AWS Certified Security Page1 (Dumps)
Question No:-1
|
The Security team believes that a former employee may have gained unauthorized access to AWS resources sometime in the past 3 months by using an identified access key.
What approach would enable the Security team to find out what the former employee may have done within AWS?
1. Use the AWS CloudTrail console to search for user activity.
2. Use the Amazon CloudWatch Logs console to filter CloudTrail data by user.
3. Use AWS Config to see what actions were taken by the user.
4. Use Amazon Athena to query CloudTrail logs stored in Amazon S3.
Answer:-1. Use the AWS CloudTrail console to search for user activity.
Most user choose there answer as given below
|
|
Question No:-2
|
A company is storing data in Amazon S3 Glacier. The security engineer implemented a new vault lock policy for 10TB of data and called initiate-vault-lock operation 12 hours ago. The audit team identified a typo in the policy that is allowing unintended access to the vault.
What is the MOST cost-effective way to correct this?
1. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.
2. Copy the vault data to a new S3 bucket. Delete the vault. Create a new vault with the data.
3. Update the policy to keep the vault lock in place.
4. Update the policy. Call initiate-vault-lock operation again to apply the new policy.
Answer:-1. Call the abort-vault-lock operation. Update the policy. Call the initiate-vault-lock operation again.
Most user choose there answer as given below
|
|
Question No:-3
|
A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory.
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
1. AWS IAM groups
2. AWS IAM users
3. AWS IAM roles
4. AWS IAM access keys
|
Question No:-4
|
A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The Auditor is having trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)
1. The external ID used by the Auditor is missing or incorrect.
2. The Auditor is using the incorrect password.
3. The Auditor has not been granted sts:AssumeRole for the role in the destination account.
4. The Amazon EC2 role used by the Auditor must be set to the destination account role.
5. The secret key used by the Auditor is missing or incorrect.
6. The role ARN used by the Auditor is missing or incorrect.
Answer:-(1),(3) and (6)
Most user choose there answer as given below
|
|
Question No:-5
|
Your organization's Sales Department uses a generic user account (sales@company.com) to manage requests. With only one employee responsible for managing the departmental account, you are tasked with providing the department with the most efficient means to allow multiple employees various levels of access and manage requests from a common email address.
What should you do?
1. Configure a Google Group as an email list.
2. Delegate email access to department employees.
3. Configure a Google Group as a collaborative inbox.
4. Configure a Google Group, and set the Access Level to Announcement Only.
Answer:-3. Configure a Google Group as a collaborative inbox.
|
|
|