[Aug 03, 2022] Amazon AWS-Security-Specialty Exam Dumps Files, Q1/271: Your company is planning on developing an application in AWS. This is a web based application. The application

Join the discussion

Question 1/271

Your company is planning on developing an application in AWS. This is a web based application. The application users will use their facebook or google identities for authentication. You want to have the ability to manage user profiles without having to add extra coding to manage this. Which of the below would assist in this.
Please select:

A. Create an OlDC identity provider in AWS

B. Create a SAML provider in AWS

C. Use AWS Cognito to manage the user profiles

D. Use IAM users to manage the user profiles

Add Comments

Other Question (271q): Q1. Your company is planning on developing an application in AWS. This is a web based applicat...; Q2. AWS CloudTrail is being used to monitor API calls in an organization. An audit revealed th...; Q3. An organization has three applications running on AWS, each accessing the same data on Ama...; Q4. You have an EC2 instance with the following security configured: a. ICMP inbound allowed o...; Q5. A company is using AWS Organizations to manage multiple AWS accounts. The company has an a...; Q6. An application is currently secured using network access control lists and security groups...; Q7. An organizational must establish the ability to delete an AWS KMS Customer Master Key (CMK...; Q8. A company's web application is hosted on Amazon EC2 instances running behind an Applicatio...; Q9. To meet regulatory requirements, a Security Engineer needs to implement an IAM policy that...; Q10. A Developer signed in to a new account within an AWS Organizations organizations unit (OU)...; Q11. The Information Technology department has stopped using Classic Load Balancers and switche...; Q12. You are planning on using the AWS KMS service for managing keys for your application. For ...; Q13. A Security Engineer must enforce the use of only Amazon EC2, Amazon S3, Amazon RDS, Amazon...; Q14. A Security Engineer has created an Amazon CloudWatch event that invokes an AWS Lambda func...; Q15. You want to ensure that you keep a check on the Active EBS Volumes, Active snapshots and E...; Q16. During a recent security audit, it was discovered that multiple teams in a large organizat...; Q17. Example.com is hosted on Amazon EC2 instance behind an Application Load Balancer (ALB). Th...; Q18. A company's database developer has just migrated an Amazon RDS database credential to be s...; Q19. Due to new compliance requirements, a Security Engineer must enable encryption with custom...; Q20. You are responsible to deploying a critical application onto AWS. Part of the requirements...; Q21. A company uses Microsoft Active Directory for access management for on-premises resources ...; Q22. A company has been using the AW5 KMS service for managing its keys. They are planning on c...; Q23. An employee accidentally exposed an AWS access key and secret access key during a public p...; Q24. An IAM user with fill EC2 permissions could bot start an Amazon EC2 instance after it was ...; Q25. You are planning on using the AWS KMS service for managing keys for your application. For ...; Q26. You are designing a custom IAM policy that would allow uses to list buckets in S3 only if ...; Q27. A company has set up the following structure to ensure that their S3 buckets always have l...; Q28. A Security Administrator at a university is configuring a fleet of Amazon EC2 instances. T...; Q29. An Application Developer is using an AWS Lambda function that must use AWS KMS to perform ...; Q30. A Security Engineer for a large company is managing a data processing application used by ...; Q31. A company has resources hosted in their AWS Account. There is a requirement to monitor all...; Q32. A Security Engineer who was reviewing AWS Key Management Service (AWS KMS) key policies fo...; Q33. A company uses HTTP Live Streaming (HLS) to stream live video content to paying subscriber...; Q34. A Security Engineer for a large company is managing a data processing application used by ...; Q35. A company is collecting AWS CloudTrail log data from multiple AWS accounts by managing ind...; Q36. A financial institution has the following security requirements: * Cloud-based users must ...; Q37. Your company has just started using AWS and created an AWS account. They are aware of the ...; Q38. Your company has created a set of keys using the AWS KMS service. They need to ensure that...; Q39. Your company has many AWS accounts defined and all are managed via AWS Organizations. One ...; Q40. An application