Which of the following is the best method to quickly an…
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific
IP address block. Your security team has requested that all access from the offending IP address block be denied tor the
next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP
address block?
Which of these solutions would you recommend?
You currently operate a web application in the AWS US-East region. The application runs on an
auto- scaled layer of EC2 instances and an RDS Multi-AZ database. Your IT security compliance
officer has tasked you to develop a reliable and durable logging solution to track changes made
to your EC2, IAM, and RDS resources.
The solution must ensure the integrity and confidentiality of your log data.
Which of these solutions would you recommend?
Which approach addresses this requirement?
Your team Is excited about theuse of AWS because now they have access to programmable Infrastructure. You have
been asked to manage your AWS infrastructure In a manner similar to the way you might manage application code. You
want to be able to deploy exact copies of different versions of your infrastructure, stage changes into different
environments, revert back to previous versions, and identify what versions are running at any particular time (development
test QA. production). Which approach addresses this requirement?
Which of the below are viable mitigation techniques?
You are designing a social media site and are considering how to mitigate distributed denial-ofservice (DDoS) attacks.
Which of the below are viable mitigation techniques? Choose 3 answers
Which VPC configuration works while assuring the databa…
You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). A fleet of web/application
servers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones. Which VPC
configuration works while assuring the database is not available from the Internet?
What should your server-side application do when a new …
You are designing a photo-sharing mobile app. The application will store all pictures in a single
Amazon S3 bucket.
Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view
and download their own pictures directly from Amazon S3.
You want to configure security to handle potentially millions of users in the most secure manner
possible. What should your server-side application do when a new user registers on the photosharing mobile application?
which of the following three credentials should be eval…
When assessing an organization s use of AWS API access credentials which of the following three credentials should be
evaluated? (Choose three.)
Which of these options would allow you to encrypt your …
Your company policies require encryption of sensitive data at rest.
You are considering the possible options for protecting data while storing it at rest on an EBS
data volume, attached to an EC2 instance.
Which of these options would allow you to encrypt your data at rest? Choose 3 answers
what happens to the data on any ephemeral store volumes?
When an EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes?
Which of the following would meet all of these conditions:
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have
access to issue several API commands to discover Amazon EC2 resources running within the
enterprise’s account. The enterprise has internal security policies that require any outside access
to their environment must conform to the principles of least privilege, and there must be controls
in place to ensure that the credentials used by the SaaS vendor cannot be used by any other
third party.
Which of the following would meet all of these conditions: