AWS Certified Security - Specialty
QUESTION: 1
The Security team believes that a former employee may have gained unauthorized access to
AWS resources sometime in the past 3 months by using an identified access key.

What approach would enable the Security team to find out what the former employee may have
done within AWS?

A. Use the AWS CloudTrail console to search for user activity.
B. Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
C. Use AWS Config to see what actions were taken by the user.
D. Use Amazon Athena to query CloudTrail logs stored in Amazon S3.

Answer(s): A
QUESTION: 2
The Security Engineer implemented a new vault lock policy for 10TB of data and called initiate-
vault- lock 12 hours ago. The Audit team identified a typo that is allowing incorrect access to the
vault.
What is the MOST cost-effective way to correct this?

A. Call the abort-vault-lock operation, fix the typo, and call the initiate-vault-lock again.
B. Copy the vault data to Amazon S3, delete the vault, and create a new vault with the data.
C. Update the policy, keeping the vault lock in place.
D. Update the policy and call initiate-vault-lock again to apply the new policy.

Answer(s): A
QUESTION: 3
A company wants to control access to its AWS resources by using identities and groups that are
defined in its existing Microsoft Active Directory.

What must the company create in its AWS account to map permissions for AWS services to
Active Directory user attributes?

A. AWS IAM groups
B. AWS IAM users
C. AWS IAM roles
D. AWS IAM access keys

Answer(s): C
Reference:

https://Xcerts.com
2