has a requirement to be resilient across not only Availability Zones within...; Q41. A company has an existing AWS account and a set of critical resources hosted in that accou...; Q42. Your company is planning on using AWS EC2 and ELB for deployment for their web application...; Q43. The Development team receives an error message each time the team members attempt to encry...; Q44. A company wants to deploy a distributed web application on a fleet of EC2 instances. The f...; Q45. A company hosts data in S3. There is a requirement to control access to the S3 buckets. Wh...; Q46. Your company has a set of EC2 Instances that are placed behind an ELB. Some of the applica...; Q47. Company policy requires that all insecure server protocols, such as FTP, Telnet, HTTP, etc...; Q48. Some highly sensitive analytics workloads are to be moved to Amazon EC2 hosts. Threat mode...; Q49. An AWS account administrator created an IAM group and applied the following managed policy...; Q50. A company has recently recovered from a security incident that required the restoration of...; Q51. A Security Engineer is looking for a way to control access to data that is being encrypted...; Q52. A company wants to have an Intrusion detection system available for their VPC in AWS. They...; Q53. A large corporation is creating a multi-account strategy and needs to determine how its em...; Q54. Your company use AWS KMS for management of its customer keys. From time to time, there is ...; Q55. A company has contracted with a third party to audit several AWS accounts. To enable the a...; Q56. What is the result of the following bucket policy? (Exhibit) Choose the correct answer: Pl...; Q57. You want to track access requests for a particular S3 bucket. How can you achieve this in ...; Q58. Which approach will generate automated security alerts should too many unauthorized AWS AP...; Q59. Example.com hosts its internal document repository on Amazon EC2 instances. The applicatio...; Q60. An Application team has requested a new AWS KMS master key for use with Amazon S3, but the...; Q61. The Security Engineer is managing a web application that processes highly sensitive person...; Q62. An organization has tens of applications deployed on thousands of Amazon EC2 instances. Du...; Q63. An organization policy states that all encryption keys must be automatically rotated every...; Q64. An organization has setup multiple IAM users. The organization wants that each IAM user ac...; Q65. A company uses SAML federation with AWS Identity and Access Management (IAM) to provide in...; Q66. Your company has been using AWS for hosting EC2 Instances for their web and database appli...; Q67. A Security Engineer is trying to determine whether the encryption keys used in an AWS serv...; Q68. A company has an application hosted in an Amazon EC2 instance and wants the application to...; Q69. A company is developing a highly resilient application to be hosted on multiple Amazon EC2...; Q70. A company has two AWS accounts, each containing one VPC. The first VPC has a VPN connectio...; Q71. What are the MOST secure ways to protect the AWS account root user of a recently opened AW...; Q72. A Security Engineer is building a Java application that is running on Amazon EC2. The appl...; Q73. A company uses HTTP Live Streaming (HLS) to stream live video content to paying subscriber...; Q74. A company is designing the securely architecture (or a global latency-sensitive web applic...; Q75. A company has multiple AWS accounts that are part of AW5 Organizations. The company's Secu...; Q76. A Security Engineer discovers that developers have been adding rules to security groups th...; Q77. Your organization is preparing for a security assessment of your use of AWS. In preparatio...; Q78. A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance...; Q79. A company has a customer master key (CMK) with imported key materials. Company policy requ...; Q80. A Security Engineer is working with a Product team building a web application on AWS. The ...; Q81. Which of the following is the correct sequence of how KMS manages the keys when used along...; Q82. An organization is using Amazon CloudWatch Logs with agents deployed on its Linux Amazon E...; Q83. Which of the following is the most efficient way to automate the encryption of AWS CloudTr...; Q84. You need to inspect the running processes on an EC2 Instance that may have a security issu...; Q85. A company plans to use custom AMIs to launch Amazon EC2 instances across multiple AWS acco...; Q86. Which of the following is not a best practice for carrying out a security audit? Please se...; Q87. A company has a large