CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified Security - Specialty

Free AWS Certified Security - Specialty Exam Braindumps (page: 2)

Page 2 of 63
PDF with 249 Questions

Which of the following bucket policies will ensure that objects being uploaded to a bucket called 'demo' are encrypted.





Answer(s): A

Explanation:

The condition of "s3:x-amz-server-side-encryption":"IAM:kms" ensures that objects uploaded need to be encrypted.

Options B,C and D are invalid because you have to ensure the condition of ns3:x-amz-server-side- encryption":"IAM:kms" is present.

For more information on IAM KMS best practices, just browse to the below URL:

https://dl.IAMstatic.com/whitepapers/IAM-kms-best-praaices.pdf.



Submit your Feedback/Queries to our Expert.



A company's IAM account consists of approximately 300 IAM users. Now there is a mandate that an access change is required for 100 IAM users to have unlimited privileges to S3.As a system administrator, how can you implement this effectively so that there is no need to apply the policy at the individual user level?

  1. Create a new role and add each user to the IAM role.
  2. Use the IAM groups and add users, based upon their role, to different groups and apply the policy to group.
  3. Create a policy and apply it to multiple users using a JSON script.
  4. Create an S3 bucket policy with unlimited access which includes each user's IAM account ID

Answer(s): B

Explanation:

Option A is incorrect since you don't add a user to the IAM Role.

Option C is incorrect since you don't assign multiple users to a policy.

Option D is incorrect since this is not an ideal approach.

An IAM group is used to collectively manage users who need the same set of permissions. By having groups, it becomes easier to manage permissions. So if you change the permissions on the group scale, it will affect all the users in that group.

For more information on IAM Groups, just browse to the below URL:

https://docs.IAM.amazon.com/IAM/latest/UserGuide/id_eroups.html.

The correct answer is: Use the IAM groups and add users, based upon their role, to different groups and apply the policy to group.



You need to create a policy and apply it for just an individual user. How could you accomplish this in the right way?

  1. Add an IAM managed policy for the user.
  2. Add a service policy for the user.
  3. Add an IAM role for the user.
  4. Add an inline policy for the user.

Answer(s): D

Explanation:

Options A and B are incorrect since you need to add an inline policy just for the user.

Option C is invalid because you don't assign an IAM role to a user.

The IAM Documentation mentions the following.

An inline policy is a policy that's embedded in a principal entity (a user, group, or role)--that is, the policy is an inherent part of the principal entity. You can create a policy and embed it in a principal entity, either when you create the principal entity or later.

For more information on IAM Access and Inline policies, just browse to the below URL:

https://docs.IAM.amazon.com/IAM/latest/UserGuide/access.

The correct answer is: Add an inline policy for the user



Your company is planning on using bastion hosts for administering the servers in IAM.
Which of the following is the best description of a bastion host from a security perspective?

  1. A Bastion host should be on a private subnet and never a public subnet due to security concerns.
  2. A Bastion host sits on the outside of an internal network and is used as a gateway into the private network and is considered the critical strong point of the network.
  3. Bastion hosts allow users to log in using RDP or SSH and use that session to S5H into internal network to access private subnet resources.
  4. A Bastion host should maintain extremely tight security and monitoring as it is available to the public.

Answer(s): C

Explanation:

A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.

In IAM, A bastion host is kept on a public subnet. Users log on to the bastion host via SSH or RDP and then use that session to manage other hosts in the private subnets.

Options A and B are invalid because the bastion host needs to sit on the public network. Option D is invalid because bastion hosts are not used for monitoring For more information on bastion hosts, just browse to the below URL:

https://docsIAM.amazon.com/quickstart/latest/linux-bastion/architecture.htl.

The correct answer is: Bastion hosts allow users to log in using RDP or SSH and use that session to SSH into internal network to access private subnet resources.



Page 2 of 63



Post your Comments and Discuss Amazon AWS Certified Security - Specialty exam with other Community members:

P commented on September 16, 2023
ok they re good
Anonymous
upvote

P commented on September 16, 2023
Ok they re good
Anonymous
upvote

Julianne commented on November 07, 2022
I have taken this exam before with no success. It is satisfying to see familiar questions from real exam in your exam dumps questions.
SINGAPORE
upvote

Pat commented on October 15, 2021
For everyone else thinking of taking this exam, this exam dumps is an absolutely fantastic resource and one that is going to certainly help you pass the exam.
UNITED STATES
upvote

Mx commented on October 13, 2021
excellent document
UNITED STATES
upvote

Dreamer commented on August 10, 2021
Excellent questions and answers.
UNITED STATES
upvote