CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Amazon
  5. AWS Certified Security - Specialty

Free AWS Certified Security - Specialty Exam Braindumps (page: 29)

Page 29 of 63
PDF with 249 Questions

An application team wants to use IAM Certificate Manager (ACM) to request public certificates to ensure that data is secured in transit. The domains that are being used are not currently hosted on Amazon Route 53

The application team wants to use an IAM managed distribution and caching solution to optimize requests to its systems and provide better points of presence to customers The distribution solution will use a primary domain name that is customized The distribution solution also will use several alternative domain names The certificates must renew automatically over an indefinite period of time.

Which combination of steps should the application team take to deploy this architecture? (Select THREE.)

  1. Request a certificate (torn ACM in the us-west-2 Region Add the domain names that the certificate will secure.
  2. Send an email message to the domain administrators to request vacation of the domains for ACM
  3. Request validation of the domains for ACM through DNS Insert CNAME records into each domain's DNS zone.
  4. Create an Application Load Balancer for me caching solution Select the newly requested certificate from ACM to be used for secure connections.
  5. Create an Amazon CloudFront distribution for the caching solution Enter the main CNAME record as the Origin Name Enter the subdomain names or alternate names in the Alternate Domain Names Distribution Settings Select the newly requested certificate from ACM to be used for secure connections.
  6. Request a certificate from ACM in the us-east-1 Region Add the domain names that the certificate wil secure.

Answer(s): C,D,F



A security engineer needs to create an IAM Key Management Service <IAM KMS) key that will De used to encrypt all data stored in a company's Amazon S3 Buckets in the us-west-1 Region. The key will use server-side encryption. Usage of the key must be limited to requests coming from Amazon S3 within the company's account.

Which statement in the KMS key policy will meet these requirements?







Answer(s): A



A business requires a forensic logging solution for hundreds of Docker-based apps running on.

Amazon EC2. The solution must analyze logs in real time, provide message replay, and persist logs.

Which Amazon Web Offerings (IAM) services should be employed to satisfy these requirements? (Select two.)

  1. Amazon Athena.
  2. Amazon Kinesis.
  3. Amazon SQS
  4. Amazon Elasticsearch.
  5. Amazon EMR

Answer(s): B,D



Within a VPC, a corporation runs an Amazon RDS Multi-AZ DB instance. The database instance is connected to the internet through a NAT gateway via two subnets.

Additionally, the organization has application servers that are hosted on Amazon EC2 instances and use the RDS database. These EC2 instances have been deployed onto two more private subnets inside the same VPC. These EC2 instances connect to the internet through a default route via the same NAT gateway. Each VPC subnet has its own route table.

The organization implemented a new security requirement after a recent security examination. Never allow the database instance to connect to the internet. A security engineer must perform this update promptly without interfering with the network traffic of the application servers.

How will the security engineer be able to comply with these requirements?

  1. Remove the existing NAT gateway. Create a new NAT gateway that only the application server subnets can use.
  2. Configure the DB instance TMs inbound network ACL to deny traffic from the security group ID of the NAT gateway.
  3. Modify the route tables of the DB instance subnets to remove the default route to the NAT gateway.
  4. Configure the route table of the NAT gateway to deny connections to the DB instance subnets.

Answer(s): C

Explanation:

Each subnet has a route table, so modify the routing associated with DB instance subnets to prevent internet access.



Page 29 of 63



Post your Comments and Discuss Amazon AWS Certified Security - Specialty exam with other Community members:

P commented on September 16, 2023
ok they re good
Anonymous
upvote

P commented on September 16, 2023
Ok they re good
Anonymous
upvote

Julianne commented on November 07, 2022
I have taken this exam before with no success. It is satisfying to see familiar questions from real exam in your exam dumps questions.
SINGAPORE
upvote

Pat commented on October 15, 2021
For everyone else thinking of taking this exam, this exam dumps is an absolutely fantastic resource and one that is going to certainly help you pass the exam.
UNITED STATES
upvote

Mx commented on October 13, 2021
excellent document
UNITED STATES
upvote

Dreamer commented on August 10, 2021
Excellent questions and answers.
UNITED STATES
upvote