Topic 1, Volume A
You are currently hosting multiple applications in a VPC and have logged numerous port scans
coming in from a specific IP address block. Your security team has requested that all access
from the offending IP address block be denied tor the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the
specified IP address block?
A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny
access from the IP address block
B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from
the IP address block
C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your
organization uses in that VPC to deny access from the IP address block
When preparing for a compliance assessment of your system built inside of AWS. what are
three best-practices for you to prepare for anaudit?
(Choose 3 answers)
A. Gather evidence of your IT operational controls
B. Request and obtain applicable third-party audited AWS compliance reports and certifications
C. Request and obtain a compliance and security tour of an AWS data center for a pre-
assessment security review
D. Request and obtain approval from AWS to perform relevant network scans and in-depth
penetration tests of your system's Instances and endpoints
E. Schedule meetings with AWS's third-party auditors to provide evidence of AWS compliance
that maps to your control objectives
Answer(s): B, D, E
You have started a new job and are reviewing your company's infrastructure on AWS You
notice one web application where they have an Elastic Load Balancer (&B) in front of web
instances in an Auto Scaling Group When you check the metrics for the ELB in CloudWatch you
see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero
What do you need to fix to balance the instances across AZs?
A. Set the ELB to only be attached to another AZ
B. Make sure Auto Scaling is configured to launch in both AZs
C. Make sure your AMI is available in both AZs