
Correct
Incorrect
Question 31 of 50
31. Question
1 point(s)
A set of EC2 instances is currently held by your company in the VPC. The IT Security department suspects that the instances will be attacked by DDos. What can you do to minify the chances of attack on the IP addresses that receive a large number of applications?
Correct
Incorrect
Question 32 of 50
32. Question
1 point(s)
An incident reaction plan was drafted a few months ago by an IT team of the enterprise. The response plan is regularly implemented. Since its inception, no changes has been made to the response plan. Which of the following is the correct plan statement?
Correct
Incorrect
Question 33 of 50
33. Question
1 point(s)
There is an S3 bucket currently hosted in an AWS account. It contains information that a partner account needs to access. What is the safest way to access S3 buckets in your account with your partner account? (choose any 3)
Correct
Incorrect
Question 34 of 50
34. Question
1 point(s)
An organization uses AWS to host its web application for which they create EC2 instance in public subnet. Now, they need to connect an EC2 instance which will host Oracle DB. How would they do all this in a secure way? (choose an 2)
Correct
Incorrect
Question 35 of 50
35. Question
1 point(s)
A company uses S3 bucket to store log files. These log files are used for analysis after that, they purge these files. How would they do this configuration in S3 bucket?
Correct
Incorrect
Question 36 of 50
36. Question
1 point(s)
A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has been established. But the domain join is not working. What is the other step that needs to be followed in order to ensure that the AD domain join can work as intended?
Correct
Incorrect
Question 37 of 50
37. Question
1 point(s)
How do you ensure that the object in the primary region is available in the secondary region on the failure of the primary region? (choose any 2)
Correct
Incorrect
Question 38 of 50
38. Question
1 point(s)
You try to patch a set of EC2 systems with the Systems Manager. Some of the systems are not covered by the patch. Which of these can be used to resolve the problem? (choose any 3)
Correct
Incorrect
Question 39 of 50
39. Question
1 point(s)
How can I integrate the AWS IAM with a local LDAP (Lightweight Directory Access Protocol) directory service? What technique can be used?
Correct
Incorrect
Question 40 of 50
40. Question
1 point(s)
How do you make CloudTrail logs encrypted when they are being delivered in AWS account?
Correct
Incorrect
Question 41 of 50
41. Question
1 point(s)
A company has an application which currently uses customer keys which are generated via AWS KMS in the US East Now, they want to use the same set of keys from the EU-Central region. How can this be accomplished?
Correct
Incorrect
Question 42 of 50
42. Question
1 point(s)
A set of keys was developed for your company with AWS KMS. You must ensure that only certain services are used for each key. For instance, they want to use only one key for the S3 service. How can you do that?
Correct
Incorrect
Question 43 of 50
43. Question
1 point(s)
An enterprise is using AWS to host its java-based application on EC2 instance. That application can access the DynamoDB table and currently instance serving production based user. How securely an instance can access the DynamoDB table?
Correct
Incorrect
Question 44 of 50
44. Question
1 point(s)
A company uses a cluster Redshift to store its data storage facility. The Internal IT Security team is required to ensure that Redshift database data should be encrypted. How can we accomplish that?
Correct
Incorrect
Question 45 of 50
45. Question
1 point(s)
An enterprise uses S3 to put its critical data and metadata. They want all of their data and metadata to be encrypted. What steps are needed to ensure that metadata is encrypted?
Correct
Incorrect
Question 46 of 50
46. Question
1 point(s)
A security team must submit daily briefings to the CISO containing a report that misses out on the latest security patches on thousands of EC2 instances and on-site servers. All servers must comply within 24 hours to ensure that they do not appear in the report on the next day. How does the security team meet these requirements?
Correct
Incorrect
Question 47 of 50
47. Question
1 point(s)
An organization uses a number of EC2 instances and wants to identify the SG that allows unrestricted access to the resource. How would they fulfill their requirement?
Correct
Incorrect
Question 48 of 50
48. Question
1 point(s)
A company uses AWS KMS service to create customer keys. These keys are used for 6 months and now they are trying to use new KMS features for an existing set of keys but are unable to do that. Why is that?
Correct
Incorrect
Question 49 of 50
49. Question
1 point(s)
For your AWS account, an enterprise has specified privileged users. They are the administrator for key corporate resources. The security authentication for these users is now mandated to improve. How can this be done?
Correct
Incorrect
Question 50 of 50
50. Question
1 point(s)
From the following options, which is not the best practice of security audit?
Correct
Incorrect
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.