Free Access to Amazon.AWS-Security-Specialty.v2023-02-20.q450 with Valid Practice Test (Page 2)

Question 1

A company has two AW5 accounts within AWS Organizations. In Account-1. Amazon EC2 Auto Scaling is launched using a service-linked role. In Account-2. Amazon EBS volumes are encrypted with an AWS KMS key A Security Engineer needs to ensure that the service-linked role can launch instances with these encrypted volumes
Which combination of steps should the Security Engineer take in both accounts? (Select TWO.)

A.Attach an IAM policy to the service-linked role in Account-1 that allows these actions CreateGrant. DescnbeKey, Encrypt, GenerateDataKey, Decrypt, and ReEncrypt
B.Attach an IAM policy to the role attached to the EC2 instances with KMS actions and then allow Account-1 in the KMS key policy.
C.Allow Account-1 to access the KMS key in Account-2 using a key policy
D.Attach an IAM policy to the user who is launching EC2 instances and allow the user to access the KMS key policy of Account-2.
E.Create a KMS grant for the service-linked role with these actions CreateGrant, DescnbeKey Encrypt GenerateDataKey Decrypt, and ReEncrypt

Question 2

Your company has many AWS accounts defined and all are managed via AWS Organizations. One AWS account has a S3 bucket that has critical dat
a. How can we ensure that all the users in the AWS organisation have access to this bucket?
Please select:

A.Ensure the bucket policy has a condition which involves aws:PrincipalOrglD
B.Ensure the bucket policy has a condition which involves aws:AccountNumber
C.Ensure the bucket policy has a condition which involves aws:PrincipaliD
D.Ensure the bucket policy has a condition which involves aws:OrglD

Question 3

Your organization is preparing for a security assessment of your use of AWS. In preparation for this assessment, which three IAM best practices should you consider implementing?
Please select:

A.Create individual IAM users
B.Configure MFA on the root account and for privileged IAM users
C.Assign IAM users and groups configured with policies granting least privilege access
D.Ensure all users have been assigned and dre frequently rotating a password, access ID/secret key, and X.509 certificate

Question 4

Your company use AWS KMS for management of its customer keys. From time to time, there is a requirement to delete existing keys as part of housekeeping activities. What can be done during the deletion process to verify that the key is no longer being used.
Please select:

A.Use CloudTrail to see if any KMS API request has been issued against existing keys
B.Use Key policies to see the access level for the keys
C.Rotate the keys once before deletion to see if other services are using the keys
D.Change the IAM policy for the keys to see if other services are using the keys

Question 5

A company has contracted with a third party to audit several AWS accounts. To enable the audit, cross-account IAM roles have been created in each account targeted for audit. The Auditor is having trouble accessing some of the accounts.
Which of the following may be causing this problem? (Choose three.)

A.The secret key used by the Auditor is missing or incorrect.
B.The role ARN used by the Auditor is missing or incorrect.
C.The Auditor has not been granted sts:AssumeRolefor the role in the destination account.
D.The Amazon EC2 role used by the Auditor must be set to the destination account role.
E.The external ID used by the Auditor is missing or incorrect.
F.The Auditor is using the incorrect password.

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File