set of keys defined in AWS KMS. Their developers frequently use the ...; Q88. A company is planning on using AWS for hosting their applications. They want complete sepa...; Q89. A Security Administrator is configuring an Amazon S3 bucket and must meet the following se...; Q90. You have an EBS volume attached to an EC2 Instance which uses KMS for Encryption. Someone ...; Q91. Your team is designing a web application. The users for this web application would need to...; Q92. A Network Load Balancer (NLB) target instance is not entering the InService state. A secur...; Q93. How can you ensure that instance in an VPC does not use AWS DNS for routing DNS requests. ...; Q94. You have an Ec2 Instance in a private subnet which needs to access the KMS service. Which ...; Q95. A company continually generates sensitive records that it stores in an S3 bucket. All obje...; Q96. A company uses AWS Organization to manage 50 AWS accounts. The finance staff members log i...; Q97. A company has an AWS account and allows a third-party contractor who uses another AWS acco...; Q98. A company recently experienced a DDoS attack that prevented its web server from serving co...; Q99. You have a set of Keys defined using the AWS KMS service. You want to stop using a couple ...; Q100. A company has a requirement to create a DynamoDB table. The company's software architect h...; Q101. Amazon CloudWatch Logs agent is successfully delivering logs to the CloudWatch Logs servic...; Q102. A company is planning to run a number of Admin related scripts using the AWS Lambda servic...; Q103. Your company has just set up a new central server in a VPC. There is a requirement for oth...; Q104. A company has a customer master key (CMK) with imported key materials. Company policy requ...; Q105. A company has several production AWS accounts and a central security AWS account. The secu...; Q106. Your company has defined a number of EC2 Instances over a period of 6 months. They want to...; Q107. A company's Security Auditor discovers that users are able to assume roles without using m...; Q108. A company has a set of resources defined in AWS. It is mandated that all API calls to the ...; Q109. A company wants to use Cloudtrail for logging all API activity. They want to segregate the...; Q110. Your company has been using AWS for hosting EC2 Instances for their web and database appli...; Q111. The Security team believes that a former employee may have gained unauthorized access to A...; Q112. A company has a serverless application for internal users deployed on AWS. The application...; Q113. You are designing a custom 1AM policy that would allow uses to list buckets in S3 only if ...; Q114. For compliance reasons, an organization limits the use of resources to three specific AWS ...; Q115. A security team is creating a response plan in the event an employee executes unauthorized...; Q116. A company requires that IP packet data be inspected for invalid or malicious content. Whic...; Q117. You are planning to use AWS Configto check the configuration of the resources in your AWS ...; Q118. You need to ensure that objects in an S3 bucket are available in another region. This is b...; Q119. A windows machine in one VPC needs to join the AD domain in another VPC. VPC Peering has b...; Q120. You have setup a set of applications across 2 VPC's. You have also setup VPC Peering. The ...; Q121. A large organization is planning on AWS to host their resources. They have a number of aut...; Q122. An Application Developer is using an AWS Lambda function that must use AWS KMS to perform ...; Q123. A water utility company uses a number of Amazon EC2 instances to manage updates to a fleet...; Q124. A company's AWS account consists of approximately 300 IAM users. Now there is a mandate th...; Q125. A company uses AWS Organization to manage 50 AWS accounts. The finance staff members logs ...; Q126. A Security Engineer has been asked to create an automated process to disable IAM user acce...; Q127. A Security Engineer must implement mutually authenticated TLS connections between containe...; Q128. A recent security audit found that AWS CloudTrail logs are insufficiently protected from t...; Q129. Your development team has started using AWS resources for development purposes. The AWS ac...; Q130. There is a set of Ec2 Instances in a private subnet. The application hosted on these EC2 I...; Q131. A company's database developer has just migrated an Amazon RDS database credential to be s...; Q132. Your developer is using the KMS service and an assigned key in their Java program. They ge...; Q133. A company wants to ensure that its AWS resources can be launched