Hub for All Education Needs
Correct Answer for the Question – Which steps should be taken to authenticate to AWS services using the companys on-premises Active Directory? is given below A company plans to move most of its IT infrastructure to AWS. The company wants to leverage its existing on-premises Active Directory as an identity provider for AWS.Which steps should be … Read more
Correct Answer for the Question – Which application flow would meet the data protection requirements on AWS? is given below A pharmaceutical company has digitized versions of historical prescriptions stored on premises. The company would like to move these prescriptions to AWS and perform analytics on the data in them. Any operation with this data requires … Read more
Correct Answer for the Question – Which of the following endpoints and corresponding ports? is given below A Systems Engineer has been tasked with configuring outbound mail through Simple Email Service (SES) and requires compliance with current TLS standards.The mail application should be configured to connect to which of the following endpoints and corresponding ports?Reference: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-connect.html … Read more
Correct Answer for the Question – Which approach will meet these requirements and priorities? is given below An application uses Amazon Cognito to manage end users’ permissions when directly accessing AWS resources, including Amazon DynamoDB. A new feature request reads as follows:Provide a mechanism to mark customers as suspended pending investigation or suspended permanently. Customers should … Read more
Correct Answer for the Question – How should the bucket be configured? is given below A company maintains sensitive data in an Amazon S3 bucket that must be protected using an AWS KMS CMK. The company requires that keys be rotated automatically every year. How should the bucket be configured?Reference: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html Select server-side encryption with Amazon … Read more
Correct Answer for the Question – Which action would provide the required functionality? is given below A Security Engineer is looking for a way to control access to data that is being encrypted under a CMK. The Engineer is also looking to use additional authenticated data (AAD) to prevent tampering with ciphertext. Which action would provide … Read more
Correct Answer for the Question – Whereby the attacker is exploiting a bug in a popular mobile game. is given below An organization operates a web application that serves users globally. The application runs on Amazon EC2 instances behind an Application Load Balancer.There is an Amazon CloudFront distribution in front of the load balancer, and the … Read more
Correct Answer for the Question – What is the most efficient way to remediate the risk of this activity? is given below A Security Engineer discovers that developers have been adding rules to security groups that allow SSH and RDP traffic from 0.0.0.0/0 instead of the organization firewall IP.What is the most efficient way to remediate … Read more
Correct Answer for the Question – What must be done to prevent users from accessing the S3 objects directly by using URLs? is given below In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon CloudFront distribution for an Amazon S3 bucket. There is concern that some users may bypass … Read more
Correct Answer for the Question – Which of the following will allow the team to manage AWS KMS permissions in IAM without the complexity of editing individual key policies? is given below A Development team has asked for help configuring the IAM roles and policies in a new AWS account. The team using the account expects … Read more