CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified Security - Specialty

Free AWS Certified Security - Specialty Exam Braindumps (page: 11)

Page 11 of 63
PDF with 249 Questions

During a manual review of system logs from an Amazon Linux EC2 instance, a Security Engineer noticed that there are sudo commands that were never properly alerted or reported on the Amazon CloudWatch Logs agent.

Why were there no alerts on the sudo commands?

  1. There is a security group blocking outbound port 80 traffic that is preventing the agent from sending the logs.
  2. The IAM instance profile on the EC2 instance was not properly configured to allow the CloudWatch Logs agent to push the logs to CloudWatch.
  3. CloudWatch Logs status is set to ON versus SECURE, which prevents it from pulling in OS security event logs.
  4. The VPC requires that all traffic go through a proxy, and the CloudWatch Logs agent does not support a proxy configuration.

Answer(s): B

Explanation:

the reason why there were no alerts on the sudo commands. Sudo commands are commands that allow a user to execute commands as another user, usually the superuser or root. CloudWatch Logs agent is a software agent that can send log data from an EC2 instance to CloudWatch Logs, a service that monitors and stores log data. The CloudWatch Logs agent needs an IAM instance profile, which is a container for an IAM role that allows applications running on an EC2 instance to make API requests to AWS services. If the IAM instance profile on the EC2 instance was not properly configured to allow the CloudWatch Logs agent to push the logs to CloudWatch, then there would be no alerts on the sudo commands. The other options are either irrelevant or invalid for explaining why there were no alerts on the sudo commands.



A large corporation is creating a multi-account strategy and needs to determine how its employees should access the IAM infrastructure.

Which of the following solutions would provide the MOST scalable solution?

  1. Create dedicated IAM users within each IAM account that employees can assume through federation based upon group membership in their existing identity provider.
  2. Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider Use cross-account roles to allow the federated users to assume their target role in the resource accounts.
  3. Configure the IAM Security Token Service to use Kerberos tokens so that users can use their existing corporate user names and passwords to access IAM resources directly.
  4. Configure the IAM trust policies within each account's role to set up a trust back to the corporation's existing identity provider allowing users to assume the role based off their SAML token.

Answer(s): B

Explanation:

the most scalable solution for accessing the IAM infrastructure in a multi-account strategy. A multi- account strategy is a way of organizing your AWS resources into multiple IAM accounts for security, billing, and management purposes. Federation is a process that allows users to access AWS resources using credentials from an external identity provider such as Active Directory or SAML. IAM roles are sets of permissions that grant access to AWS resources. Cross-account roles are IAM roles that allow users in one account to access resources in another account. By using a centralized account with IAM roles that employees can assume through federation with their existing identity provider, you can simplify and streamline the access management process. By using cross-account roles to allow the federated users to assume their target role in the resource accounts, you can enable granular and flexible access control across multiple accounts. The other options are either less scalable or less secure for accessing the IAM infrastructure in a multi-account strategy.



An Incident Response team is investigating an IAM access key leak that resulted in Amazon EC2 instances being launched. The company did not discover the incident until many months later The Director of Information Security wants to implement new controls that will alert when similar incidents happen in the future.

Which controls should the company implement to achieve this? {Select TWO.)

  1. Enable VPC Flow Logs in all VPCs Create a scheduled IAM Lambda function that downloads and parses the logs, and sends an Amazon SNS notification for violations.
  2. Use IAM CloudTrail to make a trail, and apply it to all Regions Specify an Amazon S3 bucket to receive all the CloudTrail log files.
  3. Add the following bucket policy to the company's IAM CloudTrail bucket to prevent log tampering {
    "Version": "2012-10-17-,
    "Statement": {
    "Effect": "Deny",
    "Action": "s3:PutObject",
    "Principal": "-",
    "Resource": "arn:IAM:s3:::cloudtrail/IAMLogs/111122223333/*" }
    }
    Create an Amazon S3 data event for an PutObject attempts, which sends notifications to an Amazon SNS topic.
  4. Create a Security Auditor role with permissions to access Amazon CloudWatch Logs m all Regions Ship the logs to an Amazon S3 bucket and make a lifecycle policy to ship the logs to Amazon S3 Glacier.
  5. Verify that Amazon GuardDuty is enabled in all Regions, and create an Amazon CloudWatch Events rule for Amazon GuardDuty findings Add an Amazon SNS topic as the rule's target.

Answer(s): A,E



A company's Security Engineer is copying all application logs to centralized Amazon S3 buckets. Currently, each of the company's applications is in its own IAM account, and logs are pushed into S3

buckets associated with each account. The Engineer will deploy an IAM Lambda function into each account that copies the relevant log files to the centralized S3 bucket.

The Security Engineer is unable to access the log files in the centralized S3 bucket. The Engineer's IAM user policy from the centralized account looks like this:



The centralized S3 bucket policy looks like this:



Why is the Security Engineer unable to access the log files?

  1. The S3 bucket policy does not explicitly allow the Security Engineer access to the objects in the bucket.
  2. The object ACLs are not being updated to allow the users within the centralized account to access the objects.
  3. The Security Engineers IAM policy does not grant permissions to read objects in the S3 bucket.
  4. The s3:PutObject and s3:PutObjectAcl permissions should be applied at the S3 bucket level.

Answer(s): C



Page 11 of 63



Post your Comments and Discuss Amazon AWS Certified Security - Specialty exam with other Community members:

P commented on September 16, 2023
ok they re good
Anonymous
upvote

P commented on September 16, 2023
Ok they re good
Anonymous
upvote

Julianne commented on November 07, 2022
I have taken this exam before with no success. It is satisfying to see familiar questions from real exam in your exam dumps questions.
SINGAPORE
upvote

Pat commented on October 15, 2021
For everyone else thinking of taking this exam, this exam dumps is an absolutely fantastic resource and one that is going to certainly help you pass the exam.
UNITED STATES
upvote

Mx commented on October 13, 2021
excellent document
UNITED STATES
upvote

Dreamer commented on August 10, 2021
Excellent questions and answers.
UNITED STATES
upvote