only in the us-east-1 and...; Q134. Your company has a requirement to work with a DynamoDB table. There is a security mandate ...; Q135. A Developer is building a serverless application that uses Amazon API Gateway as the front...; Q136. An company is using AWS Secrets Manager to store secrets that are encrypted using a CMK an...; Q137. Your CTO is very worried about the security of your AWS account. How best can you prevent ...; Q138. A company is building a data lake on Amazon S3. The data consists of millions of small fil...; Q139. Your development team has started using AWS resources for development purposes. The AWS ac...; Q140. A security engineer must ensure that all infrastructure launched in the company AWS accoun...; Q141. For compliance reasons a Security Engineer must produce a weekly report that lists any ins...; Q142. An organization has launched 5 instances: 2 for production and 3 for testing. The organiza...; Q143. The AWS Systems Manager Parameter Store is being used to store database passwords used by ...; Q144. A company has a VPC with several Amazon EC2 instances behind a NAT gateway. The company's ...; Q145. An organization is moving non-business-critical applications to AWS while maintaining a mi...; Q146. Unapproved changes were previously made to a company's Amazon S3 bucket. A security engine...; Q147. Which of the following are valid event sources that are associated with web access control...; Q148. Your IT Security team has advised to carry out a penetration test on the resources in thei...; Q149. The InfoSec team has mandated that in the future only approved Amazon Machine Images (AMIs...; Q150. You have been given a new brief from your supervisor for a client who needs a web applicat...; Q151. Your company looks at the gaming domain and hosts several Ec2 Instances as game servers. T...; Q152. An organization is using AWS CloudTrail, Amazon CloudWatch Logs, and Amazon CloudWatch to ...; Q153. A company's AWS account consists of approximately 300 IAM users. Now there is a mandate th...; Q154. Your company has created a set of keys using the AWS KMS service. They need to ensure that...; Q155. A company has set up EC2 instances on the AW5 Cloud. There is a need to see all the IP add...; Q156. During a security event, it is discovered that some Amazon EC2 instances have not been sen...; Q157. AWS CloudTrail is being used to monitor API calls in an organization. An audit revealed th...; Q158. A company wants to have an Intrusion detection system available for their VPC in AWS. They...; Q159. A Security Engineer must implement mutually authenticated TLS connections between containe...; Q160. One of your company's EC2 Instances have been compromised. The company has strict po thoro...; Q161. Which of the below services can be integrated with the AWS Web application firewall servic...; Q162. You currently operate a web application In the AWS US-East region. The application runs on...; Q163. A company will store sensitive documents in three Amazon S3 buckets based on a data classi...; Q164. An IAM user with fill EC2 permissions could bot start an Amazon EC2 instance after it was ...; Q165. A Developer is creating an AWS Lambda function that requires environment variables to stor...; Q166. A Developer signed in to a new account within an AWS Organizations organizations unit (OU)...; Q167. Your application currently uses customer keys which are generated via AWS KMS in the US ea...; Q168. A Software Engineer is trying to figure out why network connectivity to an Amazon EC2 inst...; Q169. An organization has tens of applications deployed on thousands of Amazon EC2 instances. Du...; Q170. Which option for the use of the AWS Key Management Service (KMS) supports key management b...; Q171. A Security Engineer is implementing a solution to allow users to seamlessly encrypt Amazon...; Q172. An organization policy states that all encryption keys must be automatically rotated every...; Q173. You work at a company that makes use of AWS resources. One of the key security policies is...; Q174. A large corporation is creating a multi-account strategy and needs to determine how its em...; Q175. Your company has an external web site. This web site needs to access the objects in an S3 ...; Q176. Your company has just started using AWS and created an AWS account. They are aware of the ...; Q177. In response to the past DDoS attack experiences, a Security Engineer has set up an Amazon ...; Q178. After a recent security audit involving Amazon S3, a company has asked assistance reviewin...; Q179. A company stores critical data in an S3 bucket. There is a requirement to ensure that an e...; Q180. A