Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A company is attempting to conduct forensic analysis on an Amazon EC2 instance, but the company is unable to connect to the instance by using AWS Systems Manager Session Manager. The company has installed AWS Systems Manager Agent (SSM Agent) on the EC2 instance.

The EC2 instance is in a subnet in a VPC that does not have an internet gateway attached. The company has associated a security group with the EC2 instance. The security group does not have inbound or outbound rules. The subnet's network ACL allows all inbound and outbound traffic.

Which combination of actions will allow the company to conduct forensic analysis on the EC2 instance without compromising forensic data? (Select THREE.)

A.

Update the EC2 instance security group to add a rule that allows outbound traffic on port 443 for 0.0.0.0/0.

B.

Update the EC2 instance security group to add a rule that allows inbound traffic on port 443 to the VPC's CIDR range.

C.

Create an EC2 key pair. Associate the key pair with the EC2 instance.

D.

Create a VPC interface endpoint for Systems Manager in the VPC where the EC2 instance islocated.

E.

Attach a security group to the VPC interface endpoint. Allow inbound traffic on port 443 to the VPC's CIDR range.

F.

Create a VPC interface endpoint for the EC2 instance in the VPC where the EC2 instance is located.

A security engineer is working with a company to design an ecommerce application. The application will run on Amazon EC2 instances that run in an Auto Scaling group behind an Application Load Balancer (ALB). The application will use an Amazon RDS DB instance for its database.

The only required connectivity from the internet is for HTTP and HTTPS traffic to the application. The application must communicate with an external payment provider that allows traffic only from a preconfigured allow list of IP addresses. The company must ensure that communications with the external payment provider are not interrupted as the environment scales.

Which combination of actions should the security engineer recommend to meet these requirements? (Select THREE.)

A.

Deploy a NAT gateway in each private subnet for every Availability Zone that is in use.

B.

Place the DB instance in a public subnet.

C.

Place the DB instance in a private subnet.

D.

Configure the Auto Scaling group to place the EC2 instances in a public subnet.

E.

Configure the Auto Scaling group to place the EC2 instances in a private subnet.

F.

Deploy the ALB in a private subnet.

A company is running its workloads in a single AWS Region and uses AWS Organizations. A security engineer must implement a solution to prevent users from launching resources in other Regions.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Create an IAM policy that has an aws RequestedRegion condition that allows actions only in the designated Region Attach the policy to all users.

B.

Create an I AM policy that has an aws RequestedRegion condition that denies actions that are not in the designated Region Attach the policy to the AWS account in AWS Organizations.

C.

Create an IAM policy that has an aws RequestedRegion condition that allows the desired actions Attach the policy only to the users who are in the designated Region.

D.

Create an SCP that has an aws RequestedRegion condition that denies actions that are not in the designated Region. Attach the SCP to the AWS account in AWS Organizations.

A corporation is preparing to acquire several companies. A Security Engineer must design a solution to ensure that newly acquired IAM accounts follow the corporation's security best practices. The solution should monitor each Amazon S3 bucket for unrestricted public write access and use IAM managed services.

What should the Security Engineer do to meet these requirements?

A.

Configure Amazon Macie to continuously check the configuration of all S3 buckets.

B.

Enable IAM Config to check the configuration of each S3 bucket.

C.

Set up IAM Systems Manager to monitor S3 bucket policies for public write access.

D.

Configure an Amazon EC2 instance to have an IAM role and a cron job that checks the status of all S3 buckets.

Your company uses IAM to host its resources. They have the following requirements

1) Record all API calls and Transitions

2) Help in understanding what resources are there in the account

3) Facility to allow auditing credentials and logins Which services would suffice the above requirements

Please select:

A.

IAM Inspector, CloudTrail, IAM Credential Reports

B.

CloudTrail. IAM Credential Reports, IAM SNS

C.

CloudTrail, IAM Config, IAM Credential Reports

D.

IAM SQS, IAM Credential Reports, CloudTrail