An organization has setup multiple 1AM users. The organization wants that each 1AM user accesses the 1AM console only within the organization and not from outside. How can it achieve this?
Please select:

ACreate an 1AM policy with the security group and use that security group for AWS console login

BCreate an 1AM policy with a condition which denies access when the IP address range is not from the organization

CConfigure the EC2 instance security group which allows traffic only from the organization's IP range

DCreate an 1AM policy with VPC and allow a secure gateway between the organization and AWS Console

1 answers

93 votes

985

Answer Link

Attach the following SCP to the OU that contains this account:

AIn the Amazon EC2 console, select the Always Encrypt new EBS volumes setting for each AWS Region.

BOption

CFor each finding In the audit report, run the ec2 copy-snapshot command and use the encrypted flag specifying an AWS Key Management Service (AWS KMS) CMK

DCreate a private AMI for the company Configure encryption for the private AMI by selecting the custom AMI in the Amazon EC2 console, the destination AWS Region and the source account s AWS Key Management Service (AWS KMS) master key.

1 answers

94 votes

1194

Answer Link

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
* Encryption in transit
* Encryption at rest
* Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)

ASpecify ''aws:SecureTransport'': ''true'' within a condition in the S3 bucket policy.

BEnable a security group for the S3 bucket that allows port 443, but not port 80.

CSet up default encryption for the S3 bucket.

DEnable Amazon CloudWatch Logs for the AWS account.

EEnable API logging of data events for all S3 objects.

FEnable S3 object versioning for the S3 bucket.

1 answers

71 votes

1318

A, C, E

Answer Link

A financial institution has the following security requirements:
* Cloud-based users must be contained in a separate authentication domain.
* Cloud-based users cannot access on-premises systems.
As part of standing up a cloud environment, the financial institution is creating a number of Amazon managed databases and Amazon EC2 instances. An Active Directory service exists on-premises that has all the administrator accounts, and these must be able to access the databases and instances.
How would the organization manage its resources in the MOST secure manner? (Choose two.)

AConfigure an AWS Managed Microsoft AD to manage the cloud resources.

BConfigure an additional on-premises Active Directory service to manage the cloud resources.

CEstablish a one-way trust relationship from the existing Active Directory to the new Active Directory service.

DEstablish a one-way trust relationship from the new Active Directory to the existing Active Directory service.

EEstablish a two-way trust between the new and existing Active Directory services.

1 answers

73 votes

1342

A, B

Answer Link

A company is building a data lake on Amazon S3. The data consists of millions of small files containing sensitive information. The Security team has the following requirements for the architecture:
* Data must be encrypted in transit.
* Data must be encrypted at rest.
* The bucket must be private, but if the bucket is accidentally made public, the data must remain confidential.
Which combination of steps would meet the requirements? (Choose two.)

AEnable AES-256 encryption using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) on the S3 bucket.

BEnable default encryption with server-side encryption with AWS KMS-managed keys (SSE-KMS) on the S3 bucket.

CAdd a bucket policy that includes a deny if a PutObject request does not include aws:SecureTransport.

DAdd a bucket policy with aws:SourceIp to Allow uploads and downloads from the corporate intranet only.

EAdd a bucket policy that includes a deny if a PutObject request does not include s3:x-amz-server-side-encryption: 'aws:kms'.

FEnable Amazon Macie to monitor and act on changes to the data lake's S3 bucket.

1 answers

93 votes

937

B, D, F

Answer Link

Amazon SCS-C01 Quiz:3 Topic:5 Questions:11-15

Free Practice Mock Questions Set 11-15 (Quiz # 3) for Amazon SCS-C01 Exam, according to official Amazon AWS Certified Security - Specialty Exam syllabus topic # 5

Quiz 1

Quiz 2

Quiz 3

Quiz 4

Quiz 5

Quiz 6

Quiz 7

An organization has setup multiple 1AM users. The organization wants that each 1AM user accesses the 1AM console only within the organization and not from outside. How can it achieve this?Please select:

Attach the following SCP to the OU that contains this account:

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:* Encryption in transit* Encryption at rest* Logging of all object retrievals in AWS CloudTrailWhich of the following meet these security requirements? (Choose three.)

Amazon SCS-C01 Quiz:3 Topic:5 Questions:11-15

An organization has setup multiple 1AM users. The organization wants that each 1AM user accesses the 1AM console only within the organization and not from outside. How can it achieve this?
Please select:

A Security Administrator is configuring an Amazon S3 bucket and must meet the following security requirements:
* Encryption in transit
* Encryption at rest
* Logging of all object retrievals in AWS CloudTrail
Which of the following meet these security requirements? (Choose three.)