company's policy requires that all API keys be encrypted and stored separately from sour...; Q181. DDoS attacks that happen at the application layer commonly target web applications with lo...; Q182. A company uses a third-party identity provider and SAML-based SSO for its AWS accounts Aft...; Q183. An organization has setup multiple IAM users. The organization wants that each IAM user ac...; Q184. A company has two AWS accounts, each containing one VPC. The first VPC has a VPN connectio...; Q185. A distributed web application is installed across several EC2 instances in public subnets ...; Q186. Which of the following is used as a secure way to log into an EC2 Linux Instance? Please s...; Q187. Your company is hosting a set of EC2 Instances in AWS. They want to have the ability to de...; Q188. A Security Administrator is configuring an Amazon S3 bucket and must meet the following se...; Q189. An organization is using AWS CloudTrail, Amazon CloudWatch Logs, and Amazon CloudWatch to ...; Q190. A Security Administrator is performing a log analysis as a result of a suspected AWS accou...; Q191. A financial institution has the following security requirements: * Cloud-based users must ...; Q192. The Security Engineer for a mobile game has to implement a method to authenticate users so...; Q193. You need to establish a secure backup and archiving solution for your company, using AWS. ...; Q194. Your company has a set of EC2 Instances defined in AWS. These Ec2 Instances have strict se...; Q195. A company uses Microsoft Active Directory for access management for on-premises resources,...; Q196. A distributed web application is installed across several EC2 instances in public subnets ...; Q197. A Security Analyst attempted to troubleshoot the monitoring of suspicious security group c...; Q198. An ecommerce website was down for 1 hour following a DDoS attack. Users were unable to con...; Q199. Your company has an external web site. This web site needs to access the objects in an S3 ...; Q200. When managing permissions for the API gateway, what can be used to ensure that the right l...; Q201. A Security Engineer is setting up an AWS CloudTrail trail for all regions in an AWS accoun...; Q202. An employee accidentally exposed an AWS access key and secret access key during a public p...; Q203. A company's AWS account consists of approximately 300 IAM users. Now there is a mandate th...; Q204. An application running on EC2 instances processes sensitive information stored on Amazon S...; Q205. Your company is planning on developing an application in AWS. This is a web based applicat...; Q206. An organization receives an alert that indicates that an EC2 instance behind an ELB Classi...; Q207. A company is setting up products to deploy in AWS Service Catalog. Management is concerned...; Q208. You have several S3 buckets defined in your AWS account. You need to give access to extern...; Q209. A company has a large set of keys defined in AWS KMS. Their developers frequently use the ...; Q210. You are designing a custom 1AM policy that would allow uses to list buckets in S3 only if ...; Q211. A company has a serverless application for internal users deployed on AWS. The application...; Q212. A company plans to create individual child accounts within an existing organization in AWS...; Q213. A security engineer must ensure that all infrastructure launched in the company AWS accoun...; Q214. Due to new compliance requirements, a Security Engineer must enable encryption with custom...; Q215. A company's security policy requires that VPC Flow Logs are enabled on all VPCs. A Securit...; Q216. An EC2 Instance hosts a Java based application that access a DynamoDB table. This EC2 Inst...; Q217. A security engineer needs to configure monitoring and auditing for AWS Lambda. Which combi...; Q218. An Amazon S3 bucket is encrypted using an AWS KMS CMK. An IAM user is unable to download o...; Q219. A company runs an application on AWS that needs to be accessed only by employees. Most emp...; Q220. Your company has a hybrid environment, with on-premise servers and servers hosted in the A...; Q221. A company manages multiple AWS accounts using AWS Organizations. The company's security te...; Q222. A company is collecting AWS CloudTrail log data from multiple AWS accounts by managing ind...; Q223. You have a bucket and a VPC defined in AWS. You need to ensure that the bucket can only be...; Q224. The Accounting department at Example Corp. has made a decision to hire a third-party firm,...; Q225. A company has two AWS accounts, each containing one VPC. The first VPC has a VPN connectio...; Q226. An application is currently secured using network access control lists and security groups...; Q227. A company had one of its Amazon EC2 key pairs compromised. A Security Engineer must identi...; Q228. A large company wants its Compliance team to audit its Amazon S3 buckets to identify if pe...; Q229. An employee accidentally exposed an AWS access key and secret access key during a public p...; Q230. What is the function of the following AWS Key Management Service (KMS) key policy attached...; Q231. You are working in the media industry and you have created a web application where users w...; Q232. A Development team has built an experimental environment to test a simple static web appli...; Q233. A Security Engineer is working with a Product team building a web application on AWS. The ...; Q234. A company's Security Engineer is copying all application logs to centralized Amazon S3 buc...; Q235. A Security Engineer must add additional protection to a legacy web application by adding t...; Q236. A Security Engineer creates an Amazon S3 bucket policy that denies access to all users. A ...; Q237. Your company has confidential documents stored in the simple storage service. Due to compl...; Q238. A Security Engineer has been asked to troubleshoot inbound connectivity to a web server. T...; Q239. A Security Administrator is performing a log analysis as a result of a suspected AWS accou...; Q240. The Security Engineer is managing a traditional three-tier web application that is running...; Q241. Developers in an organization have moved from a standard application deployment to contain...; Q242. A Development team has built an experimental environment to test a simple stale web applic...; Q243. A Security Engineer has been asked to troubleshoot inbound connectivity to a web server. T...; Q244. A Security Administrator has a website hosted in Amazon S3. The Administrator has been giv...; Q245. A Security Engineer has created an Amazon CloudWatch event that invokes an AWS Lambda func...; Q246. Users report intermittent availability of a web application hosted on AWS. Monitoring syst...; Q247. A company has enabled Amazon GuardDuty in all Regions as part of its security monitoring s...; Q248. Your team is designing a web application. The users for this web application would need to...; Q249. A Security Analyst attempted to troubleshoot the monitoring of suspicious security group c...; Q250. Which of the following bucket policies will ensure that objects being uploaded to a bucket...; Q251. An organization has launched 5 instances: 2 for production and 3 for testing. The organiza...; Q252. A company has a legacy application that outputs all logs to a local text file. Logs from a...; Q253. A Systems Engineer has been tasked with configuring outbound mail through Simple Email Ser...; Q254. Which of the following is not a best practice for carrying out a security audit? Please se...; Q255. A company has hundreds of AWS accounts, and a centralized Amazon S3 bucket used to collect...; Q256. How can you ensure that instance in an VPC does not use AWS DNS for routing DNS requests. ...; Q257. After multiple compromises of its Amazon EC2 instances, a company's Security Officer is ma...; Q258. Some highly sensitive analytics workloads are to be moved to Amazon EC2 hosts. Threat mode...; Q259. A company will store sensitive documents in three Amazon S3 buckets based on a data classi...; Q260. Your team is designing a web application. The users for this web application would need to...; Q261. Which of the following is the responsibility of the customer? Choose 2 answers from the op...; Q262. An application running on EC2 instances in a VPC must call an external web service via TLS...; Q263. You have a set of Customer keys created using the AWS KMS service. These keys have been us...; Q264. An AWS Lambda function was misused to alter data, and a Security Engineer must identify wh...; Q265. A company has two AWS accounts, each containing one VPC. The first VPC has a VPN connectio...; Q266. Your application currently uses customer keys which are generated via AWS KMS in the US ea...; Q267. An organization operates a web application that serves users globally. The application run...; Q268. You have a requirement to serve up private content using the keys available with Cloudfron...; Q269. A Security Engineer launches two Amazon EC2 instances in the same Amazon VPC but in separa...; Q270. A company deployed AWS Organizations to help manage its increasing number of AWS accounts....; Q271. A Systems Administrator has written the following Amazon S3 bucket policy designed to allo...

Join the discussion

Question 1/271

Add Comments

Download PDF File